loleaflet: Bump eslint version to 6.0.0 #396
Labels
Comments
|
@mrkara I can work on this |
|
@srana6 Great! Please, go ahead. :) |
mrkara
pushed a commit
that referenced
this issue
Oct 31, 2020
The "extends": "eslint:recommended" property in a configuration file enables this rule.
In ECMAScript 5.1, Object.create was added, which enables the creation of objects
with a specified [[Prototype]]. Object.create(null) is a common pattern used to create
objects that will be used as a Map. This can lead to errors when it is assumed that
objects will have properties from Object.prototype. This rule prevents calling some
Object.prototype methods directly from an object.
Additionally, objects can have properties that shadow the builtins on Object.prototype,
potentially causing unintended behavior or denial-of-service security vulnerabilities.
For example, it would be unsafe for a webserver to parse JSON input from a client and
call hasOwnProperty directly on the resulting object, because a malicious client could
send a JSON value like {"hasOwnProperty": 1} and cause the server to crash.
To avoid subtle bugs like this, it's better to always call these methods from Object.prototype.
For example, foo.hasOwnProperty("bar") should be replaced with Object.prototype.hasOwnProperty.call(foo, "bar").
See: https://eslint.org/docs/rules/no-prototype-builtins
Change-Id: Id7723f0f0ed81e074f56955f80eda3d70241294e
Signed-off-by: Ayhan Yalçınsoy <ayhanyalcinsoy@pisilinux.org>
mrkara
pushed a commit
that referenced
this issue
Nov 10, 2020
Signed-off-by: Ayhan Yalçınsoy <ayhanyalcinsoy@pisilinux.org> Change-Id: I08f7cc953aa6434fccbc92d74570c62a43c7dad9
|
Resolved. |
Ezinnem
pushed a commit
to Ezinnem/online
that referenced
this issue
Dec 22, 2020
…iltins
The "extends": "eslint:recommended" property in a configuration file enables this rule.
In ECMAScript 5.1, Object.create was added, which enables the creation of objects
with a specified [[Prototype]]. Object.create(null) is a common pattern used to create
objects that will be used as a Map. This can lead to errors when it is assumed that
objects will have properties from Object.prototype. This rule prevents calling some
Object.prototype methods directly from an object.
Additionally, objects can have properties that shadow the builtins on Object.prototype,
potentially causing unintended behavior or denial-of-service security vulnerabilities.
For example, it would be unsafe for a webserver to parse JSON input from a client and
call hasOwnProperty directly on the resulting object, because a malicious client could
send a JSON value like {"hasOwnProperty": 1} and cause the server to crash.
To avoid subtle bugs like this, it's better to always call these methods from Object.prototype.
For example, foo.hasOwnProperty("bar") should be replaced with Object.prototype.hasOwnProperty.call(foo, "bar").
See: https://eslint.org/docs/rules/no-prototype-builtins
Change-Id: Id7723f0f0ed81e074f56955f80eda3d70241294e
Signed-off-by: Ayhan Yalçınsoy <ayhanyalcinsoy@pisilinux.org>
Ezinnem
pushed a commit
to Ezinnem/online
that referenced
this issue
Dec 22, 2020
Signed-off-by: Ayhan Yalçınsoy <ayhanyalcinsoy@pisilinux.org> Change-Id: I08f7cc953aa6434fccbc92d74570c62a43c7dad9
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is an Easy Hack.
Potential mentors: @mrkara
eslintis annpmpackage for identifying and reporting on patterns found in ECMAScript/JavaScript code and the version we have (5.0.0, specified in loleaflet/package.json) is a bit outdated. So let's update it to6.0.0at least for now.Follow the instructions on the forum to send your first pull request. And consider the instructions below fits into the
Do you changes, rebuild & test etc.step.Follow the instructions here to skip the build step: https://forum.collaboraonline.com/t/start-developing-cool-on-any-platform-in-5-minutes/52
You need to first, find this line in
loleaflet/package.json:and change it to look like this:
Then issue this command so that the new version of the package will be downloaded, along with its dependencies, and a new check on the source code is triggered:
The command above might take a few minutes or more depending on the power of your PC. In the meantime, read through the
guide: Migrating to v6.0.0
If the command above gives any errors, fix the errors on the indicated files. (Error messages will tell you the line and column numbers for each error.)
After fixing each file, check the diff to make sure it looks all okay:
When you are done with all of the listed files, make sure the code builds without errors now:
Even better, run it, and connect to it via your browser to verify all looks okay:
If you are satisfied with the results. Then commit your changes, push the commit to your forked repo, and create a pull request via web interface. :)
The text was updated successfully, but these errors were encountered: