|
|
| (One intermediate revision by the same user not shown) |
| Line 12: |
Line 12: |
|
| |
|
| It is similar to the [[SDSM:Historical_Changes|Historical Changes]] part | | It is similar to the [[SDSM:Historical_Changes|Historical Changes]] part |
| but that it describes work which was prepared and published in a Git branch | | but that it describes work which was prepared and published in Git feature |
| but it was deemed premature to merge it to the trunk, such as due to a
| | branches that are longer lived and not yet merged to the trunk; in |
| desire for more testing first, or because it was possibly unfinished; in
| |
| contrast, ''Historical'' is for work that ''was'' merged to trunk. | | contrast, ''Historical'' is for work that ''was'' merged to trunk. |
|
| |
| [[#top|RETURN]]
| |
|
| |
| == SDS Laravel: Changes to Third-Party Dependencies ==
| |
|
| |
| === 2024 Jun 26: Upgrade To Laravel 10 and Vue 3 ===
| |
|
| |
| ==== Summary of PHP Dependency Upgrades or Removals ====
| |
|
| |
| This task updated <code>composer.json</code> to require the latest
| |
| PHP-8.1-compatible versions of all PHP library dependencies,
| |
| in particular taking Laravel from <code>8.x</code> to <code>10.x</code>.
| |
|
| |
| To be specific, it made these dependency changes:
| |
|
| |
| * barryvdh/laravel-debugbar (^3.7 to ^3.13.5)
| |
| * directorytree/ldaprecord-laravel (^2.7.3 to ^3.3.3)
| |
| * etern8ty/beanstream (dev-master unchanged and is custom fork)
| |
| * fakerphp/faker (^1.23.1 unchanged)
| |
| * fideloper/proxy (^4.4.2 removed as laravel/framework has its upgrade built-in)
| |
| * goldspecdigital/laravel-eloquent-uuid (^8.0.1 removed as laravel/framework has its upgrade built-in)
| |
| * guzzlehttp/guzzle (^7.8.1 unchanged)
| |
| * intervention/image (^2.7.2 removed as intervention/image-laravel is its upgrade)
| |
| * intervention/image-laravel (^1.3 added)
| |
| * juliomotol/laravel-auth-timeout (^3.1.1 to ^4.1)
| |
| * lab404/laravel-impersonate (^1.7.5 unchanged)
| |
| * laravel/framework (^8.83.27 to ^10.48.14)
| |
| * laravel/helpers (^1.7 removed as laravel/framework has its upgrade built-in)
| |
| * laravel/tinker (^2.9 unchanged)
| |
| * laravel/ui (^3.4.6 to 4.5.2; but it recommends using Laravel Breeze or Laravel Jetstream instead)
| |
| * mockery/mockery (^1.6.12 unchanged)
| |
| * nunomaduro/collision (^5.11 to ^7.10)
| |
| * phpunit/phpunit (^10.5.20 to ^10.5.24)
| |
| * spatie/laravel-ignition (^1.6.4 to ^2.8)
| |
| * staudenmeir/eloquent-has-many-deep (^1.14.4 to ^1.19.4)
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Summary of JavaScript Dependency Upgrades or Removals ====
| |
|
| |
| This task updated <code>package.json</code> to require the latest
| |
| versions of all JavaScript library dependencies,
| |
| in particular taking Vue from <code>2.x</code> to <code>3.x</code>.
| |
|
| |
| To be specific, it made these dependency changes:
| |
|
| |
| * @formkit/pro (^0.119.14 added)
| |
| * @formkit/themes (^1.6.5 added)
| |
| * @formkit/vue (^1.6.5 added)
| |
| * @fortawesome/fontawesome-free (^5.15.4 to ^6.5.2)
| |
| * axios (^0.27.2 to ^1.7.2)
| |
| * bootstrap (^4.6.2 unchanged)
| |
| * bootstrap-select (^1.13.18 removed as not in use)
| |
| * cross-env (^7.0.3 removed as laravel-mix has its upgrade built-in)
| |
| * font-awesome (^4.7.0 removed as @fortawesome/fontawesome-free is its upgrade)
| |
| * jquery (^3.7.1 unchanged)
| |
| * jquery-ui (^1.13.3 removed as not in use)
| |
| * laravel-mix (^5.0.9 to ^6.0.49)
| |
| * lodash (^4.17.21 removed as only used indirectly by laravel-mix)
| |
| * moment (^2.30.1 unchanged)
| |
| * popper.js (^1.16.1 removed as only used indirectly by bootstrap)
| |
| * resolve-url-loader (^3.1.5 to ^5; laravel-mix 5/6 requires this to be in package.json)
| |
| * sass (^1.77.2 to ^1.77.6; laravel-mix 5/6 requires this to be in package.json)
| |
| * sass-loader (^8.0.2 to ^14.2.1; laravel-mix 5/6 requires this to be in package.json)
| |
| * tempusdominus-bootstrap-4 (^5.39.2 removed as not in use)
| |
| * tempusdominus-core (^5.19.3 removed as not in use)
| |
| * vue (^2.7.16 to ^3.4.30)
| |
| * vue-loader (^17.4.2 added; laravel-mix 6 requires this to be in package.json while laravel-mix 5 did not)
| |
| * vue-bootstrap-datetimepicker (^5.0.1 removed as @formkit/pro "datepicker" is used in its' place)
| |
| * vue-template-compiler (^2.7.16 removed as vue 3 has its upgrade built-in)
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Specify Minimum PHP Dependency Versions Used Are Stable ====
| |
|
| |
| This task updated <code>composer.json</code> to specify an app default
| |
| <code>minimum-stability</code> of <code>stable</code> rather than
| |
| <code>dev</code>.
