Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): dependency-updates #886

Merged
merged 47 commits into from
Jul 12, 2024
Merged

build(deps): dependency-updates #886

merged 47 commits into from
Jul 12, 2024

Conversation

afuetterer
Copy link
Member

This PR collects all dependency related updates for rdmo 2.2.0.

@afuetterer afuetterer added type:maintenance dependencies Pull requests that update a dependency file labels Dec 15, 2023
@afuetterer afuetterer marked this pull request as draft December 15, 2023 10:33
@MyPyDavid MyPyDavid force-pushed the dev-2.2.0 branch 2 times, most recently from 4e64e34 to 6debf66 Compare January 17, 2024 08:22
@afuetterer
Copy link
Member Author

👍

@MyPyDavid MyPyDavid self-assigned this Mar 7, 2024
@MyPyDavid
Copy link
Member

ESlint could be updated and pinned to 8.56.0

@MyPyDavid
Copy link
Member

need to align

package_json_versions = {'eslint': '8.54.0', 'eslint-plugin-react': '7.34.0', 'react': '18.2.0'}
pre_commit_config_versions = {'eslint': '8.54.0', 'eslint-plugin-react': '7.33.2', 'react': '18.2.0'}

@MyPyDavid MyPyDavid marked this pull request as ready for review March 8, 2024 09:24
@afuetterer
Copy link
Member Author

need to align

package_json_versions = {'eslint': '8.54.0', 'eslint-plugin-react': '7.34.0', 'react': '18.2.0'} pre_commit_config_versions = {'eslint': '8.54.0', 'eslint-plugin-react': '7.33.2', 'react': '18.2.0'}

Please feel free to delete this test, if it is annoying. I wanted to make sure, that these versions align, so I came up with this hacky test.

@MyPyDavid
Copy link
Member

yes thanks, it makes sense to have this but was also surprised by this hacky test ;)

@MyPyDavid
Copy link
Member

New setting in django-allauth, SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX with default "oidc".
It will affect instances that have enabled OpenID Connect providers, the callback URLs need to be adjusted with /oidc/ if kept like this.
Should we set the default SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX="" in rdmo in order to keep the URL structure the same?

https://docs.allauth.org/en/latest/release-notes/recent.html#id8.

You can now specify the URL path prefix that is used for all OpenID Connect providers using SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX. By default, it is set to "oidc", meaning, an OpenID Connect provider with provider ID foo uses /accounts/oidc/foo/login/ as its login URL. Set it to empty ("") to keep the previous URL structure (/accounts/foo/login/).

@jochenklar
Copy link
Member

Yes, thanks for catching this.

afuetterer
afuetterer commented Mar 12, 2024
View reviewed changes
pyproject.toml Outdated Show resolved Hide resolved
afuetterer
afuetterer commented Mar 12, 2024
View reviewed changes
pyproject.toml Outdated Show resolved Hide resolved
afuetterer
afuetterer commented Mar 12, 2024
View reviewed changes
pyproject.toml Outdated Show resolved Hide resolved
@afuetterer
Copy link
Member Author

Now, one of the e2e tests fail. Something wrong with the many js updates in this PR?

@MyPyDavid
Copy link
Member

Locally, I can't reproduce the failing e2e test. However, I think the FontAwesome icons might be missing now.

In debug browser I see the error:

downloadable font: rejected by sanitizer (font-family: "FontAwesome" style:normal weight:400 stretch:100 src index:1) source: http://localhost:8000/static/management/6d67cba9d29c7edeb12f.woff2?v=4.7.0

@MyPyDavid
Copy link
Member

MyPyDavid commented Apr 4, 2024
edited
Loading

I've added the setting for allauth > 0.60.0 SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX = ""

@MyPyDavid
Copy link
Member

MyPyDavid commented Apr 4, 2024
edited
Loading

Can we keep the node version updated as well? @jochenklar
In .nvmrc it can be lts/hydrogen so that it stays on latest (v18) version.

@jochenklar
Copy link
Member

I would say we treat the node version like django or react, only update manually.

@MyPyDavid
Copy link
Member

the icons are still missing from the screenshot :/
https://github.com/rdmorganiser/rdmo/actions/runs/8557304508/artifacts/1385463186

@MyPyDavid
Copy link
Member

MyPyDavid commented Apr 11, 2024
edited
Loading

think I've found this icons bug, it's in the generated rdmo\management\static\management\css\management.css and the font-face paths.

@font-face {
  font-family: 'FontAwesome';
  src: url(../286b03bf4cbd3513f64f.eot?v=4.7.0);
  src: url(../286b03bf4cbd3513f64f.eot?#iefix&v=4.7.0) format('embedded-opentype'), url(../6d67cba9d29c7edeb12f.woff2?v=4.7.0) format('woff2'), url(../ec563203d3d7214eb3c8.woff?v=4.7.0) format('woff'), url(../e1b2a70250f70529242f.ttf?v=4.7.0) format('truetype'), url(../a7b5729e90ab92e4a61d.svg?v=4.7.0#fontawesomeregular) format('svg');
  font-weight: normal;
  font-style: normal;
}

the files have some sort of hashes..
when I replace that with:

@font-face {
    font-family: 'FontAwesome';
    src: url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),
         url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff');
    font-weight: normal;
    font-style: normal;
}

the icons appear again! 🎉

dont know exactly where these hashes are coming from..
Maybe from a css related package, that's been updated in here, like css-loader ?

