Update dependencies
This issue plays a role of dashboard for updating dependencies of ORKG front-end. Each update is reported in a comment.
We need to update the dependencies more periodically to avoid big changes and make the updating less risky (no automated testing). I suggest to do it each 3 months to keep track of the minor updates which are important for bug fixes and also the major updated to keep the dependencies up to date and benefit from new features.
Guidelines:
-
Use the command
npm outdated
to check packages that need to get updated. -
Check if there is breaking changes of each package.
-
Don't forget to update of the widget dependencies
-
Include a link to the change log description or the migration guide.
-
Mention only important changes.
-
Avoid updating packages that are updated recently (~month ago) and not widely used.
-
Use
npm install --save package_name@latest
to install the last version. -
If there is an issue in one of the dependencies we should abandon the upgrade and fix the version to a version that works, mention a case where it doesn’t work so we can check and update in next iteration (it’s better to report the issue to the owners as well).
-
Major update should be committed separately and apply the required changes in the same commit, so we can bisect the changes and track the bug in case we find an issue in future.
-
After merging the related merge request, mark issues in "Vulnerability Report" as resolved if they disappear from master branch. Knowing that most of those "vulnerability" reports for the dependencies are false positives. more information here
-
Test building the application. (also by building the image using
docker compose up --build
) -
If react-scripts gets updated, the
Dockerfile
needs to get updates also. -
keep an eye on the project dependencies
npm run analyze
and split the bundle if required.