Skip to content

Commit 933be16

Browse files
committed
Resolve fast-xml-parser CVE-2026-26278 via yarn resolution
Issue: CLDSRV-868
1 parent f659ecb commit 933be16

File tree

8 files changed

+469
-666
lines changed

8 files changed

+469
-666
lines changed

package.json

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
"homepage": "https://github.com/scality/S3#readme",
2121
"dependencies": {
2222
"@aws-sdk/client-iam": "^3.930.0",
23-
"@aws-sdk/client-s3": "^3.908.0",
23+
"@aws-sdk/client-s3": "^3.1012.0",
2424
"@aws-sdk/client-sts": "^3.930.0",
2525
"@aws-sdk/credential-providers": "^3.864.0",
2626
"@aws-sdk/middleware-retry": "^3.374.0",
@@ -84,7 +84,8 @@
8484
},
8585
"resolutions": {
8686
"jsonwebtoken": "^9.0.0",
87-
"nan": "v2.22.0"
87+
"nan": "v2.22.0",
88+
"fast-xml-parser": ">=5.5.6"
8889
},
8990
"mocha": {
9091
"recursive": true,

tests/functional/aws-node-sdk/test/bucket/head.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,8 @@ describe('HEAD bucket', () => {
2121
await s3.send(new HeadBucketCommand({ Bucket: '' }));
2222
assert.fail('Expected failure but got success');
2323
} catch (err) {
24-
assert.strictEqual(err.message, 'Empty value provided for input HTTP label: Bucket.');
24+
assert.strictEqual(err.$metadata.httpStatusCode, 405);
25+
assert.strictEqual(err.name, 'Unknown');
2526
}
2627
});
2728
});

tests/functional/aws-node-sdk/test/multipleBackend/unknownEndpoint.js

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,7 @@ let s3;
2121
describe('Requests to ip endpoint not in config', () => {
2222
withV4(sigCfg => {
2323
before(() => {
24-
bucketUtil = new BucketUtility('default', sigCfg);
25-
// change endpoint to endpoint with ip address
26-
// not in config
27-
bucketUtil.s3.config.endpoint = specifiedEndpoint;
24+
bucketUtil = new BucketUtility('default', { ...sigCfg, endpoint: specifiedEndpoint });
2825
s3 = bucketUtil.s3;
2926
});
3027

tests/functional/aws-node-sdk/test/object/deleteObject.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ describe('DELETE object', () => {
103103
const bucketName = 'testdeleteobjectlockbucket';
104104
let versionIdOne;
105105
let versionIdTwo;
106-
const retainDate = moment().add(10, 'days');
106+
const retainDate = moment().add(10, 'days').toDate();
107107

108108
before(async () => {
109109
try {

tests/functional/aws-node-sdk/test/object/get.js

Lines changed: 1 addition & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -224,18 +224,6 @@ describe('GET object', () => {
224224
await s3.send(new DeleteBucketCommand({ Bucket: bucketName }));
225225
});
226226

227-
228-
it('should return an error to get request without a valid ' +
229-
'bucket name',
230-
done => {
231-
s3.send(new GetObjectCommand({ Bucket: '', Key: 'somekey' })).then(() => {
232-
assert.fail('Expected failure but got success');
233-
}).catch(err => {
234-
assert.strictEqual(err.message, 'Empty value provided for input HTTP label: Bucket.');
235-
return done();
236-
});
237-
});
238-
239227
it('should return NoSuchKey error when no such object',
240228
done => {
241229
s3.send(new GetObjectCommand({ Bucket: bucketName, Key: 'nope' })).then(() => {
@@ -1073,7 +1061,7 @@ describeSkipIfCeph('GET object with object lock', () => {
10731061
const params = {
10741062
Bucket: bucket,
10751063
Key: key,
1076-
ObjectLockRetainUntilDate: mockDate,
1064+
ObjectLockRetainUntilDate: mockDate.toDate(),
10771065
ObjectLockMode: mockMode,
10781066
ObjectLockLegalHoldStatus: 'ON',
10791067
};

tests/functional/aws-node-sdk/test/object/objectHead.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -556,7 +556,7 @@ describeSkipIfCeph('HEAD object with object lock', () => {
556556
const params = {
557557
Bucket: bucket,
558558
Key: key,
559-
ObjectLockRetainUntilDate: mockDate,
559+
ObjectLockRetainUntilDate: mockDate.toDate(),
560560
ObjectLockMode: mockMode,
561561
ObjectLockLegalHoldStatus: 'ON',
562562
};

tests/functional/aws-node-sdk/test/object/putRetention.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ const objectName = 'putobjectretentionobject';
2121

2222
const retentionConfig = {
2323
Mode: 'GOVERNANCE',
24-
RetainUntilDate: moment().add(1, 'd').add(123, 'ms'),
24+
RetainUntilDate: moment().add(1, 'd').add(123, 'ms').toDate(),
2525
};
2626

2727
const isCEPH = process.env.CI_CEPH !== undefined;

0 commit comments

Comments
 (0)