THREESCALE-11530: Update nanoid #3968
Conversation
jlledom
force-pushed
the
THREESCALE-11530-update-nanoid
branch
from
5697d50 to
83dfa1c
Compare
jlledom
force-pushed
the
THREESCALE-11530-update-nanoid
branch
from
83dfa1c to
84618d1
Compare
| @@ -1,7 +1,11 @@ | |||
| import Form from 'react-jsonschema-form' | |||
| import Form from '@rjsf/core' | |||
| import { customizeValidator } from '@rjsf/validator-ajv6' | |||
There was a problem hiding this comment.
Here we use validator v6, last version is v8 but we can't use it because our Apicast policies are not valid according to v8 validator.
This comment explains the problem: ajv-validator/ajv#1426 (comment)
And this is how our policies are invalid, for instance, take a look at 3.15.0/policies.json: https://github.com/3scale/APIcast/blob/master/doc/policies_list/3.15.0/policies.json
Our policy url_rewriting defines #/definitions/methods here:
And this definition is included twice in the same policy, here:
https://github.com/3scale/APIcast/blob/a63be976ce7974c3464ee74f6e2d89f32207004a/doc/policies_list/3.15.0/policies.json#L2378
https://github.com/3scale/APIcast/blob/a63be976ce7974c3464ee74f6e2d89f32207004a/doc/policies_list/3.15.0/policies.json#L2318
Due to that, the field "$id": "#/definitions/methods" is included twice in the policy. This is accepted by the v6 validator but not by v8.
There are more policies that are considered invalid now, for instance keycloak_role_check is also invalid.
I attach a couple of screenshots that show what happens when using the last validator:
| '\\.(css|less|sass|scss)$': '<rootDir>/spec/javascripts/__mocks__/styleMock.js', | ||
| '\\.(gif|ttf|eot)$': '<rootDir>/spec/javascripts/__mocks__/fileMock.js' | ||
| '\\.(gif|ttf|eot)$': '<rootDir>/spec/javascripts/__mocks__/fileMock.js', | ||
| 'nanoid': '<rootDir>/node_modules/nanoid/index.browser.cjs' |
There was a problem hiding this comment.
I don't know what is this and why it works, but it solved this Jest problem: https://app.circleci.com/pipelines/github/3scale/porta/30520/workflows/820ae665-4abd-41aa-a035-1127ff99bba8/jobs/342079
I took the solution from here: rjsf-team/react-jsonschema-form#3484 (comment)
- nanoid 3.3.8 - remove react-jsonschema-form - add @rjsf/core 5.24.1 and pals
jlledom
force-pushed
the
THREESCALE-11530-update-nanoid
branch
from
5d7c05b to
331dfde
Compare
2 participants
What this PR does / why we need it:
Update
nanoidto 3.3.8 to fix a CVE.In order to update it, we also have to update
react-jsonschema-form@1.8.1to@rjsf/core@5.24.1I had to solve some breaking changes but it's working now. One problem I found is our JSONSchema policies from Apicast are not valid if we use the last version of the validator, so I had to use a deprecated version. I explain this better here: #3968 (comment).
Which issue(s) this PR fixes
https://issues.redhat.com/browse/THREESCALE-11530
Verification steps
The policies screen should work properly