Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating to JQuery 3.6.0 #8525

Open
HermesSbicego-Laser opened this issue Jan 4, 2022 · 6 comments
Open

Updating to JQuery 3.6.0 #8525

HermesSbicego-Laser opened this issue Jan 4, 2022 · 6 comments

Comments

@HermesSbicego-Laser
Copy link
Contributor

For dev branch, we will update JQuery to its latest stable release (3.6.0.)
@HermesSbicego-Laser
Copy link
Contributor Author

Working on this, we found the the gulp pipeline is broken.
what we see installing it, it's that package has lots of vulnerabilities (2 low, 10 moderate, 19 high, 4 critical) and some dependencies are deprecated.
installing new versions and new dependencies results in a not working gulp.js file.
So the question is: should we use gulp anymore?
We suggest and we will work on porting the gulp pipeline to this VS extension https://marketplace.visualstudio.com/items?itemName=MadsKristensen.BundlerMinifier, https://www.talkingdotnet.com/gulp-is-no-longer-default-choice-asp-net-core/
We use it in our solutions and it works as expected.

@Skrypt
Copy link
Contributor

Skrypt commented Jan 4, 2022

If I remember correctly, Orchard used to use BundlerMinifier and got migrated to the gulp pipeline because we could fine-tune it more. There are also dependencies that only need to be copied without getting bundled so the gulp pipeline can also do that.

Moving back to the BundlerMinifier won't fix the deprecated dependencies issue either. So, I believe this would be more regression than anything. I would try to fix the npm packages and dependencies before anything else. Because in the end, that's what's needed.

@HermesSbicego-Laser
Copy link
Contributor Author

Thanks @Skrypt for clarifying why gulp was choosen.
So, we will try to update and keep gulp pipeline. Any help will be appreciated.

@MatteoPiovanelli-Laser
Copy link
Contributor

@Skrypt
Based also on your comments in #8522, what would you recommend?
We think the pipeline should be updated to a state where it works "out of the box", and it possibly easy to set up for new and custom modules/themes.

@Skrypt
Copy link
Contributor

Skrypt commented Jan 10, 2022
edited
Loading

What would need to be done is to use the latest LTS version of Node.js + npm and update the packages.json files up until no package deprecated are found. After that, test things manually in OC to make sure the components are still working. Because it can "transpile" without necessarily working.

That's why I said earlier that normally using the Node.js version that was used back then to transpile everything should be the easiest way to make it transpile and work.

@Skrypt
Copy link
Contributor

Skrypt commented Jan 10, 2022

Also as part of being able to do reproducible builds, I think we should document the version of Node.js used to transpile the Gulp pipeline to avoid having this situation again in a few years. The recommendation is good for Orchard Core too.

@HermesSbicego-Laser HermesSbicego-Laser mentioned this issue Aug 29, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Skrypt @HermesSbicego-Laser @MatteoPiovanelli-Laser