Revisit dependencies (JS)

palinka commented 5 years ago

Description

Update and upgrade dependencies.

TODO

[x] Update (Minor and patch versions according to semver)
[x] Ugrade (Major versions; may break)
[x] Ensure all tests (including integration tests) run fine.
[x] Travis CI does not fail.
[x] No warnings for yarn install.
[x] Upgrading instructions for README. Do we have to increase major version?
[x] Any unused dependencies?

For review

[x] Test in debug mode in app
[x] Test also in release mode

palinka commented 5 years ago

Using yarn upgrade-interactive --latest

palinka commented 5 years ago

Not upgrading class-transformer, nyc, web3 as it would break tests.

palinka commented 5 years ago

Adding the lib to a project produces warnings about peer dependencies. Yarn does install also peer dependencies and will change this warning in future versions.

https://github.com/yarnpkg/yarn/issues/4064

palinka commented 5 years ago

Warnings caused by web3 are addressed here: #280 .

palinka commented 5 years ago

We need to discuss if we really should move to node 10. So far we have one dependency requiring that.

Upgrading ipfsd-ctlipfsd-ctl in jolocom-lib will make use of newer libp2p-crypto@0.16.0 which needs node10+ to compile

https://github.com/jolocom/jolocom-lib/pull/279/commits/c0e391251a294211cb257a11d01fc04191888d97

If we do not move, Node.js 8.15.0 is latest LTS. Should be used in travis et.all.

palinka commented 5 years ago

We'll upgrade to node 10 and do will not reflect that in a major version release.

palinka commented 5 years ago

Summary: the following warnings are produced when yarn add is used. No warnings for yarn install

warning jolocom-lib > jolocom-registry-contract > web3 > web3-bzz > swarm-js > fs-promise@2.0.3: Use mz or fs-extra^3.0 with Promise Support
warning jolocom-lib > jolocom-registry-contract > web3 > web3-bzz > swarm-js > tar.gz@1.0.7: ⚠️  WARNING ⚠️ tar.gz module has been deprecated and your application is vulnerable. Please use tar module instead: https://npmjs.com/tar
warning jolocom-lib > jolocom-registry-contract > truffle-hdwallet-provider > web3-provider-engine > ethereumjs-block > merkle-patricia-tree > level-ws > xtend > object-keys@0.4.0:

Addressed here: #280

[2/4] Fetching packages...
[3/4] Linking dependencies...
warning "jolocom-lib > sinon-chai@3.3.0" has unmet peer dependency "chai@^4.0.0".
warning "jolocom-lib > sinon-chai@3.3.0" has unmet peer dependency "sinon@>=4.0.0 <8.0.0".

Yarn issue that causes no trouble.

Not all dependencies are upgraded, see above.

jolocom / jolocom-lib

Revisit dependencies (JS) #277

Description

TODO