This commit accompanies the four that precede it. Rather than squash
them altogether, the four previous commits all do nothing except move
files to help avoid conflicts.
* csp: nonce and unsafe-eval for scripts
To kick things off, a rudimentary CSP implementation only allows
dynamically loading new JavaScript if it includes an associated nonce
that is generated on every load of the app.
A more sophisticated content security policy is necessary, particularly
one that bans eval for scripts, but one step at a time.
* img-src is not necessary if the goal is not to restrict
* configurable CSP owned by security team
* smoke test
* remove x-content-security-policy
* document csp.rules
* fix tsconfig for test
* switch integration test back to regular js
* stop looking for tsconfig in test
* grrr, linting errors not caught by precommit
* docs: people -> you for consistency sake
Co-Authored-By: epixa <court@epixa.com>
We're a super small team (1 UI developer) at the moment and don't want PRs to x-pack/monitoring code to require review from us. We haven't had issues with this approach until now and see no reason to change the policy just yet.
Since the default view for new issues is the edit view, and we don't
intend for folks to submit issues that are created using the question
template, markdown really only makes things harder to read.
The bug report and feature request templates are pretty
straightforward.
The question template will hopefully drive people that just have a
question toward the forums.
* switch to yarn
* cleanup misc references to npm
* [yarn] loosen dependency ranges so yarn will merge more deps
* fix linting error now that moment uses ESM
* [licenses] font-awesome changed the format of its license id
* Use local yarn
* Misc fixes
* eslintignore built yarn file
* Remove mkdir which doesn't do what it should do
* Check build without upgrading lots of versions
* Fix license check
* too many moments
* Better description
* Review fixes
* Lock to angular@1.6.5
* More specific version locks
* Revert "More specific version locks"
This reverts commit 11ef81102e.
* Revert "Lock to angular@1.6.5"
This reverts commit 3ade68c14c.
* rm yarn.lock; yarn
* Forcing a specific version of React, Angular, Moment
* Using vendored version of yarn in ci
* Use --frozen-lockfile
* fixes
Modeled after the templates used in the elasticsearch repo, these
templates will be used by github to prefill issue and pull request
bodies to help users avoid commonly encountered problems.