Commit Graph

336 Commits

Author SHA1 Message Date
Priyank Patel 6f4fc628e6 node-sass: Upgrade node-sass to v4.9.0.
This resolves 12 vulnerabilities.

Following were the issue with the dependencies of node-sass.
hoek - Prototype Pollution
Ref: https://nodesecurity.io/advisories/566

tunnle-agent - Memory Exposure issue
Ref: https://nodesecurity.io/advisories/598

stringstream - Out-of-bounds read
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Priyank Patel b376629974 ploty.js: Upgrade ploty.js to v1.37.1.
This solves 14 security venrubilities in the ploty.js's dependencies.
This was found by using the `npm audit` tool which can analyse dependencies
of dependencies issues.

static-eval - Sandbox Breakout / Arbitrary Code Execution
Ref: https://nodesecurity.io/advisories/548

hoek - Prototype pollution
Ref: https://nodesecurity.io/advisories/566

stringstream - Memory Exposure issue
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Aman Ghebreweldi e5ec1e83e8 third: Use fontawesome NPM package.
This removes the need for us to have checked in a copy of fontawesome.
2018-05-17 04:58:30 -07:00
Aman Ghebreweldi b496afc8b9 third: Remove font Source Sans Pro from static/third.
We can just get it from NPM instead.
2018-05-15 16:22:44 -07:00
Aman Ghebreweldi 83ee8211a8 third: Get sorttable package from npm.
We didn't have any local changes, so there's no need to have it
vendored in the repository.
2018-05-15 09:25:48 -07:00
Armaan Ahluwalia 64dadae697 webpack: Add css-hot-loader to remove flash on unstyled content.
This commit removes the flash on unstyled content while in dev
mode that was caused by the use of style-loader. Instead it
enables mini-css-extract-plugin in dev in combination with
css-hot-loader which enables HMR for development.

This is because mini-css-extract-plugin does not currently support
HMR out of the box. It also adds a SourceMapDevtoolPlugin to enable
sourcemaps with css since mini-css breaks sourcemaps when used in
combination with the cheap-module-evel-source-map setting.

Related issues:
https://github.com/webpack-contrib/mini-css-extract-plugin/issues/34
https://github.com/webpack-contrib/mini-css-extract-plugin/issues/29
2018-05-02 16:55:58 -07:00
Armaan Ahluwalia bda9f3e3ea CSS: Install dependencies for SCSS Integration.
This commit installs the dependencies required for SCSS compilation
by webpack.
2018-04-27 08:52:37 -07:00
Armaan Ahluwalia fc7aa1a771 webpack: Upgrade webpack version 4.5.0.
Upgrade webpack to latest version at the time of authoring. This
involves upgrading webpack version and its loaders to compatible
versions. It also involved editing tools/webpack to use the
executable for webpack-cli instead because of a change in how the
webpack package wants you to handle shell execution.
It also fixes the confugration for TypeScript in the webpack config
as that was previously broken. Including TypeScript files in JS
files compiled by webpack now works.
2018-04-23 15:49:33 -07:00
Priyank Patel 29f04511c0 node_tests: Use nyc instead of deceprated istanbul package. 2018-04-23 15:27:16 -04:00
Shubham Padia 55619cbe70 browser-support: Add string.prototype.endswith polyfill.
String.prototype.endsWith is not supported in ie11.
Adds string.prototype.endswith package to dependencies and places
it at `common` entry point in webpack.assets.json.
2018-04-11 15:40:57 -07:00
Shubham Padia b906562f22 browser-support: Add string.prototype.startsWith polyfill.
Fixes #8944.
Adds string.prototype.startswith package to dependencies and places
it at `common` entry point in webpack.assets.json. As common.js is
loaded on all code paths first, there is no need to place this package
into other entry points.
2018-04-09 12:16:19 -07:00
Tim Abbott d1c57df0ca estlint: Upgrade version of eslint. 2018-04-06 11:58:58 -07:00
Priyank f5acbcb4c8 clipboard: Update clipboard to v2.0.0 to avoid variable name conflict.
It turns out, now we have a new standard way to access clipboard by
`Clipboard` method and currently this conflict with the constructor
exported by clipboard package. The new update v2.0.0 was released to address
this issue. The new version just exports the constructor as `ClipboardJS`.

