From a930f0f1ed66bdc9bed4a58eeec140ca0893f348 Mon Sep 17 00:00:00 2001 From: RafaPolit Date: Thu, 30 Jan 2025 10:59:01 -0500 Subject: [PATCH 1/6] Updated version and removed types --- package.json | 3 +-- yarn.lock | 46 +++++++++++++++++++++++++++++++++------------- 2 files changed, 34 insertions(+), 15 deletions(-) diff --git a/package.json b/package.json index 08f9f98da7..7b7d3089ad 100644 --- a/package.json +++ b/package.json @@ -132,7 +132,7 @@ "clean-insights-sdk": "^2.6.2", "compression": "^1.7.5", "connect-mongo": "5.1.0", - "cookie": "0.7.0", + "cookie": "1.0.2", "cookie-parser": "1.4.7", "cors": "^2.8.5", "crypto-js": "^4.2.0", @@ -286,7 +286,6 @@ "@types/body-parser": "^1.19.5", "@types/cheerio": "^0.22.30", "@types/child-process-promise": "^2.2.1", - "@types/cookie": "^0.6.0", "@types/enzyme": "3.10.12", "@types/enzyme-adapter-react-16": "1.0.2", "@types/expect-puppeteer": "4.4.7", diff --git a/yarn.lock b/yarn.lock index aba63c7b8b..c4b5a1d81a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4296,11 +4296,6 @@ resolved "https://registry.yarnpkg.com/@types/cookie/-/cookie-0.4.1.tgz#bfd02c1f2224567676c1545199f87c3a861d878d" integrity sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q== -"@types/cookie@^0.6.0": - version "0.6.0" - resolved "https://registry.yarnpkg.com/@types/cookie/-/cookie-0.6.0.tgz#eac397f28bf1d6ae0ae081363eca2f425bedf0d5" - integrity sha512-4Kh9a6B2bQciAhf7FSuMRRkUWecJgJu9nPnx3yzpsfXX/c50REIqpHY4C82bXP90qrLtXtkDxTZosYO3UpOwlA== - "@types/cookiejar@^2.1.5": version "2.1.5" resolved "https://registry.yarnpkg.com/@types/cookiejar/-/cookiejar-2.1.5.tgz#14a3e83fa641beb169a2dd8422d91c3c345a9a78" @@ -6898,11 +6893,6 @@ cookie-signature@1.0.7: resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.7.tgz#ab5dd7ab757c54e60f37ef6550f481c426d10454" integrity sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA== -cookie@0.7.0: - version "0.7.0" - resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.0.tgz#2148f68a77245d5c2c0005d264bc3e08cfa0655d" - integrity sha512-qCf+V4dtlNhSRXGAZatc1TasyFO6GjohcOul807YOb5ik3+kQSnb4d7iajeCL8QHaJ4uZEjCgiCJerKXwdRVlQ== - cookie@0.7.1: version "0.7.1" resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.1.tgz#2f73c42142d5d5cf71310a74fc4ae61670e5dbc9" @@ -6913,6 +6903,11 @@ cookie@0.7.2: resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.2.tgz#556369c472a2ba910f2979891b526b3436237ed7" integrity sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w== +cookie@1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/cookie/-/cookie-1.0.2.tgz#27360701532116bd3f1f9416929d176afe1e4610" + integrity sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA== + cookie@~0.4.1: version "0.4.2" resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432" @@ -15692,7 +15687,16 @@ string-length@^4.0.1: char-regex "^1.0.2" strip-ansi "^6.0.0" -"string-width-cjs@npm:string-width@^4.2.0", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: +"string-width-cjs@npm:string-width@^4.2.0": + version "4.2.3" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + +string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: version "4.2.3" resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== @@ -15820,7 +15824,14 @@ string_decoder@~1.1.1: dependencies: safe-buffer "~5.1.0" -"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: +"strip-ansi-cjs@npm:strip-ansi@^6.0.1": + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + +strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== @@ -17256,7 +17267,7 @@ world-countries@5.0.0: resolved "https://registry.yarnpkg.com/world-countries/-/world-countries-5.0.0.tgz#6f75ebcce3d5224d84e9117eaf0d75a7726b6501" integrity sha512-wAfOT9Y5i/xnxNOdKJKXdOCw9Q3yQLahBUeuRol+s+o20F6h2a4tLEbJ1lBCYwEQ30Sf9Meqeipk1gib3YwF5w== -"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0: +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": version "7.0.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== @@ -17274,6 +17285,15 @@ wrap-ansi@^6.2.0: string-width "^4.1.0" strip-ansi "^6.0.0" +wrap-ansi@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + wrap-ansi@^8.1.0: version "8.1.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214" From c8dbca5ad752d2fa564199baa3d70ad6436b983b Mon Sep 17 00:00:00 2001 From: RafaPolit Date: Thu, 30 Jan 2025 10:59:49 -0500 Subject: [PATCH 2/6] Removed cookie from dependabot ignore --- .github/dependabot.yml | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 697fd9b5bf..a11f21c20a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,33 +5,32 @@ updates: schedule: interval: daily ignore: - - dependency-name: "@types/*" - - dependency-name: "@sentry/node" #6880 - versions: [">= 7.114.0"] + - dependency-name: '@types/*' + - dependency-name: '@sentry/node' #6880 + versions: ['>= 7.114.0'] - dependency-name: flowbite #Flowbite & flowbite-datepicker upgrade #6993 - versions: [">= 2.3.1"] + versions: ['>= 2.3.1'] - dependency-name: flowbite-datepicker #Flowbite & flowbite-datepicker upgrade #6993 - versions: [">= 1.2.8"] + versions: ['>= 1.2.8'] - dependency-name: flowbite-react #Flowbite & flowbite-datepicker upgrade #6993 - versions: [">= 0.10.1"] + versions: ['>= 0.10.1'] - dependency-name: Mongoose #Mongoose upgrade #7017 - versions: [">= 8.4.3"] - - dependency-name: cookie - - dependency-name: "@socket.io*" + versions: ['>= 8.4.3'] + - dependency-name: '@socket.io*' - dependency-name: bootstrap - dependency-name: express-prom-bundle - dependency-name: immutable - dependency-name: otplib - dependency-name: redux - dependency-name: redux-thunk - - dependency-name: "@typescript-eslint/eslint-plugin" - - dependency-name: "@typescript-eslint/parser" + - dependency-name: '@typescript-eslint/eslint-plugin' + - dependency-name: '@typescript-eslint/parser' - dependency-name: eslint #6784 - dependency-name: fetch-mock - dependency-name: react-router-dom - dependency-name: react-datepicker - dependency-name: recharts - - dependency-name: "@headlessui/react" + - dependency-name: '@headlessui/react' - dependency-name: react-player open-pull-requests-limit: 5 labels: @@ -41,19 +40,19 @@ updates: babel: applies-to: version-updates patterns: - - "@babel*" + - '@babel*' storybook: applies-to: version-updates patterns: - - "@storybook*" + - '@storybook*' sentry: applies-to: version-updates patterns: - - "@sentry*" + - '@sentry*' dnd-kit: applies-to: version-updates patterns: - - "@dnd-kit*" + - '@dnd-kit*' socket.io: applies-to: version-updates patterns: @@ -70,9 +69,9 @@ updates: applies-to: version-updates update-types: [minor, patch] patterns: - - "*" + - '*' dev-major-dependencies: applies-to: version-updates update-types: [major] patterns: - - "*" + - '*' From 13b8c1253a75e4d3b06545d96edffb36aeeb3de9 Mon Sep 17 00:00:00 2001 From: RafaPolit Date: Thu, 30 Jan 2025 12:07:37 -0500 Subject: [PATCH 3/6] Added resolutions to force everyone on the same cookie version --- package.json | 3 ++- yarn.lock | 17 +---------------- 2 files changed, 3 insertions(+), 17 deletions(-) diff --git a/package.json b/package.json index 7b7d3089ad..fbbf991c46 100644 --- a/package.json +++ b/package.json @@ -83,7 +83,8 @@ "ws": "8.18.0", "path-to-regexp": "0.1.11", "body-parser": "^1.20.3", - "cross-spawn": "^7.0.5" + "cross-spawn": "^7.0.5", + "cookie": "1.0.2" }, "dependencies": { "@aws-sdk/client-s3": "3.726.1", diff --git a/yarn.lock b/yarn.lock index c4b5a1d81a..3f7bb25965 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6893,26 +6893,11 @@ cookie-signature@1.0.7: resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.7.tgz#ab5dd7ab757c54e60f37ef6550f481c426d10454" integrity sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA== -cookie@0.7.1: - version "0.7.1" - resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.1.tgz#2f73c42142d5d5cf71310a74fc4ae61670e5dbc9" - integrity sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w== - -cookie@0.7.2: - version "0.7.2" - resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.2.tgz#556369c472a2ba910f2979891b526b3436237ed7" - integrity sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w== - -cookie@1.0.2: +cookie@0.7.1, cookie@0.7.2, cookie@1.0.2, cookie@~0.4.1: version "1.0.2" resolved "https://registry.yarnpkg.com/cookie/-/cookie-1.0.2.tgz#27360701532116bd3f1f9416929d176afe1e4610" integrity sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA== -cookie@~0.4.1: - version "0.4.2" - resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432" - integrity sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA== - cookiejar@^2.1.4: version "2.1.4" resolved "https://registry.yarnpkg.com/cookiejar/-/cookiejar-2.1.4.tgz#ee669c1fea2cf42dc31585469d193fef0d65771b" From 850aa9ae7273d540d4f0740caa2fa2a0e047c414 Mon Sep 17 00:00:00 2001 From: RafaPolit Date: Thu, 30 Jan 2025 12:15:28 -0500 Subject: [PATCH 4/6] Hacked import of cookie to prevent undefined --- app/api/socketio/setupSockets.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/api/socketio/setupSockets.ts b/app/api/socketio/setupSockets.ts index fa1409a2df..ea9102b5c6 100644 --- a/app/api/socketio/setupSockets.ts +++ b/app/api/socketio/setupSockets.ts @@ -1,5 +1,5 @@ import { createClient, RedisClient } from 'redis'; -import cookie from 'cookie'; +import * as cookie from 'cookie'; import { Server } from 'http'; import { Server as SocketIoServer } from 'socket.io'; import { Application, Request, Response, NextFunction } from 'express'; @@ -46,9 +46,10 @@ const setupApiSockets = (server: Server, app: Application) => { //eslint-disable-next-line @typescript-eslint/no-floating-promises socket.join(socket.request.headers.tenant || config.defaultTenant.name); const socketCookie = cookie.parse(socket.request.headers.cookie || ''); + if (socketCookie) { //eslint-disable-next-line @typescript-eslint/no-floating-promises - socket.join(socketCookie['connect.sid']); + socket.join(socketCookie['connect.sid'] || 'default-session-id'); } }); From 235f435401bd158a2f2022c646970274c1951b99 Mon Sep 17 00:00:00 2001 From: RafaPolit Date: Thu, 30 Jan 2025 12:37:15 -0500 Subject: [PATCH 5/6] Revert formatting --- .github/dependabot.yml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a11f21c20a..02bb64963c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,32 +5,32 @@ updates: schedule: interval: daily ignore: - - dependency-name: '@types/*' - - dependency-name: '@sentry/node' #6880 - versions: ['>= 7.114.0'] + - dependency-name: "@types/*" + - dependency-name: "@sentry/node" #6880 + versions: [">= 7.114.0"] - dependency-name: flowbite #Flowbite & flowbite-datepicker upgrade #6993 - versions: ['>= 2.3.1'] + versions: [">= 2.3.1"] - dependency-name: flowbite-datepicker #Flowbite & flowbite-datepicker upgrade #6993 - versions: ['>= 1.2.8'] + versions: [">= 1.2.8"] - dependency-name: flowbite-react #Flowbite & flowbite-datepicker upgrade #6993 - versions: ['>= 0.10.1'] + versions: [">= 0.10.1"] - dependency-name: Mongoose #Mongoose upgrade #7017 - versions: ['>= 8.4.3'] - - dependency-name: '@socket.io*' + versions: [">= 8.4.3"] + - dependency-name: "@socket.io*" - dependency-name: bootstrap - dependency-name: express-prom-bundle - dependency-name: immutable - dependency-name: otplib - dependency-name: redux - dependency-name: redux-thunk - - dependency-name: '@typescript-eslint/eslint-plugin' - - dependency-name: '@typescript-eslint/parser' + - dependency-name: "@typescript-eslint/eslint-plugin" + - dependency-name: "@typescript-eslint/parser" - dependency-name: eslint #6784 - dependency-name: fetch-mock - dependency-name: react-router-dom - dependency-name: react-datepicker - dependency-name: recharts - - dependency-name: '@headlessui/react' + - dependency-name: "@headlessui/react" - dependency-name: react-player open-pull-requests-limit: 5 labels: @@ -40,19 +40,19 @@ updates: babel: applies-to: version-updates patterns: - - '@babel*' + - "@babel*" storybook: applies-to: version-updates patterns: - - '@storybook*' + - "@storybook*" sentry: applies-to: version-updates patterns: - - '@sentry*' + - "@sentry*" dnd-kit: applies-to: version-updates patterns: - - '@dnd-kit*' + - "@dnd-kit*" socket.io: applies-to: version-updates patterns: @@ -69,9 +69,9 @@ updates: applies-to: version-updates update-types: [minor, patch] patterns: - - '*' + - "*" dev-major-dependencies: applies-to: version-updates update-types: [major] patterns: - - '*' + - "*" From ccfb414c46becda028dab16986207a8cd9d1afc3 Mon Sep 17 00:00:00 2001 From: RafaPolit Date: Thu, 30 Jan 2025 12:59:25 -0500 Subject: [PATCH 6/6] Reverted resolution to allow each package to use their required version. --- package.json | 3 +-- yarn.lock | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index fbbf991c46..7b7d3089ad 100644 --- a/package.json +++ b/package.json @@ -83,8 +83,7 @@ "ws": "8.18.0", "path-to-regexp": "0.1.11", "body-parser": "^1.20.3", - "cross-spawn": "^7.0.5", - "cookie": "1.0.2" + "cross-spawn": "^7.0.5" }, "dependencies": { "@aws-sdk/client-s3": "3.726.1", diff --git a/yarn.lock b/yarn.lock index 3f7bb25965..c4b5a1d81a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6893,11 +6893,26 @@ cookie-signature@1.0.7: resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.7.tgz#ab5dd7ab757c54e60f37ef6550f481c426d10454" integrity sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA== -cookie@0.7.1, cookie@0.7.2, cookie@1.0.2, cookie@~0.4.1: +cookie@0.7.1: + version "0.7.1" + resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.1.tgz#2f73c42142d5d5cf71310a74fc4ae61670e5dbc9" + integrity sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w== + +cookie@0.7.2: + version "0.7.2" + resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.2.tgz#556369c472a2ba910f2979891b526b3436237ed7" + integrity sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w== + +cookie@1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/cookie/-/cookie-1.0.2.tgz#27360701532116bd3f1f9416929d176afe1e4610" integrity sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA== +cookie@~0.4.1: + version "0.4.2" + resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432" + integrity sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA== + cookiejar@^2.1.4: version "2.1.4" resolved "https://registry.yarnpkg.com/cookiejar/-/cookiejar-2.1.4.tgz#ee669c1fea2cf42dc31585469d193fef0d65771b"