-
-
Notifications
You must be signed in to change notification settings - Fork 328
Migration to Vue 3, Completion of Google provider, fixes for vulnerable packages #1268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
Show all changes
105 commits
Select commit
Hold shift + click to select a range
ea1b8a0
google SSO plus Vulnerabililty fixes
syed-talha98 1cc3ad0
fixed hardcode provider plus code cleanup
syed-talha98 670b310
replaced hardcoded value for scope defination
syed-talha98 01a7265
update example.env file
syed-talha98 0cbb008
code clean up
syed-talha98 452f8c6
Fix DriveAccess.vue build error and add Google views to gitignore
ericfitz 432c06a
Fix build process by removing conflicting babel.config.mjs file
ericfitz deb6d5d
fixed componets compatibility issues with vue3
syed-talha98 8dd951e
fixed veux store errors
syed-talha98 ececfe2
fixed provider error
syed-talha98 0378bcb
removed console
syed-talha98 c220f54
set provider as local if found empty
syed-talha98 73cf1dd
Added configurable proxy name to avoid invalid host header issues beh…
ericfitz e82806d
Example.env cleanup and documentation
ericfitz 53c4d68
More example.env cleanup and documentation
ericfitz e6aa355
Remove Google scope configuration and redundant Google client id vari…
ericfitz 53473ff
Standardized Google OAuth scopes, variable names
ericfitz a2953b5
Fixed error reading renamed port value
ericfitz d179f5e
added debug logging to troubleshoot google provider configuration
ericfitz 64726d0
fixing deprecation warning related webpack-dev-server v4+ format
ericfitz 4fbd9a4
Reverting change to unify GOOGLE_CLIENT_ID and VUE_APP_GOOGLE_CLIENT_ID
ericfitz 7987cb8
fixing vue variable injection issue
ericfitz 1397ae5
fixing API proxy issue
ericfitz d1a289a
Adding configuration logging after application is configured
ericfitz 87fa046
Fixing configuration mismatch, removing debug logging
ericfitz d9e3cea
Added terms-of-service and privacy-policy pages required for Google v…
ericfitz 1db462d
Added Privacy and ToS pages
ericfitz 2ea209e
Formatting for tos, privacy pages and nav bar icons
ericfitz 7682c46
Fixing error message trying to access server.address during server st…
ericfitz 0b4ecb8
Squashed commit of the following:
ericfitz 211fdf2
Merge branch 'vue3' into pull-request
ericfitz 69bc3d6
Removing duplicate packages, fixing dependency versions
ericfitz 8ac2dbe
Fixing locale selector, make-sbom
ericfitz b135a56
Fixed route guards
ericfitz 7e74f63
Fixing desktop application
ericfitz 0ae144f
Fixing login/logout navigation
ericfitz 266f658
Fixing routing for login and logout
ericfitz 522f6db
Fixing login/logout
ericfitz 020dbf3
Fixing VueX store issue with router
ericfitz e7877bd
Fixed npm clean-install issues
ericfitz bd5e7cb
Fixing macos-specific package dependencies
ericfitz 0e656d7
Fixing npm clean-install issues
ericfitz 4c1c5d0
Trying to fix ansi-regex issue
ericfitz 789734f
fix for ansi-regex dependency
ericfitz dafbcd2
fixed npm ci issues
ericfitz a36bbd1
Added back expected lint script names
ericfitz d4c1e79
Updating lint scripts to fix pull request test issue
ericfitz 6360b94
Working around tests not supporting npm workspaces
ericfitz 45c17a0
npm ci fix
ericfitz f8cd7d4
Fixing eslint vue plugin issues
ericfitz d4c85c3
Fixing prettier issue
ericfitz 88f3c21
fixing prettier issue, still
ericfitz eae0f96
Completely removed prettier
ericfitz 6f740a5
Resolving eslint configuration issues
ericfitz 196b389
Fixed axios and nyc issues blocking unit tests
ericfitz 8255dfd
Fixed axios and nyc issues blocking unit tests
ericfitz b0d68c4
Fixing server test failure due to mocha
ericfitz c93fe36
Added .mocharc.json
ericfitz 895e166
Adding @babel/register to fix server test error
ericfitz 24874a2
Fixing babel server test dependencies
ericfitz 8f79efc
Fixed td.server unit test issues
ericfitz b9787b7
Missed a package migrating away from npm workspace for td.server
ericfitz d0f059f
Still trying to get server unit tests to pass (environment issues)
ericfitz 2e25ae0
Fixed relative import causing a failure in server unit test
ericfitz 1f6e276
Fixing failing server unit tests
ericfitz d004d98
Fixing failing server e2e tests
ericfitz 9ebf3ee
Removed td.vue npm workspace. Fixed smoke test.
ericfitz 3ac67b1
Fixing npm ci after removing workspace. Making cypress tests more ro…
ericfitz 284f76e
Fixing unit test error caused by npm workspace removal
ericfitz b3507ac
Fixed all unit and e2e tests; fixed npm ci
ericfitz 30394d1
Fixing npm ci issues
ericfitz 0eea76c
Adding missing dependency
ericfitz 3dcb50f
Fixing lint issues with eslint vue plugin in td.vue
ericfitz 46cd07a
Cleanup. Fixing npm ci issues.
ericfitz 1920a4e
Fixing smoke test error
ericfitz b9a194a
rebuilding package-lock files
ericfitz bb5cdde
Fixing package-lock and dependency issues preventing PR tests from pa…
ericfitz 17f3ad5
Resolving package-builder version conflict
ericfitz 46ee90b
removing dmg-license
ericfitz 364f808
Installing dmg-license, dmg-builder
ericfitz e0e60c4
Fixing platform-specific dependency issues
ericfitz 9423cf7
Fixing cross-os dependency issues
ericfitz c4d5ebe
forcing re-run of smoke tests
ericfitz 82f7e6b
Updating npm configuration options and rebuilding package-lock.json
ericfitz a5b2962
Removing "--omit=optional"
ericfitz b9b9aa3
Changed all optional dependencies to dev dependencies; regenerated pa…
ericfitz e794c2d
re-marking macos-specific packages as optional
ericfitz 671c3ca
Fixing review feedback
ericfitz b0730c2
Adding unstaged change
ericfitz 082219c
Fixing unit test error reintroduced by changes.
ericfitz 77a055f
Instructing npm ci to ignore optional
ericfitz ce7e84c
Fixing broken unit tests due to package dependencies
ericfitz 5ab6836
Fixing e2e smoke test errors
ericfitz 15408e2
Fixing e2e smoke test
ericfitz 37f8176
Fixing docker build problem in github action
ericfitz 793fe2f
Fixing docker build issues and security vulns
ericfitz de55d3e
Merge branch 'main' into main
ericfitz caaf2d7
Fixing markdownlint errors
ericfitz a199231
Revert "Fixing markdownlint errors"
ericfitz 7b294d2
Merge branch 'main' of github.com:efitz-oss/threat-dragon
ericfitz 2059529
Fixing markdownlint issues
ericfitz 4eda6ca
localized the about box strings
ericfitz 31b5ba4
Fixing desktop menu.js test errors
ericfitz 6f43b11
Fixing docker image trivy issues
ericfitz b293ff6
Updating .trivyignore to pass PR tests with updated image
ericfitz File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,225 @@ | ||
| module.exports = { | ||
| root: true, | ||
| env: { | ||
| node: true, | ||
| browser: true, | ||
| es2022: true, | ||
| jest: true | ||
| }, | ||
| plugins: [], | ||
| extends: ['eslint:recommended'], | ||
| globals: { | ||
| __static: 'readonly', | ||
| vi: 'readonly', | ||
| google: 'readonly', | ||
| gapi: 'readonly', | ||
| before: 'readonly', | ||
| after: 'readonly', | ||
| beforeEach: 'readonly', | ||
| afterEach: 'readonly', | ||
| describe: 'readonly', | ||
| it: 'readonly', | ||
| expect: 'readonly', | ||
| Component: 'readonly' | ||
| }, | ||
| parserOptions: { | ||
| ecmaVersion: 2022, | ||
| sourceType: 'module' | ||
| }, | ||
| ignorePatterns: [ | ||
| 'node_modules/', | ||
| 'dist/', | ||
| 'dist-electron/', | ||
| 'td.vue/dist-desktop/', | ||
| '*.config.js', | ||
| 'babel.config.js', | ||
| 'context/**', | ||
| 'td.vue/tests/unit/setup/vue3-test-template.js', | ||
| 'td.vue/tests/unit/setup/bootstrap-vue-next.js' | ||
| ], | ||
| rules: { | ||
| // Common rules for both server and client | ||
| 'no-console': process.env.NODE_ENV === 'production' ? 'warn' : 'off', | ||
| 'no-debugger': process.env.NODE_ENV === 'production' ? 'warn' : 'off', | ||
| 'no-unused-vars': ['warn', { varsIgnorePattern: '^_', argsIgnorePattern: '^_' }], | ||
| 'no-undef': 'warn', | ||
| semi: ['error', 'always'], | ||
| quotes: ['error', 'single', { avoidEscape: true, allowTemplateLiterals: true }], | ||
| indent: ['warn', 4], | ||
| 'no-mixed-spaces-and-tabs': ['warn', 'smart-tabs'], | ||
| 'linebreak-style': ['warn', 'unix'], | ||
|
|
||
| // Performance-related rules | ||
| 'prefer-const': 'warn', | ||
| 'no-var': 'warn', | ||
|
|
||
| }, | ||
| overrides: [ | ||
| // Server specific overrides | ||
| { | ||
| files: ['td.server/src/**/*.js'], | ||
| env: { | ||
| node: true, | ||
| browser: false | ||
| }, | ||
| plugins: [], | ||
| rules: { | ||
| // Add any server-specific rules here | ||
| 'sort-imports': 'off' | ||
| } | ||
| }, | ||
| // Vue specific overrides | ||
| { | ||
| files: ['td.vue/src/**/*.{js,vue}'], | ||
| env: { | ||
| node: true, | ||
| browser: true | ||
| }, | ||
| plugins: ['vue'], | ||
| parser: 'vue-eslint-parser', | ||
| extends: ['eslint:recommended', 'plugin:vue/essential'], | ||
| rules: { | ||
| // Vue Essential Rules (Error Prevention) | ||
| 'vue/no-arrow-functions-in-watch': 'error', | ||
| 'vue/no-async-in-computed-properties': 'error', | ||
| 'vue/no-child-content': 'error', | ||
| 'vue/no-computed-properties-in-data': 'error', | ||
| 'vue/no-custom-modifiers-on-v-model': 'error', | ||
| 'vue/no-dupe-keys': 'error', | ||
| 'vue/no-dupe-v-else-if': 'error', | ||
| 'vue/no-duplicate-attributes': 'error', | ||
| 'vue/no-multiple-template-root': 'error', | ||
| 'vue/no-mutating-props': 'error', | ||
| 'vue/no-parsing-error': 'error', | ||
| 'vue/no-reserved-keys': 'error', | ||
| 'vue/no-reserved-props': 'error', | ||
| 'vue/no-shared-component-data': 'error', | ||
| 'vue/no-side-effects-in-computed-properties': 'error', | ||
| 'vue/no-template-key': 'error', | ||
| 'vue/no-textarea-mustache': 'error', | ||
| 'vue/no-unused-components': 'warn', | ||
| 'vue/no-unused-vars': 'warn', | ||
| 'vue/no-use-computed-property-like-method': 'error', | ||
| 'vue/no-use-v-if-with-v-for': 'error', | ||
| 'vue/no-useless-template-attributes': 'error', | ||
| 'vue/no-v-for-template-key': 'error', | ||
| 'vue/no-v-model-argument': 'error', | ||
| 'vue/require-component-is': 'error', | ||
| 'vue/require-prop-type-constructor': 'error', | ||
| 'vue/require-render-return': 'error', | ||
| 'vue/require-v-for-key': 'error', | ||
| 'vue/require-valid-default-prop': 'error', | ||
| 'vue/return-in-computed-property': 'error', | ||
| 'vue/use-v-on-exact': 'error', | ||
| 'vue/valid-attribute-name': 'error', | ||
| 'vue/valid-define-emits': 'error', | ||
| 'vue/valid-define-props': 'error', | ||
| 'vue/valid-next-tick': 'error', | ||
| 'vue/valid-template-root': 'error', | ||
| 'vue/valid-v-bind': 'error', | ||
| 'vue/valid-v-cloak': 'error', | ||
| 'vue/valid-v-else-if': 'error', | ||
| 'vue/valid-v-else': 'error', | ||
| 'vue/valid-v-for': 'error', | ||
| 'vue/valid-v-html': 'error', | ||
| 'vue/valid-v-if': 'error', | ||
| 'vue/valid-v-is': 'error', | ||
| 'vue/valid-v-memo': 'error', | ||
| 'vue/valid-v-model': 'error', | ||
| 'vue/valid-v-on': 'error', | ||
| 'vue/valid-v-once': 'error', | ||
| 'vue/valid-v-pre': 'error', | ||
| 'vue/valid-v-show': 'error', | ||
| 'vue/valid-v-slot': 'error', | ||
| 'vue/valid-v-text': 'error', | ||
|
|
||
| // Vue Strongly Recommended Rules (Improving Readability) | ||
| 'vue/attribute-hyphenation': 'warn', | ||
| 'vue/component-definition-name-casing': 'warn', | ||
| 'vue/first-attribute-linebreak': 'warn', | ||
| 'vue/html-closing-bracket-newline': 'warn', | ||
| 'vue/html-closing-bracket-spacing': 'warn', | ||
| 'vue/html-end-tags': 'warn', | ||
| 'vue/html-indent': ['error', 4], | ||
| 'vue/html-quotes': 'warn', | ||
| 'vue/html-self-closing': 'warn', | ||
| 'vue/max-attributes-per-line': [ | ||
| 'warn', | ||
| { | ||
| singleline: { | ||
| max: 3 | ||
| }, | ||
| multiline: { | ||
| max: 1 | ||
| } | ||
| } | ||
| ], | ||
| 'vue/multiline-html-element-content-newline': 'warn', | ||
| 'vue/mustache-interpolation-spacing': 'warn', | ||
| 'vue/no-multi-spaces': 'warn', | ||
| 'vue/no-spaces-around-equal-signs-in-attribute': 'warn', | ||
| 'vue/no-template-shadow': 'warn', | ||
| 'vue/one-component-per-file': 'warn', | ||
| 'vue/prop-name-casing': 'warn', | ||
| 'vue/require-default-prop': 'warn', | ||
| 'vue/require-explicit-emits': 'warn', | ||
| 'vue/require-prop-types': 'warn', | ||
| 'vue/singleline-html-element-content-newline': 'warn', | ||
| 'vue/v-bind-style': 'warn', | ||
| 'vue/v-on-style': 'warn', | ||
| 'vue/v-slot-style': 'warn', | ||
|
|
||
| // Vue Recommended Rules (Minimizing Arbitrary Choices) | ||
| 'vue/attributes-order': 'warn', | ||
| 'vue/no-lone-template': 'warn', | ||
| 'vue/no-multiple-slot-args': 'warn', | ||
| 'vue/no-v-html': 'warn', | ||
| 'vue/order-in-components': 'warn', | ||
| 'vue/this-in-template': 'warn' | ||
| } | ||
| }, | ||
| // Test specific overrides | ||
| { | ||
| files: ['**/__tests__/*.{js,jsx,ts,tsx}', '**/tests/unit/**/*.spec.{js,jsx,ts,tsx}'], | ||
| env: { | ||
| jest: true, | ||
| node: true | ||
| }, | ||
| globals: { | ||
| vi: true, | ||
| describe: true, | ||
| it: true, | ||
| expect: true, | ||
| beforeEach: true, | ||
| afterEach: true | ||
| }, | ||
| plugins: ['jest'], | ||
| extends: ['plugin:jest/recommended'], | ||
| rules: { | ||
| 'jest/prefer-to-have-length': 'warn', | ||
| 'jest/no-done-callback': 'warn', | ||
| 'jest/valid-expect': 'warn', | ||
| 'jest/no-disabled-tests': 'warn', | ||
| 'jest/expect-expect': 'warn', | ||
| 'jest/no-conditional-expect': 'warn', | ||
| 'no-unused-vars': 'warn' | ||
| } | ||
| }, | ||
| // E2E test specific overrides | ||
| { | ||
| files: ['**/tests/e2e/**/*.{js,jsx,ts,tsx}'], | ||
| env: { | ||
| node: true, | ||
| browser: true, | ||
| 'cypress/globals': true | ||
| }, | ||
| plugins: ['cypress'], | ||
| extends: ['plugin:cypress/recommended'], | ||
| rules: { | ||
| // Cypress specific rules | ||
| 'cypress/no-unnecessary-waiting': 'warn', | ||
| 'cypress/unsafe-to-chain-command': 'warn' | ||
| } | ||
| } | ||
| ] | ||
| }; | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,47 @@ | ||
| # ignoring these vulnerabilities in zlib, | ||
| # there are no updates to zlib and so these are unlikely to be fixed | ||
| CVE-2018-25032 | ||
| CVE-2022-37434 | ||
| # All vulnerabilities found in the trivy scan | ||
| # LOW severity | ||
| CVE-2011-3374 | ||
| TEMP-0841856-B18BAF | ||
| CVE-2022-0563 | ||
| CVE-2016-2781 | ||
| CVE-2017-18018 | ||
| CVE-2022-27943 | ||
| CVE-2023-4039 | ||
| CVE-2022-3219 | ||
| CVE-2025-30258 | ||
| CVE-2010-4756 | ||
| CVE-2018-20796 | ||
| CVE-2019-1010022 | ||
| CVE-2019-1010023 | ||
| CVE-2019-1010024 | ||
| CVE-2019-1010025 | ||
| CVE-2019-9192 | ||
| CVE-2018-6829 | ||
| CVE-2024-2236 | ||
| CVE-2011-3389 | ||
| CVE-2013-4392 | ||
| CVE-2023-31437 | ||
| CVE-2023-31438 | ||
| CVE-2023-31439 | ||
| CVE-2007-5686 | ||
| CVE-2023-29383 | ||
| CVE-2024-56433 | ||
| TEMP-0628843-DBAD28 | ||
| CVE-2011-4116 | ||
| CVE-2023-31486 | ||
| TEMP-0517018-A83CE6 | ||
| CVE-2005-2541 | ||
| TEMP-0290435-0B57B5 | ||
|
|
||
| # https://avd.aquasec.com/nvd/cve-2023-28155 | ||
| # request version prior to 2.88.2 | ||
| # this vulnerability is for the build system, not run time, so ignore | ||
| CVE-2023-28155 | ||
| # MEDIUM severity | ||
| CVE-2025-1390 | ||
| CVE-2024-10041 | ||
| CVE-2024-22365 | ||
| CVE-2023-50495 | ||
| CVE-2023-4641 | ||
|
|
||
| # https://avd.aquasec.com/nvd/cve-2024-9143 | ||
| # alpine 3.20.3 is pulling in a Low priority vuln for libcrypto3 version 3.3.2-r2, | ||
| # ignore for now until alpine is updated | ||
| CVE-2024-9143 | ||
| # HIGH severity | ||
| CVE-2023-31484 | ||
|
|
||
| # CRITICAL severity | ||
| CVE-2023-45853 |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.