Merge pull request #2972 from magda-io/issue/2962

Issue/2962 Upgrade PapaParse (for ReDos vulnerability) & Fixed HTTP 416 Error
magda-io · Sep 18, 2020 · 7aeab66 · 7aeab66
2 parents 9af8e55 + f002591
commit 7aeab66
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 12 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -3,6 +3,8 @@
 ## 0.0.58
 
 -   Added Documentation for Magda Helm Charts (generated using [helm-docs](https://github.com/norwoodj/helm-docs))
+-   Upgrade papaParse to 5.3.0 for the [Regular Expression Denial of Service (ReDos) vulnerability](https://github.com/magda-io/magda/network/alert/magda-web-client/package.json/papaparse/open)
+-   Fixed papaParse's chunk data loading HTTP 416 Error (on our forked repo)
 
 ## 0.0.57
 

diff --git a/docs/docs/index.md b/docs/docs/index.md
@@ -11,7 +11,6 @@
 -   [How to build your own connectors / minions](/docs/how-to-build-your-own-connectors-minions)
 -   [How to deploy an HA, production deployment on GKE](/docs/deploying-for-production-on-gke)
 -   [Ports used when running locally](/docs/local-ports)
--   [Regression test](/docs/regression-test)
 -   [Roadmap](/docs/roadmap)
 -   [Mike's Windows Setup Instructions](/docs/windows-instructions)
 

diff --git a/docs/docs/regression-test.md b/docs/docs/regression-test.md
@@ -22,7 +22,7 @@
 -   [ ] Do resources with only access URLs work? (such as on https://dev.magda.io/dataset/ds-ga-a05f7892-feb5-7506-e044-00144fdd4fa6/details?q=lithgow)
 -   [ ] Does a resource link to a distribution page?
 -   [ ] Does the map preview work?
--   [ ] Does the chart preview load?
+-   [ ] Does the chart preview load? (e.g. dataset: ds-dga-fa0b0d71-b8b8-4af8-bc59-0b000ce0d5e4 & ds-qld-92b77bd9-d694-4a4c-949b-8b21513756be)
 -   [ ] Do all the four kinds of charts work?
 -   [ ] Does the table preview work?
 -   [ ] Does "Open in NationalMap" work?

diff --git a/magda-web-client/package.json b/magda-web-client/package.json
@@ -48,7 +48,7 @@
     "@magda/scripts": "^0.0.58-alpha.0",
     "@types/debounce-promise": "^3.1.1",
     "@types/jsonpath": "^0.2.0",
-    "@types/papaparse": "^5.0.1",
+    "@types/papaparse": "^5.2.2",
     "@types/react": "^16.8.17",
     "@types/react-autosuggest": "^9.3.9",
     "@types/react-dates": "^17.1.5",
@@ -104,7 +104,7 @@
     "nlcst-to-string": "^2.0.2",
     "npm-run-all": "^4.0.1",
     "openlayers": "^4.1.1",
-    "papaparse": "5.1.0",
+    "papaparse": "magda-io/PapaParse#5.3.0-magda",
     "pdfjs-dist": "2.0.550",
     "pretty-date": "^0.2.0",
     "prop-types": "^15.6.1",

diff --git a/yarn.lock b/yarn.lock
@@ -3406,10 +3406,10 @@
   resolved "https://registry.yarnpkg.com/@types/object-path/-/object-path-0.11.0.tgz#0b744309b2573dc8bf867ef589b6288be998e602"
   integrity sha512-/tuN8jDbOXcPk+VzEVZzzAgw1Byz7s/itb2YI10qkSyy6nykJH02DuhfrflxVdAdE7AZ91h5X6Cn0dmVdFw2TQ==
 
-"@types/papaparse@^5.0.1":
-  version "5.0.4"
-  resolved "https://registry.yarnpkg.com/@types/papaparse/-/papaparse-5.0.4.tgz#70792c74d9932bcc0bfa945ae7dacfef67f4ee57"
-  integrity sha512-jFv9NcRddMiW4+thmntwZ1AhvMDAX4+tAUDkWWbNcIzgqyjjkuSHOEUPoVh1/gqJTWfDOD1tvl+hSp88W3UtqA==
+"@types/papaparse@^5.2.2":
+  version "5.2.2"
+  resolved "https://registry.yarnpkg.com/@types/papaparse/-/papaparse-5.2.2.tgz#225c34ec6b2d55932375c86e56baad8d9d259ec3"
+  integrity sha512-e+3C4Mw/15uNC70ctfeehGooRlGv/h7fW8cf8HfBNDUngC/Ajtc6dqizx+ncDz7nj3/R1cshmYZnu86xZHvwRw==
   dependencies:
     "@types/node" "*"
 
@@ -14818,10 +14818,9 @@ pako@~1.0.5:
   resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.11.tgz#6c9599d340d54dfd3946380252a35705a6b992bf"
   integrity sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==
 
-papaparse@5.1.0:
-  version "5.1.0"
-  resolved "https://registry.yarnpkg.com/papaparse/-/papaparse-5.1.0.tgz#6228e8d96de99630ad017cf6522042319facc5eb"
-  integrity sha512-3jEYMiCc8qN7V5ffi2BTS2mRauKxCu5AIED6DxbjnHhIm7OY7fzKYkndfPlHWaaKUDCTml5XTU6V+hiuxGlZuw==
+papaparse@magda-io/PapaParse#5.3.0-magda:
+  version "5.3.0"
+  resolved "https://codeload.github.com/magda-io/PapaParse/tar.gz/3150bc5df7d6705e6c6e10462fe85bfbe00be72a"
 
 parallel-transform@^1.1.0:
   version "1.2.0"