From b9ef5fb89ccd31fda4e467b6e6547e9c3a80eb54 Mon Sep 17 00:00:00 2001 From: Arnei Date: Wed, 10 Jul 2024 15:45:48 +0200 Subject: [PATCH] Replace iarna/toml with smol-toml Our build logs were complaining: > node_modules/@iarna/toml/lib/toml-parser.js (153:22): Use of eval in "node_modules/@iarna/toml/lib/toml-parser.js" is strongly discouraged as it poses security risks and may cause issues with minification. Unfortunately, iarna/toml appears to be unmaintained, so this likely won't get fixed. This patch replaces it with another toml parser that causes no build complaints and is actively maintained. --- package-lock.json | 27 ++++++++++++--------------- package.json | 3 +-- src/config.ts | 4 ++-- 3 files changed, 15 insertions(+), 19 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9db0917aa..c0b2a8d1e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,12 +11,10 @@ "@emotion/react": "^11.11.4", "@emotion/styled": "^11.11.5", "@fontsource-variable/roboto-flex": "^5.0.15", - "@iarna/toml": "^2.2.5", "@mui/material": "^5.15.21", "@opencast/appkit": "^0.3.0", "@reduxjs/toolkit": "^2.2.6", "@testing-library/jest-dom": "^6.4.6", - "@types/iarna__toml": "^2.0.5", "@types/react": "^18.3.3", "@types/react-dom": "^18.3.0", "deepmerge": "^4.3.1", @@ -46,6 +44,7 @@ "react-virtualized-auto-sizer": "^1.0.24", "react-window": "^1.8.10", "redux": "^5.0.1", + "smol-toml": "^1.2.2", "standardized-audio-context": "^25.3.72", "typescript": "^5.5.2", "uuid": "^10.0.0", @@ -1342,10 +1341,6 @@ "integrity": "sha512-6EwiSjwWYP7pTckG6I5eyFANjPhmPjUX9JRLUSfNPC7FX7zK9gyZAfUEaECL6ALTpGX5AjnBq3C9XmVWPitNpw==", "dev": true }, - "node_modules/@iarna/toml": { - "version": "2.2.5", - "license": "ISC" - }, "node_modules/@istanbuljs/load-nyc-config": { "version": "1.1.0", "license": "ISC", @@ -3232,14 +3227,6 @@ "@types/node": "*" } }, - "node_modules/@types/iarna__toml": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/@types/iarna__toml/-/iarna__toml-2.0.5.tgz", - "integrity": "sha512-I55y+SxI0ayM4MBU6yfGJGmi4wRll6wtSeKiFYAZj+Z5Q1DVbMgBSVDYY+xQZbjIlLs/pN4fidnvR8faDrmxPg==", - "dependencies": { - "@types/node": "*" - } - }, "node_modules/@types/istanbul-lib-coverage": { "version": "2.0.4", "license": "MIT", @@ -3284,7 +3271,9 @@ }, "node_modules/@types/node": { "version": "18.16.3", - "license": "MIT" + "license": "MIT", + "optional": true, + "peer": true }, "node_modules/@types/parse-json": { "version": "4.0.0", @@ -11107,6 +11096,14 @@ "node": ">=8" } }, + "node_modules/smol-toml": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.2.2.tgz", + "integrity": "sha512-fVEjX2ybKdJKzFL46VshQbj9PuA4IUKivalgp48/3zwS9vXzyykzQ6AX92UxHSvWJagziMRLeHMgEzoGO7A8hQ==", + "engines": { + "node": ">= 18" + } + }, "node_modules/snake-case": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", diff --git a/package.json b/package.json index 1bf7f04f9..10e607ecc 100644 --- a/package.json +++ b/package.json @@ -6,12 +6,10 @@ "@emotion/react": "^11.11.4", "@emotion/styled": "^11.11.5", "@fontsource-variable/roboto-flex": "^5.0.15", - "@iarna/toml": "^2.2.5", "@mui/material": "^5.15.21", "@opencast/appkit": "^0.3.0", "@reduxjs/toolkit": "^2.2.6", "@testing-library/jest-dom": "^6.4.6", - "@types/iarna__toml": "^2.0.5", "@types/react": "^18.3.3", "@types/react-dom": "^18.3.0", "deepmerge": "^4.3.1", @@ -41,6 +39,7 @@ "react-virtualized-auto-sizer": "^1.0.24", "react-window": "^1.8.10", "redux": "^5.0.1", + "smol-toml": "^1.2.2", "standardized-audio-context": "^25.3.72", "typescript": "^5.5.2", "uuid": "^10.0.0", diff --git a/src/config.ts b/src/config.ts index 714e6b0f9..82019acd7 100644 --- a/src/config.ts +++ b/src/config.ts @@ -7,7 +7,7 @@ * * Also does some global hotkey configuration */ -import parseToml from "@iarna/toml/parse-string"; +import { parse } from "smol-toml"; import deepmerge from "deepmerge"; import { Flavor } from "./types"; @@ -222,7 +222,7 @@ const loadContextSettings = async () => { } try { - return parseToml(await response.text()); + return parse(await response.text()); } catch (e) { console.error(`Could not parse "${settingsPath}" as TOML: `, e); throw new SyntaxError(`Could not parse "${settingsPath}" as TOML: ${e}`);