mohiit1502/Automata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(core): Upgrade convict to address CVE-2023-0163 (#5729)

Browse Source 
fix(core): upgrade convict to address CVE-2023-0163

also, do not allow passing any cli arguments to config.
This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™
2023-03-21 09:47:50 +01:00
committed by GitHub
parent 33d9784319
commit 564bc03d3f
3 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/cli/package.json
View File

@@ -70,7 +70,7 @@
"@types/body-parser-xml": "^2.0.2",
"@types/compression": "1.0.1",
"@types/connect-history-api-fallback": "^1.3.1",
"@types/convict": "^4.2.1",
"@types/convict": "^6.1.1",
"@types/cookie-parser": "^1.4.2",
"@types/express": "^4.17.6",
"@types/json-diff": "^0.5.1",
@@ -134,7 +134,7 @@
"client-oauth2": "^4.2.5",
"compression": "^1.7.4",
"connect-history-api-fallback": "^1.6.0",
"convict": "^6.0.1",
"convict": "^6.2.4",
"cookie-parser": "^1.4.6",
"crypto-js": "~4.1.1",
"csrf": "^3.1.0",

2
packages/cli/src/config/index.ts
View File

@@ -24,7 +24,7 @@ if (inE2ETests) {
dotenv.config();
}
const config = convict(schema);
const config = convict(schema, { args: [] });
if (inE2ETests) {
config.set('enterprise.features.sharing', true);