From 3f9439f85284fa17d806e59ae7da65aa774eb5d4 Mon Sep 17 00:00:00 2001 From: Douglas Anderson <hockeybuggy@gmail.com> Date: Thu, 17 Oct 2024 16:51:38 -0300 Subject: [PATCH] Use libxml2-wasm Trying to use this to resolve the vuln. Closes: #2158 --- package.json | 2 +- prebuild_tests/sitemap.test.ts | 43 +++--- yarn.lock | 246 ++------------------------------- 3 files changed, 36 insertions(+), 255 deletions(-) diff --git a/package.json b/package.json index 982abe16f..4bcd59e6c 100644 --- a/package.json +++ b/package.json @@ -60,7 +60,7 @@ "eslint-plugin-react": "^7.37.1", "jest": "^29.7.0", "jest-puppeteer": "^10.1.2", - "libxmljs": "^1.0.11", + "libxml2-wasm": "^0.4.1", "prettier": "^3.2.5", "puppeteer": "^23.6.0", "sass": "^1.71.1", diff --git a/prebuild_tests/sitemap.test.ts b/prebuild_tests/sitemap.test.ts index 66f30767b..758d3efea 100644 --- a/prebuild_tests/sitemap.test.ts +++ b/prebuild_tests/sitemap.test.ts @@ -1,24 +1,22 @@ -import { open } from "node:fs/promises"; -import type { XMLDocument } from "libxmljs"; -import { parseXmlAsync } from "libxmljs"; +import fs from "node:fs"; +import { XmlDocument } from "libxml2-wasm"; async function loadSitemap() { - const file = await open("./public/sitemap.xml"); - - const document = parseXmlAsync(await file.readFile()); + const document = XmlDocument.fromString( + fs.readFileSync("./public/sitemap.xml").toString() + ); return document; } -function extractUrlsFromSitemap(sitemap: XMLDocument) { +function extractUrlsFromSitemap(sitemap: XmlDocument) { const urlElements = sitemap.find("*"); const urls = urlElements.map((ele) => { - // const name = ele.find("*")[0].childNodes()[0].text(); const children = ele.find("*"); - const name = children[0].childNodes()[0].text(); + const name = children[0].find("*")[0].content; let lastmod = null; if (children.length > 1) { - lastmod = children[1].childNodes()[0].text(); + lastmod = children[1].find("*")[0].content; } return { name, lastmod }; }); @@ -29,16 +27,20 @@ function extractUrlsFromSitemap(sitemap: XMLDocument) { describe("Sitemap", () => { it("should have a version and encoding", async () => { const subject = await loadSitemap(); - expect(subject.version()).toEqual("1.0"); - expect(subject.encoding()).toEqual("UTF-8"); + expect(subject.get("version")).toEqual("1.0"); + expect(subject.get("encoding")).toEqual("UTF-8"); + + subject.dispose(); }); it("should have a schema listed", async () => { const subject = await loadSitemap(); - const urlsetNode = subject.root()!; - expect(urlsetNode!.namespace()!.href()).toEqual( - "http://www.sitemaps.org/schemas/sitemap/0.9", + const urlsetNode = subject.root!; + expect(urlsetNode!.namespaceUri).toEqual( + "http://www.sitemaps.org/schemas/sitemap/0.9" ); + + subject.dispose(); }); it("should have pages for the index", async () => { @@ -48,6 +50,8 @@ describe("Sitemap", () => { const urlNames = urls.map((url) => url.name); // index page expect(urlNames).toContain("https://hockeybuggy.com"); + + subject.dispose(); }); it("should have pages for the blog", async () => { @@ -64,7 +68,7 @@ describe("Sitemap", () => { expect(blogPosts.length).toBeGreaterThan(10); // All the blog posts have a lastmod date expect( - blogPosts.map((post) => post.lastmod).every((post) => post !== null), + blogPosts.map((post) => post.lastmod).every((post) => post !== null) ).toBe(true); // tags pages @@ -78,10 +82,12 @@ describe("Sitemap", () => { expect(urlNames).toContain("https://hockeybuggy.com/blog/categories"); const blogCategoriesPattern = /\/blog\/categories/; const blogCategoriesPages = urls.filter((url) => - blogCategoriesPattern.test(url.name), + blogCategoriesPattern.test(url.name) ); // There are category pages. 4 is an arbitary number. expect(blogCategoriesPages.length).toBeGreaterThan(4); + + subject.dispose(); }); it("should have pages for the project", async () => { @@ -94,9 +100,10 @@ describe("Sitemap", () => { const projectPagePattern = /\/project\/\w*/; const projectPages = urls.filter((url) => - projectPagePattern.test(url.name), + projectPagePattern.test(url.name) ); // There are post pages. 5 is an arbitary number. expect(projectPages.length).toBeGreaterThan(5); + subject.dispose(); }); }); diff --git a/yarn.lock b/yarn.lock index 5226b0d36..bb4f27d34 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1061,25 +1061,6 @@ __metadata: languageName: node linkType: hard -"@mapbox/node-pre-gyp@npm:^1.0.9": - version: 1.0.11 - resolution: "@mapbox/node-pre-gyp@npm:1.0.11" - dependencies: - detect-libc: "npm:^2.0.0" - https-proxy-agent: "npm:^5.0.0" - make-dir: "npm:^3.1.0" - node-fetch: "npm:^2.6.7" - nopt: "npm:^5.0.0" - npmlog: "npm:^5.0.1" - rimraf: "npm:^3.0.2" - semver: "npm:^7.3.5" - tar: "npm:^6.1.11" - bin: - node-pre-gyp: bin/node-pre-gyp - checksum: 10c0/2b24b93c31beca1c91336fa3b3769fda98e202fb7f9771f0f4062588d36dcc30fcf8118c36aa747fa7f7610d8cf601872bdaaf62ce7822bb08b545d1bbe086cc - languageName: node - linkType: hard - "@next/env@npm:14.2.15": version: 14.2.15 resolution: "@next/env@npm:14.2.15" @@ -1856,13 +1837,6 @@ __metadata: languageName: node linkType: hard -"abbrev@npm:1": - version: 1.1.1 - resolution: "abbrev@npm:1.1.1" - checksum: 10c0/3f762677702acb24f65e813070e306c61fafe25d4b2583f9dfc935131f774863f3addd5741572ed576bd69cabe473c5af18e1e108b829cb7b6b4747884f726e6 - languageName: node - linkType: hard - "abbrev@npm:^2.0.0": version: 2.0.0 resolution: "abbrev@npm:2.0.0" @@ -1904,15 +1878,6 @@ __metadata: languageName: node linkType: hard -"agent-base@npm:6": - version: 6.0.2 - resolution: "agent-base@npm:6.0.2" - dependencies: - debug: "npm:4" - checksum: 10c0/dc4f757e40b5f3e3d674bc9beb4f1048f4ee83af189bae39be99f57bf1f48dde166a8b0a5342a84b5944ee8e6ed1e5a9d801858f4ad44764e84957122fe46261 - languageName: node - linkType: hard - "agent-base@npm:^7.0.2, agent-base@npm:^7.1.0, agent-base@npm:^7.1.1": version: 7.1.1 resolution: "agent-base@npm:7.1.1" @@ -2009,23 +1974,6 @@ __metadata: languageName: node linkType: hard -"aproba@npm:^1.0.3 || ^2.0.0": - version: 2.0.0 - resolution: "aproba@npm:2.0.0" - checksum: 10c0/d06e26384a8f6245d8c8896e138c0388824e259a329e0c9f196b4fa533c82502a6fd449586e3604950a0c42921832a458bb3aa0aa9f0ba449cfd4f50fd0d09b5 - languageName: node - linkType: hard - -"are-we-there-yet@npm:^2.0.0": - version: 2.0.0 - resolution: "are-we-there-yet@npm:2.0.0" - dependencies: - delegates: "npm:^1.0.0" - readable-stream: "npm:^3.6.0" - checksum: 10c0/375f753c10329153c8d66dc95e8f8b6c7cc2aa66e05cb0960bd69092b10dae22900cacc7d653ad11d26b3ecbdbfe1e8bfb6ccf0265ba8077a7d979970f16b99c - languageName: node - linkType: hard - "arg@npm:^4.1.0": version: 4.1.3 resolution: "arg@npm:4.1.3" @@ -2364,13 +2312,6 @@ __metadata: languageName: node linkType: hard -"bindings@npm:~1.3.0": - version: 1.3.1 - resolution: "bindings@npm:1.3.1" - checksum: 10c0/6820d8e88fe12ab45ce0e7d17807b0490481311cfe5ff29a7005c38196d51e62cf773df609c850825ae37bf8385a4f8e6ccd69274c72afef261a6ebfeb3758e7 - languageName: node - linkType: hard - "blurhash@npm:1.1.5": version: 1.1.5 resolution: "blurhash@npm:1.1.5" @@ -2698,15 +2639,6 @@ __metadata: languageName: node linkType: hard -"color-support@npm:^1.1.2": - version: 1.1.3 - resolution: "color-support@npm:1.1.3" - bin: - color-support: bin.js - checksum: 10c0/8ffeaa270a784dc382f62d9be0a98581db43e11eee301af14734a6d089bd456478b1a8b3e7db7ca7dc5b18a75f828f775c44074020b51c05fc00e6d0992b1cc6 - languageName: node - linkType: hard - "color@npm:^4.2.3": version: 4.2.3 resolution: "color@npm:4.2.3" @@ -2740,13 +2672,6 @@ __metadata: languageName: node linkType: hard -"console-control-strings@npm:^1.0.0, console-control-strings@npm:^1.1.0": - version: 1.1.0 - resolution: "console-control-strings@npm:1.1.0" - checksum: 10c0/7ab51d30b52d461412cd467721bb82afe695da78fff8f29fe6f6b9cbaac9a2328e27a22a966014df9532100f6dd85370460be8130b9c677891ba36d96a343f50 - languageName: node - linkType: hard - "convert-source-map@npm:^2.0.0": version: 2.0.0 resolution: "convert-source-map@npm:2.0.0" @@ -3005,13 +2930,6 @@ __metadata: languageName: node linkType: hard -"delegates@npm:^1.0.0": - version: 1.0.0 - resolution: "delegates@npm:1.0.0" - checksum: 10c0/ba05874b91148e1db4bf254750c042bf2215febd23a6d3cda2e64896aef79745fbd4b9996488bd3cafb39ce19dbce0fd6e3b6665275638befffe1c9b312b91b5 - languageName: node - linkType: hard - "detect-libc@npm:^1.0.3": version: 1.0.3 resolution: "detect-libc@npm:1.0.3" @@ -3021,7 +2939,7 @@ __metadata: languageName: node linkType: hard -"detect-libc@npm:^2.0.0, detect-libc@npm:^2.0.3": +"detect-libc@npm:^2.0.3": version: 2.0.3 resolution: "detect-libc@npm:2.0.3" checksum: 10c0/88095bda8f90220c95f162bf92cad70bd0e424913e655c20578600e35b91edc261af27531cf160a331e185c0ced93944bc7e09939143225f56312d7fd800fdb7 @@ -3973,23 +3891,6 @@ __metadata: languageName: node linkType: hard -"gauge@npm:^3.0.0": - version: 3.0.2 - resolution: "gauge@npm:3.0.2" - dependencies: - aproba: "npm:^1.0.3 || ^2.0.0" - color-support: "npm:^1.1.2" - console-control-strings: "npm:^1.0.0" - has-unicode: "npm:^2.0.1" - object-assign: "npm:^4.1.1" - signal-exit: "npm:^3.0.0" - string-width: "npm:^4.2.3" - strip-ansi: "npm:^6.0.1" - wide-align: "npm:^1.1.2" - checksum: 10c0/75230ccaf216471e31025c7d5fcea1629596ca20792de50c596eb18ffb14d8404f927cd55535aab2eeecd18d1e11bd6f23ec3c2e9878d2dda1dc74bccc34b913 - languageName: node - linkType: hard - "gensync@npm:^1.0.0-beta.2": version: 1.0.0-beta.2 resolution: "gensync@npm:1.0.0-beta.2" @@ -4261,13 +4162,6 @@ __metadata: languageName: node linkType: hard -"has-unicode@npm:^2.0.1": - version: 2.0.1 - resolution: "has-unicode@npm:2.0.1" - checksum: 10c0/ebdb2f4895c26bb08a8a100b62d362e49b2190bcfd84b76bc4be1a3bd4d254ec52d0dd9f2fbcc093fc5eb878b20c52146f9dfd33e2686ed28982187be593b47c - languageName: node - linkType: hard - "hasown@npm:^2.0.0, hasown@npm:^2.0.1, hasown@npm:^2.0.2": version: 2.0.2 resolution: "hasown@npm:2.0.2" @@ -4306,7 +4200,7 @@ __metadata: gray-matter: "npm:^4.0.3" jest: "npm:^29.7.0" jest-puppeteer: "npm:^10.1.2" - libxmljs: "npm:^1.0.11" + libxml2-wasm: "npm:^0.4.1" lodash: "npm:^4.17.21" markdown-it: "npm:^14.1.0" markdown-it-anchor: "npm:^8.6.7" @@ -4362,16 +4256,6 @@ __metadata: languageName: node linkType: hard -"https-proxy-agent@npm:^5.0.0": - version: 5.0.1 - resolution: "https-proxy-agent@npm:5.0.1" - dependencies: - agent-base: "npm:6" - debug: "npm:4" - checksum: 10c0/6dd639f03434003577c62b27cafdb864784ef19b2de430d8ae2a1d45e31c4fd60719e5637b44db1a88a046934307da7089e03d6089ec3ddacc1189d8de8897d1 - languageName: node - linkType: hard - "https-proxy-agent@npm:^7.0.1, https-proxy-agent@npm:^7.0.3, https-proxy-agent@npm:^7.0.5": version: 7.0.5 resolution: "https-proxy-agent@npm:7.0.5" @@ -4476,7 +4360,7 @@ __metadata: languageName: node linkType: hard -"inherits@npm:2, inherits@npm:^2.0.3, inherits@npm:~2.0.3": +"inherits@npm:2, inherits@npm:~2.0.3": version: 2.0.4 resolution: "inherits@npm:2.0.4" checksum: 10c0/4e531f648b29039fb7426fb94075e6545faa1eb9fe83c29f0b6d9e7263aceb4289d2d4557db0d428188eeb449cc7c5e77b0a0b2c4e248ff2a65933a0dee49ef2 @@ -5636,15 +5520,10 @@ __metadata: languageName: node linkType: hard -"libxmljs@npm:^1.0.11": - version: 1.0.11 - resolution: "libxmljs@npm:1.0.11" - dependencies: - "@mapbox/node-pre-gyp": "npm:^1.0.9" - bindings: "npm:~1.3.0" - nan: "npm:^2.17.0" - node-gyp: "npm:latest" - checksum: 10c0/465a84d1df4463696a371214c3fddc3d48ee8a090adfc39aa46fb2905c3498871a892fe70ad8a1a97148ddb043f81f99ef97f5dac699c7c87077f05278b1fc32 +"libxml2-wasm@npm:^0.4.1": + version: 0.4.1 + resolution: "libxml2-wasm@npm:0.4.1" + checksum: 10c0/4e646b7349d332f494ef62513e16b5ed468887a1bdae30b9ff1a87465785d8c3535bcf1accd67fece9c0f357c28168a5b42297334ec010de8feadca963237bc6 languageName: node linkType: hard @@ -5737,15 +5616,6 @@ __metadata: languageName: node linkType: hard -"make-dir@npm:^3.1.0": - version: 3.1.0 - resolution: "make-dir@npm:3.1.0" - dependencies: - semver: "npm:^6.0.0" - checksum: 10c0/56aaafefc49c2dfef02c5c95f9b196c4eb6988040cf2c712185c7fe5c99b4091591a7fc4d4eafaaefa70ff763a26f6ab8c3ff60b9e75ea19876f49b18667ecaa - languageName: node - linkType: hard - "make-dir@npm:^4.0.0": version: 4.0.0 resolution: "make-dir@npm:4.0.0" @@ -6021,15 +5891,6 @@ __metadata: languageName: node linkType: hard -"nan@npm:^2.17.0": - version: 2.22.0 - resolution: "nan@npm:2.22.0" - dependencies: - node-gyp: "npm:latest" - checksum: 10c0/d5d31aefdb218deba308d44867c5f432b4d3aabeb57c70a2b236d62652e9fee7044e5d5afd380d9fef022fe7ebb2f2d6c85ca3cbcac5031aaca3592c844526bb - languageName: node - linkType: hard - "nanoid@npm:^3.3.6": version: 3.3.7 resolution: "nanoid@npm:3.3.7" @@ -6150,20 +6011,6 @@ __metadata: languageName: node linkType: hard -"node-fetch@npm:^2.6.7": - version: 2.7.0 - resolution: "node-fetch@npm:2.7.0" - dependencies: - whatwg-url: "npm:^5.0.0" - peerDependencies: - encoding: ^0.1.0 - peerDependenciesMeta: - encoding: - optional: true - checksum: 10c0/b55786b6028208e6fbe594ccccc213cab67a72899c9234eb59dba51062a299ea853210fcf526998eaa2867b0963ad72338824450905679ff0fa304b8c5093ae8 - languageName: node - linkType: hard - "node-gyp@npm:latest": version: 10.2.0 resolution: "node-gyp@npm:10.2.0" @@ -6198,17 +6045,6 @@ __metadata: languageName: node linkType: hard -"nopt@npm:^5.0.0": - version: 5.0.0 - resolution: "nopt@npm:5.0.0" - dependencies: - abbrev: "npm:1" - bin: - nopt: bin/nopt.js - checksum: 10c0/fc5c4f07155cb455bf5fc3dd149fac421c1a40fd83c6bfe83aa82b52f02c17c5e88301321318adaa27611c8a6811423d51d29deaceab5fa158b585a61a551061 - languageName: node - linkType: hard - "nopt@npm:^7.0.0": version: 7.2.1 resolution: "nopt@npm:7.2.1" @@ -6243,18 +6079,6 @@ __metadata: languageName: node linkType: hard -"npmlog@npm:^5.0.1": - version: 5.0.1 - resolution: "npmlog@npm:5.0.1" - dependencies: - are-we-there-yet: "npm:^2.0.0" - console-control-strings: "npm:^1.1.0" - gauge: "npm:^3.0.0" - set-blocking: "npm:^2.0.0" - checksum: 10c0/489ba519031013001135c463406f55491a17fc7da295c18a04937fe3a4d523fd65e88dd418a28b967ab743d913fdeba1e29838ce0ad8c75557057c481f7d49fa - languageName: node - linkType: hard - "object-assign@npm:^4.1.1": version: 4.1.1 resolution: "object-assign@npm:4.1.1" @@ -6849,17 +6673,6 @@ __metadata: languageName: node linkType: hard -"readable-stream@npm:^3.6.0": - version: 3.6.2 - resolution: "readable-stream@npm:3.6.2" - dependencies: - inherits: "npm:^2.0.3" - string_decoder: "npm:^1.1.1" - util-deprecate: "npm:^1.0.1" - checksum: 10c0/e37be5c79c376fdd088a45fa31ea2e423e5d48854be7a22a58869b4e84d25047b193f6acb54f1012331e1bcd667ffb569c01b99d36b0bd59658fb33f513511b7 - languageName: node - linkType: hard - "readdirp@npm:^4.0.1": version: 4.0.2 resolution: "readdirp@npm:4.0.2" @@ -7048,13 +6861,6 @@ __metadata: languageName: node linkType: hard -"safe-buffer@npm:~5.2.0": - version: 5.2.1 - resolution: "safe-buffer@npm:5.2.1" - checksum: 10c0/6501914237c0a86e9675d4e51d89ca3c21ffd6a31642efeba25ad65720bce6921c9e7e974e5be91a786b25aa058b5303285d3c15dbabf983a919f5f630d349f3 - languageName: node - linkType: hard - "safe-regex-test@npm:^1.0.3": version: 1.0.3 resolution: "safe-regex-test@npm:1.0.3" @@ -7113,7 +6919,7 @@ __metadata: languageName: node linkType: hard -"semver@npm:^6.0.0, semver@npm:^6.3.0, semver@npm:^6.3.1": +"semver@npm:^6.3.0, semver@npm:^6.3.1": version: 6.3.1 resolution: "semver@npm:6.3.1" bin: @@ -7131,13 +6937,6 @@ __metadata: languageName: node linkType: hard -"set-blocking@npm:^2.0.0": - version: 2.0.0 - resolution: "set-blocking@npm:2.0.0" - checksum: 10c0/9f8c1b2d800800d0b589de1477c753492de5c1548d4ade52f57f1d1f5e04af5481554d75ce5e5c43d4004b80a3eb714398d6907027dc0534177b7539119f4454 - languageName: node - linkType: hard - "set-function-length@npm:^1.2.1": version: 1.2.2 resolution: "set-function-length@npm:1.2.2" @@ -7261,7 +7060,7 @@ __metadata: languageName: node linkType: hard -"signal-exit@npm:^3.0.0, signal-exit@npm:^3.0.3, signal-exit@npm:^3.0.7": +"signal-exit@npm:^3.0.3, signal-exit@npm:^3.0.7": version: 3.0.7 resolution: "signal-exit@npm:3.0.7" checksum: 10c0/25d272fa73e146048565e08f3309d5b942c1979a6f4a58a8c59d5fa299728e9c2fcd1a759ec870863b1fd38653670240cd420dad2ad9330c71f36608a6a1c912 @@ -7447,7 +7246,7 @@ __metadata: languageName: node linkType: hard -"string-width-cjs@npm:string-width@^4.2.0, string-width@npm:^1.0.2 || 2 || 3 || 4, string-width@npm:^4.1.0, string-width@npm:^4.2.0, string-width@npm:^4.2.3": +"string-width-cjs@npm:string-width@^4.2.0, string-width@npm:^4.1.0, string-width@npm:^4.2.0, string-width@npm:^4.2.3": version: 4.2.3 resolution: "string-width@npm:4.2.3" dependencies: @@ -7544,15 +7343,6 @@ __metadata: languageName: node linkType: hard -"string_decoder@npm:^1.1.1": - version: 1.3.0 - resolution: "string_decoder@npm:1.3.0" - dependencies: - safe-buffer: "npm:~5.2.0" - checksum: 10c0/810614ddb030e271cd591935dcd5956b2410dd079d64ff92a1844d6b7588bf992b3e1b69b0f4d34a3e06e0bd73046ac646b5264c1987b20d0601f81ef35d731d - languageName: node - linkType: hard - "strip-ansi-cjs@npm:strip-ansi@^6.0.1, strip-ansi@npm:^6.0.0, strip-ansi@npm:^6.0.1": version: 6.0.1 resolution: "strip-ansi@npm:6.0.1" @@ -8069,13 +7859,6 @@ __metadata: languageName: node linkType: hard -"util-deprecate@npm:^1.0.1": - version: 1.0.2 - resolution: "util-deprecate@npm:1.0.2" - checksum: 10c0/41a5bdd214df2f6c3ecf8622745e4a366c4adced864bc3c833739791aeeeb1838119af7daed4ba36428114b5c67dcda034a79c882e97e43c03e66a4dd7389942 - languageName: node - linkType: hard - "v8-compile-cache-lib@npm:^3.0.1": version: 3.0.1 resolution: "v8-compile-cache-lib@npm:3.0.1" @@ -8226,15 +8009,6 @@ __metadata: languageName: node linkType: hard -"wide-align@npm:^1.1.2": - version: 1.1.5 - resolution: "wide-align@npm:1.1.5" - dependencies: - string-width: "npm:^1.0.2 || 2 || 3 || 4" - checksum: 10c0/1d9c2a3e36dfb09832f38e2e699c367ef190f96b82c71f809bc0822c306f5379df87bab47bed27ea99106d86447e50eb972d3c516c2f95782807a9d082fbea95 - languageName: node - linkType: hard - "word-wrap@npm:^1.2.5": version: 1.2.5 resolution: "word-wrap@npm:1.2.5"