From dfbd2d3bf7917703c592f3c4ac2ca1ed386b87aa Mon Sep 17 00:00:00 2001
From: Jacky Jiang <t83714@gmail.com>
Date: Fri, 18 Sep 2020 12:45:03 +1000
Subject: [PATCH 1/3] #2962 Upgrade to papaParse 5.30 for
 https://github.com/magda-io/magda/network/alert/magda-web-client/package.json/papaparse/open
 We use our fork to fix a http 416 error issue as well

---
 magda-web-client/package.json |  4 ++--
 yarn.lock                     | 15 +++++++--------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/magda-web-client/package.json b/magda-web-client/package.json
index 45d51c5f45..885175c836 100644
--- a/magda-web-client/package.json
+++ b/magda-web-client/package.json
@@ -48,7 +48,7 @@
     "@magda/scripts": "^0.0.58-alpha.0",
     "@types/debounce-promise": "^3.1.1",
     "@types/jsonpath": "^0.2.0",
-    "@types/papaparse": "^5.0.1",
+    "@types/papaparse": "^5.2.2",
     "@types/react": "^16.8.17",
     "@types/react-autosuggest": "^9.3.9",
     "@types/react-dates": "^17.1.5",
@@ -104,7 +104,7 @@
     "nlcst-to-string": "^2.0.2",
     "npm-run-all": "^4.0.1",
     "openlayers": "^4.1.1",
-    "papaparse": "5.1.0",
+    "papaparse": "magda-io/PapaParse#5.3.0-magda",
     "pdfjs-dist": "2.0.550",
     "pretty-date": "^0.2.0",
     "prop-types": "^15.6.1",
diff --git a/yarn.lock b/yarn.lock
index f8d94948f6..2de1eb5370 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3406,10 +3406,10 @@
   resolved "https://registry.yarnpkg.com/@types/object-path/-/object-path-0.11.0.tgz#0b744309b2573dc8bf867ef589b6288be998e602"
   integrity sha512-/tuN8jDbOXcPk+VzEVZzzAgw1Byz7s/itb2YI10qkSyy6nykJH02DuhfrflxVdAdE7AZ91h5X6Cn0dmVdFw2TQ==
 
-"@types/papaparse@^5.0.1":
-  version "5.0.4"
-  resolved "https://registry.yarnpkg.com/@types/papaparse/-/papaparse-5.0.4.tgz#70792c74d9932bcc0bfa945ae7dacfef67f4ee57"
-  integrity sha512-jFv9NcRddMiW4+thmntwZ1AhvMDAX4+tAUDkWWbNcIzgqyjjkuSHOEUPoVh1/gqJTWfDOD1tvl+hSp88W3UtqA==
+"@types/papaparse@^5.2.2":
+  version "5.2.2"
+  resolved "https://registry.yarnpkg.com/@types/papaparse/-/papaparse-5.2.2.tgz#225c34ec6b2d55932375c86e56baad8d9d259ec3"
+  integrity sha512-e+3C4Mw/15uNC70ctfeehGooRlGv/h7fW8cf8HfBNDUngC/Ajtc6dqizx+ncDz7nj3/R1cshmYZnu86xZHvwRw==
   dependencies:
     "@types/node" "*"
 
@@ -14818,10 +14818,9 @@ pako@~1.0.5:
   resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.11.tgz#6c9599d340d54dfd3946380252a35705a6b992bf"
   integrity sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==
 
-papaparse@5.1.0:
-  version "5.1.0"
-  resolved "https://registry.yarnpkg.com/papaparse/-/papaparse-5.1.0.tgz#6228e8d96de99630ad017cf6522042319facc5eb"
-  integrity sha512-3jEYMiCc8qN7V5ffi2BTS2mRauKxCu5AIED6DxbjnHhIm7OY7fzKYkndfPlHWaaKUDCTml5XTU6V+hiuxGlZuw==
+papaparse@magda-io/PapaParse#5.3.0-magda:
+  version "5.3.0"
+  resolved "https://codeload.github.com/magda-io/PapaParse/tar.gz/3150bc5df7d6705e6c6e10462fe85bfbe00be72a"
 
 parallel-transform@^1.1.0:
   version "1.2.0"

From 6a8691c124164390f9706997b783fc00eda67f7b Mon Sep 17 00:00:00 2001
From: Jacky Jiang <t83714@gmail.com>
Date: Fri, 18 Sep 2020 12:48:29 +1000
Subject: [PATCH 2/3] update doc

---
 docs/docs/index.md           | 1 -
 docs/docs/regression-test.md | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/docs/index.md b/docs/docs/index.md
index fb80cf861b..1cec34eb99 100644
--- a/docs/docs/index.md
+++ b/docs/docs/index.md
@@ -11,7 +11,6 @@
 -   [How to build your own connectors / minions](/docs/how-to-build-your-own-connectors-minions)
 -   [How to deploy an HA, production deployment on GKE](/docs/deploying-for-production-on-gke)
 -   [Ports used when running locally](/docs/local-ports)
--   [Regression test](/docs/regression-test)
 -   [Roadmap](/docs/roadmap)
 -   [Mike's Windows Setup Instructions](/docs/windows-instructions)
 
diff --git a/docs/docs/regression-test.md b/docs/docs/regression-test.md
index 11b815054f..c4591def58 100644
--- a/docs/docs/regression-test.md
+++ b/docs/docs/regression-test.md
@@ -22,7 +22,7 @@
 -   [ ] Do resources with only access URLs work? (such as on https://dev.magda.io/dataset/ds-ga-a05f7892-feb5-7506-e044-00144fdd4fa6/details?q=lithgow)
 -   [ ] Does a resource link to a distribution page?
 -   [ ] Does the map preview work?
--   [ ] Does the chart preview load?
+-   [ ] Does the chart preview load? (e.g. dataset: ds-dga-fa0b0d71-b8b8-4af8-bc59-0b000ce0d5e4 & ds-qld-92b77bd9-d694-4a4c-949b-8b21513756be)
 -   [ ] Do all the four kinds of charts work?
 -   [ ] Does the table preview work?
 -   [ ] Does "Open in NationalMap" work?

From f002591fdb04a8240984aa0baca525634be0bb32 Mon Sep 17 00:00:00 2001
From: Jacky Jiang <t83714@gmail.com>
Date: Fri, 18 Sep 2020 12:51:08 +1000
Subject: [PATCH 3/3] updated changes.md

---
 CHANGES.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index 4b29043068..e40e0ad25e 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -3,6 +3,8 @@
 ## 0.0.58
 
 -   Added Documentation for Magda Helm Charts (generated using [helm-docs](https://github.com/norwoodj/helm-docs))
+-   Upgrade papaParse to 5.3.0 for the [Regular Expression Denial of Service (ReDos) vulnerability](https://github.com/magda-io/magda/network/alert/magda-web-client/package.json/papaparse/open)
+-   Fixed papaParse's chunk data loading HTTP 416 Error (on our forked repo)
 
 ## 0.0.57