mirror of
https://github.com/Unleash/unleash.git
synced 2024-10-28 19:06:12 +01:00
cadf3fb061
https://github.com/isaacs/node-tar/compare/v6.1.11...v6.2.1 This solves an issue: > ### Denial of service while parsing a tar file due to lack of folders count validation > > During some analysis today on npm's node-tar package I came across the folder creation process, Basicly if you provide node-tar with a path like this ./a/b/c/foo.txt it would create every folder and sub-folder here a, b and c until it reaches the last folder to create foo.txt, In-this case I noticed that there's no validation at all on the amount of folders being created, that said we're actually able to CPU and memory consume the system running node-tar and even crash the nodejs client within few seconds of running it using a path with too many sub-folders inside
240 lines
8.3 KiB
JSON
240 lines
8.3 KiB
JSON
{
|
||
"name": "unleash-server",
|
||
"description": "Unleash is an enterprise ready feature toggles service. It provides different strategies for handling feature toggles.",
|
||
"version": "5.12.6+main",
|
||
"keywords": [
|
||
"unleash",
|
||
"feature toggle",
|
||
"feature",
|
||
"toggle",
|
||
"feature flag",
|
||
"flag"
|
||
],
|
||
"files": [
|
||
"dist",
|
||
"docs",
|
||
"frontend/build",
|
||
"frontend/build/*",
|
||
"frontend/index.js",
|
||
"frontend/package.json"
|
||
],
|
||
"repository": {
|
||
"type": "git",
|
||
"url": "ssh://git@github.com:unleash/unleash.git"
|
||
},
|
||
"bugs": {
|
||
"url": "https://github.com/unleash/unleash/issues"
|
||
},
|
||
"types": "./dist/lib/server-impl.d.ts",
|
||
"engines": {
|
||
"node": ">=18 <21"
|
||
},
|
||
"license": "Apache-2.0",
|
||
"main": "./dist/lib/server-impl.js",
|
||
"scripts": {
|
||
"start": "TZ=UTC node ./dist/server.js",
|
||
"copy-templates": "copyfiles -u 1 src/mailtemplates/**/*.mustache dist/",
|
||
"build:backend": "tsc --pretty --strictNullChecks false",
|
||
"build:frontend": "yarn --cwd ./frontend run build",
|
||
"build:frontend:if-needed": "if [ ! -d ./frontend/build ]; then yarn install --cwd ./frontend --frozen-lockfile --ignore-scripts && yarn build:frontend; fi",
|
||
"build": "concurrently \"yarn:copy-templates\" \"yarn:build:frontend\" \"yarn:build:backend\"",
|
||
"dev:backend": "TZ=UTC NODE_ENV=development tsc-watch --strictNullChecks false --onSuccess \"node dist/server-dev.js\"",
|
||
"dev:frontend": "wait-on tcp:4242 && yarn --cwd ./frontend run dev",
|
||
"dev": "concurrently \"yarn:dev:backend\" \"yarn:dev:frontend\"",
|
||
"prepare:backend": "concurrently \"yarn:copy-templates\" \"yarn:build:backend\"",
|
||
"prestart:dev": "yarn run clean",
|
||
"start:dev": "TZ=UTC NODE_ENV=development tsc-watch --strictNullChecks false --onSuccess \"node dist/server-dev.js\"",
|
||
"db-migrate": "db-migrate --migrations-dir ./src/migrations",
|
||
"lint": "biome check .",
|
||
"lint:fix": "biome check . --apply",
|
||
"local:package": "del-cli --force build && mkdir build && cp -r dist docs CHANGELOG.md LICENSE README.md package.json build",
|
||
"prebuild:watch": "yarn run clean",
|
||
"build:watch": "tsc -w --strictNullChecks false",
|
||
"prebuild": "yarn run clean",
|
||
