Summary: Cleaning up the `resolutions` before going through the next batch of vulns.
Reviewed By: jknoxville, mweststrate
Differential Revision: D27337444
fbshipit-source-id: 5f042b200ac7a6f50efc7faf3c31770c263e401b
Summary: Upgrading docusaurus to fix react-dev-utils vulnerability which is a transitive dependency.
Reviewed By: mweststrate
Differential Revision: D27010446
fbshipit-source-id: 3caf73029de57067c6060c34874539079721eb59
Summary:
Currently failing OSS validation because we have a GitHub
security alert.
Reviewed By: fabiomassimo
Differential Revision: D26944823
fbshipit-source-id: 3075639aae97b1d68b19e5149ebd7a7f7ac419e1
Summary:
The previous attempt kept the vulnerable dependency around in `yarn.lock`. Now
it's being resolved to the "fixed" version.
Reviewed By: mweststrate
Differential Revision: D26778354
fbshipit-source-id: 17d8e2f1bbcd28939d85e5a976da0bd074ea25e2
Summary:
Upgrade the static docs plugin.
You no longer need to import OssOnly and FbInternalOnly in markdown files, so removed those imports too.
Reviewed By: passy
Differential Revision: D26580059
fbshipit-source-id: 2763de2f5fbef41ec2ac7f7bdd147418badb78b6
Summary:
Upgrades the FB-internal documentation plugin, to no longer call the internal api that requires auth, for external viewers.
Context: https://fb.workplace.com/groups/654274975334601/permalink/1288672008171584/
Reviewed By: justintrudell
Differential Revision: D26252469
fbshipit-source-id: 31068534ce79a7959c38c6e66e6a9cf12371e228
Summary:
The redirects we added inline in the deleted pages don't work when there's a baseUrl.
This is because it's the standard react-router Redirect component, which knows nothing about docusaurus sites.
We could get around that by adding `useBaseUrl()` calls around all of them, but that's not great.
So changing to using declarative redirects instead, where they are all put in config. This automatically takes care of base urls, and reduces copy-pasted code.
Reviewed By: passy
Differential Revision: D25780599
fbshipit-source-id: c67d3643ab28f0fcd440904baf54c67687781686
Summary:
Updated the release ent diagram using mermaid lib added in the previous diff.
nocommit until "docusaurus-plugin-internaldocs-fb" re-pointed back to npm in package.json.
Reviewed By: jknoxville
Differential Revision: D25594333
fbshipit-source-id: fd0b961c5265b8284d3c2e56e17b56fc38cc72c5
Summary:
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
<details>
<summary>Commits</summary>
<ul>
<li><a href="a2c5da8660"><code>a2c5da8</code></a> 1.3.8</li>
<li><a href="af5c6bb5dc"><code>af5c6bb</code></a> Do not use Object.create(null)</li>
<li><a href="8b648a1ac4"><code>8b648a1</code></a> don't test where our devdeps don't even work</li>
<li><a href="c74c8af35f"><code>c74c8af</code></a> 1.3.7</li>
<li><a href="024b8b55ac"><code>024b8b5</code></a> update deps, add linting</li>
<li><a href="032fbaf5f0"><code>032fbaf</code></a> Use Object.create(null) to avoid default object property hazards</li>
<li><a href="2da90391ef"><code>2da9039</code></a> 1.3.6</li>
<li><a href="cfea636f53"><code>cfea636</code></a> better git push script, before publish instead of after</li>
<li><a href="56d2805e07"><code>56d2805</code></a> do not allow invalid hazardous string as section name</li>
<li>See full diff in <a href="https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for ini since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/flipper/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/1759
Reviewed By: nikoant
Differential Revision: D25523894
Pulled By: passy
fbshipit-source-id: d3715a99973e3ead1a84ac665bd35270d793d478
Summary: After this we can inline internal/external content among pages, and safely transclude markdown files that won't be present on GitHub.
Reviewed By: mweststrate
Differential Revision: D25338530
fbshipit-source-id: 3ce4b44081766aca8b52183c2e02a98c5be09a59
Summary:
Saw a new version came out. Only breaking change appears
to be that links are now required to be non-empty,
which sounds quite reasonable.
Reviewed By: nikoant
Differential Revision: D25119837
fbshipit-source-id: 758578d4f7f8045b59918f107438f3c8231bb790
Summary: Plugin update is required to fix hit counter and auto-redirect from public site on Chrome 85+. It will also enable auto-redirect from staticdocs.thefacebook.com to internalfb.com/intern/staticdocs to ensure intern sidebar is visible when documentation is browsed internally.
Reviewed By: dkgi
Differential Revision: D24281980
fbshipit-source-id: 2614b4228d2df164981cee437952058684575a23
Summary:
You know the drill.
Pull Request resolved: https://github.com/facebook/flipper/pull/1530
Test Plan: Checked that `yarn.lock` references the respective new versions.
Reviewed By: nikoant
Differential Revision: D23733338
Pulled By: passy
fbshipit-source-id: abf9812b977542a8b297b88ea16c7c01a062898b
Summary:
This adds a new npm package "internaldocs-fb-helpers", and shows example usage in the flipper package.
This will stop everyone from having to inline the function definitions everywhere as is currently the case.
(It's using the old internaldocs name, to match the existing docusaurus-plugin-internaldocs-fb package - I don't think that's a big deal.)
It currently exports two methods:
* `fbContent(internalContent, publicContent)`
* Allows you to return internal or external content based on build variant.
* Has named args so you don't accidentally put internal stuff in the external arg.
* `isInternal(): boolean`
* Not strictly necessary, but helps if you want to write your docs using an boolean variable rather than a switching function every time.
* `fbInternalOnly(internalContent)`
* Convenience method for when you want internal content, or nothing.
I could have put these inside the existing docusaurus plugin, but that has docu v2 as a peer dependency, and I want these helpers to work on v1 as well, so made it a standalone package.
Reviewed By: passy
Differential Revision: D23474462
fbshipit-source-id: 22e5be6de2f3233deb298f1542a06e3575b6555a
Summary:
Upgrading to 61 to get support for absolute links with markdown syntax.
All other changes here are required by the new config validators.
Reviewed By: passy
Differential Revision: D23130020
fbshipit-source-id: cadb3c629d6a8e64931a8db0b86621d05ee5c30e
Summary:
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3.
<details>
<summary>Commits</summary>
<ul>
<li><a href="8647803dc3"><code>8647803</code></a> 6.5.3</li>
<li><a href="856fe4d99f"><code>856fe4d</code></a> signature: prevent malleability and overflows</li>
<li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3">compare view</a></li>
</ul>
</details>
<br />
[](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/flipper/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/1430
Reviewed By: mweststrate
Differential Revision: D22896630
Pulled By: passy
fbshipit-source-id: 43f12a10528828a1a5b96b0e92e13261b702a4f4
Summary:
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p>
<blockquote>
<h2>4.17.16</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d7fbc52ee0"><code>d7fbc52</code></a> Bump to v4.17.19</li>
<li><a href="2e1c0f22f4"><code>2e1c0f2</code></a> Add npm-package</li>
<li><a href="1b6c282299"><code>1b6c282</code></a> Bump to v4.17.18</li>
<li><a href="a370ac8140"><code>a370ac8</code></a> Bump to v4.17.17</li>
<li><a href="1144918f35"><code>1144918</code></a> Rebuild lodash and docs</li>
<li><a href="3a3b0fd339"><code>3a3b0fd</code></a> Bump to v4.17.16</li>
<li><a href="c84fe82760"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li>
<li><a href="e7b28ea6cb"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li>
<li><a href="0cec225778"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li>
<li><a href="94c3a8133c"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.19">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p>
</details>
<br />
[](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/flipper/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/1388
Reviewed By: nikoant
Differential Revision: D22663863
Pulled By: passy
fbshipit-source-id: 782971ba2138f97c165022d00302c8213f933c0e
Summary:
I found out that when I fixed the nginx caching issue a few weeks ago, the nginx config was deployed but not all hosts using it were restarted, so I manually restarted them and verified that all three pods are now using the "cache-control: -1" settings.
This is a bump to the plugin so we can detect any versions that are older than this, and refresh the page. I never shipped the [previous diff that tells the user to force refresh](https://www.internalfb.com/intern/diff/D21906069/) because I didn't fully understand what was going on, but now I do.
So I'll make a new one to refresh transparently without the user needing to know.
Reviewed By: nikoant
Differential Revision: D22159282
fbshipit-source-id: 0b7a9e21ea3ad04f99b84eedd585985c8aae232c
Summary:
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md">websocket-extensions's changelog</a>.</em></p>
<blockquote>
<h3>0.1.4 / 2020-06-02</h3>
<ul>
<li>Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by
Robert McLaughlin)</li>
<li>Change license from MIT to Apache 2.0</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8efd0cd6e3"><code>8efd0cd</code></a> Bump version to 0.1.4</li>
<li><a href="3dad4ad44a"><code>3dad4ad</code></a> Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser</li>
<li><a href="4a76c75efb"><code>4a76c75</code></a> Add Node versions 13 and 14 on Travis</li>
<li><a href="44a677a9c0"><code>44a677a</code></a> Formatting change: {...} should have spaces inside the braces</li>
<li><a href="f6c50aba0c"><code>f6c50ab</code></a> Let npm reformat package.json</li>
<li><a href="2d211f3705"><code>2d211f3</code></a> Change markdown formatting of docs.</li>
<li><a href="0b620834cc"><code>0b62083</code></a> Update Travis target versions.</li>
<li><a href="729a465307"><code>729a465</code></a> Switch license to Apache 2.0.</li>
<li>See full diff in <a href="https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4">compare view</a></li>
</ul>
</details>
<br />
[](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/flipper/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/1228
Reviewed By: mweststrate
Differential Revision: D21927370
Pulled By: nikoant
fbshipit-source-id: 6047bc0a5db1182c03742f459555f0df6bedbaac
Summary:
Upgrade docusaurus version. This one opens all external links in new tabs so you don't need to remember to do that yourself.
In static docs, all external links must do this, so this makes it no longer error prone.
Reviewed By: nikoant
Differential Revision: D21815718
fbshipit-source-id: c89a17daeb2bace3e14e0997e7442abc032aef89
Summary: Upgrade docusaurus plugin to fix a bug with the redirect links
Reviewed By: passy
Differential Revision: D21739692
fbshipit-source-id: cf6dfcb58aad58c88346efd3620c2747947f2542
Summary: 0.1.0 was using the wrong url. Upgrading to 0.1.1 which contains the right one.
Reviewed By: passy
Differential Revision: D21350730
fbshipit-source-id: 9ae7c42935c5d8f1db9a2bd72172a93f45771533
Summary: Adds a docusaurus plugin to direct fb employees to the internal documentation.
Reviewed By: nikoant
Differential Revision: D21348579
fbshipit-source-id: 5093d68a23ec6ba91c6ae94bf7cb0e58fcf3e7ef
Summary:
Implemented json schema for flipper plugin package.json and used it for validation in "flipper-pkg lint" command.
Nice thing about json schema is that it not only allows to validate json, but also can be referenced using "$schema" property in json so IDEs like VSCode can find it and use for code completion, validation and to show properties documentation. I'm going to deploy the schema as a part of documentation website so it can be referenced as https://fbflipper.com/schemas/plugin-package/v2.json.
Also the "$schema" field can be used instead of "specVersion" to determine the specification according to which the plugin is defined. E.g., if specification version 3 would be created, it will be described in schema https://fbflipper.com/schemas/plugin-package/v3.json, etc.
Reviewed By: passy
Differential Revision: D21228294
fbshipit-source-id: f21351e584ef936a7d6b314436448489691f83a6
Summary:
Docusaurus 2 is quite a lot more powerful than docu 1 it turns out.
This should convert the website fully.
* [done] Go through migration guide https://v2.docusaurus.io/docs/migrating-from-v1-to-v2
* [done] Convert landing page html
* [done] Convert all images to img tags
* [done] Convert all .md files to .mdx
* [done] Make sure ui-doc generation and including still works
* [done] Scan every page visually for sanity check
* [done] Make sure footer still works
* [done] Make sure search still works
* [done] Change all links/ to links/index
* [done] Change all links.md to links
* [done] Add some custom css to make the navbar look like the old one and darken the footer.
Reviewed By: passy
Differential Revision: D21158717
fbshipit-source-id: 5f45b711b1b6fd5ece4c5c15c55635c7ebbfb568
Summary:
Another day ending in y, another minimist vulnerability. Bumping
to `1.2.3`.
(Note: this ignores all push blocking failures!)
Reviewed By: cekkaewnumchai
Differential Revision: D20860264
fbshipit-source-id: 569abd7e521efef92cd0b31113e0325493645c2a
Summary:
Got an open security alert for this one.
(Note: this ignores all push blocking failures!)
Reviewed By: cekkaewnumchai
Differential Revision: D20840586
fbshipit-source-id: b57fda5a7c3244c7bf893082896ea8d1ee138493
Summary:
Solves another acorn/minimist sec vuln. Also removed pins which
don't seem to be necessary anymore based on `yarn.lock` output
which seems to just remove them.
Pull Request resolved: https://github.com/facebook/flipper/pull/930
Test Plan: Ran `yarn build` and it still looks fine.
Reviewed By: mweststrate
Differential Revision: D20669831
Pulled By: passy
fbshipit-source-id: 8d82678cfac6304273aaf752b885edac91e0a8eb
