fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PARSEURL-2935944 - https://snyk.io/vuln/SNYK-JS-PARSEURL-2935947
2026-03-31 21:26:49 +00:00 · 2022-06-28 03:46:49 +00:00
9 changed files with 169 additions and 70 deletions
--- a/21
+++ b/21
@@ -1,23 +1,10 @@
-FROM --platform=linux/amd64 node:16.15.1-alpine as base
-
-RUN apk --update --no-cache add --virtual .builds-deps build-base python3
-
+FROM node:lts-slim
 WORKDIR /opt/app/
-
-FROM base as build
-
 COPY package.json package-lock.json ./
-
 RUN npm ci
-
-COPY . .
-
-FROM base
-
-COPY --from=build /opt/app /opt/app/
-
+RUN npm prune
+COPY . /opt/app
 ARG NODE_ENV
-
 ENV NODE_ENV $NODE_ENV

-CMD [ "node", "app.js" ]
+CMD [ "npm", "start" ]
--- a/lib/tasks/config.js
+++ b/lib/tasks/config.js
@@ -101,7 +101,7 @@ class TaskConfig extends Task {
        cs.disableBotMode();
      }
    }
-    if (this.record.action) cs.notifyRecordOptions(this.record);
+    if (this.record) cs.notifyRecordOptions(this.record);
  }

  async kill(cs) {
--- a/lib/tasks/gather.js
+++ b/lib/tasks/gather.js
@@ -251,8 +251,7 @@ class TaskGather extends Task {
      this.logger.info(`continuousAsr triggered with dtmf ${this.asrDtmfTerminationDigit}`);
      this._clearAsrTimer();
      this._clearTimer();
-      this._startFinalAsrTimer();
-      return;
+      this._resolve(this._bufferedTranscripts.length > 0 ? 'speech' : 'timeout');
    }
    if (!resolved && this.interDigitTimeout > 0 && this.digitBuffer.length >= this.minDigits) {
      /* start interDigitTimer */
@@ -404,20 +403,6 @@ class TaskGather extends Task {
    this._asrTimer = null;
  }

-  _startFinalAsrTimer() {
-    this._clearFinalAsrTimer();
-    this._finalAsrTimer = setTimeout(() => {
-      this.logger.debug('_startFinalAsrTimer - final asr timer went off');
-      this._resolve(this._bufferedTranscripts.length > 0 ? 'speech' : 'timeout');
-    }, 1000);
-    this.logger.debug('_startFinalAsrTimer: set for 1 second');
-  }
-
-  _clearFinalAsrTimer() {
-    if (this._finalAsrTimer) clearTimeout(this._finalAsrTimer);
-    this._finalAsrTimer = null;
-  }
-
  _killAudio(cs) {
    if (!this.sayTask && !this.playTask && this.bargein) {
      if (this.ep?.connected && !this.playComplete) {
@@ -481,10 +466,6 @@ class TaskGather extends Task {
        this.logger.info({evt}, 'TaskGather:_onTranscription - got transcript during continous asr');
        this._bufferedTranscripts.push(evt);
        this._clearTimer();
-        if (this._finalAsrTimer) {
-          this._clearFinalAsrTimer();
-          return this._resolve(this._bufferedTranscripts.length > 0 ? 'speech' : 'timeout');
-        }
        this._startAsrTimer();
        return this._startTranscribing(ep);
      }
--- a/lib/tasks/listen.js
+++ b/lib/tasks/listen.js
@@ -22,6 +22,8 @@ class TaskListen extends Task {
    this.results = {};

    if (this.transcribe) this.transcribeTask = makeTask(logger, {'transcribe': opts.transcribe}, this);
+
+    this._dtmfHandler = this._onDtmf.bind(this);
  }

  get name() { return TaskName.Listen; }
@@ -29,7 +31,6 @@ class TaskListen extends Task {
  async exec(cs, ep) {
    await super.exec(cs);
    this.ep = ep;
-    this._dtmfHandler = this._onDtmf.bind(this, ep);

    try {
      this.hook = this.normalizeUrl(this.url, 'GET', this.wsAuth);
@@ -147,13 +148,7 @@ class TaskListen extends Task {

  }

-  _onDtmf(ep, evt) {
-    this.logger.debug({evt}, `TaskListen:_onDtmf received dtmf ${evt.dtmf}`);
-    if (this.passDtmf && this.ep?.connected) {
-      const obj = {event: 'dtmf', dtmf: evt.dtmf, duration: evt.duration};
-      this.ep.forkAudioSendText(obj)
-        .catch((err) => this.logger.info({err}, 'TaskListen:_onDtmf error sending dtmf'));
-    }
+  _onDtmf(evt) {
    if (evt.dtmf === this.finishOnKey) {
      this.logger.info(`TaskListen:_onDtmf terminating task due to dtmf ${evt.dtmf}`);
      this.results.digits = evt.dtmf;
--- a/lib/tasks/sip_request.js
+++ b/lib/tasks/sip_request.js
@@ -12,7 +12,6 @@ class TaskSipRequest extends Task {
    this.method = this.data.method.toUpperCase();
    this.headers = this.data.headers || {};
    this.body = this.data.body;
-    if (this.body) this.body = `${this.body}\n`;
  }

  get name() { return TaskName.SipRequest; }
--- a/lib/tasks/task.js
+++ b/lib/tasks/task.js
@@ -145,7 +145,7 @@ class Task extends Emitter {

  async performAction(results, expectResponse = true) {
    if (this.actionHook) {
-      const params = results ? Object.assign(this.cs.callInfo.toJSON(), results) : this.cs.callInfo.toJSON();
+      const params = results ? Object.assign(results, this.cs.callInfo.toJSON()) : this.cs.callInfo.toJSON();
      const span = this.startSpan('verb:hook', {'hook.url': this.actionHook});
      const b3 = this.getTracingPropagation('b3', span);
      const httpHeaders = b3 && {b3};
--- a/lib/utils/http-requestor.js
+++ b/lib/utils/http-requestor.js
@@ -23,8 +23,9 @@ class HttpRequestor extends BaseRequestor {
    this.authHeader = basicAuth(hook.username, hook.password);

    const u = parseUrl(this.url);
-    //const myPort = u.port ? `:${u.port}` : '';
-    const baseUrl = this._baseUrl = `${u.protocol}://${u.resource}`;
+    const myPort = u.port ? `:${u.port}` : '';
+    const baseUrl = this._baseUrl = `${u.protocol}://${u.resource}${myPort}`;
+
    this.get = bent(baseUrl, 'GET', 'buffer', 200, 201);
    this.post = bent(baseUrl, 'POST', 'buffer', 200, 201);

--- a/package-lock.json
+++ b/package-lock.json
@@ -33,13 +33,13 @@
        "helmet": "^5.1.0",
        "ip": "^1.1.8",
        "moment": "^2.29.3",
-        "parse-url": "^7.0.2",
+        "parse-url": "^6.0.1",
        "pino": "^6.14.0",
        "sdp-transform": "^2.14.1",
        "short-uuid": "^4.2.0",
        "to-snake-case": "^1.0.0",
        "uuid": "^8.3.2",
-        "verify-aws-sns-signature": "^0.0.7",
+        "verify-aws-sns-signature": "^0.0.6",
        "ws": "^8.8.0",
        "xml2js": "^0.4.23"
      },
@@ -1847,6 +1847,14 @@
        "node": ">=0.10.0"
      }
    },
+    "node_modules/decode-uri-component": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz",
+      "integrity": "sha512-hjf+xovcEn31w/EUYdTXQh/8smFL/dzYjohQGEIgjyNavaJfBY2p5F527Bo1VPATxv0VYTUC2bOcXvqFwk78Og==",
+      "engines": {
+        "node": ">=0.10"
+      }
+    },
    "node_modules/deep-equal": {
      "version": "2.0.5",
      "resolved": "https://registry.npmjs.org/deep-equal/-/deep-equal-2.0.5.tgz",
@@ -2687,6 +2695,14 @@
      "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==",
      "optional": true
    },
+    "node_modules/filter-obj": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/filter-obj/-/filter-obj-1.1.0.tgz",
+      "integrity": "sha512-8rXg1ZnX7xzy2NGDVkBVaAy+lSlPNwad13BtgSlLuxfIslyt5Vg64U7tFcCt4WS1R0hvtnQybT/IyCkGZ3DpXQ==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
    "node_modules/finalhandler": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz",
@@ -4679,9 +4695,9 @@
      }
    },
    "node_modules/parse-url": {
-      "version": "7.0.2",
-      "resolved": "https://registry.npmjs.org/parse-url/-/parse-url-7.0.2.tgz",
-      "integrity": "sha512-PqO4Z0eCiQ08Wj6QQmrmp5YTTxpYfONdOEamrtvK63AmzXpcavIVQubGHxOEwiIoDZFb8uDOoQFS0NCcjqIYQg==",
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/parse-url/-/parse-url-6.0.1.tgz",
+      "integrity": "sha512-EY1/ifgf9BnizQoS09a7xbUI7LOzqUsLgmY/5xe+W3XVpsbARDZmmrjPqyDx0mdioZPBpKbeTisAHrLLndX/Qw==",
      "dependencies": {
        "is-ssh": "^1.4.0",
        "normalize-url": "^6.1.0",
@@ -4893,6 +4909,23 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
+    "node_modules/query-string": {
+      "version": "6.14.1",
+      "resolved": "https://registry.npmjs.org/query-string/-/query-string-6.14.1.tgz",
+      "integrity": "sha512-XDxAeVmpfu1/6IjyT/gXHOl+S0vQ9owggJ30hhWKdHAsNPOcasn5o9BW0eejZqL2e4vMjhAxoW3jVHcD6mbcYw==",
+      "dependencies": {
+        "decode-uri-component": "^0.2.0",
+        "filter-obj": "^1.1.0",
+        "split-on-first": "^1.0.0",
+        "strict-uri-encode": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
    "node_modules/querystring": {
      "version": "0.2.0",
      "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz",
@@ -5403,6 +5436,14 @@
        "node": ">=8"
      }
    },
+    "node_modules/split-on-first": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/split-on-first/-/split-on-first-1.1.0.tgz",
+      "integrity": "sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
    "node_modules/sprintf-js": {
      "version": "1.0.3",
      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -5430,6 +5471,14 @@
      "resolved": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.1.tgz",
      "integrity": "sha512-AiisoFqQ0vbGcZgQPY1cdP2I76glaVA/RauYR4G4thNFgkTqr90yXTo4LYX60Jl+sIlPNHHdGSwo01AvbKUSVQ=="
    },
+    "node_modules/strict-uri-encode": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz",
+      "integrity": "sha512-QwiXZgpRcKkhTj2Scnn++4PKtWsH0kpzZ62L2R6c/LUVYv7hVnZqcg2+sMuT6R7Jusu1vviK/MFsu6kNJfWlEQ==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
    "node_modules/string_decoder": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
@@ -5984,14 +6033,41 @@
      }
    },
    "node_modules/verify-aws-sns-signature": {
-      "version": "0.0.7",
-      "resolved": "https://registry.npmjs.org/verify-aws-sns-signature/-/verify-aws-sns-signature-0.0.7.tgz",
-      "integrity": "sha512-j/yePIQvLqRGshOwuEs9VT7jGh++1hBoOjjt+Rl4aAffJTu+22GwTPfAD9fLY9VqRrR4Cuiid3eNHOkmxE3TNg==",
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/verify-aws-sns-signature/-/verify-aws-sns-signature-0.0.6.tgz",
+      "integrity": "sha512-Dz/H8ewScsdZ0BUKcdEyD5dNA0U5Btaa+6ei9dE/tFbQ57h7rjVnJm7D4GwgVUb+Mv8jUjUALduPT2iw0epLHA==",
      "dependencies": {
-        "bent": "^7.3.12",
-        "parse-url": "^7.0.2"
+        "bent": "^7.3.0",
+        "parse-url": "^5.0.1"
      }
    },
+    "node_modules/verify-aws-sns-signature/node_modules/parse-path": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/parse-path/-/parse-path-4.0.4.tgz",
+      "integrity": "sha512-Z2lWUis7jlmXC1jeOG9giRO2+FsuyNipeQ43HAjqAZjwSe3SEf+q/84FGPHoso3kyntbxa4c4i77t3m6fGf8cw==",
+      "dependencies": {
+        "is-ssh": "^1.3.0",
+        "protocols": "^1.4.0",
+        "qs": "^6.9.4",
+        "query-string": "^6.13.8"
+      }
+    },
+    "node_modules/verify-aws-sns-signature/node_modules/parse-url": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/parse-url/-/parse-url-5.0.8.tgz",
+      "integrity": "sha512-KFg5QvyiOKJGQSwUT7c5A4ELs0TJ33gmx/NBjK0FvZUD6aonFuXHUVa3SIa2XpbYVkYU8VlDrD3oCbX1ufy0zg==",
+      "dependencies": {
+        "is-ssh": "^1.3.0",
+        "normalize-url": "^6.1.0",
+        "parse-path": "^4.0.4",
+        "protocols": "^1.4.0"
+      }
+    },
+    "node_modules/verify-aws-sns-signature/node_modules/protocols": {
+      "version": "1.4.8",
+      "resolved": "https://registry.npmjs.org/protocols/-/protocols-1.4.8.tgz",
+      "integrity": "sha512-IgjKyaUSjsROSO8/D49Ab7hP8mJgTYcqApOqdPhLoPxAplXmkp+zRvsrSQjFn5by0rhm4VH0GAUELIPpx7B1yg=="
+    },
    "node_modules/verror": {
      "version": "1.10.0",
      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
@@ -7664,6 +7740,11 @@
      "integrity": "sha1-9lNNFRSCabIDUue+4m9QH5oZEpA=",
      "dev": true
    },
+    "decode-uri-component": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz",
+      "integrity": "sha512-hjf+xovcEn31w/EUYdTXQh/8smFL/dzYjohQGEIgjyNavaJfBY2p5F527Bo1VPATxv0VYTUC2bOcXvqFwk78Og=="
+    },
    "deep-equal": {
      "version": "2.0.5",
      "resolved": "https://registry.npmjs.org/deep-equal/-/deep-equal-2.0.5.tgz",
@@ -8348,6 +8429,11 @@
      "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==",
      "optional": true
    },
+    "filter-obj": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/filter-obj/-/filter-obj-1.1.0.tgz",
+      "integrity": "sha512-8rXg1ZnX7xzy2NGDVkBVaAy+lSlPNwad13BtgSlLuxfIslyt5Vg64U7tFcCt4WS1R0hvtnQybT/IyCkGZ3DpXQ=="
+    },
    "finalhandler": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz",
@@ -9837,9 +9923,9 @@
      }
    },
    "parse-url": {
-      "version": "7.0.2",
-      "resolved": "https://registry.npmjs.org/parse-url/-/parse-url-7.0.2.tgz",
-      "integrity": "sha512-PqO4Z0eCiQ08Wj6QQmrmp5YTTxpYfONdOEamrtvK63AmzXpcavIVQubGHxOEwiIoDZFb8uDOoQFS0NCcjqIYQg==",
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/parse-url/-/parse-url-6.0.1.tgz",
+      "integrity": "sha512-EY1/ifgf9BnizQoS09a7xbUI7LOzqUsLgmY/5xe+W3XVpsbARDZmmrjPqyDx0mdioZPBpKbeTisAHrLLndX/Qw==",
      "requires": {
        "is-ssh": "^1.4.0",
        "normalize-url": "^6.1.0",
@@ -10007,6 +10093,17 @@
        "side-channel": "^1.0.4"
      }
    },
+    "query-string": {
+      "version": "6.14.1",
+      "resolved": "https://registry.npmjs.org/query-string/-/query-string-6.14.1.tgz",
+      "integrity": "sha512-XDxAeVmpfu1/6IjyT/gXHOl+S0vQ9owggJ30hhWKdHAsNPOcasn5o9BW0eejZqL2e4vMjhAxoW3jVHcD6mbcYw==",
+      "requires": {
+        "decode-uri-component": "^0.2.0",
+        "filter-obj": "^1.1.0",
+        "split-on-first": "^1.0.0",
+        "strict-uri-encode": "^2.0.0"
+      }
+    },
    "querystring": {
      "version": "0.2.0",
      "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz",
@@ -10399,6 +10496,11 @@
        "which": "^2.0.1"
      }
    },
+    "split-on-first": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/split-on-first/-/split-on-first-1.1.0.tgz",
+      "integrity": "sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw=="
+    },
    "sprintf-js": {
      "version": "1.0.3",
      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -10420,6 +10522,11 @@
      "resolved": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.1.tgz",
      "integrity": "sha512-AiisoFqQ0vbGcZgQPY1cdP2I76glaVA/RauYR4G4thNFgkTqr90yXTo4LYX60Jl+sIlPNHHdGSwo01AvbKUSVQ=="
    },
+    "strict-uri-encode": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz",
+      "integrity": "sha512-QwiXZgpRcKkhTj2Scnn++4PKtWsH0kpzZ62L2R6c/LUVYv7hVnZqcg2+sMuT6R7Jusu1vviK/MFsu6kNJfWlEQ=="
+    },
    "string_decoder": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
@@ -10855,12 +10962,41 @@
      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg=="
    },
    "verify-aws-sns-signature": {
-      "version": "0.0.7",
-      "resolved": "https://registry.npmjs.org/verify-aws-sns-signature/-/verify-aws-sns-signature-0.0.7.tgz",
-      "integrity": "sha512-j/yePIQvLqRGshOwuEs9VT7jGh++1hBoOjjt+Rl4aAffJTu+22GwTPfAD9fLY9VqRrR4Cuiid3eNHOkmxE3TNg==",
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/verify-aws-sns-signature/-/verify-aws-sns-signature-0.0.6.tgz",
+      "integrity": "sha512-Dz/H8ewScsdZ0BUKcdEyD5dNA0U5Btaa+6ei9dE/tFbQ57h7rjVnJm7D4GwgVUb+Mv8jUjUALduPT2iw0epLHA==",
      "requires": {
-        "bent": "^7.3.12",
-        "parse-url": "^7.0.2"
+        "bent": "^7.3.0",
+        "parse-url": "^5.0.1"
+      },
+      "dependencies": {
+        "parse-path": {
+          "version": "4.0.4",
+          "resolved": "https://registry.npmjs.org/parse-path/-/parse-path-4.0.4.tgz",
+          "integrity": "sha512-Z2lWUis7jlmXC1jeOG9giRO2+FsuyNipeQ43HAjqAZjwSe3SEf+q/84FGPHoso3kyntbxa4c4i77t3m6fGf8cw==",
+          "requires": {
+            "is-ssh": "^1.3.0",
+            "protocols": "^1.4.0",
+            "qs": "^6.9.4",
+            "query-string": "^6.13.8"
+          }
+        },
+        "parse-url": {
+          "version": "5.0.8",
+          "resolved": "https://registry.npmjs.org/parse-url/-/parse-url-5.0.8.tgz",
+          "integrity": "sha512-KFg5QvyiOKJGQSwUT7c5A4ELs0TJ33gmx/NBjK0FvZUD6aonFuXHUVa3SIa2XpbYVkYU8VlDrD3oCbX1ufy0zg==",
+          "requires": {
+            "is-ssh": "^1.3.0",
+            "normalize-url": "^6.1.0",
+            "parse-path": "^4.0.4",
+            "protocols": "^1.4.0"
+          }
+        },
+        "protocols": {
+          "version": "1.4.8",
+          "resolved": "https://registry.npmjs.org/protocols/-/protocols-1.4.8.tgz",
+          "integrity": "sha512-IgjKyaUSjsROSO8/D49Ab7hP8mJgTYcqApOqdPhLoPxAplXmkp+zRvsrSQjFn5by0rhm4VH0GAUELIPpx7B1yg=="
+        }
      }
    },
    "verror": {
--- a/package.json
+++ b/package.json
@@ -50,13 +50,13 @@
    "helmet": "^5.1.0",
    "ip": "^1.1.8",
    "moment": "^2.29.3",
-    "parse-url": "^7.0.2",
+    "parse-url": "^6.0.1",
    "pino": "^6.14.0",
    "sdp-transform": "^2.14.1",
    "short-uuid": "^4.2.0",
    "to-snake-case": "^1.0.0",
    "uuid": "^8.3.2",
-    "verify-aws-sns-signature": "^0.0.7",
+    "verify-aws-sns-signature": "^0.0.6",
    "ws": "^8.8.0",
    "xml2js": "^0.4.23"
  },