Skip to content

Commit

Permalink
Merge pull request #766 from OpenFn/763-update-decode-uri-component
Browse files Browse the repository at this point in the history 
Update vulnerable libraries
  • Loading branch information
@josephjclark
josephjclark authored Sep 6, 2024
2 parents b1cbf1b + a2b8c38 commit 5be5ca0
Show file tree
Hide file tree
Showing 29 changed files with 446 additions and 1,333 deletions.
8 changes: 8 additions & 0 deletions .changeset/few-foxes-occur.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Upgrade vulnerable version of ws.
5 changes: 5 additions & 0 deletions .changeset/fluffy-kids-melt.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'dts-inspector': patch
---

Remove live-server as it was preventing an update of a vulnerable version of braces.
5 changes: 5 additions & 0 deletions .changeset/friendly-horses-fix.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@openfn/ws-worker': patch
---

Update vulnerable version of decode-uri-component.
8 changes: 8 additions & 0 deletions .changeset/itchy-walls-fetch.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Update vulnerable version of word-wrap.
8 changes: 8 additions & 0 deletions .changeset/light-insects-sniff.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Update vulnerable version of postcss.
8 changes: 8 additions & 0 deletions .changeset/little-buses-drum.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Update @slack/web-api to remove dependency on vulnerable axios.
8 changes: 8 additions & 0 deletions .changeset/pink-grapes-happen.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Update typesync to remove dependency on ip, which has a vulnerability without a patch.
8 changes: 8 additions & 0 deletions .changeset/sour-bugs-brush.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
'@openfn/lightning-mock': patch
'dts-inspector': patch
'@openfn/ws-worker': patch
'@openfn/cli': patch
---

Update vulnerable version of micromatch.
17 changes: 17 additions & 0 deletions .changeset/sour-mugs-burn.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
'dts-inspector': patch
'@openfn/integration-tests-cli': patch
'@openfn/integration-tests-execute': patch
'@openfn/integration-tests-worker': patch
'@openfn/cli': patch
'@openfn/compiler': patch
'@openfn/deploy': patch
'@openfn/describe-package': patch
'@openfn/engine-multi': patch
'@openfn/lightning-mock': patch
'@openfn/logger': patch
'@openfn/runtime': patch
'@openfn/ws-worker': patch
---

Partially update vulnerable versions of braces - live-server is a holdout as there is not a newer version available.
4 changes: 1 addition & 3 deletions examples/dts-inspector/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,11 @@
},
"devDependencies": {
"@tailwindcss/forms": "^0.5.2",
"@types/live-server": "^1.2.1",
"@types/react": "^18.0.8",
"@types/react-dom": "^18.0.3",
"esbuild": "^0.18.14",
"esbuild-postcss": "^0.0.4",
"live-server": "^1.2.2",
"postcss": "^8.4.13",
"postcss": "^8.4.45",
"react": "^18.1.0",
"react-dom": "^18.1.0",
"tailwindcss": "^3.0.24"
Expand Down
3 changes: 2 additions & 1 deletion integration-tests/cli/modules/test/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
"version": "0.0.1",
"type": "module",
"module": "index.js",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion integration-tests/worker/dummy-repo/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,6 @@
"@openfn/language-common_latest": "npm:@openfn/language-common@^1.12.0",
"@openfn/stateful-test_1.0.0": "@npm:@openfn/[email protected]",
"@openfn/test-adaptor_1.0.0": "@npm:@openfn/[email protected]"
}
},
"devDependencies": {}
}
4 changes: 2 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@
"license": "ISC",
"devDependencies": {
"@changesets/cli": "^2.27.1",
"@slack/web-api": "^6.8.1",
"@slack/web-api": "^6.12.1",
"@types/gunzip-maybe": "^1.4.0",
"@types/rimraf": "^3.0.2",
"@types/tar-stream": "^2.2.2",
"gunzip-maybe": "^1.4.2",
"prettier": "^2.8.8",
"rimraf": "^3.0.2",
"tar-stream": "^3.0.0",
"typesync": "^0.11.1"
"typesync": "^0.13.0"
}
}
2 changes: 1 addition & 1 deletion packages/cli/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
"figures": "^5.0.0",
"rimraf": "^3.0.2",
"treeify": "^1.1.0",
"ws": "^8.14.1",
"ws": "^8.18.0",
"yargs": "^17.7.2"
},
"files": [
Expand Down
3 changes: 2 additions & 1 deletion packages/cli/test/__modules__/@openfn/language-common/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@
"module": "index.js",
"main": "index.js",
"types": "types.d.ts",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/cli/test/__modules__/@openfn/language-postgres/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"type": "module",
"module": "index.js",
"types": "types.d.ts",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/cli/test/__modules__/times-two/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"type": "module",
"module": "index.js",
"types": "types.d.ts",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/cli/test/__monorepo__/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{
"name": "adaptors"
"name": "adaptors",
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/cli/test/__monorepo__/packages/common/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"type": "module",
"module": "index.js",
"types": "types.d.ts",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/cli/test/__repo__/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"times-two_0.0.1": "npm:[email protected]",
"@openfn/language-common_0.0.1": "npm:@openfn/language-common0.0.1",
"@openfn/language-postgres_0.0.1": "npm:@openfn/[email protected]"
}
},
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/compiler/test/__modules__/adaptor/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
"version": "0.0.1",
"type": "module",
"types": "adaptor.d.ts",
"private": "true"
"private": "true",
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/engine-multi/test/__repo__/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"version": "1.0.0",
"dependencies": {
"@openfn/helper_1.0.0": "@npm:@openfn/[email protected]"
}
},
"devDependencies": {}
}
2 changes: 1 addition & 1 deletion packages/lightning-mock/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"koa-bodyparser": "^4.4.0",
"koa-logger": "^3.2.1",
"phoenix": "^1.7.7",
"ws": "^8.14.1"
"ws": "^8.18.0"
},
"devDependencies": {
"@types/koa": "^2.13.5",
Expand Down
3 changes: 2 additions & 1 deletion packages/runtime/test/__modules__/@openfn/language-common/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@
"type": "module",
"module": "index.js",
"main": "index.js",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/runtime/test/__modules__/test/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
"version": "0.0.1",
"type": "module",
"module": "index.js",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/runtime/test/__modules__/ultimate-answer/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@
"version": "0.0.1",
"type": "module",
"module": "index.js",
"private": true
"private": true,
"devDependencies": {}
}
3 changes: 2 additions & 1 deletion packages/runtime/test/__repo__/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,6 @@
"ultimate-answer_1.0.0": "@npm:[email protected]",
"ultimate-answer_2.0.0": "@npm:[email protected]",
"cjs_1.0.0": "@npm:[email protected]"
}
},
"devDependencies": {}
}
2 changes: 1 addition & 1 deletion packages/ws-worker/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
"koa-bodyparser": "^4.4.0",
"koa-logger": "^3.2.1",
"phoenix": "1.7.10",
"ws": "^8.14.1"
"ws": "^8.18.0"
},
"devDependencies": {
"@openfn/lightning-mock": "workspace:*",
Expand Down
Loading

0 comments on commit 5be5ca0

Please sign in to comment.