core: remove uses of deprecated extendedInfo field #10779
Conversation
| @@ -74,7 +74,9 @@ class InteractiveMetric extends Audit { | |||
| const timeInMs = metricResult.timing; | |||
| const isDesktop = artifacts.TestedAsMobileDevice === false; | |||
| const options = isDesktop ? context.options.desktop : context.options.mobile; | |||
| const extendedInfo = { | |||
| /** @type {LH.Audit.Details.DebugData} */ | |||
| const debugData = { | |||
There was a problem hiding this comment.
do we still need this? cc @patrickhulce
in samplejson it ends up with just timeinMs and timestamp which are both already in 'metrics' audit.
not sure if we want the optimisitic/pessimistic data tho.
There was a problem hiding this comment.
Nope, let's dump it! ✂️
| /** @type {LH.Audit.Details.DebugData} */ | ||
| const debugData = { | ||
| type: 'debugdata', | ||
| queryStringCount, |
There was a problem hiding this comment.
do we still want this? original context: #3531 (comment)
cc @brendankenny @patrickhulce
given that it hasnt come up since then i'm prone to exclude it
| /** @type {LH.Audit.Details.DebugData} */ | ||
| const debugData = { | ||
| type: 'debugdata', | ||
| totalCompletedRequests, |
There was a problem hiding this comment.
original context: #2697
we added the network-requests audit since then so we don't need this any longer.
| const debugData = { | ||
| type: 'debugdata', | ||
| jsLibs: libraryVulns, | ||
| vulnerabilityResults, |
There was a problem hiding this comment.
we don't need vulnerabilityResults here because its already in details.
| /** @type {LH.Audit.Details.DebugData} */ | ||
| const debugData = { | ||
| type: 'debugdata', | ||
| jsLibs: libraryVulns, |
There was a problem hiding this comment.
from looking at the samplejson here's my understanding:
libraryVulns currently has all js-libs detects and there's an array of vulns attached to each. that array may be empty.
just enumerating all js-libs isn't neccessary cuz we now have the js-libraries audit which does the same.
but the results of this audit reduces 4 diff vulns into one entry, so (aside from this debugdata) we don't expose the 4 vulns individually.
"debugData": {
"type": "debugdata",
"jsLibs": [
{
"name": "jQuery",
"npmPkgName": "jquery",
"version": "2.1.1",
"vulns": [
{
"severity": "Medium",
"numericSeverity": 2,
"library": "jQuery@2.1.1",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-567880"
},
{
"severity": "Medium",
"numericSeverity": 2,
"library": "jQuery@2.1.1",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-565129"
},
{
"severity": "Medium",
"numericSeverity": 2,
"library": "jQuery@2.1.1",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
},
{
"severity": "Medium",
"numericSeverity": 2,
"library": "jQuery@2.1.1",
"url": "https://snyk.io/vuln/npm:jquery:20150627"
}
],
"highestSeverity": "Medium"
},
{
"name": "jQuery (Fast path)",
"npmPkgName": "jquery",
"version": "",
"vulns": []
},
{
"name": "WordPress",
"version": "",
"vulns": []
}
],it seems reasonable that we keep exposing these vulns individually.
but i think we should do libraryVulns.filter(lib => lib.vulns.length)
and instead of jsLibs let's call it vulnerableLibs
beyond that I think this data structure works. (as opposed to not grouping vulns by their lib)
| @@ -103,9 +103,6 @@ class AxeAudit extends Audit { | |||
|
|
|||
| return { | |||
| score: Number(rule === undefined), | |||
| extendedInfo: { | |||
| value: rule, | |||
There was a problem hiding this comment.
we don't expose the full axe rule output otherwise.
but i think that's okay
here's a full "rule":
we'd miss out on their description & title and url.
and for each node we'd miss out on its specific impact and failureSummary
i think this is ok.
somewhat related: failureSummary tbh looks useful for our regular output. requires a bit more investigation.
There was a problem hiding this comment.
Should I add a note or TODO here?
There was a problem hiding this comment.
and for each node we'd miss out on its specific
impactandfailureSummary
failureSummary becomes each node's explanation in the axe audit tables, e.g.
lighthouse/lighthouse-core/test/results/sample_v2.json
Lines 1965 to 1972 in e2bfa14
There was a problem hiding this comment.
(after #5402 asked us to put stuff back)
There was a problem hiding this comment.
Should I add a TODO or something to remind us to come back to this?
There was a problem hiding this comment.
Should I add a TODO or something to remind us to come back to this?
we've been happy with the current output since #5402, so how about let's leave as it is here and re-visit if someone asks for more or we have ideas for future reporting that needs more.
| /** @type {string|undefined} */ | ||
| let displayValue; | ||
| if (userTimings.length) { | ||
| debugData = { | ||
| type: 'debugdata', | ||
| userTimings, |
There was a problem hiding this comment.
looked at this one. i dont think there's any useful data in the raw userTimings obj that we want.
we can drop it.
There was a problem hiding this comment.
From my perspective everything that's currently in extendedInfo can be dropped safely because everything is guaranteed to not be used by the external world, so there should be a good reason for reintroducing.
I know I had like a 3 month period where I forgot about this fact during reviews, so sorry to anyone I asked to put something into extendedInfo 😂
I'm not sure there's much
| /** @type {LH.Audit.Details.DebugData} */ | ||
| const debugData = { | ||
| type: 'debugdata', | ||
| queryStringCount, |
| @@ -74,7 +74,9 @@ class InteractiveMetric extends Audit { | |||
| const timeInMs = metricResult.timing; | |||
| const isDesktop = artifacts.TestedAsMobileDevice === false; | |||
| const options = isDesktop ? context.options.desktop : context.options.mobile; | |||
| const extendedInfo = { | |||
| /** @type {LH.Audit.Details.DebugData} */ | |||
| const debugData = { | |||
There was a problem hiding this comment.
Nope, let's dump it! ✂️
💯 I don't think we've ever deleted something from |
| } | ||
| ], | ||
| "highestSeverity": "Medium" | ||
| } |
There was a problem hiding this comment.
Even filtered this still seems mostly redundant. I guess you get to see the different severities per vulnerability, but the majority in our snyk db are medium anyways. Do we want just ['https://snyk.io/vuln/SNYK-JS-JQUERY-567880', 'https://snyk.io/vuln/SNYK-JS-JQUERY-565129', 'https://snyk.io/vuln/SNYK-JS-JQUERY-174006', 'https://snyk.io/vuln/npm:jquery:20150627'] out of this, which captures almost all of the unique additional data? The link we currently provide (https://snyk.io/vuln/npm:jquery?lh=2.1.1) does already have all that for interested parties...
There was a problem hiding this comment.
@paulirish Thoughts?
There was a problem hiding this comment.
I think there are two cases for use here:
a human or script looking at an individual LHR
- most of the time you just want to know what you're using that's vulnerable and that you should upgrade
- if you want to dig in, everything you'd want is already at the URL we provide for each library found (that page links off to all the vulnerabilities individually, severities, CVEs, etc)
- if a tool really want to show all that detail in their own UI, snyk has both an API and local databases for library@version -> vulnerabilities :)
otoh, if one were to do an HTTP Archive query about vulnerable libraries, I'd imagine the things you'd want out of the LHR are, in decreasing order of likelihood of interest:
- the vulnerable version of the library found in a page
- the highest vulnerability level found (e.g. select results only from the pages with a High severity vulnerability)
- the number of vulnerabilities found for that library
I can't imagine any circumstance in which you'd want the set of all vulnerability levels found for that library (['Medium', 'Medium', 'Medium', 'Medium']), for instance. What would you do with that?
I think this is another case of YAGNI. Regardless of possible scenarios, in practice no one has missed this extra info since extendedInfo went away, so let's add it back if and when someone has a real need for it. That also nicely avoids having to come up with which properties to keep and which to ditch and what shape object should they be put in, etc :)
| @@ -103,9 +103,6 @@ class AxeAudit extends Audit { | |||
|
|
|||
| return { | |||
| score: Number(rule === undefined), | |||
| extendedInfo: { | |||
| value: rule, | |||
There was a problem hiding this comment.
Should I add a TODO or something to remind us to come back to this?
we've been happy with the current output since #5402, so how about let's leave as it is here and re-visit if someone asks for more or we have ideas for future reporting that needs more.
| @@ -41,28 +36,4 @@ describe('Performance: user-timings audit', () => { | |||
| assert.equal(auditResult.details.items[1].duration, undefined); | |||
| }); | |||
| }); | |||
|
|
|||
| it('doesn\'t throw when user_timing events have a colon', () => { | |||
There was a problem hiding this comment.
it seems like this was maybe a regression test added at some point. Any reason to delete instead of switching over to checking items? (looks like the same name filter should work)
| } | ||
| ], | ||
| "highestSeverity": "Medium" | ||
| } |
There was a problem hiding this comment.
I think there are two cases for use here:
a human or script looking at an individual LHR
- most of the time you just want to know what you're using that's vulnerable and that you should upgrade
- if you want to dig in, everything you'd want is already at the URL we provide for each library found (that page links off to all the vulnerabilities individually, severities, CVEs, etc)
- if a tool really want to show all that detail in their own UI, snyk has both an API and local databases for library@version -> vulnerabilities :)
otoh, if one were to do an HTTP Archive query about vulnerable libraries, I'd imagine the things you'd want out of the LHR are, in decreasing order of likelihood of interest:
- the vulnerable version of the library found in a page
- the highest vulnerability level found (e.g. select results only from the pages with a High severity vulnerability)
- the number of vulnerabilities found for that library
I can't imagine any circumstance in which you'd want the set of all vulnerability levels found for that library (['Medium', 'Medium', 'Medium', 'Medium']), for instance. What would you do with that?
I think this is another case of YAGNI. Regardless of possible scenarios, in practice no one has missed this extra info since extendedInfo went away, so let's add it back if and when someone has a real need for it. That also nicely avoids having to come up with which properties to keep and which to ditch and what shape object should they be put in, etc :)
| @@ -226,15 +226,15 @@ class NoVulnerableLibrariesAudit extends Audit { | |||
| {key: 'highestSeverity', itemType: 'text', text: str_(UIStrings.columnSeverity)}, | |||
| ]; | |||
| const details = Audit.makeTableDetails(headings, vulnerabilityResults, {}); | |||
|
|
|||
| /** @type {LH.Audit.Details.DebugData} */ | |||
| const debugData = { | |||
| } | ||
| ], | ||
| "highestSeverity": "Medium" | ||
| } |
| @@ -37,7 +37,7 @@ describe('Avoids front-end JavaScript libraries with known vulnerabilities', () | |||
| }); | |||
| assert.equal(auditResult.score, 0); | |||
| assert.equal(auditResult.details.items.length, 1); | |||
| assert.equal(auditResult.extendedInfo.jsLibs.length, 3); | |||
| assert.equal(auditResult.details.debugData.vulnerableLibs.length, 1); | |||
|
@brendankenny Good times! sniff |
This PR removes the remaining usage of 'extendedInfo' which has been deprecated for a while. For each of the audits, extendedInfo was moved into debugData if it hasn't been replicated in the audit details already.
Closes #10567