[
https://issues.apache.org/jira/browse/CB-14145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16517611#comment-16517611
]
ASF GitHub Bot commented on CB-14145:
-------------------------------------
brodybits closed pull request #173: CB-14145: package.json updates to resolve
npm audit warnings
URL: https://github.com/apache/cordova-coho/pull/173
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/package.json b/package.json
index ef87857..d86979f 100644
--- a/package.json
+++ b/package.json
@@ -35,14 +35,14 @@
"eslint-plugin-node": "^5.0.0",
"eslint-plugin-promise": "^3.5.0",
"eslint-plugin-standard": "^3.0.1",
- "nsp": ">=2.0.1",
"tap-dot": "^1.0.0",
- "tap-spec": "^4.0.0",
+ "tap-spec": "^5.0.0",
"tape": "^4.0.0",
"tape-runner": "^0.3.0"
},
"scripts": {
- "test": "npm run eslint",
+ "test": "npm run eslint && npm run jasmine && npm run tape-test",
+ "tape-test": "node test/test.js | tap-spec",
"cover": "istanbul cover --root src --print detail jasmine",
"jasmine": "jasmine",
"eslint": "eslint test && eslint src"
diff --git a/spec/flagutil.spec.js b/spec/flagutil.spec.js
index be266dd..476353f 100644
--- a/spec/flagutil.spec.js
+++ b/spec/flagutil.spec.js
@@ -18,9 +18,11 @@ under the License.
*/
var path = require('path');
+
var apputil = require('../src/apputil');
var repoutil = require('../src/repoutil');
var flagutil = require('../src/flagutil');
+
var TIMEOUT = 60000;
describe("flagutil unit tests", function () {
@@ -36,11 +38,12 @@ describe("flagutil unit tests", function () {
it("Test#002 : computeReposFromFlag returns correct repo (platform)
info", function () {
var repo = flagutil.computeReposFromFlag('android');
expect(repo).toEqual(
- [ Object({
- title: 'Android',
- id: 'android',
- repoName: 'cordova-android',
- jiraComponentName: 'Android',
+ [ Object({
+ title: 'Android',
+ versions: [ '4.4', '5.0', '5.1', '6.0', '7.0', '7.1' ],
+ id: 'android',
+ repoName: 'cordova-android',
+ jiraComponentName: 'cordova-android',
cordovaJsPaths: [
'bin/templates/project/assets/www/cordova.js' ] }) ]
);
},TIMEOUT);
@@ -51,7 +54,7 @@ describe("flagutil unit tests", function () {
[ { title: 'Plugin - Camera',
id: 'plugin-camera',
repoName: 'cordova-plugin-camera',
- jiraComponentName: 'Plugin Camera' } ]
+ jiraComponentName: 'cordova-plugin-camera' } ]
);
},TIMEOUT);
@@ -61,7 +64,7 @@ describe("flagutil unit tests", function () {
[ { title: 'Docs',
id: 'docs',
repoName: 'cordova-docs',
- jiraComponentName: 'Docs' } ]
+ jiraComponentName: 'cordova-docs' } ]
);
},TIMEOUT);
diff --git a/spec/gitutil.spec.js b/spec/gitutil.spec.js
index fbdb199..1bc09d0 100644
--- a/spec/gitutil.spec.js
+++ b/spec/gitutil.spec.js
@@ -47,12 +47,14 @@ describe("gitutil unit tests", function () {
expect(executil.ARGS.calls.argsFor(0)[0]).toEqual("git tag
--list 6.3.0");
},TIMEOUT);
+ /* XXX TBD LOOKS BROKEN:
it("Test#002 : validate remote branch", function* () {
var gitutilRemoteBranch = yield
gitutilJS.remoteBranchExists('android', 'name');
expect(executil.execHelper.calls.count()).toEqual(1);
expect(executil.ARGS.calls.count()).toEqual(1);
expect(executil.ARGS.calls.argsFor(0)[0]).toEqual("git branch
-r --list undefined/name");
},TIMEOUT);
+ // */
it("Test#003 : validate pending changes", function* () {
var gitutilPendingChanges = yield
gitutilJS.pendingChangesExist();
@@ -74,4 +76,4 @@ describe("gitutil unit tests", function () {
expect(executil.ARGS.calls.count()).toEqual(1);
expect(executil.ARGS.calls.argsFor(0)[0]).toEqual("git clean -d
-f");
},TIMEOUT);
-});
\ No newline at end of file
+});
diff --git a/spec/repoutil.spec.js b/spec/repoutil.spec.js
index fce8e82..7a0b464 100644
--- a/spec/repoutil.spec.js
+++ b/spec/repoutil.spec.js
@@ -18,18 +18,24 @@ under the License.
*/
var jasmine_co = require('jasmine-co').install();
+
var fs = require('fs');
var path = require('path');
+
var shelljs = require('shelljs');
+
var apputil = require('../src/apputil');
var repoutil = require('../src/repoutil');
+
var TIMEOUT = 60000;
-var androidRepo = { title: 'Android',
+
+var androidRepo = { title: 'Android',
id: 'android',
repoName: 'cordova-android',
jiraComponentName: 'Android',
cordovaJsPaths: [ 'bin/templates/project/assets/www/cordova.js' ],
remoteName: 'origin' };
+
var commonRepo = {
title: 'Cordova Common',
id: 'common',
@@ -46,17 +52,17 @@ describe("check functionality of repoutil", function () {
repoutil.getRepoDir(commonRepo);
expect(apputil.getBaseDir.calls.count()).toEqual(1);
expect(path.join.calls.count()).toEqual(2);
- },TIMEOUT);
+ }, TIMEOUT);
it("Test#002 : repo listed in group, should be true", function () {
repoutil.isInRepoGroup(androidRepo, 'platform');
expect(repoutil.isInRepoGroup(androidRepo,
'platform')).toEqual(true);
- },TIMEOUT);
+ }, TIMEOUT);
it("Test#003 : repo not listed in group, should be false", function () {
repoutil.isInRepoGroup(commonRepo, 'platform');
expect(repoutil.isInRepoGroup(commonRepo,
'platform')).toEqual(false);
- },TIMEOUT);
+ }, TIMEOUT);
it("Test#004 : testing proper calls are made for forEachRepo function",
function* (){
spyOn(shelljs , "cd").and.returnValue(true);
@@ -66,19 +72,20 @@ describe("check functionality of repoutil", function () {
expect(shelljs.cd.calls.count()).toEqual(2);
expect(shelljs.error.calls.count()).toEqual(1);
expect(apputil.fatal.calls.count()).toEqual(0);
- },TIMEOUT);
+ }, TIMEOUT);
it("Test#005 : getRepoById should return correct repo object ", function
() {
// Return correct repo object
repoutil.getRepoById('cordova-android');
expect(repoutil.getRepoById('cordova-android')).toEqual(Object(
- { title: 'Android', id: 'android',
- repoName: 'cordova-android',
- jiraComponentName: 'Android',
+ { title: 'Android', id: 'android',
+ versions: [ '4.4', '5.0', '5.1', '6.0', '7.0', '7.1' ],
+ repoName: 'cordova-android',
+ jiraComponentName: 'cordova-android',
cordovaJsPaths: [ 'bin/templates/project/assets/www/cordova.js'
] }
));
// Return null if opt repos are passed in
repoutil.getRepoById('cordova-android', 'opt_repos');
expect(repoutil.getRepoById('cordova-android',
'opt_repos')).toEqual(null);
- },TIMEOUT);
+ }, TIMEOUT);
});
diff --git a/spec/versionutil.spec.js b/spec/versionutil.spec.js
index 2679f29..7c1c04d 100644
--- a/spec/versionutil.spec.js
+++ b/spec/versionutil.spec.js
@@ -86,11 +86,11 @@ describe("Correct version is passed to gradle.build",
function () {
var androidVersion = yield
versionutil.updateRepoVersion(androidRepo, "6.4.0-dev");
// Check call count
expect(fs.writeFileSync.calls.count()).toEqual(1);
- expect(fs.existsSync.calls.count()).toEqual(2);
- expect(fs.readFile.calls.count()).toEqual(1);
- expect(repoutil.isInRepoGroup.calls.count()).toEqual(1);
- expect(repoutil.isInRepoGroup.calls.count()).toEqual(1);
- expect(gitutil.pendingChangesExist.calls.count()).toEqual(3);
+ expect(fs.existsSync.calls.count()).toEqual(4);
+ expect(fs.readFile.calls.count()).toEqual(3);
+ expect(repoutil.isInRepoGroup.calls.count()).toEqual(2);
+ expect(repoutil.isInRepoGroup.calls.count()).toEqual(2);
+ expect(gitutil.pendingChangesExist.calls.count()).toEqual(4);
expect(executil.execHelper.calls.count()).toEqual(1);
expect(apputil.print.calls.count()).toEqual(0);
expect(shell.sed.calls.count()).toEqual(5);
@@ -106,10 +106,10 @@ describe("Correct version is passed to gradle.build",
function () {
var iosVersion = yield versionutil.updateRepoVersion(iosRepo,
"4.2.0-dev");
// Check call count
expect(fs.writeFileSync.calls.count()).toEqual(1);
- expect(fs.existsSync.calls.count()).toEqual(2);
- expect(repoutil.isInRepoGroup.calls.count()).toEqual(1);
- expect(fs.readFile.calls.count()).toEqual(1);
- expect(gitutil.pendingChangesExist.calls.count()).toEqual(3);
+ expect(fs.existsSync.calls.count()).toEqual(4);
+ expect(repoutil.isInRepoGroup.calls.count()).toEqual(2);
+ expect(fs.readFile.calls.count()).toEqual(3);
+ expect(gitutil.pendingChangesExist.calls.count()).toEqual(4);
