Update braces to fix possible ReDoS

[php-coder]

See for details: https://www.npmjs.com/advisories/786 and https://snyk.io/vuln/npm:braces:20180219

Because this dependency is required by Babel and used only in build-time, the severity is low in our case.

Tech debt for: 054acbc (#1060)

[php-coder]

Here is the report:

[INFO] Running 'npm audit' in /Users/coder/git/mystamps.git/src/main/frontend
[INFO]
[INFO]                        === npm audit security report ===
[INFO]
[INFO] ┌──────────────────────────────────────────────────────────────────────────────┐
[INFO] │                                Manual Review                                 │
[INFO] │            Some vulnerabilities require your attention to resolve            │
[INFO] │                                                                              │
[INFO] │         Visit https://go.npm.me/audit-guide for additional guidance          │
[INFO] └──────────────────────────────────────────────────────────────────────────────┘
[INFO] ┌───────────────┬──────────────────────────────────────────────────────────────┐
[INFO] │ Low           │ Regular Expression Denial of Service                         │
[INFO] ├───────────────┼──────────────────────────────────────────────────────────────┤
[INFO] │ Package       │ braces                                                       │
[INFO] ├───────────────┼──────────────────────────────────────────────────────────────┤
[INFO] │ Patched in    │ >=2.3.1                                                      │
[INFO] ├───────────────┼──────────────────────────────────────────────────────────────┤
[INFO] │ Dependency of │ babel-cli [dev]                                              │
[INFO] ├───────────────┼──────────────────────────────────────────────────────────────┤
[INFO] │ Path          │ babel-cli > chokidar > anymatch > micromatch > braces        │
[INFO] ├───────────────┼──────────────────────────────────────────────────────────────┤
[INFO] │ More info     │ https://npmjs.com/advisories/786                             │
[INFO] └───────────────┴──────────────────────────────────────────────────────────────┘
[INFO] found 1 low severity vulnerability in 3079 scanned packages
[INFO]   1 vulnerability requires manual review. See the full report for details.

[php-coder]

It seems like we can't just upgrade braces because it may break the packages that depends on it. One of the solution is to update babel-cli to 7.x version that will use newer versions of the dependencies that don't have vulnerability.

So, now this issue is (kind of) blocked by #1063

[php-coder]

Unblocked.

[php-coder]

One of the solution is to update babel-cli to 7.x version that will use newer versions of the dependencies that don't have vulnerability.

Quote from https://babeljs.io/docs/en/env/#babel-7 :

If you are using Babel version 7 you will need to run npm install @babel/preset-env and have "presets": ["@babel/preset-env"] in your configuration.

[php-coder]

After updating to a newest Babel, we could try to use arrow functions instead of bind():

--- src/main/frontend/src/components/SimilarSeriesForm.js
+++ src/main/frontend/src/components/SimilarSeriesForm.js
@@ -15,18 +15,16 @@ class SimilarSeriesForm extends React.Component {
                        hasServerError: false,
                        validationErrors: []
                };
-               this.handleSubmit = this.handleSubmit.bind(this);
-               this.handleChange = this.handleChange.bind(this);
        }

-       handleChange(event) {
+       handleChange = (event) => {
                event.preventDefault();
                this.setState({
                        similarSeriesId: event.target.value
                });
        }

-       handleSubmit(event) {
+       handleSubmit = (event) => {
                event.preventDefault();

                this.setState({

At this moment, the compilation fails with error

[ERROR] SyntaxError: src/components/SimilarSeriesForm.js: Unexpected token (20:14)
[ERROR]   18 | 	}
[ERROR]   19 |
[ERROR] > 20 | 	handleChange = (event) => {
[ERROR]      | 	             ^
[ERROR]   21 | 		event.preventDefault();
[ERROR]   22 | 		this.setState({
[ERROR]   23 | 			similarSeriesId: event.target.value
[ERROR] npm ERR! code ELIFECYCLE
[ERROR] npm ERR! errno 1

[php-coder]

One of the solution is to update babel-cli to 7.x version

See #1441

[php-coder]

After updating to a newest Babel, we could try to use arrow functions instead of bind():

Now it fails with another error:

[ERROR] { SyntaxError: /Users/coder/git/mystamps/src/main/frontend/src/components/AddReleaseYearForm.js: Support for the experimental syntax 'classProperties' isn't currently enabled (17:15):
[ERROR]
[ERROR]   15 | 	}
[ERROR]   16 |
[ERROR] > 17 | 	handleChange = (event) => {
[ERROR]      | 	             ^
[ERROR]   18 | 		event.preventDefault();
[ERROR]   19 | 		this.setState({
[ERROR]   20 | 			year: event.target.value
[ERROR]
[ERROR] Add @babel/plugin-proposal-class-properties (https://git.io/vb4SL) to the 'plugins' section of your Babel config to enable transformation.
[ERROR] If you want to leave it as-is, add @babel/plugin-syntax-class-properties (https://git.io/vb4yQ) to the 'plugins' section to enable parsing.
[ERROR]     at Object._raise (/Users/coder/git/mystamps/src/main/frontend/node_modules/@babel/parser/lib/index.js:746:17)
[ERROR]     at Object.raiseWithData (/Users/coder/git/mystamps/src/main/frontend/node_modules/@babel/parser/lib/index.js:739:17)
[ERROR]     at Object.expectPlugin (/Users/coder/git/mystamps/src/main/frontend/node_modules/@babel/parser/lib/index.js:8812:18)
[ERROR]     at Object.parseClassProperty (/Users/coder/git/mystamps/src/main/frontend/node_modules/@babel/parser/lib/index.js:12185:12)
[ERROR]     at Object.pushClassProperty (/Users/coder/git/mystamps/src/main/frontend/node_modules/@babel/parser/lib/index.js:12145:30)
[ERROR]     at Object.parseClassMemberWithIsStatic (/Users/coder/git/mystamps/src/main/frontend/node_modules/@babel/parser/lib/index.js:12078:14)
[ERROR]     at Object.parseClassMember (/Users/coder/git/mystamps/src/main/frontend/node_modules/@babel/parser/lib/index.js:12015:10)
[ERROR]     at withTopicForbiddingContext (/Users/coder/git/mystamps/src/main/frontend/node_modules/@babel/parser/lib/index.js:11960:14)
[ERROR]     at Object.withTopicForbiddingContext (/Users/coder/git/mystamps/src/main/frontend/node_modules/@babel/parser/lib/index.js:11031:14)
[ERROR]     at Object.parseClassBody (/Users/coder/git/mystamps/src/main/frontend/node_modules/@babel/parser/lib/index.js:11937:10)
[ERROR]   loc: Position { line: 17, column: 14 },
[ERROR]   pos: 337,
[ERROR]   missingPlugin: [ 'classProperties' ],
[ERROR]   code: 'BABEL_PARSE_ERROR' }
[ERROR] npm ERR! code ELIFECYCLE
[ERROR] npm ERR! errno 1