From f15998d826606b9de3a414f4fb2159ccaaccf507 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 21 Jan 2025 13:42:36 +0100 Subject: [PATCH 1/5] should fail? --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b8789683080..11b17a37e95 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -14,5 +14,5 @@ jobs: - name: 'Dependency Review' uses: actions/dependency-review-action@v4 with: - allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0, Unlicense, CC0-1.0 + allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0, Unlicense, CC0-1.0, JSON AND LicenseRef-scancode-proprietary-license AND MIT allow-ghsas: 'GHSA-vxvm-qww3-2fh7' From 5a9098101ce922b472522d0e3f7fe85f4e2ab30a Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 21 Jan 2025 13:49:28 +0100 Subject: [PATCH 2/5] updated one depdendency --- package-lock.json | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2cfe57c1701..34f35fb7f12 100644 --- a/package-lock.json +++ b/package-lock.json @@ -73,7 +73,7 @@ "crypto-js": "^4.2.0", "disposable-email-domains": "^1.0.56", "es6-promisify": "^7.0.0", - "express": "^4.18.2", + "express": "^4.18.3", "express-openapi-validator": "^4.13.2", "express-session": "^1.17.3", "feathers-hooks-common": "^8.1.1", diff --git a/package.json b/package.json index df8c267b310..7ddf4736c94 100644 --- a/package.json +++ b/package.json @@ -190,7 +190,7 @@ "crypto-js": "^4.2.0", "disposable-email-domains": "^1.0.56", "es6-promisify": "^7.0.0", - "express": "^4.18.2", + "express": "^4.18.3", "express-openapi-validator": "^4.13.2", "express-session": "^1.17.3", "feathers-hooks-common": "^8.1.1", From b44234fafb587429c6188c178e24eca3163096a2 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 21 Jan 2025 13:54:29 +0100 Subject: [PATCH 3/5] disable scorecards --- .github/workflows/dependency-review.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 11b17a37e95..f37152e45fd 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -16,3 +16,4 @@ jobs: with: allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0, Unlicense, CC0-1.0, JSON AND LicenseRef-scancode-proprietary-license AND MIT allow-ghsas: 'GHSA-vxvm-qww3-2fh7' + show-openssf-scorecard: false From d09e582d7ef3a677dd26beaf49bd21c093c2c48e Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 21 Jan 2025 14:08:37 +0100 Subject: [PATCH 4/5] update with weird license --- .github/workflows/dependency-review.yml | 2 +- package-lock.json | 93 ++++++++++++------------- package.json | 2 +- 3 files changed, 48 insertions(+), 49 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index f37152e45fd..4d5e7bec03c 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -14,6 +14,6 @@ jobs: - name: 'Dependency Review' uses: actions/dependency-review-action@v4 with: - allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0, Unlicense, CC0-1.0, JSON AND LicenseRef-scancode-proprietary-license AND MIT + allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0, Unlicense, CC0-1.0 allow-ghsas: 'GHSA-vxvm-qww3-2fh7' show-openssf-scorecard: false diff --git a/package-lock.json b/package-lock.json index 34f35fb7f12..b83ae29ca3a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -74,7 +74,7 @@ "disposable-email-domains": "^1.0.56", "es6-promisify": "^7.0.0", "express": "^4.18.3", - "express-openapi-validator": "^4.13.2", + "express-openapi-validator": "^5.4.2", "express-session": "^1.17.3", "feathers-hooks-common": "^8.1.1", "feathers-swagger": "^3.0.0", @@ -464,21 +464,32 @@ "license": "MIT" }, "node_modules/@apidevtools/json-schema-ref-parser": { - "version": "9.0.9", + "version": "11.7.3", + "resolved": "https://registry.npmjs.org/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-11.7.3.tgz", + "integrity": "sha512-WApSdLdXEBb/1FUPca2lteASewEfpjEYJ8oXZP+0gExK5qSfsEKBKcA+WjY6Q4wvXwyv0+W6Kvc372pSceib9w==", "license": "MIT", "dependencies": { "@jsdevtools/ono": "^7.1.3", - "@types/json-schema": "^7.0.6", - "call-me-maybe": "^1.0.1", + "@types/json-schema": "^7.0.15", "js-yaml": "^4.1.0" + }, + "engines": { + "node": ">= 16" + }, + "funding": { + "url": "https://github.com/sponsors/philsturgeon" } }, "node_modules/@apidevtools/json-schema-ref-parser/node_modules/argparse": { "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", "license": "Python-2.0" }, "node_modules/@apidevtools/json-schema-ref-parser/node_modules/js-yaml": { "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", "license": "MIT", "dependencies": { "argparse": "^2.0.1" @@ -8924,7 +8935,9 @@ "license": "MIT" }, "node_modules/@types/multer": { - "version": "1.4.7", + "version": "1.4.12", + "resolved": "https://registry.npmjs.org/@types/multer/-/multer-1.4.12.tgz", + "integrity": "sha512-pQ2hoqvXiJt2FP9WQVLPRO+AmiIm/ZYkavPlIQnx282u4ZrVdztx0pkh3jjpQt0Kz+YI0YhSG264y08UJKoUQg==", "license": "MIT", "dependencies": { "@types/express": "*" @@ -9783,7 +9796,6 @@ }, "node_modules/ajv-formats": { "version": "2.1.1", - "dev": true, "license": "MIT", "dependencies": { "ajv": "^8.0.0" @@ -11011,10 +11023,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/call-me-maybe": { - "version": "1.0.1", - "license": "MIT" - }, "node_modules/callsites": { "version": "3.1.0", "dev": true, @@ -13981,31 +13989,39 @@ } }, "node_modules/express-openapi-validator": { - "version": "4.13.8", + "version": "5.4.2", + "resolved": "https://registry.npmjs.org/express-openapi-validator/-/express-openapi-validator-5.4.2.tgz", + "integrity": "sha512-X+kf6z6V0Pj6tl2t6HurGEFexHwkaAGxGhRqe07PwdvfA4/5hFTZRFzUDJhl0xh9f1wpnBd9eVrbDVJKjgRwDw==", "license": "MIT", "dependencies": { - "@types/multer": "^1.4.7", - "ajv": "^6.12.6", - "content-type": "^1.0.4", - "json-schema-ref-parser": "^9.0.9", + "@apidevtools/json-schema-ref-parser": "^11.7.2", + "@types/multer": "^1.4.12", + "ajv": "^8.17.1", + "ajv-draft-04": "^1.0.0", + "ajv-formats": "^2.1.1", + "content-type": "^1.0.5", + "json-schema-traverse": "^1.0.0", "lodash.clonedeep": "^4.5.0", "lodash.get": "^4.4.2", - "lodash.uniq": "^4.5.0", - "lodash.zipobject": "^4.1.3", "media-typer": "^1.1.0", "multer": "^1.4.5-lts.1", "ono": "^7.1.3", - "path-to-regexp": "^6.2.0" + "path-to-regexp": "^8.2.0" + }, + "peerDependencies": { + "express": "*" } }, "node_modules/express-openapi-validator/node_modules/ajv": { - "version": "6.12.6", + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", "license": "MIT", "dependencies": { - "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", - "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" }, "funding": { "type": "github", @@ -14025,10 +14041,6 @@ "typedarray": "^0.0.6" } }, - "node_modules/express-openapi-validator/node_modules/json-schema-traverse": { - "version": "0.4.1", - "license": "MIT" - }, "node_modules/express-openapi-validator/node_modules/mkdirp": { "version": "0.5.6", "license": "MIT", @@ -14056,8 +14068,13 @@ } }, "node_modules/express-openapi-validator/node_modules/path-to-regexp": { - "version": "6.2.0", - "license": "MIT" + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.2.0.tgz", + "integrity": "sha512-TdrF7fW9Rphjq4RjrW0Kp2AW0Ahwu9sRGTkS6bvDi0SCwZlEZYmcfDbEsTz8RVk0EHIS/Vd1bv3JhG+1xZuAyQ==", + "license": "MIT", + "engines": { + "node": ">=16" + } }, "node_modules/express-openapi-validator/node_modules/readable-stream": { "version": "2.3.7", @@ -18493,16 +18510,6 @@ "license": "(AFL-2.1 OR BSD-3-Clause)", "peer": true }, - "node_modules/json-schema-ref-parser": { - "version": "9.0.9", - "license": "MIT", - "dependencies": { - "@apidevtools/json-schema-ref-parser": "9.0.9" - }, - "engines": { - "node": ">=10" - } - }, "node_modules/json-schema-to-ts": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/json-schema-to-ts/-/json-schema-to-ts-3.1.0.tgz", @@ -19005,14 +19012,6 @@ "dev": true, "license": "MIT" }, - "node_modules/lodash.uniq": { - "version": "4.5.0", - "license": "MIT" - }, - "node_modules/lodash.zipobject": { - "version": "4.1.3", - "license": "MIT" - }, "node_modules/log-symbols": { "version": "4.1.0", "dev": true, diff --git a/package.json b/package.json index 7ddf4736c94..4821767b5fe 100644 --- a/package.json +++ b/package.json @@ -191,7 +191,7 @@ "disposable-email-domains": "^1.0.56", "es6-promisify": "^7.0.0", "express": "^4.18.3", - "express-openapi-validator": "^4.13.2", + "express-openapi-validator": "^5.4.2", "express-session": "^1.17.3", "feathers-hooks-common": "^8.1.1", "feathers-swagger": "^3.0.0", From 2968524b69a3be58d31afb5b03be13bf0ec624d1 Mon Sep 17 00:00:00 2001 From: Phillip Wirth Date: Tue, 21 Jan 2025 14:09:57 +0100 Subject: [PATCH 5/5] add --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 4d5e7bec03c..f37152e45fd 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -14,6 +14,6 @@ jobs: - name: 'Dependency Review' uses: actions/dependency-review-action@v4 with: - allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0, Unlicense, CC0-1.0 + allow-licenses: AGPL-3.0-only, LGPL-3.0, MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, X11, 0BSD, GPL-3.0, Unlicense, CC0-1.0, JSON AND LicenseRef-scancode-proprietary-license AND MIT allow-ghsas: 'GHSA-vxvm-qww3-2fh7' show-openssf-scorecard: false