Ref: https://developer.mozilla.org/en-US/docs/Web/API/Clipboard
Ref: https://github.com/zenorocha/clipboard.js/issues/468
2018-04-05 15:09:00 -07:00
Gooca 91185b7170 Updated source-map-loader to 0.2.3. 2018-03-22 14:43:26 -07:00
Gooca 2b3eb7f541 Updated i18next-xhr-backend to 1.5.1. 2018-03-22 14:43:26 -07:00
Gooca a9ba630a37 Updated jquery to 3.3.1. 2018-03-22 14:43:26 -07:00
Gooca a4da724f22 Updated typescript to 2.7.2. 2018-03-22 14:43:26 -07:00
Gooca f0e49e6cbb Updated webpack-bundle-tracker to 0.3.0. 2018-03-22 14:43:26 -07:00
Gooca 2363c9955a ui scrollbar: Update perfect-scrollbar to 1.3.0.
Update perfect-scrollbar to fix stutter space-scrolling in #8544. Also
reworked deprecated `element.perfectScrollbar` to `new
PerfectScrollbar(element)`.  Lastly, updated provision version and
changed node module path to new path.

This also refactors perfect-scrollbar in help.js to work with updated
version of perfect-scrollbar. Because the update also changed
perfect-scrollbar's css selectors for all scrollbars in zulip, we
update those too.

Fixes #8544.
2018-03-20 21:59:11 -07:00
Harshit Bansal 40958e0824 emoji: Switch to 64px 256 color indexed sprite sheets.
This commit switches our emoji infrastructure to use 256 color indexed
64px spritesheets. Earlier we were using non-indexed 32px spritesheets
which were blurry on high dpi displays. These indexed spritesheets not
only provide a crispier display but are also smaller in size.

This commit also removes the `emoji-datasource` package as a dependency
as all the data is now sourced from individual datasource packages.

Fixes: #7862.
2018-03-14 10:28:45 -07:00
Rohitt Vashishtha b22e8dc2b7 lint: Replace 'return undefined;' with 'return;'.
Also adds a custom rule to eslint. Since the recommended way of extending
eslint is to create plugins as standalone npm packages, the separate rule
is published as 'eslint-plugins-empty-returns'.

Fixes #8669.
2018-03-13 08:22:42 -04:00
Vishnu Ks 254548d093 package.json: Upgrade moment-timezone to 0.5.14. 2018-03-08 14:57:28 -08:00
Vishnu Ks 8d8c102192 package.json: Upgrade moment to 2.21.0. 2018-03-08 14:57:28 -08:00
Aditya Bansal 76f6f7cb47 datetimepicker: Add flatpickr lib as dependancy. 2018-01-19 11:33:11 -05:00
Greg Price e34852acf6 package.json: Move difflib to devDependencies.
We introduced this a couple of commits ago (in #7782) for use in the
tests only.  Putting it here avoids pulling in a new dependency in
production which we don't use there.
2017-12-18 19:09:03 -08:00
Andy Perez fc2298ec54 node tests: Add nice diffs to js markdown tests.
Fix #3915
2017-12-18 19:03:38 -05:00
cPhost c6985e2eee eslint: add --cache flag for faster linting 2017-12-07 15:14:51 -08:00
Andy Perez e7f1825617 bugdown: Update KaTeX to version 0.8.3 from 0.7.1.
Fixes #7480.
2017-11-23 12:43:34 -08:00
Garvit 52069998eb compose: Preserve links when pasting html.
This uses the to-markdown.js library to do all the hard work of
parsing HTML and turning it into markdown and not e.g. uploaded files.

Tweaked by tabbott to better scope when it activates to just include
pastes of HTML content.

