From 27eb60d5379ee63ab8a441f74abc891d66b123aa Mon Sep 17 00:00:00 2001 From: Philip Carneiro Date: Wed, 10 Jul 2024 06:36:40 +0100 Subject: [PATCH 1/4] update ag-grid --- package-lock.json | 18 ++++++++++++++---- package.json | 2 +- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index e324d91c..2df82788 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@types/graceful-fs": "^4.1.9", "@vscode/webview-ui-toolkit": "^1.4.0", "@windozer/node-q": "^2.6.0", - "ag-grid-community": "^31.3.1", + "ag-grid-community": "^32.0.1", "axios": "^1.7.2", "chevrotain": "^10.5.0", "csv-parser": "^3.0.0", @@ -1570,10 +1570,20 @@ "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" } }, + "node_modules/ag-charts-types": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/ag-charts-types/-/ag-charts-types-10.0.1.tgz", + "integrity": "sha512-o8aXJfO5lsLGu4jE/2MiTogLCfdJ8UCmrWNPb+AWU0YutCrBHO0uWbSuqzabZxZ4WHxwwRtTllZMT6WqTdz+qg==", + "license": "MIT" + }, "node_modules/ag-grid-community": { - "version": "31.3.1", - "resolved": "https://registry.npmjs.org/ag-grid-community/-/ag-grid-community-31.3.1.tgz", - "integrity": "sha512-kKnNxY8UaVoF0aUSdtzK7oGr48Wj+VrdDY5l2p9+HdF0cAo/jBEasuUYR85QbkumNyilI6UbFpO6IyCrjNQ6Iw==" + "version": "32.0.1", + "resolved": "https://registry.npmjs.org/ag-grid-community/-/ag-grid-community-32.0.1.tgz", + "integrity": "sha512-/eimCgJqMeyFxpJMTQuCtedKzk+BIInqhRdKdoQG8MD3yjrs/AWQFAcT6MP0T64CuNd85mxwB2t+3Ggb+S8hdA==", + "license": "MIT", + "dependencies": { + "ag-charts-types": "10.0.1" + } }, "node_modules/agent-base": { "version": "6.0.2", diff --git a/package.json b/package.json index 87b0a21b..1d78fbba 100644 --- a/package.json +++ b/package.json @@ -874,7 +874,7 @@ "@types/graceful-fs": "^4.1.9", "@vscode/webview-ui-toolkit": "^1.4.0", "@windozer/node-q": "^2.6.0", - "ag-grid-community": "^31.3.1", + "ag-grid-community": "^32.0.1", "axios": "^1.7.2", "chevrotain": "^10.5.0", "csv-parser": "^3.0.0", From 77dce821e83adc66077229a58bacf9430f688fde Mon Sep 17 00:00:00 2001 From: Philip Carneiro Date: Wed, 10 Jul 2024 06:38:02 +0100 Subject: [PATCH 2/4] remove ag-grid error from snyk ignore --- .snyk | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.snyk b/.snyk index 3de415c9..e69de29b 100644 --- a/.snyk +++ b/.snyk @@ -1,6 +0,0 @@ -version: v1.5.0 -ignore: - "SNYK-JS-AGGRIDCOMMUNITY-7414157": - - "*": - reason: "Fix not published yet. When the fix is published, we'll update the package.json to use the fixed version." - expires: "2050-01-01T00:00:00.000Z" From 566fc345f59a72d01926d72b663de4ac96163adb Mon Sep 17 00:00:00 2001 From: Philip Carneiro Date: Wed, 10 Jul 2024 06:46:28 +0100 Subject: [PATCH 3/4] update version and changelog --- CHANGELOG.md | 6 ++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 309b58b5..bae4e171 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to the **kdb VS Code extension** are documented in this file. +# v1.6.1 + +### Fixes + +- Update Ag-Grid package to avoid prototype pollution + # v1.6.0 ### Enhancements diff --git a/package-lock.json b/package-lock.json index 2df82788..487580ac 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "kdb", - "version": "1.6.0", + "version": "1.6.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "kdb", - "version": "1.6.0", + "version": "1.6.1", "license": "MIT", "dependencies": { "@types/graceful-fs": "^4.1.9", diff --git a/package.json b/package.json index 1d78fbba..90592dd8 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "displayName": "kdb", "description": "IDE support for kdb product suite", "publisher": "KX", - "version": "1.6.0", + "version": "1.6.1", "engines": { "vscode": "^1.86.0" }, From a0d251dfb483558a6bd42a7828732719ff6ab14e Mon Sep 17 00:00:00 2001 From: PeterShort-kx <163027900+PeterShort-kx@users.noreply.github.com> Date: Wed, 10 Jul 2024 11:31:43 -0400 Subject: [PATCH 4/4] Correct formatting and spellings for 1.6 changelog --- CHANGELOG.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bae4e171..97f466f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,14 +13,14 @@ All notable changes to the **kdb VS Code extension** are documented in this file ### Enhancements - Display meta data for Insights connections -- Added option to click at meta data and open in json format the meta data -- Ability to change the name of the Keycloak realm, used for authentication, from the default value of `insights`. This enables the connection to a kdb Insights Enterprise Free trial instance. -- Improve the console log quality to "kdb"output pane +- Added option to click on meta data and open the meta data in json format +- Ability to change the name of the Keycloak realm, used for authentication, from the default value of `insights`. This enables the connection to a kdb Insights Enterprise Free trial instance +- Improve the console log quality to "kdb" output pane - Insights free trial instances are supported - Added execute block command for q code - Added hotkey to cache function parameters for q code -- Extension now reconigze which version of Insights is connected -- Extension changes scratchpad endpoints accordly to the Insights versions +- Extension now recognizes which version of Insights is connected +- Extension changes scratchpad endpoints according to the Insights versions - Allow connection information in user settings to be editable - Allow same server address to be used in multiple connections - Language server features works on unsaved files @@ -33,7 +33,7 @@ All notable changes to the **kdb VS Code extension** are documented in this file - Fixed delay when executing query on KDB+ connections - Make connection names case insensitive - Fixed GUID type displayed as number for Insights -- Fixed problem when the user close(not hide) the Results Tab +- Fixed problem when the user closes (not hides) the Results Tab - Fixed time zone for populate scratchpad ### Internal Improvements