fix(cli): resolve vm2 security vulnerability (#5070)

ionic-team · Dec 19, 2023 · 4050419 · 4050419
1 parent ed23150
commit 4050419
Show file tree

Hide file tree

Showing 63 changed files with 342 additions and 214 deletions.
diff --git a/packages/@ionic/cli-framework-prompts/src/index.ts b/packages/@ionic/cli-framework-prompts/src/index.ts
@@ -1,5 +1,5 @@
 import { TERMINAL_INFO } from '@ionic/utils-terminal';
-import * as Debug from 'debug';
+import { debug as Debug } from 'debug';
 
 const debug = Debug('ionic:cli-framework-prompts');
 

diff --git a/packages/@ionic/cli-framework/src/lib/__tests__/options.ts b/packages/@ionic/cli-framework/src/lib/__tests__/options.ts
@@ -1,4 +1,4 @@
-import * as minimist from 'minimist';
+import minimist from 'minimist';
 
 import { CommandMetadata } from '../../definitions';
 import { OptionFilters, filterCommandLineOptions, filterCommandLineOptionsByGroup, metadataOptionsToParseArgsOptions, separateArgv, stripOptions, unparseArgs } from '../options';

diff --git a/packages/@ionic/cli-framework/src/lib/colors.ts b/packages/@ionic/cli-framework/src/lib/colors.ts
@@ -1,5 +1,5 @@
 import { ColorFunction, Colors as BaseColors } from '@ionic/cli-framework-output';
-import * as chalk from 'chalk';
+import chalk from 'chalk';
 import * as lodash from 'lodash';
 
 import { MetadataGroup } from '../definitions';

diff --git a/packages/@ionic/cli-framework/src/lib/help.ts b/packages/@ionic/cli-framework/src/lib/help.ts
@@ -1,6 +1,6 @@
 import { filter, map } from '@ionic/utils-array';
 import { generateFillSpaceStringList, stringWidth, wordWrap } from '@ionic/utils-terminal';
-import * as Debug from 'debug';
+import { debug as Debug } from 'debug';
 import * as lodash from 'lodash';
 
 import { CommandMetadata, CommandMetadataInput, CommandMetadataOption, Footnote, HydratedCommandMetadata, HydratedNamespaceMetadata, ICommand, INamespace, LinkFootnote, MetadataGroup, NamespaceLocateResult, NamespaceMetadata } from '../definitions';
@@ -223,7 +223,7 @@ export class NamespaceStringHelpFormatter<C extends ICommand<C, N, M, I, O>, N e
 
     const filteredCommands = await filter(commands, async cmd => this.filterCommandCallback(cmd));
 
-    const [ cmdDetails, nsDetails ] = await Promise.all([
+    const [cmdDetails, nsDetails] = await Promise.all([
       this.getListOfCommandDetails(filteredCommands.filter(cmd => cmd.namespace === this.namespace)),
       this.getListOfNamespaceDetails(filteredCommands.filter(cmd => cmd.namespace !== this.namespace)),
     ]);

diff --git a/packages/@ionic/cli-framework/src/lib/options.ts b/packages/@ionic/cli-framework/src/lib/options.ts
@@ -1,5 +1,5 @@
 import * as lodash from 'lodash';
-import * as minimist from 'minimist';
+import minimist from 'minimist';
 
 import { CommandLineOptions, CommandMetadataOption, HydratedParseArgsOptions, ParsedArg } from '../definitions';
 
@@ -19,7 +19,7 @@ export { ParsedArgs } from 'minimist';
  */
 export function stripOptions(pargv: readonly string[], { includeSeparated = true }: { includeSeparated?: boolean; }): string[] {
   const r = /^\-/;
-  const [ ownArgs, otherArgs ] = separateArgv(pargv);
+  const [ownArgs, otherArgs] = separateArgv(pargv);
   const filteredArgs = ownArgs.filter(arg => !r.test(arg));
 
   if (!includeSeparated) {
@@ -50,7 +50,7 @@ export function separateArgv(pargv: readonly string[]): [string[], string[]] {
     otherArgs.shift(); // strip separator
   }
 
-  return [ ownArgs, otherArgs ];
+  return [ownArgs, otherArgs];
 }
 
 /**
@@ -166,8 +166,8 @@ export function filterCommandLineOptions<O extends CommandMetadataOption>(option
 
   const pairs = Object.keys(parsedArgs)
     .map((k): [string, O | undefined, ParsedArg | undefined] => [k, mapped.get(k), parsedArgs[k]])
-    .filter(([ k, opt, value ]) => opt && predicate(opt, value))
-    .map(([ k, opt, value ]) => [opt ? opt.name : k, value]);
+    .filter(([k, opt, value]) => opt && predicate(opt, value))
+    .map(([k, opt, value]) => [opt ? opt.name : k, value]);
 
   return { ...initial, ...lodash.fromPairs(pairs) };
 }
@@ -221,7 +221,7 @@ export function unparseArgs(parsedArgs: minimist.ParsedArgs, { useDoubleQuotes,
   const dashKey = (k: string) => (k.length === 1 ? '-' : '--') + k;
 
   const pushPairs = (...pairs: [string, string | undefined][]) => {
-    for (const [ k, val ] of pairs) {
+    for (const [k, val] of pairs) {
       const key = dashKey(allowCamelCase ? k : k.replace(/[A-Z]/g, '-$&').toLowerCase());
 
       if (useEquals) {
@@ -274,7 +274,7 @@ export function unparseArgs(parsedArgs: minimist.ParsedArgs, { useDoubleQuotes,
     isKnown(k)
   );
 
-  for (const [ key, val ] of pairedOptions) {
+  for (const [key, val] of pairedOptions) {
     if (val === true) {
       pushPairs([key, undefined]);
     } else if (val === false && !ignoreFalse) {

diff --git a/packages/@ionic/cli-framework/src/lib/validators.ts b/packages/@ionic/cli-framework/src/lib/validators.ts
@@ -1,4 +1,4 @@
-import * as chalk from 'chalk';
+import chalk from 'chalk';
 
 import { ValidationError, Validator, Validators } from '../definitions';
 import { InputValidationError } from '../errors';

diff --git a/packages/@ionic/cli-framework/src/utils/ipc.ts b/packages/@ionic/cli-framework/src/utils/ipc.ts
@@ -1,6 +1,6 @@
 import { fork } from '@ionic/utils-subprocess';
 import { ChildProcess } from 'child_process';
-import * as Debug from 'debug';
+import { debug as Debug } from 'debug';
 import * as fs from 'fs';
 
 import { ERROR_IPC_UNKNOWN_PROCEDURE, IPCError } from '../errors';

diff --git a/packages/@ionic/cli/.gitignore b/packages/@ionic/cli/.gitignore
@@ -3,3 +3,4 @@
 !jest.config.js
 !lint-staged.config.js
 *.d.ts
+*.tgz
diff --git a/packages/@ionic/cli/package.json b/packages/@ionic/cli/package.json
@@ -63,7 +63,7 @@
     "ssh-config": "^1.1.1",
     "stream-combiner2": "^1.1.1",
     "superagent": "^8.0.9",
-    "superagent-proxy": "^3.0.0",
+    "proxy-agent": "^6.3.0",
     "tar": "^6.0.1",
     "tslib": "^2.0.1"
   },
@@ -77,7 +77,6 @@
     "@types/semver": "^7.1.0",
     "@types/split2": "^2.1.6",
     "@types/superagent": "4.1.3",
-    "@types/superagent-proxy": "^3.0.0",
     "@types/tar": "^6.1.2",
     "jest": "^26.4.2",
     "jest-cli": "^26.0.1",

diff --git a/packages/@ionic/cli/src/bootstrap.ts b/packages/@ionic/cli/src/bootstrap.ts
@@ -1,5 +1,5 @@
 import { compileNodeModulesPaths, readPackageJsonFile } from '@ionic/cli-framework/utils/node';
-import * as Debug from 'debug';
+import { debug as Debug } from 'debug';
 import * as path from 'path';
 import * as semver from 'semver';
 

diff --git a/packages/@ionic/cli/src/commands/capacitor/run.ts b/packages/@ionic/cli/src/commands/capacitor/run.ts
@@ -1,8 +1,8 @@
 import { BaseError, Footnote, validators } from '@ionic/cli-framework';
 import { sleepForever } from '@ionic/utils-process';
 import { columnar } from '@ionic/utils-terminal';
-import * as chalk from 'chalk';
-import * as Debug from 'debug';
+import chalk from 'chalk';
+import { debug as Debug } from 'debug';
 import * as lodash from 'lodash';
 import * as semver from 'semver';
 
@@ -233,7 +233,7 @@ For Android and iOS, you can setup Remote Debugging on your device with browser
       throw new FatalException(`Cannot run ${input('ionic capacitor run')} outside a project directory.`);
     }
 
-    const [ platform ] = inputs;
+    const [platform] = inputs;
 
     const doLiveReload = !!options['livereload'];
     const doOpenFlow = (await this.isOldCapacitor()) || options['open'] === true;
@@ -297,7 +297,7 @@ For Android and iOS, you can setup Remote Debugging on your device with browser
       throw new FatalException(`Cannot run ${input('ionic capacitor run')} outside a project directory.`);
     }
 
-    const [ platform ] = inputs;
+    const [platform] = inputs;
 
     await this.runCapacitorRunHook('capacitor:run:before', inputs, options, { ...this.env, project: this.project });
 
@@ -326,7 +326,7 @@ For Android and iOS, you can setup Remote Debugging on your device with browser
       throw new FatalException(`Cannot run ${input('ionic capacitor run')} outside a project directory.`);
     }
 
-    const [ platform ] = inputs;
+    const [platform] = inputs;
 
     await this.runCapacitorRunHook('capacitor:run:before', inputs, options, { ...this.env, project: this.project });
     await this.runCapacitor(['run', platform, ...(shouldSync ? [] : ['--no-sync']), '--target', String(options['target'])]);

diff --git a/packages/@ionic/cli/src/commands/config/get.ts b/packages/@ionic/cli/src/commands/config/get.ts
@@ -1,7 +1,7 @@
 import { MetadataGroup } from '@ionic/cli-framework';
 import { strcmp } from '@ionic/cli-framework/utils/string';
 import { columnar, prettyPath } from '@ionic/utils-terminal';
-import * as chalk from 'chalk';
+import chalk from 'chalk';
 import * as lodash from 'lodash';
 import * as util from 'util';
 

diff --git a/packages/@ionic/cli/src/commands/cordova/run.ts b/packages/@ionic/cli/src/commands/cordova/run.ts
@@ -1,6 +1,6 @@
 import { Footnote, MetadataGroup, validators } from '@ionic/cli-framework';
 import { onBeforeExit, sleepForever } from '@ionic/utils-process';
-import * as Debug from 'debug';
+import { debug as Debug } from 'debug';
 import * as lodash from 'lodash';
 
 import { CommandInstanceInfo, CommandLineInputs, CommandLineOptions, CommandMetadata, CommandMetadataOption, CommandPreRun, IShellRunOptions, ServeDetails } from '../../definitions';
@@ -212,7 +212,7 @@ Just like with ${input('ionic cordova build')}, you can pass additional options
       inputs[0] = p.trim();
     }
 
-    const [ platform ] = inputs;
+    const [platform] = inputs;
 
     if (platform && options['native-run'] && !SUPPORTED_PLATFORMS.includes(platform)) {
       this.env.log.warn(`${input(platform)} is not supported by ${input('native-run')}. Using Cordova to run the app.`);
@@ -298,7 +298,7 @@ Just like with ${input('ionic cordova build')}, you can pass additional options
     buildOpts.stdio = options['verbose'] ? 'inherit' : ['pipe', 'ignore', 'pipe'];
 
     if (options['native-run']) {
-      const [ platform ] = inputs;
+      const [platform] = inputs;
 
       await this.runCordova(filterArgumentsForCordova({ ...metadata, name: 'build' }, options), buildOpts);
 
@@ -336,7 +336,7 @@ Just like with ${input('ionic cordova build')}, you can pass additional options
 
     if (options['native-run']) {
       const conf = await loadCordovaConfig(this.integration);
-      const [ platform ] = inputs;
+      const [platform] = inputs;
 
       await this.runCordova(filterArgumentsForCordova({ ...metadata, name: 'build' }, options), { stdio: 'inherit' });
 

diff --git a/packages/@ionic/cli/src/commands/integrations/list.ts b/packages/@ionic/cli/src/commands/integrations/list.ts
@@ -1,5 +1,5 @@
 import { columnar } from '@ionic/utils-terminal';
-import * as chalk from 'chalk';
+import chalk from 'chalk';
 
 import { CommandLineInputs, CommandLineOptions, CommandMetadata, IntegrationName } from '../../definitions';
 import { input, strong } from '../../lib/color';

diff --git a/packages/@ionic/cli/src/commands/link.ts b/packages/@ionic/cli/src/commands/link.ts
@@ -1,7 +1,7 @@
 import { MetadataGroup, validators } from '@ionic/cli-framework';
 import { createPromptChoiceSeparator } from '@ionic/cli-framework-prompts';
 import { prettyPath } from '@ionic/utils-terminal';
-import * as Debug from 'debug';
+import { debug as Debug } from 'debug';
 
