search

mozilla / ssl-config-generator

Mozilla SSL Configuration Generator
https://ssl-config.mozilla.org/
Mozilla Public License 2.0
374 stars 60 forks source link

Migrate to browser-sync-v3 fork #235

Closed janbrasna closed 1 month ago

janbrasna commented 8 months ago

Fixes #220, https://github.com/mozilla/ssl-config-generator/pull/218#issuecomment-1875926219

Replacing:

-const BrowserSyncWebpackPlugin = require('browser-sync-webpack-plugin');
+const BrowserSyncWebpackPlugin = require('browser-sync-v3-webpack-plugin');

with updated fork.

Browser-sync in v3.x removed localtunnel thus axios which points in v2.x to a vulnerable version:/

However the webpack plugin while fully compatible with v3.x is not updated to allow for the higher peerDependency version by a trivial condition @f3e9ead and the lack of any news about https://github.com/Va1/browser-sync-webpack-plugin/pull/96 makes it look rather abandoned.

At the same time dependabot will be trying to upgrade browser-sync to 3.x over and over without checking for failed peerDependency in a devDependency (watch fails but build passes so dependabot is happy…) so this PR resolves the issue by using a v3-compatible fork — the only change is allowing the higher peerDependecy version: madbucket/browser-sync-webpack-plugin@46132d8

May be reverted later if the og plugin gets the compatibility fix released.

Also postcss-loader is updated to the highest compatible version (that comes with dropping support for webpack 4, only webpack 5+ is now compatible) — upgrading past the v8.x breaking release would mean Node 18+ only which I'm not sure we want to do right now so left it at the most recent v7.x version that's pretty much on par and keeping the same compatibility.

Works fine (=tested) with Node versions 16, 18, 20 (LTS); might even support Node 14 (where the only limit in lockfile/engines is node-sass 9+ but that should not be needed as it's only optional peer dep and we use sass 1.x instead and that should run just fine even on the latest point releases of Node 14 if needed.)

Supersedes #234, #233, #219, #193

gstrauss commented 1 month ago

All three reviewers of this PR have approved.

I am going to attempt to remove the reviewers to see if github will let me merge the pull request through the GUI.

gstrauss commented 1 month ago

I don't seem to have the ability in the GUI to remove reviewers. I will attempt to merge and push via command line.

...That resulted in:

$ git push origin master
Enumerating objects: 12, done.
Counting objects: 100% (12/12), done.
Delta compression using up to 4 threads
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 2.52 KiB | 258.00 KiB/s, done.
Total 7 (delta 4), reused 0 (delta 0), pack-reused 0 (from 0)
remote: Resolving deltas: 100% (4/4), completed with 4 local objects.
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: 
remote: - New changes require approval from someone other than the last pusher.
To github.com:mozilla/ssl-config-generator
 ! [remote rejected] master -> master (protected branch hook declined)
error: failed to push some refs to 'github.com:mozilla/ssl-config-generator'

Therefore, I have added myself as reviewer, approved, and now I can "Merge pull request" via the GUI.

gstrauss commented 1 month ago

(@janbrasna you merged moments before I did :smile:)

janbrasna commented 1 month ago

The upstream issue got resolved, but no new npm package version got published so we're still stuck with this fork for now. 🤷

@gstrauss TBH I seem to be running into various branch protections randomly too, we'll iron it out over time;) Here I wanted to verify I will be able to merge once it has any Collaborator+ approval. Thanks.