From 218e8159c643e3ffe77a6e7e3087002e4acf1bae Mon Sep 17 00:00:00 2001 From: Volodymyr Koval Date: Tue, 21 May 2024 11:04:19 +0300 Subject: [PATCH 1/3] chore(TMC-27581): security issue in redux storage decorator filter --- .../reduxstorage/reduxLocalStorage.test.js | 57 ------------ packages/cmf/package.json | 4 - packages/cmf/src/bootstrap.md | 9 +- packages/cmf/src/index.js | 35 ++++---- packages/cmf/src/localStorage.md | 22 ----- packages/cmf/src/reduxstorage/index.js | 9 -- .../redux-storage-decorator-immutablejs.js | 29 ------ .../cmf/src/reduxstorage/reduxLocalStorage.js | 63 ------------- yarn.lock | 88 +------------------ 9 files changed, 22 insertions(+), 294 deletions(-) delete mode 100644 packages/cmf/__tests__/reduxstorage/reduxLocalStorage.test.js delete mode 100644 packages/cmf/src/localStorage.md delete mode 100644 packages/cmf/src/reduxstorage/index.js delete mode 100644 packages/cmf/src/reduxstorage/redux-storage-decorator-immutablejs.js delete mode 100644 packages/cmf/src/reduxstorage/reduxLocalStorage.js diff --git a/packages/cmf/__tests__/reduxstorage/reduxLocalStorage.test.js b/packages/cmf/__tests__/reduxstorage/reduxLocalStorage.test.js deleted file mode 100644 index b5d84d87c8f..00000000000 --- a/packages/cmf/__tests__/reduxstorage/reduxLocalStorage.test.js +++ /dev/null @@ -1,57 +0,0 @@ -import reduxLocalStorage from '../../src/reduxstorage/reduxLocalStorage'; - -describe('reduxLocalStorage', () => { - // eslint-disable-next-line no-console - const originalLog = console; - beforeEach(() => { - // eslint-disable-next-line no-console - global.console = { - warn: jest.fn(), - log: jest.fn(), - }; - }); - afterEach( () => { - // eslint-disable-next-line no-console - global.console = originalLog; - }); - it('should expose API', () => { - expect(typeof reduxLocalStorage.loadInitialState).toBe('function'); - expect(typeof reduxLocalStorage.saveOnReload).toBe('function'); - }); - it('should saveOnReload listen the beforeunload event', () => { - const original = window.addEventListener; - const cstate = { foo: 'bar' }; - const listener = jest.fn(); - window.addEventListener = listener; - reduxLocalStorage.saveOnReload({ - engine: { - save: state => state, - }, - store: { - getState: () => cstate, - }, - }); - window.addEventListener = original; - expect(listener).toHaveBeenCalled(); - }); - it('should loadInitialState', done => { - const content = '{"cmf":{"components":{"SidePanel":{"default":{"toggle":true}}}}}'; - window.localStorage.setItem('data-streams-redux', content); - reduxLocalStorage - .loadInitialState({ - key: 'data-streams-redux', - whitelist: [['cmf', 'components', 'SidePanel'], ['cmf', 'components', 'Container(Form)']], - }) - .then( - storage => { - expect( - storage.initialState.cmf.components.getIn(['SidePanel', 'default', 'toggle']), - ).toBe(true); - done(); - }, - error => { - throw new Error(error); - }, - ); - }); -}); diff --git a/packages/cmf/package.json b/packages/cmf/package.json index a4ad860bf2c..4e4cc9599e6 100644 --- a/packages/cmf/package.json +++ b/packages/cmf/package.json @@ -48,10 +48,6 @@ "redux-batched-actions": "^0.5.0", "redux-batched-subscribe": "^0.1.6", "redux-saga": "^1.3.0", - "redux-storage": "^4.1.2", - "redux-storage-decorator-filter": "^1.1.8", - "redux-storage-decorator-immutablejs": "^1.0.4", - "redux-storage-engine-localstorage": "^1.1.4", "redux-thunk": "^2.4.2" }, "devDependencies": { diff --git a/packages/cmf/src/bootstrap.md b/packages/cmf/src/bootstrap.md index 9e75ad476c8..293597fa8dd 100644 --- a/packages/cmf/src/bootstrap.md +++ b/packages/cmf/src/bootstrap.md @@ -6,6 +6,7 @@ Quick start: ```javascript import cmf from '@talend/react-cmf'; + import components from './components'; import sagas from './sagas'; @@ -51,8 +52,8 @@ For that CMF expose an API to let you merge your settings: ```javascript import cmf from '@talend/react-cmf'; - import containersModule from '@talend/react-containers'; + import components from './components'; import saga from './saga'; import sagas from './sagas'; @@ -65,10 +66,6 @@ cmf.boostrap({ }); ``` -## How to setup store using localStorage ? - -We provide a [simple API for that](./localStorage.md). - ## onError The error handling is well described in it's own [documentation page](./onError.md). @@ -85,8 +82,8 @@ If you are using ngreact and you want to leverage cmf you must set the `render` ```javascript import cmf from '@talend/react-cmf'; - import containersModule from '@talend/react-containers'; + import components from './components'; import saga from './saga'; import sagas from './sagas'; diff --git a/packages/cmf/src/index.js b/packages/cmf/src/index.js index b7021ea3939..147cd642ffa 100644 --- a/packages/cmf/src/index.js +++ b/packages/cmf/src/index.js @@ -1,40 +1,36 @@ /** * @module react-cmf */ - -import actions from './actions'; +import * as mock from './mock'; +// DEPRECATED APIs +import action from './action'; import actionCreator from './actionCreator'; - +import actions from './actions'; +import App from './App'; import bootstrap from './bootstrap'; import cmfConnect from './cmfConnect'; import cmfModule from './cmfModule'; import component from './component'; -import ConnectedDispatcher from './Dispatcher'; import ErrorBoundary from './components/ErrorBoundary/ErrorBoundary.component'; -import { Saga, CmfRegisteredSaga } from './components/Saga'; +import { CmfRegisteredSaga, Saga } from './components/Saga'; +import componentState from './componentState'; +import constants from './constant'; +import ConnectedDispatcher from './Dispatcher'; import expression from './expression'; import expressions from './expressions'; import Inject from './Inject.component'; -import matchPath from './matchPath'; -import sagas from './sagas'; -import selectors from './selectors'; -import settings from './settings'; import localStorage from './localStorage'; +import matchPath from './matchPath'; +import middlewares from './middlewares'; import onError from './onError'; -import reduxStorage from './reduxstorage'; -import * as mock from './mock'; -import { useCMFContext } from './useContext'; - -// DEPRECATED APIs -import action from './action'; -import App from './App'; import reducers from './reducers'; import registry from './registry'; import RegistryProvider from './RegistryProvider'; +import sagas from './sagas'; +import selectors from './selectors'; +import settings from './settings'; import store from './store'; -import middlewares from './middlewares'; -import componentState from './componentState'; -import constants from './constant'; +import { useCMFContext } from './useContext'; const Dispatcher = ConnectedDispatcher; const getErrorMiddleware = middlewares.error; @@ -54,7 +50,6 @@ export { ErrorBoundary, Inject, mock, - reduxStorage, sagas, selectors, // DEPRECATED diff --git a/packages/cmf/src/localStorage.md b/packages/cmf/src/localStorage.md deleted file mode 100644 index 2bb4da7bc52..00000000000 --- a/packages/cmf/src/localStorage.md +++ /dev/null @@ -1,22 +0,0 @@ -# setup localStorage with CMF - -You can use this API to setup your redux state using localStorage. - -```javascript -import cmf from '@talend/react-cmf'; - -const localStorageKey = 'myApp-v1'; -const preloadedState = cmf.localStorage.getState(localStorageKey); -const storeCallback = cmf.localStorage.getStoreCallback(localStorageKey, [ - ['cmf', 'components', 'Container(List)', 'foo'], - ['cmf', 'components', 'Container(SidePanel)'], -]); - -cmf.bootstrap({ - preloadedState, - storeCallback, -}); -``` - -From now the redux-storage api provided in CMF is DEPRECATED. -It will be removed in the next major release. diff --git a/packages/cmf/src/reduxstorage/index.js b/packages/cmf/src/reduxstorage/index.js deleted file mode 100644 index 3cd934df835..00000000000 --- a/packages/cmf/src/reduxstorage/index.js +++ /dev/null @@ -1,9 +0,0 @@ -/** - * This is a CMF plugin that let you configure your store - */ - -import * as reduxLocalStorage from './reduxLocalStorage'; - -export default { - localStorage: reduxLocalStorage, -}; diff --git a/packages/cmf/src/reduxstorage/redux-storage-decorator-immutablejs.js b/packages/cmf/src/reduxstorage/redux-storage-decorator-immutablejs.js deleted file mode 100644 index addca173f7d..00000000000 --- a/packages/cmf/src/reduxstorage/redux-storage-decorator-immutablejs.js +++ /dev/null @@ -1,29 +0,0 @@ -// FIXME: should be contribution -import { fromJS } from 'immutable'; - -export default (engine, whitelist = []) => ({ - ...engine, - - load() { - if (process.env.NODE_ENV !== 'production') { - // eslint-disable-next-line no-console - console.warn('DEPRECATED: this API will be removed in the next major release'); - } - return engine.load().then(result => { - whitelist.forEach(keys => { - if (typeof keys === 'string') { - keys = [keys]; // eslint-disable-line no-param-reassign - } - let tmp = result; - keys.forEach((key, index) => { - if (tmp && index === keys.length - 1) { - tmp[key] = fromJS(tmp[key]); - } else if (tmp) { - tmp = tmp[key]; - } - }); - }); - return result; - }); - }, -}); diff --git a/packages/cmf/src/reduxstorage/reduxLocalStorage.js b/packages/cmf/src/reduxstorage/reduxLocalStorage.js deleted file mode 100644 index 501430258a0..00000000000 --- a/packages/cmf/src/reduxstorage/reduxLocalStorage.js +++ /dev/null @@ -1,63 +0,0 @@ -import * as storage from 'redux-storage'; -import createEngine from 'redux-storage-engine-localstorage'; -import filter from 'redux-storage-decorator-filter'; -import immutablejs from './redux-storage-decorator-immutablejs'; - -const CMF_IMMUTABLE_PATHS = [ - ['cmf', 'components'], - ['cmf', 'collections'], -]; - -const CMF_MIDDLEWARE_BLACK_LIST = ['@@INIT', '@@router/LOCATION_CHANGE']; - -function loadInitialState(options = {}) { - if (process.env.NODE_ENV !