Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(liferay-theme-tasks): Fix sass version to 1.64.1 #1163

Merged
merged 2 commits into from
Aug 25, 2023
Merged

fix(liferay-theme-tasks): Fix sass version to 1.64.1 #1163

merged 2 commits into from
Aug 25, 2023

Conversation

pat270
Copy link
Member

@pat270 pat270 commented Aug 21, 2023

https://liferay.atlassian.net/browse/LPP-50503

This fixes the Sass version to 1.64.1 to avoid the log function errors introduced in Sass@1.65.1. I think it would be better if we could review Sass minor and patch versions before passing it on to our users.

@ethib137 @dsanz

@ethib137
Copy link
Member

Fixing the version does provide the benefit of not unknowingly introducing new errors, but it also has it's own drawbacks. We miss out on automatic fixes, sometimes of security issues (granted, this is probably not an issue for a sass processor). How would we make sure to keep the version updated? Do we need to keep it updated? Are there any other instances where we have a fixed the version of something like this? Do we already have a process for consistently doing manual version updates?

@pat270
Copy link
Member Author

pat270 commented Aug 22, 2023

I don't have any ideas for making sure Sass gets updated other than periodic reminders. We could use the ~ symbol which will only update future patch versions (1.64.xx). Blindly accepting new versions from the cloud also come with vulnerabilities, packages get compromised (e.g., ua-parser-js).

@ethib137
Copy link
Member

Maybe to make sure we don't forget to make updates, we could add a github action that creates an issue once a month to test and update to the latest sass version. https://docs.github.com/en/actions/managing-issues-and-pull-requests/scheduling-issue-creation

@bryceosterhaus
Copy link
Member

Locking the version seems right to me, we tend to do that more often these days due to issues of poor version management from 3rd party packages.

@ethib137 periodically checking for updates via github issue is fine, although I've found in the past that we rarely actually follow up, not because we don't want to, but because it just doesn't get prioritized. May be best to create a jira issue to check on it and hopefully that gets prioritized by product regularly.

@pat270 I think you just need to run yarn from the root of the repo to make sure the lock file is updated properly

@ethib137
Copy link
Member

Thanks @bryceosterhaus , that makes sense. Let me know if anything else is needed to get this merged.

@bryceosterhaus bryceosterhaus merged commit a074a64 into liferay:master Aug 25, 2023
@bryceosterhaus
Copy link
Member

@ethib137 do you also need a new version released ASAP?

@ethib137
Copy link
Member

Yes please @bryceosterhaus . We have clients asking for an official solution and having this released will provide that.

@bryceosterhaus
Copy link
Member

Released: https://github.com/liferay/liferay-frontend-projects/releases/tag/liferay-theme-tasks%2Fv11.5.3

I believe the theme generator should automatically pull in this latest version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
10.x js-themes-toolkit
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pat270 @ethib137 @bryceosterhaus