datavisyn / phovea_security_store_generated Goto Github PK

Observed behaviour

• Build ID in webpack config causes errors if it is used without JSON.stringify()

Observed behavior

• pypi does not support the current Mozilla Public License 2.0 for published repositories, see list of classifiers and error message:

See https://github.com/datavisyn/visyn2020/issues/9

We should update all requirements to the latest accessible versions.

We should migrate from Karma to Jest for testing due to compatibility issues.

After the update to Typescript 3.8, we can use the latest version.
For the usage of ts-jest it is important to use a pinned version without ^. The reason for that is that its Major version follows Jest, which means that minor changes can be breaking. See the docs.

Observed behavior

Updating the typescript and typedoc versions according to the snippet below without using stricter linting makes it possible to use the current typescript version with a minimum amount of errors.

"typedoc": "~0.16.9",
"typescript": "~3.8.1-rc",

Expected behavior

Updating the dependencies in the package.json and adding the following line of code in tsconfig.json (as well as fixing appearing type errors) should be sufficient for the usage of Typescript 3.8 as a first step.

"downlevelIteration": true, // required as long as target is `es5`

See https://github.com/datavisyn/visyn2020/issues/3

We should update all dependencies to the latest accessible versions, except for:

• all webpack dependencies
• all test dependencies
• d3 and bootstrap

It might be necessary to update jQuery and React in a separate step as well.

See https://github.com/datavisyn/visyn2020/issues/40

Summary

• enable gif files where necessary

branch: develop

Firefox shows the following warnings:

Cookie “randomCredentials” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite LoginCredentials.ts:24:75
Cookie “session” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

You can simply add SameSite=Strict or SameSite=Lax to the cookie at https://github.com/datavisyn/phovea_security_store_generated/blob/master/src/main/LoginCredentials.ts#L17
I guess strict is better for credentials :)

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Observed behavior

• This repository cannot be published to npm, due to this flag in package.json:

"private": true,

Expected behavior

• Option should be set to false in order to be able to publish it to npm.

We should use the latest versions both for requirements and dependencies.
Except for Typescript, tslint and d3 dependencies, which will be updated in a separate step.