"prepare": "husky && yarn --cwd ./frontend install && if [ ! -d ./dist ]; then yarn build; fi",
|
||
"test": "NODE_ENV=test PORT=4243 node --trace-warnings node_modules/.bin/jest",
|
||
"test:unit": "NODE_ENV=test PORT=4243 jest --testPathIgnorePatterns=src/test/e2e --testPathIgnorePatterns=dist",
|
||
"test:docker": "./scripts/docker-postgres.sh",
|
||
"test:report": "NODE_ENV=test PORT=4243 jest --reporters=\"default\" --reporters=\"jest-junit\"",
|
||
"test:docker:cleanup": "docker rm -f unleash-postgres",
|
||
"test:watch": "yarn test --watch",
|
||
"test:coverage": "NODE_ENV=test PORT=4243 jest --coverage --testLocationInResults --outputFile=\"coverage/report.json\" --forceExit --testTimeout=10000",
|
||
"test:coverage:jest": "NODE_ENV=test PORT=4243 jest --silent --ci --json --coverage --testLocationInResults --outputFile=\"report.json\" --forceExit --testTimeout=10000",
|
||
"seed:setup": "ts-node --compilerOptions '{\"strictNullChecks\": false}' src/test/e2e/seed/segment.seed.ts",
|
||
"seed:serve": "UNLEASH_DATABASE_NAME=unleash_test UNLEASH_DATABASE_SCHEMA=seed yarn run start:dev",
|
||
"clean": "del-cli --force dist",
|
||
"preversion": "./scripts/check-release.sh",
|
||
"heroku-postbuild": "cd frontend && yarn && yarn build"
|
||
},
|
||
"jest-junit": {
|
||
"suiteName": "Unleash Unit Tests",
|
||
"outputDirectory": "./reports",
|
||
"outputName": "jest-junit.xml",
|
||
"uniqueOutputName": "false",
|
||
"classNameTemplate": "{classname}-{title}",
|
||
"titleTemplate": "{classname}-{title}",
|
||
"ancestorSeparator": " › ",
|
||
"usePathForSuiteName": "true"
|
||
},
|
||
"jest": {
|
||
"automock": false,
|
||
"maxWorkers": 4,
|
||
"testTimeout": 10000,
|
||
"globalSetup": "./scripts/jest-setup.js",
|
||
"transform": {
|
||
"^.+\\.tsx?$": ["@swc/jest"]
|
||
},
|
||
"testRegex": "(/__tests__/.*|(\\.|/)(test|spec))\\.(jsx?|tsx?)$",
|
||
"testPathIgnorePatterns": [
|
||
"/dist/",
|
||
"/node_modules/",
|
||
"/frontend/",
|
||
"/website/"
|
||
],
|
||
"moduleFileExtensions": ["ts", "tsx", "js", "jsx", "json"],
|
||
"coveragePathIgnorePatterns": [
|
||
"/node_modules/",
|
||
"/dist/",
|
||
"/src/migrations",
|
||
"/src/test"
|
||
]
|
||
},
|
||
"dependencies": {
|
||
"@slack/web-api": "^6.10.0",
|
||
"@wesleytodd/openapi": "^0.3.0",
|
||
"ajv": "^8.12.0",
|
||
"ajv-formats": "^2.1.1",
|
||
"async": "^3.2.4",
|
||
"bcryptjs": "^2.4.3",
|
||
"compression": "^1.7.4",
|
||
"connect-session-knex": "^3.0.0",
|
||
"cookie-parser": "^1.4.6",
|
||
"cookie-session": "^2.0.0-rc.1",
|
||
"cors": "^2.8.5",
|
||
"date-fns": "^2.25.0",
|
||
"db-migrate": "0.11.14",
|
||
"db-migrate-pg": "1.5.2",
|
||
"db-migrate-shared": "1.2.0",
|
||
"deep-object-diff": "^1.1.9",
|
||
"deepmerge": "^4.3.1",
|
||
"errorhandler": "^1.5.1",
|
||
"express": "4.19.2",
|
||
"express-rate-limit": "^7.1.2",
|
||
"express-session": "^1.17.3",
|
||
"fast-json-patch": "^3.1.0",
|
||
"hash-sum": "^2.0.0",
|
||
"helmet": "^6.0.0",
|
||
"http-errors": "^2.0.0",
|
||
"ip": "^2.0.1",
|
||
"joi": "^17.3.0",
|
||
"js-sha256": "^0.11.0",
|
||
"js-yaml": "^4.1.0",
|
||
"json-diff": "^1.0.6",
|
||
"json-schema-to-ts": "2.12.0",
|
||
"json2csv": "^5.0.7",
|
||
"knex": "^2.5.1",
|
||
"lodash.get": "^4.4.2",
|
||
"lodash.groupby": "^4.6.0",
|
||
"lodash.sortby": "^4.7.0",
|
||
"log4js": "^6.0.0",
|
||
"make-fetch-happen": "^13.0.0",
|
||
"memoizee": "^0.4.15",
|
||
"mime": "^3.0.0",
|
||
"multer": "^1.4.5-lts.1",
|
||
"murmurhash3js": "^3.0.1",
|
||
"mustache": "^4.1.0",
|
||
"nodemailer": "^6.9.9",
|
||
"openapi-types": "^12.0.0",
|
||
"owasp-password-strength-test": "^1.3.0",
|
||
"parse-database-url": "^0.3.0",
|
||
"pg": "^8.7.3",
|
||
"pg-connection-string": "^2.5.0",
|
||
"pkginfo": "^0.4.1",
|
||
"prom-client": "^14.0.0",
|
||
"response-time": "^2.3.2",
|
||
"sanitize-filename": "^1.6.3",
|
||
"semver": "^7.5.4",
|
||
"serve-favicon": "^2.5.0",
|
||
"slug": "^9.0.0",
|
||
"stoppable": "^1.1.0",
|
||
"ts-toolbelt": "^9.6.0",
|
||
"type-is": "^1.6.18",
|
||
"unleash-client": "5.5.3",
|
||
"uuid": "^9.0.0"
|
||
},
|
||
"devDependencies": {
|
||
"@apidevtools/swagger-parser": "10.1.0",
|
||
"@babel/core": "7.24.6",
|
||
"@biomejs/biome": "1.6.4",
|
||
"@swc/core": "1.5.7",
|
||
"@swc/jest": "0.2.36",
|
||
"@types/bcryptjs": "2.4.6",
|
||
"@types/cors": "2.8.17",
|
||
"@types/express": "4.17.21",
|
||
"@types/express-session": "1.18.0",
|
||
"@types/faker": "5.5.9",
|
||
"@types/hash-sum": "^1.0.0",
|
||
"@types/jest": "29.5.12",
|
||
"@types/js-yaml": "4.0.9",
|
||
"@types/lodash.groupby": "4.6.9",
|
||
"@types/make-fetch-happen": "10.0.4",
|
||
"@types/memoizee": "0.4.11",
|
||
"@types/mime": "3.0.4",
|
||
"@types/node": "20.12.13",
|
||
"@types/nodemailer": "6.4.15",
|
||
"@types/owasp-password-strength-test": "1.3.2",
|
||
"@types/pg": "8.11.6",
|
||
"@types/semver": "7.5.8",
|
||
"@types/slug": "^5.0.8",
|
||
"@types/stoppable": "1.1.3",
|
||
"@types/supertest": "6.0.2",
|
||
"@types/type-is": "1.6.6",
|
||
"@types/uuid": "9.0.8",
|
||
"concurrently": "^8.0.1",
|
||
"copyfiles": "2.4.1",
|
||
"coveralls": "3.1.1",
|
||
"del-cli": "5.1.0",
|
||
"faker": "5.5.3",
|
||
"fast-check": "3.19.0",
|
||
"fetch-mock": "9.11.0",
|
||
"husky": "^9.0.11",
|
||
"jest": "29.7.0",
|
||
"jest-junit": "^16.0.0",
|
||
"lint-staged": "15.2.5",
|
||
"nock": "13.5.4",
|
||
"openapi-enforcer": "1.23.0",
|
||
"proxyquire": "2.1.3",
|
||
"source-map-support": "0.5.21",
|
||
"superagent": "9.0.2",
|
||
"supertest": "7.0.0",
|
||
"ts-node": "10.9.2",
|
||
"tsc-watch": "6.2.0",
|
||
"typescript": "5.4.2",
|
||
"wait-on": "^7.2.0"
|
||
},
|
||
"resolutions": {
|
||
"async": "^3.2.4",
|
||
"db-migrate/rc/minimist": "^1.2.5",
|
||
"es5-ext": "0.10.64",
|
||
"knex/liftoff/object.map/**/kind-of": "^6.0.3",
|
||
"knex/liftoff/findup-sync/micromatc/kind-of": "^6.0.3",
|
||
"knex/liftoff/findup-sync/micromatc/nanomatch/kind-of": "^6.0.3",
|
||
"knex/liftoff/findup-sync/micromatch/define-property/**/kind-of": "^6.0.3",
|
||
"node-forge": "^1.0.0",
|
||
"set-value": "^4.0.1",
|
||
"ansi-regex": "^5.0.1",
|
||
"ssh2": "^1.4.0",
|
||
"json-schema": "^0.4.0",
|
||
"ip": "^2.0.1",
|
||
"tar": "6.2.1",
|
||
"minimatch": "^5.0.0",
|
||
"semver": "^7.5.3",
|
||
"tough-cookie": "4.1.4"
|
||
},
|
||
"lint-staged": {
|
||
"*.{js,ts}": ["biome check --apply --no-errors-on-unmatched"],
|
||
"*.{jsx,tsx}": ["biome check --apply --no-errors-on-unmatched"],
|
||
"*.json": ["biome format --write --no-errors-on-unmatched"]
|
||
}
|
||
}
|