From 6893c4c0304d762e2b6383e4906c206fcd2f6d57 Mon Sep 17 00:00:00 2001 From: Louis Chan <louischan@oursky.com> Date: Thu, 12 Dec 2024 14:44:08 +0800 Subject: [PATCH 1/5] Run `npm audit fix` at / --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 39ea6987..c17d5557 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6880,9 +6880,9 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", From e78f933896823a91314d53993448a91f728aefc8 Mon Sep 17 00:00:00 2001 From: Louis Chan <louischan@oursky.com> Date: Thu, 12 Dec 2024 14:44:38 +0800 Subject: [PATCH 2/5] Run `npm audit fix` at /website --- website/package-lock.json | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/website/package-lock.json b/website/package-lock.json index 027aac21..3616396b 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -5109,9 +5109,9 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", @@ -6114,9 +6114,9 @@ } }, "node_modules/express": { - "version": "4.21.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", - "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", @@ -6137,7 +6137,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -6152,6 +6152,10 @@ }, "engines": { "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express/node_modules/content-disposition": { @@ -6179,9 +6183,9 @@ "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" }, "node_modules/express/node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==" + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==" }, "node_modules/express/node_modules/range-parser": { "version": "1.2.1", @@ -10459,9 +10463,9 @@ } }, "node_modules/nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "version": "3.3.8", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz", + "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==", "funding": [ { "type": "github", From 2a7300ed12f4cab8c8f703b3ce9b334e9c5532e1 Mon Sep 17 00:00:00 2001 From: Louis Chan <louischan@oursky.com> Date: Thu, 12 Dec 2024 14:45:02 +0800 Subject: [PATCH 3/5] Run `npm audit fix` at /example/capacitor --- example/capacitor/package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/example/capacitor/package-lock.json b/example/capacitor/package-lock.json index 1dfbc861..40518745 100644 --- a/example/capacitor/package-lock.json +++ b/example/capacitor/package-lock.json @@ -5174,9 +5174,9 @@ "dev": true }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, "dependencies": { "path-key": "^3.1.0", @@ -8245,9 +8245,9 @@ "dev": true }, "node_modules/nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "version": "3.3.8", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz", + "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==", "dev": true, "funding": [ { From 1a99dfffbcc5be41292202eb957528413de440de Mon Sep 17 00:00:00 2001 From: Louis Chan <louischan@oursky.com> Date: Thu, 12 Dec 2024 14:48:23 +0800 Subject: [PATCH 4/5] Add `yarnauditfix` to avoid manually typing the commands everytime --- example/reactnative/README.md | 6 ++++-- example/reactnative/package.json | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/example/reactnative/README.md b/example/reactnative/README.md index e40a7148..fc7613a9 100644 --- a/example/reactnative/README.md +++ b/example/reactnative/README.md @@ -8,14 +8,16 @@ Yarn Classic is our package manager. It does not support `audit fix`. I tried to switch to npm, but then `npm start` will result in error `cannot find package @authgear/react-native`. So a React Native project cannot really use npm as package manager. -To automate the fixing of vulnerabilities in packages. We can use the following workaround +To automate the fixing of vulnerabilities in packages. We can use the following workaround: + +> You can just `npm run yarnauditfix`. It does the following for you. - `rm yarn.lock` - `npm i` to generate `package-lock.json`. - `npm audit fix` to fix vulnerabilities. - `git checkout -- yarn.lock` to bring back `yarn.lock`. - `npm i` to ask npm to update `yarn.lock` based on `package-lock.json`. -- `yarn i` to ask Yarn to update `yarn.lock` according to its own flavor. +- `yarn install` to ask Yarn to update `yarn.lock` according to its own flavor. - `rm package-lock.json` to remove residue. # Initial setup diff --git a/example/reactnative/package.json b/example/reactnative/package.json index 299177cd..320b7f19 100644 --- a/example/reactnative/package.json +++ b/example/reactnative/package.json @@ -8,7 +8,8 @@ "start": "react-native start", "test": "jest", "lint": "eslint . --ext .js,.jsx,.ts,.tsx", - "typecheck": "tsc --noEmit" + "typecheck": "tsc --noEmit", + "yarnauditfix": "rm yarn.lock && npm install && npm audit fix && git checkout -- yarn.lock && npm install && yarn install && rm package-lock.json" }, "dependencies": { "@authgear/react-native": "../../packages/authgear-react-native", From 0da9170c07db00b1ab2d9add5ea828b953dcaec0 Mon Sep 17 00:00:00 2001 From: Louis Chan <louischan@oursky.com> Date: Thu, 12 Dec 2024 14:49:15 +0800 Subject: [PATCH 5/5] Run `npm run yarnauditfix` at /example/reactnative --- example/reactnative/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/example/reactnative/yarn.lock b/example/reactnative/yarn.lock index 2d57f693..8fd38fcb 100644 --- a/example/reactnative/yarn.lock +++ b/example/reactnative/yarn.lock @@ -2735,9 +2735,9 @@ create-jest@^29.7.0: prompts "^2.0.1" cross-spawn@^7.0.2, cross-spawn@^7.0.3: - version "7.0.3" - resolved "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz" - integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w== + version "7.0.6" + resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f" + integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA== dependencies: path-key "^3.1.0" shebang-command "^2.0.0"