From 68a07c5d3b2088a80bd9084b9bf3ba60fad67080 Mon Sep 17 00:00:00 2001 From: Hugh Willson Date: Tue, 25 Oct 2016 21:20:23 -0400 Subject: [PATCH 01/13] When the program.json is loaded use the Unicode Normalization Form of the loaded JSON string. --- tools/static-assets/server/server-json.js | 4 ++- .../apps/unicode-asset-app/.meteor/.gitignore | 1 + .../apps/unicode-asset-app/.meteor/packages | 7 ++++++ .../apps/unicode-asset-app/.meteor/release | 1 + tools/tests/apps/unicode-asset-app/index.js | 3 +++ .../unicode-asset-app/private/maça verde.txt | 1 + tools/tests/assets.js | 25 +++++++++++++++++++ 7 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 tools/tests/apps/unicode-asset-app/.meteor/.gitignore create mode 100644 tools/tests/apps/unicode-asset-app/.meteor/packages create mode 100644 tools/tests/apps/unicode-asset-app/.meteor/release create mode 100644 tools/tests/apps/unicode-asset-app/index.js create mode 100644 tools/tests/apps/unicode-asset-app/private/maça verde.txt create mode 100644 tools/tests/assets.js diff --git a/tools/static-assets/server/server-json.js b/tools/static-assets/server/server-json.js index 1711bb2415..a3d2069730 100644 --- a/tools/static-assets/server/server-json.js +++ b/tools/static-assets/server/server-json.js @@ -1,4 +1,6 @@ var fs = require("fs"); var path = require("path"); var serverJsonPath = path.resolve(process.argv[2]); -module.exports = JSON.parse(fs.readFileSync(serverJsonPath, 'utf8')); +module.exports = JSON.parse( + fs.readFileSync(serverJsonPath, 'utf8').normalize('NFC') +); diff --git a/tools/tests/apps/unicode-asset-app/.meteor/.gitignore b/tools/tests/apps/unicode-asset-app/.meteor/.gitignore new file mode 100644 index 0000000000..4083037423 --- /dev/null +++ b/tools/tests/apps/unicode-asset-app/.meteor/.gitignore @@ -0,0 +1 @@ +local diff --git a/tools/tests/apps/unicode-asset-app/.meteor/packages b/tools/tests/apps/unicode-asset-app/.meteor/packages new file mode 100644 index 0000000000..356aa29878 --- /dev/null +++ b/tools/tests/apps/unicode-asset-app/.meteor/packages @@ -0,0 +1,7 @@ +# Meteor packages used by this project, one per line. +# Check this file (and the other files in this directory) into your repository. +# +# 'meteor add' and 'meteor remove' will edit this file for you, +# but you can also edit it by hand. + +meteor-base diff --git a/tools/tests/apps/unicode-asset-app/.meteor/release b/tools/tests/apps/unicode-asset-app/.meteor/release new file mode 100644 index 0000000000..621e94f0ec --- /dev/null +++ b/tools/tests/apps/unicode-asset-app/.meteor/release @@ -0,0 +1 @@ +none diff --git a/tools/tests/apps/unicode-asset-app/index.js b/tools/tests/apps/unicode-asset-app/index.js new file mode 100644 index 0000000000..bb4d1ddb8d --- /dev/null +++ b/tools/tests/apps/unicode-asset-app/index.js @@ -0,0 +1,3 @@ +if (Meteor.isServer) { + console.log(Assets.getText('maça verde.txt')); +} diff --git a/tools/tests/apps/unicode-asset-app/private/maça verde.txt b/tools/tests/apps/unicode-asset-app/private/maça verde.txt new file mode 100644 index 0000000000..cd0875583a --- /dev/null +++ b/tools/tests/apps/unicode-asset-app/private/maça verde.txt @@ -0,0 +1 @@ +Hello world! diff --git a/tools/tests/assets.js b/tools/tests/assets.js new file mode 100644 index 0000000000..3ed52ba136 --- /dev/null +++ b/tools/tests/assets.js @@ -0,0 +1,25 @@ +var selftest = require('../tool-testing/selftest.js'); + +var Sandbox = selftest.Sandbox; + +var MONGO_LISTENING = + { stdout: " [initandlisten] waiting for connections on port" }; + +function startRun(sandbox) { + var run = sandbox.run(); + run.match("myapp"); + run.match("proxy"); + run.tellMongo(MONGO_LISTENING); + run.match("MongoDB"); + return run; +}; + +// Test that an app can properly read assets with unicode based filenames +selftest.define("assets - unicode asset names are allowed", () => { + const s = new Sandbox({ fakeMongo: true }); + s.createApp('myapp', 'unicode-asset-app'); + s.cd('myapp'); + const run = startRun(s); + run.match('Hello world!'); + run.stop(); +}); From 937f7269fc2517fc7a245132d91ceac789572622 Mon Sep 17 00:00:00 2001 From: Michael Oberegger Date: Wed, 26 Oct 2016 12:30:50 -0400 Subject: [PATCH 02/13] Added support for frame-ancestors CSP in browser-policy package. --- .../browser-policy-content.js | 96 ++++++++++--------- packages/browser-policy-content/package.js | 2 +- .../browser-policy/browser-policy-test.js | 7 ++ packages/browser-policy/package.js | 2 +- 4 files changed, 58 insertions(+), 49 deletions(-) diff --git a/packages/browser-policy-content/browser-policy-content.js b/packages/browser-policy-content/browser-policy-content.js index 49fb21ff3a..958fd18f7b 100644 --- a/packages/browser-policy-content/browser-policy-content.js +++ b/packages/browser-policy-content/browser-policy-content.js @@ -17,7 +17,7 @@ // disallowEval() // // For each type of content (script, object, image, media, font, connect, -// style), there are the following functions: +// style, frame, frame-ancestors), there are the following functions: // allowOrigin(origin): allows the type of content to be loaded // from the given origin // allowDataUrl(): allows the content to be loaded from data: URLs @@ -248,53 +248,55 @@ _.extend(BrowserPolicy.content, { // allowOrigin, allowData, allowself, and // disallow methods for each type of resource. -_.each(["script", "object", "img", "media", - "font", "connect", "style", "frame"], - function (resource) { - var directive = resource + "-src"; - var methodResource; - if (resource !== "img") { - methodResource = resource.charAt(0).toUpperCase() + - resource.slice(1); - } else { - methodResource = "Image"; - } - var allowMethodName = "allow" + methodResource + "Origin"; - var disallowMethodName = "disallow" + methodResource; - var allowDataMethodName = "allow" + methodResource + "DataUrl"; - var allowBlobMethodName = "allow" + methodResource + "BlobUrl"; - var allowSelfMethodName = "allow" + methodResource + "SameOrigin"; +var resources = [ + { methodResource: "Script", directive: "script-src" }, + { methodResource: "Object", directive: "object-src" }, + { methodResource: "Image", directive: "img-src" }, + { methodResource: "Media", directive: "media-src" }, + { methodResource: "Font", directive: "font-src" }, + { methodResource: "Connect", directive: "connect-src" }, + { methodResource: "Style", directive: "style-src" }, + { methodResource: "Frame", directive: "frame-src" }, + { methodResource: "FrameAncestors", directive: "frame-ancestors" } +]; +_.each(resources,
 function (resource) { + var directive = resource.directive;
 + var methodResource = resource.methodResource;
 + var allowMethodName = "allow" + methodResource + "Origin"; + var disallowMethodName = "disallow" + methodResource; + var allowDataMethodName = "allow" + methodResource + "DataUrl";
 + var allowBlobMethodName = "allow" + methodResource + "BlobUrl"; + var allowSelfMethodName = "allow" + methodResource + "SameOrigin"; - var disallow = function () { - cachedCsp = null; - cspSrcs[directive] = []; - }; - - BrowserPolicy.content[allowMethodName] = function (src) { - prepareForCspDirective(directive); - addSourceForDirective(directive, src); - }; - if (resource === "script") { - BrowserPolicy.content[disallowMethodName] = function () { - disallow(); - setWebAppInlineScripts(false); - }; - } else { - BrowserPolicy.content[disallowMethodName] = disallow; - } - BrowserPolicy.content[allowDataMethodName] = function () { - prepareForCspDirective(directive); - cspSrcs[directive].push("data:"); - }; - BrowserPolicy.content[allowBlobMethodName] = function () { - prepareForCspDirective(directive); - cspSrcs[directive].push("blob:"); - }; - BrowserPolicy.content[allowSelfMethodName] = function () { - prepareForCspDirective(directive); - cspSrcs[directive].push(keywords.self); - }; - }); + var disallow = function () { + cachedCsp = null; + cspSrcs[directive] = []; + }; + BrowserPolicy.content[allowMethodName] = function (src) { + prepareForCspDirective(directive); + addSourceForDirective(directive, src); + }; + if (resource === "script") { + BrowserPolicy.content[disallowMethodName] = function () { + disallow(); + setWebAppInlineScripts(false); + }; + } else { + BrowserPolicy.content[disallowMethodName] = disallow; + } + BrowserPolicy.content[allowDataMethodName] = function () { + prepareForCspDirective(directive); + cspSrcs[directive].push("data:"); + }; + BrowserPolicy.content[allowBlobMethodName] = function () { + prepareForCspDirective(directive); + cspSrcs[directive].push("blob:"); + }; + BrowserPolicy.content[allowSelfMethodName] = function () { + prepareForCspDirective(directive); + cspSrcs[directive].push(keywords.self); + }; +}); setDefaultPolicy(); diff --git a/packages/browser-policy-content/package.js b/packages/browser-policy-content/package.js index 4abffcb51e..a626f9ba88 100644 --- a/packages/browser-policy-content/package.js +++ b/packages/browser-policy-content/package.js @@ -1,6 +1,6 @@ Package.describe({ summary: "Configure content security policies", - version: "1.0.12" + version: "1.0.13" }); Package.onUse(function (api) { diff --git a/packages/browser-policy/browser-policy-test.js b/packages/browser-policy/browser-policy-test.js index 1a2ed512bd..19ca95c292 100644 --- a/packages/browser-policy/browser-policy-test.js +++ b/packages/browser-policy/browser-policy-test.js @@ -136,6 +136,13 @@ Tinytest.add("browser-policy - csp", function (test) { test.isTrue(cspsEqual(BrowserPolicy.content._constructCsp(), "default-src 'none'; frame-src https://foo.com; " + "object-src http://foo.com https://foo.com;")); + + // Check that frame-ancestors property is set correctly.
 + BrowserPolicy.content.allowFrameAncestorsOrigin("https://foo.com/");
 + test.isTrue(cspsEqual(BrowserPolicy.content._constructCsp(),
 + "default-src 'none'; frame-src https://foo.com; " +
 + "object-src http://foo.com https://foo.com; " +
 + "frame-ancestors https://foo.com;")); }); Tinytest.add("browser-policy - x-frame-options", function (test) { diff --git a/packages/browser-policy/package.js b/packages/browser-policy/package.js index 87e01b6e21..bada8728f1 100644 --- a/packages/browser-policy/package.js +++ b/packages/browser-policy/package.js @@ -1,6 +1,6 @@ Package.describe({ summary: "Configure security policies enforced by the browser", - version: "1.0.9" + version: "1.0.10" }); Package.onUse(function (api) { From 6c3a67518fe05d603790b5ac21e09316c0679135 Mon Sep 17 00:00:00 2001 From: Michael Oberegger Date: Wed, 26 Oct 2016 12:37:56 -0400 Subject: [PATCH 03/13] Updated documentation to make not of new frame-ancestors CSP option. --- packages/browser-policy/README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/browser-policy/README.md b/packages/browser-policy/README.md index 45c59c9654..53cb941e32 100644 --- a/packages/browser-policy/README.md +++ b/packages/browser-policy/README.md @@ -66,7 +66,10 @@ that are allowed to frame your app. (This is a limitation of the X-Frame-Options header.) Example values of origin include "http://example.com" and "https://foo.example.com". This value of the X-Frame-Options header is not yet supported in Chrome or Safari -and will be ignored in those browsers. +and will be ignored in those browsers. If you need Chrome and/or Safari +support, or need to allow multiple domains to frame your application, +you can use the frame-ancestors CSP option via the +BrowserPolicy.content.allowFrameAncestorsOrigin() function @@ -126,7 +129,7 @@ Disallows inline CSS. Finally, you can configure a whitelist of allowed requests that various types of content can make. The following functions are defined for the content types -script, object, image, media, font, frame, style, and connect. +script, object, image, media, font, frame, frame-ancestors, style, and connect.
From d74c7b68ce94d22563253ad04a3c22ed650af6d7 Mon Sep 17 00:00:00 2001 From: Hugh Willson Date: Thu, 3 Nov 2016 07:44:12 -0400 Subject: [PATCH 04/13] Updated the Assets API to make sure assetPath strings are normalized (to address issue #5626). --- tools/static-assets/server/boot.js | 8 ++++++++ tools/tests/apps/unicode-asset-app/index.js | 21 ++++++++++++++++++++- tools/tests/assets.js | 7 ++++++- 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/tools/static-assets/server/boot.js b/tools/static-assets/server/boot.js index 8e58b9e3b4..16b882d11e 100644 --- a/tools/static-assets/server/boot.js +++ b/tools/static-assets/server/boot.js @@ -227,6 +227,10 @@ var loadServerBundles = Profile("Load server bundles", function () { // written on Windows. assetPath = files.convertToStandardPath(assetPath); + // Normalize the asset path to prevent Unicode string mismatches when + // using this string elsewhere. + assetPath = assetPath.normalize('NFC'); + if (!fileInfo.assets || !_.has(fileInfo.assets, assetPath)) { _callback(new Error("Unknown asset: " + assetPath)); } else { @@ -251,6 +255,10 @@ var loadServerBundles = Profile("Load server bundles", function () { * @param {String} assetPath The path of the asset, relative to the application's `private` subdirectory. */ absoluteFilePath: function (assetPath) { + // Normalize the asset path to prevent Unicode string mismatches when + // using this string elsewhere. + assetPath = assetPath.normalize('NFC'); + if (!fileInfo.assets || !_.has(fileInfo.assets, assetPath)) { throw new Error("Unknown asset: " + assetPath); } diff --git a/tools/tests/apps/unicode-asset-app/index.js b/tools/tests/apps/unicode-asset-app/index.js index bb4d1ddb8d..0d414d7ee4 100644 --- a/tools/tests/apps/unicode-asset-app/index.js +++ b/tools/tests/apps/unicode-asset-app/index.js @@ -1,3 +1,22 @@ +'use strict'; + if (Meteor.isServer) { - console.log(Assets.getText('maça verde.txt')); + // c\u0327 = 2 code points: U+0063 LATIN SMALL LETTER C and U+0327 COMBINING + // CEDILLA + // \xE7 = 1 code point: U+00E7 LATIN SMALL LETTER C WITH CEDILLA + const filenames = [ + 'maça verde.txt', + 'mac\u0327a verde.txt', + 'ma\xE7a verde.txt', + ]; + + for (let i = 0; i < filenames.length; i++) { + console.log(`${i + 1} - getText: ${Assets.getText(filenames[i])}`); + } + + for (let i = 0; i < filenames.length; i++) { + console.log( + `${i + 1} - absoluteFilePath: ${Assets.absoluteFilePath(filenames[i])}` + ); + } } diff --git a/tools/tests/assets.js b/tools/tests/assets.js index 3ed52ba136..4cbf081804 100644 --- a/tools/tests/assets.js +++ b/tools/tests/assets.js @@ -20,6 +20,11 @@ selftest.define("assets - unicode asset names are allowed", () => { s.createApp('myapp', 'unicode-asset-app'); s.cd('myapp'); const run = startRun(s); - run.match('Hello world!'); + run.match('1 - getText: Hello world!'); + run.match('2 - getText: Hello world!'); + run.match('3 - getText: Hello world!'); + run.match(/1 - absoluteFilePath:(.*)macaverde.txt/); + run.match(/2 - absoluteFilePath:(.*)macaverde.txt/); + run.match(/3 - absoluteFilePath:(.*)macaverde.txt/); run.stop(); }); From c93756a710c010f976cdb1b49e874b61691a5ad1 Mon Sep 17 00:00:00 2001 From: Hugh Willson Date: Thu, 3 Nov 2016 13:57:17 -0400 Subject: [PATCH 05/13] Moved common normalize code into mini-files.js; Added/adjusted tests. --- tools/static-assets/server/boot.js | 8 +++---- tools/static-assets/server/mini-files.js | 6 ++++++ tools/tests/apps/unicode-asset-app/index.js | 12 +++++------ tools/tests/assets.js | 24 +++++++++++++++++++++ 4 files changed, 40 insertions(+), 10 deletions(-) diff --git a/tools/static-assets/server/boot.js b/tools/static-assets/server/boot.js index 16b882d11e..4abc6dc05f 100644 --- a/tools/static-assets/server/boot.js +++ b/tools/static-assets/server/boot.js @@ -227,9 +227,9 @@ var loadServerBundles = Profile("Load server bundles", function () { // written on Windows. assetPath = files.convertToStandardPath(assetPath); - // Normalize the asset path to prevent Unicode string mismatches when + // Unicode normalize the asset path to prevent string mismatches when // using this string elsewhere. - assetPath = assetPath.normalize('NFC'); + assetPath = files.unicodeNormalizePath(assetPath); if (!fileInfo.assets || !_.has(fileInfo.assets, assetPath)) { _callback(new Error("Unknown asset: " + assetPath)); @@ -255,9 +255,9 @@ var loadServerBundles = Profile("Load server bundles", function () { * @param {String} assetPath The path of the asset, relative to the application's `private` subdirectory. */ absoluteFilePath: function (assetPath) { - // Normalize the asset path to prevent Unicode string mismatches when + // Unicode normalize the asset path to prevent string mismatches when // using this string elsewhere. - assetPath = assetPath.normalize('NFC'); + assetPath = files.unicodeNormalizePath(assetPath); if (!fileInfo.assets || !_.has(fileInfo.assets, assetPath)) { throw new Error("Unknown asset: " + assetPath); diff --git a/tools/static-assets/server/mini-files.js b/tools/static-assets/server/mini-files.js index 3d29cc5549..2946f00a01 100644 --- a/tools/static-assets/server/mini-files.js +++ b/tools/static-assets/server/mini-files.js @@ -69,6 +69,11 @@ var convertToStandardLineEndings = function (fileContents) { .replace(new RegExp("\r", "g"), "\n"); }; +// Return the Unicode Normalization Form of the passed in path string, using +// "Normalization Form Canonical Composition" +const unicodeNormalizePath = (path) => { + return (path) ? path.normalize('NFC') : path; +}; // wrappings for path functions that always run as they were on unix (using // forward slashes) @@ -117,3 +122,4 @@ files.convertToPosixPath = toPosixPath; files.convertToStandardLineEndings = convertToStandardLineEndings; files.convertToOSLineEndings = convertToOSLineEndings; +files.unicodeNormalizePath = unicodeNormalizePath; diff --git a/tools/tests/apps/unicode-asset-app/index.js b/tools/tests/apps/unicode-asset-app/index.js index 0d414d7ee4..1eba400fb4 100644 --- a/tools/tests/apps/unicode-asset-app/index.js +++ b/tools/tests/apps/unicode-asset-app/index.js @@ -10,13 +10,13 @@ if (Meteor.isServer) { 'ma\xE7a verde.txt', ]; - for (let i = 0; i < filenames.length; i++) { - console.log(`${i + 1} - getText: ${Assets.getText(filenames[i])}`); - } + filenames.forEach((filename, index) => { + console.log(`${index + 1} - getText: ${Assets.getText(filename)}`); + }); - for (let i = 0; i < filenames.length; i++) { + filenames.forEach((filename, index) => { console.log( - `${i + 1} - absoluteFilePath: ${Assets.absoluteFilePath(filenames[i])}` + `${index + 1} - absoluteFilePath: ${Assets.absoluteFilePath(filename)}` ); - } + }); } diff --git a/tools/tests/assets.js b/tools/tests/assets.js index 4cbf081804..fd35fe8116 100644 --- a/tools/tests/assets.js +++ b/tools/tests/assets.js @@ -28,3 +28,27 @@ selftest.define("assets - unicode asset names are allowed", () => { run.match(/3 - absoluteFilePath:(.*)macaverde.txt/); run.stop(); }); + +// Verify path strings can be Unicode normalized through the +// tools/static-assets/server/mini-files.js#unicodeNormalizePath helper +selftest.define( + "assets - helper exists to unicode normalize path strings", + () => { + const files = require('../static-assets/server/mini-files.js'); + + selftest.expectEqual(null, files.unicodeNormalizePath(null)); + + const unicodeNormalizedPath = '/path/maça verde.txt'.normalize('NFC'); + const testPaths = [ + '/path/maça verde.txt', + '/path/mac\u0327a verde.txt', + '/path/ma\xE7a verde.txt', + ]; + testPaths.forEach((path) => { + selftest.expectEqual( + unicodeNormalizedPath, + files.unicodeNormalizePath(path) + ); + }); + } +); From b9f2bb255d8e9d331b845d5391a7fdd7534c4a4a Mon Sep 17 00:00:00 2001 From: David Glasser Date: Wed, 23 Nov 2016 13:10:58 -0800 Subject: [PATCH 06/13] Don't allow websockets to indefinitely wait for DDP handshake In general, we try to avoid allowing TCP connections to be open with no traffic on it indefinitely. We place timeouts on incoming HTTP connections in webapp_server.js (which we adjust to longer values when there's an HTTP request pending), and once a DDP connection is fully established we require heartbeats. However, if the incoming connection is a websocket, the faye-websocket package used by SockJS calls setTimeout(0) on the underlying socket when it initializes the WebSocket object: https://github.com/faye/faye-websocket-node/blob/3148348a3/lib/faye/websocket/api.js#L111 So if a client does the WebSocket handshake with the server but never sends a valid DDP connect message, the socket can be held open indefinitely. (To add insult to injury, a 1MB Buffer object is retained on such sockets due to something in the faye-websocket code, at least on older versions of Node like 0.10.) This commit restores a timeout on the socket for this in-between period. (We actually saw this issue in production on the Meteor Developer Accounts server --- hundreds of such broken connections would accumulate over time. This may be triggered by a particular setup we use involving proxies for the accounts server, or it may be a more generally applicable issue.) --- packages/ddp-server/livedata_server.js | 3 +++ packages/ddp-server/stream_server.js | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/packages/ddp-server/livedata_server.js b/packages/ddp-server/livedata_server.js index fcd2bf84e3..4a03a57ab1 100644 --- a/packages/ddp-server/livedata_server.js +++ b/packages/ddp-server/livedata_server.js @@ -302,6 +302,9 @@ var Session = function (server, version, socket, options) { }).run(); if (version !== 'pre1' && options.heartbeatInterval !== 0) { + // We no longer need the low level timeout because we have heartbeating. + socket.setWebsocketTimeout(0); + self.heartbeat = new DDPCommon.Heartbeat({ heartbeatInterval: options.heartbeatInterval, heartbeatTimeout: options.heartbeatTimeout, diff --git a/packages/ddp-server/stream_server.js b/packages/ddp-server/stream_server.js index e2d3771b2f..1996d9088c 100644 --- a/packages/ddp-server/stream_server.js +++ b/packages/ddp-server/stream_server.js @@ -86,6 +86,25 @@ StreamServer = function () { self._redirectWebsocketEndpoint(); self.server.on('connection', function (socket) { + // We want to make sure that if a client connects to us and does the initial + // Websocket handshake but never gets to the DDP handshake, that we + // eventually kill the socket. Once the DDP handshake happens, DDP + // heartbeating will work. And before the Websocket handshake, the timeouts + // we set at the server level in webapp_server.js will work. But + // faye-websocket calls setTimeout(0) on any socket it takes over, so there + // is an "in between" state where this doesn't happen. We work around this + // by explicitly setting the socket timeout to a relatively large time here, + // and setting it back to zero when we set up the heartbeat in + // livedata_server.js. + socket.setWebsocketTimeout = function (timeout) { + if ((socket.protocol === 'websocket' || + socket.protocol === 'websocket-raw') + && socket._session.recv) { + socket._session.recv.connection.setTimeout(timeout); + } + }; + socket.setWebsocketTimeout(45 * 1000); + socket.send = function (data) { socket.write(data); }; From 487b41fd7563e1afa623c62e248277d0d7ae25e0 Mon Sep 17 00:00:00 2001 From: Jesse Rosenberger Date: Thu, 24 Nov 2016 16:12:10 +0200 Subject: [PATCH 07/13] Improve compiler error when asset is added with empty contents While not a Meteor bug, this makes the error message more helpful when a compiler tries adding an asset without data, as demonstrated in meteor/meteor#8034. Thanks to suggestion by @sdarnell for this. Closes meteor/meteor#8034 --- tools/isobuild/compiler-plugin.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/isobuild/compiler-plugin.js b/tools/isobuild/compiler-plugin.js index b93100387d..482903b067 100644 --- a/tools/isobuild/compiler-plugin.js +++ b/tools/isobuild/compiler-plugin.js @@ -726,7 +726,8 @@ class ResourceSlot { if (_.isString(options.data)) { options.data = new Buffer(options.data); } else { - throw new Error("'data' option to addAsset must be a Buffer or String."); + throw new Error("'data' option to addAsset must be a Buffer or " + + "String: " + self.inputResource.path); } } From ac865943466f6e691ec30c816576451939b5e8ff Mon Sep 17 00:00:00 2001 From: Ben Newman Date: Sun, 27 Nov 2016 20:19:26 -0500 Subject: [PATCH 08/13] Install npm dependencies automatically when creating apps. Although I have said I do not think Meteor should run `npm install` automatically to update application node_modules, my real concern is that Meteor should not interfere with your preferred node_modules-related workflow, be it npm, npm-shinkwrap.json, yarn, yarn.lock, checking your node_modules into git/mercurial/cvs, or whatever other scheme you have. Automatically installing node_modules from the default package.json file when a new app is created will eliminate real confusion, and should not interfere with any workflows, because there is no opportunity to establish another workflow before Meteor runs `npm install` the very first time. --- tools/cli/commands.js | 2 ++ tools/cli/default-npm-deps.js | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/cli/commands.js b/tools/cli/commands.js index b88977d16e..3632698a2e 100644 --- a/tools/cli/commands.js +++ b/tools/cli/commands.js @@ -744,6 +744,8 @@ main.registerCommand({ // the packages (or maybe an unpredictable subset based on what happens to be // in the template's versions file). + require("./default-npm-deps.js").install(appPath); + var appNameToDisplay = appPathAsEntered === "." ? "current directory" : `'${appPathAsEntered}'`; diff --git a/tools/cli/default-npm-deps.js b/tools/cli/default-npm-deps.js index 73baf9c6a7..95df83b24d 100644 --- a/tools/cli/default-npm-deps.js +++ b/tools/cli/default-npm-deps.js @@ -6,7 +6,7 @@ import { unlink, } from "../fs/files.js"; -const INSTALL_JOB_MESSAGE = "installing dependencies from package.json"; +const INSTALL_JOB_MESSAGE = "installing npm dependencies"; export function install(appDir) { const packageJsonPath = pathJoin(appDir, "package.json"); From 8e228180e66a9808f268f1de1b9ead2ec21a8751 Mon Sep 17 00:00:00 2001 From: Zoltan Olah Date: Tue, 29 Nov 2016 15:41:39 -0800 Subject: [PATCH 09/13] History entry for #7970 --- History.md | 386 +---------------------------------------------------- 1 file changed, 6 insertions(+), 380 deletions(-) diff --git a/History.md b/History.md index 30b3a8a95d..1e37ceb125 100644 --- a/History.md +++ b/History.md @@ -1,382 +1,8 @@ ## v.NEXT -* The `facebook` package has been split into: - - `facebook-oauth` (the part that allows oauth w/ FB directly) and - - `facebook-config-ui` (the Blaze configuration templates for accounts-ui) - - This means you can now use `[accounts-]facebook` without needing Blaze. - - If you are using `accounts-ui` and `accounts-facebook`, you will probably - need to install the `facebook-config-ui` package if you want to configure it - using the Accounts UI. - - [Issue #7715](https://github.com/meteor/meteor/issues/7715) - [PR #7728](https://github.com/meteor/meteor/pull/7728) - -## v1.4.2.3 - -* Style improvements for `meteor create --full`. - [#8045](https://github.com/meteor/meteor/pull/8045) - -> Note: Meteor 1.4.2.2 was finalized before - [#8045](https://github.com/meteor/meteor/pull/8045) was merged, but - those changes were [deemed important - enough](https://github.com/meteor/meteor/pull/8044#issuecomment-260913739) - to skip recommending 1.4.2.2 and instead immediately release 1.4.2.3. - -## v1.4.2.2 - -* Node has been upgraded to version 4.6.2. - -* `meteor create` now has a new `--full` option, which generates an larger app, - demonstrating development techniques highlighted in the - [Meteor Guide](http://guide.meteor.com) - - [Issue #6974](https://github.com/meteor/meteor/issues/6974) - [PR #7807](https://github.com/meteor/meteor/pull/7807) - -* Minimongo now supports `$min`, `$max` and partially supports `$currentDate`. - - [Issue #7857](https://github.com/meteor/meteor/issues/7857) - [PR #7858](https://github.com/meteor/meteor/pull/7858) - -* Fix for [Issue #5676](https://github.com/meteor/meteor/issues/5676) - [PR #7968](https://github.com/meteor/meteor/pull/7968) - -* It is now possible for packages to specify a *lazy* main module: - ```js - Package.onUse(function (api) { - api.mainModule("client.js", "client", { lazy: true }); - }); - ``` - This means the `client.js` module will not be evaluated during app - startup unless/until another module imports it, and will not even be - included in the client bundle if no importing code is found. **Note 1:** - packages with lazy main modules cannot use `api.export` to export global - symbols to other packages/apps. **Note 2:** packages with lazy main - modules should be restricted to Meteor 1.4.2.2 or later via - `api.versionsFrom("1.4.2.2")`, since older versions of Meteor cannot - import lazy main modules using `import "meteor/"` but must - explicitly name the module: `import "meteor//client.js"`. - -## v1.4.2.1 - -* Installing the `babel-runtime` npm package in your application - `node_modules` directory is now required for most Babel-transformed code - to work, as the Meteor `babel-runtime` package no longer attempts to - provide custom implementations of Babel helper functions. To install - the `babel-runtime` package, simply run the command - ```sh - meteor npm install --save babel-runtime - ``` - in any Meteor application directory. The Meteor `babel-runtime` package - version has been bumped to 1.0.0 to reflect this major change. - [#7995](https://github.com/meteor/meteor/pull/7995) - -* File system operations performed by the command-line tool no longer use - fibers unless the `METEOR_DISABLE_FS_FIBERS` environment variable is - explicitly set to a falsy value. For larger apps, this change results in - significant build performance improvements due to the creation of fewer - fibers and the avoidance of unnecessary asyncronous delays. - https://github.com/meteor/meteor/pull/7975/commits/ca4baed90ae0675e55c93976411d4ed91f12dd63 - -* Running Meteor as `root` is still discouraged, and results in a fatal - error by default, but the `--allow-superuser` flag now works as claimed. - [#7959](https://github.com/meteor/meteor/issues/7959) - -* The `dev_bundle\python\python.exe` executable has been restored to the - Windows dev bundle, which may help with `meteor npm rebuild` commands. - [#7960](https://github.com/meteor/meteor/issues/7960) - -* Changes within linked npm packages now trigger a partial rebuild, - whereas previously (in 1.4.2) they were ignored. - [#7978](https://github.com/meteor/meteor/issues/7978) - -* Miscellaneous fixed bugs: - [#2876](https://github.com/meteor/meteor/issues/2876) - [#7154](https://github.com/meteor/meteor/issues/7154) - [#7956](https://github.com/meteor/meteor/issues/7956) - [#7974](https://github.com/meteor/meteor/issues/7974) - [#7999](https://github.com/meteor/meteor/issues/7999) - [#8005](https://github.com/meteor/meteor/issues/8005) - [#8007](https://github.com/meteor/meteor/issues/8007) - -## v1.4.2 - -* This release implements a number of rebuild performance optimizations. - As you edit files in development, the server should restart and rebuild - much more quickly, especially if you have many `node_modules` files. - See https://github.com/meteor/meteor/pull/7668 for more details. - -> Note: the `METEOR_PROFILE` environment variable now provides data for - server startup time as well as build time, which should make it easier - to tell which of your packages are responsible for slow startup times. - Please include the output of `METEOR_PROFILE=10 meteor run` with any - GitHub issue about rebuild performance. - -* `npm` has been upgraded to version 3.10.9. - -* The `cordova-lib` npm package has been updated to 6.3.1, along with - cordova-android (5.2.2) and cordova-ios (4.2.1), and various plugins. - -* The `node-pre-gyp` npm package has been updated to 0.6.30. - -* The `lru-cache` npm package has been updated to 4.0.1. - -* The `meteor-promise` npm package has been updated to 0.8.0 for better - asynchronous stack traces. - -* The `meteor` tool is now prevented from running as `root` as this is - not recommended and can cause issues with permissions. In some environments, - (e.g. Docker), it may still be desired to run as `root` and this can be - permitted by passing `--unsafe-perm` to the `meteor` command. - [#7821](https://github.com/meteor/meteor/pull/7821) - -* Blaze-related packages have been extracted to - [`meteor/blaze`](https://github.com/meteor/blaze), and the main - [`meteor/meteor`](https://github.com/meteor/meteor) repository now - refers to them via git submodules (see - [#7633](https://github.com/meteor/meteor/pull/7633)). - When running `meteor` from a checkout, you must now update these - submodules by running - ```sh - git submodule update --init --recursive - ``` - in the root directory of your `meteor` checkout. - -* Accounts.forgotPassword and .verifyEmail no longer throw errors if callback is provided. [Issue #5664](https://github.com/meteor/meteor/issues/5664) [Origin PR #5681](https://github.com/meteor/meteor/pull/5681) [Merged PR](https://github.com/meteor/meteor/pull/7117) - -* The default content security policy (CSP) for Cordova now includes `ws:` - and `wss:` WebSocket protocols. - [#7774](https://github.com/meteor/meteor/pull/7774) - -* `meteor npm` commands are now configured to use `dev_bundle/.npm` as the - npm cache directory by default, which should make npm commands less - sensitive to non-reproducible factors in the external environment. - https://github.com/meteor/meteor/pull/7668/commits/3313180a6ff33ee63602f7592a9506012029e919 - -* The `meteor test` command now supports the `--no-release-check` flag. - https://github.com/meteor/meteor/pull/7668/commits/7097f78926f331fb9e70a06300ce1711adae2850 - -* JavaScript module bundles on the server no longer include transitive - `node_modules` dependencies, since those dependencies can be evaluated - directly by Node. This optimization should improve server rebuild times - for apps and packages with large `node_modules` directories. - https://github.com/meteor/meteor/pull/7668/commits/03c5346873849151cecc3e00606c6e5aa13b3bbc - -* The `standard-minifier-css` package now does basic caching for the - expensive `mergeCss` function. - https://github.com/meteor/meteor/pull/7668/commits/bfa67337dda1e90610830611fd99dcb1bd44846a - -* The `coffeescript` package now natively supports `import` and `export` - declarations. [#7818](https://github.com/meteor/meteor/pull/7818) - -## v1.4.1.3 - -* Node has been updated to version 4.6.1: - https://nodejs.org/en/blog/release/v4.6.1/ - -* The `mongodb` npm package used by the `npm-mongo` Meteor package has - been updated to version 2.2.11. - [#7780](https://github.com/meteor/meteor/pull/7780) - -* The `fibers` npm package has been upgraded to version 1.0.15. - -* Running Meteor with a different `--port` will now automatically - reconfigure the Mongo replica set when using the WiredTiger storage - engine, instead of failing to start Mongo. - [#7840](https://github.com/meteor/meteor/pull/7840). - -* When the Meteor development server shuts down, it now attempts to kill - the `mongod` process it spawned, in addition to killing any running - `mongod` processes when the server first starts up. - https://github.com/meteor/meteor/pull/7668/commits/295d3d5678228f06ee0ab6c0d60139849a0ea192 - -* The `meteor ...` syntax will now work for any command - installed in `dev_bundle/bin`, except for Meteor's own commands. - -* Incomplete package downloads will now fail (and be retried several - times) instead of silently succeeding, which was the cause of the - dreaded `Error: ENOENT: no such file or directory, open... os.json` - error. [#7806](https://github.com/meteor/meteor/issues/7806) - -## v1.4.1.2 - -* Node has been upgraded to version 4.6.0, a recommended security release: - https://nodejs.org/en/blog/release/v4.6.0/ - -* `npm` has been upgraded to version 3.10.8. - -## v1.4.1.1 - -* Update the version of our Node MongoDB driver to 2.2.8 to fix a bug in - reconnection logic, leading to some `update` and `remove` commands being - treated as `insert`s. [#7594](https://github.com/meteor/meteor/issues/7594) - -## v1.4.1 - -* Node has been upgraded to 4.5.0. - -* `npm` has been upgraded to 3.10.6. - -* The `meteor publish-for-arch` command is no longer necessary when - publishing Meteor packages with binary npm dependencies. Instead, binary - dependencies will be rebuilt automatically on the installation side. - Meteor package authors are not responsible for failures due to compiler - toolchain misconfiguration, and any compilation problems with the - underlying npm packages should be taken up with the authors of those - packages. That said, if a Meteor package author really needs or wants to - continue using `meteor publish-for-arch`, she should publish her package - using an older release: e.g. `meteor --release 1.4 publish`. - [#7608](https://github.com/meteor/meteor/pull/7608) - -* The `.meteor-last-rebuild-version.json` files that determine if a binary - npm package needs to be rebuilt now include more information from the - `process` object, namely `process.{platform,arch,versions}` instead of - just `process.versions`. Note also that the comparison of versions now - ignores differences in patch versions, to avoid needless rebuilds. - -* The `npm-bcrypt` package now uses a pure-JavaScript implementation by - default, but will prefer the native `bcrypt` implementation if it is - installed in the application's `node_modules` directory. In other words, - run `meteor install --save bcrypt` in your application if you need or - want to use the native implementation of `bcrypt`. - [#7595](https://github.com/meteor/meteor/pull/7595) - -* After Meteor packages are downloaded from Atmosphere, they will now be - extracted using native `tar` or `7z.exe` on Windows, instead of the - https://www.npmjs.com/package/tar library, for a significant performance - improvement. [#7457](https://github.com/meteor/meteor/pull/7457) - -* The npm `tar` package has been upgraded to 2.2.1, though it is now only - used as a fallback after native `tar` and/or `7z.exe`. - -* The progress indicator now distinguishes between downloading, - extracting, and loading newly-installed Meteor packages, instead of - lumping all of that work into a "downloading" status message. - -* Background Meteor updates will no longer modify the `~/.meteor/meteor` - symbolic link (or `AppData\Local\.meteor\meteor.bat` on Windows). - Instead, developers must explicitly type `meteor update` to begin using - a new version of the `meteor` script. - -* Password Reset tokens now expire (after 3 days by default -- can be modified via `Accounts.config({ passwordResetTokenExpirationInDays: ...}`). [PR #7534](https://github.com/meteor/meteor/pull/7534) - -* The `google` package now uses the `email` scope as a mandatory field instead - of the `profile` scope. The `profile` scope is still added by default if the - `requestPermissions` option is not specified to maintain backward - compatibility, but it is now possible to pass an empty array to - `requestPermissions` in order to only request the `email` scope, which - reduces the amount of permissions requested from the user in the Google - popup. [PR #6975](https://github.com/meteor/meteor/pull/6975) - -* Added `Facebook.handleAuthFromAccessToken` in the case where you get the FB - accessToken in some out-of-band way. [PR #7550](https://github.com/meteor/meteor/pull/7550) - -* `Accounts.onLogout` gets `{ user, connection }` context in a similar fashion - to `Accounts.onLogin`. [Issue #7397](https://github.com/meteor/meteor/issues/7397) [PR #7433](https://github.com/meteor/meteor/pull/7433) - -* The `node-gyp` and `node-pre-gyp` tools will now be installed in - `bundle/programs/server/node_modules`, to assist with rebuilding binary - npm packages when deploying an app to Galaxy or elsewhere. - [#7571](https://github.com/meteor/meteor/pull/7571) - -* The `standard-minifier-{js,css}` packages no longer minify .js or .css - files on the server. [#7572](https://github.com/meteor/meteor/pull/7572) - -* Multi-line input to `meteor shell`, which was broken by changes to the - `repl` module in Node 4, works again. - [#7562](https://github.com/meteor/meteor/pull/7562) - -* The implementation of the command-line `meteor` tool now forbids - misbehaving polyfill libraries from overwriting `global.Promise`. - [#7569](https://github.com/meteor/meteor/pull/7569) - -* The `oauth-encryption` package no longer depends on the - `npm-node-aes-gcm` package (or any special npm packages), because the - Node 4 `crypto` library natively supports the `aes-128-gcm` algorithm. - [#7548](https://github.com/meteor/meteor/pull/7548) - -* The server-side component of the `meteor shell` command has been moved - into a Meteor package, so that it can be developed independently from - the Meteor release process, thanks to version unpinning. - [#7624](https://github.com/meteor/meteor/pull/7624) - -* The `meteor shell` command now works when running `meteor test`. - -* The `meteor debug` command no longer pauses at the first statement - in the Node process, yet still reliably stops at custom breakpoints - it encounters later. - -* The `meteor-babel` package has been upgraded to 0.12.0. - -* The `meteor-ecmascript-runtime` package has been upgraded to 0.2.9, to - support several additional [stage 4 - proposals](https://github.com/meteor/ecmascript-runtime/pull/4). - -* A bug that prevented @-scoped npm packages from getting bundled for - deployed apps has been fixed. - [#7609](https://github.com/meteor/meteor/pull/7609). - -* The `meteor update` command now supports an `--all-packages` flag to - update all packages (including indirect dependencies) to their latest - compatible versions, similar to passing the names of all your packages - to the `meteor update` command. - [#7653](https://github.com/meteor/meteor/pull/7653) - -* Background release updates can now be disabled by invoking either - `meteor --no-release-check` or `METEOR_NO_RELEASE_CHECK=1 meteor`. - [#7445](https://github.com/meteor/meteor/pull/7445) - -## v1.4.0.1 - -* Fix issue with the 1.4 tool springboarding to older releases (see [Issue #7491](https://github.com/meteor/meteor/issues/7491)) - -* Fix issue with running in development on Linux 32bit [Issue #7511](https://github.com/meteor/meteor/issues/7511) - -## v1.4 - -* Node has been upgraded to 4.4.7. - -* The `meteor-babel` npm package has been upgraded to 0.11.7. - -* The `reify` npm package has been upgraded to 0.3.6. - -* The `bcrypt` npm package has been upgraded to 0.8.7. - -* Nested `import` declarations are now enabled for package code as well as - application code. 699cf1f38e9b2a074169515d23983f74148c7223 - -* Meteor has been upgraded to support Mongo 3.2 by default (the bundled version - used by `meteor run` has been upgraded). Internally it now uses the 2.2.4 - version of the `mongodb` npm driver, and has been tested against at Mongo 3.2 - server. [Issue #6957](https://github.com/meteor/meteor/issues/6957) - - Mongo 3.2 defaults to the new WiredTiger storage engine. You can update your - database following the instructions here: - https://docs.mongodb.com/v3.0/release-notes/3.0-upgrade/. - In development, you can also just use `meteor reset` to remove your old - database, and Meteor will create a new WiredTiger database for you. The Mongo - driver will continue to work with the old MMAPv1 storage engine however. - - The new version of the Mongo driver has been tested with MongoDB versions from - 2.6 up. Mongo 2.4 has now reached end-of-life - (https://www.mongodb.com/support-policy), and is no longer supported. - - If you are setting `MONGO_OPLOG_URL`, especially in production, ensure you are - passing in the `replicaSet` argument (see [#7450] - (https://github.com/meteor/meteor/issues/7450)) - -* Custom Mongo options can now be specified using the - `Mongo.setConnectionOptions(options)` API. - [#7277](https://github.com/meteor/meteor/pull/7277) - -* On the server, cursor.count() now takes a single argument `applySkipLimit` - (see the corresponding [Mongo documentation] - (http://mongodb.github.io/node-mongodb-native/2.1/api/Cursor.html#count)) - +* Add support for frame-ancestors CSP option in browser-policy [#7970](https://github.com/meteor/meteor/pull/7970) * Fix for regression caused by #5837 which incorrectly rewrote - network-path references (e.g. `//domain.com/image.gif`) in CSS URLs. + network-path references (i.e. //domain.com/image.gif) in CSS URLs [#7416](https://github.com/meteor/meteor/issues/7416) * Added Angular2 boilerplate example [#7364](https://github.com/meteor/meteor/pull/7363) @@ -384,7 +10,7 @@ * This release fixed a small bug in 1.3.5 that prevented updating apps whose `.meteor/release` files refer to releases no longer installed in - `~/.meteor/packages/meteor-tool`. [576468eae8d8dd7c1fe2fa381ac51dee5cb792cd](https://github.com/meteor/meteor/commit/576468eae8d8dd7c1fe2fa381ac51dee5cb792cd) + `~/.meteor/packages/meteor-tool`. 576468eae8d8dd7c1fe2fa381ac51dee5cb792cd ## v1.3.5 @@ -395,7 +21,7 @@ * If an app has no `package.json` file, all packages in `node_modules` will be built into the production bundle. In other words, make sure you have a `package.json` file if you want to benefit from `devDependencies` - pruning. [7b2193188fc9e297eefc841ce6035825164f0684](https://github.com/meteor/meteor/commit/7b2193188fc9e297eefc841ce6035825164f0684) + pruning. 7b2193188fc9e297eefc841ce6035825164f0684 * Binary npm dependencies of compiler plugins are now automatically rebuilt when Node/V8 versions change. @@ -430,7 +56,7 @@ `Npm.depends`) has been set to "error" instead of "warn". Note that this change does not affect `meteor npm ...` commands, which can be easily configured using `.npmrc` files or command-line flags. - [0689cae25a3e0da3615a402cdd0bec94ce8455c8](https://github.com/meteor/meteor/commit/0689cae25a3e0da3615a402cdd0bec94ce8455c8) + https://github.com/meteor/meteor/commit/0689cae25a3e0da3615a402cdd0bec94ce8455c8 ## v1.3.4.3 @@ -461,7 +87,7 @@ invoke. Note that you must `meteor update` to 1.3.4.2 before this logic will take effect, but it will work in all app directories after updating, even those pinned to older versions. - [#7338](https://github.com/meteor/meteor/issues/7338) + [#7338](https://github.com/meteor/meteor/issue/7338) * The Meteor installer now has the ability to resume downloads, so installing Meteor on a spotty internet connection should be more From 330a5afebcf6e1e945d362b64135e7506a55c9f4 Mon Sep 17 00:00:00 2001 From: Jesse Rosenberger Date: Wed, 30 Nov 2016 14:54:59 +0200 Subject: [PATCH 10/13] Revert "History entry for #7970" This reverts commit 8e228180e66a9808f268f1de1b9ead2ec21a8751. --- History.md | 386 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 380 insertions(+), 6 deletions(-) diff --git a/History.md b/History.md index 1e37ceb125..30b3a8a95d 100644 --- a/History.md +++ b/History.md @@ -1,8 +1,382 @@ ## v.NEXT -* Add support for frame-ancestors CSP option in browser-policy [#7970](https://github.com/meteor/meteor/pull/7970) +* The `facebook` package has been split into: + - `facebook-oauth` (the part that allows oauth w/ FB directly) and + - `facebook-config-ui` (the Blaze configuration templates for accounts-ui) + + This means you can now use `[accounts-]facebook` without needing Blaze. + + If you are using `accounts-ui` and `accounts-facebook`, you will probably + need to install the `facebook-config-ui` package if you want to configure it + using the Accounts UI. + + [Issue #7715](https://github.com/meteor/meteor/issues/7715) + [PR #7728](https://github.com/meteor/meteor/pull/7728) + +## v1.4.2.3 + +* Style improvements for `meteor create --full`. + [#8045](https://github.com/meteor/meteor/pull/8045) + +> Note: Meteor 1.4.2.2 was finalized before + [#8045](https://github.com/meteor/meteor/pull/8045) was merged, but + those changes were [deemed important + enough](https://github.com/meteor/meteor/pull/8044#issuecomment-260913739) + to skip recommending 1.4.2.2 and instead immediately release 1.4.2.3. + +## v1.4.2.2 + +* Node has been upgraded to version 4.6.2. + +* `meteor create` now has a new `--full` option, which generates an larger app, + demonstrating development techniques highlighted in the + [Meteor Guide](http://guide.meteor.com) + + [Issue #6974](https://github.com/meteor/meteor/issues/6974) + [PR #7807](https://github.com/meteor/meteor/pull/7807) + +* Minimongo now supports `$min`, `$max` and partially supports `$currentDate`. + + [Issue #7857](https://github.com/meteor/meteor/issues/7857) + [PR #7858](https://github.com/meteor/meteor/pull/7858) + +* Fix for [Issue #5676](https://github.com/meteor/meteor/issues/5676) + [PR #7968](https://github.com/meteor/meteor/pull/7968) + +* It is now possible for packages to specify a *lazy* main module: + ```js + Package.onUse(function (api) { + api.mainModule("client.js", "client", { lazy: true }); + }); + ``` + This means the `client.js` module will not be evaluated during app + startup unless/until another module imports it, and will not even be + included in the client bundle if no importing code is found. **Note 1:** + packages with lazy main modules cannot use `api.export` to export global + symbols to other packages/apps. **Note 2:** packages with lazy main + modules should be restricted to Meteor 1.4.2.2 or later via + `api.versionsFrom("1.4.2.2")`, since older versions of Meteor cannot + import lazy main modules using `import "meteor/"` but must + explicitly name the module: `import "meteor//client.js"`. + +## v1.4.2.1 + +* Installing the `babel-runtime` npm package in your application + `node_modules` directory is now required for most Babel-transformed code + to work, as the Meteor `babel-runtime` package no longer attempts to + provide custom implementations of Babel helper functions. To install + the `babel-runtime` package, simply run the command + ```sh + meteor npm install --save babel-runtime + ``` + in any Meteor application directory. The Meteor `babel-runtime` package + version has been bumped to 1.0.0 to reflect this major change. + [#7995](https://github.com/meteor/meteor/pull/7995) + +* File system operations performed by the command-line tool no longer use + fibers unless the `METEOR_DISABLE_FS_FIBERS` environment variable is + explicitly set to a falsy value. For larger apps, this change results in + significant build performance improvements due to the creation of fewer + fibers and the avoidance of unnecessary asyncronous delays. + https://github.com/meteor/meteor/pull/7975/commits/ca4baed90ae0675e55c93976411d4ed91f12dd63 + +* Running Meteor as `root` is still discouraged, and results in a fatal + error by default, but the `--allow-superuser` flag now works as claimed. + [#7959](https://github.com/meteor/meteor/issues/7959) + +* The `dev_bundle\python\python.exe` executable has been restored to the + Windows dev bundle, which may help with `meteor npm rebuild` commands. + [#7960](https://github.com/meteor/meteor/issues/7960) + +* Changes within linked npm packages now trigger a partial rebuild, + whereas previously (in 1.4.2) they were ignored. + [#7978](https://github.com/meteor/meteor/issues/7978) + +* Miscellaneous fixed bugs: + [#2876](https://github.com/meteor/meteor/issues/2876) + [#7154](https://github.com/meteor/meteor/issues/7154) + [#7956](https://github.com/meteor/meteor/issues/7956) + [#7974](https://github.com/meteor/meteor/issues/7974) + [#7999](https://github.com/meteor/meteor/issues/7999) + [#8005](https://github.com/meteor/meteor/issues/8005) + [#8007](https://github.com/meteor/meteor/issues/8007) + +## v1.4.2 + +* This release implements a number of rebuild performance optimizations. + As you edit files in development, the server should restart and rebuild + much more quickly, especially if you have many `node_modules` files. + See https://github.com/meteor/meteor/pull/7668 for more details. + +> Note: the `METEOR_PROFILE` environment variable now provides data for + server startup time as well as build time, which should make it easier + to tell which of your packages are responsible for slow startup times. + Please include the output of `METEOR_PROFILE=10 meteor run` with any + GitHub issue about rebuild performance. + +* `npm` has been upgraded to version 3.10.9. + +* The `cordova-lib` npm package has been updated to 6.3.1, along with + cordova-android (5.2.2) and cordova-ios (4.2.1), and various plugins. + +* The `node-pre-gyp` npm package has been updated to 0.6.30. + +* The `lru-cache` npm package has been updated to 4.0.1. + +* The `meteor-promise` npm package has been updated to 0.8.0 for better + asynchronous stack traces. + +* The `meteor` tool is now prevented from running as `root` as this is + not recommended and can cause issues with permissions. In some environments, + (e.g. Docker), it may still be desired to run as `root` and this can be + permitted by passing `--unsafe-perm` to the `meteor` command. + [#7821](https://github.com/meteor/meteor/pull/7821) + +* Blaze-related packages have been extracted to + [`meteor/blaze`](https://github.com/meteor/blaze), and the main + [`meteor/meteor`](https://github.com/meteor/meteor) repository now + refers to them via git submodules (see + [#7633](https://github.com/meteor/meteor/pull/7633)). + When running `meteor` from a checkout, you must now update these + submodules by running + ```sh + git submodule update --init --recursive + ``` + in the root directory of your `meteor` checkout. + +* Accounts.forgotPassword and .verifyEmail no longer throw errors if callback is provided. [Issue #5664](https://github.com/meteor/meteor/issues/5664) [Origin PR #5681](https://github.com/meteor/meteor/pull/5681) [Merged PR](https://github.com/meteor/meteor/pull/7117) + +* The default content security policy (CSP) for Cordova now includes `ws:` + and `wss:` WebSocket protocols. + [#7774](https://github.com/meteor/meteor/pull/7774) + +* `meteor npm` commands are now configured to use `dev_bundle/.npm` as the + npm cache directory by default, which should make npm commands less + sensitive to non-reproducible factors in the external environment. + https://github.com/meteor/meteor/pull/7668/commits/3313180a6ff33ee63602f7592a9506012029e919 + +* The `meteor test` command now supports the `--no-release-check` flag. + https://github.com/meteor/meteor/pull/7668/commits/7097f78926f331fb9e70a06300ce1711adae2850 + +* JavaScript module bundles on the server no longer include transitive + `node_modules` dependencies, since those dependencies can be evaluated + directly by Node. This optimization should improve server rebuild times + for apps and packages with large `node_modules` directories. + https://github.com/meteor/meteor/pull/7668/commits/03c5346873849151cecc3e00606c6e5aa13b3bbc + +* The `standard-minifier-css` package now does basic caching for the + expensive `mergeCss` function. + https://github.com/meteor/meteor/pull/7668/commits/bfa67337dda1e90610830611fd99dcb1bd44846a + +* The `coffeescript` package now natively supports `import` and `export` + declarations. [#7818](https://github.com/meteor/meteor/pull/7818) + +## v1.4.1.3 + +* Node has been updated to version 4.6.1: + https://nodejs.org/en/blog/release/v4.6.1/ + +* The `mongodb` npm package used by the `npm-mongo` Meteor package has + been updated to version 2.2.11. + [#7780](https://github.com/meteor/meteor/pull/7780) + +* The `fibers` npm package has been upgraded to version 1.0.15. + +* Running Meteor with a different `--port` will now automatically + reconfigure the Mongo replica set when using the WiredTiger storage + engine, instead of failing to start Mongo. + [#7840](https://github.com/meteor/meteor/pull/7840). + +* When the Meteor development server shuts down, it now attempts to kill + the `mongod` process it spawned, in addition to killing any running + `mongod` processes when the server first starts up. + https://github.com/meteor/meteor/pull/7668/commits/295d3d5678228f06ee0ab6c0d60139849a0ea192 + +* The `meteor ...` syntax will now work for any command + installed in `dev_bundle/bin`, except for Meteor's own commands. + +* Incomplete package downloads will now fail (and be retried several + times) instead of silently succeeding, which was the cause of the + dreaded `Error: ENOENT: no such file or directory, open... os.json` + error. [#7806](https://github.com/meteor/meteor/issues/7806) + +## v1.4.1.2 + +* Node has been upgraded to version 4.6.0, a recommended security release: + https://nodejs.org/en/blog/release/v4.6.0/ + +* `npm` has been upgraded to version 3.10.8. + +## v1.4.1.1 + +* Update the version of our Node MongoDB driver to 2.2.8 to fix a bug in + reconnection logic, leading to some `update` and `remove` commands being + treated as `insert`s. [#7594](https://github.com/meteor/meteor/issues/7594) + +## v1.4.1 + +* Node has been upgraded to 4.5.0. + +* `npm` has been upgraded to 3.10.6. + +* The `meteor publish-for-arch` command is no longer necessary when + publishing Meteor packages with binary npm dependencies. Instead, binary + dependencies will be rebuilt automatically on the installation side. + Meteor package authors are not responsible for failures due to compiler + toolchain misconfiguration, and any compilation problems with the + underlying npm packages should be taken up with the authors of those + packages. That said, if a Meteor package author really needs or wants to + continue using `meteor publish-for-arch`, she should publish her package + using an older release: e.g. `meteor --release 1.4 publish`. + [#7608](https://github.com/meteor/meteor/pull/7608) + +* The `.meteor-last-rebuild-version.json` files that determine if a binary + npm package needs to be rebuilt now include more information from the + `process` object, namely `process.{platform,arch,versions}` instead of + just `process.versions`. Note also that the comparison of versions now + ignores differences in patch versions, to avoid needless rebuilds. + +* The `npm-bcrypt` package now uses a pure-JavaScript implementation by + default, but will prefer the native `bcrypt` implementation if it is + installed in the application's `node_modules` directory. In other words, + run `meteor install --save bcrypt` in your application if you need or + want to use the native implementation of `bcrypt`. + [#7595](https://github.com/meteor/meteor/pull/7595) + +* After Meteor packages are downloaded from Atmosphere, they will now be + extracted using native `tar` or `7z.exe` on Windows, instead of the + https://www.npmjs.com/package/tar library, for a significant performance + improvement. [#7457](https://github.com/meteor/meteor/pull/7457) + +* The npm `tar` package has been upgraded to 2.2.1, though it is now only + used as a fallback after native `tar` and/or `7z.exe`. + +* The progress indicator now distinguishes between downloading, + extracting, and loading newly-installed Meteor packages, instead of + lumping all of that work into a "downloading" status message. + +* Background Meteor updates will no longer modify the `~/.meteor/meteor` + symbolic link (or `AppData\Local\.meteor\meteor.bat` on Windows). + Instead, developers must explicitly type `meteor update` to begin using + a new version of the `meteor` script. + +* Password Reset tokens now expire (after 3 days by default -- can be modified via `Accounts.config({ passwordResetTokenExpirationInDays: ...}`). [PR #7534](https://github.com/meteor/meteor/pull/7534) + +* The `google` package now uses the `email` scope as a mandatory field instead + of the `profile` scope. The `profile` scope is still added by default if the + `requestPermissions` option is not specified to maintain backward + compatibility, but it is now possible to pass an empty array to + `requestPermissions` in order to only request the `email` scope, which + reduces the amount of permissions requested from the user in the Google + popup. [PR #6975](https://github.com/meteor/meteor/pull/6975) + +* Added `Facebook.handleAuthFromAccessToken` in the case where you get the FB + accessToken in some out-of-band way. [PR #7550](https://github.com/meteor/meteor/pull/7550) + +* `Accounts.onLogout` gets `{ user, connection }` context in a similar fashion + to `Accounts.onLogin`. [Issue #7397](https://github.com/meteor/meteor/issues/7397) [PR #7433](https://github.com/meteor/meteor/pull/7433) + +* The `node-gyp` and `node-pre-gyp` tools will now be installed in + `bundle/programs/server/node_modules`, to assist with rebuilding binary + npm packages when deploying an app to Galaxy or elsewhere. + [#7571](https://github.com/meteor/meteor/pull/7571) + +* The `standard-minifier-{js,css}` packages no longer minify .js or .css + files on the server. [#7572](https://github.com/meteor/meteor/pull/7572) + +* Multi-line input to `meteor shell`, which was broken by changes to the + `repl` module in Node 4, works again. + [#7562](https://github.com/meteor/meteor/pull/7562) + +* The implementation of the command-line `meteor` tool now forbids + misbehaving polyfill libraries from overwriting `global.Promise`. + [#7569](https://github.com/meteor/meteor/pull/7569) + +* The `oauth-encryption` package no longer depends on the + `npm-node-aes-gcm` package (or any special npm packages), because the + Node 4 `crypto` library natively supports the `aes-128-gcm` algorithm. + [#7548](https://github.com/meteor/meteor/pull/7548) + +* The server-side component of the `meteor shell` command has been moved + into a Meteor package, so that it can be developed independently from + the Meteor release process, thanks to version unpinning. + [#7624](https://github.com/meteor/meteor/pull/7624) + +* The `meteor shell` command now works when running `meteor test`. + +* The `meteor debug` command no longer pauses at the first statement + in the Node process, yet still reliably stops at custom breakpoints + it encounters later. + +* The `meteor-babel` package has been upgraded to 0.12.0. + +* The `meteor-ecmascript-runtime` package has been upgraded to 0.2.9, to + support several additional [stage 4 + proposals](https://github.com/meteor/ecmascript-runtime/pull/4). + +* A bug that prevented @-scoped npm packages from getting bundled for + deployed apps has been fixed. + [#7609](https://github.com/meteor/meteor/pull/7609). + +* The `meteor update` command now supports an `--all-packages` flag to + update all packages (including indirect dependencies) to their latest + compatible versions, similar to passing the names of all your packages + to the `meteor update` command. + [#7653](https://github.com/meteor/meteor/pull/7653) + +* Background release updates can now be disabled by invoking either + `meteor --no-release-check` or `METEOR_NO_RELEASE_CHECK=1 meteor`. + [#7445](https://github.com/meteor/meteor/pull/7445) + +## v1.4.0.1 + +* Fix issue with the 1.4 tool springboarding to older releases (see [Issue #7491](https://github.com/meteor/meteor/issues/7491)) + +* Fix issue with running in development on Linux 32bit [Issue #7511](https://github.com/meteor/meteor/issues/7511) + +## v1.4 + +* Node has been upgraded to 4.4.7. + +* The `meteor-babel` npm package has been upgraded to 0.11.7. + +* The `reify` npm package has been upgraded to 0.3.6. + +* The `bcrypt` npm package has been upgraded to 0.8.7. + +* Nested `import` declarations are now enabled for package code as well as + application code. 699cf1f38e9b2a074169515d23983f74148c7223 + +* Meteor has been upgraded to support Mongo 3.2 by default (the bundled version + used by `meteor run` has been upgraded). Internally it now uses the 2.2.4 + version of the `mongodb` npm driver, and has been tested against at Mongo 3.2 + server. [Issue #6957](https://github.com/meteor/meteor/issues/6957) + + Mongo 3.2 defaults to the new WiredTiger storage engine. You can update your + database following the instructions here: + https://docs.mongodb.com/v3.0/release-notes/3.0-upgrade/. + In development, you can also just use `meteor reset` to remove your old + database, and Meteor will create a new WiredTiger database for you. The Mongo + driver will continue to work with the old MMAPv1 storage engine however. + + The new version of the Mongo driver has been tested with MongoDB versions from + 2.6 up. Mongo 2.4 has now reached end-of-life + (https://www.mongodb.com/support-policy), and is no longer supported. + + If you are setting `MONGO_OPLOG_URL`, especially in production, ensure you are + passing in the `replicaSet` argument (see [#7450] + (https://github.com/meteor/meteor/issues/7450)) + +* Custom Mongo options can now be specified using the + `Mongo.setConnectionOptions(options)` API. + [#7277](https://github.com/meteor/meteor/pull/7277) + +* On the server, cursor.count() now takes a single argument `applySkipLimit` + (see the corresponding [Mongo documentation] + (http://mongodb.github.io/node-mongodb-native/2.1/api/Cursor.html#count)) + * Fix for regression caused by #5837 which incorrectly rewrote - network-path references (i.e. //domain.com/image.gif) in CSS URLs + network-path references (e.g. `//domain.com/image.gif`) in CSS URLs. [#7416](https://github.com/meteor/meteor/issues/7416) * Added Angular2 boilerplate example [#7364](https://github.com/meteor/meteor/pull/7363) @@ -10,7 +384,7 @@ * This release fixed a small bug in 1.3.5 that prevented updating apps whose `.meteor/release` files refer to releases no longer installed in - `~/.meteor/packages/meteor-tool`. 576468eae8d8dd7c1fe2fa381ac51dee5cb792cd + `~/.meteor/packages/meteor-tool`. [576468eae8d8dd7c1fe2fa381ac51dee5cb792cd](https://github.com/meteor/meteor/commit/576468eae8d8dd7c1fe2fa381ac51dee5cb792cd) ## v1.3.5 @@ -21,7 +395,7 @@ * If an app has no `package.json` file, all packages in `node_modules` will be built into the production bundle. In other words, make sure you have a `package.json` file if you want to benefit from `devDependencies` - pruning. 7b2193188fc9e297eefc841ce6035825164f0684 + pruning. [7b2193188fc9e297eefc841ce6035825164f0684](https://github.com/meteor/meteor/commit/7b2193188fc9e297eefc841ce6035825164f0684) * Binary npm dependencies of compiler plugins are now automatically rebuilt when Node/V8 versions change. @@ -56,7 +430,7 @@ `Npm.depends`) has been set to "error" instead of "warn". Note that this change does not affect `meteor npm ...` commands, which can be easily configured using `.npmrc` files or command-line flags. - https://github.com/meteor/meteor/commit/0689cae25a3e0da3615a402cdd0bec94ce8455c8 + [0689cae25a3e0da3615a402cdd0bec94ce8455c8](https://github.com/meteor/meteor/commit/0689cae25a3e0da3615a402cdd0bec94ce8455c8) ## v1.3.4.3 @@ -87,7 +461,7 @@ invoke. Note that you must `meteor update` to 1.3.4.2 before this logic will take effect, but it will work in all app directories after updating, even those pinned to older versions. - [#7338](https://github.com/meteor/meteor/issue/7338) + [#7338](https://github.com/meteor/meteor/issues/7338) * The Meteor installer now has the ability to resume downloads, so installing Meteor on a spotty internet connection should be more From 06a1805cf789511d7620c82fba0ef1f7fe5f5942 Mon Sep 17 00:00:00 2001 From: Jesse Rosenberger Date: Wed, 30 Nov 2016 14:58:37 +0200 Subject: [PATCH 11/13] Fix history and add history for #7970 As a correction to 8e228180e66a9808f268f1de1b9ead2ec21a8751 which inadvertently removed 1.4 from existence. Good catch by @mitar. https://github.com/meteor/meteor/commit/8e228180e66a9808f268f1de1b9ead2ec21a8751?diff=unified#commitcomment-20013960 --- History.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/History.md b/History.md index 30b3a8a95d..651d39ac86 100644 --- a/History.md +++ b/History.md @@ -13,6 +13,8 @@ [Issue #7715](https://github.com/meteor/meteor/issues/7715) [PR #7728](https://github.com/meteor/meteor/pull/7728) +* Add support for frame-ancestors CSP option in browser-policy [#7970](https://github.com/meteor/meteor/pull/7970) + ## v1.4.2.3 * Style improvements for `meteor create --full`. From 1f883c6f6d2493aaaf0bb2a0da2f720ed944bacc Mon Sep 17 00:00:00 2001 From: Alex Terpyakov Date: Wed, 30 Nov 2016 21:36:56 +0300 Subject: [PATCH 12/13] Update uglify-js (#8117) --- packages/minifier-js/package.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/minifier-js/package.js b/packages/minifier-js/package.js index 831c952eb2..a155e7e013 100644 --- a/packages/minifier-js/package.js +++ b/packages/minifier-js/package.js @@ -1,10 +1,10 @@ Package.describe({ summary: "JavaScript minifier", - version: "1.2.15" + version: "1.2.16" }); Npm.depends({ - "uglify-js": "2.7.0" + "uglify-js": "2.7.5" }); Npm.strip({ From 5754f8ef3ea5222dd5ab601dd91f130d0092646e Mon Sep 17 00:00:00 2001 From: Ben Newman Date: Wed, 30 Nov 2016 19:48:19 -0500 Subject: [PATCH 13/13] Revert "Merge pull request #7963 from hwillson/issue-5626" (#8118) This reverts commit 11ce2f7bbcb8aa53114f6cad9e025583608f7bbe, reversing changes made to dfde4146f751a155fd8f07ffad78b16c76abea9c. --- tools/static-assets/server/boot.js | 8 --- tools/static-assets/server/mini-files.js | 6 --- tools/static-assets/server/server-json.js | 4 +- .../apps/unicode-asset-app/.meteor/.gitignore | 1 - .../apps/unicode-asset-app/.meteor/packages | 7 --- .../apps/unicode-asset-app/.meteor/release | 1 - tools/tests/apps/unicode-asset-app/index.js | 22 -------- .../unicode-asset-app/private/maça verde.txt | 1 - tools/tests/assets.js | 54 ------------------- 9 files changed, 1 insertion(+), 103 deletions(-) delete mode 100644 tools/tests/apps/unicode-asset-app/.meteor/.gitignore delete mode 100644 tools/tests/apps/unicode-asset-app/.meteor/packages delete mode 100644 tools/tests/apps/unicode-asset-app/.meteor/release delete mode 100644 tools/tests/apps/unicode-asset-app/index.js delete mode 100644 tools/tests/apps/unicode-asset-app/private/maça verde.txt delete mode 100644 tools/tests/assets.js diff --git a/tools/static-assets/server/boot.js b/tools/static-assets/server/boot.js index 4abc6dc05f..8e58b9e3b4 100644 --- a/tools/static-assets/server/boot.js +++ b/tools/static-assets/server/boot.js @@ -227,10 +227,6 @@ var loadServerBundles = Profile("Load server bundles", function () { // written on Windows. assetPath = files.convertToStandardPath(assetPath); - // Unicode normalize the asset path to prevent string mismatches when - // using this string elsewhere. - assetPath = files.unicodeNormalizePath(assetPath); - if (!fileInfo.assets || !_.has(fileInfo.assets, assetPath)) { _callback(new Error("Unknown asset: " + assetPath)); } else { @@ -255,10 +251,6 @@ var loadServerBundles = Profile("Load server bundles", function () { * @param {String} assetPath The path of the asset, relative to the application's `private` subdirectory. */ absoluteFilePath: function (assetPath) { - // Unicode normalize the asset path to prevent string mismatches when - // using this string elsewhere. - assetPath = files.unicodeNormalizePath(assetPath); - if (!fileInfo.assets || !_.has(fileInfo.assets, assetPath)) { throw new Error("Unknown asset: " + assetPath); } diff --git a/tools/static-assets/server/mini-files.js b/tools/static-assets/server/mini-files.js index 2946f00a01..3d29cc5549 100644 --- a/tools/static-assets/server/mini-files.js +++ b/tools/static-assets/server/mini-files.js @@ -69,11 +69,6 @@ var convertToStandardLineEndings = function (fileContents) { .replace(new RegExp("\r", "g"), "\n"); }; -// Return the Unicode Normalization Form of the passed in path string, using -// "Normalization Form Canonical Composition" -const unicodeNormalizePath = (path) => { - return (path) ? path.normalize('NFC') : path; -}; // wrappings for path functions that always run as they were on unix (using // forward slashes) @@ -122,4 +117,3 @@ files.convertToPosixPath = toPosixPath; files.convertToStandardLineEndings = convertToStandardLineEndings; files.convertToOSLineEndings = convertToOSLineEndings; -files.unicodeNormalizePath = unicodeNormalizePath; diff --git a/tools/static-assets/server/server-json.js b/tools/static-assets/server/server-json.js index a3d2069730..1711bb2415 100644 --- a/tools/static-assets/server/server-json.js +++ b/tools/static-assets/server/server-json.js @@ -1,6 +1,4 @@ var fs = require("fs"); var path = require("path"); var serverJsonPath = path.resolve(process.argv[2]); -module.exports = JSON.parse( - fs.readFileSync(serverJsonPath, 'utf8').normalize('NFC') -); +module.exports = JSON.parse(fs.readFileSync(serverJsonPath, 'utf8')); diff --git a/tools/tests/apps/unicode-asset-app/.meteor/.gitignore b/tools/tests/apps/unicode-asset-app/.meteor/.gitignore deleted file mode 100644 index 4083037423..0000000000 --- a/tools/tests/apps/unicode-asset-app/.meteor/.gitignore +++ /dev/null @@ -1 +0,0 @@ -local diff --git a/tools/tests/apps/unicode-asset-app/.meteor/packages b/tools/tests/apps/unicode-asset-app/.meteor/packages deleted file mode 100644 index 356aa29878..0000000000 --- a/tools/tests/apps/unicode-asset-app/.meteor/packages +++ /dev/null @@ -1,7 +0,0 @@ -# Meteor packages used by this project, one per line. -# Check this file (and the other files in this directory) into your repository. -# -# 'meteor add' and 'meteor remove' will edit this file for you, -# but you can also edit it by hand. - -meteor-base diff --git a/tools/tests/apps/unicode-asset-app/.meteor/release b/tools/tests/apps/unicode-asset-app/.meteor/release deleted file mode 100644 index 621e94f0ec..0000000000 --- a/tools/tests/apps/unicode-asset-app/.meteor/release +++ /dev/null @@ -1 +0,0 @@ -none diff --git a/tools/tests/apps/unicode-asset-app/index.js b/tools/tests/apps/unicode-asset-app/index.js deleted file mode 100644 index 1eba400fb4..0000000000 --- a/tools/tests/apps/unicode-asset-app/index.js +++ /dev/null @@ -1,22 +0,0 @@ -'use strict'; - -if (Meteor.isServer) { - // c\u0327 = 2 code points: U+0063 LATIN SMALL LETTER C and U+0327 COMBINING - // CEDILLA - // \xE7 = 1 code point: U+00E7 LATIN SMALL LETTER C WITH CEDILLA - const filenames = [ - 'maça verde.txt', - 'mac\u0327a verde.txt', - 'ma\xE7a verde.txt', - ]; - - filenames.forEach((filename, index) => { - console.log(`${index + 1} - getText: ${Assets.getText(filename)}`); - }); - - filenames.forEach((filename, index) => { - console.log( - `${index + 1} - absoluteFilePath: ${Assets.absoluteFilePath(filename)}` - ); - }); -} diff --git a/tools/tests/apps/unicode-asset-app/private/maça verde.txt b/tools/tests/apps/unicode-asset-app/private/maça verde.txt deleted file mode 100644 index cd0875583a..0000000000 --- a/tools/tests/apps/unicode-asset-app/private/maça verde.txt +++ /dev/null @@ -1 +0,0 @@ -Hello world! diff --git a/tools/tests/assets.js b/tools/tests/assets.js deleted file mode 100644 index fd35fe8116..0000000000 --- a/tools/tests/assets.js +++ /dev/null @@ -1,54 +0,0 @@ -var selftest = require('../tool-testing/selftest.js'); - -var Sandbox = selftest.Sandbox; - -var MONGO_LISTENING = - { stdout: " [initandlisten] waiting for connections on port" }; - -function startRun(sandbox) { - var run = sandbox.run(); - run.match("myapp"); - run.match("proxy"); - run.tellMongo(MONGO_LISTENING); - run.match("MongoDB"); - return run; -}; - -// Test that an app can properly read assets with unicode based filenames -selftest.define("assets - unicode asset names are allowed", () => { - const s = new Sandbox({ fakeMongo: true }); - s.createApp('myapp', 'unicode-asset-app'); - s.cd('myapp'); - const run = startRun(s); - run.match('1 - getText: Hello world!'); - run.match('2 - getText: Hello world!'); - run.match('3 - getText: Hello world!'); - run.match(/1 - absoluteFilePath:(.*)macaverde.txt/); - run.match(/2 - absoluteFilePath:(.*)macaverde.txt/); - run.match(/3 - absoluteFilePath:(.*)macaverde.txt/); - run.stop(); -}); - -// Verify path strings can be Unicode normalized through the -// tools/static-assets/server/mini-files.js#unicodeNormalizePath helper -selftest.define( - "assets - helper exists to unicode normalize path strings", - () => { - const files = require('../static-assets/server/mini-files.js'); - - selftest.expectEqual(null, files.unicodeNormalizePath(null)); - - const unicodeNormalizedPath = '/path/maça verde.txt'.normalize('NFC'); - const testPaths = [ - '/path/maça verde.txt', - '/path/mac\u0327a verde.txt', - '/path/ma\xE7a verde.txt', - ]; - testPaths.forEach((path) => { - selftest.expectEqual( - unicodeNormalizedPath, - files.unicodeNormalizePath(path) - ); - }); - } -);