Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(#7) Upgrade choco-theme and scripts #8

Merged
merged 1 commit into from
Jul 25, 2022
Merged

(#7) Upgrade choco-theme and scripts #8

merged 1 commit into from
Jul 25, 2022

Conversation

st3phhays
Copy link
Member

Description Of Changes

All of the dependencies that are use by choco-theme have been upgraded
to the latest versions where possible. These mostly include development
build tools used by gulp and also yarn itself.

One big change was the switch from node-sass to dart-sass. This was
done because node-sass is now depreciated and was reporting security
vulnerabilities. With this change, slight modifications were needed in
some of the scss files in order to get the gulp builds working again.
This also requires each gulpfile.js to be updated in each repository to
use sass instead of node-sass.

With these updates, and the pinning of some packages in the resolutions
area in the package.json file, all security vulnerabilities are
resolved.

Motivation and Context

See chocolatey/choco-theme#214

Testing

There are currently many bugs with yarn npm audit and also npm audit and both seem to be not reporting accurate information. An issue has been created to investigate this further chocolatey/choco-theme#218.

At the time, the best way of knowing that this resolves errors is by going to any of the repos listed below in the related issues list, and if the associated PR is closed, check to see if there are any dependabot errors on that repo. If there are a big yellow box appears on the repo and it is quite obvious.

Other testing:

  1. Run gulp from the directory that contains the gulpfile.js
  2. You may see depreciation warnings related to FontAwesome, but that will be addressed in this issue Upgrade to Font Awesome 6 choco-theme#193
  3. The gulp task should still succeed

Change Types Made

  • Bug fix (non-breaking change)
  • Feature / Enhancement (non-breaking change)
  • Breaking change (fix or feature that could cause existing functionality to change)
  • PowerShell code changes.

Related Issue

Fixes #7

Change Checklist

  • Requires a change to the documentation
  • Documentation has been updated
  • Tests to cover my changes, have been added
  • All new and existing tests passed.
  • PowerShell v2 compatibility checked.

@st3phhays
(chocolatey#7) Upgrade choco-theme and scripts
29d2afb 
All of the dependencies that are use by choco-theme have been upgraded
to the latest versions where possible. These mostly include development
build tools used by gulp and also yarn itself.

One big change was the switch from node-sass to dart-sass. This was
done because node-sass is now depreciated and was reporting security
vulnerabilities. With this change, slight modifications were needed in
some of the scss files in order to get the gulp builds working again.
This also requires each gulpfile.js to be updated in each repository to
use sass instead of node-sass.

With these updates, and the pinning of some packages in the resolutions
area in the package.json file, all security vulnerabilities are
resolved.
@st3phhays st3phhays self-assigned this Jul 25, 2022
@st3phhays st3phhays added this to the 101.0.0 milestone Jul 25, 2022
@st3phhays st3phhays merged commit 6bc814b into chocolatey:master Jul 25, 2022
st3phhays added a commit to st3phhays/copenhagen_theme that referenced this pull request Jul 25, 2022
@st3phhays
Merge pull request chocolatey#8 from st3phhays/dependabot
076babc 
(chocolatey#7) Upgrade choco-theme and scripts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@st3phhays st3phhays

Labels
None yet
Projects
None yet
Milestone
101.0.0
Development

Successfully merging this pull request may close these issues.

Upgrade choco-theme build dependencies
1 participant
@st3phhays