fix: pinning glob@^9.3.5 to patch vulnerability introduced with inflight

.circleci/cb-publish-step-4-push-to-git.sh

@@ -13,15 +13,15 @@ if [[ "$PROJECT_NAME" == "TaggedReleaseWithoutE2E" ]] || [[ "$PROJECT_NAME" == "
   git push origin "$BRANCH_NAME" --no-verify
 
   # push release tags
-  git tag --points-at HEAD | xargs git push origin
+  git tag --points-at HEAD | xargs git push origin --no-verify
 
 # @latest release
 elif [[ "$PROJECT_NAME" == "Release" ]]; then
   # push release commit
   git push origin "$BRANCH_NAME" --no-verify
 
   # push release tags
-  git tag --points-at HEAD | xargs git push origin
+  git tag --points-at HEAD | xargs git push origin --no-verify
 
   # fast forward main to release
   git fetch origin main

package.json

@@ -134,7 +134,7 @@
     "eslint-plugin-react": "^7.29.4",
     "eslint-plugin-spellcheck": "^0.0.17",
     "execa": "^5.1.1",
-    "glob": "^7.2.0",
+    "glob": "^9.3.5",
     "husky": "^8.0.3",
     "istanbul-lib-coverage": "^3.2.0",
     "istanbul-lib-report": "^3.0.0",
@@ -163,6 +163,7 @@
     "aws-sdk": "^2.1464.0",
     "cross-fetch": "^2.2.6",
     "glob-parent": "^6.0.2",
+    "glob": "^9.3.5",
     "got": "^11.8.5",
     "istanbul/async": "^2.6.4",
     "jake/async": "^2.6.4",

packages/amplify-category-custom/package.json

@@ -31,7 +31,7 @@
     "aws-cdk-lib": "~2.80.0",
     "execa": "^5.1.1",
     "fs-extra": "^8.1.0",
-    "glob": "^7.2.0",
+    "glob": "^9.3.5",
     "ora": "^4.0.3",
     "uuid": "^8.3.2"
   },

packages/amplify-category-custom/src/__tests__/utils/dependency-management-utils.test.ts

@@ -1,5 +1,5 @@
 import { $TSContext, CFNTemplateFormat, readCFNTemplate, pathManager, stateManager, writeCFNTemplate } from '@aws-amplify/amplify-cli-core';
-import { glob } from 'glob';
+import glob from 'glob';
 import { prompter } from '@aws-amplify/amplify-prompts';
 import * as fs from 'fs-extra';
 import * as cdk from 'aws-cdk-lib';
@@ -37,7 +37,7 @@ describe('getResourceCfnOutputAttributes() scenarios', () => {
       templateFormat: CFNTemplateFormat.JSON,
       cfnTemplate: { Outputs: { mockKey: { Value: 'mockValue' } } },
     });
-    glob_mock.sync.mockReturnValueOnce(['mockFileName']);
+    glob_mock.globSync.mockReturnValueOnce(['mockFileName']);
 
     expect(getResourceCfnOutputAttributes('mockCategory', 'mockResourceName')).toEqual(['mockKey']);
   });
@@ -50,7 +50,7 @@ describe('getResourceCfnOutputAttributes() scenarios', () => {
       cfnTemplate: { Outputs: { mockKey: { Value: 'mockValue' } } },
     });
 
-    glob_mock.sync.mockReturnValueOnce(['mockFileName1', 'mockFileName2']);
+    glob_mock.globSync.mockReturnValueOnce(['mockFileName1', 'mockFileName2']);
 
     expect(getResourceCfnOutputAttributes('mockCategory', 'mockResourceName')).toEqual([]);
   });
@@ -62,7 +62,7 @@ describe('getResourceCfnOutputAttributes() scenarios', () => {
       templateFormat: CFNTemplateFormat.JSON,
       cfnTemplate: { Outputs: { mockKey: { Value: 'mockValue' } } },
     });
-    glob_mock.sync.mockReturnValueOnce(['mockFileName']);
+    glob_mock.globSync.mockReturnValueOnce(['mockFileName']);
 
     expect(getResourceCfnOutputAttributes('mockCategory', 'mockResourceName')).toEqual(['mockKey']);
   });
@@ -74,14 +74,14 @@ describe('getResourceCfnOutputAttributes() scenarios', () => {
       templateFormat: CFNTemplateFormat.JSON,
       cfnTemplate: { Outputs: { mockKey: { Value: 'mockValue' } } },
     });
-    glob_mock.sync.mockReturnValueOnce(['mockFileName1', 'mockFileName2']);
+    glob_mock.globSync.mockReturnValueOnce(['mockFileName1', 'mockFileName2']);
 
     expect(getResourceCfnOutputAttributes('mockCategory', 'mockResourceName')).toEqual([]);
   });
 
   it('get resource attr for resources without any cfn files', async () => {
     fs_mock.existsSync.mockReturnValue(false); // if build dir exists
-    glob_mock.sync.mockReturnValueOnce([]);
+    glob_mock.globSync.mockReturnValueOnce([]);
 
     expect(getResourceCfnOutputAttributes('mockCategory', 'mockResourceName')).toEqual([]);
   });
@@ -100,7 +100,7 @@ describe('getAllResources() scenarios', () => {
       cfnTemplate: { Outputs: { mockKey: { Value: 'mockValue' } } },
     });
 
-    glob_mock.sync.mockReturnValue(['mockFileName']);
+    glob_mock.globSync.mockReturnValue(['mockFileName']);
 
     stateManager.getMeta = jest.fn().mockReturnValue({
       mockCategory1: {
@@ -131,7 +131,7 @@ describe('addCDKResourceDependency() scenarios', () => {
       cfnTemplate: { Outputs: { mockKey: { Value: 'mockValue' } } },
     });
 
-    glob_mock.sync.mockReturnValue(['mockFileName']);
+    glob_mock.globSync.mockReturnValue(['mockFileName']);
 
     const mockBackendConfig = {
       mockCategory1: {
@@ -263,7 +263,7 @@ describe('addCFNResourceDependency() scenarios', () => {
       cfnTemplate: { Outputs: { mockKey: { Value: 'mockValue' } } },
     });
 
-    glob_mock.sync.mockReturnValue(['mockFileName']);
+    glob_mock.globSync.mockReturnValue(['mockFileName']);
 
     const mockBackendConfig = {
       mockCategory1: {

packages/amplify-category-custom/src/utils/dependency-management-utils.ts

@@ -2,7 +2,7 @@ import * as cdk from 'aws-cdk-lib';
 import { $TSContext, $TSObject, pathManager, readCFNTemplate, stateManager, writeCFNTemplate } from '@aws-amplify/amplify-cli-core';
 import { byValues, printer, prompter } from '@aws-amplify/amplify-prompts';
 import * as fs from 'fs-extra';
-import { glob } from 'glob';
+import { globSync, GlobOptionsWithFileTypesFalse } from 'glob';
 import _ from 'lodash';
 import * as path from 'path';
 import { categoryName, customResourceCFNFilenameSuffix } from '../utils/constants';
@@ -26,10 +26,11 @@ export function getResourceCfnOutputAttributes(category: string, resourceName: s
    * Otherwise falls back to the default behavior.
    */
   if (fs.existsSync(resourceBuildDir)) {
-    const cfnFiles = glob.sync(cfnTemplateGlobPattern, {
+    const cfnFiles = globSync(cfnTemplateGlobPattern, {
       cwd: resourceBuildDir,
       ignore: [AUTH_TRIGGER_TEMPLATE],
-    });
+      withFileTypes: false,
+    } as GlobOptionsWithFileTypesFalse);
 
