You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Gulp build system is no longer supported, but the st2web repository has not been updated to use something else. This increases the signal-to-noise ratio of dependency alerts we receive for that repository. Luckily, a lot of the outdated dependencies are only development dependencies that will never see production, but automated scanners will still report those to us, and might cause us to miss an outdated non-development dependency, since it "normalizes deviance".
Solution
We should replace the current build system, Gulp, with something that is maintained, like Webpack.
Downsides
We don't have a lot of front end developers, so this may be a lot of effort for the developers that we do have. However, switching to a more modern, updated build system might lower the barrier to contribute, thereby making it easier for more frontend developers to engage with the project and contribute additional fixes and features.
Alternatives
We can just live with the out-of-date development dependency notifications, as long as we guarantee that they aren't used in production. This seems fairly easy to guarantee, but not necessarily easy to live with.
I am not a frontend developer, so it would be helpful to have at least one or two frontend developers weigh in on this (paging @guzzijones and @bgaeddert).
The text was updated successfully, but these errors were encountered:
Afaik gulp is still supported. What package specifically are we talking to?
Let me do some digging again today and get you some specifics here to help.
I dont have a ton of gulp experience. I usually just use create react app for my projects.
spoke on the phone about his with @punkrokk . gulp is not deprecated. We are sticking with gulp. The above PR removes an unused dependency on deprecated gulp-util
Motivation
The Gulp build system is no longer supported, but the st2web repository has not been updated to use something else. This increases the signal-to-noise ratio of dependency alerts we receive for that repository. Luckily, a lot of the outdated dependencies are only development dependencies that will never see production, but automated scanners will still report those to us, and might cause us to miss an outdated non-development dependency, since it "normalizes deviance".
Solution
We should replace the current build system, Gulp, with something that is maintained, like Webpack.
Downsides
We don't have a lot of front end developers, so this may be a lot of effort for the developers that we do have. However, switching to a more modern, updated build system might lower the barrier to contribute, thereby making it easier for more frontend developers to engage with the project and contribute additional fixes and features.
Alternatives
We can just live with the out-of-date development dependency notifications, as long as we guarantee that they aren't used in production. This seems fairly easy to guarantee, but not necessarily easy to live with.
I am not a frontend developer, so it would be helpful to have at least one or two frontend developers weigh in on this (paging @guzzijones and @bgaeddert).
The text was updated successfully, but these errors were encountered: