search

Leonidas-from-XIV / node-xml2js

XML to JavaScript object converter.
MIT License
4.88k stars 604 forks source link

[Dev] dependency coveralls is vulnerable #457

Closed mboughaba closed 6 years ago

mboughaba commented 6 years ago

Hi

dev-dependency coveralls has known vulnerabilities.

 npm install --dev coveralls@2.11.2
npm WARN install Usage of the `--dev` option is deprecated. Use `--only=dev` instead.
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
+ coveralls@2.11.2
added 12 packages from 19 contributors, removed 31 packages and updated 19 packages in 6.272s
[!] 8 vulnerabilities found [2245 packages audited]
    Severity: 8 Moderate
    Run `npm audit` for more detail

I would like to bump it to npm install --dev coveralls@3.0.1.

However, there is one test failing at this moment (see details below) (with or without dependency update).

I would think the test needs to be fixed before moving on. Is it OK to fix the test and bump coveralls in the same PR? Thanks so much for your feedback.

The test might be failing only on windows due to newline dependency. I will test on my Linux when I'll get back home.

image

builder/test parser -> builder roundtrip... failed
events.js:188
      throw err;
      ^

Error: Unhandled "error" event. (Index: test
===================================================================
--- test        expected
+++ test        actual
@@ -1,57 +1,57 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<sample>
-  <chartest desc="Test for CHARs">Character data here!</chartest>
-  <nochartest desc="No data" misc="false"/>
-  <nochildrentest desc="No data" misc="false"/>
-  <listtest>
-    <item>
-      This is
-      character
-      data!
-      <subitem>Foo(1)</subitem>
-      <subitem>Foo(2)</subitem>
-      <subitem>Foo(3)</subitem>
-      <subitem>Foo(4)</subitem>
-    </item>
-    <item>Qux.</item>
-    <item>Quux.</item>
-  </listtest>
-  <arraytest>
-    <item>
-      <subitem>Baz.</subitem>
-    </item>
-    <item>
-      <subitem>Foo.</subitem>
-      <subitem>Bar.</subitem>
-    </item>
-  </arraytest>
-  <emptytest>
-
-  </emptytest>
-  <tagcasetest>
-    <tAg>something</tAg>
-    <TAG>something else</TAG>
-    <tag>something third</tag>
-  </tagcasetest>
-  <ordertest>
-    <one>1</one>
-    <one>4</one>
-    <two>2</two>
-    <two>5</two>
-    <three>3</three>
-    <three>6</three>
-  </ordertest>
-  <validatortest>
-    <emptyarray>
-
-    </emptyarray>
-    <oneitemarray>
-      <item>Bar.</item>
-    </oneitemarray>
-    <numbertest>42</numbertest>
-    <stringtest>43</stringtest>
-  </validatortest>
-  <pfx:top xmlns:pfx="http://foo.com" pfx:attr="baz">
-    <middle xmlns="http://bar.com"/>
-  </pfx:top>
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<sample>
+  <chartest desc="Test for CHARs">Character data here!</chartest>
+  <nochartest desc="No data" misc="false"/>
+  <nochildrentest desc="No data" misc="false"/>
+  <listtest>
+    <item>
+      This is&#xD;
+      character&#xD;
+      data!
+      <subitem>Foo(1)</subitem>
+      <subitem>Foo(2)</subitem>
+      <subitem>Foo(3)</subitem>
+      <subitem>Foo(4)</subitem>
+    </item>
+    <item>Qux.</item>
+    <item>Quux.</item>
+  </listtest>
+  <arraytest>
+    <item>
+      <subitem>Baz.</subitem>
+    </item>
+    <item>
+      <subitem>Foo.</subitem>
+      <subitem>Bar.</subitem>
+    </item>
+  </arraytest>
+  <emptytest>&#xD;
+    &#xD;
+  </emptytest>
+  <tagcasetest>
+    <tAg>something</tAg>
+    <TAG>something else</TAG>
+    <tag>something third</tag>
+  </tagcasetest>
+  <ordertest>
+    <one>1</one>
+    <one>4</one>
+    <two>2</two>
+    <two>5</two>
+    <three>3</three>
+    <three>6</three>
+  </ordertest>
+  <validatortest>
+    <emptyarray>&#xD;
+      &#xD;
+    </emptyarray>
+    <oneitemarray>
+      <item>Bar.</item>
+    </oneitemarray>
+    <numbertest>42</numbertest>
+    <stringtest>43</stringtest>
+  </validatortest>
+  <pfx:top xmlns:pfx="http://foo.com" pfx:attr="baz">
+    <middle xmlns="http://bar.com"/>
+  </pfx:top>
 </sample>
\ No newline at end of file
)
    at Parser.emit (events.js:186:19)
    at Parser.exports.Parser.Parser.parseString (C:\Users\mboughaba\Documents\GitHub\browser-xml2js\lib\parser.js:2:17387)
    at Parser.parseString (C:\Users\mboughaba\Documents\GitHub\browser-xml2js\lib\parser.js:2:301)
    at Object.exports.parseString (C:\Users\mboughaba\Documents\GitHub\browser-xml2js\lib\parser.js:2:18456)
    at C:\Users\mboughaba\Documents\GitHub\browser-xml2js\test\builder.test.coffee:140:14
    at FSReqWrap.readFileAfterClose [as oncomplete] (fs.js:511:3)
Leonidas-from-XIV commented 6 years ago

I think I would prefer separate PRs for each issue. Thanks!