Summary:
Bumps [ws](https://github.com/websockets/ws) from 7.3.0 to 7.4.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>7.4.6</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a ReDoS vulnerability (00c425ec).</li>
</ul>
<p>A specially crafted value of the <code>Sec-Websocket-Protocol</code> header could be used
to significantly slow down a ws server.</p>
<pre lang="js"><code>for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {
const value = 'b' + ' '.repeat(length) + 'x';
const start = process.hrtime.bigint();
<p>value.trim().split(/ *, */);</p>
<p>const end = process.hrtime.bigint();</p>
<p>console.log('length = %d, time = %f ns', length, end - start);
}
</code></pre></p>
<p>The vulnerability was responsibly disclosed along with a fix in private by
Robert McLaughlin from University of California, Santa Barbara.</p>
<p>In vulnerable versions of ws, the issue can be mitigated by reducing the maximum
allowed length of the request headers using the <a href="https://nodejs.org/api/cli.html#cli_max_http_header_size_size"><code>--max-http-header-size=size</code></a>
and/or the <a href="https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener"><code>maxHeaderSize</code></a> options.</p>
<h2>7.4.5</h2>
<h1>Bug fixes</h1>
<ul>
<li>UTF-8 validation is now done even if <code>utf-8-validate</code> is not installed
(23ba6b29).</li>
<li>Fixed an edge case where <code>websocket.close()</code> and <code>websocket.terminate()</code> did
not close the connection (67e25ff5).</li>
</ul>
<h2>7.4.4</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a bug that could cause the process to crash when using the
permessage-deflate extension (92774377).</li>
</ul>
<h2>7.4.3</h2>
<h1>Bug fixes</h1>
<ul>
<li>The deflate/inflate stream is now reset instead of reinitialized when context
takeover is disabled (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1840">https://github.com/facebook/flipper/issues/1840</a>).</li>
</ul>
<h2>7.4.2</h2>
<h1>Bug fixes</h1>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f5297f7090"><code>f5297f7</code></a> [dist] 7.4.6</li>
<li><a href="00c425ec77"><code>00c425e</code></a> [security] Fix ReDoS vulnerability</li>
<li><a href="990306d144"><code>990306d</code></a> [lint] Fix prettier error</li>
<li><a href="32e3a8439b"><code>32e3a84</code></a> [security] Remove reference to Node Security Project</li>
<li><a href="8c914d18b8"><code>8c914d1</code></a> [minor] Fix nits</li>
<li><a href="fc7e27d12a"><code>fc7e27d</code></a> [ci] Test on node 16</li>
<li><a href="587c201bfc"><code>587c201</code></a> [ci] Do not test on node 15</li>
<li><a href="f672710797"><code>f672710</code></a> [dist] 7.4.5</li>
<li><a href="67e25ff502"><code>67e25ff</code></a> [fix] Fix case where <code>abortHandshake()</code> does not close the connection</li>
<li><a href="23ba6b2922"><code>23ba6b2</code></a> [fix] Make UTF-8 validation work even if utf-8-validate is not installed</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.3.0...7.4.6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/2371
Reviewed By: passy
Differential Revision: D28714468
Pulled By: nikoant
fbshipit-source-id: c2a3a7091599f29d453a35bf89bab4a03817509c
Summary:
Added rules to ensure we properly propagate errors from promises.
Also found and fixed a place where promise function parameter was mismatched.
Reviewed By: mweststrate
Differential Revision: D28537820
fbshipit-source-id: b93f44274fc76544049813f645508cb78e432880
Summary: Allow the user to manually select a diff from a list of diffs they have authored to send a screen to. This is particularly useful for NT users.
Reviewed By: nscoding
Differential Revision: D27804191
fbshipit-source-id: 805923399f2ced8d9c3b3ca0c80d5cdfd63af4f8
Summary:
When trying to run some React component performance profiles, the updates registered made absolutely no sense (components rerendering without any parent or other cause causing them to render etc). That turned out to be caused by having an outdated version of the React devTools in Flipper.
Sadly the newer version of the React DevTools didn't work with our current Electron version anymore. Some horrible hacking is needed to work around that.
To help with updating the tools in the future (they are by default cached forever on the local machine), I've introduced the `FLIPPER_UPDATE_DEV_TOOLS` variable.
The plugin loading work around is inspired by https://github.com/electron/electron/issues/23662#issuecomment-787420799
Reviewed By: passy
Differential Revision: D27685981
fbshipit-source-id: c35e49aff9b2457b63122eeee0d5c042ddd3b08b
Summary:
Changelog: Added an explicit autoscroll indicator in logs and fixed snapping
We got several reports that auto scrolling was to aggressive, so revisited the implementation and the new one is a lot more reliable. Also added an explicit indicator / button to toggle tailing.
Exposed ant's active color as well in our theme, as it gives better contrast on the buttons than Flipper purple.
Reviewed By: passy
Differential Revision: D27397506
fbshipit-source-id: 5e82939de4b2f8b89380bd55009e3fa2a7c10ec9
Summary:
Bumping everything that's just a patch version behind or safe-looking minor change.
Just hoping to get ahead of dependabot's next run.
Reviewed By: fabiomassimo
Differential Revision: D27367567
fbshipit-source-id: 1bf8bad02e5a9f07f5982466254f9906581230cf
Summary:
Flipper used to always subscribe to the adb logs. This change makes the log subscription lazy, which means if there are no plugins listening to the logs, we don't subscribe to the adb logs at all. As you can see in the recording (prod build) this lowers CPU usage significantly: without logs plugin disabled it is now ~5-8 %, with the plugin enabled ~12-18%. Before this change we would never stop listening to the log output, even when the plugins were disabled, causing a constant background noise which people complain regularly about.
The pause / resume button in the new log plugin will now cleanup the connection as well, so that a simple 'pause' click will already boost performance, without needing to disable the logs plugin (if crash reporter is not enabled)
In this diff we also will clear the logs when reconnected. Previously we didn't reset the logs after connecting, we means Flipper would try to gets up with all past logs first, which could be a few 100 K entries.
Further future optimizations could involve using logcat smarter; by actually passing filters on app or loglevel to the command (not sure if that is actually faster, or just a convenience api that does the same filtering as we do)
Changelog: Flipper will now use less CPU if logs & crash reporter plugins are disabled by no longer tailing adb logcat.
Reviewed By: nikoant
Differential Revision: D27047041
fbshipit-source-id: 251a04dcc6f488f220cb56fe50a26788d795e38c
Summary: Gave every device an icon, and use it as fallback in case we don't have a client icon. Added an icon for the Flipper client. This gets (largely) rid of the 'blank' icons
Reviewed By: fabiomassimo
Differential Revision: D26691054
fbshipit-source-id: d83012e755ae5edb230747e88f9b2eac45450b19
Summary:
- populate the state
- will render some UI that you can reload
- next up showing the diff number and title
Differential Revision: D26477472
fbshipit-source-id: d5c5175771c324c9f893a6b6c6a14a40a2f0f0fe
Summary: let's make it easier for users to spot possiblity to jump to source code from flipper
Reviewed By: priteshrnandgaonkar
Differential Revision: D26147686
fbshipit-source-id: 6e248c10e73f3b8fcd937d915af6e91db1fe6abe
Summary:
Pull Request resolved: https://github.com/facebook/flipper/pull/1816
Now that Sandy is the default in OSS builds as well, we can remove the temporarily title bar and switch to small topbar windows in Electron.
This diff removes any remaining elements in the titlebar
- version number went into the title bar
- the update check warning is shown on top of the bottom section of the left rail (orange triangle)
- the development only perf graphs are moved to the left bar as well and are now aligned vertically.
Reviewed By: jknoxville
Differential Revision: D25805957
fbshipit-source-id: fba4b60c246b8f5d99a93087af31af9ac55defe8
Summary: This adds the hub icon to the list of available icons.
