From 5ba6caf8a2cc8fbfabe6657b5b4f57250823cf3d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Sep 2025 16:07:10 +0000 Subject: [PATCH 1/3] Bump mongoose from 8.9.3 to 8.9.5 Bumps [mongoose](https://github.com/Automattic/mongoose) from 8.9.3 to 8.9.5. - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](https://github.com/Automattic/mongoose/compare/8.9.3...8.9.5) --- updated-dependencies: - dependency-name: mongoose dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8d7454c3b..8cd5450c0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -28,7 +28,7 @@ "lodash": "^4.17.21", "luxon": "^3.4.4", "mongo-cursor-pagination": "^8.1.3", - "mongoose": "^8.8.3", + "mongoose": "^8.9.5", "mongoose-aggregate-paginate-v2": "1.0.6", "morgan": "^1.9.1", "node-dev": "^7.4.3", @@ -6342,9 +6342,9 @@ } }, "node_modules/mongoose": { - "version": "8.9.3", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.9.3.tgz", - "integrity": "sha512-G50GNPdMqhoiRAJ/24GYAzg13yxXDD3FOOFeYiFwtHmHpAJem3hxbYIxAhLJGWbYEiUZL0qFMu2LXYkgGAmo+Q==", + "version": "8.9.5", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.9.5.tgz", + "integrity": "sha512-SPhOrgBm0nKV3b+IIHGqpUTOmgVL5Z3OO9AwkFEmvOZznXTvplbomstCnPOGAyungtRXE5pJTgKpKcZTdjeESg==", "dependencies": { "bson": "^6.10.1", "kareem": "2.6.3", @@ -15205,9 +15205,9 @@ } }, "mongoose": { - "version": "8.9.3", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.9.3.tgz", - "integrity": "sha512-G50GNPdMqhoiRAJ/24GYAzg13yxXDD3FOOFeYiFwtHmHpAJem3hxbYIxAhLJGWbYEiUZL0qFMu2LXYkgGAmo+Q==", + "version": "8.9.5", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.9.5.tgz", + "integrity": "sha512-SPhOrgBm0nKV3b+IIHGqpUTOmgVL5Z3OO9AwkFEmvOZznXTvplbomstCnPOGAyungtRXE5pJTgKpKcZTdjeESg==", "requires": { "bson": "^6.10.1", "kareem": "2.6.3", diff --git a/package.json b/package.json index 72f9d676e..401140de5 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ "lodash": "^4.17.21", "luxon": "^3.4.4", "mongo-cursor-pagination": "^8.1.3", - "mongoose": "^8.8.3", + "mongoose": "^8.9.5", "mongoose-aggregate-paginate-v2": "1.0.6", "morgan": "^1.9.1", "node-dev": "^7.4.3", From dae69fd598d7d2217c030b82bb37d7552587a3a4 Mon Sep 17 00:00:00 2001 From: Chris Berger Date: Wed, 3 Dec 2025 16:00:34 -0500 Subject: [PATCH 2/3] Implemented new secretariat fields on BaseOrg model --- src/constants/index.js | 2 +- .../org.controller/org.middleware.js | 99 ++++++++++++++----- .../registry-org.middleware.js | 9 +- src/middleware/schemas/BaseOrg.json | 30 ++++++ src/model/baseorg.js | 7 ++ src/repositories/baseOrgRepository.js | 16 ++- 6 files changed, 137 insertions(+), 26 deletions(-) diff --git a/src/constants/index.js b/src/constants/index.js index 4f1ae54cb..310e202bc 100644 --- a/src/constants/index.js +++ b/src/constants/index.js @@ -44,7 +44,7 @@ function getConstants () { USER_ROLES: [ 'ADMIN' ], - JOINT_APPROVAL_FIELDS: ['short_name', 'long_name', 'authority', 'aliases', 'oversees', 'root_or_tlr', 'charter_or', 'product_list', 'disclosure_policy', 'contact_info.poc', 'contact_info.poc_email', 'contact_info.poc_phone', 'contact_info.org_email'], + JOINT_APPROVAL_FIELDS: ['short_name', 'long_name', 'authority', 'aliases', 'oversees', 'root_or_tlr', 'charter_or', 'product_list', 'disclosure_policy', 'contact_info.poc', 'contact_info.poc_email', 'contact_info.poc_phone', 'contact_info.org_email', 'cna_role_type', 'cna_country', 'vulnerability_advisory_locations', 'advisory_location_require_credentials', 'industry', 'tl_root_start_date', 'is_cna_discussion_list'], JOINT_APPROVAL_FIELDS_LEGACY: ['short_name', 'name', 'authority.active_roles'], USER_ROLE_ENUM: { ADMIN: 'ADMIN' diff --git a/src/controller/org.controller/org.middleware.js b/src/controller/org.controller/org.middleware.js index 6e8cbcd0c..cd9d2333e 100644 --- a/src/controller/org.controller/org.middleware.js +++ b/src/controller/org.controller/org.middleware.js @@ -48,6 +48,18 @@ function validateCreateOrgParameters () { .isArray(), body(['root_or_tlr']).default(false) .isBoolean(), + body(['vulnerability_advisory_locations']) + .default([]) + .custom(isFlatStringArray), + body(['advisory_location_require_credentials']) + .default(false) + .isBoolean(), + body(['tl_root_start_date']) + .default(null) + .isDate(), + body(['is_cna_discussion_list']) + .default(false) + .isBoolean(), body( [ 'charter_or_scope', @@ -58,7 +70,10 @@ function validateCreateOrgParameters () { 'contact_info.poc_email', 'contact_info.poc_phone', 'contact_info.org_email', - 'contact_info.website' + 'contact_info.website', + 'cna_role_type', + 'cna_country', + 'industry' ]) .default('') .isString(), @@ -119,7 +134,14 @@ function validateCreateOrgParameters () { 'contact_info.poc_phone', 'contact_info.org_email', 'contact_info.additional_contact_users', - 'contact_info.website') + 'contact_info.website', + 'cna_role_type', + 'cna_country', + 'vulnerability_advisory_locations', + 'advisory_location_require_credentials', + 'industry', + 'tl_root_start_date', + 'is_cna_discussion_list') ] } @@ -169,7 +191,7 @@ function validateUpdateOrgParameters () { const useRegistry = req.query.registry === 'true' const legacyParametersOnly = ['id_quota', 'name'] - const registryParametersOnly = ['hard_quota', 'long_name', 'cve_program_org_function', 'oversees', 'root_or_tlr', 'charter_or_scope', 'disclosure_policy', 'product_list'] + const registryParametersOnly = ['hard_quota', 'long_name', 'cve_program_org_function', 'oversees', 'root_or_tlr', 'charter_or_scope', 'disclosure_policy', 'product_list', 'cna_role_type', 'cna_country', 'vulnerability_advisory_locations', 'advisory_location_require_credentials', 'industry', 'tl_root_start_date', 'is_cna_discussion_list'] const sharedParameters = ['new_short_name', 'active_roles.add', 'active_roles.remove', 'registry'] const allParameters = [ @@ -191,28 +213,40 @@ function validateUpdateOrgParameters () { if (useRegistry) { validations.push( - - query(['hard_quota']).optional().not().isArray().isInt({ min: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_min, max: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_max }).withMessage(errorMsgs.ID_QUOTA), + query(['hard_quota']) + .optional() + .not() + .isArray() + .isInt({ + min: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_min, + max: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_max + }) + .withMessage(errorMsgs.ID_QUOTA), query(['long_name']).optional().isString().trim().notEmpty(), query(['oversees']).optional().isArray(), query(['root_or_tlr']).optional().isBoolean(), - query( - [ - 'cve_program_org_function', - 'charter_or_scope', - 'disclosure_policy', - 'product_list', - 'contact_info.poc', - 'contact_info.poc_email', - 'contact_info.poc_phone', - 'contact_info.org_email', - 'contact_info.website' - ]) + query([ + 'cve_program_org_function', + 'charter_or_scope', + 'disclosure_policy', + 'product_list', + 'contact_info.poc', + 'contact_info.poc_email', + 'contact_info.poc_phone', + 'contact_info.org_email', + 'contact_info.website', + 'cna_role_type', + 'cna_country', + 'vulnerability_advisory_locations', + 'advisory_location_require_credentials', + 'industry', + 'tl_root_start_date', + 'is_cna_discussion_list' + ]) .optional() .isString(), ...isNotAllowedQuery(...legacyParametersOnly) // if we decide that we want to allow more, we can add them here. - ) } else { validations.push( @@ -273,10 +307,20 @@ function isUserRole (val) { function parsePostParams (req, res, next) { utils.reqCtxMapping(req, 'body', []) utils.reqCtxMapping(req, 'query', [ - 'new_short_name', 'name', 'id_quota', 'active', - 'active_roles.add', 'active_roles.remove', - 'new_username', 'org_short_name', - 'name.first', 'name.last', 'name.middle', 'name.suffix', 'long_name', 'cve_program_org_function', + 'new_short_name', + 'name', + 'id_quota', + 'active', + 'active_roles.add', + 'active_roles.remove', + 'new_username', + 'org_short_name', + 'name.first', + 'name.last', + 'name.middle', + 'name.suffix', + 'long_name', + 'cve_program_org_function', 'charter_or_scope', 'disclosure_policy', 'product_list', @@ -285,7 +329,16 @@ function parsePostParams (req, res, next) { 'contact_info.poc_phone', 'contact_info.org_email', 'hard_quota', - 'contact_info.website', 'root_or_tlr', 'oversees' + 'contact_info.website', + 'root_or_tlr', + 'oversees', + 'cna_role_type', + 'cna_country', + 'vulnerability_advisory_locations', + 'advisory_location_require_credentials', + 'industry', + 'tl_root_start_date', + 'is_cna_discussion_list' ]) utils.reqCtxMapping(req, 'params', ['shortname', 'username']) next() diff --git a/src/controller/registry-org.controller/registry-org.middleware.js b/src/controller/registry-org.controller/registry-org.middleware.js index e2283f589..325c9d107 100644 --- a/src/controller/registry-org.controller/registry-org.middleware.js +++ b/src/controller/registry-org.controller/registry-org.middleware.js @@ -15,7 +15,14 @@ function parsePostParams (req, res, next) { 'charter_or_scope', 'disclosure_policy', 'product_list', 'soft_quota', 'hard_quota', 'contact_info.additional_contact_users', 'contact_info.poc', 'contact_info.poc_email', 'contact_info.poc_phone', - 'contact_info.admins', 'contact_info.org_email', 'contact_info.website' + 'contact_info.admins', 'contact_info.org_email', 'contact_info.website', + 'cna_role_type', + 'cna_country', + 'vulnerability_advisory_locations', + 'advisory_location_require_credentials', + 'industry', + 'tl_root_start_date', + 'is_cna_discussion_list' ]) next() } diff --git a/src/middleware/schemas/BaseOrg.json b/src/middleware/schemas/BaseOrg.json index fdabde496..fe6432e85 100644 --- a/src/middleware/schemas/BaseOrg.json +++ b/src/middleware/schemas/BaseOrg.json @@ -39,6 +39,11 @@ "discriminator": { "description": "Discriminator key used by Mongoose for type inheritance", "type": "string" + }, + "timestamp": { + "description": "Date/time format based on RFC3339 and ISO ISO8601, with an optional timezone in the format 'yyyy-MM-ddTHH:mm:ss[+-]ZH:ZM'. If timezone offset is not given, GMT (+00:00) is assumed.", + "pattern": "^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$", + "type": "string" } }, "properties": { @@ -114,6 +119,31 @@ } }, "additionalProperties": false + }, + "cna_role_type": { + "type": "string" + }, + "cna_country": { + "type": "string" + }, + "vulnerability_advisory_locations": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "advisory_location_require_credentials": { + "type": "boolean" + }, + "industry": { + "type": "string" + }, + "tl_root_start_date": { + "$ref": "#/definitions/timestamp" + }, + "is_cna_discussion_list": { + "type": "boolean" } }, "required": [ diff --git a/src/model/baseorg.js b/src/model/baseorg.js index e1d9c1c42..33edd6cf3 100644 --- a/src/model/baseorg.js +++ b/src/model/baseorg.js @@ -23,6 +23,13 @@ const schema = { org_email: String, website: String }, + cna_role_type: String, + cna_country: String, + vulnerability_advisory_locations: [String], + advisory_location_require_credentials: Boolean, + industry: String, + tl_root_start_date: Date, + is_cna_discussion_list: Boolean, in_use: Boolean, created: Date, last_updated: Date diff --git a/src/repositories/baseOrgRepository.js b/src/repositories/baseOrgRepository.js index 18a053c84..8ef25f453 100644 --- a/src/repositories/baseOrgRepository.js +++ b/src/repositories/baseOrgRepository.js @@ -343,6 +343,13 @@ class BaseOrgRepository extends BaseRepository { * @param {string} [incomingParameters.contact_info.poc_phone] - The primary point of contact's phone number. (Registry only) * @param {string} [incomingParameters.contact_info.org_email] - The general organization email address. (Registry only) * @param {string} [incomingParameters.contact_info.website] - The organization's website URL. (Registry only) + * @param {string} [incomingParameters.cna_role_type] - (Registry only) + * @param {string} [incomingParameters.cna_country] - (Registry only) + * @param {string[]} [incomingParameters.vulnerability_advisory_locations] - (Registry only) + * @param {boolean} [incomingParameters.advisory_location_require_credentials] - (Registry only) + * @param {string} [incomingParameters.industry] - (Registry only) + * @param {string} [incomingParameters.tl_root_start_date] - (Registry only) + * @param {boolean} [incomingParameters.is_cna_discussion_list] - (Registry only) * @param {object} [options={}] - Optional settings for the repository query. * @param {boolean} [isLegacyObject=false] - If true, the function returns the updated legacy organization object. Otherwise, it returns the updated registry organization object. * @param {string|null} [requestingUserUUID=null] - The user UUID representing the requester, used for audit documentation. If null, no audit document is created. @@ -385,7 +392,14 @@ class BaseOrgRepository extends BaseRepository { 'product_list', 'oversees', 'reports_to', - 'contact_info' // Handles all nested contact_info fields automatically + 'contact_info', // Handles all nested contact_info fields automatically + 'cna_role_type', + 'cna_country', + 'vulnerability_advisory_locations', + 'advisory_location_require_credentials', + 'industry', + 'tl_root_start_date', + 'is_cna_discussion_list' ] // Create a patch object by picking only the defined, relevant keys From 18b5b3b69620b5e644ff8794629f5b138cefd3c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Dec 2025 20:51:29 +0000 Subject: [PATCH 3/3] Bump js-yaml from 3.14.1 to 3.14.2 Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 52 +++++++++++++++++++++++------------------------ 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/package-lock.json b/package-lock.json index b8219016a..1641706af 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cve-services", - "version": "2.6.0", + "version": "ur-v0.2.0-beta.3", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "cve-services", - "version": "2.6.0", + "version": "ur-v0.2.0-beta.3", "license": "(CC0)", "dependencies": { "ajv": "^8.6.2", @@ -796,9 +796,9 @@ } }, "node_modules/@eslint/eslintrc/node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", "dev": true, "dependencies": { "argparse": "^2.0.1" @@ -3691,9 +3691,9 @@ } }, "node_modules/eslint/node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", "dev": true, "dependencies": { "argparse": "^2.0.1" @@ -5599,9 +5599,9 @@ "dev": true }, "node_modules/js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "version": "3.14.2", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz", + "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==", "dev": true, "dependencies": { "argparse": "^1.0.7", @@ -6228,9 +6228,9 @@ } }, "node_modules/mocha/node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", "dev": true, "dependencies": { "argparse": "^2.0.1" @@ -11065,9 +11065,9 @@ } }, "js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", "dev": true, "requires": { "argparse": "^2.0.1" @@ -13083,9 +13083,9 @@ } }, "js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", "dev": true, "requires": { "argparse": "^2.0.1" @@ -14661,9 +14661,9 @@ "dev": true }, "js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "version": "3.14.2", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz", + "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==", "dev": true, "requires": { "argparse": "^1.0.7", @@ -15148,9 +15148,9 @@ } }, "js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", "dev": true, "requires": { "argparse": "^2.0.1"