search

200ok-ch / organice

An implementation of Org mode without the dependency of Emacs - built for mobile and desktop browsers
https://organice.200ok.ch/
GNU Affero General Public License v3.0
2.43k stars 150 forks source link

Upgrade node and dependencies? #992

Open schoettl opened 1 month ago

schoettl commented 1 month ago

On my system, the node version is 20.15.1 whereas organice uses 12.13.1. There are many open dependabot PRs and yarn audit tells about 637 vulnerabilities.

How about trying an upgrade @munen?

Apart from yarn test, CI and basic manual integration test – what do we need to safely upgrade? I've never done this before.

How would staging or production cope with such changes? Should we give it a try, starting with node itself?

munen commented 1 month ago

Hi @schoettl πŸ‘‹

On my system, the node version is 20.15.1 whereas organice uses 12.13.1. There are many open dependabot PRs and yarn audit tells about 637 vulnerabilities.

I'm definitively in favor of upgrading nodeπŸ‘

Apart from yarn test, CI and basic manual integration test – what do we need to safely upgrade? I've never done this before.

How would staging or production cope with such changes?

Since organice is a SPA, hosting is not affected. As long as the regular dev, testing and build tools work. These tasks should run:

CI should run. We will have to update the Docker image which includes the node version.

Lastly, a manual integration test should be done. As long as the sample and logins still work, I think we should be in the clear.

Should we give it a try, starting with node itself?

Sure, let's do it! I endeavoured into a first start: https://github.com/200ok-ch/organice/pull/993

munen commented 1 month ago

@schoettl I made a spike (https://github.com/200ok-ch/organice/pull/993) to get us started on this task. Are you interested in picking it up from here?

schoettl commented 1 month ago

Nice! I'll pick it up.