Upgrade Dependencies to fix vulnerabilities #36
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
My |
|
True, insofar as that it is not necessarily a vulnerability for the users of the extensions as the dependencies are rather dev-use only. I have to admit that I did not take a closer look at the vulnerabilities reported – I could imagine e.g. a vulnerability in babel could lead to security issues in the compiled JavaScript, therefore affecting the end user. But yeah, just speculating here |
|
This is what I finally created based on Your PR, unfortunately I have a problem with import browserify from 'browserify';
import merge from 'merge-stream';
import fs from 'fs';
import gulp from 'gulp';
import gulpif from 'gulp-if';
import preprocessify from 'preprocessify';
import buffer from 'vinyl-buffer';
import source from 'vinyl-source-stream';
const $ = require('gulp-load-plugins')();
const production = process.env.NODE_ENV === 'production';
const target = process.env.TARGET || 'chrome';
const environment = process.env.NODE_ENV || 'development';
var generic = JSON.parse(fs.readFileSync(`./config/${environment}.json`));
var specific = JSON.parse(fs.readFileSync(`./config/${target}.json`));
var context = Object.assign({}, generic, specific);
var defaultManifest = {
dev: {
'background':
{
'scripts': [
'scripts/livereload.js',
'scripts/icon-changer.js'
]
}
},
firefox: { 'applications': { 'gecko': { 'id': '[email protected]' } } }
};
function styles() {
return gulp.src('src/styles/**/*.scss')
.pipe($.plumber())
.pipe(
$.sass
.sync({ outputStyle: 'expanded', precision: 10, includePaths: ['.'] })
.on('error', $.sass.logError)
)
.pipe(gulp.dest(`./build/${target}/styles/`));
}
function manifest() {
return gulp.src('./manifest.json')
.pipe(gulpif(!production, $.mergeJson({
fileName: 'manifest.json',
jsonSpace: ' '.repeat(4),
endObj: defaultManifest.dev
})))
.pipe(gulpif(target === 'firefox', $.mergeJson({
fileName: 'manifest.json',
jsonSpace: ' '.repeat(4),
endObj: defaultManifest.firefox
})))
.pipe(gulp.dest(`./build/${target}`))
}
exports.manifest = manifest;
function pipe(src, ...transforms) {
return transforms.reduce((stream, transform) => {
const isDest = typeof transform === 'string';
return stream.pipe(isDest ? gulp.dest(transform) : transform)
}, gulp.src(src, { allowEmpty: true }))
}
function zip() {
return gulp.src(`build/${target}/**/*`)
.pipe($.zip(`${target}.zip`))
.pipe(gulp.dest('./dist'))
}
function buildJS(target) {
let files = [
'contentscript.js', 'icon-changer.js', 'popup.js',
];
if (!production) {
files.push('livereload.js');
}
let tasks = files.map(file => {
return browserify({ entries: 'src/scripts/' + file, debug: true })
.transform('babelify', { presets: ['@babel/preset-env'] })
.transform(preprocessify, { includeExtensions: ['.js'], context: context })
.bundle()
.pipe(source(file))
.pipe(buffer())
.pipe(gulpif(!production, $.sourcemaps.init({ loadMaps: true })))
.pipe(gulpif(!production, $.sourcemaps.write('./')))
.pipe(gulpif(production, $.uglify({ 'mangle': false, 'output': { 'ascii_only': true } })))
.pipe(gulp.dest(`./build/${target}/scripts`));
});
return merge(tasks)
}
function js(done) {
buildJS(target);
done()
}
function clean() {
return pipe(`./build/${target}`, $.clean())
}
function watch() {
$.livereload.listen();
gulp.watch('./src/**/*', gulp.series('build', function (done) {
$.livereload.reload();
done();
}))
// gulp.watch('./src/**/*', gulp.series('build'))
}
function files() {
return merge(
pipe('./src/icons/**/*', `./build/${target}/icons`),
pipe(['./src/_locales/**/*'], `./build/${target}/_locales`),
pipe([`./src/images/${target}/**/*`], `./build/${target}/images`),
pipe(['./src/images/shared/**/*'], `./build/${target}/images`),
pipe(['./src/**/*.html'], `./build/${target}`))
}
exports.clean = clean;
exports.assets = gulp.series(styles, js);
exports.build = gulp.series(clean, exports.assets, manifest, files);
exports.watch = gulp.series(exports.build, watch);
exports.dist = gulp.series(exports.build, zip);
exports.default = exports.build; |
|
I am sorry, @piotrkochan, I may not understand your inquiry. The code you posted is not mine, nor the one in this PR (see gulpfile.babel.js). The error you mention looks like you have a typo somewhere: |
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Dear maintainer
Thank you for this repository.
In this pull request, I propose upgrading Babel to version 7 and gulp to version 4. The required changes should all be present.
Reasons for the upgrades include
npm audit.Best regards