[WC-1416]: Update vulnerable dependencies (#61)

Author: Illia Obukhau

package.json

@@ -79,7 +79,9 @@
       "react": "~17.0.2",
       "react-dom": "~17.0.2",
       "react-test-renderer": "~17.0.2",
-      "typescript": "4.5.4"
+      "typescript": "4.5.4",
+      "d3-color@<3.1.0": ">=3.1.0",
+      "loader-utils@<1.4.1": ">=1.4.1"
     }
   }
 }

packages/pluggableWidgets/charts-web/CHANGELOG.md

@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
+### Security
+
+-   Updade d3-color library to 3.1.0 to prevent ReDoS
+
 ## [4.0.1] Charts - 2022-11-10
 
 ### Changed

packages/pluggableWidgets/charts-web/package.json

@@ -1,6 +1,6 @@
 {
   "name": "charts-web",
-  "version": "4.0.1",
+  "version": "4.0.2",
   "description": "Chart widgets collection for data visualization",
   "license": "Apache-2.0",
   "private": false,

packages/pluggableWidgets/charts-web/src/package.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <package xmlns="http://www.mendix.com/package/1.0/">
-    <clientModule name="Charts" version="4.0.1" xmlns="http://www.mendix.com/clientModule/1.0/">
+    <clientModule name="Charts" version="4.0.2" xmlns="http://www.mendix.com/clientModule/1.0/">
         <widgetFiles>
             <widgetFile path="AreaChart/AreaChart.xml" />
             <widgetFile path="BarChart/BarChart.xml" />

packages/pluggableWidgets/rich-text-web/CHANGELOG.md

@@ -6,6 +6,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
+### Security
+
+-   Update ckeditor4 to version 4.20.0 to prevent XSS
+
+### Changed
+
+-   Remove CSS file for WebSpellChecker Dialog plugin as it rich end of support from ckeditor4
+
 ## [2.0.1] - 2022-05-23
 
 ### Changed

packages/pluggableWidgets/rich-text-web/package.json

@@ -1,7 +1,7 @@
 {
   "name": "rich-text-web",
   "widgetName": "RichText",
-  "version": "2.0.1",
+  "version": "2.1.0",
   "description": "Rich inline or toolbar text editing",
   "copyright": "© Mendix Technology BV 2022. All rights reserved.",
   "repository": {
@@ -72,7 +72,7 @@
     "typescript": "4.5.4"
   },
   "dependencies": {
-    "ckeditor4": "~4.17.1",
+    "ckeditor4": "^4.20.0",
     "ckeditor4-react": "^2.1.0",
     "classnames": "^2.3.2",
     "sanitize-html": "^2.7.3"

packages/pluggableWidgets/rich-text-web/src/package.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <package xmlns="http://www.mendix.com/package/1.0/">
-    <clientModule name="RichText" version="2.0.1" xmlns="http://www.mendix.com/clientModule/1.0/">
+    <clientModule name="RichText" version="2.1.0" xmlns="http://www.mendix.com/clientModule/1.0/">
         <widgetFiles>
             <widgetFile path="RichText.xml" />
         </widgetFiles>

packages/pluggableWidgets/rich-text-web/src/ui/RichText.scss

@@ -9,7 +9,6 @@
 @use "~ckeditor4/plugins/colordialog/dialogs/colordialog.css";
 @use "~ckeditor4/plugins/emoji/skins/default.css" as emoji;
 @use "~ckeditor4/plugins/preview/styles/screen.css";
-@use "~ckeditor4/plugins/wsc/skins/moono-lisa/wsc.css";
 @use "~ckeditor4/plugins/copyformatting/styles/copyformatting.css";
 
 .widget-rich-text {