@budibase/server 2.18.1 → 2.18.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/yarn.lock
CHANGED
|
@@ -6451,7 +6451,7 @@ acorn@^7.1.1:
|
|
|
6451
6451
|
resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.1.tgz#feaed255973d2e77555b83dbc08851a6c63520fa"
|
|
6452
6452
|
integrity sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==
|
|
6453
6453
|
|
|
6454
|
-
acorn@^8.1.0, acorn@^8.10.0, acorn@^8.2.4, acorn@^8.4.1, acorn@^8.5.0, acorn@^8.7.
|
|
6454
|
+
acorn@^8.1.0, acorn@^8.10.0, acorn@^8.2.4, acorn@^8.4.1, acorn@^8.5.0, acorn@^8.7.1, acorn@^8.8.1, acorn@^8.8.2, acorn@^8.9.0:
|
|
6455
6455
|
version "8.11.3"
|
|
6456
6456
|
resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.11.3.tgz#71e0b14e13a4ec160724b38fb7b0f233b1b81d7a"
|
|
6457
6457
|
integrity sha512-Y9rRfJG5jcKOE0CLisYbojUjIrIEE7AGMzA/Sm4BslANhbS+cDMpgBdcPT91oJ7OuJ9hYJBx59RjbhxVnrF8Xg==
|
|
@@ -21701,14 +21701,6 @@ vlq@^0.2.2:
|
|
|
21701
21701
|
resolved "https://registry.yarnpkg.com/vlq/-/vlq-0.2.3.tgz#8f3e4328cf63b1540c0d67e1b2778386f8975b26"
|
|
21702
21702
|
integrity sha512-DRibZL6DsNhIgYQ+wNdWDL2SL3bKPlVrRiBqV5yuMm++op8W4kGFtaQfCs4KEJn0wBZcHVHJ3eoywX8983k1ow==
|
|
21703
21703
|
|
|
21704
|
-
vm2@^3.9.19:
|
|
21705
|
-
version "3.9.19"
|
|
21706
|
-
resolved "https://registry.yarnpkg.com/vm2/-/vm2-3.9.19.tgz#be1e1d7a106122c6c492b4d51c2e8b93d3ed6a4a"
|
|
21707
|
-
integrity sha512-J637XF0DHDMV57R6JyVsTak7nIL8gy5KH4r1HiwWLf/4GBbb5MKL5y7LpmF4A8E2nR6XmzpmMFQ7V7ppPTmUQg==
|
|
21708
|
-
dependencies:
|
|
21709
|
-
acorn "^8.7.0"
|
|
21710
|
-
acorn-walk "^8.2.0"
|
|
21711
|
-
|
|
21712
21704
|
vuvuzela@1.0.3:
|
|
21713
21705
|
version "1.0.3"
|
|
21714
21706
|
resolved "https://registry.yarnpkg.com/vuvuzela/-/vuvuzela-1.0.3.tgz#3be145e58271c73ca55279dd851f12a682114b0b"
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@budibase/server",
|
|
3
3
|
"email": "hi@budibase.com",
|
|
4
|
-
"version": "2.18.
|
|
4
|
+
"version": "2.18.2",
|
|
5
5
|
"description": "Budibase Web Server",
|
|
6
6
|
"main": "src/index.ts",
|
|
7
7
|
"repository": {
|
|
@@ -47,12 +47,12 @@
|
|
|
47
47
|
"license": "GPL-3.0",
|
|
48
48
|
"dependencies": {
|
|
49
49
|
"@apidevtools/swagger-parser": "10.0.3",
|
|
50
|
-
"@budibase/backend-core": "2.18.
|
|
51
|
-
"@budibase/client": "2.18.
|
|
52
|
-
"@budibase/pro": "2.18.
|
|
53
|
-
"@budibase/shared-core": "2.18.
|
|
54
|
-
"@budibase/string-templates": "2.18.
|
|
55
|
-
"@budibase/types": "2.18.
|
|
50
|
+
"@budibase/backend-core": "2.18.2",
|
|
51
|
+
"@budibase/client": "2.18.2",
|
|
52
|
+
"@budibase/pro": "2.18.2",
|
|
53
|
+
"@budibase/shared-core": "2.18.2",
|
|
54
|
+
"@budibase/string-templates": "2.18.2",
|
|
55
|
+
"@budibase/types": "2.18.2",
|
|
56
56
|
"@bull-board/api": "5.10.2",
|
|
57
57
|
"@bull-board/koa": "5.10.2",
|
|
58
58
|
"@elastic/elasticsearch": "7.10.0",
|
|
@@ -191,5 +191,5 @@
|
|
|
191
191
|
}
|
|
192
192
|
}
|
|
193
193
|
},
|
|
194
|
-
"gitHead": "
|
|
194
|
+
"gitHead": "f1ef059bfb3d19dead719f2289b8fff429fda2a9"
|
|
195
195
|
}
|
|
@@ -47,6 +47,13 @@ describe("jsRunner", () => {
|
|
|
47
47
|
expect(output).toBe(3)
|
|
48
48
|
})
|
|
49
49
|
|
|
50
|
+
it("should prevent sandbox escape", async () => {
|
|
51
|
+
const output = await processJS(
|
|
52
|
+
`return this.constructor.constructor("return process")()`
|
|
53
|
+
)
|
|
54
|
+
expect(output).toBe("Error while executing JS")
|
|
55
|
+
})
|
|
56
|
+
|
|
50
57
|
describe("helpers", () => {
|
|
51
58
|
runJsHelpersTests({
|
|
52
59
|
funcWrap: (func: any) => config.doInContext(config.getAppId(), func),
|