π Jenkins: Deprecated jenkins@1.1.0 NPM packageΒ #4984
Description
Workspace
jenkins
π Description
The Jenkins plugins has a deprecated dependency that hasn't been updated in ~2 years (jenkins): https://www.npmjs.com/package/jenkins?activeTab=versions
β jenkins git:(main) β pwd
/home/bramos/work/community-plugins/workspaces/jenkins
β jenkins git:(main) β yarn why jenkins
ββ @backstage-community/plugin-jenkins-backend@workspace:plugins/jenkins-backend
β ββ jenkins@npm:1.1.0 (via npm:^1.0.0)
β
ββ @backstage-community/plugin-scaffolder-backend-module-jenkins@workspace:plugins/scaffolder-backend-module-jenkins
ββ jenkins@npm:1.1.0 (via npm:^1.1.0)I see that dependency being used in these files:
Jenkins-backend:
- https://github.com/backstage/community-plugins/blob/main/workspaces/jenkins/plugins/jenkins-backend/src/service/jenkinsApi.ts#L18
- https://github.com/backstage/community-plugins/blob/main/workspaces/jenkins/plugins/jenkins-backend/src/service/jenkinsApi.test.ts#L18
scaffolder-backend-module-jenkins:
- https://github.com/backstage/community-plugins/blob/main/workspaces/jenkins/plugins/scaffolder-backend-module-jenkins/src/config.ts#L17
- https://github.com/backstage/community-plugins/blob/main/workspaces/jenkins/plugins/scaffolder-backend-module-jenkins/src/actions/job/build.ts#L17
- https://github.com/backstage/community-plugins/blob/main/workspaces/jenkins/plugins/scaffolder-backend-module-jenkins/src/actions/job/copy.ts#L17
- https://github.com/backstage/community-plugins/blob/main/workspaces/jenkins/plugins/scaffolder-backend-module-jenkins/src/actions/job/create.ts#L23
- https://github.com/backstage/community-plugins/blob/main/workspaces/jenkins/plugins/scaffolder-backend-module-jenkins/src/actions/job/destroy.ts#L17
- https://github.com/backstage/community-plugins/blob/main/workspaces/jenkins/plugins/scaffolder-backend-module-jenkins/src/actions/job/disable.ts#L17
- https://github.com/backstage/community-plugins/blob/main/workspaces/jenkins/plugins/scaffolder-backend-module-jenkins/src/actions/job/enable.ts#L17
Replacing this deprecated package might not be too difficult. It looks like we just use the Jenkins type from the deprecated package, but more investigation is needed.
π Expected behavior
The plugin should use a newer, supported npm package to replace the deprecated jenkins one.
π Actual Behavior with Screenshots
The plugin uses a ~2 year old, deprecated npm package that may have security issues.
π Reproduction steps
- Go to Jenkins workspace
- Run
yarn why jenkins - Confirm the package listed is the same deprecated one found here: https://www.npmjs.com/package/jenkins?activeTab=versions
π Provide the context for the Bug.
No response
π Have you spent some time to check if this bug has been raised before?
- I checked and didn't find similar issue
π’ Have you read the Code of Conduct?
- I have read the Code of Conduct
Are you willing to submit PR?
Yes I am willing to submit a PR!