Feature: Update vulnerable packages #747
Conversation
- socket.io-client - browserify - pug "jade" - parsejson (remove) - syntax-error
- browserify - ejs - handlebars - pug - socket.io-client
|
@mde I believe Travis tests are failing on... https://github.com/geddy/geddy/blob/master/test/scaffolding/standard.js#L65 Do you know why? I have no idea how to debug it. |
|
You also need to commit package-lock.json and yarn.lock, or users still use Geddy with older dependencies. |
|
Thank you @phanect I have generated a new |
ckhatton
force-pushed
the
feature-update-vulnerable-packages
branch
from
e59a0b9
to
5798655
Compare
|
Travis was failing before because the dev package "acorn" was missing; I have now resolved it. Now it is failing on...
Which happens to be the port that the pug app is meant to be loaded on. Loading http://127.0.0.1:8091/ gives a html 500 error page...
|
|
Oh, I missed you have already commited updated package-lock.json. |
|
@mde ? 😢 |
|
My first suggestion here would be to disable the |
|
Hold up, where's the Jasmine stuff? I cannot find it anywhere in the tests. It that why Pug (Jade) doesn't want to run on the test? |
|
Sorry, I hadn't had my coffee yet. I should have said "Jade," not "Jasmine." (Had my hipster JS projects mixed up. :P) |
|
Haha ok. Are you sure about removing Pug (Jade)? I had to go through what seemed a ton of test files! (I did a find and replace which made it a little less taxing) Wouldn't those tests need to be rewritten in the different adapter? If so, which? |
|
I would not remove it; I would disable the tests for it. That way we can update it at our leisure later, and then re-enable. |
|
Ar ok 👍 I'll try figure out how to do that. |
|
YaY 🎉 What significance is there that Pug (Jade) has been disabled? I am assuming because the other engines are running the tests, that it doesn't really matter Pug isn't being used ¯\_(ツ)_/¯ |
|
The tests spin up an instance of the app for each supported templating language, and run a battery of tests against them. With those Pug (Jade) tests disabled, we won't know if something we have done breaks the Pug support. Seems like a reasonable compromise to get tests passing. |
|
This is great -- I was going to say I would add you to the project. Forgot you were already set up as a contributor. :) Thanks very much for doing this! Would you like to coordinate a strategy for organizing and attacking all the outstanding GH tickets? |
Well you wouldn't believe it! I've just fixed the Pug issue lol! I am well chuffed I figured it out by myself 😆 🎺 I will create a new PR for it explaining how and why.
Yeah, already in the game 😎 Oh and yeah, I was thinking we comment on each one and ask if it is still a current issue, and then close it after 7 days (with the huge node version change, there's bound to be differences now). I seem to remember some relate to some new feature someone wanted to add, and it would be a sin to delete those PRs - We will cross those bridges at the time. Thank you for the merge! 🤗 🙌 |
|
Huzzah! As soon as we merge that PR that re-enables Jade/Pug, I'll push out a new release. Thanks so much for kick-starting this! |
|
Sorry @mde. I became distracted with selling chilli sauce. The Pug issue wasn't as fixed as I thought it was 😞, and when I get time I will create a new issue/PR to explain what needs adding. In a nutshell, Pug needs to know the base root of all the assets it requires and you have to pass that as an argument when initialising Pug. |
In reference to issue #745.
I think I have gone about the package updates correctly? I just want to get the ball rolling!