Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependabot updates for week of 15 May 2023 #2160

Merged
merged 14 commits into from
May 15, 2023
Merged

Conversation

jmgrady
Copy link
Collaborator

@jmgrady jmgrady commented May 15, 2023

This change is Reviewable

dependabot bot and others added 12 commits May 14, 2023 12:57
Bumps [@matt-block/react-recaptcha-v2](https://github.com/matei-radu/react-recaptcha-v2) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/matei-radu/react-recaptcha-v2/releases)
- [Changelog](https://github.com/matei-radu/react-recaptcha-v2/blob/main/CHANGELOG.md)
- [Commits](matei-radu/react-recaptcha-v2@v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: "@matt-block/react-recaptcha-v2"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [@material-table/core](https://github.com/material-table-core/core) from 6.1.13 to 6.1.15.
- [Release notes](https://github.com/material-table-core/core/releases)
- [Changelog](https://github.com/material-table-core/core/blob/master/CHANGELOG.md)
- [Commits](material-table-core/core@v6.1.13...v6.1.15)

---
updated-dependencies:
- dependency-name: "@material-table/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [chart.js](https://github.com/chartjs/Chart.js) from 4.2.1 to 4.3.0.
- [Release notes](https://github.com/chartjs/Chart.js/releases)
- [Commits](chartjs/Chart.js@v4.2.1...v4.3.0)

---
updated-dependencies:
- dependency-name: chart.js
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [@types/validator](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/validator) from 13.7.16 to 13.7.17.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/validator)

---
updated-dependencies:
- dependency-name: "@types/validator"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
update to:
- bitnami/dotnet-sdk:6.0.408-debian-11-r11
- bitnami/aspnet-core:6.0.16-debian-11-r11
…-table/core-6.1.15' into dependabot-2023-05-15
…ck/react-recaptcha-v2-2.0.1' into dependabot-2023-05-15

# Conflicts:
#	package-lock.json
#	package.json
@jmgrady jmgrady added docker dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code .NET Pull requests that update .net code labels May 15, 2023
@jmgrady jmgrady requested a review from imnasnainaec May 15, 2023 13:25
@jmgrady jmgrady self-assigned this May 15, 2023
@jmgrady jmgrady marked this pull request as ready for review May 15, 2023 14:11
Copy link
Collaborator

@imnasnainaec imnasnainaec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 4 of 7 files at r2, all commit messages.
Reviewable status: 4 of 7 files reviewed, 1 unresolved discussion (waiting on @jmgrady)


Backend/BackendFramework.csproj line 23 at r2 (raw file):

    </PackageReference>
    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.16" />
    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.30.1" />

I cannot log in now:

fail: Microsoft.AspNetCore.Server.Kestrel[13]
      Connection id "0HMQLA2BQ4R38", Request id "0HMQLA2BQ4R38:00000004": An unhandled exception was thrown by the application.
      System.ArgumentOutOfRangeException: IDX10720: Unable to create KeyedHashAlgorithm for algorithm 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256', the key size must be greater than: '256' bits, key has '128' bits. (Parameter 'keyBytes')
         at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ValidateKeySize(Byte[] keyBytes, String algorithm, Int32 expectedNumberOfBytes)
         at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateKeyedHashAlgorithm(Byte[] keyBytes, String algorithm)
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.CreateKeyedHashAlgorithm()
         at Microsoft.IdentityModel.Tokens.DisposableObjectPool`1.Allocate()
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.GetKeyedHashAlgorithm(Byte[] keyBytes, String algorithm)
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Sign(Byte[] input)
         at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials)
         at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateJwtSecurityTokenPrivate(String issuer, String audience, ClaimsIdentity subject, Nullable`1 notBefore, Nullable`1 expires, Nullable`1 issuedAt, SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials, IDictionary`2 claimCollection, String tokenType, IDictionary`2 additionalHeaderClaims, IDictionary`2 additionalInnerHeaderClaims)
         at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateToken(SecurityTokenDescriptor tokenDescriptor)
         at BackendFramework.Services.PermissionService.MakeJwt(User user) in /Users/dror/sil/TheCombine/Backend/Services/PermissionService.cs:line 223
         at BackendFramework.Services.PermissionService.Authenticate(String username, String password) in /Users/dror/sil/TheCombine/Backend/Services/PermissionService.cs:line 183
         at BackendFramework.Controllers.UserController.Authenticate(Credentials cred) in /Users/dror/sil/TheCombine/Backend/Controllers/UserController.cs:line 107
         at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
         at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
         at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Watch.BrowserRefresh.BrowserRefreshMiddleware.InvokeAsync(HttpContext context)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

Copy link
Collaborator

@imnasnainaec imnasnainaec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 2 of 7 files at r2.
Reviewable status: 6 of 7 files reviewed, 2 unresolved discussions (waiting on @jmgrady)

a discussion (no related file):
Does the backend license report not need updating?



