chore: fix critical yarn audit issues

2023-03-30 14:59:14 +11:00 · 2023-03-30 14:59:14 +11:00 · fe5eea4c8d
parent 796ccf0582
commit fe5eea4c8d
9 changed files with 68 additions and 82 deletions
--- a/package.json
+++ b/package.json
@ -27,7 +27,10 @@
    "@types/react": "17.0.2",
    "glob-parent": "^6.0.1",
    "got": "^11.8.5",
-    "jpeg-js": "^0.4.4"
+    "jpeg-js": "^0.4.4",
+    "json5": "^2.2.2",
+    "loader-utils": "^2.0.4",
+    "http-cache-semantics": "^4.1.1"
  },
  "scripts": {
    "start-prod": "cross-env NODE_ENV=production NODE_APP_INSTANCE=devprod$MULTI electron .",
@ -90,7 +93,6 @@
    "filesize": "3.6.1",
    "firstline": "1.2.1",
    "fs-extra": "9.0.0",
-    "git": "^0.1.5",
    "glob": "7.1.2",
    "image-type": "^4.1.0",
    "ip2country": "1.0.1",
@ -193,7 +195,6 @@
    "eslint-plugin-mocha": "^10.0.4",
    "eslint-plugin-more": "^1.0.5",
    "events": "^3.3.0",
-    "file-loader": "^6.2.0",
    "jsdom": "^19.0.0",
    "jsdom-global": "^3.0.2",
    "mini-css-extract-plugin": "^2.7.5",
--- a/ts/models/conversation.ts
+++ b/ts/models/conversation.ts
@ -2184,7 +2184,6 @@ export async function commitConversationAndRefreshWrapper(id: string) {
  }
  // write to DB
  // TODOLATER remove duplicates between db and wrapper (except nickname&name as we need them for search, or move search to wrapper too)
-  // TODO when deleting a contact from the ConversationController, we still need to keep it in the wrapper but mark it as hidden (and we might need to add an hidden convo model field for it)

  const savedDetails = await Data.saveConversation(convo.attributes);
  await convo.refreshInMemoryDetails(savedDetails);
--- a/ts/receiver/configMessage.ts
+++ b/ts/receiver/configMessage.ts
@ -68,7 +68,7 @@ async function mergeConfigsWithIncomingUpdates(

  const groupedResults: Map<ConfigWrapperObjectTypes, IncomingConfResult> = new Map();

-  // TODO currently we only poll for user config messages, so this can be hardcoded
+  // TODOLATER currently we only poll for user config messages, so this can be hardcoded
  const publicKey = UserUtils.getOurPubKeyStrFromCache();

  try {
@ -86,14 +86,11 @@ async function mergeConfigsWithIncomingUpdates(
      await GenericWrapperActions.merge(variant, toMerge);
      const needsPush = await GenericWrapperActions.needsPush(variant);
      const needsDump = await GenericWrapperActions.needsDump(variant);
-      window.log.info(`${variant}: "${publicKey}" needsPush:${needsPush} needsDump:${needsDump} `);
-
-      // TODO do we need to keep track of the hashes or the library does in the end?
-      const messageHashes = toMerge.map(m => m.hash);
      const latestEnvelopeTimestamp = Math.max(...sameVariant.map(m => m.envelopeTimestamp));

+      window.log.info(`${variant}: "${publicKey}" needsPush:${needsPush} needsDump:${needsDump} `);
+
      const incomingConfResult: IncomingConfResult = {
-        messageHashes,
        needsDump,
        needsPush,
        kind: LibSessionUtil.variantToKind(variant),
@ -311,7 +308,6 @@ async function handleLegacyGroupUpdate(latestEnvelopeTimestamp: number) {
  const legacyGroupsToLeaveInDB = allLegacyGroupsInDb.filter(m => {
    return !allLegacyGroupsIdsInWrapper.includes(m.id);
  });
-  // TODO we need to store the encryption keypair if needed
  window.log.info(
    `we have to join ${legacyGroupsToJoinInDB.length} legacy groups in DB compared to what is in the wrapper`
  );
@ -366,7 +362,7 @@ async function handleLegacyGroupUpdate(latestEnvelopeTimestamp: number) {
        legacyGroupConvo.get('active_at') < latestEnvelopeTimestamp
          ? legacyGroupConvo.get('active_at')
          : latestEnvelopeTimestamp,
-      weWereJustAdded: false, // TODOLATER to remove
+      weWereJustAdded: false, // TODOLATER to remove once legacy groups support is dropped
    };

