Actions

Developer Area/Plugins/Third party: Difference between revisions

From Mahara Wiki

< Developer Area‎ | Plugins
No edit summary
No edit summary
Line 22: Line 22:
! Current version
! Current version
! Latest version
! Latest version
! Min support
! Support
! Upgrade type: Sec|Maj|Min
! Upgrade type: Sec|Maj|Min
! Security fix
! Security fix
! Notes
! Notes
! style="font-weight:normal;" | Estimated upgrade time
! style="font-weight:normal;" | Estimated time
! style="font-weight:normal;" | Notifications
! style="font-weight:normal;" | Notifications
|-
|-
Line 35: Line 35:
| 5.20.20<br />
| 5.20.20<br />
| style="color:#000000;" | 5.21.1
| style="color:#000000;" | 5.21.1
| 5.20.20
| End 5.20.20
| Security - 5.21.0 incl.5.21.0-beta.1 - 2020-12-20<br />- adodb: prevent SQL injection in SelectLimit()<br />- session: add 'httponly' flag to cookie<br /><br />Minor<br />- Deprecation<br />  - mysqli: Deprecate $optionFlags property in favor<br />    of standard setConnectionParameter() method<br />
| Security - 5.21.0 incl.5.21.0-beta.1 - 2020-12-20<br />- adodb: prevent SQL injection in SelectLimit()<br />- session: add 'httponly' flag to cookie<br /><br />Minor<br />- Deprecation<br />  - mysqli: Deprecate $optionFlags property in favor<br />    of standard setConnectionParameter() method<br />
| Yes
| Yes
| - Compatible with all PHP versions
|  
|  
|  
| ADOB release all news on current releases + important bug fixes on https://twitter.com/ADOdb_announce first.
| ADOB release all news on current releases + important bug fixes on https://twitter.com/ADOdb_announce first.
Line 48: Line 48:
| 4.6.0
| 4.6.0
| 5.1.0
| 5.1.0
| 4.x (LTS) - 01 Nov 2022
| Ends 4.x (LTS) - 01 Nov 2022
| Major
| Major
|  
|  
Line 61: Line 61:
| 4.17.47
| 4.17.47
| 5.39.0
| 5.39.0
| Developer has stopped<br />working on the project.<br />
| Inactive,<br />v4 not maintained<br />
| None
| None
|  
|  
| runs using bootstrap and moment.js  <br />Version 4 is not maintained anymore.<br />There is a version 5 but not finished.<br /><br />
| runs using bootstrap and moment.js  <br />There is a version 5 but not finished.
|  
|  
|  
|  
Line 74: Line 74:
| 2.9.3
| 2.9.3
| 3.5.1
| 3.5.1
| 2.x - 2.9.4<br />3.x - 3.0.0 rel Apr 21<br />
| LTS 2.x - 2.9.4<br />Active 3.x<br />
| Minor - 2.9.4: bug fixes<br /><br />Major - 3.0.0 breaking changes<br />- https://www.chartjs.org/docs/next/getting-started/v3-migration<br />- https://www.npmjs.com/package/chart.js  <br />- https://www.chartjs.org/docs/next/typedoc/<br />- https://www.chartjs.org/samples/next/  <br />- https://www.chartjs.org/docs/next/<br /><br />Minor - 3.0.1 bug fixes
| Minor - 2.9.4: bug fixes<br /><br />Major - 3.0.0 breaking changes<br />- https://www.chartjs.org/docs/next/getting-started/v3-migration<br />- https://www.npmjs.com/package/chart.js  <br />- https://www.chartjs.org/docs/next/typedoc/<br />- https://www.chartjs.org/samples/next/  <br />- https://www.chartjs.org/docs/next/<br /><br />Minor - 3.0.1 bug fixes
|  
|  
Line 87: Line 87:
| 2.0.6
| 2.0.6
| 2.0.8
| 2.0.8
|  
| Active
| Patch fix
| Patch fix
|  
|  
Line 103: Line 103:
| None
| None
|  
|  
| Looks like the opensource version is not maintained - last update two years ago.<br />The site talks about new versions 2021.6 and 2021.2.3 which are not available. on GitHub.<br />
| Site talks about versions 2021.6 and 2021.2.3 which are not available on GitHub.<br />
|  
|  
|  
|  
Line 113: Line 113:
| 1.7.1
| 1.7.1
| 1.7.3
| 1.7.3
| Not maintained, 2020
| Inactive, 2020
| None
| None
| -
| -
Line 126: Line 126:
| 3.2.1
| 3.2.1
| 3.6.1
| 3.6.1
| Active
| Minor - changelog not available.
|  
|  
| Minor - changelog not available.
|  
|  
| Current as of 2021-02-18 <br /> last updated August 2019
|  
|  
|  
|  
Line 139: Line 139:
| 1.10.20
| 1.10.20
| 1.10.25
| 1.10.25
|  
| Active<br />
| Patch
| Patch fix
|  
|  
|  
|  
Line 152: Line 152:
| 5.7.6
| 5.7.6
| 5.9.2
| 5.9.2
| Active
| Minor<br />- moved the ./src/options.js previewTemplate in its own<br />  preview-template.html file<br />- Dropzone triggers custom events on DOM using dropzone
|  
|  
| Minor<br />- switched to yarn<br />- moved the ./src/options.js previewTemplate in its own<br />  preview-template.html file<br />- Dropzone triggers custom events on DOM using dropzone:<br />
|  
|  
| Released 2021-02-09 <br /> last updated July 2020
|  
|  
|  
|  
Line 161: Line 161:
| Dwoo
| Dwoo
| ./htdocs/lib/dwoo/
| ./htdocs/lib/dwoo/
| http://dwoo.org/https://github.com/dwoo-project/dwoo
| - http://dwoo.org/<br />- https://github.com/dwoo-project/dwoo
| GNU Lesser General Public License
| GNU Lesser General Public License
| 1.3.7
| 1.3.7
| 1.3.7
| 1.3.7
| Needs replacing.<br />
| Deprecated<br />
| None
| Replace
|
|
|
|  
|  
| PHP 5.3+
| NB: This library is no longer maintained
| We will soon look at replacing this library
|-
|-
| Elastic Search
| Elastic Search
Line 178: Line 178:
| 6.1.0
| 6.1.0
| 7.11.0
| 7.11.0
|  
| Active<br />
| WIP - Gold
| WIP - Gold
|  
|  
| https://github.com/elastic/elasticsearch-php/blob/master/CHANGELOG.md <br /> Patch in review to upgrade to 7.5, (Bug 1840101: update elasticsearch-php to 7.5) <br />  -  currently works with ES server 6.8, but not 7.<br />Note that our code needs to be upgraded so we can connect to ES server 7.6, which is a separate issue.
| https://github.com/elastic/elasticsearch-php/blob/master/CHANGELOG.md <br /> Patch in review to upgrade to 7.5, (Bug 1840101: update elasticsearch-php to 7.5) <br />  -  currently works with ES server 6.8, but not 7.<br />Note that our code needs to be upgraded so we can connect to ES server 7.6, which is a separate issue.
| Investigation in process to upgrade our code.<br />---<br /> Elastic Search PHP 7.8.0 is compatible with Elastic Search 7.8.0
|  
| signed up to mailing list
|  
|-
|-
| fancybox3
| fancybox3
| ./htdocs/js/fancybox/
| ./htdocs/js/fancybox/
| https://fancyapps.com/fancybox/3/ - discont.<br />https://fancyapps.com/docs/ui/fancybox - final v4<br /><br />https://github.com/fancyapps/ui - in BETA stage<br />https://fancyapps.com/docs/ui/installation<br />
| https://github.com/fancyapps/ui - in BETA stage<br />https://fancyapps.com/docs/ui/installation
| Creative Commons: CC BY-SA 4.0 license
| Creative Commons: CC BY-SA 4.0 license
| 3.5.6
| 3.5.6
| 3.5.7
| 3.5.7
| Inactive<br />- v3 deprecated<br />- v4 in beta stage
| None
|  
|  
| None - wait until v4 is not in Beta.<br />
| https://fancyapps.com/next/
|
|  
|  
| https://fancyapps.com/next/
| https://twitter.com/thefancyapps
| https://twitter.com/thefancyapps
|-
|-
Line 204: Line 204:
| 0.6.4
| 0.6.4
| 3.3.0
| 3.3.0
|  
| Active
| WIP<br />
| WIP - Robert<br />
|  
|  
| A lot of activity in the past few months - looks to be significant structural changes, including removing jquery.
| A lot of activity in the past few months - looks to be significant structural changes, including removing jquery.
| Investigation needed, but looks like a large change (Cecilia?) <br />Change log: https://github.com/gridstack/gridstack.js/blob/develop/doc/CHANGES.md
| <br />
| questions can be posted in their slack channel <br />[https://join.slack.com/t/gridstackjs/shared_invite/enQtODE1NzkxMTUzNTIzLTA1NTEzZGE2NzliMGY5M2IwN2UzNWUzYmY2YTA0OTFlMTlmMDA3MTg3MGViZTRhZjM0N2QyODMyMjc1NzY4ZWQ slack channel]
| questions can be posted in their slack channel <br />[https://join.slack.com/t/gridstackjs/shared_invite/enQtODE1NzkxMTUzNTIzLTA1NTEzZGE2NzliMGY5M2IwN2UzNWUzYmY2YTA0OTFlMTlmMDA3MTg3MGViZTRhZjM0N2QyODMyMjc1NzY4ZWQ slack channel]
|-
|-
Line 217: Line 217:
| 4.13.0
| 4.13.0
| 4.13.0
| 4.13.0
| Inactive, 2020
| None
|  
|  
| None
|  
|  
| No releases since June 2020
|  
|  
| updates via the 'NEWS' section on github README <br />https://github.com/ezyang/htmlpurifier/blob/v4.13.0/NEWS
| https://github.com/ezyang/htmlpurifier/blob/v4.13.0/NEWS
|-
|-
| Javascript templates
| Javascript templates
Line 230: Line 230:
| 3.19.0
| 3.19.0
| 3.19.0
| 3.19.0
| Inactive, 2020
| None
|
|  
|  
| None
|  
|  
| No releases since Sept 2020
| n/a
|  
|  
|-
|-
| jQuery
| jQuery
| ./htdocs/js/jquery/
| ./htdocs/js/jquery/
| http://jquery.com/<br />https://github.com/jquery/jquery<br />
| http://jquery.com/<br />https://github.com/jquery/jquery
| MIT License
| MIT License
| 3.5.1
| 3.5.1
| 3.6.0
| 3.6.0
|  
| Active
| Minor
| Minor
|  
|  
Line 256: Line 256:
| 1.5.0-alpha.1
| 1.5.0-alpha.1
| 1.5.0-rc1
| 1.5.0-rc1
| Inactive, 2017
| None
|
| https://blog.jquerymobile.com - lack of resources but wish to maintain.
|  
|  
| None
|  
|  
| released Sept 2018<br />touch.js last updated June 2016 (https://github.com/jquery/jquery-mobile/blob/master/js/events/touch.js)
| No significant changes
| QA: https://forum.jquery.com/jquery-mobile/
|-
|-
| jQuery UI
| jQuery UI
Line 269: Line 269:
| 1.12.1
| 1.12.1
| 1.12.1
| 1.12.1
| Inactive, 2017
| None
|  
|  
| None
| https://blog.jqueryui.com/ - lack of resources but with to maintain.
|  
|  
|  
|  
| n/a
| jQuery Accessibility [https://groups.google.com/forum/#!forum/jquery-a11y jquery a11y forum] <br />
|-
|-
| jQuery UI plugin <br />touch-punch
| jQuery UI plugin <br />touch-punch
Line 282: Line 282:
| 0.2.3
| 0.2.3
| 0.2.3
| 0.2.3
| Deprecated
| None
|
|  
|  
| None
|  
|  
| Doesn't exist anymore.<br /><br />jquery, jquery-ui<br />
| n/a
|  
|  
|-
|-
Line 295: Line 295:
| 2.4.5
| 2.4.5
| 2.4.5
| 2.4.5
| Active
| None
|  
|  
| None
|  
|  
|  
|  
| we have no customisations, hopefull straight forward upgrade
|  
|  
|-
|-
Line 308: Line 308:
| 1.3.5
| 1.3.5
| 2.5.4
| 2.5.4
| Active
| Major 2.x
|
|  
|  
| Major 2.x
|  
|  
| https://github.com/json-editor/json-editor/blob/2.0.0/CHANGELOG.md
| Investigation needed
|  
|  
|-
|-
Line 321: Line 321:
| 1.0
| 1.0
| 1.0
| 1.0
| Not maintained, 2018<br />
| Inactive, 2018
| None
|  
|  
|  
|  
|  
|  
| n/a
| Twitter: https://twitter.com/naadydev
| Twitter: https://twitter.com/naadydev
|-
|-
Line 334: Line 334:
| style="color:#333333;" | 4.17.15
| style="color:#333333;" | 4.17.15
| 4.17.21
| 4.17.21
| Active
| Patch fix
|  
|  
| Patch fix<br />
| Lodash was brought in with gridstack- gridstack v0.5.0 no longer have it as a requirement
|  
|  
|  
|  
| n/a?? Lodash was brought in with gridstack- gridstack v0.5.0 no longer have it as a requirement, <br />if we upgrade gridstack we can probably let lodash go?
| n/a - after we upgrade gridstack Lodash will be gone
|-
|-
| Marked
| Marked
Line 347: Line 347:
| 2.0.0
| 2.0.0
| 3.0.0
| 3.0.0
| Active
| Minor - v2.1.1, v2.1.2, v2.1.3<br />Major 3.x - breaking changes
|  
|  
| Major 3.x<br />- breaking changes<br /><br /><br />Minor 2.1.(1,2,3)<br />
|  
|  
|  
|  
| What we use is a min.js file, so it's hard to diff. Probably small effort to upgrade, but allow for medium due to unknown
|  
|  
|-
|-
| Masonry
| Masonry
| ./htdocs/js/masonry/README.Mahara
| ./htdocs/js/masonry/README.Mahara
| https://masonry.desandro.com/
| https://masonry.desandro.com/<br />https://github.com/desandro/masonry
| MIT License
| MIT License
| 4.2.2
| 4.2.2
| 4.2.2
| 4.2.2
| Inactive, 2018
| None
|  
|  
|  
|  
|  
|  
| Current as of 2021-02-18. Last updated Jul 2018
| n/a
|  
|  
|-
|-
| Mobile detect
| TinyMCE -Mathslate
| ./htdocs/lib/mobile_detect/
| ./htdocs/js/tinymce/plugins/mathslate/
| http://mobiledetect.net/
| https://github.com/dthies/tinymce4-mathslate
| MIT License
| GPL 3
| 2.8.34
| 1.1
| 2.8.36
| 1.1
| Forked version, 2015
| None
|  
|  
| Our version is now forked to keep make it work with Tinymce 5
|  
|  
|
| Supported devices have been updated
| Updating effort looks small
|  
|  
|-
|-
Line 384: Line 384:
| http://momentjs.com/
| http://momentjs.com/
| MIT License
| MIT License
| 2.24.0
| 2.29.1
| 2.29.1
| 2.29.1
| Inactive, 2020
| None
|  
|  
|  
|  
|  
|  
| used in conjunction with the bootstrap datetimepicker.
| 2 releases have come out, looks like bug fixes <br />change log: https://gist.github.com/marwahaha <br /> probably a small upgrade effort
|  
|  
|-
|-
| Oauth PHP
| Oauth PHP
| ./htdocs/webservice/libs/oauth-php/
| ./htdocs/webservice/libs/oauth-php/
| http://code.google.com/p/oauth-php/
| https://code.google.com/archive/p/oauth-php/
| MIT License
| MIT License
| 175
| 175
| 175
| 175
| Archived, 2010
| Replace
|  
|  
| We should replace with an oauth2 php library https://oauth.net/code/php/ and / or checkout what Moodle do
|  
|  
|
| This package is not maintained and was last updated in 2010
| We should replace with an oauth2 php library https://oauth.net/code/php/ and / or checkout what Moodle do
|  
|  
|-
|-
| PDFjs
| PDFjs
| ./htdocs/artefact/file/blocktype/pdf/js/pdfjs/
| ./htdocs/artefact/file/blocktype/pdf/js/pdfjs/
| http://mozilla.github.io/pdf.js/getting_started/#download
| http://mozilla.github.io/pdf.js/getting_started/#download<br />https://github.com/mozilla/pdf.js<br />
| Apache License 2
| Apache License 2
| 2.2.228
| 2.8.335<br />
| 2.6.347
| 2.9.359<br />
| Active
| Minor <br />- improving text layer rendering<br />- accessibility for screen readers
|  
|  
|  
|  
|  
|  
| change log:https://github.com/mozilla/pdf.js/releases
| Medium to large upgrade, depending on if structure changes. Investigation needed
|  
|  
|-
|-
Line 423: Line 423:
| https://github.com/PHPMailer/PHPMailer
| https://github.com/PHPMailer/PHPMailer
| LGPL
| LGPL
| 6.1.5
| 6.2.0
| 6.2.0
| 6.5.1
| Active<br />
| Minor 6.5.0 - security release<br />Minor 6.5.1 - maintenance release
| Yes
|  
|  
|  
|  
|
| Security update as well as compatibility for PHP 8 in latest version.
| In progress <-- is there a patch for this? The latest version is now 6.1.7 (maintenance release)
|  
|  
|-
|-
Line 437: Line 437:
| MIT License
| MIT License
| 1.16.0
| 1.16.0
| 2.7.0
| 2.9.3
| Active v2<br />LTS 1.16.1 w/o warnings
| (when we use bootstrap 5 supporting v2.x)<br />Major 2.x - breaking 2020<br />2.9.3<br />(while we are still at bootstrapr4)<br /><br />Minor 1.16.1, Mar 2020
|  
|  
| https://dev.to/fezvrasta/smarter-tooltips-and-popovers-with-popper-2-44bh
|  
|  
|
| Very active project with a lot of releases.
| Used by Bootstrap. When Bootstrap updates to use popper V2x we will be able to upgrade popper.<br />https://github.com/twbs/bootstrap/pull/31178
|  
|  
|-
|-
Line 451: Line 451:
| 1.2.1
| 1.2.1
| 1.2.4
| 1.2.4
| Active
| Patch fix
|  
|  
| This client supports both v2 and v3.
|
|
|-
| simplesamlphp
| /htdocs/auth/saml/extlib/simplesamlphp/
| https://github.com/simplesamlphp/simplesamlphp
| GPL 2.1
| 1.18.7
| 1.19.1
| Active
| Minor<br />- do not accept the hashed admin password for authentication<br />- strengthen against prev security vulnerabilities -3rd party<br />  modules may be affected.<br />
| Related<br />
|  
|  
|  
|  
| 5.5+
| n/a
|  
|  
|-
|-
Line 464: Line 477:
| 4.0.9
| 4.0.9
| 4.0.13
| 4.0.13
| Active
| Patch fix
|  
|  
|  
|  
|  
|  
| Bug fixes and improvements, no major changes or security fixes
| At least medium effort to upgrade, as there are several changes in Mahara and quite a bit of testing
|  
|  
|-
|-
| simplesamlphp
| Skin fonts<br />font-squirrel<br />
| /htdocs/auth/saml/extlib/simplesamlphp/
| /htdocs/lib/fonts/README.Mahara<br />
| https://github.com/simplesamlphp/simplesamlphp
| GPL 2.1
| 1.18.7
| 1.18.8
|
|
|
|
|
| We have joined the mailing list<br />https://simplesamlphp.org/lists
|-
| Skin fonts
| /htdocs/lib/fonts/README.Mahara
| - http://www.fontsquirrel.com/fonts/Aurulent-Sans<br />- http://www.fontsquirrel.com/fonts/DejaVu-Sans<br />- http://scripts.sil.org/cms/scripts/page.php?item_id=CharisSIL<br />- http://sourceforge.net/projects/gs-fonts/
| - http://www.fontsquirrel.com/fonts/Aurulent-Sans<br />- http://www.fontsquirrel.com/fonts/DejaVu-Sans<br />- http://scripts.sil.org/cms/scripts/page.php?item_id=CharisSIL<br />- http://sourceforge.net/projects/gs-fonts/
| Multiple licenses
| Multiple licenses
Line 493: Line 493:
|  
|  
|  
|  
| no changes
|  
| n/a
|  
|  
|  
|-
|-
| System fonts
| System fonts<br />fontawesome<br />
| - ./htdocs/theme/raw/fonts/<br />- ./htdocs/theme/raw/sass/lib/font-awesome/
| - ./htdocs/theme/raw/fonts/<br />- ./htdocs/theme/raw/sass/lib/font-awesome/
| - http://fontawesome.io<br />- https://www.google.com/fonts/specimen/Open+Sans<br />- https://www.google.com/fonts/specimen/Roboto+Slab
| - http://fontawesome.io<br />- https://www.google.com/fonts/specimen/Open+Sans<br />- https://www.google.com/fonts/specimen/Roboto+Slab
Line 507: Line 507:
|  
|  
| changes to unicode for fontawesome <br />- https://github.com/FortAwesome/Font-Awesome/blob/master/UPGRADING.md
| changes to unicode for fontawesome <br />- https://github.com/FortAwesome/Font-Awesome/blob/master/UPGRADING.md
| medium effort to upgrade due to needing to check for issues.
|  
|  
|  
|-
|-
| TinyMCE
| TinyMCE
| ./htdocs/js/tinymce/README.Mahara
| ./htdocs/js/tinymce/README.Mahara
| https://www.tiny.cloud/
| https://www.tiny.cloud/<br />https://www.tiny.cloud/get-tiny/self-hosted
| LGPL
| LGPL 2.1
| 5.0.13
| 5.7.0
| 5.7.0
| 5.8.2
| Active
| Minor - small
|  
|  
| https://www.tiny.cloud/docs/changelog/<br />Test on mobile when updating
|  
|  
|
| A number of bug fixes and improvements<br />https://www.tiny.cloud/docs/changelog/<br />Test on mobile when updating
| probably only worth updating if we are affected by any of the bugs they are fixing. <br />Need to investigate that and how long it would take.
| Blog: https://www.tiny.cloud/blog/category/news-and-updates/
| Blog: https://www.tiny.cloud/blog/category/news-and-updates/
|-
| TinyMCE - Mathslate
| ./htdocs/js/tinymce/plugins/mathslate/
| https://github.com/dthies/tinymce4-mathslate
| GPL 3
| 1.1
| 1.1
|
|
|
| no changes<br />Our version is now forked to keep make it work with Tinymce 5
| n/a
|
|-
|-
| Video.js
| Video.js
| ./htdocs/artefact/file/blocktype/internalmedia/<br />videojs/
| ./htdocs/artefact/file/blocktype/internalmedia/<br />videojs/
| http://videojs.com/
| http://videojs.com/<br />https://github.com/videojs/video.js<br />
| Apache License 2.0
| Apache License 2.0
| 7.6.5
| 7.11.4
| 7.11.4
| 7.14.3
| Active
| Minor<br />- use setup-node cache and remove individual cache step<br />- playbackRates() method<br />
|
|  
|  
|  
|  
|  
|  
| Some bug fixes. Looks mostly minor changes<br />https://github.com/videojs/video.js/releases
| Needs investigation. Probably small to medium
| we have signed up to their mailing list
|-
|-
| zxcvbn
| zxcvbn
Line 555: Line 542:
| 4.4.2
| 4.4.2
| 4.4.2
| 4.4.2
| Inactive, 2017
| None
|  
|  
|  
|  
|  
| <br />
| Current as of 2021-02-18<br />Last updated Feb 2017
| Should we change to a maintained library, eg https://github.com/bjeavons/zxcvCurrent at July 2020bn-php? <br />Yes we should but is that one just a port of the js version or is it an updated / more robust system?<br />
|  
|  
|-
|-
| composer.json
| composer.json<br />dependencies<br />
| https://git.mahara.org/mahara/mahara/<br />-/blob/master/external/composer.json
| https://git.mahara.org/mahara/mahara/<br />-/blob/master/external/composer.json
|  
| Check for updates for each dependency inside the .json file.
|  
|  
|  
|  

