Merge branch 'staging' into 10489-story-staging

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2.1
 orbs:
   git-shallow-clone: guitarrapc/[email protected]
 
-efcms-docker-image: &efcms-docker-image $AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/ef-cms-us-east-1:4.3.18
+efcms-docker-image: &efcms-docker-image $AWS_ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/ef-cms-us-east-1:4.3.19
 
 parameters:
   run_build_and_deploy:

Dockerfile

@@ -38,7 +38,7 @@ RUN apt-get install -y build-essential
 RUN apt-get install -y libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev
 
 ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
-RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.21.0.zip" -o "awscliv2.zip" && \
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.22.4.zip" -o "awscliv2.zip" && \
   unzip awscliv2.zip && \
   ./aws/install && \
   rm -rf awscliv2.zip

docs/dependency-updates.md

@@ -22,6 +22,9 @@ note: we have 3 package.json files, be sure to update them all
    > **Why am I seeing a medium severity for `quill`?**
    > Quill is used as our rich text editor for open text submissions. It currently has a potential XSS vulnerability if used incorrectly. This vulnerability can be avoided by using getContents/setContents in combination with the quill delta. Currently we are not at risk for how we are using Quill and this vulnerability is actively being disputed: https://github.com/quilljs/quill/issues/3364
 
+   > **Why am I seeing a hight severity for `cross-spawn`?**
+   > We use pdf2pic to generate pdf to images which depends on gm (GraphicsMagick and ImageMagick for node). This issue has existed for over two weeks as of 11/22/2024. Our risk factor for this issue should be low. It doesn't appear that we can force gm from 4.0.0 to 6.0.6 or 7.0.5.
+
 3. Check if there are updates to either of the following in the main `Dockerfile`. Changing the `Dockerfile` requires publishing a new ECR image which is used as the docker image in CircleCI.
 
     - `terraform`: check for a newer version on the [Terraform site](https://www.terraform.io/downloads).
@@ -79,7 +82,7 @@ Below is a list of dependencies that are locked down due to known issues with se
 - When updating puppeteer or puppeteer core in the project, make sure to also match versions in `web-api/runtimes/puppeteer/package.json` as this is our lambda layer which we use to generate pdfs. Puppeteer and chromium versions should always match between package.json and web-api/runtimes/puppeteer/package.json.  Remember to run `npm install --prefix web-api/runtimes/puppeteer` to install and update the package-lock file.
 - Puppeteer also has recommended versions of Chromium, so we should make sure to use the recommended version of chromium for the version of puppeteer that we are on. The chromium versions supported by puppeteer can be found [here](https://pptr.dev/supported-browsers)
 - There is a high-severity security issue with ws (ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q); however, we only use ws on the client side, so this should not be an issue. (We tried to upgrade puppeteer anyway, but unsurprisingly the PDF tests failed because there is no newer version of Chromium that supports puppeteer.)
-- Note that we tried and failed to upgrade puppeteer-core from 23.0.0 to 23.6.0 and @sparticuz/chromium from 127.0.0 to 130.0.0 on October 24-25, 2024. There were substantial differences in the layouts of the expected PDF images versus the PDF images generated by a local test run.
+- Note that we tried and failed to upgrade puppeteer-core from 23.0.0 to 23.6.0 and @sparticuz/chromium from 127.0.0 to 130.0.0 on October 24-25, 2024, as well as 23.9.0 and 131.0.0 on November 22, 2024. There were substantial differences in the layouts of the expected PDF images versus the PDF images generated by a local test run.
 
 ### pdfjs-dist
 

package.json

@@ -11,35 +11,35 @@
   "dependencies": {
     "@18f/us-federal-holidays": "4.0.0",
     "@aws-crypto/sha256-browser": "5.2.0",
-    "@aws-sdk/client-api-gateway": "3.687.0",
-    "@aws-sdk/client-apigatewaymanagementapi": "3.687.0",
-    "@aws-sdk/client-apigatewayv2": "3.687.0",
-    "@aws-sdk/client-batch": "3.688.0",
-    "@aws-sdk/client-cloudfront": "3.690.0",
-    "@aws-sdk/client-cloudwatch": "3.687.0",
-    "@aws-sdk/client-cloudwatch-logs": "3.687.0",
-    "@aws-sdk/client-cognito-identity-provider": "3.687.0",
-    "@aws-sdk/client-dynamodb": "3.687.0",
-    "@aws-sdk/client-dynamodb-streams": "3.687.0",
-    "@aws-sdk/client-glue": "3.687.0",
-    "@aws-sdk/client-lambda": "3.689.0",
-    "@aws-sdk/client-opensearch": "3.689.0",
-    "@aws-sdk/client-route-53": "3.687.0",
-    "@aws-sdk/client-s3": "3.689.0",
-    "@aws-sdk/client-ses": "3.687.0",
-    "@aws-sdk/client-sns": "3.687.0",
-    "@aws-sdk/client-sqs": "3.689.0",
-    "@aws-sdk/client-ssm": "3.687.0",
-    "@aws-sdk/credential-provider-node": "3.687.0",
-    "@aws-sdk/lib-dynamodb": "3.689.0",
-    "@aws-sdk/lib-storage": "3.689.0",
+    "@aws-sdk/client-api-gateway": "3.698.0",
+    "@aws-sdk/client-apigatewaymanagementapi": "3.696.0",
+    "@aws-sdk/client-apigatewayv2": "3.696.0",
+    "@aws-sdk/client-batch": "3.696.0",
+    "@aws-sdk/client-cloudfront": "3.698.0",
+    "@aws-sdk/client-cloudwatch": "3.696.0",
+    "@aws-sdk/client-cloudwatch-logs": "3.698.0",
+    "@aws-sdk/client-cognito-identity-provider": "3.696.0",
+    "@aws-sdk/client-dynamodb": "3.696.0",
+    "@aws-sdk/client-dynamodb-streams": "3.696.0",
+    "@aws-sdk/client-glue": "3.696.0",
+    "@aws-sdk/client-lambda": "3.698.0",
+    "@aws-sdk/client-opensearch": "3.696.0",
+    "@aws-sdk/client-route-53": "3.696.0",
+    "@aws-sdk/client-s3": "3.698.0",
+    "@aws-sdk/client-ses": "3.696.0",
+    "@aws-sdk/client-sns": "3.696.0",
+    "@aws-sdk/client-sqs": "3.696.0",
+    "@aws-sdk/client-ssm": "3.698.0",
+    "@aws-sdk/credential-provider-node": "3.696.0",
+    "@aws-sdk/lib-dynamodb": "3.698.0",
+    "@aws-sdk/lib-storage": "3.698.0",
     "@aws-sdk/node-http-handler": "3.374.0",
     "@aws-sdk/protocol-http": "3.374.0",
-    "@aws-sdk/rds-signer": "3.687.0",
-    "@aws-sdk/s3-presigned-post": "3.689.0",
-    "@aws-sdk/s3-request-presigner": "3.689.0",
+    "@aws-sdk/rds-signer": "3.696.0",
+    "@aws-sdk/s3-presigned-post": "3.698.0",
+    "@aws-sdk/s3-request-presigner": "3.698.0",
     "@aws-sdk/signature-v4": "3.374.0",
-    "@aws-sdk/util-dynamodb": "3.689.0",
+    "@aws-sdk/util-dynamodb": "3.696.0",
     "@cerebral/react": "4.2.1",
     "@fortawesome/fontawesome-svg-core": "1.2.36",
     "@fortawesome/free-regular-svg-icons": "5.15.4",
@@ -56,10 +56,10 @@
     "canvas": "2.11.2",
     "cerebral": "5.2.1",
     "classnames": "2.5.1",
-    "cookie": "1.0.1",
+    "cookie": "1.0.2",
     "core-js": "3.39.0",
     "cors": "2.8.5",
-    "csv-stringify": "6.5.1",
