chore: update @svgr/webpack to version 6 #5958
Conversation
* svgr changelog https://github.com/gregberge/svgr/releases * SVGO 2 changelog https://github.com/svg/svgo/releases/tag/v2.0.0 * depend on maintained svgo version * although svgr 6 is in alpha, it fixes a few issues with webpack 5 (gregberge/svgr@1a8cc98) and React (gregberge/svgr@3700aba) * see also facebook#5703
ludofischer
requested review from
Josh-Cena,
lex111 and
slorber
as code owners
There was a problem hiding this comment.
Thanks, fixed the webpack config breaking changes
I honestly don't know what the state of #5703 is and whether we plan to upgrade SVGR in that PR instead... I also don't know if it's good to send an Alpha version down to all the users because we put it in the init template, but overall after #5872 I think we feel a much stronger compelling force to upgrade.
|
✔️ [V2] 🔨 Explore the source changes: df034ca 🔍 Inspect the deploy log: https://app.netlify.com/sites/docusaurus-2/deploys/61a45cdd61a6850008b6f026 😎 Browse the preview: https://deploy-preview-5958--docusaurus-2.netlify.app |
|
⚡️ Lighthouse report for the changes in this PR:
Lighthouse ran on https://deploy-preview-5958--docusaurus-2.netlify.app/ |
|
For some reason E2E tests are failing because it's still trying to pull the old SVGR v5 ㄟ(▔,▔)ㄏ |
Josh-Cena
added
the
pr: maintenance
|
What are good reasons to ship an alpha? What is the benefit for the Docusaurus users in particular? |
From what I can see, Yarn 1 on Node.js 17 fails, Yarn 1 on Node.js 16 fails but Yarn berry on Node.js 14 succeeds and Yarn 1 on Node.js 14 succeeds. Why do you think the cause is that it is still trying to pull SVGR 5? I do notice that if you run |
We publish the docusaurs on a locally hosted Verdaccio npm repository, and then install the published version (not from global npm registry). Not sure why it happens exactly but we must figure this out for sure. We have a |
As a user myself, I prefer to depend (transitively) on an updated svgo version. As many packages that deal with parsing and XML tend to be fairly security-alert prone. Of course, most of these alerts do not apply to the usage in Docusaurus, but it is a burden to always have to explain this. From looking at the issues in the svg repository I have the impression that svgr has few breaking changes (or changes at all) planned. We can ask @gregberge if using the alpha is recommended. |
|
Yeah it is safe enough, I think I will release the final this weekend. The core is done, I just need to update docs. |
Thanks for the heads up! |
I am not sure what you mean. From the log I think the CI is 's publishing the state of the checked-out repository to the Verdaccio instance as docusaurus/admin/scripts/test-release.sh Line 51 in ac1df88
When I have tried running |
There are multiple deprecation / security warnings for SVGR v5 -> SVGO v1. Also #5144. Also in the wake of #5872 we should think about using a more robust dep version.
Cool, then let's wait till the weekend👍 Glad we don't have to ship alpha
You don't need to run |
|
Fixed the E2E workflow. Also cleaned up the workflow a little bit |
Josh-Cena
added
the
status: don't merge yet
|
Thanks @Josh-Cena that makes sense Thanks @gregberge , I think we can wait for the final release then ;) |
Yeah I am sorry it takes time but it will happen! |
|
@gregberge Thanks! Good job with the release. I've been following gregberge/svgr#629 as well. Happy to see v6 finally going stable |
Josh-Cena
removed
the
status: don't merge yet
|
👍 |
with sole use of @svgr/webpack 6.2.1. docusaurus v2.0.0-beta.10 upgraded @svgr/webpack to 6 facebook/docusaurus#5958 to partially address CVE-2021-3803 by removing nth-check 1.0.2 by removing css-select 2.1.0. Signed-off-by: Takuya Noguchi <takninnovationresearch@gmail.com>
Motivation
with webpack 5 (gregberge/svgr@1a8cc98)
and React (gregberge/svgr@3700aba)
Have you read the Contributing Guidelines on pull requests?
Yes
Test Plan
Existing tests since behaviour should stay the same.
Related PRs
#5703