From 03f1c7f1f63af6be988638a926d2d71fe0aaa0d9 Mon Sep 17 00:00:00 2001 From: telno Date: Sun, 21 Nov 2021 12:36:10 -0700 Subject: [PATCH] Fixed numerous vulnerabilities and deprecations - module "jade" was deprecated and renamed "pug". Replaced all relevant API methods, and renamed all *.jade files to *.pug - module "body-parser" is deprecated in favor of methods by same name exposed on express instance - numerous critical vulnerabilities in "validator" and "mocha" packages, so updated their respective versions /example/* projects now reference the parent Thinky src directly instead of pulling previous version from NPM Fixed multiple reported memory leaks via mocha "npm test" due to unintentional global references All test succeeded via "npm test" --- examples/basic-todo/app.js | 5 ++- examples/basic-todo/package.json | 2 -- examples/blog/.DS_Store | Bin 0 -> 6148 bytes examples/blog/app.js | 11 +++---- examples/blog/package.json | 18 +++++------ examples/blog/routes/api.js | 2 +- examples/blog/routes/index.js | 4 +-- examples/blog/thinky.js | 2 +- examples/blog/views/{index.jade => index.pug} | 0 .../blog/views/{layout.jade => layout.pug} | 0 .../{addAuthor.jade => addAuthor.pug} | 0 .../partials/{addPost.jade => addPost.pug} | 0 .../views/partials/{admin.jade => admin.pug} | 0 .../partials/{authors.jade => authors.pug} | 0 .../{deleteAuthor.jade => deleteAuthor.pug} | 0 .../{deletePost.jade => deletePost.pug} | 0 .../{editAuthor.jade => editAuthor.pug} | 0 .../partials/{editPost.jade => editPost.pug} | 0 .../partials/{fullPost.jade => fullPost.pug} | 0 .../views/partials/{index.jade => index.pug} | 0 .../{readAuthor.jade => readAuthor.pug} | 0 package.json | 8 ++--- test/document.js | 30 +++++++++--------- 23 files changed, 37 insertions(+), 45 deletions(-) create mode 100644 examples/blog/.DS_Store rename examples/blog/views/{index.jade => index.pug} (100%) rename examples/blog/views/{layout.jade => layout.pug} (100%) rename examples/blog/views/partials/{addAuthor.jade => addAuthor.pug} (100%) rename examples/blog/views/partials/{addPost.jade => addPost.pug} (100%) rename examples/blog/views/partials/{admin.jade => admin.pug} (100%) rename examples/blog/views/partials/{authors.jade => authors.pug} (100%) rename examples/blog/views/partials/{deleteAuthor.jade => deleteAuthor.pug} (100%) rename examples/blog/views/partials/{deletePost.jade => deletePost.pug} (100%) rename examples/blog/views/partials/{editAuthor.jade => editAuthor.pug} (100%) rename examples/blog/views/partials/{editPost.jade => editPost.pug} (100%) rename examples/blog/views/partials/{fullPost.jade => fullPost.pug} (100%) rename examples/blog/views/partials/{index.jade => index.pug} (100%) rename examples/blog/views/partials/{readAuthor.jade => readAuthor.pug} (100%) diff --git a/examples/basic-todo/app.js b/examples/basic-todo/app.js index 3e01f211..71c70304 100644 --- a/examples/basic-todo/app.js +++ b/examples/basic-todo/app.js @@ -1,6 +1,5 @@ // Import express and co var express = require('express'); -var bodyParser = require('body-parser'); var app = express(); // Load config for RethinkDB and express @@ -8,7 +7,7 @@ var config = require(__dirname+"/config.js") // Import rethinkdbdash //var thinky = require('thinky')(config.rethinkdb); -var thinky = require('thinky')(config.rethinkdb); +var thinky = require('../../lib/thinky')(config.rethinkdb); var r = thinky.r; var type = thinky.type; @@ -25,7 +24,7 @@ Todo.ensureIndex("createdAt"); app.use(express.static(__dirname + '/public')); -app.use(bodyParser()); +app.use(express); app.route('/todo/get').get(get); app.route('/todo/new').put(create); diff --git a/examples/basic-todo/package.json b/examples/basic-todo/package.json index c52d2ea0..c931a164 100644 --- a/examples/basic-todo/package.json +++ b/examples/basic-todo/package.json @@ -4,7 +4,5 @@ , "private": true , "dependencies": { "express": "4.17.1" - , "body-parser": "1.0.2" - , "thinky": "~1.15.6" } } diff --git a/examples/blog/.DS_Store b/examples/blog/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..fffd82edf8a1696ef6bd53a7327c78ccbf3e3f2e GIT binary patch literal 6148 zcmeHKy-EZz5T4O17PPq1GGJkSZxE053GM-uyFIknbr0kUyOh3zg_XVU;ByIn^P}A2 za-fBX%s}RwBs0nE2b*Mwi09j8Ml>a&3Qds37!esBojP#m36OP-OX{enhPKp>Ec6$L zB==*w)vVXFoBx{b+Uwb3)pr|Be0Bf0&$sLAdfE0%_*7?4r*F;k>-m2F=3D-oo1I)9 zUNogp!9Xw&3nC+5&W53bfnZ?Bz@c@g za{pi8ml-Ychau4m27-Zq#sE+1MLowy`Q7^E^W?5gXjf<=;#b6gz#cpT(2;ZGL?>-N ai4DK(SPW$q8P{-NJOq@GP{F`2Fz^mS<~Q5` literal 0 HcmV?d00001 diff --git a/examples/blog/app.js b/examples/blog/app.js index e14379e9..d18ae5f3 100644 --- a/examples/blog/app.js +++ b/examples/blog/app.js @@ -3,7 +3,6 @@ var express = require('express'); var routes = require('./routes'); var api = require('./routes/api'); var config = require('./config.js'); -var bodyParser = require('body-parser'); var serveStatic = require('serve-static') var app = express(); @@ -11,27 +10,25 @@ var app = express(); app.use(serveStatic('public', {'index': ['index.html', 'index.htm']})) //app.use(express.static(__dirname + '/public')); -//app.use(bodyParser()); // parse application/x-www-form-urlencoded -app.use(bodyParser.urlencoded({ extended: false })) +app.use(express.urlencoded({ extended: false })) // // parse application/json -app.use(bodyParser.json()) +app.use(express.json()) app.set('views', __dirname + '/views'); app.set('view options', { layout: false }); -app.engine('jade', require('jade').__express); +app.engine('pug', require('pug').__express); /* // Configuration app.configure(function(){ app.set('views', __dirname + '/views'); - app.set('view engine', 'jade'); + app.set('view engine', 'pug'); app.set('view options', { layout: false }); - app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(express.static(__dirname + '/public')); app.use(app.router); diff --git a/examples/blog/package.json b/examples/blog/package.json index 672b51c3..c90cd8be 100644 --- a/examples/blog/package.json +++ b/examples/blog/package.json @@ -1,12 +1,10 @@ { - "name": "thinky-blog-example" - , "version": "0.0.1" - , "private": true - , "dependencies": { - "express": "~4.17.1" - , "body-parser": "~1.4.3" - , "jade": "~1.3.1" - , "serve-static": "~1.5.3" - , "thinky": "~ 1.15.6" - } + "name": "thinky-blog-example", + "version": "0.0.1", + "private": true, + "dependencies": { + "express": "^4.17.1", + "pug": "^3.0.2", + "serve-static": "^1.14.1" + } } diff --git a/examples/blog/routes/api.js b/examples/blog/routes/api.js index 293f8e64..83cd00fc 100644 --- a/examples/blog/routes/api.js +++ b/examples/blog/routes/api.js @@ -1,6 +1,6 @@ // Import var config = require(__dirname+'/../config.js'); -var thinky = require('thinky')(config); +var thinky = require('../../../lib/thinky')(config); var r = thinky.r; var type = thinky.type; diff --git a/examples/blog/routes/index.js b/examples/blog/routes/index.js index ac534d45..050228cf 100644 --- a/examples/blog/routes/index.js +++ b/examples/blog/routes/index.js @@ -1,8 +1,8 @@ exports.index = function(req, res){ - res.render('index.jade'); + res.render('index.pug'); }; exports.partials = function (req, res) { var name = req.params.name; - res.render('partials/' + name + ".jade"); + res.render('partials/' + name + ".pug"); }; diff --git a/examples/blog/thinky.js b/examples/blog/thinky.js index 6989a65b..48cbb7cb 100644 --- a/examples/blog/thinky.js +++ b/examples/blog/thinky.js @@ -1,4 +1,4 @@ -var thinky = require('thinky'); +var thinky = require('../../lib/thinky'); var config = require('./config'); // Initialize thinky diff --git a/examples/blog/views/index.jade b/examples/blog/views/index.pug similarity index 100% rename from examples/blog/views/index.jade rename to examples/blog/views/index.pug diff --git a/examples/blog/views/layout.jade b/examples/blog/views/layout.pug similarity index 100% rename from examples/blog/views/layout.jade rename to examples/blog/views/layout.pug diff --git a/examples/blog/views/partials/addAuthor.jade b/examples/blog/views/partials/addAuthor.pug similarity index 100% rename from examples/blog/views/partials/addAuthor.jade rename to examples/blog/views/partials/addAuthor.pug diff --git a/examples/blog/views/partials/addPost.jade b/examples/blog/views/partials/addPost.pug similarity index 100% rename from examples/blog/views/partials/addPost.jade rename to examples/blog/views/partials/addPost.pug diff --git a/examples/blog/views/partials/admin.jade b/examples/blog/views/partials/admin.pug similarity index 100% rename from examples/blog/views/partials/admin.jade rename to examples/blog/views/partials/admin.pug diff --git a/examples/blog/views/partials/authors.jade b/examples/blog/views/partials/authors.pug