-
Notifications
You must be signed in to change notification settings - Fork 1
Staged dependency bumps (split from #160) #164
Copy link
Copy link
Open
Labels
area:ciCI / build / releaseCI / build / releasearea:opsDeploy / backup / operationsDeploy / backup / operationspriority:lowSomeday: speculative, heavy, optional, or long-termSomeday: speculative, heavy, optional, or long-termtech-debtRefactor / cleanup / debt paydown (no behavior change)Refactor / cleanup / debt paydown (no behavior change)
Description
Metadata
Metadata
Assignees
Labels
area:ciCI / build / releaseCI / build / releasearea:opsDeploy / backup / operationsDeploy / backup / operationspriority:lowSomeday: speculative, heavy, optional, or long-termSomeday: speculative, heavy, optional, or long-termtech-debtRefactor / cleanup / debt paydown (no behavior change)Refactor / cleanup / debt paydown (no behavior change)
Problem
Split out from #160 (which delivered the CI-hygiene parts). The runtime/dev dependencies are a major or
several minors behind and should be bumped in risk tiers via the operator's staging/update path — each
its own PR through the 5-job gate +
ember-stagingbefore:latestmoves. This is not a drive-by;it needs per-dep verification on a no-rollback prod.
Proposal (tiers)
next14.2.x (security patches; stay on 14.2 — avoid the 15.x App Routerchanges),
@prisma/client+prisma5.x in lockstep,vitest2.x,tsx/tailwind/postcss/autoprefixer.playwright— image-coupled (mcr.microsoft.com/playwright:vX-nobleappears~4× in
app/Dockerfile); bump the npm package and the base-image tag together, then verify a realscrape against a live NG account (do NOT scrape from CI — standards §4).
recharts2.x — visual-regressionrisk; verify via the screenshot harness.
typescript-eslint ruleset repo-wide beyond
src/lib/**).Cross-check each against the WUD+Trivy stack (cve.delabc.xyz) /
docs/updates-audit.mdfirst.Acceptance criteria
playwrightbump verified against a real account (flagged for operator); base image + npm in lockstep.Pointers
app/package.json;app/Dockerfile(playwright base tag);docs/updates-audit.md