[couchdb-fauxton] branch main updated: Remove dependency to 'couchapp' (#1341)

Mon, 07 Mar 2022 06:31:27 -0800 

This is an automated email from the ASF dual-hosted git repository.

amaranhao pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-fauxton.git


The following commit(s) were added to refs/heads/main by this push:
     new 5e811cb  Remove dependency to 'couchapp' (#1341)
5e811cb is described below

commit 5e811cb5430b1a2ce9bf1ae3fa00af0cd9e3041a
Author: Antonio Maranhao <[email protected]>
AuthorDate: Mon Mar 7 09:30:26 2022 -0500

    Remove dependency to 'couchapp' (#1341)
    
    Why
    Vulnerabilities reported against the package.
    
    What
    Instead of removing the Grunt task that uses it altogether,
    it loads the package at runtime.
    This way users can choose to install the dependency if they
    still require the ability to install Fauxton as a couchapp.
---
 package-lock.json | 79 -------------------------------------------------------
 package.json      |  1 -
 tasks/couchapp.js | 13 ++++++++-
 3 files changed, 12 insertions(+), 81 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 24ce4e3..85c4894 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5460,12 +5460,6 @@
       "integrity": "sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ=",
       "dev": true
     },
-    "coffee-script": {
-      "version": "1.12.7",
-      "resolved": 
"https://registry.npmjs.org/coffee-script/-/coffee-script-1.12.7.tgz";,
-      "integrity": 
"sha512-fLeEhqwymYat/MpTPUjSKHVYYl0ec2mOyALEMLmzr5i1isuG+6jfI2j2d5oBO3VIzgUXgBVIcOT9uH1TFxBckw==",
-      "dev": true
-    },
     "collection-visit": {
       "version": "1.0.0",
       "resolved": 
"https://registry.npmjs.org/collection-visit/-/collection-visit-1.0.0.tgz";,
@@ -5489,12 +5483,6 @@
       "resolved": 
"https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz";,
       "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
     },
-    "colors": {
-      "version": "0.6.2",
-      "resolved": "https://registry.npmjs.org/colors/-/colors-0.6.2.tgz";,
-      "integrity": "sha1-JCP+ZnisDF2uiFLl0OW+CMmXq8w=",
-      "dev": true
-    },
     "combined-stream": {
       "version": "1.0.8",
       "resolved": 
"https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz";,
@@ -5571,18 +5559,6 @@
         "typedarray": "^0.0.6"
       }
     },
-    "connect": {
-      "version": "3.7.0",
-      "resolved": "https://registry.npmjs.org/connect/-/connect-3.7.0.tgz";,
-      "integrity": 
"sha512-ZqRXc+tZukToSNmh5C2iWMSoV3X1YUcPbqEM4DkEG5tNQXrQUZCNVGGv3IuicnkMtPfGf3Xtp8WCXs295iQ1pQ==",
-      "dev": true,
-      "requires": {
-        "debug": "2.6.9",
-        "finalhandler": "1.1.2",
-        "parseurl": "~1.3.3",
-        "utils-merge": "1.0.1"
-      }
-    },
     "connect-history-api-fallback": {
       "version": "1.6.0",
       "resolved": 
"https://registry.npmjs.org/connect-history-api-fallback/-/connect-history-api-fallback-1.6.0.tgz";,
@@ -5697,34 +5673,6 @@
       "resolved": 
"https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz";,
       "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
     },
-    "couchapp": {
-      "version": "0.11.0",
-      "resolved": "https://registry.npmjs.org/couchapp/-/couchapp-0.11.0.tgz";,
-      "integrity": "sha1-8J3DFdYQ9vbnn9DK9eXWJLDMeD4=",
-      "dev": true,
-      "requires": {
-        "coffee-script": "*",
-        "connect": "*",
-        "http-proxy": "0.8.7",
-        "nano": "*",
-        "request": "*",
-        "url": "*",
-        "watch": "~0.8.0"
-      },
-      "dependencies": {
