Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Questions regarding development environment, dependencies, and potential package updates. #492

Open
BrettFraley opened this issue Jan 18, 2024 · 1 comment
Open

Questions regarding development environment, dependencies, and potential package updates. #492

BrettFraley opened this issue Jan 18, 2024 · 1 comment

Comments

@BrettFraley
Copy link

BrettFraley commented Jan 18, 2024
edited
Loading

In looking at potential good issues to debug and fix as a contributor to Glance, I noticed there's many deprecated dependencies when running npm install, and I'm unable to successfully run npm run dev for development.

Using NVM, I switched to Node 16 and then 14. I also, attempted to debug and upgrade a few of the packages.

I will post all the deprecation and security vulnerability warnings here if needed, but I will keep it simple with a few questions to the maintainers.

  • Which version of Node/NPM is recommended at this time to install, build, and run Glance locally for development?

  • Are there plans to update dependencies? If so, could this be an issue with breaking changes for other tools that use Glance?

  • Are there plans to upgrade to be compatible with Vue 3? I know Vue 2 is no longer supported but upgrading is a process that should be done with caution in order to not introduce bugs or break existing functionality or features.

  • Perhaps, most important are the vulnerabilites listed when running npm install:
    86 vulnerabilities (2 low, 58 moderate, 18 high, 8 critical)

Thanks for any feedback. I'd be happy to look further into these issues or steps toward updating packages and migrating to Vue3 if there are any plans to do so.
@floryst
Copy link
Collaborator

floryst commented Jan 22, 2024

Thanks for your interest! I've provided some responses below.

  • ideally we'd want to use the latest versions of node/npm. The only hard constraint would be the packages used for this project, so it's related to updating the packages.
  • Certain dependencies cannot have their major versions updated without code changes. In particular, vtk.js cannot be updated yet. Most others can be, but I haven't done a blanket upgrade to see what breaks. (e.g. webpack 4 to 5)
  • vue3 would be nice. We'd have to stick with the options API for now, since rewriting to the composition API is a lot of work at the moment. Relevant: https://v3-migration.vuejs.org/breaking-changes/
  • Some of those vulns might be via kw-doc. Ideally we'd migrate to readthedocs or another doc generation tool. Vulns related to kw-doc should be mostly minor, but addressing them is ideal.

A good first step would be to try to update some of the dependencies. A more focused task that might be fairly isolated would be to upgrade to vue3 and see how much work is necessary to address any breaking changes.

Other nice-to-haves:

  • migrate to vite for nicer developer tooling
  • upgrade to vuetify 3 (major underaking)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@floryst @BrettFraley