fix(vuln): backport #679

wzrdtales · wzrdtales · commit 8b5beacdee33 · 2020-04-14T21:46:58.000+02:00
Signed-off-by: Tobias Gurtzick &lt;magic@wizardtales.com&gt;
diff --git a/api.js b/api.js
@@ -64,7 +64,9 @@ function dbmigrate (plugins, isModule, options, callback) {
     if (typeof options.cwd === 'string') internals.cwd = options.cwd;
     else internals.cwd = process.cwd();
 
-    if (typeof options.cmdOptions === 'object') internals.cmdOptions = options.cmdOptions;
+    if (typeof options.cmdOptions === 'object') {
+      internals.cmdOptions = options.cmdOptions;
+    }
   } else internals.cwd = process.cwd();
 
   if (typeof isModule === 'function') {
@@ -108,10 +110,10 @@ dbmigrate.prototype = {
   },
 
   /**
-    * Registers and initializes hooks.
-    *
-    * @returns Promise
-    */
+   * Registers and initializes hooks.
+   *
+   * @returns Promise
+   */
   registerAPIHook: function (callback) {
     var plugins = this.internals.plugins;
     var self = this;
@@ -316,8 +318,8 @@ dbmigrate.prototype = {
   },
 
   /**
-    * Transition migrations to the latest defined protocol.
-    */
+   * Transition migrations to the latest defined protocol.
+   */
   transition: function () {
     load('transition')(this.internals);
   },
diff --git a/generateLoader.js b/generateLoader.js
@@ -15,8 +15,8 @@ const path = require('path');
 
 const files = {
 ${files
-  .map(x => `  "${x.substring(0, x.indexOf('.js'))}": require('./${x}')`)
-  .join(',\n')}
+    .map(x => `  "${x.substring(0, x.indexOf('.js'))}": require('./${x}')`)
+    .join(',\n')}
 }
 
 function register (module) {
diff --git a/index.js b/index.js
@@ -1,4 +1,5 @@
-require('pkginfo')(module, 'version'); // jshint ignore:line
+module.exports.version = require('./package.json').version;
+
 var fs = require('fs');
 var path = require('path');
 var log = require('db-migrate-shared').log;
@@ -65,7 +66,7 @@ function loadPlugins (options) {
 
 module.exports.getInstance = function (isModule, options = {}, callback) {
   delete require.cache[require.resolve('./api.js')];
-  delete require.cache[require.resolve('optimist')];
+  delete require.cache[require.resolve('yargs')];
   var Mod = require('./api.js');
   var plugins = {};
   options.cwd = options.cwd || process.cwd();
diff --git a/lib/commands/create-migration.js b/lib/commands/create-migration.js
@@ -4,7 +4,7 @@ var _assert = require('./helper/assert');
 var log = require('db-migrate-shared').log;
 var mkdirp = require('mkdirp');
 var fs = require('fs');
-var optimist = require('optimist');
+var yargs = require('yargs');
 var util = require('util');
 
 function createMigrationDir (dir, callback) {
@@ -32,7 +32,7 @@ function executeCreateMigration (internals, config, callback) {
   if (internals.argv._.length === 0) {
     log.error("'migrationName' is required.");
     if (!internals.isModule) {
-      optimist.showHelp();
+      yargs.showHelp();
     }
 
     if (typeof callback !== 'function') {
diff --git a/lib/commands/run.js b/lib/commands/run.js
@@ -7,7 +7,7 @@ var transition;
 function run (internals, config) {
   const { load } = internals;
   const transition = load('transition');
-  console.log(load);
+  console.log('hello');
   var action = internals.argv._.shift();
   var folder = action.split(':');
 
diff --git a/lib/commands/set-default-argv.js b/lib/commands/set-default-argv.js
@@ -1,4 +1,4 @@
-var optimist = require('optimist');
+var yargs = require('yargs');
 var log = require('db-migrate-shared').log;
 
 module.exports = function (internals, isModule) {
@@ -19,7 +19,7 @@ module.exports = function (internals, isModule) {
   };
 
   if (!isModule) {
-    internals.argv = optimist
+    internals.argv = yargs
       .default(defaultConfig)
       .usage(
         'Usage: db-migrate [up|down|check|reset|sync|create|db|transition] ' +
@@ -42,7 +42,10 @@ module.exports = function (internals, isModule) {
       .string('c')
       .describe('dry-run', "Prints the SQL but doesn't run it.")
       .boolean('dry-run')
-      .describe('check', 'Prints the migrations to be run without running them.')
+      .describe(
+        'check',
+        'Prints the migrations to be run without running them.'
+      )
       .boolean('check')
       .describe(
         'force-exit',
@@ -98,39 +101,36 @@ module.exports = function (internals, isModule) {
       .describe('ignore-completed-migrations', 'Start at the first migration')
       .boolean('ignore-completed-migrations')
       .describe('log-level', 'Set the log-level, for example sql|warn')
-      .string('log-level');
+      .string('log-level')
+      .parse();
   } else {
-    const _internalsArgv = Object.assign(defaultConfig, internals.cmdOptions);
-    internals.argv = {
-      get argv () {
-        return _internalsArgv;
-      }
-    };
+    internals.argv = Object.assign(defaultConfig, internals.cmdOptions);
   }
 
   var plugins = internals.plugins;
   var plugin = plugins.hook('init:cli:config:hook');
-  var _config = internals.argv.argv.config;
+  var _config = internals.argv.config;
 
   if (plugin) {
     plugin.forEach(function (plugin) {
       // var configs = plugin['init:cli:config:hook']();
       // if (!configs) return;
-      // hook not yet used, we look into migrating away from optimist first
+      // hook not yet used, we look into migrating away from yargs first
     });
   }
 
-  internals.argv = deepExtend(internals.argv.argv, rc('db-migrate', {}));
+  internals.argv = deepExtend(internals.argv, rc('db-migrate', {}));
   internals.argv.rcconfig = internals.argv.config;
   internals.argv.config = internals.argv.configFile || _config;
 
   if (internals.argv.version) {
+    console.log(internals.argv.version);
     console.log(internals.dbm.version);
     process.exit(0);
   }
 
   if (!isModule && (internals.argv.help || internals.argv._.length === 0)) {
-    optimist.showHelp();
+    yargs.showHelp();
     process.exit(1);
   }
 
@@ -147,7 +147,7 @@ module.exports = function (internals, isModule) {
   internals.notransactions = internals.argv['non-transactional'];
   internals.dryRun = internals.argv['dry-run'];
   global.dryRun = internals.dryRun;
-  internals.check = internals.argv['check'];
+  internals.check = internals.argv.check;
 
   if (internals.dryRun) {
     log.info('dry run');
diff --git a/lib/config.js b/lib/config.js
@@ -176,8 +176,8 @@ exports.loadObject = function (_config, currentEnv) {
 
   if (currentEnv) {
     out.setCurrent(currentEnv);
-  } else if (config['default']) {
-    out.setCurrent(config['default']);
+  } else if (config.default) {
+    out.setCurrent(config.default);
   } else if (config.defaultEnv) {
     if (config.defaultEnv.ENV) {
       out.setCurrent(process.env[config.defaultEnv.ENV]);
diff --git a/package-lock.json b/package-lock.json

Original file line number	Diff line number	Diff line change
`@@ -15,8 +15,8 @@ const path = require('path');`
`15`	`15`
`16`	`16`	`const files = {`
`17`	`17`	`${files`
`18`		- .map(x => ` "${x.substring(0, x.indexOf('.js'))}": require('./${x}')`)
`19`		`- .join(',\n')}`
	`18`	+ .map(x => ` "${x.substring(0, x.indexOf('.js'))}": require('./${x}')`)
	`19`	`+ .join(',\n')}`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`function register (module) {`