The main goal of this issue is to avoid scanners (Dependabot
and friends), reporting about security issues with the current
xmldom 0.6.0 package.
Note that this doesn't affect prod at all, because it's a dev
dependency, hardly exploitable. So it's not a security fix, just
a security_benefit, if something.
So here, we are updating from xmldom 0.6.0 to @xmldom/xmldom 0.8.7
(note that the package was renamed in 0.7.0, so it's the very same)
Also, when proceeding with the changes, it was detected that we
are incorrectly declaring @babel/eslint-parser as a normal dependency
instead of a development one, so we are also fixing that little detail.
The commands executed to get the changes above applied have been:
- nvm use
- npm install @xmldom/xmldom@^0.8.7 --save-dev
- npm uninstall xmldom
- npm install @babel/eslint-parser@^7.17.0 --save-dev
(we haven't run a complete re-install because we only want to modify
the minimum possible at this stage).
A new grunt task, upgradablelibs, has been added in order to get the
list of libraries that have a newer version in their repositories.
Co-author: Andrew Lyons <andrew@moodle.com>
This commit adds a new Grunt task which generates a jsconfig.json file.
This file is described at
https://code.visualstudio.com/docs/languages/jsconfig and can be used
to configure vscode and other similar editors to understand our module
loading.
This task is an optional task for Grunt and can be run with:
npx grunt jsconfig
The file is git-ignored and will not affect normal usage.
Prior to this change the Grunt stylelint command was too greedy when
determining which files hsould be linted.
This change modifies the watch command to only watch relevant files and
subdirectories of each component directories. This means that unrelated
CSS and SCSS files are no longer watched for changes, and has the added
benefit of significantly increaseing the startup speed of grunt.
Without this patch applied the watch tasks were checking for matches in
the node_modules, and vendor directories.
Prior to this change all Grunt features were in a single Gruntfile.js
but this has become difficult to manage and maintain.
This commit moves the existing dependencies for component calculation
and babel moduel definition into a new .grunt directory, and
restructures the existing tasks in Gruntfile.js into separate task
configuration files.
This improves the maintainability of the Grunt build system and allows
for easier future expansion.
