Advancing Tsugi Dependencies - Fixing Dependabot Issues - Please Test

8 views

Skip to first unread message

Charles Severance

unread,

May 4, 2024, 9:42:58 AM5/4/24

to Tsugi Developers

Hi all,

It is Saturday morning and I have a full cup of coffee and grades are almost in for Winter semester, so it is a great time to do some coding and advance the Tsugi dependencies. This will also address the dependabot identified issues (2) in our dependencies.

I saved master in a branch - this is the super boring and solid code that has been running with very few changes for months.

https://github.com/tsugiproject/tsugi/tree/24.05.1

If once I merge the dependency changes into master, we see problems - this branch is a safe place to go.

I will be upgrading master in a week or so - but the new version is available in:

https://github.com/tsugiproject/tsugi/tree/deps-2024

You can review this, check it out into your test environments.

Like always I already have the branch in production in one of my servers:

www.cc4e.com

Feel free to log in, kick the tires and let me know if you find anything. It is easier (and safer) to test my server before you upgrade than test your server after you upgrade :)

This work went very smoothly - I did not push to PHP 8.3 - just advanced all the dependencies as far as I can. With this branch and fix all the dependabot issues will be resolved.

So please test if you can. I am feeling pretty confident and am likely to merge this into master pretty quickly.

/Chuck

Charles Severance

unread,

May 15, 2024, 8:47:15 AM5/15/24

to Tsugi Developers

Hi all,

I merged the 20204 dependencies advance into master after over a week of successful production with the branch.

Don’t be surprised when your next “git pull” touches a lot of files.

My next task for the summer is testing this new master with PHP 8.3. I think I may be able to move from PHP 8.2 to 8.3 without redo-ing my production servers. I will let you know as I experiment with this in the next few weeks.

Please let me know quickly if you see any issue.

I will also look at the Canvas migration claim PR - I took a look and it might be more complex and require a bit more analysis. But now that the dependencies are updated (and dependabot is no longer grouchy) I can take a better look at the migration PR.

It is nice to have a clean bill of health from dependabot. :)

/Chuck

Begin forwarded message:

Reply all

Reply to author

Forward

0 new messages