Patch Tuesday 🐸 (directus#20714)

.changeset/brown-maps-float.md

@@ -0,0 +1,27 @@
+---
+"directus": patch
+"@directus/app": patch
+"@directus/api": patch
+"@directus/sdk": patch
+"@directus/components": patch
+"@directus/composables": patch
+"create-directus-extension": patch
+"create-directus-project": patch
+"@directus/data-driver-postgres": patch
+"@directus/data-sql": patch
+"@directus/data": patch
+"@directus/errors": patch
+"@directus/extensions-sdk": patch
+"@directus/extensions": patch
+"@directus/random": patch
+"@directus/release-notes-generator": patch
+"@directus/schema": patch
+"@directus/storage-driver-azure": patch
+"@directus/storage-driver-cloudinary": patch
+"@directus/storage-driver-gcs": patch
+"@directus/storage-driver-local": patch
+"@directus/storage-driver-s3": patch
+"@directus/storage": patch
+---
+
+Updated dependencies in all packages

api/package.json

@@ -65,7 +65,7 @@
 	},
 	"dependencies": {
 		"@authenio/samlify-node-xmllint": "2.0.0",
-		"@aws-sdk/client-ses": "3.332.0",
+		"@aws-sdk/client-ses": "3.470.0",
 		"@directus/app": "workspace:*",
 		"@directus/constants": "workspace:*",
 		"@directus/errors": "workspace:*",
@@ -84,145 +84,145 @@
 		"@directus/storage-driver-supabase": "workspace:*",
 		"@directus/utils": "workspace:*",
 		"@directus/validation": "workspace:*",
-		"@godaddy/terminus": "4.12.0",
-		"@rollup/plugin-alias": "5.0.0",
+		"@godaddy/terminus": "4.12.1",
+		"@rollup/plugin-alias": "5.1.0",
 		"@rollup/plugin-node-resolve": "15.2.3",
-		"@rollup/plugin-virtual": "3.0.1",
-		"argon2": "0.31.1",
-		"async": "3.2.4",
-		"axios": "1.4.0",
+		"@rollup/plugin-virtual": "3.0.2",
+		"argon2": "0.31.2",
+		"async": "3.2.5",
+		"axios": "1.6.2",
 		"busboy": "1.6.0",
 		"bytes": "3.1.2",
 		"camelcase": "7.0.1",
-		"chalk": "5.2.0",
+		"chalk": "5.3.0",
 		"chokidar": "3.5.3",
 		"commander": "10.0.1",
 		"content-disposition": "0.5.4",
 		"cookie-parser": "1.4.6",
 		"cors": "2.8.5",
-		"cron-parser": "4.8.1",
+		"cron-parser": "4.9.0",
 		"date-fns": "2.30.0",
 		"deep-diff": "1.0.2",
 		"destroy": "1.2.0",
-		"dotenv": "16.0.3",
+		"dotenv": "16.3.1",
 		"encodeurl": "1.0.2",
 		"eventemitter2": "6.4.9",
-		"execa": "7.1.1",
+		"execa": "7.2.0",
 		"exif-reader": "1.2.0",
 		"express": "4.18.2",
 		"flat": "5.0.2",
-		"fs-extra": "11.1.1",
+		"fs-extra": "11.2.0",
 		"glob-to-regexp": "0.4.1",
 		"graphql": "16.8.1",
 		"graphql-compose": "9.0.10",
-		"graphql-ws": "5.14.1",
+		"graphql-ws": "5.14.2",
 		"helmet": "7.1.0",
 		"icc": "3.0.0",
-		"inquirer": "9.2.4",
+		"inquirer": "9.2.12",
 		"ioredis": "5.3.2",
 		"isolated-vm": "4.6.0",
-		"joi": "17.9.2",
+		"joi": "17.11.0",
 		"js-yaml": "4.1.0",
 		"js2xmlparser": "5.0.0",
 		"json2csv": "5.0.7",
-		"jsonwebtoken": "9.0.1",
-		"keyv": "4.5.2",
-		"knex": "2.4.2",
+		"jsonwebtoken": "9.0.2",
+		"keyv": "4.5.4",
+		"knex": "2.5.1",
 		"ldapjs": "2.3.3",
-		"liquidjs": "10.7.1",
+		"liquidjs": "10.9.4",
 		"lodash-es": "4.17.21",
-		"marked": "5.0.2",
+		"marked": "5.1.2",
 		"micromustache": "8.0.3",
 		"mime-types": "2.1.35",
-		"minimatch": "9.0.1",
+		"minimatch": "9.0.3",
 		"ms": "2.1.3",
 		"nanoid": "4.0.2",
 		"node-machine-id": "1.1.12",
 		"node-schedule": "2.1.1",
-		"nodemailer": "6.9.2",
+		"nodemailer": "6.9.7",
 		"object-hash": "3.0.0",
 		"openapi3-ts": "4.1.2",
 		"openid-client": "5.6.1",
 		"ora": "6.3.1",
 		"otplib": "12.0.1",
 		"p-queue": "7.4.1",
 		"papaparse": "5.4.1",
-		"pino": "8.14.1",
-		"pino-http": "8.3.3",
+		"pino": "8.16.2",
+		"pino-http": "8.5.1",
 		"pino-http-print": "3.1.0",
-		"pino-pretty": "10.0.0",
+		"pino-pretty": "10.2.3",
 		"qs": "6.11.2",
-		"rate-limiter-flexible": "2.4.1",
-		"rollup": "3.22.0",
+		"rate-limiter-flexible": "2.4.2",
+		"rollup": "3.29.4",
 		"samlify": "2.8.10",
-		"sanitize-html": "2.10.0",
-		"sharp": "0.32.6",
+		"sanitize-html": "2.11.0",
+		"sharp": "0.33.0",
 		"snappy": "7.2.2",
-		"stream-json": "1.7.5",
+		"stream-json": "1.8.0",
 		"tinypool": "0.8.1",
-		"tsx": "4.6.1",
-		"uuid": "9.0.0",
+		"tsx": "4.6.2",
+		"uuid": "9.0.1",
 		"uuid-validate": "0.0.3",
 		"wellknown": "0.5.0",
-		"ws": "8.14.2",
+		"ws": "8.15.0",
 		"zod": "3.22.4",
-		"zod-validation-error": "1.0.1"
+		"zod-validation-error": "1.5.0"
 	},
 	"devDependencies": {
 		"@directus/tsconfig": "workspace:*",
 		"@directus/types": "workspace:*",
 		"@ngneat/falso": "6.4.0",
-		"@types/async": "3.2.20",
-		"@types/busboy": "1.5.0",
-		"@types/bytes": "3.1.1",
-		"@types/content-disposition": "0.5.5",
-		"@types/cookie-parser": "1.4.3",
-		"@types/cors": "2.8.13",
-		"@types/deep-diff": "1.0.2",
+		"@types/async": "3.2.24",
+		"@types/busboy": "1.5.3",
+		"@types/bytes": "3.1.4",
+		"@types/content-disposition": "0.5.8",
+		"@types/cookie-parser": "1.4.6",
+		"@types/cors": "2.8.17",
+		"@types/deep-diff": "1.0.5",
 		"@types/destroy": "1.0.3",
-		"@types/encodeurl": "1.0.0",
+		"@types/encodeurl": "1.0.2",
 		"@types/exif-reader": "1.0.0",
 		"@types/express": "4.17.21",
-		"@types/express-serve-static-core": "4.17.35",
-		"@types/flat": "5.0.2",
-		"@types/fs-extra": "11.0.1",
-		"@types/glob-to-regexp": "0.4.3",
-		"@types/inquirer": "9.0.3",
-		"@types/js-yaml": "4.0.5",
-		"@types/json2csv": "5.0.3",
-		"@types/jsonwebtoken": "9.0.2",
+		"@types/express-serve-static-core": "4.17.41",
+		"@types/flat": "5.0.5",
+		"@types/fs-extra": "11.0.4",
+		"@types/glob-to-regexp": "0.4.4",
+		"@types/inquirer": "9.0.7",
+		"@types/js-yaml": "4.0.9",
+		"@types/json2csv": "5.0.7",
+		"@types/jsonwebtoken": "9.0.5",
 		"@types/ldapjs": "2.2.5",
-		"@types/lodash-es": "4.17.7",
-		"@types/marked": "4.3.0",
-		"@types/mime-types": "2.1.1",
-		"@types/ms": "0.7.31",
-		"@types/node": "18.16.12",
-		"@types/node-schedule": "2.1.0",
-		"@types/nodemailer": "6.4.7",
-		"@types/object-hash": "3.0.2",
-		"@types/papaparse": "5.3.9",
-		"@types/qs": "6.9.7",
-		"@types/sanitize-html": "2.9.0",
-		"@types/stream-json": "1.7.3",
-		"@types/supertest": "2.0.12",
-		"@types/uuid": "9.0.1",
-		"@types/uuid-validate": "0.0.1",
-		"@types/wellknown": "0.5.4",
-		"@types/ws": "8.5.8",
+		"@types/lodash-es": "4.17.12",
+		"@types/marked": "4.3.2",
+		"@types/mime-types": "2.1.4",
+		"@types/ms": "0.7.34",
+		"@types/node": "18.19.3",
+		"@types/node-schedule": "2.1.5",
+		"@types/nodemailer": "6.4.14",
+		"@types/object-hash": "3.0.6",
+		"@types/papaparse": "5.3.14",
+		"@types/qs": "6.9.10",
+		"@types/sanitize-html": "2.9.5",
+		"@types/stream-json": "1.7.7",
+		"@types/supertest": "2.0.16",
+		"@types/uuid": "9.0.7",
+		"@types/uuid-validate": "0.0.3",
+		"@types/wellknown": "0.5.8",
+		"@types/ws": "8.5.10",
 		"@vitest/coverage-v8": "1.0.4",
 		"copyfiles": "2.4.1",
 		"form-data": "4.0.0",
-		"knex-mock-client": "2.0.0",
+		"knex-mock-client": "2.0.1",
 		"supertest": "6.3.3",
 		"typescript": "5.3.3",
 		"vitest": "1.0.4"
 	},
 	"optionalDependencies": {
-		"@keyv/redis": "2.5.8",
+		"@keyv/redis": "2.8.1",
 		"mysql": "2.18.1",
 		"nodemailer-mailgun-transport": "2.1.5",
 		"nodemailer-sendgrid": "1.0.3",
-		"pg": "8.11.0",
+		"pg": "8.11.3",
 		"sqlite3": "5.1.6",
 		"tedious": "16.6.1"
 	},

api/src/middleware/rate-limiter-ip.ts

@@ -17,16 +17,20 @@ if (env['RATE_LIMITER_ENABLED'] === true) {
 	rateLimiter = createRateLimiter('RATE_LIMITER');
 
 	checkRateLimit = asyncHandler(async (req, res, next) => {
-		try {
-			await rateLimiter.consume(getIPFromReq(req), 1);
-		} catch (rateLimiterRes: any) {
-			if (rateLimiterRes instanceof Error) throw rateLimiterRes;
-
-			res.set('Retry-After', String(Math.round(rateLimiterRes.msBeforeNext / 1000)));
-			throw new HitRateLimitError({
-				limit: +env['RATE_LIMITER_POINTS'],
-				reset: new Date(Date.now() + rateLimiterRes.msBeforeNext),
-			});
+		const ip = getIPFromReq(req);
+
+		if (ip) {
+			try {
+				await rateLimiter.consume(ip, 1);
+			} catch (rateLimiterRes: any) {
+				if (rateLimiterRes instanceof Error) throw rateLimiterRes;
+
+				res.set('Retry-After', String(Math.round(rateLimiterRes.msBeforeNext / 1000)));
+				throw new HitRateLimitError({
+					limit: +env['RATE_LIMITER_POINTS'],
+					reset: new Date(Date.now() + rateLimiterRes.msBeforeNext),
+				});
+			}
 		}
 
 		next();

api/src/utils/get-ip-from-req.ts

@@ -3,7 +3,7 @@ import { isIP } from 'net';
 import env from '../env.js';
 import logger from '../logger.js';
 
-export function getIPFromReq(req: Request): string {
+export function getIPFromReq(req: Request): string | null {
 	let ip = req.ip;
 
 	if (env['IP_CUSTOM_HEADER']) {
@@ -17,5 +17,5 @@ export function getIPFromReq(req: Request): string {
 	}
 
 	// IP addresses starting with ::ffff: are IPv4 addresses in IPv6 format. We can strip the prefix to get back to IPv4
-	return ip.startsWith('::ffff:') ? ip.substring(7) : ip;
+	return ip?.startsWith('::ffff:') ? ip.substring(7) : ip ?? null;
 }

api/src/websocket/controllers/base.ts

@@ -37,7 +37,7 @@ export default abstract class SocketController {
 	endpoint: string;
 	maxConnections: number;
 	private rateLimiter: RateLimiterAbstract | null;
-	private authInterval: NodeJS.Timer | null;
+	private authInterval: NodeJS.Timeout | null;
 
 	constructor(httpServer: httpServer, configPrefix: string) {
 		this.server = new WebSocketServer({ noServer: true });

api/src/websocket/handlers/heartbeat.ts

@@ -11,7 +11,7 @@ import { ServiceUnavailableError } from '@directus/errors';
 const HEARTBEAT_FREQUENCY = Number(env['WEBSOCKETS_HEARTBEAT_PERIOD']) * 1000;
 
 export class HeartbeatHandler {
-	private pulse: NodeJS.Timer | undefined;
+	private pulse: NodeJS.Timeout | undefined;
 	private controller: WebSocketController;
 
 	constructor(controller?: WebSocketController) {

api/src/websocket/types.ts

@@ -10,7 +10,7 @@ export type AuthenticationState = {
 };
 
 export type WebSocketClient = WebSocket &
-	AuthenticationState & { uid: string | number; auth_timer: NodeJS.Timer | null };
+	AuthenticationState & { uid: string | number; auth_timer: NodeJS.Timeout | null };
 export type UpgradeRequest = IncomingMessage & AuthenticationState;
 
 export type SubscriptionEvent = 'create' | 'update' | 'delete';