apache
Remove Insight & Disable telemetry
Platforms affected
CLI
Motivation and Context
closes #625
Insight is no longer maintained and it contains sub-dependencies with moderate vulnerabilities.
Description
All code relating to telemetry and using Insight have been commented out. Fake implementations were left in place so our Telemetry API still exists, just it will always "opt out" of telemetry.
This is done so that we can easily bring back telemetry later once we find a replacement for Insight.
Tests related to telemetry were disabled.
This PR is intended to be a stopgap just to resolve the present audit issues.
Testing
Ran npm test
Checklist
- [x] I've run the tests to see all new and existing tests pass
- [x] I added automated test coverage as appropriate for this change
- [x] Commit is prefixed with
(platform)if this change only applies to one platform (e.g.(android)) - [x] If this Pull Request resolves an issue, I linked to the issue in the text above (and used the correct keyword to close issues using keywords)
- [x] I've updated the documentation if necessary
It would be nice if this could be merged and released. I tried to manually remove insight but the require('insights') then fails when calling CLI commands.
We also have now the task to address our security issues, where this shows up as a very critical one. So it would be very nice if this could find its way to a release very soon!
The work in #633 is slightly more complete as far as also removing the documentation for the telemetry stuff, so I'm in favour of trying to that one merged.
