Closed hritvi closed 5 years ago
As suggested here, versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.
Therefore upgrading the js-yaml in fxa-content-server-l10n/package-lock.json to 3.13.0 might resolve the error. May I proceed with this?
@hritvi see #2984
So I suppose with the merging of that PR, the tests would also run correctly.
As #2984 is now merged, could you please re-run the tests @vladikoff. Thanks :slightly_smiling_face:
@hritvi, you can rebase your branch to get it to include latest changes from master
. Either in one step with git pull --rebase master
, or you can pull master
separately and then just git rebase master
instead.
@philbooth could you please review it now, as the tests have passed.
Just to continue the conversation we were having in IRC...
Seeing as this PR touches 23,000 lines and we're taking the hit for everything in git blame
, we may as well use this opportunity to do other things that eslint --fix
can do for us. Let's do each one in a separate commit, all in this PR. Off the top of my head, how about:
no-var
prefer-arrow-callback
prefer-const
prefer-destructuring
prefer-template
?
prefer-destructuring
@hritvi, fyi I've been playing with these locally and prefer-destructuring
does not apply cleanly, so it's probably easier if you leave that one out. The others all worked well here though.
@philbooth could you please review it now. I have added all the eslint fixes.
🙈
Semicolons finally won!
fixes #2953.
Commands used to fix:
eslint --fix .
Also added
complexity: 0
andno-useless-escape: 0
because some errors were occuring due to the use of regex.Have also added
//eslint disable-next-line
in validators.js, authorization.js, token.js and added/*eslint complexity: [2, 11] */
in summary.js manually because the errorsno-useless-escape
andcomplexity
were still present.Please review @shane-tomlinson.