From b738de30d6f04d693571de18c8943f745336403c Mon Sep 17 00:00:00 2001 From: Matthew Bain <66839492+rocketstack-matt@users.noreply.github.com> Date: Sun, 10 Nov 2024 08:38:05 +0000 Subject: [PATCH] Resolve CVE-2024-21538 (#576) * Resolve CVE-2024-21538 * Resolve CVE-2024-21538 --- cli/package-lock.json | 6 ++--- cli/package.json | 60 +++++++++++++++++++++++++++++++------------ 2 files changed, 47 insertions(+), 19 deletions(-) diff --git a/cli/package-lock.json b/cli/package-lock.json index 763c6b02..c8c00ff2 100644 --- a/cli/package-lock.json +++ b/cli/package-lock.json @@ -4166,9 +4166,9 @@ "license": "MIT" }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.5.tgz", + "integrity": "sha512-ZVJrKKYunU38/76t0RMOulHOnUcbU9GbpWKAOZ0mhjr7CX6FVrH+4FrAapSOekrgFQ3f/8gwMEuIft0aKq6Hug==", "license": "MIT", "dependencies": { "path-key": "^3.1.0", diff --git a/cli/package.json b/cli/package.json index 550bdaae..6619f104 100644 --- a/cli/package.json +++ b/cli/package.json @@ -4,43 +4,71 @@ "description": "A set of tools for interacting with the Common Architecture Language Model (CALM)", "main": "dist/index.js", "files": [ - "dist/" + "dist" ], "scripts": { - "build": "tsc", - "watch": "tsc -watch -p ./", - "clean": "rimraf node_modules dist", + "build": "tsc && npm run copy-calm-schema && npm run copy-spectral-rules", + "test": "jest --verbose", "lint": "eslint src", "lint-fix": "eslint src --fix", + "copy-calm-schema": "mkdir -p dist/calm && cp -r ../calm/draft/2024-04/meta dist/calm/", + "copy-spectral-rules": "mkdir -p dist/spectral && npm run copy-spectral-instantiation-rules && npm run copy-spectral-pattern-rules", + "copy-spectral-instantiation-rules": "cp -r ../spectral/instantiation dist/spectral", + "copy-spectral-pattern-rules": "cp -r ../spectral/pattern dist/spectral", "dependency-check": "dependency-check --project 'calm-cli' --scan . --out ./dependency-check-report --format ALL --suppression ../.github/node-cve-ignore-list.xml" - }, "bin": { "calm": "dist/index.js" }, - "publishConfig": { - "access": "public" - }, - "keywords": [ - "cli", - "validation" - ], "author": "", "license": "ISC", + "type": "module", "dependencies": { - "@finos/calm-shared": "file:../shared", - "copyfiles": "^2.4.1", + "@rollup/plugin-commonjs": "^28.0.1", + "@stoplight/spectral-cli": "^6.13.1", + "@stoplight/spectral-core": "^1.19.1", + "ajv": "^8.12.0", + "commander": "^12.0.0", + "glob": "^11.0.0", + "graphviz-cli": "^2.0.0", + "js-yaml": "^4.1.0", + "json-pointer": "^0.6.2", + "jsonpath-plus": "^10.0.0", + "junit-report-builder": "^5.0.0", + "lodash": "^4.17.21", "mkdirp": "^3.0.1", - "commander": "^12.0.0" + "ts-graphviz": "^2.1.1", + "tsconfig-paths": "^4.2.0", + "winston": "^3.14.1" }, "devDependencies": { + "@eslint/eslintrc": "^3.1.0", + "@eslint/js": "^9.13.0", "@jest/globals": "^29.7.0", + "@types/jest": "^29.5.12", + "@types/js-yaml": "^4.0.9", "@types/json-pointer": "^1.0.34", "@types/junit-report-builder": "^3.0.2", "@types/lodash": "^4.17.0", + "@types/node": "^22.0.0", + "@typescript-eslint/eslint-plugin": "^8.0.0", "eslint": "^9.13.0", + "eslint-config-love": "^97.0.0", + "eslint-plugin-import": "^2.31.0", + "eslint-plugin-n": "^17.11.1", + "eslint-plugin-promise": "^7.1.0", + "fetch-mock": "^9.11.0", + "globals": "^15.11.0", "jest": "^29.7.0", - "rimraf": "^6.0.1", + "ts-jest": "^29.1.2", + "ts-node": "^10.9.2", "typescript": "^5.4.3" + }, + "overrides": { + "jsonpath-plus": "^10.0.0", + "path-to-regexp": "3.3.0", + "rollup": "4.24.4", + "glob": "^11.0.0", + "cross-spawn": "^7.0.5" } }