fix: Updated dependencies to resolve vulnerabilities #701
Conversation
There were a number of outdated packages, as well as many that had either been depricated or moved. Some packages are no longer needed, as they were polyfilling functionality that now exists later versions of JS or React. I have replaced the use of 'react-loadable' with Lazy and Suspense from React. I've also migrated to the new Babel Mono-repo package structure. I've updated the webpack config to resolve some issues with changes in the config parameter as well and switching out 'extract-text-webpack-plugin' for 'mini-css-extract-plugin' and 'eslint-loader' for 'eslint-webpack-plugin' I haven't currently resolve all issue with the build process, however, the packages will now all install.
| @@ -1542,6 +1542,7 @@ public static function handle_query_vars_for_post_filtering( $query ) { | |||
| * @return bool | |||
| */ | |||
| public static function current_user_can_edit_liveblog() { | |||
| $user = wp_get_current_user(); | |||
There was a problem hiding this comment.
Where is this new assigned variable being used?
|
Thanks for this @peter-stewart-thg. In terms of reviewing these changes, there's obviously a lot of work gone in here, but it's also bundled into a single PR / not many commits, which means it's harder to see what package updates were needed for security reasons, what for compatibility reasons, and what changes in the rest of the code relate to those package changes, and why some packages are no longer needed.
There's nothing to say the plugin was working perfectly before you started (😉), but our lack of substantial test coverage here (particularly on the JS side) will make these updates hard to merge confidently in. I'd also like to see |
There were a number of outdated packages,
as well as many that had either been depricated or moved.
Some packages are no longer needed, as they were polyfilling
functionality that now exists later versions of JS or React.
I have replaced the use of 'react-loadable' with
Lazy and Suspense from React.
I've also migrated to the new Babel Mono-repo package structure.
I've updated the webpack config to resolve some issues with changes
in the config parameter as well and switching out
'extract-text-webpack-plugin' for 'mini-css-extract-plugin'
and 'eslint-loader' for 'eslint-webpack-plugin'
The issues related to this PR can be seen here: #700
UPDATE
I have just made a few more changes to this after testing the package in our WordPress install.
Unfortunately the changes are not quite functioning as intended.
I have just update how "react-select/async" and ajax from "rxjs" are used to bring them inline with the latests packages, however, it's still not working perfectly.
I might not have any more time to work on this, so if anyone else is able to take this on, please let me know.