search

facebookarchive / flux

Application Architecture for Building User Interfaces
https://facebookarchive.github.io/flux/
Other
17.42k stars 3.47k forks source link

Upgrade Gulpfiles for windows support and other dependencies #479

Closed ralic closed 4 years ago

ralic commented 4 years ago

  1. Original flux is not supported on Windows. --Upgraded gulp for windows support, all test passed.

  2. Security concerns resolved :

Before(Right after fixing gulp )

found 15 vulnerabilities (8 low, 7 high)
  run `npm audit fix` to fix them, or `npm audit` for details

After 

found 13 vulnerabilities (6 low, 7 high)
  run `npm audit fix` to fix them, or `npm audit` for details

Security Report

SEMVER WARNING: Recommended action is a potentially breaking change

  High            Regular Expression Denial of Service

  Package         minimatch

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > babel-core > minimatch

  More info       https://npmjs.com/advisories/118

  Low             Prototype Pollution

  Package         lodash

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > babel-core >
                  babel-plugin-proto-to-assign > lodash

  More info       https://npmjs.com/advisories/577

  Low             Prototype Pollution

  Package         lodash

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > babel-core > lodash

  More info       https://npmjs.com/advisories/577

  Low             Prototype Pollution

  Package         lodash

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > lodash

  More info       https://npmjs.com/advisories/577

  High            Prototype Pollution

  Package         lodash

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > babel-core >
                  babel-plugin-proto-to-assign > lodash

  More info       https://npmjs.com/advisories/782

  High            Prototype Pollution

  Package         lodash

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > babel-core > lodash

  More info       https://npmjs.com/advisories/782

  High            Prototype Pollution

  Package         lodash

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > lodash

  More info       https://npmjs.com/advisories/782

  Low             Regular Expression Denial of Service

  Package         braces

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > chokidar > anymatch > micromatch >
                  braces

  More info       https://npmjs.com/advisories/786

  High            Prototype Pollution

  Package         lodash

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > babel-core >
                  babel-plugin-proto-to-assign > lodash

  More info       https://npmjs.com/advisories/1065

  High            Prototype Pollution

  Package         lodash

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > babel-core > lodash

  More info       https://npmjs.com/advisories/1065

  High            Prototype Pollution

  Package         lodash

  Dependency of   fbjs-scripts [dev]

  Path            fbjs-scripts > babel > lodash

  More info       https://npmjs.com/advisories/1065

# Run  npm install --save-dev jest@25.0.0  to resolve 2 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change

  Low             Regular Expression Denial of Service

  Package         braces

  Dependency of   jest [dev]

  Path            jest > jest-cli > jest-runtime > babel-jest >
                  babel-plugin-istanbul > test-exclude > micromatch > braces

  More info       https://npmjs.com/advisories/786

  Low             Regular Expression Denial of Service

  Package         braces

  The dependency of   jest [dev]

  Path            jest > jest-cli > jest-runtime > babel-plugin-istanbul >
                  test-exclude > micromatch > braces

  More info       https://npmjs.com/advisories/786

Currently, upgrade jest or fbjs-scripts will break the test. More fix to be done.

Test report

 PASS  src\container\__tests__\FluxContainer-test.js
 PASS  src\stores\__tests__\FluxReduceStore-test.js
 PASS  src\stores\__tests__\FluxStore-test.js
 PASS  src\__tests__\Dispatcher-test.js
 PASS  src\__tests__\FluxStoreGroup-test.js
Test Summary
 › Ran all tests.
 › 35 tests passed (35 total in 5 test suites, run time 1.236s)
facebook-github-bot commented 4 years ago

Hi ralic! Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file.In order for us to review and merge your code, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks!

ralic commented 4 years ago

Travis-CI containers seem to have connection issue during CI test.