Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade node and dependencies? #992

Closed
schoettl opened this issue Sep 19, 2024 · 3 comments · Fixed by #1000 · May be fixed by #993
Closed

Upgrade node and dependencies? #992

schoettl opened this issue Sep 19, 2024 · 3 comments · Fixed by #1000 · May be fixed by #993
Labels
question Further information is requested security Pull requests that address a security vulnerability

Comments

@schoettl
Copy link
Collaborator

On my system, the node version is 20.15.1 whereas organice uses 12.13.1.
There are many open dependabot PRs and yarn audit tells about 637 vulnerabilities.

How about trying an upgrade @munen?

Apart from yarn test, CI and basic manual integration test – what do we need to safely upgrade? I've never done this before.

How would staging or production cope with such changes? Should we give it a try, starting with node itself?
@schoettl schoettl added bug Something isn't working question Further information is requested security Pull requests that address a security vulnerability and removed bug Something isn't working labels Sep 19, 2024
@munen munen mentioned this issue Sep 20, 2024
Open
12 tasks
@munen
Copy link
Collaborator

munen commented Sep 20, 2024

Hi @schoettl 👋

On my system, the node version is 20.15.1 whereas organice uses 12.13.1. There are many open dependabot PRs and yarn audit tells about 637 vulnerabilities.

I'm definitively in favor of upgrading node👍

Apart from yarn test, CI and basic manual integration test – what do we need to safely upgrade? I've never done this before.

How would staging or production cope with such changes?

Since organice is a SPA, hosting is not affected. As long as the regular dev, testing and build tools work. These tasks should run:

  • rm -rf node_modules; yarn install
  • yarn test
  • yarn install
  • yarn eslint
  • yarn prettier-eslint --write
  • yarn run build

CI should run. We will have to update the Docker image which includes the node version.

Lastly, a manual integration test should be done. As long as the sample and logins still work, I think we should be in the clear.

Should we give it a try, starting with node itself?

Sure, let's do it! I endeavoured into a first start: #993

@munen
Copy link
Collaborator

munen commented Sep 20, 2024

@schoettl I made a spike (#993) to get us started on this task. Are you interested in picking it up from here?

@schoettl
Copy link
Collaborator Author

Nice! I'll pick it up.

This was referenced Nov 9, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
2 participants
@munen @schoettl