15:00:45 #startmeeting 2022-10-11 - Developer Meeting 15:00:45 Meeting started Tue Oct 11 15:00:45 2022 US/Eastern. The chair is JBoyer. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:45 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:45 The meeting name has been set to '2022_10_11___developer_meeting' 15:00:54 #info Agenda at https://wiki.evergreen-ils.org/doku.php?id=dev:meetings:2022-10-11 15:00:59 #topic Introductions 15:01:14 #info JBoyer - Jason Boyer, Equinox 15:01:27 #info berick - Bill Erickson, KCLS 15:01:29 #info shulabear - Shula Link, GCHRL in PINES 15:01:31 #info mmorgan = Michele Morgan, NOBLE 15:01:35 #info collum - Garry Collum, KCPL 15:01:46 #info gmcharlt = Galen Charlton, Equinox 15:01:53 #info sandbergja = Jane Sandberg 15:02:51 #info csharp = Chris Sharp, GPLS 15:02:53 #info abneiman = Andrea Buntz Neiman, Equinox 15:02:55 #info miker = Mike Rylander, EOLI 15:03:34 Ok, folks can drop an #info if they filter in later. 15:03:37 #topic Action Items from Last Meeting 15:03:43 #info JBoyer will take a look at LP 1979357 15:03:43 Launchpad bug 1979357 in Evergreen "fixes for qatester failures" [Undecided,New] https://launchpad.net/bugs/1979357 15:05:04 Well, the good news is that 1 or 2 of those patches can be ignored if the "drop Stretch" changes go in, and the Locales one does appear to be missing on more recent distros. I'll try to make time to finally put that to bed soon. 15:05:17 #info Dyrcona = Jason Stephenson, CWMARS 15:05:27 #info sandbergja will followup with berick about timing re: merging the new linter 15:06:02 sandbergja, I've not done a great job of keeping track of the email lists, how has this gone? 15:06:02 berick and I emailed about it, and it got merged! 15:06:08 sandbergja++ 15:06:13 berick++ 15:06:24 sandbergja++ 15:06:30 Ok then, speaking of merges 15:06:31 berick++ 15:06:34 sandbergja++ # indeed 15:06:42 #topic Evergreen Release Updates 15:06:48 #info 3.9.1 & 3.8.2 planned for 10/19 - abneiman & jihpringle will be doing release notes Monday 10/17 so please get your merges in before then if possible 15:06:57 sandberja++ 15:07:03 abneiman++ 15:07:07 jihpringle++ 15:07:19 noting that I see three that I will be merging today as high priority 15:07:42 namely 1821950, 1986479, and 1982887 15:07:56 er, not 1821950 15:08:20 the third I meant is 1989209 15:09:48 gmcharlt++ 15:10:10 #info 3.10 Roadmap - several of these are PR'd & would be nice to merge before slush 10/21 15:10:15 sandbergja, anything to add? 15:10:39 #link https://wiki.evergreen-ils.org/doku.php?id=faqs:evergreen_roadmap:3.10 15:10:52 nothing from me.  terranm41 or mmorgan? 15:11:07 that was actually my item :) and it was a self-serving request I added a bunch of Equinox's stuff to the roadmap last week. 15:11:10 Sorry, I was having issues 15:11:12 Any help appreciated!! 15:11:18 *because I added 15:11:23 oops! 15:11:30 abneiman++ 15:12:08 I saw the list of who made edits, but did not look at what edits they actually made. :) 15:12:53 and sandbergja++ for the Queued Ingest review session last week 15:12:54 But in any case, lots of good stuff with signoffs to check out. 15:13:31 Any other Eg Release Updates tha tdidn't make the agenda? 15:13:54 ok 15:13:57 #topic Launchpad Status 15:14:00 #info Snapshot 15:14:03 #info Open Bugs - 2874 15:14:07 #info Pullrequests - 79' 15:14:11 #info Signedoff - 73 15:14:14 #info Updates Since Last Meeting 15:14:17 #info Bugs Added - 40 15:14:20 #info Pullrequest tag Added - 24 15:14:23 #info Signedoff tag Added - 33 15:14:27 #info Fix Committed - 27 15:14:58 Successful Feedback Fest! 15:15:03 mmorgan++ 15:15:07 terranm41++ 15:15:18 terranm41++ 15:15:35 #topic New Business 15:15:36 There's a cataloging one I need to add to the Roadmap - on my phone right now, but it's the one to allow catalogers to add items without