Open chrabyrd opened 1 month ago
Select-woo
/ select2
are also a technical bourdain looking long terme.
I was experimenting to upgrade yarn
to yarn modern
(yarn 2). select-woo
causes the build to fail and I was not able to fix the issue!
It's better to look for more moderne and supported solutions.
I know the main reason for using select-woo is accessibility but it should be addressed with other supported solution and if needed doing PRs to improve those solutions.
👋 @petgan !
I agree completely. For what it's worth, select2
/selectWoo
are being used to maintain legacy code, and once the cutover to Vue is complete they will deprecated and removed from the application; there is no new Arches-core code being written that uses those libraries.
Also, when version 7.6.0 is released, Arches will move from yarn v1 to npm. npm was selected over Yarn v2 largely for the reason you encountered: modern Yarn automatically runs build
scripts when linked to github dependencies.
If you're able to find a replacement for selectWoo
that can be integrated with minimal effort, please let us know -- I'd love to replace the library with a more modernized package.
👋 @petgan !
I agree completely. For what it's worth,
select2
/selectWoo
are being used to maintain legacy code, and once the cutover to Vue is complete they will deprecated and removed from the application; there is no new Arches-core code being written that uses those libraries.Also, when version 7.6.0 is released, Arches will move from yarn v1 to npm. npm was selected over Yarn v2 largely for the reason you encountered: modern Yarn automatically runs
build
scripts when linked to github dependencies.If you're able to find a replacement for
selectWoo
that can be integrated with minimal effort, please let us know -- I'd love to replace the library with a more modernized package.
It seems like given what you've documented here @chrabyrd, we can close this issue?
@chiatt I'm unsure if we should close it or just move it to icebox. It still shows a security vulnerability whenever npm install
is run, and still shows as the cause of the issue when npm audit
is run. As long as there's documentation that we're aware of this issue and have explored alternatives ( which this ticket serves as ), I'm good either way.
👋 @petgan !
I agree completely. For what it's worth,
select2
/selectWoo
are being used to maintain legacy code, and once the cutover to Vue is complete they will deprecated and removed from the application; there is no new Arches-core code being written that uses those libraries.Also, when version 7.6.0 is released, Arches will move from yarn v1 to npm. npm was selected over Yarn v2 largely for the reason you encountered: modern Yarn automatically runs
build
scripts when linked to github dependencies.If you're able to find a replacement for
selectWoo
that can be integrated with minimal effort, please let us know -- I'd love to replace the library with a more modernized package.
Hi @chrabyrd It has been some time I has developped frontend so I can not say from experianse what is a good chose but have made somme digging and when taking into account that Arches is orienting using Vue. Radix Vue seams interesting!
When running
npm audit
, the following message is output:It look like
select-woo
has not been updated in several years, and does not have plans to be updated. We should consider possible alternatives. I'm assuming we will not use this library with Vue components