Feature #2698
closed
Added by Alexander Watzinger about 1 month ago.
Updated 9 days ago.
Description
There are a few warnings when installing the frontend libs with:
npm install
I'm hoping that after the major release with newer underlying software these can be resolved.
Kindly asking Olivia to look into this.
Update
All fixed. For running instances use npm install --legacy-peer-deps to update the packages, otherwise you will run into errors. (is already noted in install/upgrade.md)
I took a look into this issue. I managed to remove the high vulnerabilities (already in develop).
Now there are 3 moderate vulnarabilities open, but they include breaking changes in Mirador (from 3.3.0 to 4.0.0) and TinyMCE (from 5.10.3 to 8.3.2).
These can take a little bit longer to fix.
- Target version changed from 9.1.0 to 9.2.0
- Assignee changed from Olivia Reichl to Bernhard Koschiček-Krombholz
- Status changed from Assigned to Closed
- Target version changed from 9.2.0 to 9.1.0
I took the liberty to fix these issues. Since it was me, who said, they should be fixed.
Mirador is now on the newest version, and TinyMCE also.
One thing we also should think about is including the package-lock.json again into the code, not only package.json and run updates with ci install not npm install: https://blog.logrocket.com/why-you-should-use-package-lock-json/ (older but I think still valid)
- Description updated (diff)
Also available in: Atom
PDF
Updated by 
Updated by