Skip to content
This repository has been archived by the owner on Jun 6, 2024. It is now read-only.

Commit

Permalink
Fix security issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@Binyang2014
Binyang2014 committed Jun 6, 2024
1 parent 7e706b5 commit b540bd7
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 20 deletions.
1 change: 0 additions & 1 deletion src/rest-server/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@
"sequelize": "^5.21.3",
"ssh-keygen": "~0.4.2",
"statuses": "~1.5.0",
"swagger-ui-express": "^4.1.2",
"unirest": "^0.6.0",
"url-join": "^4.0.1",
"winston": "~2.4.0",
Expand Down
6 changes: 0 additions & 6 deletions src/rest-server/src/config/express.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,11 @@
// module dependencies
const fs = require('fs');

Check failure on line 19 in src/rest-server/src/config/express.js

View workflow job for this annotation

GitHub Actions / Run code coverage of rest-server on node-10-ubuntu-latest 

'fs' is assigned a value but never used

Check failure on line 19 in src/rest-server/src/config/express.js

View workflow job for this annotation

GitHub Actions / Test rest server on node-10-ubuntu-latest 

'fs' is assigned a value but never used
const cors = require('cors');
const yaml = require('js-yaml');
const morgan = require('morgan');
const express = require('express');
const compress = require('compression');
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const swaggerUi = require('swagger-ui-express');
const config = require('@pai/config');
const logger = require('@pai/config/logger');
const authnConfig = require('@pai/config/authn');
Expand Down Expand Up @@ -63,10 +61,6 @@ app.use('/api/v2', routers.v2);
// mount all internal APIs to /api/internal
app.use('/api/internal', routers.internal);

// create OpenAPI docs
const swaggerSpec = yaml.safeLoad(fs.readFileSync('./docs/swagger.yaml'));
app.use('/api/docs', swaggerUi.serve, swaggerUi.setup(swaggerSpec));

// catch 404 and forward to error handler
app.use((req, res, next) => {
next(createError('Not Found', 'NoApiError', `API ${req.url} is not found.`));
Expand Down
40 changes: 27 additions & 13 deletions src/rest-server/yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -455,6 +455,13 @@ array.prototype.flat@^1.2.3:
define-properties "^1.1.3"
es-abstract "^1.17.0-next.1"

asn1@^0.2.4:
version "0.2.6"
resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.6.tgz#0d3a7bb6e64e02a90c0303b31f292868ea09a08d"
integrity sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==
dependencies:
safer-buffer "~2.1.0"

asn1@~0.2.3:
version "0.2.4"
resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136"
Expand Down Expand Up @@ -2393,11 +2400,23 @@ minimatch@^3.0.4:
dependencies:
brace-expansion "^1.1.7"

[email protected]:
version "0.0.8"
resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d"
integrity sha512-miQKw5Hv4NS1Psg2517mV4e4dYNaO3++hjAvLOAzKqZ61rH8NS1SK+vbfBWZ5PY/Me/bEWhUwqMghEW5Fb9T7Q==

minimist@^1.2.0, minimist@^1.2.5, minimist@^1.2.6:
version "1.2.6"
resolved "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz"
integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==

[email protected]:
version "0.5.1"
resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
integrity sha512-SknJC52obPfGQPnjIkXbmA6+5H15E+fR+E4iR2oQ3zzCLbd7/ONua69R/Gw7AgkTLsRG+r5fzksYwWe1AgTyWA==
dependencies:
minimist "0.0.8"

mkdirp@^0.5.0, mkdirp@^0.5.1:
version "0.5.6"
resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.6.tgz#7def03d2432dcae4ba1d611445c48396062255f6"
Expand All @@ -2417,7 +2436,7 @@ mocha@~5.0.0:
glob "7.1.2"
growl "1.10.3"
he "1.1.1"
mkdirp "^0.5.1"
mkdirp "0.5.1"
supports-color "4.4.0"

module-alias@^2.2.0:
Expand Down Expand Up @@ -2526,6 +2545,13 @@ node-jose@^1.1.0:
node-forge "^0.8.1"
uuid "^3.3.2"

node-rsa@~1.1.1:
version "1.1.1"
resolved "https://registry.yarnpkg.com/node-rsa/-/node-rsa-1.1.1.tgz#efd9ad382097782f506153398496f79e4464434d"
integrity sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==
dependencies:
asn1 "^0.2.4"

normalize-package-data@^2.3.2:
version "2.4.0"
resolved "https://registry.yarnpkg.com/normalize-package-data/-/normalize-package-data-2.4.0.tgz#12f95a307d58352075a04907b84ac8be98ac012f"
Expand Down Expand Up @@ -3617,18 +3643,6 @@ supports-preserve-symlinks-flag@^1.0.0:
resolved "https://registry.yarnpkg.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz#6eda4bd344a3c94aea376d4cc31bc77311039e09"
integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==

swagger-ui-dist@^3.18.1:
version "3.24.3"
resolved "https://registry.yarnpkg.com/swagger-ui-dist/-/swagger-ui-dist-3.24.3.tgz#99754d11b0ddd314a1a50db850acb415e4b0a0c6"
integrity sha512-kB8qobP42Xazaym7sD9g5mZuRL4416VIIYZMqPEIskkzKqbPLQGEiHA3ga31bdzyzFLgr6Z797+6X1Am6zYpbg==

swagger-ui-express@^4.1.2:
version "4.1.2"
resolved "https://registry.yarnpkg.com/swagger-ui-express/-/swagger-ui-express-4.1.2.tgz#fa4ca5337bce207c760a0b9340348159ebf8ffa4"
integrity sha512-bVT16qj6WdNlEKFkSLOoTeGuqEm2lfOFRq6mVHAx+viA/ikORE+n4CS3WpVcYmQzM4HE6+DUFgAWcMRBJNpjcw==
dependencies:
swagger-ui-dist "^3.18.1"

table@^5.2.3:
version "5.4.6"
resolved "https://registry.yarnpkg.com/table/-/table-5.4.6.tgz#1292d19500ce3f86053b05f0e8e7e4a3bb21079e"
Expand Down

0 comments on commit b540bd7

Please sign in to comment.