feat(security): upgrade dependencies for security CVE's (#1003)

melloware · web-flow · commit 8b508a3a3e30 · 2023-11-01T07:10:31.000-04:00
* feat(security): upgrade dependencies for security CVE's

* feat(security): upgrade dependencies for security CVE's

* feat(security): upgrade dependencies for security CVE's

* feat(security): upgrade dependencies for security CVE's
diff --git a/.gitignore b/.gitignore
@@ -36,6 +36,8 @@ logs
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
+.yarn
+.yarnrc.yml
 
 # Runtime data
 pids
diff --git a/package.json b/package.json
@@ -25,7 +25,7 @@
   "devDependencies": {
     "@commitlint/cli": "^17.0.3",
     "@commitlint/config-conventional": "^17.0.3",
-    "@faker-js/faker": "^8.0.2",
+    "@faker-js/faker": "^8.2.0",
     "@release-it-plugins/workspaces": "^3.2.0",
     "@release-it/conventional-changelog": "^5.0.0",
     "@types/node": "^18.14.6",
@@ -34,7 +34,7 @@
     "@typescript-eslint/parser": "^5.33.0",
     "dotenv-cli": "^6.0.0",
     "esbuild-plugin-alias": "^0.2.1",
-    "eslint": "^8.22.0",
+    "eslint": "^8.52.0",
     "eslint-config-prettier": "^8.5.0",
     "eslint-config-turbo": "^0.0.4",
     "eslint-plugin-prettier": "^4.2.1",
@@ -49,6 +49,6 @@
     "turbo": "^1.10.16",
     "typescript": "^4.7.4",
     "vitest": "^0.6.3",
-    "zx": "^7.0.8"
+    "zx": "^7.2.3"
   }
 }
diff --git a/packages/core/package.json b/packages/core/package.json
@@ -15,39 +15,39 @@
   },
   "devDependencies": {
     "@types/chalk": "^2.2.0",
-    "@types/debug": "^4.1.7",
-    "@types/fs-extra": "^9.0.13",
+    "@types/debug": "^4.1.10",
+    "@types/fs-extra": "^11.0.3",
     "@types/inquirer": "^9.0.6",
-    "@types/lodash.get": "^4.4.7",
-    "@types/lodash.isempty": "^4.4.7",
-    "@types/lodash.omit": "^4.5.7",
-    "@types/lodash.uniq": "^4.5.7",
-    "@types/lodash.uniqby": "^4.7.7",
+    "@types/lodash.get": "^4.4.8",
+    "@types/lodash.isempty": "^4.4.8",
+    "@types/lodash.omit": "^4.5.8",
+    "@types/lodash.uniq": "^4.5.8",
+    "@types/lodash.uniqby": "^4.7.8",
     "@types/lodash.uniqwith": "^4.5.8",
-    "@types/micromatch": "^4.0.2",
-    "@types/validator": "^13.7.5"
+    "@types/micromatch": "^4.0.4",
+    "@types/validator": "^13.11.5"
   },
   "dependencies": {
     "@apidevtools/swagger-parser": "^10.1.0",
-    "acorn": "^8.8.0",
-    "ajv": "^8.11.0",
+    "@ibm-cloud/openapi-ruleset": "^1.14.2",
+    "acorn": "^8.11.2",
+    "ajv": "^8.12.0",
     "chalk": "^4.1.2",
     "compare-versions": "^6.1.0",
     "debug": "^4.3.4",
     "esbuild": "^0.19.5",
     "esutils": "2.0.3",
-    "fs-extra": "^10.1.0",
+    "fs-extra": "^11.1.1",
     "globby": "11.1.0",
-    "ibm-openapi-validator": "^0.97.3",
     "lodash.get": "^4.4.2",
     "lodash.isempty": "^4.4.0",
     "lodash.omit": "^4.5.0",
     "lodash.uniq": "^4.5.0",
     "lodash.uniqby": "^4.7.0",
     "lodash.uniqwith": "^4.5.0",
     "micromatch": "^4.0.5",
-    "openapi3-ts": "^3.0.0",
+    "openapi3-ts": "^3.2.0",
     "swagger2openapi": "^7.0.8",
-    "validator": "^13.7.0"
+    "validator": "^13.11.0"
   }
 }
diff --git a/packages/core/src/utils/validator.ts b/packages/core/src/utils/validator.ts
@@ -1,17 +1,21 @@
-import openApiValidator from 'ibm-openapi-validator';
 import { OpenAPIObject } from 'openapi3-ts';
 import {
   ibmOpenapiValidatorErrors,
   ibmOpenapiValidatorWarnings,
 } from './logger';
 
