Skip to content

Move the 'marked' lib to the settings app and update it #13474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ChristophWurst wants to merge 2 commits into from
Closed

Move the 'marked' lib to the settings app and update it #13474

ChristophWurst wants to merge 2 commits into from

Conversation

@ChristophWurst
Copy link
Member

@ChristophWurst ChristophWurst commented Jan 10, 2019

The marked dependency was out of date and isn't used by any app except
the settings pages. Hence it's move there and updated to resolve security
vulnerabilities.

Replaces #13462

@ChristophWurst
Move the 'marked' lib to the settings app and update it
1faf997 
The `marked` dependency was out of date and isn't used by any app except
the settings pages. Hence it's move there and updated to resolve security
vulnerabilities.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
@ChristophWurst ChristophWurst added this to the Nextcloud 16 milestone Jan 10, 2019
@ChristophWurst ChristophWurst self-assigned this Jan 10, 2019
@ChristophWurst
fixup! Move the 'marked' lib to the settings app and update it
d430e04 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
@ChristophWurst ChristophWurst mentioned this pull request Jan 10, 2019
Merged
@kesselb
Copy link
Contributor

kesselb commented Jan 10, 2019

https://github.com/search?l=JavaScript&p=1&q=org%3Anextcloud+%22marked%22&type=Code

It could be that these apps need an update then:

@nickvergessen
Copy link
Member

nickvergessen commented Jan 10, 2019

Can we leave it in core? there are quite some apps using it.
Announcements also has an open PR to make use of it, would make it 4 versions of marked being shipped?

@ChristophWurst
Copy link
Member Author

ChristophWurst commented Jan 10, 2019
edited
Loading

I assumed it was just settings. That is the issue with this kind of dependency loading. You never know who it uses. And when you update them you don't know which apps break. On that note, there were actually breaking changes in this update, but none effected settings as far as I can tell.

We should aim to get rid of that. Dependencies should be shipped with the apps. This lib is 20kb in size, so the duplication overhead is negligible IMO.

Edit: we're facing a well known problem here: https://en.wikipedia.org/wiki/Dependency_hell. In contrast to php/composer, Javascript will allow us to fix it.

@rullzer
Copy link
Member

rullzer commented Jan 10, 2019

Can we leave it in core? there are quite some apps using it.

Maybe for 1 more version. But apps should ship their own dependencies. Else we can never update a dependency (see jquery) because some app might depends on something

Announcements also has an open PR to make use of it, would make it 4 versions of marked being shipped?

So be it. We do aggressive caching. But else we risk breaking all the apps every time we update a library.

@ChristophWurst
Copy link
Member Author

ChristophWurst commented Jan 10, 2019

I'm closing this and will push another PR to bundle a separate version for settings.

@nickvergessen please ship your own for the announcements as well. We'll remove the one from core in Nextcloud 17.

@ChristophWurst ChristophWurst deleted the refactor/move-update-marked-lib branch January 10, 2019 12:41
@ChristophWurst ChristophWurst mentioned this pull request Jan 10, 2019
Merged
@nickvergessen
Copy link
Member

nickvergessen commented Jan 10, 2019

Thats a good enough solution. Just dont want to have breaking js apps all the time, just after we spoke about brekaing apps on php level.

@rullzer
Copy link
Member

rullzer commented Jan 10, 2019

@nickvergessen well sure. But this is like using private namespace ;)

@rullzer rullzer mentioned this pull request Jan 10, 2019
Closed
@juliusknorr
Copy link
Member

juliusknorr commented Jan 10, 2019

@ChristophWurst @rullzer I've added a note of the deprecation of the shipped marked to #12915. We should keep track there which libraries we want to get rid of in an upcoming version, so developers can prepare 😉

@nickvergessen nickvergessen mentioned this pull request Jan 10, 2019
Closed
@juliusknorr juliusknorr mentioned this pull request Jan 14, 2019
Closed
@ChristophWurst ChristophWurst mentioned this pull request Jun 11, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rullzer rullzer Awaiting requested review from rullzer

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

@skjnldsv skjnldsv Awaiting requested review from skjnldsv

Assignees

@ChristophWurst ChristophWurst

Labels

3. to review Waiting for reviews security technical debt

Projects

None yet

Milestone

Nextcloud 16

Development

Successfully merging this pull request may close these issues.

6 participants

@ChristophWurst @kesselb @nickvergessen @rullzer @juliusknorr