doamatto / gulp-eslint Goto Github PK

Describe the bug
Was trying to debug the default gulp-eslint not working and came across this, wanted to see if it was solvable by default or if this was any different than overriding the peer dependency. The following code block:

const gulp = require('gulp');
const eslint = require('@doamatto/gulp-eslint');
const gulpIf = require('gulp-if');
function fixCondition(file)
{
    if (fix && file.eslint && file.eslint.fixed)
    {
        console.log('\tAutomatically fixed errors in ' + file.eslint.filePath);
        return true;
    }
    return false;
};

module.exports.lint = function (source)
{
    const sources = [source + '**/*.js'];
    return gulp.src(sources)
        .pipe(eslint({fix: localFix}))
        .pipe(eslint.format())
        .pipe(gulpIf(fixCondition, gulp.dest(source)));
};

(I think that's it, base case of the actual version) ...doesn't actually take and run the fix option.

To Reproduce
Use above code, include an invalid file, errors still print out and don't get fixed.

Expected behavior
Errors to not get printed out and fixes to happen. Works if you swap out const eslint = require('@doamatto/gulp-eslint'); => const eslint = require('/gulp-eslint');

Desktop (please complete the following information):

• OS: Mac, who knows

    "gulp": "^4.0.2",
    "@doamatto/gulp-eslint": "~6.2.8",
    "gulp-if": "^2.0.2",

Additional context
Small typos in https://www.doamatto.xyz/projects/gulp-eslint/, which I bring with no intent to offend:

8 tagged releases, as of wriitng, have been made brining patches

wriitng => writing, brining => bringing

Analogous to eslint.failOnError and eslint.failAfterError, but triggered by warnings and errors alike. See PR.

CVE-2020-7774 - High Severity Vulnerability

Vulnerable Libraries - y18n-3.2.1.tgz, y18n-4.0.0.tgz

y18n-3.2.1.tgz

the bare-bones internationalization library used by yargs

Library home page: https://registry.npmjs.org/y18n/-/y18n-3.2.1.tgz

Path to dependency file: gulp-eslint/package.json

Path to vulnerable library: gulp-eslint/node_modules/y18n/package.json

Dependency Hierarchy:

• gulp-4.0.2.tgz (Root Library)
  • gulp-cli-2.3.0.tgz
    • yargs-7.1.1.tgz
      • ❌ y18n-3.2.1.tgz (Vulnerable Library)

y18n-4.0.0.tgz

the bare-bones internationalization library used by yargs

Library home page: https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz

Path to dependency file: gulp-eslint/package.json

Path to vulnerable library: gulp-eslint/node_modules/mocha/node_modules/y18n/package.json

Dependency Hierarchy:

• mocha-8.2.1.tgz (Root Library)
  • yargs-13.3.2.tgz
    • ❌ y18n-4.0.0.tgz (Vulnerable Library)

Found in HEAD commit: ee14da15bc4220ec824037a54dc7b2a3e2124d43

Found in base branch: master

Vulnerability Details

This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true

Publish Date: 2020-11-17

URL: CVE-2020-7774

CVSS 3 Score Details (7.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774

Release Date: 2020-11-17

Fix Resolution: 5.0.5

Step up your Open Source Security Game with WhiteSource here

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
When executing, the following error appears:

...calculateStatsPerFile(messages)
^^^
SyntaxError: Unexpected token ...
at createScript (vm.js:56:10)
at Object.runInThisContext (vm.js:97:10)
at Module._compile (module.js:549:28)

Cross-post of adametry/gulp-eslint#258 from @shouryamittal

To Reproduce
Node: 10.15.3
NPM: 6.4.1
Gulp CLI: 2.2.0
Gulp ESLint: 6.0.0 and 6.2.8.1

Expected behavior
Not this.

Screenshots
N/A

Additional context
The eslintrc file is:

{ "env": { "node": true, "es6": true }, "parserOptions": { "ecmaVersion":2020, "ecmaFeatures": { "jsx": true } }, "settings": { "react": { "createClass": "createClass", "pragma": "React", "version": "detect" } }, //this config extends the eslint recommended and react presets. "extends":["eslint:recommended", "plugin:react/recommended"], //rules to be applied by eslint while validating the code. "rules": { "curly": "error", //enforce consistent brace style for all control statements "no-undef": "error", //disallow the use of undeclared variables unless mentioned in /*global */comments "no-unused-vars": "error", "no-trailing-spaces": "error", "semi": "error", //semicolons a must to end a statement "no-const-assign": "error", "eqeqeq": "error", //require the use of===and!== "no-extra-boolean-cast":"off" } }

So here's the deal. When line 44-46 of util.js is:

message: file.path.includes('node_modules/') ?
				'File ignored because it has a node_modules/** path' :
				'File ignored because of .eslintignore file'

We've got a grave issue. When we remove the slash from .includes('node_modules'), it works. The test string is node_modules/test/index.js, which means it should work either way. However, if we remove the slash, files named node_modules (I don't know who would do it, but there's someone who probably has) won't be linted and will be ignored.

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

This plugin seems not to include some rules from ESLint. I verified that running ESLint via npx eslint src runs just fine.

How to reproduce

1. Enable any or all of the rules:

• no-promise-executor-return
• no-unreachable-loop
• no-useless-backreference
• default-case-last

2. Try to use gulp to lint a file

How to fix it (when using gulp-eslint)

Breaks:

...
  .pipe(eslint())
...

Works:

...
  .pipe(eslint({ rulePaths: ["node_modules/eslint/lib/rules"] }))
...

Versions

gulp: 4.0.2
gulp-cli: 2.3.0
gulp-eslint: 6.0.0
ESLint: 7.9.0
node: 14.12.0
npm: 6.14.7

Switch to Jest for testing.

This issue provides visibility into Renovate updates and their statuses. Learn more

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update dependency acorn to v8.5.0
• chore(deps): update node.js to v8.17.0
• chore(deps): update dependency mocha to v9
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• chore(deps): update dependency mocha to v8.4.0

• Check this box to trigger a request for Renovate to run again on this repository