fix: dependencies security vulnerabilities

This commit is contained in:
Divlo 2022-11-08 11:16:24 +00:00
parent e1543becc5
commit 6926132a1b
No known key found for this signature in database
GPG Key ID: 8F9478F220CE65E9
35 changed files with 1311 additions and 1537 deletions

View File

@ -1 +1 @@
FROM mcr.microsoft.com/devcontainers/javascript-node:16
FROM mcr.microsoft.com/devcontainers/javascript-node:18

View File

@ -12,7 +12,7 @@ services:
- 'host.docker.internal:host-gateway'
thream-database:
image: 'postgres:14.5'
image: 'postgres:15.0'
environment:
POSTGRES_USER: 'user'
POSTGRES_PASSWORD: 'password'

View File

@ -19,7 +19,7 @@ jobs:
- uses: 'actions/checkout@v3.0.0'
- name: 'Initialize CodeQL'
uses: 'github/codeql-action/init@v1'
uses: 'github/codeql-action/init@v2'
with:
languages: ${{ matrix.language }}

View File

@ -10,12 +10,12 @@ jobs:
build:
runs-on: 'ubuntu-latest'
steps:
- uses: 'actions/checkout@v3.0.0'
- uses: 'actions/checkout@v3.1.0'
- name: 'Use Node.js'
uses: 'actions/setup-node@v3.0.0'
uses: 'actions/setup-node@v3.5.1'
with:
node-version: '16.x'
node-version: '18.x'
cache: 'npm'
- name: 'Install'

View File

@ -10,12 +10,12 @@ jobs:
lint:
runs-on: 'ubuntu-latest'
steps:
- uses: 'actions/checkout@v3.0.0'
- uses: 'actions/checkout@v3.1.0'
- name: 'Use Node.js'
uses: 'actions/setup-node@v3.0.0'
uses: 'actions/setup-node@v3.5.1'
with:
node-version: '16.x'
node-version: '18.x'
cache: 'npm'
- name: 'Install'

View File

@ -8,7 +8,7 @@ jobs:
release:
runs-on: 'ubuntu-latest'
steps:
- uses: 'actions/checkout@v3.0.0'
- uses: 'actions/checkout@v3.1.0'
with:
fetch-depth: 0
persist-credentials: false
@ -21,9 +21,9 @@ jobs:
git-commit-gpgsign: true
- name: 'Use Node.js'
uses: 'actions/setup-node@v3.0.0'
uses: 'actions/setup-node@v3.5.1'
with:
node-version: '16.x'
node-version: '18.x'
cache: 'npm'
- name: 'Install'

View File

@ -10,12 +10,12 @@ jobs:
test:
runs-on: 'ubuntu-latest'
steps:
- uses: 'actions/checkout@v3.0.0'
- uses: 'actions/checkout@v3.1.0'
- name: 'Use Node.js'
uses: 'actions/setup-node@v3.0.0'
uses: 'actions/setup-node@v3.5.1'
with:
node-version: '16.x'
node-version: '18.x'
cache: 'npm'
- name: 'Install'

View File

@ -1,15 +1,15 @@
FROM node:16.17.0 AS dependencies
FROM node:18.12.1 AS dependencies
WORKDIR /usr/src/app
COPY ./package*.json ./
RUN npm install
FROM node:16.17.0 AS builder
FROM node:18.12.1 AS builder
WORKDIR /usr/src/app
COPY --from=dependencies /usr/src/app/node_modules ./node_modules
COPY ./ ./
RUN npm run prisma:generate && npm run build
FROM node:16.17.0 AS runner
FROM node:18.12.1 AS runner
WORKDIR /usr/src/app
ENV NODE_ENV=production
COPY --from=builder /usr/src/app/node_modules ./node_modules

2626
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -35,69 +35,70 @@
"postinstall": "husky install"
},
"dependencies": {
"@fastify/cors": "8.1.0",
"@fastify/helmet": "10.0.1",
"@fastify/multipart": "7.2.0",
"@fastify/rate-limit": "7.4.0",
"@fastify/cors": "8.2.0",
"@fastify/helmet": "10.0.2",
"@fastify/multipart": "7.3.0",
"@fastify/rate-limit": "7.5.0",
"@fastify/sensible": "5.1.1",
"@fastify/swagger": "7.6.1",
"@prisma/client": "4.4.0",
"@sinclair/typebox": "0.24.44",
"@fastify/swagger": "8.1.0",
"@fastify/swagger-ui": "1.2.0",
"@prisma/client": "4.5.0",
"@sinclair/typebox": "0.25.3",
"@thream/socketio-jwt": "3.0.1",
"axios": "0.26.1",
"axios": "1.1.3",
"bcryptjs": "2.4.3",
"dotenv": "16.0.3",
"ejs": "3.1.8",
"fastify": "4.7.0",
"fastify-plugin": "4.2.1",
"fastify": "4.9.2",
"fastify-plugin": "4.3.0",
"form-data": "4.0.0",
"http-errors": "2.0.0",
"jsonwebtoken": "8.5.1",
"ms": "2.1.3",
"nodemailer": "6.8.0",
"read-pkg": "7.1.0",
"socket.io": "4.5.2"
"socket.io": "4.5.3"
},
"devDependencies": {
"@commitlint/cli": "17.1.2",
"@commitlint/config-conventional": "17.1.0",
"@commitlint/cli": "17.2.0",
"@commitlint/config-conventional": "17.2.0",
"@saithodev/semantic-release-backmerge": "2.1.2",
"@semantic-release/git": "10.0.1",
"@swc/cli": "0.1.57",
"@swc/core": "1.3.4",
"@swc/core": "1.3.14",
"@types/bcryptjs": "2.4.2",
"@types/busboy": "1.5.0",
"@types/ejs": "3.1.1",
"@types/http-errors": "1.8.2",
"@types/jsonwebtoken": "8.5.9",
"@types/ms": "0.7.31",
"@types/node": "18.8.1",
"@types/node": "18.11.9",
"@types/nodemailer": "6.4.6",
"@types/sinon": "10.0.13",
"@types/tap": "15.0.7",
"@typescript-eslint/eslint-plugin": "5.39.0",
"@typescript-eslint/parser": "5.39.0",
"@typescript-eslint/eslint-plugin": "5.42.1",
"@typescript-eslint/parser": "5.42.1",
"c8": "7.12.0",
"concurrently": "7.4.0",
"concurrently": "7.5.0",
"cross-env": "7.0.3",
"editorconfig-checker": "4.0.2",
"eslint": "8.24.0",
"eslint": "8.27.0",
"eslint-config-conventions": "5.0.0",
"eslint-config-prettier": "8.5.0",
"eslint-plugin-import": "2.26.0",
"eslint-plugin-prettier": "4.2.1",
"eslint-plugin-promise": "6.0.1",
"eslint-plugin-unicorn": "44.0.0",
"husky": "8.0.1",
"eslint-plugin-promise": "6.1.1",
"eslint-plugin-unicorn": "44.0.2",
"husky": "8.0.2",
"lint-staged": "13.0.3",
"markdownlint-cli2": "0.5.1",
"nodemon": "2.0.20",
"plop": "3.1.1",
"prettier": "2.7.1",
"prisma": "4.4.0",
"prisma": "4.5.0",
"rimraf": "3.0.2",
"semantic-release": "19.0.5",
"sinon": "14.0.1",
"sinon": "14.0.2",
"tap": "16.3.0",
"typescript": "4.8.4"
}

View File

@ -2,15 +2,17 @@ import dotenv from 'dotenv'
import fastify from 'fastify'
import fastifyCors from '@fastify/cors'
import fastifySwagger from '@fastify/swagger'
import fastifySwaggerUI from '@fastify/swagger-ui'
import fastifyHelmet from '@fastify/helmet'
import fastifyRateLimit from '@fastify/rate-limit'
import fastifySensible from '@fastify/sensible'
import { readPackage } from 'read-pkg'
import { services } from './services/index.js'
import { swaggerOptions } from './tools/configurations/swaggerOptions.js'
import fastifySocketIo from './tools/plugins/socket-io.js'
dotenv.config()
const packageJSON = await readPackage()
export const application = fastify({
logger: process.env.NODE_ENV === 'development',
ajv: {
@ -39,5 +41,35 @@ await application.register(fastifyRateLimit, {
max: 200,
timeWindow: '1 minute'
})
await application.register(fastifySwagger, swaggerOptions)
await application.register(fastifySwagger, {
openapi: {
info: {
title: packageJSON.name,
description: packageJSON.description,
version: packageJSON.version
},
tags: [
{ name: 'users' },
{ name: 'oauth2' },
{ name: 'guilds' },
{ name: 'channels' },
{ name: 'messages' },
{ name: 'members' }
],
components: {
securitySchemes: {
bearerAuth: {
type: 'http',
scheme: 'bearer',
bearerFormat: 'JWT'
}
}
}
},
hideUntagged: true
})
await application.register(fastifySwaggerUI, {
routePrefix: '/documentation',
staticCSP: true
})
await application.register(services)

