Skip to content

Modernize legacy dependencies#172

Merged
coder13 merged 5 commits into
masterfrom
agent/fix-dependency-issues
Jul 14, 2026
Merged

Modernize legacy dependencies#172
coder13 merged 5 commits into
masterfrom
agent/fix-dependency-issues

Conversation

@coder13

@coder13 coder13 commented Jul 10, 2026

Copy link
Copy Markdown
Owner

Summary

  • replace the abandoned express-socket.io-session bridge with direct Express session middleware shared by Socket.IO
  • upgrade MongoDB to 7, Mongoose to 8, and the session store to connect-mongo 6
  • move the client to React 18.3 and MUI 6, remove connected-react-router, and replace react-ga with GA4-compatible react-ga4
  • upgrade Jest, Testing Library, ESLint, and Husky while removing the leftover CRA and Enzyme configuration
  • add Dependabot configuration and CodeQL analysis

Why

Several core dependencies were abandoned, end-of-life, or old enough to prevent security and framework maintenance. The existing Socket.IO session bridge also pulled in a vulnerable cookie dependency, while the Universal Analytics package could not correctly use the configured GA4 property.

Impact

The client remains on React 18.3 as the compatibility bridge before React 19. Existing room, authentication, and Socket.IO behavior is preserved. MongoDB 7 is used as the safe intermediate data upgrade before an eventual MongoDB 8 move.

The migration also fixes Vite loading for the protocol/event modules and updates the lobby layout for MUI 6.

Validation

  • yarn install --frozen-lockfile
  • yarn lint
  • yarn test — 31 tests passed
  • yarn build
  • Cypress — 6 browser tests passed against MongoDB 7 and Redis
  • docker compose config -q
  • yarn audit — 0 vulnerabilities across 538 packages
  • git diff --check

Follow-ups

  • migrate remaining local function-component defaultProps and replace React-18-only leaf dependencies before React 19
  • deploy through MongoDB 7 and update feature compatibility before moving existing volumes to MongoDB 8
  • enable GitHub-native secret scanning in repository settings

@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

coder13 added 5 commits July 13, 2026 18:38
Replace abandoned session and analytics integrations, move the client and tooling onto supported versions, and add automated dependency and code security checks.
Load Emotion styles before the legacy JSS compatibility layer so desktop breakpoints, spacing overrides, and table flex rules win the cascade.
Preserve the MUI 4 standard TextField default and keep the first create-room label inside the dialog content boundary.
Migrate retained tests and feature code to the React 18, MUI 6, and Jest 30 toolchain so the rebased dependency update continues to validate privacy, social, and room behavior.
Migrate the remaining profile test away from removed Enzyme and Material UI v4 dependencies. Keep PostgreSQL optional for the Mongo and Redis-only Cypress stack, and register the updated session middleware directly in Express.
@coder13
coder13 force-pushed the agent/fix-dependency-issues branch from 7ca9e80 to 6fd622a Compare July 14, 2026 01:41
@coder13
coder13 marked this pull request as ready for review July 14, 2026 01:42
@coder13
coder13 merged commit 520951b into master Jul 14, 2026
7 of 8 checks passed
@coder13
coder13 deleted the agent/fix-dependency-issues branch July 14, 2026 01:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants