address outstanding CVEs + remove plop from grafana-plugin/ (#4871)

# Which issue(s) this PR closes Closes the following dependabot alerts/CVEs: - [x] https://github.com/grafana/oncall/security/dependabot/117 - CVE-2022-42969 - [x] https://github.com/grafana/oncall/security/dependabot/106 and https://github.com/grafana/oncall/security/dependabot/105 - CVE-2024-3651 - [x] https://github.com/grafana/oncall/security/dependabot/51 - CVE-2022-46175 - [x] https://github.com/grafana/oncall/security/dependabot/124 - CVE-2024-4068 - [ ] https://github.com/grafana/oncall/security/dependabot/78 - CVE-2023-44270 - [ ] https://github.com/grafana/oncall/security/dependabot/132 and https://github.com/grafana/oncall/security/dependabot/131 - CVE-2024-39689 ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [ ] Documentation added (or `pr:no public docs` PR label added if not required) - [ ] Added the relevant release notes label (see labels prefixed w/ `release:`). These labels dictate how your PR will show up in the autogenerated release notes.
2024-08-20 10:29:01 -04:00 · 2024-08-20 10:29:01 -04:00 · 4a39518a56
commit 4a39518a56
parent 2164e75854
23 changed files with 403 additions and 1752 deletions
--- a/engine/requirements-dev.txt
+++ b/engine/requirements-dev.txt
@ -6,7 +6,7 @@ asgiref==3.7.2
    #   django
 celery-types==0.18.0
    # via -r requirements-dev.in
-certifi==2024.2.2
+certifi==2024.7.4
    # via
    #   -c requirements.txt
    #   requests
@ -25,14 +25,14 @@ django==4.2.15
    #   django-stubs-ext
 django-filter-stubs==0.1.3
    # via -r requirements-dev.in
-django-stubs[compatible-mypy]==4.2.2
+django-stubs==4.2.2
    # via
    #   -r requirements-dev.in
    #   django-filter-stubs
    #   djangorestframework-stubs
 django-stubs-ext==4.2.7
    # via django-stubs
-djangorestframework-stubs[compatible-mypy]==3.14.2
+djangorestframework-stubs==3.14.2
    # via
    #   -r requirements-dev.in
    #   django-filter-stubs
@ -52,7 +52,7 @@ httpretty==1.1.4
    # via -r requirements-dev.in
 identify==2.5.34
    # via pre-commit
-idna==3.6
+idna==3.7
    # via
    #   -c requirements.txt
    #   requests
@ -96,7 +96,7 @@ pytest-django==4.8.0
    # via -r requirements-dev.in
 pytest-factoryboy==2.7.0
    # via -r requirements-dev.in
-pytest-xdist[psutil]==3.6.1
+pytest-xdist==3.6.1
    # via -r requirements-dev.in
 python-dateutil==2.8.2
    # via
@ -110,6 +110,10 @@ requests==2.32.3
    # via
    #   -c requirements.txt
    #   djangorestframework-stubs
+setuptools==73.0.0
+    # via
+    #   -c requirements.txt
+    #   nodeenv
 six==1.16.0
    # via
    #   -c requirements.txt
--- a/engine/requirements.in
+++ b/engine/requirements.in
@ -64,3 +64,7 @@ whitenoise==5.3.0
 google-api-python-client==2.122.0
 google-auth-httplib2==0.2.0
 google-auth-oauthlib==1.2.0
+# we are manually pinning idna to 3.7 to fix CVE-2024-3651
+# requests==2.32.3 is installing idna==3.6 but supports idna>=2.5,<4
+# https://github.com/psf/requests/blob/v2.32.3/setup.py#L63
+idna==3.7
--- a/engine/requirements.txt
+++ b/engine/requirements.txt
@ -34,9 +34,9 @@ cachetools==4.2.2
    # via
    #   google-auth
    #   python-telegram-bot
-celery[redis]==5.3.1
+celery==5.3.1
    # via -r requirements.in
-certifi==2024.2.2
+certifi==2024.7.4
    # via
    #   python-telegram-bot
    #   requests
@ -157,7 +157,7 @@ firebase-admin==5.4.0
    # via fcm-django
 flask==3.0.2
    # via slack-export-viewer
-google-api-core[grpc]==2.17.0
+google-api-core==2.17.0
    # via
    #   firebase-admin
    #   google-api-python-client
@ -224,8 +224,10 @@ icalendar==5.0.10
    #   -r requirements.in
    #   recurring-ical-events
    #   x-wr-timezone
-idna==3.6
-    # via requests
+idna==3.7
+    # via
+    #   -r requirements.in
+    #   requests
 importlib-metadata==6.11.0
    # via opentelemetry-api
 inflection==0.5.1
@ -415,6 +417,10 @@ rsa==4.9
    # via google-auth
 s3transfer==0.10.0
    # via boto3
+setuptools==73.0.0
+    # via
+    #   apscheduler
+    #   opentelemetry-instrumentation
 six==1.16.0
    # via
    #   apscheduler
--- a/grafana-plugin/package.json
+++ b/grafana-plugin/package.json
@ -27,7 +27,6 @@
    "watch": "NODE_ENV=development webpack -w -c ./webpack.config.ts --env development",
    "sign": "npx --yes @grafana/sign-plugin@latest",
    "start": "yarn watch",
-    "plop": "plop",
    "setversion": "setversion",
    "typecheck": "tsc --noEmit",
    "typecheck:watch": "yarn typecheck --watch --preserveWatchOutput false",
@ -105,7 +104,6 @@
    "mailslurp-client": "^15.14.1",
    "moment-timezone": "^0.5.35",
    "openapi-typescript": "^7.0.0-next.4",
-    "plop": "^2.7.4",
    "postcss-loader": "^7.0.1",
    "prettier": "^2.8.7",
    "react-test-renderer": "^18.0.2",
@ -177,5 +175,8 @@
    "throttle-debounce": "^2.1.0",
    "tinycolor2": "^1.6.0",
    "tslib": "2.5.3"
+  },
+  "resolutions": {
+    "braces": "3.0.3"
  }
 }
--- a/grafana-plugin/plopfile.js
+++ b/grafana-plugin/plopfile.js
@ -1,33 +0,0 @@
-const createComponentFiles = require('./tools/plop/generators/createComponentFiles');
-const createContainerFiles = require('./tools/plop/generators/createContainerFiles');
-const createModelFiles = require('./tools/plop/generators/createModelFiles');
-const componentPrompts = require('./tools/plop/prompts/componentPrompts');
-const containerPrompts = require('./tools/plop/prompts/containerPrompts');
-const modelPrompts = require('./tools/plop/prompts/modelPrompts');
-
-// const configNeededHelper = require('./tools/plop/helpers/configNeeded');
-
-module.exports = function plopGenerator(plop) {
-  plop.setWelcomeMessage('What can I do for you?');
-
-  // plop.setHelper('configNeeded', configNeededHelper);
-
-  plop.setGenerator('Create model files', {
-    description: 'Create model',
-    prompts: modelPrompts,
-    actions: (answers) => createModelFiles(answers),
-  });
-
-  plop.setGenerator('Create component files', {
-    description: 'Create component and CSS module for it',
-    prompts: componentPrompts,
-    actions: (answers) => createComponentFiles(answers),
-  });
-
-  plop.setGenerator('Create container files', {
-    description: 'Create component connected to store',
-    prompts: containerPrompts,
-    actions: (answers) => createContainerFiles(answers),
-  });
-
-};
--- a/grafana-plugin/tools/plop/generators/createComponentFiles.js
+++ b/grafana-plugin/tools/plop/generators/createComponentFiles.js
@ -1,29 +0,0 @@
-module.exports = function createComponentFiles(answers) {
-    const actions = [];
-
-    const pathToApp = 'src/components/{{pascalCase componentName}}';
-
-    const pathToComponentTemplate = 'tools/plop/templates/Component';
-
-    actions.push({
-        type: 'add',
-        path: `${pathToApp}/{{pascalCase componentName}}.module.css`,
-        templateFile: `${pathToComponentTemplate}/Component.module.css.hbs`,
-    });
-
-    if (answers.isComponentFunctional) {
-        actions.push({
-            type: 'add',
-            path: `${pathToApp}/{{pascalCase componentName}}.tsx`,
-            templateFile: `${pathToComponentTemplate}/FunctionalComponent.tsx.hbs`,
-        });
-    } else {
-        actions.push({
-            type: 'add',
-            path: `${pathToApp}/{{pascalCase componentName}}.tsx`,
-            templateFile: `${pathToComponentTemplate}/ClassComponent.tsx.hbs`,
-        });
-    }
-
-    return actions;
-};
--- a/grafana-plugin/tools/plop/generators/createContainerFiles.js
+++ b/grafana-plugin/tools/plop/generators/createContainerFiles.js
@ -1,29 +0,0 @@
-module.exports = function createContainerFiles(answers) {
-    const actions = [];
-
-    const pathToApp = 'src/containers/{{pascalCase containerName}}';
-
-    const pathToComponentTemplate = 'tools/plop/templates/Container';
-
-    actions.push({
-        type: 'add',
-        path: `${pathToApp}/{{pascalCase containerName}}.module.css`,
-        templateFile: `${pathToComponentTemplate}/Component.module.css.hbs`,
-    });
-
-    if (answers.isComponentFunctional) {
-        actions.push({
-            type: 'add',
-            path: `${pathToApp}/{{pascalCase containerName}}.tsx`,
-            templateFile: `${pathToComponentTemplate}/FunctionalComponent.tsx.hbs`,
-        });
-    } else {
-        actions.push({
-            type: 'add',
-            path: `${pathToApp}/{{pascalCase containerName}}.tsx`,
-            templateFile: `${pathToComponentTemplate}/ClassComponent.tsx.hbs`,
-        });
-    }
-
-    return actions;
-};
--- a/grafana-plugin/tools/plop/generators/createModelFiles.js
+++ b/grafana-plugin/tools/plop/generators/createModelFiles.js
@ -1,22 +0,0 @@
-module.exports = function createModelFiles(answers) {
-    const actions = [];
-
-    const pathToApp = 'src/models/{{modelName}}';
-
-    const pathToComponentTemplate = 'tools/plop/templates/Model';
-
-    actions.push(
-        {
-            type: 'add',
-            path: `${pathToApp}/{{modelName}}.ts`,
-            templateFile: `${pathToComponentTemplate}/BaseModel.ts.hbs`,
-        },
-        {
-            type: 'add',
-            path: `${pathToApp}/{{modelName}}.types.ts`,
-            templateFile: `${pathToComponentTemplate}/BaseModel.types.ts.hbs`,
-        }
-    );
-
-    return actions;
-};
--- a/grafana-plugin/tools/plop/helpers/configNeeded.js
+++ b/grafana-plugin/tools/plop/helpers/configNeeded.js
@ -1,10 +0,0 @@
-module.exports = function configNeeded(options, componentName) {
-    const camelCasedName =
-        componentName.charAt(0).toLowerCase() + componentName.slice(1);
-
-    if (options.indexOf('add config.ts') !== -1) {
-        return `import { ${camelCasedName}Text } from './${camelCasedName}.config';\n`;
-    }
-
-    return '';
-};
--- a/grafana-plugin/tools/plop/prompts/componentPrompts.js
+++ b/grafana-plugin/tools/plop/prompts/componentPrompts.js
@ -1,12 +0,0 @@
-module.exports = [
-    {
-        type: 'input',
-        name: 'componentName',
-        message: 'Component name please (PascalCase)',
-    },
-    {
-        type: 'confirm',
-        name: 'isComponentFunctional',
-        message: 'Is it Function Component?',
-    },
-];
--- a/grafana-plugin/tools/plop/prompts/containerPrompts.js
+++ b/grafana-plugin/tools/plop/prompts/containerPrompts.js
@ -1,12 +0,0 @@
-module.exports = [
-    {
-        type: 'input',
-        name: 'containerName',
-        message: 'Container name please (PascalCase)',
-    },
-    {
-        type: 'confirm',
-        name: 'isComponentFunctional',
-        message: 'Is it Function Component?',
-    },
-];
--- a/grafana-plugin/tools/plop/prompts/modelPrompts.js
+++ b/grafana-plugin/tools/plop/prompts/modelPrompts.js
@ -1,8 +0,0 @@
-module.exports = [
-    {
-        type: 'input',
-        name: 'modelName',
