chore(deps): Patch dependencies

apps/meteor/app/meteor-accounts-saml/server/lib/parsers/Response.ts

@@ -21,11 +21,46 @@ export class ResponseParser {
 		// We currently use RelayState to save SAML provider
 		SAMLUtils.log(`Validating response with relay state: ${xml}`);
 
-		const doc = new xmldom.DOMParser().parseFromString(xml, 'text/xml');
+		let error: Error | null = null;
+
+		const doc = new xmldom.DOMParser({
+			errorHandler: {
+				fatalError: (e: any) => {
+					if (e instanceof Error) {
+						error = e;
+						return;
+					}
+
+					if (typeof e === 'string') {
+						error = new Error(e);
+						return;
+					}
+
+					error = new Error();
+				},
+				error: (e: Error) => {
+					if (e instanceof Error) {
+						error = e;
+						return;
+					}
+
+					if (typeof e === 'string') {
+						error = new Error(e);
+						return;
+					}
+
+					error = new Error();
+				},
+			},
+		}).parseFromString(xml, 'text/xml');
 		if (!doc) {
 			return callback('No Doc Found');
 		}
 
+		if (error) {
+			return callback(error, null, false);
+		}
+
 		const allResponses = doc.getElementsByTagNameNS('urn:oasis:names:tc:SAML:2.0:protocol', 'Response');
 		if (allResponses.length === 0) {
 			return this._checkLogoutResponse(doc, callback);

apps/meteor/app/oembed/server/server.ts

@@ -138,7 +138,6 @@ const getUrlContent = async function (urlObjStr: string | URL.UrlWithStringQuery
 	log.debug('Obtained response from server with length of', totalSize);
 	const buffer = Buffer.concat(chunks);
 	return {
-		// @ts-expect-error - fetch types are kinda weird
 		headers: Object.fromEntries(response.headers),
 		body: toUtf8(response.headers.get('content-type') || 'text/plain', buffer),
 		parsedUrl,

apps/meteor/definition/externals/xml-encryption.d.ts

@@ -1,23 +1,5 @@
-declare module 'xml-encryption' {
-	interface IDecryptOptions {
-		disallowDecryptionWithInsecureAlgorithm?: boolean;
-		warnInsecureAlgorithm?: boolean;
-		key: string;
-	}
-
-	export function decrypt(xml: string | Element | Document, options: IDecryptOptions, callback: (err: Error, result: any) => void): string;
-	export function decryptKeyInfo(doc: string | Element | Document, options: IDecryptOptions): string;
+import 'xml-encryption';
 
-	interface IEncryptOptions {
-		rsa_pub: string;
-		pem: Buffer | string;
-		disallowEncryptionWithInsecureAlgorithm: boolean;
-		keyEncryptionAlgorithm: string;
-		encryptionAlgorithm: string;
-		input_encoding?: string;
-		warnInsecureAlgorithm: boolean;
-	}
-
-	export function encrypt(content: string, options: IEncryptOptions, callback: (err: Error, result: any) => void): string;
-	export function encryptKeyInfo(symmetricKey: string, options: IEncryptOptions, callback: (err: Error, result: any) => void): string;
+declare module 'xml-encryption' {
+	export function decrypt(xml: Element, options: DecryptOptions, callback: (err: Error, result: any) => void): string;
 }

apps/meteor/package.json

@@ -149,6 +149,7 @@
 		"@types/use-sync-external-store": "^0.0.3",
 		"@types/uuid": "^8.3.4",
 		"@types/xml-crypto": "^1.4.2",
+		"@types/xml-encryption": "~1.2.1",
 		"@typescript-eslint/eslint-plugin": "^5.52.0",
 		"@typescript-eslint/parser": "^5.30.7",
 		"autoprefixer": "^9.8.8",
@@ -268,15 +269,15 @@
 		"@types/object-path": "^0.11.1",
 		"@types/proxy-from-env": "^1.0.1",
 		"@types/speakeasy": "^2.0.7",
-		"@xmldom/xmldom": "^0.8.2",
+		"@xmldom/xmldom": "^0.8.7",
 		"adm-zip": "0.5.9",
 		"ajv": "^8.11.0",
 		"apn": "2.2.0",
 		"archiver": "^3.1.1",
 		"asterisk-manager": "^0.2.0",
 		"atlassian-crowd-patched": "^0.5.1",
 		"autolinker": "^3.15.0",
-		"aws-sdk": "^2.1160.0",
+		"aws-sdk": "^2.1363.0",
 		"bad-words": "^3.0.4",
 		"bcrypt": "^5.0.1",
 		"body-parser": "1.20.0",
@@ -401,7 +402,7 @@
 		"turndown": "^7.1.1",
 		"twilio": "^3.76.1",
 		"twit": "^2.2.11",
-		"ua-parser-js": "^1.0.2",
+		"ua-parser-js": "^1.0.35",
 		"underscore": "^1.13.4",
 		"universal-perf-hooks": "^1.0.1",
 		"url-polyfill": "^1.1.12",
@@ -410,9 +411,9 @@
 		"uuid": "^8.3.2",
 		"vm2": "^3.9.17",
 		"webdav": "^4.11.0",
-		"xml-crypto": "^2.1.4",
-		"xml-encryption": "2.0.0",
-		"xml2js": "0.4.23",
+		"xml-crypto": "^2.1.5",
+		"xml-encryption": "~3.0.2",
+		"xml2js": "~0.5.0",
 		"yaqrcode": "^0.2.1"
 	},
 	"meteor": {

apps/meteor/tests/unit/app/meteor-accounts-saml/server.tests.ts

@@ -342,7 +342,7 @@ describe('SAML', () => {
 			it('should reject a xml with multiple responses', () => {
 				const parser = new ResponseParser(serviceProviderOptions);
 				parser.validate(duplicatedSamlResponse, (err, data, loggedOut) => {
-					expect(err).to.be.an('error').that.has.property('message').that.is.equal('Too many SAML responses');
+					expect(err).to.be.an('error');
 					expect(data).to.not.exist;
 					expect(loggedOut).to.be.false;
 				});

packages/livechat/package.json

@@ -55,7 +55,7 @@
 		"html-webpack-plugin": "^4.4.1",
 		"husky": "^4.3.8",
 		"if-env": "^1.0.4",
-		"image-webpack-loader": "^6.0.0",
+		"image-webpack-loader": "~8.1.0",
 		"lorem-ipsum": "^2.0.8",
 		"mini-css-extract-plugin": "^0.11.3",
 		"npm-run-all": "^4.1.5",
@@ -71,7 +71,6 @@
 		"rimraf": "^3.0.2",
 		"sass": "^1.49.10",
 		"sass-loader": "^9.0.3",
-		"serve": "^11.3.2",
 		"style-loader": "^1.2.1",
 		"stylelint": "^14.9.1",
 		"stylelint-order": "^5.0.0",