Skip to content

Commit

Permalink
Fix/vulnerability audit (#1707)
Browse files Browse the repository at this point in the history
This should resolve the problem detected in
#1695

The culprit was @xmldom/xmldom that was not following semantic
versioning

---------

Co-authored-by: andrewx82 <80043879+andrewx82@users.noreply.github.com>
  • Loading branch information
SorsOps and SorsOps authored Mar 22, 2023
1 parent 1325d8f commit 270bb1f
Show file tree
Hide file tree
Showing 17 changed files with 101,261 additions and 21,578 deletions.
83 changes: 66 additions & 17 deletions .github/workflows/node.js.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,24 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v2

- name: Cache node modules
id: cache-nodemodules
uses: actions/cache@v3
env:
cache-name: cache-node-modules
with:
# caching node_modules
path: node_modules
key: ${{ runner.os }}-node-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ env.cache-name }}-
# 3: Install dependencies
- name: Install dependencies
run: yarn --frozen-lockfile

if: steps.cache-nodemodules.outputs.cache-hit != 'true'
run: npm ci
# 5: Build package
- name: Build Package
run: yarn build

run: npm run build
# 6: Store artifact
- name: Store Artifact
uses: actions/upload-artifact@v2
Expand All @@ -53,13 +63,26 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v2

# 3: Install dependencies
# 3: Install dependencies.
- name: Cache node modules
id: cache-nodemodules
uses: actions/cache@v3
env:
cache-name: cache-node-modules
with:
# caching node_modules
path: node_modules
key: ${{ runner.os }}-node-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ env.cache-name }}-
# This is very unlikely to happen, but we include it anyway in case some cache flushing happens
- name: Install dependencies
run: yarn --frozen-lockfile
if: steps.cache-nodemodules.outputs.cache-hit != 'true'
run: npm ci

# 4: Run tests
- name: Run test command
run: yarn test
run: npm run test
coverage:
name: Test coverage
runs-on: ubuntu-latest
Expand All @@ -73,9 +96,22 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v2

# 3: Install dependencies
# 3: Install dependencies.
- name: Cache node modules
id: cache-nodemodules
uses: actions/cache@v3
env:
cache-name: cache-node-modules
with:
# caching node_modules
path: node_modules
key: ${{ runner.os }}-node-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ env.cache-name }}-
# This is very unlikely to happen, but we include it anyway in case some cache flushing happens
- name: Install dependencies
run: yarn --frozen-lockfile
if: steps.cache-nodemodules.outputs.cache-hit != 'true'
run: npm ci

# 4: Run test coverage report
- name: Run test coverage report
Expand All @@ -86,7 +122,7 @@ jobs:
runCommand: 'LAUNCHDARKLY_FLAGS=tokenThemes,gitBranchSelector,multiFileSync,tokenFlowButton npx jest --collectCoverageFrom=''["src/**/*.{js,jsx,ts,tsx}"]'' --coverage --collectCoverage=true --coverageDirectory=''./'' --coverageReporters=''json-summary'' --forceExit --detectOpenHandles'
total_delta: 1
delta: 1
afterSwitchCommand: yarn --frozen-lockfile
afterSwitchCommand: npm ci
useSameComment: true
test-transform:
name: Transformer Tests
Expand All @@ -101,21 +137,34 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v2

# 3: Install dependencies
# 3: Install dependencies.
- name: Cache node modules
id: cache-nodemodules
uses: actions/cache@v3
env:
cache-name: cache-node-modules
with:
# caching node_modules
path: node_modules
key: ${{ runner.os }}-node-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ env.cache-name }}-
# This is very unlikely to happen, but we include it anyway in case some cache flushing happens
- name: Install dependencies
run: yarn --frozen-lockfile
if: steps.cache-nodemodules.outputs.cache-hit != 'true'
run: npm ci

# 4: Build package
- name: build:transform
run: yarn build-transform
run: npm run build-transform

# 5: Install dependencies
- name: Install dependencies - transformer
run: cd token-transformer && yarn --frozen-lockfile
run: cd token-transformer && npm ci

# 6: Run tests
- name: Run test command
run: cd token-transformer && yarn test
run: cd token-transformer && npm run test
cypress-run:
name: Cypress
runs-on: ubuntu-latest
Expand All @@ -128,5 +177,5 @@ jobs:
- name: Cypress run
uses: cypress-io/github-action@v2
with:
build: yarn build:cy
start: yarn serve
build: npm run build:cy
start: npm run serve
2 changes: 2 additions & 0 deletions .npmrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
strict-peer-deps=false
legacy-peer-deps=true
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ Whenever you apply a token to a layer, the plugin will store hidden information
Most information can be found in the [docs](https://docs.tokens.studio) or [our website](https://tokens.studio).

# Contribute
* Run `yarn` to install dependencies.
* Run `yarn start` to start webpack in watch mode or `yarn build` to build once.
* Run `npm ci` to install dependencies.
* Run `npm run start` to start webpack in watch mode or `npm run build` to build once.
* Open `Figma` -> `Plugins` -> `Development` -> `New Plugin...` and choose `manifest.json` file from this repo.
* Create a Pull request for your branch

Expand Down
4 changes: 3 additions & 1 deletion babel.config.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
module.exports = {
presets: ['@babel/preset-env', '@babel/preset-typescript', '@babel/preset-react'],
presets: [['@babel/preset-env', {
modules: false,
}], '@babel/preset-typescript', '@babel/preset-react'],
plugins: ['@babel/proposal-class-properties', '@babel/proposal-object-rest-spread', "@babel/transform-typescript", "@babel/plugin-proposal-private-methods"],
env: {
test: {
Expand Down
Loading

0 comments on commit 270bb1f

Please sign in to comment.