View File

@ -1,5 +1,5 @@
import { application } from './application.js'
import { HOST, PORT } from './tools/configurations/index.js'
import { HOST, PORT } from './tools/configurations.js'
const address = await application.listen({
port: PORT,

View File

@ -9,7 +9,7 @@ import { fastifyErrors } from '../../../models/utils.js'
import authenticateUser from '../../../tools/plugins/authenticateUser.js'
import { userCurrentSchema, userSchema } from '../../../models/User.js'
import { sendEmail } from '../../../tools/email/sendEmail.js'
import { API_URL } from '../../../tools/configurations/index.js'
import { API_URL } from '../../../tools/configurations.js'
import type { Language, Theme } from '../../../models/UserSettings.js'
import { parseStringNullish } from '../../../tools/utils/parseStringNullish.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { DISCORD_BASE_URL, DISCORD_CLIENT_ID } from '../__utils__/utils.js'
import authenticateUser from '../../../../../tools/plugins/authenticateUser.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { discordStrategy, getDiscordUserData } from '../__utils__/utils.js'
import { buildQueryURL } from '../../../../../tools/utils/buildQueryURL.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { discordStrategy, getDiscordUserData } from '../__utils__/utils.js'
import { buildQueryURL } from '../../../../../tools/utils/buildQueryURL.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { DISCORD_BASE_URL, DISCORD_CLIENT_ID } from '../__utils__/utils.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { GITHUB_BASE_URL, GITHUB_CLIENT_ID } from '../__utils__/utils.js'
import authenticateUser from '../../../../../tools/plugins/authenticateUser.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { githubStrategy, getGitHubUserData } from '../__utils__/utils.js'
import { buildQueryURL } from '../../../../../tools/utils/buildQueryURL.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { githubStrategy, getGitHubUserData } from '../__utils__/utils.js'
import { buildQueryURL } from '../../../../../tools/utils/buildQueryURL.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { GITHUB_BASE_URL, GITHUB_CLIENT_ID } from '../__utils__/utils.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { GOOGLE_BASE_URL, GOOGLE_CLIENT_ID } from '../__utils__/utils.js'
import authenticateUser from '../../../../../tools/plugins/authenticateUser.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { googleStrategy, getGoogleUserData } from '../__utils__/utils.js'
import { buildQueryURL } from '../../../../../tools/utils/buildQueryURL.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { googleStrategy, getGoogleUserData } from '../__utils__/utils.js'
import { buildQueryURL } from '../../../../../tools/utils/buildQueryURL.js'

View File

@ -2,7 +2,7 @@ import type { Static } from '@sinclair/typebox'
import { Type } from '@sinclair/typebox'
import type { FastifyPluginAsync, FastifySchema } from 'fastify'
import { API_URL } from '../../../../../tools/configurations/index.js'
import { API_URL } from '../../../../../tools/configurations.js'
import { fastifyErrors } from '../../../../../models/utils.js'
import { GOOGLE_BASE_URL, GOOGLE_CLIENT_ID } from '../__utils__/utils.js'

View File

@ -11,7 +11,7 @@ import {
expiresIn
} from '../../../tools/utils/jwtToken.js'
import type { UserRefreshJWT } from '../../../models/User.js'
import { JWT_REFRESH_SECRET } from '../../../tools/configurations/index.js'
import { JWT_REFRESH_SECRET } from '../../../tools/configurations.js'
const bodyPostRefreshTokenSchema = Type.Object({
refreshToken: jwtSchema.refreshToken

