The purpose of this task is to ensure that the package @redhat-cloud-services/rbac-client": "^2.0.0" is at least 4.0.0 in the yarn.lock file. 

NOTE: This client isn't called directly in the application, but is listed on the package.json file (for unknown reasons.  Changing the version on package.json does not prevent version 2.0.0 from being imported.  

NOTE:  This is a dependency of @redhat-cloud-services/frontend-components-utilities (version 4.0.0)

@redhat-cloud-services/frontend-components-utilities (version 4.0.0 is not listed on the package.json file nor is it called directly in the application

Further investigation is needed to find exactly where this pulled in as a dependency and test that the application behaves once rbac-client is upgraded in the 

---------------

Martin mentioned this in his email:
"The client upgrades were a breaking change, and does not have backward compatibility. Therefore, it won't be possible for your applications to access new API features through the older client versions in the future."

I believe this impacts OCMUI, as I see in our package.json we use:

    "@redhat-cloud-services/rbac-client": "^2.0.0",

And this email recommends:

@redhat-cloud-services/rbac-client 4.0.0

---------{}{}ORIGINAL EMAIL{}{}-----------

WHEN

This action is just strongly recommended. We will not enforce any dates or create a tracking Jira epic. 

WHAT

We have published a new major version for all clients in the javascript-clients repo as the output structure has changed to support both CommonJS and ESM imports.
We are encouraging all teams who use these clients to update to the latest version.

The following clients were updated to support both ESM and CommonJS builds:

@redhat-cloud-services/compliance-client 3.0.0

@redhat-cloud-services/config-manager-client 4.0.0

@redhat-cloud-services/entitlements-client 4.0.0

@redhat-cloud-services/host-inventory-client 4.0.0

@redhat-cloud-services/insights-client 3.0.0

@redhat-cloud-services/integrations-client 4.0.1

@redhat-cloud-services/javascript-clients-shared 2.0.0

@redhat-cloud-services/notifications-client 4.0.1

@redhat-cloud-services/patch-client 3.0.0

@redhat-cloud-services/policies-client 3.0.0

@redhat-cloud-services/quickstarts-client 4.0.0

@redhat-cloud-services/rbac-client 4.0.0

@redhat-cloud-services/remediations-client 3.0.0

@redhat-cloud-services/sources-client 3.0.0

@redhat-cloud-services/topological-inventory-client 3.0.0

@redhat-cloud-services/vulnerabilities-client 2.0.0

WHO

All projects that use the aforementioned javascript client libraries.

WHY

The old OpenAPI client generator was using an outdated version of Axios which became a security vulnerability. In order to remain compliant, new versions of these clients needed to be generated with the updated generator and Axios versions.

The client upgrades were a breaking change, and does not have backward compatibility. Therefore, it won't be possible for your applications to access new API features through the older client versions in the future.

ADDITIONAL INFORMATION

The new clients have updated import paths for endpoints. For projects that were importing the entire API rather than individual imports, there is a new client available to import for each package for the same effect. Please see your client's README for proper usage/reference.

Contact  @crc-experience-services-team in #forum-consoledot-ui with any questions. 

ConsoleDot Actions Required & Releases Source page is here.