Problem/Motivation

? Pick the packages you want to upgrade.          Current          Range            Latest

   @floating-ui/dom ------------------ ◯ ^1.6.8 ------- ◉ ^1.6.12 ------
   chokidar -------------------------- ◯ ^3.6.0 -------                  ◉ ^4.0.1 -------
   cspell ---------------------------- ◉ ^8.16.0 ------ ◯ ^8.16.1 ------
   dotenv ---------------------------- ◯ ^16.4.5 ------ ◉ ^16.4.7 ------
   eslint-plugin-import -------------- ◯ ^2.29.1 ------ ◉ ^2.31.0 ------
   eslint-plugin-no-jquery ----------- ◯ ^3.0.2 ------- ◉ ^3.1.0 -------
   eslint-plugin-yml ----------------- ◯ ^1.14.0 ------ ◉ ^1.16.0 ------
   eslint ---------------------------- ◯ ^8.57.0 ------ ◉ ^8.57.1 ------ ◯ ^9.16.0 ------
   jquery-ui ------------------------- ◯ ^1.14.0 ------ ◉ ^1.14.1 ------
   jquery ---------------------------- ◉ ^4.0.0-beta.2                   ◯ ^3.7.1 -------
   jsdom ----------------------------- ◯ ^24.1.1 ------ ◯ ^24.1.3 ------ ◉ ^25.0.1 ------
   nightwatch ------------------------ ◯ ^3.7.0 ------- ◉ ^3.9.0 -------
   postcss-preset-env ---------------- ◉ ^9.6.0 -------                  ◯ ^10.1.1 ------
   postcss --------------------------- ◉ ^8.4.40 ------ ◯ ^8.4.49 ------
   prettier -------------------------- ◯ ^3.3.3 ------- ◉ ^3.4.2 -------
   sortablejs ------------------------ ◯ ^1.15.2 ------ ◉ ^1.15.6 ------
   stylelint ------------------------- ◯ ^16.10.0 ----- ◉ ^16.11.0 -----
   terser ---------------------------- ◯ ^5.31.3 ------ ◉ ^5.37.0 ------
   tua-body-scroll-lock -------------- ◯ ^1.5.0 ------- ◉ ^1.5.3 -------
 > webpack --------------------------- ◯ ^5.96.1 ------ ◉ ^5.97.1 ------

@longwave confirmed it's okay (in this specific case) to bundle all JavaScript dependencies that don't have the above changes in a single issue.
This is very welcome, because it means a lot can be done in one issue and basically every extra issue about JavaScript dependencies ends up in reroll-limbo if any of the other JavaScript dependencies gets committed.

I hope this also covers core/core.libraries.yml and core/assets/vendor/

  • We don't update postcss* and cspell here, since they have dedicated issues.
  • We can't update eslint to 9.*, there's a dedicated issue for that as well.

Finally there's [3487576#5869338]:

I've opened #3485202: Update to jQuery UI 1.14.1 and use the newly added option for dialog modal headings right after the release of jquery ui 1.14.1. @benjifisher recommended today i should be looking for a "Update JavaScript dependencies" issue, which lead me here. just wanted to note that the issue i've linked is not only about updating jquery ui to the latest version, but jquery ui introduced a setting that enables choosing into which element the dialog modal title should be wrapped. pre 1.14.1 that was a span which is semantically wrong and an accessibility issue. my question is how to proceed? should i rescope the issue i've created and make it only about the addition of that option to core/misc/dialog/dialog.jquery-ui but then it wouldnt make it into 11.1 i suppose? for 11.0 there was a similar case where jquery ui 1.14.0 added the option for adding the aria-modal attribute to dialog modals. that option was added on the issue upgrading to 1.14.0 directly. so just wanted to post here as a headsup. in regards for changing the wrapping element of the title from a span to an h1 @mgifford already commented on #3485202: Update to jQuery UI 1.14.1 and use the newly added option for dialog modal headings and is also in the loop of that change.

