Security restrictive npm dependency updates and mongoose settings adjustment

pull/54/head
HardiReady 2019-02-16 11:12:34 +01:00
parent b3d17d4497
commit 5b3ac4496c
7 changed files with 1258 additions and 2757 deletions

6
package-lock.json generated
View File

@ -419,9 +419,9 @@
}
},
"lodash": {
"version": "4.17.10",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz",
"integrity": "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg==",
"version": "4.17.11",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz",
"integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==",
"dev": true
},
"mime-db": {

View File

@ -5,6 +5,10 @@ module.exports = {
database: {
uri: 'mongodb://localhost:27017/',
db: 'cc',
mongooseConfig: {
useNewUrlParser: true,
useCreateIndex: true
}
},
prod: {

171
server/package-lock.json generated
View File

@ -1111,9 +1111,9 @@
"dev": true
},
"bluebird": {
"version": "3.5.0",
"resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.0.tgz",
"integrity": "sha1-eRQg1/VR7qKJdFOop3ZT+WYG1nw="
"version": "3.5.1",
"resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.1.tgz",
"integrity": "sha512-MKiLiV+I1AA596t9w1sQJ8jkiSr5+ZKi0WKrYGUn6d1Fx+Ij4tIj+m2WMQSGczs5jZVxV339chE8iwk6F64wjA=="
},
"bmp-js": {
"version": "0.1.0",
@ -1267,9 +1267,9 @@
"dev": true
},
"bson": {
"version": "1.0.9",
"resolved": "https://registry.npmjs.org/bson/-/bson-1.0.9.tgz",
"integrity": "sha512-IQX9/h7WdMBIW/q/++tGd+emQr0XMdeZ6icnT/74Xk9fnabWn+gZgpE+9V+gujL3hhJOoNrnDVY7tWdzc7NUTg=="
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/bson/-/bson-1.1.0.tgz",
"integrity": "sha512-9Aeai9TacfNtWXOYarkFJRW2CWo+dRon+fuLZYJmvLV3+MiUp0bEI6IAZfXEIg7/Pl/7IWlLaDnhzTsD81etQA=="
},
"buffer": {
"version": "3.6.0",
@ -3963,8 +3963,7 @@
"ansi-regex": {
"version": "2.1.1",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"aproba": {
"version": "1.2.0",
@ -4379,8 +4378,7 @@
"safe-buffer": {
"version": "5.1.1",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"safer-buffer": {
"version": "2.1.2",
@ -4436,7 +4434,6 @@
"version": "3.0.1",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"ansi-regex": "^2.0.0"
}
@ -4480,14 +4477,12 @@
"wrappy": {
"version": "1.0.2",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"yallist": {
"version": "3.0.2",
"bundled": true,
"dev": true,
"optional": true
"dev": true
}
}
},
@ -6317,9 +6312,9 @@
}
},
"kareem": {
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/kareem/-/kareem-2.2.1.tgz",
"integrity": "sha512-xpDFy8OxkFM+vK6pXy6JmH92ibeEFUuDWzas5M9L7MzVmHW3jzwAHxodCPV/BYkf4A31bVDLyonrMfp9RXb/oA=="
"version": "2.3.0",
"resolved": "https://registry.npmjs.org/kareem/-/kareem-2.3.0.tgz",
"integrity": "sha512-6hHxsp9e6zQU8nXsP+02HGWXwTkOEw6IROhF2ZA28cYbUk4eJ6QbtZvdqZOdD9YPKghG3apk5eOCvs+tLl3lRg=="
},
"keypress": {
"version": "0.1.0",
@ -6610,9 +6605,9 @@
}
},
"lodash": {
"version": "4.17.10",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz",
"integrity": "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg=="
"version": "4.17.11",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz",
"integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg=="
},
"lodash._basecopy": {
"version": "3.0.1",
@ -6676,7 +6671,8 @@
"lodash.get": {
"version": "4.4.2",
"resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz",
"integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk="
"integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=",
"dev": true
},
"lodash.isarguments": {
"version": "3.1.0",
@ -6917,6 +6913,12 @@
"timers-ext": "^0.1.5"
}
},
"memory-pager": {
"version": "1.5.0",
"resolved": "https://registry.npmjs.org/memory-pager/-/memory-pager-1.5.0.tgz",
"integrity": "sha512-ZS4Bp4r/Zoeq6+NLJpP+0Zzm0pR8whtGPf1XExKLJBAczGMnSi3It14OiNCStjQjM6NU1okjQGSxgEZN8eBYKg==",
"optional": true
},
"meow": {
"version": "3.7.0",
"resolved": "https://registry.npmjs.org/meow/-/meow-3.7.0.tgz",
@ -7145,21 +7147,37 @@
}
},
"mongodb": {
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.1.0.tgz",
"integrity": "sha512-fSDZRq9FomRqeDSM7MpMTLa8sz+STs3nZ7Ib0+xvmaKZ6nquNDN4zGDsVhjto6UozFvHMDYJMAfJwhqUygXs9g==",
"version": "3.1.13",
"resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.1.13.tgz",
"integrity": "sha512-sz2dhvBZQWf3LRNDhbd30KHVzdjZx9IKC0L+kSZ/gzYquCF5zPOgGqRz6sSCqYZtKP2ekB4nfLxhGtzGHnIKxA==",
"requires": {
"mongodb-core": "3.1.0"
"mongodb-core": "3.1.11",
"safe-buffer": "^5.1.2"
},
"dependencies": {
"safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
}
}
},
"mongodb-core": {
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/mongodb-core/-/mongodb-core-3.1.0.tgz",
"integrity": "sha512-qRjG62Fu//CZhkgn0jA/k8jh5MhACIq8cOJUryH6sck87pgt+C222MSD02tsCq5zNo/B6ZFHtNodZ2qpf8E86g==",
"version": "3.1.11",
"resolved": "https://registry.npmjs.org/mongodb-core/-/mongodb-core-3.1.11.tgz",
"integrity": "sha512-rD2US2s5qk/ckbiiGFHeu+yKYDXdJ1G87F6CG3YdaZpzdOm5zpoAZd/EKbPmFO6cQZ+XVXBXBJ660sSI0gc6qg==",
"requires": {
"bson": "~1.0.4",
"bson": "^1.1.0",
"require_optional": "^1.0.1",
"safe-buffer": "^5.1.2",
"saslprep": "^1.0.0"
},
"dependencies": {
"safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
}
}
},
"mongodb-memory-server": {
@ -7182,28 +7200,33 @@
}
},
"mongoose": {
"version": "5.2.0",
"resolved": "https://registry.npmjs.org/mongoose/-/mongoose-5.2.0.tgz",
"integrity": "sha512-PCChMFJHO8C+M2JYqLhOzpiDD54VoW7XbS0V9V/R6PRJOZ4GNmT4KQzyFDaXZTNRpeQpSPlz5x5Szk/kpdYY9g==",
"version": "5.4.13",
"resolved": "https://registry.npmjs.org/mongoose/-/mongoose-5.4.13.tgz",
"integrity": "sha512-4dgmFbtNECbW3ZMS6ha2pebinUzZo789scdccdyyajbmaunBPqZJqp6eO6pThIqDsgSOkRi4IrzkZm8kmhtZMA==",
"requires": {
"async": "2.6.1",
"bson": "~1.0.5",
"kareem": "2.2.1",
"lodash.get": "4.4.2",
"mongodb": "3.1.0",
"mongodb-core": "3.1.0",
"bson": "~1.1.0",
"kareem": "2.3.0",
"mongodb": "3.1.13",
"mongodb-core": "3.1.11",
"mongoose-legacy-pluralize": "1.0.2",
"mpath": "0.4.1",
"mquery": "3.0.0",
"ms": "2.0.0",
"mpath": "0.5.1",
"mquery": "3.2.0",
"ms": "2.1.1",
"regexp-clone": "0.0.1",
"safe-buffer": "5.1.2",
"sliced": "1.0.1"
},
"dependencies": {
"ms": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
"integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
},
"safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
}
}
},
@ -7240,38 +7263,26 @@
}
},
"mpath": {
"version": "0.4.1",
"resolved": "https://registry.npmjs.org/mpath/-/mpath-0.4.1.tgz",
"integrity": "sha512-NNY/MpBkALb9jJmjpBlIi6GRoLveLUM0pJzgbp9vY9F7IQEb/HREC/nxrixechcQwd1NevOhJnWWV8QQQRE+OA=="
"version": "0.5.1",
"resolved": "https://registry.npmjs.org/mpath/-/mpath-0.5.1.tgz",
"integrity": "sha512-H8OVQ+QEz82sch4wbODFOz+3YQ61FYz/z3eJ5pIdbMEaUzDqA268Wd+Vt4Paw9TJfvDgVKaayC0gBzMIw2jhsg=="
},
"mquery": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/mquery/-/mquery-3.0.0.tgz",
"integrity": "sha512-WL1Lk8v4l8VFSSwN3yCzY9TXw+fKVYKn6f+w86TRzOLSE8k1yTgGaLBPUByJQi8VcLbOdnUneFV/y3Kv874pnQ==",
"version": "3.2.0",
"resolved": "https://registry.npmjs.org/mquery/-/mquery-3.2.0.tgz",
"integrity": "sha512-qPJcdK/yqcbQiKoemAt62Y0BAc0fTEKo1IThodBD+O5meQRJT/2HSe5QpBNwaa4CjskoGrYWsEyjkqgiE0qjhg==",
"requires": {
"bluebird": "3.5.0",
"debug": "2.6.9",
"bluebird": "3.5.1",
"debug": "3.1.0",
"regexp-clone": "0.0.1",
"sliced": "0.0.5"
"safe-buffer": "5.1.2",
"sliced": "1.0.1"
},
"dependencies": {
"debug": {
"version": "2.6.9",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
"integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
"requires": {
"ms": "2.0.0"
}
},
"ms": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
},
"sliced": {
"version": "0.0.5",
"resolved": "https://registry.npmjs.org/sliced/-/sliced-0.0.5.tgz",
"integrity": "sha1-XtwETKTrb3gW1Qui/GPiXY/kcH8="
"safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
}
}
},
@ -9023,10 +9034,13 @@
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
},
"saslprep": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/saslprep/-/saslprep-1.0.0.tgz",
"integrity": "sha512-5lvKUEQ7lAN5/vPl5d3k8FQeDbEamu9kizfATfLLWV5h6Mkh1xcieR1FSsJkcSRUk49lF2tAW8gzXWVwtwZVhw==",
"optional": true
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/saslprep/-/saslprep-1.0.2.tgz",
"integrity": "sha512-4cDsYuAjXssUSjxHKRe4DTZC0agDwsCqcMqtJAQPzC74nJ7LfAJflAtC1Zed5hMzEQKj82d3tuzqdGNRsLJ4Gw==",
"optional": true,
"requires": {
"sparse-bitfield": "^3.0.3"
}
},
"sax": {
"version": "1.2.4",
@ -9525,6 +9539,15 @@
"resolved": "https://registry.npmjs.org/sparkles/-/sparkles-1.0.1.tgz",
"integrity": "sha512-dSO0DDYUahUt/0/pD/Is3VIm5TGJjludZ0HVymmhYF6eNA53PVLhnUk0znSYbH8IYBuJdCE+1luR22jNLMaQdw=="
},
"sparse-bitfield": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/sparse-bitfield/-/sparse-bitfield-3.0.3.tgz",
"integrity": "sha1-/0rm5oZWBWuks+eSqzM004JzyhE=",
"optional": true,
"requires": {
"memory-pager": "^1.0.2"
}
},
"spawn-args": {
"version": "0.2.0",
"resolved": "https://registry.npmjs.org/spawn-args/-/spawn-args-0.2.0.tgz",

View File

@ -31,9 +31,9 @@
"imagemin-pngquant": "^5.0.0",
"jimp": "^0.6.0",
"jsonwebtoken": "^7.4.3",
"lodash": "^4.17.4",
"lodash": "^4.17.11",
"mkdirp": "^0.5.1",
"mongoose": "^5.0.3",
"mongoose": "^5.4.13",
"morgan": "^1.9.1",
"multer": "^1.3.0",
"node-html-parser": "^1.1.10",

View File

@ -115,78 +115,81 @@ errorResponseWare(app);
if (process.env.NODE_ENV === config.test.unit.env || process.env.NODE_ENV === config.test.dredd.env) {
const MongodbMemoryServer = require('mongodb-memory-server').default;
const mongoServer = new MongodbMemoryServer();
mongoose.Promise = Promise;
mongoServer.getConnectionString().then((mongoUri) => {
mongoose.connect(mongoUri, {useNewUrlParser: true});
mongoServer.getConnectionString()
.then((mongoUri) => {
mongoose.connect(mongoUri, config.database.mongooseConfig);
mongoose.connection.on('error', (e) => {
if (e.message.code === 'ETIMEDOUT') {
error(e);
mongoose.connect(mongoUri);
}
error(e);
});
mongoose.connection.on('error', (e) => {
if (e.message.code === 'ETIMEDOUT') {
error(e);
mongoose.connect(mongoUri);
}
error(e);
});
if (process.env.NODE_ENV === config.test.dredd.env) {
const mongoPortAndDB = mongoUri.replace('mongodb://localhost:', '').split('/');
exec(
__dirname + '/apib/dredd/populate-data.sh'
.concat(' -p ').concat(mongoPortAndDB[0])
.concat(' -d ').concat(mongoPortAndDB[1]), (err, stdout, stderr) => {
if (err) {
error(err.message);
} else {
logger('\x1b[32m%s\x1b[0m', stderr);
}
});
}
if (process.env.NODE_ENV === config.test.dredd.env) {
const mongoPortAndDB = mongoUri.replace('mongodb://localhost:', '').split('/');
exec(
__dirname + '/apib/dredd/populate-data.sh'
.concat(' -p ').concat(mongoPortAndDB[0])
.concat(' -d ').concat(mongoPortAndDB[1]), (err, stdout, stderr) => {
if (err) {
error(err.message);
} else {
logger('\x1b[32m%s\x1b[0m', stderr);
}
});
}
mongoose.connection.once('open', () => {
logger(`MongoDB successfully connected to ${mongoUri}`);
app.listen(config.test.port);
logger('Listening on port ' + config.test.port);
});
});
mongoose.connection.once('open', () => {
logger(`MongoDB successfully connected to ${mongoUri}`);
app.listen(config.test.port);
logger('Listening on port ' + config.test.port);
});
});
} else {
mongoose.connect(config.database.uri + config.database.db, {useNewUrlParser: true}).then((db) => {
let cronWorkerPID;
if (cluster.isMaster) {
// Fork workers
for (let i = 0; i < numWorkers; i++) {
if (i === 0) {
const spawnedWorker = cluster.fork({START_CRON: true});
cronWorkerPID = spawnedWorker.process.pid;
} else {
cluster.fork();
}
}
logger(`Master ${process.pid} is running. Forking ${numWorkers} workers`);
mongoose.connect(config.database.uri + config.database.db, config.database.mongooseConfig)
.then((db) => {
let cronWorkerPID;
if (cluster.isMaster) {
// Fork workers
for (let i = 0; i < numWorkers; i++) {
if (i === 0) {
const spawnedWorker = cluster.fork({START_CRON: true});
cronWorkerPID = spawnedWorker.process.pid;
} else {
cluster.fork();
}
}
logger(`Master ${process.pid} is running. Forking ${numWorkers} workers`);
// Check if worker id is died
cluster.on('exit', (worker, code, signal) => {
logger(`worker ${worker.process.pid} died`);
if (worker.process.pid === cronWorkerPID) {
const spawnedWorker = cluster.fork({START_CRON: true});
cronWorkerPID = spawnedWorker.process.pid;
} else {
cluster.fork();
}
});
} else {
app.listen(config.port, (err) => {
if (err) {
error(`Error on startup ${err}`);
} else {
logger(`Worker ${process.pid} started. Listening on port ${config.port}`);
if (process.env.START_CRON) {
logger(`Attaching cronJobs to cluster worker ${process.pid}`);
signatureCronJob.start();
backupCronJob.start();
}
}
});
}
});
// Check if worker id is died
cluster.on('exit', (worker, code, signal) => {
logger(`worker ${worker.process.pid} died`);
if (worker.process.pid === cronWorkerPID) {
const spawnedWorker = cluster.fork({START_CRON: true});
cronWorkerPID = spawnedWorker.process.pid;
} else {
cluster.fork();
}
});
} else {
app.listen(config.port, (err) => {
if (err) {
error(`Error on startup ${err}`);
} else {
logger(`Worker ${process.pid} started. Listening on port ${config.port}`);
if (process.env.START_CRON) {
logger(`Attaching cronJobs to cluster worker ${process.pid}`);
signatureCronJob.start();
backupCronJob.start();
}
}
});
}
});
}
module.exports = app;

3691
static/package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -39,13 +39,13 @@
"jquery-ui-bundle": "^1.11.4",
"ngx-clipboard": "^11.1.1",
"ngx-cookie-service": "^1.0.10",
"ngx-infinite-scroll": "^0.5.2",
"ngx-infinite-scroll": "^7.0.1",
"rxjs-compat": "^6.2.1",
"ts-helpers": "^1.1.2",
"zone.js": "^0.8.26"
},
"devDependencies": {
"@angular-devkit/build-angular": "^0.8.3",
"@angular-devkit/build-angular": "^0.13.1",
"@types/jasmine": "2.5.38",
"@types/node": "^6.0.89",
"codelyzer": "^4.4.2",