From 1d21586198c37a17bc59cc040bea878e7880d152 Mon Sep 17 00:00:00 2001 From: Stepan Kuzmin Date: Mon, 16 Jan 2023 19:05:28 +0200 Subject: [PATCH 1/3] Release v1.13.3 --- CHANGELOG.md | 6 ++++++ package.json | 4 ++-- yarn.lock | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f220c953db..169b05c90ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.13.3 + +### 🐞 Bug fixes + +* Upgrade minimist to ^1.2.7 to avoid [CVE-2021-44906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906) ([#12442](https://github.com/mapbox/mapbox-gl-js/issues/12442)) (h/t @Spasfonx) + ## 1.13.2 ### 🐞 Bug fixes diff --git a/package.json b/package.json index bcc587b8fb5..99e2e7f6203 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "mapbox-gl", "description": "A WebGL interactive maps library", - "version": "1.13.2", + "version": "1.13.3", "main": "dist/mapbox-gl.js", "style": "dist/mapbox-gl.css", "license": "SEE LICENSE IN LICENSE.txt", @@ -27,7 +27,6 @@ "geojson-vt": "^3.2.1", "gl-matrix": "^3.2.1", "grid-index": "^1.1.0", - "minimist": "^1.2.6", "murmurhash-js": "^1.0.0", "pbf": "^3.2.1", "potpack": "^1.0.1", @@ -76,6 +75,7 @@ "list-npm-contents": "^1.0.2", "lodash.template": "^4.5.0", "mapbox-gl-styles": "^2.0.2", + "minimist": "^1.2.7", "mock-geolocation": "^1.0.11", "node-notifier": "^5.4.3", "npm-font-open-sans": "^1.1.0", diff --git a/yarn.lock b/yarn.lock index 137ec7a54ce..36c59d1d26b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6973,7 +6973,7 @@ minimist@^1.1.0, minimist@^1.1.1, minimist@^1.1.3, minimist@^1.2.0, minimist@^1. resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602" integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw== -minimist@^1.2.6: +minimist@^1.2.6, minimist@^1.2.7: version "1.2.7" resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.7.tgz#daa1c4d91f507390437c6a8bc01078e7000c4d18" integrity sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g== From 03ab1410ad4a8f75522a96c736346d688e1d13d4 Mon Sep 17 00:00:00 2001 From: Stepan Kuzmin Date: Tue, 17 Jan 2023 13:06:35 +0200 Subject: [PATCH 2/3] Fix incorrect billing when customAccessToken is provided along with non-Mapbox tiles --- src/util/mapbox.js | 11 +++++------ test/unit/util/mapbox.test.js | 4 ++++ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/util/mapbox.js b/src/util/mapbox.js index aaced940736..665ac7b9690 100644 --- a/src/util/mapbox.js +++ b/src/util/mapbox.js @@ -385,14 +385,13 @@ export class MapLoadEvent extends TelemetryEvent { } postMapLoadEvent(tileUrls: Array, mapId: number, skuToken: string, customAccessToken: string) { - //Enabled only when Mapbox Access Token is set and a source uses - // mapbox tiles. this.skuToken = skuToken; - if (config.EVENTS_URL && - customAccessToken || config.ACCESS_TOKEN && - Array.isArray(tileUrls) && - tileUrls.some(url => isMapboxURL(url) || isMapboxHTTPURL(url))) { + const accessTokenIsSet = !!(customAccessToken || config.ACCESS_TOKEN); + const usesMapboxTiles = Array.isArray(tileUrls) && tileUrls.some(url => isMapboxURL(url) || isMapboxHTTPURL(url)); + + // Enabled only when Mapbox Access Token is set and a source uses mapbox tiles. + if (config.EVENTS_URL && accessTokenIsSet && usesMapboxTiles) { this.queueRequest({id: mapId, timestamp: Date.now()}, customAccessToken); } } diff --git a/test/unit/util/mapbox.test.js b/test/unit/util/mapbox.test.js index aebba256595..2e5bf99cfc8 100644 --- a/test/unit/util/mapbox.test.js +++ b/test/unit/util/mapbox.test.js @@ -750,6 +750,7 @@ test("mapbox", (t) => { t.end(); }); + t.test('MapLoadEvent', (t) => { let event; let turnstileEvent; @@ -792,8 +793,11 @@ test("mapbox", (t) => { t.test('does not POST when url does not point to mapbox.com', (t) => { event.postMapLoadEvent(nonMapboxTileURLs, 1, skuToken); + t.equal(window.server.requests.length, 0); + event.postMapLoadEvent(nonMapboxTileURLs, 1, skuToken, 'customAccessToken'); t.equal(window.server.requests.length, 0); + t.end(); }); From a221125ebd2408fd03f7ad6dbc89e3d1603d6fb1 Mon Sep 17 00:00:00 2001 From: Stepan Kuzmin Date: Tue, 17 Jan 2023 13:09:20 +0200 Subject: [PATCH 3/3] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 169b05c90ee..30b63ab2d45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ### 🐞 Bug fixes +* Fix incorrect billing when `customAccessToken` is provided along with non-Mapbox tiles ([#12520](https://github.com/mapbox/mapbox-gl-js/issues/12520)) * Upgrade minimist to ^1.2.7 to avoid [CVE-2021-44906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906) ([#12442](https://github.com/mapbox/mapbox-gl-js/issues/12442)) (h/t @Spasfonx) ## 1.13.2