profile
viewpoint

noppa/text-security 106

Cross-browser alternative to -webkit-text-security

noppa/ng-hot-reload 30

Hot reloading for AngularJS apps.

noppa/babel-plugin-angularjs-digest-await 2

Babel plugin for applying $digest loop after await expressions in AngularJS apps

noppa/get-optional 2

Typesafe utility functions for getting a nested optional property. For TypeScript and Flow.

noppa/lazyload 1

:skull: An ancient tiny JS and CSS loader from the days before everyone had written one. Unmaintained.

noppa/babel-plugin-angularjs-annotate 0

Add Angular 1.x dependency injection annotations to ES6 code

noppa/babel-plugin-disallow-top-level-identifier 0

A very simple Babel plugin to rename some problematic identifiers from the top level of a module

noppa/eslint-plugin-flowtype 0

Flow type linting rules for ESLint.

noppa/flow 0

Adds static typing to JavaScript to improve developer productivity and code quality.

issue commenttc39/proposal-pipeline-operator

argue this proposal's design-pattern is less readable than using a temp-variable

FWIW the temp variable pattern actually type checks just fine in both TypeScript (playground) and Flow (playground)
(In TS, the trick is to decalre let tmp; separately before assigning to it).

IMO the pipeline operator just looks better and more clearly conveys the intent. We have had temp variables forever, but (based on my subjective experience) they are not commonly used like this and JS developers often reach for other solutions like pipe helper functions instead. Seems to me that if the temp variable pattern were sufficient, it would already be in use.

kaizhu256

comment created time in 2 days

issue commentfacebook/flow

Flow cannot recognize explicit separating of enums

Fair enough, if you feel that's something you need to prepare for.

Personally, I've needed to rename an enum maybe once or twice a year. When I do that, Flow will flag every place where the old value is used with an error, so I just need to go through those places and rename the enum there too. Let's say the enum value is used in 50-100 places. Going through those and doing the fairly repetitive replacement would take maybe half an hour.
So for me, using the anum values 'A' and 'B' directly ends up costing about an hour of work every year. I think it's worth it.
Your mileage may vary, of course.

I don't think there's any technical reason why this couldn't be done automatically, too, if someone found it worthwhile to create such a refactoring / codemod tool.

darthzeran

comment created time in 10 days

issue commentfacebook/flow

Flow cannot recognize explicit separating of enums

Out of curiosity, why not just

if (x === 'A' || x === 'B')

Flow would understand and allow that, the code seems simpler to me, and Flow does type check that the 'A' and 'B' are indeed possible enum values and not a typo so there's no added safety benefit to using types.A instead of 'A'.

darthzeran

comment created time in 10 days

push eventnoppa/ng-hot-reload-custom-loader-example

dependabot[bot]

commit sha f0c0939d53046a3ae2b62eae3e7bbadf73d0b59b

Bump http-proxy from 1.18.0 to 1.18.1 Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.18.0 to 1.18.1. - [Release notes](https://github.com/http-party/node-http-proxy/releases) - [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md) - [Commits](https://github.com/http-party/node-http-proxy/compare/1.18.0...1.18.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha c8ee1b0a15008c47f5d9583007b062d7861bd404

Merge pull request #5 from noppa/dependabot/npm_and_yarn/http-proxy-1.18.1 Bump http-proxy from 1.18.0 to 1.18.1

view details

push time in 14 days

PR merged noppa/ng-hot-reload-custom-loader-example

Bump http-proxy from 1.18.0 to 1.18.1 dependencies

Bumps http-proxy from 1.18.0 to 1.18.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md">http-proxy's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/http-party/node-http-proxy/compare/1.18.0...v1.18.1">v1.18.1</a> - 2020-05-17</h2> <h3>Merged</h3> <ul> <li>Skip sending the proxyReq event when the expect header is present <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1447"><code>#1447</code></a></li> <li>Remove node6 support, add node12 to build <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1397"><code>#1397</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/http-party/node-http-proxy/commit/9b96cd725127a024dabebec6c7ea8c807272223d"><code>9b96cd7</code></a> 1.18.1</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/335aeeba2f0c286dc89c402eeb76af47834c89a3"><code>335aeeb</code></a> Skip sending the proxyReq event when the expect header is present (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1447">#1447</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/dba39668ba4c9ad461316e834b2d64b77e1ca88e"><code>dba3966</code></a> Remove node6 support, add node12 to build (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1397">#1397</a>)</li> <li>See full diff in <a href="https://github.com/http-party/node-http-proxy/compare/1.18.0...1.18.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 14 days

startedengine262/engine262

started time in 15 days

issue commentnoppa/babel-plugin-angularjs-digest-await

Plugin not working since @babel/preset-env@7.7.7

I don't think using this library is the best option if you are actually transpiling async/await to generators (and further to the regenerator polyfill, I assume).
IIRC something like this should do the trick

angular.module('your app')
   .run(['$q', function($q) {
     window.Promise = $q;
   }]);

I think regenerator runtime should then use Angular's Promise implementation ($q), which will already cause $digest, so this library isn't really needed.

cyrilgandon

comment created time in a month

issue commentnoppa/text-security

Version 3 broke functionality for IE11

i was hoping the CSS file would be sufficient

That's definitely how it should work, yes :) It's just that I'm not actually able to reproduce this myself - for me IE loads the compatibility eot font like it should - so I'd be interested to know if it's loading the non-compatibility woff2 font for you for some reason and then failing to actually display it correctly and if switching to compatibility version helps.

In the end, if the non-compatibility font is the problem for all these issues, I'll probably have to change the defaults for the css so that it just loads the compatibility fonts for all browsers. I'm just a little reluctant to do that without some more experimentation because the non-compatibility font weighs quite a bit less than the compatibility font and works fine in Firefox and doesn't cause problems in IE & Edge on my machine 🤷

mugliaa

comment created time in 2 months

issue commentnoppa/text-security

Version 3 broke functionality for IE11

Are you experiencing the same as in #12? Try changing the css a bit so that it loads only the "-compat" suffixed fonts, even for woff2.

mugliaa

comment created time in 2 months

startedmicrosoft/fast

started time in 2 months

push eventnoppa/ng-hot-reload

dependabot[bot]

commit sha 52de9d719d9df736636978a6fc2e1c079762df56

Bump angular from 1.7.9 to 1.8.0 Bumps [angular](https://github.com/angular/angular.js) from 1.7.9 to 1.8.0. - [Release notes](https://github.com/angular/angular.js/releases) - [Changelog](https://github.com/angular/angular.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular.js/compare/v1.7.9...v1.8.0) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha 80b65fdff2eb9acdf589572e4bee47169f861f49

Merge pull request #28 from noppa/dependabot/npm_and_yarn/angular-1.8.0 Bump angular from 1.7.9 to 1.8.0

view details

push time in 2 months

PR merged noppa/ng-hot-reload

Bump angular from 1.7.9 to 1.8.0 dependencies

Bumps angular from 1.7.9 to 1.8.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/angular/angular.js/blob/master/CHANGELOG.md">angular's changelog</a>.</em></p> <blockquote> <h1>1.8.0 nested-vaccination (2020-06-01)</h1> <p><em>This release contains a breaking change to resolve a security issue which was discovered by Krzysztof Kotowicz(<a href="https://github.com/koto">@koto</a>); and independently by Esben Sparre Andreasen (<a href="https://github.com/esbena">@esbena</a>) while performing a Variant Analysis of <a href="https://github.com/advisories/GHSA-gxr4-xjj5-5px2">CVE-2020-11022</a> which itself was found and reported by Masato Kinugawa (<a href="https://github.com/masatokinugawa">@masatokinugawa</a>).</em></p> <h2>Bug Fixes</h2> <ul> <li><strong>jqLite:</strong> <ul> <li>prevent possible XSS due to regex-based HTML replacement (<a href="https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd">2df43c</a>)</li> </ul> </li> </ul> <h2>Breaking Changes</h2> <h3><strong>jqLite</strong> due to:</h3> <ul> <li><strong><a href="https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd">2df43c</a></strong>: prevent possible XSS due to regex-based HTML replacement</li> </ul> <p>JqLite no longer turns XHTML-like strings like <code><div /><span /></code> to sibling elements <code><div></div><span></span></code> when not in XHTML mode. Instead it will leave them as-is. The browser, in non-XHTML mode, will convert these to: <code><div><span></span></div></code>.</p> <p>This is a security fix to avoid an XSS vulnerability if a new jqLite element is created from a user-controlled HTML string. If you must have this functionality and understand the risk involved then it is posible to restore the original behavior by calling</p> <pre lang="js"><code>angular.UNSAFE_restoreLegacyJqLiteXHTMLReplacement(); </code></pre> <p>But you should adjust your code for this change and remove your use of this function as soon as possible.</p> <p>Note that this only patches jqLite. If you use jQuery 3.5.0 or newer, please read the <a href="https://jquery.com/upgrade-guide/3.5/">jQuery 3.5 upgrade guide</a> for more details about the workarounds.</p> <p><a name="1.7.9"></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/angular/angular.js/commit/e55d352e942465479fa9f93b566db20a96b4cf15"><code>e55d352</code></a> docs(): update changelog for 1.8.0</li> <li><a href="https://github.com/angular/angular.js/commit/78ab691072f050aa3daa200012914d7f9858ac8c"><code>78ab691</code></a> chore(): prep for 1.8.0</li> <li><a href="https://github.com/angular/angular.js/commit/59b5651d8228925ea300d19a1b24d13df589cb34"><code>59b5651</code></a> docs(ngRepeat): missing closing backtick</li> <li><a href="https://github.com/angular/angular.js/commit/c8b7c16b78bc3ba7486ebf9c41f4603a9f429dd1"><code>c8b7c16</code></a> fix(jqLite): improve documentation</li> <li><a href="https://github.com/angular/angular.js/commit/05cf60677b0cdac47ce6b860cbb7b41957a2cbba"><code>05cf606</code></a> fix(jqLite): apply suggestions from code review</li> <li><a href="https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd"><code>2df43c0</code></a> fix(jqLite): prevent possible XSS due to regex-based HTML replacement</li> <li><a href="https://github.com/angular/angular.js/commit/295213df9537666254626ffe3e4a6013122e4802"><code>295213d</code></a> chore(*): clean up <code>package.json</code> and CircleCI config</li> <li><a href="https://github.com/angular/angular.js/commit/a31c207bf1da10c6a1fbbaf289cafe19f481ad41"><code>a31c207</code></a> chore(docs-app): remove <code>document.write()</code> from docs <code>index.html</code></li> <li><a href="https://github.com/angular/angular.js/commit/25189661534502d578d27ea02bee17c29df1a882"><code>2518966</code></a> fix(grunt-utils): insert the core CSS styles without using innerHTML</li> <li><a href="https://github.com/angular/angular.js/commit/7de25c8e41e5462d78d372ea2bca1ed3dadfd0db"><code>7de25c8</code></a> chore(ci): ensure that deployment files are ready for deployment</li> <li>Additional commits viewable in <a href="https://github.com/angular/angular.js/compare/v1.7.9...v1.8.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

push eventnoppa/ng-hot-reload

dependabot[bot]

commit sha 6f1a5041c38484da48b0827b7536d19292e58e2d

Bump lodash from 4.17.15 to 4.17.19 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha 192d5c465e737f57d5e5373fe4b67ba84d603aad

Merge pull request #29 from noppa/dependabot/npm_and_yarn/lodash-4.17.19 Bump lodash from 4.17.15 to 4.17.19

view details

push time in 2 months

PR merged noppa/ng-hot-reload

Bump lodash from 4.17.15 to 4.17.19 dependencies

Bumps lodash from 4.17.15 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

push eventnoppa/ng-hot-reload

dependabot[bot]

commit sha 3a7f1b2c14e72582654465ff1a3e9bd440e6d746

Bump elliptic from 6.5.2 to 6.5.3 Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha 4cc697a376f4fa1ff40be5a26e90ea121795f196

Merge pull request #30 from noppa/dependabot/npm_and_yarn/elliptic-6.5.3 Bump elliptic from 6.5.2 to 6.5.3

view details

push time in 2 months

PR merged noppa/ng-hot-reload

Bump elliptic from 6.5.2 to 6.5.3 dependencies

Bumps elliptic from 6.5.2 to 6.5.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -6

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

push eventnoppa/ng-hot-reload

dependabot[bot]

commit sha cf7fe72bd99de8df978189f0dff92aa7cd6ef66e

Bump websocket-extensions from 0.1.3 to 0.1.4 Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4. - [Release notes](https://github.com/faye/websocket-extensions-node/releases) - [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md) - [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha 103c8b4ae89571a209729a5db77a5655a432dddd

Merge pull request #27 from noppa/dependabot/npm_and_yarn/websocket-extensions-0.1.4 Bump websocket-extensions from 0.1.3 to 0.1.4

view details

push time in 2 months

PR merged noppa/ng-hot-reload

Bump websocket-extensions from 0.1.3 to 0.1.4 dependencies

Bumps websocket-extensions from 0.1.3 to 0.1.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md">websocket-extensions's changelog</a>.</em></p> <blockquote> <h3>0.1.4 / 2020-06-02</h3> <ul> <li>Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin)</li> <li>Change license from MIT to Apache 2.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/faye/websocket-extensions-node/commit/8efd0cd6e35faf9bb9cb08759be1e27082177d43"><code>8efd0cd</code></a> Bump version to 0.1.4</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/3dad4ad44a8c5f74d4f8f4efd3f9d6e0b5df3051"><code>3dad4ad</code></a> Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/4a76c75efb1c5d6a2f60550e9501757458d19533"><code>4a76c75</code></a> Add Node versions 13 and 14 on Travis</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/44a677a9c0631daed0b0f4a4b68c095b624183b8"><code>44a677a</code></a> Formatting change: {...} should have spaces inside the braces</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/f6c50aba0c20ff45b0f87cea33babec1217ec3f5"><code>f6c50ab</code></a> Let npm reformat package.json</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/2d211f3705d52d9efb4f01daf5a253adf828592e"><code>2d211f3</code></a> Change markdown formatting of docs.</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/0b620834cc1e1f2eace1d55ab17f71d90d88271d"><code>0b62083</code></a> Update Travis target versions.</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/729a4653073fa8dd020561113513bfa2e2119415"><code>729a465</code></a> Switch license to Apache 2.0.</li> <li>See full diff in <a href="https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

fork noppa/iso-8859-15

A robust JavaScript implementation of the iso-8859-15 character encoding as defined by the Encoding Standard.

https://mths.be/iso-8859-15

fork in 2 months

issue commentfacebook/flow

Array#includes check with enum

The type definition of Array.includes has been changed at some point and OP's code no longer errors. This issue can be closed.

FWIW I think the original behaviour was better and the current type definition allows some easy to make mistakes to go unnoticed, as demonstrated in a similar TypeScript issue, but I guess that's a subject for another time and another issue.

deecewan

comment created time in 2 months

push eventnoppa/flow

Daniel Sainati

commit sha 99fa5bf37c5630b44d134df0f1e5e0b6cb0ffe16

[Errors] standardize suppression comment syntax Summary: Prior to this diff, what counted as a valid suppression comment was specified purely within the `.flowconfig` of a project as a regular expression. This is unfortunate, because with upcoming changes adding error codes we had no way to enforce any structure on the suppression, and thus had no idea where to look for an error code. Instead, we standardize the suppression comment syntax to a simpler version: `//<SUPPRESSOR>[CODE]` where `SUPPRESSOR` is one of `$FlowFixMe`, `$FlowIssue` or `$FlowExpectedError`. Reviewed By: mroch Differential Revision: D19847216 fbshipit-source-id: 37e609963c0d3a6a5f6ee372c45eed23274038e0

view details

Marshall Roch

commit sha 8d00f25453a9126e299d425c7de11ef1d29ed5ef

fix restart loop when .flowconfig has changed since hg mergebase Summary: when the flow server starts in watchman lazy mode, it parses and computes dependencies but does not focus or check anything. meanwhile, the monitor talks to watchman and gets the files changed since mergebase. after init, we focus and check those files. when a client, like `flow status`, sends a request to the server, we check for any watchman notifications we haven't processed yet and send them to the server. previously, this latter notification got enqueued before the initial notification, so we told the server that the files that were changed since mergebase had actually been changed since we started. that causes the server to restart. now, we keep track of whether a set of changes are the initial changes since mergebase in the watchman handler, so that *any* monitor -> server message, including `flow status`, will trigger the "initial" check rather than a recheck. Reviewed By: samwgoldman Differential Revision: D21847126 fbshipit-source-id: b2f448311f51f5f521a2c7b0a840d3034a5a0489

view details

Marshall Roch

commit sha 9b4744b9c4ce80ac89afe5adeae3aafcd0f5546b

v0.126.1 Reviewed By: dsainati1 Differential Revision: D21848175 fbshipit-source-id: 077a0f566c3b88e8c5809d139a367d93fcb30a93

view details

Panagiotis Vekris

commit sha e2059198fbf2aac1ea87c8660301bdb0b5e2c001

[easy] split out some union/intersection utils Summary: I'll be reusing this in the next diff Reviewed By: gkz Differential Revision: D21657204 fbshipit-source-id: 84b506fcbe340063199aa655c471c933e1333f5f

view details

Panagiotis Vekris

commit sha 1040ed3925f815d9c1ca73821bdc522826e9f561

[normalizer] Simplify member expansion logic Summary: Unlike most normalizer clients, when called from the autocomplete command, the normalizer attempts to return an object-like structure. Until now, the mode of operation (member-expanding or not) was determined by information stored in the environment. Then, at various parts of the normalization process we would look up the environment to see if we should be expanding the type to an object structure. The awkward part of this design, was that the logic for this feature was spread throughout the normalizer module. This diff moves all the code related to member-expansion to one place, at the entry point to normalizer. This change was enabled after enforcing a stricter structure on the normalized types (D20070324). Regarding the implementation, this diff introduces two modules: TypeConverter, that holds the code that does normalization in the normal mode, and ExpandMembersConverter, that handles the case of member-expansion. In the latter module, once we've determined the top-level structure of the object, we call in to TypeConverter to normalize the properties of the object in normal mode. A pleasant side-effect is that we can now remove all member-expansion information from the environment. The only information we need to pass are two flags: `include_proto_members` and `idx_hook`, which work the same as before. These are now passed as flags to the normalizer entry point. The additional `instance_member_expansion` and `proto` fields that used to be in the environment are now passed as parameters within ExpandMembersConverter. Reviewed By: vrama628 Differential Revision: D21657203 fbshipit-source-id: de7bd72aff41517a35a1853d80a6b4997fa8f2d8

view details

Panagiotis Vekris

commit sha e21879f3ce24d5b72e2e646e1bba7c00fadfb28a

[normalizer] Refactor Summary: * Restricts the exports of each module in the normalizer. (Before, all functions were exported.) * Changes some names. * Introduces a ElementConverter module. This exports a conversion function that returns a `Ty.elt` which is an option between a type and a declaration. Moves the function that handles opaque aliases in there, from the TypeConverter, where it used to be. Reviewed By: dsainati1 Differential Revision: D21657209 fbshipit-source-id: c19b059b83609583ef4a28e50bba88b30e804bff

view details

Hans Halverson

commit sha b5f7c7541c6f5974aecf18673220275106eac21e

Lint rule for use of both toplevel imports and requires Summary: The last lint rule we would like to enforce for ES6 imports/exports at the moment is that you cannot mix non-type toplevel `import` and `require` statements - each file must use either toplevel `imports` or toplevel `requires`. (Type imports are allowed alongside `requires` as there is no alternative CJS syntax for type imports). This new lint rule is called `mixed-import-and-require` and is gated behind the `experimental.strict_es6_import_export` flowconfig flat to assist with testing and rollout. We can implement this by detecting imports and requires in the initial pass to gather declarations within the `Strict_es6_import_export` module. We must detect only import statements that contain a value import. Requires are a bit tricker to detect, but we should catch the most common pattern which is either a direct require or a require wrapped in a member expression (`const Foo = require('Foo')` or `const Named = require('Foo').named`). If both an import and require are detected, we display an error that shows the location of both the import and require in the file. Reviewed By: pieterv Differential Revision: D21826309 fbshipit-source-id: a6466e72439e8b8cc287822a5dc6ae65322854e6

view details

Hans Halverson

commit sha 4c91ab87c83e05b8ff77f5ef4da99b7346cfd2bf

Handle unresolved exported identifier in ES6 lint rules Summary: The new ES6 lint rules are not properly handling the case when an exported identifier cannot be resolved. We use the `Scope_api.def_of_use` method to find the loc of an identifier's definition, but if the identifier cannot be resolved this function throws, causing flow to crash. (Note this is not causing any problems in production as running these lint rules is gated behind the `experimental.strict_es6_import_export` flag). Instead, let's add a new `Scope_api.def_of_use_opt` function that optionally returns the definition to avoid crashing on malformed code. We should then use the new `Scope_api.def_of_use_opt` function to resolve export specifiers when checking for the new ES6 lint rules. Reviewed By: pieterv Differential Revision: D21832029 fbshipit-source-id: 0492147b7575a4cd2a278359f0443b0996bf021d

view details

Mike Vitousek

commit sha fa1268d9153ec372796d7bf0fb364e648f1eb51f

Remove harmful terminology and improve documentation of worker processes Summary: Flow used historically harmful (if common) terminology to describe the relationships between different worker processes. Less importantly, the terminology was imprecise and inconsistent. This diff follows other projects (e.g. [Python](https://bugs.python.org/issue34605)) in replacing those terms with ones that are less harmful and more precise. Black lives matter. Reviewed By: samwgoldman Differential Revision: D21843162 fbshipit-source-id: 023298bde299c66adcce6359c3f2cbd8a108bf04

view details

Marshall Roch

commit sha d94cca063fb49e180070e507c2c62ddaa1d27b9f

fix website build failure due to suppress_comment Summary: the website build runs flow from master to generate the inline examples. in master, `suppress_comment` is no longer a valid option, causing the build to fail. `$DocIssue` was a suppession we used in the past when we had expected errors that we didn't want to show in the docs, like when stubbing out parts of the examples. Reviewed By: dsainati1 Differential Revision: D21859589 fbshipit-source-id: 524e5f7af212f0b990bc92fefa7561886e414785

view details

Panagiotis Vekris

commit sha 1fab18ce60dfbdbe6fa6d6742ed9be1110aa42b0

fix try-flow Summary: D21649852 was not picked into 0.126, but is a breaking change for binaries that do not export `initBuiltins`. Reviewed By: samwgoldman Differential Revision: D21866717 fbshipit-source-id: 9cbb75460f012ee8f5dbfdddea2fade89a0cc345

view details

Marshall Roch

commit sha faece30df5e245f56f073f381c67877a3b3e6b32

[lsp] refactor get_next_event_from_server Summary: Eliminates a polymorphic equal and seems easier to follow to me Reviewed By: gkz Differential Revision: D21860073 fbshipit-source-id: 969293313d8496d9c752a9f71b861a1c4f56eca7

view details

Sam Goldman

commit sha 92e5f1e591757aa869a7464914aee6e95e2b710b

Tweak creation of reasons for typeapps Summary: There are a few different reasons we might want to create a TypeAppT type, which was reflected in the API of TypeUtil.typeapp, with its optional arguments and various conditional logic. This diff ~~foolishly~~boldly attempts to change two things at once: 1. Split up the API into separate function calls for each distinct use 2. Improve the reasons created for "builtin typeapps" Consider the ArrT type, which represents a type application of the Array<T> class. We model this as a more specialized type, but in other places we want to rely on the libdef -- method calls, for example. In those cases, we convert the ArrT to a TypeAppT of the builtin class type. In this case, it's desirable to keep most of the reason information associated with the original ArrT, including both the assoiated annot loc, if applicable, and the repositioned loc. The other, more common case, is type annotations. In this case, we definitely want an annot loc, but the current/repos loc is the same loc. Lastly, we have implicit typeapps, which I've left alone, since the expected logic seems to be implementation defined. Reviewed By: panagosg7 Differential Revision: D21794195 fbshipit-source-id: 32b4ac30801e5f26ae7de7b6a277685fca7a6c91

view details

Sam Goldman

commit sha 877bef00e319831afed2c6a94580dc144b15d403

Give an annot reason to Array<> annotations Summary: Type annotations should carry around an "annot" location, which is insensitive to repositioning. In various places, this location is used to provide better error messages. The differentiating information is also important if the reason is part of a cache key. The small regression in React createClass errors is addressed in a follow-up. Reviewed By: dsainati1 Differential Revision: D21754470 fbshipit-source-id: 029b237625bf1b8941a31ca883a6f588908d3cba

view details

Sam Goldman

commit sha f4a0fca6aea3b98f29de29678b664c1181acef38

Treat createClass component propTypes as annots Summary: Flow has support for defining components using createClass, which is long deprecated but still has some uses in our codebase. Using createClass, programmers declare the expected props of their component by defining an object value, which Flow converts into an annotation. The exact method for this conversion is not relevant here. The important part is that we have values which should be treated more like annotations. This diff ensures that the reasons for these types have an associated "annot location." This results in better error messages, as can be seen in the changed test output. Reviewed By: jbrown215 Differential Revision: D21754471 fbshipit-source-id: 2fbc40a982963facd74d1a2cf5e33d65c31a36b8

view details

Sam Goldman

commit sha 8fd577d97c0eb4db7763cad1beccdd3cfee5f26b

Change cache lifetime to match component context lifetime Summary: As a first step to moving these caches out of the global state, let's first ensure that they have a compatible lifetime. Reviewed By: jbrown215 Differential Revision: D21650491 fbshipit-source-id: 0f8e3acd4a8332af3ddd4cadd231e1718b12cc09

view details

Sam Goldman

commit sha e578114452750d98fb764014e9a5b775515c3a51

Move FlowSet into the Type module Summary: I am removing the various caches in Flow_cache from the global scope. Instead, they will become a part of the context. As part of that, I am going to move some definitions around so I can write down the cache types in context.mli without creating a cyclic dependency between Flow_cache and Context. Reviewed By: dsainati1 Differential Revision: D21633547 fbshipit-source-id: 90fe5f5cc22a5884f2ac26c585a4eb0f9527f2f2

view details

Sam Goldman

commit sha 60117495be8dcc3aec8fb956141235fb0168a693

Move constraint cache global state into context Summary: This is one small piece of global state which is now slightly more local. This no longer needs to be cleared as part of Flow_cache.clear, at least for correctness purposes. This cache will not interfere with another context, and will be collected when the host context is. Reviewed By: dsainati1 Differential Revision: D21633542 fbshipit-source-id: a5045a87e0ad92174e35d914b184e8e7270b5a35

view details

Sam Goldman

commit sha 1e6f14ee4a45e6bcad3b53cd88ee7ae75e877652

Move subst cache global into context Summary: This is one small piece of global state which is now slightly more local. This no longer needs to be cleared as part of Flow_cache.clear, at least for correctness purposes. This cache will not interfere with another context, and will be collected when the host context is. Reviewed By: dsainati1 Differential Revision: D21633548 fbshipit-source-id: 31b055c79d9f468a5d15d568b8947e4e41cbc040

view details

Sam Goldman

commit sha 0e2b0b52ab4208e91a992c58ebf673d9f8b38776

Move instantiation cache global into context Summary: This is one small piece of global state which is now slightly more local. This no longer needs to be cleared as part of Flow_cache.clear, at least for correctness purposes. This cache will not interfere with another context, and will be collected when the host context is. Reviewed By: dsainati1 Differential Revision: D21633543 fbshipit-source-id: cc9e2ac51f9eb347430c41be68b3125acafde460

view details

push time in 2 months

issue commentflowtype/flow-for-vscode

Maybe Type in useState breaks Syntax Highlighting

@hugolam Try using "Babel JavaScript" extension for syntax hilighting, as mentioned in the Known issues section of the readme.

hugolam

comment created time in 2 months

push eventnoppa/ng-hot-reload-custom-loader-example

dependabot[bot]

commit sha d4fc4a5cb686e0729da05c29efb8cd41fd938175

Bump elliptic from 6.5.2 to 6.5.3 Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha ef701e24bb921a831480adb2b2b22b5bc946c3f9

Merge pull request #4 from noppa/dependabot/npm_and_yarn/elliptic-6.5.3 Bump elliptic from 6.5.2 to 6.5.3

view details

push time in 2 months

PR merged noppa/ng-hot-reload-custom-loader-example

Bump elliptic from 6.5.2 to 6.5.3 dependencies

Bumps elliptic from 6.5.2 to 6.5.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

issue commenttc39/proposal-record-tuple

Integration with type systems

The Tuples in this proposal are quite different from TS ReadonlyArrays actually. Tuples have methods that normal arrays don't (pushed etc.) and don't allow other than primitive values inside. Repurposing ReadonlyArrays to mean Tuples would be a major breaking change that I don't think they'll want to make.

littledan

comment created time in 2 months

issue commentnoppa/ng-hot-reload

Error in the build

Unfortunately, the way this plugin works requires that ES6 imports have been compiled to CommonJS requires first.

If you are using Babel and preset-env, add "moduels": "commonjs", like in this example.

If you are using TypeScript, add "module": "commonjs" to tsconfig, like in this example.

Note that when you do this, Webpack's tree shaking doesn't work, which may make your bundles bigger. You might want to configure those tools so that the CommonJS compilation is used only when debugging with hot reloading and not in production.

With Babel, that can be achieved with "env" option in babelrc (docs, example in StackOverflow).

With TypeScript, you can pass something like

options: {
  compilerOptions: {
    module: process.env.NODE_ENV === 'production' ? 'ES6' : 'commonjs',
  }
}

using ts-loader (docs)

alessandro308

comment created time in 2 months

PR merged noppa/translation-compiler

Bump elliptic from 6.4.1 to 6.5.3 dependencies

Bumps elliptic from 6.4.1 to 6.5.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li><a href="https://github.com/indutny/elliptic/commit/60489415e545efdfd3010ae74b9726facbf08ca8"><code>6048941</code></a> 6.5.2</li> <li><a href="https://github.com/indutny/elliptic/commit/9984964457c9f8a63b91b01ea103260417eca237"><code>9984964</code></a> package: bump dependencies</li> <li><a href="https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a"><code>ec735ed</code></a> utils: leak less information in <code>getNAF()</code></li> <li><a href="https://github.com/indutny/elliptic/commit/71e4e8e2f5b8f0bdbfbe106c72cc9fbc746d3d60"><code>71e4e8e</code></a> 6.5.1</li> <li><a href="https://github.com/indutny/elliptic/commit/7ec66ffa255079260126d87b1762a59ea10de5ea"><code>7ec66ff</code></a> short: add infinity check before multiplying</li> <li><a href="https://github.com/indutny/elliptic/commit/ee7970b92f388e981d694be0436c4c8036b5d36c"><code>ee7970b</code></a> travis: really move on</li> <li><a href="https://github.com/indutny/elliptic/commit/637d0216b58de7edee4f3eb5641295ac323acadb"><code>637d021</code></a> travis: move on</li> <li><a href="https://github.com/indutny/elliptic/commit/5ed0babb6467cd8575a9218265473fda926d9d42"><code>5ed0bab</code></a> package: update deps</li> <li>Additional commits viewable in <a href="https://github.com/indutny/elliptic/compare/v6.4.1...v6.5.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+19 -7

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

push eventnoppa/translation-compiler

dependabot[bot]

commit sha 1e286dfc1392a73a13ff22899f03659426981247

Bump elliptic from 6.4.1 to 6.5.3 Bumps [elliptic](https://github.com/indutny/elliptic) from 6.4.1 to 6.5.3. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.4.1...v6.5.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha de1d102c1afee50f94c65ed2a6f8d797ce2131bc

Merge pull request #7 from noppa/dependabot/npm_and_yarn/elliptic-6.5.3 Bump elliptic from 6.4.1 to 6.5.3

view details

push time in 2 months

push eventnoppa/xmllint-wasm

Oskari Noppa

commit sha 31e213b8ba1d637a07192f1c288840fd59886b89

Option to preload files and API change Changes that affect public API: * Add option to preload files so that imports work * Change the file contents property name from "xml" to "contents" Internal changes: * Safe guard internal Module options agains Emscriptens special Module properties (now and in the future) by prefixing property names

view details

Oskari Noppa

commit sha 7ceb516769b59e0a19a4372de1c0072ecc8f7442

Make the preload option optional and fix tests.

view details

Oskari Noppa

commit sha a08d7239eb0a87fe46a2f33fa3e82e1c43a4a1ad

2.0.0

view details

push time in 2 months

push eventnoppa/xmllint-wasm

Oskari Noppa

commit sha 2fe140aa5794e3d86b3481e3ef29d1154d7c65e5

Fix js file type selector in editorconfig

view details

push time in 2 months

issue commentfacebook/flow

Flow is too restrictive about spreading objects and computed properties.

You can get around the second problem case by annotating the defaults explicitly

type X = { [idx: string]: string | number };
function withDefaults(obj: X): X {
    const defaults: X = {
        defaultValue: 'hello',
    }
    return {
        ...defaults,
        ...obj
    };
}
Mr-Wallet

comment created time in 2 months

push eventnoppa/xmllint-wasm

Oskari Noppa

commit sha b8815d7080d361f48daf302174621ff658c9a331

Update repo name and url

view details

Oskari Noppa

commit sha 8042609a29150a75b33986977e098e4bfa0bc36a

1.0.1

view details

Oskari Noppa

commit sha 8d711aba2dce33e688e7b00b6f5a2a51813ff40c

Indent code examples with spaces Github's tab length is pretty crazy.

