Dependency updates week of 08/12/24

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2.1
 orbs:
   git-shallow-clone: guitarrapc/git-shallow-clone@2.8.0
 
-efcms-docker-image: &efcms-docker-image $AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/ef-cms-us-east-1:4.3.6
+efcms-docker-image: &efcms-docker-image $AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/ef-cms-us-east-1:4.3.7
 
 parameters:
   run_build_and_deploy:

Dockerfile

@@ -37,7 +37,7 @@ RUN apt-get install -y build-essential
 RUN apt-get install -y libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev
 
 ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
-RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.17.24.zip" -o "awscliv2.zip" && \
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.17.30.zip" -o "awscliv2.zip" && \
   unzip awscliv2.zip && \
   ./aws/install && \
   rm -rf awscliv2.zip

docs/dependency-updates.md

@@ -77,7 +77,7 @@ Below is a list of dependencies that are locked down due to known issues with se
 
 - When updating puppeteer or puppeteer core in the project, make sure to also match versions in `web-api/runtimes/puppeteer/package.json` as this is our lambda layer which we use to generate pdfs. Puppeteer and chromium versions should always match between package.json and web-api/runtimes/puppeteer/package.json.  Remember to run `npm install --prefix web-api/runtimes/puppeteer` to install and update the package-lock file.
 - Puppeteer also has recommended versions of Chromium, so we should make sure to use the recommended version of chromium for the version of puppeteer that we are on.
-- As of 8/7/2024, we cannot update puppeteer or puppeteer-core beyond 22.13.1 because the latest release of @sparticuz/chromium only supports version 126 of chromium.
+- As of 8/15/2024, we cannot update puppeteer or puppeteer-core beyond 22.13.1 because the latest release of @sparticuz/chromium only supports version 126 of chromium.
 - There is a high-severity security issue with ws (ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q); however, we only use ws on the client side, so this should not be an issue. (We tried to upgrade puppeteer anyway, but unsurprisingly the PDF tests failed because there is no newer version of Chromium that supports puppeteer.)
 
 ### pdfjs-dist
@@ -91,7 +91,6 @@ Below is a list of dependencies that are locked down due to known issues with se
 ### eslint
 - Keep pinned to 8.57.0 as most plugins are not yet compatible with v9.0.0: https://eslint.org/blog/2023/09/preparing-custom-rules-eslint-v9/
 See: https://github.com/jsx-eslint/eslint-plugin-react/issues/3699
-- Keep eslint-plugin-security at 2.1.1 since upgrading makes it only compatible with v9.0.0
 
 ### ws, 3rd party dependency of Cerebral
 - When running npm audit, you'll see a high severity issue with ws, 'affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q'. This doesn't affect us as the vulnerability is on the server side and we're not using this package on the server. We tried to override this to 5.2.4 and 8.18.0 and weren't able to make this work as import paths have changed. In the mean time, we recommend skipping this issue. We could always fork the cerebral repo in the future if needed.

package.json

@@ -11,46 +11,46 @@
   "dependencies": {
     "@18f/us-federal-holidays": "4.0.0",
     "@aws-crypto/sha256-browser": "5.2.0",
-    "@aws-sdk/client-api-gateway": "3.624.0",
-    "@aws-sdk/client-apigatewaymanagementapi": "3.624.0",
-    "@aws-sdk/client-apigatewayv2": "3.624.0",
-    "@aws-sdk/client-cloudfront": "3.624.0",
-    "@aws-sdk/client-cloudwatch": "3.624.0",
-    "@aws-sdk/client-cloudwatch-logs": "3.624.0",
-    "@aws-sdk/client-cognito-identity-provider": "3.628.0",
-    "@aws-sdk/client-dynamodb": "3.624.0",
-    "@aws-sdk/client-dynamodb-streams": "3.624.0",
-    "@aws-sdk/client-glue": "3.627.0",
-    "@aws-sdk/client-lambda": "3.624.0",
-    "@aws-sdk/client-opensearch": "3.624.0",
-    "@aws-sdk/client-route-53": "3.624.0",
-    "@aws-sdk/client-s3": "3.627.0",
-    "@aws-sdk/client-ses": "3.624.0",
-    "@aws-sdk/client-sns": "3.624.0",
-    "@aws-sdk/client-sqs": "3.624.0",
-    "@aws-sdk/client-ssm": "3.624.0",
+    "@aws-sdk/client-api-gateway": "3.632.0",
+    "@aws-sdk/client-apigatewaymanagementapi": "3.632.0",
+    "@aws-sdk/client-apigatewayv2": "3.632.0",
+    "@aws-sdk/client-cloudfront": "3.632.0",
+    "@aws-sdk/client-cloudwatch": "3.632.0",
+    "@aws-sdk/client-cloudwatch-logs": "3.632.0",
+    "@aws-sdk/client-cognito-identity-provider": "3.632.0",
+    "@aws-sdk/client-dynamodb": "3.632.0",
+    "@aws-sdk/client-dynamodb-streams": "3.632.0",
+    "@aws-sdk/client-glue": "3.632.0",
+    "@aws-sdk/client-lambda": "3.632.0",
+    "@aws-sdk/client-opensearch": "3.632.0",
+    "@aws-sdk/client-route-53": "3.632.0",
+    "@aws-sdk/client-s3": "3.633.0",
+    "@aws-sdk/client-ses": "3.632.0",
+    "@aws-sdk/client-sns": "3.632.0",
+    "@aws-sdk/client-sqs": "3.632.0",
+    "@aws-sdk/client-ssm": "3.632.0",
     "@aws-sdk/cloudfront-signer": "3.621.0",
-    "@aws-sdk/credential-provider-node": "3.624.0",
-    "@aws-sdk/lib-dynamodb": "3.624.0",
-    "@aws-sdk/lib-storage": "3.627.0",
+    "@aws-sdk/credential-provider-node": "3.632.0",
+    "@aws-sdk/lib-dynamodb": "3.632.0",
+    "@aws-sdk/lib-storage": "3.633.0",
     "@aws-sdk/node-http-handler": "3.374.0",
     "@aws-sdk/protocol-http": "3.374.0",
-    "@aws-sdk/s3-presigned-post": "3.627.0",
-    "@aws-sdk/s3-request-presigner": "3.627.0",
+    "@aws-sdk/s3-presigned-post": "3.633.0",
+    "@aws-sdk/s3-request-presigner": "3.633.0",
     "@aws-sdk/signature-v4": "3.374.0",
-    "@aws-sdk/util-dynamodb": "3.624.0",
+    "@aws-sdk/util-dynamodb": "3.632.0",
     "@cerebral/react": "4.2.1",
     "@fortawesome/fontawesome-svg-core": "1.2.36",
     "@fortawesome/free-regular-svg-icons": "5.15.4",
     "@fortawesome/free-solid-svg-icons": "5.15.4",
     "@fortawesome/react-fontawesome": "0.2.2",
     "@joi/date": "2.1.1",
     "@opensearch-project/opensearch": "2.11.0",
-    "@sparticuz/chromium": "123.0.1",
+    "@sparticuz/chromium": "126.0.0",
     "@uswds/uswds": "3.7.1",
     "aws-lambda": "1.0.7",
     "aws-xray-sdk": "3.9.0",
-    "axios": "1.7.3",
+    "axios": "1.7.4",
     "broadcast-channel": "7.0.0",
     "canvas": "2.11.2",
     "cerebral": "5.2.1",
@@ -97,8 +97,8 @@
     "util": "0.12.5",
     "uuid": "10.0.0",
     "websocket": "1.0.35",
-    "wicg-inert": "3.1.2",
-    "winston": "3.14.1"
+    "wicg-inert": "3.1.3",
+    "winston": "3.14.2"
   },
   "scripts": {
     "admin:become-user": "npx ts-node --transpile-only scripts/user/become-user.ts",
@@ -244,8 +244,8 @@
     "ejs": "3.1.10"
   },
   "devDependencies": {
-    "@aws-sdk/client-iam": "3.624.0",
-    "@aws-sdk/client-secrets-manager": "3.624.0",
+    "@aws-sdk/client-iam": "3.632.0",
+    "@aws-sdk/client-secrets-manager": "3.632.0",
     "@babel/cli": "7.24.8",
     "@babel/core": "7.25.2",
     "@babel/eslint-parser": "7.25.1",
@@ -260,15 +260,15 @@
     "@types/jest": "29.5.12",
     "@types/lodash": "4.17.7",
     "@types/luxon": "3.4.2",
-    "@types/node": "22.1.0",
+    "@types/node": "22.4.0",
     "@types/promise-retry": "1.1.6",
     "@types/react": "18.3.3",
     "@types/react-dom": "18.3.0",
     "@types/react-paginate": "7.1.4",
     "@types/uuid": "10.0.0",
     "@types/websocket": "1.0.10",
-    "@typescript-eslint/eslint-plugin": "8.0.1",
-    "@typescript-eslint/parser": "8.0.1",
+    "@typescript-eslint/eslint-plugin": "8.1.0",
+    "@typescript-eslint/parser": "8.1.0",
     "@vendia/serverless-express": "4.12.6",
     "ajv": "8.17.1",
     "artillery": "2.0.19",
@@ -286,7 +286,7 @@
     "crypto-browserify": "3.12.0",
     "css-loader": "7.1.2",
     "csv-parse": "5.5.6",
-    "cypress": "13.13.2",
+    "cypress": "13.13.3",
     "cypress-axe": "1.5.0",
     "cypress-file-upload": "5.0.8",
     "decimal.js": "10.4.3",
@@ -304,7 +304,7 @@
     "esbuild-visualizer": "0.6.0",
     "eslint": "8.57.0",
     "eslint-config-prettier": "9.1.0",
-    "eslint-plugin-cypress": "3.4.0",
+    "eslint-plugin-cypress": "3.5.0",
     "eslint-plugin-import": "2.29.1",
     "eslint-plugin-jest": "28.8.0",
     "eslint-plugin-jsx-a11y": "6.9.0",
@@ -325,7 +325,7 @@
     "jest-environment-node": "29.7.0",
     "jsdom": "24.1.1",
     "json2yaml": "1.1.0",
-    "lint-staged": "15.2.8",
+    "lint-staged": "15.2.9",
     "lint-staged-shellcheck": "0.1.2",
     "livereload": "0.9.3",
     "node-cache": "5.1.2",
@@ -336,11 +336,11 @@
     "pngjs": "7.0.0",
     "postcss": "8.4.41",
     "postcss-loader": "8.1.1",
-    "postcss-preset-env": "10.0.0",
+    "postcss-preset-env": "10.0.2",
     "prettier": "3.3.3",
     "prop-types": "15.8.1",
-    "puppeteer": "22.6.5",
-    "puppeteer-core": "22.6.5",
+    "puppeteer": "22.13.1",
+    "puppeteer-core": "22.13.1",
     "react-test-renderer": "18.3.1",
     "readline": "1.3.0",
     "s3rver": "github:20minutes/s3rver",
@@ -349,7 +349,7 @@
     "shuffle-seed": "1.1.6",
     "stream-browserify": "3.0.0",
     "style-loader": "4.0.0",
-    "stylelint": "16.8.1",
+    "stylelint": "16.8.2",
     "stylelint-config-idiomatic-order": "10.0.0",
     "stylelint-config-standard": "36.0.1",
     "stylelint-config-standard-scss": "13.1.0",

shared/admin-tools/glue/glue_migrations/main.tf

@@ -7,7 +7,7 @@ terraform {
   }
 
   required_providers {
-    aws = "5.61.0"
+    aws = "5.63.0"
   }
 }
 

shared/admin-tools/glue/remote_role/main.tf

@@ -7,7 +7,7 @@ terraform {
   }
 
   required_providers {
-    aws = "5.61.0"
+    aws = "5.63.0"
   }
 }