View File

@ -5,7 +5,7 @@ import jwt from 'jsonwebtoken'
import prisma from '../../../tools/database/prisma.js'
import { fastifyErrors } from '../../../models/utils.js'
import { JWT_REFRESH_SECRET } from '../../../tools/configurations/index.js'
import { JWT_REFRESH_SECRET } from '../../../tools/configurations.js'
import type { UserRefreshJWT } from '../../../models/User.js'
import { jwtSchema } from '../../../tools/utils/jwtToken.js'

View File

@ -10,7 +10,7 @@ import { fastifyErrors } from '../../../models/utils.js'
import type { BodyUserSchemaType } from '../../../models/User.js'
import { bodyUserSchema, userPublicSchema } from '../../../models/User.js'
import { sendEmail } from '../../../tools/email/sendEmail.js'
import { API_URL } from '../../../tools/configurations/index.js'
import { API_URL } from '../../../tools/configurations.js'
const queryPostSignupSchema = Type.Object({
redirectURI: Type.Optional(Type.String({ format: 'uri-reference' }))

View File

@ -18,7 +18,7 @@ export const JWT_REFRESH_SECRET =
export const JWT_ACCESS_EXPIRES_IN =
process.env.JWT_ACCESS_EXPIRES_IN ?? '15 minutes'
export const SRC_URL = new URL('../../', import.meta.url)
export const SRC_URL = new URL('../', import.meta.url)
export const ROOT_URL = new URL('../', SRC_URL)
export const EMAIL_URL = new URL('./email/', ROOT_URL)
export const EMAIL_TEMPLATE_URL = new URL('./email-template.ejs', EMAIL_URL)

View File

@ -1,38 +0,0 @@
import dotenv from 'dotenv'
import { readPackage } from 'read-pkg'
import type { FastifyDynamicSwaggerOptions } from '@fastify/swagger'
dotenv.config()
const packageJSON = await readPackage()
export const swaggerOptions: FastifyDynamicSwaggerOptions = {
routePrefix: '/documentation',
openapi: {
info: {
title: packageJSON.name,
description: packageJSON.description,
version: packageJSON.version
},
tags: [
{ name: 'users' },
{ name: 'oauth2' },
{ name: 'guilds' },
{ name: 'channels' },
{ name: 'messages' },
{ name: 'members' }
],
components: {
securitySchemes: {
bearerAuth: {
type: 'http',
scheme: 'bearer',
bearerFormat: 'JWT'
}
}
}
},
exposeRoute: true,
staticCSP: true,
hideUntagged: true
}

View File

@ -4,10 +4,7 @@ import { URL, fileURLToPath } from 'node:url'
import ejs from 'ejs'
import type { Language, Theme } from '../../models/UserSettings.js'
import {
EMAIL_LOCALES_URL,
EMAIL_TEMPLATE_URL
} from '../configurations/index.js'
import { EMAIL_LOCALES_URL, EMAIL_TEMPLATE_URL } from '../configurations.js'
import { emailTransporter, EMAIL_INFO } from './emailTransporter.js'
interface EmailTranslation {

View File

@ -4,7 +4,7 @@ import jwt from 'jsonwebtoken'
import prisma from '../database/prisma.js'
import type { UserJWT, UserRequest } from '../../models/User.js'
import { JWT_ACCESS_SECRET } from '../configurations/index.js'
import { JWT_ACCESS_SECRET } from '../configurations.js'
const { Unauthorized, Forbidden, BadRequest } = httpErrors

View File

@ -4,7 +4,7 @@ import { Server as SocketIoServer } from 'socket.io'
import { authorize } from '@thream/socketio-jwt'
import prisma from '../database/prisma.js'
import { JWT_ACCESS_SECRET } from '../configurations/index.js'
import { JWT_ACCESS_SECRET } from '../configurations.js'
interface EmitEventOptions {
event: string

View File

@ -10,7 +10,7 @@ import {
JWT_ACCESS_EXPIRES_IN,
JWT_ACCESS_SECRET,
JWT_REFRESH_SECRET
} from '../configurations/index.js'
} from '../configurations.js'
export interface ResponseJWT {
accessToken: string

View File

@ -8,7 +8,7 @@ import type { SavedMultipartFile } from '@fastify/multipart'
import {
FILE_UPLOADS_API_KEY,
FILE_UPLOADS_API_URL
} from '../configurations/index.js'
} from '../configurations.js'
export const fileUploadAPI = axios.create({
baseURL: FILE_UPLOADS_API_URL,