WIP Upgrade dependencies for security issues

package.json

@@ -27,7 +27,7 @@
   "devDependencies": {
     "@ampproject/rollup-plugin-closure-compiler": "0.27.0",
     "@babel/core": "7.13.10",
-    "@types/cheerio": "0.22.28",
+    "@types/cheerio": "0.22.35",
     "@types/debug": "4.1.5",
     "@types/diff": "5.0.0",
     "@types/escape-html": "1.0.0",

packages/cli/spec/cmds/lintSpec.js

@@ -16,17 +16,23 @@
 
 'use strict';
 
-const lintCmd = require('../../lib/cmds/lint.js');
 const MockLogger = require('../helpers/MockLogger');
+const nock = require('nock');
 
 describe('lint', () => {
   const mockLogger = new MockLogger();
 
+  beforeEach(() => {
+    nock('https://cdn.ampproject.org').get('/caches.json').reply(200, '{"caches": []}');
+  });
+
   afterEach(() => {
     mockLogger.clear();
+    nock.cleanAll();
   });
 
   it('runs at least one successful test', async () => {
+    const lintCmd = require('../../lib/cmds/lint.js');
     await lintCmd(
       ['lint', 'https://preview.amp.dev/documentation/examples/introduction/hello_world'],
       mockLogger

packages/cli/spec/cmds/versionSpec.js

@@ -16,15 +16,25 @@
 
 'use strict';
 
-const versionCmd = require('../../lib/cmds/version');
 const packageInfo = require('../../package.json');
 const MockLogger = require('../helpers/MockLogger');
+const nock = require('nock');
 
 describe('Version', () => {
   const mockLogger = new MockLogger();
 
+  beforeEach(() => {
+    nock('https://cdn.ampproject.org')
+      .get('/rtv/metadata')
+      .reply(
+        200,
+        '{"ampRuntimeVersion":"012405160547000","ampCssUrl":"https://cdn.ampproject.org/rtv/012405160547000/v0.css","canaryPercentage":"0.005","diversions":["002405231944000","022405160547000","032405231944000","042405281751000","052405160547000"],"ltsRuntimeVersion":"012404230718000","ltsCssUrl":"https://cdn.ampproject.org/rtv/012404230718000/v0.css"}'
+      );
+  });
+
   it('prints the version', () => {
     mockLogger.clear();
+    const versionCmd = require('../../lib/cmds/version');
     return versionCmd({}, mockLogger).then(() => {
       const output = mockLogger.getLogs();
       expect(output).toBe(`v${packageInfo.version}`);

packages/linter/package.json

@@ -17,7 +17,7 @@
     "@ampproject/toolbox-validator-rules": "2.9.0",
     "amphtml-validator": "1.0.35",
     "chalk": "4.1.0",
-    "cheerio": "1.0.0-rc.5",
+    "cheerio": "1.0.0-rc.12",
     "commander": "9.3.0",
     "cross-fetch": "3.1.5",
     "debug": "4.3.1",

packages/linter/src/rules/AmpImgUsesSrcSet.ts

@@ -15,7 +15,7 @@ export class AmpImgUsesSrcSet extends Rule {
       let layout = $(e).attr('layout');
       const srcset = $(e).attr('srcset');
       const parent = $(e).parent();
-      if (parent.prop('tagName').startsWith('AMP-')) {
+      if (parent.prop('tagName')?.startsWith('AMP-')) {
         const parentLayout = $(parent).attr('layout');
         if (parentLayout) {
           layout = parentLayout;

packages/optimizer/demo/cheerio/package.json

@@ -9,7 +9,7 @@
   "author": "AMPHTML team",
   "license": "Apache-2.0",
   "dependencies": {
-    "cheerio": "^1.0.0-rc.2"
+    "cheerio": "^1.0.0-rc.22"
   },
   "devDependencies": {
     "@ampproject/toolbox-optimizer": "2.5.14"

packages/optimizer/spec/end-to-end/EndToEndSpec.js

@@ -29,6 +29,23 @@ const fetch = fetchMock
   .mock('https://example.com/amp/rtv/123456789000000/v0.css', '/* example.com v0.css */')
   .mock('https://cdn.ampproject.org/v0.css', '/* ampproject.org v0.css */');
 
