Reviving An Outdated Project
This week, I did some some maintenance work on Starchart. The project hasn't been worked on in a while so we're trying to update it's dependencies. DevelopingSpace / starchart A self-serve tool for managing custom domains and certificates Starchart Starchart makes it easy for the Seneca developer community to create and manage their own custom subdomains and SSL certificates, without cost or having to provide personal information. For information about running Starchart, see our deployment guide. For development information, see our contributing guide. For further technical background, planning, and initial designs, please see the wiki. Introduction The internet is evolving, and what used to be hard has become simple. For example, hosting your own website used to require knowledge of server administration, operating systems, networking, etc. Today, many developers host their personal and project websites without ever touching a remote server, opting for (free) cloud services like GitHub Pages, Vercel, Netlify, or AWS. The internet's security model is also evolving. For example, browser vendors have embraced HTTPS everywhere. This is good for security, as it enables certificate-based encryption between clients and servers. However, as with… View on GitHub The plan was to fix the CI workflow, which we found out was broken last week: But before I could work out a fix, one of the previous developers, Eakam, solved the issue - turns out it was just because Playwright was outdated. Bump playwright to 1.49.1 #772 Eakam1007 posted on Jan 18, 2025 Playwright install is failing in CI (E2E Tests). Bumping playwright version should fix that. Ref: View on GitHub I felt like I should make up for it by finding more stuff to work on and thought updating more dependencies would be a great starting point. Since the project hadn't been worked on for 2 years, there were a bunch of security vulnerabilities stemming from outdated packages. I was able to fix most of them with npm audit fix. There were a couple more fixes that led to breaking changes in @remix-run/eslint-config and @remix-run/react, so I bumped those manually. One of the updates (I bumped them at the same time so I can't say for sure but my bet is on /react) led to a type-check error because [@remix-run/react].useNavigation().formData may now be of the type undefined. I fixed it with optional chaining. // Before const isLoading = navigation.state === 'submitting' && Number(navigation.formData.get('id')) === dnsRecord.id; // After const isLoading = navigation.state === 'submitting' && Number(navigation.formData?.get('id')) === dnsRecord.id; The other changes I made had to do with some lint errors that popped up (At this point I realized I had my ESLint extension turned off, but I'm sure these warnings came with the update, since it never happened in CI in the past). Instances of importing the same module multiple times in one file: // Before import { getCertificateByUsername } from '~/models/certificate.server'; import { deleteCertificateById } from '~/models/certificate.server'; import { isAdmin } from '~/models/user.server'; import { getUserByUsername } from '~/models/user.server'; // After import { getCertificateByUsername, deleteCertificateById } from '~/models/certificate.server'; import { isAdmin, getUserByUsername } from '~/models/user.server'; Using let when const is preferred: // Before let date = val.toLocaleDateString('en-US', { // After const date = val.toLocaleDateString('en-US', { Surprised it didn't catch these before. Also, when I turned on the ESLint extension I was a little taken aback because there were ~900 linter errors. Turned out it was because ESLint was linting the output generated by Playwright. So I added /playwright-report to .eslintignore. And that was the sum of my maintenance work for this sprint. Ended up fixing 30+ severe security issues, so not bad. Update dependencies #775 uday-rana posted on Jan 18, 2025 Should fix a bunch of security vulnerabilities. Changes [x] Bump dependencies [x] Add /playwright-report to .eslintignore [x] Fix typecheck and linter errors View on GitHub I also re-activated Dependabot which bumped vitest a couple minor versions. It'll be nice to not have to manually investigate and patch security vulnerabilities. In other news, one of my pull requests to Mattermost was finally merged! [GH-29548] Avoid SELECT * in `tokens_store.go` #29558
This week, I did some some maintenance work on Starchart. The project hasn't been worked on in a while so we're trying to update it's dependencies.
DevelopingSpace
/
starchart
A self-serve tool for managing custom domains and certificates
Starchart 
Starchart makes it easy for the Seneca developer community to create and manage their own custom subdomains and SSL certificates, without cost or having to provide personal information.
For information about running Starchart, see our deployment guide. For development information, see our contributing guide. For further technical background, planning, and initial designs, please see the wiki.
Introduction
The internet is evolving, and what used to be hard has become simple. For example, hosting your own website used to require knowledge of server administration, operating systems, networking, etc. Today, many developers host their personal and project websites without ever touching a remote server, opting for (free) cloud services like GitHub Pages, Vercel, Netlify, or AWS.
The internet's security model is also evolving. For example, browser vendors have embraced HTTPS everywhere. This is good for security, as it enables certificate-based encryption between clients and servers. However, as with…
The plan was to fix the CI workflow, which we found out was broken last week:
But before I could work out a fix, one of the previous developers, Eakam, solved the issue - turns out it was just because Playwright was outdated.
Bump playwright to 1.49.1
#772
Playwright install is failing in CI (E2E Tests). Bumping playwright version should fix that.
Ref:
I felt like I should make up for it by finding more stuff to work on and thought updating more dependencies would be a great starting point.
Since the project hadn't been worked on for 2 years, there were a bunch of security vulnerabilities stemming from outdated packages. I was able to fix most of them with npm audit fix.
There were a couple more fixes that led to breaking changes in @remix-run/eslint-config and @remix-run/react, so I bumped those manually.
One of the updates (I bumped them at the same time so I can't say for sure but my bet is on /react) led to a type-check error because [@remix-run/react].useNavigation().formData may now be of the type undefined. I fixed it with optional chaining.
// Before
const isLoading =
navigation.state === 'submitting' &&
Number(navigation.formData.get('id')) === dnsRecord.id;
// After
const isLoading =
navigation.state === 'submitting' &&
Number(navigation.formData?.get('id')) === dnsRecord.id;
The other changes I made had to do with some lint errors that popped up (At this point I realized I had my ESLint extension turned off, but I'm sure these warnings came with the update, since it never happened in CI in the past).
- Instances of importing the same module multiple times in one file:
// Before
import { getCertificateByUsername } from '~/models/certificate.server';
import { deleteCertificateById } from '~/models/certificate.server';
import { isAdmin } from '~/models/user.server';
import { getUserByUsername } from '~/models/user.server';
// After
import { getCertificateByUsername, deleteCertificateById } from '~/models/certificate.server';
import { isAdmin, getUserByUsername } from '~/models/user.server';
- Using
letwhenconstis preferred:
// Before
let date = val.toLocaleDateString('en-US', {
// After
const date = val.toLocaleDateString('en-US', {
Surprised it didn't catch these before.
Also, when I turned on the ESLint extension I was a little taken aback because there were ~900 linter errors. Turned out it was because ESLint was linting the output generated by Playwright. So I added /playwright-report to .eslintignore.
And that was the sum of my maintenance work for this sprint. Ended up fixing 30+ severe security issues, so not bad.
Update dependencies
#775
Should fix a bunch of security vulnerabilities.
Changes
- [x] Bump dependencies
- [x] Add /playwright-report to .eslintignore
- [x] Fix typecheck and linter errors
I also re-activated Dependabot which bumped vitest a couple minor versions. It'll be nice to not have to manually investigate and patch security vulnerabilities.
In other news, one of my pull requests to Mattermost was finally merged!
[GH-29548] Avoid SELECT * in `tokens_store.go`
#29558
Summary
This PR:
- Switches SQL queries in
token_store.goto use SQLBuilder - Explicitly defines columns in SELECT queries to TokenStore.
- Factors out common queries into the constructor.
Ticket Link
Fixes #29548
Screenshots
Release Note
NONE
It'd been approved a while ago but it took a few weeks to be merged into main.
In the meantime I've been working on my other PR. I was asked to make some changes and I'm waiting on a re-review.
[MM-53650] Add disable emoticon rendering setting to webapp
#29414
Summary
This pull request adds a user setting to the webapp to toggle rendering emoticons (:D) as emojis (
What's Your Reaction?
