fix(security): fix tedious security issue (#671)

Thenkei · web-flow · commit cebb294772a8 · 2024-03-08T15:26:53.000+01:00
diff --git a/package.json b/package.json
@@ -50,7 +50,7 @@
     "spinnies": "0.5.1",
     "stdout-stderr": "0.1.13",
     "superagent": "8.1.2",
-    "tedious": "11.8.0",
+    "tedious": "16.7.1",
     "uuid": "8.0.0",
     "validate-npm-package-name": "3.0.0"
   },
diff --git a/src/services/dumpers/agent-nodejs.ts b/src/services/dumpers/agent-nodejs.ts
@@ -90,7 +90,7 @@ export default class AgentNodeJs extends AbstractDumper {
       } else if (dbDialect === 'mariadb') {
         dependencies.mariadb = '^3.0.2';
       } else if (dbDialect === 'mssql') {
-        dependencies.tedious = '^15.1.2';
+        dependencies.tedious = '^16.7.1';
       }
     }
 
diff --git a/src/services/dumpers/forest-express.js b/src/services/dumpers/forest-express.js
@@ -92,7 +92,7 @@ class ForestExpress extends AbstractDumper {
       } else if (dbDialect === 'mysql') {
         dependencies.mysql2 = '~2.2.5';
       } else if (dbDialect === 'mssql') {
-        dependencies.tedious = '^6.4.0';
+        dependencies.tedious = '^15.1.3';
       } else if (dbDialect === 'mongodb') {
         delete dependencies.sequelize;
         dependencies.mongoose = '~5.13.9';
diff --git a/test/services/dumpers/agent-nodejs/agent-nodejs.unit.test.ts b/test/services/dumpers/agent-nodejs/agent-nodejs.unit.test.ts
@@ -567,7 +567,7 @@ describe('services > dumpers > AgentNodeJs', () => {
 
               expect(context.fs.writeFileSync).toHaveBeenCalledWith(
                 `/test/a${language.name}Application/package.json`,
-                expect.stringContaining('"tedious": "^15.1.2"'),
+                expect.stringContaining('"tedious": "^16.7.1"'),
               );
             });
           });
diff --git a/test/services/dumpers/agent-nodejs/expected/javascript/mssql/package.json b/test/services/dumpers/agent-nodejs/expected/javascript/mssql/package.json
@@ -15,7 +15,7 @@
     "dotenv": "^16.0.1",
     "@forestadmin/agent": "^1.0.0",
     "@forestadmin/datasource-sql": "^1.0.0",
-    "tedious": "^15.1.2"
+    "tedious": "^16.7.1"
   },
   "devDependencies": {
     "nodemon": "^2.0.12"
diff --git a/test/services/dumpers/agent-nodejs/expected/typescript/mssql/package.json b/test/services/dumpers/agent-nodejs/expected/typescript/mssql/package.json
@@ -17,7 +17,7 @@
     "dotenv": "^16.0.1",
     "@forestadmin/agent": "^1.0.0",
     "@forestadmin/datasource-sql": "^1.0.0",
-    "tedious": "^15.1.2"
+    "tedious": "^16.7.1"
   },
   "devDependencies": {
     "nodemon": "^2.0.12",
diff --git a/yarn.lock b/yarn.lock

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ export default class AgentNodeJs extends AbstractDumper {`
`90`	`90`	`} else if (dbDialect === 'mariadb') {`
`91`	`91`	`dependencies.mariadb = '^3.0.2';`
`92`	`92`	`} else if (dbDialect === 'mssql') {`
`93`		`- dependencies.tedious = '^15.1.2';`
	`93`	`+ dependencies.tedious = '^16.7.1';`
`94`	`94`	`}`
`95`	`95`	`}`
`96`	`96`