Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Spike - Dependabot - Upgrade react-scripts to 5.0 #1577

Open
10 tasks
jorgegonzalez opened this issue Jan 26, 2022 · 14 comments · May be fixed by #3327
Open
10 tasks

Spike - Dependabot - Upgrade react-scripts to 5.0 #1577

jorgegonzalez opened this issue Jan 26, 2022 · 14 comments · May be fixed by #3327
Assignees
Labels
dependencies Pull requests that update a dependency file dev devops office hours Refined Ticket has been refined at the backlog refinement spike

Comments

@jorgegonzalez
Copy link

jorgegonzalez commented Jan 26, 2022

Description:

Dependabot opened an upgrade to react-scripts@5.0.0. which includes breaking changes, and likely some unknown unknowns.

facebook/create-react-app#11756

Acceptance Criteria:
Create a list of functional outcomes that must be achieved to complete this issue

  • react-scripts is updated to latest major version
  • file-type is updated to latest major version
  • package.json is updated
  • package-lock.json is updated
  • Testing Checklist has been run and all tests pass
  • README is updated, if necessary

Tasks:
Create a list of granular, specific work items that must be completed to deliver the desired outcomes of this issue

  • Upgrade react-scripts to latest major version with npm
  • Manually install required polyfills
  • Run Testing Checklist and confirm all tests pass
  • Generate follow-on tickets with identified improvements (e.g., compliance, ally refactor)
@jorgegonzalez jorgegonzalez added dependencies Pull requests that update a dependency file frontend dev labels Jan 26, 2022
@jorgegonzalez
Copy link
Author

#1575

@jorgegonzalez
Copy link
Author

file-type should also be upgraded when this is implemented as react-scripts#5 will support ESM

ref:
sindresorhus/file-type#505
sindresorhus/file-type#502
sindresorhus/file-type#515
sindresorhus/file-type#521
sindresorhus/file-type#528

@valcollignon valcollignon changed the title Upgrade react-scripts to 5.0 Dependabot - Upgrade react-scripts to 5.0 Feb 8, 2022
@valcollignon
Copy link

@ADPennington to sync with @jorgegonzalez on the priority of this ticket. per backlog refinement 2.8.22

@ADPennington
Copy link
Collaborator

per @jorgegonzalez, this is not a high priority and can be revisited in a later sprint. okay for the backlog @valcollignon cc: @abottoms-coder @lfrohlich

@andrew-jameson
Copy link
Collaborator

andrew-jameson commented Feb 14, 2022

There are two dependabot vulnerability reports resulting from being unable to update react-scripts:

  1. immer (Critical) -- Needs 9.0.6, we use 8.0.1
  2. glob-parent (High) -- Needs 5.1.2, we use 3.1.0
  3. node-forge (High) -- Needs 1.3, we use 0.10.0

@ADPennington
Copy link
Collaborator

3/16/22:

@riatzukiza
Copy link

riatzukiza commented May 20, 2022

In #1813 dependabot notified us that redux 4.2.0 is depreciating the createStore interface we use, in favor of a new library react-toolkit
https://redux.js.org/introduction/why-rtk-is-redux-today. Since this is all it did, we closed it with out merging.

This change requires a full refactor of our redux code, it would be more readable and easier to maintain, and the changes aren't complicated, there would just be a lot of it. This is largely a quality of life update, and can probably be done around the same time as our update to react-scripts.

@stevenino stevenino added the Refined Ticket has been refined at the backlog refinement label Aug 16, 2022
@stevenino stevenino added devops and removed frontend labels Sep 27, 2022
@robgendron robgendron added Old and removed Old labels Apr 15, 2024
@vlasse86 vlasse86 changed the title Dependabot - Upgrade react-scripts to 5.0 Spike - Dependabot - Upgrade react-scripts to 5.0 Oct 29, 2024
@vlasse86 vlasse86 added spike P3 Needed – Routine labels Oct 29, 2024
@lhuxraft
Copy link
Collaborator

Update to a tech memo ticket (spike) for next sprint

@lhuxraft
Copy link
Collaborator

11/20: Working on upgrading dependencies

@lhuxraft
Copy link
Collaborator

11/22: Making progress - updated most packages. Updated USWDS breaking changes. Working on getting tests to pass, more complex than expected. Will be doing a tech memo to recap work

@lhuxraft
Copy link
Collaborator

lhuxraft commented Dec 2, 2024

12/2: Having issue with file type library, experimenting with other libraries. Existing issues with tests

@lhuxraft
Copy link
Collaborator

lhuxraft commented Dec 2, 2024

Follow-on tickets may want to be taken in during following sprint (after Dec 17)

@lhuxraft
Copy link
Collaborator

lhuxraft commented Dec 4, 2024

12/4: Tests fixed and requested reviews

@lhuxraft
Copy link
Collaborator

lhuxraft commented Dec 9, 2024

12/9: Reviewing comments from Miles

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file dev devops office hours Refined Ticket has been refined at the backlog refinement spike
Projects
None yet
Development

Successfully merging a pull request may close this issue.

10 participants