From cbdbd8c9dec8abd7bd7746529907e2c1f9ea7d71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9l=C3=A8ne=20Martin?= <ln@nafundi.com>
Date: Mon, 7 Nov 2022 11:32:13 -0800
Subject: [PATCH] Prepare 4.1.3 release (#485)

* Update changelog

* Fix npm audit vulnerabilities

* Update docs

* Update dependencies
---
 CHANGELOG.md                                  | 10 +++
 README.md                                     |  2 +-
 ..._controllers_submission-controller.js.html | 18 ++++-
 docs/index.html                               | 12 +++-
 docs/module-submissions-controller.html       | 10 +--
 package-lock.json                             | 69 ++++++++++++-------
 package.json                                  |  6 +-
 7 files changed, 89 insertions(+), 38 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8ba1cb375..e430849d4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## 4.1.3 - 2022-11-07
+
+-   Removed: absolute maximum size for file uploads (#461)
+-   Fix: fail early on non-multipart submissions (#476)
+-   Add redis-repl tool (#451)
+-   Fix: ensure `survey.media` is available in view mode (#484)
+-   Fix timepicker in Finnish locales (enketo/enketo-core#916)
+-   Fix special string.replace sequences in Markdown (enketo/enketo-transformer#153)
+-   Fix evaluating absolute nodeset expressions with an attribute context node (enketo/openrosa-xpath-evaluator#166)
+
 ## 4.1.2 - 2022-09-16
 
 -   Fix: memory leak with async_hooks request context (#450)
diff --git a/README.md b/README.md
index e39e28e71..6d1e25b7b 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![coverage-shield-badge-1](https://img.shields.io/badge/coverage-79.27%25-yellow.svg)
+![coverage-shield-badge-1](https://img.shields.io/badge/coverage-79.3%25-yellow.svg)
 
 [![Build Status](https://travis-ci.com/enketo/enketo-express.svg?branch=master)](https://travis-ci.org/enketo/enketo-express)
 
diff --git a/docs/app_controllers_submission-controller.js.html b/docs/app_controllers_submission-controller.js.html
index 1722f4cb1..e41684bc3 100644
--- a/docs/app_controllers_submission-controller.js.html
+++ b/docs/app_controllers_submission-controller.js.html
@@ -96,11 +96,25 @@ <h1 class="page-title">app/controllers/submission-controller.js</h1>
  * Simply pipes well-formed request to the OpenRosa server and
  * copies the response received.
  *
- * @param {module:api-controller~ExpressRequest} req - HTTP request
- * @param {module:api-controller~ExpressResponse} res - HTTP response
+ * @param {express.Request} req - HTTP request
+ * @param {express.Response} res - HTTP response
  * @param {Function} next - Express callback
  */
 async function submit(req, res, next) {
+    if (!req.headers['content-type']?.startsWith('multipart/form-data')) {
+        res.status(400)
+            .set('content-type', 'text/xml')
+            .send(
+                /* xml */ `
+                &lt;OpenRosaResponse xmlns="http://openrosa.org/http/response" items="0">
+                    &lt;message nature="error">Required multipart POST field xml_submission_file missing.&lt;/message>
+                &lt;/OpenRosaResponse>
+                `.trim()
+            );
+
+        return;
+    }
+
     try {
         const paramName = req.app.get('query parameter to pass to submission');
         const paramValue = req.query[paramName];
diff --git a/docs/index.html b/docs/index.html
index c834af899..d0ecf5436 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -65,8 +65,18 @@ <h3> </h3>
         <article><p><img src="https://img.shields.io/badge/coverage-79.27%25-yellow.svg" alt="coverage-shield-badge-1"></p>
 <p><a href="https://travis-ci.org/enketo/enketo-express"><img src="https://travis-ci.com/enketo/enketo-express.svg?branch=master" alt="Build Status"></a></p>
 <h1 id="enketo-express">Enketo Express</h1>
-<p><em>The modern <a href="https://enketo.org">Enketo Smart Paper</a> web application.</em></p>
+<p><em>The <a href="https://enketo.org">Enketo Smart Paper</a> web application.</em> It can be used directly by form servers or used as inspiration for building applications that wrap <a href="https://github.com/enketo/enketo-core">Enketo Core</a>. See <a href="https://enketo.org/develop/">this diagram</a> for a summary of how the different Enketo components are related.</p>
 <p><strong>To get started visit our <a href="https://enketo.github.io/enketo-express">technical documentation</a>.</strong></p>
+<h3 id="project-status">Project status</h3>
+<p>Enketo was initiated in 2009 by Martijn van de Rijdt as a web-based alternative or complement to <a href="https://docs.getodk.org/collect-intro/">ODK Collect</a>. It has become a core component of the ODK ecosystem and been adopted by several organizations beyond that ecosystem.</p>
+<p>As of 2022, Enketo is maintained by <a href="https://github.com/eyelidlessness/">Trevor Schmidt</a> and <a href="https://getodk.org/about/team.html">the ODK team</a>. Martijn continues to provide advice and continuity. The ODK project sets priorities in collaboration with its <a href="https://getodk.org/about/ecosystem.html">Technical Advisory Board</a>.</p>
+<p>Our current primary goals are:</p>
+<ul>
+<li>Increasing alignment with ODK Collect, particularly in service of submission edits.</li>
+<li>Improving error messages so that users can get out of bad states.</li>
+<li>Improving long-term maintainability by modernizing code bases, removing code duplication, and simplifying state mutation.</li>
+</ul>
+<p>Feature requests and project discussion are welcome on the <a href="https://forum.getodk.org/">ODK forum</a>.</p>
 <h3 id="translation">Translation</h3>
 <p>The user interface was translated by: Badisches Rotes Kreuz (German), Serkan Tümbaş (Turkish), Hélène Martin (French), Gurjot Sidhu(Hindi, Panjabi), &quot;Abcmen&quot; (Turkish), Otto Saldadze, Makhare Atchaidze, David Sichinava, Elene Ergeshidze (Georgian), Nancy Shapsough (Arabic), Noel O'Boyle (French), Miguel Moreno (Spanish), Tortue Torche (French), Bekim Kajtazi (Albanian), Marc Kreidler (German), Darío Hereñú (Spanish), Viktor S. (Russian), Alexander Torrado Leon (Spanish), Peter Smith (Portugese, Spanish), Przemysław Gumułka (Polish), Niklas Ljungkvist, Sid Patel (Swedish), Katri Jalava (Finnish), Francesc Garre (Spanish), Sounay Phothisane (Lao), Linxin Guo (Chinese), Emmanuel Jean, Renaud Gaudin (French), Trần Quý Phi (Vietnamese), Reza Doosti, Hossein Azad, Davood Mottalee (Persian), Tomas Skripcak (Slovak, Czech, German), Daniela Baldova (Czech), Robert Michael Lundin (Norwegian), Margaret Ndisha, Charles Mutisya (Swahili), Panzero Mauro (Italian), Gabriel Kreindler (Romanian), Jason Reeder, Omar Nazar, Sara Sameer, David Gessel (Arabic), Tino Kreutzer (German), Wasilis Mandratzis-Walz (German, Greek), Luis Molina (Spanish), Martijn van de Rijdt (Dutch).</p>
 <p><em>Send a message if you'd like to contribute! We use an easy web interface provided by <a href="https://www.transifex.com/projects/p/enketo-express/">Transifex</a>.</em></p>
diff --git a/docs/module-submissions-controller.html b/docs/module-submissions-controller.html
index 6c7e9e878..63392e26c 100644
--- a/docs/module-submissions-controller.html
+++ b/docs/module-submissions-controller.html
@@ -98,7 +98,7 @@ <h4 class="name" id="~_logSubmission"><span class="type-signature">(inner) </spa
     
     <dt class="tag-source">Source:</dt>
     <dd class="tag-source"><ul class="dummy"><li>
-        <a href="app_controllers_submission-controller.js.html">app/controllers/submission-controller.js</a>, <a href="app_controllers_submission-controller.js.html#line197">line 197</a>
+        <a href="app_controllers_submission-controller.js.html">app/controllers/submission-controller.js</a>, <a href="app_controllers_submission-controller.js.html#line211">line 211</a>
     </li></ul></dd>
     
 
@@ -276,7 +276,7 @@ <h4 class="name" id="~getInstance"><span class="type-signature">(async, inner) <
     
     <dt class="tag-source">Source:</dt>
     <dd class="tag-source"><ul class="dummy"><li>
-        <a href="app_controllers_submission-controller.js.html">app/controllers/submission-controller.js</a>, <a href="app_controllers_submission-controller.js.html#line162">line 162</a>
+        <a href="app_controllers_submission-controller.js.html">app/controllers/submission-controller.js</a>, <a href="app_controllers_submission-controller.js.html#line176">line 176</a>
     </li></ul></dd>
     
 
@@ -458,7 +458,7 @@ <h4 class="name" id="~maxSize"><span class="type-signature">(inner) </span>maxSi
     
     <dt class="tag-source">Source:</dt>
     <dd class="tag-source"><ul class="dummy"><li>
-        <a href="app_controllers_submission-controller.js.html">app/controllers/submission-controller.js</a>, <a href="app_controllers_submission-controller.js.html#line126">line 126</a>
+        <a href="app_controllers_submission-controller.js.html">app/controllers/submission-controller.js</a>, <a href="app_controllers_submission-controller.js.html#line140">line 140</a>
     </li></ul></dd>
     
 
@@ -725,7 +725,7 @@ <h5>Parameters:</h5>
             <td class="type">
             
                 
-<span class="param-type"><a href="module-api-controller.html#~ExpressRequest">module:api-controller~ExpressRequest</a></span>
+<span class="param-type">express.Request</span>
 
 
             
@@ -748,7 +748,7 @@ <h5>Parameters:</h5>
             <td class="type">
             
                 
-<span class="param-type"><a href="module-api-controller.html#~ExpressResponse">module:api-controller~ExpressResponse</a></span>
+<span class="param-type">express.Response</span>
 
 
             
diff --git a/package-lock.json b/package-lock.json
index e4f7d0c4f..89b742ead 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
     "name": "enketo-express",
-    "version": "4.1.1",
+    "version": "4.1.3",
     "lockfileVersion": 1,
     "requires": true,
     "dependencies": {
@@ -1256,9 +1256,9 @@
             "dev": true
         },
         "@xmldom/xmldom": {
-            "version": "0.7.5",
-            "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.5.tgz",
-            "integrity": "sha512-V3BIhmY36fXZ1OtVcI9W+FxQqxVLsPKcNjWigIaa81dLC9IolJl5Mt4Cvhmr0flUnjSpTdrbMTSbXqYqV5dT6A=="
+            "version": "0.7.9",
+            "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.7.9.tgz",
+            "integrity": "sha512-yceMpm/xd4W2a85iqZyO09gTnHvXF6pyiWjD2jcOJs7hRoZtNNOO1eJlhHj1ixA+xip2hOyGn+LgcvLCMo5zXA=="
         },
         "abbrev": {
             "version": "1.1.1",
@@ -2831,7 +2831,7 @@
         "destroy": {
             "version": "1.0.4",
             "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
-            "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA="
+            "integrity": "sha512-3NdhDuEXnfun/z7x9GOElY49LoqVHoGScmOKwmxhsS8N5Y+Z8KyPPDnaSzqWgYt/ji4mqwfTS34Htrk0zPIXVg=="
         },
         "detect-file": {
             "version": "1.0.0",
@@ -3029,9 +3029,9 @@
             "dev": true
         },
         "enketo-core": {
-            "version": "6.1.2",
-            "resolved": "https://registry.npmjs.org/enketo-core/-/enketo-core-6.1.2.tgz",
-            "integrity": "sha512-8CHMgzMNlbMnVorx+mDMrjADFKrscwJQbJHmNGiuXuHaz3ROcDpqH9AyKHHRdz8AR+rM5KtJRv4fXUU14cBQlA==",
+            "version": "6.1.3",
+            "resolved": "https://registry.npmjs.org/enketo-core/-/enketo-core-6.1.3.tgz",
+            "integrity": "sha512-xaOSRLNzBmbC5DFBbRZKLAdiVcR5JqP1FAv/aTfxVEKVXzVmDyWtasuy0VHvpKqWzZsToYppqd29Fp8fq6XVZw==",
             "requires": {
                 "bootstrap-datepicker": "1.9.x",
                 "html5sortable": "^0.13.3",
@@ -3042,14 +3042,14 @@
                 "leaflet.gridlayer.googlemutant": "^0.13.5",
                 "mergexml": "1.2.3",
                 "node-forge": "^1.3.1",
-                "openrosa-xpath-evaluator": "^2.0.11",
+                "openrosa-xpath-evaluator": "^2.0.13",
                 "signature_pad": "2.3.x"
             }
         },
         "enketo-transformer": {
-            "version": "2.1.5",
-            "resolved": "https://registry.npmjs.org/enketo-transformer/-/enketo-transformer-2.1.5.tgz",
-            "integrity": "sha512-9zTyWTX7d5tKoh1vi4ahN11TP22fcrxyvN5KDEdO6Fhrxe1zyeCmtipiMxp4eoj7bPA/8o47eKhzw9KW5BhkOw==",
+            "version": "2.1.6",
+            "resolved": "https://registry.npmjs.org/enketo-transformer/-/enketo-transformer-2.1.6.tgz",
+            "integrity": "sha512-FYCA7ESxgnU/7g9K/AzELeYdvYKINJ/E7sF0H7KYIc1p004Lad4GIpr3XYrX9R3kZkVJvpF0l320YfL9xrarUg==",
             "requires": {
                 "body-parser": "^1.20.0",
                 "express": "^5.0.0-beta.1",
@@ -4827,7 +4827,7 @@
                 "is-fullwidth-code-point": {
                     "version": "1.0.0",
                     "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz",
-                    "integrity": "sha1-754xOG8DGn8NZDr4L95QxFfvAMs=",
+                    "integrity": "sha512-1pqUqRjkhPJ9miNq9SwMfdvi6lBJcd6eFxvfaivQhaH3SgisfiuudvFntdKOmxuee/77l+FPjKrQjWvmPjWrRw==",
                     "requires": {
                         "number-is-nan": "^1.0.0"
                     }
@@ -4835,7 +4835,7 @@
                 "string-width": {
                     "version": "1.0.2",
                     "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz",
-                    "integrity": "sha1-EYvfW4zcUaKn5w0hHgfisLmxB9M=",
+                    "integrity": "sha512-0XsVpQLnVCXHJfyEs8tC0zpTVIr5PKKsQtkT29IwupnPTjtPmQ3xT/4yCREF9hYkV/3M3kzcUTSAZT6a6h81tw==",
                     "requires": {
                         "code-point-at": "^1.0.0",
                         "is-fullwidth-code-point": "^1.0.0",
@@ -5009,6 +5009,15 @@
                         "once": "^1.3.0",
                         "path-is-absolute": "^1.0.0"
                     }
+                },
+                "minimatch": {
+                    "version": "3.0.8",
+                    "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
+                    "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
+                    "dev": true,
+                    "requires": {
+                        "brace-expansion": "^1.1.7"
+                    }
                 }
             }
         },
@@ -5082,6 +5091,14 @@
                         }
                     }
                 },
+                "minimatch": {
+                    "version": "3.0.8",
+                    "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.8.tgz",
+                    "integrity": "sha512-6FsRAQsxQ61mw+qP1ZzbL9Bc78x2p5OqNgNpnoAFLTrX8n5Kxph0CsnhmKKNXTWjXqU5L0pGPR7hYk+XWZr60Q==",
+                    "requires": {
+                        "brace-expansion": "^1.1.7"
+                    }
+                },
                 "mkdirp": {
                     "version": "1.0.4",
                     "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
@@ -6616,9 +6633,9 @@
             }
         },
         "leaflet": {
-            "version": "1.8.0",
-            "resolved": "https://registry.npmjs.org/leaflet/-/leaflet-1.8.0.tgz",
-            "integrity": "sha512-gwhMjFCQiYs3x/Sf+d49f10ERXaEFCPr+nVTryhAW8DWbMGqJqt9G4XuIaHmFW08zYvhgdzqXGr8AlW8v8dQkA=="
+            "version": "1.9.2",
+            "resolved": "https://registry.npmjs.org/leaflet/-/leaflet-1.9.2.tgz",
+            "integrity": "sha512-Kc77HQvWO+y9y2oIs3dn5h5sy2kr3j41ewdqCMEUA4N89lgfUUfOBy7wnnHEstDpefiGFObq12FdopGRMx4J7g=="
         },
         "leaflet-draw": {
             "version": "github:enketo/Leaflet.draw#ff730785db7fcccbf2485ffcf4dffe1238a7c617",
@@ -7433,9 +7450,9 @@
             "dev": true
         },
         "minimatch": {
-            "version": "3.0.4",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
-            "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+            "version": "3.1.2",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+            "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
             "requires": {
                 "brace-expansion": "^1.1.7"
             }
@@ -8863,9 +8880,9 @@
             }
         },
         "openrosa-xpath-evaluator": {
-            "version": "2.0.11",
-            "resolved": "https://registry.npmjs.org/openrosa-xpath-evaluator/-/openrosa-xpath-evaluator-2.0.11.tgz",
-            "integrity": "sha512-NsHBd7DIgfkNK/uGX+kJsPrv2a05TgKPq+o0vWEwNetJVxnc2OQnTBT2vFFjR3pgwbi4Dmvlmm56bjllUL46Dg=="
+            "version": "2.0.13",
+            "resolved": "https://registry.npmjs.org/openrosa-xpath-evaluator/-/openrosa-xpath-evaluator-2.0.13.tgz",
+            "integrity": "sha512-EZDaR0sE813EHBk06eN5X1gn3sgkbFG33S6eMi8zH7y25q5y23wKrnNyvQ7+9gEgOnR9pmFI9T0bpEM48yxwqg=="
         },
         "optionator": {
             "version": "0.9.1",
@@ -10250,9 +10267,9 @@
             "dev": true
         },
         "socket.io-parser": {
-            "version": "4.0.4",
-            "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.0.4.tgz",
-            "integrity": "sha512-t+b0SS+IxG7Rxzda2EVvyBZbvFPBCjJoyHuE0P//7OAsN23GItzDRdWa6ALxZI/8R5ygK7jAR6t028/z+7295g==",
+            "version": "4.0.5",
+            "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.0.5.tgz",
+            "integrity": "sha512-sNjbT9dX63nqUFIOv95tTVm6elyIU4RvB1m8dOeZt+IgWwcWklFDOdmGcfo3zSiRsnR/3pJkjY5lfoGqEe4Eig==",
             "dev": true,
             "requires": {
                 "@types/component-emitter": "^1.2.10",
diff --git a/package.json b/package.json
index fdcb3d48a..136fed8e6 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
     "name": "enketo-express",
     "description": "Webforms evolved.",
     "homepage": "https://enketo.org",
-    "version": "4.1.2",
+    "version": "4.1.3",
     "main": "./app.js",
     "engines": {
         "node": ">=14.8.0 <17",
@@ -46,8 +46,8 @@
         "csurf": "^1.11.0",
         "db.js": "^0.15.0",
         "debug": "^4.3.4",
-        "enketo-core": "^6.1.2",
-        "enketo-transformer": "2.1.5",
+        "enketo-core": "^6.1.3",
+        "enketo-transformer": "2.1.6",
         "evp_bytestokey": "^1.0.3",
         "express": "^4.18.1",
         "express-cls-hooked": "^0.3.8",