Summary:
This updates minor and patch level dependencies. Frustratingly, I had to revert a bunch
of changes in that version range that still caused incompatibilities and test failures.
If I find time, I'll dig a bit deeper.
Reviewed By: ivanmisuno
Differential Revision: D48433210
fbshipit-source-id: 9ab12e774c1992d4f22cc1428d34f102ce820b75
Summary: Combining a bunch of individual tasks for dep upgrades into one diff.
Reviewed By: ivanmisuno
Differential Revision: D42706074
fbshipit-source-id: 054b2545ad1295699f47f4c6eb5065b7b9a1d6a0
Summary:
Bumps [ws](https://github.com/websockets/ws) from 8.5.0 to 8.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>8.6.0</h2>
<h1>Features</h1>
<ul>
<li>Add the ability to remove confidential headers on a per-redirect basis (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/2030">https://github.com/facebook/flipper/issues/2030</a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="ba214d9693"><code>ba214d9</code></a> [dist] 8.6.0</li>
<li><a href="8e3f1181f2"><code>8e3f118</code></a> [feature] Introduce the <code>'redirect'</code> event (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/2030">https://github.com/facebook/flipper/issues/2030</a>)</li>
<li><a href="69e682806d"><code>69e6828</code></a> [ci] Test on node 18</li>
<li><a href="0b6eb71665"><code>0b6eb71</code></a> [ci] Do not test on node 17</li>
<li><a href="d062ded622"><code>d062ded</code></a> [example] Fix require path</li>
<li><a href="2cf6202f8a"><code>2cf6202</code></a> [example] Use the <code>WebSocket.WebSocket{,Server}</code> aliases</li>
<li><a href="62e9b199ad"><code>62e9b19</code></a> [doc] Fix nits</li>
<li><a href="2619c003ce"><code>2619c00</code></a> [minor] Fix nit in comment</li>
<li><a href="d086f4bcbb"><code>d086f4b</code></a> [minor] Make <code>abortHandshake()</code> emit the error in the next tick</li>
<li><a href="ff80d665f9"><code>ff80d66</code></a> [test] Do not use a relative URL</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/8.5.0...8.6.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/3708
Reviewed By: timur-valiev
Differential Revision: D36371198
Pulled By: mweststrate
fbshipit-source-id: df9befdb3f95be2b8c564f87287bd8621e3a0c59
Summary:
Currently, Flipper Server has a few productions dependencies (mac-ca, node-fetch) that are not bundled with the Flipper Server. It makes it harder to distribute Flipper Server, as now all potential consumers need not only to download the bundle, but also install these additional dependencies.
This diff makes it possible to bundle `mac-ca` and `node-fetch` with Flipper Server. As a result, Flipper Server becomes dependency-free in production.
Reviewed By: lblasa
Differential Revision: D36345213
fbshipit-source-id: 2cd6ba1b3301b45dc2295891964ba020fd107586
Summary:
New round of releases and PRs came up, so bumping again.
Very selective Metro update as some dependencies don't play well together. A bunch of other dependencies use ESM and fail at various stages of the build or runtime process.
Reviewed By: mweststrate
Differential Revision: D34688830
fbshipit-source-id: 2ff5c46c253b814140f634a986ba0d246e9b0945
Summary:
Pull Request resolved: https://github.com/facebook/flipper/pull/3240
Bumps [ws](https://github.com/websockets/ws) from 7.5.6 to 8.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>8.4.0</h2>
<h1>Features</h1>
<ul>
<li>Added ability to generate custom masking keys (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1990">https://github.com/facebook/flipper/issues/1990</a>).</li>
</ul>
<h2>8.3.0</h2>
<h1>Features</h1>
<ul>
<li>Added ability to pause and resume a <code>WebSocket</code> (0a8c7a9c).</li>
</ul>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a bug that could prevent the connection from being closed cleanly when
using the stream API (ed2b8039).</li>
<li>When following redirects, an error is now emitted and not thrown if the
redirect URL is invalid (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1980">https://github.com/facebook/flipper/issues/1980</a>).</li>
</ul>
<h2>8.2.3</h2>
<h1>Bug fixes</h1>
<ul>
<li>When context takeover is enabled, messages are now compressed even if their size
is below the value of the <code>perMessageDeflate.threshold</code> option (41ae5631).</li>
</ul>
<h2>8.2.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>Some closing operations are now run only if needed (ec9377ca).</li>
</ul>
<h2>8.2.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed an issue where the socket was not resumed, preventing the connection
from being closed cleanly (869c9892).</li>
</ul>
<h2>8.2.0</h2>
<h1>Features</h1>
<ul>
<li>Added <code>WebSocket.WebSocket</code> as an alias for <code>WebSocket</code> and
<code>WebSocket.WebSocketServer</code> as an alias for <code>WebSocket.Server</code> to fix name
consistency and improve interoperability with the ES module wrapper (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1935">https://github.com/facebook/flipper/issues/1935</a>).</li>
</ul>
<h2>8.1.0</h2>
<h1>Features</h1>
<ul>
<li>Added ability to skip UTF-8 validation (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1928">https://github.com/facebook/flipper/issues/1928</a>).</li>
</ul>
<h1>Bug fixes</h1>
<ul>
<li>Fixed an issue with a breaking change in Node.js master (6a72da3e).</li>
<li>Fixed a misleading error message (c95e695d).</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="00c34d726d"><code>00c34d7</code></a> [dist] 8.4.0</li>
<li><a href="35d45c2a4f"><code>35d45c2</code></a> [perf] Skip masking and unmasking if the masking key is zero</li>
<li><a href="eb2e3a84a1"><code>eb2e3a8</code></a> [feature] Introduce the <code>generateMask</code> option</li>
<li><a href="c82b08737f"><code>c82b087</code></a> [dist] 8.3.0</li>
<li><a href="0a8c7a9c4f"><code>0a8c7a9</code></a> [api] Add <code>WebSocket#pause()</code> and <code>WebSocket#resume()</code></li>
<li><a href="ed2b803905"><code>ed2b803</code></a> [fix] Resume the socket in the <code>CLOSING</code> state</li>
<li><a href="b8186dd115"><code>b8186dd</code></a> [fix] Do not throw if the redirect URL is invalid (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1980">https://github.com/facebook/flipper/issues/1980</a>)</li>
<li><a href="5a905e49be"><code>5a905e4</code></a> [minor] Add missing label to the issue form</li>
<li><a href="89d81e8670"><code>89d81e8</code></a> [minor] Fix nit</li>
<li><a href="4916d03ad8"><code>4916d03</code></a> [minor] Allow to write frames with up to 2^48 - 1 bytes of data (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1973">https://github.com/facebook/flipper/issues/1973</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.5.6...8.4.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/3218
Reviewed By: antonk52, timur-valiev
Differential Revision: D33348279
Pulled By: nikoant
fbshipit-source-id: c245f53556e8f58ba1df619d3d0e106e8e5b1911
Summary:
Over time we collected a lot of harcoded resolutions, but it is really hard to get signal about their sanity:
* some resolutions generate a lot of yarn warnings as they resolve with a different major than required, and it's really hard to tell whether they actually make things worse or better
* some resolutions are for package we don't even use any more
* some resolutions were there to fix type incompatibilities which have been solved now by keeping them uniquely required
* some resolutions are there to fix "security issues" or security issues in transient dependencies that might have been upgraded int he mean time
So this diff radically removes all of them, trusting Github to propose restoring the sane ones of them :). In terms of functionality everything seems to be working at least
Reviewed By: timur-valiev
Differential Revision: D33158981
fbshipit-source-id: 83e74cdbc8e47ccbf554b97620cf7caa2c6599ce
Summary:
This diff removes most deps from the root package.json, which now only contains electron and shared build / test infra structure: lint, prettier, jest, typescript.
This makes it possible to control much better which packages are used where, as all sub packages now have their deps explicitly in their package.json instead of incidentally shared. This allows for example to disable DOM types for all packages by default (flipper-plugin, ui(-core) and app still request it), and in the next diff I hope to add to this that nodeJS types are no longer shared either, so that UI oriented packages will generate compile errors when using Node built-ins
This diff removes most deps that were currently unused, and dedupes a bunch of other ones, so the build should probably be a bit smaller now as well:
{F686704253}
{F686704295}
Reviewed By: antonk52
Differential Revision: D33062859
fbshipit-source-id: 5afaa4f2103d055188382a3370c1fffa295a298a
Summary:
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.5 to 2.6.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/node-fetch/node-fetch/releases">node-fetch's releases</a>.</em></p>
<blockquote>
<h2>v2.6.6</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(URL): prefer built in URL version when available and fallback to whatwg by <a href="https://github.com/jimmywarting"><code>@jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1352">node-fetch/node-fetch#1352</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6">https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f56b0c66d3"><code>f56b0c6</code></a> fix(URL): prefer built in URL version when available and fallback to whatwg (...</li>
<li>See full diff in <a href="https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/3018
Reviewed By: passy
Differential Revision: D32202504
Pulled By: mweststrate
fbshipit-source-id: ae615c39872dcc10946fab4cbe096aa7f32437f9
Summary:
Bumps [ws](https://github.com/websockets/ws) from 7.5.5 to 8.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>8.2.3</h2>
<h1>Bug fixes</h1>
<ul>
<li>When context takeover is enabled, messages are now compressed even if their size
is below the value of the <code>perMessageDeflate.threshold</code> option (41ae5631).</li>
</ul>
<h2>8.2.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>Some closing operations are now run only if needed (ec9377ca).</li>
</ul>
<h2>8.2.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed an issue where the socket was not resumed, preventing the connection
from being closed cleanly (869c9892).</li>
</ul>
<h2>8.2.0</h2>
<h1>Features</h1>
<ul>
<li>Added <code>WebSocket.WebSocket</code> as an alias for <code>WebSocket</code> and
<code>WebSocket.WebSocketServer</code> as an alias for <code>WebSocket.Server</code> to fix name
consistency and improve interoperability with the ES module wrapper (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1935">https://github.com/facebook/flipper/issues/1935</a>).</li>
</ul>
<h2>8.1.0</h2>
<h1>Features</h1>
<ul>
<li>Added ability to skip UTF-8 validation (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1928">https://github.com/facebook/flipper/issues/1928</a>).</li>
</ul>
<h1>Bug fixes</h1>
<ul>
<li>Fixed an issue with a breaking change in Node.js master (6a72da3e).</li>
<li>Fixed a misleading error message (c95e695d).</li>
</ul>
<h2>8.0.0</h2>
<h1>Breaking changes</h1>
<ul>
<li>The <code>WebSocket</code> constructor now throws a <code>SyntaxError</code> if any of the
subprotocol names are invalid or duplicated (0aecf0c9).</li>
<li>The server now aborts the opening handshake if an invalid
<code>Sec-WebSocket-Protocol</code> header field value is received (1877ddeb).</li>
<li>The <code>protocols</code> argument of <code>handleProtocols</code> hook is no longer an <code>Array</code> but
a <code>Set</code> (1877ddeb).</li>
<li>The opening handshake is now aborted if the <code>Sec-WebSocket-Extensions</code> header
field value is empty or it begins or ends with a white space (e814110e).</li>
<li>Dropped support for Node.js < 10.0.0 (552b5067).</li>
<li>The <code>WebSocket</code> constructor now throws a <code>SyntaxError</code> if the connection URL
contains a fragment identifier or if the URL's protocol is not one of <code>'ws:'</code>,
<code>'wss:'</code>, or <code>'ws+unix:'</code> (ebea038f).</li>
<li>Text messages and close reasons are no longer decoded to strings. They are</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="cfd99b6309"><code>cfd99b6</code></a> [dist] 8.2.3</li>
<li><a href="fef7942a18"><code>fef7942</code></a> [ci] Fix typo</li>
<li><a href="41ae56313b"><code>41ae563</code></a> [fix] Ignore the <code>threshold</code> option if context takeover is enabled</li>
<li><a href="474aa3616f"><code>474aa36</code></a> [doc] Improve <code>WebSocket#{p{i,o}ng,send}()</code> documentation</li>
<li><a href="055949fd23"><code>055949f</code></a> [doc] Remove no longer needed noop function from code snippet</li>
<li><a href="5b85322f54"><code>5b85322</code></a> [ci] Update coverallsapp/github-action action to version 1.1.3</li>
<li><a href="f871195c55"><code>f871195</code></a> [doc] Update issue template</li>
<li><a href="72296e54ca"><code>72296e5</code></a> [dist] 8.2.2</li>
<li><a href="3039b6b9d2"><code>3039b6b</code></a> [doc] Change label text to CI</li>
<li><a href="04c032c51b"><code>04c032c</code></a> [ci] Use Github Actions for Windows x86 testing</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.5.5...8.2.3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/3004
Reviewed By: passy
Differential Revision: D31991546
Pulled By: cekkaewnumchai
fbshipit-source-id: 029092fa88e0c4a0816574c6c18e5565b9650615
Summary:
Bumps [ws](https://github.com/websockets/ws) from 7.5.3 to 8.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>8.2.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed an issue where the socket was not resumed, preventing the connection
from being closed cleanly (869c9892).</li>
</ul>
<h2>8.2.0</h2>
<h1>Features</h1>
<ul>
<li>Added <code>WebSocket.WebSocket</code> as an alias for <code>WebSocket</code> and
<code>WebSocket.WebSocketServer</code> as an alias for <code>WebSocket.Server</code> to fix name
consistency and improve interoperability with the ES module wrapper (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1935">https://github.com/facebook/flipper/issues/1935</a>).</li>
</ul>
<h2>8.1.0</h2>
<h1>Features</h1>
<ul>
<li>Added ability to skip UTF-8 validation (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1928">https://github.com/facebook/flipper/issues/1928</a>).</li>
</ul>
<h1>Bug fixes</h1>
<ul>
<li>Fixed an issue with a breaking change in Node.js master (6a72da3e).</li>
<li>Fixed a misleading error message (c95e695d).</li>
</ul>
<h2>8.0.0</h2>
<h1>Breaking changes</h1>
<ul>
<li>
<p>The <code>WebSocket</code> constructor now throws a <code>SyntaxError</code> if any of the
subprotocol names are invalid or duplicated (0aecf0c9).</p>
</li>
<li>
<p>The server now aborts the opening handshake if an invalid
<code>Sec-WebSocket-Protocol</code> header field value is received (1877ddeb).</p>
</li>
<li>
<p>The <code>protocols</code> argument of <code>handleProtocols</code> hook is no longer an <code>Array</code> but
a <code>Set</code> (1877ddeb).</p>
</li>
<li>
<p>The opening handshake is now aborted if the <code>Sec-WebSocket-Extensions</code> header
field value is empty or it begins or ends with a white space (e814110e).</p>
</li>
<li>
<p>Dropped support for Node.js < 10.0.0 (552b5067).</p>
</li>
<li>
<p>The <code>WebSocket</code> constructor now throws a <code>SyntaxError</code> if the connection URL
contains a fragment identifier or if the URL's protocol is not one of <code>'ws:'</code>,
<code>'wss:'</code>, or <code>'ws+unix:'</code> (ebea038f).</p>
</li>
<li>
<p>Text messages and close reasons are no longer decoded to strings. They are
passed as <code>Buffer</code>s to the listeners of their respective events. The listeners
of the <code>'message'</code> event now take a boolean argument specifying whether or not
the message is binary (e173423c).</p>
<p>Existing code can be migrated by decoding the buffer explicitly.</p>
<pre lang="js"><code>websocket.on('message', function message(data, isBinary) {
const message = isBinary ? data : data.toString();
// Continue as before.
});
</code></pre>
</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="cc7a7798b7"><code>cc7a779</code></a> [dist] 8.2.1</li>
<li><a href="869c9892cd"><code>869c989</code></a> [fix] Resume the socket in the next tick</li>
<li><a href="ea6c054e97"><code>ea6c054</code></a> [test] Reorganize some tests</li>
<li><a href="7647a8920b"><code>7647a89</code></a> [dist] 8.2.0</li>
<li><a href="d5e3549a03"><code>d5e3549</code></a> [minor] Add <code>WebSocket.WebSocket{,Server}</code> aliases (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1935">https://github.com/facebook/flipper/issues/1935</a>)</li>
<li><a href="c677aab978"><code>c677aab</code></a> [doc] Fix <code>createWebSocketStream()</code> documentation</li>
<li><a href="f38247e5e0"><code>f38247e</code></a> [doc] Sort options alphabetically</li>
<li><a href="142f0911b5"><code>142f091</code></a> [dist] 8.1.0</li>
<li><a href="d21c81034f"><code>d21c810</code></a> [feature] Add ability to skip UTF-8 validation (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1928">https://github.com/facebook/flipper/issues/1928</a>)</li>
<li><a href="9bd3bd1251"><code>9bd3bd1</code></a> [minor] Fix typo (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1929">https://github.com/facebook/flipper/issues/1929</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.5.3...8.2.1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/2756
Reviewed By: lblasa
Differential Revision: D30727123
Pulled By: passy
fbshipit-source-id: b06ab55427b7798d004d2f3371f76bda6af69947
Summary:
ESM module snuck in and wasn't caught in tests or builds.
Fixes Q244903.
Should fix https://github.com/facebook/flipper/issues/2768
Reviewed By: mweststrate
Differential Revision: D30760296
fbshipit-source-id: 36c632260e069830da1121e3d5de4ab21cef90f2
Summary:
Going through all the patch updates and other small updates to pre-empt dependabot.
allow-large-files
Reviewed By: jknoxville
Differential Revision: D29547777
fbshipit-source-id: 86ef2408da0564049916cd96d66665074cdc23f2
Summary:
Bumps [ws](https://github.com/websockets/ws) from 7.4.6 to 7.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>7.5.0</h2>
<h1>Features</h1>
<ul>
<li>Some errors now have a <code>code</code> property describing the specific type of error
that has occurred (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1901">https://github.com/facebook/flipper/issues/1901</a>).</li>
</ul>
<h1>Bug fixes</h1>
<ul>
<li>A close frame is now sent to the remote peer if an error (such as a data
framing error) occurs (8806aa9a).</li>
<li>The close code is now always 1006 if no close frame is received, even if the
connection is closed due to an error (8806aa9a).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e3f0c1720a"><code>e3f0c17</code></a> [dist] 7.5.0</li>
<li><a href="1d3f4cbb0e"><code>1d3f4cb</code></a> [doc] Fix anchor tags for error codes</li>
<li><a href="6eea0d466b"><code>6eea0d4</code></a> [doc] Fix typo</li>
<li><a href="bb5d44b118"><code>bb5d44b</code></a> [doc] Sort error codes alphabetically</li>
<li><a href="c6e3080670"><code>c6e3080</code></a> [minor] Attach error codes to all receiver errors (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1901">https://github.com/facebook/flipper/issues/1901</a>)</li>
<li><a href="074e6a8be7"><code>074e6a8</code></a> [fix] Don't call <code>ws.terminate()</code> unconditionally in <code>duplex._destroy()</code></li>
<li><a href="8806aa9a83"><code>8806aa9</code></a> [fix] Close the connection cleanly when an error occurs</li>
<li><a href="05b8ccd639"><code>05b8ccd</code></a> [doc] Fix broken link (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1897">https://github.com/facebook/flipper/issues/1897</a>)</li>
<li><a href="03a707884c"><code>03a7078</code></a> [doc] Remove unsafe regex from code snippet</li>
<li><a href="7ee31157d7"><code>7ee3115</code></a> [doc] Add logo to coverage badge</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.4.6...7.5.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/2487
Reviewed By: nikoant
Differential Revision: D29264222
Pulled By: mweststrate
fbshipit-source-id: 2c7eebd793c6ea9f28543a2808f387399043e59f
Summary:
Bumps [ws](https://github.com/websockets/ws) from 7.3.0 to 7.4.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>7.4.6</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a ReDoS vulnerability (00c425ec).</li>
</ul>
<p>A specially crafted value of the <code>Sec-Websocket-Protocol</code> header could be used
to significantly slow down a ws server.</p>
<pre lang="js"><code>for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {
const value = 'b' + ' '.repeat(length) + 'x';
const start = process.hrtime.bigint();
<p>value.trim().split(/ *, */);</p>
<p>const end = process.hrtime.bigint();</p>
<p>console.log('length = %d, time = %f ns', length, end - start);
}
</code></pre></p>
<p>The vulnerability was responsibly disclosed along with a fix in private by
Robert McLaughlin from University of California, Santa Barbara.</p>
<p>In vulnerable versions of ws, the issue can be mitigated by reducing the maximum
allowed length of the request headers using the <a href="https://nodejs.org/api/cli.html#cli_max_http_header_size_size"><code>--max-http-header-size=size</code></a>
and/or the <a href="https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener"><code>maxHeaderSize</code></a> options.</p>
<h2>7.4.5</h2>
<h1>Bug fixes</h1>
<ul>
<li>UTF-8 validation is now done even if <code>utf-8-validate</code> is not installed
(23ba6b29).</li>
<li>Fixed an edge case where <code>websocket.close()</code> and <code>websocket.terminate()</code> did
not close the connection (67e25ff5).</li>
</ul>
<h2>7.4.4</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a bug that could cause the process to crash when using the
permessage-deflate extension (92774377).</li>
</ul>
<h2>7.4.3</h2>
<h1>Bug fixes</h1>
<ul>
<li>The deflate/inflate stream is now reset instead of reinitialized when context
