agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-23 17:19:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove outdated overrides (sha.js, form-data) (#28258)

Browse Source 
* Update `isomorphic-git` and remove `sha.js` overrides

It was fixed in https://github.com/isomorphic-git/isomorphic-git/pull/2190

* `bin/npm update @cypress/request` and remove override

Bumps `form-data` to `~4.0.4` which is safe per https://github.com/overleaf/internal/security/dependabot/1533

Now it has the safe versions (2.5.5 and 4.0.4):
```
$ npm ls form-data

overleaf@ /Users/aclausse/Code/internal
├─┬ @overleaf/analytics@ -> ./services/analytics
│ └─┬ request@2.88.2 overridden
│   └── form-data@2.5.5 overridden
├─┬ @overleaf/fetch-utils@0.1.0 -> ./libraries/fetch-utils
│ └─┬ @types/node-fetch@2.6.11
│   └── form-data@4.0.4 overridden
├─┬ @overleaf/metrics@4.2.0 -> ./libraries/metrics
│ └─┬ @google-cloud/profiler@6.0.3
│   └─┬ @google-cloud/common@5.0.2
│     └─┬ retry-request@7.0.2 overridden
│       └─┬ @types/request@2.48.12 overridden
│         └── form-data@2.5.5 overridden
├─┬ @overleaf/saas-e2e@ -> ./tools/saas-e2e
│ └─┬ mailtrap@3.4.0
│   └─┬ axios@1.8.4
│     └── form-data@4.0.4 deduped
├─┬ @overleaf/tpdsworker@ -> ./services/tpdsworker
│ └─┬ chai-http@4.4.0
│   └─┬ superagent@8.1.2
│     └── form-data@4.0.4 deduped
├─┬ @overleaf/web@ -> ./services/web
│ └─┬ jsdom@19.0.0
│   └── form-data@4.0.4 deduped
├─┬ latexqc@0.0.1 -> ./services/latexqc
│ └─┬ vitest@3.1.2
│   └─┬ jsdom@20.0.3
│     └── form-data@4.0.4 deduped
└─┬ overleaf-editor@1.0.0 -> ./services/history-v1
  └─┬ swagger-tools@0.10.4 overridden
    ├─┬ json-refs@3.0.15
    │ └─┬ path-loader@1.0.12
    │   └─┬ superagent@7.1.6 overridden
    │     └── form-data@4.0.4 deduped
    └─┬ superagent@3.8.3 overridden
      └── form-data@2.5.5 overridden
```

* `bin/npm update @types/request` and remove override

Bumps `form-data` to `2.5.5` which is safe per https://github.com/overleaf/internal/security/dependabot/1537

* Remove `form-data` overrides that aren't necessary

```
$ npm ls form-data

overleaf@ /Users/aclausse/Code/internal
├─┬ @overleaf/analytics@ -> ./services/analytics
│ └─┬ request@2.88.2 overridden
│   └── form-data@2.5.5 invalid: "~2.3.2" from node_modules/request
├─┬ @overleaf/fetch-utils@0.1.0 -> ./libraries/fetch-utils
│ └─┬ @types/node-fetch@2.6.11
│   └── form-data@4.0.4
├─┬ @overleaf/metrics@4.2.0 -> ./libraries/metrics
│ └─┬ @google-cloud/profiler@6.0.3
│   └─┬ @google-cloud/common@5.0.2
│     └─┬ retry-request@7.0.2
│       └─┬ @types/request@2.48.13
│         └── form-data@2.5.5
├─┬ @overleaf/saas-e2e@ -> ./tools/saas-e2e
│ ├─┬ cypress@13.13.2
│ │ └─┬ @cypress/request@3.0.9
│ │   └── form-data@4.0.4 deduped
│ └─┬ mailtrap@3.4.0
│   └─┬ axios@1.8.4
│     └── form-data@4.0.4 deduped
├─┬ @overleaf/tpdsworker@ -> ./services/tpdsworker
│ └─┬ chai-http@4.4.0
│   └─┬ superagent@8.1.2
│     └── form-data@4.0.4 deduped
├─┬ @overleaf/web@ -> ./services/web
│ └─┬ jsdom@19.0.0
│   └── form-data@4.0.4 deduped
├─┬ latexqc@0.0.1 -> ./services/latexqc
│ └─┬ vitest@3.1.2
│   └─┬ jsdom@20.0.3
│     └── form-data@4.0.4 deduped
└─┬ overleaf-editor@1.0.0 -> ./services/history-v1
  └─┬ swagger-tools@0.10.4 overridden
    ├─┬ json-refs@3.0.15
    │ └─┬ path-loader@1.0.12
    │   └─┬ superagent@7.1.6
    │     └── form-data@4.0.4 deduped
    └─┬ superagent@3.8.3
      └── form-data@2.5.5
```