 import { PROJECT_FILE } from '../constants';
 import { App, CommandInstanceInfo, CommandLineInputs, CommandLineOptions, CommandMetadata, CommandPreRun, GithubBranch, GithubRepo } from '../definitions';
@@ -468,7 +468,7 @@ If you are having issues linking, please get in touch with our Support[^support-
   }
 
   formatRepoName(fullName: string) {
-    const [ org, name ] = fullName.split('/');
+    const [org, name] = fullName.split('/');
 
     return `${weak(`${org} /`)} ${name}`;
   }

diff --git a/packages/@ionic/cli/src/commands/live-update/manifest.ts b/packages/@ionic/cli/src/commands/live-update/manifest.ts
@@ -7,7 +7,7 @@ import * as crypto from 'crypto';
 import * as fs from 'fs';
 import lodash = require('lodash');
 import * as path from 'path';
-import * as Debug from 'debug';
+import { debug as Debug } from 'debug';
 
 import { CommandMetadata } from '../../definitions';
 import { input } from '../../lib/color';
@@ -62,7 +62,7 @@ export class LiveUpdatesManifestCommand extends LiveUpdatesCoreCommand {
   private async getFilesAndSizesAndHashesForGlobPattern(buildDir: string): Promise<LiveUpdatesManifestItem[]> {
     const contents = await readdirp(buildDir, { filter: item => !/(css|js)\.map$/.test(item.path) });
     const stats = await map(contents, async (f): Promise<[string, fs.Stats]> => [f, await stat(f)]);
-    const files = stats.filter(([ , s ]) => !s.isDirectory());
+    const files = stats.filter(([, s]) => !s.isDirectory());
 
     const items = await Promise.all(files.map(([f, s]) => this.getFileAndSizeAndHashForFile(buildDir, f, s)));
 
@@ -113,7 +113,7 @@ export class LiveUpdatesManifestCommand extends LiveUpdatesCoreCommand {
       level: LOGGER_LEVELS.INFO,
       handlers: createDefaultLoggerHandlers(),
     });
-    const shell = new Shell({ log }, { alterPath: p => { return prependNodeModulesBinToPath(this.env.ctx.execPath, p)} });
+    const shell = new Shell({ log }, { alterPath: p => { return prependNodeModulesBinToPath(this.env.ctx.execPath, p) } });
 
     debug('Getting config with Capacitor CLI: %O', args);
 
@@ -126,7 +126,7 @@ export class LiveUpdatesManifestCommand extends LiveUpdatesCoreCommand {
 
     try {
       return JSON.parse(output);
-    } catch(e) {
+    } catch (e) {
       debug('Could not get config from Capacitor CLI (probably old version)', e);
       return;
     }

diff --git a/packages/@ionic/cli/src/commands/login.ts b/packages/@ionic/cli/src/commands/login.ts
@@ -1,5 +1,5 @@
 import { combine, validators } from '@ionic/cli-framework';
-import * as chalk from 'chalk';
+import chalk from 'chalk';
 import * as readline from 'readline';
 
 import { CommandLineInputs, CommandLineOptions, CommandMetadata, CommandPreRun } from '../definitions';
@@ -155,7 +155,7 @@ If you are having issues logging in, please get in touch with our Support[^suppo
   }
 
   async run(inputs: CommandLineInputs, options: CommandLineOptions): Promise<void> {
-    const [ email, password ] = inputs;
+    const [email, password] = inputs;
 
     if (email && password) {
       await this.logout();
@@ -182,7 +182,7 @@ If you are having issues logging in, please get in touch with our Support[^suppo
         await this.logout();
         await this.env.session.webLogin();
       } else {
-        return ;
+        return;
       }
 
     }

diff --git a/packages/@ionic/cli/src/commands/monitoring/syncmaps.ts b/packages/@ionic/cli/src/commands/monitoring/syncmaps.ts
@@ -1,6 +1,6 @@
 import { pathExists, readFile, readdirSafe } from '@ionic/utils-fs';
 import { columnar, prettyPath } from '@ionic/utils-terminal';
-import * as Debug from 'debug';
+import { debug as Debug } from 'debug';
 import * as path from 'path';
 
 import { APIResponseSuccess, CommandLineInputs, CommandLineOptions, CommandMetadata } from '../../definitions';
@@ -48,7 +48,7 @@ By default, ${input('ionic monitoring syncmaps')} will upload the sourcemap file
     const token = await this.env.session.getUserToken();
     const appflowId = await this.project.requireAppflowId();
 
-    const [ snapshotId ] = inputs;
+    const [snapshotId] = inputs;
     const doBuild = options.build ? true : false;
 
     const cordova = this.project.requireIntegration('cordova');