Security warnings

trying to swat most of these https://github.com/rive-app/rive/security/dependabot?page=13&q=is%3Aopen+sort%3Amanifest-path+ecosystem%3Anpm there are a few sets of issues here `release-it` - i just updated these, we should be aware that on next release of android/ios/etc we may have an issue here, i did a dry run on rive_flutter which was fine mind you. `_framework/examples` - i ran all of them successfully, *except for* the `vue` example which complains that we dont have `rive.lean.dev` in our dist. I actually suspect that this example stopped working but was hoping to confirm this @HayesGordon `wasm/examples` - ran all of these successfully *except for* the `centaur_game` example. the scaling seems off, and the centaur is not in the frame properly, also the apples are being placed oddly & rendered "twice" once with a static apple and once with an animated one... I did a little playing around here, (changing a state machine to advanceAndApply etc) but once again was hoping to find out if this was actually working properly before. (will go and check out main and rebuild everything in a second to double check the state of this, but I couldnt even build this before updating packages... ) `runtime_wasm/js` hm this one is all just made up of dev bits, do we need to do more to test this than try the examples? Diffs= 5893a12377 Security warnings (#8825) 6f306199ca add histogram arg to check golds to pass thru to diff.py (#8822) 9d07b638c2 move advanced call after update (#8807) 11afb83c7f Reset scroll constraint when state machine not running (#8817) cff1067393 Merge path_utils.hpp and eval_cubic.hpp into the core runtime (#8794) 1be9b574d1 Ensure child layouts mark dirty when flex direction changes (#8792) 4f4e07a68b Fix straight lines being detected as cusps (#8790) 11d4e46498 Add FillRule::clockwise to the runtime (#8786) 49e1109e3f add bind once support (#8761) d4a46062fb do not use frameOrigin to validate if artboard has its origin translated (#8788) 4b7454518f editor: minor text fixes (#8787) de2a5cbf93 Replace Swiftshader with Nvidia gpu runner (#8644) 14dcaa0cde improve error reporting if exe in deploy script does not exist (#8618) 2a6cf9d0a6 Set supportsRasterOrdering in the webgpu backend (#8774) f19a9c9399 editor: allow hit testing over text and text runs (#8719) e37a0f285f rename property to avoid conflict with code generation (#8765) d30f3e3ca6 do not exclude proxies from drawables list (#8762) b9773680e3 Scripting begins! (#8751) 7cc6f5bbe3 GL MSAA tweaks (#8753) 3c322193bf More android tuning for PowerVR (#8747) 32636f7dde Work around gradient sync issues on Oppo Reno 3 Pro (#8745) 7d39d0fca7 fix artboard origin offset (#8737) 908fe3b784 Convert unity builds to use build_rive.sh (#8742) d3123ff351 Tag custom premake builds on v5.0.0-beta3 (#8741) 0cdfd3bf32 Fix layout display issues (#8733) 6f70a0e803 Add visionOS and tvOS support to Apple runtime (#8107) f69757c8dd fix triggers reset (#8732) ab29c640cc Prevent negative layout size (#8731) f9355c5d84 add data binding blend states support (#7731) 1a8c162151 Nnnn instance data converters part 3 (#8726) f3d66c238a Nnnn fix js runtime listeners check (#8727) 567dd549f1 added missing_goldens and missing_candidates to diff.py result (#8722) c7c1701511 Nnnn system data enums part 3 (#8635) ce070a26e9 diff.py updates (#8721) aaaf1a206e Allow $JAVA_HOME without java installed in deploy_tests.py (#8699) Co-authored-by: Maxwell Talbot <talbot.maxwell@gmail.com>
2025-06-22 01:55:59 +00:00 · 2025-01-07 15:47:45 +00:00
parent 90c91f60af
commit 63e42a19da
8 changed files with 1 additions and 2809 deletions
--- a/.github/scripts/release/.gitignore
+++ b/.github/scripts/release/.gitignore
@ -1,119 +0,0 @@
-# Logs
-logs
-*.log
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
-lerna-debug.log*
-.pnpm-debug.log*
-
-# Diagnostic reports (https://nodejs.org/api/report.html)
-report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
-
-# Runtime data
-pids
-*.pid
-*.seed
-*.pid.lock
-
-# Directory for instrumented libs generated by jscoverage/JSCover
-lib-cov
-
-# Coverage directory used by tools like istanbul
-coverage
-*.lcov
-
-# nyc test coverage
-.nyc_output
-
-# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
-.grunt
-
-# Bower dependency directory (https://bower.io/)
-bower_components
-
-# node-waf configuration
-.lock-wscript
-
-# Compiled binary addons (https://nodejs.org/api/addons.html)
-build/Release
-
-# Dependency directories
-node_modules/
-jspm_packages/
-
-# Snowpack dependency directory (https://snowpack.dev/)
-web_modules/
-
-# TypeScript cache
-*.tsbuildinfo
-
-# Optional npm cache directory
-.npm
-
-# Optional eslint cache
-.eslintcache
-
-# Microbundle cache
-.rpt2_cache/
-.rts2_cache_cjs/
-.rts2_cache_es/
-.rts2_cache_umd/
-
-# Optional REPL history
-.node_repl_history
-
-# Output of 'npm pack'
-*.tgz
-
-# Yarn Integrity file
-.yarn-integrity
-
-# dotenv environment variables file
-.env
-.env.test
-.env.production
-
-# parcel-bundler cache (https://parceljs.org/)
-.cache
-.parcel-cache
-
-# Next.js build output
-.next
-out
-
-# Nuxt.js build / generate output
-.nuxt
-dist
-
-# Gatsby files
-.cache/
-# Comment in the public line in if your project uses Gatsby and not Next.js
-# https://nextjs.org/blog/next-9-1#public-directory-support
-# public
-
-# vuepress build output
-.vuepress/dist
-
-# Serverless directories
-.serverless/
-
-# FuseBox cache
-.fusebox/
-
-# DynamoDB Local files
-.dynamodb/
-
-# TernJS port file
-.tern-port
-
-# Stores VSCode versions used for testing VSCode extensions
-.vscode-test
-
-# yarn v2
-.yarn/cache
-.yarn/unplugged
-.yarn/build-state.yml
-.yarn/install-state.gz
-.pnp.*
-{"mode":"full","isActive":false}
--- a/.github/scripts/release/.release-it.json
+++ b/.github/scripts/release/.release-it.json
@ -1,35 +0,0 @@
-{
-    "git": {
-        "requireCleanWorkingDir": false,
-        "commitMessage": "chore: release v${version}",
-        "tagName": "${version}"
-    },
-    "github": {
-        "release": true,
-        "releaseName": "${version}"
-    },
-    "npm": {
-        "publish": false,
-        "ignoreVersion": true
-    },
-    "plugins": {
-        "@release-it/bumper": {
-            "in": {
-                "file": "../../../VERSION",
-                "type": "text/plain"
-            },
-            "out": {
-                "file": "../../../VERSION",
-                "type": "text/plain"
-            }
-        }
-    },
-    "hooks": {
-        "after:bump": [
-            "npx auto-changelog -p --commit-limit false --template changelog.hbs --prepend -o ../../../CHANGELOG.md",
-            "git add ../../../CHANGELOG.md",
-            "git add ../../../VERSION",
-            "git add ../../../pubspec.yaml"
-        ]
-    }
-}
--- a/.github/scripts/release/changelog.hbs
+++ b/.github/scripts/release/changelog.hbs
@ -1,13 +0,0 @@
-{{#each releases}}
-{{#if @first}}
-## {{title}}{{#if tag}} ({{isoDate}}){{/if}}
-{{#each merges}}
- {{{message}}}{{#if href}} [`#{{id}}`]({{href}}){{/if}}
-{{/each}}
-{{#each fixes}}
- {{{commit.subject}}}{{#each fixes}}{{#if href}} [`#{{id}}`]({{href}}){{/if}}{{/each}}
-{{/each}}
-{{#each commits}}{{#if breaking}}**Breaking change:** {{{subject}}}{{#if href}}[`{{shorthash}}`]({{href}}){{/if}}
-{{/if}}{{/each}}
-{{/if}}
-{{/each}}
--- a/.github/scripts/release/package-lock.json
+++ b/.github/scripts/release/package-lock.json
--- a/.github/scripts/release/package.json
+++ b/.github/scripts/release/package.json
@ -1,15 +0,0 @@
-{
-    "name": "release",
-    "description": "",
-    "scripts": {
-        "release": "release-it"
-    },
-    "author": "",
-    "license": "ISC",
-    "devDependencies": {
-        "@release-it/bumper": "^2.0.0",
-        "auto-changelog": "^2.3.0",
-        "release-it": "^14.11.0"
-    },
-    "version": "0.8.4"
-}
--- a/.github/scripts/release/release.sh
+++ b/.github/scripts/release/release.sh
@ -1,15 +0,0 @@
-#!/bin/bash
-
-set -e 
-
-RELEASE_VERSION=`npm run release -- --ci --release-version | tail -n 1`
-if ! command -v cider &> /dev/null
-then
-    pub global activate cider
-fi
-
-pushd ../../../
-cider version $RELEASE_VERSION
-popd
-
-npm run release -- --ci
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@ -1,35 +0,0 @@
-name: Publish to pub.dev
-
-on:
-  pull_request:
-    types: [closed]
-    branches:
-      - master
-jobs:
-  merge_job:
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.merged == true
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: true
-      - uses: actions/setup-node@v2
-        with:
-          node-version: "12.x"
-          registry-url: "https://registry.npmjs.org"
-      - uses: subosito/flutter-action@v1
-        with:
-          channel: "stable"
-      - name: Install dependencies
-        run: npm ci
-        working-directory: ./.github/scripts/release
-      - name: Git config
-        run: |
-          git config --local user.email 'hello@rive.app'
-          git config --local user.name ${{ github.actor }}
-      - name: Release
-        run: ./release.sh
-        working-directory: ./.github/scripts/release
-        env:
-          GITHUB_AUTHOR: ${{ github.actor }}
-          GITHUB_TOKEN: ${{ secrets.RIVE_REPO_PAT }}
--- a/.rive_head
+++ b/.rive_head
@ -1 +1 @@
-f653f3f73f23eed970f823d7e9c0f124c00c0fd4
+5893a123773ecccb37dd35568030a4c18a041fa7