Skip to content

build(deps): VPR-36 upgrade Vue and Quasar #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rlorenzo merged 7 commits into from
Dec 1, 2025
Merged

build(deps): VPR-36 upgrade Vue and Quasar #73

rlorenzo merged 7 commits into from
Dec 1, 2025

Conversation

@rlorenzo
Copy link
Contributor

@rlorenzo rlorenzo commented Nov 22, 2025

  • Align Vue/Quasar versions between VueApp (npm) and .NET (CDN/LibMan)
  • Remove web/wwwroot/lib/ from version control (LibMan restores on build)
  • Updated Vue/Quasar/linting tools to latest versions
  • Fix Vue linting warnings (add v-for keys and prop defaults)

@rlorenzo
build(deps): VPR-36 upgrade Vue and Quasar
52fbb40 
- Align Vue/Quasar versions between VueApp (npm) and .NET (CDN/LibMan)
- Remove web/wwwroot/lib/ from version control (LibMan restores on build)
- Updated Vue/Quasar/linting tools to latest versions
- Fix Vue linting warnings (add v-for keys and prop defaults)
Copilot AI review requested due to automatic review settings November 22, 2025 19:32
Copilot AI reviewed Nov 22, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades Vue and Quasar to their latest versions to align CDN-based dependencies (used in .NET views) with npm-based dependencies (used in VueApp). The changes include automated LibMan restoration during build, removal of tracked library files from version control, and resolution of Vue linting warnings by adding required keys and prop defaults.

Key Changes

  • Upgraded Vue from 3.3.11 to 3.5.24 and Quasar from 2.14.1 to 2.18.6
  • Automated LibMan restore process to eliminate need for tracked wwwroot/lib files
  • Fixed Vue component linting issues by adding proper prop defaults and v-for keys

Reviewed changes

Copilot reviewed 13 out of 427 changed files in this pull request and generated no comments.

Show a summary per file
File Description
web/libman.json Updated Vue/Quasar versions, switched to jsdelivr provider, simplified file list
web/Viper.csproj Added MSBuild target to restore LibMan packages before build
web/Views/Shared/_VIPERLayout.cshtml Added Google Fonts link for Roboto and Material Icons
web/Views/Shared/Components/VueCdn/VueCdnInit.cshtml Updated Vue script path to include dist/ directory
web/Views/Shared/Components/MainNav/Default.cshtml Changed font weight from medium to regular for consistency
package.json Updated linting tool versions
VueApp/src/styles/base.css Switched from custom Metropolis font to Quasar's Roboto, applied formatting fixes
VueApp/src/layouts/ViperLayout.vue Added prop type definitions and default values
VueApp/src/layouts/MainNav.vue Added v-for key, prop defaults, and code formatting improvements
VueApp/src/CTS/App.vue Fixed prop binding syntax (navarea) and formatting
VueApp/src/CMS/App.vue Fixed prop binding syntax (navarea) and formatting
VueApp/src/CAHFS/App.vue Fixed navarea prop binding to use boolean instead of string
VueApp/package.json Updated Vue/Quasar and linting dependency versions
Files not reviewed (1)
  • VueApp/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@rlorenzo
Copy link
Contributor Author

rlorenzo commented Nov 22, 2025

@bsedwards, this should resolve 9 of our CodeQL security warnings about using an outdated Quasar version by aligning both versions to the latest.
It also improves the build process so that instead of storing the CDN versions of Vue/Quasar in our repo, they are downloaded during the dotnet build.
However, running this on Jenkins gives this error for TEST:

[C:\Program Files (x86)\Jenkins\workspace\Viper .NET\web\Viper.csproj]
  Viper -> C:\Program Files (x86)\Jenkins\workspace\Viper .NET\web\bin\Release\net8.0\Viper.dll
  'libman' is not recognized as an internal or external command,
  operable program or batch file.
C:\Program Files (x86)\Jenkins\workspace\Viper .NET\web\Viper.csproj(94,5): error MSB3073: The command "libman restore" exited with code 9009.

Can we have Libman installed on the Jenkins server?

@rlorenzo rlorenzo requested a review from bsedwards November 22, 2025 20:28
@dependabot
build(deps-dev): bump node-forge from 1.3.1 to 1.3.2 in /VueApp
ed01864 
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.3.2)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@bsedwards
Copy link
Collaborator

bsedwards commented Dec 1, 2025

@bsedwards, this should resolve 9 of our CodeQL security warnings about using an outdated Quasar version by aligning both versions to the latest. It also improves the build process so that instead of storing the CDN versions of Vue/Quasar in our repo, they are downloaded during the dotnet build. However, running this on Jenkins gives this error for TEST:

[C:\Program Files (x86)\Jenkins\workspace\Viper .NET\web\Viper.csproj]
  Viper -> C:\Program Files (x86)\Jenkins\workspace\Viper .NET\web\bin\Release\net8.0\Viper.dll
  'libman' is not recognized as an internal or external command,
  operable program or batch file.
C:\Program Files (x86)\Jenkins\workspace\Viper .NET\web\Viper.csproj(94,5): error MSB3073: The command "libman restore" exited with code 9009.

Can we have Libman installed on the Jenkins server?

Is Libman a standalone executable? I could only find installation instructions for a .NET CLI tool.

@rlorenzo
Copy link
Contributor Author

rlorenzo commented Dec 1, 2025

@bsedwards Are you able to run .NET CLI commands on the Jenkins server? If so can you try installing it via:

dotnet tool install -g Microsoft.Web.LibraryManager.Cli

@bsedwards
Copy link
Collaborator

bsedwards commented Dec 1, 2025

@rlorenzo I don't have access to the Jenkins server. In the past I've added commands to the Jenkins script to add them. We can try that, or if that won't work (for example if it throws an error if the tool is already installed) I can ask someone with access to install it.

@rlorenzo
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/VueApp/n…
75e0ccb 
…ode-forge-1.3.2' into VPR-36-update-quasar-npm
@rlorenzo
Adding libman to dotnet build
1ee64c4 
- Removed unncessary libman install in codeql
- Updated package-lock.json
@rlorenzo rlorenzo mentioned this pull request Dec 1, 2025
Merged
@rlorenzo
Copy link
Contributor Author

rlorenzo commented Dec 1, 2025

@bsedwards I got the .NET project to update/install libman on build

@rlorenzo
Copy link
Contributor Author

rlorenzo commented Dec 1, 2025

@bsedwards I noticed the page looked different on https://secure-test.vetmed.ucdavis.edu/2/CMS compared to prod. Looking into it

@rlorenzo
Copy link
Contributor Author

rlorenzo commented Dec 1, 2025

@bsedwards NM, the CMS page looks correct after reloading the browser window again. It might be a caching issue.

@rlorenzo rlorenzo merged commit 921c4bf into main Dec 1, 2025
5 checks passed
@rlorenzo rlorenzo deleted the VPR-36-update-quasar-npm branch December 1, 2025 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bsedwards bsedwards bsedwards approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rlorenzo @bsedwards