This is a big can of worms to open up, but there are a bunch of security issues in this project's dependencies (mostly mocha and ember-cli). Unfortunately, upgrading ember-cli to the point where these issues are patched causes problems in this project's tests (which depend on now-removed private cli internals)
Don't use private internals of packages you depend on
Through subclassing MockUI (once obtained from console-ui), we can get these back
function TestUI() {}
TestUI.prototype = new MockUI();
TestUI.prototype.waitForPrompt = function() {
if (!this._waitingForPrompt) {
var promise, resolver;
promise = new Promise(function(resolve){
resolver = resolve;
});
this._waitingForPrompt = promise;
this._promptResolver = resolver;
}
return this._waitingForPrompt;
};
TestUI.prototype.prompt = function(opts, cb) {
if (this._waitingForPrompt) {
this._waitingForPrompt = null;
this._promptResolver();
}
return MockUI.prototype.prompt.call(this, opts, cb);
}
Inquirer is annoying
I've spent a few hours digging really deep into this, and am at the point where we can no longer reliably mock answers to inquirer questions. Inquirer's own tests are a shining example of why mocking and stubbing out the whole world is a bad idea (tests aren't even run against real input/output streams, and use tons of testing helpers that aren't easily available to consumers). Because inquirer is a dependency of ember-cli (and we don't really interact with it directly), we're even farther removed from this thing that we need to alter in big ways to test effectively.
I have escalated this to the ember-cli team, and can resume working on this once I have an answer, and more OSS time
Backup plan
If beating inquirer into submission proves to time consuming or difficult, we should explore rewriting the tests in such a way that the console-ui is mocked entirely. This would be a regrettable, result of working with test-hostile dependencies of dependencies.
This is a big can of worms to open up, but there are a bunch of security issues in this project's dependencies (mostly
mochaandember-cli). Unfortunately, upgradingember-clito the point where these issues are patched causes problems in this project's tests (which depend on now-removed private cli internals)Don't use private internals of packages you depend on
Since this package was originally written, the terminal I/O stuff has been extracted to console-ui, and a feature that
ember-cli-release's tests heavily rely on has been removed due to e-cli's own tests no longer needing it.Through subclassing
MockUI(once obtained fromconsole-ui), we can get these backInquirer is annoying
I've spent a few hours digging really deep into this, and am at the point where we can no longer reliably mock answers to inquirer questions. Inquirer's own tests are a shining example of why mocking and stubbing out the whole world is a bad idea (tests aren't even run against real input/output streams, and use tons of testing helpers that aren't easily available to consumers). Because inquirer is a dependency of ember-cli (and we don't really interact with it directly), we're even farther removed from this thing that we need to alter in big ways to test effectively.
I have escalated this to the ember-cli team, and can resume working on this once I have an answer, and more OSS time
Backup plan
If beating inquirer into submission proves to time consuming or difficult, we should explore rewriting the tests in such a way that the console-ui is mocked entirely. This would be a regrettable, result of working with test-hostile dependencies of dependencies.
found 195 vulnerabilities (27 low, 112 moderate, 54 high, 2 critical)