Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency Upgrade bump Express from 4.20.0 to 4.21.2 #1389

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Dependency Upgrade bump Express from 4.20.0 to 4.21.2 #1389

wants to merge 3 commits into from
+32 −72

Conversation

hexaltation
Copy link
Collaborator

@hexaltation hexaltation commented Jan 20, 2025
edited
Loading

Context

Follow-up of #1368

Express 4.2.0 have some known dependency vulnerabilities.
This PR addresses it.

Proposed solution

Bump express from 4.20.0 to 4.21.2

Fix /boot/key route

A routing fix for /boot was necessary to workaround new version of path-to-regex

Previous route handling for /boot/KEY was crashing after express update

SyntaxError: Invalid regular expression: /^/boot(/(?:(?:((?:(?!/|/boot(/).)+?))/?)?)?$/?$/i: Unterminated group
    at new RegExp (<anonymous>)
    at pathToRegexp (/home/hexa/Programmation/DINUM/grist-core/node_modules/path-to-regexp/index.js:155:10)
    at new Layer (/home/hexa/Programmation/DINUM/grist-core/node_modules/express/lib/router/layer.js:45:17)
    at Function.route (/home/hexa/Programmation/DINUM/grist-core/node_modules/express/lib/router/index.js:505:15)
    at app.<computed> [as get] (/home/hexa/Programmation/DINUM/grist-core/node_modules/express/lib/application.js:498:30)
    at FlexServer.addBootPage (/home/hexa/Programmation/DINUM/grist-core/_build/app/server/lib/FlexServer.js:519:18)
    at MergedServer.create (/home/hexa/Programmation/DINUM/grist-core/_build/app/server/MergedServer.js:91:27)
    at async main (/home/hexa/Programmation/DINUM/grist-core/_build/stubs/app/server/server.js:137:26)

So it has been simplified to perform the same with less syntactic complexity.

- '/boot(/(:bootKey/?)?)?$'
+ '/boot(/*)?'

Has this been tested?

  • 👍 yes, with this PR CI

@hexaltation hexaltation added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code gouv.fr labels Jan 20, 2025
@hexaltation hexaltation requested a review from fflorent January 20, 2025 14:40
@hexaltation hexaltation marked this pull request as ready for review January 20, 2025 14:40
fflorent
fflorent suggested changes Jan 21, 2025
View reviewed changes
app/server/lib/FlexServer.ts Outdated Show resolved Hide resolved
fflorent
fflorent approved these changes Jan 21, 2025
View reviewed changes
Copy link
Collaborator

@fflorent fflorent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@hexaltation
Bump express from 4.20.0 to 4.21.2
7d7d0e5 
A routing fix for /boot was necessary to workaround new version of path-to-regex
@hexaltation hexaltation force-pushed the upgrade-dependency-expressjs branch from 4895f34 to ab7620a Compare January 22, 2025 07:48
@hexaltation hexaltation force-pushed the upgrade-dependency-expressjs branch from ab7620a to 5c822f2 Compare January 22, 2025 08:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fflorent fflorent fflorent approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file gouv.fr javascript Pull requests that update Javascript code
Projects
French administration Board
Status: Needs feedback
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hexaltation @fflorent