Remove child-process-promise from dependencies #1559

MarcAstr0 · 2024-12-05T01:41:40Z

Description

There's a vulnerability with high severity found in the cross-spawn package. This package comes as a child dependency of child-process-promise, a project that hasn't been updated in years and that is not likely to change. This PR replaces child-process-promise with other, more up-to-date alternatives.

Changes

Removes child-process-promise from the cli, framework-common-helpers, and framework-integration-tests packages.
Refactor code that used child-process-promise to use execa instead.

Checks

Project Builds
Project passes tests and checks
Updated documentation accordingly

MarcAstr0 · 2024-12-05T01:42:00Z

/integration sha=93465150425a3b168a3f250289b52e9f10b97a79

what-the-diff · 2024-12-05T01:42:11Z

PR Summary

Substituting child-process-promise with execa
The code has been revised and updated to swap the 'child-process-promise' package with the 'execa' package in the '@boostercloud/framework-core' package. This involves changes made to core operational files and adjustment of certain methods and functions to suit the new package. This update will enhance the efficiency of executing subprocesses.
Removal of 'child-process-promise'
The 'child-process-promise' dependency has been fully removed from the 'cli' package. It means that the 'cli' package no longer draws functionality from this particular package.
Changes in testing mocks
The test file 'live.test.ts' has been adapted to mock 'execa.command' instead of 'child-process-promise.exec'. This reduces errors during testing due to the removal of 'child-process-promise' from the dependencies.
Updates to test files
The appearance of 'exec' from 'child-process-promise' has been rooted out from other test files and 'command' from 'execa' is now used. This will ensure all tests are run with the new functionality brought by 'execa' and keeps the usage consistent across all test files.
execa added as a dependency
The framework-common-helpers/package.json file now includes execa as a dependency, showing that the common helpers will now use execa for their functionality.
Fixing of imports
To ensure consistency with the new execa dependency, various imports across multiple test and service files have been corrected and fixed.

github-actions · 2024-12-05T01:42:23Z

⌛ Integration tests are running...

Check their status here 👈

MarcAstr0 · 2024-12-05T02:18:28Z

/integration sha=123e787ab3890d6d8f3908c1f5806892ead2a15b

github-actions · 2024-12-05T02:18:46Z

⌛ Integration tests are running...

Check their status here 👈

github-actions · 2024-12-05T02:29:22Z

❌ Oh no! Integration tests have failed

github-actions · 2024-12-05T03:08:22Z

❌ Oh no! Integration tests have failed

MarcAstr0 · 2024-12-05T14:27:10Z

/integration sha=a9509fa68f0f73ca7c27a37a48e7487aecfa4440

github-actions · 2024-12-05T14:27:36Z

⌛ Integration tests are running...

Check their status here 👈

github-actions · 2024-12-05T14:38:32Z

❌ Oh no! Integration tests have failed

MarcAstr0 · 2024-12-05T14:41:25Z

/integration sha=66dee1888cdb55f7967331c504e5f1901446be63

github-actions · 2024-12-05T14:41:49Z

⌛ Integration tests are running...

Check their status here 👈

github-actions · 2024-12-05T15:31:09Z

❌ Oh no! Integration tests have failed

MarcAstr0 · 2024-12-05T17:44:00Z

/integration sha=0fdc542738b0afff3c9a6f1b20e0f39dcda5f404

github-actions · 2024-12-05T17:44:24Z

⌛ Integration tests are running...

Check their status here 👈

MarcAstr0 · 2024-12-05T18:19:35Z

/integration sha=70f284c8a81e071dfe07eccc7be001cc255251e2

github-actions · 2024-12-05T18:19:56Z

⌛ Integration tests are running...

Check their status here 👈

MarcAstr0 · 2024-12-05T18:31:33Z

/integration sha=c9cb82e0e2a6e9027950113efd17e8b96bb2b203

github-actions · 2024-12-05T18:31:55Z

⌛ Integration tests are running...