call number labels as long as they have a prefix 15:16:04 bug 1821950 15:16:04 Launchpad bug 1821950 in Evergreen "Web Client: Call Number Labels should not be required in the Copy Editor" [High,Confirmed] https://launchpad.net/bugs/1821950 15:16:13 terranm41++ 15:16:44 gmcharlt++ 15:16:53 terranm41: I'm adding that now 15:16:59 Thx!! 15:17:00 gmcharlt++ 15:17:16 * miker managed to be on vacation for the whole 'fest... 15:17:59 I pasted the New Business tag a little early, but here we go. 15:18:00 * shulabear contributed but forgot feedback fest was going on so it was just chance. 15:18:00 #info Javascript dependency vulnerabilities - AngularJS client says "76 vulnerabilities (13 low, 27 moderate, 28 high, 8 critical)" when you run npm install 15:18:25 Ah, this was mine! 15:18:40 sandbergja++ 15:18:58 Also bug 1980409, I'll add that one. 15:18:58 Launchpad bug 1980409 in Evergreen "Call Number Labels should not be required in the Angular Holdings Editor" [Medium,Confirmed] https://launchpad.net/bugs/1980409 15:19:14 I think it's come up before.  There are a lot of known vulnerabilities in our javascript dependencies. 15:19:52 Updating everything that has fixes would be good; do many of them require (potentially) breaking changes to update? 15:19:59 sandbergja: have you experimented with how much npm audit fix does or does not break things? 15:20:15 No, I haven't yet. 15:20:46 for obvious reasons, I'm kinda hoping that it does turn into "let's try Angular 14 for the back branches" 15:20:53 er, does *not* 15:21:59 I could throw together a branch with npm audit --fix, but it would be nice to have some help testing the results 15:22:30 happy to help (and I am actually pretty concerned about the potential for breakage) 15:22:47 sandbergja: is your focus at the moment just on angjs? 15:23:07 but I may be unduly distrustful of the state of backwards compatibiliy in the NPM ecosystem 15:23:15 berick: yeah, I think so.  It seems like the angular team is good at taking care of their dependencies 15:23:37 * Dyrcona is distrustful of NPM. 15:23:46 gmcharlt++ 15:23:48 sandbergja: gotcha, thanks 15:24:00 A quick run just now shows 19 fixed, 18 that require manual review, and 3 that involve breaking changes (and I assume are holding up some others since that math doesn't cut it.) 15:24:21 I definitely share the concerns about regressions... 15:24:34 I've run npm update in the past without ill effects, but not sure if that does what's needed. I've also not done it in a while. 15:24:55 sandbergja: certain a gold star to any of use who figures out that we can _remove_ dependencies during the process :) 15:24:57 If you'll allow me a soapbox for a minute, it sure would be nice if we had more test coverage, so we could just run any automated dependabot PRs against the test suite and get a quick yes/no 15:25:16 about whether it introduces regressions 15:27:28 sandbergja++ gmcharlt++ 15:27:42 Any other discussion re: npm security? 15:27:48 Or AngJS, etc. 15:27:54 I'm willing to help with the effort 15:28:15 csharp_++ 15:28:15 csharp_++ 15:28:26 just wanted to mention something that had come up in a meeting with a few of you recently - if we step back a bit... we've done a LOT towards migrating to Angular 15:28:40 so I do think that warrants an IRC collective back-patting 15:28:45 sandbergja: I'll do some experimentation and will test your branch if you push one 15:29:00 sandbergja++ 15:29:01 angular++ 15:29:06 backpatting++ 15:29:11 csharp_++ 15:29:33 gmcharlt: agreed. 15:29:45 +1 15:30:00 +1 15:30:05 csharp_: sounds good!  I can plan to push some kind of collab branch this week 15:30:07 +1 15:30:20 sandbergja++ 15:31:23 Sounds like there's a way forward there, so we can wrap up here. 15:31:24 #topic Announcements 15:31:28 #info Next Meeting is November 8, 2022 15:31:32 #endmeeting