From 9c3bd24720cfce1152d85747a377eae13c6e0384 Mon Sep 17 00:00:00 2001 From: Gabriel Fournier Date: Wed, 12 Jun 2024 11:18:05 -0400 Subject: [PATCH 1/3] fix: update to @szure/identity@4 to resolve CVEs / GHSAs https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 --- package-lock.json | 43 ++++++++++++++++++++++++++++--------------- package.json | 2 +- 2 files changed, 29 insertions(+), 16 deletions(-) diff --git a/package-lock.json b/package-lock.json index a031bab27..0306622dd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@azure/core-auth": "^1.3.0", "@azure/core-client": "^1.0.0", "@azure/core-rest-pipeline": "^1.9.2", - "@azure/identity": "^3.1.3", + "@azure/identity": "^4.2.1", "@azure/monitor-opentelemetry": "^1.5.0", "@azure/monitor-opentelemetry-exporter": "^1.0.0-beta.23", "@azure/opentelemetry-instrumentation-azure-sdk": "^1.0.0-beta.5", @@ -161,19 +161,20 @@ } }, "node_modules/@azure/identity": { - "version": "3.4.2", - "resolved": "https://registry.npmjs.org/@azure/identity/-/identity-3.4.2.tgz", - "integrity": "sha512-0q5DL4uyR0EZ4RXQKD8MadGH6zTIcloUoS/RVbCpNpej4pwte0xpqYxk8K97Py2RiuUvI7F4GXpoT4046VfufA==", + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/@azure/identity/-/identity-4.2.1.tgz", + "integrity": "sha512-U8hsyC9YPcEIzoaObJlRDvp7KiF0MGS7xcWbyJSVvXRkC/HXo1f0oYeBYmEvVgRfacw7GHf6D6yAoh9JHz6A5Q==", + "license": "MIT", "dependencies": { "@azure/abort-controller": "^1.0.0", "@azure/core-auth": "^1.5.0", "@azure/core-client": "^1.4.0", "@azure/core-rest-pipeline": "^1.1.0", "@azure/core-tracing": "^1.0.0", - "@azure/core-util": "^1.6.1", + "@azure/core-util": "^1.3.0", "@azure/logger": "^1.0.0", - "@azure/msal-browser": "^3.5.0", - "@azure/msal-node": "^2.5.1", + "@azure/msal-browser": "^3.11.1", + "@azure/msal-node": "^2.9.2", "events": "^3.0.0", "jws": "^4.0.0", "open": "^8.0.0", @@ -181,7 +182,7 @@ "tslib": "^2.2.0" }, "engines": { - "node": ">=14.0.0" + "node": ">=18.0.0" } }, "node_modules/@azure/identity/node_modules/@azure/abort-controller": { @@ -288,11 +289,12 @@ } }, "node_modules/@azure/msal-node": { - "version": "2.8.1", - "resolved": "https://registry.npmjs.org/@azure/msal-node/-/msal-node-2.8.1.tgz", - "integrity": "sha512-VcZZM+5VvCWRBTOF7SxMKaxrz+EXjntx2u5AQe7QE06e6FuPJElGBrImgNgCh5QmFaNCfVFO+3qNR7UoFD/Gfw==", + "version": "2.9.2", + "resolved": "https://registry.npmjs.org/@azure/msal-node/-/msal-node-2.9.2.tgz", + "integrity": "sha512-8tvi6Cos3m+0KmRbPjgkySXi+UQU/QiuVRFnrxIwt5xZlEEFa69O04RTaNESGgImyBBlYbo2mfE8/U8Bbdk1WQ==", + "license": "MIT", "dependencies": { - "@azure/msal-common": "14.10.0", + "@azure/msal-common": "14.12.0", "jsonwebtoken": "^9.0.0", "uuid": "^8.3.0" }, @@ -300,6 +302,15 @@ "node": ">=16" } }, + "node_modules/@azure/msal-node/node_modules/@azure/msal-common": { + "version": "14.12.0", + "resolved": "https://registry.npmjs.org/@azure/msal-common/-/msal-common-14.12.0.tgz", + "integrity": "sha512-IDDXmzfdwmDkv4SSmMEyAniJf6fDu3FJ7ncOjlxkDuT85uSnLEhZi3fGZpoR7T4XZpOMx9teM9GXBgrfJgyeBw==", + "license": "MIT", + "engines": { + "node": ">=0.8.0" + } + }, "node_modules/@azure/opentelemetry-instrumentation-azure-sdk": { "version": "1.0.0-beta.5", "resolved": "https://registry.npmjs.org/@azure/opentelemetry-instrumentation-azure-sdk/-/opentelemetry-instrumentation-azure-sdk-1.0.0-beta.5.tgz", @@ -803,9 +814,10 @@ } }, "node_modules/@grpc/grpc-js": { - "version": "1.10.8", - "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.10.8.tgz", - "integrity": "sha512-vYVqYzHicDqyKB+NQhAc54I1QWCBLCrYG6unqOIcBTHx+7x8C9lcoLj3KVJXs2VB4lUbpWY+Kk9NipcbXYWmvg==", + "version": "1.10.9", + "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.10.9.tgz", + "integrity": "sha512-5tcgUctCG0qoNyfChZifz2tJqbRbXVO9J7X6duFcOjY3HUNCxg5D0ZCK7EP9vIcZ0zRpLU9bWkyCqVCLZ46IbQ==", + "license": "Apache-2.0", "dependencies": { "@grpc/proto-loader": "^0.7.13", "@js-sdsl/ordered-map": "^4.4.2" @@ -1029,6 +1041,7 @@ "version": "4.4.2", "resolved": "https://registry.npmjs.org/@js-sdsl/ordered-map/-/ordered-map-4.4.2.tgz", "integrity": "sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw==", + "license": "MIT", "funding": { "type": "opencollective", "url": "https://opencollective.com/js-sdsl" diff --git a/package.json b/package.json index ac63a118f..d5ae3686b 100644 --- a/package.json +++ b/package.json @@ -67,7 +67,7 @@ "@azure/core-auth": "^1.3.0", "@azure/core-client": "^1.0.0", "@azure/core-rest-pipeline": "^1.9.2", - "@azure/identity": "^3.1.3", + "@azure/identity": "^4.2.1", "@azure/monitor-opentelemetry": "^1.5.0", "@azure/monitor-opentelemetry-exporter": "^1.0.0-beta.23", "@azure/opentelemetry-instrumentation-azure-sdk": "^1.0.0-beta.5", From a21f82a0f32d175ebab322de003473aea2adb762 Mon Sep 17 00:00:00 2001 From: Gabriel Fournier Date: Wed, 12 Jun 2024 11:19:17 -0400 Subject: [PATCH 2/3] test: mark generateKey.sh as executable --- test/certs/generateKey.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 test/certs/generateKey.sh diff --git a/test/certs/generateKey.sh b/test/certs/generateKey.sh old mode 100644 new mode 100755 From e740d69cc5098c70e62fd32427994a775bb96575 Mon Sep 17 00:00:00 2001 From: Gabriel Fournier Date: Wed, 12 Jun 2024 11:21:55 -0400 Subject: [PATCH 3/3] test: rename runBackCompatTests.js to match scripts on Case-Sensitive File System Same to its oldTSC Folder fix JS imports in backcompattest script --- ...nBackCompatTests.js => runBackCompatTests.js} | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) rename test/backCompatibility/{RunBackCompatTests.js => runBackCompatTests.js} (86%) diff --git a/test/backCompatibility/RunBackCompatTests.js b/test/backCompatibility/runBackCompatTests.js similarity index 86% rename from test/backCompatibility/RunBackCompatTests.js rename to test/backCompatibility/runBackCompatTests.js index ff08f18e5..ec5caeb8f 100644 --- a/test/backCompatibility/RunBackCompatTests.js +++ b/test/backCompatibility/runBackCompatTests.js @@ -1,6 +1,6 @@ -const fs } from 'fs'); -const path } from 'path'); -const childProcess } from 'child_process'); +const fs = require('fs'); +const path = require('path'); +const childProcess = require('child_process'); function help() { console.log( @@ -35,7 +35,7 @@ function run(cmd, workingDir) { }); return { code: proc.status, - output: proc.output.map(v => String.fromCharCode.apply(null, v)).join("") + output: proc.output ? proc.output.map(v => String.fromCharCode.apply(null, v)).join("") : "" } } @@ -71,16 +71,16 @@ function main() { // OldTSC console.info("Testing compilation in app with TSC 4.0.0 and node 8 types..."); - run("npm uninstall applicationinsights", "./OldTSC"); - if (run("npm install", "./OldTSC").code !== 0) { + run("npm uninstall applicationinsights", "./oldTSC"); + if (run("npm install", "./oldTSC").code !== 0) { console.error("Could not install OldTSC dependencies!") return 1; } - if (run("npm install --no-save " + path, "./OldTSC").code !== 0) { + if (run("npm install --no-save " + path, "./oldTSC").code !== 0) { console.error("Could not install SDK in OldTSC!"); return 1; } - if(runLive("npm run build", "./OldTSC").code !== 0) { + if(runLive("npm run build", "./oldTSC").code !== 0) { console.error("Test FAILED!") return 1; }