- Code/Gerrit: https://reviews.mahara.org/#/c/10657/ patch set 6
- Browser tested: Chrome; note: Browser testing not required.
- Theme: Raw; note: theme testing not required.
Preconditions:
a. Current Mahara master present.
b. Run terminal command 'make css' and capture the output (see attachment 1
prefixed 'Before').
Summary of output: 11 npm WARN deprecated messages displayed and 22
vulnerabilities (4 low, 10 moderate, 8 high).
Test steps:
1. Apply the patch.
2. Repeat above point b.
Expected result: there are now no vulnerabilities and minimal or no npm
messages.
Summary of output (see attachment 2 prefixed 'After'):
- 2 npm WARN messages displayed (listed beneath) and 0 vulnerabilities (0)
"npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected]
(node_modules/fsevents):"
"npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for
[email protected]: wanted {"os":"darwin","arch":"any"} (current:
{"os":"linux","arch":"x64"})"
- All 22 vulnerabilities are now gone. The presence of the 2 npm messages is
accepted. ✔
3. Execute the manual smokescreen tests
(https://wiki.mahara.org/wiki/Testing/Manual_testing). All tests pass. ✔
** Attachment added: "Before patch applied - make_css response.txt"
https://bugs.launchpad.net/mahara/+bug/1855373/+attachment/5329093/+files/Before%20patch%20applied%20-%20make_css%20response.txt
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1855373
Title:
Update gulp
Status in Mahara:
In Progress
Bug description:
A while ago we pinned Gulp to version 3.9 to prevent a problem with
dependency incompatibility. We now need to upgrade Gulp to version 4
to get rid of vulnerabilities in some of its dependencies.
What needs to happen:
1. Check for dependency incompatibility with Gulp 4 to see if it's still an
issue. If so, can we work around it?
2. See what's involved with upgrading to Gulp 4
3. We could look at the dependencies we are including for gulp (and maybe
node dependencies too, although this could be a separate issue) and confirm
that they are needed in Mahara.
Investigation of the above points:
1. The only dependency we have now that is incompatible with v.4 seems to be
gulp-help. It doesn't look like it will cause any problems to remove it, so we
should just remove it.
2. There are syntax changes that need to be made, but it looks like they can
be made in the gulpfile.js, which limits the coding to be done.
Assumption made: There are no wider changes necessary.
3. Not looked at at this stage.
Gulp docs:
https://gulpjs.com/docs/en/getting-started/quick-start
3rd party links:
https://stackoverflow.com/questions/36897877/gulp-error-the-following-tasks-did-not-complete-did-you-forget-to-signal-async
https://stackoverflow.com/questions/50505275/gulp4-assertionerror-task-never-defined-when-calling-or-importing-tasks
https://codeburst.io/switching-to-gulp-4-0-271ae63530c0
https://coder-coder.com/gulp-4-walk-through/
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1855373/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
