Actions

Developer Area/Plugins/Third party: Difference between revisions

From Mahara Wiki

< Developer Area‎ | Plugins
(Proposed layout change for this page)
No edit summary
 
(124 intermediate revisions by 3 users not shown)
Line 1: Line 1:
A list of the third party plugins within Mahara.
A list of the third-party plugins within Mahara.


A helpful way to update this list is to go:
=== Composer commands ===
   find ./htdocs -type f -iname "README.Mahara" -exec grep 'Version' -B1 {} \; -print
For available versions, e.g.  <code>composer show phpro/grumphp-shim 1.14.* --all</code>
on the current codebase.
 
For our composer dependencies:  <code>composer show  --tree</code>
 
For checking the dependencies of a library version, e.g. <code>composer show elasticsearch/elasticsearch 7.17.* --tree</code>
 
Check if there are any outdated libraries (according to the [[SemVer Info|version syntax]] in <code>composer.json</code>)  <code>composer outdated</code>
 
=== Checking the <code>.Mahara</code> files ===
To check the versions in the <code>.Mahara</code> files, a helpful way to update this list is to go:
   <code>find ./htdocs -type f -iname "README.Mahara" -exec grep 'Version' -B1 {} \; -print</code>
... on the current codebase.
 
=== Syncing the list in 'Country' dropdowns ===
To keep in sync is the country names we use for 'Country' dropdowns. To check what the current state of play is
<code>perl -MLocale::Country -le 'print join("\n", sort map { country2code($_) . " => " . country2code($_, LOCALE_CODE_ALPHA_3) . ", // " . $_ } all_country_names())'</code>
and check the results against <code>htdocs/lib/country.php</code> and <code>htdocs/lang/en.utf8/mahara.php</code> files


Note: another thing to keep in sync is the country names we use for 'Country' dropdowns. To check what the current state of play is
  perl -MLocale::Country -le 'print join("\n", sort map { country2code($_) . " => " . country2code($_, LOCALE_CODE_ALPHA_3) . ", // " . $_ } all_country_names())'
and check the results against htdocs/lib/country.php and htdocs/lang/en.utf8/mahara.php files
For any confusion you can also check against https://www.iso.org
For any confusion you can also check against https://www.iso.org


==== Legend ====
== Third-party libraries (PHP and JS) ==
 
=== Legend ===
*'''Mahara version''' = the <code>README.Mahara</code> file for the library | [https://nodejs.dev/learn/semantic-versioning-using-npm SemVer Info] - explaining the symbols in the Mahara version column
*'''Latest version''' = the most recent available version
*'''Update type''' = what upgrades are available for this plugin, i.e. major, minor, patch, or security?
*'''Support''' = Is there a community supporting this library? When was the last release year if not in active support
**Active: There is ongoing work being put into the library
**Inactive: Maintained but not actively making releases
**Archived: Not being maintained
**Deprecated (officially): All maintainers have left, and site may not exist in extreme cases.
*'''License''' = software license for the library
*'''Notes''' = extra information, e.g. resources, notes, and new
*'''Composer''' = check if the library is managed by Composer
*'''NPM''' = check if the library is managed by NPM
'''PHP versions in support''' https://www.php.net/supported-versions.php<nowiki/>⁣ – 14 LTS - Ends security support in 30 Apr 2023, go to 16 LTS soon
 
💡 A new idea is being proposed to better handle customisations on updating third party libraries lives here → https://reviews.mahara.org/c/mahara/+/13780
 
=== PHP libraries (excluding external) ===
https://eusonlito.github.io/php-changes-cheatsheet/deprecated.html
 
Libraries are managed by Composer. See <code>composer.json</code>
 
Run <code>composer show</code> to get a quick summary of library versions managed by Composer.


* Inactive: Maintained but not actively making releases
Run <code>composer outdated</code> to get a list of outdated libraries.
* Deprecated: All maintainers have left and site may not exist in extreme cases.
* 🚧: In progress/there is a working patch in gerrit
* Sec. = is there a new security patch available?
* 21.10 column: Yes = updating to the latest version according to SemVer in 'Mahara Version' column
* [https://nodejs.dev/learn/semantic-versioning-using-npm SemVer Info]


Last edited 22 Feb 2022
🟡 Libraries yet to be moved to Composer: SimpleSAMLPHP - currently lives in <code>htdocs/auth/saml/extlib</code> and the version is managed in Makefile by curl.
{| class="wikitable"
{| class="wikitable sortable" style="vertical-align:middle;"
|+ ADODB
|- style="font-weight:bold; text-align:center;"
!'''Name'''
!'''Mahara <br />version'''
!'''Update type'''
!'''Support'''
!'''License'''
!'''URL/Notes'''
!'''Composer'''
|-
|-
| '''README.Mahara (./htdocs/...)''' || .../lib/adodb/  
| style="font-weight:bold;" |'''ADODB'''
|5.22.6
|Up to date
|Active
|BSD 3-Clause<br />LGPL
|[https://adodb.org/dokuwiki/doku.php Official site]<nowiki> | </nowiki>[https://github.com/ADOdb/ADOdb GitHub]<nowiki> | </nowiki>[https://twitter.com/ADOdb_announce Twitter]<br />Wish-list: [https://bugs.launchpad.net/mahara/+bug/1945264 extract $SESSION]
|✅
|-
|-
| '''URL''' || - https://adodb.org/dokuwiki/doku.php
| style="font-weight:bold;" |'''CSS Tidy'''
- https://github.com/ADOdb/ADOdb
|2.1.0
|Up to date
|Active
|LGPL
|[https://github.com/Cerdic/CSSTidy GitHub]
|✅
|-
|-
| '''License''' || BSD 3-Clause LGPL
| style="font-weight:bold;" |'''Elasticsearch PHP'''
| style="color:#333;" |7.17.2
|Major, 8.10.0
|Active
|Apache v2.0  LGPL v2.1
|[https://github.com/elastic/elasticsearch-php GitHub]<nowiki> | </nowiki>[https://github.com/elastic/elasticsearch-php/blob/master/CHANGELOG.md Changelog]
Move to OpenSearch
 
|✅
|-
|-
| '''Mahara version''' || ^5.21.1
| style="font-weight:bold;" |'''HTML Purifier'''
|4.16.0
|Up to date
|2022
|LGPL v2.1+
|[http://www.htmlpurifier.org/ HTML Purifier]<nowiki> | </nowiki>[https://github.com/ezyang/htmlpurifier/ GitHub]
|✅
|-
|-
| '''Latest version''' || 5.22.0
| style="font-weight:bold;" |'''PHPMailer'''
|6.8.1
|Up to date
|Active
|LGPL
|[https://github.com/PHPMailer/PHPMailer GitHub]
|✅
|-
|-
| '''Support''' || End 5.20.20
| style="font-weight:bold;" |'''ReCaptcha'''
|1.2.4
|Minor, 1.3.0
|Active
|BSD-3
|[https://github.com/google/recaptcha GitHub]
|✅
|-
|-
| '''Upgrades''' || Security - 5.21.4 - pgsql: authentication bypass in connect functions (CVE-2021-3850)
| style="font-weight:bold;" |'''simplesamlphp'''
|-
|2.0.4
| '''Security issue?''' || Yes
|Minor, 2.0.6
|-
|Active
| '''PHP8''' || Yes 8.1
|GPL 2.1
|-
|[https://github.com/simplesamlphp/simplesamlphp GitHub]
| '''22.04''' || Yes 🚧
Optional library - called in Makefile
|-
|❌
| '''Notes''' || News: https://twitter.com/ADOdb_announce first. Wishlist: extract our $SESSION php 8.0 ready.
|}
|}


{| class="wikitable"
=== JavaScript and jQuery libraries ===
|+ Bootstrap
🟡 '''Check that our Node version is still in support''' https://endoflife.date/nodejs  node| https://nodejs.org/en/download/releases/ ➡ Update the <code>.nvmrc</code> file with the supported version.
|-
 
| '''README.Mahara (./htdocs/...)''' || .../lib/bootstrap/assets/javascripts/
Run <code>npm list</code> to get a quick list of the versions and libraries managed by NPM
|-
 
| '''URL''' || - https://getbootstrap.com/<br /> - https://github.com/twbs/release
Goal: to move libraries to be managed by NPM
|-
| '''License''' || MIT License
|-
| '''Mahara version''' || ~4.6.0
|-
| '''Latest version''' || 5.1.3
|-
| '''Support''' || Ends 4.x (LTS) - 01 Nov 2022
|-
| '''Upgrades''' || Major e.g. 5.1.2 Updated JS Sanitizer to add sms in the SAFE_URL_PATTERN
|-
| '''Security issue?''' ||
|-
| '''PHP8''' || n/a
|-
| '''22.04''' ||
|-
| '''Notes''' ||
|}


