Address vulnerabilities found by retire.js

.eslintrc

@@ -0,0 +1,79 @@
+{
+  "env": {
+    "node": true
+  },
+  "globals": {
+    "axe": true
+  },
+  "rules": {
+    "no-bitwise": 2,
+    "camelcase": 2,
+    "curly": 2,
+    "eqeqeq": 2,
+    "guard-for-in": 2,
+    "wrap-iife": [
+      2,
+      "any"
+    ],
+    "indent": ["error", "tab", {"SwitchCase": 0}],
+    "no-use-before-define": [
+      2,
+      {
+        "functions": false
+      }
+    ],
+    "new-cap": 2,
+    "no-caller": 2,
+    "no-empty": 2,
+    "no-new": 2,
+    "no-plusplus": 0,
+    "quotes": [
+      2,
+      "single"
+    ],
+    "no-undef": 2,
+    "no-unused-vars": 2,
+    "strict": 0,
+    "max-params": [
+      2,
+      5
+    ],
+    "max-depth": [
+      2,
+      5
+    ],
+    "max-statements": [
+      2,
+      15
+    ],
+    "complexity": [
+      1,
+      12
+    ],
+    "max-len": [
+      2,
+      {
+        "code": 120,
+        "ignoreComments": true
+      }
+    ],
+    "semi": 0,
+    "no-cond-assign": 0,
+    "no-debugger": 0,
+    "no-eq-null": 0,
+    "no-eval": 0,
+    "no-unused-expressions": 0,
+    "block-scoped-var": 0,
+    "no-iterator": 0,
+    "linebreak-style": 0,
+    "comma-style": ["error", "last"],
+    "no-loop-func": 0,
+    "no-multi-str": 0,
+    "no-proto": 0,
+    "no-script-url": 0,
+    "no-shadow": 0,
+    "dot-notation": 2,
+    "no-new-func": 0,
+    "no-new-wrappers": 0
+  }
+}

.retireignore.json

@@ -30,5 +30,33 @@
 	{
 		"path": "node_modules/growl",
 		"justification": "Temporary disabling until vuln is fixed"
+	},
+	{
+		"path": "node_modules/phantomjs-prebuilt",
+		"justification": "Temporary disabling until we switch to headless chrome"
+	},
+	{
+		"path": "node_modules/hawk",
+		"justification": "Sub-dependency of retire.js, which is being ignored"
+	},
+	{
+		"path": "node_modules/cryptiles",
+		"justification": "Sub-dependency of retire.js, which is being ignored"
+	},
+	{
+		"path": "node_modules/sntp",
+		"justification": "Sub-dependency of retire.js, which is being ignored"
+	},
+	{
+		"path": "node_modules/boom",
+		"justification": "Sub-dependency of retire.js, which is being ignored"
+	},
+	{
+		"path": "node_modules/hoek",
+		"justification": "Sub-dependency of retire.js, which is being ignored"
+	},
+	{
+		"path": "node_modules/grunt-contrib-watch",
+		"justification": "Ignoring until a new release is out"
 	}
 ]

Gruntfile.js

@@ -1,4 +1,5 @@
-//jshint maxcomplexity: 12, maxstatements: false, camelcase: false
+/*eslint complexity: ["error",12], max-statements: ["error", 30],
+	camelcase: ["error", {"properties": "never"}]*/
 var testConfig = require('./build/test/config');
 
 module.exports = function (grunt) {
@@ -9,7 +10,7 @@ module.exports = function (grunt) {
 	grunt.loadNpmTasks('grunt-contrib-concat');
 	grunt.loadNpmTasks('grunt-contrib-connect');
 	grunt.loadNpmTasks('grunt-contrib-copy');
-	grunt.loadNpmTasks('grunt-contrib-jshint');
+	grunt.loadNpmTasks('grunt-eslint');
 	grunt.loadNpmTasks('grunt-contrib-uglify');
 	grunt.loadNpmTasks('grunt-contrib-watch');
 	grunt.loadNpmTasks('grunt-retire');
@@ -20,10 +21,10 @@ module.exports = function (grunt) {
 	var langs;
 	if (grunt.option('lang')) {
 		langs = (grunt.option('lang') || '')
-		.split(/[,;]/g).map(function (lang) {
-			lang = lang.trim();
-			return (lang !== 'en' ? '.' + lang : '');
-		});
+			.split(/[,;]/g).map(function (lang) {
+				lang = lang.trim();
+				return (lang !== 'en' ? '.' + lang : '');
+			});
 
 	} else if (grunt.option('all-lang')) {
 		var localeFiles = require('fs').readdirSync('./locales');
@@ -304,11 +305,11 @@ module.exports = function (grunt) {
 			var driverTests = {};
 
 			['firefox', 'chrome', 'ie', 'safari', 'edge', 'chrome-mobile']
-			.forEach(function (browser) {
-				driverTests[browser] = {
-					options: Object.assign({ browser: browser }, options)
-				};
-			});
+				.forEach(function (browser) {
+					driverTests[browser] = {
+						options: Object.assign({ browser: browser }, options)
+					};
+				});
 			return driverTests;
 		}()),
 		connect: {
@@ -320,10 +321,10 @@ module.exports = function (grunt) {
 				}
 			}
 		},
-		jshint: {
+		eslint: {
 			axe: {
 				options: {
-					jshintrc: true,
+					eslintrc: true,
 					reporter: grunt.option('report') ? 'checkstyle' : undefined,
 					reporterOutput: grunt.option('report') ? 'tmp/lint.xml' : undefined
 				},
@@ -338,19 +339,19 @@ module.exports = function (grunt) {
 
 	grunt.registerTask('default', ['build']);
 
-	grunt.registerTask('build', ['clean', 'jshint', 'validate', 'concat:commons', 'configure',
+	grunt.registerTask('build', ['clean', 'eslint', 'validate', 'concat:commons', 'configure',
 		 'babel', 'concat:engine', 'uglify']);
 
 	grunt.registerTask('test', ['build', 'retire', 'testconfig', 'fixture', 'connect',
-		'mocha', 'parallel', 'jshint']);
+		'mocha', 'parallel', 'eslint']);
 
 	grunt.registerTask('ci-build', ['build', 'retire', 'testconfig', 'fixture', 'connect',
-	 'parallel', 'jshint']);
+	 'parallel', 'eslint']);
 
 	grunt.registerTask('test-fast', ['build', 'testconfig', 'fixture', 'connect',
-		'mocha', 'jshint']);
+		'mocha', 'eslint']);
 
-	grunt.registerTask('translate', ['clean', 'jshint', 'validate', 'concat:commons', 'add-locale']);
+	grunt.registerTask('translate', ['clean', 'eslint', 'validate', 'concat:commons', 'add-locale']);
 
 	grunt.registerTask('dev', ['build', 'testconfig', 'fixture', 'connect', 'watch']);
 

build/build-manual.js

@@ -1,9 +1,8 @@
-/*jshint node: true */
+/*eslint-env node */
 'use strict';
 
 var path = require('path');
 var templates = require('./templates');
-var less = require('less');
 var Promise = require('promise');
 
 module.exports = function build(grunt, options, commons, callback) {
@@ -26,23 +25,6 @@ module.exports = function build(grunt, options, commons, callback) {
 		});
 	}
 
-	function parseStyle(src, callback) {
-		Promise
-			.all(grunt.file.expand(src).map(function(file) {
-				return new Promise(function(resolve, reject) {
-					less.render(grunt.file.read(file), function(err, result) {
-						if (err) {
-							return reject(err);
-						}
-						resolve(result.css);
-					});
-				});
-			}))
-			.then(function(values) {
-				callback(values.join('\n'));
-			});
-	}
-
 	function getSource(file, type) {
 		return grunt.template.process(templates[type], {
 			data: {
@@ -51,17 +33,11 @@ module.exports = function build(grunt, options, commons, callback) {
 		});
 	}
 
-	parseStyle(options.style, function(styles) {
-
-		callback({
-			rules: parseObject(options.rules),
-			checks: parseObject(options.checks),
-			tools: parseObject(options.tools),
-			misc: parseObject(options.misc),
-			commons: commons,
-			style: styles
-		});
-
+	callback({
+		rules: parseObject(options.rules),
+		checks: parseObject(options.checks),
+		tools: parseObject(options.tools),
+		misc: parseObject(options.misc),
+		commons: commons
 	});
-
 };

build/configure.js

@@ -1,4 +1,5 @@
-/*jshint node: true, maxstatements: 20 */
+/*eslint-env node */
+/*eslint max-statements: ["error", 20] */
 'use strict';
 
 var clone = require('clone');
@@ -181,8 +182,7 @@ function buildRules(grunt, options, commons, callback) {
 				rules: rules,
 				checks: checks,
 				commons: result.commons,
-				tools: result.tools,
-				style: result.style
+				tools: result.tools
 			}, blacklist)),
 			descriptions: descriptionHeaders + descriptions.map(function (row) {
 				return '| ' + row.join(' | ') + ' |';