Merge pull request #959 from uploadcare/chore/fix-vulnerabilities

Bump deps

cypress.config.js

@@ -0,0 +1,8 @@
+const { defineConfig } = require('cypress')
+
+module.exports = defineConfig({
+  video: false,
+  e2e: {
+    setupNodeEvents(on, config) {}
+  }
+})

package.json

@@ -24,7 +24,7 @@
     "build:css": "postcss -o ./src/stylesheets/styles.css --config ./scripts/postcss.config.js ./src/stylesheets/styles.pcss",
     "build:css:min": "cross-env NODE_ENV=production npm run build:css",
     "build:js": "rollup -c",
-    "build:public": "rimraf public/* && cpy dummy/* public && cpy uploadcare.full.js public",
+    "build:public": "rimraf public/* && cpy './dummy/*' './public/' && cpy uploadcare.full.js public",
     "build": "npm run build:svg && npm run build:css:min && npm run build:js && npm run build:public",
     "help:test": "SCRIPTS FOR TESTS AND CODE QUALITY CHECKS",
     "format": "prettier --write \"**/*.js\"",
@@ -39,57 +39,57 @@
   },
   "dependencies": {
     "escape-html": "^1.0.3",
-    "jquery": "^3.6.0"
+    "jquery": "^3.7.1"
   },
   "devDependencies": {
-    "@babel/core": "7.16.12",
-    "@babel/preset-env": "7.16.11",
-    "@size-limit/preset-big-lib": "8.2.4",
-    "@types/jquery": "^3.5.14",
-    "autoprefixer": "^10.4.14",
-    "aws-sdk": "2.1357.0",
+    "@babel/core": "7.23.6",
+    "@babel/preset-env": "7.23.6",
+    "@size-limit/preset-big-lib": "11.0.1",
+    "@types/jquery": "^3.5.29",
+    "autoprefixer": "^10.4.16",
+    "aws-sdk": "2.1521.0",
     "babel-plugin-html-tag": "2.0.1",
-    "cpy-cli": "4.2.0",
+    "cpy-cli": "5.0.0",
     "cross-env": "7.0.3",
-    "cssnano": "6.0.0",
-    "cypress": "9.4.1",
+    "cssnano": "6.0.2",
+    "cypress": "13.6.1",
     "cypress-file-upload": "5.0.8",
     "dotenv": "8.6.0",
-    "eslint": "8.38.0",
-    "eslint-config-prettier": "8.8.0",
-    "eslint-config-standard": "17.0.0",
-    "eslint-plugin-import": "2.27.5",
+    "eslint": "8.56.0",
+    "eslint-config-prettier": "9.1.0",
+    "eslint-config-standard": "17.1.0",
+    "eslint-plugin-import": "2.29.1",
     "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-prettier": "4.2.1",
+    "eslint-plugin-prettier": "5.0.1",
     "eslint-plugin-promise": "6.1.1",
     "eslint-plugin-standard": "4.1.0",
     "nodemon": "2.0.22",
-    "postcss": "^8.4.21",
-    "postcss-calc": "8.2.4",
-    "postcss-cli": "10.1.0",
+    "postcss": "^8.4.32",
+    "postcss-calc": "9.0.1",
+    "postcss-cli": "11.0.0",
     "postcss-css-variables": "0.19.0",
-    "postcss-custom-media": "9.1.3",
+    "postcss-custom-media": "10.0.2",
     "postcss-flexbugs-fixes": "5.0.2",
     "postcss-hexrgba": "^2.1.0",
     "postcss-import": "15.1.0",
     "postcss-nested": "6.0.1",
-    "postcss-prefixer": "2.1.3",
+    "postcss-prefixer": "3.0.0",
     "postcss-reporter": "7.0.5",
-    "prettier": "2.8.7",
+    "prettier": "3.1.1",
     "rimraf": "3.0.2",
-    "rollup": "2.66.1",
+    "rollup": "2.79.1",
     "rollup-plugin-babel": "4.4.0",
     "rollup-plugin-commonjs": "10.1.0",
     "rollup-plugin-json": "4.0.0",
     "rollup-plugin-livereload": "2.0.5",
     "rollup-plugin-module-replacement": "1.2.1",
     "rollup-plugin-node-resolve": "5.2.0",
-    "rollup-plugin-serve": "1.1.0",
+    "rollup-plugin-serve": "1.1.1",
     "rollup-plugin-string": "3.0.0",
     "rollup-plugin-terser": "5.3.1",
     "shipjs": "0.26.3",
-    "size-limit": "8.2.4",
-    "stylelint": "15.4.0",
+    "size-limit": "11.0.1",
+    "stylelint": "15.11.0",
     "stylelint-config-recommended": "^11.0.0",
     "svg-sprite": "2.0.2"
   },

src/utils/image-processor.js

@@ -112,42 +112,41 @@ const drawFileToCanvas = function (file, mW, mH, bg, maxSource) {
     if (maxSource && img.width * img.height > maxSource) {
       return df.reject('max source')
     }
-    return $.when(getExif(file), isBrowserApplyExif()).always(function (
-      exif,
-      isExifApplied
-    ) {
-      var orientation = isExifApplied ? 1 : parseExifOrientation(exif) || 1
-      var swap = orientation > 4
-      var sSize = swap ? [img.height, img.width] : [img.width, img.height]
-      var [dW, dH] = fitSize(sSize, [mW, mH])
-      var trns = [
-        [1, 0, 0, 1, 0, 0],
-        [-1, 0, 0, 1, dW, 0],
-        [-1, 0, 0, -1, dW, dH],
-        [1, 0, 0, -1, 0, dH],
-        [0, 1, 1, 0, 0, 0],
-        [0, 1, -1, 0, dW, 0],
-        [0, -1, -1, 0, dW, dH],
-        [0, -1, 1, 0, 0, dH]
-      ][orientation - 1]
-      if (!trns) {
-        return df.reject('bad image')
-      }
-      var canvas = document.createElement('canvas')
-      canvas.width = dW
-      canvas.height = dH
-      var ctx = canvas.getContext('2d')
-      ctx.transform.apply(ctx, trns)
-      if (swap) {
-        ;[dW, dH] = [dH, dW]
-      }
-      if (bg) {
-        ctx.fillStyle = bg
-        ctx.fillRect(0, 0, dW, dH)
+    return $.when(getExif(file), isBrowserApplyExif()).always(
+      function (exif, isExifApplied) {
+        var orientation = isExifApplied ? 1 : parseExifOrientation(exif) || 1
+        var swap = orientation > 4
+        var sSize = swap ? [img.height, img.width] : [img.width, img.height]
+        var [dW, dH] = fitSize(sSize, [mW, mH])
+        var trns = [
+          [1, 0, 0, 1, 0, 0],
+          [-1, 0, 0, 1, dW, 0],
+          [-1, 0, 0, -1, dW, dH],
+          [1, 0, 0, -1, 0, dH],
+          [0, 1, 1, 0, 0, 0],
+          [0, 1, -1, 0, dW, 0],
+          [0, -1, -1, 0, dW, dH],
+          [0, -1, 1, 0, 0, dH]
+        ][orientation - 1]
+        if (!trns) {
+          return df.reject('bad image')
+        }
+        var canvas = document.createElement('canvas')
+        canvas.width = dW
+        canvas.height = dH
+        var ctx = canvas.getContext('2d')
+        ctx.transform.apply(ctx, trns)
+        if (swap) {
+          ;[dW, dH] = [dH, dW]
+        }
+        if (bg) {
+          ctx.fillStyle = bg
+          ctx.fillRect(0, 0, dW, dH)
+        }
+        ctx.drawImage(img, 0, 0, dW, dH)
+        return df.resolve(canvas, sSize)
       }
-      ctx.drawImage(img, 0, 0, dW, dH)
-      return df.resolve(canvas, sSize)
-    })
+    )
   })
   return df.promise()
 }

src/widget/dialog.js

@@ -452,10 +452,10 @@ class Panel {
           .t('dialog.tabs.preview.multiple.tooManyFiles')
           .replace('%max%', this.settings.multipleMax)
       : files && tooFewFiles
-      ? locale
-          .t('dialog.tabs.preview.multiple.tooFewFiles')
-          .replace('%min%', this.settings.multipleMin)
-      : locale.t('dialog.tabs.preview.multiple.title')
+        ? locale
+            .t('dialog.tabs.preview.multiple.tooFewFiles')
+            .replace('%min%', this.settings.multipleMin)
+        : locale.t('dialog.tabs.preview.multiple.title')
     this.footer
       .find('.uploadcare--panel__message')
       .toggleClass('uploadcare--panel__message_hidden', files === 0)

src/widget/tabs/preview-tab-multiple.js

@@ -88,11 +88,11 @@ class PreviewTabMultiple extends BasePreviewTab {
             .t('dialog.tabs.preview.multiple.tooManyFiles')
             .replace('%max%', this.settings.multipleMax)
         : files && tooFewFiles
-        ? locale
-            .t('dialog.tabs.preview.multiple.tooFewFiles')
-            .replace('%min%', this.settings.multipleMin)
-            .replace('%files%', locale.t('file', files))
-        : undefined
+          ? locale
+              .t('dialog.tabs.preview.multiple.tooFewFiles')
+              .replace('%min%', this.settings.multipleMin)
+              .replace('%files%', locale.t('file', files))
+          : undefined
       return errorContainer
         .addClass('uploadcare--error')
         .text(wrongNumberFilesMessage)