From 905c9c6ec14fea950249f5572db766c7f68f3623 Mon Sep 17 00:00:00 2001 From: Brian Gough Date: Fri, 21 Oct 2022 09:14:36 +0100 Subject: [PATCH] Merge pull request #10098 from overleaf/bg-upgrade-samlp upgrade from samlp 3.5.0 to 7.0.2 GitOrigin-RevId: c10afa713239f90b71fe4e4c8823e4fc79b767ba --- package-lock.json | 679 +++++++++++++------------------------- services/web/package.json | 2 +- 2 files changed, 223 insertions(+), 458 deletions(-) diff --git a/package-lock.json b/package-lock.json index 743a08c196..0dffa647c9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11841,9 +11841,15 @@ "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" }, "node_modules/ejs": { - "version": "2.5.5", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.5.5.tgz", - "integrity": "sha1-bvTpVOp9z1T2aq0v56pCGTLZ7Xc=", + "version": "3.1.8", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.8.tgz", + "integrity": "sha512-/sXZeMlhS0ArkfX2Aw780gJzXSMPnKjtspYZv+f3NiKLlubezAHDU5+9xz6gd3/NhG3txQCo6xlglmTS+oTGEQ==", + "dependencies": { + "jake": "^10.8.5" + }, + "bin": { + "ejs": "bin/cli.js" + }, "engines": { "node": ">=0.10.0" } @@ -13988,6 +13994,33 @@ "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz", "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==" }, + "node_modules/filelist": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==", + "dependencies": { + "minimatch": "^5.0.1" + } + }, + "node_modules/filelist/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/filelist/node_modules/minimatch": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.0.tgz", + "integrity": "sha512-9TPBGGak4nHfGZsPBohm9AWg6NoT7QTCehS3BIJABslyZbzxfV78QM2Y6+i741OPZIafFAaiiEMh5OyIrJPgtg==", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/fill-range": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", @@ -18003,6 +18036,68 @@ "which": "bin/which" } }, + "node_modules/jake": { + "version": "10.8.5", + "resolved": "https://registry.npmjs.org/jake/-/jake-10.8.5.tgz", + "integrity": "sha512-sVpxYeuAhWt0OTWITwT98oyV0GsXyMlXCF+3L1SuafBVUIr/uILGRB+NqwkzhgXKvoJpDIpQvqkUALgdmQsQxw==", + "dependencies": { + "async": "^3.2.3", + "chalk": "^4.0.2", + "filelist": "^1.0.1", + "minimatch": "^3.0.4" + }, + "bin": { + "jake": "bin/cli.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/jake/node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/jake/node_modules/async": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz", + "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==" + }, + "node_modules/jake/node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/jake/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/jest-worker": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-27.5.1.tgz", @@ -26311,180 +26406,57 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "node_modules/saml": { - "version": "0.14.0", - "resolved": "https://registry.npmjs.org/saml/-/saml-0.14.0.tgz", - "integrity": "sha512-3071zwAK6PI3czQEd0lGt5P7SqI+tU1GeKuJqARRoib+8AsbGoO1Nq9f0WuMx3e59K+GtFYFhGp4i4zvqjwKDQ==", - "dev": true, + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/saml/-/saml-3.0.1.tgz", + "integrity": "sha512-bOjVqZcHY8PkdTBD7Y27KHykC7403BEM46SeCq5r0QPNEPE7M7RmWKy7hPjYsID9VNkCNSHYSVrrRS8Y9hNVWA==", "dependencies": { - "async": "~0.2.9", - "moment": "2.19.3", + "@xmldom/xmldom": "^0.7.4", + "async": "^3.2.4", + "moment": "^2.29.4", "valid-url": "~1.0.9", - "xml-crypto": "~1.0.1", - "xml-encryption": "0.11.2", + "xml-crypto": "^2.1.3", + "xml-encryption": "^2.0.0", "xml-name-validator": "~2.0.1", - "xmldom": "=0.1.15", "xpath": "0.0.5" + }, + "engines": { + "node": ">=12" } }, "node_modules/saml/node_modules/async": { - "version": "0.2.10", - "resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz", - "integrity": "sha1-trvgsGdLnXGXCMo43owjfLUmw9E=", - "dev": true - }, - "node_modules/saml/node_modules/ejs": { - "version": "2.7.4", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz", - "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA==", - "dev": true, - "hasInstallScript": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/saml/node_modules/moment": { - "version": "2.19.3", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.19.3.tgz", - "integrity": "sha1-vbmdJw1tf9p4zA+6zoVeJ/59pp8=", - "dev": true, - "engines": { - "node": "*" - } - }, - "node_modules/saml/node_modules/node-forge": { - "version": "0.7.6", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.7.6.tgz", - "integrity": "sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==", - "dev": true, - "engines": { - "node": "*" - } - }, - "node_modules/saml/node_modules/xml-crypto": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-1.0.2.tgz", - "integrity": "sha512-bDQkgu1yuwl+QoJbi4GBP9MWxpmYkXc8a9iSHbZ7lKqcxzGlDqMRugcl7qK7TsMI0ydU66GG8/eLNvRUk5T2fw==", - "dev": true, - "dependencies": { - "xmldom": "0.1.27", - "xpath.js": ">=0.0.3" - }, - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/saml/node_modules/xml-crypto/node_modules/xmldom": { - "version": "0.1.27", - "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.27.tgz", - "integrity": "sha1-1QH5ezvbQDr4757MIFcxh6rawOk=", - "deprecated": "Deprecated due to CVE-2021-21366 resolved in 0.5.0", - "dev": true, - "engines": { - "node": ">=0.1" - } - }, - "node_modules/saml/node_modules/xml-encryption": { - "version": "0.11.2", - "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-0.11.2.tgz", - "integrity": "sha512-jVvES7i5ovdO7N+NjgncA326xYKjhqeAnnvIgRnY7ROLCfFqEDLwP0Sxp/30SHG0AXQV1048T5yinOFyvwGFzg==", - "dev": true, - "dependencies": { - "async": "^2.1.5", - "ejs": "^2.5.6", - "node-forge": "^0.7.0", - "xmldom": "~0.1.15", - "xpath": "0.0.27" - }, - "engines": { - "node": ">=0.10" - } - }, - "node_modules/saml/node_modules/xml-encryption/node_modules/async": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/async/-/async-2.6.3.tgz", - "integrity": "sha512-zflvls11DCy+dQWzTW2dzuilv8Z5X/pjfmZOWba6TNIVDm+2UDaJmXSOXlasHKfNBs8oo3M0aT50fDEWfKZjXg==", - "dev": true, - "dependencies": { - "lodash": "^4.17.14" - } - }, - "node_modules/saml/node_modules/xml-encryption/node_modules/xpath": { - "version": "0.0.27", - "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.27.tgz", - "integrity": "sha512-fg03WRxtkCV6ohClePNAECYsmpKKTv5L8y/X3Dn1hQrec3POx2jHZ/0P2qQ6HvsrU1BmeqXcof3NGGueG6LxwQ==", - "dev": true, - "engines": { - "node": ">=0.6.0" - } + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz", + "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==" }, "node_modules/saml/node_modules/xml-name-validator": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-2.0.1.tgz", - "integrity": "sha1-TYuPHszTQZqjYgYb7O9RXh5VljU=", - "dev": true - }, - "node_modules/saml/node_modules/xmldom": { - "version": "0.1.15", - "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.15.tgz", - "integrity": "sha1-swSAYvG91S7cQhQkRZ8G3O6y+U0=", - "deprecated": "Deprecated