{| class="wikitable sortable"  
==== NPM-managed JS libraries ====
|- style="font-weight:bold;"
{| class="wikitable sortable" style="vertical-align:middle;"
! Name
|- style="font-weight:bold; text-align:center;"
! README.Mahara <br />(./htdocs/...)
!'''Name'''
! URL
!'''Mahara <br />version'''
! License
!'''Update type'''
! Mahara <br />version
!'''Support'''
! Latest<br />version<br />
!'''License'''
! Support
!'''Notes'''
! Upgrades
! Sec.
! PHP8
! 21.10<br />
! Notes
|-
|-
| style="font-weight:bold;" | ADODB
| style="font-weight:bold;" |'''yargs'''
| .../lib/adodb/
|5.0.2
| - https://adodb.org/dokuwiki/doku.php<br />- https://github.com/ADOdb/ADOdb
|Minor, 5.3.2
| BSD 3-Clause<br />LGPL
|Active
| ^5.21.1<br />
|MIT
| style="color:#000000;" | 5.22.0
|
| End 5.20.20
| style="color:#333333;" | Security - 5.21.4<br />- pgsql: authentication bypass in connect functions (CVE-2021-3850)
| Yes
| Yes 8.1
| Yes 🚧
| News: https://twitter.com/ADOdb_announce first.<br>Wishlist: [https://bugs.launchpad.net/mahara/+bug/1945264 extract our $SESSION]<br>php 8.0 ready.
|-
|-
| style="font-weight:bold;" | Bootstrap
| style="font-weight:bold;" |'''Chart.js'''
| .../lib/bootstrap/assets/javascripts/<br />
|3.9.1
| - https://getbootstrap.com/<br />- https://github.com/twbs/release
|Major, 4.4.0
| MIT License
|Active
| ~4.6.0
|MIT
| 5.1.3
|[https://www.chartjs.org/docs/latest/migration/v4-migration.html Migration to v4]
| Ends 4.x (LTS) <br />- 01 Nov 2022
| Major e.g. 5.1.2 Updated JS Sanitizer to add sms in the SAFE_URL_PATTERN
|
| n/a
| <br />
|-
|-
| style="font-weight:bold;" | Bootstrap <br />Datetimepicker
| style="font-weight:bold;" |'''Clipboard js'''
| .../js/bootstrap-datetimepicker/
|2.0.11
| https://getdatepicker.com/<br />https://github.com/tempusdominus/<br />bootstrap-4
|Up to date
| MIT License
|Active
| =4.17.47
|MIT
| 6.0.0-beta2
|version # is tagged
| Inactive,<br />v4 not maintained<br />No longer requires Bootstrap
| None
|  
| n/a
|
| runs using bootstrap and moment.js  <br />There is a version 5 but not finished.
|-
|-
| style="font-weight:bold;" | Chart.js
| style="font-weight:bold;" |'''Dragon-drop'''
| .../js/chartjs/
|3.6.1
| http://www.chartjs.org
|Up to date
| MIT License
|2020
| ^2.9.4
|MIT
| 3.7.1
|
| LTS 2.x: 2.9.4<br />Active 3.x<br />
| Major - 3.0.0 breaking changes<br />https://www.chartjs.org/docs/next/<br />getting-started/v3-migration
| ?
| n/a
| <br />
|-
|-
| style="font-weight:bold;" | Clipboard js
| style="font-weight:bold;" |'''Dropzone'''
| .../js/clipboard/
|5.9.3
| https://clipboardjs.com/
|Patch, 5.9.3
| MIT License
|2021
| ^2.0.8
|MIT
| 2.0.10
|
| Active
| Patch fix
|
| n/a
| Yes 🚧
|  
|-
|-
| style="font-weight:bold;" | Cookie <br />consent
| style="font-weight:bold;" |'''jQuery'''
| .../js/cookieconsent/
|3.7.1
| - https://www.osano.com/cookieconsent<br />- https://github.com/osano/cookieconsent<br />
|Up to date
| MIT License
|Active
| =3.1.1
|MIT
| 4.0
|[https://forum.jquery.com/ Forum]
| New updates are<br />proprietary.
| None
|  
| n/a
|
| Site talks about versions 2021.6 and 2021.2.3 <br />which are not available on GitHub.<br />💡Check if we should keep using this - licences.
|-
|-
| style="font-weight:bold;" | CSS Tidy
| style="font-weight:bold;" |'''jQuery UI'''
| .../lib/csstidy/
|1.13.2
| https://github.com/Cerdic/CSSTidy
|Up to date
| LGPL
|Active
| ~1.7.3
|MIT
| 2.0.1
|
| Inactive, 2020
| 2.0.1 released 22 Feb 2022<br />PHP8 compatible
|  
| No
|  
| No activity on the repo in the last year.
|-
|-
| style="font-weight:bold;" | Dragon-drop
| style="font-weight:bold;" |'''JS Color'''
| ..../js/dragondrop/
|2.5.1
| https://github.com/schne324/dragon-drop
|Up to date
| MIT License
|Inactive,2022
| ^3.2.1
|GPL 3
| 3.6.1<br />
|
| Active
| None<br />Pre-release minor <br />changelog not available.
|
| n/a
|  
| 3.6.1 in the making but in pre-release stages.
|-
|-
| style="font-weight:bold;" | Datatables
| style="font-weight:bold;" |'''Marked'''
|  
|4.3.0
| https://datatables.net/<br />https://datatables.net/download/index<br />
|Minor, 4.3.0
| MIT License
Major 9.1.0
| ^1.10.20
|Active
| 1.11.4
|MIT
| Active<br />
|
| Patch fix
|
| n/a
| Yes 🚧
|  
|-
|-
| style="font-weight:bold;" | Dropzone
| style="font-weight:bold;" |'''Moment.js'''
| .../js/dropzone/
|2.29.4
| https://github.com/dropzone/dropzone/releases
|Up to date
| MIT License
|Active
| ^5.7.6
|MIT
| 5.9.3/6.0.0-beta.2
|[http://momentjs.com/ Moment JS] 🆕 [https://moment.github.io/luxon/#/ Luxon GitHub]
| Active <br /> Dropping IE support after 5.9.3
| Minor
|
| n/a
| Yes 🚧
|
|-
|-
| style="font-weight:bold;" | Dwoo
| style="font-weight:bold;" |'''Popper'''
| .../lib/dwoo/
|2.11.8
| http://dwoo.org/<br />https://github.com/dwoo-project/dwoo
|Up to date
| LGPL
|Active
| =1.3.7
|MIT
| 1.3.7
|[https://github.com/twbs/bootstrap/issues/31451 GitHub issue]<nowiki> | </nowiki>[https://dev.to/fezvrasta/smarter-tooltips-and&#x20;-popovers-with-popper-2-44bh tooltips]
| Deprecated<br />
'''Floating UI'''
| Replace
|
| No
|
|
|-
|-
| style="font-weight:bold;" | Elastic Search
| style="font-weight:bold;" |'''Fontawesome'''
| .../lib/elasticsearch/
|6.4.2
| https://github.com/elastic/elasticsearch-php
|Up to date
| Apache v2.0 <br />LGPL v2.1
|Active
| style="color:#333333;" | >6.1.0
|SIL OFL 1.1
| 7.17.0
|[https://fontawesome.com/docs/web/setup/upgrade/ Upgrade steps]<nowiki> | </nowiki>[https://fontawesome.com/docs/changelog/ Changelog]
| Active<br />
| WIP - Gold
|
| No
|
| PHP 8 has a [https://github.com/elastic/elasticsearch-php/milestone/6 milestone].
|-
|-
| style="font-weight:bold;" | fancybox3
| style="font-weight:bold;" |'''TinyMCE'''
| .../js/fancybox/
|5.10.7
| https://github.com/fancyapps/ui - in BETA stage<br />https://fancyapps.com/docs/ui/installation
|Major, 6.7.0
| CC BY-SA 4.0
|Active
| ~3.5.6
|LGPL 2.1
| 4.0.26
|[https://www.tiny.cloud/get-tiny/self-hosted Downloads]<nowiki> | </nowiki>[https://www.tiny.cloud/docs/changelog/ Changelog]
| Inactive<br />- v3 deprecated<br />- v4 in beta stage
📲 Test mobile
| Patch fix
|
| n/a
| Yes 🚧
| https://fancyapps.com/next/<br />Notifications: https://twitter.com/thefancyapps
|-
|-
| style="font-weight:bold;" | gridstack
| style="font-weight:bold;" |'''Video.js'''
| .../js/gridstack/
|7.21.5
| https://github.com/gridstack/gridstack.js
|Major, 8.5.2
| MIT License
|Active
| >0.6.4
|Apache License 2.0
| 5.0.0
|[http://videojs.com/ Video JS]
| Active
|}
| WIP - Robert<br />
 
|
==== Manually managed JS libraries ====
| n/a
{| class="wikitable sortable" style="vertical-align:middle;"
|
|- style="font-weight:bold; text-align:center;"
| https://gridstackjs.com
!'''Name'''
!'''Mahara <br />version'''
!'''Update type'''
!'''Support'''
!'''Location<br />'''<code><small>(./htdocs/...)</small></code>
!'''License'''
!'''Notes'''
!'''NPM'''
|-
|-
| style="font-weight:bold;" | HTML Purifier
| style="font-weight:bold;" |'''Date time'''
| .../lib/htmlpurifier/
'''picker'''
| http://www.htmlpurifier.org/
|4.17.47
| LGPL v2.1+
|Major 6.17.16
| =4.13.0
|Active - v6
| 4.14.0
|<small>.../js/bootstrap-datetimepicker/</small>
| 4.14 includes PHP8 support
|MIT
| None
|[https://getdatepicker.com/6/change-log.html Changelog]
|
 
| ??
Latest release: rewrite (beta)
|  
|❌
| https://github.com/ezyang/htmlpurifier/<br />blob/v4.13.0/NEWS<br>PHP 8 support looks to be in progress but can't determine with confidence.
|-
|-
| style="font-weight:bold;" | Javascript <br />templates
| style="font-weight:bold;" |'''Datatables'''
| .../js/javascript-templates/
|1.11.4
| https://github.com/blueimp/<br />[https://github.com/blueimp/JavaScript-Templates JavaScript-Templates]
|Minor
| MIT License
|Active
| =3.19.0
|<small>.../js/DataTables/</small>
| 3.20.0
|MIT
| Inactive, 2020
|[https://datatables.net/download/index Download]
| None
[https://cdn.datatables.net/ Release notes CDN]
|
|❌ Need to use web builder
| n/a
|
|
|-
|-
| style="font-weight:bold;" | jQuery
| style="font-weight:bold;" |'''Gridstack'''
| .../js/jquery/
|4.4.1
| http://jquery.com/<br />https://github.com/jquery/jquery
|Major
| MIT License
|Active
| ^3.6.0
|<small>.../js/gridstack/</small>
| 3.6.0
|MIT
| Active
|[Demos](<nowiki>https://gridstackjs.com/demo/</nowiki>)
| Minor
 
|
 
| n/a
https://github.com/gridstack/gridstack.js/tree/master/doc
| Yes 🚧
|🚧
| https://blog.jquery.com/2021/03/02/<br />jquery-3-6-0-released/<br />News: - QA: https://forum.jquery.com/<br />Twitter: https://twitter.com/jquery
|-
|-
| style="font-weight:bold;" | jQuery mobile
| style="font-weight:bold;" |'''Json editor'''
| .../js/jquery/jquery-mobile/
|2.6.1
| http://jquerymobile.com
|Minor
| MIT License
|Active
| =1.5.0-alpha.1
|<small>.../js/jsoneditor/</small>
| 1.5.0-rc1
|MIT
| Inactive, 2017
|[https://github.com/json-editor/json-editor/blob/master/CHANGELOG.md Changelog]
| None
|🚧
|
| n/a
|  
| https://blog.jquerymobile.com <br />- lack of resources but wish to maintain.<br />❗Find out if we are still using this.
|-
|-
| style="font-weight:bold;" | jQuery UI
| style="font-weight:bold;" |'''PDFjs'''
| .../js/jquery/jquery-ui/
|3.10.111
| http://jqueryui.com/
|Minor 🚧
| MIT License
|Active
| =1.12.1
|<small>.../artefact/file/blocktype/pdf/js/pdfjs/</small>
| 1.13.1
|Apache License 2
| Inactive, 2017
|[http://mozilla.github.io/pdf.js/getting_started/#download Getting started]
| None
The Firefox dist version different to NPM package
|
|
| n/a
|}
|
 
