Upgrade insecure packages (#1937)

* Upgrade styled-components to ^4 * Resolve high risk vulnerability packages * Move react-scripts to devDependencies Per https://stackoverflow.com/a/69576030 this will reduce the vulnerability warnings * Upgrade workbox packages * Upgrade aws, babel, formatjs, sentry * Upgraded @types packages * Upgrade html-entities and date-fns * Upgrade node-fetch * Upgrade ts-utils
openstax · Jun 28, 2023 · 52ce655 · 52ce655
1 parent a93b594
commit 52ce655
Show file tree

Hide file tree

Showing 34 changed files with 2,221 additions and 1,895 deletions.
diff --git a/craco.config.js b/craco.config.js
@@ -8,7 +8,7 @@ module.exports = {
       alias: {
         // ts-utils uses the `exports` package.json options, which is not supported in webpack 4
         // this can be removed if we update react-scripts
-        '@openstax/ts-utils': '@openstax/ts-utils/dist'
+        '@openstax/ts-utils': '@openstax/ts-utils/dist/cjs'
       },
     },
     plugins: [{

diff --git a/package.json b/package.json
@@ -7,19 +7,19 @@
   },
   "dependencies": {
     "@craco/craco": "<7",
-    "@formatjs/intl-pluralrules": "^5.1.10",
+    "@formatjs/intl-pluralrules": "^5.2.3",
     "@openstax/event-capture-client": "^2.0.2",
     "@openstax/highlighter": "1.13.0",
     "@openstax/open-search-client": "0.1.0-build.7",
-    "@openstax/ts-utils": "1.1.12",
-    "@sentry/integrations": "^7.44.2",
-    "@sentry/react": "^7.44.2",
+    "@openstax/ts-utils": "1.1.43",
+    "@sentry/integrations": "^7.54.0",
+    "@sentry/react": "^7.54.0",
     "color": "^3.1.2",
     "details-element-polyfill": "^2.4.0",
     "flat": "~5.0",
     "focus-within-polyfill": "^5.2.1",
     "history": "4.7.2",
-    "html-entities": "^2.3.3",
+    "html-entities": "^2.3.5",
     "js-cookie": "~2.2",
     "lodash": "^4.17.21",
     "mdn-polyfills": "^5.20.0",
@@ -33,23 +33,22 @@
     "react-intl": "<5.13",
     "react-loadable": "~5.5",
     "react-redux": "~7.1",
-    "react-scripts": "^4.0.3",
     "redux": "4.0.1",
     "reselect": "4.0.0",
     "scroll-to-element": "^2.0.3",
     "stacktrace-js": "~2.0",
-    "styled-components": "~4.3",
+    "styled-components": "^4",
     "styled-icons": "8.1.0",
     "typesafe-actions": "^4.4.2",
     "typescript": "<4.3.0",
     "url": "^0.11.0",
     "uuid": "~7.0",
     "weak-map": "^1.0.8",
-    "workbox-core": "^6.5.4",
-    "workbox-expiration": "^6.5.4",
-    "workbox-precaching": "^6.5.4",
-    "workbox-routing": "^6.5.4",
-    "workbox-strategies": "^6.5.4"
