Skip to content

Restore markdownlint tests #12549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TravisEz13 merged 12 commits into from
Jun 2, 2020
Merged

Restore markdownlint tests #12549

TravisEz13 merged 12 commits into from
Jun 2, 2020

Conversation

@xtqqczze
Copy link
Contributor

@xtqqczze xtqqczze commented May 2, 2020

PR Summary

Fix #12539

PR Context

markdownlint tests were removed in #10163 due to a security issue whoch has since been fixed in a newer version of markdownlint

PR Checklist

@ghost ghost assigned daxian-dbw May 2, 2020
@xtqqczze
Copy link
Contributor Author

xtqqczze commented May 2, 2020

Codacy markdown issues seem to contradict markdownlint issues.

iSazonov
iSazonov previously approved these changes May 2, 2020
View reviewed changes
@iSazonov iSazonov assigned TravisEz13 and unassigned daxian-dbw May 2, 2020
xtqqczze
xtqqczze commented May 2, 2020
View reviewed changes
test/common/markdown/gulpfile.js Outdated
Copy link
Contributor Author

@xtqqczze xtqqczze May 2, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found non-literal argument in require (security/detect-non-literal-require)

@iSazonov iSazonov self-requested a review May 2, 2020 18:25
@iSazonov iSazonov dismissed their stale review May 2, 2020 18:25

New commits

@xtqqczze
Copy link
Contributor Author

xtqqczze commented May 2, 2020
edited
Loading 

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ gulp > gulp-cli > yargs > yargs-parser                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘

The maintainer of the affected package claims the yargs-parser vulnerability does not introduce an attack vector in gulp.

See: gulpjs/gulp#2438

TravisEz13
TravisEz13 reviewed May 4, 2020
View reviewed changes
@TravisEz13
Copy link
Member

TravisEz13 commented May 4, 2020

There mere presence of a high scored vuln on the machine will trigger the same issue that cause this to be removed.

@TravisEz13
Copy link
Member

TravisEz13 commented May 4, 2020

I made a couple of edits to your branch. Please pull your branch if you need to edit something.

@TravisEz13
Copy link
Member

TravisEz13 commented May 4, 2020

That component is not currently generating an alert.

@TravisEz13 TravisEz13 added the CL-Test Indicates that a PR should be marked as a test change in the Change Log label May 4, 2020
@TravisEz13 TravisEz13 added this to the 7.1.0-preview.3 milestone May 4, 2020
@xtqqczze
Copy link
Contributor Author

xtqqczze commented May 5, 2020

The maintainer of gulp says the vulnerable dependency will not be updated until the project releases a new major version, which does not appear to be imminient.

See: yargs/yargs-parser#264 (comment)

@xtqqczze
Copy link
Contributor Author

xtqqczze commented May 5, 2020

@TravisEz13 Perhaps we could do without gulp anyway, and use npm-run-script or equivalent?

@TravisEz13
Copy link
Member

TravisEz13 commented May 5, 2020

@xtqqczze I'm not tied to gulp. As long as we still get test results. But if it reduces dependencies, I'm all for it.

@TravisEz13
Copy link
Member

TravisEz13 commented May 5, 2020

Tell me if you want me to merge this as is and then update, or you want to change it first.

@xtqqczze
Copy link
Contributor Author

xtqqczze commented May 6, 2020

@TravisEz13 Merge this for now please.

TravisEz13
TravisEz13 reviewed May 6, 2020
View reviewed changes
TravisEz13
TravisEz13 reviewed May 6, 2020
View reviewed changes
@xtqqczze xtqqczze force-pushed the restore-markdownlint branch from adb84a0 to 86a86c6 Compare May 24, 2020 18:41
@xtqqczze xtqqczze force-pushed the restore-markdownlint branch from 19e6c61 to 4180235 Compare May 30, 2020 20:01
@xtqqczze
Copy link
Contributor Author

xtqqczze commented May 30, 2020

rebased to resolve conflicts

@xtqqczze
Copy link
Contributor Author

xtqqczze commented May 30, 2020
edited
Loading

@TravisEz13 I'm not my change in 4180235 to use Write-Host is the best approach (CodeFactor issue), but I think we should log $markdownErrors somehow...

xtqqczze and others added 4 commits May 30, 2020 21:28
@xtqqczze
Fix markdownlint errors
00256c6 
* Split `\install-powershell-readme.md` into `install-powershell.ps1-README.md` and `install-powershell.sh-README.md` to fix `single-h1`
* Formatting changes to github issue templates as a result of fixing `single-h1`
@xtqqczze
Run yarn upgrade
c56002e
@xtqqczze
Update misc-analysis.yml
fd56dc7
@xtqqczze
Write errors to host
3a1a172
@xtqqczze xtqqczze force-pushed the restore-markdownlint branch from 4180235 to 3a1a172 Compare May 30, 2020 20:31
@xtqqczze
Copy link
Contributor Author

xtqqczze commented May 30, 2020

rebased to fix additionally markdownlint errors

TravisEz13
TravisEz13 reviewed Jun 2, 2020
View reviewed changes
TravisEz13
TravisEz13 requested changes Jun 2, 2020
View reviewed changes
Copy link
Member

@TravisEz13 TravisEz13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One one comment to address

@ghost ghost added the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Jun 2, 2020
@ghost ghost removed this from the 7.1.0-preview.4 milestone Jun 2, 2020
@TravisEz13
Copy link
Member

TravisEz13 commented Jun 2, 2020

@PoshChan Please remind me in 1 hour

@PoshChan
Copy link
Collaborator

PoshChan commented Jun 2, 2020

@TravisEz13, this is the reminder you requested 1 hour ago

@TravisEz13 TravisEz13 changed the title Restore markdownlint tests Restore markdownlint tests Jun 2, 2020
@TravisEz13 TravisEz13 merged commit b03b968 into PowerShell:master Jun 2, 2020
@iSazonov iSazonov removed the Waiting on Author The PR was reviewed and requires changes or comments from the author before being accept label Jun 3, 2020
@iSazonov iSazonov added this to the 7.1.0-preview.4 milestone Jun 3, 2020
@ghost
Copy link

ghost commented Jun 25, 2020

🎉v7.1.0-preview.4 has been released which incorporates this pull request.:tada:

Handy links:

@ghost ghost mentioned this pull request Jun 25, 2020
Closed
@xtqqczze xtqqczze deleted the restore-markdownlint branch June 29, 2020 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TravisEz13 TravisEz13 TravisEz13 approved these changes

@adityapatwardhan adityapatwardhan Awaiting requested review from adityapatwardhan

@anmenaga anmenaga Awaiting requested review from anmenaga

@daxian-dbw daxian-dbw Awaiting requested review from daxian-dbw

@joeyaiello joeyaiello Awaiting requested review from joeyaiello

@iSazonov iSazonov Awaiting requested review from iSazonov

Assignees

@TravisEz13 TravisEz13

Labels

CL-Test Indicates that a PR should be marked as a test change in the Change Log

Projects

None yet

Milestone

7.1.0-preview.4

Development

Successfully merging this pull request may close these issues.

Restore markdownlint tests

5 participants

@xtqqczze @TravisEz13 @PoshChan @iSazonov @daxian-dbw