Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests fail with ws 1.1+ #19

Closed
flowersinthesand opened this issue May 5, 2017 · 3 comments
Closed

Tests fail with ws 1.1+ #19

flowersinthesand opened this issue May 5, 2017 · 3 comments
Milestone
1.1.0

Comments

@flowersinthesand
Copy link
Member 

➜  cettia-javascript-client git:(master) ✗ npm run build && npm run test

> cettia-client@1.0.0-Beta2 build /Users/donghwankim/git/cettia-javascript-client
> npm run base; npm run bundler; npm run browser; npm run browserMin


> cettia-client@1.0.0-Beta2 base /Users/donghwankim/git/cettia-javascript-client
> babel src/cettia.es6 --out-file cettia.js


> cettia-client@1.0.0-Beta2 bundler /Users/donghwankim/git/cettia-javascript-client
> NODE_ENV=browser babel src/cettia.es6 --out-file cettia-bundler.js


> cettia-client@1.0.0-Beta2 browser /Users/donghwankim/git/cettia-javascript-client
> webpack cettia-bundler.js cettia-browser.js --output-library cettia

Hash: b4020e0e204096bd69ff
Version: webpack 1.15.0
Time: 330ms
            Asset    Size  Chunks             Chunk Names
cettia-browser.js  175 kB       0  [emitted]  main
   [0] ./cettia-bundler.js 36.4 kB {0} [built]
    + 36 hidden modules

> cettia-client@1.0.0-Beta2 browserMin /Users/donghwankim/git/cettia-javascript-client
> webpack cettia-bundler.js cettia-browser.min.js --output-library cettia --optimize-minimize --optimize-occurence-order

Hash: 3fe79c98cd35f543736d
Version: webpack 1.15.0
Time: 1705ms
                Asset     Size  Chunks             Chunk Names
cettia-browser.min.js  65.8 kB       0  [emitted]  main
   [0] ./cettia-bundler.js 36.4 kB {0} [built]
    + 36 hidden modules

WARNING in cettia-browser.min.js from UglifyJs
Side effects in initialization of unused variable _traverse2 [./cettia-bundler.js:7,0]
Condition always true [./~/event-lite/event-lite.js:30,0]
Dropping unused variable MAXBUFLEN [./~/msgpack-lite/lib/buffer-lite.js:3,0]

> cettia-client@1.0.0-Beta2 test /Users/donghwankim/git/cettia-javascript-client
> grunt test

Running "test-node" task
[SECURITY] node-uuid: crypto not usable, falling back to insecure Math.random()


  client
    should open a new socket
      ✓ websocket (68ms)
      ✓ httpstream
      ✓ httplongpoll
    should close the socket
      ✓ websocket
      ✓ httpstream
      ✓ httplongpoll (3025ms)
    should exchange a text event
      ✓ websocket
      ✓ httpstream
      ✓ httplongpoll
    should exchange a binary event
      1) websocket
      ✓ httpstream
      ✓ httplongpoll
    should exchange a composite event
      2) websocket
      ✓ httpstream
      ✓ httplongpoll
    should exchange an event containing of multi-byte characters
      ✓ websocket
      ✓ httpstream
      ✓ httplongpoll
    should exchange an event of 2KB
      ✓ websocket
      ✓ httpstream
      ✓ httplongpoll
    should not lose any event in an exchange of twenty events
      ✓ websocket (38ms)
      ✓ httpstream (78ms)
      ✓ httplongpoll (133ms)
    should close the socket if heartbeat fails
      ✓ websocket (2514ms)
      ✓ httpstream (2524ms)
      ✓ httplongpoll (2517ms)
    reply
      should execute the resolve callback when receiving event
        ✓ websocket
        ✓ httpstream
        ✓ httplongpoll
      should execute the reject callback when receiving event
        ✓ websocket
        ✓ httpstream
        ✓ httplongpoll
      should execute the resolve callback when sending event
        ✓ websocket
        ✓ httpstream
        ✓ httplongpoll
      should execute the reject callback when sending event
        ✓ websocket
        ✓ httpstream
        ✓ httplongpoll


  37 passing (11s)
  2 failing

  1) client should exchange a binary event websocket:
     Uncaught Error: Invalid type: undefined
    at Codec.decode (node_modules/msgpack-lite/lib/read-core.js:24:22)
    at DecodeBuffer.fetch (node_modules/msgpack-lite/lib/decode-buffer.js:26:21)
    at DecodeBuffer.read (node_modules/msgpack-lite/lib/flex-buffer.js:166:28)
    at Object.decode (node_modules/msgpack-lite/lib/decode.js:10:18)
    at Object.<anonymous> (cettia.js:424:41)
    at _fire (cettia.js:136:25)
    at Object.fire (cettia.js:171:9)
    at Object.self.fire (cettia.js:584:18)
    at WebSocket.ws.onmessage (cettia.js:630:14)
    at WebSocket.onMessage (node_modules/ws/lib/EventTarget.js:103:16)
    at Receiver._receiver.onmessage (node_modules/ws/lib/WebSocket.js:146:54)
    at Receiver.dataMessage (node_modules/ws/lib/Receiver.js:380:14)
    at extension.decompress (node_modules/ws/lib/Receiver.js:349:40)
    at _inflate.flush (node_modules/ws/lib/PerMessageDeflate.js:314:12)
    at afterWrite (_stream_writable.js:387:3)
    at onwrite (_stream_writable.js:378:7)
    at WritableState.onwrite (_stream_writable.js:89:5)
    at afterTransform (_stream_transform.js:79:3)
    at TransformState.afterTransform (_stream_transform.js:54:12)
    at Zlib.callback (zlib.js:639:5)
  

