Project dependencies should be kept up-to-date for the latest security fixes.
To list Python packages that need upgrading:
pip list --outdated
To upgrade local packages to their latest patch versions:
pip install --force-reinstall -e .[dev]
To upgrade packages to their latest minor or major version:
-
Bump the package version in pyproject.toml keeping the patch version zero, e.g.
~=1.2.0
to~=1.3.0
-
Install the upgraded packages:
pip install -e .[dev]
After upgrading Playwright to a new minor version, reinstall the browsers and their dependencies:
playwright install --with-deps chromium
To upgrade Node:
-
Update Node to the latest LTS version in package.json:
"engines": { "node": "<version>", ... }
-
Update the lock file:
npm install --package-lock-only
-
Update the Node version in the CI workflow:
- name: Setup Node uses: actions/setup-node@v4 with: node-version: <version>
-
Update the Node version in the README prerequisites
To list Node packages that need upgrading:
npm outdated
To upgrade packages to their latest patch versions:
npm upgrade
This dependency uses a GitHub URL as it hasn't been released yet. To upgrade:
-
Update the commit hash for the dependency
govuk-one-login-service-header
in package.json to the latest commit -
Install the updated package:
npm install
-
Copy the contents of the service header Nunjucks template to schemes/views/templates/ate_service_header/macro.html, replacing the contents of the Jinja macro:
{% macro ateServiceHeader(params) %} <PASTE HERE> {% endmacro %}
-
Apply the following diff to workaround govuk-one-login/service-header#40:
<div class="one-login-header__logo"> <a href="{{ homepageLink }}" class="one-login-header__link one-login-header__link--homepage"> - <span class="one-login-header__logotype"> - <!--[if gt IE 8]><!--> - <svg - aria-hidden="true" - focusable="false" - class="one-login-header__logotype-crown" - xmlns="http://www.w3.org/2000/svg" - viewBox="0 0 32 30" - height="30" - width="32"> - <path fill="currentColor" fill-rule="evenodd" d="M22.6 10.4c-1 .4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s-.1 2-1 2.4m-5.9 6.7c-.9.4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s-.1 2-1 2.4m10.8-3.7c-1 .4-2-.1-2.4-1-.4-.9.1-2 1-2.4.9-.4 2 .1 2.4 1s0 2-1 2.4m3.3 4. - </svg> - <!--<![endif]--> - <span> - GOV.UK - </span> - </span> + <img class="one-login-header__logotype ate-header__logotype" src="{{ url_for('static', filename='ate-header/ATE_WHITE_LANDSCP_AW.png') }}" alt="Active Travel England"/> + <img class="one-login-header__logotype ate-header__logotype--focus" src="{{ url_for('static', filename='ate-header/ATE_BLK_LANDSCP_AW.png') }}" alt="Active Travel England"/> </a> </div>
To update Terraform the latest minor version:
-
For each Terraform root module in cloud, upgrade the required version in
versions.tf
keeping the patch version zero:terraform { required_version = "~> <version>" ... }
-
Update the Terraform version in the README prerequisites
Upgrade each Terraform root module in cloud:
-
Upgrade the providers in
versions.tf
to the latest minor or major version keeping the patch version zero, e.g.~> 1.2.0
to~> 1.3.0
-
Install the upgraded providers:
terraform init -upgrade
Upgrade all workflows in .github/workflows:
-
Upgrade each action to its latest major version, e.g. for
actions/setup-python
see actions/setup-python -
Upgrade runner images to their latest version