+    "workbox-core": "^7.0.0",
+    "workbox-expiration": "^7.0.0",
+    "workbox-precaching": "^7.0.0",
+    "workbox-routing": "^7.0.0",
+    "workbox-strategies": "^7.0.0"
   },
   "scripts": {
     "trust-localhost": "./script/trust-localhost.bash",
@@ -102,19 +101,19 @@
     "not op_mini all"
   ],
   "devDependencies": {
-    "@aws-sdk/client-cloudformation": "^3.295.0",
-    "@aws-sdk/client-s3": "^3.295.0",
-    "@aws-sdk/client-sqs": "^3.295.0",
-    "@aws-sdk/credential-providers": "^3.295.0",
-    "@babel/core": "^7.21.3",
+    "@aws-sdk/client-cloudformation": "^3.348.0",
+    "@aws-sdk/client-s3": "^3.348.0",
+    "@aws-sdk/client-sqs": "^3.348.0",
+    "@aws-sdk/credential-providers": "^3.348.0",
+    "@babel/core": "^7.22.5",
     "@babel/plugin-proposal-class-properties": "^7.1.0",
     "@babel/plugin-proposal-object-rest-spread": "^7.0.0",
     "@babel/plugin-proposal-optional-chaining": "^7.13.12",
-    "@babel/plugin-transform-runtime": "^7.1.0",
-    "@babel/preset-env": "^7.20.2",
-    "@babel/preset-react": "<7.17",
-    "@babel/preset-typescript": "^7.21.0",
-    "@babel/register": "^7.0.0",
+    "@babel/plugin-transform-runtime": "^7.22.5",
+    "@babel/preset-env": "^7.22.5",
+    "@babel/preset-react": "7.22.5",
+    "@babel/preset-typescript": "^7.22.5",
+    "@babel/register": "^7.22.5",
     "@openstax/types": "^3.1.0",
     "@types/color": "^3.0.3",
     "@types/express": "~4.17",
@@ -147,7 +146,7 @@
     "babel-core": "7.0.0-bridge.0",
     "babel-plugin-transform-dynamic-import": "^2.1.0",
     "codecov": "^3.8.3",
-    "date-fns": "^2.29.3",
+    "date-fns": "^2.30.0",
     "date-fns-tz": "^2.0.0",
     "express": "~4.17",
     "glob": "<9",
@@ -164,6 +163,7 @@
     "pretty": "^2.0.0",
     "progress": "^2.0.3",
     "puppeteer": "~5.4",
+    "react-scripts": "^4.0.3",
     "react-test-renderer": "~16.9",
     "resize-observer-polyfill": "^1.5.1",
     "semver-sort": "~0.0",
@@ -179,6 +179,11 @@
     "tslint": "6.1.3",
     "yargs": "~13.2"
   },
+  "resolutions": {
+    "fast-xml-parser": "4.2.4",
+    "node-fetch": "~2.6",
+    "xml2js": "0.5.0"
+  },
   "jest": {
     "testEnvironment": "jsdom",
     "moduleFileExtensions": [
@@ -190,7 +195,7 @@
     ],
     "moduleNameMapper": {
       "//comment//": "remove this when CRA upgrades jest above 28",
-      "(.*)@openstax/ts-utils(.*)": "$1@openstax/ts-utils/dist$2"
+      "(.*)@openstax/ts-utils(.*)": "$1@openstax/ts-utils/dist/cjs$2"
     },
     "setupFilesAfterEnv": [
       "<rootDir>/src/test/setup.ts"

diff --git a/src/app/auth/init/establishState.ts b/src/app/auth/init/establishState.ts
@@ -1,6 +1,7 @@
 import { Initializer } from '../../types';
 import { receiveLoggedOut, receiveUser } from '../actions';
 import { formatUser } from '../utils';
+import { AccountsUser } from '../../../gateways/createUserLoader';
 
 const initializer: Initializer = async({dispatch, userLoader}) => {
   if (typeof(document) === 'undefined') {
@@ -10,7 +11,7 @@ const initializer: Initializer = async({dispatch, userLoader}) => {
   const user = await userLoader.getCurrentUser();
 
   if (user) {
-    dispatch(receiveUser(formatUser(user)));
+    dispatch(receiveUser(formatUser(user as AccountsUser)));
   } else {
     dispatch(receiveLoggedOut());
   }

diff --git a/src/app/components/__snapshots__/DotMenu.spec.tsx.snap b/src/app/components/__snapshots__/DotMenu.spec.tsx.snap
@@ -2,21 +2,21 @@
 
 exports[`Dropdown matches snapshot 1`] = `
 <div
-  className="DotMenu__DotMenuDropdown-khcauc-3 hDFPiE Dropdown-rmc6yw-5 fBPFfC Dropdown__TabTransparentDropdown-rmc6yw-3 edlcTM"
+  className="Dropdown__TabTransparentDropdown-rmc6yw-3 edlcTM Dropdown-rmc6yw-5 fBPFfC DotMenu__DotMenuDropdown-khcauc-3 hDFPiE"
 >
   <div
     className="Dropdown__DropdownFocusWrapper-rmc6yw-2 ldfjZL"
   >
     <button
-      className="Dropdown__DropdownToggle-rmc6yw-0 gpiKKF DotMenu__DotMenuToggle-khcauc-1 fyJNFy Button__PlainButton-ayg7nk-2 chgswm"
+      className="Button__PlainButton-ayg7nk-2 chgswm DotMenu__DotMenuToggle-khcauc-1 fyJNFy Dropdown__DropdownToggle-rmc6yw-0 gpiKKF"
       tabIndex={0}
     >
       <div
         tabIndex={-1}
       >
         <svg
           aria-hidden="true"
-          className="DotMenu__DotMenuIcon-khcauc-0 ehMhqa StyledIconBase-sc-bdy9j4 cCvWXa"
+          className="StyledIconBase-sc-bdy9j4 cCvWXa DotMenu__DotMenuIcon-khcauc-0 ehMhqa"
           fill="currentColor"
           focusable="false"
           viewBox="0 0 192 512"
@@ -52,15 +52,15 @@ exports[`Dropdown matches snapshot 1`] = `
     </ol>
   </div>
   <button
-    className="Dropdown__DropdownToggle-rmc6yw-0 gpiKKF DotMenu__DotMenuToggle-khcauc-1 fyJNFy Button__PlainButton-ayg7nk-2 chgswm"
+    className="Button__PlainButton-ayg7nk-2 chgswm DotMenu__DotMenuToggle-khcauc-1 fyJNFy Dropdown__DropdownToggle-rmc6yw-0 gpiKKF"
     tabIndex={0}
   >
     <div
       tabIndex={-1}
     >
       <svg
         aria-hidden="true"
-        className="DotMenu__DotMenuIcon-khcauc-0 ehMhqa StyledIconBase-sc-bdy9j4 cCvWXa"
+        className="StyledIconBase-sc-bdy9j4 cCvWXa DotMenu__DotMenuIcon-khcauc-0 ehMhqa"
         fill="currentColor"
         focusable="false"
         viewBox="0 0 192 512"
@@ -77,21 +77,21 @@ exports[`Dropdown matches snapshot 1`] = `
 
 exports[`Dropdown matches snapshot on right align 1`] = `
 <div
-  className="DotMenu__DotMenuDropdown-khcauc-3 hDFPiE Dropdown-rmc6yw-5 fBPFfC Dropdown__TabTransparentDropdown-rmc6yw-3 edlcTM"
+  className="Dropdown__TabTransparentDropdown-rmc6yw-3 edlcTM Dropdown-rmc6yw-5 fBPFfC DotMenu__DotMenuDropdown-khcauc-3 hDFPiE"
 >
   <div
     className="Dropdown__DropdownFocusWrapper-rmc6yw-2 ldfjZL"
   >
     <button
-      className="Dropdown__DropdownToggle-rmc6yw-0 gpiKKF DotMenu__DotMenuToggle-khcauc-1 fyJNFy Button__PlainButton-ayg7nk-2 chgswm"
+      className="Button__PlainButton-ayg7nk-2 chgswm DotMenu__DotMenuToggle-khcauc-1 fyJNFy Dropdown__DropdownToggle-rmc6yw-0 gpiKKF"
       tabIndex={0}
     >
       <div
         tabIndex={-1}
       >
         <svg
           aria-hidden="true"
-          className="DotMenu__DotMenuIcon-khcauc-0 ehMhqa StyledIconBase-sc-bdy9j4 cCvWXa"
+          className="StyledIconBase-sc-bdy9j4 cCvWXa DotMenu__DotMenuIcon-khcauc-0 ehMhqa"
           fill="currentColor"
           focusable="false"
           viewBox="0 0 192 512"
@@ -127,15 +127,15 @@ exports[`Dropdown matches snapshot on right align 1`] = `
     </ol>
   </div>
   <button
-    className="Dropdown__DropdownToggle-rmc6yw-0 gpiKKF DotMenu__DotMenuToggle-khcauc-1 fyJNFy Button__PlainButton-ayg7nk-2 chgswm"
+    className="Button__PlainButton-ayg7nk-2 chgswm DotMenu__DotMenuToggle-khcauc-1 fyJNFy Dropdown__DropdownToggle-rmc6yw-0 gpiKKF"
     tabIndex={0}
   >
     <div
       tabIndex={-1}
     >
       <svg
         aria-hidden="true"
-        className="DotMenu__DotMenuIcon-khcauc-0 ehMhqa StyledIconBase-sc-bdy9j4 cCvWXa"
+        className="StyledIconBase-sc-bdy9j4 cCvWXa DotMenu__DotMenuIcon-khcauc-0 ehMhqa"
         fill="currentColor"
         focusable="false"
         viewBox="0 0 192 512"

diff --git a/src/app/components/__snapshots__/Dropdown.spec.tsx.snap b/src/app/components/__snapshots__/Dropdown.spec.tsx.snap
@@ -2,7 +2,7 @@
 
 exports[`Dropdown matches snapshot 1`] = `
 <div
-  className="Dropdown-rmc6yw-5 fBPFfC Dropdown__TabTransparentDropdown-rmc6yw-3 edlcTM"
+  className="Dropdown__TabTransparentDropdown-rmc6yw-3 edlcTM Dropdown-rmc6yw-5 fBPFfC"
 >
   <div
     className="Dropdown__DropdownFocusWrapper-rmc6yw-2 ldfjZL"
@@ -47,7 +47,7 @@ exports[`Dropdown matches snapshot 1`] = `
 
 exports[`Dropdown matches snapshot for tab hidden (closed) 1`] = `
 <div
-  className="Dropdown-rmc6yw-5 fBPFfC Dropdown__TabHiddenDropDown-rmc6yw-1 kbMrSv"
+  className="Dropdown__TabHiddenDropDown-rmc6yw-1 kbMrSv Dropdown-rmc6yw-5 fBPFfC"
 >
   <button
     className="Dropdown__DropdownToggle-rmc6yw-0 gpiKKF"
@@ -61,7 +61,7 @@ exports[`Dropdown matches snapshot for tab hidden (closed) 1`] = `
 
 exports[`Dropdown matches snapshot for tab hidden (open) 1`] = `
 <div
-  className="Dropdown-rmc6yw-5 fBPFfC Dropdown__TabHiddenDropDown-rmc6yw-1 kbMrSv"
+  className="Dropdown__TabHiddenDropDown-rmc6yw-1 kbMrSv Dropdown-rmc6yw-5 fBPFfC"
 >
   <button
     className="Dropdown__DropdownToggle-rmc6yw-0 gpiKKF"

diff --git a/src/app/content/__snapshots__/routes.spec.tsx.snap b/src/app/content/__snapshots__/routes.spec.tsx.snap
@@ -38,11 +38,11 @@ Array [
       }
     />
     <div
-      className="styled__TextResizerDropdown-sc-12dq39v-16 iLqgWD Dropdown-rmc6yw-5 fBPFfC Dropdown__TabHiddenDropDown-rmc6yw-1 kbMrSv"
+      className="Dropdown__TabHiddenDropDown-rmc6yw-1 kbMrSv Dropdown-rmc6yw-5 fBPFfC styled__TextResizerDropdown-sc-12dq39v-16 iLqgWD"
     >
       <button
         aria-label="Change text size"
-        className="Dropdown__DropdownToggle-rmc6yw-0 gpiKKF Filters__Toggle-sc-1fn81fx-1 liapzj Button__PlainButton-ayg7nk-2 chgswm"
+        className="Button__PlainButton-ayg7nk-2 chgswm Filters__Toggle-sc-1fn81fx-1 liapzj Dropdown__DropdownToggle-rmc6yw-0 gpiKKF"
         data-analytics-label="Change text size"
         onClick={[Function]}
       >
@@ -65,7 +65,7 @@ Array [
       className="RedoPadding-sc-1rj2rww-0 gaOlpC"
     >
       <div
-        className="page-content PageContent-ny9bj0-0 bXhXti"
+        className="PageContent-ny9bj0-0 bXhXti page-content"
         tabIndex={0}
       >
         <div
@@ -89,11 +89,11 @@ Array [
   >
     <summary
       aria-label="Citation/Attribution"
-      className="Attribution__AttributionSummary-sc-11isnv6-2 ccMXsL Details__Summary-xi326o-2 goqLfs"
+      className="Details__Summary-xi326o-2 goqLfs Attribution__AttributionSummary-sc-11isnv6-2 ccMXsL"
     >
       <svg
         aria-hidden="true"
-        className="Attribution__SummaryClosedIcon-sc-11isnv6-0 gSPJtD Details__ExpandIcon-xi326o-0 cVuUUi StyledIconBase-sc-bdy9j4 cCvWXa"
+        className="StyledIconBase-sc-bdy9j4 cCvWXa Details__ExpandIcon-xi326o-0 cVuUUi Attribution__SummaryClosedIcon-sc-11isnv6-0 gSPJtD"
         fill="currentColor"
         focusable="false"
         viewBox="0 0 192 512"
@@ -105,7 +105,7 @@ Array [
       </svg>
       <svg
         aria-hidden="true"
-        className="Attribution__SummaryOpenIcon-sc-11isnv6-1 kRXAve Details__CollapseIcon-xi326o-1 jsdrhW StyledIconBase-sc-bdy9j4 cCvWXa"
+        className="StyledIconBase-sc-bdy9j4 cCvWXa Details__CollapseIcon-xi326o-1 jsdrhW Attribution__SummaryOpenIcon-sc-11isnv6-1 kRXAve"
         fill="currentColor"
         focusable="false"
         viewBox="0 0 320 512"