| https://blog.jqueryui.com/ <br />- lack of resources but with to maintain.
=== Forked/stale/deprecated libraries ===
{| class="wikitable sortable mw-collapsible mw-collapsed" style="vertical-align:middle;"
|- style="font-weight:bold; text-align:center;"
!'''Name'''
!'''Mahara <br />version'''
!'''Latest<br />version'''
!'''Support'''
!'''Location<br />'''<code><small>(./htdocs/...)</small></code>
!'''License'''
!'''URL'''
!'''Next action'''
|-
|-
| style="font-weight:bold;" | jQuery UI plugin <br />touch-punch
| style="font-weight:bold;" |'''Dwoo'''
| .../js/jquery/jquery-ui/<br />jquery-ui-touch-punch.min.js
|1.3.7
| http://touchpunch.furf.com/<br />https://github.com/furf/jquery-ui-touch-punch
|1.3.7
| MIT or GPL <br />Version 2 licenses
|'''Archived, 2020'''
| =0.2.3
|<small>.../lib/dwoo/</small>
| 0.2.3
|LGPL
| Deprecated
|[http://dwoo.org/ Dead site?]
| None
[https://github.com/dwoo-project/dwoo GitHub]
|
|
| n/a
|
| ❗Do we still need it - is it merged into jquery
|-
|-
| style="font-weight:bold;" | JS Color
| style="font-weight:bold;" |'''Javascript <br />templates'''
| .../js/jscolor/
|3.20.0
| http://jscolor.com/
|3.20.0
| GPL 3
|'''Archived, 2021'''
| ^2.4.5
|<small>.../js/javascript-templates/</small>
| 2.4.7
|MIT
| Active
|[https://github.com/blueimp/JavaScript-Templates GitHub]
| None
|
|
| n/a
|
|  
|-
|-
| style="font-weight:bold;" | Json editor
| style="font-weight:bold;" |'''jQuery mobile'''
| .../js/jsoneditor/
|1.5.0-alpha.1
| https://github.com/json-editor/json-editor
|1.5.0-rc1
| MIT License
|'''Deprecated'''
| >=1.3.5
|<small>.../js/jquery/jquery-mobile/</small>
| 2.6.1
|MIT
| Active
|[http://jquerymobile.com Website] <br /><small>🚨 ''"transition(ed) ...''</small> <small>''under the jQuery project umbrella, jQuery UI"''</small>
| Major 2.x
|Remove and test
| 2.1.0: “fixed vulnerability in "http-server" package <br />(origin/feature/merges-20200227, feature/merges-20200227)
| n/a
|
| Leave for for 22.04
|-
|-
| style="font-weight:bold;" | jTLine
| style="font-weight:bold;" |'''jQuery UI plugin <br />touch-punch'''
| .../js/jTLine/
|0.2.3
| https://naadydev.github.io/jTLine/
|0.2.3
| MIT License
|'''Deprecated'''
| =1.0
|<small>.../js/jquery/jquery-ui/<br />jquery-ui-touch-punch.min.js</small>
| 1.0
|MIT or GPL <br />Version 2
| Inactive, 2018
|[https://github.com/furf/jquery-ui-touch-punch GitHub]
| None
 
|
<small>🚨 external to JQuery UI</small>
| n/a
|[https://github.com/RWAP/jquery-ui-touch-punch Use a fork?]
|
| https://twitter.com/naadydev
|-
|-
| style="font-weight:bold;" | Lodash
| style="font-weight:bold;" |'''jTLine'''
| .../js/lodash/
|1.0
| https://github.com/lodash/lodash
|1.0
| MIT License
|'''Inactive, 2018'''
| style="color:#333333;" | ^4.17.15
|<small>.../js/jTLine/</small>
| 4.17.21
|MIT
| Active
|[https://naadydev.github.io/jTLine/ GitHub]
| Patch fix
[https://twitter.com/naadydev Twitter]
|
 
| n/a
[https://codyhouse.co/gem/horizontal-timeline Ref]
|
|
| - Lodash was brought in with gridstack v0.5.0 <br />- Will be removed when gridstack 4+ gets merged.
|-
|-
| style="font-weight:bold;" | Marked
| style="font-weight:bold;" |'''Masonry'''
| .../js/marked/
|4.2.2
| https://github.com/markedjs/marked
|4.2.2
| MIT License
|'''Inactive, 2018'''
| ^2.1.3
|<small>.../js/masonry/</small>
| 4.0.12
|MIT
| Active
|[https://masonry.desandro.com/ Masonry]
| Minor - v2.1.1, v2.1.2, v2.1.3<br />Major 3.x - breaking changes
[https://github.com/desandro/masonry GitHub]
| 4.0.0 Major security fixes
|
| n/a
| Yes 🚧
|  
|-
|-
| style="font-weight:bold;" | Masonry
| style="font-weight:bold;" |'''TinyMCE<br />Mathslate'''
| .../js/masonry/
|1.1
| https://masonry.desandro.com/<br />https://github.com/desandro/masonry
|1.1
| MIT License
|'''Forked, 2015'''
| =4.2.2
|<small>.../js/tinymce/plugins/mathslate/</small>
| 4.2.2
|GPL 3
| Inactive, 2018
|<small>Our version is [[GitHub|forked]].<br />to work with Tinymce 5</small>
| None
|
|
| n/a
|
|  
|-
|-
| style="font-weight:bold;" | TinyMCE<br />Mathslate
| style="font-weight:bold;" |'''Oauth PHP'''
| .../js/tinymce/plugins/mathslate/
|175
| https://github.com/dthies/tinymce4-mathslate
|175
| GPL 3
|'''Archived, 2010'''
| =1.1
|<small>.../webservice/libs/oauth-php/</small>
| 1.1
|MIT
| Forked version, 2015
|[https://code.google.com/archive/p/oauth-php/ Code]
| None
|<small>Replace with an</small> <small>[https://oauth.net/code/php oauth2 php library] see what Moodle does (old comment)</small>
|
| n/a
|
| Our version is now forked to keep <br />make it work with Tinymce 5
|-
|-
| style="font-weight:bold;" | Moment.js
| style="font-weight:bold;" |'''zxcvbn'''
| .../js/momentjs/
|4.4.2
| http://momentjs.com/
|4.4.2
| MIT License
|'''Inactive, 2017'''
| ^2.29.1
|<small>.../js/zxcvbn/</small>
| 2.29.1
|MIT
| Inactive, 2020
|[https://github.com/dropbox/zxcvbn GitHub]
| None
|
|  
| n/a
|
| Connected with jquery date-picker
|-
|-
| style="font-weight:bold;" | Oauth PHP
|'''Cookie consent'''
| .../webservice/libs/oauth-php/
|3.1.1
| https://code.google.com/archive/p/oauth-php/
|4.0
| MIT License
|'''No open source updates'''
| =175
|<small>.../js/cookieconsent/</small>
| 175
|MIT
| Archived, 2010
|[https://www.osano.com/cookieconsent Download] [https://github.com/osano/cookieconsent GitHub]
| Replace
 
|
<small>Open source version is not updated. 🚨</small>
| No
|
|
| We should replace with an oauth2 php library <br />https://oauth.net/code/php<br />checkout what Moodle does (old comment)
|-
|-
| style="font-weight:bold;" | PDFjs
|'''Select2'''
| .../artefact/file/blocktype/pdf/js/pdfjs/
|4.0.13
| http://mozilla.github.io/pdf.js/<br />getting_started/#download<br />https://github.com/mozilla/pdf.js
|4.0.13
| Apache License 2
|'''Inactive, 2020'''
| ^2.9.359
|<small>.../js/select2/</small>
| 2.12.313<br />
|MIT
| Active
|[https://select2.org/ Select2]<nowiki> | </nowiki>[https://github.com/select2/select2/releases Releases]
| Minor
RC 4.1
|
|
| n/a
|}
| Yes 🚧
 
|
=== Fonts ===
{| class="wikitable sortable" style="vertical-align:middle;"
!'''Name'''
!'''Mahara <br />version'''
!'''Latest<br />version'''
!'''Status'''
!'''README location<br />'''<code>(./htdocs/...)</code>
!'''License'''
!'''URL/Notes'''
|-
|-
| style="font-weight:bold;" | PHPMailer
| style="font-weight:bold;" |'''Aurulent Sans <br />(font)'''
| .../lib/phpmailer/
|2007.05.04
| https://github.com/PHPMailer/PHPMailer
|2007.05.04
| LGPL
|n/a
| ^6.5.1
|<small>.../lib/fonts/</small>
| 6.5.4
|SIL OFL v1.10
| Active<br />
|[https://www.fontsquirrel.com/fonts/aurulent-sans Font Squirrel Aurulent Sans]
| Minor 6.5.0 - security release<br />Minor 6.5.1 - maintenance release<br />PHP8 support
| Yes
| Yes
| Yes 🚧
|  
|-
|-
| style="font-weight:bold;" | Popper
| style="font-weight:bold;" |'''Deja Vu Sans <br />(font)'''
| .../lib/popper/
|2.37
| https://popper.js.org/
|2.37
| MIT License
|n/a
| ^1.16.1 LTS
|<small>.../lib/fonts/</small>
| 2.11.2
|DejaVu Fonts
| Active v2<br />LTS 1.16.1 <br />w/o warnings
|[http://www.fontsquirrel.com/fonts/DejaVu-Sans Font Squirrel Deja Vu Sans]
| (Bootstrap 5 supports v2.x)<br />Major 2.x - breaking 2020 - 2.9.3<br />(bootstrap4) - Minor 1.16.1, Mar 2020 <br />Popper is now floating-ui, built ontop of popper, <br />different releases for core/react-native/react-dom
|  
| n/a
|
| https://dev.to/fezvrasta/smarter-tooltips-and<br />-popovers-with-popper-2-44bh<br />
|-
|-
| style="font-weight:bold;" | ReCaptcha
| style="font-weight:bold;" |'''Open Sans <br />(font)'''
| .../lib/recaptcha/
|1.10
| https://github.com/google/recaptcha
|1.10
| BSD-3
|Unknown
| ^1.2.4
|<small>.../theme/raw/fonts/</small>
| 1.2.4
|Apache License
| Active
|[https://www.google.com/fonts/specimen/Open+Sans Google Fonts Open Sans]
| Patch
|
| In progress
| Yes 🚧
| This client supports both v2 and v3.<br>https://github.com/google/recaptcha/tree/php8-support
|-
|-
| style="font-weight:bold;" | simplesamlphp
| style="font-weight:bold;" |'''Roboto Slab <br />(font)'''
| ../auth/saml/extlib/simplesamlphp/
|1.100263
| https://github.com/simplesamlphp/<br />[https://github.com/simplesamlphp/simplesamlphp simplesamlphp]
|1.100263
| GPL 2.1
|Unknown
| ^1.18.7
|<small>.../theme/raw/fonts/</small>
| 1.19.5
|MIT
| Active
|[https://www.google.com/fonts/specimen/Roboto+Slab Google Fonts Roboto]
|  
|
| Yes 8.1
|
| /htdocs/auth/saml/extlib/ <br />- Make a README.Mahara file<br>PHP 8 coming in v2.x. [https://github.com/simplesamlphp/simplesamlphp/issues/1521#issuecomment-917600539 Sounds like it should work on 1.19.1 though].
|-
|-
| style="font-weight:bold;" | Select2
|'''Charis SIL <br />(fonts)'''
| .../js/select2/
|6.001
| https://select2.org/
|6.001
| MIT License
|Active
| ^4.0.13
|<small>.././lib/fonts/</small>
| 4.0.13
|SIL OFL
| Active
|[http://scripts.sil.org/cms/scripts/page.php?item_id=CharisSIL About font]<nowiki> | </nowiki>[https://software.sil.org/charis/download/ Download]
| Patch
|
| n/a
| Yes 🚧
|
|-
| style="font-weight:bold;" | Aurulent Sans <br />(font)
| .../lib/fonts/
| http://www.fontsquirrel.com/fonts/<br />Aurulent-Sans
| SIL OFL v1.10
| ^2007.05.04
| 2007.05.04
| Unknown
| None
|
| n/a
|
|
|-
| style="font-weight:bold;" | Deja Vu Sans <br />(font)
| .../lib/fonts/
| http://www.fontsquirrel.com/fonts/<br />DejaVu-Sans
| DejaVu Fonts <br />License v1.00
| ^2.37
| 2.37
| Unknown
| Patch
|
| n/a
| Yes 🚧
|
|-
| style="font-weight:bold;" | Open Sans <br />(font)
| .../theme/raw/fonts/
| https://www.google.com/fonts/<br />specimen/Open+Sans
| Apache License <br />version 2.0
| ^1.10
| 1.10
| Unknown
| None
|
| n/a
|
|
|-
| style="font-weight:bold;" | Roboto Slab <br />(font)
| .../theme/raw/fonts/
| https://www.google.com/fonts/<br />specimen/Roboto+Slab
| MIT License
| ^1.9
| 1.100263
| Unknown
| Minor
|
| n/a
| Yes 🚧
|
|-
| style="font-weight:bold;" | Fontawesome
| .../theme/raw/sass/lib/font-awesome/
| http://fontawesome.io<br />https://github.com/FortAwesome/Font-Awesome
| SIL OFL 1.1
| ^5.8.1
| 6.0.0
| Active
| Minor
|
| n/a
| Yes 🚧
| https://github.com/FortAwesome/Font-Awesome<br />/blob/master/UPGRADING.md
|-
| style="font-weight:bold;" | Ghostscript <br />fonts
| .../theme/raw/fonts/
| - http://sourceforge.net/projects/gs-fonts/<br />- https://www.ghostscript.com/releases.html
| AGPL
| ^8.11
| 9.54.0
| Active
| Major
|
| n/a
|
| ❗What do we use it for?
|-
| style="font-weight:bold;" | Charis SIL <br />(fonts)
| .././lib/fonts/
| - http://scripts.sil.org/cms/scripts/page.php<br />?item_id=CharisSIL<br />- https://software.sil.org/charis/download/
| SIL OFL
| ^5.000
| 6.001
| Active
| Major
|
| n/a
|
|
|-
| style="font-weight:bold;" | TinyMCE
| .../js/tinymce/
| https://www.tiny.cloud/<br />https://www.tiny.cloud/get-tiny/self-hosted
| LGPL 2.1
| ^5.8.2
| 5.9+
| Active
| Major security patch - XSS
| Yes
| n/a
| Yes 🚧
| https://www.tiny.cloud/docs/changelog/<br />📲 Test on mobile when updating<br />https://www.tiny.cloud/blog/category/<br />news-and-updates/
|-
| style="font-weight:bold;" | Video.js
| .../artefact/file/blocktype/<br />internalmedia/videojs/
| http://videojs.com/<br />https://github.com/videojs/video.js
| Apache License 2.0
| ^7.14.3
| 7.18.0
| Active
| Minor
|
| n/a
| Yes🚧
|
|-
| style="font-weight:bold;" | zxcvbn
| .../js/zxcvbn/
| https://github.com/dropbox/zxcvbn
| MIT License
| =4.4.2
| 4.4.2
| Inactive, 2017
| None
|
| n/a
|
|
|-
| style="font-weight:bold;" | composer.json<br />dependencies<br />
| https://git.mahara.org<br />/mahara/mahara/-/blob/<br />master/external/composer.json
| Check for updates in the .json file.
|
|
|
|
|
|
|
|
|
|}
|}
=== Composer.json dependencies ===
'''Resources:''' https://git.mahara.org | <code>/mahara/mahara/-/blob/</code> | <code>mahara/external/composer.json</code>
'''Run''' <code>composer outdated</code> to check for updates.

