Review library dependencies and confirm compatible/incompatible upgrades

[dondi]

GRNsight should occasionally look at the libraries we use and determine compatibility with the latest versions. Typical milestones are:

• Closing out a major new version of GRNsight
• Known major changes to a library dependency

[kdahlquist]

This is related to #383, which is now closed. I recommend that we do this at the beginning of each academic year (August/September) so that we take care of any upgrades and resulting bugs before starting the year's work. I'm thinking that I don't like the "ongoing" label and am giving this a priority 1 and assigning to @kdahlquist and @dondi so that we will remember to do this in August 2017.

[kdahlquist]

So, I think it is time to review the dependencies. In an e-mail from @dondi regarding the installation of software for BIOL/CMSI 367, he recommended having node.js installed on the S120 computers.

I went to the node.js website and saw that they had a notification about security updates for all active release lines here: https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/

It looks like we should make this update for security reasons.

I also note that while the library requirements wiki page here: https://github.com/dondi/GRNsight/wiki/Library-Requirements lists all the version information for the libraries, I worry about the installation instructions.

For example, the one for Express says:

• To install, use $ npm install [email protected]

Shouldn't this type of syntax be used for all of them so that specific versions are loaded?

Also, there is a note at the very bottom of the page about being at a "crossroads" with node-xlsx. That's not the case anymore, right? We've upgraded it, right?

[dondi]

I investigated compatibility with NodeJS 8.x (the current release line, latest is 8.4) and the one required change is to switch parallelshell from 2.0.0 to 3.x. (as they note on their npm page, https://www.npmjs.com/package/parallelshell)

When I switched to this, GRNsight ran fine under NodeJS 8.4 on my local machine.

This would typically be fine for development, but one issue is that our current grnsight.cs.lmu.edu server tops out at node 0.10.25 and would require a complete operating system upgrade to move to a new version of node (as logged in #407).

This was originally a priority 1 but I can pull the trigger on this to start the process of refreshing everything. The main effect is there may be some GRNsight downtime while I'm in the middle of it. However, probably better to do this now than later.

[dondi]

For reference, installation instructions for Ubuntu: https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions

[kdahlquist]

Agreed to do this now, rather than later.

[dondi]

Got it; working on that today, so availability will be up and down.

[dondi]

• Operating system upgraded to Ubuntu Xenial Xerus
• Node.js upgraded to version 8.4.0
• Executable can now be accessed as both node and nodejs, meaning that the new npm start approach can be used (and is what is running right now)
• Initial testing has not revealed any regressions

Setting this as review requested and will give it a day or so to run —if anyone could hit the site during that time and let me know if they spot anything unusual, please let me know. Thanks!

[dondi]

(if no regressions are noted, the latest package.json will be committed and corresponding updates shall be made in the wiki: https://github.com/dondi/GRNsight/wiki/Running-the-Applications)

[kdahlquist]

I'll take a look at it tomorrow.

[kdahlquist]

Sorry for the delay, finally got a chance to try out GRNsight. It seems to be functioning as normal. I tried both the home page and beta. I think it's OK to commit the package.json file and update the wiki.

[dondi]

OK, master and beta branches have been updated, and the following wiki pages have been revised:

• https://github.com/dondi/GRNsight/wiki/Running-the-Applications
• https://github.com/dondi/GRNsight/wiki/Server-Setup

I just realized that this is an on-going task, so we can’t really close it. However this comment indicates that we have concluded one cycle of version updates.

[kdahlquist]

The fall, 2017 update review round can be considered as completed; removing priority 0 now.

[kdahlquist]

@mihirsamdarshi opened #674, but we should also do our yearly review as per this ongoing issue.

[kdahlquist]

Given the issue reported #1013, a review of library versions is in order. This Library Requirements wiki page is out of date with the Node and NPM versions that are used in production.

Given that, a review of all the library versions should be completed.

[dondi]

This is more of an actual on-going issue and can be backgrounded for now while other priorities are going on; removing all assignments until it foregrounds again

[kdahlquist]

Since @akaiap has encountered this issue in her current dev/ops work, she should do a pass on cleaning up the library dependencies while it is still fresh.