takeover is disabled (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1840">https://github.com/facebook/flipper/issues/1840</a>).</li>
</ul>
<h2>7.4.2</h2>
<h1>Bug fixes</h1>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f5297f7090"><code>f5297f7</code></a> [dist] 7.4.6</li>
<li><a href="00c425ec77"><code>00c425e</code></a> [security] Fix ReDoS vulnerability</li>
<li><a href="990306d144"><code>990306d</code></a> [lint] Fix prettier error</li>
<li><a href="32e3a8439b"><code>32e3a84</code></a> [security] Remove reference to Node Security Project</li>
<li><a href="8c914d18b8"><code>8c914d1</code></a> [minor] Fix nits</li>
<li><a href="fc7e27d12a"><code>fc7e27d</code></a> [ci] Test on node 16</li>
<li><a href="587c201bfc"><code>587c201</code></a> [ci] Do not test on node 15</li>
<li><a href="f672710797"><code>f672710</code></a> [dist] 7.4.5</li>
<li><a href="67e25ff502"><code>67e25ff</code></a> [fix] Fix case where <code>abortHandshake()</code> does not close the connection</li>
<li><a href="23ba6b2922"><code>23ba6b2</code></a> [fix] Make UTF-8 validation work even if utf-8-validate is not installed</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.3.0...7.4.6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/2371
Reviewed By: passy
Differential Revision: D28714468
Pulled By: nikoant
fbshipit-source-id: c2a3a7091599f29d453a35bf89bab4a03817509c
Summary:
Bumping everything that's just a patch version behind or safe-looking minor change.
Just hoping to get ahead of dependabot's next run.
Reviewed By: fabiomassimo
Differential Revision: D27367567
fbshipit-source-id: 1bf8bad02e5a9f07f5982466254f9906581230cf
Summary:
Bumps [ws](https://github.com/websockets/ws) from 7.3.0 to 7.4.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>7.4.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>Silenced a deprecation warning (d1a8af4d).</li>
</ul>
<h2>7.4.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Added a workaround for a double <code>'error'</code> event bug in Node.js < 13 which
caused an uncaught error during the WebSocket handshake (38d6ab3b).</li>
</ul>
<h2>7.4.0</h2>
<h1>Features</h1>
<ul>
<li>The callback of <code>WebSocketServer.prototype.handleUpgrade()</code> now takes the
client HTTP GET request as second argument (7d39f19e).</li>
</ul>
<h1>Bug fixes</h1>
<ul>
<li>Read-only properties are now read-only (eabed8fc).</li>
<li>The <code>CONNECTING</code>, <code>OPEN</code>, <code>CLOSING</code>, <code>CLOSED</code>, <code>binaryType</code>, <code>bufferedAmount</code>,
<code>extensions</code>, <code>onclose</code>, <code>onerror</code>, <code>onmessage</code>, <code>onopen</code>, <code>protocol</code>,
<code>readyState</code>, and <code>url</code> properties are now enumerable (2069e684).</li>
</ul>
<h2>7.3.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Improved <code>websocket.bufferedAmount</code> accuracy (e1349c04, a1629426).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d1a8af4ddb"><code>d1a8af4</code></a> [dist] 7.4.2</li>
<li><a href="48a2349d22"><code>48a2349</code></a> [pkg] Update eslint-config-prettier to version 7.1.0</li>
<li><a href="a2c0d447af"><code>a2c0d44</code></a> [minor] Silence deprecation warning</li>
<li><a href="c171962844"><code>c171962</code></a> [dist] 7.4.1</li>
<li><a href="38d6ab3b06"><code>38d6ab3</code></a> [fix] Handle cases where the <code>'error'</code> event is emitted multiple times</li>
<li><a href="3d5066a7ca"><code>3d5066a</code></a> [test] Check configurability and enumerability of WebSocket properties</li>
<li><a href="eb36a63183"><code>eb36a63</code></a> [dist] 7.4.0</li>
<li><a href="3f185bf34a"><code>3f185bf</code></a> [minor] Use the public <code>binaryType</code> property</li>
<li><a href="2069e68470"><code>2069e68</code></a> [fix] Fix the enumerability of some properties</li>
<li><a href="eabed8fcc3"><code>eabed8f</code></a> [fix] Make read-only properties read-only</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.3.0...7.4.2">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/1827
Reviewed By: mweststrate
Differential Revision: D25870560
Pulled By: passy
fbshipit-source-id: e71365ab725d18bd89f93854087437703da477c4
Summary:
This diff sets all package version to "0.0.0" except of the root package and changes the bump script to only bump version in the root package. This should reduce possibility of conflicts on release diffs. Anyway we always use the same version for all of our packages, so we can only set it to the root.
Before npm publishing we will set all package versions to the same number as in the root package (we actually already do that) so there will be no differences except we won't need to bump version in more than 100 packages each release.
Reviewed By: mweststrate
Differential Revision: D25162373
fbshipit-source-id: 02fe401bee72845339c67925c130027bdaee559d
Summary: Currently we load all the plugins even if they are not required in dev mode, e.g. when you are developing a specific plugin. This diff adds an env var and command-line option to specify exact list of plugins to load. This makes dev mode startup faster and consume less memory.
Reviewed By: passy
Differential Revision: D24394146
fbshipit-source-id: 42a78c1ffb2632e657c2411e34e9c80fff18df3a
Summary:
I've already removed support for plugin format v1 and thus compilation on startup is not needed anymore and many dependencies can be safely removed.
I actually already removed them before that, but it looks like automerge returned them back somehow.
Reviewed By: mweststrate
Differential Revision: D23735001
fbshipit-source-id: 7b1ae655738a35e388f818fb27f80c5a0e8327de
Summary:
- Removed compilation on startup which is not required anymore after switching to plugin spec v2.
- Removed from Node process ("static" package) all the dependencies which are not required anymore: e.g. metro, babel etc.
- Plugin loading code from node process moved to browser process and made asyncronous.
Some expected benefits after these changes:
1) Reduced size of Flipper bundle (~4.5MB reduction for lzma package in my tests) as well as startup time. It's hard to say the exact startup time difference as it is very machine-dependent, and on my machine it was already fast ~1500ms (vs 5500ms for p95) and decreased by just 100ms. But I think we should definitely see some improvements on "launch time" analytics graph for p95/p99.
2) Plugin loading is async now and happens when UI is already shown, so perceptive startup time should be also better now.
3) All plugin loading code is now consolidated in "app/dispatcher/plugins.tsx" instead of being splitted between Node and Browser processes as before. So it will be easier to debug plugin loading.
4) Now it is possible to apply updates of plugins by simple refresh of browser window instead of full Electron process restart as before.
5) 60% less code in Node process. This is good because it is harder to debug changes in Node process than in Browser process, especially taking in account differences between dev/release builds. Because of this Node process often ended up broken after changes. Hopefully now it will be more stable.
Changelog: changed the way of plugin loading, and removed obsolete dependencies, which should reduce bundle size and startup time.
Reviewed By: passy
Differential Revision: D23682756
fbshipit-source-id: 8445c877234b41c73853cebe585e2fdb1638b2c9
Summary: Bringing this to the latest version everywhere.
Reviewed By: priteshrnandgaonkar
Differential Revision: D23051537
fbshipit-source-id: 5cad59ab6fcc57fc72df8ace985a7b5f39de2bda
Summary: Update electron-devtools-installer to fix issue blocking installation of dev tools for some users currently: https://github.com/MarshallOfSound/electron-devtools-installer/pull/140
Reviewed By: passy
Differential Revision: D22604024
fbshipit-source-id: f98d8d6e138283c54d5e1cf446b7049bb31b51a0
Pascal Hartig
dependabot[bot]
Andrey Goncharov
Pascal Hartig
Lorenzo Blasa
Michel Weststrate
Anton Nikolaev
generatedunixname89002005306973
root@sandcastle1585.atn1.facebook.com
root@sandcastle962.atn2.facebook.com
root@sandcastle1328.prn2.facebook.com