Latest revision as of 16:18, 4 Ocak 2024

A list of the third-party plugins within Mahara.

Composer commands

For available versions, e.g. composer show phpro/grumphp-shim 1.14.* --all

For our composer dependencies: composer show --tree

For checking the dependencies of a library version, e.g. composer show elasticsearch/elasticsearch 7.17.* --tree

Check if there are any outdated libraries (according to the version syntax in composer.json) composer outdated

Checking the .Mahara files

To check the versions in the .Mahara files, a helpful way to update this list is to go:

 find ./htdocs -type f -iname "README.Mahara" -exec grep 'Version' -B1 {} \; -print

... on the current codebase.

Syncing the list in 'Country' dropdowns

To keep in sync is the country names we use for 'Country' dropdowns. To check what the current state of play is

perl -MLocale::Country -le 'print join("\n", sort map { country2code($_) . " => " . country2code($_, LOCALE_CODE_ALPHA_3) . ", // " . $_ } all_country_names())'

and check the results against htdocs/lib/country.php and htdocs/lang/en.utf8/mahara.php files

For any confusion you can also check against https://www.iso.org

Third-party libraries (PHP and JS)

Legend

  • Mahara version = the README.Mahara file for the library | SemVer Info - explaining the symbols in the Mahara version column
  • Latest version = the most recent available version
  • Update type = what upgrades are available for this plugin, i.e. major, minor, patch, or security?
  • Support = Is there a community supporting this library? When was the last release year if not in active support
    • Active: There is ongoing work being put into the library
    • Inactive: Maintained but not actively making releases
    • Archived: Not being maintained
    • Deprecated (officially): All maintainers have left, and site may not exist in extreme cases.
  • License = software license for the library
  • Notes = extra information, e.g. resources, notes, and new
  • Composer = check if the library is managed by Composer
  • NPM = check if the library is managed by NPM

PHP versions in support https://www.php.net/supported-versions.php⁣ – 14 LTS - Ends security support in 30 Apr 2023, go to 16 LTS soon

💡 A new idea is being proposed to better handle customisations on updating third party libraries lives here → https://reviews.mahara.org/c/mahara/+/13780

PHP libraries (excluding external)

https://eusonlito.github.io/php-changes-cheatsheet/deprecated.html

Libraries are managed by Composer. See composer.json

Run composer show to get a quick summary of library versions managed by Composer.

Run composer outdated to get a list of outdated libraries.

🟡 Libraries yet to be moved to Composer: SimpleSAMLPHP - currently lives in htdocs/auth/saml/extlib and the version is managed in Makefile by curl.

