Summary:
Bumps [engine.io](https://github.com/socketio/engine.io) from 3.6.0 to 3.6.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/socketio/engine.io/releases">engine.io's releases</a>.</em></p>
<blockquote>
<h2>3.6.1</h2>
<p>⚠️ This release contains an important security fix ⚠️</p>
<p>A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:</p>
<pre><code>Error: read ECONNRESET
at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:80:21) {
errno: -104,
code: 'ECONNRESET',
syscall: 'read'
}
</code></pre>
<p>Please upgrade as soon as possible.</p>
<h3>Bug Fixes</h3>
<ul>
<li>catch errors when destroying invalid upgrades (<a href="83c4071af8">83c4071</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/socketio/engine.io/blob/main/CHANGELOG.md">engine.io's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/socketio/engine.io/compare/3.6.0...3.6.1">3.6.1</a> (2022-11-20)</h2>
<p>⚠️ This release contains an important security fix ⚠️</p>
<p>A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:</p>
<pre><code>Error: read ECONNRESET
at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:80:21) {
errno: -104,
code: 'ECONNRESET',
syscall: 'read'
}
</code></pre>
<p>Please upgrade as soon as possible.</p>
<h3>Bug Fixes</h3>
<ul>
<li>catch errors when destroying invalid upgrades (<a href="83c4071af8">83c4071</a>)</li>
</ul>
<h2><a href="https://github.com/socketio/engine.io/compare/6.2.0...6.2.1">6.2.1</a> (2022-11-20)</h2>
<p>⚠️ This release contains an important security fix ⚠️</p>
<p>A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:</p>
<pre><code>Error: read ECONNRESET
at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:80:21) {
errno: -104,
code: 'ECONNRESET',
syscall: 'read'
}
</code></pre>
<p>Please upgrade as soon as possible.</p>
<h3>Bug Fixes</h3>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="67a3a87859"><code>67a3a87</code></a> chore(release): 3.6.1</li>
<li><a href="83c4071af8"><code>83c4071</code></a> fix: catch errors when destroying invalid upgrades</li>
<li>See full diff in <a href="https://github.com/socketio/engine.io/compare/3.6.0...3.6.1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/yoga/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/yoga/pull/1178
Reviewed By: javache
Differential Revision: D41553525
Pulled By: NickGerleman
fbshipit-source-id: 78f520c4e102eebcf505f59f6beced5216e25ef1
Summary:
Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser) from 3.3.2 to 3.3.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md">socket.io-parser's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/Automattic/socket.io-parser/compare/3.3.2...3.3.3">3.3.3</a> (2022-11-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>check the format of the index of each attachment (<a href="fb21e422fc">fb21e42</a>)</li>
</ul>
<h2><a href="https://github.com/socketio/socket.io-parser/compare/3.4.1...3.4.2">3.4.2</a> (2022-11-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>check the format of the index of each attachment (<a href="04d23cecaf">04d23ce</a>)</li>
</ul>
<h2><a href="https://github.com/socketio/socket.io-parser/compare/4.2.0...4.2.1">4.2.1</a> (2022-06-27)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>check the format of the index of each attachment (<a href="b5d0cb7dc5">b5d0cb7</a>)</li>
</ul>
<h2><a href="https://github.com/socketio/socket.io-parser/compare/4.0.4...4.0.5">4.0.5</a> (2022-06-27)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>check the format of the index of each attachment (<a href="b559f050ee">b559f05</a>)</li>
</ul>
<h1><a href="https://github.com/socketio/socket.io-parser/compare/4.1.2...4.2.0">4.2.0</a> (2022-04-17)</h1>
<h3>Features</h3>
<ul>
<li>allow the usage of custom replacer and reviver (<a href="https://github-redirect.dependabot.com/socketio/socket.io-parser/issues/112">https://github.com/facebook/yoga/issues/112</a>) (<a href="b08bc1a93e">b08bc1a</a>)</li>
</ul>
<h2><a href="https://github.com/socketio/socket.io-parser/compare/4.1.1...4.1.2">4.1.2</a> (2022-02-17)</h2>
<h3>Bug Fixes</h3>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="cd11e38e1a"><code>cd11e38</code></a> chore(release): 3.3.3</li>
<li><a href="fb21e422fc"><code>fb21e42</code></a> fix: check the format of the index of each attachment</li>
<li>See full diff in <a href="https://github.com/socketio/socket.io-parser/compare/3.3.2...3.3.3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/yoga/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/yoga/pull/1172
Reviewed By: christophpurrer
Differential Revision: D41177051
Pulled By: NickGerleman
fbshipit-source-id: 66ee5defdd185cffe52c0cc077efb979937293bb
Summary: This change applies all Arcanist recommended lint changes, which amounts to changing copyright headers and some cases of whitespace changes.
Reviewed By: yungsters
Differential Revision: D40060899
fbshipit-source-id: b62f9472e6ef58a3fc3d22eed661578a2635cb1f
Summary:
correct sections' order in order to match header in alphabetical order
Pull Request resolved: https://github.com/facebook/yoga/pull/1118
Reviewed By: yungsters
Differential Revision: D40026297
Pulled By: yungsters
fbshipit-source-id: d28d41d69eb3a99fab9536cc79057c617cf0e2df
Summary:
Pull Request resolved: https://github.com/facebook/yoga/pull/1164
Yoga CI in GitHub is currently running using Node 8, released in 2017. It has long been out of support, and is not able to install many of the packages in the updated lockfile due to version restrictions in the new packages.
Node 12 is able to install the current lockfile. Although it is old enough that security support has ended for it 5 months ago, `yoga-layout` currently fails to install on Node 12+, because a dependency, `nbind`, was reliant on V8 internals that have changed between versions, and has not published a version supporting anything later than Node 10.
There are unpublished commits in the official repo which add Node 12 support. So, we use that version when developing against the website, to jump us to something more up to date, without rewriting or removing all of the JS bindings quite yet.
Reviewed By: yungsters
Differential Revision: D40036466
fbshipit-source-id: e1b775d87854250bd74fa17ca7ba939b32aa3bd8
Summary: Yoga playground within the website has a separate package.json from the website. Update that as well, which is responsible for 4 open dependabot PRs.
Reviewed By: yungsters
Differential Revision: D40026579
fbshipit-source-id: 2b82bdf2e90b8f433824f37b5e83750c338c9dfc
Summary:
Yoga has 35 open dependabot PRs targeting these two packages. This change generates fresh lockfiles for each version, which should close most of them I think.
For each lockfile:
1. Delete lockfile
2. Run `yarn --ignore-scripts`
Full-fat rebuilds of lockfiles are normally bit dangerous compared to more targeted dependency upgrades, but rebuilding the lockfile felt like a better option because of the duration since last update, number of pending updates, and the low risk due to neither package being installable on Node 12+ at the moment.
allow-large-files
Reviewed By: mdvacca
Differential Revision: D39987360
fbshipit-source-id: 86febac73b90b6c9f1fe2345325b59d14463d28b
Summary:
https://github.com/facebook/yoga/pull/1116 adds a new enum. The enum generator is out of date with copyright header, and some codemods, but it also looks like there were manual changes, types added, etc since generation. I fixed up the script to incorporate generating the changes folks made manually, and also added an enum that was previously only added manually to the C ABI.
Changelog:
[General][Fixed] - Fixup Yoga Enum Generator
Reviewed By: yungsters
Differential Revision: D39922252
fbshipit-source-id: b678fa9a43a896873d8c434745bdaf3f16fd991f
Summary:
https://github.com/facebook/yoga/pull/1116 added a change to the test generator "gentests.rb" to support a newer version of chromedriver, along with a change to the enum generator (not touched in this diff) to produce code consistent with the current tests, which seem to have been manually edited since last generation.
I had trouble running the test generator locally, because it relies on unversioned third-party dependencies, whose APIs change. Looking at source history, it seems like each time someone wants to run the script, they end up updating its syntax to match whatever versions they pull in.
This change adds a Gemfile and lock so that that the version of "watir" is locked, and so that we will also automatically pull in a consistent "chomedriver" version via the "webdrivers" gem. It includes the updates from the PR to be consistent with already output tests, and I have also updated the copyright header generation to no longer create lint warnings on newly generated tests (some of the previous ones were fixed manually it looks like).
The test generator would still produce bodies which would fail clang-format, and were manually edited (causing generation to emit new lint warnings), so I updated the generator to suppress clang-format in the body of the generated files.
Three tests, around the interaction of minimum dimensions and flexible children produce different results in Chrome now compared to when the tests were added, so running `gentests.rb` creates tests which break UTs. This doesn't seem like any sort of rounding, or device specific difference, so I have disabled these tests for now. While digging around, it does look like Chrome periodically will fix bugs in its own layout implementation which cause differences, like https://bugs.chromium.org/p/chromium/issues/detail?id=927066
Reviewed By: rozele, Andrey-Mishanin
Differential Revision: D39907416
fbshipit-source-id: f88714ff038b42f935901783452df25eabb6ebb1
Summary:
In Flow v0.143 types-first will become the only supported mode in Flow.
As such the `types_first` configuration option will become invalid. To
prevent breaking roots that have `types_first=false` set and are **unversioned**,
this diff pins their version to v0.140, which is the last released version in fbsource.
## Repro
First compute the list of all `.flowconfig`s:
```
zbgf '.flowconfig$' | grep -v '^fbsource/fbcode/flow' | grep -v 'Binary file' | awk -F':' '{ print $1 }' | sort -u > all-flowconfigs.txt
```
Compute `.flowconfig`s that don’t have a version:
```
zbgs -f '\.flowconfig' '[version]' | grep -v '^fbsource/fbcode/flow' | grep -v 'Binary file' | awk -F':' '{ print $1 }' | sort -u > versioned-flowconfigs.txt
comm -23 all-flowconfigs.txt versioned-flowconfigs.txt > unversioned-flowconfigs.txt
```
Compute `.flowconfig`s that have `types_first=false`:
```
zbgr -f '\.flowconfig' '^types_first=false$' | grep -v '^fbsource/fbcode/flow' | grep -v 'Binary file' | awk -F':' '{ print $1 }' | sort -u > types_first-false-flowconfigs.txt
```
**and** no pinned version:
```
comm -12 unversioned-flowconfigs.txt types_first-false-flowconfigs.txt | grep 'fbsource' > pin-version-flowconfigs.txt
```
Update the `.flowconfig`s:
```
cat ~/scratch/flowconfigs/pin-version-flowconfigs-fbsource.txt | xargs -I{} bash -c 'printf "\n[version]\n^0.140.0\n" >> {}'
```
Reviewed By: mroch
Differential Revision: D25771452
fbshipit-source-id: 876d6310e4e1aafb81d3ef3051f4e9e9e838a633
Summary:
Yoga Playground website
changing direction results in no change to Litho code because of this typo
Reviewed By: SidharthGuglani
Differential Revision: D24818769
fbshipit-source-id: 1633513d4a25aead2008b59d52f669293214c598
Summary:
Part two of D20879147 where we update the versions of Prettier used in Xplat. I will stack land the diffs.
Here, we format all the files, and use the drop conflicts flag. After this lands, I will go and format the files which had conflicts again.
Changelog: [Internal]
drop-conflicts
bypass-lint
allow-large-files
Reviewed By: gkz
Differential Revision: D20929844
fbshipit-source-id: 2c1df8966a48b5db4f890e2cc494cb1c69422b7d
Summary:
This gets us on the latest Prettier 2.x:
https://prettier.io/blog/2020/03/21/2.0.0.html
Notably, this adds support for TypeScript 3.8,
which introduces new syntax, such as `import type`.
Reviewed By: zertosh
Differential Revision: D20636268
fbshipit-source-id: fca5833d003804333a05ba16325bbbe0e06d6c8a
Summary: Add a scroll bar to layout tab in playground to fix the UI issue where margin, border were not accessible.
Reviewed By: danielbuechele
Differential Revision: D19906128
fbshipit-source-id: 2c2d7695f731b2d312b78eab31c66d737915eaae
Summary: We want to use the yoga playground as a standalone package as well. This adds a webpack config to bundle the playground for npm. The package can then be distributed as `yoga-playground` via npm
Reviewed By: fabiomassimo
Differential Revision: D16583334
fbshipit-source-id: 84807ddd8983ba9f0fb43570b518c975f35544ab
Summary: As of today, Google URL shortener is retired. Moving to tinyURL instead. However, tinyURL doesn't support CORS headers, therefore additionally adding a CORS proxy.
Reviewed By: davidaurelio
Differential Revision: D14722636
fbshipit-source-id: 2ec41bb43287102543f1ac31bb76df57d71ba134
Summary:
The state of the playground was stores in a hash appended to the URL. However, tinyURL ignores the hash part of the URL. For this reason, we are using the search part of the URL instead.
Before: `yogalayout.com/playground#ey...`
After: `yogalayout.com/playground?ey...`
Reviewed By: davidaurelio
Differential Revision: D14722638
fbshipit-source-id: ed135f60269e9136bb850c4c661bd88f8ee19323
Summary:
@public
This bumps Prettier to v1.16.4
Only format source files were updated.
Reviewed By: mjesun
Differential Revision: D14454893
fbshipit-source-id: 72f9872fe764a79dbf0d9fab9bebb1456b039f2f
Summary:
Hello! Just found some typos on the docs. Fixing them here :)
Pull Request resolved: https://github.com/facebook/yoga/pull/784
Reviewed By: davidaurelio
Differential Revision: D14100968
Pulled By: SidharthGuglani
fbshipit-source-id: 1462216a0d5315075871f2fb11b6b1279ae0097a
Summary: Found and fixed typo on https://yogalayout.com/docs/justify-content/
Reviewed By: danielbuechele
Differential Revision: D13199988
fbshipit-source-id: 029cf812f09c48822ec11b054bf0c987f718191d
Summary: This change drops the year from the copyright headers and the LICENSE file.
Reviewed By: yungsters
Differential Revision: D9727774
fbshipit-source-id: df4fc1e4390733fe774b1a160dd41b4a3d83302a
Summary:
Updates all dependencies of the website to their latest version. This is made due to CVE-2018-3728 and a vunerable version of `hoek` used in s transitive dependency of the website. This updates `hoek` to v 4.2.1 which is not affected.
allow-large-files
Reviewed By: astreet
Differential Revision: D8734272
fbshipit-source-id: 3e96ea5890190f7d7b83cc4c18121fc925411f69
Summary:
On the first render the landing page was missing a CSS class. This ls probably related to https://github.com/gatsbyjs/gatsby/issues/5136
It is fixed by wrapping the page in a <div>
Reviewed By: priteshrnandgaonkar
Differential Revision: D8660801
fbshipit-source-id: dd1ac4145831f2556e2c7ceeaddb2a423447f833
Summary:
Might be the smallest PR in the world, but it caught my eye reading the
docs so I figured I should fix it.
Closes https://github.com/facebook/yoga/pull/782
Reviewed By: emilsjolander
Differential Revision: D8351525
Pulled By: jknoxville
fbshipit-source-id: fc7a881f062e07d2e28b5ca2da8c52f20bad53be
