search

beaugunderson / ip-address

💻 a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript
http://ip-address.js.org/
MIT License
525 stars 71 forks source link

use specific lodash libraries rather than whole thing #92

Closed dbashford closed 4 years ago

dbashford commented 5 years ago

👋

Also having the problem reported here. Quick fix here replaces the monolith with a few smaller libraries pulled out of the original.

The lodash versions are often still decent in size as they have to accommodate a somewhat expansive API. May be good in some cases to replace those with smaller libraries with smaller APIs or potentially yank some code in from somewhere. I'm reluctant to do any replacing as I am unsure what sorts of cases other than the obvious that calls like max and padStart require.

codecov-io commented 5 years ago

Codecov Report

Merging #92 into master will not change coverage. The diff coverage is 100%.

Impacted file tree graph

@@          Coverage Diff          @@
##           master    #92   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files          10     10           
  Lines         617    622    +5     
  Branches       94     94           
=====================================
+ Hits          617    622    +5
Impacted Files Coverage Δ
lib/ipv6.js 100% <100%> (ø) :arrow_up:
lib/ipv4.js 100% <100%> (ø) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 40a9832...19b63d3. Read the comment docs.

beaugunderson commented 5 years ago

as noted in that issue we can’t use the individual libraries because they suffer from security vulnerabilities and have not been updated in some time—i’ll see what may be possible for the few lodash methods we use

On Sat, Aug 31 2019 at 19:25, notifications@github.com wrote:

Codecov https://codecov.io/gh/beaugunderson/ip-address/pull/92?src=pr&el=h1 Report

Merging #92 https://codecov.io/gh/beaugunderson/ip-address/pull/92?src=pr&el=desc into master https://codecov.io/gh/beaugunderson/ip-address/commit/40a98327cbc8fec024bae7d6667249fb4238d461?src=pr&el=desc will not change coverage. The diff coverage is 100%.

[image: Impacted file tree graph] https://codecov.io/gh/beaugunderson/ip-address/pull/92?src=pr&el=tree

@@ Coverage Diff @@

master #92 +/-

=====================================

Coverage 100% 100%

=====================================

Files 10 10

Lines 617 622 +5

Branches 94 94

=====================================

  • Hits 617 622 +5

Impacted Files https://codecov.io/gh/beaugunderson/ip-address/pull/92?src=pr&el=tree Coverage Δ lib/ipv6.js https://codecov.io/gh/beaugunderson/ip-address/pull/92/diff?src=pr&el=tree#diff-bGliL2lwdjYuanM= 100% <100%> (ø) [image: ⬆]️ lib/ipv4.js https://codecov.io/gh/beaugunderson/ip-address/pull/92/diff?src=pr&el=tree#diff-bGliL2lwdjQuanM= 100% <100%> (ø) [image: ⬆]️

Continue to review full report at Codecov https://codecov.io/gh/beaugunderson/ip-address/pull/92?src=pr&el=continue .

Legend - Click here to learn more https://docs.codecov.io/docs/codecov-delta Δ = absolute (impact), ø = not affected, ? = missing data Powered by Codecov https://codecov.io/gh/beaugunderson/ip-address/pull/92?src=pr&el=footer. Last update 40a9832...19b63d3 https://codecov.io/gh/beaugunderson/ip-address/pull/92?src=pr&el=lastupdated. Read the comment docs https://docs.codecov.io/docs/pull-request-comments .

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/beaugunderson/ip-address/pull/92?email_source=notifications&email_token=AAAPCX3CEYMA32IUDCMBKALQHMRYHA5CNFSM4ISVLB2KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5TY3LY#issuecomment-526880175, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAPCX4CTNGDGBX7REYBRA3QHMRYHANCNFSM4ISVLB2A .

dbashford commented 5 years ago

npm audit doesn't turn up any security issues for any of these new packages

lodash.merge was updated 2 months ago. I don't believe the packages are updated unless something in them changes. Lodash updates frequently, but they don't publish new versions of these smaller libraries unless it is warranted. Functions like padstart/max/repeat are probably pretty rock solid and don't require much upkeep.

beaugunderson commented 5 years ago

fine to go back to using them then [image: 👍]

On Sat, Aug 31 2019 at 20:41, notifications@github.com wrote:

npm audit doesn't turn up any security issues for any of these new packages

lodash.merge was updated 2 months ago. I don't believe the packages are updated unless something in them changes. Lodash updates frequently, but they don't publish new versions of these smaller libraries unless it is warranted. Functions like padstart/max/repeat are probably pretty rock solid and don't require much upkeep.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/beaugunderson/ip-address/pull/92?email_source=notifications&email_token=AAAPCX26347GBZ6YGBOI76LQHM2VTA5CNFSM4ISVLB2KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5TZTTA#issuecomment-526883276, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAPCX5N7XM63C2PR4MAVDLQHM2VTANCNFSM4ISVLB2A .

alanshaw commented 4 years ago

Can this be merged and released please?

beaugunderson commented 4 years ago

thanks for the bump @alanshaw; I'll release a new version momentarily

beaugunderson commented 4 years ago

released in 6.2.0.

beaugunderson commented 4 years ago

and thanks for the fix @dbashford!