Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update IDP and dependencies #7957

Closed
micbar opened this issue Dec 13, 2023 · 5 comments
Closed

Update IDP and dependencies #7957

micbar opened this issue Dec 13, 2023 · 5 comments
Assignees
@kulmann
Labels
Priority:p2-high Escalation, on top of current planning, release blocker Type:Bug

Comments

@micbar
Copy link
Contributor

micbar commented Dec 13, 2023

Description

We are approaching a new major release and need to keep the IdP dependencies up to date and free of vulnerabilities.
@micbar micbar added Type:Bug Priority:p2-high Escalation, on top of current planning, release blocker labels Dec 13, 2023
@kulmann kulmann mentioned this issue Dec 15, 2023
Merged
9 tasks
@kulmann
Copy link
Member

kulmann commented Dec 15, 2023

Asked the kpop devs if we can remove cldr (which brings in the outdated xmldom package`) from the dependencies upstream, see Kopano-dev/kpop#40

@micbar
Copy link
Contributor Author

micbar commented Dec 20, 2023

@kulmann Assigning you to avoid confusion in the ocis team.

@kulmann
Copy link
Member

kulmann commented Dec 21, 2023
edited

We made #7988 to mitigate the security concerns. @rhafer voiced his opinion here #7988 (comment) to stay in sync with upstream as much as possible. I'm not in favour of that "busy work" because there are plans to switch to Authelia and nobody here has in depth understanding of the lico ui. Needs a decision.

@micbar micbar mentioned this issue Dec 27, 2023
Closed
71 tasks
@micbar
Copy link
Contributor Author

micbar commented Dec 27, 2023

Fine for now.

@micbar micbar closed this as completed Dec 27, 2023
@rhafer
Copy link
Contributor

rhafer commented Jan 8, 2024

nobody here has in depth understanding of the lico ui

That alone already sound like a really good reason to stay as close to upstream as possible IMO. Keeping it diverging further makes maintenance even harder.

there are plans to switch to Authelia

We have been mumbling about that for a while now. But there has been very little progress, nor a full understanding what we actually need for that. And we'll have to live with lico for at least the whole 5.0.0 lifetime.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kulmann kulmann

Labels
Priority:p2-high Escalation, on top of current planning, release blocker Type:Bug
Projects
Infinite Scale Team Board
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rhafer @kulmann @micbar