-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: use standalone ajv validation for model introspection schema #807
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file is the standalone validation code auto-generated by the Ajv library
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See example code https://ajv.js.org/standalone.html#generating-using-the-js-library
packages/appsync-modelgen-plugin/scripts/generateStandaloneValidationFunction.ts
Outdated
Show resolved
Hide resolved
packages/appsync-modelgen-plugin/src/visitors/appsync-model-introspection-visitor.ts
Outdated
Show resolved
Hide resolved
packages/appsync-modelgen-plugin/scripts/generateStandaloneValidationFunction.ts
Show resolved
Hide resolved
* build(deps): bump tar from 6.2.0 to 6.2.1 Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * fix: use standalone ajv validation for model introspection schema (#807) * fix: use standalone ajv validation for model introspection schema * test: add unit tests for validator * fix: missing targetNames in hasOne reference --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dane Pilcher <dppilche@amazon.com>
Description of changes
The direct
Ajv
dependency uses a a browser-unsafe eval which will cause a CSP(Content Security Policy) error during runtime. To resolve the issue, the following changes are made:Ajv
is removed from dependency but added in dev dependencyAjv
library as suggested by the documentation to avoid the unsafe-val method to be used in browser.Codegen Paramaters Changed or Added
Issue #, if available
Description of how you validated changes
Unit & E2E tests
Checklist
yarn test
passespath
) behave differently on windows.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.