Merge pull request #205 from jannis-baum/issue/204-upgrade-dependencies

Upgrade dependencies
jannis-baum · Feb 9, 2025 · 668de49 · 668de49
2 parents bcacc48 + 48da986
commit 668de49
Show file tree

Hide file tree

Showing 5 changed files with 1,114 additions and 677 deletions.
diff --git a/.github/.markdownlint-cli2.yaml b/.github/.markdownlint-cli2.yaml
@@ -1,3 +1,6 @@
+# schema:
+# https://github.com/DavidAnson/markdownlint-cli2/blob/main/schema/markdownlint-cli2-config-schema.json
+
 globs:
   - '**/*.md'
 
@@ -7,3 +10,11 @@ ignores:
   # GitHub issues don't quite abide by Markdown standards (e.g. single line
   # breaks are reproduced when rendered)
   - '.github/ISSUE_TEMPLATE/**/*'
+  - 'static/**/*'
+
+config:
+  # schema:
+  # https://github.com/DavidAnson/markdownlint/blob/v0.32.1/schema/.markdownlint.yaml
+  MD033:
+    allowed_elements:
+      - 'kbd'
diff --git a/docs/upgrading-dependencies.md b/docs/upgrading-dependencies.md
@@ -0,0 +1,34 @@
+# How to upgrade dependencies
+
+This document explains how to upgrade dependencies of Vivify. Only relevant for
+maintainers.
+
+## Process
+
+1. First commit: Run `yarn upgrade-interactive --latest`, go through the list,
+   press <kbd>space</kbd> on all yellow and green entries, and confirm with
+   <kbd>enter</kbd>. This should always be fine and not break anything (unless
+   developers didn't properly flag some minor breaking change which often
+   happens).
+2. Check that you can still `make install`, that `yarn lint` and `yarn dev`
+   still work as they should, and that auto-refreshing with the Vim plugin
+   works. You can use the files in [`tests/rendering`](../tests/rendering) to
+   confirm. If something broke, fix the problems with one commit each.
+3. Next commit: Run `yarn upgrade-interactive --latest` again and install all
+   red (breaking) `devDependencies`.
+4. Repeat *step 2*.
+5. Run `yarn upgrade-interactive --latest` again and go through the list of red
+   (breaking) `dependencies`. Look up what the exact breaking change is and how
+   it affects the project. With one commit each, upgrade the dependency and fix
+   whatever (if anything) it broke as in *step 2*.
+6. Run `yarn deduplicate` and then `yarn` to keep only the newest required
+   versions of dependencies and hopefully address all security issues the
+   [Dependabot](https://github.com/jannis-baum/Vivify/security/dependabot) had
+   found.
+7. Repeat *step 2* a final time, open a PR and ask another maintainer for a
+   review.
+
+## Reviewing upgrade PRs
+
+You can follow along *step 2* above to check things are working and leave
+comments on the PR if they aren't.
diff --git a/package.json b/package.json
@@ -7,21 +7,22 @@
     "viv": "VIV_PORT=3000 node --loader ts-node/esm src/app.ts",
     "lint": "eslint src static",
     "lint-markdown": "markdownlint-cli2 --config .github/.markdownlint-cli2.yaml",
-    "test": "node --loader ts-node/esm tests/unit/cli.ts"
+    "test": "node --loader ts-node/esm tests/unit/cli.ts",
+    "deduplicate": "yarn-deduplicate"
   },
   "type": "module",
   "dependencies": {
-    "@primer/octicons": "^19.11.0",
-    "@viz-js/viz": "^3.7.0",
+    "@primer/octicons": "^19.15.0",
+    "@viz-js/viz": "^3.11.0",
     "ansi_up": "^6.0.2",
-    "axios": "^1.7.2",
-    "express": "^4.19.2",
-    "glob": "11.0.0",
