Summary:
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
<details>
<summary>Commits</summary>
<ul>
<li><a href="a2c5da8660"><code>a2c5da8</code></a> 1.3.8</li>
<li><a href="af5c6bb5dc"><code>af5c6bb</code></a> Do not use Object.create(null)</li>
<li><a href="8b648a1ac4"><code>8b648a1</code></a> don't test where our devdeps don't even work</li>
<li><a href="c74c8af35f"><code>c74c8af</code></a> 1.3.7</li>
<li><a href="024b8b55ac"><code>024b8b5</code></a> update deps, add linting</li>
<li><a href="032fbaf5f0"><code>032fbaf</code></a> Use Object.create(null) to avoid default object property hazards</li>
<li><a href="2da90391ef"><code>2da9039</code></a> 1.3.6</li>
<li><a href="cfea636f53"><code>cfea636</code></a> better git push script, before publish instead of after</li>
<li><a href="56d2805e07"><code>56d2805</code></a> do not allow invalid hazardous string as section name</li>
<li>See full diff in <a href="https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for ini since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/infer/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/infer/pull/1359
Reviewed By: da319
Differential Revision: D25638014
Pulled By: jvillard
fbshipit-source-id: bcae03523
Summary:
Similar to the `tar` command, append `sudo` to the `ln` command since it fails due to 'Permission Denied' errors on Linux
Pull Request resolved: https://github.com/facebook/infer/pull/1344
Reviewed By: skcho
Differential Revision: D24917642
Pulled By: jvillard
fbshipit-source-id: d593d12b8
Summary: Includes all changes made from the last time of `make doc-publish`
Reviewed By: jvillard
Differential Revision: D24728644
fbshipit-source-id: c0006a8dd
Summary:
- rename the checker "Uninitialized Variable" to "Uninitialized Value"
as this is the name of the issue type
- delete timestamp XML comment from the man pages to avoid future git
churn when updating the website
- counting is hard
Reviewed By: martintrojer
Differential Revision: D24219165
fbshipit-source-id: cf3057373
Summary:
This is required for versioning to work correctly when creating a new
version of the website.
Reviewed By: martintrojer
Differential Revision: D24217125
fbshipit-source-id: 8f7a4bc44
Summary:
We forgot to add this when adding the new subcommand. These should
really be auto-generated but let's save that for another diff.
Reviewed By: martintrojer
Differential Revision: D24217111
fbshipit-source-id: 860860533
Summary:
- freshen up /docs/next/absint-framework to give sensible advice, and
delete outdated bits that are now in the API docs so they remain fresh
- delete SimpleChecker.ml as it's just a source of bitrot
- delete the "adding checkers" page as it's completely outdated and
subsumed by the "AI framework" page + the labs.
Reviewed By: jberdine
Differential Revision: D23597271
fbshipit-source-id: 78b541746
Summary:
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p>
<blockquote>
<h2>4.17.16</h2>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d7fbc52ee0"><code>d7fbc52</code></a> Bump to v4.17.19</li>
<li><a href="2e1c0f22f4"><code>2e1c0f2</code></a> Add npm-package</li>
<li><a href="1b6c282299"><code>1b6c282</code></a> Bump to v4.17.18</li>
<li><a href="a370ac8140"><code>a370ac8</code></a> Bump to v4.17.17</li>
<li><a href="1144918f35"><code>1144918</code></a> Rebuild lodash and docs</li>
<li><a href="3a3b0fd339"><code>3a3b0fd</code></a> Bump to v4.17.16</li>
<li><a href="c84fe82760"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li>
<li><a href="e7b28ea6cb"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li>
<li><a href="0cec225778"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li>
<li><a href="94c3a8133c"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.19">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p>
</details>
<br />
[](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/infer/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/infer/pull/1291
Reviewed By: dulmarod
Differential Revision: D22665400
Pulled By: jvillard
fbshipit-source-id: f40ff0590
Summary:
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md">websocket-extensions's changelog</a>.</em></p>
<blockquote>
<h3>0.1.4 / 2020-06-02</h3>
<ul>
<li>Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by
Robert McLaughlin)</li>
<li>Change license from MIT to Apache 2.0</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="8efd0cd6e3"><code>8efd0cd</code></a> Bump version to 0.1.4</li>
<li><a href="3dad4ad44a"><code>3dad4ad</code></a> Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser</li>
<li><a href="4a76c75efb"><code>4a76c75</code></a> Add Node versions 13 and 14 on Travis</li>
<li><a href="44a677a9c0"><code>44a677a</code></a> Formatting change: {...} should have spaces inside the braces</li>
<li><a href="f6c50aba0c"><code>f6c50ab</code></a> Let npm reformat package.json</li>
<li><a href="2d211f3705"><code>2d211f3</code></a> Change markdown formatting of docs.</li>
<li><a href="0b620834cc"><code>0b62083</code></a> Update Travis target versions.</li>
<li><a href="729a465307"><code>729a465</code></a> Switch license to Apache 2.0.</li>
<li>See full diff in <a href="https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4">compare view</a></li>
</ul>
</details>
<br />
[](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/infer/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/infer/pull/1279
Reviewed By: ezgicicek
Differential Revision: D22334261
Pulled By: jvillard
fbshipit-source-id: 0f08d6873
Summary:
Better API for creating issue types:
- distinguish hidden/normal/dynamic issue types
- normal issue types should always be documented
- add "TODO" to missing documentation
- dynamic issue types are the only ones that can be created outside of
IssueType.ml
I had to document the new CCBM and the resource leak lab exercise to
keep Help.ml happy, did `make doc-publish`.
Reviewed By: ngorogiannis
Differential Revision: D22118766
fbshipit-source-id: 3d0194518
Summary:
A bug in docusaurus makes relative URLs fail depending on how the page
was accessed, because the URL of a page in docs/ will end in / if
accessed directly or via hyperlink, but that / will be omitted when
clicking on the sidebar. The final / makes all the difference when
interpreting relative URLs so relative URLs are essentially broken.
See https://github.com/facebook/docusaurus/issues/2832 for more details.
This changes URL generation to generate URLs /docs/next/..., and
manually substitute relative URLs that had been written by hand.
Also fix a few other things about outdated links/comments.
Finally, `make doc-publish`.
Reviewed By: dulmarod
Differential Revision: D22117187
fbshipit-source-id: 32e2ba7e1
Summary:
Needed to remove user_documentation for the new
CONFIG_CHECK_BETWEEN_MARKERS issue type otherwise it violated the
invariant that the corresponding checker should be documented too but
its development has just started.
Reviewed By: skcho
Differential Revision: D22065820
fbshipit-source-id: 4b3a58850
Summary:
alicelieutier graciously contributed this React component to savagely
include the HTML from the man pages into docusaurus. Now they render
like the rest of the documentation!
Reviewed By: cristianoc
Differential Revision: D22050580
fbshipit-source-id: e8e314109
Summary:
Hi,
I have found a couple of small issues while reading the docs. The pull request contains the fixes.
BTW, the link to PLDI slices is also broken here: https://fbinfer.com/docs/absint-framework. I haven't found the slides anywhere, so not sure how to fix it.
Pull Request resolved: https://github.com/facebook/infer/pull/1278
Reviewed By: dulmarod
Differential Revision: D22018947
Pulled By: jvillard
fbshipit-source-id: 13f6d27b1
Summary:
The page itself was already there but not linked from the rest of the
website.
Reviewed By: ezgicicek
Differential Revision: D21997950
fbshipit-source-id: 30380da65
Summary:
Delete the following outdated pages. Some of them have better
replacements now but some of them are just too out of date to easily
salvage.
- 01-adding-models.md: this is biabduction-specific and hard to make
that distinction. Most checkers have no way to add models. Even
suggesting that people add their own biabduction models was a bit
awkward as it requires recompiling infer to use.
- 01-checkers.md: outdated document that describes "new" checkers like
Quandary :)
- 01-experimental-checkers.md: very outdated!
- 02-limitations.md: also outdated: it roughly says "we don't do concurrency or
arithmetic, the former is basically impossible but the latter should
be easy"... well, 5 years later this hasn't aged too well ;)
- 01-eradicate.md: content has moved to auto-generated documentation
- 01-linters.md: content has moved to auto-generated documentation
- 01-racerd.md: content has moved to auto-generated documentation
Reviewed By: mityal
Differential Revision: D21934748
fbshipit-source-id: a933e5022
Summary:
New website! Now with one page per checker, and only one page containing
all issue types for easy tooling. Each checker page also lists the
issue types it can report.
For now only issue types with documentation appear in either page,
filling these up is still TODO.
Reviewed By: mityal
Differential Revision: D21934465
fbshipit-source-id: 82ae1e417
Summary:
Write documentation for all documented issue types and all user-facing
checkers in the "next" version of the documentation. Next diff shows the
new website.
Reviewed By: dulmarod
Differential Revision: D21934370
fbshipit-source-id: 53315d2b4
Summary:
Take all the issue type documentation in the website and add it to infer
itself so it can generate the website (see further diffs).
I mostly generated this diff by writing a script to call from `utop`
with various file lists to do most of the heavy lifting for me and make
sure I didn't forget any issue types: P132800781
Reviewed By: ngorogiannis
Differential Revision: D21934372
fbshipit-source-id: f3ea8c566
Summary:
Add a new section in the docs, creatively named "Versions", with links
to the 0.17.0 and "next" version. Staying vague on what "next" points to
because I don't know how often we'll be able to update it yet.
Reviewed By: ngorogiannis
Differential Revision: D21573699
fbshipit-source-id: fc527cf61
Summary:
Run `make doc-publish` and adjust links in
website/docs/04-internal-API.md to point to odoc/next/infer/infer.html as the
starting point of the docs has changed (was: odoc/index.html but now
this also contains dead links to sledge and ppx_trace... also infer.mld
is a me-written exposé of the various libraries and index.mld is an
auto-generated list of all the modules now).
Reviewed By: ngorogiannis
Differential Revision: D21552864
fbshipit-source-id: c3977f645
Summary:
This doesn't change the website for now except that, if you can guess
the URL, you can now access /docs/next/<page> and /docs/0.17.0/<page> in
addition to /docs/<page>. This is all automatically handled by
Docusaurus, nice!
We still need to manually version static/man/ and static/odoc/. The
0.17.0 versions are now in static/man/0.17.0/ and static/odoc/0.17.0/.
I haven't created static/man/next/ and static/doc/next/ (corresponding
to the "next" version) yet so some links in /docs/next/ are dead (but
unreachable by visitors for now). A follow-up commit populates these
with the man pages and odoc for the current master via an updated
`make doc-publish` target (it's currently regressed to a broken state).
Reviewed By: ngorogiannis
Differential Revision: D21552099
fbshipit-source-id: 3238580fe
Summary:
The plan is to keep only the man pages and OCaml doc for:
- the latest published version (0.17.0 currently)
- master-ish
Next commit will introduce versioning of the documentation.
Reviewed By: dulmarod
Differential Revision: D21526342
fbshipit-source-id: 6a49d168e
Summary:
This didn't work in prod, testing with `yarn build` also reveals the
problem locally.
Reviewed By: skcho
Differential Revision: D21522971
fbshipit-source-id: 6b6bd322f
Summary:
- Specify a "position" for the docs/support/blog entries in the top bar.
They had disappeared! This puts them back for some reason.
- Add "Facebook" to the "Social" list in the footer (it's a social
network, right?)
- remove executable permission on some text files (hmmmm)
- rename .md.md file to just .md (this also fixes a dead link)
- update yarn.lock (happened automatically when I tested the website
locally)
Reviewed By: ezgicicek
Differential Revision: D21504931
fbshipit-source-id: 5f89935e2
Summary:
Signed-off-by: Andrew V. Jones <andrew.jones@vector.com>
## Issue
Commit [068622c](https://github.com/facebook/infer/commit/068622c) renamed the option `test` to be `only-cheap-debug` and also flipped the default value. Therefore, what used to be `--no-test` (i.e., you _do_ want expensive debug information) is now `--no-only-cheap-debug`.
However, [`01-advanced-features.md`](https://github.com/facebook/infer/blob/master/website/docs/01-advanced-features.md) listed the option as `no_test` (with an underscore rather than a hyphen), which I guess got missed when renaming the option/changing the default.
The suggestion to use `--no_test` was recently suggested in [https://github.com/facebook/infer/issues/1252](https://github.com/facebook/infer/issues/1252#issuecomment-618922148), so we should probably remove this, otherwise you get (even if you use the "correct" syntax for an older Infer):
```
$ infer --no-test
/path/to/infer/bin/infer: unknown option '--no-test'.
```
## Description of changes
Given that `only-cheap-debug` now has a default of _false_ (i.e., if you request `-g`/`--debug`, you automatically get `--no-only-cheap-debug`), making the suggestion to users to turn _off_ "no expensive debugging" is not required.
Consequently, this PR removes the recommendation to pass `--no-test`/`--no-only-cheap-debug` in the documentation.
Pull Request resolved: https://github.com/facebook/infer/pull/1253
Reviewed By: ezgicicek
Differential Revision: D21424108
Pulled By: jvillard
fbshipit-source-id: 2b4623380
Summary:
Seems like a more sensible name. Most tooling should read report.json so
won't notice.
Still output a bugs.txt file with a message to point to report.txt while
people migrate.
Reviewed By: mityal, artempyanykh
Differential Revision: D20626111
fbshipit-source-id: efb84d098
Summary:
Bumps [acorn](https://github.com/acornjs/acorn) from 6.4.0 to 6.4.1.
<details>
<summary>Commits</summary>
<ul>
<li><a href="9a2e9b6678"><code>9a2e9b6</code></a> Mark version 6.4.1</li>
<li><a href="90a9548ea0"><code>90a9548</code></a> More rigorously check surrogate pairs in regexp validator</li>
<li>See full diff in <a href="https://github.com/acornjs/acorn/compare/6.4.0...6.4.1">compare view</a></li>
</ul>
</details>
<br />
[](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/infer/network/alerts).
</details>
Pull Request resolved: https://github.com/facebook/infer/pull/1238
Reviewed By: dulmarod
Differential Revision: D20513549
Pulled By: jvillard
fbshipit-source-id: 92cc20052
Summary:
Fixes#1234
Turns out I didn't catch this in local testing because docusaurus falls back on
exploring files in website/ locally for some reason.
Reviewed By: skcho
Differential Revision: D20342513
fbshipit-source-id: 87587ccc2
Summary:
It's a lot of code to maintain for something that no one ever uses
anymore.
Reviewed By: ngorogiannis
Differential Revision: D20282794
fbshipit-source-id: 28422c415
dependabot[bot]
Sora Morimoto
Petr Plavjanik
Edwin Kofler
Daiva Naudziuniene
Jules Villard
Sora Morimoto
Dulma Churchill
Artem Pianykh
Marat Khabibullin
Andrew V. Jones
Yangshun Tay