Name Mahara
version
Update type Support License URL/Notes Composer
ADODB 5.22.6 Up to date Active BSD 3-Clause
LGPL
Official site | GitHub | Twitter
Wish-list: extract $SESSION
CSS Tidy 2.1.0 Up to date Active LGPL GitHub
Elasticsearch PHP 7.17.2 Major, 8.10.0 Active Apache v2.0 LGPL v2.1 GitHub | Changelog

Move to OpenSearch

HTML Purifier 4.16.0 Up to date 2022 LGPL v2.1+ HTML Purifier | GitHub
PHPMailer 6.8.1 Up to date Active LGPL GitHub
ReCaptcha 1.2.4 Minor, 1.3.0 Active BSD-3 GitHub
simplesamlphp 2.0.4 Minor, 2.0.6 Active GPL 2.1 GitHub

Optional library - called in Makefile

JavaScript and jQuery libraries

🟡 Check that our Node version is still in support https://endoflife.date/nodejs node| https://nodejs.org/en/download/releases/ ➡ Update the .nvmrc file with the supported version.

Run npm list to get a quick list of the versions and libraries managed by NPM

Goal: to move libraries to be managed by NPM

NPM-managed JS libraries

Name Mahara
version
Update type Support License Notes
yargs 5.0.2 Minor, 5.3.2 Active MIT
Chart.js 3.9.1 Major, 4.4.0 Active MIT Migration to v4
Clipboard js 2.0.11 Up to date Active MIT version # is tagged
Dragon-drop 3.6.1 Up to date 2020 MIT
Dropzone 5.9.3 Patch, 5.9.3 2021 MIT
jQuery 3.7.1 Up to date Active MIT Forum
jQuery UI 1.13.2 Up to date Active MIT
JS Color 2.5.1 Up to date Inactive,2022 GPL 3
Marked 4.3.0 Minor, 4.3.0

Major 9.1.0

Active MIT
Moment.js 2.29.4 Up to date Active MIT Moment JS 🆕 Luxon GitHub
Popper 2.11.8 Up to date Active MIT GitHub issue | tooltips

Floating UI

Fontawesome 6.4.2 Up to date Active SIL OFL 1.1 Upgrade steps | Changelog
TinyMCE 5.10.7 Major, 6.7.0 Active LGPL 2.1 Downloads | Changelog

📲 Test mobile

Video.js 7.21.5 Major, 8.5.2 Active Apache License 2.0 Video JS

Manually managed JS libraries

Name Mahara
version
Update type Support Location
(./htdocs/...)
License Notes NPM
Date time

picker

4.17.47 Major 6.17.16 Active - v6 .../js/bootstrap-datetimepicker/ MIT Changelog

Latest release: rewrite (beta)

Datatables 1.11.4 Minor Active .../js/DataTables/ MIT Download

Release notes CDN

❌ Need to use web builder
Gridstack 4.4.1 Major Active .../js/gridstack/ MIT [Demos](https://gridstackjs.com/demo/)


https://github.com/gridstack/gridstack.js/tree/master/doc

🚧
Json editor 2.6.1 Minor Active .../js/jsoneditor/ MIT Changelog 🚧
PDFjs 3.10.111 Minor 🚧 Active .../artefact/file/blocktype/pdf/js/pdfjs/ Apache License 2 Getting started

The Firefox dist version different to NPM package

Forked/stale/deprecated libraries

Name Mahara
version
Latest
version
Support Location
(./htdocs/...)
License URL Next action
Dwoo 1.3.7 1.3.7 Archived, 2020 .../lib/dwoo/ LGPL Dead site?

GitHub

Javascript
templates
3.20.0 3.20.0 Archived, 2021 .../js/javascript-templates/ MIT GitHub
jQuery mobile 1.5.0-alpha.1 1.5.0-rc1 Deprecated .../js/jquery/jquery-mobile/ MIT Website
🚨 "transition(ed) ... under the jQuery project umbrella, jQuery UI"
Remove and test
jQuery UI plugin
touch-punch
0.2.3 0.2.3 Deprecated .../js/jquery/jquery-ui/
jquery-ui-touch-punch.min.js
MIT or GPL
Version 2
GitHub

🚨 external to JQuery UI

Use a fork?
jTLine 1.0 1.0 Inactive, 2018 .../js/jTLine/ MIT GitHub

Twitter

Ref

Masonry 4.2.2 4.2.2 Inactive, 2018 .../js/masonry/ MIT Masonry

GitHub

TinyMCE
Mathslate
1.1 1.1 Forked, 2015 .../js/tinymce/plugins/mathslate/ GPL 3 Our version is forked.
to work with Tinymce 5
Oauth PHP 175 175 Archived, 2010 .../webservice/libs/oauth-php/ MIT Code Replace with an oauth2 php library see what Moodle does (old comment)
zxcvbn 4.4.2 4.4.2 Inactive, 2017 .../js/zxcvbn/ MIT GitHub
Cookie consent 3.1.1 4.0 No open source updates .../js/cookieconsent/ MIT Download GitHub

Open source version is not updated. 🚨

Select2 4.0.13 4.0.13 Inactive, 2020 .../js/select2/ MIT Select2 | Releases

RC 4.1

Fonts

Name Mahara
version
Latest
version
Status README location
(./htdocs/...)
License URL/Notes
Aurulent Sans
(font)
2007.05.04 2007.05.04 n/a .../lib/fonts/ SIL OFL v1.10 Font Squirrel Aurulent Sans
Deja Vu Sans
(font)
2.37 2.37 n/a .../lib/fonts/ DejaVu Fonts Font Squirrel Deja Vu Sans
Open Sans
(font)
1.10 1.10 Unknown .../theme/raw/fonts/ Apache License Google Fonts Open Sans
Roboto Slab
(font)
1.100263 1.100263 Unknown .../theme/raw/fonts/ MIT Google Fonts Roboto
Charis SIL
(fonts)
6.001 6.001 Active .././lib/fonts/ SIL OFL About font | Download

Composer.json dependencies

Resources: https://git.mahara.org | /mahara/mahara/-/blob/ | mahara/external/composer.json

Run composer outdated to check for updates.