@rkoller

Since there seems to be no test-coverage (nothing breaks in our current tests with jQuery UI 1.14.1) I'm absolutely unsure how to handle this.

Absolutely finally, I don't think there's merit in backporting this MR to 10.4/5.x land, since most dependencies are different over there.

Proposed resolution

Remaining tasks

Followup needed for the Nightwatch warning.

API changes

Data model changes

Release notes snippet

Issue fork drupal-3493146

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

spokje created an issue. See original summary.

spokje’s picture

spokje
Primary language Dutch
commented
Issue summary: View changes
spokje’s picture

spokje
Primary language Dutch
commented
Issue summary: View changes
spokje’s picture

spokje
Primary language Dutch
commented
Issue summary: View changes

spokje opened merge request !10521

spokje’s picture

spokje
Primary language Dutch
commented
Issue summary: View changes
Status: Active » Needs review
quietone’s picture

quietone commented
Status: Needs review » Needs work

The cspell issue was committed so this needs some work.

spokje changed the visibility of the branch 11.x to hidden.

spokje’s picture

spokje
Primary language Dutch
commented
Status: Needs work » Needs review

Rebased

smustgrave’s picture

smustgrave commented
Status: Needs review » Reviewed & tested by the community

Applied locally for about 20 minutes while doing other stuff and nothing seemed off. Wasn't sure how else to test.

LGTM

  • catch committed 8646c5fe on 11.1.x 
    Issue #3493146 by spokje, smustgrave: Update all JavaScript dependencies...

  • catch committed 0c91bf7e on 11.x 
    Issue #3493146 by spokje, smustgrave: Update all JavaScript dependencies...
catch’s picture

catch
he/him
Primary language English
commented
Version: 11.x-dev » 10.5.x-dev
Status: Reviewed & tested by the community » Patch (to be ported)

Committed/pushed to 11.x and cherry-picked to 11.1.x, thanks!

Should do the equivalent update for 10.5.x/10.4.x so moving there for 'backport'

spokje opened merge request !10552

spokje’s picture

spokje
Primary language Dutch
commented

TBH I've ran out of steam for fancy diffs and linking issues for stuff that can't be done.

Instead here's the before:

$ yarn outdated --no-links
yarn outdated v1.22.22
info Color legend :
 "<red>"    : Major Update backward-incompatible updates
 "<yellow>" : Minor Update backward-compatible features
 "<green>"  : Patch Update backward-compatible bug fixes
Package                 Current Wanted Latest Package Type          
@floating-ui/dom        1.6.5   1.6.12 1.6.12 devDependencies       
chokidar                3.6.0   3.6.0  4.0.1  devDependencies       
dotenv                  16.4.5  16.4.7 16.4.7 devDependencies       
eslint                  8.57.0  8.57.1 9.17.0 devDependencies       
eslint-plugin-import    2.29.1  2.31.0 2.31.0 devDependencies       
eslint-plugin-no-jquery 3.0.2   3.1.0  3.1.0  devDependencies       
eslint-plugin-prettier  5.1.3   5.2.1  5.2.1  devDependencies       
eslint-plugin-yml       1.14.0  1.16.0 1.16.0 devDependencies       
glob                    10.3.5  10.3.5 11.0.0 devDependencies       
jackspeak               2.1.1   2.1.1  4.0.2  resolutionDependencies
jquery-ui               1.14.0  1.14.1 1.14.1 devDependencies       
jsdom                   24.0.0  24.1.3 25.0.1 devDependencies       
nightwatch              2.4.2   2.4.2  3.9.0  devDependencies       
postcss                 8.4.38  8.4.49 8.4.49 devDependencies       
postcss-preset-env      9.5.11  9.6.0  10.1.2 devDependencies       
prettier                3.2.5   3.4.2  3.4.2  devDependencies       
semver                  7.5.4   7.5.4  7.6.3  resolutionDependencies
shepherd.js             10.0.1  10.0.1 14.3.0 devDependencies       
sortablejs              1.15.2  1.15.6 1.15.6 devDependencies       
terser                  5.31.0  5.37.0 5.37.0 devDependencies       
terser-webpack-plugin   5.3.10  5.3.11 5.3.11 devDependencies       
tua-body-scroll-lock    1.5.0   1.5.3  1.5.3  devDependencies       
underscore              1.13.6  1.13.7 1.13.7 devDependencies       
webpack                 5.96.1  5.97.1 5.97.1 devDependencies
spokje’s picture

spokje
Primary language Dutch
commented

After:

