GPII-3922: May 2019 security updates and updated linting.

.eslintrc.json

@@ -1,3 +1,3 @@
 {
-  "extends": "eslint-config-fluid"
-}
+    "extends": "eslint-config-fluid"
+}

.gitignore

@@ -2,3 +2,5 @@ node_modules
 .idea/
 reports
 .vagrant
+package-lock.json
+instrumented

.gitlab-ci.yml

@@ -45,4 +45,3 @@ vagrant_destroy:
     - vagrant destroy -f
     - "rm -fr ../.vagrant-$CI_COMMIT_SHA"
   when: always
-

.nycrc

@@ -0,0 +1,5 @@
+{
+  "reporter": ["html", "text-summary"],
+  "report-dir": "reports",
+  "temp-directory": "instrumented/coverage"
+}

.travis.yml

@@ -6,4 +6,4 @@ addons:
 install:
   - export DISPLAY=':99.0'
   - Xvfb :99 -screen 0 1024x768x24 > /dev/null 2>&1 &
-  - npm install
+  - npm install

Gruntfile.js

@@ -1,17 +1,18 @@
-/* globals module */
+/* eslint-env node */
+"use strict";
 module.exports = function (grunt) {
-    "use strict";
     grunt.initConfig({
-        eslint: {
-            src: ["./src/**/*.js", "./tests/**/*.js", "./*.js"]
-        },
-        jsonlint: {
-            src: ["src/**/*.json", "tests/**/*.json", "./*.json"]
+        lintAll: {
+            sources: {
+                md: [ "./*.md","./docs/*.md"],
+                js: ["./src/**/*.js", "./tests/**/*.js", "./*.js"],
+                json: ["./src/**/*.json", "./tests/**/*.json", "./*.json"],
+                json5: ["./tests/**/*.json5"],
+                other: ["./.*"]
+            }
         }
     });
 
-    grunt.loadNpmTasks("fluid-grunt-eslint");
-    grunt.loadNpmTasks("grunt-jsonlint");
-
-    grunt.registerTask("lint", "Apply jshint and jsonlint", ["eslint", "jsonlint"]);
+    grunt.loadNpmTasks("gpii-grunt-lint-all");
+    grunt.registerTask("lint", "Perform all standard lint checks.", ["lint-all"]);
 };

README.md

@@ -5,6 +5,7 @@ both the browser state and location bar.  This makes your model state "bookmarka
 navigate back and forth through any changes they have made using the browser's back and forward buttons.
 
 It can be used with any component that is served up via a web server.  Although you can write static files that use this
-component, it will not work with Chrome because of [their unique security restrictions around file URLs](http://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html).
+component, it will not work with Chrome because of [their unique security restrictions around file
+URLs](http://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html).
 
-For usage details, check out [the documentation](docs).
+For usage details, check out [the documentation](docs).

docs/locationBar.md

@@ -2,13 +2,16 @@
 
 A component that relays changes between its model and both the browser's location bar and history.  It:
 
-1. Publishes model changes to the query string portion of the location bar.   This completely replaces the current query data in the location bar, so you should preserve any variables you care about as part of your model and rules.
+1. Publishes model changes to the query string portion of the location bar.   This completely replaces the current query
+   data in the location bar, so you should preserve any variables you care about as part of your model and rules.
 2. Parses the initial query string and publishes that data to the model.
 3. Publishes model data to the browser history `state` object.
-4. Publishes state data from the browser history to the model when the state changes (such as when the back and forward button are hit).
+4. Publishes state data from the browser history to the model when the state changes (such as when the back and forward
+   button are hit).
 
 Each of these interactions is enabled by default, but can be individually disabled. See "Component Options" below for
-more details.  Each of these interactions is controlled by [model transformation rules](http://docs.fluidproject.org/infusion/development/ModelTransformationAPI.html#fluid-model-transformwithrules-source-rules-options-).
+more details.  Each of these interactions is controlled by [model transformation
+rules](http://docs.fluidproject.org/infusion/development/ModelTransformationAPI.html#fluid-model-transformwithrules-source-rules-options-).
 This allows you to:
 
 1. Control which options are relayed.
@@ -31,14 +34,15 @@ This component is only intended to be used once on a given page.  The behavior w
 the same page is not tested, and may result in unwanted behavior like:
 
 1. Model data being published from one component to another unexpectedly.
-2. Model data stored in the browser history or location bar being lost when a second, third, etc. component attempts to save its changes.
+2. Model data stored in the browser history or location bar being lost when a second, third, etc. component attempts to
+   save its changes.
 
 You have been warned...
 
 ## Query String Encoding
 
-All query string values are encoded and decoded using the functions provided by the [gpii-express](http://github.com/GPII/gpii-express/)
-package.   See that package for more details.
+All query string values are encoded and decoded using the functions provided by the
+[gpii-express](http://github.com/GPII/gpii-express/) package.   See that package for more details.
 
 ## Component Options
 
@@ -59,8 +63,9 @@ package.   See that package for more details.
 On startup, the following happens in order:
 
 1. If `queryToModel` is `true` (as it is by default), any data in the query string is applied to the model as a change.
-2. If `modelToState` is `true` (as it is by default), any data in the initial model is relayed to the browser history as part of the current state.
+2. If `modelToState` is `true` (as it is by default), any data in the initial model is relayed to the browser history as
+   part of the current state.
 
 From that point on, any model changes are relayed to the state if `modelToState` is `true`, and to the URL (as query
-string data) if `modelToQuery` is `true`.  State changes (hitting the browser's "back" button, for example) are monitored,
-and if `stateToModel` is `true`, then the model is updated to reflect its previous values.
+string data) if `modelToQuery` is `true`.  State changes (hitting the browser's "back" button, for example) are
+monitored, and if `stateToModel` is `true`, then the model is updated to reflect its previous values.