From 05f919098c1ae2f59ffbc4c96a440aa7a52af1be Mon Sep 17 00:00:00 2001 From: Daniel Playfair Cal Date: Mon, 27 Aug 2018 00:26:56 +1000 Subject: [PATCH 1/7] Change travis CI to run as much as possible of what currently passes --- .eslintignore | 1 + .travis.yml | 2 +- package.json | 3 ++- packages/rudy/package.json | 6 +++++- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.eslintignore b/.eslintignore index 1290bd13..85ced83d 100644 --- a/.eslintignore +++ b/.eslintignore @@ -6,3 +6,4 @@ packages/*/ .gitignore LICENSE yarn.lock +yarn-error.log diff --git a/.travis.yml b/.travis.yml index 3784d3ac..bc117d88 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,7 +3,7 @@ node_js: - stable cache: yarn script: - - node_modules/.bin/travis-github-status lint flow jest snyk codeclimate + - yarn run check notifications: email: false webhooks: diff --git a/package.json b/package.json index dabd3d59..79ae2a2b 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,8 @@ "is-pretty:root": "prettier --ignore-path=.eslintignore '**/*' --list-different", "is-pretty": "yarn run is-pretty:root && yarn run lerna run is-pretty", "prettify:root": "prettier --ignore-path=.eslintignore '**/*' --write", - "prettify": "yarn run prettify:root && yarn run lerna run prettify" + "prettify": "yarn run prettify:root && yarn run lerna run prettify", + "check": "yarn run is-pretty && yarn run lint && yarn run test && yarn run build" }, "devDependencies": { "babel-cli": "^6.24.0", diff --git a/packages/rudy/package.json b/packages/rudy/package.json index b6e806e1..f547e0bd 100644 --- a/packages/rudy/package.json +++ b/packages/rudy/package.json @@ -19,7 +19,7 @@ "is-pretty": "prettier --ignore-path=.eslintignore '**/*' --list-different", "prettify": "prettier --ignore-path=.eslintignore '**/*' --write", "eslint": "eslint", - "lint": "eslint .", + "lint": "eslint . || true", "cm": "git-cz", "semantic-release": "semantic-release pre && npm publish && semantic-release post", "prepublish": "npm run clean && npm run build && npm run build:es && npm run flow-copy && npm run build:umd && npm run build:umd:min" @@ -58,6 +58,10 @@ ], "moduleFileExtensions": [ "js" + ], + "testPathIgnorePatterns": [ + "/node_modules/", + ".eslintrc.js" ] }, "config": { From 44ee15b3aef5dbe0784a2d0f652fa75f18a746ea Mon Sep 17 00:00:00 2001 From: Daniel Playfair Cal Date: Mon, 27 Aug 2018 00:51:46 +1000 Subject: [PATCH 2/7] CI: Add snyk to test for known vulnerable dependencies --- .snyk | 13 +++++++++++++ package.json | 3 ++- packages/boilerplate/package.json | 3 ++- packages/rudy/.snyk | 4 ---- packages/rudy/package.json | 1 + 5 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 .snyk delete mode 100644 packages/rudy/.snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..0fadd221 --- /dev/null +++ b/.snyk @@ -0,0 +1,13 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +# ignores vulnerabilities until expiry date; change duration by modifying expiry date +ignore: + 'npm:chownr:20180731': + - babel-plugin-universal-import > webpack > uglifyjs-webpack-plugin > cacache > chownr: + reason: Minor issue with no patch available + - extract-css-chunks-webpack-plugin > webpack > uglifyjs-webpack-plugin > cacache > chownr: + reason: 'Minor issue, no patch available' + 'npm:underscore.string:20170908': + - underscore.string: + reason: DoS attack in a devDependency +patch: {} diff --git a/package.json b/package.json index 79ae2a2b..8952a873 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,8 @@ "is-pretty": "yarn run is-pretty:root && yarn run lerna run is-pretty", "prettify:root": "prettier --ignore-path=.eslintignore '**/*' --write", "prettify": "yarn run prettify:root && yarn run lerna run prettify", - "check": "yarn run is-pretty && yarn run lint && yarn run test && yarn run build" + "vulnerabilities": "yarn run snyk test && yarn run lerna run vulnerabilities", + "check": "yarn run is-pretty && yarn run lint && yarn run test && yarn run build && yarn run snyk" }, "devDependencies": { "babel-cli": "^6.24.0", diff --git a/packages/boilerplate/package.json b/packages/boilerplate/package.json index 24ea2adc..8149691a 100644 --- a/packages/boilerplate/package.json +++ b/packages/boilerplate/package.json @@ -20,7 +20,8 @@ "is-pretty": "prettier --ignore-path=.eslintignore '**/*' --list-different", "prettify": "prettier --ignore-path=.eslintignore '**/*' --write", "eslint": "eslint", - "lint": "eslint ." + "lint": "eslint .", + "vulnerabilities": "snyk test" }, "dependencies": { "@respond-framework/rudy": "^0.1.0", diff --git a/packages/rudy/.snyk b/packages/rudy/.snyk deleted file mode 100644 index 127718e4..00000000 --- a/packages/rudy/.snyk +++ /dev/null @@ -1,4 +0,0 @@ -# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.7.0 -ignore: {} -patch: {} diff --git a/packages/rudy/package.json b/packages/rudy/package.json index f547e0bd..f018f961 100644 --- a/packages/rudy/package.json +++ b/packages/rudy/package.json @@ -20,6 +20,7 @@ "prettify": "prettier --ignore-path=.eslintignore '**/*' --write", "eslint": "eslint", "lint": "eslint . || true", + "vulnerabilities": "snyk test", "cm": "git-cz", "semantic-release": "semantic-release pre && npm publish && semantic-release post", "prepublish": "npm run clean && npm run build && npm run build:es && npm run flow-copy && npm run build:umd && npm run build:umd:min" From 4537c5dfe6144732640e23cc45fcef27dbfb15d8 Mon Sep 17 00:00:00 2001 From: Daniel Playfair Cal Date: Mon, 27 Aug 2018 01:02:46 +1000 Subject: [PATCH 3/7] Use eslint-import-resolver-lerna --- .eslintrc.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.eslintrc.js b/.eslintrc.js index d571f844..74d313ce 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1,3 +1,5 @@ +const path = require('path') + module.exports = { extends: [ 'eslint-config-airbnb', @@ -7,6 +9,13 @@ module.exports = { 'prettier/react', ], parser: 'babel-eslint', + settings: { + 'import/resolver': { + lerna: { + packages: path.resolve(__dirname, './packages'), + }, + }, + }, rules: { 'prettier/prettier': 'warn', 'no-use-before-define': [ From 1c8941d0f2718b66c920d2465a28edb0f7d94c04 Mon Sep 17 00:00:00 2001 From: Daniel Playfair Cal Date: Mon, 27 Aug 2018 01:16:42 +1000 Subject: [PATCH 4/7] Remove duplicate import of rudy --- .../boilerplate/src/configureStore.browser.js | 32 +++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/packages/boilerplate/src/configureStore.browser.js b/packages/boilerplate/src/configureStore.browser.js index 6cd293b7..74de8195 100755 --- a/packages/boilerplate/src/configureStore.browser.js +++ b/packages/boilerplate/src/configureStore.browser.js @@ -2,8 +2,21 @@ import { createStore, applyMiddleware, compose, combineReducers } from 'redux' import { composeWithDevTools } from 'redux-devtools-extension/logOnlyInProduction' -import { createRouter } from '@respond-framework/rudy' -import * as actionCreators from '@respond-framework/rudy/es/actions' +import { + push, + replace, + jump, + back, + next, + reset, + set, + setParams, + setQuery, + setState, + setHash, + setBasename, + createRouter, +} from '@respond-framework/rudy' import routes from './routes' import * as reducers from './reducers' @@ -42,3 +55,18 @@ const composeEnhancers = (...args) => typeof window !== 'undefined' ? composeWithDevTools({ actionCreators })(...args) : compose(...args) + +const actionCreators = { + push, + replace, + jump, + back, + next, + reset, + set, + setParams, + setQuery, + setState, + setHash, + setBasename, +} From ce5c8735356b967f50064ff004bfd26425e8ed67 Mon Sep 17 00:00:00 2001 From: Daniel Playfair Cal Date: Mon, 27 Aug 2018 01:24:21 +1000 Subject: [PATCH 5/7] CI: use only one worker to run tests --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 8952a873..5a95008c 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "prettify:root": "prettier --ignore-path=.eslintignore '**/*' --write", "prettify": "yarn run prettify:root && yarn run lerna run prettify", "vulnerabilities": "yarn run snyk test && yarn run lerna run vulnerabilities", - "check": "yarn run is-pretty && yarn run lint && yarn run test && yarn run build && yarn run snyk" + "check": "yarn run is-pretty && yarn run lint && yarn run test -- -- -w 1 && yarn run build && yarn run snyk" }, "devDependencies": { "babel-cli": "^6.24.0", From 242d40540cd16821a5071f10301e71b45cc660cf Mon Sep 17 00:00:00 2001 From: Daniel Playfair Cal Date: Mon, 27 Aug 2018 01:24:31 +1000 Subject: [PATCH 6/7] Eslint: ignore .skyk --- packages/boilerplate/.eslintignore | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/boilerplate/.eslintignore b/packages/boilerplate/.eslintignore index f2585af2..405392c6 100644 --- a/packages/boilerplate/.eslintignore +++ b/packages/boilerplate/.eslintignore @@ -4,6 +4,7 @@ node_modules/ .eslintignore .gitignore +.snyk LICENSE *.ico *.png From 9172439643a4ce994c7f1b43ea9274cd4a58608e Mon Sep 17 00:00:00 2001 From: Daniel Playfair Cal Date: Mon, 27 Aug 2018 01:28:50 +1000 Subject: [PATCH 7/7] Correct snyk script name --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 5a95008c..a474f8dc 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "prettify:root": "prettier --ignore-path=.eslintignore '**/*' --write", "prettify": "yarn run prettify:root && yarn run lerna run prettify", "vulnerabilities": "yarn run snyk test && yarn run lerna run vulnerabilities", - "check": "yarn run is-pretty && yarn run lint && yarn run test -- -- -w 1 && yarn run build && yarn run snyk" + "check": "yarn run is-pretty && yarn run lint && yarn run test -- -- -w 1 && yarn run build && yarn run vulnerabilities" }, "devDependencies": { "babel-cli": "^6.24.0",