Application is using many old dependencies that need to be updated

[abnud1]

When viewing the dependencies of the project, both backend dependencies (requirements.txt) and frontend dependencies (package.json) I see many packages are still using very old versions, examples: gunicorn: current version 19.6, latest version is 21.2 redis: current version 3.5.3, latest version is 5.0.0 webpack: current version is 4, latest version is 5 flow-bin: current version is 0.75, latest version is 0.215.1 and many others

I plan to contribute to this issue by updating packages one-by-one in separate PRs, that is each PR will upgrade one dependency whether backend or frontend.

We need to upgrade these packages:

• [ ] #1031
• [ ] dj-database-url
• [ ] better to pin Django to 4.2.4
• [ ] django-allauth
• [ ] django-appconf
• [ ] django-compressor
• [ ] django-cors-headers
• [ ] django-debreach
• [ ] django-registration
• [ ] django-rq
• [ ] django-s3direct
• [ ] django-storages
• [ ] django-timezone-field
• [ ] docutils
• [ ] gunicorn
• [ ] jmespath
• [ ] psutil
• [ ] psycopg2 to psycopg 3
• [ ] rcssmin
• [ ] redis
• [ ] requests
• [ ] rq
• [ ] simplejson
• [ ] six
• [ ] whitenoise And frontend packages:
• [ ] babel packages
• [ ] @svgr/webpack
• [ ] @tryghost/content-api
• [ ] aws-sdk migration to modularized v3
• [ ] remove bluebird
• [ ] core-js
• [ ] css-loader
• [ ] flow-bin
• [ ] jest dependencies
• [ ] webpack and its plugins
• [ ] prettier
• [ ] react to v18
• [ ] react-bootstrap
• [ ] react-datepicker
• [ ] react-file-drop
• [ ] react-helmet
• [ ] react-google-recaptcha
• [ ] react-image-crop
• [ ] react-markdown
• [ ] react-select
• [ ] react-sortablejs
• [ ] regenerator-runtime
• [ ] repeating

[PeterBreen]

I'm not trying to dissuade you but just so you're forewarned -- some of these are gonna be bigger issues than they may seem from the list. For example, React to v18 requires us to replace Flux, which uses unsafe lifecycles removed from 18 (see #1025). React-bootstrap will also require updating all our Bootstrap v4 CSS includes to v5, and there's bound to be breaking changes in there.

On the upside, react-helmet should be removed soon (see #1018) so you can at least cross that one off the list :)

[abnud1]

@PeterBreen Yes I know, I've already dealt with major upgrades before and I know how to do it again

[ddfridley]

@abnud1 Hi, I'm helping with development focus for DemocarcyLab. We've created a DemocracyLab Dashboard and would like to update the status of this issue.

I know that you have one PR posted, that we have in the In Review column. But what is the status of the rest of this. I know that QA testing is a bottleneck. Is it possible to move forward on the other items before that one goes through QA.

Are you available to continue working on this? If not please let me know or unassign yourself.

Thanks!