Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove GeoJSON validation #1052

Merged
merged 4 commits into from
May 19, 2021
Merged

Remove GeoJSON validation #1052

merged 4 commits into from
May 19, 2021

Conversation

mourner
Copy link
Member

@mourner mourner commented May 19, 2021

Closes #1051, closes #1020, closes #1049. Upgrades some dependencies to pass security audit, and removes GeoJSON validation which wasn't very useful for its added size, was applied inconsistently, and relied on an unmaintained library with highly vulnerable transitive deps. Removing it is technically not too breaking since the code that worked before will continue working after the upgrade.

@mourner mourner requested a review from arindam1993 May 19, 2021 09:48
rreusser
rreusser approved these changes May 19, 2021
View reviewed changes
Copy link
Contributor

@rreusser rreusser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense to me. Do I understand correctly that users would then be responsible for passing valid geojson? Should we add a note to the docs for add which conveys this?

@mourner
Copy link
Member Author

mourner commented May 19, 2021

I think it's fine to not mention — the old validation behavior was never mentioned anyway, and requirement to pass valid GeoJSON is implied in all APIs like this

@mourner mourner merged commit c12fb64 into main May 19, 2021
@mourner mourner deleted the cleanup-deps branch May 19, 2021 18:39
@davidbeers
Copy link

This is great. @mourner do you have a rough idea when there might be a release with this fix? From reading comments it seems like it would make a very welcome minor release all on its own even if there aren't other features or fixes ready to release.

@mourner
Copy link
Member Author

mourner commented May 20, 2021

@davidbeers just released!

@murdocha
Copy link

Thank you!
this is much better than the work-around I I had found to reference a Github commit by hash in package.json:

    "@mapbox/mapbox-gl-draw": "git+https://github.com/mapbox/mapbox-gl-draw.git#c12fb64b90d00e877e94b12b60bc3b80e42924dd",

@mourner mourner mentioned this pull request Aug 31, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rreusser rreusser rreusser approved these changes

@arindam1993 arindam1993 Awaiting requested review from arindam1993

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove dependency on @mapbox/geojsonhint npm vulnerability NPM audit reports vulerabilities
4 participants
@mourner @davidbeers @murdocha @rreusser