Page MenuHomePhabricator

Security Review for Vega 5 and Vega-Lite JavaScript Libraries
Closed, ResolvedPublic

Description

There's a gsoc project to integrate Vega 5 and Vega-Lite into the Maps extension.

In addition to any custom shims, the library itself needs to be reviewed.

Note: That Vega v1 through v3 libraries have previously been reviewed - see T172938.

Event Timeline

Bawolff created this task.May 8 2019, 4:24 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 8 2019, 4:24 PM
sbassett assigned this task to Bawolff.May 8 2019, 4:25 PM
sbassett triaged this task as Normal priority.
sbassett added a subscriber: sbassett.
Yurik updated the task description. (Show Details)May 8 2019, 6:52 PM
Yurik added a comment.May 8 2019, 6:54 PM

Do we want a separate ticket for Vega-Lite? Vega-Lite can be thought of as an "add-on" converter library that simply converts one JSON into a different JSON, without any other functionality (e.g. no XHR calls, no UI, etc). This way users can use a much simpler language VegaLite, and it will be dynamically converted to a full Vega.

@Yurik - I think we can probably just include Vega-Lite on this task. I can update the title and description.

sbassett renamed this task from Security review for vega 5 to Security Review for Vega 5 and Vega-Lite JavaScript Libraries.May 8 2019, 9:03 PM
sbassett added projects: Maps, JavaScript.
sbassett updated the task description. (Show Details)
sbassett changed the task status from Open to Stalled.EditedJun 11 2019, 5:12 PM

Review stalled, waiting on further updates from related GSoC project managed by @Yurik.

Yurik added a comment.Jun 11 2019, 5:17 PM

@sbassett sorry, unsure what you mean. Some code has already been completed -- https://github.com/nyurik/mw-graph-shared/commit/b97fd309897f701bd0db6b1d60635d0786d84887 -- making it possible to integrate the future v3+. The next step would be to create a patch for graphoid & graph ext using that shared code.

@Yurik - the Security-Team is just waiting on everything to be completed (basically ready for deployment) on your's/Vega's end before we complete any further review on our end.

Yurik added a comment.Jun 11 2019, 5:45 PM

sounds good, thanks @sbassett !

sbassett claimed this task.Jul 2 2019, 5:09 PM
sbassett edited subscribers, added: Reedy; removed: sbassett, Bawolff.
Jcross lowered the priority of this task from Normal to Lowest.Jul 16 2019, 5:28 PM
Jcross moved this task from Awaiting remediation to Frozen on the Security-Team-Reviews board.
Jcross added a subscriber: Jcross.

Moving to frozen until it is clear that work will continue.

Hi @Yurik - will we be providing additional review for you or may I close this ticket? Please let us know, and thank you!

Jennifer

Yurik closed this task as Resolved.Aug 21 2019, 3:23 AM

Thanks, closing for now, waiting for the Vega team and the students.

Jcross added a comment.EditedAug 21 2019, 3:06 PM

Thank you for the quick reply @Yurik ! Please let us know when we are needed for additional review. Cheers.