Every minor release we update dependencies to get the latest fixes and improvements. We do this early in the release cycle so that we have some more time to find regressions and issues. This is done on all folders with a package.json, including:
git checkout -b "<issue>-update-dendencies"- make a branch
Then for each folder go through these steps.
npm ci- update your local node_modules to match expected
npm outdated- report on any dependencies which aren’t at the latest
npm install --save[-dev] package@version- install the latest version (be careful and read the release notes if the new version is a major change from the current)
npm dedupe- remove duplicated dependencies
npm audit fix- automatically fix any nested dependencies with vulnerabilities
npm audit- get a report on any remaining vulnerabilities and manually scan it to see if there’s anything else you can do
bootstrap to 4+ as it has many breaking changes. One day we will either raise an issue to upgrade it or migrate off it, but that is outside the scope of this change.
select2 as the latest patch always seems to fail.
jquery to 3.6.0+ as the
select2 search input looses focus on click event, this is an open issue in their repository.
CHT-Core’s webapp is using Enketo and jQuery library, at the same time Enketo internally uses a specific version of jQuery. Make sure webapp installs the same jQuery version than the one Enketo uses internally:
Do this by checking the jquery entry in
$ grep '"jquery"' ./webapp/package.json "jquery": "3.2.x", $ grep '"jquery"' ./webapp/node_modules/enketo-core/package.json "jquery": "3.2.x",
Make sure the version of
api/enketo-xslt is the same as
lodash/core since 4.17.21 is failing, this is an open issue in their repository.
helmet since it is not supporting NodeJS 8 anymore. Its minimum is NodeJS 10+.
If you have trouble upgrading any other dependency and you think it’ll be challenging to fix it then raise a new issue to upgrade just that dependency. Don’t hold up all the other upgrades you’ve made.
npm ci errors with “errno -17” in shared-libs you may need to manually remove the nested dependencies from the package-lock.json. This needs move investigation to work out why this is happening.
If you get
TypeError: "$(...).select2 is not a function" then either:
run dedupeto remove the enketo-core copy.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.