From e8a52851b216f7dfc510b3fc3a6ba516fb1c741d Mon Sep 17 00:00:00 2001 From: fossabot Date: Wed, 15 Jan 2020 04:20:04 -0800 Subject: [PATCH 01/26] Add license scan report and status Signed-off-by: fossabot --- README.md | 148 ++++++++---------------------------------------------- 1 file changed, 21 insertions(+), 127 deletions(-) diff --git a/README.md b/README.md index ff874887..4d108efe 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ provides an OAuth2 application enablement. ![FunctionalArchitecture](/docs/FunctionalArchitecture_openHAB-cloud_v1.0.png) +[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fcniweb%2Fopenhab-cloud.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fcniweb%2Fopenhab-cloud?ref=badge_shield) @@ -24,12 +25,14 @@ openHAB Cloud is mainly based on the following frameworks and technologies: * [Node.js](https://nodejs.org/en/) - Server-side Javascript-framework -* [Express.js](http://expressjs.com/) - Web application framework for Node.js +* [Express.js](http://redis.io) - Web application framework for Node.js * [Nginx](https://www.nginx.com/resources/wiki/) - Web server & reverse proxy * [MongoDB](https://www.mongodb.com/) - NoSQL database * [redis](http://redis.io) - Session Manager & data structure server * [Socket.IO](http://socket.io/) - Bi-directional communication between web clients and servers +Note: +At the moment openHAB Cloud needs a specific version (0.10.48) of Node.js installed. You can install [Node Version Manager](https://github.com/creationix/nvm) locally to manage the needed Node.js version. ### Quick start ### @@ -44,10 +47,10 @@ sudo apt-get update sudo apt-get upgrade ``` -We need to install redis, mongoDB, Nginx and Python: +We need to install redis, mongoDB and Nginx: ``` -sudo apt-get install build-essential redis-server mongodb nginx python +sudo apt-get install build-essential redis-server mongodb nginx ``` Now you need install git and clone the openHAB Cloud repository to your @@ -60,7 +63,7 @@ git clone https://github.com/openhab/openhab-cloud.git ``` -Clone the openhab-cloud repository and after the completed checkout you should have the directory in your chosen folder: +Clone the openhabcloud repository and after the completed checkout you should have the directory in your chosen folder: ``` ls -al total 32 @@ -69,25 +72,16 @@ drwxr-xr-x 3 root root 4096 Jun 4 12:34 .. -rw-r--r-- 1 ubuntu ubuntu 220 Apr 9 2014 .bash_logout -rw-r--r-- 1 ubuntu ubuntu 3637 Apr 9 2014 .bashrc drwx------ 2 ubuntu ubuntu 4096 Jun 4 16:30 .cache -drwxr-xr-x 13 root root 4096 Jun 4 17:06 openhab-cloud +drwxr-xr-x 13 root root 4096 Jun 4 17:06 openhabcloud -rw-r--r-- 1 ubuntu ubuntu 675 Apr 9 2014 .profile drwx------ 2 ubuntu ubuntu 4096 Jun 4 12:34 .ssh ``` -Now we need to change into the openhab-cloud directory and check if node is installed: - -``` -node --version -``` - - -If you see the node version, you are fine to continue (Note: openHAB Cloud is based on Node.js version 7.10.1). - To run openHAB Cloud you need to install the required software bundles/stacks: ``` -cd openhab-cloud +cd openhabcloud ``` ``` npm install @@ -97,6 +91,15 @@ and all the module dependencies from **package.json** will be resolved and neede +Now we need to change into the openhabcloud directory and check if node is installed: + +``` +ls -al +node --version +``` + + +If you see the node version, you are fine to continue. @@ -110,12 +113,6 @@ redis-cli ping ``` Redis will answer with PONG if all is fine. -In the next step you have to rename the system configuration file: -``` -config-production.json -> config.json -``` -Adjust the config parameters according your setup -(Note: MongoDB username and password fields should be deleted, if there is no authentication activated). Now you can run openHAB Cloud by the following command: ``` @@ -189,9 +186,6 @@ location /fonts { location /js-plugin { alias /home/ubuntu/openhabcloud/public/js-plugin; } -location /staff/js-plugin { - alias /home/ubuntu/openhabcloud/public/js-plugin; - } location /downloads { alias /home/ubuntu/openhabcloud/public/downloads; } @@ -224,99 +218,6 @@ You need to restart nginx: sudo service nginx restart ``` -## Docker ### - -The section describes how the openHAB-cloud docker images can be used with docker-compose -to spin up the dockerized openhab-cloud backend. - - -#### Architecture -The dockerized openhab-cloud uses a separate docker image and container for each part of the overall system -according to the following stack: -* app-1: node.js and express.js (openhab/openhab-cloud/app-1:latest) -* mongodb: MongoDB database (bitnami/mongodb:latest) -* nginx: nginx proxy (openhab/openhab-cloud/nginx:latest) -* redis: redis session manager (bitnami/redis:latest) - -#### Prerequisites -To run openhab-cloud make sure docker, docker-machine and docker-compose are installed on your machine. -More information at [Docker's website](https://docs.docker.com/) - -#### Configuration -You need to modify the ```config.json``` and adjust the hosts of mongodb and redis to match to the corresponding -container services of docker-compose: -``` - "mongodb": { - "hosts": ["mongodb"], - "db": "openhab", - "user": "", - "password": "" - }, - "redis": { - "host": "redis", - "port": "6379", - "password": "password" - }, -``` - -To change the server IP/DNS matching your installation, please refer to [Setting up Nginx](#setupNginx) - -#### Customization - -If you want to customize the openhab-cloud app or change e.g. configurations within ```config.json```, -you need to switch to the local build of the node app. Adjust the build stratgy in the ```docker-compose.yml``` -and replace the ```image``` section of ```docker-compose.yml``` with the following lines, to not use the official docker hub images anymore and switch to your local sources as base for the app-1 image: - -```build: - context: ./ - dockerfile: ./docker/node/Dockerfile -``` - -#### Run -To create and run the composed application, use the following command: -``` -docker-compose up -d -``` -or with forced recreate: -``` -docker-compose up -d --force-recreate -``` - -#### Logs - -To make sure openhab-cloud is running, check the openhab-cloud app logs: -``` -docker-compose logs app-1 -``` - -#### Stop & Cleanup - -To stop and remove the openhab-cloud containers, use the following commands of docker-compose: -``` -docker-compose stop -docker-compose rm -``` - -To perform a reset of the complete setup you can additionally stop all docker containers and remove -the related images and volumes by the following commands: -``` -docker stop $(docker ps -a -q) -docker rmi -f $(docker images -q) -docker volume rm $(docker volume ls |awk '{print $2}') -``` -You can also use this command to delete all: -``` -docker system prune -``` - -#### Access - -Navigate your browser to ```http://:``` and log in (e.g. http://localhost:80) - -#### Limitations -* Lets Encrypt SSL is missing in the images and will be added soon -* The nginx configuration at /etc/nginx_openhabcloud.conf will be reused - ## Installing openHAB Cloud on Amazon Web Services (AWS) ## @@ -478,13 +379,6 @@ http://YOUR-AWS-EC2-PUBLIC-DNS You should be ready with your openHAB Cloud installation! -# Release-Notes -## 1.0.5 -* When upgrading from older versions, please run the `./scripts/deleteDuplicateUserDevices.js` - script, start openhab-cloud once (and shut it down again) and then execute the following - statement in your MongoDB collection: - ``` - use - db.userdevices.reIndex() - ``` - This is necessary to ensure a unique index on the collection. \ No newline at end of file + +## License +[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fcniweb%2Fopenhab-cloud.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fcniweb%2Fopenhab-cloud?ref=badge_large) \ No newline at end of file From a62de7b87333c3c128c567268db366b1f929cc7c Mon Sep 17 00:00:00 2001 From: "whitesource-bolt-for-github[bot]" <42819689+whitesource-bolt-for-github[bot]@users.noreply.github.com> Date: Wed, 16 Sep 2020 13:26:06 +0000 Subject: [PATCH 02/26] Add .whitesource configuration file --- .whitesource | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .whitesource diff --git a/.whitesource b/.whitesource new file mode 100644 index 00000000..55b922e8 --- /dev/null +++ b/.whitesource @@ -0,0 +1,12 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff" + }, + "issueSettings": { + "minSeverityLevel": "LOW" + } +} \ No newline at end of file From a885c33e86d92f6dab0044cb0217b1c7ea1321b3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 16 Aug 2020 21:49:11 +0000 Subject: [PATCH 03/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-590103 --- package.json | 133 +++++++++++++++++++-------------------------------- 1 file changed, 50 insertions(+), 83 deletions(-) diff --git a/package.json b/package.json index 41b8d5b6..d9656f1c 100644 --- a/package.json +++ b/package.json @@ -1,85 +1,52 @@ { - "name": "openhabcloud", - "description": "openHAB cloud service", - "version": "1.0.10", - "private": true, - "scripts": { - "start": "node app.js", - "test": "nyc --reporter=html mocha tests/mocha/unit/**/*.js --recursive", - "integration_tests": "node tests/ohc_simulator_docker.js & mocha tests/mocha/integration/*.js" - }, - "dependencies": { - "apn": "1.7.6", - "bcrypt-cache": "^1.0.2", - "bcrypt": "1.0.2", - "body-parser": "^1.17.2", - "chokidar": "0.6.2", - "connect-flash": "0.1.1", - "connect-mongodb": "1.1.5", - "connect-redis": "3.1.0", - "cookie-parser": "^1.4.3", - "cron": "1.0.3", - "csurf": "^1.9.0", - "ejs": "2.5.5", - "ejs-locals": "1.0.2", - "email-templates": "3.3.2", - "errorhandler": "^1.5.0", - "express": "^4.16.4", - "express-form": "0.12.6", - "express-session": "^1.15.3", - "firebase-messaging": "^1.0.6", - "heapdump": "0.3.7", - "hiredis": "0.5.0", - "less-middleware": "2.2.0", - "memwatch-next": "0.3.0", - "method-override": "^2.3.9", - "moment": "2.20.1", - "mongoose": "5.7.6", - "mongoose-cache": "0.1.4", - "mongoose-types": "1.0.3", - "morgan": "^1.8.2", - "node-gcm": "0.14.4", - "node-xmpp-client": "3.2.0", - "nodemailer": "4.0.1", - "oauth2orize": "^1.11.0", - "passport": "0.1.18", - "passport-http": "0.2.2", - "passport-http-bearer": "1.0.1", - "passport-local": "1.0.0", - "passport-oauth2-client-password": "0.1.2", - "ratelimiter": "2.1.3", - "redis": "2.6.2", - "request": "^2.88.0", - "serve-favicon": "^2.4.3", - "serve-static": "^1.12.3", - "socket.io": "1.3.7", - "socket.io-client": "1.1.0", - "socket.io-redis": "0.1.4", - "time": "0.11.4", - "timezone": "0.0.23", - "uuid": "3.0.1", - "winston": "3.0.0", - "winston-daily-rotate-file": "^3.5.1" - }, - "devDependencies": { - "chai": "^4.2.0", - "cheerio": "^1.0.0-rc.2", - "docker-compose": "^0.9.2", - "grunt": "^1.0.1", - "grunt-express-server": "^0.5.3", - "grunt-mocha-test": "^0.13.2", - "grunt-qunit-node": "^0.1.0", - "istanbul": "^0.4.5", - "mocha": "^3.5.3", - "node-gyp": "^3.8.0", - "nyc": "^13.1.0", - "qunit": "^2.5.0", - "should": "^11.2.1", - "sinon": "^7.1.1", - "sinon-express-mock": "^2.1.0", - "sinon-mock-server": "^0.4.1", - "sinon-mongoose": "^2.2.1", - "supertest": "^3.0.0", - "supertest-session": "^3.3.0" - } + "name": "openhabcloud", + "description": "openHAB cloud service main package", + "version": "0.0.2", + "private": true, + "scripts": { + "start": "node app.js" + }, + "dependencies": { + "express": "3.20.2", + "ejs": "0.8.4", + "less-middleware": "0.1.11", + "socket.io": "1.3.7", + "socket.io-client": "1.1.0", + "request": "2.16.6", + "mongoose": "4.4.8", + "mongoose-types": "1.0.3", + "passport": "0.1.18", + "passport-local": "1.0.0", + "bcrypt": "0.8.3", + "connect-mongodb": "1.1.5", + "redis": "2.6.2", + "hiredis": "0.4", + "ejs-locals": "1.0.2", + "express-form": "0.8.x", + "connect-flash": "0.1.1", + "chokidar": "0.6.2", + "uuid": "1.4.1", + "node-gcm": "1.0.0", + "winston": "0.7.2", + "nodemailer": "0.5.2", + "connect-redis": "3.1.0", + "email-templates": "2.4.1", + "moment": "2.3.1", + "timezone": "0.0.23", + "time": "0.11.3", + "node-xmpp": "0.8.0", + "cron": "1.0.3", + "apn": "1.7.6", + "oauth2orize": "1.0.1", + "passport-http": "0.2.2", + "passport-oauth2-client-password": "0.1.2", + "passport-http-bearer": "1.0.1", + "socket.io-redis": "0.1.4", + "memwatch": "0.2.2", + "heapdump": "0.3.7", + "socket.io-redis": "1.0.0", + "mongoose-cache": "0.1.4", + "ratelimiter":"2.1.3", + "express-session":"1.14.1" + } } From c075d1088926352d6ce2173e2d8b3419426d1777 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 1 Jul 2020 21:49:12 +0000 Subject: [PATCH 04/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BCRYPT-572911 - https://snyk.io/vuln/SNYK-JS-BCRYPT-575033 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d9656f1c..a68e3124 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "mongoose-types": "1.0.3", "passport": "0.1.18", "passport-local": "1.0.0", - "bcrypt": "0.8.3", + "bcrypt": "5.0.0", "connect-mongodb": "1.1.5", "redis": "2.6.2", "hiredis": "0.4", From 49224799e7fdece23268c92ad1708925727e1b2a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 12 Nov 2020 21:53:29 +0000 Subject: [PATCH 05/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a68e3124..f72196c0 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "uuid": "1.4.1", "node-gcm": "1.0.0", "winston": "0.7.2", - "nodemailer": "0.5.2", + "nodemailer": "6.4.16", "connect-redis": "3.1.0", "email-templates": "2.4.1", "moment": "2.3.1", From c23e786e89f74b0da6055ba8240ffae7d4c396b8 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 24 Nov 2020 21:21:06 +0000 Subject: [PATCH 06/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:base64-url:20180512 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a68e3124..8a8deb90 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ "start": "node app.js" }, "dependencies": { - "express": "3.20.2", + "express": "3.21.0", "ejs": "0.8.4", "less-middleware": "0.1.11", "socket.io": "1.3.7", From 7fdea3c685a1325652dd37e05489adf6f80da1e7 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 24 Nov 2020 21:23:58 +0000 Subject: [PATCH 07/26] fix: upgrade request from 2.16.6 to 2.88.2 Snyk has created this PR to upgrade request from 2.16.6 to 2.88.2. See this package in npm: https://www.npmjs.com/package/request See this project in Snyk: https://app.snyk.io/org/cniweb/project/e23909dd-248d-4bb8-b1df-f6e61c809a6d?utm_source=github&utm_medium=upgrade-pr --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a68e3124..e9621598 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "less-middleware": "0.1.11", "socket.io": "1.3.7", "socket.io-client": "1.1.0", - "request": "2.16.6", + "request": "2.88.2", "mongoose": "4.4.8", "mongoose-types": "1.0.3", "passport": "0.1.18", From 84829fc1fc6f38569bc1f6bb8adc151b360c490e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 24 Nov 2020 21:24:03 +0000 Subject: [PATCH 08/26] fix: upgrade moment from 2.3.1 to 2.29.1 Snyk has created this PR to upgrade moment from 2.3.1 to 2.29.1. See this package in npm: https://www.npmjs.com/package/moment See this project in Snyk: https://app.snyk.io/org/cniweb/project/e23909dd-248d-4bb8-b1df-f6e61c809a6d?utm_source=github&utm_medium=upgrade-pr --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a68e3124..775daae6 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "nodemailer": "0.5.2", "connect-redis": "3.1.0", "email-templates": "2.4.1", - "moment": "2.3.1", + "moment": "2.29.1", "timezone": "0.0.23", "time": "0.11.3", "node-xmpp": "0.8.0", From aa6a56df21574ff5bedf6eea45457e8583e3e993 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 24 Nov 2020 21:24:15 +0000 Subject: [PATCH 09/26] fix: upgrade cron from 1.0.3 to 1.8.2 Snyk has created this PR to upgrade cron from 1.0.3 to 1.8.2. See this package in npm: https://www.npmjs.com/package/cron See this project in Snyk: https://app.snyk.io/org/cniweb/project/e23909dd-248d-4bb8-b1df-f6e61c809a6d?utm_source=github&utm_medium=upgrade-pr --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a68e3124..e37fb547 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "timezone": "0.0.23", "time": "0.11.3", "node-xmpp": "0.8.0", - "cron": "1.0.3", + "cron": "1.8.2", "apn": "1.7.6", "oauth2orize": "1.0.1", "passport-http": "0.2.2", From d746fb568b4b294f143c9269e667b4c0bd277e5e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 25 Nov 2020 21:18:42 +0000 Subject: [PATCH 10/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:ws:20171108 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a68e3124..346e1f52 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ "express": "3.20.2", "ejs": "0.8.4", "less-middleware": "0.1.11", - "socket.io": "1.3.7", + "socket.io": "1.7.4", "socket.io-client": "1.1.0", "request": "2.16.6", "mongoose": "4.4.8", From 046f2b2cd66d738f6bfc28a739ab1443a6fc0f95 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 8 Dec 2020 21:33:39 +0000 Subject: [PATCH 11/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:ms:20170412 --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 60891eff..3bef4505 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ "start": "node app.js" }, "dependencies": { - "express": "3.21.0", + "express": "4.15.3", "ejs": "0.8.4", "less-middleware": "0.1.11", "socket.io": "1.3.7", @@ -35,7 +35,7 @@ "timezone": "0.0.23", "time": "0.11.3", "node-xmpp": "0.8.0", - "cron": "1.8.2", + "cron": "1.0.3", "apn": "1.7.6", "oauth2orize": "1.0.1", "passport-http": "0.2.2", From 0c9bf2bee06cb5baed2557c39193069f79d301d0 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 8 Dec 2020 21:33:57 +0000 Subject: [PATCH 12/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:base64-url:20180512 - https://snyk.io/vuln/npm:hawk:20160119 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:ms:20151024 - https://snyk.io/vuln/npm:negotiator:20160616 - https://snyk.io/vuln/npm:qs:20140806 - https://snyk.io/vuln/npm:qs:20140806-1 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:request:20160119 - https://snyk.io/vuln/npm:tunnel-agent:20170305 --- package.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 9ff08e25..48956db8 100644 --- a/package.json +++ b/package.json @@ -10,9 +10,9 @@ "express": "3.21.0", "ejs": "0.8.4", "less-middleware": "0.1.11", - "socket.io": "1.7.4", + "socket.io": "1.3.7", "socket.io-client": "1.1.0", - "request": "2.88.2", + "request": "2.82.0", "mongoose": "4.4.8", "mongoose-types": "1.0.3", "passport": "0.1.18", @@ -35,7 +35,7 @@ "timezone": "0.0.23", "time": "0.11.3", "node-xmpp": "0.8.0", - "cron": "1.8.2", + "cron": "1.0.3", "apn": "1.7.6", "oauth2orize": "1.0.1", "passport-http": "0.2.2", From 08ad07de61752755c060261178075d52650bc258 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 8 Dec 2020 21:34:09 +0000 Subject: [PATCH 13/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:ms:20170412 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9ff08e25..500170d0 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ "start": "node app.js" }, "dependencies": { - "express": "3.21.0", + "express": "4.15.3", "ejs": "0.8.4", "less-middleware": "0.1.11", "socket.io": "1.7.4", From 329c22c56b1aa2a55b4b407d08fb83905171b117 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 8 Dec 2020 21:54:02 +0000 Subject: [PATCH 14/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-584908 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:mime:20170907 --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 506bcd85..1b60b328 100644 --- a/package.json +++ b/package.json @@ -7,12 +7,12 @@ "start": "node app.js" }, "dependencies": { - "express": "4.15.3", + "express": "4.16.0", "ejs": "0.8.4", "less-middleware": "0.1.11", "socket.io": "1.3.7", "socket.io-client": "1.1.0", - "request": "2.82.0", + "request": "2.88.0", "mongoose": "4.4.8", "mongoose-types": "1.0.3", "passport": "0.1.18", From 0528a9d738547073de450ec5ff3bdf56eb7f5f7b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 8 Dec 2020 21:54:05 +0000 Subject: [PATCH 15/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-584908 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 506bcd85..8f6b614f 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "less-middleware": "0.1.11", "socket.io": "1.3.7", "socket.io-client": "1.1.0", - "request": "2.82.0", + "request": "2.88.0", "mongoose": "4.4.8", "mongoose-types": "1.0.3", "passport": "0.1.18", From 8aee489c9934c750f085b6c731114f1b6a18b2a1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 8 Dec 2020 21:55:47 +0000 Subject: [PATCH 16/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:mime:20170907 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1b60b328..c0a57d56 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "less-middleware": "0.1.11", "socket.io": "1.3.7", "socket.io-client": "1.1.0", - "request": "2.88.0", + "request": "2.82.0", "mongoose": "4.4.8", "mongoose-types": "1.0.3", "passport": "0.1.18", From 4870269e54054959a4dacef6caed664f6a78e4a1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 8 Dec 2020 21:58:45 +0000 Subject: [PATCH 17/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-584908 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c0a57d56..1b60b328 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "less-middleware": "0.1.11", "socket.io": "1.3.7", "socket.io-client": "1.1.0", - "request": "2.82.0", + "request": "2.88.0", "mongoose": "4.4.8", "mongoose-types": "1.0.3", "passport": "0.1.18", From d67ee9445b2ac54019c8e4659a59c77d7d93aa30 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 9 Dec 2020 06:52:33 +0000 Subject: [PATCH 18/26] fix: upgrade jquery from 1.8.3 to 1.12.4 Snyk has created this PR to upgrade jquery from 1.8.3 to 1.12.4. See this package in npm: https://www.npmjs.com/package/jquery See this project in Snyk: https://app.snyk.io/org/cniweb/project/ecf3e463-f04d-430b-9265-a9113e5aac0c?utm_source=github&utm_medium=upgrade-pr --- public/js-plugin/bootstrap-select/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/js-plugin/bootstrap-select/package.json b/public/js-plugin/bootstrap-select/package.json index 1afeaa54..f4a19a05 100644 --- a/public/js-plugin/bootstrap-select/package.json +++ b/public/js-plugin/bootstrap-select/package.json @@ -19,7 +19,7 @@ } ], "dependencies": { - "jquery": "1.8" + "jquery": "1.12.4" }, "keywords": [] } From 5081b359621e84715ed7abe292a76cdc3b63c4de Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 10 Dec 2020 21:23:50 +0000 Subject: [PATCH 19/26] fix: upgrade cron from 1.0.3 to 1.8.2 Snyk has created this PR to upgrade cron from 1.0.3 to 1.8.2. See this package in npm: https://www.npmjs.com/package/cron See this project in Snyk: https://app.snyk.io/org/cniweb/project/e23909dd-248d-4bb8-b1df-f6e61c809a6d?utm_source=github&utm_medium=upgrade-pr --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1b60b328..23bfe77d 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "timezone": "0.0.23", "time": "0.11.3", "node-xmpp": "0.8.0", - "cron": "1.0.3", + "cron": "1.8.2", "apn": "1.7.6", "oauth2orize": "1.0.1", "passport-http": "0.2.2", From a4152f1977e07873405268631c4a40dacf9133dd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 10 Dec 2020 21:23:55 +0000 Subject: [PATCH 20/26] fix: upgrade timezone from 0.0.23 to 0.0.48 Snyk has created this PR to upgrade timezone from 0.0.23 to 0.0.48. See this package in npm: https://www.npmjs.com/package/timezone See this project in Snyk: https://app.snyk.io/org/cniweb/project/e23909dd-248d-4bb8-b1df-f6e61c809a6d?utm_source=github&utm_medium=upgrade-pr --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1b60b328..40fb02d0 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "connect-redis": "3.1.0", "email-templates": "2.4.1", "moment": "2.29.1", - "timezone": "0.0.23", + "timezone": "0.0.48", "time": "0.11.3", "node-xmpp": "0.8.0", "cron": "1.0.3", From 90cc3b23000a1eeeaf368a22e685a32f604a40bb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 10 Dec 2020 21:24:01 +0000 Subject: [PATCH 21/26] fix: upgrade socket.io from 1.3.7 to 1.7.4 Snyk has created this PR to upgrade socket.io from 1.3.7 to 1.7.4. See this package in npm: https://www.npmjs.com/package/socket.io See this project in Snyk: https://app.snyk.io/org/cniweb/project/e23909dd-248d-4bb8-b1df-f6e61c809a6d?utm_source=github&utm_medium=upgrade-pr --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1b60b328..b2903539 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ "express": "4.16.0", "ejs": "0.8.4", "less-middleware": "0.1.11", - "socket.io": "1.3.7", + "socket.io": "1.7.4", "socket.io-client": "1.1.0", "request": "2.88.0", "mongoose": "4.4.8", From 86621ad88899ef346e6e50495da57141ce172b9e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 10 Dec 2020 21:24:06 +0000 Subject: [PATCH 22/26] fix: upgrade oauth2orize from 1.0.1 to 1.11.0 Snyk has created this PR to upgrade oauth2orize from 1.0.1 to 1.11.0. See this package in npm: https://www.npmjs.com/package/oauth2orize See this project in Snyk: https://app.snyk.io/org/cniweb/project/e23909dd-248d-4bb8-b1df-f6e61c809a6d?utm_source=github&utm_medium=upgrade-pr --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1b60b328..68122fb5 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ "node-xmpp": "0.8.0", "cron": "1.0.3", "apn": "1.7.6", - "oauth2orize": "1.0.1", + "oauth2orize": "1.11.0", "passport-http": "0.2.2", "passport-oauth2-client-password": "0.1.2", "passport-http-bearer": "1.0.1", From 2c1a1993769a511a2b0b7b13ae44e4ea73fe5fd5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 10 Dec 2020 21:24:10 +0000 Subject: [PATCH 23/26] fix: upgrade express-form from 0.8.1 to 0.12.6 Snyk has created this PR to upgrade express-form from 0.8.1 to 0.12.6. See this package in npm: https://www.npmjs.com/package/express-form See this project in Snyk: https://app.snyk.io/org/cniweb/project/e23909dd-248d-4bb8-b1df-f6e61c809a6d?utm_source=github&utm_medium=upgrade-pr --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1b60b328..08416e57 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "redis": "2.6.2", "hiredis": "0.4", "ejs-locals": "1.0.2", - "express-form": "0.8.x", + "express-form": "0.12.6", "connect-flash": "0.1.1", "chokidar": "0.6.2", "uuid": "1.4.1", From 85f11705536d91d2a138ecfb0d988be126c33a31 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 13 Dec 2020 21:19:09 +0000 Subject: [PATCH 24/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MQUERY-1050858 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1b60b328..8ee0b815 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ "socket.io": "1.3.7", "socket.io-client": "1.1.0", "request": "2.88.0", - "mongoose": "4.4.8", + "mongoose": "5.11.7", "mongoose-types": "1.0.3", "passport": "0.1.18", "passport-local": "1.0.0", From 8f83aa640d4b8e165bb4e9a582d06ed603271c2a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 22 Nov 2022 06:17:59 +0000 Subject: [PATCH 25/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a2e81c41..9d539ac6 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ "express": "4.16.0", "ejs": "0.8.4", "less-middleware": "0.1.11", - "socket.io": "1.7.4", + "socket.io": "2.5.0", "socket.io-client": "1.1.0", "request": "2.88.0", "mongoose": "5.11.7", From 29cf07a7b2e09cf24c03a7978d47d6faa37b336d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 28 Nov 2023 22:31:11 +0000 Subject: [PATCH 26/26] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-REQUEST-3361831 - https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752 - https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-3091012 - https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 - https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251 - https://snyk.io/vuln/npm:clean-css:20180306 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:parsejson:20170908 - https://snyk.io/vuln/npm:uglify-js:20150824 - https://snyk.io/vuln/npm:uglify-js:20151024 --- package.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index 9d539ac6..4fce978e 100644 --- a/package.json +++ b/package.json @@ -11,13 +11,13 @@ "ejs": "0.8.4", "less-middleware": "0.1.11", "socket.io": "2.5.0", - "socket.io-client": "1.1.0", + "socket.io-client": "2.0.0", "request": "2.88.0", "mongoose": "5.11.7", "mongoose-types": "1.0.3", "passport": "0.1.18", "passport-local": "1.0.0", - "bcrypt": "5.0.0", + "bcrypt": "5.0.1", "connect-mongodb": "1.1.5", "redis": "2.6.2", "hiredis": "0.4", @@ -26,22 +26,22 @@ "connect-flash": "0.1.1", "chokidar": "0.6.2", "uuid": "1.4.1", - "node-gcm": "1.0.0", - "winston": "0.7.2", + "node-gcm": "1.1.0", + "winston": "0.8.0", "nodemailer": "6.4.16", "connect-redis": "3.1.0", - "email-templates": "2.4.1", + "email-templates": "7.1.1", "moment": "2.29.1", "timezone": "0.0.48", "time": "0.11.3", - "node-xmpp": "0.8.0", + "node-xmpp": "1.0.3", "cron": "1.8.2", "apn": "1.7.6", "oauth2orize": "1.11.0", "passport-http": "0.2.2", "passport-oauth2-client-password": "0.1.2", "passport-http-bearer": "1.0.1", - "socket.io-redis": "0.1.4", + "socket.io-redis": "5.0.0", "memwatch": "0.2.2", "heapdump": "0.3.7", "socket.io-redis": "1.0.0",