Merge pull request #24 from onaio/902-vulnerability-fixes-for-opensrp…

…-web-image
onaio · Mar 1, 2022 · 733a224 · 733a224
2 parents 49a9d0c + 71158ce
commit 733a224
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 10 deletions.
diff --git a/package.json b/package.json
@@ -32,7 +32,6 @@
     "express": "^4.17.3",
     "express-session": "^1.17.2",
     "helmet": "^5.0.2",
-    "lodash": "^4.17.21",
     "morgan": "^1.10.0",
     "node-fetch": "2.6.7",
     "react": "^17.0.2",
@@ -54,7 +53,6 @@
     "@types/express-session": "^1.17.4",
     "@types/helmet": "^4.0.0",
     "@types/jest": "^27.4.1",
-    "@types/lodash": "^4.14.178",
     "@types/morgan": "^1.9.3",
     "@types/node": "^17.0.21",
     "@types/node-fetch": "^2.6.1",

diff --git a/src/app/index.ts b/src/app/index.ts
@@ -5,7 +5,6 @@ import cookieParser from 'cookie-parser';
 import express from 'express';
 import session from 'express-session';
 import helmet from 'helmet';
-import { trimStart } from 'lodash';
 import fetch from 'node-fetch';
 import morgan from 'morgan';
 import path from 'path';
@@ -258,7 +257,11 @@ const loginRedirect = (req: express.Request, res: express.Response, _: express.N
   const parsedUrl = parse(req.originalUrl);
   const searchParam = parsedUrl.search;
   if (searchParam) {
-    const searchString = trimStart(searchParam, '?');
+    let searchString = searchParam;
+    // remove the leading '?'
+    if (searchParam.charAt(0) === '?') {
+      searchString = searchParam.replace('?', '');
+    }
     const searchParams = querystring.parse(searchString);
     nextPath = searchParams.next as string | undefined;
   }

diff --git a/yarn.lock b/yarn.lock
@@ -780,11 +780,6 @@
   resolved "https://registry.yarnpkg.com/@types/json5/-/json5-0.0.29.tgz#ee28707ae94e11d2b827bcbe5270bcea7f3e71ee"
   integrity sha1-7ihweulOEdK4J7y+UnC86n8+ce4=
 
-"@types/lodash@^4.14.178":
-  version "4.14.178"
-  resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.178.tgz#341f6d2247db528d4a13ddbb374bcdc80406f4f8"
-  integrity sha512-0d5Wd09ItQWH1qFbEyQ7oTQ3GZrMfth5JkbN3EvTKLXcHLRDSXeLnlvlOn0wvxVIwK5o2M8JzP/OWz7T3NRsbw==
-
 "@types/mime@^1":
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/@types/mime/-/mime-1.3.2.tgz#93e25bf9ee75fe0fd80b594bc4feb0e862111b5a"
@@ -3955,7 +3950,7 @@ lodash.tonumber@^4.0.3:
   resolved "https://registry.yarnpkg.com/lodash.tonumber/-/lodash.tonumber-4.0.3.tgz#0b96b31b35672793eb7f5a63ee791f1b9e9025d9"
   integrity sha1-C5azGzVnJ5Prf1pj7nkfG56QJdk=
 
-lodash@^4.17.21, lodash@^4.7.0:
+lodash@^4.7.0:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
   integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==