| |
|
| |
| This is per the Laravel 10 upgrading recommendation:
| |
|
| |
| * https://laravel.com/docs/10.x/upgrade#updating-minimum-stability
| |
|
| |
| While the setting could instead have been removed as <code>stable</code> is
| |
| its default, being explicit seemed better here.
| |
|
| |
| Note that this didn't cause any changes to what PHP library versions are
| |
| actually installed by Composer versus the old setting, but is a good
| |
| constraint going forward.
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Changes For laravel/framework Upgrade's Removal of "dates" Model Attribute ====
| |
|
| |
| This task also updated 51 PHP source files to be compatible with a breaking
| |
| change made by Laravel itself with version 10.
| |
|
| |
| Laravel supported a "dates" model attribute through version 9, and then
| |
| Laravel 10 removed it. The function of this was to enumerate database/model
| |
| fields that were supposed to be automatically converted to Carbon DateTime
| |
| objects; so under Laravel 8, any "dates" declarations would be respected,
| |
| while under Laravel 10 they would be ignored.
| |
|
| |
| See also:
| |
|
| |
| * https://laravel.com/docs/10.x/upgrade#model-dates-property
| |
|
| |
| Compare:
| |
|
| |
| * https://laravel.com/api/9.x/Illuminate/Database/Eloquent/Concerns/HasAttributes.html
| |
| * https://laravel.com/api/10.x/Illuminate/Database/Eloquent/Concerns/HasAttributes.html
| |
|
| |
| As a result, simply upgrading ''SDS Laravel'' from Laravel 8 to 10 resulted
| |
| in many parts of the app breaking in various ways including when simply
| |
| visiting the post-login home screen, as PHP died with errors like
| |
| <code>Call to a member function format() on int</code>.
| |
|
| |
| To fix this, any instances of <code>protected $dates = ['x',...]</code>
| |
| in model classes were replaced with
| |
| <code>protected $casts = ['x'=>'datetime',...]</code>
| |
| which was the more modern way to get the same functionality, which exists
| |
| in both Laravel 8 and 10. For the few model classes that already had other
| |
| <code>$casts</code> declarations, the replacements were merged with those.
| |
|
| |
| While the "dates" change could have been its own task that was merged to
| |
| trunk prior to and separately from the current Laravel 10 upgrade task, it
| |
| was combined with the latter to streamline testing, as both had potential
| |
| impacts over a large fraction of the app.
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Changes For laravel/framework Upgrade's Miscellaneous Changes ====
| |
|
| |
| This task also updated <code>app/Providers/AuthServiceProvider.php</code>
| |
| to remove the call <code>$this->registerPolicies();</code> from
| |
| <code>boot()</code>because Laravel 10 now calls it automatically, as
| |
| recommended here:
| |
|
| |
| * https://laravel.com/docs/10.x/upgrade#register-policies
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Changes For league/flysystem Indirect Upgrade ====
| |
|
| |
| This task also updated
| |
| <code>app/Http/Controllers/Admin/Migration/ImportPhotosController.php</code>
| |
| to be compatible with the <code>league/flysystem</code> upgrade from
| |
| version 1 to version 3 that was indirect by way of the Laravel 9 upgrade.
| |
|
| |
| See also for context:
| |
|
| |
| * https://flysystem.thephpleague.com/docs/upgrade-from-1.x/
| |
| * https://laravel.com/docs/9.x/upgrade#flysystem-3
| |
|
| |
| There were 3 substitutions for compatibility in the <code>store</code> function.
