Adobe-Consulting-Services / acs-aem-commons

http://adobe-consulting-services.github.io/acs-aem-commons/
Apache License 2.0
456 stars 603 forks source link

Package 3rd party JS dependencies via webpack #2843

Open kwin opened 2 years ago

kwin commented 2 years ago

Currently the third party JS libraries shipped in https://github.com/Adobe-Consulting-Services/acs-aem-commons/tree/master/ui.apps/src/main/content/jcr_root/apps/acs-commons/clientlibs/vendor are

  1. embedded manually (sometimes the original source is not clear)
  2. heavily outdated
  3. partially contain vulnerable versions

I suggest to

Here is a list of currently embedded JS Libs:

Library Version Remark
AngularJS 1.3.3 (2014) and 1.2.26 No longer supported since Jan 2022
Fontawesome 4.4.0 CSS Only
JSON2.js ? This file does nothing on ES5 systems. Every browser since IE8 supports it natively
JSONDiffPatch ?
JSPlumb 1.7.2 Should be updated
QRCode unclear source is not clear
Lodash 4.17.21 no longer in use (https://github.com/Adobe-Consulting-Services/acs-aem-commons/commit/bfe1c01ee1bb5e6af2fa02af7fb66e8975423ee9)

(the history at https://github.com/Adobe-Consulting-Services/acs-aem-commons/commits/acs-aem-commons-4.3.0/content/src/main/content/jcr_root/etc/clientlibs/acs-commons/vendor may expose further details)

kwin commented 2 years ago

@davidjgonzalez Can you help identifying both source and version of the currently packed 3rd party JS dependencies?