view details

push time in 2 months

push eventnoppa/xml.js

Oskari Noppa

commit sha 6c88255e15b0ba61404092bb993b05c39fb5eba4

Add error case to debug script

view details

Oskari Noppa

commit sha 44933a5793f5c537bb5a26d0af8e6ae4c48df381

Publish as a new package

view details

Oskari Noppa

commit sha 32cf62aed8409283ebdd63d8913fc3202931f63c

Fix worker.js file path

view details

Oskari Noppa

commit sha b9ffb97f957e4d695ed1d3074d3c20d0747f38e8

Add ESLint and unify styling

view details

Oskari Noppa

commit sha 106c512fa698cb4b6d9e1e2ec5431ef27b7fd0ce

Add editorconfig

view details

Oskari Noppa

commit sha 15f74cc331a86199b77863ca59d4896c7e9c07c7

Remove unused files & refactor tests

view details

Oskari Noppa

commit sha 3903610213cb9ef8ace71514171c4ce773d086b2

Minor code style change

view details

Oskari Noppa

commit sha 84839a629a186d3e34532742f660bb2a9d1abc01

Refactor validation input and output Allow input to contain preselected file names. Try to parse file name and line number back from the output string and return an object that contains the parsed information as well as the original raw message. Also contains some code maintenance stuff like adding ESLint and fixing tests.

view details

Oskari Noppa

commit sha 3483d9eb7fc115c1c997c8817d8738700fec96a1

Add Flow types

view details

Oskari Noppa

commit sha 375018d06b46be5a96e08f03fe0db46acaaf4a60

Update Readme

view details

Oskari Noppa

commit sha 45a8c05337e2e2a16e486225a27b18e0af207a26

Add type def files to package

view details

Oskari Noppa

commit sha a10df7a02b10d2ecc3d6f1dce72ad0487df4ed8f

1.0.0

view details

push time in 2 months

push eventnoppa/xml.js

Oskari Noppa

commit sha b4533a86ac6243145966c8a20e1a761ab1cad51c

Upgrade libxml2

view details

Oskari Noppa

commit sha 882e04826d365c2d4e8aa23e66b855dcfe1f8885

Fix linker crash This seems to fix a build error similar to emscripten/issues/9655#issuecomment-543996316

view details

Oskari Noppa

commit sha 422452642005a614edca31036d70a409aa2541b1

Optimize build output for size

view details

Oskari Noppa

commit sha 326bd8ac9cd35cb19baa9dcdba6e7c378977278e

Further minimize code with closure compiler

view details

Oskari Noppa

commit sha 5a8beea89984429eef9f2a700ec7254d49798831

Remove build output file from VC

view details

Oskari Noppa

commit sha 844511f5b9925679a9633833a5aeab86da019f72

Add build output files to gitignore

view details

Oskari Noppa

commit sha 74610e601a96b4cd7f3d0fe4d333f88caa2c4881

[WIP] Trying out custom wrapper

view details

Oskari Noppa

commit sha 7d8473143f634ad884d75fec930fa1f0cad1725c

Fix success/error handling

view details

Oskari Noppa

commit sha 07bead93892695680b272d81a7959bf8476b7332

[WIP]

view details

Oskari Noppa

commit sha 9676c09bf44e927799ef81dbd600fb6bcc14e406

Refactor to use Node Workers Mocking process with a shadowed variable was way too flaky. Instead, run the compiled module in a Node Worker so the output can call process.exit all they want and it won't crash the server.

view details

Oskari Noppa

commit sha f0bab4e24212a57a65f59d3e06729e6c32405103

Remove unneeded file We dont do manual wrapping for the output anymore.

view details

Oskari Noppa

commit sha a2c9d40916f88c055afaf7429a44c02791a5df0f

Optimize for code size

view details

Oskari Noppa

commit sha 4df63b1c3c809b30d4912d81a811b1dd34e95cf9

Fix broken if-chain

view details

push time in 2 months

fork noppa/xml.js

Port of libxml to JavaScript using Emscripten

fork in 2 months

issue commentnoppa/text-security

Strange shapes on Edge

Great, thanks for checking.
Although that's also a bit disappointing because that means the optimized version now has issues both in Safari (#10) and in IE/Edge :sweat:
I'll update the README to reflect that and might need to change the defaults to load the compat font

hrturlakov

comment created time in 2 months

push eventnoppa/xmllint-wasm

Oskari Noppa

commit sha eb9686527ce90d1e6d354cd0ee5ad2e4b0b8debf

Add libxml2 as a submodule

view details

Oskari Noppa

commit sha 4fff5774e6be9b6b5470a8abf9b51b43cfe780bc

Test run

view details

push time in 2 months

create barnchnoppa/xmllint-wasm

branch : master

created branch time in 2 months

created repositorynoppa/xmllint-wasm

created time in 2 months

issue commentnoppa/text-security

Strange shapes on Edge

Thanks. That's interesting... I'll try to repro this in a few days.
Can you check the console's network tab and see what font it's actually loading? Maybe if it's loading the non-compat version, we could try forcing the compatibility version and see if it works better.

hrturlakov

comment created time in 2 months

issue commentnoppa/text-security

Strange shapes on Edge

Are you using a placeholder attribute with the password field? Could this be related to #3 and #5 where the cause was that Edge/IE also applied the font to the placeholder?

hrturlakov

comment created time in 2 months

issue commentfacebook/flow

Generic type not scoped as expected in closure.

I don't know if this is a bug in Flow or not, but as a workaround you can explicitly annotate the return value of entries and it'll work


type Entries<T> = {
	push(entry: T): void;
}

function entries<T>(): Entries<T> {
	let entries: T[] = []

	return {
		push: (entry) => {
		   entries.push(entry)
		}
	}
}


let e = entries<string>()
e.push("abc")

Try

jameskerr

comment created time in 2 months

push eventnoppa/node-playground

dependabot[bot]

commit sha 15539555e3cae1dfbd43888bba1b3fa45ce0ae2f

Bump lodash from 4.17.15 to 4.17.19 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha 9a7f3a894d88a1b520fc34f41d9ac6f662d62973

Merge pull request #1 from noppa/dependabot/npm_and_yarn/lodash-4.17.19 Bump lodash from 4.17.15 to 4.17.19

view details

push time in 2 months

PR merged noppa/node-playground

Bump lodash from 4.17.15 to 4.17.19 dependencies

Bumps lodash from 4.17.15 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+5 -5

