nodejs/hookshot
nodejs/hookshot
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-hookshot.git synced 2025-03-10 13:17:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update dependencies (and fix a few security notices) (#1024)

Browse Source 
* Update new dependencies.

* Support ESM parse-duration

* changelog

* drop only!

* fix types
This commit is contained in:
Will Hunt 2025-02-25 13:23:33 +00:00 committed by GitHub
parent 6a2246b0c1
commit 3d3f7d6022
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 161 additions and 1283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/1024.misc Normal file
View File

@ -0,0 +1 @@
Update dependencies with security advisories.

12
package.json
View File

@ -51,12 +51,12 @@
"@vector-im/compound-design-tokens": "^2.0.1", "@vector-im/compound-design-tokens": "^2.0.1",
"@vector-im/compound-web": "^7.3.0", "@vector-im/compound-web": "^7.3.0",
"ajv": "^8.11.0", "ajv": "^8.11.0",
"axios": "^1.7.5", "axios": "^1.7.9",
"clsx": "^2.1.1", "clsx": "^2.1.1",
"cors": "^2.8.5", "cors": "^2.8.5",
"date-fns": "^4.1.0", "date-fns": "^4.1.0",
"express": "^4.20.0", "express": "^4.20.0",
"figma-js": "^1.14.0", "figma-js": "^1.16.1-0",
"helmet": "^7.1.0", "helmet": "^7.1.0",
"http-status-codes": "^2.2.0", "http-status-codes": "^2.2.0",
"ioredis": "^5.2.3", "ioredis": "^5.2.3",
@ -68,7 +68,7 @@
"micromatch": "^4.0.8", "micromatch": "^4.0.8",
"mime": "^4.0.4", "mime": "^4.0.4",
"node-emoji": "^2.1.3", "node-emoji": "^2.1.3",
"parse-duration": "^1.1.0", "parse-duration": "^2.1.3",
"preact-render-to-string": "^6.3.1", "preact-render-to-string": "^6.3.1",
"prom-client": "^15.1.0", "prom-client": "^15.1.0",
"quickjs-emscripten": "^0.31.0", "quickjs-emscripten": "^0.31.0",
@ -105,7 +105,7 @@
"@types/node": "^22", "@types/node": "^22",
"@types/xml2js": "^0.4.11", "@types/xml2js": "^0.4.11",
"@uiw/react-codemirror": "^4.12.3", "@uiw/react-codemirror": "^4.12.3",
"babel-cli": "^6.26.0", "@babel/core": "^7.26.9",
"babel-jest": "^29.7.0", "babel-jest": "^29.7.0",
"busboy": "^1.6.0", "busboy": "^1.6.0",
"chai": "^4", "chai": "^4",
@ -117,13 +117,13 @@
"jest": "^29.7.0", "jest": "^29.7.0",
"mocha": "^10.8.2", "mocha": "^10.8.2",
"nyc": "^17.1.0", "nyc": "^17.1.0",
"preact": "^10.24.3", "preact": "^10.26.2",
"rimraf": "6.0.1", "rimraf": "6.0.1",
"sass": "^1.81.0", "sass": "^1.81.0",
"ts-node": "10.9.2", "ts-node": "10.9.2",
"typescript": "^5.7.2", "typescript": "^5.7.2",
"typescript-eslint": "^8.16.0", "typescript-eslint": "^8.16.0",
"vite": "^5.4.11" "vite": "^5.4.12"
}, },
"packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
} }

5
src/Connections/GenericHook.ts
View File

@ -228,10 +228,11 @@ export class GenericHookConnection extends BaseConnection implements IConnection
} }
const hookId = randomUUID(); const hookId = randomUUID();
const validState = GenericHookConnection.validateState(data); const validState = GenericHookConnection.validateState(data);
const expiryTime = await config.generic.maxExpiryTimeMs;
if (validState.expirationDate) { if (validState.expirationDate) {
const durationRemaining = new Date(validState.expirationDate).getTime() - Date.now(); const durationRemaining = new Date(validState.expirationDate).getTime() - Date.now();
if (config.generic.maxExpiryTimeMs) { if (expiryTime) {
if (durationRemaining > config.generic.maxExpiryTimeMs) { if (durationRemaining > expiryTime) {
throw new ApiError('Expiration date cannot exceed the configured max expiry time', ErrCode.BadValue); throw new ApiError('Expiration date cannot exceed the configured max expiry time', ErrCode.BadValue);
} }
} }

6
src/Connections/SetupConnection.ts
View File

@ -14,10 +14,10 @@ import { IConnection, IConnectionState, ProvisionConnectionOpts } from "./IConne
import { ApiError, Logger } from "matrix-appservice-bridge"; import { ApiError, Logger } from "matrix-appservice-bridge";
import { Intent } from "matrix-bot-sdk"; import { Intent } from "matrix-bot-sdk";
import YAML from 'yaml'; import YAML from 'yaml';
import parseDuration from 'parse-duration';
import { HoundConnection } from "./HoundConnection"; import { HoundConnection } from "./HoundConnection";
const md = new markdown(); const md = new markdown();
const log = new Logger("SetupConnection"); const log = new Logger("SetupConnection");
const parseDurationImport = import('parse-duration');
const OUTBOUND_DOCS_LINK = "https://matrix-org.github.io/matrix-hookshot/latest/setup/webhooks.html"; const OUTBOUND_DOCS_LINK = "https://matrix-org.github.io/matrix-hookshot/latest/setup/webhooks.html";
@ -218,9 +218,9 @@ export class SetupConnection extends CommandConnection {
let expirationDate: string|undefined = undefined; let expirationDate: string|undefined = undefined;
if (liveDuration) { if (liveDuration) {
const expirationDuration = parseDuration(liveDuration); const expirationDuration = await (await parseDurationImport).default(liveDuration);
if (!expirationDuration) { if (!expirationDuration) {
throw new CommandError("Bad webhook duration", "A webhook name must be between 3-64 characters."); throw new CommandError("Bad webhook duration", "Duration could not be parsed");
} }
expirationDate = new Date(expirationDuration + Date.now()).toISOString(); expirationDate = new Date(expirationDuration + Date.now()).toISOString();
} }

2
src/Widgets/BridgeWidgetApi.ts
View File

@ -113,7 +113,7 @@ export class BridgeWidgetApi extends ProvisioningApi {
if (req.params.service === 'github') { if (req.params.service === 'github') {
res.send(this.config.github?.publicConfig(this.github)); res.send(this.config.github?.publicConfig(this.github));
} else { } else {
res.send(this.config.getPublicConfigForService(req.params.service)); res.send(await this.config.getPublicConfigForService(req.params.service));
} }
} }

4
src/config/Config.ts
View File

@ -686,14 +686,14 @@ export class BridgeConfig {
return services; return services;
} }
public getPublicConfigForService(serviceName: string): Record<string, unknown>|GenericHookServiceConfig { public async getPublicConfigForService(serviceName: string): Promise<Record<string, unknown>|GenericHookServiceConfig> {
let config: undefined|Record<string, unknown>|GenericHookServiceConfig; let config: undefined|Record<string, unknown>|GenericHookServiceConfig;
switch (serviceName) { switch (serviceName) {
case "feeds": case "feeds":
config = this.feeds?.publicConfig; config = this.feeds?.publicConfig;
break; break;
case "generic": case "generic":
config = this.generic?.publicConfig; config = await this.generic?.publicConfig;
break; break;
case "github": case "github":
config = this.github?.publicConfig(); config = this.github?.publicConfig();

14
src/config/sections/generichooks.ts
View File

@ -1,7 +1,7 @@
import { GenericHookServiceConfig } from "../../Connections"; import { GenericHookServiceConfig } from "../../Connections";
import { ConfigError } from "../../errors"; import { ConfigError } from "../../errors";
import { hideKey } from "../Decorators"; import { hideKey } from "../Decorators";
import parseDuration from "parse-duration"; const parseDurationImport = import("parse-duration");
function makePrefixedUrl(urlString: string): URL { function makePrefixedUrl(urlString: string): URL {
return new URL(urlString.endsWith("/") ? urlString : urlString + "/"); return new URL(urlString.endsWith("/") ? urlString : urlString + "/");
@ -35,7 +35,7 @@ export class BridgeConfigGenericWebhooks {
public readonly enableHttpGet: boolean; public readonly enableHttpGet: boolean;
@hideKey() @hideKey()
public readonly maxExpiryTimeMs?: number; public readonly maxExpiryTimeMs?: Promise<number|undefined>;
public readonly sendExpiryNotice: boolean; public readonly sendExpiryNotice: boolean;
public readonly requireExpiryTime: boolean; public readonly requireExpiryTime: boolean;
// Public facing value for config generator // Public facing value for config generator
@ -56,19 +56,19 @@ export class BridgeConfigGenericWebhooks {
this.userIdPrefix = yaml.userIdPrefix; this.userIdPrefix = yaml.userIdPrefix;
this.allowJsTransformationFunctions = yaml.allowJsTransformationFunctions; this.allowJsTransformationFunctions = yaml.allowJsTransformationFunctions;
this.waitForComplete = yaml.waitForComplete; this.waitForComplete = yaml.waitForComplete;
this.maxExpiryTimeMs = yaml.maxExpiryTime ? parseDuration(yaml.maxExpiryTime) : undefined;
this.maxExpiryTime = yaml.maxExpiryTime; this.maxExpiryTime = yaml.maxExpiryTime;
this.maxExpiryTimeMs = yaml.maxExpiryTime ? parseDurationImport.then(v => v.default(yaml.maxExpiryTime!) ?? undefined) : undefined;
} }
@hideKey() @hideKey()
public get publicConfig(): GenericHookServiceConfig { public get publicConfig(): Promise<GenericHookServiceConfig> {
return { return (async () => ({
userIdPrefix: this.userIdPrefix, userIdPrefix: this.userIdPrefix,
allowJsTransformationFunctions: this.allowJsTransformationFunctions, allowJsTransformationFunctions: this.allowJsTransformationFunctions,
waitForComplete: this.waitForComplete, waitForComplete: this.waitForComplete,
maxExpiryTime: this.maxExpiryTimeMs, maxExpiryTime: await this.maxExpiryTimeMs,
requireExpiryTime: this.requireExpiryTime, requireExpiryTime: this.requireExpiryTime,
} }))();
} }
} }

2
tests/connections/GitlabRepoTest.ts
View File

@ -200,7 +200,7 @@ describe("GitLabRepoConnection", () => {
intent.expectNoEvent(); intent.expectNoEvent();
}); });
it.only("will filter out issues matching excludingLabels.", async () => { it("will filter out issues matching excludingLabels.", async () => {
const { connection, intent } = createConnection({ const { connection, intent } = createConnection({
excludingLabels: ["exclude-me"] excludingLabels: ["exclude-me"]
}); });

1398
yarn.lock
View File

File diff suppressed because it is too large Load Diff