Suitecrm: [Meta] Move remaining vendored libraries to Composer

The goal of this issue is to track a bunch of smaller issues that are dedicated to removing vendored libraries from the repository and replacing them with corresponding Composer packages. This serves a few purposes:

• Easier to upgrade.
• Prevents customization of core code from other libraries (which is bad because it prevents us from upgrading the libraries)
• Easier to track security vulnerabilities in the libraries.
• Fewer files in our repo.
• Easier to track when libraries stop getting maintained.

A lot of packages have already been moved in the last year or two, but there are still quite a few left to move.

This list isn't necessarily comprehensive, it's just all of the vendored libraries that I was able to find.

• [x] Smarty (Issue: #6719, PR: #7591)
• [x] SAML2 (PR: #6850)
• [ ] Twitter OAuth (Issue: #7595)
• [ ] Facebook OAuth
• [x] HTMLPurifier (Issue: #3100, PR: #5959) - this was actually added to Composer, but never removed from include/ for 'backwards compatibility'. I'd say we can probably remove it entirely pretty safely. It's already been removed in the develop branch. There's also a file for HTMLPurifier at jssource/src_files/include/HTMLPurifier/standalone/HTMLPurifier/Printer.
• [ ] nusoap (Issue: #7590, PR: #7592)
• [ ] HTTP_WebDAV_Server (Issue: #7596)
• [ ] TCPDF (Issue: #6513)
• [ ] [Crypt_Blowfish](https://github.com/salesagility/SuiteCRM/tree/ef79908dad38b294d2f62924f91aeaa805d8f7a3/include/Pear/Crypt_Blowfish)
• [x] [XML_HTMLSax3](https://github.com/salesagility/SuiteCRM/tree/ef79908dad38b294d2f62924f91aeaa805d8f7a3/include/Pear/XML_HTMLSax3) (#8088)
• [x] Pclzip (PR: #7287) - removed in develop.
• [ ] ytree - vendored at include/ytree, seems to be a PHP library with a bunch of JS files? I'm not entirely sure what this is/where it comes from, or if it's a third party library at all. It might be YAHOO.widget.TreeView? Some of the files are repeated at jssource/src_files/include/ytree.
• [x] mPDF - vendored at modules/AOS_PDF_Templates/PDF_Lib/, it was fixed by #7118 in develop.
• [x] Various Zend packages in Zend/, based on the Version.php file it's at v1.10.8. That's really old, 2.0.0 came out in September 2012, I'm not really sure when 1.10 came out. The oldest version on packagist is 2.0.0, but there is a zf1/ namespace with older versions of Zend packages, e.g. https://packagist.org/packages/zf1/zend-uri has 1.12.3+. We also have some Zend files at modules/AOD_Index/Lib/Zend/Search
  
  
  
  • [x] Zend HTTP (Packagist) (#7672)
  
  
  • [x] Zend Oauth (Packagist) (#7672)
  
  
  • [x] Zend Gdata (Packagist) - This one doesn't actually seem to be used for anything. (#7672)
  
  
  • [x] Zend Validate (Packagist) (#7672)
  
  
  • [x] Zend URI (Packagist) (#7672)
  
  
  • [x] Zend Lucene Search (Packagist) (#7690)
  
  
• [ ] XTemplate (Issue: #8016)
• [ ] ParseCSV (PR: #8006)
• [ ] PHPSQLParser, vendored at include/php-sql-parser.php, it's only used in a small handful of places. It's on a fairly old version of the library, but the github project is here
• [x] XHProf (PR: #8095), vendored at include/SugarXHprof/xhprof_lib. It doesn't seem like the code has been touched in a long time, and I don't think it works on PHP 7. The project seems abandoned.
• [x] XML_HTMLSax3 (PR: #8088)
• [ ] [pChart](http://www.pchart.net/), vendored in modules/AOR_Charts/lib/pChart.

I've also got a list of JavaScript libraries. These are harder, since we don't use npm/yarn and most of these probably don't have corresponding Composer packages:

• [ ] TinyMCE (PR: #6699) - this was moved to composer in develop, but tiny_mce is still available in include/javascript/tiny_mce/ on develop?
• [ ] jQuery - currently vendored at include/javascript/jquery, it seems to be on v2.1.3. There's also jQuery UI, jQuery Cookie, and a variety of other extensions :/
• [ ] JSTree - vendored at include/javascript/jstree (PR: #7296)
• [ ] Mozaik - vendored at include/javascript/mozaik
• [ ] YUI - vendored at include/javascript/yui3, it seems to be at v3.3.0.
  
  
  
  • There's also include/javascript/yui, which is seemingly at v2.6.0. I'm not sure why we're using both...
  
  
  • There's also jssource/src_files/include/javascript/yui3, apparently.
  
  
• [ ] qtip - vendored at include/javascript/qtip, v2.2.1
• [ ] [c3](https://c3js.org/) - vendored at include/javascript/c3, I guess it's a chart library based on D3? It's minified (and only includes the CSS file?) so I have no idea what version it's on. It's only used in modules/Spots/Dashlets/SpotsDashlet/SpotsDashlet.tpl and modules/Spots/tpl/ShowSpots.tpl.
• [ ] TouchPunch - vendored at include/javascript/touchPunch, seems to be a plugin for jQuery UI. v0.2.3
• [ ] php.js - vendored at jssource/src_files/include/javascript/phpjs
  
  
  
  • license.js says 3.25, but that doesn't seem right since php.js never made it that far?
  
  
  • It looks like the project is now locotus, it was renamed here.
  
  
• [ ] RGraph - vendored at include/SuiteGraphs/rgraph
  
  
  
  • The files say '2015-11-02', so I guess whatever version they were on at that date is the one we're on.