The following security issue was reported by
Dependabot for the code generator script:
https://github.com/advisories/GHSA-hj48-42vr-x3v9
The issue was that the npm package path-parse 1.0.6
had a regex denial-of-service attack.
I have updated to use path-parse 1.0.7.
The user-facing Astronomy Engine library has no external
dependencies, so there is no need for most users to
be concerned with this change. The only affected component
was the internal code generator used to produce the
distributed source files, which is only run on my own
machine and the GitHub CI hook when I push a new change.
I verified that this update has no effect on the generated code.
Ran 'npm audit fix' to resolve some security vulnerabilities
in the developer tools in the 'generate' directory.
None of the vulnerabilities affect the npm package
astronomy-engine, because it has no external dependencies.
The risk was only to developers who run the code generation
tools, not end users. Even then, the risk is minimal because
these tools run with well-defined inputs that are not subject
to external tampering.
Also moved the NPM commands to the package.json
so the makedoc scripts execute them in a central place.
Installed a jsdoc theme to improve the html output.
The npm dependencies required are now
installed locally inside the generate folder.
Cleaned up the Astronomy object closure for TS
and kept it for the Browser bundle.
We will have some usage examples in the website.