     if (cfnFiles.length > 0) {
       // Only one CFN files is allowed per-resource - check if there's more than one and error out
@@ -45,10 +46,11 @@ export function getResourceCfnOutputAttributes(category: string, resourceName: s
   }
   if (!cfnFilePath) {
     // For categories which do not store cfn files in build/ dir
-    const cfnFiles = glob.sync(cfnTemplateGlobPattern, {
+    const cfnFiles = globSync(cfnTemplateGlobPattern, {
       cwd: resourceDir,
       ignore: [AUTH_TRIGGER_TEMPLATE],
-    });
+      withFileTypes: false,
+    } as GlobOptionsWithFileTypesFalse);
     if (cfnFiles.length > 1) {
       printer.warn(`${resourceName} has more than one CloudFormation definitions in the resource folder which isn't permitted.`);
       return [];

packages/amplify-cli/package.json

@@ -85,7 +85,7 @@
     "execa": "^5.1.1",
     "folder-hash": "^4.0.2",
     "fs-extra": "^8.1.0",
-    "glob": "^7.2.0",
+    "glob": "^9.3.5",
     "graphql": "^15.5.0",
     "graphql-transformer-core": "^8.1.13",
     "gunzip-maybe": "^1.4.2",

packages/amplify-cli/src/__tests__/extensions/amplify-helpers/resource-status-diff.test.ts

@@ -83,6 +83,7 @@ describe('resource-status-diff helpers', () => {
       cwd: stubFileFolder,
       follow: false,
       nodir: true,
+      withFileTypes: false,
     };
 
     const cfnFilename = globCFNFilePath(stubFileFolder);

packages/amplify-cli/src/extensions/amplify-helpers/resource-status-diff.ts

@@ -1,6 +1,6 @@
 import * as fs from 'fs-extra';
 import * as path from 'path';
-import * as glob from 'glob';
+import { GlobOptionsWithFileTypesFalse, globSync } from 'glob';
 import chalk from 'chalk';
 import * as cfnDiff from '@aws-cdk/cloudformation-diff';
 import { $TSAny, generateCustomPoliciesInTemplate, pathManager, readCFNTemplate } from '@aws-amplify/amplify-cli-core';
@@ -92,14 +92,15 @@ interface IResourcePaths {
  */
 export const globCFNFilePath = (fileFolder: string): string => {
   if (fs.existsSync(fileFolder)) {
-    const globOptions: glob.IOptions = {
+    const globOptions: GlobOptionsWithFileTypesFalse = {
+      withFileTypes: false,
       absolute: false,
       cwd: fileFolder,
       follow: false,
       // eslint-disable-next-line spellcheck/spell-checker
       nodir: true,
     };
-    const templateFileNames = glob.sync('**/*template.{yaml,yml,json}', globOptions);
+    const templateFileNames = globSync('**/*template.{yaml,yml,json}', globOptions);
     for (const templateFileName of templateFileNames) {
       const absolutePath = path.join(fileFolder, templateFileName);
       return absolutePath; // only the top level cloudformation ( nested templates are picked after parsing this file )

packages/amplify-cli/src/project-config-version-check.ts

@@ -2,7 +2,7 @@ import * as path from 'path';
 import * as fs from 'fs-extra';
 import * as inquirer from 'inquirer';
 import _ from 'lodash';
-import glob from 'glob';
+import { GlobOptionsWithFileTypesFalse, globSync } from 'glob';
 import { coerce, lt } from 'semver';
 import { Context } from './domain/context';
 import { ConfirmQuestion } from 'inquirer';
@@ -65,14 +65,14 @@ async function checkLambdaCustomResourceNodeVersion(context: Context, projectPat
   const filesToUpdate: string[] = [];
 
   if (fs.existsSync(backendDirPath)) {
-    const globOptions: glob.IOptions = {
+    const globOptions: GlobOptionsWithFileTypesFalse = {
       absolute: false,
       cwd: backendDirPath,
       follow: false,
       nodir: true,
     };
 