+const nock = require('nock');
+const path = require('path');
+nock('https://cdn.ampproject.org')
+  .get('/v0/validator.json')
+  .replyWithFile(200, path.join(__dirname, '../assets/validator.json'));
+const CACHES_JSON = `{
+  "caches": [
+    {
+      "id": "google",
+      "name": "Google AMP Cache",
+      "docs": "https://developers.google.com/amp/cache/",
+      "updateCacheApiDomainSuffix": "cdn.ampproject.org"
+    }
+  ]
+}`;
+nock('https://cdn.ampproject.org').get('/caches.json').reply(200, CACHES_JSON);
+
 createSpec({
   name: 'End-to-End: AMP First',
   testDir: __dirname,

packages/optimizer/spec/helpers/validatorInstance.js

@@ -6,7 +6,6 @@ let instance = null;
 module.exports = {
   get: () => {
     if (!instance) {
-      console.error('Validator instance created: ' + path.join(__dirname, 'validator.js'));
       instance = validator.getInstance(path.join(__dirname, 'validator.js'));
     }
     return instance;

packages/page-experience/lib/PageDataGatherer.js

@@ -58,20 +58,16 @@ class PageAnalyzer {
       throw new Error('Puppeteer not running, please call `start` first.');
     }
     const {page, remoteStyles, responsePromise} = await this.setupPage();
-    try {
-      await page.goto(url, {waitUntil: 'load'});
+    await page.goto(url, {waitUntil: 'load'});
 
-      const response = await responsePromise;
-      if (!response) {
-        throw new Error('Failed loading url', url);
-      }
-      const {html, headers} = response;
-      return await this.gatherPageData(page, {remoteStyles, html, headers});
-    } finally {
-      if (page) {
-        page.close();
-      }
+    const response = await responsePromise;
+    if (!response) {
+      throw new Error('Failed loading url', url);
     }
+    const {html, headers} = response;
+    const data = await this.gatherPageData(page, {remoteStyles, html, headers});
+    await page.close();
+    return data;
   }
 
   /**
@@ -80,6 +76,7 @@ class PageAnalyzer {
   async shutdown() {
     try {
       await this.browser.close();
+      this.browser = null;
     } catch (e) {
       console.log(e);
     }

packages/page-experience/lib/PageExperienceGuide.test.js

@@ -15,10 +15,25 @@
  */
 const fileUrl = require('file-url');
 const path = require('path');
-const PageExperienceGuide = require('./PageExperienceGuide');
+const nock = require('nock');
+
+beforeAll(async () => {
+  nock('https://cdn.ampproject.org').get('/caches.json').reply(200, '{"caches": []}');
+  nock('https://cdn.ampproject.org')
+    .get('/v0/validator.json')
+    .replyWithFile(200, path.join(__dirname, '../../optimizer/spec/assets/validator.json'));
+  nock('https://cdn.ampproject.org')
+    .get('/v0/validator_wasm.js')
+    .replyWithFile(200, path.join(__dirname, '../../optimizer/spec/helpers/validator.js'));
+});
+
+afterAll(() => {
+  nock.cleanAll();
+});
 
 test('runs amp linter checks', async () => {
   const url = fileUrl(path.join(__dirname, '../test-data/pages/hello-world.html'));
+  const PageExperienceGuide = require('./PageExperienceGuide');
   const result = await new PageExperienceGuide().analyze(url);
   expect(result['isvalid'].status).toBe('PASS');
 });

packages/page-experience/package.json

@@ -39,7 +39,7 @@
   "homepage": "https://github.com/ampproject/amp-toolbox/tree/main/packages/page-experience",
   "dependencies": {
     "@ampproject/toolbox-linter": "2.9.0",
-    "cheerio": "1.0.0-rc.5",
+    "cheerio": "1.0.0-rc.12",
     "css-font-face-src": "1.0.0",
     "postcss": "8.2.8",
     "postcss-safe-parser": "5.0.2",

packages/page-experience/tests/Checks.test.js

@@ -15,14 +15,22 @@
  */
 const fs = require('fs');
 const path = require('path');
+const nock = require('nock');
 const fileUrl = require('file-url');
 
-const PageExperienceGuide = require('../lib/PageExperienceGuide');
 const TEST_DATA_DIR = path.join(__dirname, '../test-data/checks');
 let CREATE_SNAPSHOT = process.env.PAGE_EXPERIENCE_SNAPSHOT;
 
 const testDirs = fs.readdirSync(TEST_DATA_DIR);
+
+nock('https://cdn.ampproject.org').get('/caches.json').reply(200, '{"caches": []}');
+nock('https://cdn.ampproject.org')
+  .get('/v0/validator_wasm.js')
+  .replyWithFile(200, path.join(__dirname, '../../optimizer/spec/helpers/validator.js'));
+const PageExperienceGuide = require('../lib/PageExperienceGuide');
 const pageExperienceGuide = new PageExperienceGuide();
+nock.cleanAll();
+
 let checks;
 jest.setTimeout(60000);