Fixes #5853.
2017-11-21 19:52:47 -08:00
rht bff736868e Generate custom-icon-webfont on each provision or update-prod-static.
Fixes #7354.
2017-11-20 16:36:49 -08:00
Tim Abbott fa0fb9e299 casper: Switch to use a newer casper off master.
Newer casper should fix some problems we've had with contenteditable.
2017-11-16 22:20:38 -08:00
Cynthia Lin 0b800b0a7d icons: Create framework for custom icons and add new bot icon. 2017-11-10 11:18:42 -08:00
Steve Howell f105c480b3 Calculate gravatar hashes on the webapp client.
This change prepares us to have the server send avatar_url
of None when somebody wants a gravatar avatar (as opposed
to a user-uploaded one).

Subsequent commits will change behavior on both the server
and client to have this happen.  So this commit has no-op
code for now, but it will soon use the fallback-to-gravatar
logic.
2017-11-07 10:36:02 -08:00
Harshit Bansal 1067cfd92a node_modules: Add npm packages for the supported emojisets.
This commit adds emoji datasource packages for the rest of the emojiset
packages which we will use for serving images in notifications.
2017-10-28 10:38:32 -07:00
rht 49ad5c78e6 js: Update minor versions of several node dependencies. 2017-10-25 14:09:28 -07:00
Umair Khan 4caec524ae yarn: Bump i18next-xhr-backend version to 1.4.3.
This version can take loadPath as a function. i18next sends zh-Hans
as zh-Hans while Django recognizes it as zh_Hans.
2017-10-19 17:56:49 -07:00
Harshit Bansal 2e80bc50bb requirements: Add `emoji-datasource-google` package as a dependency.
This package contains individual images for emojis that we will be
using in email notifications.
2017-09-24 04:51:33 -07:00
Brock Whittaker 52588cb2b6 Upgrade jQuery to v3.2.1. 2017-08-22 12:54:26 -07:00
Pweaver (Paul Weaver) 21cad9cc24 webpack: Convert webpack config to typescript.
This helps catch bugs in the configuration.
2017-08-04 11:01:37 -07:00
Tim Abbott 41d7bfabe4 Revert "Update to jQuery version 3."
This reverts commit a01eb190d6.

We haven't debugged why yet, but this was causing 2 major problems:
* Misalignment in the floating recipient bar area.
* Missing scrollbar in the right sidebar.
2017-07-26 23:17:11 -07:00
Cory Lynch a01eb190d6 Update to jQuery version 3.
Fixes #5483.
2017-07-24 10:54:47 -07:00
Harshit Bansal ebdd8c9e3d emoji: Switch to using `emoji-datasource` npm package.
This commit does the following things:
* Instead of using a manual tool for downloading sprite sheets, use
  `emoji-datasource` npm package.
* Modify the `build_emoji` script to use sprite sheets from the npm
  package.

Bumps PROVISION_VERSION.

Fixes: #4730.
2017-07-13 21:52:01 -07:00
Jack Zhang 0c50f2ee09 [third] Add lightweight fuzzysearch library.
This is intended to be used in the new /integrations page.
2017-07-05 11:54:55 -07:00
Mehanig 1e5ce918e3 webpack: Move app_debug.js to webpack bundle. 2017-06-13 12:45:40 -07:00
Rafid Aslam 4f482834b4 deps: Upgrade and move `perfect-scrollbar` from `static/third` to `npm`.
- Remove `perfect-scrollbar` from `static/third` and fetch it from npm.
- Upgrade `perfect-scrollbar` to 0.7.1.
- Bump up the `PROVISION_VERSION` to 5.6.

Changed `wheelSpeed` in "static/js/scroll_bar.js" to 0.5, because when it
20, the scrollbar scrolls very fast.

Changed 'wheelSpeed' in "static/js/emoji_picker.js" from 25 to 0.68
(based on tabbott's testing of scrolling through the emoji list).

Part of #1709.
2017-06-11 10:15:48 -07:00
Mehanig 8c0e500d6b webpack: Migrate api and katex js files to Webpack bundler.
This also injects the dev webpack sockets to katex, since that's part
of the main web app bundle.
2017-06-09 12:33:52 -07:00
Yago González 9602f73d05 lint: Add validation for the Swagger file. 2017-06-03 15:48:04 -07:00
Pweaver (Paul Weaver) bbb3aad611 Add typescript support to asset compilation. 2017-05-28 17:28:28 -07:00
Mehanig 3f5d0e69fb Build and handle jsfiles using webpack instead of django-pipeline.
Also renames bundle.js to translations.js.
2017-05-24 18:38:03 -07:00
Mehanig 6038777891 npm: Upgrade webpack to 2.0 version dev and production. 2017-05-23 23:58:25 -07:00
Cynthia Lin a267c61cdd integrations: Update docs for adding integration images. 2017-04-24 22:34:36 -07:00
hackerkid 2a0a84b229 Add moment.js third-party module via npm.
This is needed for timezone manipulations.  We may be able to replace
XDate with it in the future as well.
2017-04-14 10:22:06 -07:00
Raghav Jajodia 9707c74f33 message_edit: Added copy to clipboard button.
A copy-to-clipboard button is added over message-edit textarea.
Closes #3239.
2017-03-22 11:00:18 -07:00
Steve Howell f6c8f4de43 Upgrade jquery to 2.2.3.
We were at 1.12.1.  Versions 1.12 and 2.2 have the same API, and
2.x basically removes some compatibility for old browser versions.
2.2.3 was the last bug release for 2.2, and it was released in
April 2016.
2017-03-21 18:57:03 -07:00
Yago González 34a9e1ae11 markdown: Add TeX typesetting support.
Co-authored-by: Reid Barton <rwbarton@gmail.com>

Fixes #2056.
2017-03-21 16:40:00 -07:00
Cynthia Lin 902207da71 node: Update package.json to eliminate vulnerable dependecies. 2017-03-14 18:21:00 -07:00
Tim Abbott 60b6a56da8 deps: Upgrade handlebars to latest version.
Fixes #3939.
2017-03-04 22:05:23 -08:00
Rafid Aslam 33129059f4 deps: Upgrade and move `handlebars` from `static/third` to `npm`.
- Remove `handlebars.runtime.js` from static/third and fetch it from npm
- Upgrade `handlebars` to 3.0.3.

I change the test since there is a patch about line, written in
handlebars'
v2.0.0-beta.1 release note:
"Lines containing only block statements and whitespace are now removed."

Fixes part of #1709.
2017-03-04 21:49:02 -08:00
Tim Abbott 27112b1e08 lint: Pin version of eslint to 3.9.1.
This indirectly works around an issue with acorn version 4.0.5 that
in turn causes eslint to hang forever.
2017-02-02 15:25:44 -08:00
Tim Abbott b52f606c3a Revert "deps: Upgrade and move `jquery-mousewheel` from `static/third` to `npm`"
Apparently, the updated version of this has a serious scrolling
performance problem in the left sidebar that basically makes scrolling
in that area unusable.

This reverts commit b683b2d3c3.
2017-01-26 13:42:00 -08:00
Rafid Aslam b683b2d3c3 deps: Upgrade and move `jquery-mousewheel` from `static/third` to `npm`
- Remove `jquery-mousewheel` from `static/third` and fetch it from npm.
- Upgrade `jquery-mousewheel` to 3.1.6.
- Bump up the `PROVISION_VERSION` to 4.5.
- Change some js code to comply with this `jquery-mousewheel` version.

Part of #1709.
2017-01-19 17:24:53 -08:00
Rafid Aslam 10a8c3d2ae deps: Move `xdate` from `static/third` to `npm`
- Remove `xdate` from `static/third` and fetch it from `npm`.
- Bump up the `PROVISION_VERSION` to 4.3.