expect(shell.sed.calls.count()).toEqual(1);
expect(apputil.print.calls.count()).toEqual(0);
expect(executil.execHelper.calls.count()).toEqual(1);
@@ -121,10 +121,10 @@ describe("Correct version is passed to gradle.build",
function () {
var windowsVersion = yield
versionutil.updateRepoVersion(windowsRepo, "4.5.0-dev");
// Check call count
expect(fs.writeFileSync.calls.count()).toEqual(1);
- expect(fs.existsSync.calls.count()).toEqual(3);
- expect(repoutil.isInRepoGroup.calls.count()).toEqual(1);
- expect(gitutil.pendingChangesExist.calls.count()).toEqual(3);
- expect(fs.readFile.calls.count()).toEqual(1);
+ expect(fs.existsSync.calls.count()).toEqual(5);
+ expect(repoutil.isInRepoGroup.calls.count()).toEqual(2);
+ expect(gitutil.pendingChangesExist.calls.count()).toEqual(4);
+ expect(fs.readFile.calls.count()).toEqual(3);
expect(shell.sed.calls.count()).toEqual(1);
expect(apputil.print.calls.count()).toEqual(0);
expect(executil.execHelper.calls.count()).toEqual(1);
@@ -136,14 +136,14 @@ describe("Correct version is passed to gradle.build",
function () {
var browserVersion = yield
versionutil.updateRepoVersion(browserRepo, "4.1.0-dev");
//Check call count
expect(fs.writeFileSync.calls.count()).toEqual(1);
- expect(fs.existsSync.calls.count()).toEqual(2);
- expect(repoutil.isInRepoGroup.calls.count()).toEqual(1);
- expect(gitutil.pendingChangesExist.calls.count()).toEqual(3);
- expect(fs.readFile.calls.count()).toEqual(1);
+ expect(fs.existsSync.calls.count()).toEqual(5);
+ expect(repoutil.isInRepoGroup.calls.count()).toEqual(2);
+ expect(gitutil.pendingChangesExist.calls.count()).toEqual(4);
+ expect(fs.readFile.calls.count()).toEqual(3);
expect(shell.sed.calls.count()).toEqual(1);
expect(apputil.print.calls.count()).toEqual(0);
expect(executil.execHelper.calls.count()).toEqual(1);
// Check that args are correct
expect(shell.sed.calls.argsFor(0)[2]).toEqual('VERSION =
"4.1.0-dev";');
},TIMEOUT);
-});
\ No newline at end of file
+});
diff --git a/test/flagutil.test.js b/test/flagutil.test.js
index 74ff433..6c034b4 100644
--- a/test/flagutil.test.js
+++ b/test/flagutil.test.js
@@ -399,7 +399,7 @@ test('test computeReposFromFlagServe', function (t) {
t.equal(repo.length, 1);
t.equal(typeof repo[0], 'object');
t.equal(repo[0].id, 'serve');
- t.equal(repo[0].repoName, 'cordova-lib');
+ t.equal(repo[0].repoName, 'cordova-serve');
});
test('test computeReposFromFlagJs', function (t) {
t.plan(4);
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Resolve npm audit issues
> ------------------------
>
> Key: CB-14145
> URL: https://issues.apache.org/jira/browse/CB-14145
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-android, cordova-app-hello-world,
> cordova-browser, cordova-cli, cordova-coho, cordova-common, cordova-fetch,
> cordova-ios, cordova-js, cordova-lib, cordova-osx, cordova-windows
> Reporter: Chris Brody
> Assignee: Chris Brody
> Priority: Major
>
> From private discussions I discovered that running {{npm audit}} on a number
> of components would report dependencies with security issues. While we could
> not see any {{npm audit}} issues that may affect applications built using
> Cordova I think it is extremely important to resolve these issues as soon as
> possible. Most affect devDependencies used for testing of Cordova itself; a
> minority seem to affect Cordova scripts that may be run by Cordova
> application developers. Better safe than sorry!
> I would like to resolve this issue as follows:
> * patch release of common library components such as {{cordova-common}},
> {{cordova-lib}}, etc. (fixed in minor release branch)
> * patch or minor release of other affected components such as CLI, Cordova
> platform implementations, major plugins, etc. (expected to be fixed in minor
> release branch; do not want to pollute the master branch with extra reverts,
> updated node_modules committed, etc.)
> * {{npm audit}} issues resolved in master branch for next major release,
> which should NOT be shipped with any {{npm audit}} issues lurking
> * {{npm audit}} step added to CI for both patch release and next major release
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
