forked from facebook/create-react-app
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update from upstream repo facebook/create-react-app@master (#3)
* Add modes to our Babel preset (1.x) (facebook#4668) * babel-preset-react-app@3.1.2 * add react-testing-library documentation/examples (facebook#4679) * add react-testing-library documentation/examples * make react-testing-library a heading * fix typo * Fix link to the article about BEM (facebook#4858) * Use file name whitelist to prevent RCE (facebook#4866) * Use file name whitelist to prevent RCE Use a whitelist to validate user-provided file names. This doesn't cover the entire range of valid filenames but should cover almost all of them in practice. Allows letters, numbers, periods, dashes, and underscores. Opting to use a whitelist instead of a blacklist because getting this wrong leaves us vulnerable to a RCE attack. * Allow alphabet characters from all languages Updated the whitelist to /^[\p{L}0-9/.\-_]+$/u, which matches alphanumeric characters, periods, dashes, and underscores. Unicode property support is stage 4 so I've inlined the transpiled version. * Only use file name whitelist on Windows * Log error message if file name does not pass whitelist * Bump versions * Bump release * Add 1.1.5 release notes
- Loading branch information
1 parent
c8eb308
commit d0b0838
Showing
12 changed files
with
283 additions
and
134 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,135 @@ | ||
| /** | ||
| * Copyright (c) 2015-present, Facebook, Inc. | ||
| * | ||
| * This source code is licensed under the MIT license found in the | ||
| * LICENSE file in the root directory of this source tree. | ||
| */ | ||
| 'use strict'; | ||
|
|
||
| module.exports = function create(env) { | ||
| if (env !== 'development' && env !== 'test' && env !== 'production') { | ||
| throw new Error( | ||
| 'Using `babel-preset-react-app` requires that you specify `NODE_ENV` or ' + | ||
| '`BABEL_ENV` environment variables. Valid values are "development", ' + | ||
| '"test", and "production". Instead, received: ' + | ||
| JSON.stringify(env) + | ||
| '.' | ||
| ); | ||
| } | ||
|
|
||
| const plugins = [ | ||
| // Necessary to include regardless of the environment because | ||
| // in practice some other transforms (such as object-rest-spread) | ||
| // don't work without it: https://github.com/babel/babel/issues/7215 | ||
| require.resolve('babel-plugin-transform-es2015-destructuring'), | ||
| // class { handleClick = () => { } } | ||
| require.resolve('babel-plugin-transform-class-properties'), | ||
| // The following two plugins use Object.assign directly, instead of Babel's | ||
| // extends helper. Note that this assumes `Object.assign` is available. | ||
| // { ...todo, completed: true } | ||
| [ | ||
| require.resolve('babel-plugin-transform-object-rest-spread'), | ||
| { | ||
| useBuiltIns: true, | ||
| }, | ||
| ], | ||
| // Transforms JSX | ||
| [ | ||
| require.resolve('babel-plugin-transform-react-jsx'), | ||
| { | ||
| useBuiltIns: true, | ||
| }, | ||
| ], | ||
| // Polyfills the runtime needed for async/await and generators | ||
| [ | ||
| require.resolve('babel-plugin-transform-runtime'), | ||
| { | ||
| helpers: false, | ||
| polyfill: false, | ||
| regenerator: true, | ||
| }, | ||
| ], | ||
| ]; | ||
|
|
||
| if (env === 'development' || env === 'test') { | ||
| // The following two plugins are currently necessary to make React warnings | ||
| // include more valuable information. They are included here because they are | ||
| // currently not enabled in babel-preset-react. See the below threads for more info: | ||
| // https://github.com/babel/babel/issues/4702 | ||
| // https://github.com/babel/babel/pull/3540#issuecomment-228673661 | ||
| // https://github.com/facebookincubator/create-react-app/issues/989 | ||
| plugins.push.apply(plugins, [ | ||
| // Adds component stack to warning messages | ||
| require.resolve('babel-plugin-transform-react-jsx-source'), | ||
| // Adds __self attribute to JSX which React will use for some warnings | ||
| require.resolve('babel-plugin-transform-react-jsx-self'), | ||
| ]); | ||
| } | ||
|
|
||
| if (env === 'test') { | ||
| return { | ||
| presets: [ | ||
| // ES features necessary for user's Node version | ||
| [ | ||
| require('babel-preset-env').default, | ||
| { | ||
| targets: { | ||
| node: 'current', | ||
| }, | ||
| }, | ||
| ], | ||
| // JSX, Flow | ||
| require.resolve('babel-preset-react'), | ||
| ], | ||
| plugins: plugins.concat([ | ||
| // Compiles import() to a deferred require() | ||
| require.resolve('babel-plugin-dynamic-import-node'), | ||
| ]), | ||
| }; | ||
| } else { | ||
| return { | ||
| presets: [ | ||
| // Latest stable ECMAScript features | ||
| [ | ||
| require.resolve('babel-preset-env'), | ||
| { | ||
| targets: { | ||
| // React parses on ie 9, so we should too | ||
| ie: 9, | ||
| // We currently minify with uglify | ||
| // Remove after https://github.com/mishoo/UglifyJS2/issues/448 | ||
| uglify: true, | ||
| }, | ||
| // Disable polyfill transforms | ||
| useBuiltIns: false, | ||
| // Do not transform modules to CJS | ||
| modules: false, | ||
| }, | ||
| ], | ||
| // JSX, Flow | ||
| require.resolve('babel-preset-react'), | ||
| ], | ||
| plugins: plugins.concat([ | ||
| // function* () { yield 42; yield 43; } | ||
| [ | ||
| require.resolve('babel-plugin-transform-regenerator'), | ||
| { | ||
| // Async functions are converted to generators by babel-preset-env | ||
| async: false, | ||
| }, | ||
| ], | ||
| // Adds syntax support for import() | ||
| require.resolve('babel-plugin-syntax-dynamic-import'), | ||
| ]), | ||
| }; | ||
|
|
||
| if (env === 'production') { | ||
| // Optimization: hoist JSX that never changes out of render() | ||
| // Disabled because of issues: https://github.com/facebookincubator/create-react-app/issues/553 | ||
| // TODO: Enable again when these issues are resolved. | ||
| // plugins.push.apply(plugins, [ | ||
| // require.resolve('babel-plugin-transform-react-constant-elements') | ||
| // ]); | ||
| } | ||
| } | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| /** | ||
| * Copyright (c) 2015-present, Facebook, Inc. | ||
| * | ||
| * This source code is licensed under the MIT license found in the | ||
| * LICENSE file in the root directory of this source tree. | ||
| */ | ||
| 'use strict'; | ||
|
|
||
| const create = require('./create'); | ||
|
|
||
| module.exports = create('development'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| /** | ||
| * Copyright (c) 2015-present, Facebook, Inc. | ||
| * | ||
| * This source code is licensed under the MIT license found in the | ||
| * LICENSE file in the root directory of this source tree. | ||
| */ | ||
| 'use strict'; | ||
|
|
||
| const create = require('./create'); | ||
|
|
||
| module.exports = create('production'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| /** | ||
| * Copyright (c) 2015-present, Facebook, Inc. | ||
| * | ||
| * This source code is licensed under the MIT license found in the | ||
| * LICENSE file in the root directory of this source tree. | ||
| */ | ||
| 'use strict'; | ||
|
|
||
| const create = require('./create'); | ||
|
|
||
| module.exports = create('test'); |
Oops, something went wrong.