  2) client should exchange a composite event websocket:
     Uncaught Error: Invalid type: undefined
    at Codec.decode (node_modules/msgpack-lite/lib/read-core.js:24:22)
    at DecodeBuffer.fetch (node_modules/msgpack-lite/lib/decode-buffer.js:26:21)
    at DecodeBuffer.read (node_modules/msgpack-lite/lib/flex-buffer.js:166:28)
    at Object.decode (node_modules/msgpack-lite/lib/decode.js:10:18)
    at Object.<anonymous> (cettia.js:424:41)
    at _fire (cettia.js:136:25)
    at Object.fire (cettia.js:171:9)
    at Object.self.fire (cettia.js:584:18)
    at WebSocket.ws.onmessage (cettia.js:630:14)
    at WebSocket.onMessage (node_modules/ws/lib/EventTarget.js:103:16)
    at Receiver._receiver.onmessage (node_modules/ws/lib/WebSocket.js:146:54)
    at Receiver.dataMessage (node_modules/ws/lib/Receiver.js:380:14)
    at extension.decompress (node_modules/ws/lib/Receiver.js:349:40)
    at _inflate.flush (node_modules/ws/lib/PerMessageDeflate.js:314:12)
    at afterWrite (_stream_writable.js:387:3)
    at onwrite (_stream_writable.js:378:7)
    at WritableState.onwrite (_stream_writable.js:89:5)
    at afterTransform (_stream_transform.js:79:3)
    at TransformState.afterTransform (_stream_transform.js:54:12)
    at Zlib.callback (zlib.js:639:5)
  



Warning: Task "test-node" failed. Use --force to continue.

Aborted due to warnings.

npm ERR! Darwin 16.5.0
npm ERR! argv "/Users/donghwankim/.nvm/versions/node/v6.8.1/bin/node" "/Users/donghwankim/.nvm/versions/node/v6.8.1/bin/npm" "run" "test"
npm ERR! node v6.8.1
npm ERR! npm  v3.10.9
npm ERR! code ELIFECYCLE
npm ERR! cettia-client@1.0.0-Beta2 test: `grunt test`
npm ERR! Exit status 3
npm ERR! 
npm ERR! Failed at the cettia-client@1.0.0-Beta2 test script 'grunt test'.
npm ERR! Make sure you have the latest version of node.js and npm installed.
npm ERR! If you do, this is most likely a problem with the cettia-client package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     grunt test
npm ERR! You can get information on how to open an issue for this project with:
npm ERR!     npm bugs cettia-client
npm ERR! Or if that isn't available, you can get their info via:
npm ERR!     npm owner ls cettia-client
npm ERR! There is likely additional logging output above.

npm ERR! Please include the following file with any support request:
npm ERR!     /Users/donghwankim/git/cettia-javascript-client/npm-debug.log
➜  cettia-javascript-client git:(master) ✗ npm ls ws
cettia-client@1.0.0-Beta2 /Users/donghwankim/git/cettia-javascript-client
├─┬ cettia-protocol@1.0.0-Beta1 (git://github.com/cettia/cettia-protocol.git#6d9ca65bd0419086c31435d45d5f62b9d8a8f95d)
│ └── ws@1.0.1 
└── ws@2.3.1
@flowersinthesand
Copy link
Member Author

Oops, the current ws dependency, 1.0.1, causes some severity vulnerabilities now.

➜  AwesomeProject npm i cettia-client
+ cettia-client@1.0.1
added 27 packages from 92 contributors, updated 6 packages and audited 103296 packages in 51.168s
found 2 high severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details
➜  AwesomeProject npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 1.1.5 <2.0.0 || >=3.3.1                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ cettia-client                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ cettia-client > ws                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/550                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ DoS due to excessively large websocket message               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=1.1.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ cettia-client                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ cettia-client > ws                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/120                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 high severity vulnerabilities in 103296 scanned packages
  2 vulnerabilities require manual review. See the full report for details.
➜

@flowersinthesand flowersinthesand added this to the 1.1.0-Beta1 milestone Jan 27, 2019
@flowersinthesand
Copy link
Member Author

ws 6 seems to drop support for Node 4 and 5 - https://travis-ci.org/cettia/cettia-javascript-client/builds/526732614

And ws 7 drops support for Node 6 - websockets/ws@1e6999b

We need to decide whether to support Node 4 and 5.

@flowersinthesand
Copy link
Member Author

We've decided not to break the current support policy (Node 4+) in v1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1.0
Development

No branches or pull requests
1 participant
@flowersinthesand