Feature Wiki

Information about planned and released features

Tabs

Dependencies in ILIAS 10

Page Overview

[Hide]

The policy of dependency handling in ILIAS is documented in this document. It explains how we handle dependencies like third-party libraries and frameworks in ILIAS from now on.

1 Accepted Dependencies

The following dependencies have been discussed in the Jour Fixe and accepted for the use in ILIAS 10:

  • PR8377 • Deps: add webui-popover (npm)
    • Status of maintenance: There are 26 contributors to the library. The last commit to the library is 8 years old, as well as the last released version. Last opem issue is from Oct '21, as well as the last closed issue. Last closed PR is from 2023. The open issues seem to be either feature requests or rather specific bugs. It seems as if the development of the library has stopped, be it because its feature complete, be it because interest vanished. For ILIAS 11 we are looking to make an own implementation so we do not need to re-accept this dependency anymore.
    • Used by: ILIAS/UI
    • Decision: Dependency is accepted for ILIAS 10.
  • PR8115 • DEP: add 'sass' to NPM package.
    • Status of maintenance: Actively maintained. 15mio weekly downloads. https://www.npmjs.com/package/sass
    • Used by: CSS / system styles component
    • Decision: Dependency is accepted for ILIAS 10.
  • PR8169 • Add NPM dependency linkify-element
    • Status of maintenance: actively maintained, although it is feature-complete. In the last months a few bug fixes and improvements have been committed.
    • Used by
      • CoPage: Used in paragraphs
      • LearningModule: Used for the export
      • OnScreenChat: Used to make links in chat messages clickable.
        • See: components/ILIAS/OnScreenChat/js/onscreenchat.js
    • Decision: Dependency is accepted for ILIAS 10.
  • PR8173 • Add @rollup/plugin-commonjs npm package
    • Status of maintenance: The package is part of Rollup.js' plugin repository, which is actively maintained and receives yearly major releases and ~monthly to ~weekly minor/patch updates.
    • Used by: None yet, file input to come.
    • Decision: Dependency is accepted for ILIAS 10. Note: we do not want new dependencies that require this one.
  • PR8181 • Trunk LTI 001 - Adding dependencies & LTI Provider folder renaming 
    • Status of maintenance: Actively maintained
    • Used by: LTIProvider and LTI Consumer
    • Decision: Dependency is accepted for ILIAS 10. Thanks for the PR. We accept the dependencies and renaming. But we prefer to split up the PR into three PRs, each dedicated to one subject: one for adding 'php-jwt', one for adding 'LTI-PHP' and one for renaming the 'LTI' directory to 'LTI Provider'. 
      Concerning the two dependencies: please give a short explanation why you need them and add a short information about the status of mainenance of the libraries and which components in ILIAS use them (we assume LTI and LTI Consumer).
      The new PRs can be merged to trunk before Coding Completed. No additional discussion in JF needed.
  • PR8026 • Composer: Add phpoffice/phpspreadsheet as dependency
    • Status of maintenance: is actively maintained by multiple maintainers (quasi standard)
    • Used by: several components, see PR
    • Decision: Dependency is accepted for ILIAS 10.
  • PR8070 • Add jstree as dependency
    • Status of maintenance: actively maintained and 74 contributors
    • Used by: repository tree and org unit tree for asynchronous loading for better performance
    • Decision: Dependency is accepted for ILIAS 10.
  • PR7979 • @jest/globals as npm package
    • Status of maintenance: The package is part of the jest monorepo, which is actively maintained and receives yearly major releases
    • Used by: All JavaScript unit tests, primarily in components/ILIAS/UI/tests/*.
    • Decision: Dependency is accepted for ILIAS 10.
  • PR7979 • @babel/preset-env as npm package.
    • Status of maintenance: The package is part of the babel monorepo, which is actively maintained and receives ~weekly releases.
    • Used by: JavaScript unit tests, primarily in components/ILIAS/UI/tests/* and JavaScript module bundling, primarily in components/ILIAS/UI/tests/*.
    • Decision: Dependency is accepted for ILIAS 10.
  • PR7629 • Monolog:
    • Status of maintenance: It is one of the main logging frameworks with a high number of contributors.
    • Used by: Library is used at several places within ILIAS.
    • Decision: Dependency is accepted for ILIAS 10.
  • PR7485 • Composer: Add dflydev/fig-cookies as dependency:
    • Status of maintenance: One small new release per year. Should the library no longer be maintained, a separate implementation would be manageably large.
    • Used by: Used by CookieFactory in HTTP Service.
    • Decision: Dependency is accepted for ILIAS 10.
  • PR7427 • Composer: add phpunit/phpunit as dependenc:
    • Status of maintenance: It is the standard PHP testing framework.
    • Used by: We use phpunit/phpunit to run unit tests.
    • Decision: Dependency is accepted for ILIAS 10/trunk.
  • Composer: Add `league/flysystem as dependency
    • Status of maintenance: the library is actively developed and continuously maintained. With 116 contributors, many people are working on flysystem
    • Used byleague/flysystem is the quasi-standard for file system operations.
    • Decision: Dependency is accepted for ILIAS 10/trunk.
  • PR6887: NPM: Add jQuery
    • Status of maintenance: jQuery is actively maintained and has an existing security policy.
    • Used by: Used in many components (2414 occurences). Michael Jansen will take care of the dependency.
    • Decision: Dependency is accepted for trunk.
  • PR6952: NPM: Add moment
    •  Status of maintenance: Dependency is actively maintained.
    • Used by: Used in calendar component and in chat, too.
    • Decision: Dependency is accepted for trunk.
  • PR6893: NPM: Add linkifyjs
    • Dependency is actively maintained. Used in COPage, LearningModule and OnScreenChat to make links clickable.
    • Decision: Dependency is accepted for trunk.
  • PR6945: NPM: Add jest
    • Dependency is actively maintained. 
    • Decision: Dependency is accepted for trunk.
  • PR6946: NPM: add @uppy/tus and  PR6947: NPM: add @uppy/core
    • Dependencies are actively maintained.
    • Decision: Dependencies are accepted for trunk.
  • NPM/Chatroom: Add uuid:
    • Library is well maintained.
    • Decision: Dependency is accepted for trunk.
  • NPM/Chatroom: Add mysql:
    • Lot of contributions but last activity from 2022 which could be a potential risk. Library has to be monitored, forked if necessary and maintained by ourselves.
    • Decision: Dependency is accepted for trunk.
  • NPM/Chatroom: Add async:
    • async is a well maintained package with a lot of contributions and recent activities.
    • Decision: Dependency is accepted for trunk.
  • NPM/Chatroom: Add node-schedule:
    • node-schedule is a well maintained package with a lot of contributions. However, there were only few commits in the last months.
    • Dependency is accepted for trunk.
  • NPM/Chatroom: Add express:
    • express is a well maintained package with a lot of contributions. However, there were only few commits in the last months. 
    • Decision: Dependency is accepted for trunk.
  • NPM/Chatroom: Add winston:
    • winston is a well maintained package with major releases every few years. It is an active project, the latest changes are from November.
    • Decision: Dependency is accepted for trunk with version 3.
  • NPM/Chatroom: Add socket.io and socket.io-client:
    • socket.io is a well maintained package with major releases every few years and recent activities.
    • Decision: Dependency is accepted for trunk. Please update to version 4.7.
  • Composer: Add apereo/phpcas as dependency:
    • Library needed to enable CAS authentication in ILIAS. Not to many commits in the last years, but there are automatic tests for php up to 8.2. Security issues are always fixed in a timely manner followed by new releases.
    • Decision: Dependency is accepted for trunk.
  • NPM: Add chart.js as dependency:
    • chart.js is actively maintained by multiple contributors. New releases are published every few weeks/months.
    • Dependency is accepted for trunk.
  • NPM: Add rollup as dependency:
    • The package is actively maintained.
    • Decision: Dependency is accepted for trunk. Please update to latest major release.
  • NPM: Add @rollup/plugin-terser as dependency:
    • The package is actively maintained.
    • Decision: Dependency is accepted for trunk. Please update to latest major release.
  • NPM: Add @rollup/plugin-node-resolve as dependency:
    • The package is actively maintained.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add league/commonmark as dependency:
    • The package is actively maintained.
    • Decision: Dependency is accepted for trunk.
  • NPM: Add eslint as dependency:
    • The package is actively maintained.
    • Decision: Dependency is accepted for trunk.
  • NPM: Add eslint-plugin-import as dependency:
    • The package is actively maintained.
    • Decision: Dependency is accepted for trunk.
  • NPM: Add eslint-config-airbnb-base as dependency:
    • The package is not actively maintained (last release 2021). But as it is only a configuration for the eslint package there is no need for an update as long as the configuration is not changed.
    • Decision: Dependency is accepted for trunk.
  • NPM: Add dropzone as dependency:
    • The package is NOT actively maintained anymore (last release 2021). Lib is helpful as file upload is a complex subject that should not be handled by the file service itself.
    • Decision: Dependency is accepted for trunk. But we have to look for alternatives in case security problems arise.
  • NPM: Add chai as dependency:
    • The package is actively maintained.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add ramsey/uuid as dependency:
    • ramsey/uuid is actively maintained by multiple contributors. 
    • Decision: Dependency is accepted for trunk.
  • NPM: Lib tinymce:
    • Version 5 used by page editor for text editing. No need of current fork additions. Library well maintained, has commercial background and is still widely used and integrated.
    • Decision: Dependency is accepted for trunk.
  • Composer: geshi lib:
    • Very few parts of the lib needed for syntax highlighting in page editor. Little maintenance in the last years. Risk is considered low.
    • Decision: Dependency is accepted for trunk. In case of an emergency, we deactivate syntax highlighting in the page editor.
  • Composer: getid3 lib:
    • Used to determine the length of media files. The lib is on github since > 10 years, always got maintenance.
    • Decision: Dependency is accepted for trunk.
  • NPM: Add @yaireo/tagify as dependency
    • The library has 58 contributors and got its last release in August '23. It seems to be feature complete.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add friendsofphp/php-cs-fixer as dependency
    • The library is under active maintenance. It would be non-critical (although quite sad...) to lose this lib.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add phpunit/phpunit as dependency #6733 
    • Won't go away any time soon.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add mustache/mustache as dependency
    • The library is widely used by many PHP projects. It has 41 contributors, but the most contributions have been made by one person. 
    • Decision: Dependency is accepted for trunk.
  • Composer: Add ifsnop/mysqldump-php as dependency
    • Needed to create release packages. The package is actively maintained.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add seld/jsonlint as dependency dependencies:
    • The library receiced its last update in May '23. The maintainer Jordi Boggiano works on packagist and composer and is a well known person in the PHP community.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add symfony/console as dependency #6733:
    • Needed for Setup. The library is under active development and part of the Symfony framework.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add pimple/pimple as dependency #6733:
    • The library has been stable for a long time and didn't receive updates since 2021. The actual code is only about 150 LOC and hence could be easily maintained by us, if necessary.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add filp/whoops as dependency:
    • Library is stable for a long time now. Maintenance seems to be stable. There is a corporate sponsor of this library.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add phpstan/phpstan as dependency:
    • PHPStan is a very active project. The risk of relying on this library is relatively small. It is a development dependency and our production code does not rely on this library. But: The project mainly relies on one contributor and there might be funding issues in future.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add mikey179/vfsstream as dependency:
    • Not much development activity, so it might occur that there will be issues with upcoming PHP versions. The risk of relying on this library is small. It is a development dependency and only a small number of unit tests rely on a mocked file system. With the increased use of the IRSS, the number of unit tests will decrease and the lib will no longer be needed.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add captainhook/captainhook and `captainhook/plugin-composer as dependency:
    • CaptainHook is well maintained. Risk is small as it is only a development dependency.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add cweagans/composer-patches as dependency:
    • Composer Patches is still maintained,
    • Decision: Dependency is accepted for trunk but should be monitored.
  • Composer: Add ezyang/htmlpurifier as dependency
    • HTMLPurifier is actively maintained by multiple contributors. Security issues are always fixed in a timely manner followed by new releases. In case of problems in the future, Symfony is offering a similar library that can be used instead.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add simplesamlphp/simplesamlphp as dependency:
    • SimpleSAMLphp is actively maintained by multiple contributors. Security issues are always fixed in a timely manner followed by new releases. A proper security process is implemented.
    • Decision: Dependency is accepted for trunk. An update to version 2.0 might be done with PR6725.
  • Composer: Add phpmailer/phpmailer as dependency:
    • Library is needed to create mails from ILIAS. PHPMailer is actively maintained by multiple contributors. Security issues are always fixed in a timely manner followed by new releases.
    • Decision: Dependency is accepted for trunk.
  • Add sabre/dav as dependency:
    • Actively maintained.
    • Decision: Dependency is accepted for trunk.
  • Composer: add symfony/yaml as dependency:
    • The library receives updates and new releases and is part of the symfony framework.
    • Decision: Dependency is accepted for trunk.
  • Composer: Add guzzlehttp/psr7 as dependency:
    • Is actively maintained. Needed by nearly every GUI class in ILIAS.
    • Decision: Dependency is accepted for trunk.

2 Rejected Dependencies

  • NPM/Chatroom: Add node-mysql:
    • Library has only one maintainer and last activity from 2015. Could be a risk for new releases of Node.js.
    • Decision: Dependency is rejected for security reasons. node-mysql lib should not be used in ILIAS 10. Necessary functions have to be adapted by Chatroom component.
  • NPM: Add mocha as dependenc:
    • The package is no longer maintained actively. Last release was made in 2022.
    • Decision: Dependency rejected for security reasons. We should try to substitute this dependency by another one with similar functions but better maintenance.
  • Composer: Add jumbojett/openid-connect-php as dependency:
    • Not to many commits in the last years, but there are automatic tests for php up to 8.2. There are several people contributing to the software.
    • Decision: Dependency rejected for security reasons. Library has a certain risk for us. We should try to substitute this dependency by another one with similar functions but better maintenance.

Last edited: 2. Dec 2024, 16:05, Kunkel, Matthias [mkunkel]