[TASK] Update vulnerable build dependencies

Update (most) vulnerable dependencies/packages found by `npm audit fix --force --dry-run`. Notes redarding package changes: * The outdated grunt-postcss plugin is replaced by a (maintained) fork for compatibility with newer grunt versions. * karma is updated to v6 and pulls in @types/node which conflicts with TypeScript type definitions by @types/requirejs. Therefore 3rd party type declarations from packages (@types/*) are now explicitly enabled in tsconfig.json – note that there is no other way to exclude from typeRoots: microsoft/TypeScript#18588 * grunt-lintspaces and grunt-contrib-imagemin are replaced as these packages have been not been updated to not depend on vulnerabe dependencies, while grunt-lintspaces and grunt-contrib-imagemin would cause downgrades to older version when running `npm audit fix --force` (because only the older versions do not depend on vulnerable software). * (grunt-contrib-)imagemin is replaced by squoosh (by google) as a) imagemin dependencies ("bin-build" > "download") rely on vulnerable versions of "got". Neither of these packages is currently updated,see kevva/download#224 b) imagemin is unmaintained: imagemin/imagemin#385 and suggests squoosh as replacement * stylefmt is replaced by a maintained fork. There is one remaining packages that pulls in a vulnerability alerts: * jquery-ui is marked as vulnerable (severity: high), but worked on in a separate patch #96497. (We don't actually use the vulnerable library parts though). Vulnerability report before this patch: 74 vulnerabilities (1 low, 30 moderate, 38 high, 5 critical) Vulnerability report after this patch: 1 high severity vulnerability (this is jquery-ui) Commands executed: # Supposed to be non breaking, but broke grunt-css npm audit fix npm remove grunt-postcss npm install @lodder/grunt-postcss # Preparation for `npm audit fix --force` (breaking changes) npm install grunt@^1.5 npm install grunt-lintspaces@^0.10.0 npm remove grunt-lintspaces npm install --save-dev lintspaces-cli npm remove grunt-contrib-imagemin npm install --save-dev npm remove stylefmt npm install --save-dev @ronilaukkarinen/stylefmt npm audit fix --force Releases: main Resolves: #98198 Change-Id: I09df87fe131a499790e6c5f95f1c51e9216b71c2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75539 Tested-by: core-ci <[email protected]> Tested-by: Georg Ringer <[email protected]> Tested-by: Stefan Bürk <[email protected]> Tested-by: Benjamin Franzke <[email protected]> Reviewed-by: Georg Ringer <[email protected]> Reviewed-by: Stefan Bürk <[email protected]> Reviewed-by: Benjamin Franzke <[email protected]>
TYPO3-CMS · Aug 25, 2022 · 36a8cf0 · 36a8cf0
1 parent 9ae977d
commit 36a8cf0
Show file tree

Hide file tree

Showing 35 changed files with 35 additions and 35 deletions.
diff --git a/Resources/Public/JavaScript/ajax/ajax-queue.js b/Resources/Public/JavaScript/ajax/ajax-queue.js
@@ -10,4 +10,4 @@
  *
  * The TYPO3 project - inspiring people to share!
  */
-import AjaxRequest from"@typo3/core/ajax/ajax-request.js";class AjaxQueue{constructor(){this.requests=[],this.requestCount=0,this.threshold=5,this.queue=[]}add(e){this.queue.push(e),this.handleNext()}flush(){this.queue=[],this.requests.forEach(e=>e.abort()),this.requests=[]}handleNext(){this.queue.length>0&&this.requestCount<this.threshold&&(this.incrementRequestCount(),this.sendRequest(this.queue.shift()).finally(()=>{this.decrementRequestCount(),this.handleNext()}))}async sendRequest(e){const t=new AjaxRequest(e.url);let s;return s=void 0!==e.method&&"POST"===e.method.toUpperCase()?t.post(e.data):t.withQueryArguments(e.data||{}).get(),this.requests.push(t),s.then(e.onfulfilled,e.onrejected).then(()=>{const e=this.requests.indexOf(t);delete this.requests[e]})}incrementRequestCount(){this.requestCount++}decrementRequestCount(){this.requestCount>0&&this.requestCount--}}export default new AjaxQueue;
+import AjaxRequest from"@typo3/core/ajax/ajax-request.js";class AjaxQueue{constructor(){this.requests=[],this.requestCount=0,this.threshold=5,this.queue=[]}add(e){this.queue.push(e),this.handleNext()}flush(){this.queue=[],this.requests.forEach((e=>e.abort())),this.requests=[]}handleNext(){this.queue.length>0&&this.requestCount<this.threshold&&(this.incrementRequestCount(),this.sendRequest(this.queue.shift()).finally((()=>{this.decrementRequestCount(),this.handleNext()})))}async sendRequest(e){const t=new AjaxRequest(e.url);let s;return s=void 0!==e.method&&"POST"===e.method.toUpperCase()?t.post(e.data):t.withQueryArguments(e.data||{}).get(),this.requests.push(t),s.then(e.onfulfilled,e.onrejected).then((()=>{const e=this.requests.indexOf(t);delete this.requests[e]}))}incrementRequestCount(){this.requestCount++}decrementRequestCount(){this.requestCount>0&&this.requestCount--}}export default new AjaxQueue;
diff --git a/Resources/Public/JavaScript/backend-user-confirmation.js b/Resources/Public/JavaScript/backend-user-confirmation.js
@@ -10,4 +10,4 @@
  *
  * The TYPO3 project - inspiring people to share!
  */
-import DocumentService from"@typo3/core/document-service.js";class BackendUserConfirmation{constructor(){DocumentService.ready().then(()=>this.addFocusToFormInput())}addFocusToFormInput(){const o=document.getElementById("confirmationPassword");null!==o&&o.focus()}}export default new BackendUserConfirmation;
+import DocumentService from"@typo3/core/document-service.js";class BackendUserConfirmation{constructor(){DocumentService.ready().then((()=>this.addFocusToFormInput()))}addFocusToFormInput(){const o=document.getElementById("confirmationPassword");null!==o&&o.focus()}}export default new BackendUserConfirmation;
diff --git a/Resources/Public/JavaScript/install.js b/Resources/Public/JavaScript/install.js
@@ -10,4 +10,4 @@
  *
  * The TYPO3 project - inspiring people to share!
  */
-import $ from"jquery";import Router from"@typo3/install/router.js";class Install{constructor(){$(()=>{Router.initialize()})}}export default new Install;
+import $ from"jquery";import Router from"@typo3/install/router.js";class Install{constructor(){$((()=>{Router.initialize()}))}}export default new Install;
diff --git a/Resources/Public/JavaScript/installer.js b/Resources/Public/JavaScript/installer.js
diff --git a/Resources/Public/JavaScript/module/abstract-interactable-module.js b/Resources/Public/JavaScript/module/abstract-interactable-module.js
@@ -10,4 +10,4 @@
  *
  * The TYPO3 project - inspiring people to share!
  */
-import $ from"jquery";export class AbstractInteractableModule{constructor(){this.selectorModalBody=".t3js-modal-body",this.selectorModalContent=".t3js-module-content",this.selectorModalFooter=".t3js-modal-footer"}getModalBody(){return this.findInModal(this.selectorModalBody)}getModuleContent(){return this.findInModal(this.selectorModalContent)}getModalFooter(){return this.findInModal(this.selectorModalFooter)}findInModal(t){return this.currentModal.find(t)}setModalButtonsState(t){this.getModalFooter().find("button").each((o,e)=>{this.setModalButtonState($(e),t)})}setModalButtonState(t,o){t.toggleClass("disabled",!o).prop("disabled",!o)}}
+import $ from"jquery";export class AbstractInteractableModule{constructor(){this.selectorModalBody=".t3js-modal-body",this.selectorModalContent=".t3js-module-content",this.selectorModalFooter=".t3js-modal-footer"}getModalBody(){return this.findInModal(this.selectorModalBody)}getModuleContent(){return this.findInModal(this.selectorModalContent)}getModalFooter(){return this.findInModal(this.selectorModalFooter)}findInModal(t){return this.currentModal.find(t)}setModalButtonsState(t){this.getModalFooter().find("button").each(((o,e)=>{this.setModalButtonState($(e),t)}))}setModalButtonState(t,o){t.toggleClass("disabled",!o).prop("disabled",!o)}}
diff --git a/Resources/Public/JavaScript/module/environment/environment-check.js b/Resources/Public/JavaScript/module/environment/environment-check.js
diff --git a/Resources/Public/JavaScript/module/environment/folder-structure.js b/Resources/Public/JavaScript/module/environment/folder-structure.js