* Remove 2025-08-07-form-data-cypress.json

* Reapply the form-data override in request@2.88.2

GitOrigin-RevId: 89143de1a53226dc43fc474db443fc7d7698908a
This commit is contained in:
Antoine Clausse
2025-09-04 11:37:24 +02:00
committed by Copybot
parent 3d45cc601f
commit 9c3fcb42f7
4 changed files with 45 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
package-lock.json generated
View File

@@ -4228,9 +4228,9 @@
}
},
"node_modules/@cypress/request": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.1.tgz",
"integrity": "sha512-TWivJlJi8ZDx2wGOw1dbLuHJKUYX7bWySw377nlnGOW3hP9/MUKIsEdXT/YngWxVdgNCHRBmFlBipE+5/2ZZlQ==",
"version": "3.0.9",
"resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.9.tgz",
"integrity": "sha512-I3l7FdGRXluAS44/0NguwWlO83J18p0vlr2FYHrJkWdNYhgVoiYo61IXPqaOsL+vNxU1ZqMACzItGK3/KKDsdw==",
"dev": true,
"license": "Apache-2.0",
"dependencies": {
@@ -4240,16 +4240,16 @@
"combined-stream": "~1.0.6",
"extend": "~3.0.2",
"forever-agent": "~0.6.1",
"form-data": "~2.3.2",
"http-signature": "~1.3.6",
"form-data": "~4.0.4",
"http-signature": "~1.4.0",
"is-typedarray": "~1.0.0",
"isstream": "~0.1.2",
"json-stringify-safe": "~5.0.1",
"mime-types": "~2.1.19",
"performance-now": "^2.1.0",
"qs": "6.10.4",
"qs": "6.14.0",
"safe-buffer": "^5.1.2",
"tough-cookie": "^4.1.3",
"tough-cookie": "^5.0.0",
"tunnel-agent": "^0.6.0",
"uuid": "^8.3.2"
},
@@ -4267,34 +4267,16 @@
"node": ">=0.8"
}
},
"node_modules/@cypress/request/node_modules/form-data": {
"version": "2.5.5",
"resolved": "https://registry.npmjs.org/form-data/-/form-data-2.5.5.tgz",
"integrity": "sha512-jqdObeR2rxZZbPSGL+3VckHMYtu+f9//KXBsVny6JSX/pa38Fy+bGjuG8eW/H6USNQWhLi8Num++cU2yOCNz4A==",
"dev": true,
"license": "MIT",
"dependencies": {
"asynckit": "^0.4.0",
"combined-stream": "^1.0.8",
"es-set-tostringtag": "^2.1.0",
"hasown": "^2.0.2",
"mime-types": "^2.1.35",
"safe-buffer": "^5.2.1"
},
"engines": {
"node": ">= 0.12"
}
},
"node_modules/@cypress/request/node_modules/http-signature": {
"version": "1.3.6",
"resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.3.6.tgz",
"integrity": "sha512-3adrsD6zqo4GsTqtO7FyrejHNv+NgiIfAfv68+jVlFmSr9OGy7zrxONceFRLKvnnZA5jbxQBX1u9PpB6Wi32Gw==",
"version": "1.4.0",
"resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.4.0.tgz",
"integrity": "sha512-G5akfn7eKbpDN+8nPS/cb57YeA1jLTVxjpCj7tmm3QKPdyDy7T+qSC40e9ptydSWvkwjSXw1VbkpyEm39ukeAg==",
"dev": true,
"license": "MIT",
"dependencies": {
"assert-plus": "^1.0.0",
"jsprim": "^2.0.2",
"sshpk": "^1.14.1"
"sshpk": "^1.18.0"
},
"engines": {
"node": ">=0.10"
@@ -4317,13 +4299,13 @@
}
},
"node_modules/@cypress/request/node_modules/qs": {
"version": "6.10.4",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.10.4.tgz",
"integrity": "sha512-OQiU+C+Ds5qiH91qh/mg0w+8nwQuLjM4F4M/PbmhDOoYehPh+Fb0bDjtR1sOvy7YKxvj28Y/M0PhP5uVX0kB+g==",
"version": "6.14.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
"integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
"dev": true,
"license": "BSD-3-Clause",
"dependencies": {
"side-channel": "^1.0.4"
"side-channel": "^1.1.0"
},
"engines": {
"node": ">=0.6"
@@ -4332,26 +4314,18 @@
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/@cypress/request/node_modules/safe-buffer": {
"version": "5.2.1",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
"integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
"node_modules/@cypress/request/node_modules/tough-cookie": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-5.1.2.tgz",
"integrity": "sha512-FVDYdxtnj0G6Qm/DhNPSb8Ju59ULcup3tuJxkFb5K8Bv2pUXILbf0xZWU8PX8Ov19OXljbUyveOFwRMwkXzO+A==",
"dev": true,
"funding": [
{
"type": "github",
"url": "https://github.com/sponsors/feross"
},
{
"type": "patreon",
"url": "https://www.patreon.com/feross"
},
{
"type": "consulting",
"url": "https://feross.org/support"
}
],
"license": "MIT"
"license": "BSD-3-Clause",
"dependencies": {
"tldts": "^6.1.32"
},
"engines": {
"node": ">=16"
}
},
"node_modules/@cypress/request/node_modules/uuid": {
"version": "8.3.2",
@@ -12524,15 +12498,15 @@
"license": "MIT"
},
"node_modules/@types/request": {
"version": "2.48.12",
"resolved": "https://registry.npmjs.org/@types/request/-/request-2.48.12.tgz",
"integrity": "sha512-G3sY+NpsA9jnwm0ixhAFQSJ3Q9JkpLZpJbI3GMv0mIAT0y3mRabYeINzal5WOChIiaTEGQYlHOKgkaM9EisWHw==",
"version": "2.48.13",
"resolved": "https://registry.npmjs.org/@types/request/-/request-2.48.13.tgz",
"integrity": "sha512-FGJ6udDNUCjd19pp0Q3iTiDkwhYup7J8hpMW9c4k53NrccQFFWKRho6hvtPPEhnXWKvukfwAlB6DbDz4yhH5Gg==",
"license": "MIT",
"dependencies": {
"@types/caseless": "*",
"@types/node": "*",
"@types/tough-cookie": "*",
"form-data": "^2.5.0"
"form-data": "^2.5.5"
}
},
"node_modules/@types/request/node_modules/form-data": {
@@ -26568,9 +26542,9 @@
}
},
"node_modules/isomorphic-git": {
"version": "1.33.0",
"resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.33.0.tgz",
"integrity": "sha512-a90aVhiBFtkUUe8JaqmR0gL7Thk1Ol/30rLS9c7nM20CwSbVqDctnwxX9VFSDLz5iq1wyzV6p4uyU7GStQKkag==",
"version": "1.33.1",
"resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.33.1.tgz",
"integrity": "sha512-Fy5rPAncURJoqL9R+5nJXLl5rQH6YpcjJd7kdCoRJPhrBiLVkLm9b+esRqYQQlT1hKVtKtALbfNtpHjWWJgk6g==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -26584,7 +26558,7 @@
"path-browserify": "^1.0.1",
"pify": "^4.0.1",
"readable-stream": "^3.4.0",
"sha.js": "^2.4.9",
"sha.js": "^2.4.12",
"simple-get": "^4.0.1"
},
"bin": {
@@ -37446,9 +37420,10 @@
}
},
"node_modules/sshpk": {
"version": "1.17.0",
"resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.17.0.tgz",
"integrity": "sha512-/9HIEs1ZXGhSPE8X6Ccm7Nam1z8KcoCqPdI7ecm1N33EzAetWahvQWVqLZtaZQ+IDKX4IyA2o0gBzqIMkAagHQ==",
"version": "1.18.0",
"resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.18.0.tgz",
"integrity": "sha512-2p2KJZTSqQ/I3+HX42EpYOa2l3f8Erv8MWKsy2I9uf4wA7yFIkXRffYdsx86y6z4vHtV8u7g+pPlr8/4ouAxsQ==",
"license": "MIT",
"dependencies": {
"asn1": "~0.2.3",
"assert-plus": "^1.0.0",
@@ -46475,7 +46450,7 @@
"adm-zip": "^0.5.12",
"cypress": "13.13.2",
"cypress-multi-reporters": "^2.0.5",
"isomorphic-git": "^1.33.0",
"isomorphic-git": "^1.33.1",
"mailtrap": "^3.4.0",
"mocha-junit-reporter": "^2.2.1",
"pdf-parse": "^1.1.1",