+    "csv-stringify": "6.5.2",
     "deep-freeze": "0.0.1",
     "diff-arrays-of-objects": "1.1.9",
     "dom-serializer": "2.0.0",
@@ -86,7 +86,7 @@
     "process": "0.11.10",
     "promise-retry": "2.0.1",
     "pug": "3.0.3",
-    "qs": "6.13.0",
+    "qs": "6.13.1",
     "quill-delta-to-html": "0.12.1",
     "react": "18.3.1",
     "react-dom": "18.3.1",
@@ -253,10 +253,10 @@
     "ejs": "3.1.10"
   },
   "devDependencies": {
-    "@aws-sdk/client-iam": "3.687.0",
-    "@aws-sdk/client-rds": "3.690.0",
-    "@aws-sdk/client-secrets-manager": "3.687.0",
-    "@aws-sdk/client-sts": "3.687.0",
+    "@aws-sdk/client-iam": "3.696.0",
+    "@aws-sdk/client-rds": "3.697.0",
+    "@aws-sdk/client-secrets-manager": "3.696.0",
+    "@aws-sdk/client-sts": "3.696.0",
     "@babel/cli": "7.25.9",
     "@babel/core": "7.26.0",
     "@babel/eslint-parser": "7.25.9",
@@ -271,14 +271,14 @@
     "@types/jest": "29.5.14",
     "@types/lodash": "4.17.13",
     "@types/luxon": "3.4.2",
-    "@types/node": "22.9.0",
+    "@types/node": "22.9.1",
     "@types/promise-retry": "1.1.6",
     "@types/react-dom": "18.3.1",
     "@types/react": "18.3.12",
     "@types/uuid": "10.0.0",
     "@types/websocket": "1.0.10",
-    "@typescript-eslint/eslint-plugin": "8.14.0",
-    "@typescript-eslint/parser": "8.14.0",
+    "@typescript-eslint/eslint-plugin": "8.15.0",
+    "@typescript-eslint/parser": "8.15.0",
     "@vendia/serverless-express": "4.12.6",
     "autoprefixer": "10.4.20",
     "aws-sdk-client-mock": "4.1.0",
@@ -287,12 +287,12 @@
     "babel-plugin-cerebral": "1.0.1",
     "cognito-local": "3.23.3",
     "crypto-browserify": "3.12.1",
-    "csv-parse": "5.5.6",
-    "cypress": "13.15.2",
+    "csv-parse": "5.6.0",
+    "cypress": "13.16.0",
     "cypress-axe": "1.5.0",
     "cypress-file-upload": "5.0.8",
     "decimal.js": "10.4.3",
-    "dynamodb-admin": "4.6.2",
+    "dynamodb-admin": "5.1.3",
     "dynamodb-streams-readable": "3.0.0",
     "esbuild": "0.24.0",
     "esbuild-css-modules-plugin": "3.1.2",
@@ -319,7 +319,7 @@
     "eslint-plugin-sort-keys-fix": "1.1.2",
     "eslint-plugin-sort-requires-fix": "2.1.2",
     "eslint-plugin-spellcheck": "0.0.20",
-    "husky": "9.1.6",
+    "husky": "9.1.7",
     "jest": "29.7.0",
     "jest-environment-jsdom": "29.7.0",
     "jest-environment-node": "29.7.0",
@@ -332,13 +332,13 @@
     "pixelmatch": "6.0.0",
     "pngjs": "7.0.0",
     "postcss": "8.4.49",
-    "postcss-preset-env": "10.1.0",
+    "postcss-preset-env": "10.1.1",
     "prettier": "3.3.3",
     "puppeteer": "23.0.0",
     "puppeteer-core": "23.0.0",
     "readline": "1.3.0",
     "s3rver": "github:20minutes/s3rver",
-    "sass": "1.80.7",
+    "sass": "1.81.0",
     "sass-loader": "16.0.3",
     "shuffle-seed": "1.1.6",
     "stream-browserify": "3.0.0",
@@ -352,7 +352,7 @@
     "ts-jest": "29.2.5",
     "ts-node": "10.9.2",
     "tsconfig-paths": "4.2.0",
-    "typescript": "5.6.3",
+    "typescript": "5.7.2",
     "utf8": "3.0.0"
   }
 }

scripts/reports/practitioners-email-in-cases.ts

@@ -0,0 +1,114 @@
+// usage:
+// npx ts-node --transpile-only scripts/reports/practitioners-email-in-cases.ts 84c865f0-3867-40c8-aa31-f35c7e45998f
+
+import {
+  ServerApplicationContext,
+  createApplicationContext,
+} from '@web-api/applicationContext';
+import { search } from '@web-api/persistence/elasticsearch/searchClient';
+
+const practitionerId = process.argv[2];
+if (!practitionerId) {
+  console.log(
+    'Usage: npx ts-node --transpile-only scripts/reports/practitioners-email-in-cases.ts <USER ID>',
+  );
+  process.exit(1);
+}
+
+const getUsersRole = async ({
+  applicationContext,
+  userId,
+}: {
+  applicationContext: ServerApplicationContext;
+  userId: string;
+}): Promise<string | undefined> => {
+  const { results } = await search({
+    applicationContext,
+    searchParameters: {
+      body: {
+        from: 0,
+        query: {
+          bool: {
+            must: [
+              {
+                term: {
+                  'pk.S': `user|${userId}`,
+                },
+              },
+              {
+                term: {
+                  'sk.S': `user|${userId}`,
+                },
+              },
+            ],
+          },
+        },
+        size: 1,
+      },
+      index: 'efcms-user',
+    },
+  });
+  return results[0]?.role;
+};
+
+const getPractitionersCases = async ({
+  applicationContext,
+  role,
+  userId,
+}: {
+  applicationContext: ServerApplicationContext;
+  role: string;
+  userId: string;
+}): Promise<RawCase[]> => {
+  const { results } = await search({
+    applicationContext,
+    searchParameters: {
+      body: {
+        from: 0,
+        query: {
+          bool: {
+            must: [
+              {
+                term: {
+                  [`${role}s.L.M.userId.S`]: userId,
+                },
+              },
+            ],
+          },
+        },
+        size: 10000,
+      },
+      index: 'efcms-case',
+    },
+  });
+  return results;
+};
+
+// eslint-disable-next-line @typescript-eslint/no-floating-promises
+(async () => {
+  const applicationContext = createApplicationContext({});
+  const role = await getUsersRole({
+    applicationContext,
+    userId: practitionerId,
+  });
+  if (role !== 'irsPractitioner' && role !== 'privatePractitioner') {
+    console.log(`Error: user is not a practitioner! User's role: ${role}`);
+    return;
+  }
+  const practitionersCases: RawCase[] = await getPractitionersCases({
+    applicationContext,
+    role,
+    userId: practitionerId,
+  });
+  const practitionersEmailInCases = {};
+  for (const practitionersCase of practitionersCases) {
+    const practitionerObj = practitionersCase[`${role}s`]?.find(
+      pract => pract.userId === practitionerId,
+    );
+    if (practitionerObj && practitionerObj.email) {
+      practitionersEmailInCases[practitionersCase.docketNumber] =
+        practitionerObj.email;
+    }
+  }
+  console.log(practitionersEmailInCases);
+})();

shared/admin-tools/glue/glue_migrations/main.tf

@@ -7,7 +7,7 @@ terraform {
   }
 
   required_providers {
-    aws = "5.75.1"
+    aws = "5.77.0"
   }
 }
 

shared/admin-tools/glue/remote_role/main.tf

@@ -7,7 +7,7 @@ terraform {
   }
 
   required_providers {
-    aws = "5.75.1"
+    aws = "5.77.0"
   }
 }
 

web-api/runtimes/puppeteer/package.json

@@ -11,7 +11,7 @@
     "@sparticuz/chromium": "127.0.0",
     "pug": "3.0.3",
     "puppeteer-core": "23.0.0",
-    "sass": "1.80.7"
+    "sass": "1.81.0"
   },
   "scripts": {},
   "main": "index.js",