From aa65096026eafa7279070479067725ce2eead478 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 14 Jul 2022 16:48:33 +0000 Subject: [PATCH 1/2] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MOMENT-2944238 --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 452124058579..e4625e5eac0c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -40685,9 +40685,9 @@ "integrity": "sha512-iniQP4rj1FhBdBYS/+eQv7j1tadJ9lJtdzgOpvsOHng/GbcDh2Fhdeq+ZRldrPYdXvCyfFUmFeEwEGXZB5I/AQ==" }, "moment": { - "version": "2.29.1", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.1.tgz", - "integrity": "sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==" + "version": "2.29.4", + "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.4.tgz", + "integrity": "sha512-5LC9SOxjSc2HF6vO2CyuTDNivEdoz2IvyJJGj6X8DJ0eFyfszE0QiEd+iXmBvUP3WHxSjFH/vIsA0EN00cgr8w==" }, "moment-timezone": { "version": "0.5.31", diff --git a/package.json b/package.json index 14782a7aa80c..0ae6e94e32ad 100644 --- a/package.json +++ b/package.json @@ -68,7 +68,7 @@ "localforage": "^1.10.0", "lodash": "4.17.21", "metro-config": "^0.64.0", - "moment": "^2.27.0", + "moment": "^2.29.4", "moment-timezone": "^0.5.31", "onfido-sdk-ui": "^8.1.0", "prop-types": "^15.7.2", From 17f9b8e162f1239c01c10cddfb91fdf9efae20f3 Mon Sep 17 00:00:00 2001 From: Florent De Neve Date: Mon, 18 Jul 2022 18:16:41 +0200 Subject: [PATCH 2/2] Run 'npm run gh-actions-build' and clarify instructions --- .../createOrUpdateStagingDeploy/index.js | 177 ++++++++++-------- .github/scripts/verifyActions.sh | 2 +- 2 files changed, 97 insertions(+), 82 deletions(-) diff --git a/.github/actions/javascript/createOrUpdateStagingDeploy/index.js b/.github/actions/javascript/createOrUpdateStagingDeploy/index.js index 97ea937ef3e9..6c90035a750d 100644 --- a/.github/actions/javascript/createOrUpdateStagingDeploy/index.js +++ b/.github/actions/javascript/createOrUpdateStagingDeploy/index.js @@ -7987,7 +7987,7 @@ module.exports = toString; /* module decorator */ module = __nccwpck_require__.nmd(module); //! moment.js -//! version : 2.29.1 +//! version : 2.29.4 //! authors : Tim Wood, Iskren Chernev, Moment.js contributors //! license : MIT //! momentjs.com @@ -8063,8 +8063,9 @@ module.exports = toString; function map(arr, fn) { var res = [], - i; - for (i = 0; i < arr.length; ++i) { + i, + arrLen = arr.length; + for (i = 0; i < arrLen; ++i) { res.push(fn(arr[i], i)); } return res; @@ -8193,7 +8194,10 @@ module.exports = toString; updateInProgress = false; function copyConfig(to, from) { - var i, prop, val; + var i, + prop, + val, + momentPropertiesLen = momentProperties.length; if (!isUndefined(from._isAMomentObject)) { to._isAMomentObject = from._isAMomentObject; @@ -8226,8 +8230,8 @@ module.exports = toString; to._locale = from._locale; } - if (momentProperties.length > 0) { - for (i = 0; i < momentProperties.length; i++) { + if (momentPropertiesLen > 0) { + for (i = 0; i < momentPropertiesLen; i++) { prop = momentProperties[i]; val = from[prop]; if (!isUndefined(val)) { @@ -8282,8 +8286,9 @@ module.exports = toString; var args = [], arg, i, - key; - for (i = 0; i < arguments.length; i++) { + key, + argLen = arguments.length; + for (i = 0; i < argLen; i++) { arg = ''; if (typeof arguments[i] === 'object') { arg += '\n[' + i + '] '; @@ -8433,7 +8438,8 @@ module.exports = toString; ); } - var formattingTokens = /(\[[^\[]*\])|(\\)?([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|.)/g, + var formattingTokens = + /(\[[^\[]*\])|(\\)?([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|.)/g, localFormattingTokens = /(\[[^\[]*\])|(\\)?(LTS|LT|LL?L?L?|l{1,4})/g, formatFunctions = {}, formatTokenFunctions = {}; @@ -8737,8 +8743,9 @@ module.exports = toString; if (typeof units === 'object') { units = normalizeObjectUnits(units); var prioritized = getPrioritizedUnits(units), - i; - for (i = 0; i < prioritized.length; i++) { + i, + prioritizedLen = prioritized.length; + for (i = 0; i < prioritizedLen; i++) { this[prioritized[i].unit](units[prioritized[i].unit]); } } else { @@ -8768,7 +8775,8 @@ module.exports = toString; matchTimestamp = /[+-]?\d+(\.\d{1,3})?/, // 123456789 123456789.123 // any word (or two) characters or numbers including two/three word month in arabic. // includes scottish gaelic two word and hyphenated months - matchWord = /[0-9]{0,256}['a-z\u00A0-\u05FF\u0700-\uD7FF\uF900-\uFDCF\uFDF0-\uFF07\uFF10-\uFFEF]{1,256}|[\u0600-\u06FF\/]{1,256}(\s*?[\u0600-\u06FF]{1,256}){1,2}/i, + matchWord = + /[0-9]{0,256}['a-z\u00A0-\u05FF\u0700-\uD7FF\uF900-\uFDCF\uFDF0-\uFF07\uFF10-\uFFEF]{1,256}|[\u0600-\u06FF\/]{1,256}(\s*?[\u0600-\u06FF]{1,256}){1,2}/i, regexes; regexes = {}; @@ -8794,15 +8802,12 @@ module.exports = toString; return regexEscape( s .replace('\\', '') - .replace(/\\(\[)|\\(\])|\[([^\]\[]*)\]|\\(.)/g, function ( - matched, - p1, - p2, - p3, - p4 - ) { - return p1 || p2 || p3 || p4; - }) + .replace( + /\\(\[)|\\(\])|\[([^\]\[]*)\]|\\(.)/g, + function (matched, p1, p2, p3, p4) { + return p1 || p2 || p3 || p4; + } + ) ); } @@ -8814,7 +8819,8 @@ module.exports = toString; function addParseToken(token, callback) { var i, - func = callback; + func = callback, + tokenLen; if (typeof token === 'string') { token = [token]; } @@ -8823,7 +8829,8 @@ module.exports = toString; array[callback] = toInt(input); }; } - for (i = 0; i < token.length; i++) { + tokenLen = token.length; + for (i = 0; i < tokenLen; i++) { tokens[token[i]] = func; } } @@ -8934,12 +8941,12 @@ module.exports = toString; // LOCALES - var defaultLocaleMonths = 'January_February_March_April_May_June_July_August_September_October_November_December'.split( - '_' - ), - defaultLocaleMonthsShort = 'Jan_Feb_Mar_Apr_May_Jun_Jul_Aug_Sep_Oct_Nov_Dec'.split( - '_' - ), + var defaultLocaleMonths = + 'January_February_March_April_May_June_July_August_September_October_November_December'.split( + '_' + ), + defaultLocaleMonthsShort = + 'Jan_Feb_Mar_Apr_May_Jun_Jul_Aug_Sep_Oct_Nov_Dec'.split('_'), MONTHS_IN_FORMAT = /D[oD]?(\[[^\[\]]*\]|\s)+MMMM?/, defaultMonthsShortRegex = matchWord, defaultMonthsRegex = matchWord; @@ -9381,14 +9388,12 @@ module.exports = toString; addRegexToken('W', match1to2); addRegexToken('WW', match1to2, match2); - addWeekParseToken(['w', 'ww', 'W', 'WW'], function ( - input, - week, - config, - token - ) { - week[token.substr(0, 1)] = toInt(input); - }); + addWeekParseToken( + ['w', 'ww', 'W', 'WW'], + function (input, week, config, token) { + week[token.substr(0, 1)] = toInt(input); + } + ); // HELPERS @@ -9513,9 +9518,8 @@ module.exports = toString; return ws.slice(n, 7).concat(ws.slice(0, n)); } - var defaultLocaleWeekdays = 'Sunday_Monday_Tuesday_Wednesday_Thursday_Friday_Saturday'.split( - '_' - ), + var defaultLocaleWeekdays = + 'Sunday_Monday_Tuesday_Wednesday_Thursday_Friday_Saturday'.split('_'), defaultLocaleWeekdaysShort = 'Sun_Mon_Tue_Wed_Thu_Fri_Sat'.split('_'), defaultLocaleWeekdaysMin = 'Su_Mo_Tu_We_Th_Fr_Sa'.split('_'), defaultWeekdaysRegex = matchWord, @@ -10063,6 +10067,11 @@ module.exports = toString; return globalLocale; } + function isLocaleNameSane(name) { + // Prevent names that look like filesystem paths, i.e contain '/' or '\' + return name.match('^[^/\\\\]*$') != null; + } + function loadLocale(name) { var oldLocale = null, aliasedRequire; @@ -10071,7 +10080,8 @@ module.exports = toString; locales[name] === undefined && "object" !== 'undefined' && module && - module.exports + module.exports && + isLocaleNameSane(name) ) { try { oldLocale = globalLocale._abbr; @@ -10288,8 +10298,10 @@ module.exports = toString; // iso 8601 regex // 0000-00-00 0000-W00 or 0000-W00-0 + T + 00 or 00:00 or 00:00:00 or 00:00:00.000 + +00:00 or +0000 or +00) - var extendedIsoRegex = /^\s*((?:[+-]\d{6}|\d{4})-(?:\d\d-\d\d|W\d\d-\d|W\d\d|\d\d\d|\d\d))(?:(T| )(\d\d(?::\d\d(?::\d\d(?:[.,]\d+)?)?)?)([+-]\d\d(?::?\d\d)?|\s*Z)?)?$/, - basicIsoRegex = /^\s*((?:[+-]\d{6}|\d{4})(?:\d\d\d\d|W\d\d\d|W\d\d|\d\d\d|\d\d|))(?:(T| )(\d\d(?:\d\d(?:\d\d(?:[.,]\d+)?)?)?)([+-]\d\d(?::?\d\d)?|\s*Z)?)?$/, + var extendedIsoRegex = + /^\s*((?:[+-]\d{6}|\d{4})-(?:\d\d-\d\d|W\d\d-\d|W\d\d|\d\d\d|\d\d))(?:(T| )(\d\d(?::\d\d(?::\d\d(?:[.,]\d+)?)?)?)([+-]\d\d(?::?\d\d)?|\s*Z)?)?$/, + basicIsoRegex = + /^\s*((?:[+-]\d{6}|\d{4})(?:\d\d\d\d|W\d\d\d|W\d\d|\d\d\d|\d\d|))(?:(T| )(\d\d(?:\d\d(?:\d\d(?:[.,]\d+)?)?)?)([+-]\d\d(?::?\d\d)?|\s*Z)?)?$/, tzRegex = /Z|[+-]\d\d(?::?\d\d)?/, isoDates = [ ['YYYYYY-MM-DD', /[+-]\d{6}-\d\d-\d\d/], @@ -10320,7 +10332,8 @@ module.exports = toString; ], aspNetJsonRegex = /^\/?Date\((-?\d+)/i, // RFC 2822 regex: For details see https://tools.ietf.org/html/rfc2822#section-3.3 - rfc2822 = /^(?:(Mon|Tue|Wed|Thu|Fri|Sat|Sun),?\s)?(\d{1,2})\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s(\d{2,4})\s(\d\d):(\d\d)(?::(\d\d))?\s(?:(UT|GMT|[ECMP][SD]T)|([Zz])|([+-]\d{4}))$/, + rfc2822 = + /^(?:(Mon|Tue|Wed|Thu|Fri|Sat|Sun),?\s)?(\d{1,2})\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s(\d{2,4})\s(\d\d):(\d\d)(?::(\d\d))?\s(?:(UT|GMT|[ECMP][SD]T)|([Zz])|([+-]\d{4}))$/, obsOffsets = { UT: 0, GMT: 0, @@ -10343,12 +10356,13 @@ module.exports = toString; allowTime, dateFormat, timeFormat, - tzFormat; + tzFormat, + isoDatesLen = isoDates.length, + isoTimesLen = isoTimes.length; if (match) { getParsingFlags(config).iso = true; - - for (i = 0, l = isoDates.length; i < l; i++) { + for (i = 0, l = isoDatesLen; i < l; i++) { if (isoDates[i][1].exec(match[1])) { dateFormat = isoDates[i][0]; allowTime = isoDates[i][2] !== false; @@ -10360,7 +10374,7 @@ module.exports = toString; return; } if (match[3]) { - for (i = 0, l = isoTimes.length; i < l; i++) { + for (i = 0, l = isoTimesLen; i < l; i++) { if (isoTimes[i][1].exec(match[3])) { // match[2] should be 'T' or space timeFormat = (match[2] || ' ') + isoTimes[i][0]; @@ -10427,7 +10441,7 @@ module.exports = toString; function preprocessRFC2822(s) { // Remove comments and folding whitespace and replace multiple-spaces with a single space return s - .replace(/\([^)]*\)|[\n\t]/g, ' ') + .replace(/\([^()]*\)|[\n\t]/g, ' ') .replace(/(\s\s+)/g, ' ') .replace(/^\s\s*/, '') .replace(/\s\s*$/, ''); @@ -10740,12 +10754,13 @@ module.exports = toString; skipped, stringLength = string.length, totalParsedInputLength = 0, - era; + era, + tokenLen; tokens = expandFormat(config._f, config._locale).match(formattingTokens) || []; - - for (i = 0; i < tokens.length; i++) { + tokenLen = tokens.length; + for (i = 0; i < tokenLen; i++) { token = tokens[i]; parsedInput = (string.match(getParseRegexForToken(token, config)) || [])[0]; @@ -10840,15 +10855,16 @@ module.exports = toString; i, currentScore, validFormatFound, - bestFormatIsValid = false; + bestFormatIsValid = false, + configfLen = config._f.length; - if (config._f.length === 0) { + if (configfLen === 0) { getParsingFlags(config).invalidFormat = true; config._d = new Date(NaN); return; } - for (i = 0; i < config._f.length; i++) { + for (i = 0; i < configfLen; i++) { currentScore = 0; validFormatFound = false; tempConfig = copyConfig({}, config); @@ -11089,7 +11105,8 @@ module.exports = toString; function isDurationValid(m) { var key, unitHasDecimal = false, - i; + i, + orderLen = ordering.length; for (key in m) { if ( hasOwnProp(m, key) && @@ -11102,7 +11119,7 @@ module.exports = toString; } } - for (i = 0; i < ordering.length; ++i) { + for (i = 0; i < orderLen; ++i) { if (m[ordering[i]]) { if (unitHasDecimal) { return false; // only allow non-integers for smallest unit @@ -11427,7 +11444,8 @@ module.exports = toString; // from http://docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html // somewhat more in line with 4.4.3.2 2004 spec, but allows decimal anywhere // and further modified to allow for strings containing both week and day - isoRegex = /^(-|\+)?P(?:([-+]?[0-9,.]*)Y)?(?:([-+]?[0-9,.]*)M)?(?:([-+]?[0-9,.]*)W)?(?:([-+]?[0-9,.]*)D)?(?:T(?:([-+]?[0-9,.]*)H)?(?:([-+]?[0-9,.]*)M)?(?:([-+]?[0-9,.]*)S)?)?$/; + isoRegex = + /^(-|\+)?P(?:([-+]?[0-9,.]*)Y)?(?:([-+]?[0-9,.]*)M)?(?:([-+]?[0-9,.]*)W)?(?:([-+]?[0-9,.]*)D)?(?:T(?:([-+]?[0-9,.]*)H)?(?:([-+]?[0-9,.]*)M)?(?:([-+]?[0-9,.]*)S)?)?$/; function createDuration(input, key) { var duration = input, @@ -11648,9 +11666,10 @@ module.exports = toString; 'ms', ], i, - property; + property, + propertyLen = properties.length; - for (i = 0; i < properties.length; i += 1) { + for (i = 0; i < propertyLen; i += 1) { property = properties[i]; propertyTest = propertyTest || hasOwnProp(input, property); } @@ -12273,19 +12292,17 @@ module.exports = toString; addRegexToken('NNNN', matchEraName); addRegexToken('NNNNN', matchEraNarrow); - addParseToken(['N', 'NN', 'NNN', 'NNNN', 'NNNNN'], function ( - input, - array, - config, - token - ) { - var era = config._locale.erasParse(input, token, config._strict); - if (era) { - getParsingFlags(config).era = era; - } else { - getParsingFlags(config).invalidEra = input; + addParseToken( + ['N', 'NN', 'NNN', 'NNNN', 'NNNNN'], + function (input, array, config, token) { + var era = config._locale.erasParse(input, token, config._strict); + if (era) { + getParsingFlags(config).era = era; + } else { + getParsingFlags(config).invalidEra = input; + } } - }); + ); addRegexToken('y', matchUnsigned); addRegexToken('yy', matchUnsigned); @@ -12577,14 +12594,12 @@ module.exports = toString; addRegexToken('GGGGG', match1to6, match6); addRegexToken('ggggg', match1to6, match6); - addWeekParseToken(['gggg', 'ggggg', 'GGGG', 'GGGGG'], function ( - input, - week, - config, - token - ) { - week[token.substr(0, 2)] = toInt(input); - }); + addWeekParseToken( + ['gggg', 'ggggg', 'GGGG', 'GGGGG'], + function (input, week, config, token) { + week[token.substr(0, 2)] = toInt(input); + } + ); addWeekParseToken(['gg', 'GG'], function (input, week, config, token) { week[token] = hooks.parseTwoDigitYear(input); @@ -13607,7 +13622,7 @@ module.exports = toString; //! moment.js - hooks.version = '2.29.1'; + hooks.version = '2.29.4'; setHookCallback(createLocal); diff --git a/.github/scripts/verifyActions.sh b/.github/scripts/verifyActions.sh index ad11ce053666..8e2621ab43d2 100755 --- a/.github/scripts/verifyActions.sh +++ b/.github/scripts/verifyActions.sh @@ -22,7 +22,7 @@ if [[ EXIT_CODE -eq 0 ]]; then echo -e "${GREEN}Github Actions are up to date!${NC}" exit 0 else - echo -e "${RED}Error: Diff found when Github Actions were rebuilt. Did you forget to run \`npm run gh-actions-build\`? Do you need to merge main?${NC}" + echo -e "${RED}Error: Diff found when Github Actions were rebuilt. Did you forget to run \`npm run gh-actions-build\` after a clean install (\`rm -rf node_modules && npm i\`)? Do you need to merge main?${NC}" echo "$DIFF_OUTPUT" | $LIB_PATH/diff-so-fancy | less --tabs=4 -RFX exit 1 fi