similarity index 100% rename from examples/blog/views/partials/authors.jade rename to examples/blog/views/partials/authors.pug diff --git a/examples/blog/views/partials/deleteAuthor.jade b/examples/blog/views/partials/deleteAuthor.pug similarity index 100% rename from examples/blog/views/partials/deleteAuthor.jade rename to examples/blog/views/partials/deleteAuthor.pug diff --git a/examples/blog/views/partials/deletePost.jade b/examples/blog/views/partials/deletePost.pug similarity index 100% rename from examples/blog/views/partials/deletePost.jade rename to examples/blog/views/partials/deletePost.pug diff --git a/examples/blog/views/partials/editAuthor.jade b/examples/blog/views/partials/editAuthor.pug similarity index 100% rename from examples/blog/views/partials/editAuthor.jade rename to examples/blog/views/partials/editAuthor.pug diff --git a/examples/blog/views/partials/editPost.jade b/examples/blog/views/partials/editPost.pug similarity index 100% rename from examples/blog/views/partials/editPost.jade rename to examples/blog/views/partials/editPost.pug diff --git a/examples/blog/views/partials/fullPost.jade b/examples/blog/views/partials/fullPost.pug similarity index 100% rename from examples/blog/views/partials/fullPost.jade rename to examples/blog/views/partials/fullPost.pug diff --git a/examples/blog/views/partials/index.jade b/examples/blog/views/partials/index.pug similarity index 100% rename from examples/blog/views/partials/index.jade rename to examples/blog/views/partials/index.pug diff --git a/examples/blog/views/partials/readAuthor.jade b/examples/blog/views/partials/readAuthor.pug similarity index 100% rename from examples/blog/views/partials/readAuthor.jade rename to examples/blog/views/partials/readAuthor.pug diff --git a/package.json b/package.json index 4e4745b5..16ff74d0 100644 --- a/package.json +++ b/package.json @@ -23,12 +23,12 @@ "bugs": { "url": "https://github.com/neumino/thinky/issues" }, - "dependencies":{ - "rethinkdbdash": "~2.3.0", + "dependencies": { "bluebird": "~2.10.2", - "validator": "~3.34.0" + "rethinkdbdash": "~2.3.0", + "validator": "^13.7.0" }, "devDependencies": { - "mocha": "~1.21.5" + "mocha": "^9.1.3" } } diff --git a/test/document.js b/test/document.js index 392e7c7d..8f04bbea 100644 --- a/test/document.js +++ b/test/document.js @@ -50,7 +50,7 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ str: str, num: num }) @@ -64,7 +64,7 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ str: num, num: num }) @@ -79,7 +79,7 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ str: str, num: num }) @@ -95,11 +95,11 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ id: str }) doc.save().then(function(result) { - doc2 = new Model({ + var doc2 = new Model({ id: str }) doc2.save().then(function(r) { @@ -117,12 +117,12 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ str: str, num: num }) assert.equal(doc.isSaved(), false); - assert.equal(doc.setSaved()); + doc.setSaved() assert.equal(doc.isSaved(), true); }); @@ -130,7 +130,7 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ str: str, num: num }) @@ -143,7 +143,7 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ str: str, num: num }) @@ -155,7 +155,7 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ str: str, num: num }) @@ -171,7 +171,7 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ str: str, num: num }) @@ -191,7 +191,7 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ str: str, num: num }) @@ -213,7 +213,7 @@ describe('save', function() { var str = util.s8(); var num = util.random(); - doc = new Model({ + var doc = new Model({ str: str, num: num }) @@ -252,7 +252,7 @@ describe('save', function() { }).error(done) }); it('Point - ReQL point', function(done){ - Model = thinky.createModel(modelNames[0], { + var Model = thinky.createModel(modelNames[0], { id: String, point: type.point() }) @@ -491,7 +491,7 @@ describe('save', function() { }); it('new should create instances of Document for joined documents too', function() { var docValues = {str: util.s8(), num: util.random(), otherDoc: {str: util.s8(), num: util.random()}} - doc = new Model(docValues); + var doc = new Model(docValues); assert.equal(doc._getModel()._name, Model.getTableName()) assert.equal(doc.otherDoc._getModel()._name, OtherModel.getTableName()) });