Project

General

Profile

Feature #10793

Update NPM Packages

Added by Marc Egger 11 months ago. Updated 5 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Target version:
Start date:
24.06.2020
Due date:
% Done:

30%

Estimated time:
Discuss:

Description

NPM found a few vulnerabilities in our packages which can be solved by updating.

Todo:
- make new branch from develop
- update the packages with the commands listed below
- run npm audit again, resolve manual review problems
  - https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities#security-vulnerabilities-found-requiring-manual-review
- Test tinyMCE
- (test TableSorter) not neccessary since not updated?
- run grunt, solve problems if there are any

Updates advised in report when running `npm audit`

npm install mocha@8.3.2 
npm install bootlint@1.1.0 
npm install grunt-contrib-jasmine@2.2.0
npm install tinymce@5.7.1
npm update lodash --depth 4
npm update minimist --depth 5
npm update jshint --depth 2
npm update mkdirp --depth 3
npm update minimist --depth 5 
#1

Updated by Marc Egger 11 months ago

  • Description updated (diff)
#2

Updated by Marc Egger 11 months ago

  • Description updated (diff)
#3

Updated by Marc Egger 8 months ago

  • Status changed from In Progress to Priorize
#4

Updated by Marc Egger about 2 months ago

  • Description updated (diff)
#5

Updated by Marc Egger about 2 months ago

  • Priority changed from Normal to High

Wenn ich schon dabei bin, kann ich auch gleich NPM updaten

#6

Updated by Marc Egger 22 days ago

  • Status changed from Priorize to In Progress
#7

Updated by Marc Egger 22 days ago

  • Description updated (diff)
#8

Updated by Marc Egger 22 days ago

Executed

npm audit fix

fixed 16 vulnerabilities with nonbraking changes

npm audit still suggests these upgrades:

npm install mocha@8.3.2 
npm install bootlint@1.1.0 
npm install grunt-contrib-jasmine@2.2.0
npm install tinymce@5.7.1
#9

Updated by Marc Egger 22 days ago

Mocha is a testing framework which is only used by selenium tests written by Raffi. ( tests located in tests/selenium )

remove mocha and add it as dev dependency. Make sure it is not installed in production.

old mocha version: "mocha": "^3.2.0"

npm uninstall mocha
npm install --save-dev mocha

we use npm update in makefile which does not update or install dev dependencies.

new mocha version:
"mocha": "^8.3.2"

#10

Updated by Marc Egger 22 days ago

Bootlint is a html linter for bootstrap projects.
remove it and add as dev dependency.

Jasmine is another testing framework. used for tests written by Raffi. Tests location: tests/jasimne.
grunt-contrib-jasmine : Run jasmine specs headlessly through Headless Chrome
upgraded package

#11

Updated by Marc Egger 22 days ago

TinyMCE is the only package with potential braking changes.
execute upgrade:

npm install tinymce@5.7.1
#12

Updated by Marc Egger 22 days ago

Next up are issues with package hoek
This package is a dependency of grunt-contrib-less
Thus I will have to upgrade grunt-contrib-less to resolve it.
This will also upgrade LessJs from v2 to v4 which might contain breaking changes.

upgraded and grunt less still works

#13

Updated by Marc Egger 22 days ago

npm audit finds no more vulnerabilities. Will thus test TinyMCE now

#14

Updated by Marc Egger 22 days ago

TinyMCE is completely broken:
- Errors: plugins not found
- Toolbar not rendered

#15

Updated by Marc Egger 19 days ago

- Errors seem to be fixed.

- Toolbar is still not shown even though in FE.parameter it is activated

#16

Updated by Marc Egger 8 days ago

TinyMCE behaviour

megger/crose: 5.7.1
megger/forkred-marc: 4.9.10

editor-plugins=image editor-toolbar editor-statusbar verhalten alt neu
n n n - same
y n n - 2 neue buttons, sonst gleich
n y n toolbar mit wenigen formatierungen keine toolbar
n n y - same
#17

Updated by Carsten Rose 7 days ago

  • Tracker changed from Support to Feature
#18

Updated by Carsten Rose 7 days ago

  • Target version changed from 21.6.0 to 21.5.2
#19

Updated by Carsten Rose 5 days ago

  • Target version changed from 21.5.2 to 21.5.1
#20

Updated by Carsten Rose 5 days ago

  • Priority changed from High to Normal

Also available in: Atom PDF