Skip to content

Remove or fix timeline formatter #1759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
aslakhellesoy opened this issue Aug 29, 2019 · 4 comments · Fixed by #1769
Closed

Remove or fix timeline formatter #1759

aslakhellesoy opened this issue Aug 29, 2019 · 4 comments · Fixed by #1769

Comments

@aslakhellesoy
Copy link
Contributor

A user reported the following via direct email:

Issue: Older version of JQuery library within io.cucumber (cucumber-core) is red flagged during nexus scan and identified as security vulnerable and need to be upgraded.

Details:
We are currently leverage few of the MAVEN dependencies from io.cucumber for our BDD framework and we are currently noticing a nexus scan error at The Hartford (Policy issue) because of older version of JQuery library used in the cucumber library.

Also, refer the below screenshot for the library where we are having this issue and we tried to update to the latest cucumber-core library and it is still referring to the old version of the JQuery library.

image

Now, we could easily upgrade to the latest jQuery (3.4.1 as of this writing), but how would we test that this doesn't break the formatter? From what I can tell we don't have any automated tests for the timeline formatter's JavaScript code.

I would suggest we delete the timeline formatter from Cucumber-JVM. It can be resurrected as a standalone formatter, similar to the new cucumber-html-formatter (based on React, with a better test suite).

I also suggest we remove the old html-formatter - it uses an even older version of jQuery.
@mpkorstanje
Copy link
Contributor

mpkorstanje commented Aug 29, 2019
edited
Loading

The time line formatter is useful for analyzing the behavior of parallel tests. So I'd like to keep it.

Removing the HTML formatter would break peoples first usage experience. The alternatives are tied to maven/gradle/jenkins/ect. So not so keen on that either.

Wouldn't be against replacing but it'd have to be a comparable product.

As for updating/fixing both. There are some tests but since its html you'll have to visually look at them anyway. Not that the timeline formatter is that complicated though.

If you want to be creative about it, you could consider down grading to a version that doesn't have any vulnerabilities. 😄

@mpkorstanje
Copy link
Contributor

Might also be a good idea to get our JQuiry from a Web Jars dependency. That will hopefully make things a bit more maintainable ( in the sense that we'll get CVSE scanning from github, don't need to copy past files, ect).

cukebot pushed a commit that referenced this issue Sep 11, 2019
@aslakhellesoy
Upgrade to jQuery 3.4.1. Fixes #1759.
3617173
@aslakhellesoy aslakhellesoy mentioned this issue Sep 11, 2019
Merged
6 tasks
@aslakhellesoy
Copy link
Contributor Author

Might also be a good idea to get our JQuiry from a Web Jars dependency.

Since we're going to deprecate the timeline formatter (as described in #1769) I don't think that is necessary.

@mpkorstanje
Copy link
Contributor

Fair enough. We can always do that if another alert comes by.

aslakhellesoy added a commit that referenced this issue Sep 12, 2019
@aslakhellesoy
[Core] Fix timeline formatter (#1769)
ab2269d 
* Fix typo in vis.min.js.

Use long (millis since epoch) instead of Instant, which
results in a JSON representation that the formatter cannot handle.

* Upgrade to jQuery 3.4.1. Fixes #1759.

* Upgrade to chosen 1.8.7

* Deprecate timeline formatter

* Remove deprecation warning
cukebot pushed a commit that referenced this issue Sep 12, 2019
@aslakhellesoy
Attribution for #1759 and #1769
69e6e0d
cukebot pushed a commit that referenced this issue Sep 12, 2019
@aslakhellesoy
Attribution for #1759 and #1769
7df31da
mpkorstanje pushed a commit that referenced this issue Oct 4, 2019
@aslakhellesoy @mpkorstanje
[Core] Fix timeline formatter (#1769)
8e7957f 
* Upgrade to jQuery 3.4.1. Fixes #1759, #1786

* Upgrade to chosen 1.8.7

(cherry picked from commit ab2269d)
@timtebeek timtebeek mentioned this issue May 12, 2020
Closed
6 tasks
@aslakhellesoy aslakhellesoy mentioned this issue Apr 29, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Core] Fix timeline formatter cucumber/cucumber-jvm
2 participants
@aslakhellesoy @mpkorstanje