Skip to content

Commit 2f91101

Browse files
authored
chore: fix RTK cache selector lookup and fast-uri CVE-2026-13676 (#719)
1 parent 295657e commit 2f91101

5 files changed

Lines changed: 188 additions & 124 deletions

File tree

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'@forgerock/davinci-client': patch
3+
---
4+
5+
Fix RTK Query cache lookups in `cache.getLatestResponse()` and `cache.getResponseWithId()`.

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,7 @@
132132
"rollup": "^4.59.0",
133133
"picomatch@>=4": "^4.0.4",
134134
"picomatch@<3": "^2.3.2",
135+
"fast-uri": "^3.1.3",
135136
"qs": "^6.15.3",
136137
"@opentelemetry/core": "^2.8.0"
137138
}

packages/davinci-client/api-report/davinci-client.api.md

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -283,26 +283,26 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
283283
resume: (input: {
284284
continueToken: string;
285285
}) => Promise<InternalErrorResponse | NodeStates>;
286-
start: <QueryParams extends OutgoingQueryParams = OutgoingQueryParams>(options?: StartOptions<QueryParams> | undefined) => Promise<StartNode | ErrorNode | FailureNode | ContinueNode | SuccessNode>;
286+
start: <QueryParams extends OutgoingQueryParams = OutgoingQueryParams>(options?: StartOptions<QueryParams> | undefined) => Promise<ContinueNode | ErrorNode | FailureNode | StartNode | SuccessNode>;
287287
update: <T extends SingleValueCollectors | MultiSelectCollector | ObjectValueCollectors | AutoCollectors>(collector: T) => Updater<T>;
288288
validate: (collector: SingleValueCollectors | ObjectValueCollectors | MultiValueCollectors | AutoCollectors) => Validator;
289289
pollStatus: (collector: PollingCollector) => Poller;
290290
getClient: () => {
291-
status: "start";
292-
} | {
293291
action: string;
294292
collectors: Collectors[];
295293
description?: string;
296294
name?: string;
297-
status: "error";
298-
} | {
299-
status: "failure";
295+
status: "continue";
300296
} | {
301297
action: string;
302298
collectors: Collectors[];
303299
description?: string;
304300
name?: string;
305-
status: "continue";
301+
status: "error";
302+
} | {
303+
status: "failure";
304+
} | {
305+
status: "start";
306306
} | {
307307
authorization?: {
308308
code?: string;
@@ -313,9 +313,15 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
313313
getCollectors: () => Collectors[];
314314
getError: () => DaVinciError | null;
315315
getErrorCollectors: () => CollectorErrors[];
316-
getNode: () => StartNode | ErrorNode | FailureNode | ContinueNode | SuccessNode;
316+
getNode: () => ContinueNode | ErrorNode | FailureNode | StartNode | SuccessNode;
317317
getServer: () => {
318-
status: "start";
318+
_links?: Links;
319+
id?: string;
320+
interactionId?: string;
321+
interactionToken?: string;
322+
href?: string;
323+
eventName?: string;
324+
status: "continue";
319325
} | {
320326
_links?: Links;
321327
eventName?: string;
@@ -332,13 +338,7 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
332338
interactionToken?: string;
333339
status: "failure";
334340
} | {
335-
_links?: Links;
336-
id?: string;
337-
interactionId?: string;
338-
interactionToken?: string;
339-
href?: string;
340-
eventName?: string;
341-
status: "continue";
341+
status: "start";
342342
} | {
343343
_links?: Links;
344344
eventName?: string;
@@ -355,14 +355,14 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
355355
} & Omit<{
356356
requestId: string;
357357
data?: unknown;
358-
error?: SerializedError | FetchBaseQueryError | undefined;
358+
error?: FetchBaseQueryError | SerializedError | undefined;
359359
endpointName: string;
360360
startedTimeStamp: number;
361361
fulfilledTimeStamp?: number;
362362
}, "data" | "fulfilledTimeStamp"> & Required<Pick<{
363363
requestId: string;
364364
data?: unknown;
365-
error?: SerializedError | FetchBaseQueryError | undefined;
365+
error?: FetchBaseQueryError | SerializedError | undefined;
366366
endpointName: string;
367367
startedTimeStamp: number;
368368
fulfilledTimeStamp?: number;
@@ -379,14 +379,14 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
379379
} & Omit<{
380380
requestId: string;
381381
data?: unknown;
382-
error?: SerializedError | FetchBaseQueryError | undefined;
382+
error?: FetchBaseQueryError | SerializedError | undefined;
383383
endpointName: string;
384384
startedTimeStamp: number;
385385
fulfilledTimeStamp?: number;
386386
}, "error"> & Required<Pick<{
387387
requestId: string;
388388
data?: unknown;
389-
error?: SerializedError | FetchBaseQueryError | undefined;
389+
error?: FetchBaseQueryError | SerializedError | undefined;
390390
endpointName: string;
391391
startedTimeStamp: number;
392392
fulfilledTimeStamp?: number;
@@ -407,14 +407,14 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
407407
} & Omit<{
408408
requestId: string;
409409
data?: unknown;
410-
error?: SerializedError | FetchBaseQueryError | undefined;
410+
error?: FetchBaseQueryError | SerializedError | undefined;
411411
endpointName: string;
412412
startedTimeStamp: number;
413413
fulfilledTimeStamp?: number;
414414
}, "data" | "fulfilledTimeStamp"> & Required<Pick<{
415415
requestId: string;
416416
data?: unknown;
417-
error?: SerializedError | FetchBaseQueryError | undefined;
417+
error?: FetchBaseQueryError | SerializedError | undefined;
418418
endpointName: string;
419419
startedTimeStamp: number;
420420
fulfilledTimeStamp?: number;
@@ -431,14 +431,14 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
431431
} & Omit<{
432432
requestId: string;
433433
data?: unknown;
434-
error?: SerializedError | FetchBaseQueryError | undefined;
434+
error?: FetchBaseQueryError | SerializedError | undefined;
435435
endpointName: string;
436436
startedTimeStamp: number;
437437
fulfilledTimeStamp?: number;
438438
}, "error"> & Required<Pick<{
439439
requestId: string;
440440
data?: unknown;
441-
error?: SerializedError | FetchBaseQueryError | undefined;
441+
error?: FetchBaseQueryError | SerializedError | undefined;
442442
endpointName: string;
443443
startedTimeStamp: number;
444444
fulfilledTimeStamp?: number;

packages/davinci-client/api-report/davinci-client.types.api.md

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -283,26 +283,26 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
283283
resume: (input: {
284284
continueToken: string;
285285
}) => Promise<InternalErrorResponse | NodeStates>;
286-
start: <QueryParams extends OutgoingQueryParams = OutgoingQueryParams>(options?: StartOptions<QueryParams> | undefined) => Promise<StartNode | ErrorNode | FailureNode | ContinueNode | SuccessNode>;
286+
start: <QueryParams extends OutgoingQueryParams = OutgoingQueryParams>(options?: StartOptions<QueryParams> | undefined) => Promise<ContinueNode | ErrorNode | FailureNode | StartNode | SuccessNode>;
287287
update: <T extends SingleValueCollectors | MultiSelectCollector | ObjectValueCollectors | AutoCollectors>(collector: T) => Updater<T>;
288288
validate: (collector: SingleValueCollectors | ObjectValueCollectors | MultiValueCollectors | AutoCollectors) => Validator;
289289
pollStatus: (collector: PollingCollector) => Poller;
290290
getClient: () => {
291-
status: "start";
292-
} | {
293291
action: string;
294292
collectors: Collectors[];
295293
description?: string;
296294
name?: string;
297-
status: "error";
298-
} | {
299-
status: "failure";
295+
status: "continue";
300296
} | {
301297
action: string;
302298
collectors: Collectors[];
303299
description?: string;
304300
name?: string;
305-
status: "continue";
301+
status: "error";
302+
} | {
303+
status: "failure";
304+
} | {
305+
status: "start";
306306
} | {
307307
authorization?: {
308308
code?: string;
@@ -313,9 +313,15 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
313313
getCollectors: () => Collectors[];
314314
getError: () => DaVinciError | null;
315315
getErrorCollectors: () => CollectorErrors[];
316-
getNode: () => StartNode | ErrorNode | FailureNode | ContinueNode | SuccessNode;
316+
getNode: () => ContinueNode | ErrorNode | FailureNode | StartNode | SuccessNode;
317317
getServer: () => {
318-
status: "start";
318+
_links?: Links;
319+
id?: string;
320+
interactionId?: string;
321+
interactionToken?: string;
322+
href?: string;
323+
eventName?: string;
324+
status: "continue";
319325
} | {
320326
_links?: Links;
321327
eventName?: string;
@@ -332,13 +338,7 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
332338
interactionToken?: string;
333339
status: "failure";
334340
} | {
335-
_links?: Links;
336-
id?: string;
337-
interactionId?: string;
338-
interactionToken?: string;
339-
href?: string;
340-
eventName?: string;
341-
status: "continue";
341+
status: "start";
342342
} | {
343343
_links?: Links;
344344
eventName?: string;
@@ -355,14 +355,14 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
355355
} & Omit<{
356356
requestId: string;
357357
data?: unknown;
358-
error?: SerializedError | FetchBaseQueryError | undefined;
358+
error?: FetchBaseQueryError | SerializedError | undefined;
359359
endpointName: string;
360360
startedTimeStamp: number;
361361
fulfilledTimeStamp?: number;
362362
}, "data" | "fulfilledTimeStamp"> & Required<Pick<{
363363
requestId: string;
364364
data?: unknown;
365-
error?: SerializedError | FetchBaseQueryError | undefined;
365+
error?: FetchBaseQueryError | SerializedError | undefined;
366366
endpointName: string;
367367
startedTimeStamp: number;
368368
fulfilledTimeStamp?: number;
@@ -379,14 +379,14 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
379379
} & Omit<{
380380
requestId: string;
381381
data?: unknown;
382-
error?: SerializedError | FetchBaseQueryError | undefined;
382+
error?: FetchBaseQueryError | SerializedError | undefined;
383383
endpointName: string;
384384
startedTimeStamp: number;
385385
fulfilledTimeStamp?: number;
386386
}, "error"> & Required<Pick<{
387387
requestId: string;
388388
data?: unknown;
389-
error?: SerializedError | FetchBaseQueryError | undefined;
389+
error?: FetchBaseQueryError | SerializedError | undefined;
390390
endpointName: string;
391391
startedTimeStamp: number;
392392
fulfilledTimeStamp?: number;
@@ -407,14 +407,14 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
407407
} & Omit<{
408408
requestId: string;
409409
data?: unknown;
410-
error?: SerializedError | FetchBaseQueryError | undefined;
410+
error?: FetchBaseQueryError | SerializedError | undefined;
411411
endpointName: string;
412412
startedTimeStamp: number;
413413
fulfilledTimeStamp?: number;
414414
}, "data" | "fulfilledTimeStamp"> & Required<Pick<{
415415
requestId: string;
416416
data?: unknown;
417-
error?: SerializedError | FetchBaseQueryError | undefined;
417+
error?: FetchBaseQueryError | SerializedError | undefined;
418418
endpointName: string;
419419
startedTimeStamp: number;
420420
fulfilledTimeStamp?: number;
@@ -431,14 +431,14 @@ export function davinci<ActionType extends ActionTypes = ActionTypes>(input: {
431431
} & Omit<{
432432
requestId: string;
433433
data?: unknown;
434-
error?: SerializedError | FetchBaseQueryError | undefined;
434+
error?: FetchBaseQueryError | SerializedError | undefined;
435435
endpointName: string;
436436
startedTimeStamp: number;
437437
fulfilledTimeStamp?: number;
438438
}, "error"> & Required<Pick<{
439439
requestId: string;
440440
data?: unknown;
441-
error?: SerializedError | FetchBaseQueryError | undefined;
441+
error?: FetchBaseQueryError | SerializedError | undefined;
442442
endpointName: string;
443443
startedTimeStamp: number;
444444
fulfilledTimeStamp?: number;

0 commit comments

Comments
 (0)