Page History

...

Discussion Topics - If you have a topic you'd like to have added to the agenda, please just add it.
1. DSpace & DSpace-CRIS potential merger activities
  1. Announcement: https://groups.google.com/g/dspace-community/c/xFb4vHsHQHA
  2. New "DSpace-CRIS merger" label in GitHub: https://github.com/DSpace/dspace-angular/issues?q=state%3Aopen%20label%3A%22DSpace-CRIS%20merger%22
2. Integrate ng-dynamic-forms into our codebase and upgrade ng-bootstrap: https://github.com/DSpace/dspace-angular/pull/4898
3. Issues with GitHub's dependabot + NPM versions. dependabot is insisting on using NPM version 11 when creating it's dependency PRs. This results in a "package-lock.json" that works for NPM 11, but is (seemingly) incompatible with NPM 10. Since NPM 10 is the default for Node.js 20 and 22, this causes immediately errors in our GitHub automated tests...as they fail to run "npm install" using the "package-lock.json" built via NPM 11.
  1. Example where this occurs: https://github.com/DSpace/dspace-angular/pull/4856 (This PR also has detailed discussion of the problem and brainstorms for solutions...none have worked so far)
  2. Do we need to consider "pinning" DSpace 9.x to NPM 11 / Node 20 - 22 and "pinning" DSpace 10 to NPM 12 / Node 24+?New PR to pin to NPM v10 to maintain compatibility with Node.js 20-22: https://github.com/DSpace/dspace-angular/pull/4913
4. Other topics
  1. Pulling some spring XML from src/main/resources into config folder (e.g. spring-dspace-addon-validation-services.xml) (Kim)
  2. (Please add your own topics)
Board Review:
- 10.0 Project Board - Review PRs collaboratively or Assign new PRs to volunteers to code review and/or test.
- Backlog Board - Are there any tickets here stuck in the "Triage" column? We'd like to keep this column as small as possible.
- Maintenance Board (9.x, 8.x, 7.6.x) - Known bugs can be found here, along with any backported bug fixes.
Upcoming Topics: (Let us know if there are topics you want to discuss in future weeks)
- Potentially auto-closing "stale" issues and PRs: https://github.com/DSpace/DSpace/pull/11550 (PR still waiting on feedback from others)
- Revisiting Nx / modularization discussion: Prototyping Nx vs Angular CLI Workspaces
  - Preparation PR (preparing for possible Nx or Angular Workspaces migration): https://github.com/DSpace/dspace-angular/pull/4629
  - Prototype Angular Workspaces PR: https://github.com/DSpace/dspace-angular/pull/4783
  - Original Nx PR (example full migration to Nx): https://github.com/DSpace/dspace-angular/pull/4019
- Follow-up on "aggressive bot" discussion: https://github.com/DSpace/dspace-angular/issues/4565
  - PR to update our built-in "rate limiter": https://github.com/DSpace/dspace-angular/pull/4620

...

See Trading reviews on Pull Requests for how to get immediate attention to that PR!

Notes

DSpace-DSpace-CRIS Merger Updates

General Status Updates

The merger is now official and will begin with DSpace 10, continuing (and finishing) with DSpace 11
Announcement & reports from the Technical Planning Group and Strategic Planning Group were posted on the mailing list
Public feedback form is available; responses will help create a merger FAQ
Participants encouraged to ask questions now or in future meetings

Merger Management Team

A draft charge for the new Merger Management Team is under Steering Group review
Team will:
- Assist Tim and Holger in managing merger progress
- Keep roadmap aligned with release schedules
- Help identify delays and adjust work as needed
Merger will not shift release dates; still targeting May / early June annually

GitHub Label for Merger

New GitHub label for merger created, exists in frontend and backend
Use to track PRs/issues related to the merger
Contributors should add the label where appropriate and notify Tim if something is missing

Technical Topics

Integrating NG Dynamic Forms Library into Codebase

Goal: Copy the NG Dynamic Forms library directly into the DSpace codebase to:
- Allow upgrading NG Bootstrap
- Gain more control over dependencies
The library is outdated/unmaintained; copying preserves license and enables future replacement
Replacement of the library will come in later releases (likely 11 or 12)
Art added ad reviewer to PR (#4898)
Tim emphasized the need for licensing verification

Dependabot / Node / NPM Compability Issue

Issue

Dependabot recently began using NPM 11 and Node.js 24
It creates package-lock.json files incompatible with NPM 10, which DSpace still needs for Node.js 20 & 22 compatibility
Example where this occurs: https://github.com/DSpace/dspace-angular/pull/4856

Attempted Solutions & Final Fix

Tim and Alan Orth experimented with ranges: unsuccessful / unsatisfying results
Vincenzo found another project’s solution:
- Pin the NPM version to 10 in package.json
- Dependabot obeys that pin and produces correct lock files

Next Steps

Tim will merge the PR once the build passes
NPM version can be updated later once DSpace fully moves to Node 24

Spring Bean / XML File Configuration

Kim voiced concern that some services / beans are configured through XML inside the webapp instead of external config files, making configuration harder

Discussion Summary

Mark: Beans placed internally are those meant for developers, not administrators (harder to accidentally alter)
Tim: Some beans are required at boot and shouldn't be user-editable; but if specific beans should be configurable, they can be moved
Kim: Considering moving configurations to annotations to remove XML entirely
Mark: Some XML-defined beans may be unnecessary—Spring could auto-detect them
Tim: Encourages reviewing XML files gradually; acknowledges mix of XML + annotations is historical

Action Items

Kim may create tickets/PRs where individual XML files should move or convert to annotations
Team supports long-term cleanup of Spring configuration

Additional Discussion

Giuseppe noted that a PR related to custom URLs also modified validation service XML configuration
Kim should review whether this PR interacts with her concerns around configuration placement

Cache-Busting Dynamic Configuration Files & Theme CSS (PR)

Purpose of PR (#3993)

Adds hashing/fingerprints to CSS & config files to prevent browser caching after updates
Helps administrators & users avoid having to hard-refresh after deployments

Status

PR is old (for DSpace 7.x), has merge conflicts
Art: Their team uses it in production; works well
Art will ask Yura to refresh the PR
Tim requests:
- Updated PR
- A corresponding PR for main as well (PR currently has label "port to main")
Reviewers assigned:
- Sasha
- Martin
- Tim (tentative)

Deleted Bitstream Download URLs Returning Wrong HTTP Code (#11611)

Deleted bitstreams return 401 Unauthorized instead of 404 Not Found
Causes:
- SEO issues: Google won’t unindex the file properly
- UI issue: Redirects users to login page instead of showing 404
Deleted bitstreams are:
- Flagged as deleted in DB
- Unlinked from parent bundle
- Still returned in queries that fetch all bitstreams
Permission check finds the deleted bitstream and treats it as a restricted resource → 401

Discussion

Tim: Bitstreams should behave like items—deleted = 404; restricted = 401
Art: Need to confirm we’re not exposing existence of restricted content
Kim: Suggests testing after cleanup script runs; maybe the state changes from “deleted but present” to fully removed
Conclusion:
- Behavior should mirror item-level deletion
- Need to update logic so deleted bitstreams bypass authorization checks and return 404

Action

Tim will summarize conclusions into the GitHub issue

Removing the "webapp" database table

DSpace command "version" reads from the webapp table
Since DSpace 7, the table is no longer used