Feature #2698
closed
Update NPM libraries
Description
There are a few warnings when installing the frontend libs with:
npm install
I'm hoping that after the major release with newer underlying software these can be resolved.
Kindly asking Olivia to look into this.
Update
All fixed. For running instances use npm install --legacy-peer-deps to update the packages, otherwise you will run into errors. (is already noted in install/upgrade.md)
Updated by Bernhard Koschiček-Krombholz 9 days ago
I took a look into this issue. I managed to remove the high vulnerabilities (already in develop).
Now there are 3 moderate vulnarabilities open, but they include breaking changes in Mirador (from 3.3.0 to 4.0.0) and TinyMCE (from 5.10.3 to 8.3.2).
These can take a little bit longer to fix.
Updated by Bernhard Koschiček-Krombholz 9 days ago
- Target version changed from 9.1.0 to 9.2.0
Updated by Alexander Watzinger 8 days ago
- Assignee changed from Olivia Reichl to Bernhard Koschiček-Krombholz
Updated by Bernhard Koschiček-Krombholz 8 days ago
- Status changed from Assigned to Closed
- Target version changed from 9.2.0 to 9.1.0
I took the liberty to fix these issues. Since it was me, who said, they should be fixed.
Mirador is now on the newest version, and TinyMCE also.
One thing we also should think about is including the package-lock.json again into the code, not only package.json and run updates with ci install not npm install: https://blog.logrocket.com/why-you-should-use-package-lock-json/ (older but I think still valid)