Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot updates for week of 15 May 2023 #2160

Merged
merged 14 commits into from
May 15, 2023
Merged

Dependabot updates for week of 15 May 2023 #2160

merged 14 commits into from
May 15, 2023

Conversation

jmgrady
Copy link
Collaborator

@jmgrady jmgrady commented May 15, 2023
edited by jasonleenaylor
Loading

This change is Reviewable

dependabot bot and others added 12 commits May 14, 2023 12:57
@dependabot
Bump @matt-block/react-recaptcha-v2 from 2.0.0 to 2.0.1
0d97856 
Bumps [@matt-block/react-recaptcha-v2](https://github.com/matei-radu/react-recaptcha-v2) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/matei-radu/react-recaptcha-v2/releases)
- [Changelog](https://github.com/matei-radu/react-recaptcha-v2/blob/main/CHANGELOG.md)
- [Commits](matei-radu/react-recaptcha-v2@v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: "@matt-block/react-recaptcha-v2"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump @material-table/core from 6.1.13 to 6.1.15
d3243b1 
Bumps [@material-table/core](https://github.com/material-table-core/core) from 6.1.13 to 6.1.15.
- [Release notes](https://github.com/material-table-core/core/releases)
- [Changelog](https://github.com/material-table-core/core/blob/master/CHANGELOG.md)
- [Commits](material-table-core/core@v6.1.13...v6.1.15)

---
updated-dependencies:
- dependency-name: "@material-table/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump chart.js from 4.2.1 to 4.3.0
a352b91 
Bumps [chart.js](https://github.com/chartjs/Chart.js) from 4.2.1 to 4.3.0.
- [Release notes](https://github.com/chartjs/Chart.js/releases)
- [Commits](chartjs/Chart.js@v4.2.1...v4.3.0)

---
updated-dependencies:
- dependency-name: chart.js
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump @types/validator from 13.7.16 to 13.7.17
012f01c 
Bumps [@types/validator](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/validator) from 13.7.16 to 13.7.17.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/validator)

---
updated-dependencies:
- dependency-name: "@types/validator"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@jmgrady
Update backend IdentityModel packages to 6.30.1
2d16b9d
@jmgrady
Update bitnami images
ccca57e 
update to:
- bitnami/dotnet-sdk:6.0.408-debian-11-r11
- bitnami/aspnet-core:6.0.16-debian-11-r11
@jmgrady
Fix version of Python image in comment
a39efd3
@jmgrady
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/types/va…
e351662 
…lidator-13.7.17' into dependabot-2023-05-15
@jmgrady
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/chart.js…
a5153d8 
…-4.3.0' into dependabot-2023-05-15
@jmgrady
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/material…
f417cf8 
…-table/core-6.1.15' into dependabot-2023-05-15
@jmgrady
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/matt-blo…
9e30fcf 
…ck/react-recaptcha-v2-2.0.1' into dependabot-2023-05-15

# Conflicts:
#	package-lock.json
#	package.json
@jmgrady
Update license reports
80afd57
@jmgrady jmgrady added docker dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code .NET Pull requests that update .net code labels May 15, 2023
@jmgrady jmgrady requested a review from imnasnainaec May 15, 2023 13:25
@jmgrady jmgrady self-assigned this May 15, 2023
@jmgrady jmgrady marked this pull request as ready for review May 15, 2023 14:11
imnasnainaec
imnasnainaec requested changes May 15, 2023
View reviewed changes
Copy link
Collaborator

@imnasnainaec imnasnainaec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 4 of 7 files at r2, all commit messages.
Reviewable status: 4 of 7 files reviewed, 1 unresolved discussion (waiting on @jmgrady)

Backend/BackendFramework.csproj line 23 at r2 (raw file):

    </PackageReference>
    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.16" />
    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.30.1" />

I cannot log in now:

fail: Microsoft.AspNetCore.Server.Kestrel[13]
      Connection id "0HMQLA2BQ4R38", Request id "0HMQLA2BQ4R38:00000004": An unhandled exception was thrown by the application.
      System.ArgumentOutOfRangeException: IDX10720: Unable to create KeyedHashAlgorithm for algorithm 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256', the key size must be greater than: '256' bits, key has '128' bits. (Parameter 'keyBytes')
         at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ValidateKeySize(Byte[] keyBytes, String algorithm, Int32 expectedNumberOfBytes)
         at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateKeyedHashAlgorithm(Byte[] keyBytes, String algorithm)
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.CreateKeyedHashAlgorithm()
         at Microsoft.IdentityModel.Tokens.DisposableObjectPool`1.Allocate()
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.GetKeyedHashAlgorithm(Byte[] keyBytes, String algorithm)
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Sign(Byte[] input)
         at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials)
         at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateJwtSecurityTokenPrivate(String issuer, String audience, ClaimsIdentity subject, Nullable`1 notBefore, Nullable`1 expires, Nullable`1 issuedAt, SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials, IDictionary`2 claimCollection, String tokenType, IDictionary`2 additionalHeaderClaims, IDictionary`2 additionalInnerHeaderClaims)
         at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateToken(SecurityTokenDescriptor tokenDescriptor)
         at BackendFramework.Services.PermissionService.MakeJwt(User user) in /Users/dror/sil/TheCombine/Backend/Services/PermissionService.cs:line 223
         at BackendFramework.Services.PermissionService.Authenticate(String username, String password) in /Users/dror/sil/TheCombine/Backend/Services/PermissionService.cs:line 183
         at BackendFramework.Controllers.UserController.Authenticate(Credentials cred) in /Users/dror/sil/TheCombine/Backend/Controllers/UserController.cs:line 107
         at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
         at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
         at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Watch.BrowserRefresh.BrowserRefreshMiddleware.InvokeAsync(HttpContext context)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

imnasnainaec
imnasnainaec requested changes May 15, 2023
View reviewed changes
Copy link
Collaborator

@imnasnainaec imnasnainaec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 2 of 7 files at r2.
Reviewable status: 6 of 7 files reviewed, 2 unresolved discussions (waiting on @jmgrady)

a discussion (no related file):
Does the backend license report not need updating?

Backend/BackendFramework.csproj line 23 at r2 (raw file):

Previously, imnasnainaec (D. Ror.) wrote…

I cannot log in now:

fail: Microsoft.AspNetCore.Server.Kestrel[13]
      Connection id "0HMQLA2BQ4R38", Request id "0HMQLA2BQ4R38:00000004": An unhandled exception was thrown by the application.
      System.ArgumentOutOfRangeException: IDX10720: Unable to create KeyedHashAlgorithm for algorithm 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256', the key size must be greater than: '256' bits, key has '128' bits. (Parameter 'keyBytes')
         at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ValidateKeySize(Byte[] keyBytes, String algorithm, Int32 expectedNumberOfBytes)
         at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateKeyedHashAlgorithm(Byte[] keyBytes, String algorithm)
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.CreateKeyedHashAlgorithm()
         at Microsoft.IdentityModel.Tokens.DisposableObjectPool`1.Allocate()
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.GetKeyedHashAlgorithm(Byte[] keyBytes, String algorithm)
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Sign(Byte[] input)
         at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials)
         at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateJwtSecurityTokenPrivate(String issuer, String audience, ClaimsIdentity subject, Nullable`1 notBefore, Nullable`1 expires, Nullable`1 issuedAt, SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials, IDictionary`2 claimCollection, String tokenType, IDictionary`2 additionalHeaderClaims, IDictionary`2 additionalInnerHeaderClaims)
         at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateToken(SecurityTokenDescriptor tokenDescriptor)
         at BackendFramework.Services.PermissionService.MakeJwt(User user) in /Users/dror/sil/TheCombine/Backend/Services/PermissionService.cs:line 223
         at BackendFramework.Services.PermissionService.Authenticate(String username, String password) in /Users/dror/sil/TheCombine/Backend/Services/PermissionService.cs:line 183
         at BackendFramework.Controllers.UserController.Authenticate(Credentials cred) in /Users/dror/sil/TheCombine/Backend/Controllers/UserController.cs:line 107
         at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
         at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
         at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Watch.BrowserRefresh.BrowserRefreshMiddleware.InvokeAsync(HttpContext context)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

The README needs "Set the environment variable COMBINE_JWT_SECRET_KEY to a string containing at least 16 characters, such as" updated to say "at least 32".

jmgrady
jmgrady commented May 15, 2023
View reviewed changes
Copy link
Collaborator Author

@jmgrady jmgrady left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 6 of 7 files reviewed, 2 unresolved discussions (waiting on @imnasnainaec)

Backend/BackendFramework.csproj line 23 at r2 (raw file):

Previously, imnasnainaec (D. Ror.) wrote…

The README needs "Set the environment variable COMBINE_JWT_SECRET_KEY to a string containing at least 16 characters, such as" updated to say "at least 32".

Done.

@codecov-commenter
Copy link

codecov-commenter commented May 15, 2023
edited
Loading

Codecov Report

Patch and project coverage have no change.

Comparison is base (ca31782) 49.52% compared to head (07354d1) 49.52%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #2160   +/-   ##
=======================================
  Coverage   49.52%   49.52%           
=======================================
  Files         294      294           
  Lines        9493     9493           
  Branches      694      694           
=======================================
  Hits         4701     4701           
  Misses       4237     4237           
  Partials      555      555
Flag Coverage Δ
backend 72.08% <ø> (ø)
frontend 33.43% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

imnasnainaec
imnasnainaec approved these changes May 15, 2023
View reviewed changes
Copy link
Collaborator

@imnasnainaec imnasnainaec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 7 files at r2, 1 of 1 files at r4, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved (waiting on @jmgrady)

@jmgrady jmgrady merged commit cb7393b into master May 15, 2023
@jmgrady jmgrady deleted the dependabot-2023-05-15 branch May 15, 2023 19:22
@imnasnainaec imnasnainaec mentioned this pull request Mar 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imnasnainaec imnasnainaec imnasnainaec approved these changes

Assignees

@jmgrady jmgrady

Labels
dependencies Pull requests that update a dependency file docker javascript Pull requests that update Javascript code .NET Pull requests that update .net code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jmgrady @codecov-commenter @imnasnainaec