Upgrade dependencies where possible #12189
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Upgrades all dependencies (both direct and development ones) where possible, which should close most of our Dependabot security warnings. Caveats:
eslint
can't be upgraded from v7 to v8 because it doesn't support linting JSDoc examples, which is important for us Allow processor API to be configurable and to formally be able to lint both a file and its blocks eslint/eslint#14745flow-bin
can't be upgraded past v0.142.0 without major updates to typings across the codebase — something to address separately.jsdom
can't be upgraded because of Upgrade to JSDom v16+ #12185@mapbox/gazetteer
(of which we only use one small JSON file for old benchmarks) was removed with that file added to the repo because the package doesn't seem to be actively maintained, and we win by getting rid of more unnecessary transitive dependencies.gl
> v4.9.0 doesn't build onbenchmap
unfortunately, to be investigated separately.Launch Checklist