| |
|
| |
| There was 1 like this:
| |
|
| |
| Storage::disk('photos')->getMimeType($file)
| |
|
| |
| Storage::disk('photos')->mimeType($file)
| |
|
| |
| And there were 2 like this:
| |
|
| |
| Storage::disk('photos')->getDriver()->getAdapter()->applyPathPrefix($file);
| |
|
| |
| Storage::disk('photos')->path($file);
| |
|
| |
| This task also updated <code>config/filesystems.php</code> to add the
| |
| element <code>'throw' => true</code> to each <code>disks</code> element.
| |
| This is to help preserve Laravel 8 behavior that we might have been relying
| |
| on when a write operation fails. For example, write operations such as
| |
| <code>write</code> by default no longer throw an exception when a write
| |
| operation fails and instead returns <code>false</code>; until we can audit
| |
| our code for how we currently check for such failures, this config change
| |
| should make it less likely our code was broken by the dependency update.
| |
|
| |
| Note that there are still other kinds of default behavior changes that we
| |
| should audit our code for handling of. For example, write operations will
| |
| overwrite existing files by default, so if we don't want that then we
| |
| should explicitly be checking for their existence first. Also, reading a
| |
| nonexisting file now returns null rather than an exception.
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Bug/Security Fixes In Photos Import ====
| |
|
| |
| This task also updated the 2 files
| |
| <code>app/Http/Controllers/Admin/Migration/ImportPhotosController.php</code>
| |
| plus
| |
| <code>resources/views/admin/migration/import_photos/index.blade.php</code>
| |
| to fix bugs tangential to the image file path handling.
| |
|
| |
| One fix was in the <code>index</code> function so that the directory path
| |
| reported to the user was the same one that <code>store</code> actually
| |
| used, from <code>Storage::disk('photos')</code>, rather than being either
| |
| of a couple of hard-coded alternatives toggled on an environment variable
| |
| that isn't actually used.
| |
|
| |
| A second fix was to stop passing a <code>path</code> hidden form field
| |
| value from <code>index</code> to <code>store</code>, whose value was set
| |
| from the incorrect path in <code>index</code>, and which <code>store</code>
| |
| validated as present and subsequently didn't use. Besides being dead code
| |
| from the disuse, if this had been used it would have been a major security
| |
| vulnerability, as it would have let web clients directly control actions
| |
| against server local file system paths.
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Changes For laravel/helpers Removal ====
| |
|
| |
| This task also updated these 4 PHP source files to be compatible with the
| |
| replacement of <code>laravel/helpers</code> with a Laravel built-in:
| |
|
| |
| * app/Http/Controllers/Auth/RegisterController.php
| |
| * resources/views/admin/subjects/edit_rotating_courses/show.blade.php
| |
| * resources/views/student/student_mark_collections/edit.blade.php
| |
| * resources/views/student/student_mark_collections/show.blade.php
| |
|
| |
| For each of the above 4 files, there were either of these 3 subsitutions:
| |
|
| |
| str_contains(...)
| |
| str_random(...)
| |
| str_replace_array(...)
| |
|
| |
| Str::contains(...)
| |
| Str::random(...)
| |
| Str::replaceArray(...)
| |
|
| |
| Note that <code>laravel/helpers</code> was just a single PHP source file
| |
| providing trivially thin wrapper functions over
| |
| <code>laravel/framework</code> 6+ built-ins that emulated ones from Laravel
| |
| 5.8, and we were already mostly using the newer versions, so this task just
| |
| replaced the last 7 instances where we weren't.
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Changes For goldspecdigital/laravel-eloquent-uuid Removal ====
| |
|
| |
| This task also updated these 5 PHP source files to be compatible with the
| |
| replacement of <code>goldspecdigital/laravel-eloquent-uuid</code> with a
| |
| Laravel built-in:
| |
|
| |
| * app/Models/Application/Application.php
| |
| * app/Models/User.php
| |
| * app/Models/User/Student.php
| |
| * app/Models/User/Teacher.php
| |
| * app/Models/User/UserContract.php
| |
|
| |
| These further 3 files also referenced the trait but commented out, so not
| |
| current users but possible past or future users:
| |
|
| |
| * app/Models/Application/AppUser.php
| |
| * app/Models/User/Address.php
| |
| * app/Models/User/Guardian.php
| |
|
| |
| For each of the above 8 files, there were these 2 line subsitutions:
| |
|
| |
| use GoldSpecDigital\LaravelEloquentUUID\Database\Eloquent\Uuid;
| |
| use Uuid;
| |
|
| |
| use Illuminate\Database\Eloquent\Concerns\HasUuids;
| |
| use HasUuids;
| |
|
| |
| Here is a description of the above built-in feature in Laravel 9.3+:
| |
|
| |
| https://laravel.com/docs/11.x/eloquent#uuid-and-ulid-keys
| |
|
| |
| The purpose of that reimplemented functionality was to empower use of
| |
| generated UUIDs for primary key fields of some database tables instead of
| |
| the serially generated integers that ''SDS Laravel'' more typically uses;
| |
| Laravel Eloquent only gained built-in support for UUIDs with version 9.3.
| |
|
| |
| This task also deleted the single PHP file
| |
| <code>app/Models/Traits/Uuids.php</code> as it appeared to be unused.
