refactor: 🦺 replace js-yaml with yaml

Technically mitigates CVE-2023-2251, but users never input YAML to Calckey. Still, this does no harm, and it's a good idea to keep dependencies like these up-to-date, as js-yaml was last updated 2 years ago.
This commit is contained in:
ThatOneCalculator 2023-06-16 00:13:41 -07:00
parent b148338b78
commit 837a45bd98
No known key found for this signature in database
GPG Key ID: 8703CACD01000000
5 changed files with 81 additions and 64 deletions

View File

@ -2,59 +2,79 @@
* Languages Loader * Languages Loader
*/ */
const fs = require('fs'); const fs = require("fs");
const yaml = require('js-yaml'); const yaml = require("yaml");
let languages = []
let languages_custom = []
const merge = (...args) => args.reduce((a, c) => ({ const languages = [];
const languages_custom = [];
const merge = (...args) =>
args.reduce(
(a, c) => ({
...a, ...a,
...c, ...c,
...Object.entries(a) ...Object.entries(a)
.filter(([k]) => c && typeof c[k] === 'object') .filter(([k]) => c && typeof c[k] === "object")
.reduce((a, [k, v]) => (a[k] = merge(v, c[k]), a), {}) .reduce((a, [k, v]) => ((a[k] = merge(v, c[k])), a), {}),
}), {}); }),
{}
);
fs.readdirSync(__dirname).forEach((file) => { fs.readdirSync(__dirname).forEach((file) => {
if (file.includes('.yml')){ if (file.includes(".yml")) {
file = file.slice(0, file.indexOf('.')) locale = file.slice(0, file.indexOf("."));
languages.push(file); languages.push(locale);
} }
}) });
fs.readdirSync(__dirname + '/../custom/locales').forEach((file) => { fs.readdirSync(`${__dirname}/../custom/locales`).forEach((file) => {
if (file.includes('.yml')){ if (file.includes(".yml")) {
file = file.slice(0, file.indexOf('.')) customLocale = file.slice(0, file.indexOf("."));
languages_custom.push(file); languages_custom.push(customLocale);
} }
}) });
const primaries = { const primaries = {
'en': 'US', en: "US",
'ja': 'JP', ja: "JP",
'zh': 'CN', zh: "CN",
}; };
// 何故か文字列にバックスペース文字が混入することがあり、YAMLが壊れるので取り除く const locales = languages.reduce(
const clean = (text) => text.replace(new RegExp(String.fromCodePoint(0x08), 'g'), ''); (a, c) =>
(a[c] = yaml.parse(fs.readFileSync(`${__dirname}/${c}.yml`, "utf-8"))) ||
{},
a
);
const locales_custom = languages_custom.reduce(
(a, c) =>
(a[c] = yaml.parse(
fs.readFileSync(`${__dirname}/../custom/locales/${c}.yml`, "utf-8")
)) || {},
a
);
Object.assign(locales, locales_custom);
const locales = languages.reduce((a, c) => (a[c] = yaml.load(clean(fs.readFileSync(`${__dirname}/${c}.yml`, 'utf-8'))) || {}, a), {}); module.exports = Object.entries(locales).reduce(
const locales_custom = languages_custom.reduce((a, c) => (a[c] = yaml.load(clean(fs.readFileSync(`${__dirname}/../custom/locales/${c}.yml`, 'utf-8'))) || {}, a), {}); (a, [k, v]) => (
Object.assign(locales, locales_custom) (a[k] = (() => {
const [lang] = k.split("-");
module.exports = Object.entries(locales)
.reduce((a, [k ,v]) => (a[k] = (() => {
const [lang] = k.split('-');
switch (k) { switch (k) {
case 'ja-JP': return v; case "ja-JP":
case 'ja-KS': return v;
case 'en-US': return merge(locales['ja-JP'], v); case "ja-KS":
default: return merge( case "en-US":
locales['ja-JP'], return merge(locales["ja-JP"], v);
locales['en-US'], default:
return merge(
locales["ja-JP"],
locales["en-US"],
locales[`${lang}-${primaries[lang]}`] || {}, locales[`${lang}-${primaries[lang]}`] || {},
v v
); );
} }
})(), a), {}); })()),
a
),
{}
);

View File

@ -40,8 +40,8 @@
"@bull-board/ui": "5.2.0", "@bull-board/ui": "5.2.0",
"@napi-rs/cli": "^2.16.1", "@napi-rs/cli": "^2.16.1",
"@tensorflow/tfjs": "^3.21.0", "@tensorflow/tfjs": "^3.21.0",
"js-yaml": "4.1.0", "seedrandom": "^3.0.5",
"seedrandom": "^3.0.5" "yaml": "^2.3.1"
}, },
"devDependencies": { "devDependencies": {
"@types/gulp": "4.0.10", "@types/gulp": "4.0.10",

View File

@ -75,7 +75,6 @@
"ioredis": "5.3.2", "ioredis": "5.3.2",
"ip-cidr": "3.0.11", "ip-cidr": "3.0.11",
"is-svg": "4.3.2", "is-svg": "4.3.2",
"js-yaml": "4.1.0",
"jsdom": "20.0.3", "jsdom": "20.0.3",
"jsonld": "8.2.0", "jsonld": "8.2.0",
"jsrsasign": "10.6.1", "jsrsasign": "10.6.1",
@ -137,7 +136,8 @@
"uuid": "9.0.0", "uuid": "9.0.0",
"web-push": "3.6.1", "web-push": "3.6.1",
"websocket": "1.0.34", "websocket": "1.0.34",
"xev": "3.0.2" "xev": "3.0.2",
"yaml": "^2.3.1"
}, },
"devDependencies": { "devDependencies": {
"@swc/cli": "^0.1.62", "@swc/cli": "^0.1.62",
@ -148,7 +148,6 @@
"@types/cbor": "6.0.0", "@types/cbor": "6.0.0",
"@types/escape-regexp": "0.0.1", "@types/escape-regexp": "0.0.1",
"@types/fluent-ffmpeg": "2.1.20", "@types/fluent-ffmpeg": "2.1.20",
"@types/js-yaml": "4.0.5",
"@types/jsdom": "20.0.1", "@types/jsdom": "20.0.1",
"@types/jsonld": "1.5.8", "@types/jsonld": "1.5.8",
"@types/jsrsasign": "10.5.4", "@types/jsrsasign": "10.5.4",

View File

@ -5,7 +5,7 @@
import * as fs from "node:fs"; import * as fs from "node:fs";
import { fileURLToPath } from "node:url"; import { fileURLToPath } from "node:url";
import { dirname } from "node:path"; import { dirname } from "node:path";
import * as yaml from "js-yaml"; import { parse } from "yaml";
import type { Source, Mixin } from "./types.js"; import type { Source, Mixin } from "./types.js";
const _filename = fileURLToPath(import.meta.url); const _filename = fileURLToPath(import.meta.url);
@ -32,7 +32,7 @@ export default function load() {
"utf-8", "utf-8",
), ),
); );
const config = yaml.load(fs.readFileSync(path, "utf-8")) as Source; const config = parse(fs.readFileSync(path, "utf-8")) as Source;
const mixin = {} as Mixin; const mixin = {} as Mixin;

View File

@ -23,12 +23,12 @@ importers:
'@tensorflow/tfjs': '@tensorflow/tfjs':
specifier: ^3.21.0 specifier: ^3.21.0
version: 3.21.0(seedrandom@3.0.5) version: 3.21.0(seedrandom@3.0.5)
js-yaml:
specifier: 4.1.0
version: 4.1.0
seedrandom: seedrandom:
specifier: ^3.0.5 specifier: ^3.0.5
version: 3.0.5 version: 3.0.5
yaml:
specifier: ^2.3.1
version: 2.3.1
devDependencies: devDependencies:
'@types/gulp': '@types/gulp':
specifier: 4.0.10 specifier: 4.0.10
@ -216,9 +216,6 @@ importers:
is-svg: is-svg:
specifier: 4.3.2 specifier: 4.3.2
version: 4.3.2 version: 4.3.2
js-yaml:
specifier: 4.1.0
version: 4.1.0
jsdom: jsdom:
specifier: 20.0.3 specifier: 20.0.3
version: 20.0.3 version: 20.0.3
@ -405,6 +402,9 @@ importers:
xev: xev:
specifier: 3.0.2 specifier: 3.0.2
version: 3.0.2 version: 3.0.2
yaml:
specifier: ^2.3.1
version: 2.3.1
optionalDependencies: optionalDependencies:
'@swc/core-android-arm64': '@swc/core-android-arm64':
specifier: 1.3.11 specifier: 1.3.11
@ -437,9 +437,6 @@ importers:
'@types/fluent-ffmpeg': '@types/fluent-ffmpeg':
specifier: 2.1.20 specifier: 2.1.20
version: 2.1.20 version: 2.1.20
'@types/js-yaml':
specifier: 4.0.5
version: 4.0.5
'@types/jsdom': '@types/jsdom':
specifier: 20.0.1 specifier: 20.0.1
version: 20.0.1 version: 20.0.1
@ -3277,10 +3274,6 @@ packages:
pretty-format: 27.5.1 pretty-format: 27.5.1
dev: true dev: true
/@types/js-yaml@4.0.5:
resolution: {integrity: sha512-FhpRzf927MNQdRZP0J5DLIdTXhjLYzeUTmLAu69mnVksLH9CJY3IuSeEgbKUki7GQZm0WqDkGzyxju2EZGD2wA==}
dev: true
/@types/jsdom@20.0.1: /@types/jsdom@20.0.1:
resolution: {integrity: sha512-d0r18sZPmMQr1eG35u12FZfhIXNrnsPU/g5wvRKCUf/tOGilKKwYMYGqh33BNR6ba+2gkHw1EUiHoN3mn7E5IQ==} resolution: {integrity: sha512-d0r18sZPmMQr1eG35u12FZfhIXNrnsPU/g5wvRKCUf/tOGilKKwYMYGqh33BNR6ba+2gkHw1EUiHoN3mn7E5IQ==}
dependencies: dependencies:
@ -15738,6 +15731,11 @@ packages:
resolution: {integrity: sha512-2PTINUwsRqSd+s8XxKaJWQlUuEMHJQyEuh2edBbW8KNJz0SJPwUSD2zRWqezFEdN7IzAgeuYHFUCF7o8zRdZ0A==} resolution: {integrity: sha512-2PTINUwsRqSd+s8XxKaJWQlUuEMHJQyEuh2edBbW8KNJz0SJPwUSD2zRWqezFEdN7IzAgeuYHFUCF7o8zRdZ0A==}
dev: false dev: false
/yaml@2.3.1:
resolution: {integrity: sha512-2eHWfjaoXgTBC2jNM1LRef62VQa0umtvRiDSk6HSzW7RvS5YtkabJrwYLLEKWBc8a5U2PTSCs+dJjUTJdlHsWQ==}
engines: {node: '>= 14'}
dev: false
/yargs-parser@18.1.3: /yargs-parser@18.1.3:
resolution: {integrity: sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==} resolution: {integrity: sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==}
engines: {node: '>=6'} engines: {node: '>=6'}