utrecht icon indicating copy to clipboard operation
utrecht copied to clipboard

Published 20 hours ago verified publisher icon nl-design-system

Patch round 2023-12

Open Robbert opened this issue 1 year ago • 1 comments

Pro-tip: ignore warnings about deprecated packages until you have completed upgrade of major releases. Often major releases will fix deprecated warnings.

  • [x] Check the /.patches/ directory in the root (if present), and see if there are any npm packages that have overrides for their code.
    • When for a patch/minor/major update these package are updated, you must also update the patch.
    • Sometimes the patch is no longer necessary, because the bug that the patch is for has been fixed in the actual package. Read the commit message for the patch, or read the GitHub PR comments or the related GitHub issue comments to find out what the patch was for.
    • if a package that has a patch file
  • [ ] Upgrade all npm dependencies
    • [x] at least install pnpm run update-patch.
    • [x] Run npm run test-update and see if the build/lint/test scripts are still OK
    • [ ] not all packages follow semantic versioning, especally 0.x.x versions. They will be installed as part of update-patch unfortunately, so update-patch sometimes isn't completely safe. Check if any packages have upgrades like 0.1.20.1.9.
    • [ ] If a patch update is problematic, you can add the package to the "ignore updates" list in .ncurc.patch.js.
    • [x] ideally install pnpm run update-minor.
    • [x] Run npm run test-update and see if the build/lint/test scripts are still OK
    • [x] If a minor update is problematic, you can add the package to the "ignore updates" list in .ncurc.minor.js.
    • [x] if there is time, install pnpm run update-major.
    • [x] Run npm run test-update and see if the build/lint/test scripts are still OK
    • [x] If a major update is problematic, you can add the package to the "ignore updates" list in .ncurc.major.js.
    • [ ] make an issue for minor/major upgrades that require so much time we better schedule it in a sprint
  • [ ] Upgrade all GitHub Action dependencies
    • [ ] Dependabot PRs are a great way to detect outdated dependencies in GitHub Actions
  • [ ] Upgrade to Node LTS version (long term support)
    • [ ] package.json
    • [ ] .github/workflows/* node-version
  • [ ] Upgrade to latest pnpm version
    • [ ] .github/workflows/*
    • [ ] package.json
  • [ ] Upgrade all vulnerable dependencies
  • [ ] If there are still deprecated warnings at this stage, check if they are direct dependencies? Are the dependencies mentioned in our own package.json files? Then it its probably worthwhile to investigate why the package is deprecated. A good information source is often the README on the page about the package on npmjs.com. They will likely mention the reason for deprecating the page (e.g: no time to install security patches, you are on your own!) and they might even suggest alternative packages.

Robbert avatar Dec 04 '23 09:12 Robbert

  • Sometimes the patch is no longer necessary, because the bug that the patch is for has been fixed in the actual package. Read the commit message for the patch, or read the GitHub PR comments or the related GitHub issue comments to find out what the patch was for.

Stencil patch for 4.5.0

For Stencil there is a version 4.8.0 now.

savitris avatar Dec 05 '23 10:12 savitris