Helix Ultimate 2.2.9 Bundles Several Years Outdated Scssphp V1.11.1 - Question | JoomShaper

Helix Ultimate 2.2.9 Bundles Several Years Outdated Scssphp V1.11.1

GM

Gerhard Meyer

Helix Framework 11 hours ago

Helix Ultimate 2.2.9 bundles several years outdated scssphp v1.11.1 which gives many deprecated warnings with php 8.4.20, my wamp stack is apache 2.4.68, php 8.4.20, mysql 8.0.45 and joomla 6.1.2. I am aware that the deprecated warnings could be disabled but I would rather prefer a up-to-date release from JoomShaper.

0
2 Answers
GM
Gerhard Meyer
Accepted Answer
9 hours ago #229237

here is my solution, because i do not want to wait for joomshaper to react (could be months, if ever, since scssphp is not maintained by joomshaper)

get scssphp version

\plugins\system\helixultimate\vendor\scssphp\scssphp\src\Version.php

const VERSION = '1.11.1';

find all occurrences

cd joomla site folder

findstr /S /N /I /C:"= null" plugins\system\helixultimate\vendor\scssphp\scssphp\src*.php > bad.txt

verify each line in bad.txt, change only typed nullable declarations

example:

from > Environment $env = null

to > ?Environment $env = null

verify after update

php -l plugins\system\helixultimate\vendor\scssphp\scssphp\src\Compiler.php php -l plugins\system\helixultimate\vendor\scssphp\scssphp\src\Formatter.php php -l plugins\system\helixultimate\vendor\scssphp\scssphp\src\Node\Number.php php -l plugins\system\helixultimate\vendor\scssphp\scssphp\src\Parser.php php -l plugins\system\helixultimate\vendor\scssphp\scssphp\src\Warn.php

No syntax errors detected

restart apache

clear joomla cache

now with joomla debug enabled and maximum error reporting the deprecated warnings are gone, after all just 5 php files had bad occurrences where i simply updated the typed nullable declarations (as php 8.4.x would expect).

it took me max. 1 hour to find, isolate and fix the problem, i am deeply disappointed of joomshaper to not fix that problem on their own.

for my next projects i will look into other solutions (like wp) because the laziness and terrible security handling is very dangerous in times like these.

0
D
David Forés
Accepted Answer
7 hours ago #229243

A few days ago, I already raised this concern in a couple of tickets where the 2.2.9 RC version had been published. I pointed out that several third-party libraries appeared to have been downgraded.

For example, when comparing the SCSSPHP dependency, it has gone from version 2.1.0, which is currently the latest release, back to version 1.11.1—an outdated and deprecated version released almost three years ago, in October 2023.

SCSSPHP Comparison Between HelixUltimate 2.2.8 and 2.2.9

At the time, they mentioned that this would be reviewed. However, instead of moving to newer and presumably more secure versions, the final release appears to revert to obsolete dependencies that have not been maintained for years.

Could you please clarify why these dependencies were downgraded and whether you plan to update them in upcoming releases?

Given everything that has happened over the past few weeks, it's important to proceed with extreme caution with every new version that is published.

0