Summary:
Use a whitelist to validate user-provided file names. This doesn't cover the entire range of valid filenames but should cover almost all of them in practice. Allows letters, numbers, periods, dashes, and underscores. Opting to use a whitelist instead of a blacklist because getting this wrong leaves us vulnerable to a RCE attack.
This is the same patch I submitted to create-react-app: https://github.com/facebook/create-react-app/pull/4866
See s163726 for more details
Reviewed By: LukasReschke
Differential Revision: D9504148
fbshipit-source-id: e3c7587f1b7f93bec90a58a38d5f6d58f1f59275
Summary:
The font colors in the debugger-ui dark mode are not accessible. This PR ensures [Level AAA Conformance to Web Content Accessibility Guidelines 2.0](https://www.w3.org/WAI/WCAG2AAA-Conformance) which makes it better to read for everyone.
Pull Request resolved: https://github.com/facebook/react-native/pull/20559
Differential Revision: D9495584
Pulled By: hramos
fbshipit-source-id: 1a9bdd015935fb27e2d74d2399e687787282a987
Summary:
Fixes#20769
Release notes
--------------
[CLI] [BUGFIX] [local-cli/server/checkNodeVersion.js] - Disable auto-formatting in `local-cli/server/checkNodeVersion.js` since it introduces ES6 and ES7 syntax (trailing comma in argument list) which in turn makes ES5 engines crash with a `SyntaxError`.
Pull Request resolved: https://github.com/facebook/react-native/pull/20779
Differential Revision: D9468346
Pulled By: hramos
fbshipit-source-id: 24761a377a5fd104e11ed6b6e86da15e96a0e38b
Summary:
This diff adds a middleware to the RN development server to prevent processing requests coming from a third-party website.
The way we choose to do it is to block any request that has an origin header and it's different than localhost. This will still allow simulators to work properly while blocking potential external websites to do malign CORS requests.
This is just a first quick measure to block a potential attack vector while we implement full authentication in the RN development server
Reviewed By: mjesun
Differential Revision: D9238674
fbshipit-source-id: b7bdc40dabc2f4d92f5ac84515f93b89efa4e833
Summary:
@public
While debugging a RN 0.57 blocking issue, we found that the `--reset-cache` cli arg is not being passed to Metro (more info: https://github.com/facebook/react-native/issues/20567#issuecomment-412513942).
This diff fixes this issue
Reviewed By: mjesun
Differential Revision: D9295634
fbshipit-source-id: a53ec7abff2b7e684a1fd88c3b53ff0b54a1c3c4
Summary:
The `hmrEnabled` flag was not passed to the metro runServer config which caused HMR to be broken.
Pull Request resolved: https://github.com/facebook/react-native/pull/20605
Differential Revision: D9272070
Pulled By: hramos
fbshipit-source-id: 3765031d9e7806be11781fba92663ce7c4ff2ffb
Summary:
ag -L --ignore __snapshots__ 'flow strict|noflow|generated|The controller you requested could not be found.' | ag '\.js$' | xargs ag -l 'flow' | sort > ~/temp
cat ~/temp | xargs ag -L 'flow strict' | xargs sed -i '' 's/flow$/flow strict-local/'
until flow check; do flow check --json | jq -r '.errors[].message[0].path' | sort | uniq | xargs hg revert; done
allow_many_files
The controller you requested could not be found.
The controller you requested could not be found.
Reviewed By: TheSavior
Differential Revision: D9004573
fbshipit-source-id: 936bd5741706b781be06bf08b6ad805a69407dfd
Summary: Change the internals of Metro to use the new configuration instead of `ServerOptions`.
Reviewed By: rafeca
Differential Revision: D8734685
fbshipit-source-id: 1215f799419fcaa0e5fb7814683da1cbba96795c
Summary: Change the public react-native CLI to use the new configuration of Metro.
Reviewed By: rafeca
Differential Revision: D8801217
fbshipit-source-id: 112e4812b430ebee1ed41489f803b90c182ccdb4
Summary: In this diff I change the internal react-native cli to use our new configuration. Another change here is that Metro starts using the new configuration already as its entry points (like `metro#runMetro`).
Reviewed By: rafeca
Differential Revision: D8728612
fbshipit-source-id: 9f43dee31ebaccd35cf6274d5c4dec0a227a6eec
Summary:
This fixes some regressions with local-cli introduced in c4a66a89a2.
- We didn't pass `assetRegistryPath` which caused the following error when loading the bundle:
```
error: bundling failed: Error: Unable to resolve module `missing-asset-registry-path` from `/Users/janic/Developer/react-native/RNTester/js/uie_thumb_normal@2x.png`: Module `missing-asset-registry-path` does not exist in the Haste module map
```
- The middlewares were not added to the metro server. This causes some packager server features to fail. The one I noticed is that the /status endpoint didn't exist anymore which causes CI to fail and also Android to not load the bundle from the packager initially. The remote debugging feature was also broken.
Pull Request resolved: https://github.com/facebook/react-native/pull/20162
Differential Revision: D8867610
Pulled By: hramos
fbshipit-source-id: 8a08b7f3175692ab6ee73c0a7c25075091ae4792
Summary: This is a follow up to D8316215. That diff had a flaw in that once appExecuted was set to true it would never be reset back to false. This fixes that so if another bundle is loaded after the first one it will work.
Reviewed By: rafeca
Differential Revision: D8661523
fbshipit-source-id: 5f6024102248383f64952fd33b37368732d5f900
Summary: No new errors in this version. Just removed a bunch of unused suppressions
Reviewed By: TheSavior
Differential Revision: D8754160
fbshipit-source-id: 2f02240b6d65edecba5d9ed603c7703462547a7f
Summary: `morgan` produces non-json output, which affects `js1 run` when ran with the `--json` flag.
Reviewed By: Kureev
Differential Revision: D8724830
fbshipit-source-id: 11377f6ef39341c658a7f905383398423a721630
Summary:
Scope of the diff:
1. Middleware
`react-native-github/local-cli` and `react-native-internal-cli` uses a very similar set of middlewares (internal cli extends github version), so I decided to move it to a standalone file (middleware manager) in order to remove duplications and increase readability.
2. Types
Seems that after Flow upgrade to version 0.68 there were many type issues to resolve, so all of them were auto-mocked. This is fine, but I'd like to see Flow assists me with `Metro.createServer` -> `Metro.runServer` migration. Hence, I decided to resolve flow mocks, related to runServer.
3. `runServer` signature
In `react-native-github` repo I cleaned up `runServer` signature by removing `startCallback` and `readyCallback` from the function parameters and moved them to `runServer` instead.
4. Replace `createServer` by `runServer`
In `react-native-github` repo, `createServer` has been replaced by `runServer`. __Some of arguments are not mapped__.
Note that this diff will partially break argument mapping. This is intentional. @[100000044482482:ives] will fix it with a new config package.
Reviewed By: mjesun
Differential Revision: D8711717
fbshipit-source-id: a843ab576360ff7242099910d8f25a9cb0a388c0
Summary:
This diff tries to fix an issue that started appearing in RN master when the latest metro version is used (more info here: c5ce762697 (commitcomment-29443117)).
The problem is that RN is still reading `projectRoots` from the Metro config and trying to call `concat()` on them. Latest Metro sets the default `projectRoots` to null, so this fails.
Also, a couple other things have been done:
* Make sure that the `projectRoot` and `watchFolder` objects from args are passed to Metro (so they contain the overrides from the CLI arguments).
* Add a `--projectRoot` CLI arg, replacing the `--root` one (this is not actually needed, since it does the same as `--watchFolders`
Differential Revision: D8567229
fbshipit-source-id: 3b76fd8e23d201a4097e9dfba3a512d64f348cb0
Summary:
We use projectRoots to limit crawling of jest-haste-map in large codebases. Since this implies multiple projects roots, it makes it very hard (or impossible) to reliably cache dependency resolutions.
If we can replace this with a single project root and a set of watch roots, we can have relative path resolutions for all dependencies which van be cached.
Reviewed By: rafeca
Differential Revision: D8450498
fbshipit-source-id: 830c21e847c3236e42d5414a8587508cb73864bd
Summary:
Add ignores for these requires, some of them mistakenly removed by da3424c929.
```
yarn flow
```
CircleCI should be green again.
Closes https://github.com/facebook/react-native/pull/18021
Differential Revision: D7025304
Pulled By: jeanlauliac
fbshipit-source-id: 731232093ae3ab39b3eff6fb2004ff4e7090d5ae
Summary:
Includes React Native and its dependencies Fresco, Metro, and Yoga. Excludes samples/examples/docs.
find: ^(?:( *)|( *(?:[\*~#]|::))( )? *)?Copyright (?:\(c\) )?(\d{4})\b.+Facebook[\s\S]+?BSD[\s\S]+?(?:this source tree|the same directory)\.$
replace: $1$2$3Copyright (c) $4-present, Facebook, Inc.\n$2\n$1$2$3This source code is licensed under the MIT license found in the\n$1$2$3LICENSE file in the root directory of this source tree.
Reviewed By: TheSavior, yungsters
Differential Revision: D7007050
fbshipit-source-id: 37dd6bf0ffec0923bfc99c260bb330683f35553e
Summary:
<!--
Thank you for sending the PR! We appreciate you spending the time to work on these changes.
Help us understand your motivation by explaining why you decided to make this change.
You can learn more about contributing to React Native here: http://facebook.github.io/react-native/docs/contributing.html
Happy contributing!
-->
See #17618
On certain networks, `xip.io` is used, but as the debugger will always using localhost a change upstream has resulted in a CORS issue (see screenshots in #17618). This change ensures that the debugger will always open with whatever configuration.
> This should be merged in as a patch of `0.52.x` as it affects current release, and `0.51.x` didn't have this issue.
Tested locally, could do with the people having the same issue in #17618 testing it out prior to merging.
(If this PR adds or changes functionality, please take some time to update the docs at https://github.com/facebook/react-native-website, and link to your PR here.)
<!--
Help reviewers and the release process by writing your own release notes
**INTERNAL and MINOR tagged notes will not be included in the next version's final release notes.**
CATEGORY
[----------] TYPE
[ CLI ] [-------------] LOCATION
[ DOCS ] [ BREAKING ] [-------------]
[ GENERAL ] [ BUGFIX ] [-{Component}-]
[ INTERNAL ] [ ENHANCEMENT ] [ {File} ]
[ IOS ] [ FEATURE ] [ {Directory} ] |-----------|
[ ANDROID ] [ MINOR ] [ {Framework} ] - | {Message} |
[----------] [-------------] [-------------] |-----------|
[CATEGORY] [TYPE] [LOCATION] - MESSAGE
EXAMPLES:
[IOS] [BREAKING] [FlatList] - Change a thing that breaks other things
[ANDROID] [BUGFIX] [TextInput] - Did a thing to TextInput
[CLI] [FEATURE] [local-cli/info/info.js] - CLI easier to do things with
[DOCS] [BUGFIX] [GettingStarted.md] - Accidentally a thing/word
[GENERAL] [ENHANCEMENT] [Yoga] - Added new yoga thing/position
[INTERNAL] [FEATURE] [./scripts] - Added thing to script that nobody will see
-->
[CLI] [BUGFIX] [local-cli/server/middleware/getDevToolsMiddleware.js] - Prevents JS Debugger issues with CORS
Closes https://github.com/facebook/react-native/pull/17720
Differential Revision: D6828205
Pulled By: hramos
fbshipit-source-id: 7e5d43db9faf7edc9444ba4214aca1a18e25dbd2
Summary: Tries to adress https://github.com/facebook/metro/issues/65. We need a reasonnable workaround to support modules like `moment.js` that do dynamic requires but only in some cases. By replacing the call by a function that throws, we move the exception at runtime instead of happening at compile time. We don't want to do that for non-node_modules file because they are fixable directly, while `node_modules` are not fixable by people and they get completely blocked by the error at compile time.
Reviewed By: rafeca
Differential Revision: D6736989
fbshipit-source-id: a6e1fd9b56fa83907400884efd8f8594018b7c37
Summary:
The pull request adds the `--port` option to `run-ios` allowing a developer to build and launch a react-native app using a single command line like this:
```
react-native run-ios --port 8088
```
It defaults to the current port 8081.
This pull request fixes issue #9145 and issue #14113.
This patch also extends `run-android` to properly test and launch the packager with the specified port, extending the work done in PR: ##15316
1. Create a new react-native app, or simply clone this branch and then update your version of react-native using `yarn add file:./path/to/this/fork/of/react-native`
2. run `react-native run-ios --port 8088`
3. watch the packager start on the desired port (8088 in this case) and watch your app in your simulator connect to the packager and launch the app.
Closes https://github.com/facebook/react-native/pull/16172
Differential Revision: D6612534
Pulled By: shergin
fbshipit-source-id: 50af449f5e4c32fb76ba95f4cb7bf179e35526d5