Closed ssciolla closed 4 years ago
Codacy has 3 issues for this. I think they're all worthwhile but we could probably postpone doing the apt pinning for now.
Not trying to be difficult here but why are we working on this now? We have other issues in the current sprint that haven't been started and this isn't (or at least, wasn't) in the current sprint.
Not trying to be difficult here but why are we working on this now?
@mfldavidson, point taken, there are other issues to be working on. I was kind of thinking about this yesterday and wanted to see what it would take, and then I was far enough along that I thought I would just try to get something working.
While it doesn't affect users particularly, I will say that this change is adjacent to some of the other issues out there in this project, specifically #45 and #212. We also talked about #216 a fair amount a couple weeks ago, and I thought that was something we wanted to make happen.
Also, I discovered once I got npm
working that there were some significant security vulnerabilities, mostly it seems with the old jQuery
. With these changes, we now only have one moderate security vulnerability with Bootstrap.
I will say that this change is adjacent to some of the other issues out there in this project, specifically #45 and #212...With these changes, we now only have one moderate security vulnerability with Bootstrap.
Good justification. I'm sold.
Wow -83K lines of code, almost deleted the whole project! :)
credit for reducing code lines!
@zqian, thank you for pulling this down and testing! I'm merging now, but I think we should also do some significant testing and review on setest
as well.
This PR makes progress toward completing issue #216 by integrating Node.js and
npm
with the build process to help with maintaining front-end JavaScript/CSS dependencies. A task list with the various actions taken is included below. The PR aims tor resolve issue #225.npm
and runnpm install
inDockerfile
django-npm
(see the GitHub repo)package.json
andpackage-lock.json
to repojquery
,components-font-awesome
, andtablesorter
versionsindex.html
template instudent_explorer
Here is the status of the front-end dependency versions, with "Before" meaning what I believe we had before, "Now" meaning what this PR is proposing, and "Latest" being the most current version. Future PRs addressing issue #216 should likely focus on upgrading Bootstrap and D3.
npm
warns of moderate vulnerability; code changes are likely needed to upgrade