EDSC-4669: Patch vulnerability with override

[eudoroolivares2016]

Overview

What is the feature?

overrides protobuffer see ticket details for justification and background

What is the Solution?

Overrides the dependency in apollo-server and does an npm audit fix

What areas of the application does this impact?

Apollo server (e.g. backend services to the RDS etc)

Testing

Reproduction steps

• **Environment for testing:any
• **Collection to test with:any

1. Regression test reading and writing to RDS with functionality
2. Simple method would be to run in optionals mode and submit a Harmony order ensure it works and ensure we can re-queue in the Admin page

Attachments

Please include relevant screenshots or files that would be helpful in reviewing and verifying this change.

Checklist

• I have added automated tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings

[coderabbitai]

📝 Walkthrough

Walkthrough

@apollo/server is bumped from ^5.5.0 to ^5.5.1. A new overrides entry pins @apollo/protobufjs to 1.2.8 to resolve dependency conflicts.

Changes

Apollo Dependency Updates

Layer / File(s)	Summary
Apollo package versions package.json	@apollo/server is updated to ^5.5.1 and @apollo/protobufjs is pinned to 1.2.8 via the new overrides field.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A hop, a skip, Apollo takes flight,
Version bumps shine oh-so bright!
Protobufjs locked down tight,
Dependencies dance in the night! 📦✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'EDSC-4669: Patch vulnerability with override' is directly related to the changeset, which addresses a vulnerability by adding a package override for @apollo/protobufjs.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	PR description follows the required template structure with all major sections present and substantively completed, though some sections lack detail.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch EDSC-4669

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Bundle Size Comparison

Full build details

> earthdata-search@1.0.0 build
> vite build

vite v6.4.2 building for production...
transforming...
✓ 4053 modules transformed.
rendering chunks...
computing gzip size...
static/dist/assets/logo-DBK9nthR.webp                                                      0.97 kB
static/dist/assets/logo-CZz0VEVL.webp                                                      1.14 kB
static/dist/assets/logo-Cycj4Zl7.webp                                                      1.33 kB
static/dist/assets/logo-U_2b2F1P.webp                                                      1.37 kB
static/dist/assets/logo-DrQyzv8O.webp                                                      1.54 kB
static/dist/assets/logo-BtXPiD8D.webp                                                      1.81 kB
static/dist/assets/logo-CBoC93bb.webp                                                      2.16 kB
static/dist/assets/logo-DjzD1LMz.webp                                                      2.39 kB
static/dist/assets/orange-bars-circle-D7AglAGM.webp                                        2.77 kB
static/dist/assets/logo-mTUaHBfB.webp                                                      3.11 kB
static/dist/assets/blue-bars-circle-BoIdEwIS.webp                                          3.67 kB
static/dist/assets/logo-BRHnty9h.webp                                                      4.09 kB
static/dist/assets/cryosphere-icon-DSWEvPIt.svg                                            4.11 kB │ gzip:   1.64 kB
static/dist/assets/logo-m8iUFUyE.webp                                                      4.26 kB
static/dist/assets/logo-BI7QOwpp.webp                                                      4.72 kB
static/dist/assets/logo-CjKnSDvE.webp                                                      7.06 kB
static/dist/index.html                                                                    13.22 kB │ gzip:   3.09 kB
static/dist/assets/plate_carree_earth_scaled-RfqGhO39.png                                 18.14 kB
static/dist/assets/tour-video-thumbnail-BxsZeqvq.webp                                     18.84 kB
static/dist/assets/plate_carree_earth_scaled@2x-BIj0Wstc.png                              45.03 kB
static/dist/assets/image-unavailable-CcXgOtQr.svg                                         52.20 kB │ gzip:  20.77 kB
static/dist/assets/earthdata-search-og-image-Cs5RILJ1.webp                                92.82 kB
static/dist/assets/MODIS-Terra-Swirling-Clouds-In-Atlantic-800x600@2x-DdSR_KXb.webp      132.70 kB
static/dist/assets/MODIS-Terra-Swirling-Clouds-In-Atlantic-2560x1440@2x-CZbMhKXi.webp    224.17 kB
static/dist/assets/MODIS-Terra-Swirling-Clouds-In-Atlantic-800x600@2x-DFWWupvf.webp      381.18 kB
static/dist/assets/MODIS-Terra-Swirling-Clouds-In-Atlantic-2560x1440@2x-BwDp59vN.webp    464.37 kB
static/dist/assets/MODIS-Terra-Swirling-Clouds-In-Atlantic-2560x1440@2x-CeYlmMCD.webp    737.44 kB
static/dist/assets/MODIS-Terra-Swirling-Clouds-In-Atlantic-2560x1440@2x-tQ4uTIyn.webp  1,255.87 kB
static/dist/assets/MODIS-Terra-Swirling-Clouds-In-Atlantic-2560x1440@2x-BqbXRJmQ.webp  1,516.81 kB
static/dist/assets/AdminRetrieval-nNSujMnn.css                                             0.06 kB │ gzip:   0.08 kB
static/dist/assets/AdminPreferencesMetrics-GkGryAtC.css                                    0.10 kB │ gzip:   0.11 kB
static/dist/assets/ChunkedOrderModal-DIli9vpQ.css                                          0.11 kB │ gzip:   0.10 kB
static/dist/assets/TooManyPointsModal-D8ufPyjz.css                                         0.14 kB │ gzip:   0.12 kB
static/dist/assets/AdminRetrievalsMetrics-CT7bgXZt.css                                     0.22 kB │ gzip:   0.13 kB
static/dist/assets/AdminPage-D19229XC.css                                                  0.23 kB │ gzip:   0.16 kB
static/dist/assets/ContactInfo-C7Pr11wu.css                                                0.28 kB │ gzip:   0.18 kB
static/dist/assets/useDeleteSubscription-YPccXDF3.css                                      0.46 kB │ gzip:   0.23 kB
static/dist/assets/ShapefileDropzoneContainer-BG7JE7Dj.css                                 0.53 kB │ gzip:   0.26 kB
static/dist/assets/GranuleFiltersContainer-CfwvM6Mp.css                                    0.59 kB │ gzip:   0.27 kB
static/dist/assets/ShapefileUploadModal-CMzmPyoZ.css                                       0.66 kB │ gzip:   0.32 kB
static/dist/assets/Preferences-DGkx-xES.css                                                0.68 kB │ gzip:   0.24 kB
static/dist/assets/Skeleton-DtMOdDsM.css                                                   0.88 kB │ gzip:   0.34 kB
static/dist/assets/TextWindowActions-aNefZur7.css                                          0.91 kB │ gzip:   0.38 kB
static/dist/assets/RelatedCollection-BaShQZdF.css                                          0.93 kB │ gzip:   0.40 kB
static/dist/assets/CollectionDetailsHighlights-CHDYEfjF.css                                1.24 kB │ gzip:   0.44 kB
static/dist/assets/GranuleResultsHighlights-BIY0O9bb.css                                   1.24 kB │ gzip:   0.41 kB
static/dist/assets/Subscriptions-CYrzsucf.css                                              1.26 kB │ gzip:   0.40 kB
static/dist/assets/EDSCModalContainer-D_JXXJBf.css                                         1.77 kB │ gzip:   0.59 kB