PS https://stackoverflow.com/questions/68634225/webpack-5-file-loader-generates-a-copy-of-fonts-with-hash-name

@afuetterer
Copy link
Member Author

When should this be merged? It has already 30+ commits.

afuetterer and others added 22 commits July 12, 2024 12:03
@afuetterer @MyPyDavid
ci: update label in pre-commit update job
f7f7180
@dependabot @MyPyDavid
build(deps-dev): update wheel requirement from ~=0.42.0 to >=0.42,<0.44
0f72ac7 
Updates the requirements on [wheel](https://github.com/pypa/wheel) to permit the latest version.
- [Release notes](https://github.com/pypa/wheel/releases)
- [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst)
- [Commits](pypa/wheel@0.42.0...0.43.0)

---
updated-dependencies:
- dependency-name: wheel
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @MyPyDavid
build(deps-dev): update packaging requirement
93970dd 
Updates the requirements on [packaging](https://github.com/pypa/packaging) to permit the latest version.
- [Release notes](https://github.com/pypa/packaging/releases)
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst)
- [Commits](pypa/packaging@23.2...24.0)

---
updated-dependencies:
- dependency-name: packaging
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions @MyPyDavid
build: update pre-commit hooks
c053c71 
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
@MyPyDavid
build: update node to v18.20.1
7d5274e
@MyPyDavid
build: fix webpack fonts loader
efeae49 
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
@afuetterer @MyPyDavid
ci: let pre-commit-autoupdate create prs in draft mode
324ea1c
@dependabot @MyPyDavid
build(deps): bump peter-evans/create-pull-request
79f8cc1 
Bumps the github-actions group with 1 update: [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request).


Updates `peter-evans/create-pull-request` from 6.0.2 to 6.0.5
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@70a41ab...6d6857d)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @MyPyDavid
build(deps): bump the react group with 2 updates
f266c45 
Bumps the react group with 2 updates: [react](https://github.com/facebook/react/tree/HEAD/packages/react) and [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom).

Updates `react` from 18.2.0 to 18.3.1
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v18.3.1/packages/react)

Updates `react-dom` from 18.2.0 to 18.3.1
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v18.3.1/packages/react-dom)

---
updated-dependencies:
- dependency-name: react
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: react
- dependency-name: react-dom
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: react
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @MyPyDavid
build(deps): bump @uiw/react-codemirror in the prod-dependencies group
9454230 
Bumps the prod-dependencies group with 1 update: [@uiw/react-codemirror](https://github.com/uiwjs/react-codemirror).


Updates `@uiw/react-codemirror` from 4.21.24 to 4.22.0
- [Release notes](https://github.com/uiwjs/react-codemirror/releases)
- [Commits](uiwjs/react-codemirror@v4.21.24...v4.22.0)

---
updated-dependencies:
- dependency-name: "@uiw/react-codemirror"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @MyPyDavid
build(deps-dev): bump the dev-dependencies group across 1 directory w…
3acf44a 
…ith 5 updates

Bumps the dev-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [css-loader](https://github.com/webpack-contrib/css-loader) | `6.10.0` | `7.1.1` |
| [eslint](https://github.com/eslint/eslint) | `8.54.0` | `8.56.0` |
| [mini-css-extract-plugin](https://github.com/webpack-contrib/mini-css-extract-plugin) | `2.8.1` | `2.9.0` |
| [sass](https://github.com/sass/dart-sass) | `1.72.0` | `1.77.1` |
| [sass-loader](https://github.com/webpack-contrib/sass-loader) | `14.1.1` | `14.2.1` |



Updates `css-loader` from 6.10.0 to 7.1.1
- [Release notes](https://github.com/webpack-contrib/css-loader/releases)
- [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md)
- [Commits](webpack-contrib/css-loader@v6.10.0...v7.1.1)

Updates `eslint` from 8.54.0 to 8.56.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v8.54.0...v8.56.0)

Updates `mini-css-extract-plugin` from 2.8.1 to 2.9.0
- [Release notes](https://github.com/webpack-contrib/mini-css-extract-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/mini-css-extract-plugin/blob/master/CHANGELOG.md)
- [Commits](webpack-contrib/mini-css-extract-plugin@v2.8.1...v2.9.0)

Updates `sass` from 1.72.0 to 1.77.1
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.72.0...1.77.1)

Updates `sass-loader` from 14.1.1 to 14.2.1
- [Release notes](https://github.com/webpack-contrib/sass-loader/releases)
- [Changelog](https://github.com/webpack-contrib/sass-loader/blob/master/CHANGELOG.md)
- [Commits](webpack-contrib/sass-loader@v14.1.1...v14.2.1)

---
updated-dependencies:
- dependency-name: css-loader
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: mini-css-extract-plugin
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: sass-loader
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @MyPyDavid
build(deps): bump the optional group across 1 directory with 4 updates
cd64348 
Updates the requirements on [django-allauth](https://github.com/pennersr/django-allauth), [coveralls](https://github.com/TheKevJames/coveralls-python), [gunicorn](https://github.com/benoitc/gunicorn) and [pytest-playwright](https://github.com/microsoft/playwright-pytest) to permit the latest version.

Updates `django-allauth` to 0.63.1
- [Changelog](https://github.com/pennersr/django-allauth/blob/main/ChangeLog.rst)
- [Commits](pennersr/django-allauth@0.61.1...0.63.1)

Updates `coveralls` to 4.0.1
- [Release notes](https://github.com/TheKevJames/coveralls-python/releases)
- [Changelog](https://github.com/TheKevJames/coveralls-python/blob/master/CHANGELOG.md)
- [Commits](TheKevJames/coveralls-python@3.3.0...4.0.1)

Updates `gunicorn` to 22.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@21.2.0...22.0.0)

Updates `pytest-playwright` to 0.5.0
- [Release notes](https://github.com/microsoft/playwright-pytest/releases)
- [Commits](microsoft/playwright-pytest@v0.4.3...v0.5.0)

---
updated-dependencies:
- dependency-name: django-allauth
  dependency-type: direct:production
  dependency-group: optional
- dependency-name: coveralls
  dependency-type: direct:production
  dependency-group: optional
- dependency-name: gunicorn
  dependency-type: direct:production
  dependency-group: optional
- dependency-name: pytest-playwright
  dependency-type: direct:production
  dependency-group: optional
...

Signed-off-by: dependabot[bot] <support@github.com>
@MyPyDavid
build: pin eslint to 8.56 minor version range and autoupdate pre-commit
a0f03e4 
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
@MyPyDavid
build: fix pre-commit dependency and fix failing package status test
7a3ccba 
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
@MyPyDavid
build(ruff lint): (temporarily) ignore UP031
c1dd258 
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
@MyPyDavid
build(webpack): revert and add only type and esModule
38d8565 
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
@dependabot @MyPyDavid
Update setuptools requirement from ~=69.0 to >=69,<71
53b4c8f 
Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v69.0.0...v70.0.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @MyPyDavid
Bump webpack from 5.91.0 to 5.92.1 in the webpack group
86404bd 
Bumps the webpack group with 1 update: [webpack](https://github.com/webpack/webpack).

Updates `webpack` from 5.91.0 to 5.92.1
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.91.0...v5.92.1)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: webpack
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @MyPyDavid
Bump peter-evans/create-pull-request in the github-actions group
4d5ff66 
Bumps the github-actions group with 1 update: [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request).


Updates `peter-evans/create-pull-request` from 6.0.5 to 6.1.0
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@6d6857d...c5a7806)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@afuetterer @MyPyDavid
ci: bump ubuntu runner image to 24.04
c88e811
@MyPyDavid
build(deps): bump django rules to ~=3.4
662a12f 
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
@dependabot @MyPyDavid
Bump the react group across 1 directory with 2 updates
44817dd 
Bumps the react group with 2 updates in the / directory: [react-datepicker](https://github.com/Hacker0x01/react-datepicker) and [react-dropzone](https://github.com/react-dropzone/react-dropzone).

Updates `react-datepicker` from 6.6.0 to 7.2.0
- [Release notes](https://github.com/Hacker0x01/react-datepicker/releases)
- [Commits](Hacker0x01/react-datepicker@v6.6.0...v7.2.0)

Updates `react-dropzone` from 10.2.2 to 14.2.3
- [Release notes](https://github.com/react-dropzone/react-dropzone/releases)
- [Commits](react-dropzone/react-dropzone@v10.2.2...v14.2.3)

---
updated-dependencies:
- dependency-name: react-datepicker
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: react
- dependency-name: react-dropzone
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: react
...

Signed-off-by: dependabot[bot] <support@github.com>
@MyPyDavid
Copy link
Member

Im (now finally) going to merge this after tests pass

@MyPyDavid
Copy link
Member

Since we're not pinning the patch versions and there is a new Django release https://docs.djangoproject.com/en/dev/releases/4.2.14/ . Should we add --force-reinstall to the release notes?

Same holds for allauth, there are some security fixes in the latest releases.

@MyPyDavid MyPyDavid merged commit 3a64da7 into dev-2.2.0 Jul 12, 2024
17 checks passed
@jochenklar
Copy link
Member

Yes, as an optional line, can you add it to the docs as well?

@MyPyDavid MyPyDavid mentioned this pull request Jul 12, 2024
Open
@MyPyDavid
Copy link
Member

ok, rdmorganiser/rdmo-docs#46

@afuetterer
Copy link
Member Author

Awesome, finally. 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MyPyDavid MyPyDavid MyPyDavid approved these changes

@jochenklar jochenklar jochenklar left review comments

Assignees

@MyPyDavid MyPyDavid

Labels
dependencies Pull requests that update a dependency file status:hold type:maintenance
Projects
None yet
Milestone
RDMO 2.2.0
Development

Successfully merging this pull request may close these issues.
3 participants
@afuetterer @MyPyDavid @jochenklar