-        message: 'Model name please (snake_case)',
-        filter: value => value.toLowerCase(),
-    },
-];
--- a/grafana-plugin/tools/plop/templates/Component/ClassComponent.tsx.hbs
+++ b/grafana-plugin/tools/plop/templates/Component/ClassComponent.tsx.hbs
@ -1,29 +0,0 @@
-import React, { Component } from 'react';
-import cn from 'classnames/bind';
-
-import styles from './{{pascalCase componentName}}.module.css';
-
-const cx = cn.bind(styles);
-
-interface {{pascalCase componentName}}Props {
-
-}
-
-interface {{pascalCase componentName}}State {
-
-}
-
-class {{pascalCase componentName}} extends Component<{{pascalCase componentName}}Props, {{pascalCase componentName}}State> {
-    public state: {{pascalCase componentName}}State = { };
-
-    render() {
-        const { } = this.props;
-        const { } = this.state;
-
-        return (
-            <div className={cx('root')} />
-        );
-    }
-}
-
-export default {{pascalCase componentName}};
--- a/grafana-plugin/tools/plop/templates/Component/Component.module.css.hbs
+++ b/grafana-plugin/tools/plop/templates/Component/Component.module.css.hbs
@ -1,3 +0,0 @@
-.root {
-
-}
--- a/grafana-plugin/tools/plop/templates/Component/FunctionalComponent.tsx.hbs
+++ b/grafana-plugin/tools/plop/templates/Component/FunctionalComponent.tsx.hbs
@ -1,20 +0,0 @@
-import React, { FC } from 'react';
-import cn from 'classnames/bind';
-
-import styles from './{{pascalCase componentName}}.module.css';
-
-interface {{pascalCase componentName}}Props {
-
-}
-
-const cx = cn.bind(styles);
-
-const {{pascalCase componentName}}: FC<{{pascalCase componentName}}Props> = props => {
-    const { } = props;
-
-    return (
-        <div className={cx('root')} />
-    );
-};
-
-export default {{pascalCase componentName}};
--- a/grafana-plugin/tools/plop/templates/Container/ClassComponent.tsx.hbs
+++ b/grafana-plugin/tools/plop/templates/Container/ClassComponent.tsx.hbs
@ -1,32 +0,0 @@
-import React, { Component } from 'react';
-import { observer } from 'mobx-react';
-import cn from 'classnames/bind';
-
-import { withMobXProviderContext } from 'state/withStore';
-import { WithStoreProps } from 'state/types';
-
-import styles from './{{pascalCase containerName}}.module.css';
-
-const cx = cn.bind(styles);
-
-interface {{pascalCase containerName}}Props extends WithStoreProps {}
-
-interface {{pascalCase containerName}}State {}
-
-@observer
-class {{pascalCase containerName}} extends Component<{{pascalCase containerName}}Props, {{pascalCase containerName}}State> {
-    public state: {{pascalCase containerName}}State = { };
-
-    render() {
-        const { store } = this.props;
-        const { } = this.state;
-
-        const { } = store;
-
-        return (
-            <div className={cx('root')} />
-        );
-    }
-}
-
-export default withMobXProviderContext({{pascalCase containerName}});
--- a/grafana-plugin/tools/plop/templates/Container/Component.module.css.hbs
+++ b/grafana-plugin/tools/plop/templates/Container/Component.module.css.hbs
@ -1,3 +0,0 @@
-.root {
-
-}
--- a/grafana-plugin/tools/plop/templates/Container/FunctionalComponent.tsx.hbs
+++ b/grafana-plugin/tools/plop/templates/Container/FunctionalComponent.tsx.hbs
@ -1,25 +0,0 @@
-import React from 'react';
-import cn from 'classnames/bind';
-import { observer } from 'mobx-react';
-
-import { useStore } from 'state/useStore';
-
-import styles from './{{pascalCase containerName}}.module.css';
-
-const cx = cn.bind(styles);
-
-interface {{pascalCase containerName}}Props {}
-
-const {{pascalCase containerName}} = observer((props: {{pascalCase containerName}}Props) => {
-    const {  } = props;
-
-    const store = useStore();
-
-    const { } = store;
-
-    return (
-       <div className={cx('root')} />
-    );
-});
-
-export default {{pascalCase containerName}};
--- a/grafana-plugin/tools/plop/templates/Model/BaseModel.ts.hbs
+++ b/grafana-plugin/tools/plop/templates/Model/BaseModel.ts.hbs
@ -1,65 +0,0 @@
-import { action, observable } from 'mobx';
-
-import { RootStore } from 'state';
-import { makeRequest } from 'network';
-
-import BaseStore from 'models/base_store';
-
-import { {{pascalCase modelName}} } from './{{modelName}}.types';
-
-export class {{pascalCase modelName}}Store extends BaseStore {
-    @observable.shallow
-    public items: { [id: number]: {{pascalCase modelName}} } = {};
-
-    @observable.shallow
-    public searchResult: { [key: string]: {{pascalCase modelName}}['id'][] } = {};
-
-    constructor(rootStore: RootStore) {
-        super(rootStore);
-
-        this.path = '/{{modelName}}/';
-    }
-
-    @action
-    public async updateById(id: {{pascalCase modelName}}['id']) {
-        const response = await this.getById(id);
-
-        this.items = {
-            ...this.items,
-            [id]: response,
-        };
-    }
-
-    @action
-    public async updateItems(query: string = '') {
-        const { results } = await makeRequest(`${this.path}`, {
-            params: { search: query },
-        });
-
-        this.items = {
-            ...this.items,
-            ...results.reduce(
-                (acc: { [key: number]: {{pascalCase modelName}} }, item: {{pascalCase modelName}}) => ({
-                    ...acc,
-                    [item.id]: item,
-                }),
-                {}
-            ),
-        };
-
-        this.searchResult = {
-            ...this.searchResult,
-            [query]: results.map((item: {{pascalCase modelName}}) => item.id),
-        };
-    }
-
-    getSearchResult(query: string = '') {
-        if (!this.searchResult[query]) {
-            return undefined;
-        }
-
-        return this.searchResult[query].map(
-            ({{camelCase modelName}}Id: {{pascalCase modelName}}['id']) => this.items[{{camelCase modelName}}Id]
-        );
-    }
-}
--- a/grafana-plugin/tools/plop/templates/Model/BaseModel.types.ts.hbs
+++ b/grafana-plugin/tools/plop/templates/Model/BaseModel.types.ts.hbs
@ -1,3 +0,0 @@
-export interface {{pascalCase modelName}} {
-    id: number
-}
--- a/grafana-plugin/yarn.lock
+++ b/grafana-plugin/yarn.lock
--- a/tools/migrators/requirements.in
+++ b/tools/migrators/requirements.in
@ -1,4 +1,4 @@
-requests==2.32.0
+requests==2.32.3
 pdpyras==4.5.0
-pytest==7.1.2
+pytest==8.2.2
 pytest-env==0.6.2
--- a/tools/migrators/requirements.txt
+++ b/tools/migrators/requirements.txt
@ -1,11 +1,9 @@
 #
-# This file is autogenerated by pip-compile with Python 3.12
+# This file is autogenerated by pip-compile with Python 3.11
 # by the following command:
 #
 #    pip-compile requirements.in
 #
-attrs==23.2.0
-    # via pytest
 certifi==2024.7.4
    # via requests
 charset-normalizer==3.3.2
@ -18,22 +16,18 @@ packaging==23.2
    # via pytest
 pdpyras==4.5.0
    # via -r requirements.in
-pluggy==1.4.0
+pluggy==1.5.0
    # via pytest
-py==1.11.0
-    # via pytest
-pytest==7.1.2
+pytest==8.2.2
    # via
    #   -r requirements.in
    #   pytest-env
 pytest-env==0.6.2
    # via -r requirements.in
-requests==2.32.0
+requests==2.32.3
    # via
    #   -r requirements.in
    #   pdpyras
-tomli==2.0.1
-    # via pytest
 urllib3==2.2.2
    # via
    #   pdpyras