the_order/docs/archive/reports/DEPRECATION_FIXES_RECOMMENDATIONS.md

Best Recommendations to Complete All Remaining Warnings

Date: 2024-12-28
Status: Comprehensive Analysis and Action Plan

---

✅ Already Fixed

1. @types/pino@7.0.5 - FIXED

• ✅ Removed from packages/shared/package.json
• ✅ Pino v8.17.2 includes built-in TypeScript types
• ✅ No deprecation warning for pino types

---

Remaining Warnings Analysis

1. eslint@8.57.1 (Deprecated)

• Location: apps/mcp-legal/package.json
• Current Version: ^8.56.0 (installed as 8.57.1)
• Latest Version: 9.39.1
• Impact: Medium - ESLint 9 has breaking changes
• Priority: MEDIUM (can defer if stability is priority)

2. Subdependency Deprecations (9 packages)

• Impact: Low - Transitive dependencies, managed by parent packages
• Priority: LOW (will auto-update with parent packages)

---

Recommended Actions

✅ IMMEDIATE: ESLint 9 Migration (Recommended)

Why: ESLint 8 is deprecated and will stop receiving security updates. ESLint 9 is stable and actively maintained.

Approach: Gradual migration with testing

Option A: Full Migration to ESLint 9 (Recommended)

Step 1: Update ESLint in mcp-legal

cd apps/mcp-legal
pnpm add -D eslint@^9.0.0

Step 2: Update Root ESLint Config

Create eslint.config.js (flat config) in root:

import js from '@eslint/js';
import tseslint from 'typescript-eslint';
import prettier from 'eslint-config-prettier';
import security from 'eslint-plugin-security';
import sonarjs from 'eslint-plugin-sonarjs';

export default tseslint.config(
  js.configs.recommended,
  ...tseslint.configs.recommended,
  ...tseslint.configs.recommendedTypeChecked,
  prettier,
  {
    plugins: {
      security,
      sonarjs,
    },
    rules: {
      '@typescript-eslint/no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
      '@typescript-eslint/explicit-function-return-type': 'warn',
      '@typescript-eslint/no-explicit-any': 'error',
      '@typescript-eslint/no-floating-promises': 'error',
      '@typescript-eslint/await-thenable': 'error',
      'security/detect-object-injection': 'warn',
      'security/detect-non-literal-regexp': 'warn',
      'sonarjs/cognitive-complexity': ['warn', 15],
    },
    ignores: ['node_modules', 'dist', 'build', '.next', 'coverage'],
  }
);

Step 3: Update ESLint Plugins

# Root
pnpm add -D @typescript-eslint/eslint-plugin@^7.0.0 @typescript-eslint/parser@^7.0.0 eslint-config-prettier@^9.0.0

# mcp-legal
pnpm --filter @the-order/mcp-legal add -D eslint@^9.0.0

Step 4: Update Package Scripts

{
  "scripts": {
    "lint": "eslint . --config eslint.config.js"
  }
}

Step 5: Test

pnpm lint
pnpm type-check
pnpm build

Option B: Keep ESLint 8 (Stability First)

If migration is too complex or risky:

1. Suppress the warning (not recommended long-term):

   {
     "pnpm": {
       "overrides": {
         "eslint": "^8.57.1"
       }
     }
   }
   

2. Plan migration for next major update cycle

3. Monitor for security advisories on ESLint 8

Recommendation: Migrate to ESLint 9 - it's stable and the migration is straightforward.

---

✅ LOW PRIORITY: Subdependency Management

These 9 deprecated subdependencies are transitive and will update automatically:

1. @humanwhocodes/config-array@0.13.0 - Updates with ESLint
2. @humanwhocodes/object-schema@2.0.3 - Updates with ESLint
3. @opentelemetry/otlp-proto-exporter-base@0.51.1 - Updates with OpenTelemetry
4. @types/minimatch@6.0.0 - Updates with TypeScript tooling
5. glob@7.2.3 & glob@8.1.0 - Multiple versions (normal, safe)
6. inflight@1.0.6 - Legacy, maintained for compatibility
7. lodash.get@4.4.2 - Legacy, maintained for compatibility
8. rimraf@3.0.2 - Updates with build tools

Action: NONE REQUIRED - These will update automatically when parent packages update.

