Skip to content

Commit 903dc77

Browse files
authored
Fix security issues (#1253)
* Fix security issues * Update dependencies * Fix tests * Downgrade sass-loader, it requires webpack 5, which vue 2.x doesn't care for.
1 parent 4570107 commit 903dc77

File tree

8 files changed

+14798
-27711
lines changed

8 files changed

+14798
-27711
lines changed

static/js/admin/vue-permissions-editor/package-lock.json

Lines changed: 4052 additions & 8366 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

static/js/admin/vue-permissions-editor/package.json

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -10,25 +10,25 @@
1010
},
1111
"dependencies": {
1212
"axios": "^0.21.1",
13-
"core-js": "^3.6.5",
14-
"date-fns": "^2.16.1",
13+
"core-js": "^3.12.1",
14+
"date-fns": "^2.21.3",
1515
"lodash.clonedeep": "^4.5.0",
1616
"lodash.findindex": "^4.6.0",
1717
"lodash.isempty": "^4.4.0",
1818
"vue": "^2.6.12",
19-
"vue-router": "^3.4.6"
19+
"vue-router": "^3.5.1"
2020
},
2121
"devDependencies": {
22-
"@testing-library/jest-dom": "^5.11.4",
23-
"@vue/cli-plugin-babel": "^4.5.7",
24-
"@vue/cli-plugin-unit-jest": "^4.5.7",
25-
"@vue/cli-service": "^4.5.7",
26-
"@vue/test-utils": "1.1.0",
27-
"babel-jest": "^26.5.2",
28-
"caniuse-lite": "^1.0.30001208",
22+
"@testing-library/jest-dom": "^5.12.0",
23+
"@vue/cli-plugin-babel": "^4.5.13",
24+
"@vue/cli-plugin-unit-jest": "^4.5.13",
25+
"@vue/cli-service": "^4.5.13",
26+
"@vue/test-utils": "1.2.0",
27+
"babel-jest": "^26.6.3",
28+
"caniuse-lite": "^1.0.30001228",
2929
"moxios": "^0.4.0",
30-
"sass": "^1.27.0",
31-
"sass-loader": "^10.0.2",
30+
"sass": "^1.32.12",
31+
"sass-loader": "^10.2.0",
3232
"vue-template-compiler": "^2.6.12"
3333
}
3434
}

static/js/admin/vue-permissions-editor/src/mixins/staffRoleList.js

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,8 @@ export default {
1717
containerRoles(container_type) {
1818
if (container_type === 'AdminUnit') {
1919
return this.roles;
20-
} else {
21-
return this.roles.slice(0, 5);
2220
}
21+
return [...this.roles.slice(0, 5)];
2322
},
2423

2524
showDescriptions() {

static/js/admin/vue-permissions-editor/tests/unit/staffRoleList.spec.js

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,23 +17,24 @@ let wrapper;
1717

1818
describe('staffRoleList', () => {
1919
// Set wrapper using any component that uses staffRoleList mixin to avoid test warnings about missing template
20-
beforeEach(() => {
20+
it("displays all options for Admin Units", () => {
2121
wrapper = shallowMount(staffRolesSelect, {
2222
localVue,
2323
propsData: {
2424
containerType: 'AdminUnit',
2525
user: { principal: 'test_user', role: 'canAccess' }
2626
}
2727
});
28-
});
29-
30-
it("displays all options for Admin Units", () => {
3128
expect(wrapper.vm.containerRoles(wrapper.vm.containerType)).toEqual(all_roles);
3229
});
3330

3431
it("displays a subset of options for Collections", () => {
35-
wrapper.setProps({
36-
containerType: 'Collection',
32+
wrapper = shallowMount(staffRolesSelect, {
33+
localVue,
34+
propsData: {
35+
containerType: 'Collection',
36+
user: { principal: 'test_user', role: 'canAccess' }
37+
}
3738
});
3839
expect(wrapper.vm.containerRoles(wrapper.vm.containerType)).toEqual(collection_roles);
3940
});

static/js/admin/vue-permissions-editor/tests/unit/staffRoles.spec.js

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ describe('staffRoles.vue', () => {
5959

6060
wrapper.find('.info').trigger('click');
6161
await wrapper.vm.$nextTick();
62-
expect(wrapper.find('#role-list').element).toBeVisible();
62+
expect(wrapper.find('#role-list').isVisible()).toBe(true);
6363
});
6464

6565
it("triggers a submission", async () => {
@@ -342,12 +342,12 @@ describe('staffRoles.vue', () => {
342342
wrapper.setProps({containerType: 'AdminUnit'});
343343
await wrapper.vm.$nextTick();
344344
let btn = wrapper.find('#is-submitting');
345-
expect(btn.element).toBeVisible();
345+
expect(btn.isVisible()).toBe(true);
346346

347347
wrapper.setProps({containerType: 'Collection'});
348348

349349
await wrapper.vm.$nextTick();
350-
expect(btn.element).toBeVisible();
350+
expect(btn.isVisible()).toBe(true);
351351
});
352352

353353
it("emits an event to reset 'changesCheck' in parent component", async () => {

0 commit comments

Comments
 (0)