fix: remove mock-local-storage to address CVE on min-document (#1496)

Antonio-Maranhao · web-flow · commit 291fa9478496 · 2025-10-17T09:55:40.000-04:00
diff --git a/app/core/utils.js b/app/core/utils.js
@@ -120,8 +120,8 @@ const utils = {
 
   localStorageGet: function (key) {
     let data;
-    if (_.has(window.localStorage, key)) {
-      data = window.localStorage[key];
+    if (window.localStorage.getItem(key) != null) {
+      data = window.localStorage.getItem(key);
       try {
         return JSON.parse(data);
       } catch (e) {
diff --git a/jest-setup.js b/jest-setup.js
@@ -12,10 +12,27 @@
 
 require('jest');
 require('whatwg-fetch');
-require('mock-local-storage');
+
+function newMockLocalStorage() {
+  let store = {};
+  return {
+    getItem: (key) => {
+      return store[key] || null;
+    },
+    setItem: (key, value) => {
+      store[key] = String(value);
+    },
+    removeItem: (key) => {
+      delete store[key];
+    },
+    clear: () => {
+      store = {};
+    },
+  };
+}
 
 Object.defineProperty(window, 'localStorage', {
-  value: global.localStorage,
+  value: newMockLocalStorage(),
   configurable:true,
   enumerable:true,
   writable:true
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -50,7 +50,6 @@
     "jest": "^29.3.1",
     "jest-environment-jsdom": "^29.3.1",
     "mini-css-extract-plugin": "^2.6.1",
-    "mock-local-storage": "^1.1.23",
     "nightwatch": "^3.12.0",
     "node-fetch": "^2.6.7",
     "redux-mock-store": "^1.5.4",