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Changes For fideloper/proxy Removal ====
| |
|
| |
| This task also updated <code>app/Http/Middleware/TrustProxies.php</code> to
| |
| be compatible with the replacement of <code>fideloper/proxy</code> with a
| |
| Laravel built-in. The changes were in 2 spots.
| |
|
| |
| First was this substitution:
| |
|
| |
| use Fideloper\Proxy\TrustProxies as Middleware;
| |
|
| |
| use Illuminate\Http\Middleware\TrustProxies as Middleware;
| |
|
| |
| Second was this substitution:
| |
|
| |
| protected $headers = Request::HEADER_X_FORWARDED_ALL;
| |
|
| |
| protected $headers =
| |
| Request::HEADER_X_FORWARDED_FOR |
| |
| Request::HEADER_X_FORWARDED_HOST |
| |
| Request::HEADER_X_FORWARDED_PORT |
| |
| Request::HEADER_X_FORWARDED_PROTO |
| |
| Request::HEADER_X_FORWARDED_AWS_ELB;
| |
|
| |
| See also https://laravel.com/docs/9.x/upgrade under "Trusted Proxies".
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Changes For juliomotol/laravel-auth-timeout Upgrade ====
| |
|
| |
| This task also updated
| |
| <code>app/Http/Middleware/AuthTimeoutMiddleware.php</code> to be
| |
| compatible with the <code>juliomotol/laravel-auth-timeout</code> upgrade.
| |
|
| |
| There was this 1 substitution:
| |
|
| |
| use JulioMotol\AuthTimeout\Middleware\AuthTimeoutMiddleware as BaseMiddleware;
| |
|
| |
| use JulioMotol\AuthTimeout\Middlewares\CheckAuthTimeout as BaseMiddleware;
| |
|
| |
| Note that <code>juliomotol/laravel-auth-timeout</code> must be upgraded
| |
| simultaneously with Laravel since the former's versions 3.1.1 and 4.1
| |
| respectively require Laravel 8 and 10 respectively.
| |
|
| |
| See https://github.com/juliomotol/laravel-auth-timeout/blob/master/CHANGELOG.md
| |
| for more change details and upgrade notes on that.
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Changes For directorytree/ldaprecord-laravel Upgrade ====
| |
|
| |
| This task also made 3 distinct sets of changes to be compatible with the
| |
| <code>directorytree/ldaprecord-laravel</code> upgrade.
| |
|
| |
| See also for context:
| |
|
| |
| * https://ldaprecord.com/docs/laravel/v3/upgrading/
| |
| * https://ldaprecord.com/docs/laravel/v3/release-notes/
| |
| * https://github.com/DirectoryTree/LdapRecord-Laravel/releases
| |
|
| |
| The first set of changes...
| |
|
| |
| This task updated the 1 PHP config source file <code>config/ldap.php</code>
| |
| to account for <code>logging</code> now being an array. There was this 1
| |
| substitution:
| |
|
| |
| 'logging' => env('LDAP_LOGGING', true),
| |
|
| |
| 'logging' => [
| |
| 'enabled' => env('LDAP_LOGGING', true),
| |
| ],
| |
|
| |
| The second set of changes...
| |
|
| |
| For context, <code>directorytree/ldaprecord-laravel</code> had a PHP trait
| |
| named <code>LdapRecord\Laravel\Auth\MultiDomainAuthentication</code> which
| |
| was deprecated before version <code>2.7.3</code> and removed in version
| |
| <code>3.0.0</code>. The 1 SDS PHP source file
| |
| <code>app/Http/Controllers/Auth/LoginController.php</code> used that trait.
| |
|
| |
| This task updated <code>LoginController</code> to clone into itself the
| |
| used portions of <code>MultiDomainAuthentication</code>, thus removing the
| |
| external dependency of the former on the latter.
| |
|
| |
| As the removed trait was itself a sub-trait of
| |
| <code>LdapRecord\Laravel\Auth\CreatesUserProvider</code>,
| |
| <code>LoginController</code> now composed that directly and not indirectly.