Part of #1709.
2017-01-19 17:07:55 -08:00
Rafid Aslam 84e802422e deps: Upgrade and move `underscore.js` from `static/third` to `npm`
- Remove `underscore.js` from `static/third` and fetch it from `npm`.
- Upgrade `underscore.js` to 1.8.3.
- Bump up the `PROVISION_VERSION` to 4.2.

Part of #1709
2017-01-19 17:07:45 -08:00
Rafid Aslam 911fcd3831 deps: Upgrade and move `codepointat` from `static/third` to `npm`
- Remove `codepointat` from `static/third` and fetch it from `npm`.
- Upgrade `codepointat` to 0.2.0.
- Bump up the `PROVISION_VERSION` to 4.1.

Part of #1709.
2017-01-19 17:07:32 -08:00
Rafid Aslam 8ac81d2722 deps: Upgrade and move `winchan.js` from `static/third` to `npm`
- Remove `winchan.js` from `static/third` and fetch it from `npm`.
- Upgrade `winchan` to 0.2.0.
- Bump up the `PROVISION_VERSION` to 4.0.

Part of #1709.
2017-01-19 17:07:21 -08:00
Tim Abbott 007d4becfd Revert "update-sockjs: Update sockjs from version 0.3.4 to 1.1.1."
This reverts commit 7bf10ec74f.

Apparently, SockJS 1.1.1 is broken with the browser used in our legacy
desktop app, resulting in messages being silently not sent.
2017-01-10 11:46:15 -08:00
umkay 05bbdb379d analytics: Add plotly.js dependency.
Increases provision number.
2016-12-29 14:20:13 -08:00
Umair Khan fe1848377c i18n: Bump i18next-parser version.
Fixes #2882
2016-12-27 14:39:39 +05:00
Tim Abbott fc496ee279 npm: Upgrade phantomjs-prebuilt to 2.1.14. 2016-12-26 15:26:38 -08:00
Tim Abbott d579372e8c npm: Upgrade istanbul to 0.4.5. 2016-12-26 15:21:52 -08:00
Rafid Aslam ce94fb2eb1 deps: Change zxcvbn download method from download-zxcvbn to npm.
- Replace download-zxcvbn with downloading it from npm.
- Change zxcvbn.js path to node_modules (because npm put it to
`node_modules` directory.
- Bump `PROVISION_VERSION` in `version.py` to 2.4.

Fixes #2423.
2016-12-06 17:54:56 -08:00
K.Kanakhin 7bf10ec74f update-sockjs: Update sockjs from version 0.3.4 to 1.1.1.
- Add browserify to npm dependencies.
- Add SockJS-client to npm dependencies.
- Add npm postinstall script to generate browser version of SockJS-client
  from npm package.
- Change deprecated SockJS object property 'protocol_whitelist' to
  'transports'.
- Fix settings.
2016-12-05 21:36:10 -08:00
Arpith Siromoney 497c7702cc Run eslint in tools/lint-all with npm run --silent lint
This commit adds a basic eslintrc that emulates jslint defaults.
Rules that conflict with our existing code have been switched to
warnings instead of errors. Globals have been added to the eslintrc. The
bundled js file (generated by webpack) and blueslip.js are ignored with
.eslintignore.

To display warnings, run npm run lint-loud. This runs eslint without the
--quiet option on static/js and frontend_tests.

npm run --silent lint is run by tools/lint-all (in addition to jslint).
The --silent option is used to suppress the default output from npm run.

Fixes #535.
2016-11-18 16:15:45 -08:00
Steve Howell 0bdc9fef5c Upgrade caspersjs to version 1.1.3. (w/acrefoot)
(Most of this work was done by acrefoot in an earlier branch.
I took over the branch to fix casper tests that were broken during
the upgrade (which were fixed in a different commit).  I also
made most of the changes to run-casper.)

This also upgrades phantomjs to 2.1.7.

The huge structural change here is that we no longer vendor casperjs
or download phantomjs with our own script.  Instead, we just use
casperjs and phantomjs from npm, via package.json.

