•  
      request #12149 Bump Kanban dependency to socket.io-client ^2
    Infos
    #12149
    Thomas Gerbet (tgerbet)
    2018-08-20 15:25
    2018-08-18 13:28
    12777
    Details
    Bump Kanban dependency to socket.io-client ^2
    Tuleap is currently broken due to a change of the checksum of the tarball of one of the dependency (socket.io > engine.io-client > xmlhttprequest). This dependency is hardcoded by engine.io-client to be retrieved directly from a GitHub archive, since it is not resolved through the npmjs registry we do not have the original version in our npmjs registry mirror.

    Preliminary investigations seem however to show that the checksum change is due to metadata modifications.

    While we might decide to only update the checksum of the archive in the lockfile to be able to build Tuleap again and have the same issue again in two months let's took this as an opportunity to bump to the latest version of socket.io-client. The version the kanban is currently using is impacted by a bunch of vulnerabilities so it is the right thing to do anyway.
    Agile Dashboard
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2018-08-18
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Integrated into Tuleap 10.4.99.24

    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2018-08-18
    User avatar
    Thomas Gerbet (tgerbet)2018-08-18 13:51
    Patch available for review here: gerrit #12374.

    • Summary
      -Bump Kanban dependency to socket.io-client to ^2 
      +Bump Kanban dependency to socket.io-client ^2 
    • Status changed from Under implementation to Under review