updated security fix

forms-flow-api/Dockerfile

@@ -1,5 +1,5 @@
 #Author: Kurian Benoy
-FROM python:3.12.1-slim-bullseye
+FROM python:3.12.6-slim
 
 # set label for image
 LABEL Name="formsflow"

forms-flow-api/requirements.txt

@@ -4,36 +4,36 @@ Flask-Migrate==4.0.7
 Flask-Moment==1.0.5
 Flask-SQLAlchemy==3.1.1
 Flask==2.3.3
-Jinja2==3.1.3
+Jinja2==3.1.4
 Mako==1.3.2
 MarkupSafe==2.1.5
 PyJWT==2.8.0
 PySocks==1.7.1
 SQLAlchemy-Utils==0.41.1
 SQLAlchemy==2.0.28
-Werkzeug==3.0.1
+Werkzeug==3.0.3
 alembic==1.13.1
 aniso8601==9.0.1
 async-timeout==4.0.3
 attrs==23.2.0
 blinker==1.7.0
 cachelib==0.9.0
-certifi==2024.2.2
+certifi==2024.7.4
 cffi==1.16.0
 charset-normalizer==3.3.2
 click==8.1.7
-cryptography==42.0.5
+cryptography==43.0.1
 ecdsa==0.18.0
 flask-jwt-oidc==0.3.0
 flask-marshmallow==1.2.1
 flask-restx==1.3.0
 formsflow_api_utils  @ git+https://github.com/AOT-Technologies/forms-flow-ai.git@develop#subdirectory=forms-flow-api-utils
-gunicorn==21.2.0
+gunicorn==22.0.0
 h11==0.14.0
 h2==4.1.0
 hpack==4.0.0
 hyperframe==6.0.1
-idna==3.6
+idna==3.7
 importlib_resources==6.3.2
 itsdangerous==2.1.2
 jsonschema-specifications==2023.12.1
@@ -44,7 +44,7 @@ marshmallow==3.21.1
 outcome==1.3.0.post0
 packaging==24.0
 psycopg2-binary==2.9.9
-pyOpenSSL==24.1.0
+pyOpenSSL==24.2.1
 pyasn1==0.5.1
 pycparser==2.21
 pyparsing==3.1.2
@@ -53,12 +53,12 @@ python-jose==3.3.0
 pytz==2024.1
 redis==5.0.5
 referencing==0.34.0
-requests==2.31.0
+requests==2.32.2
 rpds-py==0.18.0
 rsa==4.9
 selenium-wire==5.1.0
 selenium==4.19.0
-sentry-sdk==1.43.0
+sentry-sdk==2.8.0
 six==1.16.0
 sniffio==1.3.1
 sortedcontainers==2.4.0
@@ -68,4 +68,5 @@ typing_extensions==4.10.0
 urllib3==2.2.1
 wsproto==1.2.0
 zstandard==0.22.0
-lxml==5.3.0
+lxml==5.3.0
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability

forms-flow-documents/Dockerfile

@@ -1,5 +1,5 @@
 #Author: Kurian Benoy
-FROM python:3.12.1-slim-bullseye
+FROM python:3.12.6-slim
 
 # set label for image
 LABEL Name="formsflow"

forms-flow-documents/Dockerfile-ARM64

@@ -1,5 +1,5 @@
 #Author: Kurian Benoy
-FROM python:3.12.1-slim-bullseye
+FROM python:python:3.12.6-slim
 
 WORKDIR /forms-flow-documents/app
 

forms-flow-documents/requirements.txt

@@ -4,36 +4,36 @@ Flask-Migrate==4.0.7
 Flask-Moment==1.0.5
 Flask-SQLAlchemy==3.1.1
 Flask==2.3.3
-Jinja2==3.1.3
+Jinja2==3.1.4
 Mako==1.3.2
 MarkupSafe==2.1.5
 PyJWT==2.8.0
 PySocks==1.7.1
 SQLAlchemy-Utils==0.41.1
 SQLAlchemy==2.0.28
-Werkzeug==3.0.1
+Werkzeug==3.0.3
 alembic==1.13.1
 aniso8601==9.0.1
 async-timeout==4.0.3
 attrs==23.2.0
 blinker==1.7.0
 cachelib==0.9.0
-certifi==2024.2.2
+certifi==2024.7.4
 cffi==1.16.0
 charset-normalizer==3.3.2
 click==8.1.7
-cryptography==42.0.5
+cryptography==43.0.1
 ecdsa==0.18.0
 flask-jwt-oidc==0.3.0
 flask-marshmallow==1.2.1
 flask-restx==1.3.0
 formsflow_api_utils @ git+https://github.com/AOT-Technologies/forms-flow-ai.git@develop#subdirectory=forms-flow-api-utils
-gunicorn==21.2.0
+gunicorn==22.0.0
 h11==0.14.0
 h2==4.1.0
 hpack==4.0.0
 hyperframe==6.0.1
-idna==3.6
+idna==3.7
 importlib_resources==6.3.2
 itsdangerous==2.1.2
 jsonschema-specifications==2023.12.1
@@ -45,7 +45,7 @@ nested-lookup==0.2.25
 outcome==1.3.0.post0
 packaging==24.0
 psycopg2-binary==2.9.9
-pyOpenSSL==24.1.0
+pyOpenSSL==24.2.1
 pyasn1==0.5.1
 pycparser==2.21
 pyparsing==3.1.2
@@ -54,12 +54,12 @@ python-jose==3.3.0
 pytz==2024.1
 redis==5.0.3
 referencing==0.34.0
-requests==2.31.0
+requests==2.32.2
 rpds-py==0.18.0
 rsa==4.9
 selenium-wire==5.1.0
 selenium==4.19.0
-sentry-sdk==1.43.0
+sentry-sdk==2.8.0
 six==1.16.0
 sniffio==1.3.1
 sortedcontainers==2.4.0
@@ -69,4 +69,4 @@ typing_extensions==4.10.0
 urllib3==2.2.1
 wsproto==1.2.0
 zstandard==0.22.0
-setuptools==69.0.2
+setuptools==70.0.0

forms-flow-idm/keycloak/idp-selector/pom.xml

@@ -9,7 +9,7 @@
 	<name>idp-selector</name>
 	<url>http://maven.apache.org</url>
 	<properties>
-		<keycloak.version>23.0.7</keycloak.version>
+		<keycloak.version>25.0.4</keycloak.version>
 	</properties>
 	<dependencies>
 		<dependency>
@@ -45,7 +45,7 @@
 		<dependency>
 			<groupId>ch.qos.logback</groupId>
 			<artifactId>logback-classic</artifactId>
-			<version>1.2.10</version>
+			<version>1.2.13</version>
 		</dependency>
 		<dependency>
 			<groupId>junit</groupId>

forms-flow-web-root-config/Dockerfile

@@ -46,7 +46,7 @@ RUN if [ $NODE_ENV == "development" ]; then \
 
 
 # Production stage
-FROM nginx:1.25.4-alpine as production-stage
+FROM nginx:1.27-alpine as production-stage
 
 # Set label for image
 LABEL Name="formsflow"

forms-flow-web-root-config/package.json

@@ -8,8 +8,7 @@
     "check-format": "prettier --check .",
     "build": "concurrently npm:build:*",
     "build:webpack": "webpack --mode=production",
-    "build-dev:webpack": "webpack --env isLocal --mode=development",
-    "preinstall": "npm install --package-lock-only --ignore-scripts && npx npm-force-resolutions"
+    "build-dev:webpack": "webpack --env isLocal --mode=development"
   },
   "devDependencies": {
     "concurrently": "^6.2.1",
@@ -21,8 +20,8 @@
     "jest-cli": "^27.0.6",
     "prettier": "^2.3.2",
     "pretty-quick": "^3.1.1",
-    "serve": "^12.0.0",
-    "webpack-dev-server": "^4.0.0"
+    "serve": "^14.2.3",
+    "webpack-dev-server": "^4.15.2"
   },
   "dependencies": {
     "@types/jest": "^27.0.1",
@@ -34,7 +33,7 @@
     "copy-webpack-plugin": "^11.0.0",
     "html-webpack-plugin": "^5.3.2",
     "jest": "^27.0.6",
-    "webpack": "^5.75.0",
+    "webpack": "^5.94.0",
     "webpack-cli": "^4.8.0",
     "webpack-config-single-spa": "^5.0.0",
     "webpack-merge": "^5.8.0",
@@ -43,13 +42,5 @@
     "@babel/plugin-transform-runtime": "^7.15.0",
     "@babel/preset-env": "^7.15.0",
     "@babel/runtime": "^7.15.3"
-  },
-  "resolutions": {
-    "semver": "7.5.3",
-    "minimatch": "3.0.5",
-    "webpack": "5.76.0",
-    "tough-cookie": "4.1.3",
-    "word-wrap": "1.2.4",
-    "postcss": "8.4.31"
   }
 }

forms-flow-web-root-config/src/index.ejs

@@ -6,8 +6,7 @@
   <meta http-equiv="X-UA-Compatible" content="ie=edge">
   <title>formsflow.ai</title>
   <script src="/config/config.js"></script>
-  <link rel="stylesheet" href="https://unpkg.com/bpmn-js-properties-panel@1.3.0/dist/assets/element-templates.css">
-  <link rel="stylesheet" href="https://unpkg.com/bpmn-js-properties-panel@1.3.0/dist/assets/properties-panel.css">
+  <link rel="stylesheet" href="https://unpkg.com/@bpmn-io/properties-panel/dist/assets/properties-panel.css">
   <!-- required dmn modeler styles -->
   <link rel="stylesheet" href="https://unpkg.com/dmn-js@12.3.0/dist/assets/diagram-js.css">
   <link rel="stylesheet" href="https://unpkg.com/dmn-js@12.3.0/dist/assets/dmn-js-shared.css">

forms-flow-web/.eslintrc

@@ -16,24 +16,27 @@
       "version": "detect"
     }
   },
-  "parser": "babel-eslint",
+  "parser": "@babel/eslint-parser",
   "parserOptions": {
     "sourceType": "module",
-    "allowImportExportEverywhere": true
+    "allowImportExportEverywhere": true,
+    "requireConfigFile": false,
+    "babelOptions": {
+      "plugins": ["@babel/plugin-syntax-jsx"]
+    }
   },
   "rules": {
-    "react/react-in-jsx-scope":"off",
-    "no-alert":"warn",
-    "no-console":"off",
-    "react/display-name":"off",
-    "react/prop-types":"off",
-    "max-len": ["error", {"code": 100, "ignoreUrls": true, "ignoreStrings": true, "ignoreComments": true}],
+    "react/react-in-jsx-scope": "off",
+    "no-alert": "warn",
+    "no-console": "off",
+    "react/display-name": "off",
+    "react/prop-types": "off",
+    "max-len": ["error", { "code": 100, "ignoreUrls": true, "ignoreStrings": true, "ignoreComments": true }],
     "no-mixed-operators": "error",
-    "no-tabs": ["error", {"allowIndentationTabs": true}],
-    "semi":"error",
+    "no-tabs": ["error", { "allowIndentationTabs": true }],
+    "semi": "error",
     "semi-style": ["error", "last"],
     "space-infix-ops": ["error", { "int32Hint": false }],
-    "no-useless-concat":"error"
-
+    "no-useless-concat": "error"
   }
-}
+}

forms-flow-web/Dockerfile

@@ -19,7 +19,7 @@ COPY . /forms-flow-web/app/
 RUN npm run build
 
 # Production stage
-FROM nginx:1.25.4-alpine as production-stage
+FROM nginx:1.27-alpine as production-stage
 
 # Copy built files from build stage
 COPY --from=build-stage /forms-flow-web/app/build /usr/share/nginx/html

forms-flow-web/craco.config.js

@@ -1,4 +1,4 @@
-const SingleSpaAppcracoPlugin = require("craco-plugin-single-spa-app-aot");
+const SingleSpaAppcracoPlugin = require("craco-plugin-single-spa-app-aot-test");
 
 const shouldMinimize = process.env.NODE_ENV == "production";
 
@@ -18,10 +18,21 @@ const singleSpaAppPlugin = {
 // Keep any other configuration you are exporting from CRACO and add the plugin to the plugins array
 module.exports = {
   plugins: [singleSpaAppPlugin],
+  webpack: {
+    configure: {
+      resolve: {
+        fallback: {
+          stream: require.resolve("stream-browserify"),
+          buffer: require.resolve("buffer/"),
+          net: false,  // Unfortunately, net can't be polyfilled easily in the browser.
+        },
+      },
+    },
+  },
   devServer: {
     port: 3004,
     headers: {
       "Access-Control-Allow-Origin": "*",
     },
   },
-};
+};

forms-flow-web/package.json

@@ -37,30 +37,32 @@
     "redux-mock-store": "^1.5.4"
   },
   "dependencies": {
-    "@aot-technologies/formio-react": "^1.0.2",
-    "@aot-technologies/formiojs": "^1.0.0",
+    "@aot-technologies/formio-react": "^1.0.2-test2",
+    "@aot-technologies/formiojs": "^1.0.0-test2",
     "@aot-technologies/formsflow-formio-custom-elements": "^1.0.2",
-    "@babel/helper-split-export-declaration": "^7.24.7",
     "@babel/generator": "7.24.1",
+    "@babel/helper-split-export-declaration": "^7.24.7",
     "@babel/plugin-proposal-private-property-in-object": "7.21.11",
-    "@bpmn-io/properties-panel": "^0.17.0",
+    "@bpmn-io/properties-panel": "^3.14.0",
     "@craco/craco": "6.4.5",
     "@material-ui/core": "^4.11.4",
     "@ronchalant/react-loading-overlay": "^1.1.0",
     "@wojtekmaj/react-daterange-picker": "^3.1.0",
     "axios": "^1.4.0",
-    "bpmn-js": "^7.5.0",
+    "bpmn-js": "^16.0.0",
     "bpmn-js-bpmnlint": "^0.19.0",
-    "bpmn-js-properties-panel": "^1.3.0",
+    "bpmn-js-properties-panel": "^5.7.0",
     "bpmn-xml-parser": "^1.6.0",
     "bpmnlint": "^7.8.0",
     "browserslist": "^4.16.6",
-    "camunda-bpmn-moddle": "^6.1.2",
+    "camunda-bpmn-js-behaviors": "^1.2.1",
+    "camunda-bpmn-moddle": "^7.0.1",
     "camunda-dmn-moddle": "^1.1.0",
     "connected-react-router": "^6.9.1",
-    "craco-plugin-single-spa-app-aot": "^2.0.2",
+    "craco-plugin-single-spa-app-aot-test": "^2.0.4",
     "create-react-class": "^15.7.0",
     "crypto-js": "^4.2.0",
+    "diagram-js": "^13.0.0",
     "dmn-js": "^12.3.0",
     "dmn-js-properties-panel": "^1.1.0",
     "dompurify": "^3.0.6",
@@ -90,49 +92,29 @@
     "react-quill": "^2.0.0",
     "react-redux": "^7.2.4",
     "react-router-dom": "^5.1.2",
-    "react-scripts": "^4.0.3",
+    "react-scripts": "^5.0.0",
     "react-select": "^3.2.0",
     "react-toastify": "^7.0.4",
     "recharts": "^1.8.5",
     "redux": "^4.1.0",
     "redux-logger": "^3.0.6",
     "redux-thunk": "^2.3.0",
-    "sass": "^1.32.13",
+    "sass": "^1.79.4",
     "single-spa": "^5.9.4",
     "single-spa-layout": "^2.1.0",
     "single-spa-react": "^5.0.0",
     "sockjs-client": "^1.5.1",
     "source-map-explorer": "^2.5.2",
     "stompjs": "^2.3.3",
+    "stream-browserify": "^3.0.0",
     "ws": "^7.4.6"
   },
   "resolutions": {
-    "browserslist": "^4.17.6",
-    "glob-parent": "^6.0.2",
-    "tar": "^6.1.11",
-    "immer": "^9.0.6",
     "nth-check": "^2.0.1",
-    "ansi-html": "^0.0.9",
-    "node-forge": "^1.2.1",
     "underscore": "1.12.1",
-    "shell-quote": ">=1.7.3",
-    "ejs": ">=3.1.7",
-    "moment-timezone": "0.5.37",
-    "loader-utils": "2.0.4",
-    "minimatch": "3.0.5",
+    "tar": "^6.1.11",
     "d3-color": "3.1.0",
-    "semver": "7.5.3",
-    "@babel/traverse": "7.23.2",
-    "browserify-sign": "4.2.2",
-    "@adobe/css-tools": "4.3.2",
-    "word-wrap": "1.2.4",
-    "tough-cookie": "4.1.3",
-    "follow-redirects": "1.15.6",
-    "express": "4.19.2",
-    "es5-ext": "0.10.63",
-    "ip": "2.0.1",
-    "json5": "^2.2.3",
-    "@babel/generator": "7.24.1"
+    "sass-loader": "16.0.2"
   },
   "browserslist": [
     ">0.2%",

forms-flow-web/src/components/Modeler/Editors/BpmnEditor/index.js

@@ -35,8 +35,8 @@ import {
   BpmnPropertiesProviderModule,
   CamundaPlatformPropertiesProviderModule,
 } from "bpmn-js-properties-panel";
-
-import CamundaExtensionModule from "camunda-bpmn-moddle/lib";
+import camundaPlatformBehaviors from 'camunda-bpmn-js-behaviors/lib/camunda-platform';
+//import CamundaExtensionModule from "camunda-bpmn-moddle/lib";
 import camundaModdleDescriptors from "camunda-bpmn-moddle/resources/camunda";
 
 import lintModule from "bpmn-js-bpmnlint";
@@ -91,7 +91,7 @@ export default React.memo(
             BpmnPropertiesPanelModule,
             BpmnPropertiesProviderModule,
             CamundaPlatformPropertiesProviderModule,
-            CamundaExtensionModule,
+            camundaPlatformBehaviors,
             lintModule,
           ],
           moddleExtensions: {