Audit fix toolchain#1
Merged
Merged
Conversation
Reduces `npm audit` findings from 98 (24 critical) to 16 (0 critical) and
gets the build + test suite working again on modern Node, where the old
toolchain crashed with "primordials is not defined" (gulp 3).
Dependency upgrades (all dev/build-only; nothing ships to consumers):
- grunt 0.4 -> 1.6, grunt plugins to grunt-1-compatible majors
- karma 0.13 -> 6.4 with modern launchers; drop dead PhantomJS/IE launchers
- handlebars 2.0-alpha -> 4.7, tslint 3 -> 5 (+ typescript 3.9)
Build pipeline:
- Replace the unmaintained gulp / grunt-gulp pipeline (hard-pinned to gulp 3,
broken on Node 24) with native grunt-contrib-concat + grunt-contrib-uglify.
concat reproduces the (function($){...})(window.$) IIFE via banner/footer.
- Remove the dead gulpfile.js.
- Fix invalid CSS in goldenlayout-translucent-theme.less (`#dodgerblue` ->
`dodgerblue`) that the stricter LESS 3.x compiler rejects.
Tests:
- Run Karma under headless Chrome (ChromeHeadlessNoSandbox) instead of PhantomJS.
- Add test/jasmine-compat.js shimming the legacy Jasmine 1.x API
(runs/waits/waitsFor, spy.calls.length, spy.mostRecentCall) onto Jasmine 2+,
and disable spec randomisation (specs share state across `it` blocks).
- All 104 specs pass.
Tooling cleanup:
- Replace the deprecated `typings` tool (+ typings.json, install-breaking
`prepublish` script) with @types/jquery; `npm install` now succeeds without
--ignore-scripts.
- Drop tslint rules removed in tslint 5 (label-undefined, no-unreachable).
- Commit package-lock.json for reproducible installs / auditing.
Remaining 16 advisories are "no fix available" / breaking-only, confined to
release-and-watch tooling (grunt-release -> superagent/shelljs, grunt -> js-yaml,
grunt-contrib-watch -> gaze -> minimatch) that runs locally and never ships.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
dist/ is regenerated by `grunt dist` and shouldn't be tracked. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Runs on ubuntu-latest with Node 22: npm ci, npm test (Karma under headless Chrome + tslint), then grunt dist. Replaces the obsolete .travis.yml (pinned to Node 4.2). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.