Project

General

Profile

Actions

Feature #10793

open

Update NPM Packages

Added by Marc Egger over 2 years ago. Updated about 1 year ago.

Status:
In Progress
Priority:
Normal
Assignee:
Carsten Rose
Target version:
Start date:
24.06.2020
Due date:
% Done:

30%

Estimated time:
Discuss:
Prio Planung:

Description

NPM found a few vulnerabilities in our packages which can be solved by updating.

BRANCH : S10793updateNpmPackages

STATUS : Habe die updates ausgefuehrt in dem obigen branch und einige tests gemacht. siehe Kommentare fuer mehr Infos. Der branch ist nicht in sync mit Dev.

- make new branch from develop
- update the packages with the commands listed below
- run npm audit again, resolve manual review problems
  - https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities#security-vulnerabilities-found-requiring-manual-review
- Test tinyMCE
- (test TableSorter) not neccessary since not updated?
- run grunt, solve problems if there are any

Updates advised in report when running `npm audit`

npm install mocha@8.3.2 
npm install bootlint@1.1.0 
npm install grunt-contrib-jasmine@2.2.0
npm install tinymce@5.7.1
npm update lodash --depth 4
npm update minimist --depth 5
npm update jshint --depth 2
npm update mkdirp --depth 3
npm update minimist --depth 5 
Actions #1

Updated by Marc Egger over 2 years ago

  • Description updated (diff)
Actions #2

Updated by Marc Egger over 2 years ago

  • Description updated (diff)
Actions #3

Updated by Marc Egger about 2 years ago

  • Status changed from In Progress to Priorize
Actions #4

Updated by Marc Egger over 1 year ago

  • Description updated (diff)
Actions #5

Updated by Marc Egger over 1 year ago

  • Priority changed from Normal to High

Wenn ich schon dabei bin, kann ich auch gleich NPM updaten

Actions #6

Updated by Marc Egger over 1 year ago

  • Status changed from Priorize to In Progress
Actions #7

Updated by Marc Egger over 1 year ago

  • Description updated (diff)
Actions #8

Updated by Marc Egger over 1 year ago

Executed

npm audit fix

fixed 16 vulnerabilities with nonbraking changes

npm audit still suggests these upgrades:

npm install mocha@8.3.2 
npm install bootlint@1.1.0 
npm install grunt-contrib-jasmine@2.2.0
npm install tinymce@5.7.1
Actions #9

Updated by Marc Egger over 1 year ago

Mocha is a testing framework which is only used by selenium tests written by Raffi. ( tests located in tests/selenium )

remove mocha and add it as dev dependency. Make sure it is not installed in production.

old mocha version: "mocha": "^3.2.0"

npm uninstall mocha
npm install --save-dev mocha

we use npm update in makefile which does not update or install dev dependencies.

new mocha version:
"mocha": "^8.3.2"

Actions #10

Updated by Marc Egger over 1 year ago

Bootlint is a html linter for bootstrap projects.
remove it and add as dev dependency.

Jasmine is another testing framework. used for tests written by Raffi. Tests location: tests/jasimne.
grunt-contrib-jasmine : Run jasmine specs headlessly through Headless Chrome
upgraded package

Actions #11

Updated by Marc Egger over 1 year ago

TinyMCE is the only package with potential braking changes.
execute upgrade:

npm install tinymce@5.7.1
Actions #12

Updated by Marc Egger over 1 year ago

Next up are issues with package hoek
This package is a dependency of grunt-contrib-less
Thus I will have to upgrade grunt-contrib-less to resolve it.
This will also upgrade LessJs from v2 to v4 which might contain breaking changes.

upgraded and grunt less still works

Actions #13

Updated by Marc Egger over 1 year ago

npm audit finds no more vulnerabilities. Will thus test TinyMCE now

Actions #14

Updated by Marc Egger over 1 year ago

TinyMCE is completely broken:
- Errors: plugins not found
- Toolbar not rendered

Actions #15

Updated by Marc Egger over 1 year ago

- Errors seem to be fixed.

- Toolbar is still not shown even though in FE.parameter it is activated

Actions #16

Updated by Marc Egger over 1 year ago

TinyMCE behaviour

megger/crose: 5.7.1
megger/forkred-marc: 4.9.10

editor-plugins=image editor-toolbar editor-statusbar verhalten alt neu
n n n - same
y n n - 2 neue buttons, sonst gleich
n y n toolbar mit wenigen formatierungen keine toolbar
n n y - same
Actions #17

Updated by Carsten Rose over 1 year ago

  • Tracker changed from Support to Feature
Actions #18

Updated by Carsten Rose over 1 year ago

  • Target version changed from next5 to next4
Actions #19

Updated by Carsten Rose over 1 year ago

  • Target version changed from next4 to next3
Actions #20

Updated by Carsten Rose over 1 year ago

  • Priority changed from High to Normal
Actions #21

Updated by Marc Egger about 1 year ago

  • Description updated (diff)
Actions #22

Updated by Marc Egger about 1 year ago

  • Description updated (diff)
Actions #23

Updated by Marc Egger about 1 year ago

  • Description updated (diff)
Actions #24

Updated by Marc Egger about 1 year ago

  • Description updated (diff)
Actions #25

Updated by Marc Egger about 1 year ago

  • Description updated (diff)
Actions #26

Updated by Marc Egger about 1 year ago

  • Description updated (diff)
Actions #27

Updated by Marc Egger about 1 year ago

  • Assignee changed from Marc Egger to Carsten Rose
Actions

Also available in: Atom PDF