From 213cb96abf9fef4704ed9f9f78d09ed3620f4fb7 Mon Sep 17 00:00:00 2001 From: Jonathan Kingston Date: Tue, 17 Nov 2015 00:58:32 +0000 Subject: [PATCH 1/9] Updating packages to latest version and adding snyk --- .snyk | 7 +++++++ README.md | 2 +- package.json | 15 ++++++++------- 3 files changed, 16 insertions(+), 8 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..7ed35d3 --- /dev/null +++ b/.snyk @@ -0,0 +1,7 @@ +ignore: + 'npm:uglify-js:20150824': + - 'broccoli@0.16.8 > handlebars@3.0.3 > uglify-js@2.3.6': + reason: Waiting for update of ember-cli + expires: '2015-12-03T20:02:27.923Z' +patch: {} +version: v1 diff --git a/README.md b/README.md index 7d7e2e7..89739ef 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ This plugin looks at an apps html files to rewrite their content with integrity - **paranoiaCheck** - true by default, this turns off the integrity attribute if any Unicode is found within the file. ### Example -``` +```js var sriTree = sri('path/to/code, { prefix: 'https://example.com/', crossorigin: 'anonymous' diff --git a/package.json b/package.json index 977b046..f331c7c 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "main": "index.js", "scripts": { "lint": "eslint index.js", - "test": "rm -rf tmp && mkdir tmp && npm run lint > tmp/lint-out && broccoli build tmp/output && mocha" + "test": "snyk test && rm -rf tmp && mkdir tmp && npm run lint > tmp/lint-out && broccoli build tmp/output && mocha" }, "author": "Jonathan Kingston", "repository": { @@ -15,15 +15,16 @@ "license": "MIT", "dependencies": { "broccoli": "^0.16.3", - "broccoli-filter": "^1.1.0", + "broccoli-filter": "^1.2.2", "rsvp": "^3.0.0", - "sri-toolbox": "^0.2.0" + "sri-toolbox": "^0.2.0", + "snyk": "^1.1.0" }, "devDependencies": { "broccoli-cli": "^1.0.0", - "chai": "^3.0.0", - "eslint": "^1.0.0", - "eslint-config-nightmare-mode": "0.1.0", - "mocha": "^2.2.5" + "chai": "^3.4.1", + "eslint": "^1.9.0", + "eslint-config-nightmare-mode": "0.3.0", + "mocha": "^2.3.4" } } From ebffe5bbd3b27d1bbeae0d5a352a375a0be963ba Mon Sep 17 00:00:00 2001 From: Jonathan Kingston Date: Tue, 17 Nov 2015 02:29:16 +0000 Subject: [PATCH 2/9] Adding in initial cachingWriter work --- index.js | 28 ++++++++++++++++++++++------ package.json | 6 +++--- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/index.js b/index.js index efe15ef..3079d15 100644 --- a/index.js +++ b/index.js @@ -1,4 +1,4 @@ -var Filter = require('broccoli-filter'); +var CachingWriter = require('broccoli-caching-writer'); var sriToolbox = require('sri-toolbox'); var fs = require('fs'); var crypto = require('crypto'); @@ -7,14 +7,25 @@ var srcCheck = /\ssrc=["\']([^"\']+)["\']/; var hrefCheck = /\shref=["\']([^"\']+)["\']/; var Promise = require('rsvp').Promise; // node 0.10 -function SRIHashAssets(inputNode, options) { +function SRIHashAssets(inputNodes, options) { if (!(this instanceof SRIHashAssets)) { - return new SRIHashAssets(inputNode, options); + return new SRIHashAssets(inputNodes, options); } this.options = options || {}; this.context = this.options.context || {}; - Filter.call(this, inputNode); + var nodes = inputNodes; + if (!Array.isArray(nodes)) { + nodes = [nodes]; + } + + CachingWriter.call(this, nodes, { + cacheInclude: [ + /(.*)\.html$/, + /(.*)\.js$/, + /(.*)\.css$/ + ] + }); this.options.paranoiaCheck = this.options.paranoiaCheck || true; @@ -27,11 +38,12 @@ function SRIHashAssets(inputNode, options) { } } -SRIHashAssets.prototype = Object.create(Filter.prototype); +SRIHashAssets.prototype = Object.create(CachingWriter.prototype); SRIHashAssets.prototype.constructor = SRIHashAssets; - +/* SRIHashAssets.prototype.extensions = ['html']; SRIHashAssets.prototype.targetExtension = 'html'; +*/ SRIHashAssets.prototype.addSRI = function addSRI(string, file) { var that = this; @@ -197,4 +209,8 @@ SRIHashAssets.prototype.processFile = function processFile(srcDir, destDir, rela }); }; +SRIHashAssets.prototype.build = function () { + // TODO call processFile here this.listEntries(); +}; + module.exports = SRIHashAssets; diff --git a/package.json b/package.json index f331c7c..17964b6 100644 --- a/package.json +++ b/package.json @@ -15,10 +15,10 @@ "license": "MIT", "dependencies": { "broccoli": "^0.16.3", - "broccoli-filter": "^1.2.2", + "broccoli-caching-writer": "^2.2.0", "rsvp": "^3.0.0", - "sri-toolbox": "^0.2.0", - "snyk": "^1.1.0" + "snyk": "^1.1.0", + "sri-toolbox": "^0.2.0" }, "devDependencies": { "broccoli-cli": "^1.0.0", From 75c4b4206df3be5660f5ec304cc93aaaeda85a47 Mon Sep 17 00:00:00 2001 From: Stefan Penner Date: Mon, 16 Nov 2015 20:03:50 -0800 Subject: [PATCH 3/9] [FIXES #7] HTML should invalidate if any potential SRI input invalidates --- .eslintrc | 1 - Brocfile.js | 9 --- index.js | 96 +++++++++++++++----------- package.json | 11 ++- test/fixtures/output2/test.html | 30 ++++++++ test/fixtures/output2/thing.js | 1 + test/fixtures/output2/unicode-chars.js | 1 + test/index.js | 52 ++++++++++++-- 8 files changed, 139 insertions(+), 62 deletions(-) delete mode 100644 Brocfile.js create mode 100644 test/fixtures/output2/test.html create mode 100644 test/fixtures/output2/thing.js create mode 100644 test/fixtures/output2/unicode-chars.js diff --git a/.eslintrc b/.eslintrc index aa6431f..9084732 100644 --- a/.eslintrc +++ b/.eslintrc @@ -1,5 +1,4 @@ { - "extends": "nightmare-mode", "env": { "node": true }, diff --git a/Brocfile.js b/Brocfile.js deleted file mode 100644 index b1543b9..0000000 --- a/Brocfile.js +++ /dev/null @@ -1,9 +0,0 @@ -'use strict'; -var sri = require('./index'); - -var test = sri('test/fixtures/input', { - prefix: 'https://example.com/', - crossorigin: 'anonymous' -}); - -module.exports = test; diff --git a/index.js b/index.js index 3079d15..c111c54 100644 --- a/index.js +++ b/index.js @@ -2,10 +2,18 @@ var CachingWriter = require('broccoli-caching-writer'); var sriToolbox = require('sri-toolbox'); var fs = require('fs'); var crypto = require('crypto'); -var styleCheck = /\srel=["\'][^"]*stylesheet[^"]*["\']/; -var srcCheck = /\ssrc=["\']([^"\']+)["\']/; -var hrefCheck = /\shref=["\']([^"\']+)["\']/; +var symlinkOrCopy = require('symlink-or-copy').sync; var Promise = require('rsvp').Promise; // node 0.10 +var path = require('path'); + +var STYLE_CHECK = /\srel=["\'][^"]*stylesheet[^"]*["\']/; +var SRC_CHECK = /\ssrc=["\']([^"\']+)["\']/; +var HREF_CHECK = /\shref=["\']([^"\']+)["\']/; +var SCRIPT_CHECK = new RegExp(']*src=["\']([^"]*)["\'][^>]*>', 'g'); +var LINT_CHECK = new RegExp(']*href=["\']([^"]*)["\'][^>]*>', 'g'); +var INTEGRITY_CHECK = new RegExp('integrity=["\']'); +var CROSS_ORIGIN_CHECK = new RegExp('crossorigin=["\']([^"\']+)["\']'); +var MD5_CHECK = /^(.*)[-]([a-z0-9]{32})([.].*)$/; function SRIHashAssets(inputNodes, options) { if (!(this instanceof SRIHashAssets)) { @@ -21,9 +29,9 @@ function SRIHashAssets(inputNodes, options) { CachingWriter.call(this, nodes, { cacheInclude: [ - /(.*)\.html$/, - /(.*)\.js$/, - /(.*)\.css$/ + /\.html$/, + /\.js$/, + /\.css$/ ] }); @@ -40,18 +48,12 @@ function SRIHashAssets(inputNodes, options) { SRIHashAssets.prototype = Object.create(CachingWriter.prototype); SRIHashAssets.prototype.constructor = SRIHashAssets; -/* -SRIHashAssets.prototype.extensions = ['html']; -SRIHashAssets.prototype.targetExtension = 'html'; -*/ -SRIHashAssets.prototype.addSRI = function addSRI(string, file) { - var that = this; - var scriptCheck = new RegExp(']*src=["\']([^"]*)["\'][^>]*>', 'g'); - var linkCheck = new RegExp(']*href=["\']([^"]*)["\'][^>]*>', 'g'); +SRIHashAssets.prototype.addSRI = function addSRI(string, srcDir) { + var plugin = this; - return string.replace(scriptCheck, function srcMatch(match) { - var src = match.match(srcCheck); + return string.replace(SCRIPT_CHECK, function srcMatch(match) { + var src = match.match(SRC_CHECK); var filePath; if (!src) { @@ -60,20 +62,19 @@ SRIHashAssets.prototype.addSRI = function addSRI(string, file) { filePath = src[1]; - return that.mungeOutput(match, filePath, file); - }).replace(linkCheck, function hrefMatch(match) { - var href = match.match(hrefCheck); - var isStyle = styleCheck.test(match); + return plugin.mungeOutput(match, filePath, srcDir); + }).replace(LINT_CHECK, function hrefMatch(match) { + var href = match.match(HREF_CHECK); + var isStyle = STYLE_CHECK.test(match); var filePath; - if (!isStyle || !href) { return match; } filePath = href[1]; - return that.mungeOutput(match, filePath, file); + return plugin.mungeOutput(match, filePath, srcDir); }); }; @@ -85,6 +86,7 @@ SRIHashAssets.prototype.readFile = function readFile(dirname, file) { } catch(e) { return null; } + return assetSource; }; @@ -114,7 +116,6 @@ SRIHashAssets.prototype.paranoiaCheck = function paranoiaCheck(assetSource) { }; SRIHashAssets.prototype.generateIntegrity = function generateIntegrity(output, file, dirname, external) { - var crossoriginCheck = new RegExp('crossorigin=["\']([^"\']+)["\']'); var assetSource = this.readFile(dirname, file); var selfCloseCheck = /\s*\/>$/; var integrity; @@ -137,7 +138,7 @@ SRIHashAssets.prototype.generateIntegrity = function generateIntegrity(output, f append = ' integrity="' + integrity + '"'; if (external && this.options.crossorigin) { - if (!crossoriginCheck.test(output)) { + if (!CROSS_ORIGIN_CHECK.test(output)) { append = append + ' crossorigin="' + this.options.crossorigin + '" '; } } @@ -151,8 +152,7 @@ SRIHashAssets.prototype.generateIntegrity = function generateIntegrity(output, f }; SRIHashAssets.prototype.checkExternal = function checkExternal(output, file, dirname) { - var md5Check = /^(.*)[-]([a-z0-9]{32})([.].*)$/; - var md5Matches = file.match(md5Check); + var md5Matches = file.match(MD5_CHECK); var md5sum = crypto.createHash('md5'); var assetSource; var filePath; @@ -175,6 +175,7 @@ SRIHashAssets.prototype.checkExternal = function checkExternal(output, file, dir return output; } } + md5sum.update(assetSource); if (md5Matches[2] === md5sum.digest('hex')) { return this.generateIntegrity(output, filePath, dirname, true); @@ -182,35 +183,46 @@ SRIHashAssets.prototype.checkExternal = function checkExternal(output, file, dir return output; }; -SRIHashAssets.prototype.mungeOutput = function mungeOutput(output, filePath, file) { - var integrityCheck = new RegExp('integrity=["\']'); +SRIHashAssets.prototype.mungeOutput = function mungeOutput(output, filePath, srcDir) { var newOutput = output; if (/^https?:\/\//.test(filePath)) { - return this.checkExternal(output, filePath, file); + return this.checkExternal(output, filePath, srcDir); } - if (!(integrityCheck.test(output))) { - newOutput = this.generateIntegrity(output, filePath, file); + + if (!INTEGRITY_CHECK.test(output)) { + newOutput = this.generateIntegrity(output, filePath, srcDir); } return newOutput; }; -SRIHashAssets.prototype.processFile = function processFile(srcDir, destDir, relativePath) { - var fileContent = fs.readFileSync(srcDir + '/' + relativePath); - var that = this; +SRIHashAssets.prototype.processHTMLFile = function processFile(entry) { + var srcDir = path.dirname(entry.fullPath); + var fileContent = this.addSRI(fs.readFileSync(entry.fullPath,'UTF-8'), srcDir); - this._srcDir = srcDir; - fileContent = this.addSRI(fileContent.toString(), srcDir); - - return Promise.resolve().then(function writeFileOutput() { - var outputPath = that.getDestFilePath(relativePath); + fs.writeFileSync(this.outputPath + '/' + entry.relativePath, fileContent); +}; - fs.writeFileSync(destDir + '/' + outputPath, fileContent); - }); +SRIHashAssets.prototype.processOtherFile = function(entry) { + symlinkOrCopy(entry.fullPath, this.outputPath + '/' + entry.relativePath); }; SRIHashAssets.prototype.build = function () { - // TODO call processFile here this.listEntries(); + var html = []; + var other = []; + + this.listEntries().forEach(function(entry) { + if (/\.html$/.test(entry.relativePath)) { + html.push(entry); + } else { + other.push(entry); + } + }); + + return Promise.all([ + Promise.all(html.map(this.processHTMLFile.bind(this))), + Promise.all(other.map(this.processOtherFile.bind(this))) + ]); }; module.exports = SRIHashAssets; diff --git a/package.json b/package.json index 17964b6..4d8106c 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,9 @@ "main": "index.js", "scripts": { "lint": "eslint index.js", - "test": "snyk test && rm -rf tmp && mkdir tmp && npm run lint > tmp/lint-out && broccoli build tmp/output && mocha" + "test": "snyk test && mocha test", + "test:fast": "mocha test", + "test:debug": "mocha debug test" }, "author": "Jonathan Kingston", "repository": { @@ -18,13 +20,16 @@ "broccoli-caching-writer": "^2.2.0", "rsvp": "^3.0.0", "snyk": "^1.1.0", - "sri-toolbox": "^0.2.0" + "sri-toolbox": "^0.2.0", + "symlink-or-copy": "^1.0.1" }, "devDependencies": { + "broccoli": "^0.16.8", "broccoli-cli": "^1.0.0", "chai": "^3.4.1", "eslint": "^1.9.0", "eslint-config-nightmare-mode": "0.3.0", - "mocha": "^2.3.4" + "mocha": "^2.3.4", + "mocha-eslint": "^1.0.0" } } diff --git a/test/fixtures/output2/test.html b/test/fixtures/output2/test.html new file mode 100644 index 0000000..c7c34e1 --- /dev/null +++ b/test/fixtures/output2/test.html @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/test/fixtures/output2/thing.js b/test/fixtures/output2/thing.js new file mode 100644 index 0000000..a2248ef --- /dev/null +++ b/test/fixtures/output2/thing.js @@ -0,0 +1 @@ +console.log('test'); diff --git a/test/fixtures/output2/unicode-chars.js b/test/fixtures/output2/unicode-chars.js new file mode 100644 index 0000000..dc829b7 --- /dev/null +++ b/test/fixtures/output2/unicode-chars.js @@ -0,0 +1 @@ +console.log('I ♡ WebAppSec!'); diff --git a/test/index.js b/test/index.js index e0b7152..d040a1e 100644 --- a/test/index.js +++ b/test/index.js @@ -1,19 +1,57 @@ var chai = require('chai'); var assert = chai.assert; var fs = require('fs'); +var broccoli = require('broccoli'); +var plugin = require('../'); +var lint = require('mocha-eslint'); + +function file(path) { + return fs.readFileSync(path, 'UTF-8').trim();; +} describe('broccoli-sri-hash', function () { + var builder; + + before(function() { + builder = new broccoli.Builder(plugin('test/fixtures/input', { + prefix: 'https://example.com/', + crossorigin: 'anonymous' + })); + }); - it('rule outputs match', function () { + after(function() { + builder.cleanup(); + }); - var fileTmpContents = fs.readFileSync('tmp/output/test.html', {encoding: 'utf8'}); - var fileContents = fs.readFileSync('test/fixtures/output/test.html', {encoding: 'utf8'}); + it('rule outputs match (initial build)', function () { + return builder.build().then(function(output) { + var actual = file(output.directory + '/test.html'); + var expected = file('test/fixtures/output/test.html'); - assert.equal(fileTmpContents.trim(), fileContents.trim()); + assert.equal(actual, expected); + }); }); - it('Must lint', function () { - var fileTmpContents = fs.readFileSync('tmp/lint-out', {encoding: 'utf8'}); - assert.notMatch(fileTmpContents, /[0-9]+\s+problems?\s\([0-9]+\serrors?,\s[0-9]+\swarnings?\)/) + it('rule outputs match (rebuild)', function () { + var pathToMutate = 'test/fixtures/input/other.css'; + var originalContent = fs.readFileSync(pathToMutate); + return builder.build().then(function(output) { + // mutate input File + fs.writeFileSync('test/fixtures/input/other.css', '* { display: none; }'); + + return builder.build(); + }).then(function(output) { + var actual = file(output.directory + '/test.html'); + var expected = file('test/fixtures/output2/test.html'); + + assert.equal(actual, expected); + }).finally(function() { + fs.writeFileSync(pathToMutate, originalContent); + }); }); + + lint([ + 'index.js', + 'tests/index.js' + ]); }); From 663be560b96ec3f11085d7981a470493ed77bc88 Mon Sep 17 00:00:00 2001 From: Stefan Penner Date: Mon, 16 Nov 2015 21:08:39 -0800 Subject: [PATCH 4/9] add failing test for propagating all files (even those not in include/exclude cache) --- package.json | 3 ++- test/fixtures/input/omg.png | 0 test/index.js | 26 ++++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 test/fixtures/input/omg.png diff --git a/package.json b/package.json index 4d8106c..ccb1543 100644 --- a/package.json +++ b/package.json @@ -30,6 +30,7 @@ "eslint": "^1.9.0", "eslint-config-nightmare-mode": "0.3.0", "mocha": "^2.3.4", - "mocha-eslint": "^1.0.0" + "mocha-eslint": "^1.0.0", + "walk-sync": "^0.2.6" } } diff --git a/test/fixtures/input/omg.png b/test/fixtures/input/omg.png new file mode 100644 index 0000000..e69de29 diff --git a/test/index.js b/test/index.js index d040a1e..eb3dfc0 100644 --- a/test/index.js +++ b/test/index.js @@ -4,6 +4,7 @@ var fs = require('fs'); var broccoli = require('broccoli'); var plugin = require('../'); var lint = require('mocha-eslint'); +var walkSync = require('walk-sync'); function file(path) { return fs.readFileSync(path, 'UTF-8').trim();; @@ -29,6 +30,15 @@ describe('broccoli-sri-hash', function () { var expected = file('test/fixtures/output/test.html'); assert.equal(actual, expected); + + assert.deepEqual(walkSync(output.directory), [ + 'moment-with-locales.min.js', + 'omg.png', + 'other.css', + 'test.html', + 'thing.js', + 'unicode-chars.js' + ]); }); }); @@ -39,11 +49,27 @@ describe('broccoli-sri-hash', function () { // mutate input File fs.writeFileSync('test/fixtures/input/other.css', '* { display: none; }'); + assert.deepEqual(walkSync(output.directory), [ + 'moment-with-locales.min.js', + 'omg.png', + 'other.css', + 'test.html', + 'thing.js', + 'unicode-chars.js' + ]); return builder.build(); }).then(function(output) { var actual = file(output.directory + '/test.html'); var expected = file('test/fixtures/output2/test.html'); + assert.deepEqual(walkSync(output.directory), [ + 'moment-with-locales.min.js', + 'omg.png', + 'other.css', + 'test.html', + 'thing.js', + 'unicode-chars.js' + ]); assert.equal(actual, expected); }).finally(function() { fs.writeFileSync(pathToMutate, originalContent); From 10c661842d87bb6e9e8d8ecbd5b17d412d40cc06 Mon Sep 17 00:00:00 2001 From: Stefan Penner Date: Mon, 16 Nov 2015 21:10:06 -0800 Subject: [PATCH 5/9] add node 4, 5 npm v3 --- .travis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index fc9b887..0e3f76e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,7 +3,8 @@ language: node_js node_js: - "0.10" - "0.12" - - "iojs" + - "4" + - "5" sudo: false @@ -13,7 +14,7 @@ cache: before_install: - "npm config set spin false" - - "npm install -g npm@^2" + - "npm install -g npm@^3" install: - npm install From f125b834dcfe610b38558e60a9d6242146385452 Mon Sep 17 00:00:00 2001 From: Stefan Penner Date: Tue, 17 Nov 2015 07:57:39 -0800 Subject: [PATCH 6/9] ensure all files propagate forwards (even if un-related files change) --- index.js | 15 ++++++++++----- test/index.js | 3 +++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/index.js b/index.js index c111c54..0761e53 100644 --- a/index.js +++ b/index.js @@ -28,11 +28,16 @@ function SRIHashAssets(inputNodes, options) { } CachingWriter.call(this, nodes, { - cacheInclude: [ - /\.html$/, - /\.js$/, - /\.css$/ - ] + // disabled to ensure all files are synced forward + // I suspect additions to BCW are needed, or a slightly different plugin + // to handle this more elegantly. + // Leaving this comment here as a reminder. -sp + // + // cacheInclude: [ + // /\.html$/, + // /\.js$/, + // /\.css$/ + // ] }); this.options.paranoiaCheck = this.options.paranoiaCheck || true; diff --git a/test/index.js b/test/index.js index eb3dfc0..4d2733a 100644 --- a/test/index.js +++ b/test/index.js @@ -32,6 +32,7 @@ describe('broccoli-sri-hash', function () { assert.equal(actual, expected); assert.deepEqual(walkSync(output.directory), [ + 'favicon.png', 'moment-with-locales.min.js', 'omg.png', 'other.css', @@ -50,6 +51,7 @@ describe('broccoli-sri-hash', function () { fs.writeFileSync('test/fixtures/input/other.css', '* { display: none; }'); assert.deepEqual(walkSync(output.directory), [ + 'favicon.png', 'moment-with-locales.min.js', 'omg.png', 'other.css', @@ -63,6 +65,7 @@ describe('broccoli-sri-hash', function () { var expected = file('test/fixtures/output2/test.html'); assert.deepEqual(walkSync(output.directory), [ + 'favicon.png', 'moment-with-locales.min.js', 'omg.png', 'other.css', From fc68593e9c2f3c87037fb70e7e23e7ee5d9f6c00 Mon Sep 17 00:00:00 2001 From: Stefan Penner Date: Tue, 17 Nov 2015 07:57:50 -0800 Subject: [PATCH 7/9] listing should be its own top level testing group --- test/index.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/test/index.js b/test/index.js index 4d2733a..45d7309 100644 --- a/test/index.js +++ b/test/index.js @@ -79,8 +79,10 @@ describe('broccoli-sri-hash', function () { }); }); - lint([ - 'index.js', - 'tests/index.js' - ]); }); + + +lint([ + 'index.js', + 'tests/index.js' +]); From ebfb6d34c3819b2ee10b4d143cf92e476093b558 Mon Sep 17 00:00:00 2001 From: Stefan Penner Date: Tue, 17 Nov 2015 08:01:05 -0800 Subject: [PATCH 8/9] cleanup deps --- package.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/package.json b/package.json index ccb1543..4a29294 100644 --- a/package.json +++ b/package.json @@ -16,16 +16,14 @@ }, "license": "MIT", "dependencies": { - "broccoli": "^0.16.3", "broccoli-caching-writer": "^2.2.0", - "rsvp": "^3.0.0", + "rsvp": "^3.1.0", "snyk": "^1.1.0", "sri-toolbox": "^0.2.0", "symlink-or-copy": "^1.0.1" }, "devDependencies": { "broccoli": "^0.16.8", - "broccoli-cli": "^1.0.0", "chai": "^3.4.1", "eslint": "^1.9.0", "eslint-config-nightmare-mode": "0.3.0", From cd4ec03c49b62264863cf16d17bde46713ca831a Mon Sep 17 00:00:00 2001 From: Stefan Penner Date: Tue, 17 Nov 2015 08:02:44 -0800 Subject: [PATCH 9/9] disable snyk. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - only “vulnerability” is a devDep of a devDep, and the devDep is actually not affected. --- package.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/package.json b/package.json index 4a29294..098adb1 100644 --- a/package.json +++ b/package.json @@ -5,8 +5,7 @@ "main": "index.js", "scripts": { "lint": "eslint index.js", - "test": "snyk test && mocha test", - "test:fast": "mocha test", + "test": "mocha test", "test:debug": "mocha debug test" }, "author": "Jonathan Kingston",