Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove glob-base dependency #15399

Merged
merged 4 commits into from Jul 23, 2021
Merged

Conversation

@lkuechler
Copy link
Contributor

@lkuechler lkuechler commented Jun 28, 2021

Issue: #15174

What I did

I removed the glob-base dependency to resolve the following security vulnerability #15174

How to test

No new tests should be needed.

Addition information

I had to reimplement some logic from glob-base. The returned glob is for example filled with the input path if no glob was detected.

@nx-cloud
Copy link

@nx-cloud nx-cloud bot commented Jun 28, 2021

Nx Cloud Report

CI ran the following commands for commit 852174e. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this branch

Status Command
#000000 nx run-many --target=prepare --all --parallel --max-parallel=15

Sent with 💌 from NxCloud.

@shilman
Copy link
Member

@shilman shilman commented Jun 28, 2021

@lkuechler looks like the build is failing in examples:

ERR! => Failed to build the preview
ERR! Module not found: Error: Can't resolve 'src' in '/tmp/storybook/examples/react-ts'
ERR! ModuleNotFoundError: Module not found: Error: Can't resolve 'src' in '/tmp/storybook/examples/react-ts'
ERR!     at /tmp/storybook/node_modules/webpack/lib/Compilation.js:925:10
ERR!     at /tmp/storybook/node_modules/webpack/lib/ContextModuleFactory.js:143:23
ERR!     at /tmp/storybook/node_modules/neo-async/async.js:2830:7
ERR!     at /tmp/storybook/node_modules/neo-async/async.js:6877:13
ERR!     at /tmp/storybook/node_modules/webpack/lib/ContextModuleFactory.js:118:26
ERR!     at /tmp/storybook/node_modules/enhanced-resolve/lib/Resolver.js:213:14
ERR!     at /tmp/storybook/node_modules/enhanced-resolve/lib/Resolver.js:285:5
ERR!     at eval (eval at create (/tmp/storybook/node_modules/tapable/lib/HookCodeFactory.js:33:10), <anonymous>:13:1)
ERR!     at /tmp/storybook/node_modules/enhanced-resolve/lib/UnsafeCachePlugin.js:44:7
ERR!     at /tmp/storybook/node_modules/enhanced-resolve/lib/Resolver.js:285:5
ERR!     at eval (eval at create (/tmp/storybook/node_modules/tapable/lib/HookCodeFactory.js:33:10), <anonymous>:13:1)
ERR!     at /tmp/storybook/node_modules/enhanced-resolve/lib/Resolver.js:285:5
ERR!     at eval (eval at create (/tmp/storybook/node_modules/tapable/lib/HookCodeFactory.js:33:10), <anonymous>:25:1)
ERR!     at /tmp/storybook/node_modules/enhanced-resolve/lib/DescriptionFilePlugin.js:67:43
ERR!     at /tmp/storybook/node_modules/enhanced-resolve/lib/Resolver.js:285:5
ERR!     at eval (eval at create (/tmp/storybook/node_modules/tapable/lib/HookCodeFactory.js:33:10), <anonymous>:41:1)
undefined

@lkuechler lkuechler force-pushed the remove-glob-base-dependency branch from 419268c to 8483ba9 Jun 29, 2021
@lkuechler
Copy link
Contributor Author

@lkuechler lkuechler commented Jun 29, 2021

hi @shilman,
thanks for the hint. I have now fixed the errors and the only pipelines that now fail also seem to fail in all other pull-requests :)

@powerchelle
Copy link

@powerchelle powerchelle commented Jul 20, 2021

Hi @lkuechler, curious if this is still being actively pursued. Looks like last update was beginning of July. Do you have an ETA? Thanks in advance!

@@ -25,21 +25,33 @@ const detectBadGlob = (val: string) => {
const isObject = (val: Record<string, any>) =>
val != null && typeof val === 'object' && Array.isArray(val) === false;

const dirname = (pattern: string) => {
if (pattern.slice(-1) === '/') return pattern;
Copy link
Member

@shilman shilman Jul 21, 2021

what if the user passes a directory but doesn't include a trailing slash? any chance you can provide a test case for this and for any other cases you considered in this logic?

Copy link
Contributor Author

@lkuechler lkuechler Jul 23, 2021

This was behaviour was something that I saw in the glob-base dependency that was behaving a bit strange. I have now checked with the implementation in storybook on how it currently behaves and I believe that this extra logic did not make any difference. I have removed this now.

I think the current test are already very good but I added two more that focus on the folder pattern.

Copy link
Member

@shilman shilman left a comment

Thanks for the follow-through @lkuechler -- looking great! 😍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants