DEV2-4083: Fix security issues (#1355)

* Fix security issues

* Upgrade vsce

* Try split windows to separate task

* Try update vscode test

* Move back to tests

* Remove audit

* Try find issue with CI

* Make check more strict

* Fix release CI

* Delete extra space

.github/workflows/alpha_release.yml

@@ -73,7 +73,7 @@ jobs:
           display-name: Tabnine AI
 
       - name: Package Contains Extension
-        run: test "$(unzip -l tabnine-vscode-${{ steps.create_tag.outputs.tag_name }}.vsix | grep out/extension.js | wc -l)" = "1"
+        run: test "$(unzip -l tabnine-vscode-${{ steps.create_tag.outputs.tag_name }}.vsix | grep -E "out/extension.js$" | wc -l)" = "1"
       - name: Create Release
         id: create_release
         uses: actions/create-release@v1

.github/workflows/package-enterprise.yml

@@ -56,10 +56,12 @@ jobs:
         run: yarn run vsce:package:enterprise --out ./tabnine-vscode-enterprise-${{ steps.package-version.outputs.current-version }}.vsix
 
       - name: Package Contains Extension
-        run:  test "$(unzip -l tabnine-vscode-enterprise-${{ steps.package-version.outputs.current-version }}.vsix | grep out/extension.js | wc -l)" = "1"
+        run:  test "$(unzip -l tabnine-vscode-enterprise-${{ steps.package-version.outputs.current-version }}.vsix | grep -E "out/extension.js$" | wc -l)" = "1"
 
       - name: Package is Enterprise Extension
-        run:  test "$(unzip -l tabnine-vscode-enterprise-${{ steps.package-version.outputs.current-version }}.vsix | cat out/extension.js |  grep tabnine.enterprise)"
+        run: |
+          unzip -d temp tabnine-vscode-enterprise-${{ steps.package-version.outputs.current-version }}.vsix
+          test "$(cat temp/extension/out/extension.js | grep tabnine.enterprise)"
 
       - name: Set stable version file
         run: |

.github/workflows/tag.yml

@@ -6,7 +6,7 @@ on:
     tags:
     - 'v*.*.*' # Push events to matching v*, i.e. v1.0.0, v20.15.10
     - '!v*.*.*-alpha.*'
-  
+
 jobs:
   build:
     name: Create Release
@@ -35,7 +35,7 @@ jobs:
         replacements: '<INSTRUMENTATION_KEY>=${{ secrets.INSTRUMENTATION_KEY }}'
     - name: Get Chat Version
       id: get_chat_version
-      run: echo "version=$(cat ./.chatversion)" >> $GITHUB_ENV            
+      run: echo "version=$(cat ./.chatversion)" >> $GITHUB_ENV
     - name: Checkout Chat Application Repository
       uses: dsaltares/fetch-gh-release-asset@master
       with:
@@ -58,13 +58,15 @@ jobs:
         path: ./.github/actions/vsix-name-modifier
     - name: Replace displayName
       uses: ./.github/actions/vsix-name-modifier
-      with: 
+      with:
         vsix-file-location: ./tabnine-vscode-${{ steps.package-version.outputs.current-version }}.vsix
         display-name: Tabnine AI
     - name: Package Contains Extension
-      run:  test "$(unzip -l tabnine-vscode-${{ steps.package-version.outputs.current-version }}.vsix | grep out/extension.js | wc -l)" = "1" 
+      run:  test "$(unzip -l tabnine-vscode-${{ steps.package-version.outputs.current-version }}.vsix | grep -E "out/extension.js$" | wc -l)" = "1"
     - name: Package is Public (non enterprise) Extension
-      run:  test "$(unzip -l tabnine-vscode-${{ steps.package-version.outputs.current-version }}.vsix | cat out/extension.js |  grep tabnine.enterprise | wc -l)" = "0" 
+      run:  |
+        unzip -d temp tabnine-vscode-${{ steps.package-version.outputs.current-version }}.vsix
+        test "$(cat temp/extension/out/extension.js | grep tabnine.enterprise | wc -l)" = "0"
     - name: Create Release
       id: create_release
       uses: actions/create-release@v1
@@ -76,12 +78,12 @@ jobs:
         draft: false
         prerelease: false
     - name: Upload Release Asset
-      id: upload-release-asset 
+      id: upload-release-asset
       uses: actions/upload-release-asset@v1
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps 
+        upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
         asset_name: tabnine-vscode.vsix
         asset_path: ./tabnine-vscode-${{ steps.package-version.outputs.current-version }}.vsix
         asset_content_type: application/octet-stream
@@ -99,6 +101,6 @@ jobs:
         SLACK_USERNAME: "vscode update"
         SLACK_ICON_EMOJI: ":vscode:"
         SLACK_MESSAGE: ${{ github.event.head_commit.message }}
-        SLACK_FOOTER: " "      
-      
-      
+        SLACK_FOOTER: " "
+
+

package.json

@@ -156,16 +156,16 @@
     "mocha-teamcity-reporter": "^3.0.0",
     "mock-fs": "^4.13.0",
     "ncp": "^2.0.0",
-    "ovsx": "^0.5.2",
+    "ovsx": "^0.8.3",
     "prettier": "2.2.1",
     "rimraf": "^3.0.2",
     "sinon": "^10.0.0",
     "terser-webpack-plugin": "^5.3.6",
     "ts-loader": "^9.4.1",
     "ts-mockito": "^2.6.1",
     "typescript": "^4.2.2",
-    "vsce": "^1.93.0",
-    "vscode-test": "^1.6.1",
+    "@vscode/vsce": "^2.22.0",
+    "@vscode/test-electron": "^2.3.6",
     "webpack": "^5.75.0",
     "webpack-bundle-analyzer": "^4.7.0",
     "webpack-cli": "^5.0.0"

src/test/runTest.ts

@@ -9,7 +9,7 @@ const promisifyRimraf = promisify(rimraf);
 process.env.BINARY_NOTIFICATION_POLLING_INTERVAL = "100";
 
 // eslint-disable-next-line import/first
-import { runTests } from "vscode-test";
+import { runTests } from "@vscode/test-electron";
 
 async function main() {
   try {