Project

General

Profile

Actions

Feature #10793

closed

Update NPM Packages

Added by Marc Egger over 3 years ago. Updated 2 months ago.

Status:
Closed
Priority:
High
Assignee:
Benjamin Baer
Target version:
Start date:
24.06.2020
Due date:
% Done:

30%

Estimated time:
4.00 h
Discuss:
Prio Planung:
No
Vote:
BB

Description

NPM found a few vulnerabilities in our packages which can be solved by updating.

BRANCH : S10793updateNpmPackages

STATUS : Habe die updates ausgefuehrt in dem obigen branch und einige tests gemacht. siehe Kommentare fuer mehr Infos. Der branch ist nicht in sync mit Dev.

- make new branch from develop
- update the packages with the commands listed below
- run npm audit again, resolve manual review problems
  - https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities#security-vulnerabilities-found-requiring-manual-review
- Test tinyMCE
- (test TableSorter) not neccessary since not updated?
- run grunt, solve problems if there are any

Updates advised in report when running `npm audit`

npm install mocha@8.3.2 
npm install bootlint@1.1.0 
npm install grunt-contrib-jasmine@2.2.0
npm install tinymce@5.7.1
npm update lodash --depth 4
npm update minimist --depth 5
npm update jshint --depth 2
npm update mkdirp --depth 3
npm update minimist --depth 5 

Files


Related issues

Related to QFQ - Feature #16037: Update 'make bootstrap'NewEnis Nuredini18.04.202310.05.2023

Actions
Actions #1

Updated by Marc Egger over 3 years ago

  • Description updated (diff)
Actions #2

Updated by Marc Egger over 3 years ago

  • Description updated (diff)
Actions #3

Updated by Marc Egger over 3 years ago

  • Status changed from In Progress to Priorize
Actions #4

Updated by Marc Egger about 3 years ago

  • Description updated (diff)
Actions #5

Updated by Marc Egger about 3 years ago

  • Priority changed from Normal to High

Wenn ich schon dabei bin, kann ich auch gleich NPM updaten

Actions #6

Updated by Marc Egger almost 3 years ago

  • Status changed from Priorize to In Progress
Actions #7

Updated by Marc Egger almost 3 years ago

  • Description updated (diff)
Actions #8

Updated by Marc Egger almost 3 years ago

Executed

npm audit fix

fixed 16 vulnerabilities with nonbraking changes

npm audit still suggests these upgrades:

npm install mocha@8.3.2 
npm install bootlint@1.1.0 
npm install grunt-contrib-jasmine@2.2.0
npm install tinymce@5.7.1
Actions #9

Updated by Marc Egger almost 3 years ago

Mocha is a testing framework which is only used by selenium tests written by Raffi. ( tests located in tests/selenium )

remove mocha and add it as dev dependency. Make sure it is not installed in production.

old mocha version: "mocha": "^3.2.0"

npm uninstall mocha
npm install --save-dev mocha

we use npm update in makefile which does not update or install dev dependencies.

new mocha version:
"mocha": "^8.3.2"

Actions #10

Updated by Marc Egger almost 3 years ago

Bootlint is a html linter for bootstrap projects.
remove it and add as dev dependency.

Jasmine is another testing framework. used for tests written by Raffi. Tests location: tests/jasimne.
grunt-contrib-jasmine : Run jasmine specs headlessly through Headless Chrome
upgraded package

Actions #11

Updated by Marc Egger almost 3 years ago

TinyMCE is the only package with potential braking changes.
execute upgrade:

npm install tinymce@5.7.1
Actions #12

Updated by Marc Egger almost 3 years ago

Next up are issues with package hoek
This package is a dependency of grunt-contrib-less
Thus I will have to upgrade grunt-contrib-less to resolve it.
This will also upgrade LessJs from v2 to v4 which might contain breaking changes.

upgraded and grunt less still works

Actions #13

Updated by Marc Egger almost 3 years ago

npm audit finds no more vulnerabilities. Will thus test TinyMCE now

Actions #14

Updated by Marc Egger almost 3 years ago

TinyMCE is completely broken:
- Errors: plugins not found
- Toolbar not rendered

Actions #15

Updated by Marc Egger almost 3 years ago

- Errors seem to be fixed.

- Toolbar is still not shown even though in FE.parameter it is activated

Actions #16

Updated by Marc Egger almost 3 years ago

TinyMCE behaviour

megger/crose: 5.7.1
megger/forkred-marc: 4.9.10

editor-plugins=image editor-toolbar editor-statusbar verhalten alt neu
n n n - same
y n n - 2 neue buttons, sonst gleich
n y n toolbar mit wenigen formatierungen keine toolbar
n n y - same
Actions #17

Updated by Carsten Rose almost 3 years ago

  • Tracker changed from Support to Feature
Actions #18

Updated by Carsten Rose almost 3 years ago

  • Target version changed from next5 to next4
Actions #19

Updated by Carsten Rose almost 3 years ago

  • Target version changed from next4 to next3
Actions #20

Updated by Carsten Rose almost 3 years ago

  • Priority changed from High to Normal
Actions #21

Updated by Marc Egger over 2 years ago

  • Description updated (diff)
Actions #22

Updated by Marc Egger over 2 years ago

  • Description updated (diff)
Actions #23

Updated by Marc Egger over 2 years ago

  • Description updated (diff)
Actions #24

Updated by Marc Egger over 2 years ago

  • Description updated (diff)
Actions #25

Updated by Marc Egger over 2 years ago

  • Description updated (diff)
Actions #26

Updated by Marc Egger over 2 years ago

  • Description updated (diff)
Actions #27

Updated by Marc Egger over 2 years ago

  • Assignee changed from Marc Egger to Carsten Rose
Actions #28

Updated by Carsten Rose 12 months ago

Beim Update von PHP-Unit 9 gab es folgende Meldung:

Actions #29

Updated by Carsten Rose 11 months ago

Actions #30

Updated by Carsten Rose 6 months ago

  • Target version changed from 24.8.0 to CodingWeek2023
Actions #31

Updated by Carsten Rose 5 months ago

  • Status changed from In Progress to New
Actions #32

Updated by Benjamin Baer 5 months ago

  • Category set to 40
Actions #33

Updated by Carsten Rose 5 months ago

  • Category deleted (40)
  • Vote BB added
Actions #34

Updated by Carsten Rose 5 months ago

  • Status changed from New to Priorize
Actions #35

Updated by Carsten Rose 5 months ago

  • Status changed from Priorize to In Progress
Actions #36

Updated by Carsten Rose 5 months ago

  • Estimated time set to 4.00 h
Actions #37

Updated by Carsten Rose 5 months ago

  • Assignee changed from Support: Web to Benjamin Baer
Actions #38

Updated by Carsten Rose 5 months ago

  • Assignee changed from Benjamin Baer to Support: Web
Actions #39

Updated by Carsten Rose 5 months ago

  • Assignee changed from Support: Web to Benjamin Baer
Actions #40

Updated by Carsten Rose 2 months ago

  • Target version changed from CodingWeek2023 to 24.1.0.rc1
Actions #41

Updated by Carsten Rose 2 months ago

  • Status changed from In Progress to Closed
Actions

Also available in: Atom PDF