diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c1cbd9..e0632e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.1.11] - 2025-02-06 + +### Security +- `path-to-regexp` to mitigate [CVE-2024-52798] +- `nanoid` to mitigate [CVE-2024-55565] + ## [1.1.10] - 2024-11-22 ### Security diff --git a/deployment/build-s3-dist.sh b/deployment/build-s3-dist.sh index 9a54857..6283df6 100755 --- a/deployment/build-s3-dist.sh +++ b/deployment/build-s3-dist.sh @@ -40,12 +40,12 @@ while getopts ':h' OPTION; do h) echo echo "script usage: $(basename $0) DIST_OUTPUT_BUCKET SOLUTION_NAME VERSION" - echo "example usage: ./$(basename $0) mybucket virtual-waiting-room-on-aws v1.1.10" + echo "example usage: ./$(basename $0) mybucket virtual-waiting-room-on-aws v1.1.11" echo echo "If no arguments are passed in, the following default values are used:" echo "DIST_OUTPUT_BUCKET=rodeolabz" echo "SOLUTION_NAME=virtual-waiting-room-on-aws" - echo "VERSION=v1.1.10" + echo "VERSION=v1.1.11" echo echo "You may export export these variables in your environment and call the script using those variables:" echo "./$(basename $0) \$DIST_OUTPUT_BUCKET \$SOLUTION_NAME \$VERSION" @@ -79,8 +79,8 @@ fi if [ -z "$3" ] then - echo "Setting default version to v1.1.10" - VERSION='v1.1.10' + echo "Setting default version to v1.1.11" + VERSION='v1.1.11' fi template_dir="$PWD" # /deployment @@ -88,7 +88,7 @@ template_dist_dir="$template_dir/global-s3-assets" build_dist_dir="$template_dir/regional-s3-assets" pkg_dir="$template_dir/pkg" source_dir="$template_dir/../source" -common_version=1.1.10 +common_version=1.1.11 echo "------------------------------------------------------------------------------" echo "[Init] Clean old dist, node_modules and bower_components folders" diff --git a/deployment/poetry.lock b/deployment/poetry.lock index 49e20fe..dc60c61 100644 --- a/deployment/poetry.lock +++ b/deployment/poetry.lock @@ -1506,7 +1506,7 @@ zstd = ["zstandard (>=0.18.0)"] [[package]] name = "virtual-waiting-room-on-aws-common" -version = "1.1.10" +version = "1.1.11" description = "Common Python modules for Virtual Waiting Room on AWS" optional = false python-versions = ">=3.10" diff --git a/deployment/pyproject.toml b/deployment/pyproject.toml index 9e1a261..4d2cb91 100644 --- a/deployment/pyproject.toml +++ b/deployment/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "deployment" -version = "1.1.10" +version = "1.1.11" description = "Deployment of Virtual Waiting Room on AWS" authors = ["Amazon Web Services"] package-mode=false diff --git a/source/control-panel/package-lock.json b/source/control-panel/package-lock.json index 03d79e3..2c2f141 100644 --- a/source/control-panel/package-lock.json +++ b/source/control-panel/package-lock.json @@ -5581,9 +5581,9 @@ } }, "node_modules/express": { - "version": "4.21.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", - "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", "dev": true, "dependencies": { "accepts": "~1.3.8", @@ -5605,7 +5605,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -5620,6 +5620,10 @@ }, "engines": { "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express/node_modules/array-flatten": { @@ -7582,9 +7586,9 @@ } }, "node_modules/nanoid": { - "version": "3.3.6", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", - "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==", + "version": "3.3.8", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz", + "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==", "funding": [ { "type": "github", @@ -8148,9 +8152,9 @@ "dev": true }, "node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==", + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", "dev": true }, "node_modules/path-type": { diff --git a/source/core-api-authorizers-sample/chalice/pyproject.toml b/source/core-api-authorizers-sample/chalice/pyproject.toml index 7ecfe17..e1672a0 100644 --- a/source/core-api-authorizers-sample/chalice/pyproject.toml +++ b/source/core-api-authorizers-sample/chalice/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "chalice" -version = "1.1.10" +version = "1.1.11" description = "Chalice Code" authors = ["Amazon Web Services"] package-mode = false diff --git a/source/core-api-authorizers-sample/custom_resources/pyproject.toml b/source/core-api-authorizers-sample/custom_resources/pyproject.toml index ca00f6f..ed4bb48 100644 --- a/source/core-api-authorizers-sample/custom_resources/pyproject.toml +++ b/source/core-api-authorizers-sample/custom_resources/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "custom-resources" -version = "1.1.10" +version = "1.1.11" description = "" authors = ["Amazon Web Services"] diff --git a/source/core-api/custom_resources/pyproject.toml b/source/core-api/custom_resources/pyproject.toml index 79f9760..d8a66b2 100644 --- a/source/core-api/custom_resources/pyproject.toml +++ b/source/core-api/custom_resources/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "custom-resources" -version = "1.1.10" +version = "1.1.11" description = "Custom resources for core APIs of Virtual Waitin Room on AWS" authors = ["Amazon Web Services"] package-mode = false diff --git a/source/openid-waitingroom/chalice/pyproject.toml b/source/openid-waitingroom/chalice/pyproject.toml index 40a7606..4a55511 100644 --- a/source/openid-waitingroom/chalice/pyproject.toml +++ b/source/openid-waitingroom/chalice/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "custom-resources" -version = "1.1.10" +version = "1.1.11" description = "Open Id waiting room template of Virtual Waitin Room on AWS" authors = ["Amazon Web Services"] package-mode = false diff --git a/source/openid-waitingroom/custom_resources/pyproject.toml b/source/openid-waitingroom/custom_resources/pyproject.toml index 44b58ac..f175d26 100644 --- a/source/openid-waitingroom/custom_resources/pyproject.toml +++ b/source/openid-waitingroom/custom_resources/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "custom-resources" -version = "1.1.10" +version = "1.1.11" description = "Custom resources for open Id waiting room of Virtual Waitin Room on AWS" authors = ["Amazon Web Services"] diff --git a/source/openid-waitingroom/www/package-lock.json b/source/openid-waitingroom/www/package-lock.json index 968be2f..c68e868 100644 --- a/source/openid-waitingroom/www/package-lock.json +++ b/source/openid-waitingroom/www/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-waitingroom", - "version": "1.1.10", + "version": "1.1.11", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "openid-waitingroom", - "version": "1.1.10", + "version": "1.1.11", "hasInstallScript": true, "license": "Apache-2.0", "dependencies": { diff --git a/source/openid-waitingroom/www/package.json b/source/openid-waitingroom/www/package.json index 145d344..2354ae6 100644 --- a/source/openid-waitingroom/www/package.json +++ b/source/openid-waitingroom/www/package.json @@ -1,6 +1,6 @@ { "name": "openid-waitingroom", - "version": "1.1.10", + "version": "1.1.11", "description": "A Virtual Waiting Room on AWS OpenID Adaptor", "author": { "name": "Amazon Web Services", diff --git a/source/sample-inlet-strategies/pyproject.toml b/source/sample-inlet-strategies/pyproject.toml index 976209f..9ebb5fc 100644 --- a/source/sample-inlet-strategies/pyproject.toml +++ b/source/sample-inlet-strategies/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "custom-resources" -version = "1.1.10" +version = "1.1.11" description = "Virtual Waitin Room on AWS" authors = ["Amazon Web Services"] diff --git a/source/sample-waiting-room-site/package-lock.json b/source/sample-waiting-room-site/package-lock.json index 6c6cc16..a396658 100644 --- a/source/sample-waiting-room-site/package-lock.json +++ b/source/sample-waiting-room-site/package-lock.json @@ -5625,9 +5625,9 @@ } }, "node_modules/express": { - "version": "4.21.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", - "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", "dev": true, "dependencies": { "accepts": "~1.3.8", @@ -5649,7 +5649,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -5664,6 +5664,10 @@ }, "engines": { "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express/node_modules/array-flatten": { @@ -7663,9 +7667,9 @@ } }, "node_modules/nanoid": { - "version": "3.3.6", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", - "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==", + "version": "3.3.8", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz", + "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==", "funding": [ { "type": "github", @@ -8229,9 +8233,9 @@ "dev": true }, "node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==", + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", "dev": true }, "node_modules/path-type": { diff --git a/source/shared/virtual-waiting-room-on-aws-common/setup.py b/source/shared/virtual-waiting-room-on-aws-common/setup.py index 7f03545..218ea2d 100644 --- a/source/shared/virtual-waiting-room-on-aws-common/setup.py +++ b/source/shared/virtual-waiting-room-on-aws-common/setup.py @@ -9,7 +9,7 @@ setuptools.setup( name="virtual-waiting-room-on-aws-common", - version="1.1.10", + version="1.1.11", author="AWS Solutions PDX", author_email="aws-solutions-pdx@amazon.com", description="Common Python modules for Virtual Waiting Room on AWS", diff --git a/source/token-authorizer/chalice/pyproject.toml b/source/token-authorizer/chalice/pyproject.toml index 1c47f06..e0ca5f7 100644 --- a/source/token-authorizer/chalice/pyproject.toml +++ b/source/token-authorizer/chalice/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "custom-resources" -version = "1.1.10" +version = "1.1.11" description = "Token Authorizer for template of Virtual Waitin Room on AWS" authors = ["Amazon Web Services"]