Revision as of 13:48, 20 August 2021

A list of the third party plugins within Mahara.

A helpful way to update this list is to go: 

 find ./htdocs -type f -iname "README.Mahara" -exec grep 'Version' -B1 {} \; -print

on the current codebase.

Note: another thing to keep in sync is the country names we use for 'Country' dropdowns. To check what the current state of play is 

 perl -MLocale::Country -le 'print join("\n", sort map { country2code($_) . " => " . country2code($_, LOCALE_CODE_ALPHA_3) . ", // " . $_ } all_country_names())'

and check the results against htdocs/lib/country.php and htdocs/lang/en.utf8/mahara.php files For any confusion you can also check against https://www.iso.org

Indicating what version they are on in Mahara and what they currently are on at time of publishing 18 Feb 2021.

Current versions marked in Red indicate the plugin needs updating/upgrading.

Name Readme file URL License Current version Latest version Support Maj|Min Security fix Notes Estimated time Notifications
ADODB ./htdocs/lib/adodb/ - https://adodb.org/dokuwiki/doku.php
- https://github.com/ADOdb/ADOdb
- https://github.com/ADOdb/ADOdb/blob/v5.21.0/docs/changelog.md
 - BSD 3-Clause
- GNU Lesser General Public Licence 		5.20.20
 5.21.1 End 5.20.20 Security - 5.21.0 incl.5.21.0-beta.1 - 2020-12-20
- adodb: prevent SQL injection in SelectLimit()
- session: add 'httponly' flag to cookie

Minor
- Deprecation
- mysqli: Deprecate $optionFlags property in favor
of standard setConnectionParameter() method
 Yes ADOB release all news on current releases + important bug fixes on https://twitter.com/ADOdb_announce first.
Bootstrap htdocs/lib/bootstrap/assets/javascripts/
 - https://getbootstrap.com/
- https://github.com/twbs/release 		MIT License 4.6.0 5.1.0 Ends 4.x (LTS) - 01 Nov 2022 Major
Bootstrap
Datetimepicker 		./htdocs/js/bootstrap-datetimepicker/ - https://getdatepicker.com/
- https://github.com/tempusdominus/bootstrap-4
 MIT License 4.17.47 5.39.0 Inactive,
v4 not maintained
 None runs using bootstrap and moment.js
There is a version 5 but not finished.
Chart.js ./htdocs/js/chartjs/ http://www.chartjs.org MIT License 2.9.3 3.5.1 LTS 2.x - 2.9.4
Active 3.x
 Minor - 2.9.4: bug fixes

Major - 3.0.0 breaking changes
- https://www.chartjs.org/docs/next/getting-started/v3-migration
- https://www.npmjs.com/package/chart.js
- https://www.chartjs.org/docs/next/typedoc/
- https://www.chartjs.org/samples/next/
- https://www.chartjs.org/docs/next/

Minor - 3.0.1 bug fixes
Clipboard js ./htdocs/js/clipboard/ https://clipboardjs.com/ MIT License 2.0.6 2.0.8 Active Patch fix
Cookie consent ./htdocs/js/cookieconsent/ - https://www.osano.com/cookieconsent
- https://github.com/osano/cookieconsent
 MIT License 3.1.1 3.1.1 New updates are
proprietary. 		None Site talks about versions 2021.6 and 2021.2.3 which are not available on GitHub.
CSS Tidy ./htdocs/lib/csstidy/ https://github.com/Cerdic/CSSTidy LGPL 1.7.1 1.7.3 Inactive, 2020 None -
Dragon-drop ./htdocs/js/dragondrop/ https://github.com/schne324/dragon-drop MIT License 3.2.1 3.6.1 Active Minor - changelog not available.
Datatables https://datatables.net/
https://datatables.net/download/index
 MIT License 1.10.20 1.10.25 Active
 Patch fix
Dropzone ./htdocs/js/dropzone/ https://github.com/dropzone/dropzone/release


 MIT License 5.7.6 5.9.2 Active Minor
- moved the ./src/options.js previewTemplate in its own
preview-template.html file
- Dropzone triggers custom events on DOM using dropzone
Dwoo ./htdocs/lib/dwoo/ - http://dwoo.org/
- https://github.com/dwoo-project/dwoo 		GNU Lesser General Public License 1.3.7 1.3.7 Deprecated
 Replace
Elastic Search ./htdocs/lib/elasticsearch/ https://github.com/elastic/elasticsearch-php Apache v2.0
LGPL v2.1 		6.1.0 7.11.0 Active
 WIP - Gold https://github.com/elastic/elasticsearch-php/blob/master/CHANGELOG.md
Patch in review to upgrade to 7.5, (Bug 1840101: update elasticsearch-php to 7.5)
- currently works with ES server 6.8, but not 7.
Note that our code needs to be upgraded so we can connect to ES server 7.6, which is a separate issue.
fancybox3 ./htdocs/js/fancybox/ https://github.com/fancyapps/ui - in BETA stage
https://fancyapps.com/docs/ui/installation 		Creative Commons: CC BY-SA 4.0 license 3.5.6 3.5.7 Inactive
- v3 deprecated
- v4 in beta stage 		None https://fancyapps.com/next/ https://twitter.com/thefancyapps
gridstack ./htdocs/js/gridstack/ https://github.com/gridstack/gridstack.js MIT License 0.6.4 3.3.0 Active WIP - Robert
 A lot of activity in the past few months - looks to be significant structural changes, including removing jquery.
questions can be posted in their slack channel
slack channel
HTML Purifier ./htdocs/lib/htmlpurifier/ http://www.htmlpurifier.org/ LGPL v2.1+ 4.13.0 4.13.0 Inactive, 2020 None https://github.com/ezyang/htmlpurifier/blob/v4.13.0/NEWS
Javascript templates ./htdocs/js/javascript-templates/ https://github.com/blueimp/JavaScript-Templates MIT License 3.19.0 3.19.0 Inactive, 2020 None
jQuery ./htdocs/js/jquery/ http://jquery.com/
https://github.com/jquery/jquery 		MIT License 3.5.1 3.6.0 Active Minor https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/ Twitter: https://twitter.com/jquery
QA: https://forum.jquery.com/
IRC https://irc.jquery.org/Looks like Bug #1840101 has started looking into this.
jQuery mobile ./htdocs/js/jquery/jquery-mobile/ http://jquerymobile.com MIT License 1.5.0-alpha.1 1.5.0-rc1 Inactive, 2017 None https://blog.jquerymobile.com - lack of resources but wish to maintain.
jQuery UI ./htdocs/js/jquery/jquery-ui/ http://jqueryui.com/ MIT License 1.12.1 1.12.1 Inactive, 2017 None https://blog.jqueryui.com/ - lack of resources but with to maintain.
jQuery UI plugin
touch-punch 		./htdocs/js/jquery/jquery-ui/
jquery-ui-touch-punch.min.js 		http://touchpunch.furf.com/
https://github.com/furf/jquery-ui-touch-punch 		MIT or GPL Version 2 licenses 0.2.3 0.2.3 Deprecated None
JS Color ./htdocs/js/jscolor/README.Mahara http://jscolor.com/ GPL 3 2.4.5 2.4.5 Active None
Json editor ./htdocs/js/jsoneditor/README.Mahara https://github.com/json-editor/json-editor MIT License 1.3.5 2.5.4 Active Major 2.x
jTLine .htdocs/js/jTLine/README.Mahara https://naadydev.github.io/jTLine/ MIT License 1.0 1.0 Inactive, 2018 None Twitter: https://twitter.com/naadydev
Lodash ./htdocs/js/lodash/README.Mahara https://github.com/lodash/lodash MIT License 4.17.15 4.17.21 Active Patch fix Lodash was brought in with gridstack- gridstack v0.5.0 no longer have it as a requirement
Marked ./htdocs/js/marked/README.Mahara https://github.com/markedjs/marked MIT License 2.0.0 3.0.0 Active Minor - v2.1.1, v2.1.2, v2.1.3
Major 3.x - breaking changes
Masonry ./htdocs/js/masonry/README.Mahara https://masonry.desandro.com/
https://github.com/desandro/masonry 		MIT License 4.2.2 4.2.2 Inactive, 2018 None
TinyMCE -Mathslate ./htdocs/js/tinymce/plugins/mathslate/ https://github.com/dthies/tinymce4-mathslate GPL 3 1.1 1.1 Forked version, 2015 None Our version is now forked to keep make it work with Tinymce 5
Moment.js ./htdocs/js/momentjs/ http://momentjs.com/ MIT License 2.29.1 2.29.1 Inactive, 2020 None
Oauth PHP ./htdocs/webservice/libs/oauth-php/ https://code.google.com/archive/p/oauth-php/ MIT License 175 175 Archived, 2010 Replace We should replace with an oauth2 php library https://oauth.net/code/php/ and / or checkout what Moodle do
PDFjs ./htdocs/artefact/file/blocktype/pdf/js/pdfjs/ http://mozilla.github.io/pdf.js/getting_started/#download
https://github.com/mozilla/pdf.js
 Apache License 2 2.8.335
 2.9.359
 Active Minor
- improving text layer rendering
- accessibility for screen readers
PHPMailer ./htdocs/lib/phpmailer/ https://github.com/PHPMailer/PHPMailer LGPL 6.2.0 6.5.1 Active
 Minor 6.5.0 - security release
Minor 6.5.1 - maintenance release 		Yes
Popper ./htdocs/lib/popper/ https://popper.js.org/ MIT License 1.16.0 2.9.3 Active v2
LTS 1.16.1 w/o warnings 		(when we use bootstrap 5 supporting v2.x)
Major 2.x - breaking 2020
2.9.3
(while we are still at bootstrapr4)

