From 142eddc3199e9897727716712a222f1a8dcb562f Mon Sep 17 00:00:00 2001 From: Corinne PAULVE Date: Mon, 7 Oct 2024 16:38:25 +0200 Subject: [PATCH 1/3] fix: use only exposed type to fill operators metadata Operators have exposed and supported type. The first type is what to extract for the CMS and the second at runtime Left operand runtime type was overriding right operand metadata --- .../helpers/rules-engine.extractor.ts | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/packages/@o3r/rules-engine/builders/rules-engine-extractor/helpers/rules-engine.extractor.ts b/packages/@o3r/rules-engine/builders/rules-engine-extractor/helpers/rules-engine.extractor.ts index 9b682748a8..5dbf64d0f6 100644 --- a/packages/@o3r/rules-engine/builders/rules-engine-extractor/helpers/rules-engine.extractor.ts +++ b/packages/@o3r/rules-engine/builders/rules-engine-extractor/helpers/rules-engine.extractor.ts @@ -263,7 +263,6 @@ export class RulesEngineExtractor { if (!operatorDeclarations.length) { return; } - operatorDeclarations.forEach((declaration) => { const operatorType = declaration.type.typeName.getText(source); const commentParsedDeclaration = this.commentParser.parseConfigDocFromNode(source, declaration); @@ -291,9 +290,9 @@ export class RulesEngineExtractor { nbValues: 1 }; } - - declaration.type.typeArguments?.forEach((argType, idx) => { - const operand = idx === 0 ? 'leftOperand' : 'rightOperand'; + const operands: ('leftOperand' | 'rightOperand')[] = ['leftOperand', 'rightOperand']; + declaration.type.typeArguments?.slice(0, 2).forEach((argType, idx) => { + const operand = operands[idx]; const operandObject = operator[operand]!; operandObject.nbValues = this.getTypeNbValue(argType); From d8998ee13cb36f73d96befb47dae0091c4b20dd1 Mon Sep 17 00:00:00 2001 From: Corinne PAULVE Date: Tue, 15 Oct 2024 15:13:19 +0200 Subject: [PATCH 2/3] fix: upgrade jsonpath-plus to non vulnerable version --- packages/@o3r/rules-engine/package.json | 4 +-- yarn.lock | 44 +++++++++++++++++++++---- 2 files changed, 40 insertions(+), 8 deletions(-) diff --git a/packages/@o3r/rules-engine/package.json b/packages/@o3r/rules-engine/package.json index 6f6bdd98fa..2b64214fd3 100644 --- a/packages/@o3r/rules-engine/package.json +++ b/packages/@o3r/rules-engine/package.json @@ -48,7 +48,7 @@ "@schematics/angular": "~16.2.0", "globby": "^11.1.0", "jasmine": "^5.0.0", - "jsonpath-plus": "^7.0.0", + "jsonpath-plus": ">= 7.0.0", "rxjs": "^7.8.1", "typescript": "~5.1.6", "typescript-json-schema": "~0.62.0" @@ -143,7 +143,7 @@ "jest-junit": "~16.0.0", "jest-preset-angular": "~13.1.1", "jsonc-eslint-parser": "~2.4.0", - "jsonpath-plus": "^7.0.0", + "jsonpath-plus": "^10.0.0", "memfs": "~4.6.0", "nx": "~16.10.0", "pid-from-port": "^1.1.3", diff --git a/yarn.lock b/yarn.lock index dda175b5d9..c6c58a3d25 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4880,6 +4880,24 @@ __metadata: languageName: node linkType: hard +"@jsep-plugin/assignment@npm:^1.2.1": + version: 1.2.1 + resolution: "@jsep-plugin/assignment@npm:1.2.1" + peerDependencies: + jsep: ^0.4.0||^1.0.0 + checksum: d8db45f052fd95b33207ded7f49af9ae48ff5ce10cb898e28a6fca722863f4a3330892c3a2c355a1a8c94fd230eef3db9be0c45324cb526e5edff7085c1f7a37 + languageName: node + linkType: hard + +"@jsep-plugin/regex@npm:^1.0.3": + version: 1.0.3 + resolution: "@jsep-plugin/regex@npm:1.0.3" + peerDependencies: + jsep: ^0.4.0||^1.0.0 + checksum: c08c7bd79a164995923ea799949b9f6b18dcf2bd314522ed0dcfc669fd249a06fea200606086c7d54b12d39ce3cfa61d910229e5184c667ead135f6da6997532 + languageName: node + linkType: hard + "@juggle/resize-observer@npm:^3.3.1": version: 3.4.0 resolution: "@juggle/resize-observer@npm:3.4.0" @@ -8590,7 +8608,7 @@ __metadata: jest-junit: "npm:~16.0.0" jest-preset-angular: "npm:~13.1.1" jsonc-eslint-parser: "npm:~2.4.0" - jsonpath-plus: "npm:^7.0.0" + jsonpath-plus: "npm:^10.0.0" memfs: "npm:~4.6.0" nx: "npm:~16.10.0" pid-from-port: "npm:^1.1.3" @@ -8628,7 +8646,7 @@ __metadata: "@schematics/angular": ~16.2.0 globby: ^11.1.0 jasmine: ^5.0.0 - jsonpath-plus: ^7.0.0 + jsonpath-plus: ">= 7.0.0" rxjs: ^7.8.1 typescript: ~5.1.6 typescript-json-schema: ~0.62.0 @@ -23694,6 +23712,13 @@ __metadata: languageName: node linkType: hard +"jsep@npm:^1.3.9": + version: 1.3.9 + resolution: "jsep@npm:1.3.9" + checksum: c60d7064c3b5047f58345e65e7618bbaecf2f46338e56689244db057b0550bf8fb7c1457a7384dfd38aca9acde3ff851d062c3f182cc1fbc66c13cb2ca0b579d + languageName: node + linkType: hard + "jsesc@npm:^2.5.1": version: 2.5.2 resolution: "jsesc@npm:2.5.2" @@ -23882,10 +23907,17 @@ __metadata: languageName: node linkType: hard -"jsonpath-plus@npm:^7.0.0": - version: 7.2.0 - resolution: "jsonpath-plus@npm:7.2.0" - checksum: f602445b1aa2d55abc2875859fd948f942980ef6400ca2a0362c7a6aa6f912467865262f4d092e04a16889fa74f0dbf6fd67b9dc9583485a5059be6e0a62c6c2 +"jsonpath-plus@npm:^10.0.0": + version: 10.0.0 + resolution: "jsonpath-plus@npm:10.0.0" + dependencies: + "@jsep-plugin/assignment": "npm:^1.2.1" + "@jsep-plugin/regex": "npm:^1.0.3" + jsep: "npm:^1.3.9" + bin: + jsonpath: bin/jsonpath-cli.js + jsonpath-plus: bin/jsonpath-cli.js + checksum: cd8d3f9ebfa2f0b26a362e9b9fb8cf293a6b5798f76e20b3d2ab93da3e885b99dfbba9ac8aa448d62da5a1f4dc327f636ffb242054ee827d27e75500372557c3 languageName: node linkType: hard From 7d56766505917b1a2da41dd5622039750ae8f553 Mon Sep 17 00:00:00 2001 From: Salome DO Date: Thu, 17 Oct 2024 09:53:29 +0200 Subject: [PATCH 3/3] fix: version of jsonpath-plus --- package.json | 2 +- packages/@o3r/components/package.json | 2 +- packages/@o3r/rules-engine/package.json | 2 +- yarn.lock | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index 9cb7884c3a..e5def39df9 100644 --- a/package.json +++ b/package.json @@ -227,7 +227,7 @@ "jest-preset-angular": "~14.1.0", "js-yaml": "^4.1.0", "jsonc-eslint-parser": "~2.4.0", - "jsonpath-plus": "^10.0.0", + "jsonpath-plus": "~10.0.0", "lighthouse": "9.6.8", "lint-staged": "^15.0.0", "minimist": "^1.2.6", diff --git a/packages/@o3r/components/package.json b/packages/@o3r/components/package.json index 0677863165..53580d1d9e 100644 --- a/packages/@o3r/components/package.json +++ b/packages/@o3r/components/package.json @@ -161,7 +161,7 @@ "jest-junit": "~16.0.0", "jest-preset-angular": "~14.1.0", "jsonc-eslint-parser": "~2.4.0", - "jsonpath-plus": "^10.0.0", + "jsonpath-plus": "~10.0.0", "memfs": "~4.9.0", "nx": "~18.3.0", "pid-from-port": "^1.1.3", diff --git a/packages/@o3r/rules-engine/package.json b/packages/@o3r/rules-engine/package.json index 6ef1d6b346..75a7d7d203 100644 --- a/packages/@o3r/rules-engine/package.json +++ b/packages/@o3r/rules-engine/package.json @@ -142,7 +142,7 @@ "jest-junit": "~16.0.0", "jest-preset-angular": "~14.1.0", "jsonc-eslint-parser": "~2.4.0", - "jsonpath-plus": "^10.0.0", + "jsonpath-plus": "~10.0.0", "memfs": "~4.9.0", "nx": "~18.3.0", "pid-from-port": "^1.1.3", diff --git a/yarn.lock b/yarn.lock index 556fdfebdc..a3b87034df 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7259,7 +7259,7 @@ __metadata: jest-junit: "npm:~16.0.0" jest-preset-angular: "npm:~14.1.0" jsonc-eslint-parser: "npm:~2.4.0" - jsonpath-plus: "npm:^10.0.0" + jsonpath-plus: "npm:~10.0.0" memfs: "npm:~4.9.0" nx: "npm:~18.3.0" pid-from-port: "npm:^1.1.3" @@ -8208,7 +8208,7 @@ __metadata: jest-preset-angular: "npm:~14.1.0" js-yaml: "npm:^4.1.0" jsonc-eslint-parser: "npm:~2.4.0" - jsonpath-plus: "npm:^10.0.0" + jsonpath-plus: "npm:~10.0.0" lighthouse: "npm:9.6.8" lint-staged: "npm:^15.0.0" minimist: "npm:^1.2.6" @@ -8735,7 +8735,7 @@ __metadata: jest-junit: "npm:~16.0.0" jest-preset-angular: "npm:~14.1.0" jsonc-eslint-parser: "npm:~2.4.0" - jsonpath-plus: "npm:^10.0.0" + jsonpath-plus: "npm:~10.0.0" memfs: "npm:~4.9.0" nx: "npm:~18.3.0" pid-from-port: "npm:^1.1.3" @@ -22646,7 +22646,7 @@ __metadata: languageName: node linkType: hard -"jsonpath-plus@npm:^10.0.0": +"jsonpath-plus@npm:~10.0.0": version: 10.0.1 resolution: "jsonpath-plus@npm:10.0.1" dependencies: