Upgrade vendor libraries to avoid potential security issues #4016
Comments
|
I know this might be a lot of work but why do not upgrade from AngularJs to Angular? According to this blog post (https://blog.angular.io/stable-angularjs-and-long-term-support-7e077635ee9c) LTS will end December 31, 2021. I think it would be a great idea to move forward by changing to Angular since this will make Apollo more future proof. |
|
@DiegoKrupitza I think this is a good idea and we need someone to take a look and estimate the effort before doing the migration. |
|
There are a few resources available at the official angular site (https://angular.io/guide/upgrade) but to really do this you need someone who knows the frontend by hard, since a lot can go wrong 😅 I'm not an angular expert but I would suggest to not mix AngularJs and Angular since this may be become way to complex over time. When upgrading to Angular I would also think it will make sense to upgrade to Typescript as well. |
|
I think the upgrade from AngularJs to Angular should be an issue by its own, since it looks like this will be a major upgrade. Is there a reason why the frontend for the Apollo portal is inside the static content of the backend? Wouldn't it be more suitable to extract the frontend into a own folder. This would decouple the angular frontend from the java backend and make it more modular. |
|
The only reason to put the static contents inside apollo portal is to ease the deployment process, so that user doesn't need to start a standalone server to serve those static contents. |
|
Angular is getting less attention in China, would it be more appropriate to choose react + hook + ts or vue3 + ts for dashboard refactoring? |
|
Using a familiar technology stack also allows more people to participate in the development and maintenance of the dashboard. |
The major benefit of a transition from AngularJs to Angular is that you do not really have to rewrite everything. If we switch from AngularJs to React/Vue we need to rewrite all the functionalities. |
I am a front-end developer, and I have carefully checked all the features of dashboard, maybe there are not as many features as I thought. |
|
For front-end developers, writing pages is a very simple thing, far less work and much more efficient than refactoring. |
I created a new Issue that only focuses on Upgrading from AngularJs to X. Personally I am open to any framework that has at least a bit of popularity. But I think this should be a community decision so maybe the PMC can help out finding a good fit for everyone PS: lets move the discussion to #4051 |
Is your feature request related to a problem? Please describe.
The vendor libraries used in apollo are out-dated(Bootstrap v3.3.5, jQuery 2.2.4, AngularJS v1.5.1, etc), which means potential security issues, e.g. https://snyk.io/test/npm/bootstrap/3.3.5
Describe the solution you'd like
Upgrade the vendor libraries to recent versions
The text was updated successfully, but these errors were encountered: