fix: Remove CVE-2023-45857 vulnerability (#1379)

* update project to support axios 1.6.0

* revert extends in tsconfig orchestratorlib

* fix axios data response

* fix lint issues

* return posttest to qnamaker

packages/chatdown/package.json

@@ -6,7 +6,7 @@
   "bugs": "https://github.com/microsoft/botframework-cli",
   "dependencies": {
     "@microsoft/bf-cli-command": "1.0.0",
-    "@oclif/command": "~1.5.19",
+    "@oclif/command": "~1.8.36",
     "@oclif/config": "~1.13.3",
     "@oclif/errors": "~1.2.2",
     "botframework-schema": "^4.22.3",
@@ -18,7 +18,7 @@
     "latest-version": "5.1.0",
     "mime-types": "^2.1.18",
     "minimist": "^1.2.6",
-    "axios": "~0.24.0",
+    "axios": "~1.6.0",
     "https-proxy-agent": "^5.0.0",
     "please-upgrade-node": "^3.0.1",
     "semver": "^5.5.1",
@@ -33,16 +33,16 @@
     "@types/chai": "^4.1.7",
     "@types/fs-extra": "^5.0.5",
     "@types/mocha": "^10.0.6",
-    "@types/node": "^10.14.6",
+    "@types/node": "^11.3.7",
     "@types/rimraf": "^2.0.2",
     "chai": "^4.4.1",
     "globby": "^11.0.4",
     "nyc": "^15.1.0",
     "mocha": "^10.4.0",
     "rimraf": "^2.6.3",
-    "ts-node": "^9.0.0",
+    "ts-node": "^10.8.1",
     "tslint": "^5.16.0",
-    "typescript": "^4.0.3"
+    "typescript": "^4.9.5"
   },
   "engines": {
     "node": ">=8.0.0"

packages/chatdown/src/commands/chatdown/convert.ts

@@ -156,7 +156,7 @@ export default class ChatdownConvert extends Command {
       return validatedPath
     }
     const output = JSON.stringify(activities, null, 2)
-    await new Promise(done => process.stdout.write(output, 'utf-8', () => done()))
+    await new Promise<void>(done => process.stdout.write(output, 'utf-8', () => done()))
     return true
   }
 }

packages/cli/package.json

@@ -76,7 +76,7 @@
     "@microsoft/bf-cli-plugins": "1.0.0",
     "@microsoft/bf-lg-cli": "1.0.0",
     "@microsoft/bf-dialog": "1.0.0",
-    "@oclif/command": "~1.5.19",
+    "@oclif/command": "~1.8.36",
     "@oclif/config": "~1.13.3",
     "@oclif/errors": "~1.2.2",
     "@oclif/plugin-help": "~2.1.6",
@@ -96,15 +96,15 @@
     "@types/fs-extra": "^5.0.5",
     "@types/mocha": "^10.0.6",
     "@types/nock": "^11.1.0",
-    "@types/node": "^10.14.6",
+    "@types/node": "^11.3.7",
     "chai": "^4.4.1",
     "globby": "^11.0.4",
     "mocha": "^10.4.0",
     "nock": "^11.7.0",
     "nyc": "^15.1.0",
     "rimraf": "^2.6.3",
-    "ts-node": "^9.0.0",
+    "ts-node": "^10.8.1",
     "tslint": "^5.16.0",
-    "typescript": "^4.0.3"
+    "typescript": "^4.9.5"
   }
 }

packages/command/package.json

@@ -40,7 +40,7 @@
   },
   "types": "./lib/index.d.ts",
   "dependencies": {
-    "@oclif/command": "~1.5.19",
+    "@oclif/command": "~1.8.36",
     "@oclif/config": "~1.13.3",
     "@oclif/errors": "~1.2.2",
     "@istanbuljs/nyc-config-typescript": "^1.0.2",
@@ -73,8 +73,8 @@
     "rimraf": "^2.6.3",
     "source-map-support": "~0.5.16",
     "testdouble": "^3.11.0",
-    "ts-node": "^9.0.0",
+    "ts-node": "^10.8.1",
     "tslint": "^5.16.0",
-    "typescript": "^4.0.3"
+    "typescript": "^4.9.5"
   }
 }

packages/config/package.json

@@ -51,7 +51,7 @@
   "telemetry": null,
   "dependencies": {
     "@microsoft/bf-cli-command": "1.0.0",
-    "@oclif/command": "~1.5.19",
+    "@oclif/command": "~1.8.36",
     "@oclif/config": "~1.13.3",
     "@oclif/errors": "~1.2.2",
     "cli-ux": "^5.3.0",
@@ -65,14 +65,14 @@
     "@oclif/tslint": "^3.1.1",
     "@types/chai": "^4.1.7",
     "@types/mocha": "^10.0.6",
-    "@types/node": "^10.14.12",
+    "@types/node": "^11.13.7",
     "chai": "^4.4.1",
     "globby": "^11.0.4",
     "nyc": "^15.1.0",
     "mocha": "^10.4.0",
     "rimraf": "^2.6.3",
-    "ts-node": "^9.0.0",
+    "ts-node": "^10.8.1",
     "tslint": "^5.18.0",
-    "typescript": "^4.0.3"
+    "typescript": "^4.9.5"
   }
 }

packages/dialog/package.json

@@ -52,13 +52,13 @@
   },
   "dependencies": {
     "@microsoft/bf-cli-command": "~1.0.0",
-    "@oclif/command": "~1.5.19",
+    "@oclif/command": "~1.8.36",
     "@oclif/config": "~1.13.3",
     "@oclif/errors": "~1.2.2",
     "@types/lru-cache": "^5.1.0",
     "@types/xml2js": "^0.4.4",
     "ajv": "^6.12.2",
-    "axios": "~0.24.0",
+    "axios": "~1.6.0",
     "https-proxy-agent": "^5.0.0",
     "chalk": "^2.4.2",
     "clone": "^2.1.2",
@@ -83,15 +83,15 @@
     "@types/chai": "^4.2.0",
     "@types/fs-extra": "^8.0.0",
     "@types/mocha": "^10.0.6",
-    "@types/node": "^10.14.15",
+    "@types/node": "^11.13.7",
     "@types/seedrandom": "~2.4.28",
     "chai": "^4.4.1",
     "mocha": "^10.4.0",
     "nock": "^13.0.11",
     "nyc": "^15.1.0",
     "rimraf": "^2.6.3",
-    "ts-node": "^9.0.0",
+    "ts-node": "^10.8.1",
     "tslint": "^5.18.0",
-    "typescript": "^4.0.3"
+    "typescript": "^4.9.5"
   }
 }

packages/dispatcher/package.json

@@ -16,15 +16,15 @@
     "@types/argparse": "^1.0.36",
     "@types/chai": "^4.2.4",
     "@types/mocha": "^10.0.6",
-    "@types/node": "^10.17.3",
+    "@types/node": "^11.13.7",
     "chai": "^4.4.1",
     "globby": "^11.0.4",
     "nyc": "^15.1.0",
     "mocha": "^10.4.0",
     "rimraf": "^3.0.0",
     "ts-node": "^8.4.1",
     "tslint": "^5.20.1",
-    "typescript": "^3.7.2"
+    "typescript": "^4.9.5"
   },
   "engines": {
     "node": ">=8.0.0"

packages/lg/package.json

@@ -8,7 +8,7 @@
     "@types/node-fetch": "2.5.4",
     "@types/readline-sync": "^1.4.3",
     "@microsoft/bf-cli-command": "1.0.0",
-    "@oclif/command": "^1.5.19",
+    "@oclif/command": "^1.8.36",
     "@oclif/config": "^1.14.0",
     "botbuilder-lg": "4.22.3",
     "adaptive-expressions": "4.22.3",
@@ -18,7 +18,7 @@
     "tslib": "^2.0.3",
     "read-text-file": "^1.1.0",
     "readline-sync": "^1.4.10",
-    "axios": "~0.24.0",
+    "axios": "~1.6.0",
     "https-proxy-agent": "^5.0.0"
   },
   "devDependencies": {
@@ -29,16 +29,16 @@
     "@types/chai": "^4.2.9",
     "@types/lodash": "~4.14.146",
     "@types/mocha": "^10.0.6",
-    "@types/node": "^10.17.15",
+    "@types/node": "^11.13.7",
     "chai": "^4.4.1",
     "eslint": "^5.16.0",
     "eslint-config-oclif": "^3.1.0",
     "eslint-config-oclif-typescript": "^0.1.0",
     "globby": "^11.0.4",
     "nyc": "^15.1.0",
     "mocha": "^10.4.0",
-    "ts-node": "^9.0.0",
-    "typescript": "^4.0.3",
+    "ts-node": "^10.8.1",
+    "typescript": "^4.9.5",
     "rimraf": "^2.6.3"
   },
   "engines": {

packages/lu/package.json

@@ -48,7 +48,7 @@
     "@types/node-fetch": "~2.5.5",
     "@istanbuljs/nyc-config-typescript": "^1.0.2",
     "antlr4": "4.9.2",
-    "axios": "~0.24.0",
+    "axios": "~1.6.0",
     "https-proxy-agent": "^5.0.0",
     "chalk": "2.4.1",
     "console-stream": "^0.1.1",
@@ -67,15 +67,15 @@
     "@types/lodash": "~4.14.159",
     "@types/mocha": "^10.0.6",
     "@types/nock": "^11.1.0",
-    "@types/node": "^10.14.15",
+    "@types/node": "^11.13.7",
     "chai": "^4.4.1",
     "mocha": "^10.4.0",
     "nock": "^11.7.0",
     "nyc": "^15.1.0",
     "rimraf": "^2.6.3",
-    "ts-node": "^9.0.0",
+    "ts-node": "^10.8.1",
     "tslint": "^5.18.0",
-    "typescript": "^4.0.3",
+    "typescript": "^4.9.5",
     "uuid": "^3.3.3"
   }
 }

packages/luis/package.json

@@ -56,12 +56,12 @@
     "@azure/ms-rest-azure-js": "2.0.1",
     "@microsoft/bf-cli-command": "1.0.0",
     "@microsoft/bf-lu": "1.0.0",
-    "@oclif/command": "~1.5.19",
+    "@oclif/command": "~1.8.36",
     "@oclif/config": "~1.13.3",
     "@oclif/errors": "~1.2.2",
     "@types/node-fetch": "~2.5.5",
     "@types/sinon": "^7.5.0",
-    "axios": "~0.24.0",
+    "axios": "~1.6.0",
     "cli-ux": "~5.3.3",
     "fs-extra": "^8.1.0",
     "lodash": "^4.17.21",
@@ -78,7 +78,7 @@
     "@types/lodash": "~4.14.159",
     "@types/mocha": "^10.0.6",
     "@types/nock": "^11.1.0",
-    "@types/node": "^10.17.4",
+    "@types/node": "^11.13.7",
     "@types/rimraf": "^2.0.3",
     "chai": "^4.4.1",
     "globby": "^11.0.4",
@@ -87,9 +87,9 @@
     "nyc": "^15.1.0",
     "rimraf": "^3.0.0",
     "sinon": "^7.5.0",
-    "ts-node": "^9.0.0",
+    "ts-node": "^10.8.1",
     "tslint": "^5.20.1",
-    "typescript": "^4.0.3",
+    "typescript": "^4.9.5",
     "uuid": "^3.3.3"
   }
 }

packages/luis/src/commands/luis/application/delete.ts

@@ -49,7 +49,7 @@ export default class LuisApplicationDelete extends Command {
 
     try {
       const result = await Application.delete({subscriptionKey, endpoint, appId})
-      if (result.code === 'Success') {
+      if (result && 'code' in result && result.code === 'Success') {
         const output = flags.json ? JSON.stringify({Status: 'Success', id: flags.appId}, null, 2) : 'App successfully deleted.'
         this.log(output)
       }

packages/luis/src/commands/luis/application/import.ts

@@ -46,13 +46,12 @@ export default class LuisApplicationImport extends Command {
 
     try {
       appJSON = await this.formatInput(appJSON, name)
-      let messageData = await Application.import({subscriptionKey, endpoint}, JSON.parse(appJSON), name)
+      const messageData = await Application.import({subscriptionKey, endpoint}, JSON.parse(appJSON), name)
 
       if (messageData.error) {
         throw new CLIError(messageData.error.message)
       }
 
-      messageData = JSON.stringify(messageData)
       const output: string = flags.json ? JSON.stringify({Status: 'Success', id: messageData}, null, 2) : `App successfully imported with id ${messageData}.`
       this.log(output)
 

packages/luis/src/commands/luis/application/rename.ts

@@ -45,7 +45,7 @@ export default class LuisApplicationRename extends Command {
     try {
       const appUpdateStatus = await Application.rename({subscriptionKey, endpoint, appId}, name, description)
 
-      if (appUpdateStatus.code === 'Success') {
+      if (appUpdateStatus && 'code' in appUpdateStatus && appUpdateStatus.code === 'Success') {
         const output = flags.json ? JSON.stringify({Status: 'Success'}, null, 2) : 'App successfully renamed'
         this.log(output)
       }

packages/luis/src/commands/luis/train/run.ts

@@ -65,25 +65,27 @@ export default class LuisTrainRun extends Command {
   async checkTrainingStatus(params: any, versionId: string, jsonOutput: boolean) {
     try {
       const trainingStatusData = await Train.getStatus(params, versionId)
-      const inProgress = trainingStatusData.filter((model: any) => {
-        if (model.details && model.details.status) {
-          return model.details.status === 'InProgress' || model.details.status === 'Queued'
-        }
-      })
-      if (inProgress.length > 0) {
-        await this.timeout(1000)
-        await this.checkTrainingStatus(params, versionId, jsonOutput)
-      } else {
-        let completionMssg = ''
-        trainingStatusData.map((model: any) => {
-          if (model.details && model.details.status && model.details.status === 'Fail') {
-            completionMssg += `Training failed for model id ${model.modelId}. Failure reason: ${model.details.failureReason}\n`
+      if (Array.isArray(trainingStatusData)) {
+        const inProgress = trainingStatusData.filter((model: any) => {
+          if (model.details && model.details.status) {
+            return model.details.status === 'InProgress' || model.details.status === 'Queued'
           }
         })
-
-        completionMssg = completionMssg ? completionMssg : 'Success'
-        const output = jsonOutput ? JSON.stringify({Status: completionMssg}, null, 2) : `${completionMssg} Training is complete`
-        this.log(output)
+        if (inProgress.length > 0) {
+          await this.timeout(1000)
+          await this.checkTrainingStatus(params, versionId, jsonOutput)
+        } else {
+          let completionMssg = ''
+          trainingStatusData.map((model: any) => {
+            if (model.details && model.details.status && model.details.status === 'Fail') {
+              completionMssg += `Training failed for model id ${model.modelId}. Failure reason: ${model.details.failureReason}\n`
+            }
+          })
+
+          completionMssg = completionMssg ? completionMssg : 'Success'
+          const output = jsonOutput ? JSON.stringify({Status: completionMssg}, null, 2) : `${completionMssg} Training is complete`
+          this.log(output)
+        }
       }
     } catch (err) {
       throw new CLIError(err)

packages/luis/src/commands/luis/version/delete.ts

@@ -41,7 +41,7 @@ export default class LuisVersionDelete extends Command {
 
     try {
       const result = await Version.delete({subscriptionKey, endpoint, appId}, versionId)
-      if (result.code === 'Success') {
+      if (result && 'code' in result && result.code === 'Success') {
         const output = flags.json ? JSON.stringify({Status: 'Success', version: versionId}, null, 2) : `Successfully deleted version ${versionId}`
         this.log(output)
       }

packages/orchestrator/package.json

@@ -18,7 +18,7 @@
   "bugs": "https://github.com/microsoft/botframework-cli/issues",
   "dependencies": {
     "@microsoft/bf-cli-command": "1.0.0",
-    "@oclif/command": "^1.5.19",
+    "@oclif/command": "^1.8.36",
     "@oclif/config": "^1.14.0",
     "@oclif/errors": "~1.2.2",
     "@oclif/plugin-help": "^2",
@@ -34,7 +34,7 @@
     "@oclif/test": "^1.2.5",
     "@types/chai": "^4.2.9",
     "@types/mocha": "^10.0.6",
-    "@types/node": "^10.17.15",
+    "@types/node": "^11.13.7",
     "@types/sinon": "^9.0.4",
     "chai": "^4.4.1",
     "eslint": "^5.16.0",
@@ -44,8 +44,8 @@
     "nyc": "^15.1.0",
     "mocha": "^10.4.0",
     "rimraf": "^3.0.2",
-    "ts-node": "^8.6.2",
-    "typescript": "^4.0.3",
+    "ts-node": "^10.8.1",
+    "typescript": "^4.9.5",
     "sinon": "^9.0.2"
   },
   "files": [