DemocracyLab / CivicTechExchange

https://www.democracylab.org
MIT License
97 stars 64 forks source link

Application is using many old dependencies that need to be updated #1030

Open abnud1 opened 1 year ago

abnud1 commented 1 year ago

When viewing the dependencies of the project, both backend dependencies (requirements.txt) and frontend dependencies (package.json) I see many packages are still using very old versions, examples: gunicorn: current version 19.6, latest version is 21.2 redis: current version 3.5.3, latest version is 5.0.0 webpack: current version is 4, latest version is 5 flow-bin: current version is 0.75, latest version is 0.215.1 and many others

I plan to contribute to this issue by updating packages one-by-one in separate PRs, that is each PR will upgrade one dependency whether backend or frontend.

We need to upgrade these packages:

PeterBreen commented 1 year ago

I'm not trying to dissuade you but just so you're forewarned -- some of these are gonna be bigger issues than they may seem from the list. For example, React to v18 requires us to replace Flux, which uses unsafe lifecycles removed from 18 (see #1025). React-bootstrap will also require updating all our Bootstrap v4 CSS includes to v5, and there's bound to be breaking changes in there.

On the upside, react-helmet should be removed soon (see #1018) so you can at least cross that one off the list :)

abnud1 commented 1 year ago

@PeterBreen Yes I know, I've already dealt with major upgrades before and I know how to do it again

ddfridley commented 6 months ago

@abnud1 Hi, I'm helping with development focus for DemocarcyLab. We've created a DemocracyLab Dashboard and would like to update the status of this issue.

I know that you have one PR posted, that we have in the In Review column. But what is the status of the rest of this. I know that QA testing is a bottleneck. Is it possible to move forward on the other items before that one goes through QA.

Are you available to continue working on this? If not please let me know or unassign yourself.

Thanks!