Feature/upgrade packages

[unprofessional]

What's this PR do?

Security vulnerability fixes

• Primary affect appears to have been lodash, eslint, and sequelize. The others might be sub-package dependencies (i'm not sure how the security alerts organizes itself)
• All primary affected packages have been upgraded to latest

Upgrades

• Babel to Babel7
• Gulp to Gulp4
• Sequelize to Sequelize5
• Winston to Winston3 with all the necessary refactoring:
  • leverages Winston's logger container so multiple custom loggers can be utilized
  • logger formatter for prettiness

Deprecation fixes

• supertest-as-promised is now simply supertest:
  • https://www.npmjs.com/package/supertest-as-promised (note the red banner deprecation message)
• sequelize finally removed findById after many versions warning of its deprecation and so I simply used findOne with a where clause instead
• gulp no longer supports the array with task-chaining syntax and instead implements gulp.series and gulp.parallel as improved and intuitive ways to call your tasks
  • https://codeburst.io/switching-to-gulp-4-0-271ae63530c0
  • https://fettblog.eu/gulp-4-parallel-and-series/
  • https://www.sitepoint.com/how-to-migrate-to-gulp-4/
  • This also obviates the need to use run-sequence and so it was removed
• sequelize also removed the need to define operatorsAliases as false in v5 (https://github.com/sequelize/sequelize/issues/8417#issuecomment-480547402) which was traditionally used to silence the complaints about not using string-based operators (https://github.com/sequelize/sequelize/issues/8417#issuecomment-334056048)

Etc

• yarn eslint --fixed the repo so there's a bunch of style fixes in here, too

Related JIRA tickets:

• N/A

How should this be manually tested?

• yarn start and make sure it doesn't blow up
• yarn test and make sure everything passes

Any background context you want to provide?

• It was time to get this repo to current standards and best practices

Screenshots (if appropriate):

[unprofessional]

Seeing this on commits:

Warning: Setting pre-commit script in package.json > scripts will be deprecated
Please move it to husky.hooks in package.json, a .huskyrc file, or a husky.config.js file
Or run ./node_modules/.bin/husky-upgrade for automatic update

Will seek to update this to spec soon.

EDIT: Resolved

[unprofessional]

Seeing this on startup and tests:

[SEQUELIZE0004] DeprecationWarning: A boolean value was passed to options.operatorsAliases. This is a no-op with v5 and should be removed.

Investigating.

EDIT: Resolved

[unprofessional]

This looks like it addresses the security vulns reporting on the frontpage of this repo. Should be ready to review.

[unprofessional]

I've tagged several of you, but only need two of you to sign-off/approve.

[unprofessional]

Adding @5t33 and @puckybreg in case no one else can get to this sooner. Just don't want it to sit for weeks.

[orndorffgrant]

When I run yarn install, yarn.lock gets modified, but I would expect nothing should be changed on a fresh clone.

Also, when I run yarn test I'm getting an interesting error - not sure what it is The tests appear to run fine and pass though.

[puckybreg]

@orndorffgrant @unprofessional what is the latest on this?

[orndorffgrant]

Unsure, @puckybreg can you try to replicate what I found?

[puckybreg]

@orndorffgrant I can give it a shot. I'm running into an issue with my yarn version but am trying to upgrade.

[puckybreg]

Same issues with the tests on my end

[unprofessional]

@orndorffgrant @puckybreg Basically it's because of the nature of jest, supertest, and sequelize -- in order to successfully stop the jest process without doing something un-graceful like --forceExit, I am explicitly closing the sequelize connections when we're done with them. However, the steps seem to be out of sync (despite tracing the code and troubleshooting to confirm that things should be in sync as the code is written). It's strange though since it looks like despite its complaints it still executes queries just fine.

Last I touched this was two weeks ago before I got pulled into some other work. I'll see if I have time this weekend to dig through this again and see if I can rearrange some code so it doesn't complain again.

[unprofessional]

Eh, I don't understand it, so I'm just going to merge this for now and look into the issue separately.