== 'production') { - // eslint-disable-next-line no-console - console.warn('DEPRECATED: this API will be removed in the next major release'); - } - const { - key, - immutables = [], - whitelist = [], - blacklist = [], - middlewareWhitelist = [], - middlewareBlacklist = [], - } = options; - let engine = createEngine(key); - engine = filter(engine, whitelist, blacklist); - - const ipaths = []; - CMF_IMMUTABLE_PATHS.forEach(p => ipaths.push(p)); - immutables.forEach(p => ipaths.push(p)); - engine = immutablejs(engine, ipaths); - - const mblack = []; - CMF_MIDDLEWARE_BLACK_LIST.forEach(m => mblack.push(m)); - middlewareBlacklist.forEach(m => mblack.push(m)); - const storageMiddleware = storage.createMiddleware(engine, mblack, middlewareWhitelist); - - return storage - .createLoader(engine)({ - dispatch: () => {}, - }) - .then(initialState => ({ - initialState, - storageMiddleware, - engine, - })); -} - -function saveOnReload({ engine, store }) { - if (process.env.NODE_ENV !== 'production') { - // eslint-disable-next-line no-console - console.warn('DEPRECATED: this API will be removed in the next major release'); - } - window.addEventListener('beforeunload', () => { - engine.save(store.getState()); // localstorage is sync - }); -} - -export default { - loadInitialState, - saveOnReload, -}; diff --git a/yarn.lock b/yarn.lock index ae8fe7cca8e..fd8d42efc6a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -10975,7 +10975,7 @@ ignore@^5.0.0, ignore@^5.2.0, ignore@^5.2.4: resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef" integrity sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw== -immutable@^3, immutable@^3.7.6, immutable@^3.8.2: +immutable@^3, immutable@^3.8.2: version "3.8.2" resolved "https://registry.yarnpkg.com/immutable/-/immutable-3.8.2.tgz#c2439951455bb39913daf281376f1530e104adf3" integrity sha512-15gZoQ38eYjEjxkorfbcgBKBL6R7T459OuK+CpcWt7O3KF4uPCx2tD0uFETlUDIyo+1789crbMhTvQBSR5yBMg== @@ -12747,7 +12747,7 @@ lodash.debounce@4.0.8, lodash.debounce@^4, lodash.debounce@^4.0.8: resolved "https://registry.yarnpkg.com/lodash.debounce/-/lodash.debounce-4.0.8.tgz#82d79bff30a67c4005ffd5e2515300ad9ca4d7af" integrity sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow== -lodash.get@^4.1.2, lodash.get@^4.4.2: +lodash.get@^4.4.2: version "4.4.2" resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-4.4.2.tgz#2d177f652fa31e939b4438d5341499dfa3825e99" integrity sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ== @@ -12767,16 +12767,6 @@ lodash.isfinite@^3.3.2: resolved "https://registry.yarnpkg.com/lodash.isfinite/-/lodash.isfinite-3.3.2.tgz#fb89b65a9a80281833f0b7478b3a5104f898ebb3" integrity sha512-7FGG40uhC8Mm633uKW1r58aElFlBlxCrg9JfSi3P6aYiWmfiWF0PgMd86ZUsxE5GwWPdHoS2+48bwTh2VPkIQA== -lodash.isfunction@^3.0.7, lodash.isfunction@^3.0.8: - version "3.0.9" - resolved "https://registry.yarnpkg.com/lodash.isfunction/-/lodash.isfunction-3.0.9.tgz#06de25df4db327ac931981d1bdb067e5af68d051" - integrity sha512-AirXNj15uRIMMPihnkInB4i3NHeb4iBtNg9WRWuK2o31S+ePwwNmDPaTL3o7dTJ+VXNZim7rFs4rxN4YU1oUJw== - -lodash.isobject@^3.0.2: - version "3.0.2" - resolved "https://registry.yarnpkg.com/lodash.isobject/-/lodash.isobject-3.0.2.tgz#3c8fb8d5b5bf4bf90ae06e14f2a530a4ed935e1d" - integrity sha512-3/Qptq2vr7WeJbB4KHUSKlq8Pl7ASXi3UG6CMbBm8WRtXi8+GHm7mKaU3urfpSEzWe2wCIChs6/sdocUsTKJiA== - lodash.isplainobject@^4.0.6: version "4.0.6" resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb" @@ -12787,7 +12777,7 @@ lodash.memoize@^4.1.2: resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe" integrity sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag== -lodash.merge@4.6.2, lodash.merge@^4.3.1, lodash.merge@^4.6.2: +lodash.merge@4.6.2, lodash.merge@^4.6.2: version "4.6.2" resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a" integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ== @@ -12807,16 +12797,6 @@ lodash.pick@4.4.0: resolved "https://registry.yarnpkg.com/lodash.pick/-/lodash.pick-4.4.0.tgz#52f05610fff9ded422611441ed1fc123a03001b3" integrity sha512-hXt6Ul/5yWjfklSGvLQl8vM//l3FtyHZeuelpzK6mm99pNvN9yTDruNZPEJZD1oWrqo+izBmB7oUfWgcCX7s4Q== -lodash.reduce@^4.3.0: - version "4.6.0" - resolved "https://registry.yarnpkg.com/lodash.reduce/-/lodash.reduce-4.6.0.tgz#f1ab6b839299ad48f784abbf476596f03b914d3b" - integrity sha512-6raRe2vxCYBhpBu+B+TtNGUzah+hQjVdu3E17wfusjyrXBka2nBS8OH/gjVZ5PvHOhWmIZTYri09Z6n/QfnNMw== - -lodash.set@^4.0.0: - version "4.3.2" - resolved "https://registry.yarnpkg.com/lodash.set/-/lodash.set-4.3.2.tgz#d8757b1da807dde24816b0d6a84bea1a76230b23" - integrity sha512-4hNPN5jlm/N/HLMCO43v8BXKq9Z7QdAGc/VGrRD61w8gN9g/6jF9A4L1pbUgBLCffi0w9VsXfTOij5x8iTyFvg== - lodash.sortby@^4.7.0: version "4.7.0" resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438" @@ -12847,11 +12827,6 @@ lodash.uniq@^4.5.0: resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773" integrity sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ== -lodash.unset@^4.1.0: - version "4.5.2" - resolved "https://registry.yarnpkg.com/lodash.unset/-/lodash.unset-4.5.2.tgz#370d1d3e85b72a7e1b0cdf2d272121306f23e4ed" - integrity sha512-bwKX88k2JhCV9D1vtE8+naDKlLiGrSmf8zi/Y9ivFHwbmRfA8RxS/aVJ+sIht2XOwqoNr4xUPUkGZpc1sHFEKg== - lodash@4.17.21, lodash@^4, lodash@^4.0.0, lodash@^4.11.2, lodash@^4.17.10, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21: version "4.17.21" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" @@ -12891,7 +12866,7 @@ longest-streak@^3.0.0: resolved "https://registry.yarnpkg.com/longest-streak/-/longest-streak-3.1.0.tgz#62fa67cd958742a1574af9f39866364102d90cd4" integrity sha512-9Ri+o0JYgehTaVBBDoMqIl8GXtbWg711O3srftcHhZ0dqnETqLaoIK0x17fUw9rFSlK/0NlsKe0Ahhyl5pXE2g== -loose-envify@^1.0.0, loose-envify@^1.1.0, loose-envify@^1.2.0, loose-envify@^1.3.1, loose-envify@^1.4.0: +loose-envify@^1.0.0, loose-envify@^1.1.0, loose-envify@^1.3.1, loose-envify@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/loose-envify/-/loose-envify-1.4.0.tgz#71ee51fa7be4caec1a63839f7e682d8132d30caf" integrity sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q== @@ -16233,18 +16208,6 @@ redent@^4.0.0: indent-string "^5.0.0" strip-indent "^4.0.0" -reduce-reducers@^0.1.0: - version "0.1.5" - resolved "https://registry.yarnpkg.com/reduce-reducers/-/reduce-reducers-0.1.5.tgz#ff77ca8068ff41007319b8b4b91533c7e0e54576" - integrity sha512-uoVmQnZQ+BtKKDKpBdbBri5SLNyIK9ULZGOA504++VbHcwouWE+fJDIo8AuESPF9/EYSkI0v05LDEQK6stCbTA== - -redux-actions@^0.10.1: - version "0.10.1" - resolved "https://registry.yarnpkg.com/redux-actions/-/redux-actions-0.10.1.tgz#bb442ee37dd9643a94933e4071e089f435587135" - integrity sha512-7l4PxsZFMZWhoNVX8z+nr7NCrhrPXK5EsNvROss0+pFF05kjBOvCo1crQicfBPvNqhHRHI9LSCWVDBbdi9cApA== - dependencies: - reduce-reducers "^0.1.0" - redux-batched-actions@^0.5.0: version "0.5.0" resolved "https://registry.yarnpkg.com/redux-batched-actions/-/redux-batched-actions-0.5.0.tgz#d3f0e359b2a95c7d80bab442df450bfafd57d122" @@ -16283,49 +16246,6 @@ redux-saga@^1.3.0: dependencies: "@redux-saga/core" "^1.3.0" -redux-storage-decorator-filter@^1.1.8: - version "1.1.8" - resolved "https://registry.yarnpkg.com/redux-storage-decorator-filter/-/redux-storage-decorator-filter-1.1.8.tgz#c0b7b5563b8ba138ce79c03ad54a2878a3a53ee5" - integrity