static/dist/assets/AdminProjects-CZeT2VXI.css                                              1.98 kB │ gzip:   0.46 kB
static/dist/assets/AdminRetrievals-DIdJ2AD-.css                                            2.02 kB │ gzip:   0.46 kB
static/dist/assets/DownloadHistory-C2TrZbdc.css                                            2.05 kB │ gzip:   0.47 kB
static/dist/assets/DeprecatedParameterModal-nutVvbLm.css                                   2.12 kB │ gzip:   0.93 kB
static/dist/assets/Projects-5m-RoZO0.css                                                   2.13 kB │ gzip:   0.51 kB
static/dist/assets/EchoForm-VVUehB8V.css                                                   3.47 kB │ gzip:   1.06 kB
static/dist/assets/SearchTour-AJompJPK.css                                                 4.82 kB │ gzip:   1.22 kB
static/dist/assets/index-BOElThXL.css                                                      6.47 kB │ gzip:   1.24 kB
static/dist/assets/OrderStatus-qyLNmnfS.css                                                8.49 kB │ gzip:   1.93 kB
static/dist/assets/createSpatialDisplay-CiT4b-tQ.css                                      10.62 kB │ gzip:   2.41 kB
static/dist/assets/MapContainer-GerI1QoD.css                                              17.00 kB │ gzip:   5.89 kB
static/dist/assets/Project-RbLZgqcX.css                                                   20.04 kB │ gzip:   4.07 kB
static/dist/assets/Search-DWJQ45Qd.css                                                    69.43 kB │ gzip:  10.66 kB
static/dist/assets/index-DvsUNaze.css                                                    339.58 kB │ gzip: 109.39 kB
static/dist/assets/logo-BHeuky8i.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-C2M9lK3U.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-BbJQ0fWs.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-CW6PQqmQ.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-CM8gX-og.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-CGJHAKVD.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-DOLER09h.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-C6Ht_tBx.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-J7t-4CBp.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-CxvnVTz2.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-C9HDQHSy.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-IHV3gtAZ.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-Dedvhxzp.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo--kH-hKRS.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-Z4bYAKVs.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-nOuRrv94.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-DIxV4RPX.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/logo-uABdcgsF.js                                                        0.06 kB │ gzip:   0.08 kB
static/dist/assets/pluralize-49vSaAHF.js                                                   0.08 kB │ gzip:   0.09 kB
static/dist/assets/accessMethodTypes-CY5JnOnd.js                                           0.13 kB │ gzip:   0.14 kB
static/dist/assets/commafy-BfQYQOA4.js                                                     0.14 kB │ gzip:   0.14 kB
static/dist/assets/requestDebounceDuration-B92It3cW.js                                     0.16 kB │ gzip:   0.11 kB
static/dist/assets/subscriptions-Y-rYZWq0.js                                               0.41 kB │ gzip:   0.21 kB
static/dist/assets/Table-BnPWzZlM.js                                                       0.60 kB │ gzip:   0.39 kB
static/dist/assets/humanizedQueryValueFormatters-CIZcasg0.js                               1.00 kB │ gzip:   0.54 kB
static/dist/assets/TooManyPointsModal-VOxOL8AB.js                                          1.10 kB │ gzip:   0.58 kB
static/dist/assets/DownloadsLayout-Cf1-AfwG.js                                             1.12 kB │ gzip:   0.36 kB
static/dist/assets/metricsDataAccess-B0dv9eSs.js                                           1.26 kB │ gzip:   0.35 kB
static/dist/assets/AdminLayout-B9yQjVfO.js                                                 1.45 kB │ gzip:   0.48 kB
static/dist/assets/index-0zhIlf06.js                                                       1.64 kB │ gzip:   0.94 kB
static/dist/assets/useLazyQuery-DXa-5uEv.js                                                1.70 kB │ gzip:   0.89 kB
static/dist/assets/DefinitionList-CzNd5ZBv.js                                              1.85 kB │ gzip:   0.55 kB
static/dist/assets/AdminPage-C5xBCdFC.js                                                   1.98 kB │ gzip:   0.51 kB
static/dist/assets/Skeleton-DOzT1sks.js                                                    2.23 kB │ gzip:   0.71 kB
static/dist/assets/KeyboardShortcutsModal-EqMI-CmJ.js                                      2.36 kB │ gzip:   0.86 kB
static/dist/assets/AdminIndex-CZyTvR55.js                                                  2.69 kB │ gzip:   0.87 kB
static/dist/assets/useCreateRetrieval-BMVDCk1-.js                                          3.31 kB │ gzip:   1.59 kB
static/dist/assets/DeprecatedParameterModal-_dUk-7p8.js                                    3.42 kB │ gzip:   1.31 kB
static/dist/assets/AdminProject-BwwPdAf4.js                                                3.66 kB │ gzip:   1.03 kB
static/dist/assets/EditSubscriptionModal-CxVin5Xl.js                                       3.73 kB │ gzip:   1.28 kB
