Update dependencies + fix breaking changes #2937
Conversation
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-2937
colinrotherham
added
dependencies
colinrotherham
force-pushed
the
package-updates
branch
from
1dbfafb to
6a5af3d
Compare
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-2937
| @@ -100,7 +100,7 @@ const getComponentData = async (componentName) => { | |||
| /** | |||
| * Load all components' data | |||
| * | |||
| * @returns {Promise<ComponentData>[]} Components' data | |||
| * @returns {Promise<ComponentData[]>} Components' data | |||
There was a problem hiding this comment.
It's not an array of promises, it's a promise that resolves to an array
| @@ -73,7 +73,7 @@ function callMacro (macroName, macroPath, params = [], callBlock = false) { | |||
| * @param {object} options - options to pass to the component macro | |||
| * @param {string} [callBlock] - if provided, the macro is called using the | |||
| * Nunjucks call tag, with the callBlock passed as the contents of the block | |||
| * @returns {import('cheerio')} a jQuery-like representation of the macro output | |||
| * @returns {import('cheerio').CheerioAPI} a jQuery-like representation of the macro output | |||
There was a problem hiding this comment.
They've shuffled their types around in the latest update
colinrotherham
force-pushed
the
package-updates
branch
from
6a5af3d to
7865735
Compare
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-2937
| @@ -120,7 +120,7 @@ examples: | |||
| hidden: true | |||
| data: | |||
| titleText: There is a problem | |||
| descriptionText: See errors below (▼) | |||
| descriptionText: See errors below (>) | |||
There was a problem hiding this comment.
I've changed this character ▼ → > as it wasn't actually something that Nunjucks would escape. We'll now see > → > which asserts that HTML is escaped
| @@ -310,23 +310,23 @@ describe('Input', () => { | |||
|
|
|||
| const $prefix = $('.govuk-form-group > .govuk-input__wrapper > .govuk-input__prefix') | |||
|
|
|||
| expect($prefix.html()).toEqual('£') | |||
| expect($prefix.html()).toEqual('£') | |||
There was a problem hiding this comment.
We definitely didn't have £ as £ in the HTML
(Confirmation that it was cheerio@1.0.0-rc.3 encoding things it shouldn't)
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-2937
colinrotherham
force-pushed
the
package-updates
branch
from
18a86e9 to
d1c486b
Compare
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-2937
Includes `nunjucks` as strangely we never installed it
Ensures that `.html()` now contains the original HTML rather than incorrectly-encoded safe text that differed to the source Fix made in https://github.com/cheeriojs/cheerio/releases/tag/v1.0.0-rc.4 “We will no longer encode non-ASCII characters by default.”
Avoids issue where Cookie Banner “full banner hidden” example fails HTML validation for: 1. Rule: empty-heading https://html-validate.org/rules/empty-heading.html “<h2> cannot be empty, must have text content” 2. Rule: wcag/h30 https://html-validate.org/rules/wcag/h30.html “Anchor link must have a text describing its purpose” Both issues appear to be because `html-validate@7.6.0` thinks we’ve hidden the heading and link text in a non-accessible way: https://gitlab.com/html-validate/html-validate/-/commit/41ba7f9c4bb25bc543d66010331a0577d4c8f534
Due to package updates `rollup@0.56.5` can now be hoisted
We’re not using any of the Jest assertions
Primarily used to add new lines to HTML in #106 but isn’t needed anymore
It’s already flagged as an `optionalDependency` in the packages that use it: https://github.com/paulmillr/chokidar/blob/3.5.3/package.json#L25 https://github.com/facebook/jest/blob/v29.2.1/packages/jest-haste-map/package.json#L39
colinrotherham
force-pushed
the
package-updates
branch
from
d1c486b to
8ad0084
Compare
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-2937
Thanks @36degrees, mind having a look now? 6d144b0 |
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-2937
|
We had another dependency update to eslint-plugin-jsdoc: It now understands This means we no longer need JSDoc |
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-2937
|
Ignore me - was comparing the wrong things |
| @@ -60,7 +60,6 @@ | |||
| "govuk-elements-sass": "3.1.3", | |||
| "gulp": "^4.0.2", | |||
| "gulp-better-rollup": "3.1.0", | |||
| "gulp-eol": "^0.2.0", | |||
There was a problem hiding this comment.
As far as I understand, the changes from #106 for HTML files no longer happen, and the existing use of this just adds a line to some JS files (like dist/assets/govuk-frontend-4.3.1.min.js, for example), correct? In which case, our .gitattributes settings make this redundant, hence the removal?
There was a problem hiding this comment.
Was primarily whether we're still worried if a final line ending is missing or not?
I didn't think it was worth keeping an old Gulp package around
|
If I run Are there reasons not to include these? |
Latest ESLint plugin understands `@returns {undefined | false}` union types etc
colinrotherham
force-pushed
the
package-updates
branch
from
aa59153 to
57edd77
Compare
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-2937
|
@domoscargin Yeah we have those ones already They got picked up by Shall I update them if it helps explain that an update has gone in? |
@36degrees Ah thanks no. I've dropped the commit—it wasn't needed after all. There was a momentary panic + git dance after yesterday's Conditional |
Might be neatness for neatness sake, but I wouldn't mind them being updated. |
|
@domoscargin All sorted 👍 Running Package Current Wanted Latest Location Depended by
autoprefixer 9.8.8 9.8.8 10.4.12 node_modules/autoprefixer govuk-frontend
cssnano 4.1.11 4.1.11 5.1.13 node_modules/cssnano govuk-frontend
del 6.1.1 6.1.1 7.0.0 node_modules/del govuk-frontend
gulp-better-rollup 3.1.0 3.1.0 4.0.1 node_modules/gulp-better-rollup govuk-frontend
html-validate 7.5.0 7.5.0 7.7.0 node_modules/html-validate govuk-frontend
jquery 1.12.4 1.12.4 3.6.1 node_modules/jquery govuk-frontend
rollup 0.56.5 0.56.5 3.2.3 node_modules/rollup govuk-frontend
slash 3.0.0 3.0.0 5.0.0 node_modules/slash govuk-frontendI've updated the PR description to explain the other ignored major packages: #2937 (comment) Most interesting are |
There was a problem hiding this comment.
Can we capture a bit more info (or the failing test output?) in the commit message for 9ab8926? I didn't really understand what the problem was until I tried to install 7.6.0 locally.
Thanks @36degrees, mind having a look now? 6d144b0
Thanks, that's great 👍🏻 Changes all look good to me, but I would like @domoscargin to approve as well before this is merged, given he's also flagged a few things.
|
Fab, thanks @domoscargin + @36degrees Wonder if configuring dependabot.yaml Rather than just the default security updates? |
The following package updates have been applied:
Breaking changes
Cheerio no longer encodes non-ASCII characters so
.html()is now true to the HTML source. You'll see various test changes for',",£etc replaced with',",£as Nunjucks renders themcheerio→^1.0.0-rc.12Major but compatible
No breaking changes
glob→^8.0.3jest-axe→^6.0.0puppeteer→^19.1.0yargs→^17.6.0Compatible
Minor and patch semver-compatible changes
@babel/core→^7.19.6@percy/cli→^1.12.0babel-jest→^29.2.1cookie-parser→^1.4.6eslint-plugin-jsdoc→^39.3.14eslint-plugin-promise→^6.1.1express→^4.18.2express-validator→^6.14.2govuk_frontend_toolkit→^9.0.1gulp-task-listing→^1.1.1jest→^29.2.1jest-environment-jsdom→^29.2.1map-stream→^0.0.7marked→^4.1.1nodemon→^2.0.20outdent→^0.8.0stylelint→^14.14.0undici→^5.11.0ws→^8.9.0Incompatible
Intentionally pinned back to older (not latest) minor/patch versions
html-validate→7.5.0rollup→0.56.5Intentionally ignored until we use ESM by default
del→^7.0.0– ESM export only, we need CommonJSslash→^5.0.0– ESM export only, we need CommonJSIntentionally ignored due to other major breaking changes
autoprefixer→^10.4.12– Breaks IE8 PostCSS pluginscssnano→^5.1.13– Breaks IE8 PostCSS pluginsjquery→^3.6.1– Breaks IE8 support, required by legacy toolkitsgulp-better-rollup→^4.0.1– Incompatible rollup peerDependencyAdded
Previously missing and only available as a child dependency
nunjucks→^3.2.3Removed
These packages were either unused or not needed