search

processing / p5.js

p5.js is a client-side JS platform that empowers artists, designers, students, and anyone to learn to code and express themselves creatively on the web. It is based on the core principles of Processing. http://twitter.com/p5xjs —
http://p5js.org/
GNU Lesser General Public License v2.1
21.5k stars 3.29k forks source link

Current status of maintenance tasks, package audits, tracking tech debt, etc #7069

Open mavenik opened 4 months ago

mavenik commented 4 months ago

Topic

Context:

Node 16 reached its end of life in September 2023 which may have prompted us to switch to Node 20. However, this wasn't done consistently for all jobs within Github Actions workflows (some jobs in release workflow still use Node 12 or Node 16).

I happened to notice deprecation warnings on Github Actions regarding the use of old refs in release, lint and test workflows. I attempted fixing some of these warnings on my fork.

Further, there are package vulnerabilities owing to old versions of dependencies. While the fixes for the above are trivial, it seems like these warnings have started piling up and its a matter of time before they become unmanageable and/or introduce breaking changes if not maintained regularly.

There are other maintenance tasks that are quite relevant, such as an upgrade to p5's build and test systems (#7013), updating docs, etc.

I could not find a process or documentation to attend these tasks, hence reaching out for a discussion. It would greatly help if someone could point me to a process doc for maintenance issues with workflows, package audits, build, test systems and allied topics.

In case such a process does not exist yet, I would like to propose the following:

Proposal:

  1. Add an Issue category for maintenance and audit tasks so that we could track and attend to them separate from feature, enhancement, and bug fixes
  2. Formulate a plan to consciously audit, maintain, upgrade packages, update documentation on a regular basis by setting priorities to these tasks, calling for contributions, and so on
welcome[bot] commented 4 months ago

Welcome! 👋 Thanks for opening your first issue here! And to ensure the community is able to respond to your issue, please make sure to fill out the inputs in the issue forms. Thank you!

limzykenneth commented 4 months ago

There's no formal process for these as they are often managed separately and have different considerations. For Github Actions, those can most likely be updated to use newer versions of node.js without issue.

For dependencies, we have Dependabot to help with the most critical updates but many of the current dependencies are not able to be updated because some are not being maintained anymore. 2.0 seeks to address these with a combination of a few proposals that brings overall dependencies up to date.

A regular schedule/plan to keep things up to date going forwards sounds good to me.