Upgrade: dependency updates across phases 1-3

client/themes/default/components/page.vue

@@ -620,7 +620,7 @@ export default {
     Prism.highlightAllUnder(this.$refs.container)
 
     // -> Render Mermaid diagrams
-    mermaid.mermaidAPI.initialize({
+    mermaid.initialize({
       startOnLoad: true,
       theme: this.$vuetify.theme.dark ? `dark` : `default`
     })

package.json

@@ -57,21 +57,21 @@
     "bluebird": "3.7.2",
     "body-parser": "1.20.1",
     "chalk": "4.1.0",
-    "cheerio": "1.0.0-rc.5",
-    "chokidar": "3.5.3",
+    "cheerio": "1.2.0",
+    "chokidar": "4.0.3",
     "chromium-pickle-js": "0.2.0",
     "clean-css": "5.3.3",
     "command-exists": "1.2.9",
     "compression": "1.8.1",
-    "connect-session-knex": "2.0.0",
+    "connect-session-knex": "5.0.0",
     "cookie-parser": "1.4.7",
-    "cors": "2.8.5",
+    "cors": "2.8.6",
     "cuint": "0.2.2",
     "custom-error-instance": "2.1.2",
     "dependency-graph": "0.11.0",
     "diff": "4.0.2",
     "diff2html": "3.1.14",
-    "dompurify": "3.3.1",
+    "dompurify": "3.4.10",
     "dotize": "0.3.0",
     "elasticsearch6": "npm:@elastic/elasticsearch@6",
     "elasticsearch7": "npm:@elastic/elasticsearch@7",
@@ -83,44 +83,44 @@
     "express-session": "1.18.2",
     "file-type": "15.0.1",
     "filesize": "6.1.0",
-    "fs-extra": "9.0.1",
+    "fs-extra": "11.3.5",
     "getos": "3.2.1",
     "graphql": "15.3.0",
     "graphql-list-fields": "2.0.2",
     "graphql-rate-limit-directive": "1.2.1",
     "graphql-subscriptions": "1.1.0",
     "graphql-tools": "7.0.0",
     "he": "1.2.0",
-    "highlight.js": "10.3.1",
+    "highlight.js": "11.11.1",
     "i18next": "19.8.3",
     "i18next-express-middleware": "2.0.0",
     "i18next-node-fs-backend": "2.1.3",
     "image-size": "0.9.2",
     "js-base64": "3.7.8",
     "js-binary": "1.2.0",
-    "js-yaml": "3.14.0",
+    "js-yaml": "4.2.0",
     "jsdom": "16.4.0",
     "jsonwebtoken": "9.0.3",
     "katex": "0.12.0",
     "klaw": "3.0.0",
-    "knex": "0.21.7",
-    "lodash": "4.17.21",
-    "luxon": "1.25.0",
-    "markdown-it": "11.0.1",
-    "markdown-it-abbr": "1.0.4",
-    "markdown-it-attrs": "3.0.3",
+    "knex": "3.2.10",
+    "lodash": "4.18.1",
+    "luxon": "3.7.2",
+    "markdown-it": "14.2.0",
+    "markdown-it-abbr": "2.0.0",
+    "markdown-it-attrs": "5.0.0",
     "markdown-it-decorate": "1.2.2",
     "markdown-it-emoji": "3.0.0",
     "markdown-it-expand-tabs": "1.0.13",
     "markdown-it-external-links": "0.0.6",
-    "markdown-it-footnote": "3.0.3",
+    "markdown-it-footnote": "4.0.0",
     "markdown-it-imsize": "2.0.1",
-    "markdown-it-mark": "3.0.1",
+    "markdown-it-mark": "4.0.0",
     "markdown-it-mathjax": "2.0.0",
-    "markdown-it-multimd-table": "4.0.3",
+    "markdown-it-multimd-table": "4.2.3",
     "markdown-it-pivot-table": "1.0.5",
-    "markdown-it-sub": "1.0.0",
-    "markdown-it-sup": "1.0.0",
+    "markdown-it-sub": "2.0.0",
+    "markdown-it-sup": "2.0.0",
     "markdown-it-task-lists": "2.1.1",
     "mathjax": "3.2.2",
     "mime-types": "2.1.35",
@@ -130,13 +130,13 @@
     "ms": "2.1.3",
     "mssql": "6.2.3",
     "multer": "1.4.4",
-    "mysql2": "3.16.0",
+    "mysql2": "3.22.5",
     "nanoid": "3.2.0",
     "node-2fa": "1.1.2",
     "node-cache": "5.1.2",
-    "nodemailer": "6.9.1",
-    "objection": "2.2.18",
-    "passport": "0.4.1",
+    "nodemailer": "8.0.11",
+    "objection": "3.1.5",
+    "passport": "0.7.0",
     "passport-auth0": "1.4.5",
     "passport-azure-ad": "4.3.5",
     "passport-cas": "0.1.1",
@@ -158,7 +158,7 @@
     "passport-twitch-strategy": "2.2.0",
     "patch-package": "8.0.1",
     "pem-jwk": "2.0.0",
-    "pg": "8.16.3",
+    "pg": "8.21.0",
     "pg-hstore": "2.3.4",
     "pg-pubsub": "0.8.1",
     "pg-query-stream": "4.10.3",
@@ -169,14 +169,12 @@
     "qr-image": "3.2.0",
     "raven": "2.6.4",
     "remove-markdown": "0.6.2",
-    "request": "2.88.2",
-    "request-promise": "4.2.6",
     "safe-regex": "2.1.1",
     "sanitize-filename": "1.6.3",
     "scim-query-filter-parser": "2.0.4",
-    "semver": "7.7.3",
+    "semver": "7.8.4",
     "serve-favicon": "2.5.1",
-    "simple-git": "3.30.0",
+    "simple-git": "3.36.0",
     "solr-node": "1.2.1",
     "sqlite3": "5.1.7",
     "ssh2": "1.11.0",
@@ -189,7 +187,8 @@
     "uslug": "1.0.4",
     "uuid": "9.0.0",
     "validate.js": "0.13.1",
-    "winston": "3.8.2",
+    "vuetify-loader": "1.6.0",
+    "winston": "3.19.0",
     "xss": "1.0.15",
     "yargs": "17.6.2"
   },
@@ -240,7 +239,7 @@
     "codemirror-asciidoc": "1.0.4",
     "copy-webpack-plugin": "6.2.1",
     "core-js": "3.6.5",
-    "cross-env": "10.0.0",
+    "cross-env": "10.1.0",
     "css-loader": "4.3.0",
     "cssnano": "4.1.10",
     "cypress": "5.3.0",
@@ -292,7 +291,7 @@
     "pug-plain-loader": "1.0.0",
     "raw-loader": "4.0.2",
     "resolve-url-loader": "3.1.2",
-    "sass": "1.27.0",
+    "sass": "1.101.0",
     "sass-loader": "10.0.4",
     "sass-resources-loader": "2.1.1",
     "script-ext-html-webpack-plugin": "2.1.5",
@@ -318,7 +317,6 @@
     "vuedraggable": "2.24.3",
     "vuescroll": "4.16.1",
     "vuetify": "2.3.15",
-    "vuetify-loader": "1.6.0",
     "vuex": "3.5.1",
     "vuex-pathify": "1.4.5",
     "vuex-persistedstate": "3.1.0",

server/core/config.js

@@ -32,12 +32,12 @@ module.exports = {
     let appdata = {}
 
     try {
-      appconfig = yaml.safeLoad(
+      appconfig = yaml.load(
         cfgHelper.parseConfigValue(
           fs.readFileSync(confPaths.config, 'utf8')
         )
       )
-      appdata = yaml.safeLoad(fs.readFileSync(confPaths.data, 'utf8'))
+      appdata = yaml.load(fs.readFileSync(confPaths.data, 'utf8'))
       appdata.regex = require(confPaths.dataRegex)
       console.info(chalk.green.bold(`OK`))
     } catch (err) {

server/core/localization.js

@@ -80,7 +80,7 @@ module.exports = {
       try {
         const devEntriesRaw = await fs.readFile(path.join(WIKI.SERVERPATH, `locales/${locale}.yml`), 'utf8')
         if (devEntriesRaw) {
-          const devEntries = yaml.safeLoad(devEntriesRaw)
+          const devEntries = yaml.load(devEntriesRaw)
           _.forOwn(devEntries, (data, ns) => {
             this.namespaces.push(ns)
             this.engine.addResourceBundle(locale, ns, data, true, true)

server/graph/resolvers/contribute.js

@@ -1,4 +1,3 @@
-const request = require('request-promise')
 const _ = require('lodash')
 
 /* global WIKI */
@@ -10,16 +9,20 @@ module.exports = {
   ContributeQuery: {
     async contributors(obj, args, context, info) {
       try {
-        const resp = await request({
+        const resp = await fetch('https://graph.requarks.io', {
           method: 'POST',
-          uri: 'https://graph.requarks.io',
-          json: true,
-          body: {
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({
             query: '{\n  sponsors {\n    list(kind: BACKER) {\n      id\n      source\n      name\n      joined\n      website\n      twitter\n      avatar\n    }\n  }\n}\n',
             variables: {}
-          }
+          }),
+          signal: AbortSignal.timeout(10000)
         })
-        return _.get(resp, 'data.sponsors.list', [])
+        if (!resp.ok) {
+          throw new Error(`Contributors fetch failed with status ${resp.status}`)
+        }
+        const data = await resp.json()
+        return _.get(data, 'data.sponsors.list', [])
       } catch (err) {
         WIKI.logger.warn(err)
       }

server/graph/resolvers/group.js

@@ -96,8 +96,8 @@ module.exports = {
     async create (obj, args, { req }) {
       const group = await WIKI.models.groups.query().insertAndFetch({
         name: args.name,
-        permissions: JSON.stringify(WIKI.data.groups.defaultPermissions),
-        pageRules: JSON.stringify(WIKI.data.groups.defaultPageRules),
+        permissions: WIKI.data.groups.defaultPermissions,
+        pageRules: WIKI.data.groups.defaultPageRules,
         isSystem: false
       })
       await WIKI.auth.reloadGroups()
@@ -193,8 +193,8 @@ module.exports = {
       await WIKI.models.groups.query().patch({
         name: args.name,
         redirectOnLogin: args.redirectOnLogin,
-        permissions: JSON.stringify(args.permissions),
-        pageRules: JSON.stringify(args.pageRules)
+        permissions: args.permissions,
+        pageRules: args.pageRules
       }).where('id', args.id)
 
       // Revoke tokens for this group

server/graph/resolvers/system.js

@@ -6,7 +6,6 @@ const path = require('path')
 const fs = require('fs-extra')
 const moment = require('moment')
 const graphHelper = require('../../helpers/graph')
-const request = require('request-promise')
 const crypto = require('crypto')
 const nanoid = require('nanoid/non-secure').customAlphabet('1234567890abcdef', 10)
 
@@ -89,13 +88,14 @@ module.exports = {
     async performUpgrade (obj, args, context) {
       try {
         if (process.env.UPGRADE_COMPANION) {
-          await request({
-            method: 'POST',
-            uri: 'http://wiki-update-companion/upgrade',
-            qs: {
-              ...process.env.UPGRADE_COMPANION_REF && { container: process.env.UPGRADE_COMPANION_REF }
-            }
-          })
+          const upgradeUrl = new URL('http://wiki-update-companion/upgrade')
+          if (process.env.UPGRADE_COMPANION_REF) {
+            upgradeUrl.searchParams.set('container', process.env.UPGRADE_COMPANION_REF)
+          }
+          const upgradeResp = await fetch(upgradeUrl, { method: 'POST', signal: AbortSignal.timeout(30000) })
+          if (!upgradeResp.ok) {
+            throw new Error(`Upgrade companion returned ${upgradeResp.status}`)
+          }
           return {
             responseResult: graphHelper.generateSuccess('Upgrade has started.')
           }
@@ -134,8 +134,8 @@ module.exports = {
           if (args.groupMode === `SINGLE`) {
             const singleGroup = await WIKI.models.groups.query().insert({
               name: `Import_${curDateISO}`,
-              permissions: JSON.stringify(WIKI.data.groups.defaultPermissions),
-              pageRules: JSON.stringify(WIKI.data.groups.defaultPageRules)
+              permissions: WIKI.data.groups.defaultPermissions,
+              pageRules: WIKI.data.groups.defaultPageRules
             })
             groupsCount++
             assignableGroups.push(singleGroup.id)
@@ -184,8 +184,8 @@ module.exports = {
 
                   const newGroup = await WIKI.models.groups.query().insert({
                     name: `Import_${curDateISO}_${groupsCount + 1}`,
-                    permissions: JSON.stringify(perms),
-                    pageRules: JSON.stringify(pageRules)
+                    permissions: perms,
+                    pageRules: pageRules
                   })
                   reuseGroups.push({
                     groupId: newGroup.id,

server/master.js

@@ -5,7 +5,8 @@ const cookieParser = require('cookie-parser')
 const cors = require('cors')
 const express = require('express')
 const session = require('express-session')
-const KnexSessionStore = require('connect-session-knex')(session)
+const { ConnectSessionKnexStore } = require('connect-session-knex')
+const KnexSessionStore = ConnectSessionKnexStore
 const favicon = require('serve-favicon')
 const path = require('path')
 const _ = require('lodash')

server/models/analytics.js

@@ -21,15 +21,12 @@ module.exports = class Analytics extends Model {
 
       properties: {
         key: {type: 'string'},
-        isEnabled: {type: 'boolean'}
+        isEnabled: {type: 'boolean'},
+        config: {type: 'object'}
       }
     }
   }
 
-  static get jsonAttributes() {
-    return ['config']
-  }
-
   static async getProviders(isEnabled) {
     const providers = await WIKI.models.analytics.query().where(_.isBoolean(isEnabled) ? { isEnabled } : {})
     return _.sortBy(providers, ['key'])
@@ -45,7 +42,7 @@ module.exports = class Analytics extends Model {
       let diskProviders = []
       for (let dir of analyticsDirs) {
         const def = await fs.readFile(path.join(WIKI.SERVERPATH, 'modules/analytics', dir, 'definition.yml'), 'utf8')
-        diskProviders.push(yaml.safeLoad(def))
+        diskProviders.push(yaml.load(def))
       }
       WIKI.data.analytics = diskProviders.map(provider => ({
         ...provider,
@@ -111,7 +108,7 @@ module.exports = class Analytics extends Model {
 
       for (let provider of providers) {
         const def = await fs.readFile(path.join(WIKI.SERVERPATH, 'modules/analytics', provider.key, 'code.yml'), 'utf8')
-        let code = yaml.safeLoad(def)
+        let code = yaml.load(def)
         code.head = _.defaultTo(code.head, '')
         code.bodyStart = _.defaultTo(code.bodyStart, '')
         code.bodyEnd = _.defaultTo(code.bodyEnd, '')

server/models/authentication.js

@@ -21,15 +21,14 @@ module.exports = class Authentication extends Model {
 
       properties: {
         key: {type: 'string'},
-        selfRegistration: {type: 'boolean'}
+        selfRegistration: {type: 'boolean'},
+        config: {type: 'object'},
+        domainWhitelist: {type: 'object'},
+        autoEnrollGroups: {type: 'object'}
       }
     }
   }
 
-  static get jsonAttributes() {
-    return ['config', 'domainWhitelist', 'autoEnrollGroups']
-  }
-
   static async getStrategy(key) {
     return WIKI.models.authentication.query().findOne({ key })
   }
@@ -84,7 +83,7 @@ module.exports = class Authentication extends Model {
       WIKI.data.authentication = []
       for (let dir of authDirs) {
         const defRaw = await fs.readFile(path.join(WIKI.SERVERPATH, 'modules/authentication', dir, 'definition.yml'), 'utf8')
-        const def = yaml.safeLoad(defRaw)
+        const def = yaml.load(defRaw)
         WIKI.data.authentication.push({
           ...def,
           props: commonHelper.parseModuleProps(def.props)