Fix potential security vulnerabilities (#14313)

* upgrade dependencies

lodash to 4.17.15
angularJS to v1.6.10

Signed-off-by: Oleksii Kurinnyi <okurinny@redhat.com>

* fix unit tests

Signed-off-by: Oleksii Kurinnyi <okurinny@redhat.com>

* fix tests for Che Multiuser

Signed-off-by: Oleksii Kurinnyi <okurinny@redhat.com>

* restore dialogs controllers initialization

* fixup! fix tests for Che Multiuser

package.json

@@ -8,7 +8,7 @@
   "license": "EPL-1.0",
   "devDependencies": {
     "angular-bootstrap": "^0.12.2",
-    "angular-mocks": "1.4.8",
+    "angular-mocks": "1.6.10",
     "awesome-typescript-loader": "^1.1.1",
     "babel-core": "^6.4.5",
     "babel-loader": "^6.2.1",
@@ -62,7 +62,7 @@
     "karma-ng-html2js-preprocessor": "~0.1.2",
     "karma-phantomjs-launcher": "~1.0.4",
     "karma-webpack": "^2.0.9",
-    "lodash": "4.17.11",
+    "lodash": "4.17.15",
     "merge-stream": "^1.0.1",
     "minimist": "^1.2.0",
     "ng-annotate-loader": "^0.6.1",
@@ -96,20 +96,20 @@
     "test": "gulp test"
   },
   "dependencies": {
-    "angular": "1.4.8",
-    "angular-animate": "1.4.8",
-    "angular-aria": "1.4.8",
-    "angular-cookies": "1.4.8",
+    "angular": "1.6.10",
+    "angular-animate": "1.6.10",
+    "angular-aria": "1.6.10",
+    "angular-cookies": "1.6.10",
     "angular-file-upload": "2.0.0",
     "angular-filter": "0.5.4",
     "angular-gravatar": "0.2.4",
     "angular-material": "1.0.1",
-    "angular-messages": "1.4.8",
+    "angular-messages": "1.6.10",
     "angular-moment": "0.9.0",
-    "angular-resource": "1.4.8",
-    "angular-route": "1.4.8",
-    "angular-sanitize": "1.4.8",
-    "angular-touch": "1.4.8",
+    "angular-resource": "1.6.10",
+    "angular-route": "1.6.10",
+    "angular-sanitize": "1.6.10",
+    "angular-touch": "1.6.10",
     "angular-ui-bootstrap": "1.1.2",
     "angular-uuid4": "0.3.1",
     "angular-websocket": "1.0.9",

src/app/admin/user-management/add-user/add-user.controller.ts

@@ -66,6 +66,11 @@ export class AdminsAddUserController {
     });
   }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
+  }
+
   /**
    * Callback of the cancel button of the dialog.
    */

src/app/admin/user-management/user-details/user-details.controller.ts

@@ -129,6 +129,11 @@ export class AdminUserDetailsController {
     this.updateData();
   }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
+  }
+
   /**
    * Update user's data.
    */

src/app/admin/user-management/user-management.controller.ts

@@ -100,6 +100,11 @@ export class AdminsUserManagementCtrl {
     this.pagesInfo = this.cheUser.getPagesInfo();
   }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
+  }
+
   /**
    * Callback when name is changed.
    *

src/app/administration/docker-registry/docker-registry-list/docker-registry-list.controller.ts

@@ -65,7 +65,9 @@ export class DockerRegistryListController {
     $scope.$on('$destroy', () => {
       cheListHelperFactory.removeHelper(helperId);
     });
+  }
 
+  $onInit(): void {
     this.getRegistries();
   }
 

src/app/administration/docker-registry/docker-registry-list/edit-registry/edit-registry.controller.ts

@@ -43,6 +43,11 @@ export class EditRegistryController {
     }
   }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
+  }
+
   /**
    * It will hide the dialog box.
    */

src/app/dashboard/last-workspaces/last-workspaces.controller.ts

@@ -34,7 +34,9 @@ export class DashboardLastWorkspacesController {
   constructor(cheWorkspace: CheWorkspace, cheNotification: CheNotification) {
     this.cheWorkspace = cheWorkspace;
     this.cheNotification = cheNotification;
+  }
 
+  $onInit(): void {
     this.loadData();
   }
 
@@ -48,7 +50,7 @@ export class DashboardLastWorkspacesController {
       this.isLoading = false;
       return;
     }
-    
+
     let promise = this.cheWorkspace.fetchWorkspaces();
 
     promise.then((result) => {

src/app/demo-components/demo-components.controller.ts

@@ -67,12 +67,6 @@ export class DemoComponentsController {
     this.$location = $location;
     this.cheNotification = cheNotification;
 
-    const tab = $location.search().tab;
-    if (Tab[tab]) {
-      this.selectedIndex = parseInt(Tab[tab], 10);
-    } else {
-      this.selectedIndex = Tab.Font;
-    }
     this.placement = {
       options: [
         'top',
@@ -105,6 +99,16 @@ export class DemoComponentsController {
         orderNumber: 1
       }]
     };
+  }
+
+  $onInit(): void {
+    const tab = this.$location.search().tab;
+    if (Tab[tab]) {
+      this.selectedIndex = parseInt(Tab[tab], 10);
+    } else {
+      this.selectedIndex = Tab.Font;
+    }
+
     this.init();
   }
 

src/app/factories/create-factory/action/factory-action-box.controller.ts

@@ -41,6 +41,8 @@ export class FactoryActionBoxController {
     this.selectedAction = this.actions[0].id;
   }
 
+  $onInit(): void { }
+
   /**
    * Edit the action based on the provided index
    * @param $event the mouse event

src/app/factories/create-factory/action/factory-action-edit.controller.ts

@@ -40,6 +40,11 @@ export class FactoryActionDialogEditController {
     this.isFile = angular.isDefined(this.selectedValue.file);
   }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
+  }
+
   /**
    * Callback of the edit button of the dialog.
    */

src/app/factories/create-factory/command/factory-command-edit.controller.ts

@@ -33,6 +33,11 @@ export class FactoryCommandDialogEditController {
     this.$mdDialog = $mdDialog;
   }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
+  }
+
   /**
    * Callback of the edit button of the dialog.
    */

src/app/factories/create-factory/command/factory-command.controller.ts

@@ -34,6 +34,8 @@ export class FactoryCommandController {
     this.$mdDialog = $mdDialog;
   }
 
+  $onInit(): void { }
+
   /**
    * User clicked on the add button to add a new command
    */

src/app/factories/create-factory/config-file-tab/factory-from-file.controller.ts

@@ -105,4 +105,6 @@ export class FactoryFromFileCtrl {
     this.factoryContent = null;
   }
 
+  $onInit(): void { }
+
 }

src/app/factories/create-factory/create-factory.controller.ts

@@ -96,6 +96,11 @@ export class CreateFactoryCtrl {
     });
   }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
+  }
+
   /**
    * Clear factory content
    */

src/app/factories/create-factory/git/create-factory-git.controller.ts

@@ -19,6 +19,6 @@
  */
 export class CreateFactoryGitController {
 
-
+  $onInit(): void { }
 
 }

src/app/factories/create-factory/template-tab/factory-from-template.controller.ts

@@ -40,7 +40,9 @@ export class FactoryFromTemplateController {
     this.isImporting = false;
     this.factoryContent = null;
     this.templateName = 'minimal';
+  }
 
+  $onInit(): void {
     this.updateFactoryContent();
   }
 

src/app/factories/create-factory/workspaces-tab/factory-from-workpsace.controller.ts

@@ -44,20 +44,21 @@ export class FactoryFromWorkspaceCtrl {
     this.cheNotification = cheNotification;
     this.workspacesService = workspacesService;
 
-    this.workspaces = cheAPI.getWorkspace().getWorkspaces().filter((workspace: che.IWorkspace) => {
-      return this.workspacesService.isSupported(workspace);
-    });
-    this.workspacesById = cheAPI.getWorkspace().getWorkspacesById();
-
     this.filtersWorkspaceSelected = {};
 
     this.workspaceFilter = {config: {name: ''}};
 
     this.isLoading = true;
+  }
 
-    // fetch workspaces when initializing
-    let promise = cheAPI.getWorkspace().fetchWorkspaces();
+  $onInit(): void {
+    this.workspaces = this.cheAPI.getWorkspace().getWorkspaces().filter((workspace: che.IWorkspace) => {
+      return this.workspacesService.isSupported(workspace);
+    });
+    this.workspacesById = this.cheAPI.getWorkspace().getWorkspacesById();
 