    await ClosedGroup.updateOrCreateClosedGroup(groupDetails);
@ -399,6 +395,8 @@ async function handleLegacyGroupUpdate(latestEnvelopeTimestamp: number) {
    // save the encryption keypair if needed
    if (!isEmpty(fromWrapper.encPubkey) && !isEmpty(fromWrapper.encSeckey)) {
      try {
+        // TODO we need to store the encryption keypair if needed
+
        const inWrapperKeypair: HexKeyPair = {
          publicHex: toHex(fromWrapper.encPubkey),
          privateHex: toHex(fromWrapper.encSeckey),
--- a/ts/session/apis/open_group_api/sogsv3/sogsCapabilities.ts
+++ b/ts/session/apis/open_group_api/sogsv3/sogsCapabilities.ts
@ -43,7 +43,7 @@ export const handleCapabilities = async (
  }

  // get all v2OpenGroup rooms with the matching serverUrl and set the capabilities.
-  // TODO: implement - update capabilities. Unsure whether to store in DB or save to instance of this obj.
+  // TODOLATER: capabilities are shared accross a server, not a room. We should probably move this to the server but we do not a server level currently, just rooms

  const rooms = OpenGroupData.getV2OpenGroupRoomsByServerUrl(serverUrl);

--- a/ts/session/apis/snode_api/retrieveRequest.ts
+++ b/ts/session/apis/snode_api/retrieveRequest.ts
@ -68,7 +68,6 @@ async function buildRetrieveRequest(
  return retrieveRequestsParams;
 }

-/** */
 async function retrieveNextMessages(
  targetNode: Snode,
  lastHashes: Array<string>,
@ -106,10 +105,9 @@ async function retrieveNextMessages(
    );
  }

+  // do a basic check to know if we have something kind of looking right (status 200 should always be there for a retrieve)
  const firstResult = results[0];

-  // TODO we should probably check for status code of all the results (when polling for a few namespaces at a time)
-
  if (firstResult.code !== 200) {
    window?.log?.warn(`retrieveNextMessages result is not 200 but ${firstResult.code}`);
    throw new Error(
--- a/ts/session/conversations/ConversationController.ts
+++ b/ts/session/conversations/ConversationController.ts
@ -17,6 +17,7 @@ import { SessionUtilUserGroups } from '../utils/libsession/libsession_utils_user
 import { ConfigurationDumpSync } from '../utils/job_runners/jobs/ConfigurationSyncDumpJob';
 import { LibSessionUtil } from '../utils/libsession/libsession_utils';
 import { assertUnreachable } from '../../types/sqlSharedTypes';
+import { ConvoVolatileType } from 'session_util_wrapper';

 let instance: ConversationController | null;

@ -210,51 +211,63 @@ export class ConversationController {
    await deleteAllMessagesByConvoIdNoConfirmation(id);
    window.log.info(`deleteContact messages destroyed: ${id}`);

-    // Legacy group leaving
-    if (conversation.isClosedGroup()) {
-      window.log.info(`deleteContact ClosedGroup case: ${id}`);
-      await leaveClosedGroup(conversation.id);
-      await SessionUtilConvoInfoVolatile.removeLegacyGroupFromWrapper(conversation.id);
-      await SessionUtilUserGroups.removeLegacyGroupFromWrapper(conversation.id);
-    } else if (conversation.isPublic()) {
-      window?.log?.info('leaving open group v2', conversation.id);
-      // remove from the wrapper the entries before we remove the roomInfos, as we won't have the required community pubkey afterwards
-      try {
-        await SessionUtilUserGroups.removeCommunityFromWrapper(conversation.id, conversation.id);
-        await SessionUtilConvoInfoVolatile.removeCommunityFromWrapper(
-          conversation.id,
-          conversation.id
-        );
-      } catch (e) {
-        window?.log?.info('SessionUtilUserGroups.removeCommunityFromWrapper failed:', e);
-      }
+    const convoType: ConvoVolatileType = conversation.isClosedGroup()
+      ? 'LegacyGroup'
+      : conversation.isPublic()
+      ? 'Community'
+      : '1o1';

-      const roomInfos = OpenGroupData.getV2OpenGroupRoom(conversation.id);
-      if (roomInfos) {
-        getOpenGroupManager().removeRoomFromPolledRooms(roomInfos);
-      }
+    switch (convoType) {
+      case '1o1':
+        // if this conversation is a private conversation it's in fact a `contact` for desktop.
+        // we just set the hidden field to true
+        // so the conversation still exists (needed for that user's profile in groups) but is not shown on the list of conversation.
+        // We also keep the messages for now, as turning a contact as hidden might just be a temporary thing
+        window.log.info(`deleteContact isPrivate, marking as hidden: ${id}`);

-      // remove the roomInfos locally for this open group room including the pubkey
-      try {
-        await OpenGroupData.removeV2OpenGroupRoom(conversation.id);
-      } catch (e) {
-        window?.log?.info('removeV2OpenGroupRoom failed:', e);
-      }
-    } else if (conversation.isPrivate()) {
-      // if this conversation is a private conversation it's in fact a `contact` for desktop.
-      // we just want to remove everything related to it and set the hidden field to true
-      // so the conversation still exists (needed for that user's profile in groups) but is not shown on the list of conversation
-      window.log.info(`deleteContact isPrivate, marking as hidden: ${id}`);
+        conversation.set({
+          hidden: true,
+        });
+        // we currently do not wish to reset the approved/approvedMe state when marking a private conversation as hidden
+        // await conversation.setIsApproved(false, false);
+        await conversation.commit(); // this updates the wrappers content to reflect the hidden state

-      conversation.set({
-        hidden: true,
-      });
-      // we currently do not wish to reset the approved/approvedMe state when marking a private conversation as hidden
-      // await conversation.setIsApproved(false, false);
-      await conversation.commit(); // this updates the wrappers content to reflect the hidden state
+        // We don't remove entries from the contacts wrapper, so better keep corresponding convo volatile info for now (it will be pruned if needed)
+        break;
+      case 'Community':
+        window?.log?.info('leaving open group v2', conversation.id);
+        // remove from the wrapper the entries before we remove the roomInfos, as we won't have the required community pubkey afterwards
+        try {
+          await SessionUtilUserGroups.removeCommunityFromWrapper(conversation.id, conversation.id);
+          await SessionUtilConvoInfoVolatile.removeCommunityFromWrapper(
+            conversation.id,
+            conversation.id
+          );
+        } catch (e) {
+          window?.log?.info('SessionUtilUserGroups.removeCommunityFromWrapper failed:', e);
+        }

-      // We don't remove entries from the contacts wrapper, so better keep corresponding convo volatile info for now (it will be pruned if needed)
-      // TODO the call above won't mark the conversation as hidden in the wrapper, it will just stop being updated (which is a bad thing)
+        const roomInfos = OpenGroupData.getV2OpenGroupRoom(conversation.id);
+        if (roomInfos) {
+          getOpenGroupManager().removeRoomFromPolledRooms(roomInfos);
+        }
+
+        // remove the roomInfos locally for this open group room including the pubkey
+        try {
+          await OpenGroupData.removeV2OpenGroupRoom(conversation.id);
+        } catch (e) {
+          window?.log?.info('removeV2OpenGroupRoom failed:', e);
+        }
+        break;
+      case 'LegacyGroup':
+        window.log.info(`deleteContact ClosedGroup case: ${id}`);
+        await leaveClosedGroup(conversation.id);
+        await SessionUtilUserGroups.removeLegacyGroupFromWrapper(conversation.id);
+        await SessionUtilConvoInfoVolatile.removeLegacyGroupFromWrapper(conversation.id);
+
+        break;
+      default:
+        assertUnreachable(convoType, `deleteContact: convoType ${convoType} not handled`);
    }

    if (conversation.isGroup()) {
@ -263,8 +276,6 @@ export class ConversationController {
      await Data.removeConversation(id);

      window.log.info(`deleteContact isGroup, convo removed from DB: ${id}`);
-
-      // TODO remove group related entries from their corresponding wrappers here
      this.conversations.remove(conversation);

      window?.inboxStore?.dispatch(
--- a/ts/session/utils/job_runners/jobs/ConfigurationSyncJob.ts
+++ b/ts/session/utils/job_runners/jobs/ConfigurationSyncJob.ts
@ -182,7 +182,7 @@ class ConfigurationSyncJob extends PersistedJob<ConfigurationSyncPersistedData>
        }
      }

-      // TODO add a way to have a few configuration sync jobs running at the same time, but only a single one per pubkey
+      // TODOLATER add a way to have a few configuration sync jobs running at the same time, but only a single one per pubkey
      const thisJobDestination = us;

      const singleDestChanges = await retrieveSingleDestinationChanges(thisJobDestination);
--- a/ts/session/utils/libsession/libsession_utils.ts
+++ b/ts/session/utils/libsession/libsession_utils.ts
@ -25,7 +25,6 @@ const requiredUserVariants: Array<ConfigWrapperObjectTypes> = [
 export type IncomingConfResult = {
  needsPush: boolean;
  needsDump: boolean;
-  messageHashes: Array<string>;
  kind: SignalService.SharedConfigMessage.Kind;
  publicKey: string;
  latestEnvelopeTimestamp: number;
--- a/yarn.lock
+++ b/yarn.lock
@ -3769,14 +3769,6 @@ file-entry-cache@^6.0.1:
  dependencies:
    flat-cache "^3.0.4"

-file-loader@^6.2.0:
-  version "6.2.0"
-  resolved "https://registry.yarnpkg.com/file-loader/-/file-loader-6.2.0.tgz#baef7cf8e1840df325e4390b4484879480eebe4d"
-  integrity sha512-qo3glqyTa61Ytg4u73GultjHGjdRyig3tG6lPtyX/jOEJvHif9uB0/OCI2Kif6ctF3caQTW2G5gym21oAsI4pw==
-  dependencies:
-    loader-utils "^2.0.0"
-    schema-utils "^3.0.0"
-
 file-type@^10.10.0:
  version "10.11.0"
  resolved "https://registry.yarnpkg.com/file-type/-/file-type-10.11.0.tgz#2961d09e4675b9fb9a3ee6b69e9cd23f43fd1890"
@ -4051,13 +4043,6 @@ getobject@^1.0.0:
  resolved "https://registry.yarnpkg.com/getobject/-/getobject-1.1.1.tgz#29f7858609fee7ef1c58d062f1b2335e425bdb45"
  integrity sha512-Rftr+NsUMxFcCmFopFmyCCfsJPaqUmf7TW61CtKMu0aE93ir62I6VjXt2koiCQgcunGgVog/U6g24tBPq67rlg==

-git@^0.1.5:
-  version "0.1.5"
-  resolved "https://registry.yarnpkg.com/git/-/git-0.1.5.tgz#9ef62df93f851c27542143bf52d1c68b1017ca15"
-  integrity sha512-N+bfOrXyKMU/fQtCj6D/U9MQOEN0DAA8TLHSLdUQRSWBOkeRvsjJHdrdkvcq05xO7GSDKWc3nDEGoTZ4DfCCSg==
-  dependencies:
-    mime "1.2.9"
-
 glob-parent@^6.0.1, glob-parent@~5.1.2:
  version "6.0.2"
  resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-6.0.2.tgz#6d237d99083950c79290f24c7642a3de9a28f9e3"
@ -5317,11 +5302,6 @@ mime-types@^2.1.12, mime-types@^2.1.27:
  dependencies:
    mime-db "1.52.0"

-mime@1.2.9:
-  version "1.2.9"
-  resolved "https://registry.yarnpkg.com/mime/-/mime-1.2.9.tgz#009cd40867bd35de521b3b966f04e2f8d4d13d09"
-  integrity sha512-WiLgbHTIq5AYUvU/Luli4mZ1bUcHpGNHyCsbl+KPMg4zt+XUDpQehWjuBjdLaEvDTinvKj/FgfQt3fPoT7j08g==
-
 mime@^2.4.6:
  version "2.6.0"
  resolved "https://registry.yarnpkg.com/mime/-/mime-2.6.0.tgz#a2a682a95cd4d0cb1d6257e28f83da7e35800367"
@ -6940,7 +6920,7 @@ scheduler@^0.20.2:
    loose-envify "^1.1.0"
    object-assign "^4.1.1"

-schema-utils@^3.0.0, schema-utils@^3.1.0, schema-utils@^3.1.1:
+schema-utils@^3.1.0, schema-utils@^3.1.1:
  version "3.1.1"
  resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.1.1.tgz#bc74c4b6b6995c1d88f76a8b77bea7219e0c8281"
  integrity sha512-Y5PQxS4ITlC+EahLuXaY86TXfR7Dc5lw294alXOq86JAHCihAIZfqv8nNCWvaEJvaC51uN9hbLGeV0cFBdH+Fw==