KyleMaas
commented
3 years ago So far this seems to be working okay for me. Looks like we got another vulnerability in the last few days, though.
Closed KyleMaas closed 2 years ago
KyleMaas
commented
3 years ago So far this seems to be working okay for me. Looks like we got another vulnerability in the last few days, though.
KyleMaas
commented
3 years ago Updated ToastUI to get rid of that error, ran another round of updates. And I was wrong about that other vulnerability - turns out that audit was from a different branch, so it's one of the ones this fixes.
However, I now get the following errors logged to the console:
bundle-ui.js:127402 Uncaught RangeError: Maximum call stack size exceeded
at bundle-ui.js:127402
at syncMessages (bundle-ui.js:143374)
at bundle-ui.js:143418
at bundle-ui.js:127401
at bundle-ui.js:127408
at syncMessages (bundle-ui.js:143374)
at bundle-ui.js:143414
at bundle-ui.js:127401
at bundle-ui.js:127408
at syncMessages (bundle-ui.js:143374)
(anonymous) @ bundle-ui.js:127402
syncMessages @ bundle-ui.js:143374
(anonymous) @ bundle-ui.js:143418
(anonymous) @ bundle-ui.js:127401
(anonymous) @ bundle-ui.js:127408
syncMessages @ bundle-ui.js:143374
(anonymous) @ bundle-ui.js:143414
(anonymous) @ bundle-ui.js:127401
(anonymous) @ bundle-ui.js:127408
syncMessages @ bundle-ui.js:143374
(anonymous) @ bundle-ui.js:143410
(anonymous) @ bundle-ui.js:127401
(anonymous) @ bundle-ui.js:127365
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
(anonymous) @ bundle-ui.js:127141
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127397
(anonymous) @ bundle-ui.js:127363
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127396
next @ bundle-ui.js:127137
sink @ bundle-ui.js:127158
pull @ bundle-ui.js:127088
syncFeed @ bundle-ui.js:143407
runQueue @ bundle-ui.js:143517
(anonymous) @ bundle-ui.js:143519
(anonymous) @ bundle-ui.js:143425
(anonymous) @ bundle-ui.js:127245
Show 170 more frames
bundle-ui.js:149504 rpc.ebt.replicate exception: [object Object]Also, I get this whether I run it in a private tab or not:
bundle-ui.js:84614 lossy store has no fs access, skipping persistence
arj03
commented
3 years ago lossy store has no fs access, skipping persistence
That error is from ssb-ebt, it should be harmless.
I don't understand the other bug.
I tried doing a npm upgrade toast + dedupe. Seems to be running fine here.
arj03
commented
3 years ago I general not super excited about these huge npm upgrades, as so many things can go wrong and the gains seems to be rather small.
KyleMaas
commented
3 years ago In general, I would agree. My rationale for this is as follows:
arj03
commented
3 years ago Looking at that error again, it should not be related to these bumps. Instead its the new sync module I built: https://github.com/arj03/ssb-browser-core/blob/master/feed-replication.js. I'll move the error over to core.
Attempt at updating deeper dependencies. Haven't tested it thoroughly yet.
Partial fix for #301 - gets rid of one vulnerability.