Rollup warnings "Use of eval is strongly discouraged" #147
Labels
Comments
|
Thank you for reporting this, we weren't aware that Is this a blocking issue for you or is the warning not preventing Rollup from producing your build? |
|
Thanks for your response! Yes, I also noticed it was on the dependency.
It’s not a blocking issue for us at all, just a Rollup warning.
There are alternatives to js-base64 that don’t use evil... I mean eval ;)
On Tue, 2 Apr 2019 at 6:58 am, Marius ***@***.***> wrote:
Thank you for reporting this, we weren't aware that eval is used inside
tus-js-client. However, this is not caused by tus-js-client directly but
instead by js-base64, one of our dependencies. There is already a
discussion at dankogai/js-base64#85
<dankogai/js-base64#85> about whether that can
be fixed. Maybe we can join in and help them.
Is this a blocking issue for you or is the warning not preventing Rollup
from producing your build?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#147 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABBgawEDNcp-rJDHvXk61xTQsyLaDkCYks5vcmTcgaJpZM4cUn3C>
.
--
Regards,
*Andrew McLagan*
*Contract Web Developer*
Please consider the environment before printing.
|
|
Great, let's see if js-base64 fixes this problem in the near future. Switching to another module is also an option but I am not sure if the engineering costs are worth the effort :) |
|
js-base64 released a version without the use of eval, so I just updated tus-js-client to use the new release: dankogai/js-base64#85 (comment) |
Acconut
added a commit
that referenced
this issue
Jul 29, 2020
* adding nodejs HttpStack request options * fix * fix * fix * visual fix * proposal for request options * disabling browser * fix * Clarify how to import using ESM syntax * Added onShouldRetry callback for controlling retries (#198) * Added onShouldRetry callback for controlling retry Whenever the library is about to retry an upload due to an error, the new optional callback onShouldRetry will be called when defined. Its return value will tell the library whether to actually retry the upload or fail with an error, for example based on status code checks. This makes it possible to customize the behavior like reacting on specific status codes. * Move onShouldRetry example to usage.md * Refactored shouldRetry logic - isOnline is now excluded from the check, so the onShouldRetry callback should manually add an online check if desired - removed inline function and made the conditions more readable - clarified inline comments about status code check * Add test assertion for onShouldRetry arguments * Update usage.md * Update test-common.js * Update api.md Co-authored-by: Marius <marius.kleidl@gmail.com> * making property 'private', adding small test for 'insecure' request * fixes ? * fix: import * Update js-base64 to a version which does not use eval() anymore Closes #147 * PR comments fixes * fixed exports on node, addex HttpStack export on browser * added new test case - node 14 * test fixes * test fixes * fix tests * Bump lodash from 4.17.14 to 4.17.19 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.14 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.14...4.17.19) Signed-off-by: dependabot[bot] <support@github.com> * Clean up request initialization and add proper test Co-authored-by: Dragos Cirjan <dragos.cirjan@cellebrite.com> Co-authored-by: Dragos Cirjan <dragos.cirjan@gmail.com> Co-authored-by: Marius <marius@transloadit.com> Co-authored-by: Vincent Petry <pvince81@owncloud.com> Co-authored-by: Marius <marius.kleidl@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin van Zonneveld <vanzonneveld@gmail.com>
Acconut
added a commit
that referenced
this issue
Aug 31, 2020
) * Allow Promise return type for onBeforeRequest and onAfterResponse. * Allow Promise return type for onBeforeRequest and onAfterResponse: documentation and test case. * Allow to specify options for Node's request method (#203) * adding nodejs HttpStack request options * fix * fix * fix * visual fix * proposal for request options * disabling browser * fix * Clarify how to import using ESM syntax * Added onShouldRetry callback for controlling retries (#198) * Added onShouldRetry callback for controlling retry Whenever the library is about to retry an upload due to an error, the new optional callback onShouldRetry will be called when defined. Its return value will tell the library whether to actually retry the upload or fail with an error, for example based on status code checks. This makes it possible to customize the behavior like reacting on specific status codes. * Move onShouldRetry example to usage.md * Refactored shouldRetry logic - isOnline is now excluded from the check, so the onShouldRetry callback should manually add an online check if desired - removed inline function and made the conditions more readable - clarified inline comments about status code check * Add test assertion for onShouldRetry arguments * Update usage.md * Update test-common.js * Update api.md Co-authored-by: Marius <marius.kleidl@gmail.com> * making property 'private', adding small test for 'insecure' request * fixes ? * fix: import * Update js-base64 to a version which does not use eval() anymore Closes #147 * PR comments fixes * fixed exports on node, addex HttpStack export on browser * added new test case - node 14 * test fixes * test fixes * fix tests * Bump lodash from 4.17.14 to 4.17.19 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.14 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.14...4.17.19) Signed-off-by: dependabot[bot] <support@github.com> * Clean up request initialization and add proper test Co-authored-by: Dragos Cirjan <dragos.cirjan@cellebrite.com> Co-authored-by: Dragos Cirjan <dragos.cirjan@gmail.com> Co-authored-by: Marius <marius@transloadit.com> Co-authored-by: Vincent Petry <pvince81@owncloud.com> Co-authored-by: Marius <marius.kleidl@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin van Zonneveld <vanzonneveld@gmail.com> * Bump elliptic from 6.3.1 to 6.5.3 (#214) Bumps [elliptic](https://github.com/indutny/elliptic) from 6.3.1 to 6.5.3. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](indutny/elliptic@v6.3.1...v6.5.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependencies using 'npm audit fix' * Do not pass URL as separate parameter This is not supported in Node.js 8 and 9. * Downgrade tsd to support Node.js 8 and 9 See https://github.com/SamVerschueren/tsd/releases/tag/v0.12.1 * Correct type definition for Upload#terminate (#217) inconsistency between typescript typing and function definition * Minor cleanups Co-authored-by: Dragos Cirjan <dragos.cirjan+github2@gmail.com> Co-authored-by: Dragos Cirjan <dragos.cirjan@cellebrite.com> Co-authored-by: Dragos Cirjan <dragos.cirjan@gmail.com> Co-authored-by: Marius <marius@transloadit.com> Co-authored-by: Vincent Petry <pvince81@owncloud.com> Co-authored-by: Marius <marius.kleidl@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin van Zonneveld <vanzonneveld@gmail.com> Co-authored-by: kabaliserv <66329463+kabaliserv@users.noreply.github.com>
Acconut
added a commit
that referenced
this issue
Aug 31, 2020
* #209 Add onBeforeRequest and onAfterResponse to terminate method * Call onAfterResponse even if the request was not successfull * Correct type definition for Upload#terminate (#217) inconsistency between typescript typing and function definition * Allow Promise return type for onBeforeRequest and onAfterResponse. (#212) * Allow Promise return type for onBeforeRequest and onAfterResponse. * Allow Promise return type for onBeforeRequest and onAfterResponse: documentation and test case. * Allow to specify options for Node's request method (#203) * adding nodejs HttpStack request options * fix * fix * fix * visual fix * proposal for request options * disabling browser * fix * Clarify how to import using ESM syntax * Added onShouldRetry callback for controlling retries (#198) * Added onShouldRetry callback for controlling retry Whenever the library is about to retry an upload due to an error, the new optional callback onShouldRetry will be called when defined. Its return value will tell the library whether to actually retry the upload or fail with an error, for example based on status code checks. This makes it possible to customize the behavior like reacting on specific status codes. * Move onShouldRetry example to usage.md * Refactored shouldRetry logic - isOnline is now excluded from the check, so the onShouldRetry callback should manually add an online check if desired - removed inline function and made the conditions more readable - clarified inline comments about status code check * Add test assertion for onShouldRetry arguments * Update usage.md * Update test-common.js * Update api.md Co-authored-by: Marius <marius.kleidl@gmail.com> * making property 'private', adding small test for 'insecure' request * fixes ? * fix: import * Update js-base64 to a version which does not use eval() anymore Closes #147 * PR comments fixes * fixed exports on node, addex HttpStack export on browser * added new test case - node 14 * test fixes * test fixes * fix tests * Bump lodash from 4.17.14 to 4.17.19 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.14 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.14...4.17.19) Signed-off-by: dependabot[bot] <support@github.com> * Clean up request initialization and add proper test Co-authored-by: Dragos Cirjan <dragos.cirjan@cellebrite.com> Co-authored-by: Dragos Cirjan <dragos.cirjan@gmail.com> Co-authored-by: Marius <marius@transloadit.com> Co-authored-by: Vincent Petry <pvince81@owncloud.com> Co-authored-by: Marius <marius.kleidl@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin van Zonneveld <vanzonneveld@gmail.com> * Bump elliptic from 6.3.1 to 6.5.3 (#214) Bumps [elliptic](https://github.com/indutny/elliptic) from 6.3.1 to 6.5.3. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](indutny/elliptic@v6.3.1...v6.5.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependencies using 'npm audit fix' * Do not pass URL as separate parameter This is not supported in Node.js 8 and 9. * Downgrade tsd to support Node.js 8 and 9 See https://github.com/SamVerschueren/tsd/releases/tag/v0.12.1 * Correct type definition for Upload#terminate (#217) inconsistency between typescript typing and function definition * Minor cleanups Co-authored-by: Dragos Cirjan <dragos.cirjan+github2@gmail.com> Co-authored-by: Dragos Cirjan <dragos.cirjan@cellebrite.com> Co-authored-by: Dragos Cirjan <dragos.cirjan@gmail.com> Co-authored-by: Marius <marius@transloadit.com> Co-authored-by: Vincent Petry <pvince81@owncloud.com> Co-authored-by: Marius <marius.kleidl@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin van Zonneveld <vanzonneveld@gmail.com> Co-authored-by: kabaliserv <66329463+kabaliserv@users.noreply.github.com> * Allow to return Promises in onBeforeRequest for terminate Co-authored-by: kabaliserv <66329463+kabaliserv@users.noreply.github.com> Co-authored-by: Mentthew <34655639+Mentthew@users.noreply.github.com> Co-authored-by: Dragos Cirjan <dragos.cirjan+github2@gmail.com> Co-authored-by: Dragos Cirjan <dragos.cirjan@cellebrite.com> Co-authored-by: Dragos Cirjan <dragos.cirjan@gmail.com> Co-authored-by: Marius <marius@transloadit.com> Co-authored-by: Vincent Petry <pvince81@owncloud.com> Co-authored-by: Marius <marius.kleidl@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin van Zonneveld <vanzonneveld@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Rollup emits multiple warnings from this library, most importantly:
To Reproduce
Include
tus-js-clientor@uppy/tusin a package built with rollupExpected behavior
No warnings emitted
The text was updated successfully, but these errors were encountered: