From e01d8d130b94caae5a6ca48a081acd3187b70f9c Mon Sep 17 00:00:00 2001 From: Juan P Lopez Date: Wed, 22 Jan 2025 10:20:00 -0500 Subject: [PATCH 1/2] chore(core): update feedback webhook content --- core/api/src/app/comm/submit-feedback.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/api/src/app/comm/submit-feedback.ts b/core/api/src/app/comm/submit-feedback.ts index 18bcf091db..815d45fc2c 100644 --- a/core/api/src/app/comm/submit-feedback.ts +++ b/core/api/src/app/comm/submit-feedback.ts @@ -29,7 +29,7 @@ export const submitFeedback = async ({ try { const response = await axios.post( MATTERMOST_WEBHOOK_URL, - { text }, + { text, msg: text }, { headers: { "Content-Type": "application/json" } }, ) From fd34e13f7f84cdd6123a1f4e95c74dbc2a11cc82 Mon Sep 17 00:00:00 2001 From: Juan P Lopez Date: Wed, 22 Jan 2025 12:11:41 -0500 Subject: [PATCH 2/2] fix: mongoose security issue --- core/api/package.json | 2 +- pnpm-lock.yaml | 205 ++++++++++++------------------------------ 2 files changed, 58 insertions(+), 149 deletions(-) diff --git a/core/api/package.json b/core/api/package.json index 7ea475e8eb..d73c1fac22 100644 --- a/core/api/package.json +++ b/core/api/package.json @@ -104,7 +104,7 @@ "lodash.sortby": "^4.7.0", "lodash.sumby": "^4.6.0", "medici": "^7.1.0", - "mongoose": "8.9.3", + "mongoose": "8.9.5", "node-cache": "^5.1.2", "openai": "^4.77.3", "pg": "^8.13.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index d678fa97ca..ffbb20ef46 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -120,7 +120,7 @@ importers: version: 18.2.19 '@typescript-eslint/eslint-plugin': specifier: ^7.1.1 - version: 7.1.1(@typescript-eslint/parser@8.19.1)(eslint@8.57.0)(typescript@5.2.2) + version: 7.1.1(@typescript-eslint/parser@7.7.0)(eslint@8.57.0)(typescript@5.2.2) autoprefixer: specifier: ^10.4.20 version: 10.4.20(postcss@8.4.49) @@ -1276,8 +1276,8 @@ importers: specifier: ^7.1.0 version: 7.1.0(snappy@7.2.2) mongoose: - specifier: 8.9.3 - version: 8.9.3(snappy@7.2.2) + specifier: 8.9.5 + version: 8.9.5(snappy@7.2.2) node-cache: specifier: ^5.1.2 version: 5.1.2 @@ -6310,7 +6310,7 @@ packages: '@babel/parser': 7.26.3 '@babel/template': 7.25.0 '@babel/types': 7.25.6 - debug: 4.3.4(supports-color@8.1.1) + debug: 4.4.0(supports-color@5.5.0) globals: 11.12.0 transitivePeerDependencies: - supports-color @@ -17115,7 +17115,7 @@ packages: /@types/eslint-scope@3.7.7: resolution: {integrity: sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg==} dependencies: - '@types/eslint': 9.6.1 + '@types/eslint': 8.56.12 '@types/estree': 1.0.6 dev: true @@ -17140,13 +17140,6 @@ packages: '@types/json-schema': 7.0.15 dev: true - /@types/eslint@9.6.1: - resolution: {integrity: sha512-FXx2pKgId/WyYo2jXw63kk7/+TY7u7AziEJxJAnSFzHlqTAS3Ync6SvgYAN/k4/PQpnnVuzoMuVnByKK2qp0ag==} - dependencies: - '@types/estree': 1.0.6 - '@types/json-schema': 7.0.15 - dev: true - /@types/estree@0.0.51: resolution: {integrity: sha512-CuPgU6f3eT/XgKKPqKd/gLZV1Xmvf1a2R5POBOGQa6uv82xpls89HU5zKeVoyR8XzHd1RGNOlQlvUe3CFkjWNQ==} dev: true @@ -17864,7 +17857,7 @@ packages: - supports-color dev: true - /@typescript-eslint/eslint-plugin@7.1.1(@typescript-eslint/parser@8.19.1)(eslint@8.57.0)(typescript@5.2.2): + /@typescript-eslint/eslint-plugin@7.1.1(@typescript-eslint/parser@7.7.0)(eslint@8.57.0)(typescript@5.2.2): resolution: {integrity: sha512-zioDz623d0RHNhvx0eesUmGfIjzrk18nSBC8xewepKXbBvN/7c1qImV7Hg8TI1URTxKax7/zxfxj3Uph8Chcuw==} engines: {node: ^16.0.0 || >=18.0.0} peerDependencies: @@ -17876,7 +17869,7 @@ packages: optional: true dependencies: '@eslint-community/regexpp': 4.10.0 - '@typescript-eslint/parser': 8.19.1(eslint@8.57.0)(typescript@5.2.2) + '@typescript-eslint/parser': 7.7.0(eslint@8.57.0)(typescript@5.2.2) '@typescript-eslint/scope-manager': 7.1.1 '@typescript-eslint/type-utils': 7.1.1(eslint@8.57.0)(typescript@5.2.2) '@typescript-eslint/utils': 7.1.1(eslint@8.57.0)(typescript@5.2.2) @@ -18080,7 +18073,7 @@ packages: - supports-color dev: true - /@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.7.2): + /@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.2.2): resolution: {integrity: sha512-fNcDm3wSwVM8QYL4HKVBggdIPAy9Q41vcvC/GtDobw3c4ndVT3K6cqudUmjHPw8EAp4ufax0o58/xvWaP2FmTg==} engines: {node: ^18.18.0 || >=20.0.0} peerDependencies: @@ -18092,29 +18085,32 @@ packages: dependencies: '@typescript-eslint/scope-manager': 7.7.0 '@typescript-eslint/types': 7.7.0 - '@typescript-eslint/typescript-estree': 7.7.0(typescript@5.7.2) + '@typescript-eslint/typescript-estree': 7.7.0(typescript@5.2.2) '@typescript-eslint/visitor-keys': 7.7.0 debug: 4.3.4(supports-color@8.1.1) eslint: 8.57.0 - typescript: 5.7.2 + typescript: 5.2.2 transitivePeerDependencies: - supports-color dev: true - /@typescript-eslint/parser@8.19.1(eslint@8.57.0)(typescript@5.2.2): - resolution: {integrity: sha512-67gbfv8rAwawjYx3fYArwldTQKoYfezNUT4D5ioWetr/xCrxXxvleo3uuiFuKfejipvq+og7mjz3b0G2bVyUCw==} - engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} + /@typescript-eslint/parser@7.7.0(eslint@8.57.0)(typescript@5.7.2): + resolution: {integrity: sha512-fNcDm3wSwVM8QYL4HKVBggdIPAy9Q41vcvC/GtDobw3c4ndVT3K6cqudUmjHPw8EAp4ufax0o58/xvWaP2FmTg==} + engines: {node: ^18.18.0 || >=20.0.0} peerDependencies: - eslint: ^8.57.0 || ^9.0.0 - typescript: '>=4.8.4 <5.8.0' + eslint: ^8.56.0 + typescript: '*' + peerDependenciesMeta: + typescript: + optional: true dependencies: - '@typescript-eslint/scope-manager': 8.19.1 - '@typescript-eslint/types': 8.19.1 - '@typescript-eslint/typescript-estree': 8.19.1(typescript@5.2.2) - '@typescript-eslint/visitor-keys': 8.19.1 - debug: 4.4.0(supports-color@5.5.0) + '@typescript-eslint/scope-manager': 7.7.0 + '@typescript-eslint/types': 7.7.0 + '@typescript-eslint/typescript-estree': 7.7.0(typescript@5.7.2) + '@typescript-eslint/visitor-keys': 7.7.0 + debug: 4.3.4(supports-color@8.1.1) eslint: 8.57.0 - typescript: 5.2.2 + typescript: 5.7.2 transitivePeerDependencies: - supports-color dev: true @@ -18158,14 +18154,6 @@ packages: '@typescript-eslint/visitor-keys': 7.7.0 dev: true - /@typescript-eslint/scope-manager@8.19.1: - resolution: {integrity: sha512-60L9KIuN/xgmsINzonOcMDSB8p82h95hoBfSBtXuO4jlR1R9L1xSkmVZKgCPVfavDlXihh4ARNjXhh1gGnLC7Q==} - engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} - dependencies: - '@typescript-eslint/types': 8.19.1 - '@typescript-eslint/visitor-keys': 8.19.1 - dev: true - /@typescript-eslint/type-utils@5.62.0(eslint@8.54.0)(typescript@5.6.3): resolution: {integrity: sha512-xsSQreu+VnfbqQpW5vnCJdq1Z3Q0U31qiWmRhr98ONQmcp/yhiPJFPq8MXiJVLiksmOKSjIldZzkebzHuCGzew==} engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} @@ -18275,11 +18263,6 @@ packages: engines: {node: ^18.18.0 || >=20.0.0} dev: true - /@typescript-eslint/types@8.19.1: - resolution: {integrity: sha512-JBVHMLj7B1K1v1051ZaMMgLW4Q/jre5qGK0Ew6UgXz1Rqh+/xPzV1aW581OM00X6iOfyr1be+QyW8LOUf19BbA==} - engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} - dev: true - /@typescript-eslint/typescript-estree@4.33.0(typescript@3.9.10): resolution: {integrity: sha512-rkWRY1MPFzjwnEVHsxGemDzqqddw2QbTJlICPD9p9I9LfsO8fdmfQPOX3uKfUaGRDFJbfrtm/sXhVXN4E+bzCA==} engines: {node: ^10.12.0 || >=12.0.0} @@ -18291,7 +18274,7 @@ packages: dependencies: '@typescript-eslint/types': 4.33.0 '@typescript-eslint/visitor-keys': 4.33.0 - debug: 4.3.6 + debug: 4.4.0(supports-color@5.5.0) globby: 11.1.0 is-glob: 4.0.3 semver: 7.6.3 @@ -18518,7 +18501,7 @@ packages: - supports-color dev: true - /@typescript-eslint/typescript-estree@7.7.0(typescript@5.7.2): + /@typescript-eslint/typescript-estree@7.7.0(typescript@5.2.2): resolution: {integrity: sha512-8p71HQPE6CbxIBy2kWHqM1KGrC07pk6RJn40n0DSc6bMOBBREZxSDJ+BmRzc8B5OdaMh1ty3mkuWRg4sCFiDQQ==} engines: {node: ^18.18.0 || >=20.0.0} peerDependencies: @@ -18534,27 +18517,30 @@ packages: is-glob: 4.0.3 minimatch: 9.0.5 semver: 7.6.2 - ts-api-utils: 1.3.0(typescript@5.7.2) - typescript: 5.7.2 + ts-api-utils: 1.3.0(typescript@5.2.2) + typescript: 5.2.2 transitivePeerDependencies: - supports-color dev: true - /@typescript-eslint/typescript-estree@8.19.1(typescript@5.2.2): - resolution: {integrity: sha512-jk/TZwSMJlxlNnqhy0Eod1PNEvCkpY6MXOXE/WLlblZ6ibb32i2We4uByoKPv1d0OD2xebDv4hbs3fm11SMw8Q==} - engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} + /@typescript-eslint/typescript-estree@7.7.0(typescript@5.7.2): + resolution: {integrity: sha512-8p71HQPE6CbxIBy2kWHqM1KGrC07pk6RJn40n0DSc6bMOBBREZxSDJ+BmRzc8B5OdaMh1ty3mkuWRg4sCFiDQQ==} + engines: {node: ^18.18.0 || >=20.0.0} peerDependencies: - typescript: '>=4.8.4 <5.8.0' + typescript: '*' + peerDependenciesMeta: + typescript: + optional: true dependencies: - '@typescript-eslint/types': 8.19.1 - '@typescript-eslint/visitor-keys': 8.19.1 - debug: 4.4.0(supports-color@5.5.0) - fast-glob: 3.3.3 + '@typescript-eslint/types': 7.7.0 + '@typescript-eslint/visitor-keys': 7.7.0 + debug: 4.3.6 + globby: 11.1.0 is-glob: 4.0.3 minimatch: 9.0.5 - semver: 7.6.3 - ts-api-utils: 2.0.0(typescript@5.2.2) - typescript: 5.2.2 + semver: 7.6.2 + ts-api-utils: 1.3.0(typescript@5.7.2) + typescript: 5.7.2 transitivePeerDependencies: - supports-color dev: true @@ -18740,14 +18726,6 @@ packages: eslint-visitor-keys: 3.4.3 dev: true - /@typescript-eslint/visitor-keys@8.19.1: - resolution: {integrity: sha512-fzmjU8CHK853V/avYZAvuVut3ZTfwN5YtMaoi+X9Y9MA9keaWNHC3zEQ9zvyX/7Hj+5JkNyK1l7TOR2hevHB6Q==} - engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} - dependencies: - '@typescript-eslint/types': 8.19.1 - eslint-visitor-keys: 4.2.0 - dev: true - /@ungap/structured-clone@1.2.0: resolution: {integrity: sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==} dev: true @@ -23281,7 +23259,7 @@ packages: eslint: 8.57.0 eslint-import-resolver-node: 0.3.9 eslint-import-resolver-typescript: 3.6.1(@typescript-eslint/parser@6.21.0)(eslint-import-resolver-node@0.3.9)(eslint-plugin-import@2.29.1)(eslint@8.57.0) - eslint-plugin-import: 2.29.1(@typescript-eslint/parser@8.19.1)(eslint@8.57.0) + eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0)(eslint@8.57.0) eslint-plugin-jsx-a11y: 6.8.0(eslint@8.57.0) eslint-plugin-react: 7.34.0(eslint@8.57.0) eslint-plugin-react-hooks: 4.6.0(eslint@8.57.0) @@ -23426,7 +23404,7 @@ packages: enhanced-resolve: 5.15.0 eslint: 8.57.0 eslint-module-utils: 2.8.0(@typescript-eslint/parser@6.21.0)(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1)(eslint@8.57.0) - eslint-plugin-import: 2.29.1(@typescript-eslint/parser@8.19.1)(eslint@8.57.0) + eslint-plugin-import: 2.29.1(@typescript-eslint/parser@7.7.0)(eslint@8.57.0) fast-glob: 3.3.2 get-tsconfig: 4.7.2 is-core-module: 2.13.1 @@ -23644,35 +23622,6 @@ packages: - supports-color dev: true - /eslint-module-utils@2.8.0(@typescript-eslint/parser@8.19.1)(eslint-import-resolver-node@0.3.9)(eslint@8.57.0): - resolution: {integrity: sha512-aWajIYfsqCKRDgUfjEXNN/JlrzauMuSEy5sbd7WXbtW3EH6A6MpwEh42c7qD+MqQo9QMJ6fWLAeIJynx0g6OAw==} - engines: {node: '>=4'} - peerDependencies: - '@typescript-eslint/parser': '*' - eslint: '*' - eslint-import-resolver-node: '*' - eslint-import-resolver-typescript: '*' - eslint-import-resolver-webpack: '*' - peerDependenciesMeta: - '@typescript-eslint/parser': - optional: true - eslint: - optional: true - eslint-import-resolver-node: - optional: true - eslint-import-resolver-typescript: - optional: true - eslint-import-resolver-webpack: - optional: true - dependencies: - '@typescript-eslint/parser': 8.19.1(eslint@8.57.0)(typescript@5.2.2) - debug: 3.2.7(supports-color@8.1.1) - eslint: 8.57.0 - eslint-import-resolver-node: 0.3.9 - transitivePeerDependencies: - - supports-color - dev: true - /eslint-plugin-cypress@3.2.0(eslint@8.54.0): resolution: {integrity: sha512-HaxMz6BoU4ay+K4WrG9ZJC1NdX06FqSlAwtRDStjM0ORFT7zCNPNuRJ+kUPc17Rt2AMUBSqeD9L0zTR3uZhPpw==} peerDependencies: @@ -23907,41 +23856,6 @@ packages: - supports-color dev: true - /eslint-plugin-import@2.29.1(@typescript-eslint/parser@8.19.1)(eslint@8.57.0): - resolution: {integrity: sha512-BbPC0cuExzhiMo4Ff1BTVwHpjjv28C5R+btTOGaCRC7UEz801up0JadwkeSk5Ued6TG34uaczuVuH6qyy5YUxw==} - engines: {node: '>=4'} - peerDependencies: - '@typescript-eslint/parser': '*' - eslint: ^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8 - peerDependenciesMeta: - '@typescript-eslint/parser': - optional: true - dependencies: - '@typescript-eslint/parser': 8.19.1(eslint@8.57.0)(typescript@5.2.2) - array-includes: 3.1.7 - array.prototype.findlastindex: 1.2.3 - array.prototype.flat: 1.3.2 - array.prototype.flatmap: 1.3.2 - debug: 3.2.7(supports-color@8.1.1) - doctrine: 2.1.0 - eslint: 8.57.0 - eslint-import-resolver-node: 0.3.9 - eslint-module-utils: 2.8.0(@typescript-eslint/parser@8.19.1)(eslint-import-resolver-node@0.3.9)(eslint@8.57.0) - hasown: 2.0.0 - is-core-module: 2.13.1 - is-glob: 4.0.3 - minimatch: 3.1.2 - object.fromentries: 2.0.7 - object.groupby: 1.0.1 - object.values: 1.1.7 - semver: 6.3.1 - tsconfig-paths: 3.15.0 - transitivePeerDependencies: - - eslint-import-resolver-typescript - - eslint-import-resolver-webpack - - supports-color - dev: true - /eslint-plugin-import@2.29.1(eslint@8.57.0): resolution: {integrity: sha512-BbPC0cuExzhiMo4Ff1BTVwHpjjv28C5R+btTOGaCRC7UEz801up0JadwkeSk5Ued6TG34uaczuVuH6qyy5YUxw==} engines: {node: '>=4'} @@ -24335,11 +24249,6 @@ packages: resolution: {integrity: sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==} engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} - /eslint-visitor-keys@4.2.0: - resolution: {integrity: sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==} - engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} - dev: true - /eslint-webpack-plugin@4.1.0(eslint@8.54.0)(webpack@5.97.1): resolution: {integrity: sha512-C3wAG2jyockIhN0YRLuKieKj2nx/gnE/VHmoHemD5ifnAtY6ZU+jNPfzPoX4Zd6RIbUyWTiZUh/ofUlBhoAX7w==} engines: {node: '>= 14.15.0'} @@ -25588,7 +25497,7 @@ packages: dependencies: basic-ftp: 5.0.5 data-uri-to-buffer: 6.0.2 - debug: 4.3.6 + debug: 4.4.0(supports-color@5.5.0) fs-extra: 11.2.0 transitivePeerDependencies: - supports-color @@ -29336,7 +29245,7 @@ packages: resolution: {integrity: sha512-/bA/MRNyXOdXoeAw0xrZP2PzTaZPHpxV6UDDv+QGqlCWaGrxXMOyiDWOcQZ2nt19G2A5Ss4KdagY6A7THTtUAA==} engines: {node: '>=16'} dependencies: - mongoose: 8.9.3(snappy@7.2.2) + mongoose: 8.9.5(snappy@7.2.2) transitivePeerDependencies: - '@aws-sdk/credential-providers' - '@mongodb-js/zstd' @@ -29637,7 +29546,7 @@ packages: hasBin: true dependencies: commander: 2.20.3 - debug: 4.3.6 + debug: 4.4.0(supports-color@5.5.0) glob: 7.2.3 requirejs: 2.3.6 requirejs-config-file: 4.0.0 @@ -29716,8 +29625,8 @@ packages: snappy: 7.2.2 dev: true - /mongoose@8.9.3(snappy@7.2.2): - resolution: {integrity: sha512-G50GNPdMqhoiRAJ/24GYAzg13yxXDD3FOOFeYiFwtHmHpAJem3hxbYIxAhLJGWbYEiUZL0qFMu2LXYkgGAmo+Q==} + /mongoose@8.9.5(snappy@7.2.2): + resolution: {integrity: sha512-SPhOrgBm0nKV3b+IIHGqpUTOmgVL5Z3OO9AwkFEmvOZznXTvplbomstCnPOGAyungtRXE5pJTgKpKcZTdjeESg==} engines: {node: '>=16.20.1'} dependencies: bson: 6.10.1 @@ -34185,7 +34094,7 @@ packages: hasBin: true dependencies: commander: 2.20.3 - debug: 4.3.6 + debug: 4.4.0(supports-color@5.5.0) transitivePeerDependencies: - supports-color dev: true @@ -34961,22 +34870,22 @@ packages: typescript: 5.7.2 dev: true - /ts-api-utils@1.3.0(typescript@5.7.2): + /ts-api-utils@1.3.0(typescript@5.2.2): resolution: {integrity: sha512-UQMIo7pb8WRomKR1/+MFVLTroIvDVtMX3K6OUir8ynLyzB8Jeriont2bTAtmNPa1ekAgN7YPDyf6V+ygrdU+eQ==} engines: {node: '>=16'} peerDependencies: typescript: '>=4.2.0' dependencies: - typescript: 5.7.2 + typescript: 5.2.2 dev: true - /ts-api-utils@2.0.0(typescript@5.2.2): - resolution: {integrity: sha512-xCt/TOAc+EOHS1XPnijD3/yzpH6qg2xppZO1YDqGoVsNXfQfzHpOdNuXwrwOU8u4ITXJyDCTyt8w5g1sZv9ynQ==} - engines: {node: '>=18.12'} + /ts-api-utils@1.3.0(typescript@5.7.2): + resolution: {integrity: sha512-UQMIo7pb8WRomKR1/+MFVLTroIvDVtMX3K6OUir8ynLyzB8Jeriont2bTAtmNPa1ekAgN7YPDyf6V+ygrdU+eQ==} + engines: {node: '>=16'} peerDependencies: - typescript: '>=4.8.4' + typescript: '>=4.2.0' dependencies: - typescript: 5.2.2 + typescript: 5.7.2 dev: true /ts-dedent@2.2.0: