Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update vulnerable libraries #766

Merged
merged 10 commits into from
Sep 6, 2024
Merged

Update vulnerable libraries #766

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
7977220
Update vulnerable decode-uri-component
rorymckinley Sep 5, 2024
c3df1e5
Partially update vulnerable version of braces
rorymckinley Sep 5, 2024
2c69d90
Remove live-server - vulnerable version of braces
rorymckinley Sep 5, 2024
24534e1
Upgrade vulnerable version of ws.
rorymckinley Sep 5, 2024
1f340fa
Update typesync - remove dependency on ip
rorymckinley Sep 5, 2024
ac5c373
Update vulenrable version of postcss.
rorymckinley Sep 5, 2024
6370e76
Update vulnerable version of micromatch
rorymckinley Sep 5, 2024
3a5277b
Upgrade vulnerable version of word-wrap.
rorymckinley Sep 5, 2024
03ad493
Update @slack/web-api due to axios
rorymckinley Sep 5, 2024
a2b8c38
Changes as a result of new typesync version
rorymckinley Sep 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .changeset/few-foxes-occur.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Upgrade vulnerable version of ws.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@josephjclark This is an alarming comment - to serve as a friendly reminder that I bumped ws several minor versions and, as a result, you thought that some additional testing may be prudent.

5 changes: 5 additions & 0 deletions .changeset/fluffy-kids-melt.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'dts-inspector': patch
---

Remove live-server as it was preventing an update of a vulnerable version of braces.
5 changes: 5 additions & 0 deletions .changeset/friendly-horses-fix.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@openfn/ws-worker': patch
---

Update vulnerable version of decode-uri-component.
8 changes: 8 additions & 0 deletions .changeset/itchy-walls-fetch.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Update vulnerable version of word-wrap.
8 changes: 8 additions & 0 deletions .changeset/light-insects-sniff.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Update vulnerable version of postcss.
8 changes: 8 additions & 0 deletions .changeset/little-buses-drum.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Update @slack/web-api to remove dependency on vulnerable axios.
8 changes: 8 additions & 0 deletions .changeset/pink-grapes-happen.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Update typesync to remove dependency on ip, which has a vulnerability without a patch.
8 changes: 8 additions & 0 deletions .changeset/sour-bugs-brush.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Update vulnerable version of micromatch.
17 changes: 17 additions & 0 deletions .changeset/sour-mugs-burn.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
'dts-inspector': patch
'@openfn/integration-tests-cli': patch
'@openfn/integration-tests-execute': patch
'@openfn/integration-tests-worker': patch
'@openfn/cli': patch
'@openfn/compiler': patch
'@openfn/deploy': patch
'@openfn/describe-package': patch
'@openfn/engine-multi': patch
'@openfn/lightning-mock': patch
'@openfn/logger': patch
'@openfn/runtime': patch
'@openfn/ws-worker': patch
---

Partially update vulnerable versions of braces - live-server is a holdout as there is not a newer version available.
4 changes: 1 addition & 3 deletions examples/dts-inspector/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,11 @@
},
"devDependencies": {
"@tailwindcss/forms": "^0.5.2",
"@types/live-server": "^1.2.1",
"@types/react": "^18.0.8",
"@types/react-dom": "^18.0.3",
"esbuild": "^0.18.14",
"esbuild-postcss": "^0.0.4",
"live-server": "^1.2.2",
"postcss": "^8.4.13",
"postcss": "^8.4.45",
"react": "^18.1.0",
"react-dom": "^18.1.0",
"tailwindcss": "^3.0.24"
Expand Down
3 changes: 2 additions & 1 deletion integration-tests/cli/modules/test/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
"version": "0.0.1",
"type": "module",
"module": "index.js",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion integration-tests/worker/dummy-repo/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,6 @@
"@openfn/language-common_latest": "npm:@openfn/language-common@^1.12.0",
"@openfn/stateful-test_1.0.0": "@npm:@openfn/[email protected]",
"@openfn/test-adaptor_1.0.0": "@npm:@openfn/[email protected]"
}
},
"devDependencies": {}
}
4 changes: 2 additions & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@
"license": "ISC",
"devDependencies": {
"@changesets/cli": "^2.27.1",
"@slack/web-api": "^6.8.1",
"@slack/web-api": "^6.12.1",
"@types/gunzip-maybe": "^1.4.0",
"@types/rimraf": "^3.0.2",
"@types/tar-stream": "^2.2.2",
"gunzip-maybe": "^1.4.2",
"prettier": "^2.8.8",
"rimraf": "^3.0.2",
"tar-stream": "^3.0.0",
"typesync": "^0.11.1"
"typesync": "^0.13.0"
}
}
2 changes: 1 addition & 1 deletion packages/cli/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
"figures": "^5.0.0",
"rimraf": "^3.0.2",
"treeify": "^1.1.0",
"ws": "^8.14.1",
"ws": "^8.18.0",
"yargs": "^17.7.2"
},
"files": [
Expand Down
3 changes: 2 additions & 1 deletion packages/cli/test/__modules__/@openfn/language-common/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@
"module": "index.js",
"main": "index.js",
"types": "types.d.ts",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/cli/test/__modules__/@openfn/language-postgres/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"type": "module",
"module": "index.js",
"types": "types.d.ts",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/cli/test/__modules__/times-two/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"type": "module",
"module": "index.js",
"types": "types.d.ts",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/cli/test/__monorepo__/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{
"name": "adaptors"
"name": "adaptors",
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/cli/test/__monorepo__/packages/common/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"type": "module",
"module": "index.js",
"types": "types.d.ts",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/cli/test/__repo__/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"times-two_0.0.1": "npm:[email protected]",
"@openfn/language-common_0.0.1": "npm:@openfn/language-common0.0.1",
"@openfn/language-postgres_0.0.1": "npm:@openfn/[email protected]"
}
},
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/compiler/test/__modules__/adaptor/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
"version": "0.0.1",
"type": "module",
"types": "adaptor.d.ts",
"private": "true"
"private": "true",
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/engine-multi/test/__repo__/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"version": "1.0.0",
"dependencies": {
"@openfn/helper_1.0.0": "@npm:@openfn/[email protected]"
}
},
"devDependencies": {}
}
2 changes: 1 addition & 1 deletion packages/lightning-mock/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"koa-bodyparser": "^4.4.0",
"koa-logger": "^3.2.1",
"phoenix": "^1.7.7",
"ws": "^8.14.1"
"ws": "^8.18.0"
},
"devDependencies": {
"@types/koa": "^2.13.5",
Expand Down
3 changes: 2 additions & 1 deletion packages/runtime/test/__modules__/@openfn/language-common/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"type": "module",
"module": "index.js",
"main": "index.js",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/runtime/test/__modules__/test/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
"version": "0.0.1",
"type": "module",
"module": "index.js",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/runtime/test/__modules__/ultimate-answer/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
"version": "0.0.1",
"type": "module",
"module": "index.js",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/runtime/test/__repo__/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,6 @@
"ultimate-answer_1.0.0": "@npm:[email protected]",
"ultimate-answer_2.0.0": "@npm:[email protected]",
"cjs_1.0.0": "@npm:[email protected]"
}
},
"devDependencies": {}
}
2 changes: 1 addition & 1 deletion packages/ws-worker/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
"koa-bodyparser": "^4.4.0",
"koa-logger": "^3.2.1",
"phoenix": "1.7.10",
"ws": "^8.14.1"
"ws": "^8.18.0"
},
"devDependencies": {
"@openfn/lightning-mock": "workspace:*",
Expand Down
Loading