Closed Lakith-Rambukkanage closed 2 months ago
All three portals were built using node v22.2.0 (npm v10.7.0)
and smoke tested. No issues found so far.
Proceeding to update the deprecated dependancies.
Changing @babel/plugin-proposal-foo
packages to @babel/plugin-transform-foo
[1] https://github.com/babel/babel/issues/15786#issuecomment-1789047316
Upgraded the dependencies related to babel
and smoke tested. No issues found so far.
Update (14-06-2024)
Admin Portal
Reduced the vulnerable dependancies in admin portal
from : 99 vulnerabilities (2 low, 50 moderate, 43 high, 4 critical)
to : 20 vulnerabilities (1 low, 3 moderate, 16 high)
pending :
webpack-dev-server
from v3 to v5 [1][2]migrate eslint
and related packages
npm init @eslint/config@latest
npx @eslint/migrate-config .eslintrc.js
[1] https://webpack.js.org/migrate/4/ [2] https://webpack.js.org/migrate/5/
[Admin Portal] Update
Upgraded Eslint and web pack in the admin portal. Patched the remaining vulnerabilities and fixed Intl message extraction.
99 vulnerabilities (2 low, 50 moderate, 43 high, 4 critical)
=> 3 moderate severity vulnerabilities
Note on running :npm run build:prod
The following error cannot be fixed since it's not fix in a the latest version of a dependent library url-js
[1]
(node:19163) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
48 vulnerabilities (3 low, 15 moderate, 23 high, 7 critical)
=> 12 vulnerabilities (6 moderate, 5 high, 1 critical)
Lodash
critical vulnerability in graphql-to-postman
is yet to be fixed [1]
@stoplight/elements
is not yet react 18 supported. this is a breaking change and the warnings cannot be resolved at the moment
[1] https://github.com/postmanlabs/graphql-to-postman/pull/22 [2] https://github.com/stoplightio/elements/issues/2365
Update
Fixed the dev portal swagger UI style rendering issue and related dependancies.
48 vulnerabilities (3 low, 15 moderate, 23 high, 7 critical)
=> 9 vulnerabilities (3 moderate, 5 high, 1 critical)
The remaining vulnerabilities are from swagger2-postman2-converter
and graphql-to-postman
libraries which are not maintained or haven't fixed vulnerabilities/deprecations yet.
npm i
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated @humanwhocodes/config-array@0.5.0: Use @eslint/config-array instead
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated @humanwhocodes/object-schema@1.2.1: Use @eslint/object-schema instead
npm warn deprecated json-schema-ref-parser@6.1.0: Please switch to @apidevtools/json-schema-ref-parser
added 1514 packages, and audited 1515 packages in 3m
236 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
25 vulnerabilities (2 low, 8 moderate, 14 high, 1 critical)
=> found 0 vulnerabilities
The @stoplight/elements
being react 18 incompatible is not fixable ATM
Cannot migrate to ESLint 9 yet since several dependent libraries are not supported yet for the newly introduced flat config and other breaking API changes [1]
https://github.com/airbnb/javascript/issues/2961#issue-2229282975
Running UI tests to confirm functionality as usual after the upgrades
First run :
Spec Tests Passing Failing Pending Skipped
✖ 30 of 115 failed (26%) 7:31:28 157 118 40 - -
PS : have intermittent failures due to screensaver and network sleep. Rerunning to validate again
Remaining test cases to verify / fix :
All the test cases are passing except for the ones identified as intermittent / BE errors.
Remaining sub tasks to resolve
punycode
waring in npm run build:prod @hapi/joi
to joi
and fix breaking changesswagger2-postman2-converter
when releasedgraphql-to-postman
when released
Problem
The product UI portals are built on Node.js 16.x and the latest LTS version is 20.x (22.x will enter LTS in Oct 2024). Many of the dependancies in the portals are also deprecated or using older versions. This issue will track the effort upgrade dependancies and the node version.
Solution
Upgrade :
Affected Component
APIM
Version
4.4.0
Implementation
No response
Related Issues
https://github.com/wso2/api-manager/issues/2191
Suggested Labels
No response