Backend/BackendFramework.csproj line 23 at r2 (raw file):

Previously, imnasnainaec (D. Ror.) wrote…

I cannot log in now:

fail: Microsoft.AspNetCore.Server.Kestrel[13]
      Connection id "0HMQLA2BQ4R38", Request id "0HMQLA2BQ4R38:00000004": An unhandled exception was thrown by the application.
      System.ArgumentOutOfRangeException: IDX10720: Unable to create KeyedHashAlgorithm for algorithm 'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256', the key size must be greater than: '256' bits, key has '128' bits. (Parameter 'keyBytes')
         at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.ValidateKeySize(Byte[] keyBytes, String algorithm, Int32 expectedNumberOfBytes)
         at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateKeyedHashAlgorithm(Byte[] keyBytes, String algorithm)
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.CreateKeyedHashAlgorithm()
         at Microsoft.IdentityModel.Tokens.DisposableObjectPool`1.Allocate()
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.GetKeyedHashAlgorithm(Byte[] keyBytes, String algorithm)
         at Microsoft.IdentityModel.Tokens.SymmetricSignatureProvider.Sign(Byte[] input)
         at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials)
         at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateJwtSecurityTokenPrivate(String issuer, String audience, ClaimsIdentity subject, Nullable`1 notBefore, Nullable`1 expires, Nullable`1 issuedAt, SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials, IDictionary`2 claimCollection, String tokenType, IDictionary`2 additionalHeaderClaims, IDictionary`2 additionalInnerHeaderClaims)
         at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateToken(SecurityTokenDescriptor tokenDescriptor)
         at BackendFramework.Services.PermissionService.MakeJwt(User user) in /Users/dror/sil/TheCombine/Backend/Services/PermissionService.cs:line 223
         at BackendFramework.Services.PermissionService.Authenticate(String username, String password) in /Users/dror/sil/TheCombine/Backend/Services/PermissionService.cs:line 183
         at BackendFramework.Controllers.UserController.Authenticate(Credentials cred) in /Users/dror/sil/TheCombine/Backend/Controllers/UserController.cs:line 107
         at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
         at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
         at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Watch.BrowserRefresh.BrowserRefreshMiddleware.InvokeAsync(HttpContext context)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

The README needs "Set the environment variable COMBINE_JWT_SECRET_KEY to a string containing at least 16 characters, such as" updated to say "at least 32".

Copy link
Collaborator Author

@jmgrady jmgrady left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 6 of 7 files reviewed, 2 unresolved discussions (waiting on @imnasnainaec)


Backend/BackendFramework.csproj line 23 at r2 (raw file):

Previously, imnasnainaec (D. Ror.) wrote…

The README needs "Set the environment variable COMBINE_JWT_SECRET_KEY to a string containing at least 16 characters, such as" updated to say "at least 32".

Done.

@codecov-commenter
Copy link

codecov-commenter commented May 15, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (ca31782) 49.52% compared to head (07354d1) 49.52%.

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #2160   +/-   ##
=======================================
  Coverage   49.52%   49.52%           
=======================================
  Files         294      294           
  Lines        9493     9493           
  Branches      694      694           
=======================================
  Hits         4701     4701           
  Misses       4237     4237           
  Partials      555      555           
Flag Coverage Δ
backend 72.08% <ø> (ø)
frontend 33.43% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

Copy link
Collaborator

@imnasnainaec imnasnainaec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 7 files at r2, 1 of 1 files at r4, all commit messages.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved (waiting on @jmgrady)

@jmgrady jmgrady merged commit cb7393b into master May 15, 2023
@jmgrady jmgrady deleted the dependabot-2023-05-15 branch May 15, 2023 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file docker javascript Pull requests that update Javascript code .NET Pull requests that update .net code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants