Commit Graph

243 Commits

Author SHA1 Message Date
Priyank Patel 778742a189 jsdom: Upgrade jsdom to v11.10.0.
This also updates node_tests to use new constructor which is uppercase,
and some properties that are changed to be more clear now, like
jsdom().defaultView which is meant to the window object is now called window.

Ref: https://github.com/jsdom/jsdom/blob/master/Changelog.md
2018-05-20 11:11:03 -07:00
Priyank Patel 00151f988a handlebars: Upgrade handlebars to v4.0.11.
This version only contains bugfixes. No breaking changes have been introduced.
Ref: https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v4011---october-17th-2017
2018-05-20 11:11:03 -07:00
Priyank Patel 7b40f8d50d flatpickr: Upgrade flatpickr to v4.5.0.
This new version is a lot ahead that what we now have currently.
Reading through the changelog there does not seem to any breaking
changes, just that this package have been updated a lot.

Ref: https://github.com/flatpickr/flatpickr/releases
2018-05-20 11:11:03 -07:00
Priyank Patel f02c2349b8 @types/webpack: Upgrade @types/webpack to v4.4.0.
This updates the webpack typescript type defenations to latest so we
can find bugs with webpack configurations.
2018-05-20 11:11:03 -07:00
Priyank Patel bcfc34c996 webpack-cli: Upgrade webpack-cli to v2.1.3.
This version just contains bugs fixes and regressions covered.
Ref: https://github.com/webpack/webpack-cli/releases/tag/2.1.3
2018-05-20 11:11:03 -07:00
Priyank Patel 50b663906a nyc: Upgrade nyc to v11.8.0.
This fixes a one vulnerability with this package's dependency.

randomatic - Cryptographically Weak PRNG
Ref: https://nodesecurity.io/advisories/157
2018-05-20 11:11:03 -07:00
Priyank Patel 19ba08e055 webpack-dev-server: Upgrade webpack-dev-server to v3.1.4. 2018-05-20 11:11:03 -07:00
Priyank Patel 74b0a73260 phantomjs-prebuilt: Upgrade phantomjs-prebuilt to 2.1.16.
This solves 8 vulnerabilities, in its dependencies.

conacat-stream - Memory Exposure
Ref: https://nodesecurity.io/advisories/597

hoek - Prototype Pollution
Ref: https://nodesecurity.io/advisories/566

tunnel-agent - Memory Exposure
Ref: https://nodesecurity.io/advisories/598

debug - Regular Expression Denial of Service
Ref:  https://nodesecurity.io/advisories/534

stringstream - Out-of-bounds Read
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Priyank Patel b9d49c846e webpack: Upgrade webpack to v4.8.3. 2018-05-20 11:11:03 -07:00
Priyank Patel 6f4fc628e6 node-sass: Upgrade node-sass to v4.9.0.
This resolves 12 vulnerabilities.

Following were the issue with the dependencies of node-sass.
hoek - Prototype Pollution
Ref: https://nodesecurity.io/advisories/566

tunnle-agent - Memory Exposure issue
Ref: https://nodesecurity.io/advisories/598

stringstream - Out-of-bounds read
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Priyank Patel b376629974 ploty.js: Upgrade ploty.js to v1.37.1.
This solves 14 security venrubilities in the ploty.js's dependencies.
This was found by using the `npm audit` tool which can analyse dependencies
of dependencies issues.

static-eval - Sandbox Breakout / Arbitrary Code Execution
Ref: https://nodesecurity.io/advisories/548

hoek - Prototype pollution
Ref: https://nodesecurity.io/advisories/566

stringstream - Memory Exposure issue
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Aman Ghebreweldi e5ec1e83e8 third: Use fontawesome NPM package.
This removes the need for us to have checked in a copy of fontawesome.
2018-05-17 04:58:30 -07:00
Aman Ghebreweldi b496afc8b9 third: Remove font Source Sans Pro from static/third.
We can just get it from NPM instead.
2018-05-15 16:22:44 -07:00
Aman Ghebreweldi 83ee8211a8 third: Get sorttable package from npm.
We didn't have any local changes, so there's no need to have it
vendored in the repository.
2018-05-15 09:25:48 -07:00
Armaan Ahluwalia 64dadae697 webpack: Add css-hot-loader to remove flash on unstyled content.
This commit removes the flash on unstyled content while in dev
mode that was caused by the use of style-loader. Instead it
enables mini-css-extract-plugin in dev in combination with
css-hot-loader which enables HMR for development.

This is because mini-css-extract-plugin does not currently support
HMR out of the box. It also adds a SourceMapDevtoolPlugin to enable
sourcemaps with css since mini-css breaks sourcemaps when used in
combination with the cheap-module-evel-source-map setting.

Related issues:
https://github.com/webpack-contrib/mini-css-extract-plugin/issues/34
https://github.com/webpack-contrib/mini-css-extract-plugin/issues/29
2018-05-02 16:55:58 -07:00
Armaan Ahluwalia bda9f3e3ea CSS: Install dependencies for SCSS Integration.
This commit installs the dependencies required for SCSS compilation
by webpack.
2018-04-27 08:52:37 -07:00
Armaan Ahluwalia fc7aa1a771 webpack: Upgrade webpack version 4.5.0.
Upgrade webpack to latest version at the time of authoring. This
involves upgrading webpack version and its loaders to compatible
versions. It also involved editing tools/webpack to use the
executable for webpack-cli instead because of a change in how the
webpack package wants you to handle shell execution.
It also fixes the confugration for TypeScript in the webpack config
as that was previously broken. Including TypeScript files in JS
files compiled by webpack now works.
2018-04-23 15:49:33 -07:00
Priyank Patel 29f04511c0 node_tests: Use nyc instead of deceprated istanbul package. 2018-04-23 15:27:16 -04:00
Shubham Padia 55619cbe70 browser-support: Add string.prototype.endswith polyfill.
String.prototype.endsWith is not supported in ie11.
Adds string.prototype.endswith package to dependencies and places
it at `common` entry point in webpack.assets.json.
2018-04-11 15:40:57 -07:00
Shubham Padia b906562f22 browser-support: Add string.prototype.startsWith polyfill.
Fixes #8944.
Adds string.prototype.startswith package to dependencies and places
it at `common` entry point in webpack.assets.json. As common.js is
loaded on all code paths first, there is no need to place this package
into other entry points.
2018-04-09 12:16:19 -07:00
Tim Abbott d1c57df0ca estlint: Upgrade version of eslint. 2018-04-06 11:58:58 -07:00
Priyank f5acbcb4c8 clipboard: Update clipboard to v2.0.0 to avoid variable name conflict.
It turns out, now we have a new standard way to access clipboard by
`Clipboard` method and currently this conflict with the constructor
exported by clipboard package. The new update v2.0.0 was released to address
this issue. The new version just exports the constructor as `ClipboardJS`.

Ref: https://developer.mozilla.org/en-US/docs/Web/API/Clipboard
Ref: https://github.com/zenorocha/clipboard.js/issues/468
2018-04-05 15:09:00 -07:00
Gooca 91185b7170 Updated source-map-loader to 0.2.3. 2018-03-22 14:43:26 -07:00
Gooca 2b3eb7f541 Updated i18next-xhr-backend to 1.5.1. 2018-03-22 14:43:26 -07:00
Gooca a9ba630a37 Updated jquery to 3.3.1. 2018-03-22 14:43:26 -07:00
Gooca a4da724f22 Updated typescript to 2.7.2. 2018-03-22 14:43:26 -07:00
Gooca f0e49e6cbb Updated webpack-bundle-tracker to 0.3.0. 2018-03-22 14:43:26 -07:00
Gooca 2363c9955a ui scrollbar: Update perfect-scrollbar to 1.3.0.
Update perfect-scrollbar to fix stutter space-scrolling in #8544. Also
reworked deprecated `element.perfectScrollbar` to `new
PerfectScrollbar(element)`.  Lastly, updated provision version and
changed node module path to new path.

This also refactors perfect-scrollbar in help.js to work with updated
version of perfect-scrollbar. Because the update also changed
perfect-scrollbar's css selectors for all scrollbars in zulip, we
update those too.

Fixes #8544.
2018-03-20 21:59:11 -07:00
Priyank b8840108bb yarn: Update broken yarn lockfile.
This commit fixes currupted yarn lockfile, which generated this warning:
```
warning Lockfile has incorrect entry for "d3-queue@2". Ignoring it.
warning Lockfile has incorrect entry for "inherits@2". Ignoring it.
warning Lockfile has incorrect entry for "request@2". Ignoring it.
warning Lockfile has incorrect entry for "rimraf@2". Ignoring it.
```
2018-03-20 14:55:11 -07:00
Harshit Bansal 40958e0824 emoji: Switch to 64px 256 color indexed sprite sheets.
This commit switches our emoji infrastructure to use 256 color indexed
64px spritesheets. Earlier we were using non-indexed 32px spritesheets
which were blurry on high dpi displays. These indexed spritesheets not
only provide a crispier display but are also smaller in size.

This commit also removes the `emoji-datasource` package as a dependency
as all the data is now sourced from individual datasource packages.

Fixes: #7862.
2018-03-14 10:28:45 -07:00
Rohitt Vashishtha b22e8dc2b7 lint: Replace 'return undefined;' with 'return;'.
Also adds a custom rule to eslint. Since the recommended way of extending
eslint is to create plugins as standalone npm packages, the separate rule
is published as 'eslint-plugins-empty-returns'.

Fixes #8669.
2018-03-13 08:22:42 -04:00
Vishnu Ks 713ca1e5f2 yarn: Update yarn.lock for moment and moment-timezone upgrade. 2018-03-09 11:05:18 -08:00
Aditya Bansal 76f6f7cb47 datetimepicker: Add flatpickr lib as dependancy. 2018-01-19 11:33:11 -05:00
Andy Perez fc2298ec54 node tests: Add nice diffs to js markdown tests.
Fix #3915
2017-12-18 19:03:38 -05:00
Andy Perez e7f1825617 bugdown: Update KaTeX to version 0.8.3 from 0.7.1.
Fixes #7480.
2017-11-23 12:43:34 -08:00
Garvit 52069998eb compose: Preserve links when pasting html.
This uses the to-markdown.js library to do all the hard work of
parsing HTML and turning it into markdown and not e.g. uploaded files.

Tweaked by tabbott to better scope when it activates to just include
pastes of HTML content.

Fixes #5853.
2017-11-21 19:52:47 -08:00
rht bff736868e Generate custom-icon-webfont on each provision or update-prod-static.
Fixes #7354.
2017-11-20 16:36:49 -08:00
Tim Abbott fa0fb9e299 casper: Switch to use a newer casper off master.
Newer casper should fix some problems we've had with contenteditable.
2017-11-16 22:20:38 -08:00
Tim Abbott 7b5ae1ee38 node: Update yarn.lock. 2017-11-16 22:20:38 -08:00
Steve Howell f105c480b3 Calculate gravatar hashes on the webapp client.
This change prepares us to have the server send avatar_url
of None when somebody wants a gravatar avatar (as opposed
to a user-uploaded one).

Subsequent commits will change behavior on both the server
and client to have this happen.  So this commit has no-op
code for now, but it will soon use the fallback-to-gravatar
logic.
2017-11-07 10:36:02 -08:00
rht 49ad5c78e6 js: Update minor versions of several node dependencies. 2017-10-25 14:09:28 -07:00
Umair Khan 4caec524ae yarn: Bump i18next-xhr-backend version to 1.4.3.
This version can take loadPath as a function. i18next sends zh-Hans
as zh-Hans while Django recognizes it as zh_Hans.
2017-10-19 17:56:49 -07:00
Pweaver (Paul Weaver) 1afaa67c7c deps: Change npm to yarn for reliablity, security, and speed. 2017-08-05 12:29:06 -07:00