Dependabot fix for fast-xml-parser and bugfixes (#32)

v2.0.6 updates:

- Overriding fast-xml-parser in the services/helper for CVE https://nvd.nist.gov/vuln/detail/CVE-2023-34104
- Overriding fast-xml-parser in the services/complianceGenerator services/policyManager services/preReqManager for CVE https://nvd.nist.gov/vuln/detail/CVE-2023-34104
- Fix issue with deployment in any region other than us-east-1, update @types/node and aws-sdk-client-mock to enable unit tests to complete using ./run-unit-tests.sh

Author: gockle

CHANGELOG.md

@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+ ## [2.0.6] - 2023-06-27
+  		  
+### Fixed
+
+- Fixed dependabot issues for fast-xml-parser, [CVE-2023-34104](https://nvd.nist.gov/vuln/detail/CVE-2023-34104).
+- Fixed deployment issue which was limiting the solution to be deployed in only us-east-1.
+
 ## [2.0.5] - 2023-06-05
 
 ### Changed

deployment/build-s3-dist.sh

@@ -95,8 +95,8 @@ echo "cp $staging_dist_dir/*.template.json $template_dist_dir/"
 cp $staging_dist_dir/*.template.json $template_dist_dir/
 rm *.template.json
 
-# Move policy_manifest to template_dist_dir
-cp $resource_dir/lib/policy_manifest.json $template_dist_dir/
+# Move policy_manifest to build_dist_dir
+ cp $resource_dir/lib/policy_manifest.json $build_dist_dir/
 
 # Rename all *.template.json files to *.template
 echo "Rename all *.template.json to *.template"

source/resources/lib/policy.ts

@@ -19,7 +19,7 @@ import {
   CfnParameter,
   NestedStackProps,
 } from "aws-cdk-lib";
-import {Construct} from "constructs";
+import { Construct } from "constructs";
 import { StringListParameter, StringParameter } from "aws-cdk-lib/aws-ssm";
 import { Queue, QueueEncryption, QueuePolicy } from "aws-cdk-lib/aws-sqs";
 import { Code, Runtime, Function, CfnFunction } from "aws-cdk-lib/aws-lambda";
@@ -40,8 +40,7 @@ import { AnyPrincipal, Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
 import { IAMConstruct } from "./iam";
 import manifest from "./solution_manifest.json";
 import { LOG_LEVEL } from "./exports";
-import {EventbridgeToLambda} from "@aws-solutions-constructs/aws-eventbridge-lambda";
-
+import { EventbridgeToLambda } from "@aws-solutions-constructs/aws-eventbridge-lambda";
 
 export class PolicyStack extends NestedStack {
   /**
@@ -213,7 +212,7 @@ export class PolicyStack extends NestedStack {
       encryption: BucketEncryption.S3_MANAGED,
       blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
       serverAccessLogsBucket: accessLogsBucket,
-      enforceSSL: true
+      enforceSSL: true,
     });
 
     /**
@@ -238,7 +237,7 @@ export class PolicyStack extends NestedStack {
         action: "copyObject",
         parameters: {
           Bucket: policyBucket.bucketName,
-          CopySource: `${manifest.solution.policyBucket}/${manifest.solution.name}/${manifest.solution.solutionVersion}/policy_manifest.json`,
+          CopySource: `${manifest.solution.policyBucket}-${this.region}/${manifest.solution.name}/${manifest.solution.solutionVersion}/policy_manifest.json`,
           Key: "policy_manifest.json",
         },
         physicalResourceId: PhysicalResourceId.of(Date.now().toString()),
@@ -248,7 +247,9 @@ export class PolicyStack extends NestedStack {
           effect: Effect.ALLOW,
           sid: "S3Get",
           actions: ["s3:GetObject"],
-          resources: [`arn:aws:s3:::${manifest.solution.policyBucket}/*`],
+          resources: [
+            `arn:aws:s3:::${manifest.solution.policyBucket}-${this.region}/*`,
+          ],
         }),
         new PolicyStatement({
           effect: Effect.ALLOW,

source/resources/lib/solution_manifest.json

@@ -7,7 +7,7 @@
     "userAgentPrefix": "AwsSolution",
     "metricsEndpoint": "https://metrics.awssolutionsbuilder.com/generic",
     "name": "%%SOLUTION_NAME%%",
-    "policyBucket": "%%TEMPLATE_BUCKET%%",
+    "policyBucket": "%%BUCKET_NAME%%",
     "templateVersion": "2010-09-09",
     "sendMetric": "Yes"
   },
@@ -16,5 +16,7 @@
     "regionalStackSetName": "FMS-EnableConfig-Regional",
     "prereqPolicy": "FMS-PreReqManager-Policy"
   },
-  "commonResourceStack": { "helperPolicy": "FMS-Helper-Policy" }
-}
+  "commonResourceStack": {
+    "helperPolicy": "FMS-Helper-Policy"
+  }
+}