#651 - Sync with upstream libraries (dependencies) and with API versions (ongoing)

By Chris Graham
Added 2nd Jul 2012, 8:52 AM
10 views

Identifier	#651
Issue type	Feature request or suggestion
Title	Sync with upstream libraries (dependencies) and with API versions (ongoing)
Status	Open
Tags	Roadmap: ongoing (custom) Roadmap: Over the horizon (custom) Type: External dependency (custom)
Handling member	Deleted
Addon	General / Uncategorised
Description	We use a number of large packages in Composr addons (including some bundled ones). These need to be maintained. For example we may get code quality validation issues (e.g. use of 'ereg') in them that could cause issues for people, or there may simply be bugs we need fixed. Maintain a spreadsheet of our policy with each project and the sync status. Regularly update that status, and re-sync, as appropriate. This is all very much a case-by-case basis. Some packages are maintained well, and we just need to resync them cleanly. Some packages are unmaintained, and thus we maintain our own heavy forks of them. Or in some cases we may take up maintenance with our own separate fork gitlab repository. And in some cases we may be active contributors to the project. The list is in Git, as data_custom/third_party_code.csv. There are also new APIs that we need to track. For example, a new version might be out, and we should shift before old versions are no longer supported. The list is in Git, as data_custom/third_party_apis.csv. There is an automated test that helps us with both spreadsheets. For example, if we have not updated the status of a package/API in a year, it asks us to review and update it.
Steps to reproduce
Additional information	Also see the "Properly index 3rd-party code" coding standard we have documented. A lot of things have to be properly updated when integrating third party library code.
Related to	#2578 - Official non-maintained status #3671 - Cookie Consent Update
Funded?	No

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

By Guest posted 7th Sep 2020, 2:33 PM

This was mostly completed for v11 earlier in the year, and I just finished redoing the Facebook as part of Hybridauth integration.

I have retagged for v12 as we will need to revisit this regularly.

By Guest posted 2nd Jan 2023, 6:19 PM

We won't have time to re-do this for the final v11 release, and the third_party_code test (testSyncDates specificaly) is failing on them needing review again.
For now I put in a 3 year time between reviews so our continuous integration doesn't break down, but this needs reducing back to 1 year.

By Guest posted 4th Aug 2024, 4:19 PM

Historically we have been bad at contributing to upstream projects. We should rectify this and maintain forks as little as possible.

By Guest posted 4th Aug 2024, 6:17 PM

I prefer the plugin route as per my latest updates to MantisBT. Whenever possible, make a Composr plugin for the project to handle all the integrations instead of overwriting the projects' original code and having to maintain it.

There will be a couple of exceptions. For example, MantisBT still doesn't have full compatibility with our needs, so a few files still needed overwriting. And their sponsorship block (widget) is a disaster UI-wise, so I re-did it to conform to the layout of their other blocks (widgets).