New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Track upstream and periodically update dependencies #1244
Comments
I think dependabot can handle this also. Never worked with dependabot, but found an example for Nextcloud: |
If migrate to Doctrine, then RedBean and PdoSessionHandler will be no longer needed. Problem of updates will solved. |
Many of these dependencies are also not maintained or even because we have had to hack them for BoxBilling due to issues on our own end (redbeanPHP for example) @andpavlenko |
@BenNottelling Yesterday I've first time install Discord. Only for Boxbilling. )) |
At first look, a lot of hardcode related to frontend could to move in package.json |
@andpavlenko |
Andrey,
Could you give more detail as to what frontend code is in package.json?
If there is no frontend code in package.json are you requesting that we
move some to it?
If the second is your request most likely the answer will be no due to the
actual purpose of a package.json file and what their intended uses are for.
Does that make sense? If not then I would suggest we answer the question of
what package.json file you are editing and clearly define the intended use
for the package and its associated dependencies. In most cases a
package.json file is only seen when working with a Node or npm package. So
I am curious to find out what package we have hardcoded boxbilling
information into.
Thank you
Timothy Webb
…On Mon, Mar 28, 2022 at 3:38 PM Andrey Pavlenko ***@***.***> wrote:
At first look, a lot of hardcode related to frontend could to move in
package.json
—
Reply to this email directly, view it on GitHub
<#1244 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD24K7JFAS5WSU72C6LNXBDVCIDEVANCNFSM5R2KGT6Q>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
What are those "intented uses"? It's pretty common to grab your front-end assets from npm. That's a lot easier to keep them up-to-date. https://fontawesome.com/docs/web/setup/packages |
Thanks for the clarification. I am good with this. Just wanted to make sure we were not hard coding to fix something broken in our package.json when the file is strictly used for npm depends and settings. |
We have some dependencies other than the Composer packages we're using.
We should keep them updated and find a way to be notified whenever they release a new update.
Including but not limited to:
also theme dependencies (also see #978):
We should also document the process for updating each of these so the new maintainers will have an easier time. Some of these can (and if possible, should) be replaced with automated package managers. We can even drop some of them entirely.
The text was updated successfully, but these errors were encountered: