chore(gatsby): Bump react-dev-utils to v12

[GaryPWhite]

downstream, react-dev-utils v11.x.x is subject to a vulnerability through its direct dependency on immer <9.0.6. Since the release of 12.x.x, immer has been bumped up and should resolve the "critical" security alert if it's adopted into Gatsby.

Description

Bumped version of react-dev-utils. Not a lot of functionality changed (look between "publish" commits) this is a dependency upkeep change.

Documentation

comparing release pages for dev-utils doesn't show much change in the API that I've seen. Open to being wrong or missing something.

Related Issues

GHSA-33f9-j839-rf8h, I don't see any issues about this from a search on the issues board.

[GaryPWhite]

oh wow, missed this before, but it does seem like this might be a much bigger change than I anticipated.

Turns out that react-dev-utils dropped support for before version 14. I can tell that 10 is past EOL and 12 is getting there, but unsure how the team will adopt new versions atm. Depending on interest in updating, this PR might be sitting for a while or become useless :/ would be happy to get a second opinion.

[wardpeet]

node 14.15 is the lowest version we support right now so we should be good

[mbicknese]

node 14.15 is the lowest version we support right now so we should be good

Unrelated to this issue, which lgtm, should the node 14+ be reflected in the top-level package.json? The current engine field states "node": ">=12.13.0"

[LekoArts]

The relevant engines key is here, so it's okay:

gatsby/packages/gatsby/package.json

Line 199 in 238faef

"node": ">=14.15.0"

[GaryPWhite]

thanks for the clarity, all!

Let me know if there's anything I should dig into here. The failures appear to be... obscure... like failing since something is already running :) I'm happy to dive in but assume maybe something else is happening on the tests at the moment. Happy to help where requested!

[LekoArts]

Thanks!

[ruchernchong]

Is this released soon?