Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade dependencies where possible #12189

Merged
merged 7 commits into from
Aug 24, 2022
Merged

Upgrade dependencies where possible #12189

merged 7 commits into from
Aug 24, 2022
+3,818 −7,247

Conversation

mourner
Copy link
Member

@mourner mourner commented Aug 24, 2022
edited

Upgrades all dependencies (both direct and development ones) where possible, which should close most of our Dependabot security warnings. Caveats:

  • eslint can't be upgraded from v7 to v8 because it doesn't support linting JSDoc examples, which is important for us Allow processor API to be configurable and to formally be able to lint both a file and its blocks eslint/eslint#14745
  • flow-bin can't be upgraded past v0.142.0 without major updates to typings across the codebase — something to address separately.
  • jsdom can't be upgraded because of Upgrade to JSDom v16+ #12185
  • @mapbox/gazetteer (of which we only use one small JSON file for old benchmarks) was removed with that file added to the repo because the package doesn't seem to be actively maintained, and we win by getting rid of more unnecessary transitive dependencies.
  • gl > v4.9.0 doesn't build on benchmap unfortunately, to be investigated separately.
  • CI Node version had to be bumped to v14.16, but newer versions like v14.20, as well as my local machine, make 13 rendering tests (mostly related to star atmosphere) fail for unknown reason. This needs to be investigated separately.

Launch Checklist

  • briefly describe the changes in this PR
  • write tests for all new functionality
  • manually test the debug page
  • apply changelog label ('bug', 'feature', 'docs', etc) or use the label 'skip changelog'

@mourner mourner added the skip changelog Used for PRs that do not need a changelog entry label Aug 24, 2022
@mourner mourner self-assigned this Aug 24, 2022
stepankuzmin
stepankuzmin approved these changes Aug 24, 2022
View reviewed changes
Copy link
Contributor

@stepankuzmin stepankuzmin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me 👍

@mourner mourner merged commit 47f3aac into main Aug 24, 2022
@mourner mourner deleted the upgrade-deps branch August 24, 2022 19:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stepankuzmin stepankuzmin stepankuzmin approved these changes

Assignees

@mourner mourner

Labels
skip changelog Used for PRs that do not need a changelog entry
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mourner @stepankuzmin