Merge branch 'devel' of github.com:arangodb/arangodb into feature/supervised-aql-value

cpjulia · cpjulia · commit 59a3509f5326 · 2025-12-04T12:00:10.000-03:00
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,6 +1,8 @@
 devel
 -----
 
+* FE-636: bump express from 4.18.2 to 4.21.2 (latest 4.X version) (ensure non-vulnerable body-parser).
+
 * Fix a potential integer overflow in shortest path estimation.
 
 * Fix BTS-2268: Fixed an issue where query plan for queries with subquery
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/applicationDetailView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/applicationDetailView.js
@@ -199,7 +199,7 @@
             }
             window.modalView.show(
               'modalTable.ejs',
-              'Result of script "' + script + '"',
+              'Result of script "' + _.escape(script) + '"',
               undefined,
               undefined,
               undefined,
@@ -210,7 +210,7 @@
       ];
       window.modalView.show(
         'modalTable.ejs',
-        'Run script "' + script + '" on "' + this.model.get('mount') + '"',
+        'Run script "' + _.escape(script) + '" on "' + _.escape(this.model.get('mount')) + '"',
         buttons,
         tableContent
       );
@@ -255,7 +255,7 @@
       ];
       window.modalView.show(
         'modalTable.ejs',
-        'Run tests for app "' + this.model.get('mount') + '"',
+        'Run tests for app "' + _.escape(this.model.get('mount')) + '"',
         buttons,
         undefined,
         undefined,
@@ -345,18 +345,18 @@
       // information box info tab
       if (this.model.get('author')) {
         $('.information').append(
-          '<p class="mount"><span>Author:</span>' + this.model.get('author') + '</p>'
+          '<p class="mount"><span>Author:</span>' + _.escape(this.model.get('author')) + '</p>'
         );
       }
       if (this.model.get('mount')) {
         $('.information').append(
-          '<p class="mount"><span>Mount:</span>' + this.model.get('mount') + '</p>'
+          '<p class="mount"><span>Mount:</span>' + _.escape(this.model.get('mount')) + '</p>'
         );
       }
       if (this.model.get('development')) {
         if (this.model.get('path')) {
           $('.information').append(
-            '<p class="path"><span>Path:</span>' + this.model.get('path') + '</p>'
+            '<p class="path"><span>Path:</span>' + _.escape(this.model.get('path')) + '</p>'
           );
         }
       }
@@ -401,7 +401,7 @@
       ];
       window.modalView.show(
         'modalTable.ejs',
-        'Delete Foxx App mounted at "' + this.model.get('mount') + '"',
+        'Delete Foxx App mounted at "' + _.escape(this.model.get('mount')) + '"',
         buttons,
         tableContent,
         undefined,
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/applierView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/applierView.js
@@ -23,7 +23,7 @@
       if (window.App.naviView) {
         var string = 'Database';
         if (name) {
-          string = string + ': ' + name;
+          string = string + ': ' + _.escape(name);
         }
         $('#subNavigationBar .breadcrumb').html(string);
       } else {
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/graphViewer.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/graphViewer.js
@@ -162,7 +162,7 @@
 
       // render navigation
       $('#subNavigationBar .breadcrumb').html(
-        'Graph: ' + this.name
+        'Graph: ' + _.escape(this.name)
       );
 
       this.resize();
@@ -458,7 +458,7 @@
                 }
               } else {
                 message = e.responseJSON.errorMessage;
-                $('#calculatingGraph').html('Failed to fetch graph information: ' + e.responseJSON.errorMessage);
+                $('#calculatingGraph').html('Failed to fetch graph information: ' + _.escape(e.responseJSON.errorMessage));
               }
               arangoHelper.arangoError('Graph', message);
             } catch (ignore) {}
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/infoView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/infoView.js
@@ -77,7 +77,7 @@
           }
           window.modalView.show(
             'modalCollectionInfo.ejs',
-            'Collection: ' + (this.model.get('name').length > 64 ? this.model.get('name').substr(0, 64) + "..." : this.model.get('name')),
+            'Collection: ' + _.escape(this.model.get('name').length > 64 ? this.model.get('name').substr(0, 64) + "..." : this.model.get('name')),
             buttons,
             tableContent, null, null,
             null, null,
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/installGitHubServiceView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/installGitHubServiceView.js
@@ -53,7 +53,7 @@
       if (window.App.naviView) {
         var replaceString = 'New';
         if (this._upgrade) {
-          replaceString = 'Replace (' + window.App.replaceAppData.mount + ')';
+          replaceString = 'Replace (' + _.escape(window.App.replaceAppData.mount) + ')';
         }
         $('#subNavigationBar .breadcrumb').html(
           '<a href="#services">Services:</a> ' + replaceString
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/installNewServiceView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/installNewServiceView.js
@@ -165,7 +165,7 @@
       if (window.App.naviView) {
         var replaceString = 'New';
         if (this._upgrade) {
-          replaceString = 'Replace (' + window.App.replaceAppData.mount + ')';
+          replaceString = 'Replace (' + _.escape(window.App.replaceAppData.mount) + ')';
         }
         $('#subNavigationBar .breadcrumb').html(
           '<a href="#services">Services:</a> ' + replaceString
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/installServiceView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/installServiceView.js
@@ -116,7 +116,7 @@
     breadcrumb: function () {
       var replaceString = 'New';
       if (this._upgrade) {
-        replaceString = 'Replace (' + window.App.replaceAppData.mount + ')';
+        replaceString = 'Replace (' + _.escape(window.App.replaceAppData.mount) + ')';
       }
       $('#subNavigationBar .breadcrumb').html(
         '<a href="#services">Services:</a> ' + replaceString
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/installUploadServiceView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/installUploadServiceView.js
@@ -105,7 +105,7 @@
       if (window.App.naviView) {
         var replaceString = 'New';
         if (this._upgrade) {
-          replaceString = 'Replace (' + window.App.replaceAppData.mount + ')';
+          replaceString = 'Replace (' + _.escape(window.App.replaceAppData.mount) + ')';
         }
         $('#subNavigationBar .breadcrumb').html(
           '<a href="#services">Services:</a> ' + replaceString
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/installUrlServiceView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/installUrlServiceView.js
@@ -45,7 +45,7 @@
       if (window.App.naviView) {
         var replaceString = 'New';
         if (this._upgrade) {
-          replaceString = 'Replace (' + window.App.replaceAppData.mount + ')';
+          replaceString = 'Replace (' + _.escape(window.App.replaceAppData.mount) + ')';
         }
         $('#subNavigationBar .breadcrumb').html(
           '<a href="#services">Services:</a> ' + replaceString
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/nodeView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/nodeView.js
@@ -29,7 +29,7 @@
     },
 
     breadcrumb: function (name) {
-      $('#subNavigationBar .breadcrumb').html('Node: ' + name);
+      $('#subNavigationBar .breadcrumb').html('Node: ' + _.escape(name));
     },
 
     render: function () {
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/shardsView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/shardsView.js
@@ -297,7 +297,7 @@
 
           window.modalView.show(
             'modalTable.ejs',
-            'Move shard: ' + shardName,
+            'Move shard: ' + _.escape(shardName),
             buttons,
             tableContent
           );
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/showClusterView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/showClusterView.js
@@ -94,7 +94,7 @@
       selCol.html('');
       this.cols.getList(dbName, function (list) {
         _.each(_.pluck(list, 'name'), function (c) {
-          selCol.append('<option id="' + c + '">' + c + '</option>');
+          selCol.append('<option id="' + _.escape(c) + '">' + _.escape(c) + '</option>');
         });
         var colToSel = $('#' + colName, selCol);
         if (colToSel.length === 1) {
@@ -151,7 +151,7 @@
       selDB.html('');
       this.dbs.getList(function (dbList) {
         _.each(_.pluck(dbList, 'name'), function (c) {
-          selDB.append('<option id="' + c + '">' + c + '</option>');
+          selDB.append('<option id="' + _.escape(c) + '">' + _.escape(c) + '</option>');
         });
         var dbToSel = $('#' + dbName, selDB);
         if (dbToSel.length === 1) {
diff --git a/js/apps/system/_admin/aardvark/APP/frontend/js/views/storeDetailView.js b/js/apps/system/_admin/aardvark/APP/frontend/js/views/storeDetailView.js
@@ -131,18 +131,18 @@
       // information box info tab
       if (this.model.get('author')) {
         $('.information').append(
-          '<p class="mount"><span>Author:</span>' + this.model.get('author') + '</p>'
+          '<p class="mount"><span>Author:</span>' + _.escape(this.model.get('author')) + '</p>'
         );
       }
       if (this.model.get('mount')) {
         $('.information').append(
-          '<p class="mount"><span>Mount:</span>' + this.model.get('mount') + '</p>'
+          '<p class="mount"><span>Mount:</span>' + _.escape(this.model.get('mount')) + '</p>'
         );
       }
       if (this.model.get('development')) {
         if (this.model.get('path')) {
           $('.information').append(
-            '<p class="path"><span>Path:</span>' + this.model.get('path') + '</p>'
+            '<p class="path"><span>Path:</span>' + _.escape(this.model.get('path')) + '</p>'
           );
         }
       }
diff --git a/js/apps/system/_admin/aardvark/APP/react/package.json b/js/apps/system/_admin/aardvark/APP/react/package.json
@@ -115,6 +115,8 @@
     "jest-worker": "^30.0.5",
     "@babel/traverse": "^7.28.0",
     "braces": "^3.0.3",
+    "express": "^4.21.0",
+    "rollup": "^2.79.2",
     "webpack-dev-middleware": "^5.3.4"
   },
   "babel": {
diff --git a/js/apps/system/_admin/aardvark/APP/react/yarn.lock b/js/apps/system/_admin/aardvark/APP/react/yarn.lock

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@`
`23`	`23`	`if (window.App.naviView) {`
`24`	`24`	`var string = 'Database';`
`25`	`25`	`if (name) {`
`26`		`- string = string + ': ' + name;`
	`26`	`+ string = string + ': ' + _.escape(name);`
`27`	`27`	`}`
`28`	`28`	`$('#subNavigationBar .breadcrumb').html(string);`
`29`	`29`	`} else {`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@`
`77`	`77`	`}`
`78`	`78`	`window.modalView.show(`
`79`	`79`	`'modalCollectionInfo.ejs',`
`80`		`- 'Collection: ' + (this.model.get('name').length > 64 ? this.model.get('name').substr(0, 64) + "..." : this.model.get('name')),`
	`80`	`+ 'Collection: ' + _.escape(this.model.get('name').length > 64 ? this.model.get('name').substr(0, 64) + "..." : this.model.get('name')),`
`81`	`81`	`buttons,`
`82`	`82`	`tableContent, null, null,`
`83`	`83`	`null, null,`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@`
`53`	`53`	`if (window.App.naviView) {`
`54`	`54`	`var replaceString = 'New';`
`55`	`55`	`if (this._upgrade) {`
`56`		`- replaceString = 'Replace (' + window.App.replaceAppData.mount + ')';`
	`56`	`+ replaceString = 'Replace (' + _.escape(window.App.replaceAppData.mount) + ')';`
`57`	`57`	`}`
`58`	`58`	`$('#subNavigationBar .breadcrumb').html(`
`59`	`59`	`'<a href="#services">Services:</a> ' + replaceString`
Original file line number	Diff line number	Diff line change
`@@ -165,7 +165,7 @@`
`165`	`165`	`if (window.App.naviView) {`
`166`	`166`	`var replaceString = 'New';`
`167`	`167`	`if (this._upgrade) {`
`168`		`- replaceString = 'Replace (' + window.App.replaceAppData.mount + ')';`
	`168`	`+ replaceString = 'Replace (' + _.escape(window.App.replaceAppData.mount) + ')';`
`169`	`169`	`}`
`170`	`170`	`$('#subNavigationBar .breadcrumb').html(`
`171`	`171`	`'<a href="#services">Services:</a> ' + replaceString`
Original file line number	Diff line number	Diff line change
`@@ -116,7 +116,7 @@`
`116`	`116`	`breadcrumb: function () {`
`117`	`117`	`var replaceString = 'New';`
`118`	`118`	`if (this._upgrade) {`
`119`		`- replaceString = 'Replace (' + window.App.replaceAppData.mount + ')';`
	`119`	`+ replaceString = 'Replace (' + _.escape(window.App.replaceAppData.mount) + ')';`
`120`	`120`	`}`
`121`	`121`	`$('#subNavigationBar .breadcrumb').html(`
`122`	`122`	`'<a href="#services">Services:</a> ' + replaceString`
Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@`
`105`	`105`	`if (window.App.naviView) {`
`106`	`106`	`var replaceString = 'New';`
`107`	`107`	`if (this._upgrade) {`
`108`		`- replaceString = 'Replace (' + window.App.replaceAppData.mount + ')';`
	`108`	`+ replaceString = 'Replace (' + _.escape(window.App.replaceAppData.mount) + ')';`
`109`	`109`	`}`
`110`	`110`	`$('#subNavigationBar .breadcrumb').html(`
`111`	`111`	`'<a href="#services">Services:</a> ' + replaceString`
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@`
`45`	`45`	`if (window.App.naviView) {`
`46`	`46`	`var replaceString = 'New';`
`47`	`47`	`if (this._upgrade) {`
`48`		`- replaceString = 'Replace (' + window.App.replaceAppData.mount + ')';`
	`48`	`+ replaceString = 'Replace (' + _.escape(window.App.replaceAppData.mount) + ')';`
`49`	`49`	`}`
`50`	`50`	`$('#subNavigationBar .breadcrumb').html(`
`51`	`51`	`'<a href="#services">Services:</a> ' + replaceString`