deps: Upgrade dependencies to address vurnabilities. (#125)

Author: Artmann

build/conda-nonconda-test-requirements.txt

@@ -1,5 +1,5 @@
 # List of requirements for ipython tests
-numpy
+numpy>=1.22.2
 pandas
 # Install jupyter itself so we end up with a kernel
 jupyter
@@ -8,3 +8,17 @@ ipywidgets
 anywidget
 matplotlib
 ipympl
+
+# Security updates for transitive dependencies
+pillow>=10.2.0
+setuptools>=78.1.1
+zipp>=3.19.1
+tornado>=6.4.1
+anyio>=4.4.0
+requests>=2.32.4
+fonttools>=4.43.0
+jupyter-server>=2.14.1
+jupyter-core>=5.8.0
+ipython>=8.10.0
+urllib3>=2.2.2
+jupyterlab>=4.4.8

build/venv-smoke-test-requirements.txt

@@ -2196,7 +2196,7 @@
         "fast-deep-equal": "^2.0.1",
         "format-util": "^1.0.5",
         "fs-extra": "^4.0.3",
-        "glob": "^7.1.2",
+        "glob": "^9.3.5",
         "iconv-lite": "^0.6.3",
         "immer": "^10.1.3",
         "inversify": "^6.0.1",
@@ -2230,7 +2230,6 @@
         "slickgrid": "^2.4.17",
         "stack-trace": "0.0.10",
         "strip-comments": "^2.0.1",
-        "styled-components": "^5.2.1",
         "svg-to-pdfkit": "^0.1.8",
         "tailwind-merge": "^3.3.1",
         "tcp-port-used": "^1.0.1",
@@ -2309,6 +2308,7 @@
         "@vscode/zeromq": "^0.2.3",
         "acorn": "^8.9.0",
         "autoprefixer": "^10.4.21",
+        "bare-events": "^2.8.1",
         "buffer": "^6.0.3",
         "bufferutil": "^4.0.6",
         "chai": "^4.3.10",

build/venv-test-ipywidgets7-requirements.txt

@@ -3,10 +3,9 @@
 
 import * as path from '../../../platform/vscode-path/path';
 import * as fs from 'fs-extra';
-import glob from 'glob';
+import { glob } from 'glob';
 import { injectable } from 'inversify';
 import * as tmp from 'tmp';
-import { promisify } from 'util';
 import { TemporaryFile } from './types';
 import { IFileSystemNode } from './types.node';
 import { ENCODING, FileSystem as FileSystemBase } from './fileSystem';
@@ -19,10 +18,8 @@ import { getFilePath } from './fs-paths';
  */
 @injectable()
 export class FileSystem extends FileSystemBase implements IFileSystemNode {
-    private globFiles: (pat: string, options?: { cwd: string; dot?: boolean }) => Promise<string[]>;
-    constructor() {
-        super();
-        this.globFiles = promisify(glob);
+    private async globFiles(pat: string, options?: { cwd: string; dot?: boolean }): Promise<string[]> {
+        return glob(pat, options || {});
     }
 
     public createLocalWriteStream(path: string): fs.WriteStream {

build/venv-test-ipywidgets8-requirements.txt

@@ -0,0 +1,92 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+import { assert } from 'chai';
+import * as fs from 'fs-extra';
+import * as path from '../../../platform/vscode-path/path';
+import * as os from 'os';
+import { FileSystem } from './fileSystem.node';
+
+suite('FileSystem - glob functionality', () => {
+    let fileSystem: FileSystem;
+    let tempDir: string;
+
+    setup(async () => {
+        fileSystem = new FileSystem();
+        tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'vscode-deepnote-test-'));
+    });
+
+    teardown(async () => {
+        await fs.remove(tempDir);
+    });
+
+    test('searchLocal should find files matching pattern', async () => {
+        // Create test files
+        await fs.writeFile(path.join(tempDir, 'test1.ts'), 'content');
+        await fs.writeFile(path.join(tempDir, 'test2.ts'), 'content');
+        await fs.writeFile(path.join(tempDir, 'test.js'), 'content');
+
+        const results = await fileSystem.searchLocal('*.ts', tempDir);
+
+        assert.strictEqual(results.length, 2);
+        assert.ok(results.some((f) => f.endsWith('test1.ts')));
+        assert.ok(results.some((f) => f.endsWith('test2.ts')));
+    });
+
+    test('searchLocal should find files in subdirectories with ** pattern', async () => {
+        // Create test files in subdirectories
+        await fs.ensureDir(path.join(tempDir, 'sub1'));
+        await fs.ensureDir(path.join(tempDir, 'sub2'));
+        await fs.writeFile(path.join(tempDir, 'sub1', 'test1.ts'), 'content');
+        await fs.writeFile(path.join(tempDir, 'sub2', 'test2.ts'), 'content');
+
+        const results = await fileSystem.searchLocal('**/*.ts', tempDir);
+
+        assert.strictEqual(results.length, 2);
+        assert.ok(results.some((f) => f.includes('sub1') && f.endsWith('test1.ts')));
+        assert.ok(results.some((f) => f.includes('sub2') && f.endsWith('test2.ts')));
+    });
+
+    test('searchLocal should find hidden files when dot option is true', async () => {
+        // Create hidden file
+        await fs.writeFile(path.join(tempDir, '.hidden.ts'), 'content');
+        await fs.writeFile(path.join(tempDir, 'visible.ts'), 'content');
+
+        const results = await fileSystem.searchLocal('*.ts', tempDir, true);
+
+        assert.ok(results.length >= 2);
+        assert.ok(results.some((f) => f.endsWith('.hidden.ts')));
+        assert.ok(results.some((f) => f.endsWith('visible.ts')));
+    });
+
+    test('searchLocal should not find hidden files when dot option is false', async () => {
+        // Create hidden file
+        await fs.writeFile(path.join(tempDir, '.hidden.ts'), 'content');
+        await fs.writeFile(path.join(tempDir, 'visible.ts'), 'content');
+
+        const results = await fileSystem.searchLocal('*.ts', tempDir, false);
+
+        assert.strictEqual(results.length, 1);
+        assert.ok(results.some((f) => f.endsWith('visible.ts')));
+        assert.ok(!results.some((f) => f.endsWith('.hidden.ts')));
+    });
+
+    test('searchLocal should return empty array when no files match', async () => {
+        const results = await fileSystem.searchLocal('*.nonexistent', tempDir);
+
+        assert.strictEqual(results.length, 0);
+    });
+
+    test('searchLocal should handle patterns with multiple extensions', async () => {
+        await fs.writeFile(path.join(tempDir, 'test.ts'), 'content');
+        await fs.writeFile(path.join(tempDir, 'test.js'), 'content');
+        await fs.writeFile(path.join(tempDir, 'test.py'), 'content');
+
+        const results = await fileSystem.searchLocal('*.{ts,js}', tempDir);
+
+        assert.strictEqual(results.length, 2);
+        assert.ok(results.some((f) => f.endsWith('.ts')));
+        assert.ok(results.some((f) => f.endsWith('.js')));
+        assert.ok(!results.some((f) => f.endsWith('.py')));
+    });
+});

package-lock.json

@@ -771,15 +771,7 @@ function generateTelemetryGdpr(output: TelemetryEntry[]) {
 }
 
 async function generateTelemetryOutput() {
-    const files = await new Promise<string[]>((resolve, reject) => {
-        glob(path.join(EXTENSION_ROOT_DIR_FOR_TESTS, 'src/**/*.ts'), (ex, res) => {
-            if (ex) {
-                reject(ex);
-            } else {
-                resolve(res);
-            }
-        });
-    });
+    const files = await glob(path.join(EXTENSION_ROOT_DIR_FOR_TESTS, 'src/**/*.ts'));
     // Print out the source tree
     return generateDocumentation(files);
 }

package.json

@@ -114,16 +114,8 @@ async function getInjectableClasses(fileNames: string[], options: ts.CompilerOpt
 }
 
 async function getSourceFiles() {
-    const files = await new Promise<string[]>((resolve, reject) => {
-        const globPattern = path.join(__dirname, '..', '..', 'src', '**', '*.ts').replace(/\\/g, '/');
-        glob(globPattern, (ex, res) => {
-            if (ex) {
-                reject(ex);
-            } else {
-                resolve(res);
-            }
-        });
-    });
+    const globPattern = path.join(__dirname, '..', '..', 'src', '**', '*.ts').replace(/\\/g, '/');
+    const files = await glob(globPattern);
     return files;
 }