chore: Dependency updates 24/03/2026#3352
Conversation
| @@ -1,14 +1,10 @@ | |||
| import { writeFileSync } from 'node:fs'; | |||
| import zodToJsonSchema from 'zod-to-json-schema'; | |||
There was a problem hiding this comment.
We were previously using https://github.com/StefanTerdell/zod-to-json-schema to generate the JSON schema however this dependency has been deprecated.
As of November 2025, this project will no longer be receiving updates. Zod v4 natively supports generating JSON schemas, so I recommend you switch to the new major, or better yet, a decent language ;)
Zod now supports natively generating a JSON schema so we don't need it anymore.
There was a problem hiding this comment.
or we could migrate the whole thing to rust I guess
There was a problem hiding this comment.
Lets finish the db migration first.
| const log = (...messages) => logIt(messages); | ||
| const warn = (...messages) => logIt(messages, red); | ||
| const prompt = (...messages) => logIt(messages, yellow); | ||
| const localPrompt = (...messages) => logIt(messages, yellow); |
There was a problem hiding this comment.
As of upgrading @guardian/eslint-config it seems like the no-redeclare rule has been enabled, which now complains because prompt is an existing global in browsers
| advertising, and disable the sharing of data with partners for | ||
| personalised advertising purposes by clicking the "Privacy settings" | ||
| link in the footer of every page of our site. | ||
| personalised advertising purposes by clicking the "Privacy |
There was a problem hiding this comment.
As of upgrading @guardian/eslint-config it seems like the react/no-unescaped-entities rule has been enabled which requires us to escape special characters such as "
| ...(structuredError?.severity === 'CSRF' | ||
| ? [ | ||
| <p> | ||
| <p key={'CSRF'}> |
There was a problem hiding this comment.
Ditto the previous eslint comments about react/jsx-key which requires elements created in an iterator to have a key set.
| return ( | ||
| <InformationBoxText isGoogleOneTap={isGoogleOneTap}> | ||
| <InformationBoxText | ||
| key={index} |
There was a problem hiding this comment.
Its not recommended to use index here, but we don't have another ID that we can use for creating these elements.
| margin: 0; | ||
| `; | ||
|
|
||
| const ConditionalIframeThemeWrapper = ({ |
There was a problem hiding this comment.
Ditto the previous eslint comments, although this time about react-hooks/static-components. This rule requires us to not create React components from within a function, apparently this makes them more efficient as it doesn't have to re-render the entire component each time.
| path, | ||
| }: { | ||
| req: Request; | ||
| req: Request<{ token: string }>; |
There was a problem hiding this comment.
Upgrading to the latest version of @types/express introduces a change where query parameters become a string | string[] type, instead of a string type unless we specify the type of query parameters ourselves.
| const { clientId, useOktaClassic } = res.locals.queryParams; | ||
| handleAsyncErrors( | ||
| async (req: Request<{ token: string }>, res: ResponseWithRequestState) => { | ||
| const { token: encryptedRecoveryToken } = req.params; |
There was a problem hiding this comment.
Theres a lot of diffs in this function, but its all indentation changes.
| req: Request<{ emailType: string; data: string; token: string }>, | ||
| res: ResponseWithRequestState, | ||
| ) => { | ||
| const { emailType, data, token } = req.params; |
There was a problem hiding this comment.
Again all just indentation changes in this function beyond this point.
| 'prefer-const': 'error', | ||
|
|
||
| // Requires some significant refactors to PasswordForm and SignedInAs components | ||
| 'react-hooks/set-state-in-effect': 'off', |
There was a problem hiding this comment.
This rule got enabled when we upgraded our eslint config versions, it seems like it would take some significant refactors to comply with it though.
| // but still allows us to see the issues and fix them | ||
| rules: { | ||
| binaries: 'warn', | ||
| classMembers: 'warn', |
There was a problem hiding this comment.
Knip no longer supports this option in the latest major version.
| }), | ||
| handleAsyncErrors( | ||
| async (req: Request<{ token: string }>, res: ResponseWithRequestState) => { | ||
| const { token } = req.params; |
There was a problem hiding this comment.
All indentation changes in this function.
AshCorr
force-pushed
the
ash/dependencies-24032026
branch
from
ca381b4 to
7be7adc
Compare
AshCorr
added
the
maintenance
AshCorr
force-pushed
the
ash/dependencies-24032026
branch
from
7be7adc to
4a7ed6b
Compare
AshCorr
force-pushed
the
ash/dependencies-24032026
branch
from
4a7ed6b to
989188e
Compare
AshCorr
added
run_tests
AshCorr
force-pushed
the
ash/dependencies-24032026
branch
from
989188e to
0ff894d
Compare
| "@eslint/js": "^9.39.4", | ||
| "@guardian/eslint-config": "14.0.0", | ||
| "@guardian/prettier": "^10.0.0", | ||
| "@playwright/test": "^1.58.2", |
There was a problem hiding this comment.
For some reason the latest version of playwright can't handle intercepting redirects properly. This test hangs in the latest version of Playwright.
Its potentially related to this issue? microsoft/playwright#39823
AshCorr
added
run_tests
AshCorr
force-pushed
the
ash/dependencies-24032026
branch
from
6606af6 to
f435350
Compare
AshCorr
added
run_tests
| "overrides": { | ||
| "minimatch@3.1.2": "3.1.4", | ||
| "minimatch@>=9.0.0 <9.0.7": "9.0.7", | ||
| "flatted@3.3.3": "3.4.2", |
There was a problem hiding this comment.
Perhaps remove this as well from the overrides for consistency with the other package.json?
|
🥳 |
AshCorr
added
run_tests
AshCorr
added
run_tests
3 participants
What does this change?
Updates various dependencies in Gateway to their latest versions, its been a while so theres been quite a few major dependency upgrades.
I've skipped the following dependency updates:
@guardian/eslint-configcsnx#2316How has this change been tested?
Deployed to CODE, tried creating a new account with passcode and social, signing in with passcode and social, and also deleting my account. Everything seems to be working as expected.