Merge branch 'master' of github.com:Budibase/budibase into security-updates

lerna.json

@@ -1,6 +1,6 @@
 {
   "$schema": "node_modules/lerna/schemas/lerna-schema.json",
-  "version": "3.2.7",
+  "version": "3.2.9",
   "npmClient": "yarn",
   "concurrency": 20,
   "command": {
@@ -17,4 +17,4 @@
       "loadEnvFiles": false
     }
   }
-}
+}

package.json

@@ -9,6 +9,7 @@
     "@types/node": "20.10.0",
     "@types/proper-lockfile": "^4.1.4",
     "@typescript-eslint/parser": "6.9.0",
+    "depcheck": "^1.4.7",
     "esbuild": "^0.18.17",
     "esbuild-node-externals": "^1.14.0",
     "eslint": "^8.52.0",
@@ -37,7 +38,8 @@
     "build:apps": "DISABLE_V8_COMPILE_CACHE=1 yarn build --scope @budibase/server --scope @budibase/worker",
     "build:cli": "yarn build --scope @budibase/cli",
     "build:dev": "lerna run --stream prebuild && yarn nx run-many --target=build --output-style=dynamic --watch --preserveWatchOutput",
-    "check:types": "lerna run --concurrency 2 check:types",
+    "check:types": "yarn check:dependencies && lerna run --concurrency 2 check:types",
+    "check:dependencies": "lerna run --concurrency 2 check:dependencies",
     "build:sdk": "lerna run --stream build:sdk",
     "deps:circular": "madge packages/server/dist/index.js packages/worker/src/index.ts packages/backend-core/dist/src/index.js packages/cli/src/index.js --circular",
     "release": "lerna publish from-package --yes --force-publish --no-git-tag-version --no-push --no-git-reset",

packages/backend-core/package.json

@@ -24,6 +24,7 @@
     "build": "tsc -p tsconfig.build.json --paths null && node ./scripts/build.js",
     "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
     "check:types": "tsc -p tsconfig.json --noEmit --paths null --target es2020",
+    "check:dependencies": "node ../../scripts/depcheck.js",
     "test": "bash scripts/test.sh",
     "test:watch": "jest --watchAll"
   },
@@ -61,9 +62,13 @@
     "sanitize-s3-objectkey": "0.0.1",
     "semver": "^7.5.4",
     "tar-fs": "2.1.1",
-    "uuid": "^8.3.2"
+    "uuid": "^8.3.2",
+    "@techpass/passport-openidconnect": "1.0.0",
+    "google-auth-library": "^8.0.1",
+    "google-spreadsheet": "npm:@budibase/google-spreadsheet@4.1.5"
   },
   "devDependencies": {
+    "@jest/types": "^29.6.3",
     "@shopify/jest-koa-mocks": "5.1.1",
     "@swc/core": "1.3.71",
     "@swc/jest": "0.2.27",
@@ -71,6 +76,7 @@
     "@types/cookies": "0.7.8",
     "@types/jest": "29.5.5",
     "@types/lodash": "4.14.200",
+    "@types/node": "^22.9.0",
     "@types/node-fetch": "2.6.4",
     "@types/pouchdb": "6.4.2",
     "@types/redlock": "4.0.7",
@@ -81,6 +87,7 @@
     "ioredis-mock": "8.9.0",
     "jest": "29.7.0",
     "jest-serial-runner": "1.2.1",
+    "nock": "^13.5.6",
     "pino-pretty": "10.0.0",
     "pouchdb-adapter-memory": "7.2.2",
     "testcontainers": "^10.7.2",

packages/server/package.json

@@ -13,6 +13,7 @@
     "build": "node ./scripts/build.js",
     "postbuild": "copyfiles -f ../client/dist/budibase-client.js ../client/manifest.json client && copyfiles -f ../../yarn.lock ./dist/",
     "check:types": "tsc -p tsconfig.json --noEmit --paths null --target es2020",
+    "check:dependencies": "node ../../scripts/depcheck.js",
     "build:isolated-vm-lib:snippets": "esbuild --minify --bundle src/jsRunner/bundles/snippets.ts --outfile=src/jsRunner/bundles/snippets.ivm.bundle.js --platform=node --format=iife --global-name=snippets",
     "build:isolated-vm-lib:string-templates": "esbuild --minify --bundle src/jsRunner/bundles/index-helpers.ts --outfile=src/jsRunner/bundles/index-helpers.ivm.bundle.js --platform=node --format=iife --external:handlebars --global-name=helpers",
     "build:isolated-vm-lib:bson": "esbuild --minify --bundle src/jsRunner/bundles/bsonPackage.ts --outfile=src/jsRunner/bundles/bson.ivm.bundle.js --platform=node --format=iife --global-name=bson",
@@ -49,9 +50,11 @@
   "license": "GPL-3.0",
   "dependencies": {
     "@apidevtools/swagger-parser": "10.0.3",
+    "@azure/msal-node": "^2.5.1",
     "@budibase/backend-core": "0.0.0",
     "@budibase/client": "0.0.0",
     "@budibase/frontend-core": "0.0.0",
+    "@budibase/nano": "10.1.5",
     "@budibase/pro": "0.0.0",
     "@budibase/shared-core": "0.0.0",
     "@budibase/string-templates": "0.0.0",
@@ -69,6 +72,7 @@
     "aws-sdk": "2.1692.0",
     "bcrypt": "5.1.0",
     "bcryptjs": "2.4.3",
+    "bson": "^6.9.0",
     "buffer": "6.0.3",
     "bull": "4.10.1",
     "chokidar": "3.5.3",
@@ -77,9 +81,11 @@
     "csvtojson": "2.0.10",
     "curlconverter": "4.11.0",
     "dd-trace": "5.23.0",
+    "dayjs": "^1.10.8",
     "dotenv": "8.2.0",
     "form-data": "4.0.0",
     "global-agent": "3.0.0",
+    "google-auth-library": "^8.0.1",
     "google-spreadsheet": "npm:@budibase/google-spreadsheet@4.1.5",
     "ioredis": "5.3.2",
     "isolated-vm": "^4.7.2",
@@ -87,6 +93,7 @@
     "joi": "17.6.0",
     "js-yaml": "4.1.0",
     "jsonschema": "1.4.0",
+    "jsonwebtoken": "9.0.2",
     "knex": "2.4.2",
     "koa": "2.13.4",
     "koa-body": "4.2.0",
@@ -109,10 +116,12 @@
     "pouchdb-all-dbs": "1.1.1",
     "pouchdb-find": "9.0.0",
     "redis": "4",
+    "semver": "^7.5.4",
     "serialize-error": "^7.0.1",
     "server-destroy": "1.0.1",
     "snowflake-sdk": "^1.15.0",
     "socket.io": "4.8.1",
+    "svelte": "^4.2.10",
     "tar": "6.2.1",
     "tmp": "0.2.3",
     "to-json-schema": "0.2.5",
@@ -123,6 +132,7 @@
   },
   "devDependencies": {
     "@babel/preset-env": "7.16.11",
+    "@jest/types": "^29.6.3",
     "@swc/core": "1.3.71",
     "@swc/jest": "0.2.27",
     "@types/archiver": "6.0.2",
@@ -133,6 +143,7 @@
     "@types/koa__router": "12.0.4",
     "@types/lodash": "4.14.200",
     "@types/mssql": "9.1.5",
+    "@types/node": "^22.9.0",
     "@types/node-fetch": "2.6.4",
     "@types/oracledb": "6.5.1",
     "@types/pg": "8.6.6",
@@ -142,8 +153,10 @@
     "@types/tar": "6.1.5",
     "@types/tmp": "0.2.6",
     "@types/uuid": "8.3.4",
+    "chance": "^1.1.12",
     "copyfiles": "2.4.1",
     "docker-compose": "0.23.17",
+    "ioredis-mock": "8.9.0",
     "jest": "29.7.0",
     "jest-extended": "^4.0.2",
     "jest-openapi": "0.14.2",
@@ -159,7 +172,8 @@
     "tsconfig-paths": "4.0.0",
     "typescript": "5.5.2",
     "update-dotenv": "1.1.1",
-    "yargs": "13.2.4"
+    "yargs": "13.2.4",
+    "@babel/core": "^7.22.5"
   },
   "nx": {
     "targets": {

packages/worker/package.json

@@ -16,6 +16,7 @@
     "build": "node ../../scripts/build.js",
     "postbuild": "copyfiles -f ../../yarn.lock ./dist/",
     "check:types": "tsc -p tsconfig.json --noEmit --paths null --target es2020",
+    "check:dependencies": "node ../../scripts/depcheck.js",
     "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
     "run:docker": "node dist/index.js",
     "debug": "yarn build && node --expose-gc --inspect=9223 dist/index.js",
@@ -41,6 +42,7 @@
     "@budibase/pro": "0.0.0",
     "@budibase/string-templates": "0.0.0",
     "@budibase/types": "0.0.0",
+    "@budibase/shared-core": "0.0.0",
     "@koa/router": "13.1.0",
     "@techpass/passport-openidconnect": "1.0.0",
     "@types/global-agent": "2.1.1",
@@ -53,6 +55,7 @@
     "global-agent": "3.0.0",
     "ical-generator": "4.1.0",
     "joi": "17.6.0",
+    "jsonwebtoken": "9.0.2",
     "knex": "2.4.2",
     "koa": "2.13.4",
     "koa-body": "4.2.0",
@@ -69,9 +72,11 @@
     "passport-local": "1.0.0",
     "pouchdb": "7.3.0",
     "pouchdb-all-dbs": "1.1.1",
-    "server-destroy": "1.0.1"
+    "server-destroy": "1.0.1",
+    "uuid": "^8.3.2"
   },
   "devDependencies": {
+    "@jest/types": "^29.6.3",
     "@swc/core": "1.3.71",
     "@swc/jest": "0.2.27",
     "@types/jest": "29.5.5",
@@ -79,6 +84,7 @@
     "@types/koa": "2.13.4",
     "@types/koa__router": "12.0.4",
     "@types/lodash": "4.14.200",
+    "@types/node": "^22.9.0",
     "@types/node-fetch": "2.6.4",
     "@types/server-destroy": "1.0.1",
     "@types/supertest": "2.0.14",
@@ -87,6 +93,7 @@
     "nock": "^13.5.4",
     "nodemon": "2.0.15",
     "rimraf": "3.0.2",
+    "superagent": "^10.1.1",
     "supertest": "6.3.3",
     "timekeeper": "2.2.0",
     "typescript": "5.5.2",

scripts/depcheck.js

@@ -0,0 +1,29 @@
+#!/usr/bin/node
+
+const depcheck = require("depcheck")
+
+function filterResults(missing) {
+  if (missing.src) {
+    delete missing.src
+  }
+  return missing
+}
+
+function printMissing(missing) {
+  for (let [key, value] of Object.entries(filterResults(missing))) {
+    console.log(`Package ${key} missing in: ${value.join(", ")}`)
+  }
+}
+
+depcheck(process.cwd(), {
+  ignorePatterns: ["dist"],
+  skipMissing: false,
+}).then(results => {
+  if (Object.values(filterResults(results.missing)).length > 0) {
+    printMissing(results.missing)
+    console.error("Missing packages found - stopping.")
+    process.exit(-1)
+  } else {
+    console.log("No missing dependencies.")
+  }
+})