[DDW-821] Update packages with vulnerabilities (#2769)

* [DDW-821] Upgrade packages with vulnerabilities

* [DDW-821] Update node headers SHA checksum

* [DDW-821] Update CHANGELOG.md

* [DDW-821] Upgrade packages with vulnerabilities

* [DDW-821] Update node headers SHA checksum

* [DDW-821] Update CHANGELOG.md

* [DDW-821] Downgrade electron-rebuild

* Revert "[DDW-821] Downgrade electron-rebuild"

This reverts commit ce4eabb.

* Run lockfile:fix

* Revert "Revert "[DDW-821] Downgrade electron-rebuild""

This reverts commit debe1c3.

* [DDW-821] upgrate low severity vulnerabilities

* [DDW-821] align babel config for private methods, class properties and object properties

* [DDW-821] Remove explicit resolve-url installation

* [DDW-821] Replace deprecated babel-eslint with @babel/eslint-parser

* [DDW-821] Fix eslint error by wrapping util script in IIFE

* [DDW-821] Fix yarn.lock

Co-authored-by: Michael Chappell <michael.chappell@iohk.io>
Co-authored-by: Tomislav Horaček <tomislav@tt-media.hr>

Author: 3 people

.babelrc

@@ -7,6 +7,7 @@
   "plugins": [
     ["@babel/plugin-proposal-decorators", { "legacy": true }],
     ["@babel/plugin-proposal-class-properties", { "loose": true }],
+    ["@babel/plugin-proposal-private-property-in-object", { "loose": true }],
     [
       "@babel/plugin-proposal-private-methods",
       {

.eslintrc

@@ -1,5 +1,5 @@
 {
-  "parser": "babel-eslint",
+  "parser": "@babel/eslint-parser",
   "parserOptions": {
     "ecmaFeatures": {
       "legacyDecorators": true

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## vNext
+
+### Chores
+
+- Updated vulnerable dependencies ([PR 2769](https://github.com/input-output-hk/daedalus/pull/2769))
+
 ## 4.6.0
 
 ### Features

installers/nix/electron.nix

@@ -2,7 +2,7 @@
   libxkbcommon }:
 
 let
-  version = "13.1.1";
+  version = "13.6.3";
   name = "electron-${version}";
 
   throwSystem = throw "Unsupported system: ${stdenv.hostPlatform.system}";
@@ -21,19 +21,19 @@ let
     src = {
       i686-linux = fetchurl {
         url = "https://github.com/electron/electron/releases/download/v${version}/electron-v${version}-linux-ia32.zip";
-        sha256 = "fed00edaaba0c4a615fe835baf7d0d0ff893dff902800006bf63cc994c24d3dd";
+        sha256 = "db9261c05ed57af2fcd4a84b89d299c76948b9d57ce0dba38e3240eb43935257";
       };
       x86_64-linux = fetchurl {
         url = "https://github.com/electron/electron/releases/download/v${version}/electron-v${version}-linux-x64.zip";
-        sha256 = "eb6ae81d71a4d390ec5140d907b191a84c37621176eec9369bb6fc3bf8570e3b";
+        sha256 = "7607422a4ba80cda4bd7fefb2fbe2f4e0b9a73db92e1e82dc01012a85b5d0d2b";
       };
       armv7l-linux = fetchurl {
         url = "https://github.com/electron/electron/releases/download/v${version}/electron-v${version}-linux-armv7l.zip";
-        sha256 = "7e745a38c6761fa9826b3b9b8d0bd060126a3949da6f3f09f11b842e5e22cee4";
+        sha256 = "a293a9684e16a427a9f68d101814575a4b1dd232dc3fca47552f906019a6cadc";
       };
       aarch64-linux = fetchurl {
         url = "https://github.com/electron/electron/releases/download/v${version}/electron-v${version}-linux-arm64.zip";
-        sha256 = "445c88e9c9b33abbdb263103736fb5203938b0643bc5377fbdf12b444d26f211";
+        sha256 = "1599d259832c806b98751a68fb93112711963d259024f0e36f12f064995b3251";
       };
     }.${stdenv.hostPlatform.system} or throwSystem;
 
@@ -59,11 +59,11 @@ let
     src = {
       x86_64-darwin = fetchurl {
         url = "https://github.com/electron/electron/releases/download/v${version}/electron-v${version}-darwin-x64.zip";
-        sha256 = "1594ba9aa2e2aa059a03e6b70e16b8116de1998b38f8360801e113fa8d72938c";
+        sha256 = "6bf09794d6f020bbaaf806a7758da125137b3c96646f4503eb81b9541e50e02f";
       };
       aarch64-darwin = fetchurl {
         url = "https://github.com/electron/electron/releases/download/v${version}/electron-v${version}-darwin-arm64.zip";
-        sha256 = "7045538917c36214127b7f11a3223396c7199ac19e989e5648a0963773962e6c";
+        sha256 = "374ddf0581794b31eee900828172f9218193c032c0e46bffcfac6aec95c22f1a";
       };
     }.${stdenv.hostPlatform.system} or throwSystem;
 

package.json

@@ -68,16 +68,17 @@
     "electron": "./node_modules/.bin/electron"
   },
   "devDependencies": {
-    "@babel/cli": "7.2.0",
-    "@babel/core": "7.4.5",
-    "@babel/helper-create-regexp-features-plugin": "7.7.0",
+    "@babel/cli": "7.16.0",
+    "@babel/core": "7.16.0",
+    "@babel/eslint-parser": "7.16.3",
+    "@babel/helper-create-regexp-features-plugin": "7.16.0",
     "@babel/plugin-proposal-class-properties": "7.2.1",
-    "@babel/plugin-proposal-decorators": "7.2.0",
+    "@babel/plugin-proposal-decorators": "7.16.4",
     "@babel/plugin-proposal-object-rest-spread": "7.2.0",
     "@babel/plugin-transform-runtime": "7.2.0",
     "@babel/polyfill": "7.0.0",
-    "@babel/preset-env": "7.2.0",
-    "@babel/preset-flow": "7.8.3",
+    "@babel/preset-env": "7.16.4",
+    "@babel/preset-flow": "7.16.0",
     "@babel/preset-react": "7.0.0",
     "@babel/register": "7.0.0",
     "@dump247/storybook-state": "1.6.1",
@@ -91,25 +92,24 @@
     "@testing-library/react": "12.1.2",
     "asar": "2.1.0",
     "autodll-webpack-plugin": "0.4.2",
-    "axios": "0.21.1",
-    "babel-eslint": "10.1.0",
+    "axios": "0.24.0",
     "babel-loader": "8.0.4",
     "babel-plugin-react-intl": "3.0.1",
     "bufferutil": "4.0.1",
     "cache-loader": "4.1.0",
-    "chai": "4.2.0",
+    "chai": "4.3.4",
     "chalk": "4.1.0",
     "concurrently": "5.3.0",
     "cross-env": "7.0.2",
     "css-loader": "2.0.1",
     "cucumber": "6.0.5",
     "cucumber-pretty": "6.0.0",
     "del": "6.0.0",
-    "electron-chromedriver": "13.0.0",
+    "electron-chromedriver": "16.0.0",
     "electron-connect": "0.6.3",
     "electron-devtools-installer": "3.2.0",
-    "electron-packager": "15.2.0",
-    "electron-rebuild": "1.11.0",
+    "electron-packager": "15.4.0",
+    "electron-rebuild": "2.0.1",
     "eslint": "7.10.0",
     "eslint-config-airbnb": "18.2.0",
     "eslint-config-prettier": "6.12.0",
@@ -138,15 +138,15 @@
     "jest-environment-jsdom": "26.6.2",
     "jest-svg-transformer": "^1.0.0",
     "markdown-loader": "5.1.0",
-    "mini-css-extract-plugin": "0.9.0",
+    "mini-css-extract-plugin": "0.12.0",
     "minimist": "1.2.5",
     "mobx-react-devtools": "6.1.1",
     "node-forge": "0.10.0",
     "node-libs-browser": "2.2.1",
     "node-sass": "4.14.1",
     "nodemon": "2.0.4",
     "npmlog": "4.1.2",
-    "postcss": "7.0.27",
+    "postcss": "7.0.39",
     "postcss-modules": "1.5.0",
     "prettier": "2.1.2",
     "pretty-quick": "3.0.2",
@@ -155,7 +155,6 @@
     "react-intl-translations-manager": "5.0.3",
     "react-syntax-highlighter": "13.5.3",
     "regenerator-runtime": "0.13.7",
-    "resolve-url": "0.2.1",
     "sass-loader": "7.1.0",
     "sinon": "9.2.2",
     "spawn-sync": "2.0.0",
@@ -196,11 +195,11 @@
     "classnames": "2.2.6",
     "csv-stringify": "5.5.1",
     "cucumber-html-reporter": "5.2.0",
-    "electron": "13.1.1",
+    "electron": "13.6.3",
     "electron-log-daedalus": "2.2.21",
-    "electron-store": "8.0.0",
+    "electron-store": "8.0.1",
     "es6-error": "4.1.1",
-    "find-process": "1.4.4",
+    "find-process": "1.4.7",
     "fireworks-js": "1.0.4",
     "form-data": "3.0.0",
     "fs-extra": "9.0.1",
@@ -214,7 +213,7 @@
     "lodash": "4.17.21",
     "lodash-es": "4.17.15",
     "mime-types": "2.1.27",
-    "mkdirp": "0.5.1",
+    "mkdirp": "0.5.5",
     "mobx": "5.15.7",
     "mobx-react": "6.3.0",
     "mobx-react-form": "2.0.8",
@@ -256,7 +255,7 @@
     "tcp-port-used": "1.0.1",
     "trezor-connect": "8.2.0-extended",
     "unorm": "1.6.0",
-    "validator": "13.1.17"
+    "validator": "13.7.0"
   },
   "devEngines": {
     "node": ">=14.17.0",

utils/create-news-verification-hashes/index.js

@@ -23,70 +23,71 @@ const readModuleFile = (path, callback) => {
   }
 }
 
-// Start script
-console.log('\n\x1b[36m%s\x1b[0m', 'Creating news verification hashes...\n');
+(() => {
+  // Start script
+  console.log('\n\x1b[36m%s\x1b[0m', 'Creating news verification hashes...\n');
 
-const newsEnvironment = process.env.NEWS_ENV;
-const allowedFiles = [
-  { name: 'newsfeed_development.json', env: 'development' },
-  { name: 'newsfeed_mainnet.json', env: 'mainnet' },
-  { name: 'newsfeed_staging.json', env: 'staging' },
-  { name: 'newsfeed_testnet.json', env: 'testnet' },
-  { name: 'news.dummy.json', env: 'dummy_development' }, // Faked test file for development purposes
-];
+  const newsEnvironment = process.env.NEWS_ENV;
+  const allowedFiles = [
+    { name: 'newsfeed_development.json', env: 'development' },
+    { name: 'newsfeed_mainnet.json', env: 'mainnet' },
+    { name: 'newsfeed_staging.json', env: 'staging' },
+    { name: 'newsfeed_testnet.json', env: 'testnet' },
+    { name: 'news.dummy.json', env: 'dummy_development' }, // Faked test file for development purposes
+  ];
 
-let filesToHash = [];
-if (newsEnvironment) {
-  const fileName = `newsfeed_${newsEnvironment.toLowerCase()}.json`;
-  const fileAllowed = lodash.find(allowedFiles, (allowedFile => allowedFile.name === fileName));
-  if (fileAllowed) {
-    filesToHash.push(fileAllowed);
+  let filesToHash = [];
+  if (newsEnvironment) {
+    const fileName = `newsfeed_${newsEnvironment.toLowerCase()}.json`;
+    const fileAllowed = lodash.find(allowedFiles, (allowedFile => allowedFile.name === fileName));
+    if (fileAllowed) {
+      filesToHash.push(fileAllowed);
+    } else {
+      console.log(`FILE: \x1b[31m ${fileName} not allowed. Use one of available environments \x1b[0m development | staging | testnet | mainnet \n`, '\x1b[0m');
+      return;
+    }
+  }
+
+  if (filesToHash.length === 0) {
+    filesToHash = allowedFiles;
+    console.log(`\x1b[36m I am hashing ALL available files: [ \x1b[32m ${lodash.map(filesToHash, file => file.name)} \x1b[36m ]`, '\x1b[0m')
   } else {
-    console.log(`FILE: \x1b[31m ${fileName} not allowed. Use one of available environments \x1b[0m development | staging | testnet | mainnet \n`, '\x1b[0m');
-    return;
+    console.log(`\x1b[36m I am hashing files: [ \x1b[32m ${lodash.map(filesToHash, file => file.name)} \x1b[36m ]`, '\x1b[0m')
   }
-}
 
-if (filesToHash.length === 0) {
-  filesToHash = allowedFiles;
-  console.log(`\x1b[36m I am hashing ALL available files: [ \x1b[32m ${lodash.map(filesToHash, file => file.name)} \x1b[36m ]`, '\x1b[0m')
-} else {
-  console.log(`\x1b[36m I am hashing files: [ \x1b[32m ${lodash.map(filesToHash, file => file.name)} \x1b[36m ]`, '\x1b[0m')
-}
+  console.log('\n \x1b[33m', 'NOTE: create file with NAME and put HASH as content! \n', '\x1b[0m');
+  lodash.map(filesToHash, file => {
+    readModuleFile(`../../source/renderer/app/config/newsfeed-files/${file.name}`, function (error, fileContent) {
+      // Log Environment
+      console.log('\n \x1b[32m', `${lodash.capitalize(file.env)}`, '\x1b[0m');
+      if (error) { // e.g.File not found
+        console.log('\x1b[31m', error.message, '\x1b[36m');
+      } else {
+        // Check if file is valid JSON file
+        let parsedFile;
+        try {
+          parsedFile = JSON.parse(fileContent);
+        } catch (err) {
+          console.log(`\x1b[31m File: ${file.name} is not VALID json file. Please check file and try again!`, '\x1b[0m')
+          return;
+        }
 
-console.log('\n \x1b[33m', 'NOTE: create file with NAME and put HASH as content! \n', '\x1b[0m');
-lodash.map(filesToHash, file => {
-  readModuleFile(`../../source/renderer/app/config/newsfeed-files/${file.name}`, function (error, fileContent) {
-    // Log Environment
-    console.log('\n \x1b[32m', `${lodash.capitalize(file.env)}`, '\x1b[0m');
-    if (error) { // e.g.File not found
-      console.log('\x1b[31m', error.message, '\x1b[36m');
-    } else {
-      // Check if file is valid JSON file
-      let parsedFile;
-      try {
-        parsedFile = JSON.parse(fileContent);
-      } catch (err) {
-        console.log(`\x1b[31m File: ${file.name} is not VALID json file. Please check file and try again!`, '\x1b[0m')
-        return;
-      }
-
-      // Check all timestamps in file and throw error if there are duplicates
-      const timestamps = lodash.map(parsedFile.items, (item => (item.date)))
-      const hasDuplicatedTimestamps = lodash.uniq(timestamps).length !== timestamps.length;
-      if (hasDuplicatedTimestamps) {
-        console.log(`\x1b[31m File: ${file.name} has duplicated TIMESTAMPS. Please check file and try again!`, '\x1b[0m');
-        return;
-      }
+        // Check all timestamps in file and throw error if there are duplicates
+        const timestamps = lodash.map(parsedFile.items, (item => (item.date)))
+        const hasDuplicatedTimestamps = lodash.uniq(timestamps).length !== timestamps.length;
+        if (hasDuplicatedTimestamps) {
+          console.log(`\x1b[31m File: ${file.name} has duplicated TIMESTAMPS. Please check file and try again!`, '\x1b[0m');
+          return;
+        }
 
-      // Create verification hash
-      const hash = crypto.createHash('sha256');
-      const hashBuffer = hash.digest(hash.update(fileContent, 'utf8'));
-      const hashArray = Array.from(new Uint8Array(hashBuffer))
-      const verificationHash = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
+        // Create verification hash
+        const hash = crypto.createHash('sha256');
+        const hashBuffer = hash.digest(hash.update(fileContent, 'utf8'));
+        const hashArray = Array.from(new Uint8Array(hashBuffer))
+        const verificationHash = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
 
-      console.log(`New verification FILE NAME: \x1b[36m ${parsedFile.updatedAt}.txt \x1b[0m | HASH: \x1b[36m ${verificationHash}`, '\x1b[0m');
-    }
+        console.log(`New verification FILE NAME: \x1b[36m ${parsedFile.updatedAt}.txt \x1b[0m | HASH: \x1b[36m ${verificationHash}`, '\x1b[0m');
+      }
+    });
   });
-});
-
+})()