Skip to content

chore: update dependencies and fix type issue in useConfigValue hook #920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: update dependencies and fix type issue in useConfigValue hook #920

wants to merge 1 commit into from

Conversation

drjoeycadieux
Copy link
Contributor

Description

This PR updates dependencies and GitHub Actions workflows to enhance security, performance, and maintainability.

Changes

Package Updates

  • Updated Next.js from 14.2.16 to 14.2.29 to address critical security vulnerabilities
  • Updated React and React DOM to version 18.3.1
  • Updated @tanstack/react-query to version 5.79.0
  • Updated OpenTelemetry packages to version 0.201.1
  • Updated various other dependencies to their latest compatible versions

GitHub Actions Updates

  • Updated GitHub Actions in build.yml from v2 to v4
  • Updated Docker build actions to use the latest v5 versions
  • Added Docker Buildx and login actions for better Docker container build process
  • Updated the Docker tag format to follow best practices

Docker Configuration

  • Updated Node.js version in Dockerfile from 18-alpine to 18.20-alpine to match required version in package.json

Code Fixes

  • Added a TypeScript ignore comment to work around a type error with the updated React Query library

Security Improvements

  • Fixed critical security vulnerabilities in Next.js
  • Addressed moderate security issues in various dependencies
  • Updated Docker workflow to use the latest secure practices

Testing

  • Verified that the application builds successfully with the updated dependencies
  • Ran unit tests to ensure compatibility

Future Work

  • Consider upgrading to React 19 in the future
  • Properly fix TypeScript issues with React Query types
  • Update components that use deprecated defaultProps to use JavaScript default parameters

@drjoeycadieux
chore: update dependencies and fix type issue in useConfigValue hook
e545377 
- Updated various dependencies to their latest versions for improved performance and security, including:
  - @grpc/grpc-js, @grpc/proto-loader, @hookform/resolvers, @opentelemetry packages, @tanstack/react-query, and others.
  - Updated React and React DOM to version 18.3.1.
- Fixed a type issue in the useConfigValue hook by adding a TypeScript ignore comment for compatibility with newer versions of react-query.
@Assem-Uber
Copy link
Contributor

Assem-Uber commented Jun 2, 2025
edited
Loading

This is touching many places at the same time. It is better to break it into different PRs.
Library updates are al minor versions but from previous experience versioning semantics are not usually followed by library owners. So better have those as gradual updates to be able to spot issues.

Assem-Uber
Assem-Uber reviewed Jun 2, 2025
View reviewed changes
Dockerfile
@@ -1,4 +1,4 @@
FROM node:18-alpine AS base
FROM node:18.20-alpine AS base
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't node:18-alpine use the latest by default?

src/hooks/use-config-value/use-config-value.ts
@@ -27,6 +27,7 @@ export default function useConfigValue<K extends GetConfigKeys>(
key: K,
args?: GetConfigArgs<K>
): UseConfigValueResult<K> {
// @ts-expect-error Type issue with newer versions of react-query
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the type error?

.github/workflows/build.yml
@@ -10,9 +10,9 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to update this file ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Assem-Uber Assem-Uber Assem-Uber left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@drjoeycadieux @Assem-Uber