From 25fa1357ff19639075546aebc5794f90cadca95d Mon Sep 17 00:00:00 2001 From: Roberto Oliveira Date: Thu, 12 Sep 2024 12:12:35 -0400 Subject: [PATCH] NO-ISSUE: upgrade body-parser to version 1.20.3 (fixes CVE-2024-45590) --- .../package.json | 2 +- .../package.json | 2 +- packages/sonataflow-dev-app/package.json | 2 +- pnpm-lock.yaml | 134 ++++++++++++------ 4 files changed, 90 insertions(+), 50 deletions(-) diff --git a/packages/runtime-tools-management-console-webapp/package.json b/packages/runtime-tools-management-console-webapp/package.json index 4817ede1d8f..2baaab4d7e4 100644 --- a/packages/runtime-tools-management-console-webapp/package.json +++ b/packages/runtime-tools-management-console-webapp/package.json @@ -65,7 +65,7 @@ "@types/react-router": "^5.1.20", "@types/react-router-dom": "^5.3.3", "apollo-server-express": "^3.13.0", - "body-parser": "^1.20.2", + "body-parser": "^1.20.3", "concurrently": "^8.2.2", "copy-webpack-plugin": "^11.0.0", "core-js": "3.6.5", diff --git a/packages/runtime-tools-process-dev-ui-webapp/package.json b/packages/runtime-tools-process-dev-ui-webapp/package.json index 711163015ef..d9e634d85ec 100644 --- a/packages/runtime-tools-process-dev-ui-webapp/package.json +++ b/packages/runtime-tools-process-dev-ui-webapp/package.json @@ -79,7 +79,7 @@ "@types/react-router-dom": "^5.3.3", "@types/uuid": "^8.3.0", "apollo-server-express": "^3.13.0", - "body-parser": "^1.20.2", + "body-parser": "^1.20.3", "concurrently": "^8.2.2", "copy-webpack-plugin": "^11.0.0", "core-js": "3.6.5", diff --git a/packages/sonataflow-dev-app/package.json b/packages/sonataflow-dev-app/package.json index 6e385562abf..f4de2a3ad66 100644 --- a/packages/sonataflow-dev-app/package.json +++ b/packages/sonataflow-dev-app/package.json @@ -26,7 +26,7 @@ "@kie-tools/root-env": "workspace:*", "apollo-server-express": "^3.13.0", "babel-jest": "^25.5.1", - "body-parser": "^1.20.2", + "body-parser": "^1.20.3", "cors": "^2.8.5", "express": "^4.19.2", "express-rate-limit": "^7.4.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ba699483f13..a4484493e46 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -7227,8 +7227,8 @@ importers: specifier: ^3.13.0 version: 3.13.0(encoding@0.1.13)(express@4.19.2)(graphql@14.3.1) body-parser: - specifier: ^1.20.2 - version: 1.20.2 + specifier: ^1.20.3 + version: 1.20.3 concurrently: specifier: ^8.2.2 version: 8.2.2 @@ -7492,8 +7492,8 @@ importers: specifier: ^3.13.0 version: 3.13.0(encoding@0.1.13)(express@4.19.2)(graphql@14.3.1) body-parser: - specifier: ^1.20.2 - version: 1.20.2 + specifier: ^1.20.3 + version: 1.20.3 concurrently: specifier: ^8.2.2 version: 8.2.2 @@ -10767,8 +10767,8 @@ importers: specifier: ^25.5.1 version: 25.5.1(@babel/core@7.24.9) body-parser: - specifier: ^1.20.2 - version: 1.20.2 + specifier: ^1.20.3 + version: 1.20.3 cors: specifier: ^2.8.5 version: 2.8.5 @@ -20557,6 +20557,10 @@ packages: resolution: {integrity: sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==} engines: {node: '>= 0.8', npm: 1.2.8000 || >= 1.4.16} + body-parser@1.20.3: + resolution: {integrity: sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==} + engines: {node: '>= 0.8', npm: 1.2.8000 || >= 1.4.16} + body-scroll-lock@4.0.0-beta.0: resolution: {integrity: sha512-a7tP5+0Mw3YlUJcGAKUqIBkYYGlYxk2fnCasq/FUph1hadxlTRjF+gAcZksxANnaMnALjxEddmSi/H3OR8ugcQ==} @@ -26911,6 +26915,10 @@ packages: resolution: {integrity: sha512-tDNIz22aBzCDxLtVH++VnTfzxlfeK5CbqohpSqpJgj1Wg/cQbStNAz3NuqCs5vV+pjBsK4x4pN9HlVh7rcYRiA==} engines: {node: '>=0.6'} + qs@6.13.0: + resolution: {integrity: sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==} + engines: {node: '>=0.6'} + querystring-es3@0.2.1: resolution: {integrity: sha512-773xhDQnZBMFobEiztv8LIl70ch5MSF/jUQVlhwFyBILqq96anmoctVIYz+ZRp0qbCKATTn6ev02M3r7Ga5vqA==} engines: {node: '>=0.4.x'} @@ -28019,6 +28027,10 @@ packages: side-channel@1.0.4: resolution: {integrity: sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==} + side-channel@1.0.6: + resolution: {integrity: sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==} + engines: {node: '>= 0.4'} + signal-exit@3.0.7: resolution: {integrity: sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==} @@ -31191,7 +31203,7 @@ snapshots: '@babel/core': 7.16.12 '@babel/helper-compilation-targets': 7.23.6 '@babel/helper-plugin-utils': 7.22.5 - debug: 4.3.5 + debug: 4.3.6 lodash.debounce: 4.0.8 resolve: 1.22.8 semver: 6.3.1 @@ -31203,7 +31215,7 @@ snapshots: '@babel/core': 7.18.10 '@babel/helper-compilation-targets': 7.23.6 '@babel/helper-plugin-utils': 7.22.5 - debug: 4.3.5 + debug: 4.3.6 lodash.debounce: 4.0.8 resolve: 1.22.8 semver: 6.3.1 @@ -31215,7 +31227,7 @@ snapshots: '@babel/core': 7.24.9 '@babel/helper-compilation-targets': 7.23.6 '@babel/helper-plugin-utils': 7.22.5 - debug: 4.3.5 + debug: 4.3.6 lodash.debounce: 4.0.8 resolve: 1.22.8 semver: 6.3.1 @@ -31227,7 +31239,7 @@ snapshots: '@babel/core': 7.23.0 '@babel/helper-compilation-targets': 7.23.6 '@babel/helper-plugin-utils': 7.22.5 - debug: 4.3.5 + debug: 4.3.6 lodash.debounce: 4.0.8 resolve: 1.22.8 transitivePeerDependencies: @@ -31238,7 +31250,7 @@ snapshots: '@babel/core': 7.23.0 '@babel/helper-compilation-targets': 7.23.6 '@babel/helper-plugin-utils': 7.22.5 - debug: 4.3.5 + debug: 4.3.6 lodash.debounce: 4.0.8 resolve: 1.22.8 transitivePeerDependencies: @@ -31249,7 +31261,7 @@ snapshots: '@babel/core': 7.23.9 '@babel/helper-compilation-targets': 7.23.6 '@babel/helper-plugin-utils': 7.22.5 - debug: 4.3.5 + debug: 4.3.6 lodash.debounce: 4.0.8 resolve: 1.22.8 transitivePeerDependencies: @@ -36743,7 +36755,7 @@ snapshots: '@babel/parser': 7.25.3 '@babel/template': 7.25.0 '@babel/types': 7.25.2 - debug: 4.3.5 + debug: 4.3.6 globals: 11.12.0 transitivePeerDependencies: - supports-color @@ -37039,7 +37051,7 @@ snapshots: '@eslint/eslintrc@2.1.2': dependencies: ajv: 6.12.6 - debug: 4.3.5 + debug: 4.3.6 espree: 9.6.1 globals: 13.20.0 ignore: 5.2.0 @@ -37458,7 +37470,7 @@ snapshots: '@types/json-stable-stringify': 1.0.34 '@whatwg-node/fetch': 0.8.8 chalk: 4.1.2 - debug: 4.3.5 + debug: 4.3.6 dotenv: 16.3.1 graphql: 14.3.1 graphql-request: 6.1.0(encoding@0.1.13)(graphql@14.3.1) @@ -37564,7 +37576,7 @@ snapshots: '@humanwhocodes/config-array@0.11.13': dependencies: '@humanwhocodes/object-schema': 2.0.1 - debug: 4.3.5 + debug: 4.3.6 minimatch: 3.1.2 transitivePeerDependencies: - supports-color @@ -41663,7 +41675,7 @@ snapshots: '@storybook/react-docgen-typescript-plugin@1.0.6--canary.9.0c3f3b7.0(typescript@5.5.3)(webpack@5.94.0(@swc/core@1.3.92)(esbuild@0.18.20)(webpack-cli@4.10.0))': dependencies: - debug: 4.3.5 + debug: 4.3.6 endent: 2.1.0 find-cache-dir: 3.3.1 flat-cache: 3.0.4 @@ -41677,7 +41689,7 @@ snapshots: '@storybook/react-docgen-typescript-plugin@1.0.6--canary.9.0c3f3b7.0(typescript@5.5.3)(webpack@5.94.0(esbuild@0.18.20))': dependencies: - debug: 4.3.5 + debug: 4.3.6 endent: 2.1.0 find-cache-dir: 3.3.1 flat-cache: 3.0.4 @@ -41691,7 +41703,7 @@ snapshots: '@storybook/react-docgen-typescript-plugin@1.0.6--canary.9.0c3f3b7.0(typescript@5.5.3)(webpack@5.94.0(webpack-cli@4.10.0))': dependencies: - debug: 4.3.5 + debug: 4.3.6 endent: 2.1.0 find-cache-dir: 3.3.1 flat-cache: 3.0.4 @@ -43053,7 +43065,7 @@ snapshots: dependencies: '@typescript-eslint/typescript-estree': 5.62.0(typescript@5.5.3) '@typescript-eslint/utils': 5.62.0(eslint@8.52.0)(typescript@5.5.3) - debug: 4.3.5 + debug: 4.3.6 eslint: 8.52.0 tsutils: 3.21.0(typescript@5.5.3) optionalDependencies: @@ -43067,7 +43079,7 @@ snapshots: dependencies: '@typescript-eslint/types': 5.62.0 '@typescript-eslint/visitor-keys': 5.62.0 - debug: 4.3.5 + debug: 4.3.6 globby: 11.1.0 is-glob: 4.0.3 semver: 7.5.4 @@ -43730,13 +43742,13 @@ snapshots: agent-base@6.0.2: dependencies: - debug: 4.3.5 + debug: 4.3.6 transitivePeerDependencies: - supports-color agent-base@7.1.0: dependencies: - debug: 4.3.5 + debug: 4.3.6 transitivePeerDependencies: - supports-color @@ -44009,7 +44021,7 @@ snapshots: accepts: 1.3.8 apollo-server-core: 3.13.0(encoding@0.1.13)(graphql@14.3.1) apollo-server-types: 3.8.0(encoding@0.1.13)(graphql@14.3.1) - body-parser: 1.20.2 + body-parser: 1.20.3 cors: 2.8.5 express: 4.19.2 graphql: 14.3.1 @@ -45062,6 +45074,23 @@ snapshots: transitivePeerDependencies: - supports-color + body-parser@1.20.3: + dependencies: + bytes: 3.1.2 + content-type: 1.0.5 + debug: 2.6.9 + depd: 2.0.0 + destroy: 1.2.0 + http-errors: 2.0.0 + iconv-lite: 0.4.24 + on-finished: 2.4.1 + qs: 6.13.0 + raw-body: 2.5.2 + type-is: 1.6.18 + unpipe: 1.0.0 + transitivePeerDependencies: + - supports-color + body-scroll-lock@4.0.0-beta.0: {} bole@4.0.0: @@ -47102,7 +47131,7 @@ snapshots: detect-port@1.5.1: dependencies: address: 1.2.2 - debug: 4.3.5 + debug: 4.3.6 transitivePeerDependencies: - supports-color @@ -47342,7 +47371,7 @@ snapshots: base64id: 2.0.0 cookie: 0.4.1 cors: 2.8.5 - debug: 4.3.5 + debug: 4.3.6 engine.io-parser: 5.0.3 ws: 8.2.3 transitivePeerDependencies: @@ -47690,7 +47719,7 @@ snapshots: esbuild-register@3.5.0(esbuild@0.18.20): dependencies: - debug: 4.3.5 + debug: 4.3.6 esbuild: 0.18.20 transitivePeerDependencies: - supports-color @@ -48169,7 +48198,7 @@ snapshots: extract-zip@2.0.1: dependencies: - debug: 4.3.5 + debug: 4.3.6 get-stream: 5.2.0 yauzl: 2.10.0 optionalDependencies: @@ -48179,7 +48208,7 @@ snapshots: extract-zip@2.0.1(supports-color@8.1.1): dependencies: - debug: 4.3.5(supports-color@8.1.1) + debug: 4.3.6(supports-color@8.1.1) get-stream: 5.2.0 yauzl: 2.10.0 optionalDependencies: @@ -48604,7 +48633,7 @@ snapshots: dependencies: asynckit: 0.4.0 combined-stream: 1.0.8 - mime-types: 2.1.34 + mime-types: 2.1.35 form-data@4.0.0: dependencies: @@ -49352,7 +49381,7 @@ snapshots: dependencies: '@tootallnate/once': 1.1.2 agent-base: 6.0.2 - debug: 4.3.5 + debug: 4.3.6 transitivePeerDependencies: - supports-color @@ -49367,7 +49396,7 @@ snapshots: http-proxy-agent@6.1.1: dependencies: agent-base: 7.1.0 - debug: 4.3.5 + debug: 4.3.6 transitivePeerDependencies: - supports-color @@ -49445,14 +49474,14 @@ snapshots: https-proxy-agent@4.0.0: dependencies: agent-base: 5.1.1 - debug: 4.3.5 + debug: 4.3.6 transitivePeerDependencies: - supports-color https-proxy-agent@5.0.0: dependencies: agent-base: 6.0.2 - debug: 4.3.5 + debug: 4.3.6 transitivePeerDependencies: - supports-color @@ -49466,14 +49495,14 @@ snapshots: https-proxy-agent@6.2.1: dependencies: agent-base: 7.1.0 - debug: 4.3.5 + debug: 4.3.6 transitivePeerDependencies: - supports-color https-proxy-agent@7.0.2: dependencies: agent-base: 7.1.0 - debug: 4.3.5 + debug: 4.3.6 transitivePeerDependencies: - supports-color @@ -50001,7 +50030,7 @@ snapshots: istanbul-lib-source-maps@4.0.0: dependencies: - debug: 4.3.5 + debug: 4.3.6 istanbul-lib-coverage: 3.2.0 source-map: 0.6.1 transitivePeerDependencies: @@ -51442,7 +51471,7 @@ snapshots: koa-send@5.0.1: dependencies: - debug: 4.3.5 + debug: 4.3.6 http-errors: 1.8.1 resolve-path: 1.4.0 transitivePeerDependencies: @@ -51739,7 +51768,7 @@ snapshots: log4js@6.4.1: dependencies: date-format: 4.0.3 - debug: 4.3.5 + debug: 4.3.6 flatted: 3.2.4 rfdc: 1.3.0 streamroller: 3.0.2 @@ -53737,7 +53766,7 @@ snapshots: puppeteer-core@2.1.1: dependencies: '@types/mime-types': 2.1.2 - debug: 4.3.5 + debug: 4.3.6 extract-zip: 1.7.0 https-proxy-agent: 4.0.0 mime: 2.6.0 @@ -53797,6 +53826,10 @@ snapshots: dependencies: side-channel: 1.0.4 + qs@6.13.0: + dependencies: + side-channel: 1.0.6 + querystring-es3@0.2.1: {} querystringify@2.2.0: {} @@ -55208,6 +55241,13 @@ snapshots: get-intrinsic: 1.2.4 object-inspect: 1.13.1 + side-channel@1.0.6: + dependencies: + call-bind: 1.0.7 + es-errors: 1.3.0 + get-intrinsic: 1.2.4 + object-inspect: 1.13.1 + signal-exit@3.0.7: {} signal-exit@4.1.0: {} @@ -55330,7 +55370,7 @@ snapshots: dependencies: '@types/component-emitter': 1.2.11 component-emitter: 1.3.0 - debug: 4.3.5 + debug: 4.3.6 transitivePeerDependencies: - supports-color @@ -55338,7 +55378,7 @@ snapshots: dependencies: accepts: 1.3.8 base64id: 2.0.0 - debug: 4.3.5 + debug: 4.3.6 engine.io: 6.1.2 socket.io-adapter: 2.3.3 socket.io-parser: 4.0.4 @@ -55448,7 +55488,7 @@ snapshots: spdy-transport@3.0.0: dependencies: - debug: 4.3.5 + debug: 4.3.6 detect-node: 2.1.0 hpack.js: 2.1.6 obuf: 1.1.2 @@ -55619,7 +55659,7 @@ snapshots: streamroller@3.0.2: dependencies: date-format: 4.0.3 - debug: 4.3.5 + debug: 4.3.6 fs-extra: 10.1.0 transitivePeerDependencies: - supports-color @@ -55821,7 +55861,7 @@ snapshots: dependencies: component-emitter: 1.3.0 cookiejar: 2.1.4 - debug: 4.3.5 + debug: 4.3.6 fast-safe-stringify: 2.1.1 form-data: 4.0.0 formidable: 2.1.1 @@ -56767,7 +56807,7 @@ snapshots: tuf-js@2.2.1: dependencies: '@tufjs/models': 2.0.1 - debug: 4.3.5 + debug: 4.3.6 make-fetch-happen: 13.0.1 transitivePeerDependencies: - supports-color @@ -56806,7 +56846,7 @@ snapshots: type-is@1.6.18: dependencies: media-typer: 0.3.0 - mime-types: 2.1.34 + mime-types: 2.1.35 typed-array-buffer@1.0.0: dependencies: