tweakpane icon indicating copy to clipboard operation
tweakpane copied to clipboard
verified publisher icon cocopon

Upgrade all dependencies

Open rhengles opened this issue 2 months ago • 4 comments

Upgrade all dependencies to latest stable versions

Summary

Successfully upgraded all dependencies and devDependencies to their latest stable versions across all 4 package.json files in the monorepo. All builds, lints, and tests passing with zero vulnerabilities.

Packages Updated

  • Root package (package.json): 23 dependencies upgraded
  • Core package (packages/core/package.json): No devDependencies (inherits from root)
  • Tweakpane package (packages/tweakpane/package.json): 13 dependencies upgraded
  • Test module (packages/tweakpane/test-module/package.json): 7 dependencies upgraded

Major Version Upgrades Requiring Attention ⚠️

ESLint v7 → v9

  • Breaking Change: Migrated from .eslintrc.js to flat config eslint.config.js
  • Action: The new flat config format is now the standard
  • Plugins:
    • @typescript-eslint/eslint-plugin v5 → v8
    • @typescript-eslint/parser v5 → v8
    • Added typescript-eslint unified package v8.46.2
    • Added @eslint/js v9.38.0
  • Code Changes:
    • Updated deprecated rule names (@typescript-eslint/ban-types@typescript-eslint/no-unsafe-function-type)
    • Added eslint-disable comments where needed for intentional code patterns

Prettier v2 → v3

  • Breaking Change: Different formatting rules
  • Code Changes: Auto-formatted SCSS and TypeScript files to match new Prettier v3 rules

Rollup v2 → v4

  • Breaking Changes:
    • JSON imports require assertions
    • Plugin API changes
  • Plugin Replacements:
    • ❌ Removed: rollup-plugin-terser v7.0.2 (deprecated)
    • ✅ Added: @rollup/plugin-terser v0.4.4
    • Updated: All @rollup/plugin-* packages to v12-16 range
  • Code Changes:
    • Updated JSON imports: import Package from './package.json' with { type: 'json' };
    • Changed terser import from {terser as Terser} to default terser
    • Updated rollup.config.js and rollup-doc.config.js

Mocha v10 → v11 ⚠️

  • Breaking Change: ESM loader behavior changed
  • Code Changes: Removed --require ts-node/register flag from test commands (conflicted with --loader=ts-node/esm in Mocha v11)
  • Files Updated:
    • packages/core/package.json (test:ts:dynamic, test:ts:dynamic:inspect)
    • packages/tweakpane/package.json (doc:test:ts:dynamic, main:test:ts:dynamic, main:test:ts:dynamic:inspect)

glob v7 → v11

  • Breaking Change: API redesign
  • Code Changes:
    • Updated from Glob.sync() to globSync() named export
    • Files affected: doc-build-html.js, assets-version.js

TypeScript v4 → v5

  • Changes: Stricter type checking and better inference
  • Code Changes: Fixed formatting issues detected by stricter rules

Other Major Updates

  • autoprefixer v9.1.5 → v10.4.21
  • canvas v2.9.1 → v3.2.0
  • jsdom v16.7.0 → v27.0.1
  • @types/jsdom v16.2.13 → v27.0.0
  • mkdirp v1.0.4 → v3.0.1
  • nyc v15.1.0 → v17.1.0
  • rimraf v3.0.2 → v6.0.1
  • sass v1.58.0 → v1.93.2
  • postcss v8.2.6 → v8.5.6
  • postcss-cli v8.3.1 → v11.0.1
  • typedoc v0.23.24 → v0.28.14
  • typedoc-plugin-missing-exports v1.0.0 → v4.1.2
  • @types/node v10.12.18 → v24.9.2
  • @types/mocha v9.1.1 → v10.0.10
  • ts-node v10.9.1 → v10.9.2
  • tslib v2.1.0 → v2.8.1
  • typescript v4.9.5 → v5.9.3

Testing Status

All builds passing (core + tweakpane + docs) ✅ All lints passing (SCSS + TypeScript) ✅ All unit tests passing:

  • 797 core tests
  • 123 tweakpane tests
  • 2 doc tests ✅ Module integration tests passingCoverage tests passingnpm audit: 0 vulnerabilities

Compatibility Notes

  • Node.js v20+ recommended for ESLint v9 flat config support
  • No changes required to public APIs
  • All existing functionality preserved
  • Sass deprecation warnings present but non-breaking (originate from @tweakpane/core SCSS, not from upgrades)

Files Changed

  • 47 files changed: 218 insertions(+), 188 deletions(-)
  • Config: Added eslint.config.js, removed .eslintrc.js
  • Package.json: 4 files updated with latest versions + Mocha v11 compatibility fixes
  • Source: Minimal formatting changes for Prettier v3 compatibility
  • Scripts: Updated glob usage in build scripts
  • Rollup configs: Updated for v4 compatibility
Original prompt

Upgrade all project dependencies and developer dependencies to their latest stable releases and open a pull request with the upgrades.

Goals

  • Update all dependency and devDependency entries in every package.json in the repository to the latest stable versions.
  • Update lockfile(s) (package-lock.json / yarn.lock / pnpm-lock.yaml) accordingly.
  • Run the full CI/build/test matrix; fix any failures introduced by upgrades.
  • Make minimal code changes required to remain compatible with upgraded packages; prefer preserving existing behavior.
  • Add upgrade notes to the PR description for any major-version bumps that required code changes or that may require action from maintainers.
  • Do not publish a new release; just open a PR against the default branch with the changes.

Scope and constraints

  • The repository: arijs/tweakpane
  • Update all packages in the repository (root and monorepo packages, if present).
  • For packages where automatic upgrade causes tests/build to fail and a fix is non-trivial, selectively pin to the latest working version and document the reason in the PR.
  • Use caret (^) ranges for updated versions unless the project already follows a different policy.

Required steps for the coding agent

  1. Detect all package.json files in the repo (root and subpackages). 2. For each package.json, determine the latest stable version of each dependency and devDependency. 3. Update package.json files to the new versions, keeping formatting consistent. 4. Install/update lockfile(s) using the repo's package manager (detect npm/yarn/pnpm). 5. Run build and test commands (use scripts in package.json; run common scripts: build, test, lint, typecheck). 6. Apply minimal code fixes required for tests to pass (e.g., adjust import paths, API changes). 7. Commit changes on a new branch named chore/upgrade-deps- and open a PR titled 'chore(deps): upgrade all dependencies to latest versions'.

PR content requirements

  • A summary listing upgraded packages and their previous -> new versions.
  • For any major version bumps or breaking changes, a short note explaining code changes made or recommended manual checks.
  • CI results should run on the PR.

If any step cannot be completed (for example, tests fail and require large refactors), do what you can and add a clear TODO list in the PR description explaining remaining work for maintainers.

Please proceed and create the PR in the repository 'arijs/tweakpane'.

This pull request was created as a result of the following prompt from Copilot chat.

Upgrade all project dependencies and developer dependencies to their latest stable releases and open a pull request with the upgrades.

Goals

  • Update all dependency and devDependency entries in every package.json in the repository to the latest stable versions.
  • Update lockfile(s) (package-lock.json / yarn.lock / pnpm-lock.yaml) accordingly.
  • Run the full CI/build/test matrix; fix any failures introduced by upgrades.
  • Make minimal code changes required to remain compatible with upgraded packages; prefer preserving existing behavior.
  • Add upgrade notes to the PR description for any major-version bumps that required code changes or that may require action from maintainers.
  • Do not publish a new release; just open a PR against the default branch with the changes.

Scope and constraints

  • The repository: arijs/tweakpane
  • Update all packages in the repository (root and monorepo packages, if present).
  • For packages where automatic upgrade causes tests/build to fail and a fix is non-trivial, selectively pin to the latest working version and document the reason in the PR.
  • Use caret (^) ranges for updated versions unless the project already follows a different policy.

Required steps for the coding agent

  1. Detect all package.json files in the repo (root and subpackages). 2. For each package.json, determine the latest stable version of each dependency and devDependency. 3. Update package.json files to the new versions, keeping formatting consistent. 4. Install/update lockfile(s) using the repo's package manager (detect npm/yarn/pnpm). 5. Run build and test commands (use scripts in package.json; run common scripts: build, test, lint, typecheck). 6. Apply minimal code fixes required for tests to pass (e.g., adjust import paths, API changes). 7. Commit changes on a new branch named chore/upgrade-deps- and open a PR titled 'chore(deps): upgrade all dependencies to latest versions'.

PR content requirements

  • A summary listing upgraded packages and their previous -> new versions.
  • For any major version bumps or breaking changes, a short note explaining code changes made or recommended manual checks.
  • CI results should run on the PR.

If any step cannot be completed (for example, tests fail and require large refactors), do what you can and add a clear TODO list in the PR description explaining remaining work for maintainers.

Please proceed and create the PR in the repository 'arijs/tweakpane'.

rhengles avatar Oct 29 '25 19:10 rhengles

For those that want to use this, the fork is available at NPM: https://www.npmjs.com/package/@arijs/tweakpane

rhengles avatar Oct 30 '25 20:10 rhengles

Thank you for the PR.

Regular updates of dependencies are certainly important. However, the scope of changes in this PR is too broad. This makes it difficult to review thoroughly, increases the risk of missing bugs, and significantly raises the verification cost.

Please divide the changes into smaller, focused units (e.g., linter-related updates). Avoid combining unrelated changes in a single PR.

cocopon avatar Oct 31 '25 02:10 cocopon

I understand your concerns, but besides the changes in the package.json files, the changes in the other files were the absolute minimum needed to clear all errors and warnings during the builds/tests/linting. The tests should provide sufficient/enough confidence that the project as a whole is still working, and I did some basic manual testing and didn't find any issues.

The changes in the other files are due to:

  1. Prettier formatting
  2. Sass updates to remove usage of deprecated features
  3. Add "type" imports to tests to fix Mocha complaining about type imports that don't exist as values in the modules
  4. eslint config migrated to new format
  5. prettier config migrated to json to fix CJS config not loading because the JS modules are all ESM now
  6. Typedoc config was updated because the previous format was giving errors during build

If there's any remaining questions, I'd be happy to answer.

rhengles avatar Oct 31 '25 14:10 rhengles

Thank you for the detailed explanation.

That said, I'm ultimately responsible for the product's quality assurance. If any issue arises after merging this PR, I'll be the one who has to investigate and resolve it. This means I need to verify ALL behaviors myself, regardless of the level of testing you've already performed.

I can see why you might want to update everything at once. However, as mentioned earlier, this PR includes unrelated changes that make it unnecessarily large in scope.

At the moment, I don't have enough resources for maintenance, so I'd like to keep the review effort minimal. Please break down the changes into the smallest possible units.

cocopon avatar Oct 31 '25 15:10 cocopon