Dependabot fixes - critical (#94)

bravoalpha79 · johannalberts · web-flow · commit f30c28024272 · 2022-08-30T17:08:18.000+02:00
* Update versions of json-scheme and minimalist to fix dependabot vulnerabilities * Revert "Update versions of json-scheme and minimalist to fix dependabot vulnerabilities" This reverts commit a04fd34. * Add json-schema and bump mimist versions for dependabot fixes * Update nlkm and url-lib versions in requirement files * Modify requirements version format to try and get build to succeed * Remove ntlk as a package * Add and update npm packages to fix high level dependabot alerts * Set type as module in package.json to handle ES6 syntax * Revert "Add and update npm packages to fix high level dependabot alerts" This reverts commit 60a2943. Co-authored-by: wondrousWebWorks <alberts.johann@gmail.com>
diff --git a/package.json b/package.json
@@ -1,6 +1,7 @@
 {
   "name": "edx",
   "version": "0.1.0",
+  "type": "module",
   "dependencies": {
     "@edx/edx-bootstrap": "1.0.4",
     "@edx/edx-proctoring": "^1.5.0",
@@ -37,6 +38,7 @@
     "jquery-migrate": "1.4.1",
     "jquery.scrollto": "2.1.2",
     "js-cookie": "2.2.0",
+    "json-schema": ">=0.4.0",
     "lodash": ">=4.17.21",
     "moment": "2.29.4",
     "moment-timezone": "0.5.14",
@@ -98,6 +100,7 @@
     "jasmine-jquery": "git+https://github.com/velesin/jasmine-jquery.git#ebad463d592d3fea00c69f26ea18a930e09c7b58",
     "jest": "^26.6.3",
     "jest-enzyme": "^7.1.2",
+    "json-schema": ">=0.4.0",
     "karma": "^6.1.0",
     "karma-chrome-launcher": "0.2.3",
     "karma-coverage": "0.5.5",
@@ -110,6 +113,7 @@
     "karma-sourcemap-loader": "0.3.7",
     "karma-spec-reporter": "0.0.20",
     "karma-webpack": "^5.0.0",
+    "minimist": ">=1.2.6",
     "react-test-renderer": "^17.0.1",
     "selenium-webdriver": "3.4.0",
     "sinon": "2.3.5",
diff --git a/requirements/edx-sandbox/shared.in b/requirements/edx-sandbox/shared.in
@@ -11,4 +11,3 @@
 
 cryptography                        # Implementations of assorted cryptography algorithms
 lxml                                # XML parser
-nltk                                # Natural language processing; used by the chem package
diff --git a/requirements/edx-sandbox/shared.txt b/requirements/edx-sandbox/shared.txt
@@ -9,7 +9,6 @@ click==7.1.2              # via nltk
 cryptography==2.9.2       # via -r requirements/edx-sandbox/shared.in
 joblib==0.14.1            # via -c requirements/edx-sandbox/../constraints.txt, nltk
 lxml==4.5.0               # via -c requirements/edx-sandbox/../constraints.txt, -r requirements/edx-sandbox/shared.in
-nltk==3.5                 # via -r requirements/edx-sandbox/shared.in
 pycparser==2.20           # via cffi
 regex==2020.7.14          # via nltk
 six==1.15.0               # via cryptography
diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt
@@ -161,7 +161,6 @@ more-itertools==8.4.0     # via -r requirements/edx/paver.txt, zipp
 mpmath==1.1.0             # via sympy
 mysqlclient==2.0.1        # via -r requirements/edx/base.in
 newrelic==5.14.1.144      # via -r requirements/edx/base.in, edx-django-utils
-nltk==3.5                 # via -r requirements/edx/../edx-sandbox/shared.txt, chem
 nodeenv==1.4.0            # via -r requirements/edx/base.in
 numpy==1.18.5             # via -c requirements/edx/../constraints.txt, chem, openedx-calc, scipy
 oauthlib==3.0.1           # via -c requirements/edx/../constraints.txt, -r requirements/edx/base.in, django-oauth-toolkit, lti-consumer-xblock, requests-oauthlib, social-auth-core
@@ -236,7 +235,7 @@ tqdm==4.47.0              # via -r requirements/edx/../edx-sandbox/shared.txt, n
 ua-parser==0.10.0         # via django-cookies-samesite
 unicodecsv==0.14.1        # via -r requirements/edx/base.in, edx-enterprise
 uritemplate==3.0.1        # via coreapi, drf-yasg
-urllib3==1.25.9           # via -r requirements/edx/paver.txt, elasticsearch, geoip2, requests
+urllib3==1.26.5          # via -r requirements/edx/paver.txt, elasticsearch, geoip2, requests
 user-util==0.2            # via -r requirements/edx/base.in
 voluptuous==0.11.7        # via ora2
 watchdog==0.10.3          # via -r requirements/edx/paver.txt
diff --git a/requirements/edx/paver.txt b/requirements/edx/paver.txt
@@ -24,7 +24,7 @@ python-memcached==1.59    # via -r requirements/edx/paver.in
 requests==2.24.0          # via -r requirements/edx/paver.in
 six==1.15.0               # via edx-opaque-keys, libsass, mock, paver, python-memcached, stevedore
 stevedore==1.32.0         # via -c requirements/edx/../constraints.txt, -r requirements/edx/paver.in, edx-opaque-keys
-urllib3==1.25.9           # via requests
+urllib3==1.26.5           # via requests
 watchdog==0.10.3          # via -r requirements/edx/paver.in
 wrapt==1.11.2             # via -c requirements/edx/../constraints.txt, -r requirements/edx/paver.in
 zipp==1.0.0               # via -c requirements/edx/../constraints.txt, importlib-metadata

Original file line number	Diff line number	Diff line change
`@@ -11,4 +11,3 @@`
`11`	`11`
`12`	`12`	`cryptography # Implementations of assorted cryptography algorithms`
`13`	`13`	`lxml # XML parser`
`14`		`-nltk # Natural language processing; used by the chem package`