$ yarn outdated --no-links
yarn outdated v1.22.22
info Color legend :
 "<red>"    : Major Update backward-incompatible updates
 "<yellow>" : Minor Update backward-compatible features
 "<green>"  : Patch Update backward-compatible bug fixes
Package            Current Wanted Latest Package Type          
eslint             8.57.0  8.57.1 9.17.0 devDependencies       
glob               10.3.5  10.3.5 11.0.0 devDependencies       
jackspeak          2.1.1   2.1.1  4.0.2  resolutionDependencies
nightwatch         2.4.2   2.4.2  3.9.0  devDependencies       
postcss            8.4.38  8.4.49 8.4.49 devDependencies       
postcss-preset-env 9.5.11  9.6.0  10.1.2 devDependencies       
semver             7.5.4   7.5.4  7.6.3  resolutionDependencies
shepherd.js        10.0.1  10.0.1 14.3.0 devDependencies

spokje closed merge request !10521

spokje’s picture

spokje
Primary language Dutch
commented
Status: Patch (to be ported) » Needs review
catch’s picture

catch
he/him
Primary language English
commented

commit-code-check.sh wasn't happy, yarn check -s gave me this:

warning "backbone#underscore@>=1.8.3" could be deduped from "1.13.7" to "underscore@1.13.7"
warning Resolution field "ejs@3.1.10" is incompatible with requested version "nightwatch#ejs@3.1.8"
warning Resolution field "nightwatch#semver@7.5.4" is incompatible with requested version "nightwatch#semver@7.3.5"
warning "stylelint#debug@^4.3.7" could be deduped from "4.4.0" to "debug@4.4.0"
warning "eslint#@humanwhocodes/config-array#debug@^4.3.1" could be deduped from "4.4.0" to "debug@4.4.0"
error "espree#acorn" not installed
error "espree#acorn-jsx" not installed
error Found 3 errors.

Not sure if it's something up with my local or a problem with the MR.

spokje’s picture

spokje
Primary language Dutch
commented

No clue either, but I'm officially calling it quits on trying to update any JS dependency.
It's far too tedious with rerolls, canary-in-coal-mine for broken HEADs and multiple branches.

I think we should put time in researching something like Renovate or whatever shiny stuff works on GitLab these days.
IMHO it shouldn't take the roughly 10-15hrs I've spent this time around.

This is by no means a rant against core committers, who can somehow juggle multiple branches almost perfectly, but for mere mortals like me, this is _very_ frustrating and something that looks like it can be achieved with automation far easier than a/this human banging its forehead on a keyboard :)

spokje’s picture

spokje
Primary language Dutch
commented
Status: Needs review » Needs work

NW is probably the status for this now.

quietone’s picture

quietone commented

There is an open issue about dedupe, https://github.com/yarnpkg/yarn/issues/7568. Someone solved that by deleting the lock file and then 'yarn install'.

Locally, that worked for the dedupe errors. Still to do is the resolution one.

nod_’s picture

nod_
Primary language French
Location Lille
commented

automation issue is at #3280275: Set up a formal process for ensuring JavaScript dependencies remain up to date

nod_’s picture

nod_
Primary language French
Location Lille
commented

So in 11.x and yarn 2 we don't check dependencies because the command doesn't exists. From the docs:

NOTE: The command yarn check has been historically buggy and undermaintained and, as such, has been deprecated and will be removed in Yarn 2.0. You should use yarn install --check-files instead.

The --check-files option doesn't exist anymore.

the deduping doesn't impact our vendored deps so I'd be inclined to just ignore it and remove the check. i'll try to fix it later today but might just remove that

quietone’s picture

quietone commented

And what about the two 'resolution' warning?

warning Resolution field "ejs@3.1.10" is incompatible with requested version "nightwatch#ejs@3.1.8"
warning Resolution field "nightwatch#semver@7.5.4" is incompatible with requested version "nightwatch#semver@7.3.5"
catch’s picture

catch
he/him
Primary language English
commented

I think we can ignore the warnings, they might be pre-existing. Should open a follow up to try to clean this up though.

xjm’s picture

xjm
she/her
Primary language English
commented

FWIW I got the Nightwatch warning in #25 on HEAD when I was prepping for the live commit at Singapore. (I.e., I believe it also happens on 11.x.) Asked @larowlan about it and he suggested ignoring that at the time.

xjm’s picture

xjm
she/her
Primary language English
commented
Related issues: +#3280275: Set up a formal process for ensuring JavaScript dependencies remain up to date
xjm’s picture

xjm
she/her
Primary language English
commented
Issue summary: View changes
Issue tags: +Needs followup

Tagging for the Nightwatch warning followup and adding it to the IS.

longwave made their first commit to this issue’s fork.

longwave’s picture

longwave
he/him
Primary language English
Location UK
commented
Status: Needs work » Needs review

I think the warnings are safe to ignore.

I fixed the errors by removing the two sets of acorn data from yarn.lock and rerunning yarn install which has deduplicated them correctly and yarn check now has warnings but no errors:

$ yarn check -s
warning "backbone#underscore@>=1.8.3" could be deduped from "1.13.7" to "underscore@1.13.7"
warning Resolution field "ejs@3.1.10" is incompatible with requested version "nightwatch#ejs@3.1.8"
warning Resolution field "nightwatch#semver@7.5.4" is incompatible with requested version "nightwatch#semver@7.3.5"
warning "stylelint#debug@^4.3.7" could be deduped from "4.4.0" to "debug@4.4.0"
warning "eslint#@humanwhocodes/config-array#debug@^4.3.1" could be deduped from "4.4.0" to "debug@4.4.0"

I can further fix the debug and underscore warnings by removing those from the lockfile and running yarn install again. This just leaves:

$ yarn check -s
warning Resolution field "ejs@3.1.10" is incompatible with requested version "nightwatch#ejs@3.1.8"
warning Resolution field "nightwatch#semver@7.5.4" is incompatible with requested version "nightwatch#semver@7.3.5"

I think these are consequences of pinning to Nightwatch 2.4.2, we have been unable to upgrade further in Drupal 10 (but have moved to Nightwatch 3 in Drupal 11).

catch’s picture

catch
he/him
Primary language English
commented
Status: Needs review » Reviewed & tested by the community

That makes sense with the Nightwatch mis-match, good to narrow everything down. Let's get this in.

  • nod_ committed 70106c6d on 10.4.x 
    Issue #3493146 by spokje, longwave, catch, quietone, smustgrave: Update...

  • nod_ committed fa78bb36 on 10.5.x 
    Issue #3493146 by spokje, longwave, catch, quietone, smustgrave: Update...
nod_’s picture

nod_
Primary language French
Location Lille
commented
Version: 10.5.x-dev » 10.4.x-dev
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

finnsky’s picture

finnsky commented

we upgrading node packages to major versions without reading changelog ;)
https://github.com/paulmillr/chokidar?tab=readme-ov-file#upgrading

it is broken now core/scripts/css/postcss-watch.js

const fileMatch = './**/*.pcss.css';
// Ignore everything in node_modules
const watcher = chokidar.watch(fileMatch, {
  ignoreInitial: true,
  ignored: './node_modules/**'
});

so for 1.5 month `yarn watch` not working ;)

finnsky’s picture

finnsky commented

Follow up issue
https://www.drupal.org/project/drupal/issues/3504265

xjm’s picture

xjm
she/her
Primary language English
commented

Amending credit.