due to CVE-2021-21366 resolved in 0.5.0", - "dev": true, - "engines": { - "node": ">=0.1" - } + "integrity": "sha512-jRKe/iQYMyVJpzPH+3HL97Lgu5HrCfii+qSo+TfjKHtOnvbnvdVfMYrn9Q34YV81M2e5sviJlI6Ko9y+nByzvA==" }, "node_modules/samlp": { - "version": "3.5.0", - "resolved": "https://registry.npmjs.org/samlp/-/samlp-3.5.0.tgz", - "integrity": "sha512-Fh0XHY529NbWER1ByHNBt1nDPlKjYP9vrKvwJaRa1wAGbBJ4rpHjl5sY6sShHxccvZ7dp1SA0FldJiF/MaDZ5A==", - "dev": true, + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/samlp/-/samlp-7.0.2.tgz", + "integrity": "sha512-ajROyMKj4HKqXEbThx5ktsMWRsIGziAWWgh9ObnzobUJgCObSUPB13KM9G50huIQffMy3lXx87JDhzYXg5iJ5A==", "dependencies": { "@auth0/thumbprint": "0.0.6", - "ejs": "2.5.5", + "@auth0/xmldom": "0.1.21", + "auth0-id-generator": "^0.2.0", + "ejs": "^3.1.8", "flowstate": "^0.4.0", "querystring": "^0.2.0", - "saml": "^0.14", - "xml-crypto": "^1.5.3", - "xmldom": "github:auth0/xmldom#v0.1.19-auth0_1", + "saml": "^3.0.1", + "xml-crypto": "^2.0.0", "xpath": "0.0.5", "xtend": "^1.0.3" - } - }, - "node_modules/samlp/node_modules/xml-crypto": { - "version": "1.5.6", - "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-1.5.6.tgz", - "integrity": "sha512-LCLvc59uItSD3QZprq+XaJWXb0umi3g8Ks3pZis1qZ9OYzQuHb4U//u5+vHr4gjn2KFAAAzFlja6OnS2LG/gRw==", - "dev": true, - "dependencies": { - "@xmldom/xmldom": "^0.7.0", - "xpath": "0.0.32" }, "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/samlp/node_modules/xml-crypto/node_modules/xpath": { - "version": "0.0.32", - "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", - "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==", - "dev": true, - "engines": { - "node": ">=0.6.0" - } - }, - "node_modules/samlp/node_modules/xmldom": { - "version": "0.1.19", - "resolved": "git+ssh://git@github.com/auth0/xmldom.git#3376bc7beb5551bf68e12b0cc6b0e3669f77d392", - "dev": true, - "engines": { - "node": ">=0.1" + "node": ">=12" } }, "node_modules/samlp/node_modules/xtend": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/xtend/-/xtend-1.0.3.tgz", "integrity": "sha1-P12Tc1PM7Y4IU5mlY/2yJUHClgo=", - "dev": true, "engines": { "node": ">=0.4" } @@ -31534,15 +31506,6 @@ "node": ">=0.6.0" } }, - "node_modules/xpath.js": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/xpath.js/-/xpath.js-1.1.0.tgz", - "integrity": "sha512-jg+qkfS4K8E7965sqaUl8mRngXiKb3WZGfONgE18pr03FUQiuSV6G+Ej4tS55B+rIQSFEIw3phdVAQ4pPqNWfQ==", - "dev": true, - "engines": { - "node": ">=0.4.0" - } - }, "node_modules/xregexp": { "version": "4.4.1", "resolved": "https://registry.npmjs.org/xregexp/-/xregexp-4.4.1.tgz", @@ -33040,95 +33003,7 @@ "name": "@overleaf/idp", "dependencies": { "express": "^4.17.1", - "samlp": "^6.0.1" - } - }, - "services/idp/node_modules/async": { - "version": "0.2.10", - "resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz", - "integrity": "sha512-eAkdoKxU6/LkKDBzLpT+t6Ff5EtfSF4wx1WfJiPEEV7WNLnDaRXk0oVysiEPm262roaachGexwUv94WhSgN5TQ==" - }, - "services/idp/node_modules/moment": { - "version": "2.19.3", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.19.3.tgz", - "integrity": "sha1-vbmdJw1tf9p4zA+6zoVeJ/59pp8=", - "engines": { - "node": "*" - } - }, - "services/idp/node_modules/node-forge": { - "version": "0.10.0", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz", - "integrity": "sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==", - "engines": { - "node": ">= 6.0.0" - } - }, - "services/idp/node_modules/saml": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/saml/-/saml-1.0.1.tgz", - "integrity": "sha512-BzzlTdXNICrIGhJkq168n0WJpwXYr3xyMd7UHC7/s8F4M6zHSEItwEuKGmm6HjsttZk/hJcrw7fY0OZ9wE+v7Q==", - "dependencies": { - "@xmldom/xmldom": "^0.7.4", - "async": "~0.2.9", - "moment": "2.19.3", - "valid-url": "~1.0.9", - "xml-crypto": "^2.1.3", - "xml-encryption": "^1.2.1", - "xml-name-validator": "~2.0.1", - "xpath": "0.0.5" - } - }, - "services/idp/node_modules/samlp": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/samlp/-/samlp-6.0.2.tgz", - "integrity": "sha512-LeEgzxBRRasDk4EOiGZgIa4ytvHNnYDMI9Wp2tGh+v7fi3bjZYG1ufJK3YWGDTb5HFG8Y7ybpYzw/o2tThBgLQ==", - "dependencies": { - "@auth0/thumbprint": "0.0.6", - "@auth0/xmldom": "0.1.21", - "auth0-id-generator": "^0.2.0", - "ejs": "2.5.5", - "flowstate": "^0.4.0", - "querystring": "^0.2.0", - "saml": "^1.0.0", - "xml-crypto": "^2.0.0", - "xpath": "0.0.5", - "xtend": "^1.0.3" - } - }, - "services/idp/node_modules/xml-encryption": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-1.3.0.tgz", - "integrity": "sha512-3P8C4egMMxSR1BmsRM+fG16a3WzOuUEQKS2U4c3AZ5v7OseIfdUeVkD8dwxIhuLryFZSRWUL5OP6oqkgU7hguA==", - "dependencies": { - "@xmldom/xmldom": "^0.7.0", - "escape-html": "^1.0.3", - "node-forge": "^0.10.0", - "xpath": "0.0.32" - }, - "engines": { - "node": ">=8" - } - }, - "services/idp/node_modules/xml-encryption/node_modules/xpath": { - "version": "0.0.32", - "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", - "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==", - "engines": { - "node": ">=0.6.0" - } - }, - "services/idp/node_modules/xml-name-validator": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-2.0.1.tgz", - "integrity": "sha1-TYuPHszTQZqjYgYb7O9RXh5VljU=" - }, - "services/idp/node_modules/xtend": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/xtend/-/xtend-1.0.3.tgz", - "integrity": "sha1-P12Tc1PM7Y4IU5mlY/2yJUHClgo=", - "engines": { - "node": ">=0.4" + "samlp": "^7.0.2" } }, "services/k8s-debugger": { @@ -35107,7 +34982,7 @@ "pirates": "^4.0.1", "postcss-loader": "^6.2.1", "requirejs": "^2.3.6", - "samlp": "^3.4.1", + "samlp": "^7.0.2", "sandboxed-module": "https://github.com/overleaf/node-sandboxed-module/archive/cafa2d60f17ce75cc023e6f296eb8de79d92d35d.tar.gz", "sinon": "^7.5.0", "sinon-chai": "^3.7.0", @@ -40759,84 +40634,7 @@ "version": "file:services/idp", "requires": { "express": "^4.17.1", - "samlp": "^6.0.1" - }, - "dependencies": { - "async": { - "version": "0.2.10", - "resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz", - "integrity": "sha512-eAkdoKxU6/LkKDBzLpT+t6Ff5EtfSF4wx1WfJiPEEV7WNLnDaRXk0oVysiEPm262roaachGexwUv94WhSgN5TQ==" - }, - "moment": { - "version": "2.19.3", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.19.3.tgz", - "integrity": "sha1-vbmdJw1tf9p4zA+6zoVeJ/59pp8=" - }, - "node-forge": { - "version": "0.10.0", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz", - "integrity": "sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==" - }, - "saml": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/saml/-/saml-1.0.1.tgz", - "integrity": "sha512-BzzlTdXNICrIGhJkq168n0WJpwXYr3xyMd7UHC7/s8F4M6zHSEItwEuKGmm6HjsttZk/hJcrw7fY0OZ9wE+v7Q==", - "requires": { - "@xmldom/xmldom": "^0.7.4", - "async": "~0.2.9", - "moment": "2.19.3", - "valid-url": "~1.0.9", - "xml-crypto": "^2.1.3", - "xml-encryption": "^1.2.1", - "xml-name-validator": "~2.0.1", - "xpath": "0.0.5" - } - }, - "samlp": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/samlp/-/samlp-6.0.2.tgz", - "integrity": "sha512-LeEgzxBRRasDk4EOiGZgIa4ytvHNnYDMI9Wp2tGh+v7fi3bjZYG1ufJK3YWGDTb5HFG8Y7ybpYzw/o2tThBgLQ==", - "requires": { - "@auth0/thumbprint": "0.0.6", - "@auth0/xmldom": "0.1.21", - "auth0-id-generator": "^0.2.0", - "ejs": "2.5.5", - "flowstate": "^0.4.0", - "querystring": "^0.2.0", - "saml": "^1.0.0", - "xml-crypto": "^2.0.0", - "xpath": "0.0.5", - "xtend": "^1.0.3" - } - }, - "xml-encryption": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-1.3.0.tgz", - "integrity": "sha512-3P8C4egMMxSR1BmsRM+fG16a3WzOuUEQKS2U4c3AZ5v7OseIfdUeVkD8dwxIhuLryFZSRWUL5OP6oqkgU7hguA==", - "requires": { - "@xmldom/xmldom": "^0.7.0", - "escape-html": "^1.0.3", - "node-forge": "^0.10.0", - "xpath": "0.0.32" - }, - "dependencies": { - "xpath": { - "version": "0.0.32", - "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", - "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==" - } - } - }, - "xml-name-validator": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-2.0.1.tgz", - "integrity": "sha1-TYuPHszTQZqjYgYb7O9RXh5VljU=" - }, - "xtend": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/xtend/-/xtend-1.0.3.tgz", - "integrity": "sha1-P12Tc1PM7Y4IU5mlY/2yJUHClgo=" - } + "samlp": "7.0.2" } }, "@overleaf/k8s-debugger": { @@ -42804,7 +42602,7 @@ "requirejs": "^2.3.6", "rimraf": "2.2.6", "rolling-rate-limiter": "^0.2.10", - "samlp": "^3.4.1", + "samlp": "7.0.2", "sandboxed-module": "https://github.com/overleaf/node-sandboxed-module/archive/cafa2d60f17ce75cc023e6f296eb8de79d92d35d.tar.gz", "sanitize-html": "^1.27.1", "scroll-into-view-if-needed": "^2.2.25", @@ -50173,9 +49971,12 @@ "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" }, "ejs": { - "version": "2.5.5", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.5.5.tgz", - "integrity": "sha1-bvTpVOp9z1T2aq0v56pCGTLZ7Xc=" + "version": "3.1.8", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.8.tgz", + "integrity": "sha512-/sXZeMlhS0ArkfX2Aw780gJzXSMPnKjtspYZv+f3NiKLlubezAHDU5+9xz6gd3/NhG3txQCo6xlglmTS+oTGEQ==", + "requires": { + "jake": "^10.8.5" + } }, "electron-to-chromium": { "version": "1.4.57", @@ -51800,6 +51601,32 @@ "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz", "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==" }, + "filelist": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==", + "requires": { + "minimatch": "^5.0.1" + }, + "dependencies": { + "brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "requires": { + "balanced-match": "^1.0.0" + } + }, + "minimatch": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.0.tgz", + "integrity": "sha512-9TPBGGak4nHfGZsPBohm9AWg6NoT7QTCehS3BIJABslyZbzxfV78QM2Y6+i741OPZIafFAaiiEMh5OyIrJPgtg==", + "requires": { + "brace-expansion": "^2.0.1" + } + } + } + }, "fill-range": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", @@ -54952,6 +54779,49 @@ "istanbul-lib-report": "^3.0.0" } }, + "jake": { + "version": "10.8.5", + "resolved": "https://registry.npmjs.org/jake/-/jake-10.8.5.tgz", + "integrity": "sha512-sVpxYeuAhWt0OTWITwT98oyV0GsXyMlXCF+3L1SuafBVUIr/uILGRB+NqwkzhgXKvoJpDIpQvqkUALgdmQsQxw==", + "requires": { + "async": "^3.2.3", + "chalk": "^4.0.2", + "filelist": "^1.0.1", + "minimatch": "^3.0.4" + }, + "dependencies": { + "ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "requires": { + "color-convert": "^2.0.1" + } + }, + "async": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz", + "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==" + }, + "chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "requires": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + } + }, + "supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "requires": { + "has-flag": "^4.0.0" + } + } + } + }, "jest-worker": { "version": "27.5.1", "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-27.5.1.tgz", @@ -61989,152 +61859,53 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" }, "saml": { - "version": "0.14.0", - "resolved": "https://registry.npmjs.org/saml/-/saml-0.14.0.tgz", - "integrity": "sha512-3071zwAK6PI3czQEd0lGt5P7SqI+tU1GeKuJqARRoib+8AsbGoO1Nq9f0WuMx3e59K+GtFYFhGp4i4zvqjwKDQ==", - "dev": true, + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/saml/-/saml-3.0.1.tgz", + "integrity": "sha512-bOjVqZcHY8PkdTBD7Y27KHykC7403BEM46SeCq5r0QPNEPE7M7RmWKy7hPjYsID9VNkCNSHYSVrrRS8Y9hNVWA==", "requires": { - "async": "~0.2.9", - "moment": "2.19.3", + "@xmldom/xmldom": "^0.7.4", + "async": "^3.2.4", + "moment": "^2.29.4", "valid-url": "~1.0.9", - "xml-crypto": "~1.0.1", - "xml-encryption": "0.11.2", + "xml-crypto": "^2.1.3", + "xml-encryption": "^2.0.0", "xml-name-validator": "~2.0.1", - "xmldom": "=0.1.15", "xpath": "0.0.5" }, "dependencies": { "async": { - "version": "0.2.10", - "resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz", - "integrity": "sha1-trvgsGdLnXGXCMo43owjfLUmw9E=", - "dev": true - }, - "ejs": { - "version": "2.7.4", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz", - "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA==", - "dev": true - }, - "moment": { - "version": "2.19.3", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.19.3.tgz", - "integrity": "sha1-vbmdJw1tf9p4zA+6zoVeJ/59pp8=", - "dev": true - }, - "node-forge": { - "version": "0.7.6", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.7.6.tgz", - "integrity": "sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==", - "dev": true - }, - "xml-crypto": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-1.0.2.tgz", - "integrity": "sha512-bDQkgu1yuwl+QoJbi4GBP9MWxpmYkXc8a9iSHbZ7lKqcxzGlDqMRugcl7qK7TsMI0ydU66GG8/eLNvRUk5T2fw==", - "dev": true, - "requires": { - "xmldom": "0.1.27", - "xpath.js": ">=0.0.3" - }, - "dependencies": { - "xmldom": { - "version": "0.1.27", - "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.27.tgz", - "integrity": "sha1-1QH5ezvbQDr4757MIFcxh6rawOk=", - "dev": true - } - } - }, - "xml-encryption": { - "version": "0.11.2", - "resolved": "https://registry.npmjs.org/xml-encryption/-/xml-encryption-0.11.2.tgz", - "integrity": "sha512-jVvES7i5ovdO7N+NjgncA326xYKjhqeAnnvIgRnY7ROLCfFqEDLwP0Sxp/30SHG0AXQV1048T5yinOFyvwGFzg==", - "dev": true, - "requires": { - "async": "^2.1.5", - "ejs": "^2.5.6", - "node-forge": "^0.7.0", - "xmldom": "~0.1.15", - "xpath": "0.0.27" - }, - "dependencies": { - "async": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/async/-/async-2.6.3.tgz", - "integrity": "sha512-zflvls11DCy+dQWzTW2dzuilv8Z5X/pjfmZOWba6TNIVDm+2UDaJmXSOXlasHKfNBs8oo3M0aT50fDEWfKZjXg==", - "dev": true, - "requires": { - "lodash": "^4.17.14" - } - }, - "xpath": { - "version": "0.0.27", - "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.27.tgz", - "integrity": "sha512-fg03WRxtkCV6ohClePNAECYsmpKKTv5L8y/X3Dn1hQrec3POx2jHZ/0P2qQ6HvsrU1BmeqXcof3NGGueG6LxwQ==", - "dev": true - } - } + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.4.tgz", + "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==" }, "xml-name-validator": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-2.0.1.tgz", - "integrity": "sha1-TYuPHszTQZqjYgYb7O9RXh5VljU=", - "dev": true - }, - "xmldom": { - "version": "0.1.15", - "resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.1.15.tgz", - "integrity": "sha1-swSAYvG91S7cQhQkRZ8G3O6y+U0=", - "dev": true + "integrity": "sha512-jRKe/iQYMyVJpzPH+3HL97Lgu5HrCfii+qSo+TfjKHtOnvbnvdVfMYrn9Q34YV81M2e5sviJlI6Ko9y+nByzvA==" } } }, "samlp": { - "version": "3.5.0", - "resolved": "https://registry.npmjs.org/samlp/-/samlp-3.5.0.tgz", - "integrity": "sha512-Fh0XHY529NbWER1ByHNBt1nDPlKjYP9vrKvwJaRa1wAGbBJ4rpHjl5sY6sShHxccvZ7dp1SA0FldJiF/MaDZ5A==", - "dev": true, + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/samlp/-/samlp-7.0.2.tgz", + "integrity": "sha512-ajROyMKj4HKqXEbThx5ktsMWRsIGziAWWgh9ObnzobUJgCObSUPB13KM9G50huIQffMy3lXx87JDhzYXg5iJ5A==", "requires": { "@auth0/thumbprint": "0.0.6", - "ejs": "2.5.5", + "@auth0/xmldom": "0.1.21", + "auth0-id-generator": "^0.2.0", + "ejs": "^3.1.8", "flowstate": "^0.4.0", "querystring": "^0.2.0", - "saml": "^0.14", - "xml-crypto": "^1.5.3", - "xmldom": "github:auth0/xmldom#v0.1.19-auth0_1", + "saml": "^3.0.1", + "xml-crypto": "^2.0.0", "xpath": "0.0.5", "xtend": "^1.0.3" }, "dependencies": { - "xml-crypto": { - "version": "1.5.6", - "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-1.5.6.tgz", - "integrity": "sha512-LCLvc59uItSD3QZprq+XaJWXb0umi3g8Ks3pZis1qZ9OYzQuHb4U//u5+vHr4gjn2KFAAAzFlja6OnS2LG/gRw==", - "dev": true, - "requires": { - "@xmldom/xmldom": "^0.7.0", - "xpath": "0.0.32" - }, - "dependencies": { - "xpath": { - "version": "0.0.32", - "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.32.tgz", - "integrity": "sha512-rxMJhSIoiO8vXcWvSifKqhvV96GjiD5wYb8/QHdoRyQvraTpp4IEv944nhGausZZ3u7dhQXteZuZbaqfpB7uYw==", - "dev": true - } - } - }, - "xmldom": { - "version": "git+ssh://git@github.com/auth0/xmldom.git#3376bc7beb5551bf68e12b0cc6b0e3669f77d392", - "dev": true, - "from": "xmldom@github:auth0/xmldom#v0.1.19-auth0_1" - }, "xtend": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/xtend/-/xtend-1.0.3.tgz", - "integrity": "sha1-P12Tc1PM7Y4IU5mlY/2yJUHClgo=", - "dev": true + "integrity": "sha1-P12Tc1PM7Y4IU5mlY/2yJUHClgo=" } } }, @@ -66197,12 +65968,6 @@ "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.5.tgz", "integrity": "sha1-RUA29u8PPfWvXUukoRn7dWdLPmw=" }, - "xpath.js": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/xpath.js/-/xpath.js-1.1.0.tgz", - "integrity": "sha512-jg+qkfS4K8E7965sqaUl8mRngXiKb3WZGfONgE18pr03FUQiuSV6G+Ej4tS55B+rIQSFEIw3phdVAQ4pPqNWfQ==", - "dev": true - }, "xregexp": { "version": "4.4.1", "resolved": "https://registry.npmjs.org/xregexp/-/xregexp-4.4.1.tgz", diff --git a/services/web/package.json b/services/web/package.json index 694b0e9902..b5dc7fdc13 100644 --- a/services/web/package.json +++ b/services/web/package.json @@ -300,7 +300,7 @@ "pirates": "^4.0.1", "postcss-loader": "^6.2.1", "requirejs": "^2.3.6", - "samlp": "^3.4.1", + "samlp": "^7.0.2", "sandboxed-module": "https://github.com/overleaf/node-sandboxed-module/archive/cafa2d60f17ce75cc023e6f296eb8de79d92d35d.tar.gz", "sinon": "^7.5.0", "sinon-chai": "^3.7.0",