Merge pull request #1593 from ral-facilities/renovate/npm-axios-vulne…

…rability

Update dependency axios to v1 [SECURITY]

packages/datagateway-common/package.json

@@ -12,7 +12,7 @@
     "@emotion/styled": "11.11.0",
     "@mui/x-date-pickers": "6.11.2",
     "@types/lodash.debounce": "4.0.6",
-    "axios": "0.27.2",
+    "axios": "1.6.0",
     "connected-react-router": "6.9.1",
     "date-fns": "2.30.0",
     "hex-to-rgba": "2.0.1",
@@ -102,6 +102,9 @@
     ]
   },
   "jest": {
+    "transformIgnorePatterns": [
+      "node_modules/(?!axios)"
+    ],
     "collectCoverageFrom": [
       "src/**/*.{tsx,ts,js,jsx}",
       "!src/index.tsx",

packages/datagateway-common/src/api/datafiles.tsx

@@ -1,4 +1,4 @@
-import axios, { AxiosError } from 'axios';
+import axios, { AxiosError, AxiosProgressEvent } from 'axios';
 import { getApiParams, parseSearchToQuery } from '.';
 import { readSciGatewayToken } from '../parseTokens';
 import { useSelector } from 'react-redux';
@@ -262,7 +262,7 @@ const downloadDatafileToMemory = ({
 }: {
   idsUrl: string;
   datafileId: Datafile['id'];
-  onDownloadProgress?: (progressEvent: ProgressEvent) => void;
+  onDownloadProgress?: (progressEvent: AxiosProgressEvent) => void;
 }): Promise<Blob> =>
   axios
     .get(`${idsUrl}/getData`, {
@@ -289,7 +289,7 @@ export const useDatafileContent = ({
   ...queryOptions
 }: {
   datafileId: Datafile['id'];
-  onDownloadProgress: (progressEvent: ProgressEvent) => void;
+  onDownloadProgress: (progressEvent: AxiosProgressEvent) => void;
 } & UseQueryOptions<
   Blob,
   AxiosError,

packages/datagateway-common/src/api/lucene.test.tsx

@@ -38,9 +38,9 @@ describe('Lucene actions', () => {
 
     const params = {
       sessionId: null,
-      query: {
+      query: JSON.stringify({
         target: 'Investigation',
-      },
+      }),
       maxCount: 300,
     };
     expect(axios.get).toHaveBeenCalledWith(
@@ -79,12 +79,12 @@ describe('Lucene actions', () => {
 
     const params = {
       sessionId: null,
-      query: {
+      query: JSON.stringify({
         target: 'Datafile',
-        text: 'test',
         lower: '200001010000',
         upper: '202012312359',
-      },
+        text: 'test',
+      }),
       maxCount: 100,
     };
     expect(axios.get).toHaveBeenCalledWith(
@@ -123,12 +123,12 @@ describe('Lucene actions', () => {
 
     const params = {
       sessionId: null,
-      query: {
+      query: JSON.stringify({
         target: 'Datafile',
-        text: 'test',
         lower: '200001010000',
         upper: '9000012312359',
-      },
+        text: 'test',
+      }),
       maxCount: 100,
     };
     expect(axios.get).toHaveBeenCalledWith(
@@ -158,8 +158,13 @@ describe('Lucene actions', () => {
 
     await endDateTest.waitFor(() => endDateTest.result.current.isSuccess);
 
+    params.query = JSON.parse(params.query);
+
     params.query.upper = '202012312359';
     params.query.lower = '0000001010000';
+
+    params.query = JSON.stringify(params.query);
+
     expect(axios.get).toHaveBeenCalledWith(
       'https://example.com/icat/lucene/data',
       {

packages/datagateway-common/src/api/lucene.tsx

@@ -70,7 +70,7 @@ export const fetchLuceneData = async (
   // Query params.
   const queryParams = {
     sessionId: readSciGatewayToken().sessionId,
-    query: urlParamsBuilder(datasearchType, params),
+    query: JSON.stringify(urlParamsBuilder(datasearchType, params)),
     // Default maximum count is 300.
     maxCount: params.maxCount ? params.maxCount : 300,
   };

packages/datagateway-common/src/setupTests.tsx

@@ -13,7 +13,7 @@ import thunk from 'redux-thunk';
 import configureStore from 'redux-mock-store';
 import { createMemoryHistory, History } from 'history';
 
-jest.setTimeout(15000);
+jest.setTimeout(20000);
 
 if (typeof window.URL.createObjectURL === 'undefined') {
   // required as work-around for enzyme/jest environment not implementing window.URL.createObjectURL method

packages/datagateway-dataview/package.json

@@ -19,7 +19,7 @@
     "@types/react-router-dom": "5.3.3",
     "@types/react-virtualized": "9.21.10",
     "@types/redux-logger": "3.0.8",
-    "axios": "0.27.2",
+    "axios": "1.6.0",
     "connected-react-router": "6.9.1",
     "custom-event-polyfill": "1.0.7",
     "datagateway-common": "^1.1.2",
@@ -83,6 +83,9 @@
     ]
   },
   "jest": {
+    "transformIgnorePatterns": [
+      "node_modules/(?!axios)"
+    ],
     "collectCoverageFrom": [
       "src/**/*.{tsx,ts,js,jsx}",
       "!src/index.tsx",

packages/datagateway-dataview/src/page/idCheckFunctions.test.ts

@@ -37,7 +37,7 @@ describe('ID check functions', () => {
     await checkInvestigationId(1, 2);
     expect(axios.get).toHaveBeenCalledWith('/datasets/findone', {
       params: {
-        where: { id: { eq: 2 } },
+        where: JSON.stringify({ id: { eq: 2 } }),
         include: '"investigation"',
       },
       headers: { Authorization: 'Bearer null' },
@@ -52,7 +52,7 @@ describe('ID check functions', () => {
     await checkInvestigationId(1, 2);
     expect(axios.get).toHaveBeenCalledWith('/test/datasets/findone', {
       params: {
-        where: { id: { eq: 2 } },
+        where: JSON.stringify({ id: { eq: 2 } }),
         include: '"investigation"',
       },
       headers: { Authorization: 'Bearer null' },
@@ -78,7 +78,7 @@ describe('ID check functions', () => {
       expect(result).toBe(true);
       expect(axios.get).toHaveBeenCalledWith('/datasets/findone', {
         params: {
-          where: { id: { eq: 2 } },
+          where: JSON.stringify({ id: { eq: 2 } }),
           include: '"investigation"',
         },
         headers: { Authorization: 'Bearer null' },
@@ -166,13 +166,13 @@ describe('ID check functions', () => {
       expect(result).toBe(true);
       expect(axios.get).toHaveBeenCalledWith('/investigations', {
         params: {
-          where: {
+          where: JSON.stringify({
             id: { eq: 3 },
             investigationInstrument: { instrument: { id: { eq: 1 } } },
             investigationFacilityCycle: {
               facilityCycle: { id: { eq: 2 } },
             },
-          },
+          }),
         },
         headers: { Authorization: 'Bearer null' },
       });

packages/datagateway-dataview/src/page/idCheckFunctions.ts

@@ -30,11 +30,11 @@ const unmemoizedCheckInvestigationId = (
   return axios
     .get(`${apiUrl}/datasets/findone`, {
       params: {
-        where: {
+        where: JSON.stringify({
           id: {
             eq: datasetId,
           },
-        },
+        }),
         include: '"investigation"',
       },
       headers: {
@@ -68,15 +68,15 @@ const unmemoizedCheckInstrumentAndFacilityCycleId = (
   return axios
     .get(`${apiUrl}/investigations`, {
       params: {
-        where: {
+        where: JSON.stringify({
           id: {
             eq: investigationId,
           },
           investigationInstrument: { instrument: { id: { eq: instrumentId } } },
           investigationFacilityCycle: {
             facilityCycle: { id: { eq: facilityCycleId } },
           },
-        },
+        }),
       },
       headers: {
         Authorization: `Bearer ${readSciGatewayToken().sessionId}`,

packages/datagateway-dataview/src/setupTests.ts

@@ -9,7 +9,7 @@ import { initialState as dgDataViewInitialState } from './state/reducers/dgdatav
 import { dGCommonInitialState } from 'datagateway-common';
 import { screen, within } from '@testing-library/react';
 
-jest.setTimeout(15000);
+jest.setTimeout(20000);
 
 function noOp(): void {
   // required as work-around for enzyme/jest environment not implementing window.URL.createObjectURL method

packages/datagateway-dataview/src/views/datafilePreview/datafilePreviewer.component.tsx

@@ -129,7 +129,7 @@ function DatafilePreviewer({
       onDownloadProgress: (event) => {
         setStatus({
           code: 'LOADING_CONTENT',
-          progress: (event.loaded / event.total) * 100,
+          progress: (event.loaded / (event.total ?? event.loaded)) * 100,
         });
       },
     });

packages/datagateway-download/package.json

@@ -16,7 +16,7 @@
     "@types/react-dom": "17.0.11",
     "@types/react-router-dom": "5.3.3",
     "@types/react-virtualized": "9.21.10",
-    "axios": "0.27.2",
+    "axios": "1.6.0",
     "datagateway-common": "^1.1.2",
     "date-fns": "2.30.0",
     "date-fns-tz": "2.0.0",
@@ -103,6 +103,9 @@
     ]
   },
   "jest": {
+    "transformIgnorePatterns": [
+      "node_modules/(?!axios)"
+    ],
     "snapshotSerializers": [
       "enzyme-to-json/serializer"
     ],

packages/datagateway-download/src/downloadApi.ts

@@ -336,11 +336,11 @@ export const getDatafileCount: (
     return axios
       .get<number>(`${settings.apiUrl}/datafiles/count`, {
         params: {
-          where: {
+          where: JSON.stringify({
             'dataset.investigation.id': {
               eq: entityId,
             },
-          },
+          }),
         },
         headers: {
           Authorization: `Bearer ${readSciGatewayToken().sessionId}`,

packages/datagateway-download/src/downloadApiHooks.test.tsx

@@ -492,11 +492,11 @@ describe('Download Cart API react-query hooks test', () => {
         `${mockedSettings.apiUrl}/datafiles/count`,
         {
           params: {
-            where: {
+            where: JSON.stringify({
               'dataset.investigation.id': {
                 eq: 2,
               },
-            },
+            }),
           },
           headers: {
             Authorization: 'Bearer null',

packages/datagateway-download/src/setupTests.ts

@@ -1,7 +1,7 @@
 /* eslint-disable @typescript-eslint/no-empty-function */
 import '@testing-library/jest-dom';
 
-jest.setTimeout(15000);
+jest.setTimeout(20000);
 
 function noOp(): void {
   // required as work-around for enzyme/jest environment not implementing window.URL.createObjectURL method

packages/datagateway-search/package.json

@@ -20,7 +20,7 @@
     "@types/react-router-dom": "5.3.3",
     "@types/react-virtualized": "9.21.10",
     "@types/redux-logger": "3.0.8",
-    "axios": "0.27.2",
+    "axios": "1.6.0",
     "connected-react-router": "6.9.1",
     "custom-event-polyfill": "1.0.7",
     "datagateway-common": "^1.1.2",
@@ -83,6 +83,9 @@
     ]
   },
   "jest": {
+    "transformIgnorePatterns": [
+      "node_modules/(?!axios)"
+    ],
     "snapshotSerializers": [
       "enzyme-to-json/serializer"
     ],

packages/datagateway-search/src/searchPageContainer.component.test.tsx

@@ -484,10 +484,10 @@ describe('SearchPageContainer - Tests', () => {
       {
         params: {
           maxCount: 300,
-          query: {
+          query: JSON.stringify({
             target: 'Investigation',
             text: 'hello',
-          },
+          }),
           sessionId: null,
         },
       }
@@ -498,10 +498,10 @@ describe('SearchPageContainer - Tests', () => {
       {
         params: {
           maxCount: 300,
-          query: {
+          query: JSON.stringify({
             target: 'Dataset',
             text: 'hello',
-          },
+          }),
           sessionId: null,
         },
       }
@@ -512,10 +512,10 @@ describe('SearchPageContainer - Tests', () => {
       {
         params: {
           maxCount: 300,
-          query: {
+          query: JSON.stringify({
             target: 'Datafile',
             text: 'hello',
-          },
+          }),
           sessionId: null,
         },
       }

packages/datagateway-search/src/setupTests.ts

@@ -8,7 +8,7 @@ import { dGCommonInitialState } from 'datagateway-common';
 import { initialState as dgSearchInitialState } from './state/reducers/dgsearch.reducer';
 import { screen, within } from '@testing-library/react';
 
-jest.setTimeout(15000);
+jest.setTimeout(20000);
 
 // Unofficial React 17 Enzyme adapter
 Enzyme.configure({ adapter: new Adapter() });