Dev Diary #18 - Collection Hooks Migration, Testing Improvements, and Security Fixes
Hey hey, another month another diary. This month has been super intense in terms of OSS and I thought it was going to be dwindling down lol!
Thankfully, due to my new work relationship with Caught, I’ve begun working on migrating their applications to 3.0. They’re big on using collection-hooks, and during my time at Trusted.care, this package migration was far from perfect. In fact, I was in a time crunch so I sloppily continued whatever was already being done there and gave it one last push just to wrap things up. So this time I wanted to get things right.
I started off with integrating lai:collection-extensions into core, which is a critical building block to many Meteor packages out there. Then I moved on to collection-hooks itself. Running tests was an abomination – they kept getting stuck, so I modified the test-in-browser package to allow only running a single set of tests on refresh and to make the DX a little better. But then it kept getting stuck each time, and debugging would entail a huge amount of time, so I opted to migrate collection-hooks to Mocha tests in line with other packages out there like collection2. You can try out the latest beta right now, which is 2.1.0-beta.4. I’ve also begun migrating the Partitioner package, which utilizes collection-hooks underneath.
Lastly, as I was working on wrapping up an application for deployment, I noticed a huge security hole where you’d still have to add a deny to disallow users from editing their profile field, even when you didn’t allow in the first place!! I quickly created a PR and even raised an issue about the current status of the guide.