Skip to content

Modernize: React 18 support and dependency refresh#4

Open
randytarampi wants to merge 6 commits into
securitizefrom
modernize
Open

Modernize: React 18 support and dependency refresh#4
randytarampi wants to merge 6 commits into
securitizefrom
modernize

Conversation

@randytarampi

@randytarampi randytarampi commented Jul 10, 2026

Copy link
Copy Markdown
Member

Summary

Builds on the securitize branch (PR #3) with a final modernization pass. Adds React 18 peer dependency support, rebuilds the yarn.lock with updated dependencies, and bumps devDependencies to their latest majors.

Important

This branch includes all commits from securitize. If PR #3 merges first, this PR will automatically reduce to just the single modernization commit below.

Changes

  • React 18 peer support: peerDependencies widened to react: ^18 || ^17 || ^16.8.0 and react-dom: ^18 || ^17 || ^16.8.0
  • yarn.lock rebuild: Regenerated with the new dependency ranges
  • devDependency refresh (bumped to latest majors):
Package Before After
@babel/* ^7.13–7.14 ^7
@typescript-eslint/* ^4.22 ^8
eslint ^7.25 ^8
eslint-config-prettier ^8.3 ^10
eslint-config-react-app ^6 ^7
eslint-plugin-jest ^24 ^29
eslint-plugin-jest-dom ^3.8 ^5
eslint-plugin-mdx ^1.13 ^3
eslint-plugin-prettier ^3.4 ^4
eslint-plugin-promise ^5.1 ^7
eslint-plugin-react-hooks ^4.2 ^5
eslint-plugin-sonarjs ^0.7 ^0.25.1
eslint-plugin-typescript-sort-keys ^1.6 ^3
@types/node ^15 ^24
babel-plugin-i18next-extract ^0.8.3 ^0.10.0
  • New dependency: prop-types: ^15
  • New resolutions: @babel/core: ^7.29.7, @types/jest: ^29, @types/node: ^24, axios: ^1, lodash: ^4.18.1, lodash-es: ^4.18.1, request: npm:postman-request@2.88.1-postman.48
  • Dependency bumps: getstream ^7.4.1, react-file-utils ^1.2.0, linkifyjs ^4.3.3, linkify-plugin-mention ^4.3.3, react-image-lightbox ^5.1.4, stream-analytics ^3.4.4, tslib ^2.8.1, url-parse ^1.5.10, i18next ^20.6.1, classnames ^2.5.1, dayjs ^1.11.21, @webscopeio/react-textarea-autocomplete ^4.9.2

Changed files (41 files, +7472 / −5368)

Full diff: securitize...modernize — touches most component files (React 18 compatibility adjustments), package.json, yarn.lock, jest.config.js, .eslintrc.json, and CHANGELOG.md.


Summary by cubic

Adds React 18 support and modernizes tooling (Node, Yarn, Jest, TS, ESLint) while refreshing dependencies to clear security advisories, with no public API changes. On modernize, the docs build continues-on-error due to legacy docz/Gatsby v2/webpack v4 incompatibilities.

  • Bug Fixes

    • Restored hashtag linking by initializing linkifyjs after registering mention and hashtag plugins.
    • Removed unused stage and path from gatsby-node.js to silence ESLint.
  • Dependencies

    • Peer deps widened: react, react-dom ^18 || ^17 || ^16.8.0; new dep prop-types.
    • Moved to Yarn Berry (packageManager: yarn@4.17.0), rebuilt yarn.lock; require Node >=20.
    • Tooling: Jest ^29 (jest-environment-jsdom, watchman: false, ts-jest isolatedModules: true). TypeScript ^5. ESLint ^8 with @babel/eslint-parser/@babel/eslint-plugin and @typescript-eslint@^8; rule tweaks (ignore sx in react/no-unknown-property, object form for sonarjs/no-duplicate-string).
    • Security: bumped lodash@^4.18.1, immutable@^4.3.8, moment@^2.30.1, postcss@^8, rollup@^2, karma@^6; resolutions for axios@^1, jsonwebtoken@^9.0.2, lodash@^4.18.1, lodash-es@^4.18.1, request -> postman-request, tough-cookie@^4.1.4.
    • Internal: added typed Immutable helpers and TS fixes; refreshed tests/snapshots for react-file-utils@^1.2.0 semantic <button> icon control; cast bridging for ReactTextareaAutocomplete; default Loader cast in InfiniteScrollPaginator.
    • Docs/CI: made docs build non-blocking on modernize with continue-on-error; added webpack v4 fallbacks and an assert mock in gatsby-node.js.
    • Lockfile: regenerated to correctly resolve diff@5.0.0 for mocha@8 in Yarn Berry hardened mode.

