diff --git a/app.js b/app.js index 9da2041fc..2989ae00a 100644 --- a/app.js +++ b/app.js @@ -6,13 +6,9 @@ const merge = require('lodash/merge'); const helmet = require('helmet'); const compression = require('compression'); const cookieParser = require('cookie-parser'); -const { - BASE_URL, - BASE_PATH, - MOUNT_PATH, - STATIC_URL, - HELMET_CONFIGURATION, -} = require('./url'); +const {HELMET_CONFIGURATION} = require('./config'); +const {MOUNT_PATH} = require('./url'); +const {applyLocals} = require('./services/locals'); const routes = require('./routes'); const debug = require('debug')('talk:app'); @@ -57,12 +53,8 @@ app.set('view engine', 'ejs'); // ROUTES //============================================================================== -// Apply the BASE_PATH, BASE_URL, and MOUNT_PATH on the app.locals, which will -// make them available on the templates and the routers. -app.locals.BASE_URL = BASE_URL; -app.locals.BASE_PATH = BASE_PATH; -app.locals.MOUNT_PATH = MOUNT_PATH; -app.locals.STATIC_URL = STATIC_URL; +// Add the locals to the app renderer. +applyLocals(app.locals); debug(`mounting routes on the ${MOUNT_PATH} path`); diff --git a/client/coral-admin/src/actions/community.js b/client/coral-admin/src/actions/community.js index 890d834b4..921f0a0a2 100644 --- a/client/coral-admin/src/actions/community.js +++ b/client/coral-admin/src/actions/community.js @@ -1,4 +1,4 @@ -import qs from 'qs'; +import queryString from 'query-string'; import { FETCH_COMMENTERS_REQUEST, @@ -17,9 +17,8 @@ import { import t from 'coral-framework/services/i18n'; export const fetchAccounts = (query = {}) => (dispatch, _, {rest}) => { - dispatch(requestFetchAccounts()); - rest(`/users?${qs.stringify(query)}`) + rest(`/users?${queryString.stringify(query)}`) .then(({result, page, count, limit, totalPages}) =>{ dispatch({ type: FETCH_COMMENTERS_SUCCESS, diff --git a/client/coral-embed-stream/src/components/Embed.js b/client/coral-embed-stream/src/components/Embed.js index 86d36d47e..7fc6d1474 100644 --- a/client/coral-embed-stream/src/components/Embed.js +++ b/client/coral-embed-stream/src/components/Embed.js @@ -29,7 +29,7 @@ export default class Embed extends React.Component { }; render() { - const {activeTab, commentId, root, data, auth: {showSignInDialog, signInDialogFocus}, blurSignInDialog, focusSignInDialog, hideSignInDialog} = this.props; + const {activeTab, commentId, root, data, auth: {showSignInDialog, signInDialogFocus}, blurSignInDialog, focusSignInDialog, hideSignInDialog, router: {location: {query: {parentUrl}}}} = this.props; const {user} = this.props.auth; const hasHighlightedComment = !!commentId; @@ -37,7 +37,7 @@ export default class Embed extends React.Component {
{ try { let token = await UsersService.createPasswordResetToken(email, loc); - if (!token) { - res.status(204).end(); - return; + if (token) { + await mailer.sendSimple({ + template: 'password-reset', + locals: { + token, + }, + subject: 'Password Reset', + to: email + }); } - // Send the password reset email. - await mailer.sendSimple({ - template: 'password-reset', // needed to know which template to render! - locals: { // specifies the template locals. - token, - rootURL: ROOT_URL - }, - subject: 'Password Reset', - to: email - }); - res.status(204).end(); } catch (e) { return next(e); @@ -78,22 +70,23 @@ router.post('/password/reset', async (req, res, next) => { * 2) the new password {String} */ router.put('/password/reset', async (req, res, next) => { - - const { - token, - password - } = req.body; + const {check} = req.query; + const {token, password} = req.body; if (!token) { return next(errors.ErrMissingToken); } - if (!password || password.length < 8) { + if (check !== 'true' && (!password || password.length < 8)) { return next(errors.ErrPasswordTooShort); } try { let [user, loc] = await UsersService.verifyPasswordResetToken(token); + if (check === 'true') { + res.status(204).end(); + return; + } // Change the users' password. await UsersService.changePassword(user.id, password); diff --git a/services/domainlist.js b/services/domainlist.js index 29673e2b6..a75d62dca 100644 --- a/services/domainlist.js +++ b/services/domainlist.js @@ -2,6 +2,8 @@ const debug = require('debug')('talk:services:domainlist'); const _ = require('lodash'); const SettingsService = require('./settings'); +const {ROOT_URL} = require('../config'); + /** * The root domainlist object. * @type {Object} @@ -17,31 +19,24 @@ class Domainlist { /** * Loads domains white list in from the database */ - load() { - return SettingsService - .retrieve() - .then((settings) => { - - // Insert the settings domains whitelist. - this.upsert(settings.domains); - }); + async load() { + const {domains} = await SettingsService.retrieve(); + this.upsert(domains); } /** * Inserts the domains whitelist data * @param {Array} list list of domains to be set to the whitelist */ - upsert(lists) { + async upsert(lists) { // Add the domains to this array and also be sure are all unique domains if (!('whitelist' in lists)) { return; } - this.lists['whitelist'] = Domainlist.parseList(lists['whitelist']); - debug(`Added ${lists['whitelist'].length} domains to the whitelist.`); - - return Promise.resolve(this); + this.lists.whitelist = Domainlist.parseList(lists.whitelist); + debug(`Added ${lists.whitelist.length} domains to the whitelist.`); } /** @@ -51,19 +46,22 @@ class Domainlist { */ match(list, url) { + // Parse the url that we're matching with. const domainToMatch = Domainlist.parseURL(url); // This will return true in the event that at least one blockword is found // in the phrase. - for (let i = 0; i < list.length; i++) { - if (list[i] === domainToMatch) { - return true; - } - } + return list.indexOf(domainToMatch) >= 0; + } - // We've walked over all the whitelisted domains, and haven't had a - // mismatch... It is not an allowed domain! - return false; + /** + * Checks to see if the passed url matches the domain of the root path. + * + * @param {String} url + * @returns {Boolean} true if the domains match + */ + static matchMount(url) { + return Domainlist.parseURL(url) === Domainlist.parseURL(ROOT_URL); } /** @@ -84,7 +82,7 @@ class Domainlist { let domain; // removes protocol and get domain - if (url.indexOf('://') > -1) { + if (url.indexOf('//') > -1) { domain = url.split('/')[2]; } else { domain = url.split('/')[0]; @@ -96,13 +94,14 @@ class Domainlist { return domain.toLowerCase(); } - static urlCheck(url) { + static async urlCheck(url) { const dl = new Domainlist(); - return dl.load() - .then(() => { - return dl.match(dl.lists['whitelist'], url); - }); + // Load the domain list. + await dl.load(); + + // Perform a match. + return dl.match(dl.lists.whitelist, url); } } diff --git a/services/email/email-confirm.html.ejs b/services/email/email-confirm.html.ejs index 08a505521..8a1bd05f7 100644 --- a/services/email/email-confirm.html.ejs +++ b/services/email/email-confirm.html.ejs @@ -1,3 +1,3 @@

<%= t('email.confirm.has_been_requested') %> <%= email %>.

-

<%= t('email.confirm.to_confirm') %> Confirm Email

+

<%= t('email.confirm.to_confirm') %> Confirm Email

<%= t('email.confirm.if_you_did_not') %>

diff --git a/services/email/email-confirm.txt.ejs b/services/email/email-confirm.txt.ejs index 6d3cb219c..d327220a7 100644 --- a/services/email/email-confirm.txt.ejs +++ b/services/email/email-confirm.txt.ejs @@ -4,6 +4,6 @@ <%= t('email.confirm.to_confirm') %> - <%= rootURL %>/confirm/endpoint#<%= token %> + <%= BASE_URL %>confirm/endpoint#<%= token %> <%= t('email.confirm.if_you_did_not') %> diff --git a/services/email/password-reset.html.ejs b/services/email/password-reset.html.ejs index 258f0d079..c0ec4ea46 100644 --- a/services/email/password-reset.html.ejs +++ b/services/email/password-reset.html.ejs @@ -1,2 +1,2 @@

<%= t('email.password_reset.we_received_a_request') %>
-<%= t('email.password_reset.if_you_did') %> <%= t('email.password_reset.please_click') %>.

+<%= t('email.password_reset.if_you_did') %> <%= t('email.password_reset.please_click') %>.

diff --git a/services/email/password-reset.txt.ejs b/services/email/password-reset.txt.ejs index a8387925d..e8db4bab2 100644 --- a/services/email/password-reset.txt.ejs +++ b/services/email/password-reset.txt.ejs @@ -1,3 +1,3 @@ <%= t('email.password_reset.we_received_a_request') %>. <%= t('email.password_reset.if_you_did') %> <%= t('email.password_reset.please_click') %>: -<%= rootURL %>/admin/password-reset#<%= token %> +<%= BASE_URL %>admin/password-reset#<%= token %> diff --git a/services/locals.js b/services/locals.js new file mode 100644 index 000000000..9a6a6bec8 --- /dev/null +++ b/services/locals.js @@ -0,0 +1,20 @@ +const { + BASE_URL, + BASE_PATH, + MOUNT_PATH, + STATIC_URL, +} = require('../url'); + +const applyLocals = (locals) => { + + // Apply the BASE_PATH, BASE_URL, and MOUNT_PATH on the app.locals, which will + // make them available on the templates and the routers. + locals.BASE_URL = BASE_URL; + locals.BASE_PATH = BASE_PATH; + locals.MOUNT_PATH = MOUNT_PATH; + locals.STATIC_URL = STATIC_URL; +}; + +module.exports = { + applyLocals, +}; diff --git a/services/mailer.js b/services/mailer.js index 68252bea3..8d650726d 100644 --- a/services/mailer.js +++ b/services/mailer.js @@ -4,6 +4,7 @@ const kue = require('./kue'); const path = require('path'); const fs = require('fs'); const _ = require('lodash'); +const {applyLocals} = require('./locals'); const i18n = require('./i18n'); @@ -92,6 +93,9 @@ const mailer = module.exports = { // Prefix the subject with `[Talk]`. subject = `[Talk] ${subject}`; + applyLocals(locals); + + // Attach the templating function. locals['t'] = i18n.t; return Promise.all([ diff --git a/services/users.js b/services/users.js index 35810ef7f..1dc9bceb6 100644 --- a/services/users.js +++ b/services/users.js @@ -1,8 +1,6 @@ const assert = require('assert'); const uuid = require('uuid'); const bcrypt = require('bcryptjs'); -const url = require('url'); -const Wordlist = require('./wordlist'); const errors = require('../errors'); const { @@ -22,9 +20,10 @@ const USER_ROLES = require('../models/enum/user_roles'); const RECAPTCHA_WINDOW_SECONDS = 60 * 10; // 10 minutes. const RECAPTCHA_INCORRECT_TRIGGER = 5; // after 3 incorrect attempts, recaptcha will be required. -const SettingsService = require('./settings'); const ActionsService = require('./actions'); const MailerService = require('./mailer'); +const Wordlist = require('./wordlist'); +const Domainlist = require('./domainlist'); const EMAIL_CONFIRM_JWT_SUBJECT = 'email_confirm'; const PASSWORD_RESET_JWT_SUBJECT = 'password_reset'; @@ -557,11 +556,10 @@ module.exports = class UsersService { email = email.toLowerCase(); - const [user, settings] = await Promise.all([ + const [user, domainValidated] = await Promise.all([ UserModel.findOne({profiles: {$elemMatch: {id: email}}}), - SettingsService.retrieve(), + Domainlist.urlCheck(loc), ]); - if (!user) { // Since we don't want to reveal that the email does/doesn't exist @@ -569,19 +567,11 @@ module.exports = class UsersService { // endpoint. return; } - let redirectDomain; - try { - const {hostname, port} = url.parse(loc); - redirectDomain = hostname; - if (port) { - redirectDomain += `:${port}`; - } - } catch (e) { - throw new Error('redirect location is invalid'); - } - if (settings.domains.whitelist.indexOf(redirectDomain) === -1) { - throw new Error('redirect location is not on the list of acceptable domains'); + // If the domain didn't match any of the whitelisted domains and if it + // didn't match the mount domain, then throw an error. + if (!domainValidated && !Domainlist.matchMount(loc)) { + throw new Error('user supplied location exists on non-permitted domain'); } const payload = { @@ -619,16 +609,18 @@ module.exports = class UsersService { * Verifies a jwt and returns the associated user. * @param {String} token the JSON Web Token to verify */ - static verifyPasswordResetToken(token) { - return UsersService - .verifyToken(token, { - subject: PASSWORD_RESET_JWT_SUBJECT - }) + static async verifyPasswordResetToken(token) { + const {userId, loc, version} = await UsersService.verifyToken(token, { + subject: PASSWORD_RESET_JWT_SUBJECT + }); - // TODO: add search by __v as well - .then((decoded) => { - return Promise.all([UsersService.findById(decoded.userId), decoded.loc]); - }); + const user = await UsersService.findById(userId); + + if (version !== user.__v) { + throw new Error('password reset token has expired'); + } + + return [user, loc]; } /** diff --git a/test/server/services/domainlist.js b/test/server/services/domainlist.js index 9dafa438a..33afdda87 100644 --- a/test/server/services/domainlist.js +++ b/test/server/services/domainlist.js @@ -26,13 +26,84 @@ describe('services.Domainlist', () => { }); + describe('#parseURL', () => { + it('parses the domain correctly', () => { + [ + ['http://google.ca/test', 'google.ca'], + ['http://google.ca:80/test', 'google.ca'], + ['https://google.ca/test', 'google.ca'], + ['https://google.ca:443/test', 'google.ca'], + ['//google.ca/test', 'google.ca'], + ['//google.ca:80/test', 'google.ca'], + ['//google.ca:443/test', 'google.ca'], + ['google.ca/test', 'google.ca'], + ['google.ca:80/test', 'google.ca'], + ['google.ca:443/test', 'google.ca'], + ['http://google.ca/', 'google.ca'], + ['http://google.ca:80/', 'google.ca'], + ['https://google.ca/', 'google.ca'], + ['https://google.ca:443/', 'google.ca'], + ['//google.ca/', 'google.ca'], + ['//google.ca:80/', 'google.ca'], + ['//google.ca:443/', 'google.ca'], + ['google.ca/', 'google.ca'], + ['google.ca:80/', 'google.ca'], + ['google.ca:443/', 'google.ca'], + ['google.ca', 'google.ca'], + ['http://google.ca', 'google.ca'], + ['http://google.ca:80', 'google.ca'], + ['https://google.ca', 'google.ca'], + ['https://google.ca:443', 'google.ca'], + ['//google.ca', 'google.ca'], + ['//google.ca:80', 'google.ca'], + ['//google.ca:443', 'google.ca'], + ['google.ca', 'google.ca'], + ['google.ca:80', 'google.ca'], + ['google.ca:443', 'google.ca'], + ['http://google.Ca/test', 'google.ca'], + ['http://google.ca:80/test', 'google.ca'], + ['https://google.Ca/test', 'google.ca'], + ['https://google.ca:443/test', 'google.ca'], + ['//google.Ca/test', 'google.ca'], + ['//google.Ca:80/test', 'google.ca'], + ['//google.Ca:443/test', 'google.ca'], + ['google.Ca/test', 'google.ca'], + ['google.ca:80/test', 'google.ca'], + ['google.ca:443/test', 'google.ca'], + ['http://Google.ca/', 'google.ca'], + ['http://google.Ca:80/', 'google.ca'], + ['https://Google.ca/', 'google.ca'], + ['https://google.Ca:443/', 'google.ca'], + ['//Google.ca/', 'google.ca'], + ['//google.Ca:80/', 'google.ca'], + ['//google.Ca:443/', 'google.ca'], + ['Google.ca/', 'google.ca'], + ['google.Ca:80/', 'google.ca'], + ['google.Ca:443/', 'google.ca'], + ['Google.ca', 'google.ca'], + ['http://Google.ca', 'google.ca'], + ['http://google.Ca:80', 'google.ca'], + ['https://Google.ca', 'google.ca'], + ['https://google.Ca:443', 'google.ca'], + ['//Google.ca', 'google.ca'], + ['//google.Ca:80', 'google.ca'], + ['//google.Ca:443', 'google.ca'], + ['Google.ca', 'google.ca'], + ['google.Ca:80', 'google.ca'], + ['google.Ca:443', 'google.ca'], + ].forEach(([domain, hostname]) => { + expect(Domainlist.parseURL(domain), `domain ${domain} should be parsed as ${hostname}`).to.equal(hostname); + }); + }); + }); + describe('#match', () => { const whiteList = Domainlist.parseList(domainlists['whitelist']); it('does match on an included domain', () => { [ - 'wapo.com', + 'http://wapo.com', 'nytimes.com' ].forEach((domain) => { expect(domainlist.match(whiteList, domain)).to.be.true; diff --git a/views/admin/password-reset.ejs b/views/admin/password-reset.ejs index f02e5b6f8..6725409d1 100644 --- a/views/admin/password-reset.ejs +++ b/views/admin/password-reset.ejs @@ -15,11 +15,13 @@ background: #fff; } - #root form { + .container { max-width: 300px; - border: 1px solid lightgrey; - box-shadow: 0px 10px 24px 2px rgba(0,0,0,0.2); margin: 50px auto; + } + + #root form { + display: none; padding: 15px; } @@ -81,7 +83,8 @@
-
+
+ Set new password -
foo
diff --git a/yarn.lock b/yarn.lock index 5451ae7bd..6baec97cb 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1344,10 +1344,6 @@ check-more-types@2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/check-more-types/-/check-more-types-2.3.0.tgz#b8397c69dc92a3e645f18932c045b09c74419ec4" -check-valid-url@0.0.2: - version "0.0.2" - resolved "https://registry.yarnpkg.com/check-valid-url/-/check-valid-url-0.0.2.tgz#938fc545fc90b71edf800f7345bfd36f3aa0a057" - cheerio@^0.20.0: version "0.20.0" resolved "https://registry.yarnpkg.com/cheerio/-/cheerio-0.20.0.tgz#5c710f2bab95653272842ba01c6ea61b3545ec35" @@ -1874,17 +1870,6 @@ css-loader@^0.28.5: postcss-value-parser "^3.3.0" source-list-map "^2.0.0" -css-modules-loader-core@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/css-modules-loader-core/-/css-modules-loader-core-1.0.1.tgz#94e3eec9bc8174df0f974641f3e0d0550497f694" - dependencies: - icss-replace-symbols "1.0.2" - postcss "5.1.2" - postcss-modules-extract-imports "1.0.0" - postcss-modules-local-by-default "1.1.1" - postcss-modules-scope "1.0.2" - postcss-modules-values "1.2.2" - css-parse@1.7.x: version "1.7.0" resolved "https://registry.yarnpkg.com/css-parse/-/css-parse-1.7.0.tgz#321f6cf73782a6ff751111390fc05e2c657d8c9b" @@ -2057,6 +2042,10 @@ decamelize@^1.0.0, decamelize@^1.1.1, decamelize@^1.1.2: version "1.2.0" resolved "https://registry.yarnpkg.com/decamelize/-/decamelize-1.2.0.tgz#f6534d15148269b20352e7bee26f501f9a191290" +decode-uri-component@^0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545" + deep-eql@^0.1.3: version "0.1.3" resolved "https://registry.yarnpkg.com/deep-eql/-/deep-eql-0.1.3.tgz#ef558acab8de25206cd713906d74e56930eb69f2" @@ -2406,13 +2395,6 @@ escodegen@^1.6.1: optionalDependencies: source-map "~0.2.0" -eslint-module-utils@^2.1.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/eslint-module-utils/-/eslint-module-utils-2.1.1.tgz#abaec824177613b8a95b299639e1b6facf473449" - dependencies: - debug "^2.6.8" - pkg-dir "^1.0.0" - eslint-plugin-json@^1.2.0: version "1.2.0" resolved "https://registry.yarnpkg.com/eslint-plugin-json/-/eslint-plugin-json-1.2.0.tgz#9ba73bb0be99d50093e889f5b968463d2a30efae" @@ -2973,12 +2955,6 @@ gauge@~2.7.1: strip-ansi "^3.0.1" wide-align "^1.1.0" -generic-names@^1.0.1: - version "1.0.2" - resolved "https://registry.yarnpkg.com/generic-names/-/generic-names-1.0.2.tgz#e25b7feceb5b5a8f28f5f972a7ccfe57e562adcd" - dependencies: - loader-utils "^0.2.16" - get-caller-file@^1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-1.0.2.tgz#f702e63127e7e231c160a80c1554acb70d5047e5" @@ -3200,6 +3176,10 @@ graphql-anywhere@^3.0.0, graphql-anywhere@^3.0.1: version "3.0.1" resolved "https://registry.yarnpkg.com/graphql-anywhere/-/graphql-anywhere-3.0.1.tgz#73531db861174c8f212eafb9f8e84944b38b4e5a" +graphql-anywhere@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/graphql-anywhere/-/graphql-anywhere-3.1.0.tgz#3ea0d8e8646b5cee68035016a9a7557c15c21e96" + graphql-docs@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/graphql-docs/-/graphql-docs-0.2.0.tgz#cf803f9c9d354fa03e89073d74e419261a5bfa74" @@ -3526,7 +3506,7 @@ iconv-lite@^0.4.17, iconv-lite@~0.4.13: version "0.4.18" resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.18.tgz#23d8656b16aae6742ac29732ea8f0336a4789cf2" -icss-replace-symbols@1.0.2, icss-replace-symbols@^1.0.2: +icss-replace-symbols@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/icss-replace-symbols/-/icss-replace-symbols-1.0.2.tgz#cb0b6054eb3af6edc9ab1d62d01933e2d4c8bfa5" @@ -4761,7 +4741,7 @@ metascraper@^1.0.7: popsicle "^6.2.0" to-title-case "^1.0.0" -methods@1.x, methods@^1.1.1, methods@^1.1.2, methods@~1.1.2: +methods@^1.1.1, methods@^1.1.2, methods@~1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee" @@ -5542,12 +5522,6 @@ pinkie@^2.0.0: version "2.0.4" resolved "https://registry.yarnpkg.com/pinkie/-/pinkie-2.0.4.tgz#72556b80cfa0d48a974e80e77248e80ed4f7f870" -pkg-dir@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/pkg-dir/-/pkg-dir-1.0.0.tgz#7a4b508a8d5bb2d629d447056ff4e9c9314cf3d4" - dependencies: - find-up "^1.0.0" - pkg-dir@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/pkg-dir/-/pkg-dir-2.0.0.tgz#f6d5d1109e19d63edf428e0bd57e12777615334b" @@ -5803,48 +5777,33 @@ postcss-mixins@^2.1.0: postcss "^5.0.10" postcss-simple-vars "^1.0.1" -postcss-modules-extract-imports@1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/postcss-modules-extract-imports/-/postcss-modules-extract-imports-1.0.0.tgz#5b07f368e350cda6fd5c8844b79123a7bd3e37be" - dependencies: - postcss "^5.0.4" - postcss-modules-extract-imports@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/postcss-modules-extract-imports/-/postcss-modules-extract-imports-1.0.1.tgz#8fb3fef9a6dd0420d3f6d4353cf1ff73f2b2a341" dependencies: postcss "^5.0.4" -postcss-modules-local-by-default@1.1.1, postcss-modules-local-by-default@^1.0.1: +postcss-modules-local-by-default@^1.0.1: version "1.1.1" resolved "https://registry.yarnpkg.com/postcss-modules-local-by-default/-/postcss-modules-local-by-default-1.1.1.tgz#29a10673fa37d19251265ca2ba3150d9040eb4ce" dependencies: css-selector-tokenizer "^0.6.0" postcss "^5.0.4" -postcss-modules-scope@1.0.2, postcss-modules-scope@^1.0.0: +postcss-modules-scope@^1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/postcss-modules-scope/-/postcss-modules-scope-1.0.2.tgz#ff977395e5e06202d7362290b88b1e8cd049de29" dependencies: css-selector-tokenizer "^0.6.0" postcss "^5.0.4" -postcss-modules-values@1.2.2, postcss-modules-values@^1.1.0: +postcss-modules-values@^1.1.0: version "1.2.2" resolved "https://registry.yarnpkg.com/postcss-modules-values/-/postcss-modules-values-1.2.2.tgz#f0e7d476fe1ed88c5e4c7f97533a3e772ad94ca1" dependencies: icss-replace-symbols "^1.0.2" postcss "^5.0.14" -postcss-modules@^0.5.2: - version "0.5.2" - resolved "https://registry.yarnpkg.com/postcss-modules/-/postcss-modules-0.5.2.tgz#9d682fed3f282bd64b2aa4feb6f22a2af435ffda" - dependencies: - css-modules-loader-core "^1.0.1" - generic-names "^1.0.1" - postcss "^5.1.2" - string-hash "^1.1.0" - postcss-nested@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/postcss-nested/-/postcss-nested-1.0.1.tgz#91f28f4e6e23d567241ac154558a0cfab4cc0d8f" @@ -5995,15 +5954,7 @@ postcss-zindex@^2.0.1: postcss "^5.0.4" uniqs "^2.0.0" -postcss@5.1.2: - version "5.1.2" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-5.1.2.tgz#bd84886a66bcad489afaf7c673eed5ef639551e2" - dependencies: - js-base64 "^2.1.9" - source-map "^0.5.6" - supports-color "^3.1.2" - -postcss@^5.0.0, postcss@^5.0.10, postcss@^5.0.11, postcss@^5.0.12, postcss@^5.0.13, postcss@^5.0.14, postcss@^5.0.16, postcss@^5.0.19, postcss@^5.0.2, postcss@^5.0.4, postcss@^5.0.5, postcss@^5.0.6, postcss@^5.0.8, postcss@^5.1.2, postcss@^5.2.13, postcss@^5.2.15, postcss@^5.2.16, postcss@^5.2.17, postcss@^5.2.4, postcss@^5.2.5: +postcss@^5.0.0, postcss@^5.0.10, postcss@^5.0.11, postcss@^5.0.12, postcss@^5.0.13, postcss@^5.0.14, postcss@^5.0.16, postcss@^5.0.19, postcss@^5.0.2, postcss@^5.0.4, postcss@^5.0.5, postcss@^5.0.6, postcss@^5.0.8, postcss@^5.2.13, postcss@^5.2.15, postcss@^5.2.16, postcss@^5.2.17, postcss@^5.2.4, postcss@^5.2.5: version "5.2.17" resolved "https://registry.yarnpkg.com/postcss/-/postcss-5.2.17.tgz#cf4f597b864d65c8a492b2eabe9d706c879c388b" dependencies: @@ -6274,11 +6225,13 @@ query-string@^4.1.0, query-string@^4.2.2: object-assign "^4.1.0" strict-uri-encode "^1.0.0" -query-strings@^0.0.1: - version "0.0.1" - resolved "https://registry.yarnpkg.com/query-strings/-/query-strings-0.0.1.tgz#d22bab97c9d39e2267b3b8e5f78592424b3e58cd" +query-string@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/query-string/-/query-string-5.0.0.tgz#fbdf7004b4d2aff792f9871981b7a2794f555947" dependencies: - check-valid-url "0.0.2" + decode-uri-component "^0.2.0" + object-assign "^4.1.0" + strict-uri-encode "^1.0.0" querystring-es3@^0.2.0: version "0.2.1" @@ -7280,13 +7233,6 @@ superagent@^2.0.0: qs "^6.1.0" readable-stream "^2.0.5" -supertest@^2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/supertest/-/supertest-2.0.1.tgz#a058081d788f1515d4700d7502881e6b759e44cd" - dependencies: - methods "1.x" - superagent "^2.0.0" - supports-color@3.1.2, supports-color@^3.1.0: version "3.1.2" resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-3.1.2.tgz#72a262894d9d408b956ca05ff37b2ed8a6e2a2d5"