From 9bccf2b84905c05762e18c9dd42c1e48e64d7bc9 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" Date: Fri, 7 Jun 2019 12:39:39 +0000 Subject: [PATCH 1/2] Bump apollo-client from 2.6.1 to 2.6.2 in /webapp Bumps [apollo-client](https://github.com/apollographql/apollo-client) from 2.6.1 to 2.6.2. - [Release notes](https://github.com/apollographql/apollo-client/releases) - [Changelog](https://github.com/apollographql/apollo-client/blob/master/CHANGELOG.md) - [Commits](https://github.com/apollographql/apollo-client/compare/apollo-client@2.6.1...apollo-client@2.6.2) Signed-off-by: dependabot-preview[bot] --- webapp/package.json | 2 +- webapp/yarn.lock | 44 +++++++++++++++++++++++--------------------- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/webapp/package.json b/webapp/package.json index 6617f7e8a..4526c1130 100644 --- a/webapp/package.json +++ b/webapp/package.json @@ -56,7 +56,7 @@ "@nuxtjs/style-resources": "~0.1.2", "accounting": "~0.4.1", "apollo-cache-inmemory": "~1.5.1", - "apollo-client": "~2.6.1", + "apollo-client": "~2.6.2", "cookie-universal-nuxt": "~2.0.14", "cross-env": "~5.2.0", "date-fns": "2.0.0-alpha.31", diff --git a/webapp/yarn.lock b/webapp/yarn.lock index a083f0d7e..52ef2cb87 100644 --- a/webapp/yarn.lock +++ b/webapp/yarn.lock @@ -1684,6 +1684,13 @@ "@webassemblyjs/wast-parser" "1.8.5" "@xtuc/long" "4.2.2" +"@wry/equality@^0.1.2": + version "0.1.7" + resolved "https://registry.yarnpkg.com/@wry/equality/-/equality-0.1.7.tgz#512234d078341c32cabda66b89b5dddb5741d9b9" + integrity sha512-p1rhJ6PQzpsBr9cMJMHvvx3LQEA28HFX7fAQx6khAX+1lufFeBuk+iRCAyHwj3v6JbpGKvHNa66f+9cpU8c7ew== + dependencies: + tslib "^1.9.3" + "@xtuc/ieee754@^1.2.0": version "1.2.0" resolved "https://registry.yarnpkg.com/@xtuc/ieee754/-/ieee754-1.2.0.tgz#eef014a3145ae477a1cbc00cd1e552336dceb790" @@ -1878,23 +1885,23 @@ apollo-cache-inmemory@^1.5.1, apollo-cache-inmemory@~1.5.1: ts-invariant "^0.2.1" tslib "^1.9.3" -apollo-cache@1.3.1, apollo-cache@^1.2.1: - version "1.3.1" - resolved "https://registry.yarnpkg.com/apollo-cache/-/apollo-cache-1.3.1.tgz#c015f93a9a7f32b3eeea0c471addd6e854da754c" - integrity sha512-BJ/Mehr3u6XCaHYSmgZ6DM71Fh30OkW6aEr828WjHvs+7i0RUuP51/PM7K6T0jPXtuw7UbArFFPZZsNgXnyyJA== +apollo-cache@1.3.2, apollo-cache@^1.2.1: + version "1.3.2" + resolved "https://registry.yarnpkg.com/apollo-cache/-/apollo-cache-1.3.2.tgz#df4dce56240d6c95c613510d7e409f7214e6d26a" + integrity sha512-+KA685AV5ETEJfjZuviRTEImGA11uNBp/MJGnaCvkgr+BYRrGLruVKBv6WvyFod27WEB2sp7SsG8cNBKANhGLg== dependencies: - apollo-utilities "^1.3.1" + apollo-utilities "^1.3.2" tslib "^1.9.3" -apollo-client@^2.5.1, apollo-client@~2.6.1: - version "2.6.1" - resolved "https://registry.yarnpkg.com/apollo-client/-/apollo-client-2.6.1.tgz#fcf328618d6ad82b750a988bec113fe6edc8ba94" - integrity sha512-Tb6ZthPZUHlGqeoH1WC8Qg/tLnkk9H5+xj4e5nzOAC6dCOW3pVU9tYXscrWdmZ65UDUg1khvTNjrQgPhdf4aTQ== +apollo-client@^2.5.1, apollo-client@~2.6.2: + version "2.6.2" + resolved "https://registry.yarnpkg.com/apollo-client/-/apollo-client-2.6.2.tgz#03b6af651e09b6e413e486ddc87464c85bd6e514" + integrity sha512-oks1MaT5x7gHcPeC8vPC1UzzsKaEIC0tye+jg72eMDt5OKc7BobStTeS/o2Ib3e0ii40nKxGBnMdl/Xa/p56Yg== dependencies: "@types/zen-observable" "^0.8.0" - apollo-cache "1.3.1" + apollo-cache "1.3.2" apollo-link "^1.0.0" - apollo-utilities "1.3.1" + apollo-utilities "1.3.2" symbol-observable "^1.0.2" ts-invariant "^0.4.0" tslib "^1.9.3" @@ -2081,13 +2088,13 @@ apollo-upload-client@^10.0.0: apollo-link-http-common "^0.2.13" extract-files "^5.0.1" -apollo-utilities@1.3.1, apollo-utilities@^1.0.1, apollo-utilities@^1.0.8, apollo-utilities@^1.2.1, apollo-utilities@^1.3.1: - version "1.3.1" - resolved "https://registry.yarnpkg.com/apollo-utilities/-/apollo-utilities-1.3.1.tgz#4c45f9b52783c324e2beef822700bdea374f82d1" - integrity sha512-P5cJ75rvhm9hcx9V/xCW0vlHhRd0S2icEcYPoRYNTc5djbynpuO+mQuJ4zMHgjNDpvvDxDfZxXTJ6ZUuJZodiQ== +apollo-utilities@1.3.2, apollo-utilities@^1.0.1, apollo-utilities@^1.0.8, apollo-utilities@^1.2.1, apollo-utilities@^1.3.2: + version "1.3.2" + resolved "https://registry.yarnpkg.com/apollo-utilities/-/apollo-utilities-1.3.2.tgz#8cbdcf8b012f664cd6cb5767f6130f5aed9115c9" + integrity sha512-JWNHj8XChz7S4OZghV6yc9FNnzEXj285QYp/nLNh943iObycI5GTDO3NGR9Dth12LRrSFMeDOConPfPln+WGfg== dependencies: + "@wry/equality" "^0.1.2" fast-json-stable-stringify "^2.0.0" - lodash.isequal "^4.5.0" ts-invariant "^0.4.0" tslib "^1.9.3" @@ -6851,11 +6858,6 @@ lodash.isboolean@^3.0.3: resolved "https://registry.yarnpkg.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz#6c2e171db2a257cd96802fd43b01b20d5f5870f6" integrity sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY= -lodash.isequal@^4.5.0: - version "4.5.0" - resolved "https://registry.yarnpkg.com/lodash.isequal/-/lodash.isequal-4.5.0.tgz#415c4478f2bcc30120c22ce10ed3226f7d3e18e0" - integrity sha1-QVxEePK8wwEgwizhDtMib30+GOA= - lodash.isinteger@^4.0.4: version "4.0.4" resolved "https://registry.yarnpkg.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz#619c0af3d03f8b04c31f5882840b77b11cd68343" From 314b257b45f82db642170bdfa060b83111703044 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 7 Jun 2019 13:31:28 +0200 Subject: [PATCH 2/2] Replace dependency `ms` completely I have seen this PR here: https://github.com/Human-Connection/Human-Connection/pull/774 and I thought: Never saw that one before, where is it used and what is the purpose? I could find this line only and thought this is not a justification for having the package installed. --- backend/package.json | 1 - backend/src/jwt/encode.js | 3 +-- backend/yarn.lock | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/backend/package.json b/backend/package.json index b87ce61e9..1950c5561 100644 --- a/backend/package.json +++ b/backend/package.json @@ -69,7 +69,6 @@ "linkifyjs": "~2.1.8", "lodash": "~4.17.11", "merge-graphql-schemas": "^1.5.8", - "ms": "~2.1.1", "neo4j-driver": "~1.7.4", "neo4j-graphql-js": "git+https://github.com/Human-Connection/neo4j-graphql-js.git#temporary_fixes", "node-fetch": "~2.6.0", diff --git a/backend/src/jwt/encode.js b/backend/src/jwt/encode.js index 97c6dcd66..1552804cc 100644 --- a/backend/src/jwt/encode.js +++ b/backend/src/jwt/encode.js @@ -1,11 +1,10 @@ import jwt from 'jsonwebtoken' -import ms from 'ms' import CONFIG from './../config' // Generate an Access Token for the given User ID export default function encode(user) { const token = jwt.sign(user, CONFIG.JWT_SECRET, { - expiresIn: ms('1d'), + expiresIn: 24 * 60 * 60 * 1000, // one day issuer: CONFIG.GRAPHQL_URI, audience: CONFIG.CLIENT_URI, subject: user.id.toString(), diff --git a/backend/yarn.lock b/backend/yarn.lock index 7c4115391..57f582469 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -5593,7 +5593,7 @@ ms@2.0.0: resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g= -ms@2.1.1, ms@^2.1.1, ms@~2.1.1: +ms@2.1.1, ms@^2.1.1: version "2.1.1" resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a" integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==