From 75ee94ee84ca1bcf10d3823b76c10faad275a19e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 21 Mar 2026 10:06:54 +0000 Subject: [PATCH 1/2] fix: webapp/package.json & webapp/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MATTERMOSTREDUX-15702176 --- webapp/package-lock.json | 66 ++++++++++++++++++++++++++-------------- webapp/package.json | 2 +- 2 files changed, 45 insertions(+), 23 deletions(-) diff --git a/webapp/package-lock.json b/webapp/package-lock.json index dfa4947..378b8c1 100644 --- a/webapp/package-lock.json +++ b/webapp/package-lock.json @@ -1,5 +1,5 @@ { - "name": "webapp", + "name": "relock-npm-lock-v2-ss40pu", "lockfileVersion": 3, "requires": true, "packages": { @@ -7,7 +7,7 @@ "dependencies": { "core-js": "3.6.5", "js-cookie": "2.2.1", - "mattermost-redux": "10.9.0", + "mattermost-redux": "^11.4.0", "react": "18.2.0", "react-bootstrap": "0.33.1", "react-dom": "18.2.0", @@ -3110,6 +3110,7 @@ "version": "10.9.0", "resolved": "https://registry.npmjs.org/@mattermost/client/-/client-10.9.0.tgz", "integrity": "sha512-P5b6zF0YIY+DhG25U8Q4ctlRgLZHyWZodgBsVsVY9Riwl0gDA96XmREd55P180MddCzJhRGNQg4UmAjxcqewlQ==", + "dev": true, "license": "MIT", "peerDependencies": { "@mattermost/types": "10.9.0", @@ -3125,6 +3126,7 @@ "version": "10.9.0", "resolved": "https://registry.npmjs.org/@mattermost/types/-/types-10.9.0.tgz", "integrity": "sha512-2795KUkp2EkuJ9NVohPkJmrgKunt6OZiLyo8zUoIWPJjxQ0upjiWJz/KenABx38v8+QfpSEN8tZSBN3lsZCueg==", + "dev": true, "license": "MIT", "peerDependencies": { "typescript": "^4.3.0 || ^5.0.0" @@ -9896,19 +9898,19 @@ } }, "node_modules/mattermost-redux": { - "version": "10.9.0", - "resolved": "https://registry.npmjs.org/mattermost-redux/-/mattermost-redux-10.9.0.tgz", - "integrity": "sha512-dbUV7QQheDMT5ONK9TbGzn4P8AXrHQzJ6Uk/v8zw1ZxMenze08lgwHDUycLyPLCFX4e6CyHXhJ6r+E6mgBL1nA==", + "version": "11.4.0", + "resolved": "https://registry.npmjs.org/mattermost-redux/-/mattermost-redux-11.4.0.tgz", + "integrity": "sha512-EPBuTS4rfL3ClPOItUTGJad9vRKL4GRZu3X7MC2ctJzGZzzvK7kg3fXjp/vV0w1IizNmoGhGURu6V/ZqHI/TWQ==", "license": "MIT", "dependencies": { - "@mattermost/client": "10.9.0", - "@mattermost/types": "10.9.0", - "@redux-devtools/extension": "^3.2.3", + "@mattermost/client": "11.4.0", + "@mattermost/types": "11.4.0", + "@redux-devtools/extension": "3.3.0", "lodash": "^4.17.21", "moment-timezone": "^0.5.38", - "redux": "^4.2.0", - "redux-batched-actions": "^0.5.0", - "redux-thunk": "^2.4.2", + "redux": "^5.0.0", + "redux-batched-actions": "0.5.0", + "redux-thunk": "^3.0.0", "serialize-error": "^11.0.3", "shallow-equals": "^1.0.0", "timezones.json": "^1.7.1" @@ -9922,22 +9924,33 @@ } } }, - "node_modules/mattermost-redux/node_modules/redux": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/redux/-/redux-4.2.1.tgz", - "integrity": "sha512-LAUYz4lc+Do8/g7aeRa8JkyDErK6ekstQaqWQrNRW//MY1TvCEpMtpTWvlQ+FPbWCx+Xixu/6SHt5N0HR+SB4w==", + "node_modules/mattermost-redux/node_modules/@mattermost/client": { + "version": "11.4.0", + "resolved": "https://registry.npmjs.org/@mattermost/client/-/client-11.4.0.tgz", + "integrity": "sha512-QzYIpxFRPA+NDCCxk9bPwnFRpgZq8d1KKYXic8AJJiPXjja6IJDOkpDfGgo4b1q0AofUQ+u7Js3Fh2mxerwz5g==", "license": "MIT", - "dependencies": { - "@babel/runtime": "^7.9.2" + "peerDependencies": { + "@mattermost/types": "11.4.0", + "typescript": "^4.3.0 || ^5.0.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } } }, - "node_modules/mattermost-redux/node_modules/redux-thunk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/redux-thunk/-/redux-thunk-2.4.2.tgz", - "integrity": "sha512-+P3TjtnP0k/FEjcBL5FZpoovtvrTNT/UXd4/sluaSyrURlSlhLSzEdfsTBW7WsKB6yPvgd7q/iZPICFjW4o57Q==", + "node_modules/mattermost-redux/node_modules/@mattermost/types": { + "version": "11.4.0", + "resolved": "https://registry.npmjs.org/@mattermost/types/-/types-11.4.0.tgz", + "integrity": "sha512-oYt7vvsa60hPpujcCBYeyd+22OwprEAtFXgVJrsdd9pR1qkEGU4F+uv8bh6ZTBSZAQnc2/xXQPZJGGR06toteA==", "license": "MIT", "peerDependencies": { - "redux": "^4" + "typescript": "^4.3.0 || ^5.0.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } } }, "node_modules/memoize-one": { @@ -11383,6 +11396,15 @@ "redux": ">=1.0.0" } }, + "node_modules/redux-thunk": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/redux-thunk/-/redux-thunk-3.1.0.tgz", + "integrity": "sha512-NW2r5T6ksUKXCabzhL9z+h206HQw/NJkcLm1GPImRQ8IzfXwRGqjVhKJGauHirT0DAuyy6hjdnMZaRoAcy0Klw==", + "license": "MIT", + "peerDependencies": { + "redux": "^5.0.0" + } + }, "node_modules/reflect.getprototypeof": { "version": "1.0.10", "resolved": "https://registry.npmjs.org/reflect.getprototypeof/-/reflect.getprototypeof-1.0.10.tgz", diff --git a/webapp/package.json b/webapp/package.json index 106231e..fcb42b5 100644 --- a/webapp/package.json +++ b/webapp/package.json @@ -63,7 +63,7 @@ "dependencies": { "core-js": "3.6.5", "js-cookie": "2.2.1", - "mattermost-redux": "10.9.0", + "mattermost-redux": "11.4.0", "react": "18.2.0", "react-bootstrap": "0.33.1", "react-dom": "18.2.0", From f28c2a7290b2fc45e4aeac03b75d3bb65c5f3a1d Mon Sep 17 00:00:00 2001 From: avasconcelos114 Date: Mon, 23 Mar 2026 16:36:43 +0200 Subject: [PATCH 2/2] Matching related lib versions --- webapp/package-lock.json | 53 ++++++++------------------------------- webapp/package.json | 4 +-- webapp/src/hooks/index.js | 8 +++--- 3 files changed, 17 insertions(+), 48 deletions(-) diff --git a/webapp/package-lock.json b/webapp/package-lock.json index 378b8c1..9707c82 100644 --- a/webapp/package-lock.json +++ b/webapp/package-lock.json @@ -1,5 +1,5 @@ { - "name": "relock-npm-lock-v2-ss40pu", + "name": "webapp", "lockfileVersion": 3, "requires": true, "packages": { @@ -7,7 +7,7 @@ "dependencies": { "core-js": "3.6.5", "js-cookie": "2.2.1", - "mattermost-redux": "^11.4.0", + "mattermost-redux": "11.4.0", "react": "18.2.0", "react-bootstrap": "0.33.1", "react-dom": "18.2.0", @@ -30,8 +30,8 @@ "@babel/runtime": "7.28.6", "@emotion/babel-preset-css-prop": "10.0.27", "@emotion/core": "10.0.28", - "@mattermost/client": "10.9.0", - "@mattermost/types": "10.9.0", + "@mattermost/client": "11.4.0", + "@mattermost/types": "11.4.0", "@testing-library/jest-dom": "6.4.0", "@testing-library/react": "14.2.1", "@testing-library/user-event": "14.5.2", @@ -3107,13 +3107,12 @@ } }, "node_modules/@mattermost/client": { - "version": "10.9.0", - "resolved": "https://registry.npmjs.org/@mattermost/client/-/client-10.9.0.tgz", - "integrity": "sha512-P5b6zF0YIY+DhG25U8Q4ctlRgLZHyWZodgBsVsVY9Riwl0gDA96XmREd55P180MddCzJhRGNQg4UmAjxcqewlQ==", - "dev": true, + "version": "11.4.0", + "resolved": "https://registry.npmjs.org/@mattermost/client/-/client-11.4.0.tgz", + "integrity": "sha512-QzYIpxFRPA+NDCCxk9bPwnFRpgZq8d1KKYXic8AJJiPXjja6IJDOkpDfGgo4b1q0AofUQ+u7Js3Fh2mxerwz5g==", "license": "MIT", "peerDependencies": { - "@mattermost/types": "10.9.0", + "@mattermost/types": "11.4.0", "typescript": "^4.3.0 || ^5.0.0" }, "peerDependenciesMeta": { @@ -3123,10 +3122,9 @@ } }, "node_modules/@mattermost/types": { - "version": "10.9.0", - "resolved": "https://registry.npmjs.org/@mattermost/types/-/types-10.9.0.tgz", - "integrity": "sha512-2795KUkp2EkuJ9NVohPkJmrgKunt6OZiLyo8zUoIWPJjxQ0upjiWJz/KenABx38v8+QfpSEN8tZSBN3lsZCueg==", - "dev": true, + "version": "11.4.0", + "resolved": "https://registry.npmjs.org/@mattermost/types/-/types-11.4.0.tgz", + "integrity": "sha512-oYt7vvsa60hPpujcCBYeyd+22OwprEAtFXgVJrsdd9pR1qkEGU4F+uv8bh6ZTBSZAQnc2/xXQPZJGGR06toteA==", "license": "MIT", "peerDependencies": { "typescript": "^4.3.0 || ^5.0.0" @@ -9924,35 +9922,6 @@ } } }, - "node_modules/mattermost-redux/node_modules/@mattermost/client": { - "version": "11.4.0", - "resolved": "https://registry.npmjs.org/@mattermost/client/-/client-11.4.0.tgz", - "integrity": "sha512-QzYIpxFRPA+NDCCxk9bPwnFRpgZq8d1KKYXic8AJJiPXjja6IJDOkpDfGgo4b1q0AofUQ+u7Js3Fh2mxerwz5g==", - "license": "MIT", - "peerDependencies": { - "@mattermost/types": "11.4.0", - "typescript": "^4.3.0 || ^5.0.0" - }, - "peerDependenciesMeta": { - "typescript": { - "optional": true - } - } - }, - "node_modules/mattermost-redux/node_modules/@mattermost/types": { - "version": "11.4.0", - "resolved": "https://registry.npmjs.org/@mattermost/types/-/types-11.4.0.tgz", - "integrity": "sha512-oYt7vvsa60hPpujcCBYeyd+22OwprEAtFXgVJrsdd9pR1qkEGU4F+uv8bh6ZTBSZAQnc2/xXQPZJGGR06toteA==", - "license": "MIT", - "peerDependencies": { - "typescript": "^4.3.0 || ^5.0.0" - }, - "peerDependenciesMeta": { - "typescript": { - "optional": true - } - } - }, "node_modules/memoize-one": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/memoize-one/-/memoize-one-6.0.0.tgz", diff --git a/webapp/package.json b/webapp/package.json index fcb42b5..77648c7 100644 --- a/webapp/package.json +++ b/webapp/package.json @@ -25,8 +25,8 @@ "@babel/runtime": "7.28.6", "@emotion/babel-preset-css-prop": "10.0.27", "@emotion/core": "10.0.28", - "@mattermost/client": "10.9.0", - "@mattermost/types": "10.9.0", + "@mattermost/client": "11.4.0", + "@mattermost/types": "11.4.0", "@testing-library/jest-dom": "6.4.0", "@testing-library/react": "14.2.1", "@testing-library/user-event": "14.5.2", diff --git a/webapp/src/hooks/index.js b/webapp/src/hooks/index.js index b335b9c..4955000 100644 --- a/webapp/src/hooks/index.js +++ b/webapp/src/hooks/index.js @@ -28,7 +28,7 @@ export default class Hooks { const user = getCurrentUser(state); if (commandTrimmed && commandTrimmed === '/confluence subscribe') { - const {data: subscriptionAccessData, error} = await this.store.dispatch(getSubscriptionAccess()); + const {data: subscriptionAccessData, error} = await getSubscriptionAccess()(this.store.dispatch); if (error) { this.store.dispatch(sendEphemeralPost(Constants.ERROR_EXECUTING_COMMAND, contextArgs.channel_id, user.id)); @@ -41,10 +41,10 @@ export default class Hooks { return Promise.resolve({}); } - this.store.dispatch(openSubscriptionModal()); + openSubscriptionModal()(this.store.dispatch); return Promise.resolve({}); } else if (commandTrimmed && commandTrimmed.startsWith('/confluence edit')) { - const {data: subscriptionAccessData, error} = await this.store.dispatch(getSubscriptionAccess()); + const {data: subscriptionAccessData, error} = await getSubscriptionAccess()(this.store.dispatch); if (error) { this.store.dispatch(sendEphemeralPost(Constants.ERROR_EXECUTING_COMMAND, contextArgs.channel_id, user.id)); @@ -62,7 +62,7 @@ export default class Hooks { this.store.dispatch(sendEphemeralPost(Constants.SPECIFY_ALIAS, contextArgs.channel_id, user.id)); } else { const alias = args.slice(2).join(' '); - this.store.dispatch(getChannelSubscription(contextArgs.channel_id, alias, user.id)); + getChannelSubscription(contextArgs.channel_id, alias, user.id)(this.store.dispatch); } return Promise.resolve({}); }