fix patch version security vulnerabilities (#1204)

pirtleshell · web-flow · commit 0aea4761a936 · 2022-05-21T12:59:15.000-07:00
* use chalk in place of react-dev-tools/chalk * fix patch version security vulnerabilities fixes the lowest of hanging fruit vulnerabilities. brings total number of api audit vulnerabilities from 70 to 21. [gh-1203] * revert change to libxmljs has problem with latest build.
diff --git a/api/.tool-versions b/api/.tool-versions
@@ -0,0 +1 @@
+nodejs 11.4.0
diff --git a/api/package-lock.json b/api/package-lock.json
diff --git a/api/package.json b/api/package.json
@@ -29,7 +29,7 @@
         "@types/express": "^4.16.1",
         "@types/express-fileupload": "^1.1.0",
         "@types/express-session": "^1.15.12",
-        "aws-sdk": "^2.449.0",
+        "aws-sdk": "^2.1135.0",
         "bcryptjs": "^2.4.3",
         "bull": "^3.15.0",
         "chai": "^4.2.0",
@@ -41,24 +41,24 @@
         "dateformat": "^3.0.3",
         "debug": "~2.6.9",
         "express": "~4.16.0",
-        "express-fileupload": "1.1.6",
+        "express-fileupload": "^1.3.1",
         "express-session": "^1.15.6",
         "flash": "^1.1.0",
         "http-errors": "~1.6.2",
         "ioredis": "^4.9.0",
         "json2csv": "^4.5.3",
         "jsonwebtoken": "^8.5.1",
         "morgan": "~1.9.0",
-        "node-fetch": "^2.6.0",
+        "node-fetch": "^2.6.7",
         "pg": "^7.9.0",
         "pg-hstore": "^2.3.2",
         "reflect-metadata": "^0.1.13",
         "request": "^2.88.0",
         "swagger-jsdoc": "^3.3.0",
-        "swagger-ui-express": "^4.0.7",
+        "swagger-ui-express": "^4.4.0",
         "ts-node": "3.3.0",
         "tsconfig-paths": "3.8.0",
-        "typeorm": "^0.2.16",
+        "typeorm": "^0.2.45",
         "typescript": "3.5.3"
     },
     "devDependencies": {
diff --git a/app/.tool-versions b/app/.tool-versions
@@ -0,0 +1 @@
+nodejs 11.4.0
diff --git a/app/Dockerfile b/app/Dockerfile
@@ -9,4 +9,3 @@ COPY . /app
 
 EXPOSE 4000
 CMD ["yarn", "start"]
-
diff --git a/app/config/modules.js b/app/config/modules.js
@@ -3,7 +3,7 @@
 const fs = require('fs');
 const path = require('path');
 const paths = require('./paths');
-const chalk = require('react-dev-utils/chalk');
+const chalk = require('chalk');
 
 /**
  * Get the baseUrl of a compilerOptions object.
diff --git a/app/package.json b/app/package.json
@@ -26,6 +26,7 @@
     "babel-preset-react-app": "^9.0.0",
     "camelcase": "^5.2.0",
     "case-sensitive-paths-webpack-plugin": "2.2.0",
+    "chalk": "4",
     "clsx": "^1.0.4",
     "connected-react-router": "^6.5.2",
     "css-loader": "2.1.1",
diff --git a/app/scripts/build.js b/app/scripts/build.js
@@ -16,7 +16,7 @@ require('../config/env');
 
 
 const path = require('path');
-const chalk = require('react-dev-utils/chalk');
+const chalk = require('chalk');
 const fs = require('fs-extra');
 const webpack = require('webpack');
 const configFactory = require('../config/webpack.config');
diff --git a/app/scripts/start.js b/app/scripts/start.js
@@ -16,7 +16,7 @@ require('../config/env');
 
 
 const fs = require('fs');
-const chalk = require('react-dev-utils/chalk');
+const chalk = require('chalk');
 const webpack = require('webpack');
 const WebpackDevServer = require('webpack-dev-server');
 const clearConsole = require('react-dev-utils/clearConsole');
diff --git a/app/yarn.lock b/app/yarn.lock
@@ -2858,6 +2858,13 @@ ansi-styles@^3.2.0, ansi-styles@^3.2.1:
   dependencies:
     color-convert "^1.9.0"
 
+ansi-styles@^4.1.0:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.3.0.tgz#edd803628ae71c04c85ae7a0906edad34b648937"
+  integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==
+  dependencies:
+    color-convert "^2.0.1"
+
 ansicolors@~0.2.1:
   version "0.2.1"
   resolved "https://registry.yarnpkg.com/ansicolors/-/ansicolors-0.2.1.tgz#be089599097b74a5c9c4a84a0cdbcdb62bd87aef"
@@ -4443,6 +4450,14 @@ chalk@2.4.2, chalk@^2.0.0, chalk@^2.0.1, chalk@^2.1.0, chalk@^2.4.1, chalk@^2.4.
     escape-string-regexp "^1.0.5"
     supports-color "^5.3.0"
 
+chalk@4:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01"
+  integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==
+  dependencies:
+    ansi-styles "^4.1.0"
+    supports-color "^7.1.0"
+
 chalk@^1.1.3:
   version "1.1.3"
   resolved "https://registry.yarnpkg.com/chalk/-/chalk-1.1.3.tgz#a8115c55e4a702fe4d150abd3872822a7e09fc98"
@@ -4667,12 +4682,19 @@ color-convert@^1.9.0, color-convert@^1.9.1:
   dependencies:
     color-name "1.1.3"
 
+color-convert@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3"
+  integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==
+  dependencies:
+    color-name "~1.1.4"
+
 color-name@1.1.3:
   version "1.1.3"
   resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25"
   integrity sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=
 
-color-name@^1.0.0:
+color-name@^1.0.0, color-name@~1.1.4:
   version "1.1.4"
   resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2"
   integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
@@ -7636,6 +7658,11 @@ has-flag@^3.0.0:
   resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd"
   integrity sha1-tdRU3CGZriJWmfNGfloH87lVuv0=
 
+has-flag@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b"
+  integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==
+
 has-symbols@^1.0.0, has-symbols@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.1.tgz#9f5214758a44196c406d9bd76cebf81ec2dd31e8"
@@ -14365,6 +14392,13 @@ supports-color@^6.1.0:
   dependencies:
     has-flag "^3.0.0"
 
+supports-color@^7.1.0:
+  version "7.2.0"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.2.0.tgz#1b7dcdcb32b8138801b3e478ba6a51caa89648da"
+  integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==
+  dependencies:
+    has-flag "^4.0.0"
+
 svgo@^1.0.0, svgo@^1.2.2:
   version "1.2.2"
   resolved "https://registry.yarnpkg.com/svgo/-/svgo-1.2.2.tgz#0253d34eccf2aed4ad4f283e11ee75198f9d7316"

Original file line number	Diff line number	Diff line change
`@@ -9,4 +9,3 @@ COPY . /app`
`9`	`9`
`10`	`10`	`EXPOSE 4000`
`11`	`11`	`CMD ["yarn", "start"]`
`12`		`-`