sha512-YZp72hnGPgo/+4ECbHGO17JQ9e1pc2woSRI2fcPco6s7qgPR3CMdnQMiV05LH7brrbcbszkft7OUQrTP4/unEw== - dependencies: - lodash.get "^4.1.2" - lodash.isfunction "^3.0.7" - lodash.isobject "^3.0.2" - lodash.reduce "^4.3.0" - lodash.set "^4.0.0" - lodash.unset "^4.1.0" - -redux-storage-decorator-immutablejs@^1.0.4: - version "1.0.4" - resolved "https://registry.yarnpkg.com/redux-storage-decorator-immutablejs/-/redux-storage-decorator-immutablejs-1.0.4.tgz#8d90df6cfa1b465a33686b085d641e1709ab5aeb" - integrity sha512-Vof32D9VdPFRoBXP9FFNBsWKCMg6YGWqfy0LGHaJgNy/yZNPkRSdFJtW/YOxK/i0vsxX9TMFoOEymrEXF5lJLA== - dependencies: - immutable "^3.7.6" - -redux-storage-engine-localstorage@^1.1.4: - version "1.1.4" - resolved "https://registry.yarnpkg.com/redux-storage-engine-localstorage/-/redux-storage-engine-localstorage-1.1.4.tgz#2849278d78970f0c3f5f3d4727caa3c30783ed49" - integrity sha512-bJov5lDoNJZY90VfIYtAJB0YdzeXQYy2BRx0mUitUq1/yUqypUG+icCvAlP6jz50SHFZrU30q0Ne/cxjDLPGDg== - -redux-storage-merger-simple@^1.0.2: - version "1.0.5" - resolved "https://registry.yarnpkg.com/redux-storage-merger-simple/-/redux-storage-merger-simple-1.0.5.tgz#29a2886b0e770d9b70811aca800aa8efae89fb73" - integrity sha512-7osIHKaS6HvJpFkSWlsJz8tUV7SxVsDzo9FBkbeHKTL+j+lVBMhXNzONL8I2Q+1N4JSh7ilwoa1CBFYmWF2j/w== - dependencies: - lodash.isobject "^3.0.2" - lodash.merge "^4.3.1" - -redux-storage@^4.1.2: - version "4.1.2" - resolved "https://registry.yarnpkg.com/redux-storage/-/redux-storage-4.1.2.tgz#e06f4bdeee262aead9132fc9f7eadc67e9f9bea2" - integrity sha512-mA3ye5FLqnK3RgrSuhSyXkYp9IOyWB95/zle2n8qSrFoOiCTgrEtM9W07hou/b/QRmT/LpsRQhWiQOn7KqOjjw== - dependencies: - lodash.isfunction "^3.0.8" - lodash.isobject "^3.0.2" - loose-envify "^1.2.0" - redux-actions "^0.10.1" - redux-storage-merger-simple "^1.0.2" - redux-thunk@*: version "3.1.0" resolved "https://registry.yarnpkg.com/redux-thunk/-/redux-thunk-3.1.0.tgz#94aa6e04977c30e14e892eae84978c1af6058ff3" From ae333356880cb323d6273a9dfa026d42a831d57b Mon Sep 17 00:00:00 2001 From: Volodymyr Koval Date: Tue, 21 May 2024 15:00:12 +0300 Subject: [PATCH 2/3] chore(TMC-27581): security issue in redux storage decorator filter --- .changeset/bright-dots-march.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/bright-dots-march.md diff --git a/.changeset/bright-dots-march.md b/.changeset/bright-dots-march.md new file mode 100644 index 00000000000..97988a2e921 --- /dev/null +++ b/.changeset/bright-dots-march.md @@ -0,0 +1,5 @@ +--- +"@talend/react-cmf": minor +--- + +chore(TMC-27581): security issue in redux storage decorator filter From fabb7f3897ead888009a61969928152040f2aa5e Mon Sep 17 00:00:00 2001 From: Volodymyr Koval Date: Tue, 21 May 2024 15:44:11 +0300 Subject: [PATCH 3/3] chore(TMC-27581): security issue in redux storage decorator filter --- .changeset/{bright-dots-march.md => short-points-wait.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .changeset/{bright-dots-march.md => short-points-wait.md} (73%) diff --git a/.changeset/bright-dots-march.md b/.changeset/short-points-wait.md similarity index 73% rename from .changeset/bright-dots-march.md rename to .changeset/short-points-wait.md index 97988a2e921..d66965ca348 100644 --- a/.changeset/bright-dots-march.md +++ b/.changeset/short-points-wait.md @@ -1,5 +1,5 @@ --- -"@talend/react-cmf": minor +"@talend/react-cmf": major --- chore(TMC-27581): security issue in redux storage decorator filter