Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rollup throws warnings about nise complaining the usage of eval #110

Closed
HarshaNalluru opened this issue Nov 5, 2019 · 5 comments
Closed

Rollup throws warnings about nise complaining the usage of eval #110

HarshaNalluru opened this issue Nov 5, 2019 · 5 comments
Labels
pinned

Comments

@HarshaNalluru
Copy link

Rollup bundler complains the usage of eval as it poses a security risk.
https://rollupjs.org/guide/en/#avoiding-eval

Screenshot of the error is as follows.
image

Related issues -
ionic-team/ionic-app-scripts#129
ionic-team/ionic-cli#1500
tus/tus-js-client#147
@HarshaNalluru HarshaNalluru mentioned this issue Nov 5, 2019
Closed
@mantoni
Copy link
Member

mantoni commented Nov 6, 2019

Lolex uses eval to execute something like setTimeout('console.log("hi")', 100). However, this isn't valid in Node, and I tested Safari and Chrome and they fail with Refused to execute a script because 'unsafe-eval' does not appear in the script-src directive of the Content Security Policy..

It seems to be a very old legacy feature and I vote for removing it.

@stale
Copy link

stale bot commented Jan 5, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jan 5, 2020
@stale stale bot removed the stale label Jan 5, 2020
@mroderick
Copy link
Member

It seems to be a very old legacy feature and I vote for removing it.

I think that's a good idea.

However, cutting that out is backwards incompatible and would trigger a major release.

Somewhere else, you suggested that we re-release lolex as @sinonjs/clock, which I am in favour of. We could make the change in a fresh major version released as the first version of @sinonjs/clock.

I think that adopting the new major version of @sinonjs/clock in sinon should also trigger a major version of sinon.

If you agree, let's create a issue in lolex for the renaming and track all the tasks to get that across the finish line in a good way.

@mantoni
Copy link
Member

mantoni commented Jan 6, 2020

I agree 👍

@fatso83 fatso83 mentioned this issue Mar 23, 2020
Closed
@fatso83
Copy link
Contributor

fatso83 commented Mar 23, 2020

Moved to sinonjs/fake-timers#319. Super easy fix for anyone that wants to contribute ...

@fatso83 fatso83 closed this as completed Mar 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pinned
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mroderick @mantoni @fatso83 @HarshaNalluru