From 6a658c45b53db0d1e5e2a56d4c53ec5d4cca93df Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Mon, 30 Nov 2020 20:03:04 +0100 Subject: [PATCH] Upgrade some deps: helmet, slack, amplitude and short-uuid (#12817) * upgrade helmet to version 4 * deps(short-uuid): upgrade to version 4, closes #12573 * deps(slack): upgrade to version 4 * deps(slack): upgrade to version 5, closes #11442 * deps(amplitude): upgrade to latest version use api v2 * fix tests * slack tests: return promise * refactor slack setup for tests * fix slack unit tests --- package-lock.json | 357 ++---------------- package.json | 8 +- test/api/unit/libs/slack.js | 5 +- .../integration/chat/POST-chat.flag.test.js | 4 +- .../api/v3/integration/chat/POST-chat.test.js | 6 +- website/server/libs/slack.js | 154 ++++---- website/server/middlewares/index.js | 8 +- 7 files changed, 131 insertions(+), 411 deletions(-) diff --git a/package-lock.json b/package-lock.json index bc45e658c9..af1385fed7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1363,47 +1363,28 @@ "integrity": "sha512-+iTbntw2IZPb/anVDbypzfQa+ay64MW0Zo8aJ8gZPWMMK6/OubMVb6lUPMagqjOPnmtauXnFCACVl3O7ogjeqQ==", "dev": true }, - "@slack/client": { - "version": "4.12.0", - "resolved": "https://registry.npmjs.org/@slack/client/-/client-4.12.0.tgz", - "integrity": "sha512-ltbdkcIWk2eIptCCT/oPmeCGlG8xb3kXfwuPTtvNujioLMo2xXqiPdfl7xK+AeUfnvj3fJLYbpTPuBTscuhgzw==", + "@slack/types": { + "version": "1.10.0", + "resolved": "https://registry.npmjs.org/@slack/types/-/types-1.10.0.tgz", + "integrity": "sha512-tA7GG7Tj479vojfV3AoxbckalA48aK6giGjNtgH6ihpLwTyHE3fIgRrvt8TWfLwW8X8dyu7vgmAsGLRG7hWWOg==" + }, + "@slack/webhook": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/@slack/webhook/-/webhook-5.0.3.tgz", + "integrity": "sha512-51vnejJ2zABNumPVukOLyerpHQT39/Lt0TYFtOEz/N2X77bPofOgfPj2atB3etaM07mxWHLT9IRJ4Zuqx38DkQ==", "requires": { - "@types/form-data": "^2.2.1", - "@types/is-stream": "^1.1.0", - "@types/node": ">=6.0.0", - "@types/p-cancelable": "^1.0.0", - "@types/p-queue": "^2.3.2", - "@types/p-retry": "^3.0.0", - "@types/retry": "^0.12.0", - "@types/ws": "^5.1.1", - "axios": "^0.18.0", - "eventemitter3": "^3.1.0", - "finity": "^0.5.4", - "form-data": "^2.3.3", - "is-stream": "^1.1.0", - "object.entries": "^1.1.0", - "object.getownpropertydescriptors": "^2.0.3", - "object.values": "^1.1.0", - "p-cancelable": "~1.0.0", - "p-queue": "^2.4.2", - "p-retry": "^3.0.1", - "retry": "^0.12.0", - "ws": "^5.2.0" + "@slack/types": "^1.2.1", + "@types/node": ">=8.9.0", + "axios": "^0.19.0" }, "dependencies": { "axios": { - "version": "0.18.1", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.18.1.tgz", - "integrity": "sha512-0BfJq4NSfQXd+SkFdrvFbG7addhYSBA2mQwISr46pD6E5iqkWg02RAs8vyTT/j0RTnoYmeXauBuSv1qKwR179g==", + "version": "0.19.2", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.19.2.tgz", + "integrity": "sha512-fjgm5MvRHLhx+osE2xoekY70AhARk3a6hkN+3Io1jc00jtquGvxYlKlsFUhmUET0V5te6CcZI7lcv2Ym61mjHA==", "requires": { - "follow-redirects": "1.5.10", - "is-buffer": "^2.0.2" + "follow-redirects": "1.5.10" } - }, - "is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=" } } }, @@ -1462,11 +1443,6 @@ "@types/node": "*" } }, - "@types/events": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@types/events/-/events-3.0.0.tgz", - "integrity": "sha512-EaObqwIvayI5a8dCzhFrjKzVwKLxjoG9T6Ppd5CEo07LRKfQ8Yokw54r5+Wq7FaBQ+yXRvQAYPrHwya1/UFt9g==" - }, "@types/express": { "version": "4.17.8", "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.8.tgz", @@ -1505,14 +1481,6 @@ "@types/express": "*" } }, - "@types/form-data": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/@types/form-data/-/form-data-2.5.0.tgz", - "integrity": "sha512-23/wYiuckYYtFpL+4RPWiWmRQH2BjFuqCUi2+N3amB1a1Drv+i/byTrGvlLwRVLFNAZbwpbQ7JvTK+VCAPMbcg==", - "requires": { - "form-data": "*" - } - }, "@types/glob": { "version": "7.1.3", "resolved": "https://registry.npmjs.org/@types/glob/-/glob-7.1.3.tgz", @@ -1527,14 +1495,6 @@ "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.0.tgz", "integrity": "sha512-c3Xy026kOF7QOTn00hbIllV1dLR9hG9NkSrLQgCVs8NF6sBU+VGWjD3wLPhmh1TYAc7ugCFsvHYMN4VcBN1U1A==" }, - "@types/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@types/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha512-jkZatu4QVbR60mpIzjINmtS1ZF4a/FqdTUTBeQDVOQ2PYyidtwFKr0B5G6ERukKwliq+7mIXvxyppwzG5EgRYg==", - "requires": { - "@types/node": "*" - } - }, "@types/json5": { "version": "0.0.29", "resolved": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", @@ -1573,27 +1533,6 @@ "resolved": "https://registry.npmjs.org/@types/node/-/node-14.0.23.tgz", "integrity": "sha512-Z4U8yDAl5TFkmYsZdFPdjeMa57NOvnaf1tljHzhouaPEp7LCj2JKkejpI1ODviIAQuW4CcQmxkQ77rnLsOOoKw==" }, - "@types/p-cancelable": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@types/p-cancelable/-/p-cancelable-1.0.1.tgz", - "integrity": "sha512-MGdhuVx7X2yJe4dgOnDQcZQAYgiC/QK1O5HUPgTMTxWYiOlyWEO5DWmPBlXQBU1F6/JM7aSgYBDrpt7kurC6dw==", - "requires": { - "p-cancelable": "*" - } - }, - "@types/p-queue": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/@types/p-queue/-/p-queue-2.3.2.tgz", - "integrity": "sha512-eKAv5Ql6k78dh3ULCsSBxX6bFNuGjTmof5Q/T6PiECDq0Yf8IIn46jCyp3RJvCi8owaEmm3DZH1PEImjBMd/vQ==" - }, - "@types/p-retry": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@types/p-retry/-/p-retry-3.0.1.tgz", - "integrity": "sha512-LkZCWg4JxFdQR/nGNZcMiyKAbNG3DKBRS6nn6Hg4dLS82zxkdBJJcvf4zXFvDCEI+e4dZdQX6wreqs9RDGMRfw==", - "requires": { - "p-retry": "*" - } - }, "@types/q": { "version": "1.5.4", "resolved": "https://registry.npmjs.org/@types/q/-/q-1.5.4.tgz", @@ -1618,11 +1557,6 @@ "@types/node": "*" } }, - "@types/retry": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/@types/retry/-/retry-0.12.0.tgz", - "integrity": "sha512-wWKOClTTiizcZhXnPY4wikVAwmdYHp8q6DmC+EJUzAMsycb7HB32Kh9RN4+0gExjmPmZSAQjgURXIGATPegAvA==" - }, "@types/serve-static": { "version": "1.13.6", "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.13.6.tgz", @@ -1632,15 +1566,6 @@ "@types/node": "*" } }, - "@types/ws": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/@types/ws/-/ws-5.1.2.tgz", - "integrity": "sha512-NkTXUKTYdXdnPE2aUUbGOXE1XfMK527SCvU/9bj86kyFF6kZ9ZnOQ3mK5jADn98Y2vEUD/7wKDgZa7Qst2wYOg==", - "requires": { - "@types/events": "*", - "@types/node": "*" - } - }, "abbrev": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", @@ -1713,65 +1638,11 @@ } }, "amplitude": { - "version": "3.5.0", - "resolved": "https://registry.npmjs.org/amplitude/-/amplitude-3.5.0.tgz", - "integrity": "sha1-Y+2tvZoK70lGf2bBE0D+mzcc18M=", + "version": "5.1.4", + "resolved": "https://registry.npmjs.org/amplitude/-/amplitude-5.1.4.tgz", + "integrity": "sha512-YwNrbPlY2DJDTYTL5AeAv+4NDw/e2Z+H/24iLN2ZpAsV3rI458T3IGJxfNDKuBAP6jjXjfDuktHh8HvX0Y2BOA==", "requires": { - "superagent": "^3.3.1" - }, - "dependencies": { - "debug": { - "version": "3.2.6", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz", - "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==", - "requires": { - "ms": "^2.1.1" - } - }, - "mime": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==" - }, - "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "requires": { - "safe-buffer": "~5.1.0" - } - }, - "superagent": { - "version": "3.8.3", - "resolved": "https://registry.npmjs.org/superagent/-/superagent-3.8.3.tgz", - "integrity": "sha512-GLQtLMCoEIK4eDv6OGtkOoSMt3D+oq0y3dsxMuYuDvaNUvuT8eFBuLmfR0iYYzHC1e8hpzC6ZsxbuP6DIalMFA==", - "requires": { - "component-emitter": "^1.2.0", - "cookiejar": "^2.1.0", - "debug": "^3.1.0", - "extend": "^3.0.0", - "form-data": "^2.3.1", - "formidable": "^1.2.0", - "methods": "^1.1.1", - "mime": "^1.4.1", - "qs": "^6.5.1", - "readable-stream": "^2.3.5" - } - } + "axios": "^0.21.0" } }, "ansi-align": { @@ -2219,11 +2090,6 @@ "resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.3.tgz", "integrity": "sha512-z/WhQ5FPySLdvREByI2vZiTWwCnF0moMJ1hK9YQwDTHKh6I7/uSckMetoRGb5UBZPC1z0jlw+n/XCgjeH7y1AQ==" }, - "async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==" - }, "async-listener": { "version": "0.6.10", "resolved": "https://registry.npmjs.org/async-listener/-/async-listener-0.6.10.tgz", @@ -2270,7 +2136,6 @@ "version": "0.21.0", "resolved": "https://registry.npmjs.org/axios/-/axios-0.21.0.tgz", "integrity": "sha512-fmkJBknJKoZwem3/IKSSLpkdNXZeBu5Q7GA/aRsr2btgrptmSCxi2oFjZHqGdK9DoTil9PIHlPIZw2EcRJXRvw==", - "dev": true, "requires": { "follow-redirects": "^1.10.0" }, @@ -2278,8 +2143,7 @@ "follow-redirects": { "version": "1.13.0", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.0.tgz", - "integrity": "sha512-aq6gF1BEKje4a9i9+5jimNFIpq4Q1WiwBToeRK5NvZBd/TRsmW8BsJfOEGkr76TbOyPVD3OVDN910EcUNtRYEA==", - "dev": true + "integrity": "sha512-aq6gF1BEKje4a9i9+5jimNFIpq4Q1WiwBToeRK5NvZBd/TRsmW8BsJfOEGkr76TbOyPVD3OVDN910EcUNtRYEA==" } } }, @@ -3054,11 +2918,6 @@ "integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24=", "optional": true }, - "bowser": { - "version": "2.9.0", - "resolved": "https://registry.npmjs.org/bowser/-/bowser-2.9.0.tgz", - "integrity": "sha512-2ld76tuLBNFekRgmJfT2+3j5MIrP6bFict8WAIT3beq+srz1gcKNAdNKMqHqauQt63NmAa88HfP1/Ypa9Er3HA==" - }, "boxen": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/boxen/-/boxen-4.2.0.tgz", @@ -3300,11 +3159,6 @@ } } }, - "camelize": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/camelize/-/camelize-1.0.0.tgz", - "integrity": "sha1-FkpUg+Yw+kMh5a8HAg5TGDGyYJs=" - }, "caniuse-lite": { "version": "1.0.30001159", "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001159.tgz", @@ -3870,11 +3724,6 @@ "safe-buffer": "5.1.2" } }, - "content-security-policy-builder": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/content-security-policy-builder/-/content-security-policy-builder-2.1.0.tgz", - "integrity": "sha512-/MtLWhJVvJNkA9dVLAp6fg9LxD2gfI6R2Fi1hPmfjYXSahJJzcfvoeDOxSyp4NvxMuwWv3WMssE9o31DoULHrQ==" - }, "content-type": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz", @@ -4198,11 +4047,6 @@ "assert-plus": "^1.0.0" } }, - "dasherize": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/dasherize/-/dasherize-2.0.0.tgz", - "integrity": "sha1-bYCcnNDPe7iVLYD8hPoT1H3bEwg=" - }, "data-uri-to-buffer": { "version": "0.0.3", "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-0.0.3.tgz", @@ -4609,11 +4453,6 @@ "domelementtype": "1" } }, - "dont-sniff-mimetype": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/dont-sniff-mimetype/-/dont-sniff-mimetype-1.1.0.tgz", - "integrity": "sha512-ZjI4zqTaxveH2/tTlzS1wFp+7ncxNZaIEWYg3lzZRHkKf5zPT/MnEG6WL0BhHMJUabkh8GeU5NL5j+rEUCb7Ug==" - }, "dot-prop": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-5.2.0.tgz", @@ -5309,11 +5148,6 @@ "resolved": "https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz", "integrity": "sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==" }, - "eventemitter3": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-3.1.2.tgz", - "integrity": "sha512-tvtQIeLVHjDkJYnzf2dgVMxfuSGJeM/7UCG17TT4EumTfNtF+0nebF/4zWOIkCreAbtNqhGEboB6BWrwqNaw4Q==" - }, "exec-buffer": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/exec-buffer/-/exec-buffer-3.2.0.tgz", @@ -5816,11 +5650,6 @@ "pend": "~1.2.0" } }, - "feature-policy": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/feature-policy/-/feature-policy-0.3.0.tgz", - "integrity": "sha512-ZtijOTFN7TzCujt1fnNhfWPFPSHeZkesff9AXZj+UEjYBynWNUIYpC87Ve4wHzyexQsImicLu7WsC2LHq7/xrQ==" - }, "fecha": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/fecha/-/fecha-4.2.0.tgz", @@ -5966,11 +5795,6 @@ "parse-filepath": "^1.0.1" } }, - "finity": { - "version": "0.5.4", - "resolved": "https://registry.npmjs.org/finity/-/finity-0.5.4.tgz", - "integrity": "sha512-3l+5/1tuw616Lgb0QBimxfdd2TqaDGpfCBpfX6EqtFmqUV3FtQnVEX4Aa62DagYEqnsTIjZcTfbq9msDbXYgyA==" - }, "first-chunk-stream": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-1.0.0.tgz", @@ -6085,16 +5909,6 @@ "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz", "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=" }, - "form-data": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.5.1.tgz", - "integrity": "sha512-m21N3WOmEEURgk6B9GLOE4RuWOFf28Lhh9qGYeNlGq4VDXUlJy2th2slBNU8Gp8EzloYZOibZJ7t5ecIrFSjVA==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.6", - "mime-types": "^2.1.12" - } - }, "formidable": { "version": "1.2.2", "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.2.2.tgz", @@ -7377,56 +7191,15 @@ "dev": true }, "helmet": { - "version": "3.23.3", - "resolved": "https://registry.npmjs.org/helmet/-/helmet-3.23.3.tgz", - "integrity": "sha512-U3MeYdzPJQhtvqAVBPntVgAvNSOJyagwZwyKsFdyRa8TV3pOKVFljalPOCxbw5Wwf2kncGhmP0qHjyazIdNdSA==", - "requires": { - "depd": "2.0.0", - "dont-sniff-mimetype": "1.1.0", - "feature-policy": "0.3.0", - "helmet-crossdomain": "0.4.0", - "helmet-csp": "2.10.0", - "hide-powered-by": "1.1.0", - "hpkp": "2.0.0", - "hsts": "2.2.0", - "nocache": "2.1.0", - "referrer-policy": "1.2.0", - "x-xss-protection": "1.3.0" - }, - "dependencies": { - "depd": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", - "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==" - } - } - }, - "helmet-crossdomain": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/helmet-crossdomain/-/helmet-crossdomain-0.4.0.tgz", - "integrity": "sha512-AB4DTykRw3HCOxovD1nPR16hllrVImeFp5VBV9/twj66lJ2nU75DP8FPL0/Jp4jj79JhTfG+pFI2MD02kWJ+fA==" - }, - "helmet-csp": { - "version": "2.10.0", - "resolved": "https://registry.npmjs.org/helmet-csp/-/helmet-csp-2.10.0.tgz", - "integrity": "sha512-Rz953ZNEFk8sT2XvewXkYN0Ho4GEZdjAZy4stjiEQV3eN7GDxg1QKmYggH7otDyIA7uGA6XnUMVSgeJwbR5X+w==", - "requires": { - "bowser": "2.9.0", - "camelize": "1.0.0", - "content-security-policy-builder": "2.1.0", - "dasherize": "2.0.0" - } + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/helmet/-/helmet-4.2.0.tgz", + "integrity": "sha512-aoiSxXMd0ks1ojYpSCFoCRzgv4rY/uB9jKStaw8PkXwsdLYa/Gq+Nc5l0soH0cwBIsLAlujPnx4HLQs+LaXCrQ==" }, "hex2dec": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/hex2dec/-/hex2dec-1.1.2.tgz", "integrity": "sha512-Yu+q/XWr2fFQ11tHxPq4p4EiNkb2y+lAacJNhAdRXVfRIcDH6gi7htWFnnlIzvqHMHoWeIsfXlNAjZInpAOJDA==" }, - "hide-powered-by": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/hide-powered-by/-/hide-powered-by-1.1.0.tgz", - "integrity": "sha512-Io1zA2yOA1YJslkr+AJlWSf2yWFkKjvkcL9Ni1XSUqnGLr/qRQe2UI3Cn/J9MsJht7yEVCe0SscY1HgVMujbgg==" - }, "homedir-polyfill": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", @@ -7440,26 +7213,6 @@ "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.8.tgz", "integrity": "sha512-f/wzC2QaWBs7t9IYqB4T3sR1xviIViXJRJTWBlx2Gf3g0Xi5vI7Yy4koXQ1c9OYDGHN9sBy1DQ2AB8fqZBWhUg==" }, - "hpkp": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/hpkp/-/hpkp-2.0.0.tgz", - "integrity": "sha1-EOFCJk52IVpdMMROxD3mTe5tFnI=" - }, - "hsts": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/hsts/-/hsts-2.2.0.tgz", - "integrity": "sha512-ToaTnQ2TbJkochoVcdXYm4HOCliNozlviNsg+X2XQLQvZNI/kCHR9rZxVYpJB3UPcHz80PgxRyWQ7PdU1r+VBQ==", - "requires": { - "depd": "2.0.0" - }, - "dependencies": { - "depd": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", - "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==" - } - } - }, "html-comment-regex": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/html-comment-regex/-/html-comment-regex-1.1.2.tgz", @@ -7891,11 +7644,6 @@ "binary-extensions": "^2.0.0" } }, - "is-buffer": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-2.0.4.tgz", - "integrity": "sha512-Kq1rokWXOPXWuaMAqZiJW4XxsmD9zGx9q4aePabbn3qCRGedtH7Cm+zV8WETitMfu1wdh+Rvd6w5egwSngUX2A==" - }, "is-callable": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.0.tgz", @@ -10064,11 +9812,6 @@ } } }, - "nocache": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/nocache/-/nocache-2.1.0.tgz", - "integrity": "sha512-0L9FvHG3nfnnmaEQPjT9xhfN4ISk0A8/2j4M37Np4mcDesJjHgEUfgPhdCyZuFI954tjokaIj/A3NdpFNdEh4Q==" - }, "node-abi": { "version": "2.19.3", "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-2.19.3.tgz", @@ -10516,6 +10259,7 @@ "version": "2.1.0", "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.0.tgz", "integrity": "sha512-Z53Oah9A3TdLoblT7VKJaTDdXdT+lQO+cNpKVnya5JDe9uLvzu1YyY1yFDFrcxrlRgWrEFH0jJtD/IbuwjcEVg==", + "optional": true, "requires": { "define-properties": "^1.1.3", "es-abstract": "^1.17.0-next.1" @@ -10748,25 +10492,12 @@ "resolved": "https://registry.npmjs.org/p-pipe/-/p-pipe-3.1.0.tgz", "integrity": "sha512-08pj8ATpzMR0Y80x50yJHn37NF6vjrqHutASaX5LiH5npS9XPvrUmscd9MF5R4fuYRHOxQR1FfMIlF7AzwoPqw==" }, - "p-queue": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/p-queue/-/p-queue-2.4.2.tgz", - "integrity": "sha512-n8/y+yDJwBjoLQe1GSJbbaYQLTI7QHNZI2+rpmCDbe++WLf9HC3gf6iqj5yfPAV71W4UF3ql5W1+UBPXoXTxng==" - }, "p-reduce": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/p-reduce/-/p-reduce-1.0.0.tgz", "integrity": "sha1-GMKw3ZNqRpClKfgjH1ig/bakffo=", "optional": true }, - "p-retry": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/p-retry/-/p-retry-3.0.1.tgz", - "integrity": "sha512-XE6G4+YTTkT2a0UWb2kjZe8xNwf8bIbnqpc/IS/idOBVhyves0mK5OJgeocjx7q5pvX/6m23xuzVPYT1uGM73w==", - "requires": { - "retry": "^0.12.0" - } - }, "p-timeout": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-1.2.1.tgz", @@ -11560,11 +11291,6 @@ "redis-errors": "^1.0.0" } }, - "referrer-policy": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/referrer-policy/-/referrer-policy-1.2.0.tgz", - "integrity": "sha512-LgQJIuS6nAy1Jd88DCQRemyE3mS+ispwlqMk3b0yjZ257fI1v9c+/p6SD5gP5FGyXUIgrNOAfmyioHwZtYv2VA==" - }, "regenerate": { "version": "1.4.2", "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz", @@ -11909,11 +11635,6 @@ "resolved": "https://registry.npmjs.org/ret/-/ret-0.1.15.tgz", "integrity": "sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==" }, - "retry": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/retry/-/retry-0.12.0.tgz", - "integrity": "sha1-G0KmJmoh8HQh0bC1S33BZ7AcATs=" - }, "retry-request": { "version": "4.1.3", "resolved": "https://registry.npmjs.org/retry-request/-/retry-request-4.1.3.tgz", @@ -12234,19 +11955,12 @@ "integrity": "sha512-sQTKC1Re/rM6XyFM6fIAGHRPVGvyXfgzIDvzoq608vM+jeyVD0Tu1E6Np0Kc2zAIFWIj963V2800iF/9LPieQw==" }, "short-uuid": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/short-uuid/-/short-uuid-3.1.1.tgz", - "integrity": "sha512-7dI69xtJYpTIbg44R6JSgrbDtZFuZ9vAwwmnF/L0PinykbFrhQ7V8omKsQcVw1TP0nYJ7uQp1PN6/aVMkzQFGQ==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/short-uuid/-/short-uuid-4.1.0.tgz", + "integrity": "sha512-Zjerp00N5uUC7ET1mEjz77vY9h5zm6IQivtHxcbnoSIWyK6PD/dQnU5w916F8lzQIJjxBTEbCKsAikE64WxUxQ==", "requires": { "any-base": "^1.1.0", - "uuid": "^3.3.2" - }, - "dependencies": { - "uuid": { - "version": "3.4.0", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", - "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==" - } + "uuid": "^8.3.0" } }, "sift": { @@ -14470,19 +14184,6 @@ "typedarray-to-buffer": "^3.1.5" } }, - "ws": { - "version": "5.2.2", - "resolved": "https://registry.npmjs.org/ws/-/ws-5.2.2.tgz", - "integrity": "sha512-jaHFD6PFv6UgoIVda6qZllptQsMlDEJkTQcybzzXDYM1XO9Y8em691FGMPmM46WGyLU4z9KMgQN+qrux/nhlHA==", - "requires": { - "async-limiter": "~1.0.0" - } - }, - "x-xss-protection": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/x-xss-protection/-/x-xss-protection-1.3.0.tgz", - "integrity": "sha512-kpyBI9TlVipZO4diReZMAHWtS0MMa/7Kgx8hwG/EuZLiA6sg4Ah/4TRdASHhRRN3boobzcYgFRUFSgHRge6Qhg==" - }, "xdg-basedir": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/xdg-basedir/-/xdg-basedir-4.0.0.tgz", diff --git a/package.json b/package.json index 5f85167f76..5e020dc683 100644 --- a/package.json +++ b/package.json @@ -8,11 +8,11 @@ "@babel/preset-env": "^7.12.7", "@babel/register": "^7.12.1", "@google-cloud/trace-agent": "^5.1.1", + "@slack/webhook": "^5.0.3", "@parse/node-apn": "^4.0.0", - "@slack/client": "^4.12.0", "accepts": "^1.3.5", "amazon-payments": "^0.2.8", - "amplitude": "^3.5.0", + "amplitude": "^5.1.4", "apidoc": "^0.25.0", "apple-auth": "^1.0.6", "bcrypt": "^5.0.0", @@ -37,7 +37,7 @@ "gulp-nodemon": "^2.5.0", "gulp.spritesmith": "^6.9.0", "habitica-markdown": "^3.0.0", - "helmet": "^3.23.3", + "helmet": "^4.2.0", "image-size": "^0.9.3", "in-app-purchase": "^1.11.3", "js2xmlparser": "^4.0.1", @@ -65,7 +65,7 @@ "regenerator-runtime": "^0.13.7", "remove-markdown": "^0.3.0", "rimraf": "^3.0.2", - "short-uuid": "^3.0.0", + "short-uuid": "^4.1.0", "stripe": "^7.15.0", "superagent": "^6.1.0", "universal-analytics": "^0.4.23", diff --git a/test/api/unit/libs/slack.js b/test/api/unit/libs/slack.js index c1615804c2..01d0324d92 100644 --- a/test/api/unit/libs/slack.js +++ b/test/api/unit/libs/slack.js @@ -1,5 +1,5 @@ /* eslint-disable camelcase */ -import { IncomingWebhook } from '@slack/client'; +import { IncomingWebhook } from '@slack/webhook'; import requireAgain from 'require-again'; import nconf from 'nconf'; import moment from 'moment'; @@ -12,7 +12,7 @@ describe('slack', () => { let data; beforeEach(() => { - sandbox.stub(IncomingWebhook.prototype, 'send'); + sandbox.stub(IncomingWebhook.prototype, 'send').returns(Promise.resolve()); data = { authorEmail: 'author@example.com', flagger: { @@ -112,6 +112,7 @@ describe('slack', () => { it('noops if no flagging url is provided', () => { sandbox.stub(nconf, 'get').withArgs('SLACK_FLAGGING_URL').returns(''); + nconf.get.withArgs('IS_TEST').returns(true); sandbox.stub(logger, 'error'); const reRequiredSlack = requireAgain('../../../../website/server/libs/slack'); diff --git a/test/api/v3/integration/chat/POST-chat.flag.test.js b/test/api/v3/integration/chat/POST-chat.flag.test.js index d3484452f3..50f47b3572 100644 --- a/test/api/v3/integration/chat/POST-chat.flag.test.js +++ b/test/api/v3/integration/chat/POST-chat.flag.test.js @@ -1,7 +1,7 @@ import { find } from 'lodash'; import moment from 'moment'; import nconf from 'nconf'; -import { IncomingWebhook } from '@slack/client'; +import { IncomingWebhook } from '@slack/webhook'; import { generateUser, translate as t, @@ -20,7 +20,7 @@ describe('POST /chat/:chatId/flag', () => { admin = await generateUser({ balance: 1, 'contributor.admin': true }); anotherUser = await generateUser({ 'auth.timestamps.created': moment().subtract(USER_AGE_FOR_FLAGGING + 1, 'days').toDate() }); newUser = await generateUser({ 'auth.timestamps.created': moment().subtract(1, 'days').toDate() }); - sandbox.stub(IncomingWebhook.prototype, 'send'); + sandbox.stub(IncomingWebhook.prototype, 'send').returns(Promise.resolve()); group = await user.post('/groups', { name: 'Test Guild', diff --git a/test/api/v3/integration/chat/POST-chat.test.js b/test/api/v3/integration/chat/POST-chat.test.js index 9442fa4b1a..56e9ecb1cc 100644 --- a/test/api/v3/integration/chat/POST-chat.test.js +++ b/test/api/v3/integration/chat/POST-chat.test.js @@ -1,4 +1,4 @@ -import { IncomingWebhook } from '@slack/client'; +import { IncomingWebhook } from '@slack/webhook'; import nconf from 'nconf'; import { v4 as generateUUID } from 'uuid'; import { @@ -133,7 +133,7 @@ describe('POST /chat', () => { describe('shadow-mute user', () => { beforeEach(() => { sandbox.spy(email, 'sendTxn'); - sandbox.stub(IncomingWebhook.prototype, 'send'); + sandbox.stub(IncomingWebhook.prototype, 'send').returns(Promise.resolve()); }); afterEach(() => { @@ -355,7 +355,7 @@ describe('POST /chat', () => { context('banned slur', () => { beforeEach(() => { sandbox.spy(email, 'sendTxn'); - sandbox.stub(IncomingWebhook.prototype, 'send'); + sandbox.stub(IncomingWebhook.prototype, 'send').returns(Promise.resolve()); }); afterEach(() => { diff --git a/website/server/libs/slack.js b/website/server/libs/slack.js index f4b4f49eaa..fafbbd659f 100644 --- a/website/server/libs/slack.js +++ b/website/server/libs/slack.js @@ -1,5 +1,5 @@ /* eslint-disable camelcase */ -import { IncomingWebhook } from '@slack/client'; +import { IncomingWebhook } from '@slack/webhook'; import nconf from 'nconf'; import moment from 'moment'; import logger from './logger'; @@ -10,27 +10,29 @@ const SLACK_FLAGGING_FOOTER_LINK = nconf.get('SLACK_FLAGGING_FOOTER_LINK'); const SLACK_SUBSCRIPTIONS_URL = nconf.get('SLACK_SUBSCRIPTIONS_URL'); const BASE_URL = nconf.get('BASE_URL'); const IS_PRODUCTION = nconf.get('IS_PROD'); +const IS_TEST = nconf.get('IS_TEST'); -const SKIP_FLAG_METHODS = IS_PRODUCTION && !SLACK_FLAGGING_URL; -const SKIP_SUB_METHOD = IS_PRODUCTION && !SLACK_SUBSCRIPTIONS_URL; +const SKIP_FLAG_METHODS = (IS_PRODUCTION || IS_TEST) && !SLACK_FLAGGING_URL; +const SKIP_SUB_METHOD = (IS_PRODUCTION || IS_TEST) && !SLACK_SUBSCRIPTIONS_URL; let flagSlack; let subscriptionSlack; try { - flagSlack = new IncomingWebhook(SLACK_FLAGGING_URL); - subscriptionSlack = new IncomingWebhook(SLACK_SUBSCRIPTIONS_URL); -} catch (err) { - logger.error(err); - - if (!IS_PRODUCTION) { + if (IS_TEST || IS_PRODUCTION) { + flagSlack = new IncomingWebhook(SLACK_FLAGGING_URL); + subscriptionSlack = new IncomingWebhook(SLACK_SUBSCRIPTIONS_URL); + } else { subscriptionSlack = { - send (data) { + // async so that it works like the original Slack send method + async send (data) { logger.info('Data sent to slack', data); }, }; flagSlack = subscriptionSlack; } +} catch (err) { + logger.error(err, 'Error setting up Slack.'); } /** @@ -90,21 +92,23 @@ function sendFlagNotification ({ const timestamp = `${moment(message.timestamp).utc().format('YYYY-MM-DD HH:mm')} UTC`; - flagSlack.send({ - text, - attachments: [{ - fallback: 'Flag Message', - color: 'danger', - author_name: `${authorName}\n${timestamp}`, - title, - title_link: titleLink, - text: message.text, - footer, - mrkdwn_in: [ - 'text', - ], - }], - }); + flagSlack + .send({ + text, + attachments: [{ + fallback: 'Flag Message', + color: 'danger', + author_name: `${authorName}\n${timestamp}`, + title, + title_link: titleLink, + text: message.text, + footer, + mrkdwn_in: [ + 'text', + ], + }], + }) + .catch(err => logger.error(err, 'Error while sending flag data to Slack.')); } function sendInboxFlagNotification ({ @@ -152,21 +156,23 @@ function sendInboxFlagNotification ({ const authorName = `${sender} wrote this message to ${recipient}.`; - flagSlack.send({ - text, - attachments: [{ - fallback: 'Flag Message', - color: 'danger', - author_name: authorName, - title, - title_link: titleLink, - text: messageText, - footer, - mrkdwn_in: [ - 'text', - ], - }], - }); + flagSlack + .send({ + text, + attachments: [{ + fallback: 'Flag Message', + color: 'danger', + author_name: authorName, + title, + title_link: titleLink, + text: messageText, + footer, + mrkdwn_in: [ + 'text', + ], + }], + }) + .catch(err => logger.error(err, 'Error while sending flag data to Slack.')); } function sendSubscriptionNotification ({ @@ -189,9 +195,11 @@ function sendSubscriptionNotification ({ text = `${buyer.name} ${buyer.id} ${buyer.email} bought a ${months}-month recurring subscription using ${paymentMethod} on ${timestamp}`; } - subscriptionSlack.send({ - text, - }); + subscriptionSlack + .send({ + text, + }) + .catch(err => logger.error(err, 'Error while sending subscription data to Slack.')); } function sendShadowMutedPostNotification ({ @@ -220,20 +228,22 @@ function sendShadowMutedPostNotification ({ uuid: author.id, }); - flagSlack.send({ - text, - attachments: [{ - fallback: 'Shadow-Muted Message', - color: 'danger', - author_name: authorName, - title, - title_link: titleLink, - text: message, - mrkdwn_in: [ - 'text', - ], - }], - }); + flagSlack + .send({ + text, + attachments: [{ + fallback: 'Shadow-Muted Message', + color: 'danger', + author_name: authorName, + title, + title_link: titleLink, + text: message, + mrkdwn_in: [ + 'text', + ], + }], + }) + .catch(err => logger.error(err, 'Error while sending flag data to Slack.')); } function sendSlurNotification ({ @@ -265,20 +275,22 @@ function sendSlurNotification ({ uuid: author.id, }); - flagSlack.send({ - text, - attachments: [{ - fallback: 'Slur Message', - color: 'danger', - author_name: authorName, - title, - title_link: titleLink, - text: message, - mrkdwn_in: [ - 'text', - ], - }], - }); + flagSlack + .send({ + text, + attachments: [{ + fallback: 'Slur Message', + color: 'danger', + author_name: authorName, + title, + title_link: titleLink, + text: message, + mrkdwn_in: [ + 'text', + ], + }], + }) + .catch(err => logger.error(err, 'Error while sending flag data to Slack.')); } export { diff --git a/website/server/middlewares/index.js b/website/server/middlewares/index.js index 1e46056a82..43c1efd4cc 100644 --- a/website/server/middlewares/index.js +++ b/website/server/middlewares/index.js @@ -47,7 +47,13 @@ export default function attachMiddlewares (app, server) { if (!IS_PROD && !DISABLE_LOGGING) app.use(morgan('dev')); // See https://helmetjs.github.io/ for the list of headers enabled by default - app.use(helmet()); + app.use(helmet({ + // New middlewares added by default in Helmet 4 are disabled + contentSecurityPolicy: false, // @TODO implement + expectCt: false, + permittedCrossDomainPolicies: false, + referrerPolicy: false, + })); // add res.respond and res.t app.use(responseHandler);