[Snyk] Fix for 1 vulnerabilities #2688
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* #1934 Move channel members types in features/channel-members/types * #1934 Update channel-members-api-client.ts * #1934 Add channel members state in features/channel-members * #1934 Add use channel members hook in features/channel-members * #1934 Implement channel members and pending emails state * #1934 Add use channel guests hook * #1927 Upgrade antd from 4.16.13 to 4.18.3 * #1928 Upgrade react-i18next from 11.12.0 to 11.15.3 * #1934 Implement Channel Members real time Co-authored-by: Romaric Mourgues <rmourgues@linagora.com>
* Fix issues * Fix #1976
* Fix translation and limit value * Fix how we manage active features * Fix join error 500 * Fix set request_url * Add link to go to the console see all the company members * Disable elasticsearch source
* Fix err 500 on join * Fix useless call to backend * Improve mentions test
add more verbose messages to start.sh
* Finaly, do not change all the versions * Get back to master versions * Types are magically ok now * Update amqplib * Update lock * Add redis to the list * Retry new versions * Add logs * Correctly init fastify and socket.io * Fix duplicated io * Try to see readyness issue * Put back code * Put back code * Fastify init before * Test 2 * Add a onReady function * Add binding * Not undefined * Add allowEIO3: true * Add some logs * Fix auth process * Execute all the tests
* Update dependancies * Update sass * Fix new types in Antd
* Set consistency level to quorum * Fix test configuration * Create utilities to fix db broken repair * Add fix thread tool * Prepare cluster migrator * Soon it will work * Fix import * Select only the dest columns * Add more fixes * Fix and add emojis * Add forceUpdateAll parameter * WIP * Add counters table ignored * Remove logs forgotten in #1987 * Add special fields handlers * Fixes from server tests * Add a script to copy messages specifically
* Channel + search changes * Add logs when es index is droped * Add option to reindex messages, also add options to the search endpoint * Add files in message searchable content * Fix addUsersToChannel in tests * Fix other stuff * Is this stuff used in tests ? * Fix search messages * Fix search prefixes * Fix tests for mongo too
* Avoid sending "members" in api response for non direct channels * Fix mobile redirection again * Fix css * Fix bug * Fix snake case / camel case * Fix tests for applications
* search impove * fix tests for casandra * fixed cache stuff * sender and has_files impl * some small last fixes * some small last fixes
* #1960 Implement users list search in frontend * #1960 Implement workspace list in user object * #1960 Add missing translations in workspace members table * #1960 Filter results in channel participants popup * #1960 Add guests in user list state * #1960 Allow mentions to use user list state * #1960 Add ellipsis in member channel row * #1960 Resolve threads
* Fix is writing css * Re-implement mentions highlighting * Typo + prepare large version of files * Update popup page view * Finish large view of files * Fix typo * Fix css for isWriting * Back to previous yarn.lock * FIx download route using findOne * Fix sending message before upload finishes * Update changelog.md
* 🌍Translated using Weblate (French) Currently translated at 100.0% (872 of 872 strings) 🌍Translated using Weblate (German) Currently translated at 97.3% (849 of 872 strings) Merge remote-tracking branch 'origin/develop' into develop Merge remote-tracking branch 'origin/develop' into develop Merge remote-tracking branch 'origin/develop' into develop 🌍Translated using Weblate (German) Currently translated at 97.3% (849 of 872 strings) 🌍Translated using Weblate (French) Currently translated at 100.0% (872 of 872 strings) 🌍Translated using Weblate (Esperanto) Currently translated at 0.0% (0 of 872 strings) 🌍Translated using Weblate (Italian) Currently translated at 99.1% (865 of 872 strings) 🌍Translated using Weblate (Sinhala) Currently translated at 95.8% (836 of 872 strings) 🌍Translated using Weblate (Chinese (Simplified)) Currently translated at 95.9% (837 of 872 strings) 🌍Translated using Weblate (Norwegian Bokmål) Currently translated at 95.9% (837 of 872 strings) 🌍Translated using Weblate (Turkish) Currently translated at 95.9% (837 of 872 strings) 🌍Translated using Weblate (Finnish) Currently translated at 95.9% (837 of 872 strings) 🌍Translated using Weblate (Basque) Currently translated at 96.4% (841 of 872 strings) 🌍Translated using Weblate (Vietnamese) Currently translated at 99.0% (864 of 872 strings) 🌍Translated using Weblate (Russian) Currently translated at 99.8% (871 of 872 strings) 🌍Translated using Weblate (Japanese) Currently translated at 95.9% (837 of 872 strings) 🌍Translated using Weblate (Spanish) Currently translated at 97.3% (849 of 872 strings) Co-authored-by: Anonymous <noreply@weblate.org> Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: J. Lavoie <j.lavoie@net-c.ca> Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/de/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/eo/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/es/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/eu/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/fi/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/fr/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/it/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/ja/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/nb_NO/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/ru/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/si/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/tr/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/vi/ Translate-URL: https://hosted.weblate.org/projects/linagora/twake-chat-web/zh_Hans/ Translation: Linagora/Twake Chat Web * Fix missing pinned messages * Update version Co-authored-by: Hosted Weblate <hosted@weblate.org> Co-authored-by: Anonymous <noreply@weblate.org> Co-authored-by: J. Lavoie <j.lavoie@net-c.ca>