-    "highlight.js": "^11.10.0",
-    "katex": "^0.16.11",
+    "axios": "^1.7.9",
+    "express": "^4.21.2",
+    "glob": "11.0.1",
+    "highlight.js": "^11.11.1",
+    "katex": "^0.16.21",
     "markdown-it": "^14.1.0",
-    "markdown-it-anchor": "^9.0.1",
-    "markdown-it-attrs": "^4.1.6",
+    "markdown-it-anchor": "^9.2.0",
+    "markdown-it-attrs": "^4.3.1",
     "markdown-it-deflist": "^3.0.0",
     "markdown-it-emoji": "^3.0.0",
     "markdown-it-footnote": "^4.0.0",
@@ -31,39 +32,39 @@
     "markdown-it-mark": "^4.0.0",
     "markdown-it-sub": "^2.0.0",
     "markdown-it-sup": "^2.0.0",
-    "markdown-it-table-of-contents": "^0.6.0",
+    "markdown-it-table-of-contents": "^0.9.0",
     "markdown-it-task-lists": "^2.1.1",
     "markdown-it-texmath": "^1.0.0",
-    "mermaid": "^11.0.2",
+    "mermaid": "^11.4.1",
     "node-stream-zip": "^1.15.0",
     "open": "^10.1.0",
     "tmp": "^0.2.3",
-    "uuid": "^10.0.0",
+    "uuid": "^11.0.5",
     "ws": "^8.18.0"
   },
   "devDependencies": {
-    "@eslint/eslintrc": "^3.1.0",
-    "@eslint/js": "^9.6.0",
-    "@jupyterlab/nbformat": "^4.2.3",
-    "@types/express": "^4.17.21",
+    "@eslint/eslintrc": "^3.2.0",
+    "@eslint/js": "^9.20.0",
+    "@jupyterlab/nbformat": "^4.3.5",
+    "@types/express": "^5.0.0",
     "@types/markdown-it": "^14.1.1",
-    "@types/node": "^22.5.0",
-    "@types/primer__octicons": "^19.6.3",
+    "@types/node": "^22.13.1",
+    "@types/primer__octicons": "^19.11.0",
     "@types/tmp": "^0.2.6",
-    "@types/uuid": "^10.0.0",
-    "@types/ws": "^8.5.10",
-    "@typescript-eslint/eslint-plugin": "^8.2.0",
-    "@typescript-eslint/parser": "^8.2.0",
-    "eslint": "^9.6.0",
-    "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-prettier": "^5.1.3",
-    "nodemon": "^3.1.4",
+    "@types/ws": "^8.5.14",
+    "@typescript-eslint/eslint-plugin": "^8.23.0",
+    "@typescript-eslint/parser": "^8.23.0",
+    "eslint": "^9.20.0",
+    "eslint-config-prettier": "^10.0.1",
+    "eslint-plugin-prettier": "^5.2.3",
+    "nodemon": "^3.1.9",
     "postject": "^1.0.0-alpha.6",
-    "prettier": "^3.3.2",
-    "ts-loader": "^9.5.1",
+    "prettier": "^3.5.0",
+    "ts-loader": "^9.5.2",
     "ts-node": "^10.9.2",
-    "typescript": "^5.5.3",
-    "webpack": "^5.92.1",
-    "webpack-cli": "^5.1.4"
+    "typescript": "^5.7.3",
+    "webpack": "^5.97.1",
+    "webpack-cli": "^6.0.1",
+    "yarn-deduplicate": "^6.0.2"
   }
 }
diff --git a/src/parser/markdown.ts b/src/parser/markdown.ts
@@ -33,13 +33,6 @@ mdit.use(lineNumbers);
 /* @ts-expect-error: module not typed */
 import texMath from 'markdown-it-texmath';
 /* @ts-expect-error: module not typed */
-import katex from 'katex';
-mdit.use(texMath, {
-    engine: katex,
-    delimiters: 'dollars',
-    katexOptions: config.katexOptions,
-});
-/* @ts-expect-error: module not typed */
 import defList from 'markdown-it-deflist';
 mdit.use(defList);
 /* @ts-expect-error: module not typed */
@@ -60,6 +53,12 @@ mdit.use(toc, config.tocOptions);
 
 // MARK: untyped plugins done
 
+import katex from 'katex';
+mdit.use(texMath, {
+    engine: katex,
+    delimiters: 'dollars',
+    katexOptions: config.katexOptions,
+});
 // markdown-it-front-matter requires a callback function but we aren’t doing
 // anything with it, so we just pass in a noop.
 mdit.use(frontMatter, () => {});