Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade vendor libraries to avoid potential security issues #4016

Open
nobodyiam opened this issue Oct 7, 2021 · 11 comments
Open

Upgrade vendor libraries to avoid potential security issues #4016

nobodyiam opened this issue Oct 7, 2021 · 11 comments

Comments

@nobodyiam
Copy link
Member

Is your feature request related to a problem? Please describe.
The vendor libraries used in apollo are out-dated(Bootstrap v3.3.5, jQuery 2.2.4, AngularJS v1.5.1, etc), which means potential security issues, e.g. https://snyk.io/test/npm/bootstrap/3.3.5

Describe the solution you'd like
Upgrade the vendor libraries to recent versions

@DiegoKrupitza
Copy link
Contributor

I know this might be a lot of work but why do not upgrade from AngularJs to Angular? According to this blog post (https://blog.angular.io/stable-angularjs-and-long-term-support-7e077635ee9c) LTS will end December 31, 2021.

I think it would be a great idea to move forward by changing to Angular since this will make Apollo more future proof.

@nobodyiam
Copy link
Member Author

@DiegoKrupitza I think this is a good idea and we need someone to take a look and estimate the effort before doing the migration.

@DiegoKrupitza
Copy link
Contributor

There are a few resources available at the official angular site (https://angular.io/guide/upgrade) but to really do this you need someone who knows the frontend by hard, since a lot can go wrong 😅

I'm not an angular expert but I would suggest to not mix AngularJs and Angular since this may be become way to complex over time.

When upgrading to Angular I would also think it will make sense to upgrade to Typescript as well.

@DiegoKrupitza
Copy link
Contributor

I think the upgrade from AngularJs to Angular should be an issue by its own, since it looks like this will be a major upgrade.

Is there a reason why the frontend for the Apollo portal is inside the static content of the backend? Wouldn't it be more suitable to extract the frontend into a own folder. This would decouple the angular frontend from the java backend and make it more modular.
This may be helpful in case of scaling, since right now every time you deploy a Apollo portal you always have a angular frontend included, but this might not be useful and a waste of resources (if you deploy 2-3 portals to load balance/fault tolerance/... you may just need 1 angular frontend)

@nobodyiam
Copy link
Member Author

The only reason to put the static contents inside apollo portal is to ease the deployment process, so that user doesn't need to start a standalone server to serve those static contents.
It does look like a major upgrade from AngularJs to Angular, so maybe we could first upgrade the AngularJs version to solve the potential security issues.

@NICEXAI
Copy link
Contributor

NICEXAI commented Oct 19, 2021

Angular is getting less attention in China, would it be more appropriate to choose react + hook + ts or vue3 + ts for dashboard refactoring?

@NICEXAI
Copy link
Contributor

NICEXAI commented Oct 19, 2021

Using a familiar technology stack also allows more people to participate in the development and maintenance of the dashboard.

@DiegoKrupitza
Copy link
Contributor

Angular is getting less attention in China, would it be more appropriate to choose react + hook + ts or vue3 + ts for dashboard refactoring?

The major benefit of a transition from AngularJs to Angular is that you do not really have to rewrite everything.

If we switch from AngularJs to React/Vue we need to rewrite all the functionalities.

@NICEXAI
Copy link
Contributor

NICEXAI commented Oct 20, 2021

Angular is getting less attention in China, would it be more appropriate to choose react + hook + ts or vue3 + ts for dashboard refactoring?

The major benefit of a transition from AngularJs to Angular is that you do not really have to rewrite everything.

If we switch from AngularJs to React/Vue we need to rewrite all the functionalities.

I am a front-end developer, and I have carefully checked all the features of dashboard, maybe there are not as many features as I thought.
Most of the time redevelopment is much faster than refactoring

@NICEXAI
Copy link
Contributor

NICEXAI commented Oct 20, 2021

For front-end developers, writing pages is a very simple thing, far less work and much more efficient than refactoring.

@DiegoKrupitza
Copy link
Contributor

Angular is getting less attention in China, would it be more appropriate to choose react + hook + ts or vue3 + ts for dashboard refactoring?

The major benefit of a transition from AngularJs to Angular is that you do not really have to rewrite everything.
If we switch from AngularJs to React/Vue we need to rewrite all the functionalities.

I am a front-end developer, and I have carefully checked all the features of dashboard, maybe there are not as many features as I thought. Most of the time redevelopment is much faster than refactoring

I created a new Issue that only focuses on Upgrading from AngularJs to X. Personally I am open to any framework that has at least a bit of popularity. But I think this should be a community decision so maybe the PMC can help out finding a good fit for everyone

PS: lets move the discussion to #4051

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants