Upgrade dompurify to 3.2.4

2025-02-19 06:16:20 -08:00 · 2025-02-19 05:57:23 -08:00 · 2025-02-19 05:56:55 -08:00 · 2025-02-19 05:51:52 -08:00 · 2025-02-19 05:11:53 -08:00 · 2025-02-19 05:06:29 -08:00
8 changed files with 31 additions and 15 deletions
--- a/2
+++ b/2
@@ -64,7 +64,7 @@ swagger-console:

 assets:
 	@(if [ -f "${NVM_DIR}/nvm.sh" ]; then \. "${NVM_DIR}/nvm.sh" && nvm install && nvm use && npm install -g yarn ; fi &&\
-	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --loglevel warn; cd ..)
+	  cd web-app; corepack enable; yarn install --prefer-offline; make build-static; yarn prettier --write . --log-level warn; cd ..)

 test-integration:
 	@(docker stop pgsqlcontainer || true)
--- a/web-app/package.json
+++ b/web-app/package.json
@@ -7,6 +7,7 @@
  "dependencies": {
    "@reduxjs/toolkit": "^1.9.7",
    "clsx": "^2.1.1",
+    "dompurify": "^3.2.4",
    "http-status-codes": "^2.3.0",
    "kbar": "^0.1.0-beta.45",
    "local-storage-fallback": "^4.1.2",
@@ -78,6 +79,7 @@
    "@types/webpack-env": "^1.18.5",
    "babel-plugin-istanbul": "^6.1.1",
    "customize-cra": "^1.0.0",
+    "dompurify": "^3.2.4",
    "knip": "^5.27.2",
    "minio": "^8.0.1",
    "nyc": "^15.1.0",
--- a/web-app/src/common/SecureComponent/tests/accessControl.test.ts
+++ b/web-app/src/common/SecureComponent/tests/accessControl.test.ts
@@ -176,7 +176,7 @@ test("Can delete an object inside a bucket prefix", () => {
        "xref_cust_guid_actd-v1.jpg",
        "test/digitalinsights/xref_cust_guid_actd-v1.jpg",
      ],
-      [IAM_SCOPES.S3_DELETE_OBJECT],
+      [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
    ),
  ).toBe(true);
 });
@@ -186,7 +186,7 @@ test("Can't delete an object inside a bucket prefix", () => {
  expect(
    hasPermission(
      ["xref_cust_guid_actd-v1.jpg", "test/xref_cust_guid_actd-v1.jpg"],
-      [IAM_SCOPES.S3_DELETE_OBJECT],
+      [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
    ),
  ).toBe(false);
 });
--- a/web-app/src/common/SecureComponent/permissions.ts
+++ b/web-app/src/common/SecureComponent/permissions.ts
@@ -30,6 +30,7 @@ export const IAM_SCOPES = {
  S3_PUT_OBJECT: "s3:PutObject",
  S3_GET_ACTIONS: "s3:Get*",
  S3_PUT_ACTIONS: "s3:Put*",
+  S3_DELETE_ACTIONS: "s3:Delete*",
  S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold",
  S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold",
  S3_DELETE_OBJECT: "s3:DeleteObject",
@@ -197,6 +198,7 @@ export const IAM_PERMISSIONS = {
    IAM_SCOPES.S3_PUT_OBJECT,
    IAM_SCOPES.S3_PUT_ACTIONS,
    IAM_SCOPES.S3_DELETE_OBJECT,
+    IAM_SCOPES.S3_DELETE_ACTIONS,
  ],
  [IAM_ROLES.BUCKET_VIEWER]: [
    IAM_SCOPES.S3_LIST_BUCKET,
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx
@@ -278,7 +278,7 @@ const ListObjects = () => {
  ]);
  const canDelete = hasPermission(
    [pathAsResourceInPolicy, ...sessionGrantWildCards],
-    [IAM_SCOPES.S3_DELETE_OBJECT],
+    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
  );
  const canUpload =
    hasPermission(
@@ -912,7 +912,7 @@ const ListObjects = () => {
      tooltip: canDelete
        ? "Delete Selected Files"
        : permissionTooltipHelper(
-            [IAM_SCOPES.S3_DELETE_OBJECT],
+            [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
            "delete objects in this bucket",
          ),
    },
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ObjectDetailPanel.tsx
@@ -352,7 +352,7 @@ const ObjectDetailPanel = ({
  ]);
  const canDelete = hasPermission(
    [bucketName, currentItem, [bucketName, actualInfo.name].join("/")],
-    [IAM_SCOPES.S3_DELETE_OBJECT],
+    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
  );

  let objectType: AllowedPreviews = previewObjectType(metaData, currentItem);
@@ -649,7 +649,7 @@ const ObjectDetailPanel = ({
              canDelete
                ? ""
                : permissionTooltipHelper(
-                    [IAM_SCOPES.S3_DELETE_OBJECT],
+                    [IAM_SCOPES.S3_DELETE_OBJECT, IAM_SCOPES.S3_DELETE_ACTIONS],
                    "delete this object",
                  )
            }
@@ -665,7 +665,10 @@ const ObjectDetailPanel = ({
                  currentItem,
                  [bucketName, actualInfo.name].join("/"),
                ]}
-                scopes={[IAM_SCOPES.S3_DELETE_OBJECT]}
+                scopes={[
+                  IAM_SCOPES.S3_DELETE_OBJECT,
+                  IAM_SCOPES.S3_DELETE_ACTIONS,
+                ]}
                errorProps={{ disabled: true }}
              >
                <Button
--- a/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx
+++ b/web-app/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx
@@ -232,7 +232,10 @@ const AddTagModal = ({
                        return (
                          <SecureComponent
                            key={`chip-${index}`}
-                            scopes={[IAM_SCOPES.S3_DELETE_OBJECT_TAGGING]}
+                            scopes={[
+                              IAM_SCOPES.S3_DELETE_OBJECT_TAGGING,
+                              IAM_SCOPES.S3_DELETE_ACTIONS,
+                            ]}
                            resource={bucketName}
                            errorProps={{
                              deleteIcon: null,
--- a/web-app/yarn.lock
+++ b/web-app/yarn.lock
@@ -3839,7 +3839,7 @@ __metadata:
  languageName: node
  linkType: hard

-"@types/trusted-types@npm:^2.0.2":
+"@types/trusted-types@npm:^2.0.2, @types/trusted-types@npm:^2.0.7":
  version: 2.0.7
  resolution: "@types/trusted-types@npm:2.0.7"
  checksum: 10c0/4c4855f10de7c6c135e0d32ce462419d8abbbc33713b31d294596c0cc34ae1fa6112a2f9da729c8f7a20707782b0d69da3b1f8df6645b0366d08825ca1522e0c
@@ -7142,10 +7142,15 @@ __metadata:
  languageName: node
  linkType: hard

-"dompurify@npm:^2.5.4":
-  version: 2.5.7
-  resolution: "dompurify@npm:2.5.7"
-  checksum: 10c0/23c4f737182fcf3e731e458c3930ef4d2916191e4180e1e345f153124dfa7ec117d2810af1754e8854c581131fc75dac914a8391183d1511852ef32b4055f711
+"dompurify@npm:^3.2.4":
+  version: 3.2.4
+  resolution: "dompurify@npm:3.2.4"
+  dependencies:
+    "@types/trusted-types": "npm:^2.0.7"
+  dependenciesMeta:
+    "@types/trusted-types":
+      optional: true
+  checksum: 10c0/6be56810fb7ad2776155c8fc2967af5056783c030094362c7d0cf1ad13f2129cf922d8eefab528a34bdebfb98e2f44b306a983ab93aefb9d6f24c18a3d027a05
  languageName: node
  linkType: hard

@@ -11213,7 +11218,7 @@ __metadata:
    btoa: "npm:^1.2.1"
    canvg: "npm:^3.0.6"
    core-js: "npm:^3.6.0"
-    dompurify: "npm:^2.5.4"
+    dompurify: "npm:^3.2.4"
    fflate: "npm:^0.8.1"
    html2canvas: "npm:^1.0.0-rc.5"
  dependenciesMeta:
@@ -18216,6 +18221,7 @@ __metadata:
    babel-plugin-istanbul: "npm:^6.1.1"
    clsx: "npm:^2.1.1"
    customize-cra: "npm:^1.0.0"
+    dompurify: "npm:^3.2.4"
    http-status-codes: "npm:^2.3.0"
    kbar: "npm:^0.1.0-beta.45"
    knip: "npm:^5.27.2"
Author	SHA1	Message	Date
Allan Roger Reid	7968d1b61d	Upgrade dompurify to 3.2.4	2025-02-19 06:16:20 -08:00
Allan Roger Reid	132f3a62d0	Upgrade dompurify to 3.2.4	2025-02-19 05:57:23 -08:00
Allan Roger Reid	fbdcc0e30c	Upgrade dompurify to 3.2.4	2025-02-19 05:56:55 -08:00
Allan Roger Reid	be16cae9ae	Upgrade dompurify to 3.2.4	2025-02-19 05:51:52 -08:00
Allan Roger Reid	f80bf3af9b	Upgrade dompurify to 3.2.4	2025-02-19 05:11:53 -08:00
Allan Roger Reid	1df1bf34e0	Upgrade dompurify to 3.2.4 Allow console to recognize Delete*	2025-02-19 05:06:29 -08:00