static/dist/assets/ChunkedOrderModal-DY6y2Wa_.js                                           4.14 kB │ gzip:   1.36 kB
static/dist/assets/ShapefileUploadModal-DsWjD2An.js                                        4.97 kB │ gzip:   1.00 kB
static/dist/assets/AboutCSDAModal-eKACftVF.js                                              5.18 kB │ gzip:   1.19 kB
static/dist/assets/AdminPreferencesMetrics-lNUI0XCK.js                                     5.66 kB │ gzip:   1.05 kB
static/dist/assets/EarthdataDownloadRedirect-eTq3tSUG.js                                   5.98 kB │ gzip:   1.11 kB
static/dist/assets/EDSCModalContainer-CqDh90oH.js                                          7.38 kB │ gzip:   1.72 kB
static/dist/assets/GranuleResultsHighlights-DtvHxg3n.js                                    7.92 kB │ gzip:   1.61 kB
static/dist/assets/DownloadHistory-YfzJWg6v.js                                             7.99 kB │ gzip:   1.70 kB
static/dist/assets/CollectionDetailsHighlights-B_s6neFk.js                                 9.97 kB │ gzip:   1.27 kB
static/dist/assets/useDeleteSubscription-B8ReDj06.js                                      10.57 kB │ gzip:   2.72 kB
static/dist/assets/Modal-DOsDNTJS.js                                                      10.75 kB │ gzip:   4.06 kB
static/dist/assets/AdminRetrieval-BM1a7tC6.js                                             10.84 kB │ gzip:   2.13 kB
static/dist/assets/AdminProjects-BUMoVGls.js                                              10.85 kB │ gzip:   1.93 kB
static/dist/assets/RelatedCollection-CxEhr6lJ.js                                          11.09 kB │ gzip:   4.14 kB
static/dist/assets/AboutCwicModal-C6t0fHqW.js                                             11.28 kB │ gzip:   2.26 kB
static/dist/assets/AdminRetrievals-BpyUw0mI.js                                            11.43 kB │ gzip:   1.99 kB
static/dist/assets/Projects-B-k5k4lV.js                                                   11.66 kB │ gzip:   2.15 kB
static/dist/assets/Subscriptions-DqIWjk2Z.js                                              13.24 kB │ gzip:   2.16 kB
static/dist/assets/ContactInfo-B4qWzU8S.js                                                13.41 kB │ gzip:   1.93 kB
static/dist/assets/AdminRetrievalsMetrics-pbx4o_ja.js                                     15.01 kB │ gzip:   2.08 kB
static/dist/assets/index-DYcIX8ms.js                                                      35.34 kB │ gzip:  12.82 kB
static/dist/assets/GranuleFiltersContainer-CrNrvgyN.js                                    39.70 kB │ gzip:   6.76 kB
static/dist/assets/styles-DTpUPQJK.js                                                     60.27 kB │ gzip:  18.66 kB
static/dist/assets/moment-BAtM24Ew.js                                                     60.92 kB │ gzip:  19.77 kB
static/dist/assets/createSpatialDisplay-krFvY2bB.js                                       81.69 kB │ gzip:  18.54 kB
static/dist/assets/lodash-DO8XiTt0.js                                                     92.24 kB │ gzip:  31.91 kB
static/dist/assets/OrderStatus-MkLk5eu9.js                                               108.81 kB │ gzip:  20.22 kB
static/dist/assets/EchoForm-BzIrOV2d.js                                                  108.86 kB │ gzip:  33.76 kB
static/dist/assets/ShapefileDropzoneContainer-DJoebuxl.js                                119.75 kB │ gzip:  40.14 kB
static/dist/assets/SearchTour-D3_1I_-z.js                                                139.43 kB │ gzip:  37.02 kB
static/dist/assets/edscUtils-Bx40oR22.js                                                 141.73 kB │ gzip:  46.95 kB
static/dist/assets/Preferences-vL6fVkqa.js                                               369.31 kB │ gzip: 115.78 kB
static/dist/assets/react-BBFNYsKV.js                                                     409.73 kB │ gzip: 127.90 kB
static/dist/assets/Project-BtyPUQow.js                                                   456.62 kB │ gzip: 147.85 kB
static/dist/assets/Search-DRRwW-JA.js                                                    660.96 kB │ gzip: 155.54 kB
static/dist/assets/index-0_2SEiW4.js                                                   1,129.05 kB │ gzip: 350.08 kB
static/dist/assets/MapContainer-CMlH3PZY.js                                            1,332.05 kB │ gzip: 270.48 kB
✓ built in 34.34s

The full bundle is larger than main by 51.42 kB. ❗

The index.js is smaller than main by 0 kB. 🎉

Run npx vite-bundle-visualizer to review the bundle in more detail.

File	Main	Branch	Diff
Total	11023.26 kB	11074.68 kB	51.42 kB
index.js	1166.03 kB	1166.03 kB	0 kB
index.js (gzip)	363.84 kB	363.84 kB	0 kB
index.css	346.05 kB	346.05 kB	0 kB
index.css (gzip)	110.63 kB	110.63 kB	0 kB
Number of files	139	139	0
Build Time	35.54 s	34.34 s	-1.2 s

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.83%. Comparing base (ec01c38) to head (a154200).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2052      +/-   ##
==========================================
+ Coverage   95.81%   95.83%   +0.02%     
==========================================
  Files         753      753              
  Lines       17431    17431              
  Branches     4912     4916       +4     
==========================================
+ Hits        16701    16705       +4     
+ Misses        679      676       -3     
+ Partials       51       50       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.