Summary:
This diff changes the way on how plugin documentation is produced. Instead of keeping plugin documentation together with other docs, we will now keep it together with plugin code. There are multiple advantages of such solution:
1. We are generating docs for every plugin in a standartised way so all of them looks similar. We can also use plugin metadata for generation as well (e.g. take title, icon, oncall name etc from package.json).
2. Standartised plugin docs make it possible to build docs both for websites (public and internal) and for embedding into Flipper.
3. It will hopefully incentivise authors to write docs as they will be a part of plugin "package".
4. We can scaffold documentation template using scarf to further incentivise filling it.
Reviewed By: jknoxville
Differential Revision: D29378053
fbshipit-source-id: 66ea48dc9ba225fabfb256ae6a10f8c81eef6f5f
Summary:
Another security vulnerability. We can't pin glob-parent directly
but chokidar is quite old and the reason for pulling in the vulnerable dep.
Reviewed By: nikoant
Differential Revision: D29099218
fbshipit-source-id: d27dc81bd16c5b71e9d35d487d5556e1f93a4e2f
Summary: Upgrading to Docusaurus 2 beta and a bunch of other deps to address some security warnings.
Reviewed By: fabiomassimo
Differential Revision: D29036647
fbshipit-source-id: c11c3c16eaf4ae54405760d69c8170b6fa1224ad
Summary:
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/sindresorhus/normalize-url/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/flipper/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/2440
Reviewed By: mweststrate
Differential Revision: D29036654
Pulled By: passy
fbshipit-source-id: 1a7e823ebf02fdb05af75503f1fe988a6967b5d2
Summary: Github says dns-packet < 5.2.2 is vulnerable, so pinning it to ensure we use fixed version
Reviewed By: passy
Differential Revision: D28714350
fbshipit-source-id: 836061216826948d2fe9320137a91f4fbdad4211
Summary: Because of the `postcss` vulnerability, I tried to update postcss directly. However, forcing version 8 with previous version of docusaurus threw error. Hence, I upgraded docusaurus instead.
Reviewed By: jknoxville
Differential Revision: D28350050
fbshipit-source-id: ce37a01e3ec817fb006100691bc1d9b1cc33db17
Summary: Cleaning up the `resolutions` before going through the next batch of vulns.
Reviewed By: jknoxville, mweststrate
Differential Revision: D27337444
fbshipit-source-id: 5f042b200ac7a6f50efc7faf3c31770c263e401b
Summary: Upgrading docusaurus to fix react-dev-utils vulnerability which is a transitive dependency.
Reviewed By: mweststrate
Differential Revision: D27010446
fbshipit-source-id: 3caf73029de57067c6060c34874539079721eb59
Summary:
Currently failing OSS validation because we have a GitHub
security alert.
Reviewed By: fabiomassimo
Differential Revision: D26944823
fbshipit-source-id: 3075639aae97b1d68b19e5149ebd7a7f7ac419e1
Summary:
The previous attempt kept the vulnerable dependency around in `yarn.lock`. Now
it's being resolved to the "fixed" version.
Reviewed By: mweststrate
Differential Revision: D26778354
fbshipit-source-id: 17d8e2f1bbcd28939d85e5a976da0bd074ea25e2
Summary:
Upgrade the static docs plugin.
You no longer need to import OssOnly and FbInternalOnly in markdown files, so removed those imports too.
Reviewed By: passy
Differential Revision: D26580059
fbshipit-source-id: 2763de2f5fbef41ec2ac7f7bdd147418badb78b6
Summary:
Upgrades the FB-internal documentation plugin, to no longer call the internal api that requires auth, for external viewers.
Context: https://fb.workplace.com/groups/654274975334601/permalink/1288672008171584/
Reviewed By: justintrudell
Differential Revision: D26252469
fbshipit-source-id: 31068534ce79a7959c38c6e66e6a9cf12371e228
Summary:
The redirects we added inline in the deleted pages don't work when there's a baseUrl.
This is because it's the standard react-router Redirect component, which knows nothing about docusaurus sites.
We could get around that by adding `useBaseUrl()` calls around all of them, but that's not great.
So changing to using declarative redirects instead, where they are all put in config. This automatically takes care of base urls, and reduces copy-pasted code.
Reviewed By: passy
Differential Revision: D25780599
fbshipit-source-id: c67d3643ab28f0fcd440904baf54c67687781686
Summary:
Updated the release ent diagram using mermaid lib added in the previous diff.
nocommit until "docusaurus-plugin-internaldocs-fb" re-pointed back to npm in package.json.
Reviewed By: jknoxville
Differential Revision: D25594333
fbshipit-source-id: fd0b961c5265b8284d3c2e56e17b56fc38cc72c5
Summary:
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
<details>
<summary>Commits</summary>
<ul>
<li><a href="a2c5da8660"><code>a2c5da8</code></a> 1.3.8</li>
<li><a href="af5c6bb5dc"><code>af5c6bb</code></a> Do not use Object.create(null)</li>
<li><a href="8b648a1ac4"><code>8b648a1</code></a> don't test where our devdeps don't even work</li>
<li><a href="c74c8af35f"><code>c74c8af</code></a> 1.3.7</li>
<li><a href="024b8b55ac"><code>024b8b5</code></a> update deps, add linting</li>
<li><a href="032fbaf5f0"><code>032fbaf</code></a> Use Object.create(null) to avoid default object property hazards</li>
<li><a href="2da90391ef"><code>2da9039</code></a> 1.3.6</li>
<li><a href="cfea636f53"><code>cfea636</code></a> better git push script, before publish instead of after</li>
<li><a href="56d2805e07"><code>56d2805</code></a> do not allow invalid hazardous string as section name</li>
<li>See full diff in <a href="https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for ini since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/flipper/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/1759
Reviewed By: nikoant
Differential Revision: D25523894
Pulled By: passy
fbshipit-source-id: d3715a99973e3ead1a84ac665bd35270d793d478
Summary: After this we can inline internal/external content among pages, and safely transclude markdown files that won't be present on GitHub.
Reviewed By: mweststrate
Differential Revision: D25338530
fbshipit-source-id: 3ce4b44081766aca8b52183c2e02a98c5be09a59
Summary:
Saw a new version came out. Only breaking change appears
to be that links are now required to be non-empty,
which sounds quite reasonable.
Reviewed By: nikoant
Differential Revision: D25119837
fbshipit-source-id: 758578d4f7f8045b59918f107438f3c8231bb790
Summary: Plugin update is required to fix hit counter and auto-redirect from public site on Chrome 85+. It will also enable auto-redirect from staticdocs.thefacebook.com to internalfb.com/intern/staticdocs to ensure intern sidebar is visible when documentation is browsed internally.
Reviewed By: dkgi
Differential Revision: D24281980
fbshipit-source-id: 2614b4228d2df164981cee437952058684575a23
Summary:
You know the drill.
Pull Request resolved: https://github.com/facebook/flipper/pull/1530
Test Plan: Checked that `yarn.lock` references the respective new versions.
Reviewed By: nikoant
Differential Revision: D23733338
Pulled By: passy
fbshipit-source-id: abf9812b977542a8b297b88ea16c7c01a062898b
Summary:
This adds a new npm package "internaldocs-fb-helpers", and shows example usage in the flipper package.
This will stop everyone from having to inline the function definitions everywhere as is currently the case.
(It's using the old internaldocs name, to match the existing docusaurus-plugin-internaldocs-fb package - I don't think that's a big deal.)
It currently exports two methods:
* `fbContent(internalContent, publicContent)`
* Allows you to return internal or external content based on build variant.
* Has named args so you don't accidentally put internal stuff in the external arg.
* `isInternal(): boolean`
* Not strictly necessary, but helps if you want to write your docs using an boolean variable rather than a switching function every time.
* `fbInternalOnly(internalContent)`
* Convenience method for when you want internal content, or nothing.
I could have put these inside the existing docusaurus plugin, but that has docu v2 as a peer dependency, and I want these helpers to work on v1 as well, so made it a standalone package.
Reviewed By: passy
Differential Revision: D23474462
fbshipit-source-id: 22e5be6de2f3233deb298f1542a06e3575b6555a
Summary:
Upgrading to 61 to get support for absolute links with markdown syntax.
All other changes here are required by the new config validators.
Reviewed By: passy
Differential Revision: D23130020
fbshipit-source-id: cadb3c629d6a8e64931a8db0b86621d05ee5c30e
Summary:
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3.
<details>
<summary>Commits</summary>
<ul>
<li><a href="8647803dc3"><code>8647803</code></a> 6.5.3</li>
<li><a href="856fe4d99f"><code>856fe4d</code></a> signature: prevent malleability and overflows</li>
<li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3">compare view</a></li>
</ul>
</details>
<br />
[](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/flipper/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/1430
Reviewed By: mweststrate
Differential Revision: D22896630
Pulled By: passy
fbshipit-source-id: 43f12a10528828a1a5b96b0e92e13261b702a4f4
Summary:
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p>
<blockquote>
<h2>4.17.16</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d7fbc52ee0"><code>d7fbc52</code></a> Bump to v4.17.19</li>
<li><a href="2e1c0f22f4"><code>2e1c0f2</code></a> Add npm-package</li>
<li><a href="1b6c282299"><code>1b6c282</code></a> Bump to v4.17.18</li>
<li><a href="a370ac8140"><code>a370ac8</code></a> Bump to v4.17.17</li>
<li><a href="1144918f35"><code>1144918</code></a> Rebuild lodash and docs</li>
<li><a href="3a3b0fd339"><code>3a3b0fd</code></a> Bump to v4.17.16</li>
<li><a href="c84fe82760"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li>
<li><a href="e7b28ea6cb"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li>
<li><a href="0cec225778"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li>
<li><a href="94c3a8133c"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.19">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p>
</details>
<br />
[](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/flipper/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/1388
Reviewed By: nikoant
Differential Revision: D22663863
Pulled By: passy
fbshipit-source-id: 782971ba2138f97c165022d00302c8213f933c0e
Summary:
I found out that when I fixed the nginx caching issue a few weeks ago, the nginx config was deployed but not all hosts using it were restarted, so I manually restarted them and verified that all three pods are now using the "cache-control: -1" settings.
This is a bump to the plugin so we can detect any versions that are older than this, and refresh the page. I never shipped the [previous diff that tells the user to force refresh](https://www.internalfb.com/intern/diff/D21906069/) because I didn't fully understand what was going on, but now I do.
So I'll make a new one to refresh transparently without the user needing to know.
Reviewed By: nikoant
Differential Revision: D22159282
fbshipit-source-id: 0b7a9e21ea3ad04f99b84eedd585985c8aae232c
Summary:
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md">websocket-extensions's changelog</a>.</em></p>
<blockquote>
<h3>0.1.4 / 2020-06-02</h3>
<ul>
<li>Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by
Robert McLaughlin)</li>
<li>Change license from MIT to Apache 2.0</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8efd0cd6e3"><code>8efd0cd</code></a> Bump version to 0.1.4</li>
<li><a href="3dad4ad44a"><code>3dad4ad</code></a> Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser</li>
<li><a href="4a76c75efb"><code>4a76c75</code></a> Add Node versions 13 and 14 on Travis</li>
<li><a href="44a677a9c0"><code>44a677a</code></a> Formatting change: {...} should have spaces inside the braces</li>
<li><a href="f6c50aba0c"><code>f6c50ab</code></a> Let npm reformat package.json</li>
<li><a href="2d211f3705"><code>2d211f3</code></a> Change markdown formatting of docs.</li>
<li><a href="0b620834cc"><code>0b62083</code></a> Update Travis target versions.</li>
<li><a href="729a465307"><code>729a465</code></a> Switch license to Apache 2.0.</li>
<li>See full diff in <a href="https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4">compare view</a></li>
</ul>
</details>
<br />
[](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/flipper/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/1228
Reviewed By: mweststrate
Differential Revision: D21927370
Pulled By: nikoant
fbshipit-source-id: 6047bc0a5db1182c03742f459555f0df6bedbaac