18
package.json
View File

@@ -34,27 +34,9 @@
"body-parser": "1.20.3",
"multer": "2.0.2"
},
"isomorphic-git@^1.33.0": {
"sha.js": "2.4.12"
},
"request@2.88.2": {
"tough-cookie": "5.1.2",
"form-data": "2.5.5"
},
"superagent@7.1.6": {
"form-data": "4.0.4"
},
"superagent@3.8.3": {
"form-data": "2.5.5"
},
"retry-request@7.0.2": {
"form-data": "2.5.5"
},
"@types/request@2.48.12": {
"form-data": "2.5.5"
},
"@cypress/request@3.0.1": {
"form-data": "2.5.5"
}
},
"scripts": {

10
server-ce/test/package-lock.json generated
View File

@@ -16,7 +16,7 @@
"celebrate": "^15.0.3",
"cypress": "13.13.2",
"express": "^4.21.2",
"isomorphic-git": "^1.33.0",
"isomorphic-git": "^1.33.1",
"js-yaml": "^4.1.0",
"pdf-parse": "^1.1.1",
"typescript": "^5.0.4",
@@ -1855,9 +1855,9 @@
"license": "ISC"
},
"node_modules/isomorphic-git": {
"version": "1.33.0",
"resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.33.0.tgz",
"integrity": "sha512-a90aVhiBFtkUUe8JaqmR0gL7Thk1Ol/30rLS9c7nM20CwSbVqDctnwxX9VFSDLz5iq1wyzV6p4uyU7GStQKkag==",
"version": "1.33.1",
"resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.33.1.tgz",
"integrity": "sha512-Fy5rPAncURJoqL9R+5nJXLl5rQH6YpcjJd7kdCoRJPhrBiLVkLm9b+esRqYQQlT1hKVtKtALbfNtpHjWWJgk6g==",
"license": "MIT",
"dependencies": {
"async-lock": "^1.4.1",
@@ -1870,7 +1870,7 @@
"path-browserify": "^1.0.1",
"pify": "^4.0.1",
"readable-stream": "^3.4.0",
"sha.js": "^2.4.9",
"sha.js": "^2.4.12",
"simple-get": "^4.0.1"
},
"bin": {

7
server-ce/test/package.json
View File

@@ -19,15 +19,10 @@
"celebrate": "^15.0.3",
"cypress": "13.13.2",
"express": "^4.21.2",
"isomorphic-git": "^1.33.0",
"isomorphic-git": "^1.33.1",
"js-yaml": "^4.1.0",
"pdf-parse": "^1.1.1",
"typescript": "^5.0.4",
"uuid": "^9.0.1"
},
"overrides": {
"isomorphic-git@^1.33.0": {
"sha.js": "2.4.12"
}
}
}