+const ibmOpenapiRuleset = require('@ibm-cloud/openapi-ruleset');
+const { Spectral } = require('@stoplight/spectral-core');
+
 /**
  * Validate the spec with ibm-openapi-validator (with a custom pretty logger).
  * More information: https://github.com/IBM/openapi-validator/#configuration
  * @param specs openAPI spec
  */
 export const ibmOpenapiValidator = async (specs: OpenAPIObject) => {
-  const { errors, warnings } = await openApiValidator(specs);
+  const spectral = new Spectral();
+  spectral.setRuleset(ibmOpenapiRuleset);
+  const { errors, warnings } = await spectral.run(specs);
 
   if (warnings.length) {
     ibmOpenapiValidatorWarnings(warnings);
diff --git a/packages/msw/package.json b/packages/msw/package.json
@@ -15,8 +15,8 @@
   "dependencies": {
     "@orval/core": "6.19.1",
     "cuid": "^2.1.8",
-    "openapi3-ts": "^3.0.0",
     "lodash.get": "^4.4.2",
-    "lodash.omit": "^4.5.0"
+    "lodash.omit": "^4.5.0",
+    "openapi3-ts": "^3.0.0"
   }
 }
diff --git a/packages/orval/package.json b/packages/orval/package.json
@@ -6,9 +6,7 @@
   "files": [
     "dist"
   ],
-  "bin": {
-    "orval": "dist/bin/orval.js"
-  },
+  "bin": "dist/bin/orval.js",
   "type": "commonjs",
   "main": "dist/index.js",
   "keywords": [
@@ -51,8 +49,8 @@
   "devDependencies": {
     "@types/chalk": "^2.2.0",
     "@types/inquirer": "^9.0.6",
-    "@types/js-yaml": "^4.0.5",
-    "@types/lodash.uniq": "^4.5.7"
+    "@types/js-yaml": "^4.0.8",
+    "@types/lodash.uniq": "^4.5.8"
   },
   "dependencies": {
     "@apidevtools/swagger-parser": "^10.1.0",
@@ -63,17 +61,17 @@
     "@orval/query": "6.19.1",
     "@orval/swr": "6.19.1",
     "@orval/zod": "6.19.1",
-    "ajv": "^8.11.0",
-    "cac": "^6.7.12",
+    "ajv": "^8.12.0",
+    "cac": "^6.7.14",
     "chalk": "^4.1.2",
     "chokidar": "^3.5.3",
-    "enquirer": "^2.3.6",
+    "enquirer": "^2.4.1",
     "execa": "^5.1.1",
     "find-up": "5.0.0",
     "fs-extra": "^10.1.0",
     "lodash.uniq": "^4.5.0",
-    "openapi3-ts": "^3.0.0",
-    "string-argv": "^0.3.1",
+    "openapi3-ts": "^3.2.0",
+    "string-argv": "^0.3.2",
     "tsconfck": "^2.0.1"
   }
 }
diff --git a/yarn.lock b/yarn.lock

Original file line number	Diff line number	Diff line change
`@@ -15,8 +15,8 @@`
`15`	`15`	`"dependencies": {`
`16`	`16`	`"@orval/core": "6.19.1",`
`17`	`17`	`"cuid": "^2.1.8",`
`18`		`- "openapi3-ts": "^3.0.0",`
`19`	`18`	`"lodash.get": "^4.4.2",`
`20`		`- "lodash.omit": "^4.5.0"`
	`19`	`+ "lodash.omit": "^4.5.0",`
	`20`	`+ "openapi3-ts": "^3.0.0"`
`21`	`21`	`}`
`22`	`22`	`}`