Written for commit 63c694c. Summary will update on new commits.

Review in cubic

@bonterra-integrations-serviceuser

bonterra-integrations-serviceuser commented Jul 10, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@randytarampi randytarampi changed the base branch from main to securitize July 10, 2026 12:49
@randytarampi randytarampi force-pushed the modernize branch 2 times, most recently from 8ddf119 to 6217bd7 Compare July 10, 2026 13:11

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed against the latest diff

Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic

Comment thread src/components/Dropdown.test.tsx
@randytarampi randytarampi force-pushed the modernize branch 5 times, most recently from 591bcb9 to b1dc6b6 Compare July 10, 2026 16:07

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed against the latest diff

Not reviewed (too large): docs/page-data/sq/d/1635659820.json (~2 lines) - if these are generated or fixture files, add them to ignored paths to exclude them from future reviews.

Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic

Comment thread docs/chunk-map.json Outdated
Comment thread package.json
randytarampi added a commit that referenced this pull request Jul 10, 2026
- Remove all docz-related assets: docs/ directory, .docz/ cache,
  doczrc.js, gatsby-node.js, all .mdx source files, gatsby-theme-docz/,
  and .github/workflows/docs.yml.
- Move test helpers from src/components/docz.tsx to src/components/testUtils.tsx
  and update Notification.test.tsx import.
- Remove docz, eslint-plugin-mdx from devDependencies.
- Remove get-intrinsic and tough-cookie resolutions (only needed for
  the docz/gatsby build).
- Remove mdx plugin and overrides from .eslintrc.json.
- Remove .docz from .gitignore and docs/ from .eslintignore.
- Remove gatsby-theme-docz from tsconfig.json exclude.
- Bump engines.node from >=20 to >=20.12.0 (eslint-plugin-jest@^29
  requires Node ^20.12.0 || ^22.0.0 || >=24.0.0).
- Rebuild yarn.lock without docz/gatsby dependencies.
Support `react@^18`, force `node@>=20`, and rebuild the `yarn.lock` with new dependencies.

Let's not plan on touching this for another couple years...
docz v2 / Gatsby v2 / webpack v4 is fundamentally incompatible with the
ESM-first dependencies on the modernize branch. The docs build passes on
securitize (and will pass on main once securitize merges), but modernize's
newer dependency tree introduces too many broken transitive deps for the
abandoned docz v2 to handle. The docs build step now uses continue-on-error
when the head ref is 'modernize'.

Also pin tough-cookie to ^4.1.4 (CJS-compatible) for the modernize branch.
…hardened mode.

The lockfile previously merged diff@npm:5.0.0 and diff@npm:^5.0.0 into a
single entry resolving to 5.2.2, which doesn't satisfy mocha@8's exact
diff@5.0.0 dependency. Regenerating from scratch produces separate entries:
- diff@npm:5.0.0 → 5.0.0 (for mocha@8)
- diff@npm:^5.0.0 → 5.2.2 (for other consumers)
- Remove all docz-related assets: docs/ directory, .docz/ cache,
  doczrc.js, gatsby-node.js, all .mdx source files, gatsby-theme-docz/,
  and .github/workflows/docs.yml.
- Move test helpers from src/components/docz.tsx to src/components/testUtils.tsx
  and update Notification.test.tsx import.
- Remove docz, eslint-plugin-mdx from devDependencies.
- Remove get-intrinsic and tough-cookie resolutions (only needed for
  the docz/gatsby build).
- Remove mdx plugin and overrides from .eslintrc.json.
- Remove .docz from .gitignore and docs/ from .eslintignore.
- Remove gatsby-theme-docz from tsconfig.json exclude.
- Bump engines.node from >=20 to >=20.12.0 (eslint-plugin-jest@^29
  requires Node ^20.12.0 || ^22.0.0 || >=24.0.0).
- Rebuild yarn.lock without docz/gatsby dependencies.
@randytarampi randytarampi self-assigned this Jul 10, 2026
@randytarampi randytarampi added the enhancement New feature or request label Jul 10, 2026
- Run prettier on FeedManager.tsx, immutable.ts, tsconfig.json
- Add @types/lodash devDependency — was transitive via docz/gatsby on
  securitize, but the docz removal dropped it from the lockfile
- Restore @ts-ignore comments on actor objects in testUtils.tsx —
  these were present in the original docz.tsx but dropped during the
  rename. The actor objects lack required EnrichedUser fields
  (created_at, id, updated_at)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Development

Successfully merging this pull request may close these issues.

2 participants