Bump mastarm to v5.0.2 to resolve security vulnerabilities

[landonreed]

Checklist

• Appropriate branch selected (all PRs must first be merged to dev before they can be merged to master)
• Any modified or new methods or classes have helpful JSDoc and code is thoroughly commented
• The description lists all applicable issues this PR seeks to resolve
• The description lists any configuration setting(s) that differ from the default settings
• All tests and CI builds passing

Description

Bump mastarm to 5.0.2 to fix vulnerabilities.

[landonreed]

It looks like there are a lot of new flow type issues under mastarm 5.

[evansiroky]

What level of effort would it take to fix the flow-type errors? I think we ought to revert the flow upgrade in mastarm if it's too much effort.

[landonreed]

@evansiroky, I'm not exactly sure, but basically all of the actions are broken (including some stuff in flow-typed/redux-actions). There's a chance that some fix in the flow-typed repo could fix this stuff up, but I haven't really dug in. Let me spend some time with this to see if I can resolve stuff quickly.

[landonreed]

Ah, looks like this was due to a change in 0.85 https://medium.com/flow-type/asking-for-required-annotations-64d4f9c1edf8

[landonreed]

@evansiroky, I'm not quick enough with absorbing this flow stuff to make it worth our time, so I would say we should bump down to v0.85.0 of flow-bin in mastarm unless you want to take a crack.

[evansiroky]

Yeah, let's definitely downgrade flow-bin in mastarm to the latest possible version that still works, but also create an issue to update to the latest flow.

[landonreed]

OK, I've got a branch ready to push once I get the correct permissions set by Trevor on mastarm.

[evansiroky]

OK, I've got a branch ready to push once I get the correct permissions set by Trevor on mastarm.

I just made you an admin on mastarm.

[evansiroky]

Assigning back to @landonreed to update to latest mastarm.

[codecov-io]

Codecov Report

Merging #442 into dev will increase coverage by <.01%.
The diff coverage is 0%.

@@            Coverage Diff             @@
##              dev     #442      +/-   ##
==========================================
+ Coverage   15.09%   15.09%   +<.01%     
==========================================
  Files         325      325              
  Lines       15830    15833       +3     
  Branches     4803     4804       +1     
==========================================
+ Hits         2389     2390       +1     
- Misses      11496    11498       +2     
  Partials     1945     1945

Impacted Files	Coverage Δ
lib/editor/util/validation.js	42.55% <ø> (ø)	⬆️
lib/public/components/UserAccount.js	0% <0%> (ø)	⬆️
lib/gtfsplus/components/GtfsPlusField.js	0% <0%> (ø)	⬆️
lib/editor/util/index.js	30.76% <0%> (+1.28%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3b7ed18...526e761. Read the comment docs.

[landonreed]

@evansiroky, I think you mentioned that you might already have fixes for the flow issues here. Is that correct?

[evansiroky]

Yep: a9dec1f

[evansiroky]

Assigning back to Landon so the Travis builds can run properly.

[landonreed]

OK, build is complete. Once you add a review, I think we can merge.

[landonreed]

🎉 This PR is included in version 4.1.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