chore: Update dependencies for Composer and extensions #9298

BruceHaley · 2022-07-07T18:25:51Z

Fixes #minor

Changes

Update yarn from 3.1.1 to 3.2.1. Needed for #⁠2. See .cjs files
Add up-all plugin. Allows updating dependencies with exclusions. Needed for #⁠3. See yarn-up-all-plugin.cjs
Add "Update Composer dependencies" github workflow. Extensions dependencies updating is complex enough that automation is left for a later PR.
Update dependencies for Composer and for extensions. See package.json and yarn-berry.lock files.
Fix eslint lodash/path-style errors. Change these errors to warnings. See Composer/.eslintrc.js.
Fix eslint security/detect-unsafe-regex errors. Disable this rule at specific lines. See .ts files.
Tweak azure-pipelines.yml for readability.

Bruce/yarnupall7 6e

lock file updates

coveralls · 2022-07-08T21:12:12Z

Coverage remained the same at 54.547% when pulling 07ac795 on bruce/yarnuptest7-6e into d1789e4 on main.

tonyanziano

Looks good to me, going to wait for E2E to run and then locally test the windows and linux builds to make sure there are no obvious issues.

tonyanziano · 2022-07-13T16:47:30Z

.github/workflows/dependency_updates.yml

@@ -0,0 +1,26 @@
+name: Update Composer dependencies


tonyanziano · 2022-07-13T19:35:52Z

Looks like all the tests are passing, it's only failing on the security alerts which will eventually be fixed as a result of this PR. Going to check the production apps built from your branch.

tonyanziano

Tested the mock build on all 3 platforms. Looks good!

Bruce Haley added 14 commits June 29, 2022 12:05

Add dependency_updates.yml

ca64866

Use yarn up-all in Update dependencies

91fabae

Add up-all plugin

803d6cc

Remove yarn upgrade from workflow

83d47de

yarn up-all 7-6 e

c47d09b

Merge pull request #9297 from BruceHaley/bruce/yarnupall7-6e

c46b223

Bruce/yarnupall7 6e

lock file updates

8effcb7

Merge pull request #9299 from BruceHaley/bruce/yarnupall7-6e

0c59bac

lock file updates

Add dir workspace

6deea5b

drop myget Nuget source setup

086af2d

Update hashes in .lock files

631e884

Reupdate lock files

3437565

By-hand lock file hash fixes

7bcaf62

Revert eslint-config-prettier to 6.11.0

1cfdd42

BruceHaley changed the title ~~Experimental dependency updates from yarnupall7-6e~~ chore: Experimental dependency updates from yarnupall7-6e Jul 7, 2022

Bruce Haley added 4 commits July 7, 2022 17:24

Revert esline-plugin and parser to 2.34.0

c3e939f

Revert eslint-plugin-prettier to 3.1.3

28e9ea5

Revert prettier to 2.0.5.

1328a9e

Disable/warn eslint errors

85ab8ac

Bruce Haley added 2 commits July 8, 2022 14:57

Add to excludes

c8ea3cc

Clean up azure-pipelines.yml

f01773d

BruceHaley marked this pull request as ready for review July 8, 2022 22:43

BruceHaley requested review from VamsiModem, a-b-r-o-w-n, benbrown, boydc2014, cwhitten, natalgar and tonyanziano as code owners July 8, 2022 22:43

BruceHaley requested review from beyackle, srinaath and tdurnford as code owners July 8, 2022 22:43

BruceHaley changed the title ~~chore: Experimental dependency updates from yarnupall7-6e~~ chore: Update dependencies for Composer and extensions Jul 8, 2022

BruceHaley mentioned this pull request Jul 8, 2022

fix: 34 security alerts at or above high severity #9193

Closed

Bruce Haley and others added 3 commits July 8, 2022 18:30

Update .yarnrc.prod.yml for yaarn 3.2.1

f26d4f2

Merge branch 'main' into bruce/yarnuptest7-6e

810f682

Fixed newline in en-US.json locale file

07ac795

tonyanziano reviewed Jul 13, 2022

View reviewed changes

.github/workflows/dependency_updates.yml

@@ -0,0 +1,26 @@

name: Update Composer dependencies

Copy link

Contributor

tonyanziano Jul 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome!

github-actions bot assigned tonyanziano Jul 13, 2022

This was referenced Jul 14, 2022

chore: Fix Component Governance Security Alerts #9305

Closed

chore: Fix Component Governance Security Alerts #9306

Merged

tonyanziano approved these changes Jul 14, 2022

View reviewed changes

tonyanziano merged commit 50c2e2b into main Jul 14, 2022

tonyanziano deleted the bruce/yarnuptest7-6e branch July 14, 2022 20:15

cwhitten mentioned this pull request Aug 15, 2023

2.1.3 release #9628

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: Update dependencies for Composer and extensions #9298

chore: Update dependencies for Composer and extensions #9298

Uh oh!

BruceHaley commented Jul 7, 2022 •

edited

Loading

Uh oh!

coveralls commented Jul 8, 2022 •

edited

Loading

Uh oh!

tonyanziano left a comment

Uh oh!

tonyanziano Jul 13, 2022

Uh oh!

tonyanziano commented Jul 13, 2022

Uh oh!

tonyanziano left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

chore: Update dependencies for Composer and extensions #9298

chore: Update dependencies for Composer and extensions #9298

Uh oh!

Conversation

BruceHaley commented Jul 7, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes

Uh oh!

coveralls commented Jul 8, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

tonyanziano left a comment

Choose a reason for hiding this comment

Uh oh!

tonyanziano Jul 13, 2022

Choose a reason for hiding this comment

Uh oh!

tonyanziano commented Jul 13, 2022

Uh oh!

tonyanziano left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

BruceHaley commented Jul 7, 2022 •

edited

Loading

coveralls commented Jul 8, 2022 •

edited

Loading