Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core(vulnerable-libs): add fix for recovering from bad versions #3932

Merged
merged 2 commits into from
Nov 29, 2017
Merged

core(vulnerable-libs): add fix for recovering from bad versions #3932

merged 2 commits into from
Nov 29, 2017

Conversation

patrickhulce
Copy link
Collaborator

fixes #3624

paulirish
paulirish reviewed Nov 28, 2017
View reviewed changes
lighthouse-core/test/audits/dobetterweb/no-vulnerable-libraries-test.js Outdated
})

it('should fix bad version numbers', () => {
assert.equal(NoVulnerableLibrariesAudit.normalizeVersion('11.51'), '11.51.0');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we want it to do this?

Copy link
Collaborator Author

@patrickhulce patrickhulce Nov 28, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seemed reasonable to me as there were a lot in sentry, but I'm not sure any libraries that we for which we get just major.minor actually have a corresponding npm package

I'm fine to revert if you think its bad

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nah its fine

lighthouse-core/audits/dobetterweb/no-vulnerable-libraries.js Outdated
Sentry.captureException(err, {level: 'warning'});
return vulns;
}

lib.pkgLink = 'https://snyk.io/vuln/npm:' + lib.npmPkgName
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do me a favor and update this line to

 lib.pkgLink = `https://snyk.io/vuln/npm:${lib.npmPkgName}#lh@${lib.version}`;

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

heh done

lighthouse-core/audits/dobetterweb/no-vulnerable-libraries.js Outdated
@@ -62,6 +82,15 @@ class NoVulnerableLibrariesAudit extends Audit {
return vulns;
}

try {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

idea: instead of try/catch we could make another call to semver.valid() . i don't care much either way. you?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well I wanted to reuse the error object it generates to beacon to sentry, but I suppose not the end of the world to create our own with captureMessage instead?

I'm don't feel particularly strongly either way

@paulirish paulirish merged commit e842834 into master Nov 29, 2017
@paulirish paulirish deleted the try_catch_semver branch November 29, 2017 02:40
@dependencies dependencies bot mentioned this pull request Dec 17, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulirish paulirish paulirish approved these changes

@brendankenny brendankenny Awaiting requested review from brendankenny

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

jQuery slim build reports "invalid version"
2 participants
@patrickhulce @paulirish