This change reverts c4918efc1b, and basically negates what was done for #3396,
but aligns better with current practices in the nodejs ecosystem.
Pragmatically speaking, this will allow users, if they want, to use
npm-force-resolutions (https://github.com/rogeriochaves/npm-force-resolutions)
to manually fix security vulnerabilities.
We had a problem for that (see #3598), and - given the fragmented nature of
the nodejs ecosystem - it is reasonable to expect more issues like that one,
so it's better to be prepared.
Closes#3659.
When nodejs 8.9.0 was released, its bundled npm version was 5.5.1 (see
https://nodejs.org/en/download/releases). It makes sense that we lover our
requirement to that version.
Please note that the npm version mentioned here does not refer to the npm
library installed as Etherpad dependency in node_modules via package.json
(which indeed is higher) but is merely the npm version used to bootstrap the
installation when running installDeps.sh.
This change amends 9d35d15ae3 and its planning issue - #3424 - which were too
strict.
Next version will be Etherpad 1.8. As planned in #3424, we are going to require
NodeJS >=8.9.0 and npm >= 6.4.
This commit implements that change and updates documentation and scripts.
Subsequent changes will get rid of old idioms, dating back to node < 0.7, that
still survive in the code.
Once migrated to NodeJS 8, we will be able to start working on migrating the
code base from callbacks to async/await, greatly simplifying legibility (see
#3540).
Closes#3557
In installDeps.sh we have a bunch of code (from 2011) that checks for the
existence of jQuery and eventually downloads it, but since 1239ce7f28 (year
2012) jquery is vendorized in /src/static/js/jquery.js.
Also, stop mentioning curl as a dependency in the README.md
Fixes#3494
This is a modification of PR #3474 by rohieb <rohieb@rohieb.name>.
When this script is run after an update, and something fails during the npm
run, the installed plugins were deleted, too.
In this version what gets deleted is only the directory that contains the
direct dependencies of the core Etherpad, ie:
node_modules/ep_etherpad-lite/node_modules
Currently, an Etherpad skin requires the existence of 6 files:
- index.{css,js}
- pad.{css,js}
- timeslider.{css,js}
In the default empty skin (in static/custom), there were 2 small placeholders
({js,css}.template) to be copied in place by the startup script in case no skin
was in use.
Now that we are moving to multiple directories (see #3471) we can simply commit
the example files and remove the copying code from the startup script.
installDeps.sh's only side effect should be to actually install dependencies
according to a configuration file, and not to modify it.
Adding --no-save to the npm command line forces npm to have a read only access
to package.json.
Old npm versions seem to support --no-XXX style flags even if not documented
(see https://github.com/npm/npm/issues/14285#issuecomment-254298519)
Tested with npm 3.5.2 and 6.1.0
Fixes#3396
