addisonbeck commented 8 months ago

[AC-1743] pt. 5 ⮕ Perform Minor Upgrades

Type of change

[ ] Bug fix
[ ] New feature development
[x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
[ ] Build/deploy pipeline (DevOps)
[ ] Other

💰 Objective

As part of an initiative to audit dependencies across Directory Connector we should perform minor upgrades on any dependencies that need them.

🏦 The Problem

Directory Connector's dependencies are outdated. There are a handful of minor upgrades we can do that should be safe and worry free.

🥷 The Solution

The following patch upgrades were made, covering all patch upgrades currently available.

Package	Upgraded From	Upgraded To
`@angular-eslint/eslint-plugin-template`	`17.1.1`	`17.2.0`
`@angular-eslint/template-parser`	`17.1.1`	`17.2.0`
`@microsoft/microsoft-graph-types`	`2.38.0`	`2.40.0`
`core-js`	`3.32.1`	`3.35.0`
`css-loader`	`6.8.1`	`6.9.0`
`electron-builder`	`24.6.3`	`24.9.1`
`eslint`	`8.48.0`	`8.56.0`
`eslint-plugin-import`	`2.28.1`	`2.29.1`
`html-webpack-plugin`	`5.5.3`	`5.6.0`
`jest`	`29.6.4`	`29.7.0`
`sass`	`1.66.1`	`1.69.7`
`ts-loader`	`9.4.4`	`9.5.1`
`webpack`	`5.88.2`	`5.89.0`
`webpack-merge`	`5.9.0`	`5.10.0`

ℹ️ NOTE: I didn't go through all of these and check for breaking changes, and trusted them to be non-breaking changes following the standard of semantic versioning. To verify that there aren't any breaking changes I am trusting our build automations, tests, QA process, and my own application testing. If we want to do a more thorough job auditing these lets discuss.

⏭️ What's next?

Next up in this dependency upgrade effort I'll be:

Performing any "safe" major upgrades for outdated packages
Upgrading Angular, Webpack, Node, and npm to their latest LTS versions
Handling the remaining major upgrades for outdated packages on a case-by-case basis
Checking in with renovate to see what is still missing

Testing requirements

There are no specific testing requirements for this. QA will be doing a regression run of Directory Connector at the end of this effort.

Before you submit

[x] I have checked for linting errors (npm run lint) (required)
[ ] I have added unit tests where it makes sense to do so (encouraged but not required)
[ ] This change requires a documentation update (notify the documentation team)
[ ] This change has particular deployment requirements (notify the DevOps team)

addisonbeck commented 7 months ago

@eliykat I originally had a PR queued up for after this one that bulk-updated a bunch of smaller major dependencies. This broke a lot and got really out of hand, so I'm changing plans a bit and am going to submit major upgrades on a per-package (or package group) basis. See https://github.com/bitwarden/directory-connector/issues/408 for things to review after this PR.

bitwarden-bot commented 7 months ago

Checkmarx One – Scan Summary & Details – 48d4ff18-8c70-4094-9148-2cf5cce73a90

bitwarden / directory-connector