search

bitwarden / directory-connector

A tool for syncing a directory (AD, LDAP, Azure, G Suite, Okta) to an organization.
https://bitwarden.com
GNU General Public License v3.0
250 stars 82 forks source link

[AC-2224] [deps]: Update open to v10 #456

Closed renovate[bot] closed 3 days ago

renovate[bot] commented 7 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
open 8.4.2 -> 10.0.3 age adoption passing confidence

Release Notes

sindresorhus/open (open) ### [`v10.0.3`](https://togithub.com/sindresorhus/open/releases/tag/v10.0.3) [Compare Source](https://togithub.com/sindresorhus/open/compare/v10.0.2...v10.0.3) - Fix `target` option on macOS ([#​332](https://togithub.com/sindresorhus/open/issues/332)) [`b597dec`](https://togithub.com/sindresorhus/open/commit/b597dec) ### [`v10.0.2`](https://togithub.com/sindresorhus/open/releases/tag/v10.0.2) [Compare Source](https://togithub.com/sindresorhus/open/compare/v10.0.1...v10.0.2) - Fix Linux compatibility [`798cd93`](https://togithub.com/sindresorhus/open/commit/798cd93) ### [`v10.0.1`](https://togithub.com/sindresorhus/open/releases/tag/v10.0.1) [Compare Source](https://togithub.com/sindresorhus/open/compare/v10.0.0...v10.0.1) - Add Windows environment variable fallback for some broken systems ([#​328](https://togithub.com/sindresorhus/open/issues/328)) [`8e69be4`](https://togithub.com/sindresorhus/open/commit/8e69be4) ### [`v10.0.0`](https://togithub.com/sindresorhus/open/releases/tag/v10.0.0) [Compare Source](https://togithub.com/sindresorhus/open/compare/v9.1.0...v10.0.0) ##### Breaking - Require Node.js 18 [`5628dc8`](https://togithub.com/sindresorhus/open/commit/5628dc8) ### [`v9.1.0`](https://togithub.com/sindresorhus/open/releases/tag/v9.1.0) [Compare Source](https://togithub.com/sindresorhus/open/compare/v9.0.0...v9.1.0) - Update dependencies [`46adf0b`](https://togithub.com/sindresorhus/open/commit/46adf0b) ### [`v9.0.0`](https://togithub.com/sindresorhus/open/releases/tag/v9.0.0) [Compare Source](https://togithub.com/sindresorhus/open/compare/v8.4.2...v9.0.0) ##### Breaking - Require Node.js 14 [`7f5995e`](https://togithub.com/sindresorhus/open/commit/7f5995e) - This package is now pure ESM. **Please [read this](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c).** - Please don't open issues regarding ESM / CommonJS. - `open.openApp` is now a named import: `import {openApp} from 'open'` - `open.apps` is now a named import: `import {apps} from 'open'` ##### Improvements - Add the ability to open default browser and default browser in private mode ([#​294](https://togithub.com/sindresorhus/open/issues/294)) [`3b79981`](https://togithub.com/sindresorhus/open/commit/3b79981)

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

AC-2224

bitwarden-bot commented 7 months ago

Internal tracking:

bitwarden-bot commented 7 months ago

Logo Checkmarx One – Scan Summary & Details75e17c6c-c31d-420d-8a9a-d076e56adfc7

New Issues

Severity Issue Source File / Package Checkmarx Insight
LOW Use_Of_Hardcoded_Password /jslib/common/src/services/passwordGeneration.service.ts: 106 Attack Vector
LOW Use_Of_Hardcoded_Password /jslib/common/src/services/passwordGeneration.service.ts: 104 Attack Vector
LOW Use_Of_Hardcoded_Password /jslib/common/src/services/passwordGeneration.service.ts: 98 Attack Vector
LOW Use_Of_Hardcoded_Password /jslib/common/src/services/passwordGeneration.service.ts: 96 Attack Vector
LOW Use_Of_Hardcoded_Password /jslib/common/src/services/passwordGeneration.service.ts: 90 Attack Vector
LOW Use_Of_Hardcoded_Password /jslib/common/src/services/passwordGeneration.service.ts: 88 Attack Vector
LOW Use_Of_Hardcoded_Password /jslib/common/spec/domain/cipher.spec.ts: 137 Attack Vector
LOW Use_Of_Hardcoded_Password /jslib/common/spec/domain/login.spec.ts: 40 Attack Vector
LOW Use_Of_Hardcoded_Password /jslib/common/spec/domain/password.spec.ts: 29 Attack Vector
LOW Use_Of_Hardcoded_Password /jslib/common/spec/domain/login.spec.ts: 69 Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /jslib/node/src/services/nodeCryptoFunction.service.ts: 138 Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /jslib/node/src/services/nodeCryptoFunction.service.ts: 178 Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /jslib/node/src/services/nodeCryptoFunction.service.ts: 99 Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /jslib/node/src/services/nodeCryptoFunction.service.ts: 87 Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /jslib/node/src/services/nodeCryptoFunction.service.ts: 21 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM Client_Privacy_Violation /src/app/tabs/settings.component.html: 370
MEDIUM Client_Privacy_Violation /src/app/tabs/settings.component.html: 229
MEDIUM Client_Privacy_Violation /src/app/tabs/settings.component.html: 212
MEDIUM SSRF /src/services/onelogin-directory.service.ts: 178
LOW Missing_CSP_Header /jslib/node/src/cli/commands/login.command.ts: 550
renovate[bot] commented 7 months ago

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

addisonbeck commented 7 months ago

I can't find a place where this package is used.

I've been using a dependency audit tool called depcheck, and it reports this package as being in use somewhere in the project. BUT I can't find it anywhere. Here are some notes:

  1. There are no import references found for this package doing a typical grep search
  2. The package, open, is a cli tool used for opening urls, files, etc. in non web-apps.
  3. There is a recommended alternative to open for electron on the package README
  4. Directory Connector doesn't open any urls, RIGHT? I might just be missing something here.
  5. The app loads and functions just fine without the package installed:
Screenshot 2024-02-16 at 8 09 25 PM

Seeking a second opinion on this one before merging to remove the package instead of updating it.

codecov[bot] commented 3 days ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 0.00%. Comparing base (46fb407) to head (a4cf1e4). Report is 1 commits behind head on main.

:white_check_mark: All tests successful. No failed tests found.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #456 +/- ## ===================================== Coverage 0.00% 0.00% ===================================== Files 58 58 Lines 2542 2542 Branches 462 462 ===================================== Misses 2542 2542 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

addisonbeck commented 3 days ago

This is discussed a bit above, but to be clear:

I replaced the function body this package was referenced in with a not implemented error, and removed its references in jslib. They were for opening SSO login screens from a CLI, which is not supported in DC.