Reviewed By: mweststrate
Differential Revision: D25873343
fbshipit-source-id: 0060a1a2e3e6298eb39cb652a5e3dbc71c01367e
Summary:
Bumps [ws](https://github.com/websockets/ws) from 7.3.0 to 7.4.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>7.4.2</h2>
<h1>Bug fixes</h1>
<ul>
<li>Silenced a deprecation warning (d1a8af4d).</li>
</ul>
<h2>7.4.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Added a workaround for a double <code>'error'</code> event bug in Node.js < 13 which
caused an uncaught error during the WebSocket handshake (38d6ab3b).</li>
</ul>
<h2>7.4.0</h2>
<h1>Features</h1>
<ul>
<li>The callback of <code>WebSocketServer.prototype.handleUpgrade()</code> now takes the
client HTTP GET request as second argument (7d39f19e).</li>
</ul>
<h1>Bug fixes</h1>
<ul>
<li>Read-only properties are now read-only (eabed8fc).</li>
<li>The <code>CONNECTING</code>, <code>OPEN</code>, <code>CLOSING</code>, <code>CLOSED</code>, <code>binaryType</code>, <code>bufferedAmount</code>,
<code>extensions</code>, <code>onclose</code>, <code>onerror</code>, <code>onmessage</code>, <code>onopen</code>, <code>protocol</code>,
<code>readyState</code>, and <code>url</code> properties are now enumerable (2069e684).</li>
</ul>
<h2>7.3.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Improved <code>websocket.bufferedAmount</code> accuracy (e1349c04, a1629426).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d1a8af4ddb"><code>d1a8af4</code></a> [dist] 7.4.2</li>
<li><a href="48a2349d22"><code>48a2349</code></a> [pkg] Update eslint-config-prettier to version 7.1.0</li>
<li><a href="a2c0d447af"><code>a2c0d44</code></a> [minor] Silence deprecation warning</li>
<li><a href="c171962844"><code>c171962</code></a> [dist] 7.4.1</li>
<li><a href="38d6ab3b06"><code>38d6ab3</code></a> [fix] Handle cases where the <code>'error'</code> event is emitted multiple times</li>
<li><a href="3d5066a7ca"><code>3d5066a</code></a> [test] Check configurability and enumerability of WebSocket properties</li>
<li><a href="eb36a63183"><code>eb36a63</code></a> [dist] 7.4.0</li>
<li><a href="3f185bf34a"><code>3f185bf</code></a> [minor] Use the public <code>binaryType</code> property</li>
<li><a href="2069e68470"><code>2069e68</code></a> [fix] Fix the enumerability of some properties</li>
<li><a href="eabed8fcc3"><code>eabed8f</code></a> [fix] Make read-only properties read-only</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.3.0...7.4.2">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/1827
Reviewed By: mweststrate
Differential Revision: D25870560
Pulled By: passy
fbshipit-source-id: e71365ab725d18bd89f93854087437703da477c4
Summary: Add a dogfooding tab in the Zero Rating devtools in flipper. The tab shows a list of all carriers and carrier ID (will later allow to start dogfooding after choosing one)
Reviewed By: zaxy78
Differential Revision: D24675379
fbshipit-source-id: 044b6d957976a05bfe2666ca0510531102f9d0f6
Summary: Append the hash when possible to the metadata from the flipper submissions.
Differential Revision: D25283309
fbshipit-source-id: 1e95cdc3e9f2f1a08dc53c746732c46969166d97
Summary:
This diff sets all package version to "0.0.0" except of the root package and changes the bump script to only bump version in the root package. This should reduce possibility of conflicts on release diffs. Anyway we always use the same version for all of our packages, so we can only set it to the root.
Before npm publishing we will set all package versions to the same number as in the root package (we actually already do that) so there will be no differences except we won't need to bump version in more than 100 packages each release.
Reviewed By: mweststrate
Differential Revision: D25162373
fbshipit-source-id: 02fe401bee72845339c67925c130027bdaee559d
Summary:
Ideally, we want to fetch app Icons from the device, but for now, we can at least for Facebook owned apps we can use a hardcoded set of icons, which probably even looks better.
For ` Lite` apps, the colors of the icon and background are reversed, which makes both variations recognizable.
Reviewed By: jknoxville
Differential Revision: D24920161
fbshipit-source-id: 5220093fb3a443ae535faa4c346a2029de9cbbd5
Summary:
Converted the Navigation plugin to Sandy, and updated Locations bookmark accordingly.
This is a prerequisite step of supporting the bookmarkswidgetin the new AppInspect tab.
Updated LocationsButton accordingly, and overal simplified implementation a bit; locationsbutton now reuses the logic of the NavigationPlugin, rather than reimplemting it. This reduces code duplication and also makes sure the state between plugin and location button stays in sync.
Made sure that search providers are derived and cached rather than stored, again simplifying logic
That being said, the navigation plugin is buggy, but all these things failed before this diff as well:
* No events happening when using iOS, despite the plugin being enabled. But these seems to be a long time know issue, looks like it was never implemented
* Not sure if the parameterized bookmarks is working correctly
* screenshots not always happening at the right time (but fixed a race condition where the wrong bookmark might get updated)
* Locations button doesn't show up if the navigation plugin is supported but not enabled (will try to fix in next diff)
Would be great if bnelo12 could do some exploratory testing to verify what ought to be working, but currently isn't.
Reviewed By: cekkaewnumchai
Differential Revision: D24860757
fbshipit-source-id: e4b56072de8c42af2ada0f5bb022cb9f8c04bb47
