New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Update vulnerable packages #747
Feature: Update vulnerable packages #747
Conversation
- socket.io-client - browserify - pug "jade" - parsejson (remove) - syntax-error
- browserify - ejs - handlebars - pug - socket.io-client
@mde I believe Travis tests are failing on... https://github.com/geddy/geddy/blob/master/test/scaffolding/standard.js#L65 Do you know why? I have no idea how to debug it. |
You also need to commit package-lock.json and yarn.lock, or users still use Geddy with older dependencies. |
Thank you @phanect I have generated a new |
e59a0b9
to
5798655
Compare
Travis was failing before because the dev package "acorn" was missing; I have now resolved it. Now it is failing on...
Which happens to be the port that the pug app is meant to be loaded on. Loading http://127.0.0.1:8091/ gives a html 500 error page...
|
Oh, I missed you have already commited updated package-lock.json. |
@mde ? 😢 |
My first suggestion here would be to disable the |
Hold up, where's the Jasmine stuff? I cannot find it anywhere in the tests. It that why Pug (Jade) doesn't want to run on the test? |
Sorry, I hadn't had my coffee yet. I should have said "Jade," not "Jasmine." (Had my hipster JS projects mixed up. :P) |
Haha ok. Are you sure about removing Pug (Jade)? I had to go through what seemed a ton of test files! (I did a find and replace which made it a little less taxing) Wouldn't those tests need to be rewritten in the different adapter? If so, which? |
I would not remove it; I would disable the tests for it. That way we can update it at our leisure later, and then re-enable. |
Ar ok 👍 I'll try figure out how to do that. |
YaY 🎉 What significance is there that Pug (Jade) has been disabled? I am assuming because the other engines are running the tests, that it doesn't really matter Pug isn't being used ¯\_(ツ)_/¯ |
The tests spin up an instance of the app for each supported templating language, and run a battery of tests against them. With those Pug (Jade) tests disabled, we won't know if something we have done breaks the Pug support. Seems like a reasonable compromise to get tests passing. |
This is great -- I was going to say I would add you to the project. Forgot you were already set up as a contributor. :) Thanks very much for doing this! Would you like to coordinate a strategy for organizing and attacking all the outstanding GH tickets? |
Well you wouldn't believe it! I've just fixed the Pug issue lol! I am well chuffed I figured it out by myself 😆 🎺 I will create a new PR for it explaining how and why.
Yeah, already in the game 😎 Oh and yeah, I was thinking we comment on each one and ask if it is still a current issue, and then close it after 7 days (with the huge node version change, there's bound to be differences now). I seem to remember some relate to some new feature someone wanted to add, and it would be a sin to delete those PRs - We will cross those bridges at the time. Thank you for the merge! 🤗 🙌 |
Huzzah! As soon as we merge that PR that re-enables Jade/Pug, I'll push out a new release. Thanks so much for kick-starting this! |
Sorry @mde. I became distracted with selling chilli sauce. The Pug issue wasn't as fixed as I thought it was 😞, and when I get time I will create a new issue/PR to explain what needs adding. In a nutshell, Pug needs to know the base root of all the assets it requires and you have to pass that as an argument when initialising Pug. |
In reference to issue #745.
I think I have gone about the package updates correctly? I just want to get the ball rolling!