-    const templateFileNames = glob.sync('**/*template.{yaml,yml,json}', globOptions);
+    const templateFileNames = globSync('**/*template.{yaml,yml,json}', globOptions);
 
     for (const templateFileName of templateFileNames) {
       const absolutePath = path.join(backendDirPath, templateFileName);

packages/amplify-console-hosting/package.json

@@ -14,7 +14,7 @@
     "cli-table3": "^0.6.0",
     "execa": "^5.1.1",
     "fs-extra": "^8.1.0",
-    "glob": "^7.2.0",
+    "glob": "^9.3.5",
     "inquirer": "^7.3.3",
     "node-fetch": "^2.6.7",
     "ora": "^4.0.3",

packages/amplify-dotnet-function-runtime-provider/package.json

@@ -27,7 +27,7 @@
     "@aws-amplify/amplify-prompts": "2.8.6",
     "execa": "^5.1.1",
     "fs-extra": "^8.1.0",
-    "glob": "^7.2.0",
+    "glob": "^9.3.5",
     "which": "^2.0.2"
   },
   "devDependencies": {

packages/amplify-e2e-tests/package.json

@@ -51,7 +51,7 @@
     "extract-zip": "^2.0.1",
     "fs-extra": "^8.1.0",
     "get-port": "^5.1.1",
-    "glob": "^8.0.3",
+    "glob": "^9.3.5",
     "graphql-tag": "^2.10.1",
     "graphql-transformer-core": "8.1.13",
     "isomorphic-fetch": "^3.0.0",

packages/amplify-environment-parameters/package.json

@@ -24,11 +24,12 @@
     "clean": "rimraf lib tsconfig.tsbuildinfo node_modules src/schemas",
     "test": "jest --logHeapUsage",
     "extract-api": "ts-node ../../scripts/extract-api.ts",
-    "generate-schemas": "mkdirp lib/schemas src/schemas && ts-json-schema-generator --path src/backend-parameters.d.ts --type BackendParameters --no-type-check --out lib/schemas/BackendParameters.schema.json && copyfiles --flat lib/schemas/BackendParameters.schema.json src/schemas"
+    "generate-schemas": "mkdirp lib/schemas src/schemas && ts-json-schema-generator --path src/backend-parameters.d.ts --type BackendParameters --no-type-check --out lib/schemas/BackendParameters.schema.json && cpx lib/schemas/BackendParameters.schema.json src/schemas"
   },
   "dependencies": {
     "@aws-amplify/amplify-cli-core": "4.2.13",
     "ajv": "^6.12.6",
+    "cpx2": "^6.0.1",
     "lodash": "^4.17.21"
   },
   "devDependencies": {

packages/amplify-go-function-runtime-provider/package.json

@@ -31,7 +31,7 @@
     "execa": "^5.1.1",
     "fs-extra": "^8.1.0",
     "get-port": "^5.1.1",
-    "glob": "^7.2.0",
+    "glob": "^9.3.5",
     "semver": "^7.5.4",
     "which": "^2.0.2"
   },

packages/amplify-java-function-runtime-provider/package.json

@@ -29,7 +29,7 @@
     "@aws-amplify/amplify-function-plugin-interface": "1.12.1",
     "execa": "^5.1.1",
     "fs-extra": "^8.1.0",
-    "glob": "^7.2.0",
+    "glob": "^9.3.5",
     "semver": "^7.5.4",
     "which": "^2.0.2"
   },

packages/amplify-nodejs-function-runtime-provider/package.json

@@ -32,7 +32,7 @@
     "execa": "^5.1.1",
     "exit": "^0.1.2",
     "fs-extra": "^8.1.0",
-    "glob": "^7.2.0"
+    "glob": "^9.3.5"
   },
   "devDependencies": {
     "@types/exit": "^0.1.31",

packages/amplify-provider-awscloudformation/package.json

@@ -51,7 +51,7 @@
     "extract-zip": "^2.0.1",
     "folder-hash": "^4.0.2",
     "fs-extra": "^8.1.0",
-    "glob": "^7.2.0",
+    "glob": "^9.3.5",
     "graphql": "^15.5.0",
     "graphql-transformer-core": "^8.1.13",
     "ignore": "^5.2.0",

packages/amplify-provider-awscloudformation/src/__tests__/resource-package/resource-export.test.ts

@@ -212,7 +212,7 @@ const mockResource: DeploymentResources = {
 };
 
 jest.mock('glob', () => ({
-  sync: jest.fn((_, { cwd }) => [path.join(cwd, 'cfntemplate.json')]),
+  globSync: jest.fn((_, { cwd }) => [path.join(cwd, 'cfntemplate.json')]),
 }));
 
 const lambdaTemplate = {

packages/amplify-provider-awscloudformation/src/push-resources.ts

@@ -17,7 +17,7 @@
 import _ from 'lodash';
 import * as fs from 'fs-extra';
 import * as path from 'path';
-import glob from 'glob';
+import { GlobOptions, GlobOptionsWithFileTypesFalse, globSync } from 'glob';
 import {
   AmplifyCategories,
   AmplifySupportedService,
@@ -619,10 +619,11 @@ const prepareResource = async (context: $TSContext, resource: $TSAny) => {
   const backendDir = pathManager.getBackendDirPath();
   const resourceDir = path.normalize(path.join(backendDir, category, resourceName));
 
-  const cfnFiles = glob.sync(cfnTemplateGlobPattern, {
+  const cfnFiles = globSync(cfnTemplateGlobPattern, {
     cwd: resourceDir,
     ignore: [parametersJson],
-  });
+    withFileTypes: false,
+  } as GlobOptionsWithFileTypesFalse);
 
   if (cfnFiles.length !== 1) {
     throw new AmplifyError('CloudFormationTemplateError', {
@@ -728,7 +729,7 @@ const getAllUniqueCategories = (resources: $TSObject[]): $TSObject[] => {
 /**
  *
  */
-export const getCfnFiles = (category: string, resourceName: string, includeAllNestedStacks = false, options?: glob.IOptions) => {
+export const getCfnFiles = (category: string, resourceName: string, includeAllNestedStacks = false, options?: GlobOptions) => {
   const backEndDir = pathManager.getBackendDirPath();
   const resourceDir = path.normalize(path.join(backEndDir, category, resourceName));
   const resourceBuildDir = path.join(resourceDir, optionalBuildDirectoryName);
@@ -739,19 +740,21 @@ export const getCfnFiles = (category: string, resourceName: string, includeAllNe
    * Otherwise falls back to the default behavior.
    */
   if (fs.existsSync(resourceBuildDir) && fs.lstatSync(resourceBuildDir).isDirectory()) {
-    const cfnFiles = glob.sync(cfnTemplateGlobPattern, {
+    const cfnFiles = globSync(cfnTemplateGlobPattern, {
+      withFileTypes: false,
       cwd: resourceBuildDir,
       ignore: [parametersJson, AUTH_TRIGGER_TEMPLATE],
       ...options,
-    });
+    } as GlobOptionsWithFileTypesFalse);
 
     if (includeAllNestedStacks) {
       cfnFiles.push(
-        ...glob.sync(nestedStackTemplateGlobPattern, {
+        ...globSync(nestedStackTemplateGlobPattern, {
+          withFileTypes: false,
           cwd: resourceBuildDir,
           ignore: [parametersJson, AUTH_TRIGGER_TEMPLATE],
           ...options,
-        }),
+        } as GlobOptionsWithFileTypesFalse),
       );
     }
 
@@ -763,11 +766,12 @@ export const getCfnFiles = (category: string, resourceName: string, includeAllNe
     }
   }
 
-  const cfnFiles = glob.sync(cfnTemplateGlobPattern, {
+  const cfnFiles = globSync(cfnTemplateGlobPattern, {
+    withFileTypes: false,
     cwd: resourceDir,
     ignore: [parametersJson, AUTH_TRIGGER_TEMPLATE],
     ...options,
-  });
+  } as GlobOptionsWithFileTypesFalse);
 
   return {
     resourceDir,

packages/amplify-python-function-runtime-provider/package.json

@@ -28,7 +28,7 @@
     "@aws-amplify/amplify-cli-core": "4.2.13",
     "@aws-amplify/amplify-function-plugin-interface": "1.12.1",
     "execa": "^5.1.1",
-    "glob": "^7.2.0",
+    "glob": "^9.3.5",
     "ini": "^1.3.5",
     "semver": "^7.5.4",
     "which": "^2.0.2"