Check their status here 👈

github-actions · 2024-12-05T18:32:30Z

❌ Oh no! Integration tests have failed

MarcAstr0 · 2024-12-05T18:44:18Z

/integration sha=d3c7e6ef9b070569ba5942185649cbc6a4828284

github-actions · 2024-12-05T18:44:38Z

⌛ Integration tests are running...

Check their status here 👈

MarcAstr0 · 2024-12-05T18:55:48Z

/integration sha=a54668262b46f92995a9e840d0f8dc13c813dc76

github-actions · 2024-12-05T18:56:11Z

⌛ Integration tests are running...

Check their status here 👈

github-actions · 2024-12-05T19:10:09Z

❌ Oh no! Integration tests have failed

github-actions · 2024-12-05T19:20:49Z

❌ Oh no! Integration tests have failed

github-actions · 2024-12-05T19:36:13Z

❌ Oh no! Integration tests have failed

github-actions · 2024-12-05T19:46:59Z

❌ Oh no! Integration tests have failed

MarcAstr0 · 2024-12-06T18:53:55Z

/integration sha=8a3f7bd0f6df736e3e423176d510a725642601c4

github-actions · 2024-12-06T18:54:14Z

⌛ Integration tests are running...

Check their status here 👈

MarcAstr0 · 2024-12-06T19:01:54Z

/integration sha=71fa4eddf21ea96bf2bc04962626c09363962c98

github-actions · 2024-12-06T19:02:16Z

⌛ Integration tests are running...

Check their status here 👈

github-actions · 2024-12-06T19:42:28Z

❌ Oh no! Integration tests have failed

github-actions · 2024-12-06T19:47:34Z

❌ Oh no! Integration tests have failed

github-actions · 2024-12-06T20:01:11Z

⌛ Integration tests are running...

Check their status here 👈

github-actions · 2024-12-06T20:49:14Z

✅ Integration tests have finished successfully!

davidverdu

LGTM

Castro, Mario added 2 commits December 4, 2024 22:36

Replace child-process-promise with execa

092bacc

Add rush change file

9346515

Fix broken CLI tests

123e787

MarcAstr0 force-pushed the remove_child_process_promise branch from a546682 to 123e787 Compare December 5, 2024 19:54

Fix broken project CLI tests

71fa4ed

MarcAstr0 force-pushed the remove_child_process_promise branch from 8a3f7bd to 71fa4ed Compare December 6, 2024 19:00

MarcAstr0 changed the title ~~Remove child-process-promise~~ Remove child-process-promise from dependencies Dec 6, 2024

MarcAstr0 requested a review from davidverdu December 6, 2024 21:14

MarcAstr0 added dependencies Pull requests that update a dependency file security Issues about improving the overall framework security. labels Dec 6, 2024

MarcAstr0 marked this pull request as ready for review December 6, 2024 21:15

davidverdu approved these changes Dec 9, 2024

View reviewed changes

MarcAstr0 merged commit ab31b49 into boostercloud:main Dec 9, 2024
6 checks passed

Remove child-process-promise from dependencies #1559

Remove child-process-promise from dependencies #1559

Conversation

MarcAstr0 commented Dec 5, 2024 • edited Loading

Description

Changes

Checks

MarcAstr0 commented Dec 5, 2024

what-the-diff bot commented Dec 5, 2024

PR Summary

github-actions bot commented Dec 5, 2024

MarcAstr0 commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

MarcAstr0 commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

MarcAstr0 commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

MarcAstr0 commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

MarcAstr0 commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

MarcAstr0 commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

MarcAstr0 commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

MarcAstr0 commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

github-actions bot commented Dec 5, 2024

MarcAstr0 commented Dec 6, 2024

github-actions bot commented Dec 6, 2024

MarcAstr0 commented Dec 6, 2024

github-actions bot commented Dec 6, 2024

github-actions bot commented Dec 6, 2024

github-actions bot commented Dec 6, 2024

github-actions bot commented Dec 6, 2024

github-actions bot commented Dec 6, 2024

davidverdu left a comment

Choose a reason for hiding this comment

MarcAstr0 commented Dec 5, 2024 •

edited

Loading