Minor 1.16.1, Mar 2020 		https://dev.to/fezvrasta/smarter-tooltips-and-popovers-with-popper-2-44bh
ReCaptcha ./htdocs/lib/recaptcha/ https://github.com/google/recaptcha BSD-3 1.2.1 1.2.4 Active Patch fix This client supports both v2 and v3.
simplesamlphp /htdocs/auth/saml/extlib/simplesamlphp/ https://github.com/simplesamlphp/simplesamlphp GPL 2.1 1.18.7 1.19.1 Active Minor
- do not accept the hashed admin password for authentication
- strengthen against prev security vulnerabilities -3rd party
modules may be affected.
 Related
Select2 ./htdocs/js/select2/ https://select2.org/ MIT License 4.0.9 4.0.13 Active Patch fix
Skin fonts
font-squirrel
 /htdocs/lib/fonts/README.Mahara
 - http://www.fontsquirrel.com/fonts/Aurulent-Sans
- http://www.fontsquirrel.com/fonts/DejaVu-Sans
- http://scripts.sil.org/cms/scripts/page.php?item_id=CharisSIL
- http://sourceforge.net/projects/gs-fonts/ 		Multiple licenses - n/a
- 2.29
- 5.000
- 8.11
System fonts
fontawesome
 - ./htdocs/theme/raw/fonts/
- ./htdocs/theme/raw/sass/lib/font-awesome/ 		- http://fontawesome.io
- https://www.google.com/fonts/specimen/Open+Sans
- https://www.google.com/fonts/specimen/Roboto+Slab 		- http://fontawesome.io/license
- MIT License
- Apache License version 2.0 		- 5.8.1
- 1
- 1
- 1.9 		- 5.14.0
- 1
- 1
- 1.9 		changes to unicode for fontawesome
- https://github.com/FortAwesome/Font-Awesome/blob/master/UPGRADING.md
TinyMCE ./htdocs/js/tinymce/README.Mahara https://www.tiny.cloud/
https://www.tiny.cloud/get-tiny/self-hosted 		LGPL 2.1 5.7.0 5.8.2 Active Minor - small https://www.tiny.cloud/docs/changelog/
Test on mobile when updating 		Blog: https://www.tiny.cloud/blog/category/news-and-updates/
Video.js ./htdocs/artefact/file/blocktype/internalmedia/
videojs/ 		http://videojs.com/
https://github.com/videojs/video.js
 Apache License 2.0 7.11.4 7.14.3 Active Minor
- use setup-node cache and remove individual cache step
- playbackRates() method
zxcvbn ./htdocs/js/zxcvbn/ https://github.com/dropbox/zxcvbn MIT License 4.4.2 4.4.2 Inactive, 2017 None
composer.json
dependencies
 https://git.mahara.org/mahara/mahara/
-/blob/master/external/composer.json 		Check for updates for each dependency inside the .json file. There is a list of libraries that Mahara uses sitting in this file which also need updating too
Retrieved from ‘https://wiki.mahara.org/index.php?title=Developer_Area/Plugins/Third_party&oldid=12247