| |
|
| |
| Also <code>LoginController</code> gained the new protected function
| |
| <code>getLdapGuard</code> cloned from the removed trait.
| |
|
| |
| Note that the function <code>getLdapGuardFromRequest</code> was ''not''
| |
| cloned from the removed trait since <code>LoginController</code> already
| |
| had its own version that overrode it.
| |
|
| |
| The third set of changes...
| |
|
| |
| For context, each of these 5 SDS classes composed one of the 2 classes
| |
| <code>LdapRecord\Models\Model</code> or <code>LdapRecord\Models\Scope</code>:
| |
|
| |
| * app/Ldap/ExternalUser.php
| |
| * app/Ldap/Scopes/OnlyStaffUsers.php
| |
| * app/Ldap/Scopes/OnlyStudents.php
| |
| * app/Ldap/SmusStudents.php
| |
| * app/Ldap/SmusUser.php
| |
|
| |
| For each of those 5, it was updated such that for any property or method it
| |
| contained which overrode or implemented a same-named one from
| |
| <code>Model</code> or <code>Scope</code>, that property or method had
| |
| explicit type annotations added to match the originals. This was required
| |
| for the SDS code to satisfy a PHP or Laravel stricture so the code runs.
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== Changes For intervention/image Upgrade ====
| |
|
| |
| This task also made 2 distinct sets of changes to be compatible with the
| |
| <code>intervention/image</code> upgrade.
| |
|
| |
| For context, as part of the major update of <code>intervention/image</code>
| |
| from version 2.x to 3.x, it was also split up into multiple libraries, with
| |
| the core remaining under the old name and the optional Laravel-specific
| |
| add-ons being in the new <code>intervention/image-laravel</code> library.
| |
| We only need to directly require the latter, which brings in the former.
| |
|
| |
| See also for context:
| |
|
| |
| * https://image.intervention.io/v3/introduction/upgrade
| |
| * https://github.com/Intervention/image-laravel/blob/main/README.md
| |
| * https://image.intervention.io/v3/modifying/resizing
| |
|
| |
| The first set of changes...
| |
|
| |
| This task added the 1 PHP config source file <code>config/image.php</code>
| |
| that is standard per the above-linked README.
| |
|
| |
| The second set of changes...
| |
|
| |
| This task replaced the use of the no longer existing PHP class
| |
| <code>Intervention\Image\ImageServiceProvider</code> with the existing
| |
| <code>Intervention\Image\Laravel\Facades\Image</code>.
| |
|
| |
| In addition, the class is now used directly by its full name in the 2 PHP
| |
| source files where the image handling functionality is actually used, which
| |
| are <code>app/Models/File.php</code> and
| |
| <code>app/Http/Controllers/Admin/Migration/ImportPhotosController.php</code>.
| |
| This task has purged any explicit registration in <code>config/app.php</code>
| |
| of any class of this library in <code>providers</code> or
| |
| <code>aliases</code>; the <code>Image</code> alias is now purged.
| |
|
| |
| The PHP source code that directly used the Intervention Image libraries was
| |
| updated for compatibility with several method renames or substitutions.
| |
|
| |
| Changes were made to reflect the rename of the library static method
| |
| <code>make</code> to <code>read</code>.
| |
|
| |
| Changes were made to reflect the changes with the set of image manipulation
| |
| methods for image resizing. The <code>resize</code> method of version 2 had
| |
| taken a third argument by which one specified the resize should keep the
| |
| original aspect ratio. The <code>resize</code> method of version 3 doesn't
| |
| take that argument, and instead the version 3 method <code>scale</code> is
| |
| explicitly for resizing that maintains the aspect ratio.
| |
|
| |
| [[#top|RETURN]]
| |
|
| |
| ==== SDS Laravel Documentation Changes ====
| |
|
| |
| This task updated <code>composer.json</code> to update primary
| |
| documentation attributes so they describe the actual SDS application this
| |
| is rather than the Laravel template used to build it.
| |
|
| |
| There were these substitutions:
| |
|
| |
| "name": "laravel/laravel",
| |
| "description": "The Laravel Framework.",
| |
| "keywords": ["framework","laravel"],
| |
|
| |
| "name": "smus/sds",
| |
| "description": "School Data System (SDS)",
| |
| "keywords": [],
| |
|
| |
| This task also completely rewrote <code>README.md</code> so it describes
| |
| this SDS application rather than the Laravel framework.
| |
|
| |
|
| [[#top|RETURN]] | | [[#top|RETURN]] |