-
-
Notifications
You must be signed in to change notification settings - Fork 10.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade vendor libraries to avoid potential security issues #4016
Comments
I know this might be a lot of work but why do not upgrade from AngularJs to Angular? According to this blog post (https://blog.angular.io/stable-angularjs-and-long-term-support-7e077635ee9c) LTS will end December 31, 2021. I think it would be a great idea to move forward by changing to Angular since this will make Apollo more future proof. |
@DiegoKrupitza I think this is a good idea and we need someone to take a look and estimate the effort before doing the migration. |
There are a few resources available at the official angular site (https://angular.io/guide/upgrade) but to really do this you need someone who knows the frontend by hard, since a lot can go wrong 😅 I'm not an angular expert but I would suggest to not mix AngularJs and Angular since this may be become way to complex over time. When upgrading to Angular I would also think it will make sense to upgrade to Typescript as well. |
I think the upgrade from AngularJs to Angular should be an issue by its own, since it looks like this will be a major upgrade. Is there a reason why the frontend for the Apollo portal is inside the static content of the backend? Wouldn't it be more suitable to extract the frontend into a own folder. This would decouple the angular frontend from the java backend and make it more modular. |
The only reason to put the static contents inside apollo portal is to ease the deployment process, so that user doesn't need to start a standalone server to serve those static contents. |
Angular is getting less attention in China, would it be more appropriate to choose react + hook + ts or vue3 + ts for dashboard refactoring? |
Using a familiar technology stack also allows more people to participate in the development and maintenance of the dashboard. |
The major benefit of a transition from AngularJs to Angular is that you do not really have to rewrite everything. If we switch from AngularJs to React/Vue we need to rewrite all the functionalities. |
I am a front-end developer, and I have carefully checked all the features of dashboard, maybe there are not as many features as I thought. |
For front-end developers, writing pages is a very simple thing, far less work and much more efficient than refactoring. |
I created a new Issue that only focuses on Upgrading from AngularJs to X. Personally I am open to any framework that has at least a bit of popularity. But I think this should be a community decision so maybe the PMC can help out finding a good fit for everyone PS: lets move the discussion to #4051 |
Is your feature request related to a problem? Please describe.
The vendor libraries used in apollo are out-dated(Bootstrap v3.3.5, jQuery 2.2.4, AngularJS v1.5.1, etc), which means potential security issues, e.g. https://snyk.io/test/npm/bootstrap/3.3.5
Describe the solution you'd like
Upgrade the vendor libraries to recent versions
The text was updated successfully, but these errors were encountered: