Merge pull request #1841 from finos/fix-vulnerable-deps

Resolve CVEs and simplify dependency maintenance + FDC3 Workbench version check

Author: kriswest

CHANGELOG.md

@@ -53,8 +53,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 * Allowed retrieval of User channels as App channels via getOrCreateChannel and getCurrentChannel in fdc3-web-impl. ([#1835](https://github.com/finos/FDC3/pull/1835))
 * Corrected description of UCBasic3 in the fdc-conformance framework implementation. ([#1823](https://github.com/finos/FDC3/pull/1823))
 * Fixed a race condition in fdc3-workbench's context store which caused the context listeners on user channels to miss replay of current context in some cases. ([#1823](https://github.com/finos/FDC3/pull/1823))
-* Fixed lint in the fdc30workbench implementation. ([#1823](https://github.com/finos/FDC3/pull/1823))
-
+* Fixed lint in the fdc3-workbench implementation. ([#1823](https://github.com/finos/FDC3/pull/1823))
+* Stopped fdc3-workbench flagging FDC3 version 2.2 as unsupported. ([#1841](https://github.com/finos/FDC3/pull/1841))
+* Resolved vulnerable dependencies (esbuild, serialize-javascript, elliptic) and consolidated shared devDependencies to simplify future maintenance. ([#1841](https://github.com/finos/FDC3/pull/1841))
 
 ## [FDC3 Standard 2.2](https://github.com/finos/FDC3/compare/v2.1..v2.2) - 2025-03-12
 

package-lock.json

@@ -55,17 +55,28 @@
     "syncpack": "^14.0.0"
   },
   "devDependencies": {
+    "@eslint/js": "^9.19.0",
     "@types/mocha": "^10.0.10",
+    "@types/node": "^20.16.11",
+    "@vitest/coverage-v8": "^3.2.4",
     "concurrently": "^8.2.2",
+    "eslint": "^9.32.0",
     "eslint-config-prettier": "^9.1.0",
+    "globals": "^15.14.0",
     "husky": "^9.1.7",
     "istanbul-merge": "^2.0.0",
     "lint-staged": "^15.2.10",
     "nyc": "17.1.0",
     "pixelmatch": "^7.1.0",
     "prettier": "3.4.1",
-    "tsx": "^4.20.5",
-    "vitest-mock-extended": "^2.0.0"
+    "rimraf": "^6.0.1",
+    "tsx": "^4.19.1",
+    "typescript": "^5.6.3",
+    "typescript-eslint": "^8.17.0",
+    "vitest": "^3.2.4"
+  },
+  "overrides": {
+    "serialize-javascript": "^7.0.5"
   },
   "lint-staged": {
     "**/*": "prettier --write --ignore-unknown"

package.json

@@ -30,25 +30,13 @@
   },
   "devDependencies": {
     "@cucumber/cucumber": "10.3.1",
-    "@eslint/js": "^9.19.0",
     "@finos/testing": "2.2.2-beta.1",
-    "@types/node": "^20.16.11",
     "@types/uuid": "^10.0.0",
-    "@vitest/coverage-v8": "^2.0.0",
-    "eslint": "^9.32.0",
-    "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-import": "^2.31.0",
     "eslint-plugin-prettier": "3.3.1",
-    "globals": "^15.14.0",
     "is-ci": "2.0.0",
     "jsonpath-plus": "^10.1.0",
-    "prettier": "3.4.1",
     "quickpickle": "^1.0.0",
-    "rimraf": "^6.0.1",
-    "tsx": "^4.19.1",
-    "typescript": "^5.6.3",
-    "typescript-eslint": "^8.17.0",
-    "uuid": "^9.0.1",
-    "vitest": "^2.0.0"
+    "uuid": "^9.0.1"
   }
 }

packages/fdc3-agent-proxy/package.json

@@ -35,20 +35,11 @@
     "typegen": "cd schemas && node ../s2tQuicktypeUtil.cjs context ../generated/context/ContextTypes.ts"
   },
   "devDependencies": {
-    "@eslint/js": "^9.19.0",
     "ajv": "^8.18.0",
-    "@vitest/coverage-v8": "^3.2.3",
     "ajv-formats": "^3.0.1",
-    "eslint": "^9.32.0",
-    "eslint-config-prettier": "^9.1.0",
-    "globals": "^15.14.0",
     "mkdirp": "^3.0.1",
     "quicktype": "23.0.78",
-    "rimraf": "^6.0.1",
-    "tslib": "^2.7.0",
-    "typescript": "^5.6.3",
-    "typescript-eslint": "^8.17.0",
-    "vitest": "^3.2.3"
+    "tslib": "^2.7.0"
   },
   "overrides": {
     "ajv-formats": {

packages/fdc3-context/package.json

@@ -34,24 +34,13 @@
   },
   "devDependencies": {
     "@cucumber/cucumber": "10.3.1",
-    "@eslint/js": "^9.19.0",
     "@finos/fdc3-web-impl": "2.2.2-beta.1",
     "@finos/testing": "2.2.2-beta.1",
-    "@types/node": "^20.16.11",
     "@types/wtfnode": "^0.7.3",
-    "@vitest/coverage-v8": "^3.0.4",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
-    "eslint": "^9.32.0",
-    "eslint-config-prettier": "^9.1.0",
-    "globals": "^15.14.0",
     "jsonpath-plus": "^10.1.0",
     "quickpickle": "^1.6.1",
-    "rimraf": "^6.0.1",
-    "tsx": "^4.19.1",
-    "typescript": "^5.6.3",
-    "typescript-eslint": "^8.17.0",
-    "vitest": "^3.0.4",
     "wtfnode": "^0.9.3"
   },
   "type": "module"

packages/fdc3-get-agent/package.json

@@ -28,18 +28,11 @@
     "typegen-bridging": "cd schemas && node ../s2tQuicktypeUtil.cjs api/api.schema.json api/common.schema.json api/broadcastRequest.schema.json api/findInstancesRequest.schema.json api/findInstancesResponse.schema.json api/findIntentRequest.schema.json api/findIntentResponse.schema.json api/findIntentsByContextRequest.schema.json api/findIntentsByContextResponse.schema.json api/getAppMetadataRequest.schema.json api/getAppMetadataResponse.schema.json api/openRequest.schema.json api/openResponse.schema.json api/raiseIntentRequest.schema.json api/raiseIntentResponse.schema.json api/raiseIntentResultResponse.schema.json ../../fdc3-context/schemas/context/context.schema.json bridging ../generated/bridging/BridgingTypes.ts"
   },
   "devDependencies": {
-    "@eslint/js": "^9.19.0",
-    "eslint": "^9.32.0",
-    "eslint-config-prettier": "^9.1.0",
-    "globals": "^15.14.0",
     "message-await": "^1.1.0",
     "mkdirp": "^3.0.1",
     "quicktype": "23.0.78",
-    "rimraf": "^6.0.1",
     "ts-morph": "^24.0.0",
-    "tslib": "^2.7.0",
-    "typescript": "^5.6.3",
-    "typescript-eslint": "^8.17.0"
+    "tslib": "^2.7.0"
   },
   "type": "module"
 }

packages/fdc3-schema/package.json

@@ -37,21 +37,11 @@
   },
   "devDependencies": {
     "@apidevtools/swagger-parser": "^10.1.1",
-    "@eslint/js": "^9.19.0",
-    "@vitest/coverage-v8": "^3.0.0",
-    "eslint": "^9.32.0",
-    "eslint-config-prettier": "^9.1.0",
-    "globals": "^15.14.0",
     "jsdom": "^28.1.0",
     "jsonschema": "^1.4.0",
-    "prettier": "3.4.1",
     "quicktype": "23.0.78",
-    "rimraf": "^6.0.1",
     "tslib": "^2.7.0",
-    "typescript": "^5.6.3",
-    "vitest": "^3.0.0",
-    "typescript-eslint": "^8.17.0",
-    "vitest-mock-extended": "^2.0.0"
+    "vitest-mock-extended": "^3.0.0"
   },
   "type": "module"
 }

packages/fdc3-standard/package.json

@@ -32,29 +32,23 @@
   },
   "dependencies": {
     "@cucumber/cucumber": "10.3.1",
+    "pixelmatch": "^7.1.0",
     "quickpickle": "^1.4.1",
     "@cucumber/html-formatter": "11.0.4",
     "@cucumber/pretty-formatter": "1.0.1",
     "@finos/fdc3-standard": "2.2.2-beta.1",
     "@types/expect": "24.3.0",
     "@types/lodash": "4.14.167",
-    "@types/node": "^20.16.11",
     "@types/uuid": "^10.0.0",
     "ajv": "^8.18.0",
     "ajv-formats": "^3.0.1",
-    "eslint": "^9.32.0",
-    "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-import": "^2.31.0",
     "eslint-plugin-prettier": "3.3.1",
     "expect": "^29.7.0",
     "is-ci": "2.0.0",
     "jsonpath-plus": "^10.1.0",
     "nyc": "17.1.0",
-    "prettier": "3.4.1",
-    "rimraf": "^6.0.1",
     "ts-node": "^10.9.2",
-    "tsx": "^4.19.1",
-    "typescript": "^5.6.3",
     "uuid": "^9.0.1"
   },
   "overrides": {

packages/testing/package.json

@@ -19,10 +19,12 @@
     "@finos/fdc3": "2.2.2-beta.1",
     "buffer": "^6.0.3",
     "chai": "^4.3.6",
+    "get-func-name": "^2.0.2",
     "mocha": "^10.0.0",
     "process": "^0.11.10",
     "source-map-support": "^0.5.21",
     "stream-browserify": "^3.0.0",
+    "type-detect": "^4.1.0",
     "util": "^0.12.4",
     "window": "^1.0.0"
   },