Fix ReDoS and Directory Traversal (#352)

Co-authored-by: Weves <chrisweaver101@gmail.com>
2025-06-25 15:30:59 +02:00 · 2023-08-29 21:20:15 -07:00 · 2023-08-29 21:20:15 -07:00 · 856061c7ea
commit 856061c7ea
parent 9e82dbf8bb
4 changed files with 966 additions and 3555 deletions
--- a/backend/requirements/default.txt
+++ b/backend/requirements/default.txt
@ -5,7 +5,7 @@ beautifulsoup4==4.12.0
 dask==2023.8.1
 distributed==2023.8.1
 python-dateutil==2.8.2
-fastapi==0.95.0
+fastapi==0.103.0
 fastapi-users==11.0.0
 fastapi-users-db-sqlalchemy==5.0.0
 filelock==3.12.0
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/package.json
+++ b/web/package.json
@ -15,8 +15,6 @@
    "@types/react": "18.0.32",
    "@types/react-dom": "18.0.11",
    "autoprefixer": "^10.4.14",
-    "eslint": "8.37.0",
-    "eslint-config-next": "^13.4.9",
    "formik": "^2.2.9",
    "js-cookie": "^3.0.5",
    "next": "^13.4.9",
@ -25,13 +23,15 @@
    "react-dom": "^18.2.0",
    "react-dropzone": "^14.2.3",
    "react-icons": "^4.8.0",
-    "semver": "^7.5.3",
+    "semver": "^7.5.4",
    "swr": "^2.1.5",
    "tailwindcss": "^3.3.1",
    "typescript": "5.0.3",
    "yup": "^1.1.1"
  },
  "devDependencies": {
-    "prettier": "2.8.8"
+    "prettier": "2.8.8",
+    "eslint": "^8.48.0",
+    "eslint-config-next": "^13.4.9"
  }
 }
--- a/web/src/components/admin/connectors/Field.tsx
+++ b/web/src/components/admin/connectors/Field.tsx
@ -1,5 +1,5 @@
 import { Button } from "@/components/Button";
-import { ErrorMessage, Field, FieldArray } from "formik";
+import { ArrayHelpers, ErrorMessage, Field, FieldArray } from "formik";
 import * as Yup from "yup";
 import { FormBodyBuilder } from "./types";

@ -89,7 +89,7 @@ export function TextArrayFieldBuilder<T extends Yup.AnyObject>({

      <FieldArray
        name={name}
-        render={(arrayHelpers) => (
+        render={(arrayHelpers: ArrayHelpers) => (
          <div>
            {values[name] &&
              values[name].length > 0 &&