#evergreen log

15:00:45 <JBoyer> #startmeeting 2022-10-11 - Developer Meeting
15:00:45 <pinesol> Meeting started Tue Oct 11 15:00:45 2022 US/Eastern.  The chair is JBoyer. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:45 <pinesol> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:45 <pinesol> The meeting name has been set to '2022_10_11___developer_meeting'
15:00:54 <JBoyer> #info Agenda at https://wiki.evergreen-ils.org/doku.php?id=dev:meetings:2022-10-11
15:00:59 <JBoyer> #topic Introductions
15:01:14 <JBoyer> #info JBoyer - Jason Boyer, Equinox
15:01:27 <berick> #info berick - Bill Erickson, KCLS
15:01:29 <shulabear> #info shulabear - Shula Link, GCHRL in PINES
15:01:31 <mmorgan> #info mmorgan = Michele Morgan, NOBLE
15:01:35 <collum> #info collum - Garry Collum, KCPL
15:01:46 <gmcharlt> #info gmcharlt = Galen Charlton, Equinox
15:01:53 <sandbergja> #info sandbergja = Jane Sandberg
15:02:51 <csharp_> #info csharp = Chris Sharp, GPLS
15:02:53 <abneiman> #info abneiman = Andrea Buntz Neiman, Equinox
15:02:55 <miker> #info miker = Mike Rylander, EOLI
15:03:34 <JBoyer> Ok, folks can drop an #info if they filter in later.
15:03:37 <JBoyer> #topic Action Items from Last Meeting
15:03:43 <JBoyer> #info JBoyer will take a look at LP 1979357
15:03:43 <pinesol> Launchpad bug 1979357 in Evergreen "fixes for qatester failures" [Undecided,New] https://launchpad.net/bugs/1979357
15:05:04 <JBoyer> Well, the good news is that 1 or 2 of those patches can be ignored if the "drop Stretch" changes go in, and the Locales one does appear to be missing on more recent distros. I'll try to make time to finally put that to bed soon.
15:05:17 <Dyrcona> #info Dyrcona = Jason Stephenson, CWMARS
15:05:27 <JBoyer> #info sandbergja will followup with berick about timing re: merging the new linter
15:06:02 <JBoyer> sandbergja, I've not done a great job of keeping track of the email lists, how has this gone?
15:06:02 <sandbergja> berick and I emailed about it, and it got merged!
15:06:08 <JBoyer> sandbergja++
15:06:13 <JBoyer> berick++
15:06:24 <mmorgan> sandbergja++
15:06:30 <JBoyer> Ok then, speaking of merges
15:06:31 <mmorgan> berick++
15:06:34 <berick> sandbergja++ # indeed
15:06:42 <JBoyer> #topic Evergreen Release Updates
15:06:48 <JBoyer> #info 3.9.1 & 3.8.2 planned for 10/19 - abneiman & jihpringle will be doing release notes Monday 10/17 so please get your merges in before then if possible
15:06:57 <shulabear> sandberja++
15:07:03 <sandbergja> abneiman++
15:07:07 <sandbergja> jihpringle++
15:07:19 <gmcharlt> noting that I see three that I will be merging today as high priority
15:07:42 <gmcharlt> namely 1821950, 1986479, and 1982887
15:07:56 <gmcharlt> er, not 1821950
15:08:20 <gmcharlt> the third I meant is 1989209
15:09:48 <JBoyer> gmcharlt++
15:10:10 <JBoyer> #info 3.10 Roadmap - several of these are PR'd & would be nice to merge before slush 10/21
15:10:15 <JBoyer> sandbergja, anything to add?
15:10:39 <JBoyer> #link https://wiki.evergreen-ils.org/doku.php?id=faqs:evergreen_roadmap:3.10
15:10:52 <sandbergja> nothing from me.  terranm41 or mmorgan?
15:11:07 <abneiman> that was actually my item :) and it was a self-serving request I added a bunch of Equinox's stuff to the roadmap last week.
15:11:10 <terranm41> Sorry, I was having issues
15:11:12 <mmorgan> Any help appreciated!!
15:11:18 <abneiman> *because I added
15:11:23 <JBoyer> oops!
15:11:30 <JBoyer> abneiman++
15:12:08 <JBoyer> I saw the list of who made edits, but did not look at what edits they actually made. :)
15:12:53 <abneiman> and sandbergja++ for the Queued Ingest review session last week
15:12:54 <JBoyer> But in any case, lots of good stuff with signoffs to check out.
15:13:31 <JBoyer> Any other Eg Release Updates tha tdidn't make the agenda?
15:13:54 <JBoyer> ok
15:13:57 <JBoyer> #topic Launchpad Status
15:14:00 <JBoyer> #info Snapshot
15:14:03 <JBoyer> #info Open Bugs - 2874
15:14:07 <JBoyer> #info Pullrequests - 79'
15:14:11 <JBoyer> #info Signedoff - 73
15:14:14 <JBoyer> #info Updates Since Last Meeting
15:14:17 <JBoyer> #info Bugs Added - 40
15:14:20 <JBoyer> #info Pullrequest tag Added - 24
15:14:23 <JBoyer> #info Signedoff tag Added - 33
15:14:27 <JBoyer> #info Fix Committed - 27
15:14:58 <mmorgan> Successful Feedback Fest!
15:15:03 <JBoyer> mmorgan++
15:15:07 <JBoyer> terranm41++
15:15:18 <mmorgan> terranm41++
15:15:35 <JBoyer> #topic New Business
15:15:36 <terranm41> There's a cataloging one I need to add to the Roadmap - on my phone right now, but it's the one to allow catalogers to add items without call number labels as long as they have a prefix
15:16:04 <gmcharlt> bug 1821950
15:16:04 <pinesol> Launchpad bug 1821950 in Evergreen "Web Client: Call Number Labels should not be required in the Copy Editor" [High,Confirmed] https://launchpad.net/bugs/1821950
15:16:13 <shulabear> terranm41++
15:16:44 <terranm41> gmcharlt++
15:16:53 <gmcharlt> terranm41: I'm adding that now
15:16:59 <terranm41> Thx!!
15:17:00 <JBoyer> gmcharlt++
15:17:16 * miker managed to be on vacation for the whole 'fest...
15:17:59 <JBoyer> I pasted the New Business tag a little early, but here we go.
15:18:00 * shulabear contributed but forgot feedback fest was going on so it was just chance.
15:18:00 <JBoyer> #info Javascript dependency vulnerabilities - AngularJS client says "76 vulnerabilities (13 low, 27 moderate, 28 high, 8 critical)" when you run npm install
15:18:25 <sandbergja> Ah, this was mine!
15:18:40 <JBoyer> sandbergja++
15:18:58 <mmorgan> Also bug 1980409, I'll add that one.
15:18:58 <pinesol> Launchpad bug 1980409 in Evergreen "Call Number Labels should not be required in the Angular Holdings Editor" [Medium,Confirmed] https://launchpad.net/bugs/1980409
15:19:14 <sandbergja> I think it's come up before.  There are a lot of known vulnerabilities in our javascript dependencies.
15:19:52 <JBoyer> Updating everything that has fixes would be good; do many of them require (potentially) breaking changes to update?
15:19:59 <gmcharlt> sandbergja: have you experimented with how much npm audit fix does or does not break things?
15:20:15 <sandbergja> No, I haven't yet.
15:20:46 <gmcharlt> for obvious reasons, I'm kinda hoping that it does turn into "let's try Angular 14 for the back branches"
15:20:53 <gmcharlt> er, does *not*
15:21:59 <sandbergja> I could throw together a branch with npm audit --fix, but it would be nice to have some help testing the results
15:22:30 <gmcharlt> happy to help (and I am actually pretty concerned about the potential for breakage)
15:22:47 <berick> sandbergja: is your focus at the moment just on angjs?
15:23:07 <gmcharlt> but I may be unduly distrustful of the state of backwards compatibiliy in the NPM ecosystem
15:23:15 <sandbergja> berick: yeah, I think so.  It seems like the angular team is good at taking care of their dependencies
15:23:37 * Dyrcona is distrustful of NPM.
15:23:46 <sandbergja> gmcharlt++
15:23:48 <berick> sandbergja: gotcha, thanks
15:24:00 <JBoyer> A quick run just now shows 19 fixed, 18 that require manual review, and 3 that involve breaking changes (and I assume are holding up some others since that math doesn't cut it.)
15:24:21 <sandbergja> I definitely share the concerns about regressions...
15:24:34 <Dyrcona> I've run npm update in the past without ill effects, but not sure if that does what's needed. I've also not done it in a while.
15:24:55 <gmcharlt> sandbergja: certain a gold star to any of use who figures out that we can _remove_ dependencies during the process :)
15:24:57 <sandbergja> If you'll allow me a soapbox for a minute, it sure would be nice if we had more test coverage, so we could just run any automated dependabot PRs against the test suite and get a quick yes/no
15:25:16 <sandbergja> about whether it introduces regressions
15:27:28 <JBoyer> sandbergja++ gmcharlt++
15:27:42 <JBoyer> Any other discussion re: npm security?
15:27:48 <JBoyer> Or AngJS, etc.
15:27:54 <csharp_> I'm willing to help with the effort
15:28:15 <sandbergja> csharp_++
15:28:15 <JBoyer> csharp_++
15:28:26 <gmcharlt> just wanted to mention something that had come up in a meeting with a few of you recently - if we step back a bit... we've done a LOT towards migrating to Angular
15:28:40 <gmcharlt> so I do think that warrants an IRC collective back-patting
15:28:45 <csharp_> sandbergja: I'll do some experimentation and will test your branch if you push one
15:29:00 <shulabear> sandbergja++
15:29:01 <sandbergja> angular++
15:29:06 <terranm> backpatting++
15:29:11 <shulabear> csharp_++
15:29:33 <berick> gmcharlt: agreed.
15:29:45 <csharp_> +1
15:30:00 <JBoyer> +1
15:30:05 <sandbergja> csharp_: sounds good!  I can plan to push some kind of collab branch this week
15:30:07 <mmorgan> +1
15:30:20 <csharp_> sandbergja++
15:31:23 <JBoyer> Sounds like there's a way forward there, so we can wrap up here.
15:31:24 <JBoyer> #topic Announcements
15:31:28 <JBoyer> #info Next Meeting is November 8, 2022
15:31:32 <JBoyer> #endmeeting