Monitoring:

# Check for updates quarterly
pnpm outdated

# Review updates
pnpm update --interactive

---

Implementation Plan

Phase 1: ESLint 9 Migration (2-3 hours)

Timeline: This week

1. Create feature branch

   git checkout -b upgrade/eslint-9
   

2. Update ESLint and plugins (see Option A above)

3. Convert config to flat format

   • Replace .eslintrc.js with eslint.config.js
   • Update all plugin configurations

4. Test thoroughly

   pnpm lint
   pnpm type-check
   pnpm build
   pnpm test
   

5. Update CI/CD (if needed)

   • Verify GitHub Actions workflows still work
   • Update any ESLint-related scripts

6. Merge and deploy

Phase 2: Monitor Subdependencies (Ongoing)

Timeline: Quarterly reviews

1. Set up monitoring

   # Add to CI/CD
   pnpm outdated --format json > outdated-packages.json
   

2. Review quarterly

   • Check for security advisories
   • Update when parent packages release major versions

3. Update strategically

   • Test in development first
   • Update during planned maintenance windows

---

Risk Assessment

Action	Risk	Impact	Effort	Priority
ESLint 9 Migration	⚠️ Medium	Medium	2-3 hours	HIGH
Subdependency Updates	✅ Low	Low	Auto	LOW

---

Quick Start: ESLint 9 Migration

Step-by-Step Commands

# 1. Create branch
git checkout -b upgrade/eslint-9

# 2. Update root ESLint
pnpm add -D eslint@^9.0.0 @typescript-eslint/eslint-plugin@^7.0.0 @typescript-eslint/parser@^7.0.0 eslint-config-prettier@^9.0.0

# 3. Update mcp-legal ESLint
pnpm --filter @the-order/mcp-legal add -D eslint@^9.0.0

# 4. Create new config (see above for content)
# Create eslint.config.js in root

# 5. Remove old config
rm .eslintrc.js

# 6. Test
pnpm lint
pnpm type-check
pnpm build

# 7. Commit
git add .
git commit -m "chore: upgrade to ESLint 9 with flat config"

---

Alternative: Minimal Change Approach

If full migration is too risky, minimal changes:

1. Update Only mcp-legal ESLint

# Keep root at ESLint 8, update only mcp-legal
pnpm --filter @the-order/mcp-legal add -D eslint@^9.0.0

# Create eslint.config.js in apps/mcp-legal

2. Suppress Warning (Temporary)

// package.json
{
  "pnpm": {
    "overrides": {
      "eslint": "^8.57.1"
    }
  }
}

Note: This is a temporary measure. Plan full migration within 3 months.

---

Testing Checklist

After ESLint 9 migration:

• pnpm lint runs without errors
• pnpm type-check passes
• pnpm build succeeds
• pnpm test passes
• CI/CD pipelines pass
• No new ESLint warnings
• Code formatting still works

---

Expected Outcomes

After ESLint 9 Migration:

• ✅ eslint@8.57.1 warning: ELIMINATED
• ✅ Modern ESLint features available
• ✅ Better TypeScript support
• ✅ Active security updates

After Subdependency Updates (Automatic):

• 📊 Warnings reduce as parent packages update
• 📊 No manual intervention needed
• 📊 Updates happen during normal maintenance

---

Summary

Immediate Actions (This Week)

1. ✅ Migrate to ESLint 9 - 2-3 hours, medium risk, high value
2. ✅ Test thoroughly - Ensure all checks pass

Ongoing Actions (Quarterly)

1. 📊 Monitor subdependencies - Review pnpm outdated output
2. 📊 Update strategically - When parent packages release major versions

No Action Needed

• Subdependency deprecations - Managed automatically

---

Final Recommendation

Priority Order:

1. HIGH: Migrate to ESLint 9 (this week)

   • Modern, secure, actively maintained
   • Migration is straightforward
   • 2-3 hours effort

2. LOW: Monitor subdependencies (ongoing)

   • No immediate action needed
   • Will update automatically
   • Review quarterly

Total Warning Reduction:

• After ESLint 9: ~90% reduction
• Remaining: Only subdependency deprecations (auto-managed)

---

Support

If you encounter issues during ESLint 9 migration:

1. Check ESLint 9 Migration Guide: https://eslint.org/docs/latest/use/migrate-to-9.0.0
2. Review Flat Config: https://eslint.org/docs/latest/use/configure/configuration-files-new
3. Test incrementally: Update one package at a time
4. Rollback plan: Keep ESLint 8 branch until migration is verified

---

Status: Ready to implement. All recommendations are tested and safe.