Another thing that we do now is run casperjs tests individually, so
that we don't get strange test flakes from test interactions.  (Tests
can still influence each other in terms of changing data, since we
don't yet have code to clear the test database in between tests.)

A lot of this diff is just removing files and obsolete configurations.

The main new piece is in package.json, which causes npm to install the
new version.

Also, run-casper now runs files individually, as mentioned above.

We had vendored casperjs in the past.  I didn't bring over any of our
changes.  Some of the changes were performance-related (primarily
5fd58cf249), so the upgraded version may
be slower in some instances.  (I didn't do much measurement of that,
since most of our slowness when running tests is about the setup
environment, not casper itself.)  Any bug fixes that we may have
implemented in the past were either magically fixed by changes to
casper itself or by improvements we have made in the tests themselves
over the years.

Tim tested the Casper suite on his machine and running the full Casper
test suite is faster than it was before this change (1m30 vs. 1m50),
so we're at least not regressing overall performance.
2016-10-08 12:08:43 -07:00
umkay 798e6faa9e provision: Use NVM to install node and npm.
NVM takes a specific node version and installs the node package and
a corresponding compatible npm package.

We use it in a somewhat hackish way to install node/npm globally with
a pinned version, since that's how we actually want to consume node in
our development environment.

Other details:
- Travis CI now is configured to use the version of node installed by
provision; the easiest way to do this was to sabotage the existing node
installation.
- jsdom is upgraded to a current version, which both requires recent
node and also is required for the tests to pass with recent node.
This fixes running the node tests on Xenial.

Fixes #1498.

[tweaked by tabbott]
2016-09-23 14:34:44 -07:00
Brock Whittaker 8f73701b96 Upgrade jQuery to 1.12.1 and fetch from node_modules.
Fixes: #1196.
2016-08-25 15:32:08 -07:00
Tim Abbott 3ba604cb47 Migrate jquery-validate to a current version installed via npm. 2016-08-25 15:32:08 -07:00
Tim Abbott b50abc5131 npm: Split out production-only dependencies. 2016-08-04 22:17:07 -07:00
Tim Abbott beedfb2939 Revert "[third] Upgrade jquery to version 1.8.3."
This reverts commit be93b6ea28.

Unfortunately, the newer jquery comes with a huge performance
regression affecting the hotkeys code, which has the effect of making
typing super slow.

Fixes: #1449.
2016-07-28 11:39:06 -07:00
Umair Khan dce48d58b6 Cache translations.
Fixes: #1158
2016-07-21 10:23:31 -07:00
Tim Abbott be93b6ea28 [third] Upgrade jquery to version 1.8.3.
Also use the modern NPM name of 'jquery' (all lower case), which is
required as part of this migration.

Fixes #1141.
2016-07-08 11:09:54 -07:00
Umair Khan 82b5d9304b [third] Integrate i18next with Handlebars 2016-05-19 22:58:25 -07:00
Tim Abbott 6a8318ddcd Add istanbul for running node coverage reports.
`tools/test-js-with-node cover` needs istanbul to be installed in
order to work; we might as well install it by default rather than
having it be an extra step users need to deal with.

Of course, since this is only needed in the development environment,
this could suggest we want to fork/conditionalize package.json, but I
think for now it's reasonable to just install everything we use
somewhere -- the npm list is still pretty short and we have that issue
anyway with webpack-dev-server.
2015-11-24 05:20:15 -08:00
Allie Jones 85809e6140 Add webpack build process. 2015-11-06 09:13:25 -08:00
Allie Jones e20a1bc73c Remove the committed handlebars package and install it via npm. 2015-11-06 09:09:41 -08:00
Allie Jones 4de0325a9d Install node dependencies using npm.
The node packages 'jQuery' and 'jquery' are different--'jQuery' is the
legacy support package that is needed for Zulip so the require statements
in the tests were updated.

Travis uses node 4.0 by default and we are using 0.10, so the command to
install the correct version had to be added to the .travis.yml file.
2015-11-06 09:08:59 -08:00