From 4f24eba4b2d501fba4f1ee300e0895881c543aa3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 21 Jun 2023 20:07:11 +0000 Subject: [PATCH 1/7] feat: upgrade mkdirp from 2.1.6 to 3.0.1 Snyk has created this PR to upgrade mkdirp from 2.1.6 to 3.0.1. See this package in npm: https://www.npmjs.com/package/mkdirp See this project in Snyk: https://app.snyk.io/org/contentstack-cli/project/c331d782-6978-4005-ae86-a9fe5a975d12?utm_source=github&utm_medium=referral&page=upgrade-pr --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 62deeed..a9a282c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,7 +11,7 @@ "dependencies": { "json-mask": "2.0.0", "lodash": "^4.17.21", - "mkdirp": "^2.1.6", + "mkdirp": "^3.0.1", "sift": "16.0.1" }, "devDependencies": { @@ -2965,9 +2965,9 @@ } }, "node_modules/mkdirp": { - "version": "2.1.6", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-2.1.6.tgz", - "integrity": "sha512-+hEnITedc8LAtIP9u3HJDFIdcLV2vXP33sqLLIzkv1Db1zO/1OxbvYf0Y1OC/S/Qo5dxHXepofhmxL02PsKe+A==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz", + "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==", "bin": { "mkdirp": "dist/cjs/src/bin.js" }, @@ -6098,9 +6098,9 @@ } }, "mkdirp": { - "version": "2.1.6", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-2.1.6.tgz", - "integrity": "sha512-+hEnITedc8LAtIP9u3HJDFIdcLV2vXP33sqLLIzkv1Db1zO/1OxbvYf0Y1OC/S/Qo5dxHXepofhmxL02PsKe+A==" + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz", + "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==" }, "ms": { "version": "2.1.2", diff --git a/package.json b/package.json index 28c4fed..e9880c7 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "dependencies": { "json-mask": "2.0.0", "lodash": "^4.17.21", - "mkdirp": "^2.1.6", + "mkdirp": "^3.0.1", "sift": "16.0.1" }, "devDependencies": { From 5d44cb9fbf424bc5248e4ae7d687edb4c3ec39db Mon Sep 17 00:00:00 2001 From: Antony Date: Tue, 22 Aug 2023 12:22:13 +0530 Subject: [PATCH 2/7] Fix: Cannot read properties of undefined (reading 'hasOwnProperty') at stack.js --- src/stack.ts | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/stack.ts b/src/stack.ts index 591152d..7d5f8a3 100755 --- a/src/stack.ts +++ b/src/stack.ts @@ -1369,9 +1369,12 @@ export class Stack { if (flag) { for (let e = 0, f = oldShelf[i].path.length; e < f; e++) { // tslint:disable-next-line: max-line-length - if (oldShelf[i].path[e].hasOwnProperty('_content_type_uid') && Object.keys(oldShelf[i].path[e]).length === 2) { - (oldShelf[i].path as any).splice(e, 1) - break + if ( + oldShelf[i].path[e]?.hasOwnProperty("_content_type_uid") && + Object.keys(oldShelf[i].path[e]).length === 2 + ) { + (oldShelf[i].path as any).splice(e, 1); + break; } } } @@ -1587,7 +1590,7 @@ export class Stack { result.docs.forEach((doc) => { this.projections.forEach((key) => { - if (doc.hasOwnProperty(key) && this.contentStore.projections[key] === 0) { + if (doc?.hasOwnProperty(key) && this.contentStore.projections[key] === 0) { delete doc[key] } }) @@ -1698,7 +1701,7 @@ export class Stack { filteredAssets.forEach((doc) => { this.projections.forEach((key) => { - if (doc.hasOwnProperty(key) && this.contentStore.projections[key] === 0) { + if (doc?.hasOwnProperty(key) && this.contentStore.projections[key] === 0) { delete doc[key] } }) @@ -1758,7 +1761,7 @@ export class Stack { if (flag) { for (let e = 0, f = oldObjectPointerList[i].path.length; e < f; e++) { // tslint:disable-next-line: max-line-length - if (oldObjectPointerList[i].path[e].hasOwnProperty('_content_type_uid') && Object.keys(oldObjectPointerList[i].path[e]).length === 2) { + if (oldObjectPointerList[i].path[e]?.hasOwnProperty('_content_type_uid') && Object.keys(oldObjectPointerList[i].path[e]).length === 2) { (oldObjectPointerList[i].path as any).splice(e, 1) break } @@ -1809,11 +1812,11 @@ export class Stack { for (let i = 0, j = filteredContents.length; i < j; i++) { let assetFieldPaths: string[] let entryReferencePaths: string[] - if (filteredContents[i].hasOwnProperty(this.types.assets)) { + if (filteredContents[i]?.hasOwnProperty(this.types.assets)) { assetFieldPaths = Object.keys(filteredContents[i][this.types.assets]) paths = paths.concat(assetFieldPaths) } - if (filteredContents[i].hasOwnProperty('_references')) { + if (filteredContents[i]?.hasOwnProperty('_references')) { entryReferencePaths = Object.keys(filteredContents[i][this.types.references]) paths = paths.concat(entryReferencePaths) From 5419859950457d47f9c8a88aa17d6f3b0e360554 Mon Sep 17 00:00:00 2001 From: Antony Date: Tue, 22 Aug 2023 12:29:37 +0530 Subject: [PATCH 3/7] CI: sast scan and secrets scan workflows removed --- .github/workflows/sast-scan.yml | 11 ----------- .github/workflows/secrets-scan.yml | 11 ----------- 2 files changed, 22 deletions(-) delete mode 100644 .github/workflows/sast-scan.yml delete mode 100644 .github/workflows/secrets-scan.yml diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml deleted file mode 100644 index f931630..0000000 --- a/.github/workflows/sast-scan.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: SAST Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Horusec Scan - run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd) \ No newline at end of file diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml deleted file mode 100644 index 1e8f176..0000000 --- a/.github/workflows/secrets-scan.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Secrets Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Gittyleaks - uses: gupy-io/gittyleaks-action@v0.1 \ No newline at end of file From 1d095f2b9b9cb017bb3b61d050ea98d8e9129394 Mon Sep 17 00:00:00 2001 From: Antony Date: Tue, 22 Aug 2023 12:31:43 +0530 Subject: [PATCH 4/7] PATCH version bumped --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 62deeed..02a0e52 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "datasync-filesystem-sdk", - "version": "1.0.9", + "version": "1.0.10", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "datasync-filesystem-sdk", - "version": "1.0.9", + "version": "1.0.10", "license": "MIT", "dependencies": { "json-mask": "2.0.0", diff --git a/package.json b/package.json index 28c4fed..e75c1ac 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "datasync-filesystem-sdk", - "version": "1.0.9", + "version": "1.0.10", "description": "JavaScript filesystem SDK to query data synced via @contentstack/datasync-content-store-filesystem", "main": "dist/index.js", "scripts": { From a5eeda29c607ca294c30398cb210640428e995c9 Mon Sep 17 00:00:00 2001 From: "vikram.kalta@contentstack.com" Date: Thu, 24 Aug 2023 11:24:11 +0100 Subject: [PATCH 5/7] fix: fixed an issue with mkdirp upgrade --- src/utils.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/utils.ts b/src/utils.ts index 30f2638..da446ce 100755 --- a/src/utils.ts +++ b/src/utils.ts @@ -19,7 +19,7 @@ import { existsSync } from './fs' import { getConfig, } from './index' -import mkdirp from 'mkdirp'; +import { sync } from 'mkdirp'; const localePaths = Object.create(null) export const difference = (obj, baseObj) => { @@ -66,14 +66,14 @@ export const getBaseDir = ({baseDir}) => { let contentDir: string if (isAbsolute(baseDir)) { if (!existsSync(baseDir)) { - mkdirp.sync(baseDir) + sync(baseDir) } contentDir = baseDir } else { const appPath = join(__dirname, '..', '..', '..') contentDir = join(appPath, baseDir) if (!existsSync(contentDir)) { - mkdirp.sync(contentDir) + sync(contentDir) } } From 58d060b83c587fadde35219fe53e183523d68c44 Mon Sep 17 00:00:00 2001 From: "vikram.kalta@contentstack.com" Date: Thu, 24 Aug 2023 12:40:25 +0100 Subject: [PATCH 6/7] fix: removed sast and secrets scan files --- .github/workflows/sast-scan.yml | 11 ----------- .github/workflows/secrets-scan.yml | 11 ----------- 2 files changed, 22 deletions(-) delete mode 100644 .github/workflows/sast-scan.yml delete mode 100644 .github/workflows/secrets-scan.yml diff --git a/.github/workflows/sast-scan.yml b/.github/workflows/sast-scan.yml deleted file mode 100644 index f931630..0000000 --- a/.github/workflows/sast-scan.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: SAST Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Horusec Scan - run: docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd) \ No newline at end of file diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml deleted file mode 100644 index 1e8f176..0000000 --- a/.github/workflows/secrets-scan.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Secrets Scan -on: - pull_request: - types: [opened, synchronize, reopened] -jobs: - security: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Gittyleaks - uses: gupy-io/gittyleaks-action@v0.1 \ No newline at end of file From d258c1f735836d200bcf9568e1be7aeecffe5844 Mon Sep 17 00:00:00 2001 From: Abhinav Gupta Date: Fri, 25 Aug 2023 00:02:49 +0530 Subject: [PATCH 7/7] updated version and lock file --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index a9a282c..a090d96 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "datasync-filesystem-sdk", - "version": "1.0.9", + "version": "1.0.10", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "datasync-filesystem-sdk", - "version": "1.0.9", + "version": "1.0.10", "license": "MIT", "dependencies": { "json-mask": "2.0.0", diff --git a/package.json b/package.json index e9880c7..144e577 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "datasync-filesystem-sdk", - "version": "1.0.9", + "version": "1.0.10", "description": "JavaScript filesystem SDK to query data synced via @contentstack/datasync-content-store-filesystem", "main": "dist/index.js", "scripts": {