-        "http-proxy": {
-          "version": "0.8.7",
-          "resolved": 
"https://registry.npmjs.org/http-proxy/-/http-proxy-0.8.7.tgz";,
-          "integrity": "sha1-p7xThhgJLNJu0ZHkYlkzuu9t6A4=",
-          "dev": true,
-          "requires": {
-            "colors": "0.x.x",
-            "optimist": "0.3.x",
-            "pkginfo": "0.2.x"
-          }
-        }
-      }
-    },
     "create-ecdh": {
       "version": "4.0.4",
       "resolved": 
"https://registry.npmjs.org/create-ecdh/-/create-ecdh-4.0.4.tgz";,
@@ -12032,15 +11980,6 @@
         "is-wsl": "^1.1.0"
       }
     },
-    "optimist": {
-      "version": "0.3.7",
-      "resolved": "https://registry.npmjs.org/optimist/-/optimist-0.3.7.tgz";,
-      "integrity": "sha1-yQlBrVnkJzMokjB00s8ufLxuwNk=",
-      "dev": true,
-      "requires": {
-        "wordwrap": "~0.0.2"
-      }
-    },
     "optionator": {
       "version": "0.8.3",
       "resolved": 
"https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz";,
@@ -12568,12 +12507,6 @@
         "find-up": "^3.0.0"
       }
     },
-    "pkginfo": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/pkginfo/-/pkginfo-0.2.3.tgz";,
-      "integrity": "sha1-cjnEKl72wwuPMoQ52bn/cQQkkPg=",
-      "dev": true
-    },
     "pn": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/pn/-/pn-1.1.0.tgz";,
@@ -15392,12 +15325,6 @@
         "loose-envify": "^1.0.0"
       }
     },
-    "watch": {
-      "version": "0.8.0",
-      "resolved": "https://registry.npmjs.org/watch/-/watch-0.8.0.tgz";,
-      "integrity": "sha1-G7DupT3v5uYh6cjGPANYAH7L28w=",
-      "dev": true
-    },
     "watchpack": {
       "version": "1.7.5",
       "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-1.7.5.tgz";,
@@ -16086,12 +16013,6 @@
       "integrity": 
"sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
       "dev": true
     },
-    "wordwrap": {
-      "version": "0.0.3",
-      "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz";,
-      "integrity": "sha1-o9XabNXAvAAI03I0u68b7WMFkQc=",
-      "dev": true
-    },
     "worker-farm": {
       "version": "1.7.0",
       "resolved": 
"https://registry.npmjs.org/worker-farm/-/worker-farm-1.7.0.tgz";,
diff --git a/package.json b/package.json
index 480b617..8c4a93c 100644
--- a/package.json
+++ b/package.json
@@ -24,7 +24,6 @@
     "babel-loader": "^8.2.3",
     "babel-plugin-array-includes": "^2.0.3",
     "bootstrap": "^3.4.1",
-    "couchapp": "^0.11.0",
     "css-loader": "^3.6.0",
     "enzyme": "^3.11.0",
     "enzyme-adapter-react-16": "^1.15.6",
diff --git a/tasks/couchapp.js b/tasks/couchapp.js
index 2de4bc2..680a184 100644
--- a/tasks/couchapp.js
+++ b/tasks/couchapp.js
@@ -11,11 +11,22 @@
 // the License.
 
 const path = require("path");
-const couchapp = require("couchapp");
 const { URL } = require("url");
 
+function loadCouchapp() {
+  try {
+    return require("couchapp");
+  } catch (ex) {
+    console.error("Missing dependency. Run 'npm install couchapp --no-save' 
and try again.");
+  }
+}
+
 module.exports = function (grunt) {
   grunt.registerMultiTask("couchapp", "Install Couchapp", function () {
+    // Loading 'couchapp' at runtime to avoid adding it to Fauxton's 
package.json
+    // because 'npm audit' is reporting vulnerabilities against it, and the 
package is
+    // no longer maintained.
+    const couchapp = loadCouchapp();
     const done = this.async();
     const appobj = require(path.join(process.cwd(), 
path.normalize(this.data.app)));
     return couchapp.createApp(appobj, this.data.db, function (app) {

Reply via email to