cerebro
cerebro copied to clipboard
lmenezes
Migrate asset generation
Hi,
while checking out the source code, I noticed the security warnings by NPM audit.
Steps taken:
- npm ci
- npm audit
Output: ... found 120 vulnerabilities (39 low, 26 moderate, 55 high) in 1301 scanned packages...
As I took a look at the asset generation, I noticed that some of the libraries were added manually - eg. Angular / ACE / JQuery ... under the src/assets folder.
I then decided that it was better to do a migration of the manually added libraries to the Grunt system, then upgrade - as minimal invasive as possible - the packages and the likely fallout.
All in all, it went very smooth:
- ACE needed a configuration directive for it's source path
- Karma needed a provider change, as phantomJS is not maintained - I chose Chromium (Chrome)
- JSCS needed to be replaced, so I chose ESLint and added a minimal configuration
After all changes, the output of npm audit changes: found 3 vulnerabilities (2 moderate, 1 high) in 1294 scanned packages
The remaining culprits are JQuery and Angular, which both need migrating. Angular to 1.7, JQuery to 3.0.
I'd be up to the task of migrating both, if you wish.
Thanks for your work and time spend on this project!