+    // fetch workspaces when initializing
+    let promise = this.cheAPI.getWorkspace().fetchWorkspaces();
     promise.then(() => {
         this.isLoading = false;
         this.updateData();
@@ -67,7 +68,6 @@ export class FactoryFromWorkspaceCtrl {
           this.updateData();
         }
       });
-
   }
 
   updateData(): void {

src/app/factories/factory-details/factory-details.controller.ts

@@ -43,6 +43,11 @@ export class FactoryDetailsController {
     });
   }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
+  }
+
   /**
    * Returns `true` if supported version of factory workspace.
    * @returns {boolean}

src/app/factories/factory-details/information-tab/factory-information/factory-information.controller.ts

@@ -32,6 +32,7 @@ export class FactoryInformationController {
   private $timeout: ng.ITimeoutService;
   private lodash: any;
   private $filter: ng.IFilterService;
+  private cheBranding: CheBranding;
 
   private timeoutPromise: ng.IPromise<any>;
   private editorLoadedPromise: ng.IPromise<any>;
@@ -73,7 +74,7 @@ export class FactoryInformationController {
     this.lodash = lodash;
     this.$filter = $filter;
     this.confirmDialogService = confirmDialogService;
-    this.factoryDocs = cheBranding.getDocs().factory;
+    this.cheBranding = cheBranding;
 
     this.timeoutPromise = null;
     $scope.$on('$destroy', () => {
@@ -97,14 +98,18 @@ export class FactoryInformationController {
 
     this.stackRecipeMode = 'current-recipe';
 
-    this.updateData();
     $scope.$watch(() => {
       return this.factory;
     }, () => {
       this.updateData();
     });
   }
 
+  $onInit(): void {
+    this.factoryDocs = this.cheBranding.getDocs().factory;
+    this.updateData();
+  }
+
   /**
    * Update factory content data for editor
    */

src/app/factories/last-factories/last-factories.controller.ts

@@ -35,14 +35,16 @@ export class LastFactoriesController {
   constructor(cheFactory: CheFactory) {
     this.cheFactory = cheFactory;
 
-    this.factories = this.cheFactory.getPageFactories();
-
     // TODO we should change to modificationDate after model's change
     this.factoriesOrderBy = '-creator.created';
     this.maxItems = 5;
+  }
+
+  $onInit(): void {
+    this.factories = this.cheFactory.getPageFactories();
 
     // TODO add OrderBy to condition in fetch API
-    let promise = this.cheFactory.fetchFactories(this.maxItems);
+    const promise = this.cheFactory.fetchFactories(this.maxItems);
 
     this.isLoading = true;
     promise.finally(() => {

src/app/factories/list-factories/factory-item/factory-item.controller.ts

@@ -44,6 +44,8 @@ export class FactoryItemController {
     this.loadFactoryService =  loadFactoryService;
   }
 
+  $onInit(): void { }
+
   /**
    * Returns `true` if supported version of factory workspace.
    * @returns {boolean}

src/app/factories/list-factories/list-factories.controller.ts

@@ -76,6 +76,11 @@ export class ListFactoriesController {
     this.pagesInfo = cheAPI.getFactory().getPagesInfo();
   }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
+  }
+
   /**
    * Provides actual list of factories to helper.
    */

src/app/factories/load-factory/load-factory.controller.ts

@@ -85,6 +85,11 @@ export class LoadFactoryController {
     this.getFactoryData();
   }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
+  }
+
   /**
    * Hides menu and footer to maximize view.
    */

src/app/ide/ide-iframe/ide-iframe.directive.ts

@@ -27,6 +27,8 @@ class IdeIframe  implements ng.IDirective {
     this.templateUrl = 'app/ide/ide-iframe/ide-iframe.html';
   }
 
+  $onInit(): void { }
+
 }
 
 export default IdeIframe;

src/app/ide/ide.controller.ts

@@ -115,7 +115,11 @@ class IdeCtrl {
         this.updateData();
       });
     }
+  }
 
+  $onInit(): void {
+    // this method won't be called here
+    // place all initialization code in constructor
   }
 
   /**