Project

General

Profile

Feature #10793

Update NPM Packages

Added by Marc Egger over 1 year ago. Updated 3 months ago.

Status:
In Progress
Priority:
Normal
Assignee:
Target version:
Start date:
24.06.2020
Due date:
% Done:

30%

Estimated time:
Discuss:

Description

NPM found a few vulnerabilities in our packages which can be solved by updating.

BRANCH : S10793updateNpmPackages

STATUS : Habe die updates ausgefuehrt in dem obigen branch und einige tests gemacht. siehe Kommentare fuer mehr Infos. Der branch ist nicht in sync mit Dev.

- make new branch from develop
- update the packages with the commands listed below
- run npm audit again, resolve manual review problems
  - https://docs.npmjs.com/auditing-package-dependencies-for-security-vulnerabilities#security-vulnerabilities-found-requiring-manual-review
- Test tinyMCE
- (test TableSorter) not neccessary since not updated?
- run grunt, solve problems if there are any

Updates advised in report when running `npm audit`

npm install mocha@8.3.2 
npm install bootlint@1.1.0 
npm install grunt-contrib-jasmine@2.2.0
npm install tinymce@5.7.1
npm update lodash --depth 4
npm update minimist --depth 5
npm update jshint --depth 2
npm update mkdirp --depth 3
npm update minimist --depth 5 
#1

Updated by Marc Egger over 1 year ago

  • Description updated (diff)
#2

Updated by Marc Egger over 1 year ago

  • Description updated (diff)
#3

Updated by Marc Egger about 1 year ago

  • Status changed from In Progress to Priorize
#4

Updated by Marc Egger 9 months ago

  • Description updated (diff)
#5

Updated by Marc Egger 9 months ago

  • Priority changed from Normal to High

Wenn ich schon dabei bin, kann ich auch gleich NPM updaten

#6

Updated by Marc Egger 7 months ago

  • Status changed from Priorize to In Progress
#7

Updated by Marc Egger 7 months ago

  • Description updated (diff)
#8

Updated by Marc Egger 7 months ago

Executed

npm audit fix

fixed 16 vulnerabilities with nonbraking changes

npm audit still suggests these upgrades:

npm install mocha@8.3.2 
npm install bootlint@1.1.0 
npm install grunt-contrib-jasmine@2.2.0
npm install tinymce@5.7.1
#9

Updated by Marc Egger 7 months ago

Mocha is a testing framework which is only used by selenium tests written by Raffi. ( tests located in tests/selenium )

remove mocha and add it as dev dependency. Make sure it is not installed in production.

old mocha version: "mocha": "^3.2.0"

npm uninstall mocha
npm install --save-dev mocha

we use npm update in makefile which does not update or install dev dependencies.

new mocha version:
"mocha": "^8.3.2"

#10

Updated by Marc Egger 7 months ago

Bootlint is a html linter for bootstrap projects.
remove it and add as dev dependency.

Jasmine is another testing framework. used for tests written by Raffi. Tests location: tests/jasimne.
grunt-contrib-jasmine : Run jasmine specs headlessly through Headless Chrome
upgraded package

#11

Updated by Marc Egger 7 months ago

TinyMCE is the only package with potential braking changes.
execute upgrade:

npm install tinymce@5.7.1
#12

Updated by Marc Egger 7 months ago

Next up are issues with package hoek
This package is a dependency of grunt-contrib-less
Thus I will have to upgrade grunt-contrib-less to resolve it.
This will also upgrade LessJs from v2 to v4 which might contain breaking changes.

upgraded and grunt less still works

#13

Updated by Marc Egger 7 months ago

npm audit finds no more vulnerabilities. Will thus test TinyMCE now

#14

Updated by Marc Egger 7 months ago

TinyMCE is completely broken:
- Errors: plugins not found
- Toolbar not rendered

#15

Updated by Marc Egger 7 months ago

- Errors seem to be fixed.

- Toolbar is still not shown even though in FE.parameter it is activated

#16

Updated by Marc Egger 7 months ago

TinyMCE behaviour

megger/crose: 5.7.1
megger/forkred-marc: 4.9.10

editor-plugins=image editor-toolbar editor-statusbar verhalten alt neu
n n n - same
y n n - 2 neue buttons, sonst gleich
n y n toolbar mit wenigen formatierungen keine toolbar
n n y - same
#17

Updated by Carsten Rose 7 months ago

  • Tracker changed from Support to Feature
#18

Updated by Carsten Rose 7 months ago

  • Target version changed from 21.8.0 to 21.7.1
#19

Updated by Carsten Rose 7 months ago

  • Target version changed from 21.7.1 to 21.7.0
#20

Updated by Carsten Rose 7 months ago

  • Priority changed from High to Normal
#21

Updated by Marc Egger 3 months ago

  • Description updated (diff)
#22

Updated by Marc Egger 3 months ago

  • Description updated (diff)
#23

Updated by Marc Egger 3 months ago

  • Description updated (diff)
#24

Updated by Marc Egger 3 months ago

  • Description updated (diff)
#25

Updated by Marc Egger 3 months ago

  • Description updated (diff)
#26

Updated by Marc Egger 3 months ago

  • Description updated (diff)
#27

Updated by Marc Egger 3 months ago

  • Assignee changed from Marc Egger to Carsten Rose

Also available in: Atom PDF