Merge pull request #14093 from Budibase/chore/fix-npm-vulnerabilities

Fix npm vulnerabilities
2024-07-04 12:42:50 +02:00 · 2024-07-04 12:42:50 +02:00 · f2e3ca4f77
parent 86bf153740 ddcf5598b4
commit f2e3ca4f77
14 changed files with 713 additions and 1376 deletions
--- a/packages/backend-core/package.json
+++ b/packages/backend-core/package.json
@ -22,10 +22,9 @@
  },
  "dependencies": {
    "@budibase/nano": "10.1.5",
-    "@budibase/pouchdb-replication-stream": "1.2.10",
+    "@budibase/pouchdb-replication-stream": "1.2.11",
    "@budibase/shared-core": "0.0.0",
    "@budibase/types": "0.0.0",
-    "@govtechsg/passport-openidconnect": "^1.0.2",
    "aws-cloudfront-sign": "3.0.2",
    "aws-sdk": "2.1030.0",
    "bcrypt": "5.1.0",
--- a/packages/builder/package.json
+++ b/packages/builder/package.json
@ -74,7 +74,7 @@
    "lodash": "4.17.21",
    "posthog-js": "^1.118.0",
    "remixicon": "2.5.0",
-    "sanitize-html": "^2.7.0",
+    "sanitize-html": "^2.13.0",
    "shortid": "2.2.15",
    "svelte-dnd-action": "^0.9.8",
    "svelte-loading-spinners": "^0.1.1",
--- a/packages/builder/vite.config.js
+++ b/packages/builder/vite.config.js
@ -82,7 +82,7 @@ export default defineConfig(({ mode }) => {
      ...(isProduction ? [] : devOnlyPlugins),
    ],
    optimizeDeps: {
-      exclude: ["@roxi/routify"],
+      exclude: ["@roxi/routify", "fsevents"],
    },
    resolve: {
      dedupe: ["@roxi/routify"],
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@ -30,7 +30,7 @@
    "node-fetch": "2.6.7",
    "posthog-node": "1.3.0",
    "pouchdb": "7.3.0",
-    "pouchdb-replication-stream": "1.2.9",
+    "@budibase/pouchdb-replication-stream": "1.2.11",
    "randomstring": "1.1.5",
    "tar": "6.2.1",
    "yaml": "^2.1.1"
--- a/packages/cli/src/core/db.ts
+++ b/packages/cli/src/core/db.ts
@ -17,7 +17,7 @@ export function getPouch(url?: string) {
      prefix: url,
    }
  }
-  const replicationStream = require("pouchdb-replication-stream")
+  const replicationStream = require("@budibase/pouchdb-replication-stream")
  PouchDB.plugin(replicationStream.plugin)
  // @ts-ignore
  PouchDB.adapter("writableStream", replicationStream.adapters.writableStream)
--- a/packages/client/package.json
+++ b/packages/client/package.json
@ -30,7 +30,7 @@
    "downloadjs": "1.4.7",
    "html5-qrcode": "^2.2.1",
    "leaflet": "^1.7.1",
-    "sanitize-html": "^2.7.0",
+    "sanitize-html": "^2.13.0",
    "screenfull": "^6.0.1",
    "shortid": "^2.2.15",
    "svelte-spa-router": "^4.0.1",
--- a/packages/frontend-core/package.json
+++ b/packages/frontend-core/package.json
@ -12,6 +12,6 @@
    "dayjs": "^1.10.8",
    "lodash": "4.17.21",
    "shortid": "2.2.15",
-    "socket.io-client": "^4.6.1"
+    "socket.io-client": "^4.7.5"
  }
 }
--- a/packages/pro
+++ b/packages/pro
@ -1 +1 @@
-Subproject commit dbb78c8737c291871500bc655e30f331f6ffccbf
+Subproject commit 11379517b76264a7f938c2d520bd259f586edada
--- a/packages/sdk/package.json
+++ b/packages/sdk/package.json
@ -14,7 +14,6 @@
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "rollup": "^4.9.6",
-    "rollup-plugin-terser": "^7.0.2",
    "rollup-plugin-polyfill-node": "^0.13.0"
  }
 }
--- a/packages/server/package.json
+++ b/packages/server/package.json
@ -58,7 +58,7 @@
    "@bull-board/api": "5.10.2",
    "@bull-board/koa": "5.10.2",
    "@elastic/elasticsearch": "7.10.0",
-    "@google-cloud/firestore": "6.8.0",
+    "@google-cloud/firestore": "7.8.0",
    "@koa/router": "8.0.8",
    "@socket.io/redis-adapter": "^8.2.1",
    "@types/xml2js": "^0.4.14",
@ -81,7 +81,7 @@
    "google-spreadsheet": "npm:@budibase/google-spreadsheet@4.1.2",
    "ioredis": "5.3.2",
    "isolated-vm": "^4.7.2",
-    "jimp": "0.22.10",
+    "jimp": "0.22.12",
    "joi": "17.6.0",
    "js-yaml": "4.1.0",
    "jsonschema": "1.4.0",
@ -109,7 +109,7 @@
    "serialize-error": "^7.0.1",
    "server-destroy": "1.0.1",
    "snowflake-promise": "^4.5.0",
-    "socket.io": "4.6.2",
+    "socket.io": "4.7.5",
    "tar": "6.2.1",
    "to-json-schema": "0.2.5",
    "uuid": "^8.3.2",
--- a/packages/string-templates/package.json
+++ b/packages/string-templates/package.json
@ -34,6 +34,7 @@
  "devDependencies": {
    "@rollup/plugin-commonjs": "^17.1.0",
    "@rollup/plugin-inject": "^5.0.5",
+    "@rollup/plugin-json": "^4.1.0",
    "@rollup/plugin-typescript": "8.3.0",
    "doctrine": "^3.0.0",
    "jest": "29.7.0",
--- a/packages/types/package.json
+++ b/packages/types/package.json
@ -17,7 +17,6 @@
  "devDependencies": {
    "@budibase/nano": "10.1.5",
    "@types/koa": "2.13.4",
-    "@types/pouchdb": "6.4.0",
    "@types/redlock": "4.0.7",
    "rimraf": "3.0.2",
    "typescript": "5.5.2"
--- a/packages/worker/package.json
+++ b/packages/worker/package.json
@ -42,7 +42,7 @@
    "@budibase/string-templates": "0.0.0",
    "@budibase/types": "0.0.0",
    "@koa/router": "8.0.8",
-    "@techpass/passport-openidconnect": "0.3.2",
+    "@techpass/passport-openidconnect": "0.3.3",
    "@types/global-agent": "2.1.1",
    "aws-sdk": "2.1030.0",
    "bcrypt": "5.1.0",
@ -69,8 +69,6 @@
    "pouchdb": "7.3.0",
    "pouchdb-all-dbs": "1.1.1",
    "server-destroy": "1.0.1",
-    "undici": "^6.0.1",
-    "undici-types": "^6.0.1",
    "knex": "2.4.2"
  },
  "devDependencies": {
--- a/yarn.lock
+++ b/yarn.lock