Merge pull request #572 from nexryai/devel

v12.23Q4.7
nexryai · Dec 28, 2023 · ad1c220 · ad1c220
2 parents caa3f84 + e1d9a04
commit ad1c220
Show file tree

Hide file tree

Showing 20 changed files with 363 additions and 449 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,18 @@
+## 12.23Q4.7
+ - Security: Update multer to 1.4.5-lts.1 and fix CVE-2022-24434 ("Crash in HeaderParser in dicer") alert
+ - Fix: エラー発生時にバックエンドの情報が漏洩する問題を修正
+ - Client: ダイアログのUIを調整
+ - Client: 各種ページのアイコンの調整
+ - Client: refactor and improve mute-block setting ui
+ - Client: セキュリティキーのサポートを一旦廃止
+   * 新たな登録ができなくなります
+ - Client: admin/security で設定状況を視覚的にわかりやすく
+ - 依存関係の更新
+
+### Note
+個人的な事情により、恐らくこのバージョンかこの次のバージョンをリリースしたあと2月中旬〜下旬頃まで脆弱性の修正やPRのマージを除きしばらくリリースはできません。
+AiScriptのバグもしばらく修正できる見込みがありません。ご迷惑をおかけしますがよろしくお願いします。
+
 ## 12.23Q4.6
  - 12.23Q4.5でのHotfixの修正漏れ箇所の修正
  - Fix (Client): ti-question-circle >> ti-help

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "nexkey",
-	"version": "12.23Q4.6",
+	"version": "12.23Q4.7",
 	"codename": "chirigiku",
 	"repository": {
 		"type": "git",
@@ -44,7 +44,7 @@
 		"@types/gulp-rename": "2.0.6",
 		"@typescript-eslint/parser": "6.16.0",
 		"cross-env": "7.0.3",
-		"cypress": "13.6.1",
+		"cypress": "13.6.2",
 		"start-server-and-test": "2.0.3",
 		"typescript": "5.3.3"
 	}

diff --git a/packages/backend/package.json b/packages/backend/package.json
@@ -14,7 +14,6 @@
 		"chokidar": "^3.3.1",
 		"lodash": "^4.17.21"
 	},
-	"overrides": { "multer": { "busboy": "1.6.0" } },
 	"dependencies": {
 		"@bull-board/koa": "5.10.2",
 		"@devmehq/email-validator-js": "1.0.19",
@@ -36,7 +35,7 @@
 		"aws-sdk": "2.1525.0",
 		"bcryptjs": "2.4.3",
 		"blurhash": "2.0.5",
-		"bull": "4.11.4",
+		"bull": "4.12.0",
 		"cacheable-lookup": "7.0.0",
 		"cbor": "9.0.1",
 		"chalk": "5.3.0",
@@ -71,12 +70,12 @@
 		"koa-send": "5.0.1",
 		"koa-slow": "2.1.0",
 		"koa-views": "8.1.0",
-		"mfm-js": "0.23.3",
+		"mfm-js": "0.24.0",
 		"mime-types": "2.1.35",
 		"misskey-js": "0.0.14",
 		"mocha": "10.2.0",
 		"ms": "3.0.0-canary.1",
-		"multer": "1.4.4",
+		"multer": "1.4.5-lts.1",
 		"nested-property": "4.0.0",
 		"node-fetch": "3.3.2",
 		"nodemailer": "6.9.7",
@@ -107,7 +106,7 @@
 		"strict-event-emitter-types": "2.0.0",
 		"stringz": "2.1.0",
 		"syslog-pro": "1.0.0",
-		"systeminformation": "5.21.20",
+		"systeminformation": "5.21.22",
 		"tinycolor2": "1.6.0",
 		"tmp": "0.2.1",
 		"ts-loader": "9.5.1",
@@ -120,7 +119,7 @@
 		"uuid": "9.0.1",
 		"web-push": "3.6.6",
 		"websocket": "1.0.34",
-		"ws": "8.14.2",
+		"ws": "8.16.0",
 		"xev": "3.0.2"
 	},
 	"devDependencies": {
@@ -134,7 +133,7 @@
 		"@types/jsdom": "20.0.0",
 		"@types/jsonld": "1.5.13",
 		"@types/jsrsasign": "10.5.12",
-		"@types/koa": "2.13.11",
+		"@types/koa": "2.13.12",
 		"@types/koa-bodyparser": "4.3.12",
 		"@types/koa-cors": "0.0.3",
 		"@types/koa-favicon": "2.1.3",
@@ -160,18 +159,18 @@
 		"@types/sanitize-html": "2.9.5",
 		"@types/sharp": "0.32.0",
 		"@types/sinonjs__fake-timers": "8.1.2",
-		"@types/speakeasy": "2.0.9",
+		"@types/speakeasy": "2.0.10",
 		"@types/tinycolor2": "1.4.5",
 		"@types/tmp": "0.2.6",
 		"@types/uuid": "9.0.7",
 		"@types/web-push": "3.6.3",
 		"@types/websocket": "1.0.8",
-		"@types/ws": "8.5.9",
+		"@types/ws": "8.5.10",
 		"@typescript-eslint/eslint-plugin": "5.62.0",
 		"@typescript-eslint/parser": "5.62.0",
 		"cross-env": "7.0.3",
 		"eslint": "8.54.0",
-		"eslint-plugin-import": "2.29.0",
+		"eslint-plugin-import": "2.29.1",
 		"execa": "8.0.1",
 		"typescript": "5.2.2"
 	}

diff --git a/packages/backend/src/server/api/call.ts b/packages/backend/src/server/api/call.ts
@@ -1,4 +1,5 @@
 import { performance } from "perf_hooks";
+import { v4 as uuid } from "uuid";
 import Koa from "koa";
 import { CacheableLocalUser, User } from "@/models/entities/user.js";
 import { AccessToken } from "@/models/entities/access-token.js";
@@ -128,20 +129,20 @@ export default async (endpoint: string, user: CacheableLocalUser | null | undefi
         if (e instanceof ApiError) {
             throw e;
         } else {
-            apiLogger.error(`Internal error occurred in ${ep.name}: ${e.message}`, {
+            const errId = uuid();
+            apiLogger.error(`Internal error occurred in ${ep.name}: ${e.message} (Event ID: ${errId})`, {
                 ep: ep.name,
                 ps: data,
                 e: {
                     message: e.message,
-                    code: e.name,
                     stack: e.stack,
+                    code: e.name,
                 },
             });
             throw new ApiError(null, {
                 e: {
-                    message: e.message,
+                    message: `System error. Event ID is ${errId}`,
                     code: e.name,
-                    stack: e.stack,
                 },
             });
         }