Feature #10793
closedUpdate NPM Packages
30%
Description
NPM found a few vulnerabilities in our packages which can be solved by updating.
BRANCH : S10793updateNpmPackages
STATUS : Habe die updates ausgefuehrt in dem obigen branch und einige tests gemacht. siehe Kommentare fuer mehr Infos. Der branch ist nicht in sync mit Dev.
- make new branch from develop
- update the packages with the commands listed below
- run npm audit again, resolve manual review problems
- https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities#security-vulnerabilities-found-requiring-manual-review
- Test tinyMCE
- (test TableSorter) not neccessary since not updated?
- run grunt, solve problems if there are any
Updates advised in report when running `npm audit`
npm install mocha@8.3.2 npm install bootlint@1.1.0 npm install grunt-contrib-jasmine@2.2.0 npm install tinymce@5.7.1 npm update lodash --depth 4 npm update minimist --depth 5 npm update jshint --depth 2 npm update mkdirp --depth 3 npm update minimist --depth 5
Files
Related issues
Updated by Marc Egger over 3 years ago
- Status changed from In Progress to Priorize
Updated by Marc Egger about 3 years ago
- Priority changed from Normal to High
Wenn ich schon dabei bin, kann ich auch gleich NPM updaten
Updated by Marc Egger almost 3 years ago
- Status changed from Priorize to In Progress
Updated by Marc Egger almost 3 years ago
Executed
npm audit fix
fixed 16 vulnerabilities with nonbraking changes
npm audit
still suggests these upgrades:
npm install mocha@8.3.2 npm install bootlint@1.1.0 npm install grunt-contrib-jasmine@2.2.0 npm install tinymce@5.7.1
Updated by Marc Egger almost 3 years ago
Mocha is a testing framework which is only used by selenium tests written by Raffi. ( tests located in tests/selenium )
remove mocha and add it as dev dependency. Make sure it is not installed in production.
old mocha version: "mocha": "^3.2.0"
npm uninstall mocha npm install --save-dev mocha
we use npm update
in makefile which does not update or install dev dependencies.
new mocha version:
"mocha": "^8.3.2"
Updated by Marc Egger almost 3 years ago
Bootlint is a html linter for bootstrap projects.
remove it and add as dev dependency.
Jasmine is another testing framework. used for tests written by Raffi. Tests location: tests/jasimne.
grunt-contrib-jasmine : Run jasmine specs headlessly through Headless Chrome
upgraded package
Updated by Marc Egger almost 3 years ago
TinyMCE is the only package with potential braking changes.
execute upgrade:
npm install tinymce@5.7.1
Updated by Marc Egger almost 3 years ago
Next up are issues with package hoek
This package is a dependency of grunt-contrib-less
Thus I will have to upgrade grunt-contrib-less
to resolve it.
This will also upgrade LessJs from v2 to v4 which might contain breaking changes.
upgraded and grunt less still works
Updated by Marc Egger almost 3 years ago
npm audit
finds no more vulnerabilities. Will thus test TinyMCE now
Updated by Marc Egger almost 3 years ago
TinyMCE is completely broken:
- Errors: plugins not found
- Toolbar not rendered
Updated by Marc Egger almost 3 years ago
- Errors seem to be fixed.
- Toolbar is still not shown even though in FE.parameter it is activated
Updated by Marc Egger almost 3 years ago
TinyMCE behaviour
megger/crose: 5.7.1
megger/forkred-marc: 4.9.10
editor-plugins=image | editor-toolbar | editor-statusbar | verhalten alt | neu |
n | n | n | - | same |
y | n | n | - | 2 neue buttons, sonst gleich |
n | y | n | toolbar mit wenigen formatierungen | keine toolbar |
n | n | y | - | same |
Updated by Carsten Rose almost 3 years ago
- Tracker changed from Support to Feature
Updated by Carsten Rose almost 3 years ago
- Target version changed from next5 to next4
Updated by Carsten Rose almost 3 years ago
- Target version changed from next4 to next3
Updated by Carsten Rose almost 3 years ago
- Priority changed from High to Normal
Updated by Marc Egger over 2 years ago
- Assignee changed from Marc Egger to Carsten Rose
Updated by Carsten Rose 12 months ago
- File clipboard-202304021506-ctxgl.png clipboard-202304021506-ctxgl.png added
- Assignee changed from Carsten Rose to Support: Web
- Priority changed from Normal to High
- Target version changed from next3 to 24.8.0
- Prio Planung set to No
Beim Update von PHP-Unit 9 gab es folgende Meldung:
Updated by Carsten Rose 11 months ago
- Related to Feature #16037: Update 'make bootstrap' added