Various fixes in one PR #4253
Merged
Various fixes in one PR #4253
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…URE_HSTS_HEADER_* and SECURE_CSP work as expected. readENVTruthy never returned defaultValue. if not set to on|off|true|false the default value is returned
…into 201901_profile_save_workaround2
PieterGit
changed the title
INSECURE_USE_HTTP and npm updateStick to `terser` version `~3.14.1` instead of `^3.16.0`, because of
```
ERROR in js/bundle.js from Terser
TypeError: Cannot read property 'minify' of undefined
at minify (E:\path\toc\cgm-remote-monitor\node_modules\terser-webpack-plugin\dist\minify.js:175:23)
```
See terser/terser#254 for details on that bug
PieterGit
changed the title
|
@unsoluble @jpcunningh @sulkaharo can you please review/test this PR? |
|
Merging to |
Merged
sulkaharo
added a commit
that referenced
this pull request
Feb 7, 2019
Draft release notes for upcoming 0.11 release (currently release candidate phase). # Changes Over 360 commits, 89 files changed, +8,428 / −6,569 lines of changes (full list of changes here: https://github.com/nightscout/cgm-remote-monitor/pull/4022/commits ) ## New features - Fully secure by default out of the box. Unsecure access via http is not allowed anymore by default. This might force you to re-authenticate with your `API_SECRET` or token if you were using unsecure access. (@PieterGit ) - No outdated packages with vulnerabilities are being used anymore (@PieterGit ) - Add Week to Week report (@jpcunningh, #4123 ) - Add Loopalyzer report to analyse looping. Visualize your loop (@lixgbg, #3629 #4235 ) - Add predictions support to Day to Day report (@lixgbg, #3179 ) - Add cgm sensor stop to Careportal (@jpcunningh, #4060) ## Removed features - remove `mqtt` module, because it had a security issue and was not used - remove `sgvdata` module, because it had a security issue, added a lot of complexity and wasn't needed (@PieterGit ). Replacement implementation for CSV and TSV export (@sulkaharo ). ## Improvements - Fix MongoDB database insert handling. Log error on inserts and don't crash in case the MongoDB disk is full or MongoDB quota is reached (@sulkaharo and @jpcunningh) - Upgrade packages to recent version, fixing all known security issues with dependencies (@PieterGit) - Redirect redirect HTTP to HTTPS and implement HSTS (@jweismann, @PieterGit, #4044 and #4010 and #4253 ) - Technical improvement: Migrate from `uglify-js` to `terser-webpack-plugin` (@PieterGit) - Streamlined Heroku deployment template with more descriptive text and more appropriate defaults for new users (@unsoluble, #4116 ) ## Bug fixes - Fix CGM voltageb battery warning level to match xDrip+ (@jpcunningh, #3954 ) - Fix daylight saving and reloading bug in profile editor, (@DigitalDan1, @Kywalh #4029 and #4074 ) - Reduce the amount of Profile Switch treatments being loaded to fix UI slowdown and Nightscout home screen losing AAPS data from >3 hours ago, (@sulkaharo, @vickster1, #4055 ) - Upgrade to [share2nightscout 0.2.0](https://github.com/nightscout/share2nightscout-bridge/releases/tag/0.2.0). Prevent Nightscout server crashes in case Dexcom server does not respond (@PieterGit, @veryfancy) - Fix UI so pills are updated immediately after new data is loaded (@sulkaharo) - Fixes to If-Modified-Since HTTP header handling for BG data (@sulkaharo) ## Documentation and language updates - Language updates for Danish, Dutch, German, Hebrew, Norwegian, Russian - New languages: Japanese, Turkish - Update Alexa documentation. Note that some Alexa improvements are postponed to Nightscout 0.12 because the Alexa plugin needs refactoring, see #4168 (comment) - Update IFTTT maker-setup.md docs (@Dave9111, @unsoluble, #4206 ) - Updated various docs, including [CONTRIBUTING](https://github.com/nightscout/cgm-remote-monitor/blob/dev/CONTRIBUTING.md) documentation # Upgrade notes - We only allow Nightscout to start with a secure Node JS. - Latest Node 8 LTS (8.15.0 or later) and Latest Node 10 LTS (10.15.1 or later) are recommended and supported. - Latest Node version on Azure (currently 10.14.0) is tolerated, but not recommended - Other versions will not start - The [rawbg](https://github.com/nightscout/cgm-remote-monitor#rawbg-raw-bg) settings are converted to a single setting tri-state variable. - We improved security and added several new environment variables such as [INSECURE_USE_HTTP and SECURE_HSTS_HEADER](https://github.com/nightscout/cgm-remote-monitor/#predefined-values-for-your-server-settings-optional) - Your site redirects to https by default. If you don't want that or use a Nginx or Apache proxy, set `INSECURE_USE_HTTP` to `true`. - We enabled [HTTP Strict Transport Security (HSTS)](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) headers by default, settings `SECURE_HSTS_HEADER` and `SECURE_HSTS_HEADER_*` ## Upgrade notes for Azure users We recommend Azure users consider migrating their hosting to Heroku, as we've observed Heroku users have significantly less issues with having their sites work reliably. If you want to continue using Azure, change the following configuration variables in Azure before updating to the latest Nightscout version: ``` WEBSITE_NODE_DEFAULT_VERSION=10.14.1 SCM_COMMAND_IDLE_TIMEOUT=300 ``` # Install instructions Install instructions can be found: https://github.com/nightscout/cgm-remote-monitor/blob/master/README.md#install # Contributors to this release The release coordination for this release was done by @PieterGit We would like to thank the following people for their contribution (in alphabetical order): @anderser, @apanasef, @balshor, @bewest, @blocklist_twitter, @CaroGo, @cascer1, @cluckj, @danamlewis, @Dave9111, @diabetlum, @herzogmedia, @janrpn, @jasoncalabrese, @jpcunningh, @jweismann, @kenstack, @Kywalh, @lixgbg, @LuminaryXion, @MilosKozak, @mitrei, @PaperT1D, @PieterGit, @unsoluble, @rarneson, @renegadeandy, @scottleibrand, @sulkaharo, @T-o-b-i-a-s, @tynbendad, @unsoluble, @veryfancy, @viq, @wootmasterslick (if I forgot somebody, please respond) # TODO TODO: Translations, Languages with less than 80% will be removed in a future Nightscout version. Currently the following languages are at risk: 中文(繁體) (zh_tw), Hrvatski (hr), Ελληνικά (el), 한국어 (ko) See https://gitter.im/nightscout/public?at=5bef2f34de42d46bba766f66 TODO: Fix Codacy errors, https://app.codacy.com/app/Nightscout/cgm-remote-monitor/issues?bid=2452379&filters=W3siaWQiOiJDYXRlZ29yeSIsInZhbHVlcyI6WyJFcnJvciBQcm9uZSJdfV0= TODO: test dev after all new features are merged for at least two weeks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Various fixes:
readENVTruthynever returned defaultValue. if not set toon|off|true|falsethe default value will be returned (instead of the string).INSECURE_USE_HTTP,SECURE_HSTS_HEADER,SECURE_HSTS_HEADER_*andSECURE_CSPwork as expected. This fixes bugfix, if we stick to the original logic it seems to work as expected #4163