* Start cleanup * Fix width for not large pictures * Improve preview generation, jwt cleaning, apps command * Make channels menus async loaded to have faster channels * Fixing state management bugs * FIx openDiscussion * Fix direct channels list not everywhere * Remove channels.js deprecated service * Put back auto select channel * Fix preview file before send + load bar * Add ascii folding * Update pinned view API and add flat option * Update dockers * Fix the dockers * Fix package.json and backend build * Fix docker * Add logs * Fix mongo search test * FIx typo in elasticsearch * Add logs for ES * Try to show the log * Fix #2031 * Fix #2031 * Fix direct chat not reordered automatically * Fix "Bar" channel is empty and won't load * Show the logs in es tests * Fix to locale lower case * Remove useless logs * Make sure users are deleted from where they should be deleted * Update comment + rm console.log
* Fix 500 error on ensureBadgesAreReachable * Fix error * Fix indexing command error
* app management * #2001 Refacto application management in frontend part 1 * #2001 Refacto application management in frontend part 2 * #2001 Fix backend applications schema * #2001 Add translations part 1 * Add options to run-all.js * Fix create application schema * Fix request auth on apps * Fix response code for tests * #2001 Add missing translations Co-authored-by: romka <8026787@gmail.com> Co-authored-by: Romaric Mourgues <rmourgues@linagora.com>
* Put back minimal stuff for search * Fix mention search with accents * Fix mention search with accents
* Fix include_users for flat=1 api * Debug * Fix tests
…ner (#2021) * Little fixs to create an applications and send message as an application * Implement hooks from Twake to app * Fix app company access * Add checks when sending hooks * Try to fix missing thread in notifyApp * Add thread in notify apps * Make sure object is null when thread isn't defined * Make sure object is null when thread isn't defined * Bootstraping plugins server * Add install command * Fix build * Fix tests * Fix for integations Co-authored-by: Romaric Mourgues <rmourgues@linagora.com> * update package-lock * Frontend button fix Co-authored-by: tissarni <tissarni> Co-authored-by: Romaric Mourgues <rmourgues@linagora.com>
* Include user in FlatFileFromMessage | FlatPinnedFromMessage * Fix stuff on applications side * Fix closing ephemeral in direct channel
* Fix notifications preferences, add realtime update of channel counter * Fix participants not loading * Improving #2488
🌟 added migration command to set every old messages as seen by everyone in public channels
* 🌟 Add sound type notification * 🌟 Add sound in push desktop notification * Try to find test error origin * Fixing frontend tests Co-authored-by: Romaric Mourgues <rmourgues@linagora.com>
* Fix potential not set cache * Fix minor frontend bug * Fix old mention stuff
* 🛠 Fix online service typo * Remove code
* Do not return files that doesn't exists anymore * Fix filter
* 🛠 Fix scrollbar on documents * Fix helpbar
* Refactored Dockerfiles to reduce excessive RUNs This will make docker builds use less layers for building images. Build time will also be increased (due to caching for fewer layers) Moved nginx images to multi-stage build and restructured the build steps * Readded missing slash * Modified the compose for local development * Changed to latest LTS and force legacy peer deps
* Fix https://huntr.dev/bounties/bfd935f4-2d1d-4d3f-8b59-522abe7dd065/ * Fix access control over posting messages to channels / threads * Fix typo * Fix some tests * Fix one of the tests * Fix test * Fix another test * Still fixing the search one * Fix 2 tests cases * Fixed some stuff * Fixed some stuff * Finished fixing tests
🎉 Yesterday we decided to change our software licenses to AGPL v3. We will adopt the AGPL v3 (without any modification) for Twake. It concerns 100% of the source code of the software. This approach is part of our plan to clarify LINAGORA's positioning and also to facilitate stronger links with our ecosystem.
Removes [cacheable-request](https://github.com/jaredwray/cacheable-request). It's no longer used after updating ancestor dependency [nodemon](https://github.com/remy/nodemon). These dependencies need to be updated together. Removes `cacheable-request` Updates `nodemon` from 2.0.4 to 2.0.20 - [Release notes](https://github.com/remy/nodemon/releases) - [Commits](remy/nodemon@v2.0.4...v2.0.20) --- updated-dependencies: - dependency-name: cacheable-request dependency-type: indirect - dependency-name: nodemon dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
…backend/node/cacheable-request-and-nodemon--removed Bump cacheable-request and nodemon in /twake/backend/node
…k.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020
guimard
force-pushed
the
snyk-fix-e43150a4cfe129946e079747eaaafe2f
branch
from
40fc2bd
to
1596048
Compare
RomaricMourgues
force-pushed
the
main
branch
2 times, most recently
from
d9b9f0a
to
224f83d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Currently trending on Twitter, Has a fix available, CVSS 7.7
SNYK-JS-JSONWEBTOKEN-3180020
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: fastify-jwt
The new version differs by 35 commits.See the full diff
Package name: jsonwebtoken
The new version differs by 17 commits.See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.