[
https://issues.apache.org/jira/browse/OFBIZ-11960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17442302#comment-17442302
]
ASF subversion and git services commented on OFBIZ-11960:
---------------------------------------------------------
Commit 49362441b716bc542cd39076a85b27b2718f5216 in ofbiz-framework's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=4936244 ]
Improved: Use NPM with gradle to get external JS dependencies (OFBIZ-11960)
After checking that we don't have any possible vulnerability using
jquery-ui-dist (ie 1.12.1) vs jquery-ui (1.13.0) based on* and checking in code
I decided to use jquery-ui-dist from npm. I just had to modify OfbizUtil.js to
get back to element.form() (for 1.12.1) vs element._form() for 1.13.0
I hope the npm jquery-ui-dist package will be updated soon. The release of
1.13.0 is quite fresh (<1 month).
We also need a mechanism to check the update or our npm packages.
As Aditya explained:
<<Minor updates can be handled implicitly by node when specified with tilde
range or caret range for version. For major updates, we just have to change
the version and use npm install.>>
So for now it will be manual. Later something like** could be used (I wonder
about https://snyk.io/, but that needs Infra agreement)
* https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/
** https://dev.to/dennismphil/automate-your-node-dependency-updates-4aga
> Use NPM with gradle to get external JS dependencies
> ---------------------------------------------------
>
> Key: OFBIZ-11960
> URL: https://issues.apache.org/jira/browse/OFBIZ-11960
> Project: OFBiz
> Issue Type: New Feature
> Components: ALL APPLICATIONS
> Affects Versions: Trunk
> Reporter: Aditya Sharma
> Assignee: Aditya Sharma
> Priority: Trivial
> Fix For: Upcoming Branch
>
>
> As discussed
> [here|https://lists.apache.org/thread.html/re16808eb5b1084f822c74194d23ca073dea4f4df443184f40f5f58c6%40%3Cdev.ofbiz.apache.org%3E],
> use gradle-js-plugin to ease out managing the JavaScript dependencies. The
> Gradle plugin allows us to automatically download the js libraries to the
> user's system like the Gradle dependencies, so we no longer need to include
> them with the package. It opens door to all the packages and modules
> available at [npm registry|https://www.npmjs.com/]. Also, it can be clubbed
> with Grunt or Gulp implementing tasks to minify external JS and CSS files
> with the custom ones, see
> [here|https://github.com/node-gradle/gradle-node-plugin/blob/master/docs/faq.md#how-do-i-run-commands-provided-by-npm-packages].
> 1. Add
> [gradle-node-plugin|https://github.com/node-gradle/gradle-node-plugin]:
> Gradle plugin for integrating NodeJS in your build
> 2. Create [NPM|https://www.npmjs.com/] package.json with JS dependencies in
> webapp
> 3. Use available tasks to install dependencies
>
> [https://github.com/node-gradle/gradle-node-plugin/blob/master/docs/usage.md#executing-npm-tasks]
>
>
> [https://github.com/node-gradle/gradle-node-plugin/blob/master/docs/usage.md#configuring-the-plugin]
> 4. Use the downloaded JS files in node_modules, updating the current path of
> the JS files.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
