fix: replace parse-glob #927
Conversation
github-actions
bot
added
cli
|
Please can someone review and approve this!!! |
|
Ping! @thedaviddias, can you please take a look or assign someone else who can? |
|
Are the failing checks going to prevent this from being merged? Looks like the test infra is still expecting to check parse-glob as part of its suite. |
|
The tests @josundt wrote for the parse-glob replacement were written using expect.js. I updated them to use the same framework as the other tests, and they pass now. Sorry I overlooked that! |
Codecov Report
@@ Coverage Diff @@
## master #927 +/- ##
=======================================
Coverage 97.10% 97.11%
=======================================
Files 1 2 +1
Lines 1626 1627 +1
Branches 288 289 +1
=======================================
+ Hits 1579 1580 +1
Misses 47 47
Continue to review full report at Codecov.
|
|
@joeyparrish - appears there is a failing test - any chance you can investigate please? |
Only appears on one builder, and doesn't appear to be related to the changes. I can't reproduce it locally. I would suggest re-running the tests to see if it was just a flaky test or a flaky test runner. |
|
Thanks @joeyparrish |
|
I really don't know. I can't reproduce it locally. I expect the two errors (fewer lines of output than expected from the CLI and a timeout in the overall test execution) could be related, but I can't figure out an easy way to prove that. But that test should never take 30s, none of the other 11 jobs had that issue on any other combination of OS, and nothing about it should be node-version-dependent or OS-dependent... so I think something must have been wrong with that VM at the time it was run. Have you tried re-running that one job to see if it's a transient issue in GitHub's VMs? For admins, there should be a small "refresh"-type button to the right of the job when you hover over it, which says "re-run this job". Here's a screenshot from one of my repos:
|
|
Sorry @joeyparrish I don't have access to the repo as Admin - I'm just a hopeful voyeur who has been watching this thread (and others like it) in the hope that this issue can be resolved. Interestingly it fails in the MacOS area - I use Mac so I'll pull down this branch locally and see if I can replicate the issue - unless you have already tested on Mac? |
|
Ah, I see. Well, my best guess is that the job needs to be re-run. @thedaviddias, can you take a look, please? I think this is safe to merge, and that a re-run of that failing job would pass. |
|
Thank you! |
## [1.1.3](v1.1.2...v1.1.3) (2022-03-28) ### Bug Fixes * replace parse-glob ([#927](#927)) ([a990a17](a990a17))
|
🎉 This PR is included in version 1.1.3 🎉 The release is available on: Your semantic-release bot 📦🚀 |
This is a rebased version of #827 by @josundt, with the JS binaries regenerated as well. It can be used directly as a dependency (
github:joeyparrish/HTMLHint#1c3a7e8b) while waiting for the fix to be merged upstream in HTMLHint.Closes #664
This PR replaces the abandoned, security-vulnerable
parse-globpackage with a customparse-glob.jsmodule/function and thereby fixes issue #664The added module exactly mimics the behavior of the function from the
parse-globpackage, but only includes the subset that is required by HTMLHint in the returned object. It usesis-globto validate the glob.Changes:
Added
parse-glob.tsto replace the vulnerable packageAdded a simple unit test to prove that my new module returns the same result as the replaced package for the required properties used by HTMLHint.
package.json:
@types/parse-globpackage fromdevDependenciesparse-globfromdependenciestodevDependencies(currently needed for the added unit test)is-globasdependencyThis PR is meant as an intermediate step to prove that the
parse-globpackage has been properly replaced.As a next step it would make sense to:
parse-globdevDependency - and the simple unit test