Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BREAKING: Upgrade Jest to v29 #348

Merged
merged 6 commits into from
Oct 30, 2023
Merged

Conversation

legobeat
Copy link
Contributor

@legobeat legobeat commented Sep 3, 2023

#319 + #345 but rebased on next.

Blocked by

Version

Published prerelease version: v0.14.0-next.2

Changelog

🚀 Enhancement

🐛 Bug Fix

🏠 Internal

📝 Documentation

  • Docs: Expand ejected config docs with an example #363 (@yannbf)

Authors: 4

@legobeat legobeat marked this pull request as ready for review September 3, 2023 00:35
@socket-security
Copy link

socket-security bot commented Sep 3, 2023

Updated and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
jest-environment-node 28.1.3...29.7.0 None +5/-8 218 kB simenb
jest-runner 28.1.3...29.7.0 None +22/-30 900 kB simenb
jest 28.1.3...29.7.0 None +39/-43 1.67 MB simenb
babel-jest 28.1.3...29.7.0 None +2/-8 30.5 kB simenb
ts-jest 28.0.8...29.1.1 None +40/-44 1.98 MB kul
@types/jest 27.5.2...29.5.6 None +6/-4 409 kB types
jest-playwright-preset 2.0.0...3.0.1 None +40/-44 1.74 MB mxschmitt
jest-circus 28.1.3...29.7.0 None +22/-26 1.04 MB simenb
jest-junit 14.0.1...16.0.0 None +0/-0 41.9 kB jsonp
jest-image-snapshot 5.2.0...6.2.0 None +40/-50 1.75 MB amexopensource

🚮 Removed packages: @jest/[email protected]

@socket-security
Copy link

socket-security bot commented Sep 3, 2023

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue Package Version Note Source
New author create-jest 29.7.0

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

@kasperpeulen kasperpeulen added minor Increment the minor version when merged dependencies Update one or more dependencies version labels Sep 6, 2023
Copy link
Contributor

@kasperpeulen kasperpeulen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! cc @yannbf shall we release those PRs?

@codecov
Copy link

codecov bot commented Sep 6, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (25cb18d) 76.66% compared to head (a4c6555) 76.66%.
Report is 2 commits behind head on next.

Additional details and impacted files
@@           Coverage Diff           @@
##             next     #348   +/-   ##
=======================================
  Coverage   76.66%   76.66%           
=======================================
  Files          11       11           
  Lines         180      180           
  Branches       40       40           
=======================================
  Hits          138      138           
  Misses         42       42           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@legobeat
Copy link
Contributor Author

legobeat commented Sep 6, 2023

@kasperpeulen @yannbf Thank you both for tending to these!

Note on this one: As it is breaking (Jest v29 itself breaks Node.js v12), maybe you want to consider doing a maintenance release of current next before merging in the Jest v29 support?

Also esp #349

@legobeat
Copy link
Contributor Author

legobeat commented Sep 6, 2023

I think in theory it should be possible to retain Node.js v12 compatibility - it woudl take some rework of the ci/tests though.
I'm hoping here that maintaining Node.js v12 compatibility in new versions isn't a prio nd dropping it here is fine..? 😺

@kasperpeulen
Copy link
Contributor

Dropping node 12 is fine, storybook itself also doesn't support node 12 anymore.

@legobeat
Copy link
Contributor Author

legobeat commented Sep 7, 2023

@kasperpeulen right, i was thinking for the benefit of downstreams as well as users who haven't upgraded yet, merging and releasing #349 first would be great.

So my proposed order would be #349 -> release -> #354 -> #348 (this PR)

WDYT?

@kasperpeulen
Copy link
Contributor

@legobeat Sounds good to me.

@yannbf Let's do this when you are back.

@yannbf
Copy link
Member

yannbf commented Oct 8, 2023

Hey there! Sorry for not checking this sooner. I'll update this PR and test it out next week!

@legobeat
Copy link
Contributor Author

legobeat commented Oct 9, 2023

@yannbf Thanks! Just rebased on next and lifted #354 out of draft.

@yannbf yannbf changed the title Upgrade jest dependencies to v29 [rebased] Dependencies: Upgrade Jest to v29 Oct 30, 2023
@yannbf yannbf changed the title Dependencies: Upgrade Jest to v29 BREAKING: Upgrade Jest to v29 Oct 30, 2023
@yannbf yannbf merged commit 93087b0 into storybookjs:next Oct 30, 2023
6 of 7 checks passed
@yannbf yannbf mentioned this pull request Nov 8, 2023
Copy link

github-actions bot commented Nov 8, 2023

🚀 PR was released in v0.14.0 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Update one or more dependencies version minor Increment the minor version when merged released
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants