Skip to content

Modernize legacy dependencies#172

Draft
coder13 wants to merge 3 commits into
masterfrom
agent/fix-dependency-issues
Draft

Modernize legacy dependencies#172
coder13 wants to merge 3 commits into
masterfrom
agent/fix-dependency-issues

Conversation

@coder13

@coder13 coder13 commented Jul 10, 2026

Copy link
Copy Markdown
Owner

Summary

  • replace the abandoned express-socket.io-session bridge with direct Express session middleware shared by Socket.IO
  • upgrade MongoDB to 7, Mongoose to 8, and the session store to connect-mongo 6
  • move the client to React 18.3 and MUI 6, remove connected-react-router, and replace react-ga with GA4-compatible react-ga4
  • upgrade Jest, Testing Library, ESLint, and Husky while removing the leftover CRA and Enzyme configuration
  • add Dependabot configuration and CodeQL analysis

Why

Several core dependencies were abandoned, end-of-life, or old enough to prevent security and framework maintenance. The existing Socket.IO session bridge also pulled in a vulnerable cookie dependency, while the Universal Analytics package could not correctly use the configured GA4 property.

Impact

The client remains on React 18.3 as the compatibility bridge before React 19. Existing room, authentication, and Socket.IO behavior is preserved. MongoDB 7 is used as the safe intermediate data upgrade before an eventual MongoDB 8 move.

The migration also fixes Vite loading for the protocol/event modules and updates the lobby layout for MUI 6.

Validation

  • yarn install --frozen-lockfile
  • yarn lint
  • yarn test — 31 tests passed
  • yarn build
  • Cypress — 6 browser tests passed against MongoDB 7 and Redis
  • docker compose config -q
  • yarn audit — 0 vulnerabilities across 538 packages
  • git diff --check

Follow-ups

  • migrate remaining local function-component defaultProps and replace React-18-only leaf dependencies before React 19
  • deploy through MongoDB 7 and update feature compatibility before moving existing volumes to MongoDB 8
  • enable GitHub-native secret scanning in repository settings

Replace abandoned session and analytics integrations, move the client and tooling onto supported versions, and add automated dependency and code security checks.
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

coder13 added 2 commits July 9, 2026 19:38
Load Emotion styles before the legacy JSS compatibility layer so desktop breakpoints, spacing overrides, and table flex rules win the cascade.
Preserve the MUI 4 standard TextField default and keep the first create-room label inside the dialog content boundary.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants