Summary:
Bumps [indicatif](https://github.com/mitsuhiko/indicatif) from 0.15.0 to 0.16.2.
<details>
<summary>Commits</summary>
<ul>
<li><a href="7dfae137ae"><code>7dfae13</code></a> Bump version number to 0.16.2</li>
<li><a href="ec09e50f15"><code>ec09e50</code></a> Tweak documentation</li>
<li><a href="3e6b26f606"><code>3e6b26f</code></a> Fix typos in documentation</li>
<li><a href="aadb3723a5"><code>aadb372</code></a> Fix broken intra-doc links</li>
<li><a href="3f49b0e9ec"><code>3f49b0e</code></a> ProgressFolder shouldn't finish progress bars on completion</li>
<li><a href="17a8e33387"><code>17a8e33</code></a> Ignore macOS cruft</li>
<li><a href="f5ab4538f4"><code>f5ab453</code></a> Bump version to 0.16.1</li>
<li><a href="c1a5a7c926"><code>c1a5a7c</code></a> Add test for hidden progress bar in MultiProgress (see <a href="https://github-redirect.dependabot.com/mitsuhiko/indicatif/issues/286">https://github.com/facebook/flipper/issues/286</a>)</li>
<li><a href="1047de9609"><code>1047de9</code></a> Fix: Code is actually reachable</li>
<li><a href="6a49439748"><code>6a49439</code></a> Update expand_template regex to recognize from_dotted_str() 256 colors</li>
<li>Additional commits viewable in <a href="https://github.com/mitsuhiko/indicatif/compare/0.15.0...0.16.2">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/2383
Reviewed By: nikoant
Differential Revision: D28795401
Pulled By: passy
fbshipit-source-id: d23992a9c83c7f830c9848804d1c66aba174d4a5
Summary:
Bumps com.github.ben-manes.versions from 0.38.0 to 0.39.0.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/2392
Reviewed By: nikoant
Differential Revision: D28795383
Pulled By: passy
fbshipit-source-id: 941bb27ea6fdbf203e0fa09fdb0af0d9af430800
Summary: Changelog: allow zooming Flipper window content in and out either using View menu or hotkeys (Cmd+Plus) and (Cmd+Minus)
Reviewed By: passy
Differential Revision: D28748567
fbshipit-source-id: a214c708cae2c82d04eb53fc879518a0106517de
Summary:
In public CI (only?), asset downloads sometimes fail with a spurious 404.
We already have retrying in place, but it will obviously not do that on a 500.
Reviewed By: nikoant
Differential Revision: D28744817
fbshipit-source-id: b6a185d8e9db45e02c6427233a0171b00c552751
Summary:
Bumps [ws](https://github.com/websockets/ws) from 7.3.0 to 7.4.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p>
<blockquote>
<h2>7.4.6</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a ReDoS vulnerability (00c425ec).</li>
</ul>
<p>A specially crafted value of the <code>Sec-Websocket-Protocol</code> header could be used
to significantly slow down a ws server.</p>
<pre lang="js"><code>for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {
const value = 'b' + ' '.repeat(length) + 'x';
const start = process.hrtime.bigint();
<p>value.trim().split(/ *, */);</p>
<p>const end = process.hrtime.bigint();</p>
<p>console.log('length = %d, time = %f ns', length, end - start);
}
</code></pre></p>
<p>The vulnerability was responsibly disclosed along with a fix in private by
Robert McLaughlin from University of California, Santa Barbara.</p>
<p>In vulnerable versions of ws, the issue can be mitigated by reducing the maximum
allowed length of the request headers using the <a href="https://nodejs.org/api/cli.html#cli_max_http_header_size_size"><code>--max-http-header-size=size</code></a>
and/or the <a href="https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener"><code>maxHeaderSize</code></a> options.</p>
<h2>7.4.5</h2>
<h1>Bug fixes</h1>
<ul>
<li>UTF-8 validation is now done even if <code>utf-8-validate</code> is not installed
(23ba6b29).</li>
<li>Fixed an edge case where <code>websocket.close()</code> and <code>websocket.terminate()</code> did
not close the connection (67e25ff5).</li>
</ul>
<h2>7.4.4</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a bug that could cause the process to crash when using the
permessage-deflate extension (92774377).</li>
</ul>
<h2>7.4.3</h2>
<h1>Bug fixes</h1>
<ul>
<li>The deflate/inflate stream is now reset instead of reinitialized when context
takeover is disabled (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1840">https://github.com/facebook/flipper/issues/1840</a>).</li>
</ul>
<h2>7.4.2</h2>
<h1>Bug fixes</h1>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f5297f7090"><code>f5297f7</code></a> [dist] 7.4.6</li>
<li><a href="00c425ec77"><code>00c425e</code></a> [security] Fix ReDoS vulnerability</li>
<li><a href="990306d144"><code>990306d</code></a> [lint] Fix prettier error</li>
<li><a href="32e3a8439b"><code>32e3a84</code></a> [security] Remove reference to Node Security Project</li>
<li><a href="8c914d18b8"><code>8c914d1</code></a> [minor] Fix nits</li>
<li><a href="fc7e27d12a"><code>fc7e27d</code></a> [ci] Test on node 16</li>
<li><a href="587c201bfc"><code>587c201</code></a> [ci] Do not test on node 15</li>
<li><a href="f672710797"><code>f672710</code></a> [dist] 7.4.5</li>
<li><a href="67e25ff502"><code>67e25ff</code></a> [fix] Fix case where <code>abortHandshake()</code> does not close the connection</li>
<li><a href="23ba6b2922"><code>23ba6b2</code></a> [fix] Make UTF-8 validation work even if utf-8-validate is not installed</li>
<li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/7.3.0...7.4.6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/2371
Reviewed By: passy
Differential Revision: D28714468
Pulled By: nikoant
fbshipit-source-id: c2a3a7091599f29d453a35bf89bab4a03817509c
Summary:
Flipper network plugin does not work without the above added lines.
Without the added lines, the network plugin simply does not work on Android with Flipper version 0.91.0. I found this solution in your example react-native project. This should be stated in the docs.
## Changelog
This should not be stated in changelog.
Pull Request resolved: https://github.com/facebook/flipper/pull/2368
Test Plan: There is no code.
Reviewed By: passy
Differential Revision: D28714451
Pulled By: nikoant
fbshipit-source-id: 81583fcf590e1c603d67bcb649067393455549cc
Summary: Github says dns-packet < 5.2.2 is vulnerable, so pinning it to ensure we use fixed version
Reviewed By: passy
Differential Revision: D28714350
fbshipit-source-id: 836061216826948d2fe9320137a91f4fbdad4211
Summary: Changelog: Increased contrast of timestamps text on marker timelines used in several plugins (QPL, Sections)
Reviewed By: mweststrate
Differential Revision: D28707431
fbshipit-source-id: 8749a95fccf895bddf707c1d830baf5c65578fb9
Summary:
We use exception for control flow here which isn't great
but we shouldn't log naked errors when a check fails.
Reviewed By: nikoant
Differential Revision: D28645636
fbshipit-source-id: db8c7b1457883acc767ac850f015f6b35a41730b
Summary: Some tests were occasionally flaky, by emulating delays, time variation should no longer influence tests.
Reviewed By: passy
Differential Revision: D28572946
fbshipit-source-id: f4134a6509a0ec0be2e8f36e5623c4882b5531b8
Summary: This change allows passing a directory containing plugin packages to include them into Flipper distributive. This is used by release command on Sandcastle (see D28626715).
Reviewed By: passy
Differential Revision: D28628425
fbshipit-source-id: 9c5d7527721f99b43991bace0b5e2f3a4ede0d13
Summary: This diff fixes "build-plugin" script which is failing for fb-internal plugins, because "fb/package.json" not exist. Because of that release of "fb/mobilebuilds" plugin failed recently: https://www.internalfb.com/intern/sandcastle/job/13510799309874638.
Reviewed By: passy
Differential Revision: D28624924
fbshipit-source-id: e00da98cfef992f5d49045afc9d404764a0d13ac
Summary: Now we support splitting metadata to public and fb-internal (see the previous diff in the stack), and this diff actually cleans up all public plugin metadata from fb-specific things.
Reviewed By: passy
Differential Revision: D28568413
fbshipit-source-id: eae699eabaae489c4bcfbfcc407c3bef42bfd338
Summary: Allow splitting package.json to public one and fb-internal one located in "fb/package.json". When plugin is packaged, fields in package.json are overwritten by fields from "fb/package.json" if they exist. This give us a way to specify additional metadata which only make sense internally (e.g. oncall and internal links to docs and support).
Reviewed By: mweststrate
Differential Revision: D28542101
fbshipit-source-id: c0167461897a994e5731aaf0fe625de052eda864
Summary:
Per title
After landing this and verifying in CI, will apply those version bumps to RN itself: https://github.com/facebook/react-native/pull/31562, and remove the custom overrides in the future
Reviewed By: passy
Differential Revision: D28573552
fbshipit-source-id: e52c40f4751f933f17312aac2aacfd695f554a3f
Summary:
This is in fact correctly handled, shown in the UI and we don't
need a task if someone pastes the wrong token.
Reviewed By: priteshrnandgaonkar
Differential Revision: D28569896
fbshipit-source-id: 689bff06b4a488be7ad4c58eb4f2e91018da31cf
Summary:
Bumps [ansi-to-html](https://github.com/rburns/ansi-to-html) from 0.6.14 to 0.6.15.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/rburns/ansi-to-html/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: https://github.com/facebook/flipper/pull/2318
Reviewed By: priteshrnandgaonkar
Differential Revision: D28474718
Pulled By: mweststrate
fbshipit-source-id: e153a70fc3c1e85c62dec9bb752fa8171fba3c18
Summary: Fixed new error which appeared in logview after last release. See task T91245438 for details.
Reviewed By: passy
Differential Revision: D28569848
fbshipit-source-id: a4b622d4387aa41ecc4db269e05c5315669df250
Summary:
This diff updates and adds the boost ios podspec in flipper repo. This new boost dep works for Arm and i386 archs for simulator too.
This diff also updates our GH Action to remove i386 from excluded archs. Still arm64 is kept as non M1 mac machines do not have arm swift symbols for arm simulator. And since all our CI is on non M1, it is required.
It also takes care of https://github.com/facebook/flipper/issues/2268
## Changelog
- Update the boost dep
- Update the GH action
Pull Request resolved: https://github.com/facebook/flipper/pull/2341
Test Plan: CI
Reviewed By: mweststrate
Differential Revision: D28537004
Pulled By: priteshrnandgaonkar
fbshipit-source-id: 474ccec674d0edf5fa7b792b15a326e0f139d977
Summary:
Updated to the latest version which apparently doesn't need a privileged token anymore, which would be good news.
Also updated the message to include a `[ci skip]` which instructs CircleCI not to run because we're having a chicken-and-egg-problem here with CircleCI otherwise needing a config to tell it not to run, otherwise it will run and fail because there's no config.
Pull Request resolved: https://github.com/facebook/flipper/pull/2342
Test Plan:
hopeitwork
Task: T91157540
Reviewed By: mweststrate
Differential Revision: D28539468
Pulled By: passy
fbshipit-source-id: 609c3fa1578e0506aadeb225c4e38ff53db67934
Summary:
Added rules to ensure we properly propagate errors from promises.
Also found and fixed a place where promise function parameter was mismatched.
Reviewed By: mweststrate
Differential Revision: D28537820
fbshipit-source-id: b93f44274fc76544049813f645508cb78e432880
Summary:
This diff generalises computation of the currently selected plugin, app, device etc. and adds this information to all the analytics events and error reports.
Slicing of events by os, device, app or selected plugin can be very useful. This is especially true for errors which often affects only certain types of devices, e.g. android only or physical devices only. Having such information can help to narrow down such issues.
Reviewed By: passy
Differential Revision: D28511441
fbshipit-source-id: ed9dc57927c70ed8cc6fe093e21604eae54c2f60
Summary:
Network Plugin - When creating a mock request from a selected request, the request data is not in the proper format. It is decoded instead of just being copied from the call (which has already been decoded properly). This PR fixes that problem.
Below is a screenshot showing the problem (which occurs for all text response data):
## Changelog
Network Plugin - Fix problem with decoding request data for mocks copied from selection
Pull Request resolved: https://github.com/facebook/flipper/pull/2340
Test Plan:
Using the sample Android app, issue a network request
In Flipper, create a mock for the network request by selecting it and using the "Copy Selected Calls" function in the mock
Verify that the request data is readable:
Note:
Testing was done using the sample app which uses responses with JSON data. I was not able to provide testing for other types of calls, specifically calls that would return binary data.
Reviewed By: passy
Differential Revision: D28533224
Pulled By: mweststrate
fbshipit-source-id: ce11d23ade60843c110286f7a5bbeba91febbcf0
Summary: It can now only be accessed through `RenderCore`.
Reviewed By: ivanmisuno
Differential Revision: D28532729
fbshipit-source-id: b5b97ec93c96303b2a6e4c270dfc667712086b79
Summary:
Network requests and responses using JSON API content type of pattern `application/vnd.api+json` (see https://jsonapi.org/#mime-types) are currently treated as binary data. They should be treated as textual content.
## Changelog
Add regular expression to detect JSON content types.
Pull Request resolved: https://github.com/facebook/flipper/pull/2337
Test Plan: Using an API that return `Content-Type` of pattern `application/vnd.api+json`, verify that the response data in sidebar appears as text rather than `(binary data)`.
Reviewed By: passy
Differential Revision: D28513547
Pulled By: mweststrate
fbshipit-source-id: 3335b7eeb63c2429c2245113c8c83bd7e08a9420
Summary:
Network requests that return a "Content-Type" of 'application/xhtml+xml' are currently being treated as binary data when they should be treated as text.
## Changelog
Network Plugin - treat "Content-Type" of 'application/xhtml+xml' as text
Pull Request resolved: https://github.com/facebook/flipper/pull/2336
Test Plan: Using an API that return "Content-Type" of 'application/xhtml+xml' , verified that the response data in sidebar appears as text rather than '(binary data)'
Reviewed By: nikoant
Differential Revision: D28478695
Pulled By: mweststrate
fbshipit-source-id: ed60c8301dbd0cf65924a80d9e6a5800a59c6bb8
Summary:
Added demo to show how DataSource can power charts using event sampling and smart windowing.
A more experimental application: use dataSource to power some charts, that leverages the events emitted from an datasource that is continuously being appended:
- incoming events are downsampled 1 in 100 to build up the bottom window
- incoming events are not downsampled to render the topwindow, but since datasource views will ignore events outside the window, things will stay pretty responsive when a window is selected (without a window, the downsampled dataset is used as source for top chart as well).
Compared to a naive (well still slightly optimised with useFastArray) implementation that throws all incoming event in a big array, it performs > 20 times faster (see difference in amount of events processed)
Reviewed By: passy
Differential Revision: D28474409
fbshipit-source-id: 6a7973d1ade3053b1d6c8f72069697d96b1ef4fd
Summary:
One is keytar, which just needed a context.
The second one is happening every time someone uses Flipper
and not being on Lighthouse, spamming our log category besides
actually being properly handled.
Reviewed By: nikoant
Differential Revision: D28479791
fbshipit-source-id: 029721df46d12b2942b590a232618ef039a2323d
Summary: This diff adds attributing of all error reports with the information about the plugins caused them. To do that we try to map error stack trace to plugins by searching for plugin directories in it. We can do this only for plugins loaded from disk as we are looking for their physical locations in stack. To make it possible to search for multiple plugins in one go we build and maintain a trie containing all the loaded plugins locations.
Reviewed By: passy
Differential Revision: D28475938
fbshipit-source-id: 59c8ac39ffe54262b1d57f21fad44eb89748dff2
