Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SONARAZDO-400 Dependency upgrade #400

Merged
merged 4 commits into from
Aug 14, 2024
Merged

SONARAZDO-400 Dependency upgrade #400

merged 4 commits into from
Aug 14, 2024

Conversation

7PH
Copy link
Member

@7PH 7PH commented Aug 13, 2024
edited
Loading

rationale in the ticket

Only build dependencies so there shouldn't be a risk for users.

Debt

# Major upgrades
 @cyclonedx/bom                3.8.0  →    4.1.0
 @types/fs-extra              9.0.13  →   11.0.4
 @types/jest-when              2.7.3  →    3.5.5
 @types/node                14.14.31  →   22.2.0
 @types/yargs                 13.0.2  →  17.0.33
 @typescript-eslint/parser   5.59.11  →    8.1.0
❌ dateformat                  3.0.3  →    5.0.3 (-> 4.6.3 ✅)
 del                           3.0.0  →    7.1.0
❌ eslint                     8.48.0  →    9.9.0 (-> 8.57.0 ✅)
 eslint-plugin-promise         6.1.1  →    7.1.0
 fs-extra                     10.0.0  →   11.2.0
 globby                        7.1.1  →   14.0.2
❌ gulp                        4.0.2  →    5.0.0
 gulp-decompress               2.0.2  →    3.0.0
 gulp-rename                   1.2.2  →    2.0.0
 gulp-typescript               4.0.2  →    5.0.1
 typescript                    4.4.4  →    5.5.4
 vinyl                         2.2.1  →    3.0.0

# Minor upgrades
 sonarqube-scanner             4.0.1  →    4.2.0
 esbuild                      0.21.3  →   0.23.0
 eslint-plugin-import         2.28.1  →   2.29.1
 gulp-json-editor              2.5.6  →    2.6.0
 jest-when                     3.5.2  →    3.6.0
 needle                        3.2.0  →    3.3.1
 openpgp                      5.10.1  →   5.11.2
 prettier                      3.0.3  →    3.3.3
 tfx-cli                      0.16.0  →   0.17.0
 ts-jest                      29.1.1  →   29.2.4

# Patch upgrades
 @types/jest                  29.5.8  →  29.5.12
 yargs                        17.7.0  →   17.7.2

What was done

- Gulp upgraded to v5 from v4 - merge-stream replaced by ordered-read-stream because merge-stream doesn't work with gulp v5

  • del dropped in favor using directly one of its dependencies rimraf because del is now ESM only
  • globby dropped in favor of glob for the same reason
  • gulp-collect cleaned up (not used)
  • gulp-util dropped in favor of fancy-log (one of its dependencies) (doc)
  • All build dependencies are updated to their latest version. Exceptions:
    • eslint @ 8 (latest: 9) because eslint plugins arn't compatible with v9 yet
    • dateformat @ 4 (latest: 5) because v5 is ESM only
    • gulp @ 4 (latest: 5)

Next step

There still are some things to do, I had to cut the branch due to some issues:

  • gulp still isn't upgraded to v5
    • merge-stream is broken with v5 and ordered-streams does not work out of the box as well
  • gulp-artifactory-upload should be dropped in favor of manual call to axios, node-fetch or fetch
  • gulp-download should be dropped in favor of manual call to axios, node-fetch or fetch

This will

  • Drop the gulp-util transitive dependency (gulp-download)
  • Drop the request transitive dependency (gulp-artifactory-upload and gulp-download)
  • Upgrade the transitive dep braces to 3+ (gulp)

@7PH 7PH marked this pull request as draft August 13, 2024 09:14
@7PH 7PH force-pushed the task/br/sonarazdo-400-dep-upgrade branch 3 times, most recently from 4d5e244 to ff7ee83 Compare August 13, 2024 13:06
@7PH 7PH requested review from lucas-paulger-sonarsource and removed request for lucas-paulger-sonarsource August 13, 2024 13:15
@7PH 7PH force-pushed the task/br/sonarazdo-400-dep-upgrade branch 15 times, most recently from a237d7e to 37338e4 Compare August 14, 2024 09:49
@7PH 7PH force-pushed the task/br/sonarazdo-400-dep-upgrade branch 3 times, most recently from 72fdfe2 to 02d9ee6 Compare August 14, 2024 10:40
@7PH 7PH force-pushed the task/br/sonarazdo-400-dep-upgrade branch from 02d9ee6 to eefa5ae Compare August 14, 2024 12:10
@7PH 7PH marked this pull request as ready for review August 14, 2024 12:10
@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed for 'Azure DevOps extension for SonarQube'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@sonarqube-next SonarQube-Next
Copy link

Quality Gate passed Quality Gate passed for 'Azure DevOps extension for SonarCloud'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

lucas-paulger-sonarsource
lucas-paulger-sonarsource approved these changes Aug 14, 2024
View reviewed changes
Copy link
Contributor

@lucas-paulger-sonarsource lucas-paulger-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🙌🏻

@7PH 7PH merged commit 686e94c into master Aug 14, 2024
9 checks passed
@7PH 7PH deleted the task/br/sonarazdo-400-dep-upgrade branch August 14, 2024 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucas-paulger-sonarsource lucas-paulger-sonarsource lucas-paulger-sonarsource approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@7PH @lucas-paulger-sonarsource