Internalize ecstatic library #631
Conversation
thornjad
added
high priority
|
In the interim, what about a minor version bump in the dependencies to sidestep a security concern? https://snyk.io/test/npm/ecstatic/3.3.2
|
|
The PlayCanvas Engine repo has had a Dependabot warning about this for maybe 9 months now. I guess I could just patch the |
|
Sorry I got pulled away into other life things, I need to get back to this PR. Unfortunately This PR just needs functioning tests right now if anyone has the time to take a look at them, I don't right now but will get back to it when I can. |
|
Hi @thornjad, is there something you will need help with, then I will like to help out :) |
|
@thornjad is this just about fixing the failing tests listed here https://travis-ci.org/github/http-party/http-server/jobs/762178038 ? If someone submitted a PR with a fix, what are the chances any maintainer would look at it? |
|
Yeah tests passing is the only thing holding this up. I just haven't been able to find any time, a PR would definitely be welcomed and looked at. |
|
Closing this draft in favor of #693 |
Ecstatic is no longer maintained, and so we cannot rely on any future updates. This PR internalizes it as the
coremodule.This PR also pulls in all of ecstatic's tests so we don't lose that coverage. Unfortunately these were written with
tapwhile http-server's tests are written withvows. I don't have a strong preference for one over the other, but these need to be reconciled before this PR can be merged. I'm leaning toward converting totapbecause that means rewriting only one file.TODO:
taporvows, or both.Fixes #568