[jira] [Commented] (OFBIZ-11960) Use NPM with gradle to get external JS dependencies

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/OFBIZ-11960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17482429#comment-17482429
 ] 

ASF subversion and git services commented on OFBIZ-11960:
---------------------------------------------------------

Commit bbc5757782d99dfe59153641796b3ad5280d6fed in ofbiz-framework's branch 
refs/heads/release22.01 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=bbc5757 ]

Fixed: Upgrade Tomcat from 9.0.54 to 9.0.58 (OFBIZ-12539)

    The fix for bug CVE-2020-9484 introduced a time of check, time of use
    vulnerability that allowed a local attacker to perform actions with the
    privileges of the user that the Tomcat process is using. This issue is only
    exploitable when Tomcat is configured to persist sessions using the 
FileStore.

Also reverts node from 13.14.0 back to 16.13.1. It accidentally slipped in with
OFBIZ-11960


> Use NPM with gradle to get external JS dependencies
> ---------------------------------------------------
>
>                 Key: OFBIZ-11960
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11960
>             Project: OFBiz
>          Issue Type: New Feature
>          Components: ALL APPLICATIONS
>    Affects Versions: Trunk, Upcoming Branch
>            Reporter: Aditya Sharma
>            Assignee: Jacques Le Roux
>            Priority: Trivial
>
> As discussed 
> [here|https://lists.apache.org/thread.html/re16808eb5b1084f822c74194d23ca073dea4f4df443184f40f5f58c6%40%3Cdev.ofbiz.apache.org%3E],
>  use gradle-js-plugin to ease out managing the JavaScript dependencies. The 
> Gradle plugin allows us to automatically download the js libraries to the 
> user's system like the Gradle dependencies, so we no longer need to include 
> them with the package. It opens door to all the packages and modules 
> available at [npm registry|https://www.npmjs.com/]. Also, it can be clubbed 
> with Grunt or Gulp implementing tasks to minify external JS and CSS files 
> with the custom ones, see 
> [here|https://github.com/node-gradle/gradle-node-plugin/blob/master/docs/faq.md#how-do-i-run-commands-provided-by-npm-packages].
> 1. Add 
> [gradle-node-plugin|https://github.com/node-gradle/gradle-node-plugin]: 
> Gradle plugin for integrating NodeJS in your build
>  2. Create [NPM|https://www.npmjs.com/] package.json with JS dependencies in 
> webapp
>  3. Use available tasks to install dependencies
>  
> [https://github.com/node-gradle/gradle-node-plugin/blob/master/docs/usage.md#executing-npm-tasks]
>  
>  
> [https://github.com/node-gradle/gradle-node-plugin/blob/master/docs/usage.md#configuring-the-plugin]
>  4. Use the downloaded JS files in node_modules, updating the current path of 
> the JS files.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)