0 comment

2 changed files

dependabot[bot]

pr closed time in 2 months

PR merged noppa/ng-hot-reload-custom-loader-example

Bump websocket-extensions from 0.1.3 to 0.1.4 dependencies

Bumps websocket-extensions from 0.1.3 to 0.1.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md">websocket-extensions's changelog</a>.</em></p> <blockquote> <h3>0.1.4 / 2020-06-02</h3> <ul> <li>Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin)</li> <li>Change license from MIT to Apache 2.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/faye/websocket-extensions-node/commit/8efd0cd6e35faf9bb9cb08759be1e27082177d43"><code>8efd0cd</code></a> Bump version to 0.1.4</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/3dad4ad44a8c5f74d4f8f4efd3f9d6e0b5df3051"><code>3dad4ad</code></a> Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/4a76c75efb1c5d6a2f60550e9501757458d19533"><code>4a76c75</code></a> Add Node versions 13 and 14 on Travis</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/44a677a9c0631daed0b0f4a4b68c095b624183b8"><code>44a677a</code></a> Formatting change: {...} should have spaces inside the braces</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/f6c50aba0c20ff45b0f87cea33babec1217ec3f5"><code>f6c50ab</code></a> Let npm reformat package.json</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/2d211f3705d52d9efb4f01daf5a253adf828592e"><code>2d211f3</code></a> Change markdown formatting of docs.</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/0b620834cc1e1f2eace1d55ab17f71d90d88271d"><code>0b62083</code></a> Update Travis target versions.</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/729a4653073fa8dd020561113513bfa2e2119415"><code>729a465</code></a> Switch license to Apache 2.0.</li> <li>See full diff in <a href="https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

push eventnoppa/ng-hot-reload-custom-loader-example

dependabot[bot]

commit sha 80a6552c851ed843e85c8dc344856bc3f36aa85f

Bump websocket-extensions from 0.1.3 to 0.1.4 Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4. - [Release notes](https://github.com/faye/websocket-extensions-node/releases) - [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md) - [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha 1e60a734a5e20046f4cd2cd2bedfac90a00009f2

Merge pull request #1 from noppa/dependabot/npm_and_yarn/websocket-extensions-0.1.4 Bump websocket-extensions from 0.1.3 to 0.1.4

view details

push time in 2 months

push eventnoppa/ng-hot-reload-custom-loader-example

dependabot[bot]

commit sha e775c77c7682c5a907f744ead61c60dbe9498cf0

Bump angular from 1.7.9 to 1.8.0 Bumps [angular](https://github.com/angular/angular.js) from 1.7.9 to 1.8.0. - [Release notes](https://github.com/angular/angular.js/releases) - [Changelog](https://github.com/angular/angular.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/angular/angular.js/compare/v1.7.9...v1.8.0) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha 273f2213e2e229a21433dfabf169e6bcecb6cae7

Merge pull request #2 from noppa/dependabot/npm_and_yarn/angular-1.8.0 Bump angular from 1.7.9 to 1.8.0

view details

push time in 2 months

PR merged noppa/ng-hot-reload-custom-loader-example

Bump angular from 1.7.9 to 1.8.0 dependencies

Bumps angular from 1.7.9 to 1.8.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/angular/angular.js/blob/master/CHANGELOG.md">angular's changelog</a>.</em></p> <blockquote> <h1>1.8.0 nested-vaccination (2020-06-01)</h1> <p><em>This release contains a breaking change to resolve a security issue which was discovered by Krzysztof Kotowicz(<a href="https://github.com/koto">@koto</a>); and independently by Esben Sparre Andreasen (<a href="https://github.com/esbena">@esbena</a>) while performing a Variant Analysis of <a href="https://github.com/advisories/GHSA-gxr4-xjj5-5px2">CVE-2020-11022</a> which itself was found and reported by Masato Kinugawa (<a href="https://github.com/masatokinugawa">@masatokinugawa</a>).</em></p> <h2>Bug Fixes</h2> <ul> <li><strong>jqLite:</strong> <ul> <li>prevent possible XSS due to regex-based HTML replacement (<a href="https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd">2df43c</a>)</li> </ul> </li> </ul> <h2>Breaking Changes</h2> <h3><strong>jqLite</strong> due to:</h3> <ul> <li><strong><a href="https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd">2df43c</a></strong>: prevent possible XSS due to regex-based HTML replacement</li> </ul> <p>JqLite no longer turns XHTML-like strings like <code><div /><span /></code> to sibling elements <code><div></div><span></span></code> when not in XHTML mode. Instead it will leave them as-is. The browser, in non-XHTML mode, will convert these to: <code><div><span></span></div></code>.</p> <p>This is a security fix to avoid an XSS vulnerability if a new jqLite element is created from a user-controlled HTML string. If you must have this functionality and understand the risk involved then it is posible to restore the original behavior by calling</p> <pre lang="js"><code>angular.UNSAFE_restoreLegacyJqLiteXHTMLReplacement(); </code></pre> <p>But you should adjust your code for this change and remove your use of this function as soon as possible.</p> <p>Note that this only patches jqLite. If you use jQuery 3.5.0 or newer, please read the <a href="https://jquery.com/upgrade-guide/3.5/">jQuery 3.5 upgrade guide</a> for more details about the workarounds.</p> <p><a name="1.7.9"></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/angular/angular.js/commit/e55d352e942465479fa9f93b566db20a96b4cf15"><code>e55d352</code></a> docs(): update changelog for 1.8.0</li> <li><a href="https://github.com/angular/angular.js/commit/78ab691072f050aa3daa200012914d7f9858ac8c"><code>78ab691</code></a> chore(): prep for 1.8.0</li> <li><a href="https://github.com/angular/angular.js/commit/59b5651d8228925ea300d19a1b24d13df589cb34"><code>59b5651</code></a> docs(ngRepeat): missing closing backtick</li> <li><a href="https://github.com/angular/angular.js/commit/c8b7c16b78bc3ba7486ebf9c41f4603a9f429dd1"><code>c8b7c16</code></a> fix(jqLite): improve documentation</li> <li><a href="https://github.com/angular/angular.js/commit/05cf60677b0cdac47ce6b860cbb7b41957a2cbba"><code>05cf606</code></a> fix(jqLite): apply suggestions from code review</li> <li><a href="https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd"><code>2df43c0</code></a> fix(jqLite): prevent possible XSS due to regex-based HTML replacement</li> <li><a href="https://github.com/angular/angular.js/commit/295213df9537666254626ffe3e4a6013122e4802"><code>295213d</code></a> chore(*): clean up <code>package.json</code> and CircleCI config</li> <li><a href="https://github.com/angular/angular.js/commit/a31c207bf1da10c6a1fbbaf289cafe19f481ad41"><code>a31c207</code></a> chore(docs-app): remove <code>document.write()</code> from docs <code>index.html</code></li> <li><a href="https://github.com/angular/angular.js/commit/25189661534502d578d27ea02bee17c29df1a882"><code>2518966</code></a> fix(grunt-utils): insert the core CSS styles without using innerHTML</li> <li><a href="https://github.com/angular/angular.js/commit/7de25c8e41e5462d78d372ea2bca1ed3dadfd0db"><code>7de25c8</code></a> chore(ci): ensure that deployment files are ready for deployment</li> <li>Additional commits viewable in <a href="https://github.com/angular/angular.js/compare/v1.7.9...v1.8.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+4 -4

0 comment

2 changed files

dependabot[bot]

pr closed time in 2 months

push eventnoppa/ng-hot-reload-custom-loader-example

dependabot[bot]

commit sha 03bab141a40e6e946c1b70c8420a21c0163e304d

Bump lodash from 4.17.15 to 4.17.19 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha 74f61df9c05bf4b835fe6c688f22d20c16f43a7a

Merge pull request #3 from noppa/dependabot/npm_and_yarn/lodash-4.17.19 Bump lodash from 4.17.15 to 4.17.19

view details

push time in 2 months

PR merged noppa/ng-hot-reload-custom-loader-example

Bump lodash from 4.17.15 to 4.17.19 dependencies

Bumps lodash from 4.17.15 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

issue commenttc39/proposal-record-tuple

Why does Tuple.prototype.map invoke the mapper on every element?

That makes me wonder, though, if "tuple" is the best name to describe these things. I can see how some people would expect tuples to only be used to model stuff like "a point", which would then make it surprising to see something like tuple.pushed(x). And not just for folks coming from Haskell et al. TypeScript and Flow also have a concept of "tuples" where the length and distinct types of elements are known at compile time.

michaelficarra

comment created time in 2 months

issue commenttc39/proposal-record-tuple

Why does Tuple.prototype.map invoke the mapper on every element?

In Haskell, tuples often hold values of different types and if you find yourself needing to map over all the values with a single function, it might be a sign that some other data structure would be more suitable (like list). Idk if you can even define a function that would map over tuple of arbitrary types with one function in Haskell.

As far as I understand, these JS "tuples" are supposed to be quite different, because they double as immutable lists with structural equality semantics. So I'd say having something like a "tuple" filled with just some x amount of numbers and then needing to apply function like double to them all will probably be a common use case. Unlike in Haskell, where regular lists already serve that use case well with structural equality and all that.

michaelficarra

comment created time in 2 months

fork noppa/eslint-plugin-flowtype

Flow type linting rules for ESLint.

fork in 2 months

push eventnoppa/translation-compiler

dependabot[bot]

commit sha 47b6cdf1b72044d1fb89fc7ea8387a08341aee4b

Bump lodash from 4.17.15 to 4.17.19 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) Signed-off-by: dependabot[bot] <support@github.com>

view details

Oskari Noppa

commit sha 9b5fa1cac0918271b3a53b48db068478c236d668

Merge pull request #6 from noppa/dependabot/npm_and_yarn/lodash-4.17.19 Bump lodash from 4.17.15 to 4.17.19

view details

push time in 2 months

PR merged noppa/translation-compiler

Bump lodash from 4.17.15 to 4.17.19 dependencies

Bumps lodash from 4.17.15 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -6

0 comment

2 changed files

dependabot[bot]

pr closed time in 2 months

issue commentfacebook/flow

Incorrect missing type annotation error on array map

Ah, that's because your Flow version 0.86.0 is quite old and MixedElement seems to be newer addition than that. Well, Element<any> then

import type {Element} from "react";

renderChip = (positions: string[]) => positions.map<Element<any>>(
  position => <Chip title={position} key={position} />
)

The @types/* modules are for TypeScript, so they won't help here.
Also btw version 16.3.1 is not the latest version of React :) but that shouldn't be a factor for this issue because the React types are actually built into Flow.

samuelhulla

comment created time in 2 months

issue commenttc39/proposal-pipeline-operator

Optional chaining support for the pipeline operator?

@isiahmeadows Yeah, makes sense.

To clarify, I didn't mean that my "alternative examples" were 100% equivalent to the ?> version or the result of transpiling pipelines. We were talking about how one might achieve "optional" pipelining without this ?> proposal if it didn't get in for the first pipeline version, and

getScoreOrNull
  |> ifNotNull(..)
  |> ifNotNull(..)

is something I could see myself using as a workaround instead of nested pipelines or breaking the pipeline to a statement, at least in some cases.

But it's definitely less than ideal workaround, a short-circuiting ?> operator would be much nicer to use.

isiahmeadows

comment created time in 2 months

issue commentfacebook/flow

Incorrect missing type annotation error on array map

What's even weirder about all this is, originally my component was written as a function component and the line was perfectly fine, but as soon as I transcribed the component into a class as I needed to add state, then suddenly I got this error.

See https://medium.com/flow-type/asking-for-required-annotations-64d4f9c1edf8

Flow has very few limitations on its type inference, but there is one big one: input positions reachable from exports must be annotated.

You didn't get this error before because when it was a function component, the helper function/value probably wasn't reachable from importing modules. Now that it's a class property, some other module could potentially construct an instance of the class and call this function, so Flow wants it to be explicitly typed.

Your attempted solution is good, but as @gkz said, the type imports are not quite right.

import type {MixedElement} from "React";

enderChip = (positions: string[]) => positions.map<MixedElement>(position => <Chip title={position} key={position} //.... />)

should work.

samuelhulla

comment created time in 2 months

issue commenttc39/proposal-pipeline-operator

Optional chaining support for the pipeline operator?

@Jopie64 That wouldn't short-circuit and end the pipeline on null, though, like (I'm assuming) the ?> operator would. So for longer pipelines, you might need to wrap every step of the pipeline after first possibly null return value

let newScore = person
  |> getScoreOrNull
  ?> double
  |> (_ => add(7, _))
  |> (_ => boundScore(0, 100, _));

// would become
let newScore = person
  |> getScoreOrNull
  |> ifNotNull(double)
  |> ifNotNull(_ => add(7, _))
  |> ifNotNull(_ => boundScore(0, 100, _));

// or nested pipelines
let newScore = person
  |> getScoreOrNull
  |> ifNotNull(_  => _
    |> double
    |> (_ => add(7, _))
    |> (_ => boundScore(0, 100, _))
  );
isiahmeadows

comment created time in 2 months

issue commentfacebook/flow

Width subtyping does not work with optional property

@charlag If that was allowed, you could do a.also = 'foo' and run into trouble somewhere else where the B value is expected to not have a property "also", like

type A = {name: string, address: string, also?: ?string, ...};
type B = {|name: string, address: string, another: Array<number>|};


const b: B = makeB()
// Flow currently does not allow this, but if it did,
// we'd be able to modify "b" as if its type was A
const a: A = b

a.also = 'foo'

type C = {| ...B, also: number |}

const c: C = {
    also: 10,
    ...b, // woops, this will overwrite "also" with a string-value 
}

c.also.toFixed(2) // runtime error

declare function makeB(): B;

Try Flow.
Flow is ok with your example if you either declare the problematic property as covariant/readonly

type A = {name: string, address: string, +also?: ?string, ...};

Try Flow. or copy the B object right before assigning to A

const a: A = {...makeB()}

Try Flow.
This way we can be sure that modifying a won't break other places where the same value is expected to be B.
I'm not sure why the interface-version works and if that's intended or not.

charlag

comment created time in 3 months

startedmicrosoft/vscode-mock-debug

started time in 3 months

issue commentnoppa/text-security

Not working as expected with screen readers.

Maybe

<input type="password" autocomplete="one-time-code" />

then? (MDN for autocomplete attribute) At least most browsers don't try to autocomplete that field. Most browsers still seem to suggest saving that as a password after entering, though, which is... still weird.

HimanshuGoel

comment created time in 3 months

more