@arrowsphere/api-client 3.227.0 → 3.228.0

package/CHANGELOG.md

@@ -3,9 +3,17 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.228.0] - 2025.12.09
+
+### Added
+
+- [Project Security] Update multiple libraries to fix security vulnerabilities and add ci to check vulnerabilities
+
+
 ## [3.227.0] - 2025.11.26
 
 ### Added
+
 - [campaigns] Add field campaignPopup and all subfield needed
 
 ## [3.226.0] - 2025.11.20

package/Makefile

@@ -1,14 +1,47 @@
+.PHONY: help install build clean test test-unit audit check-deps dedupe audits check-registry
+
+help:
+	@echo "\033[1;36mInstallation:\033[0m" \
+	&& echo "  \033[1;32minstall     	\033[0m : Install dependencies (yarn install --frozen-lockfile)" \
+	&& echo "  \033[1;32minstall-mutable 	\033[0m : Update yarn.lock from package.json (yarn install)" \
+	&& echo "" \
+	&& echo "\033[1;36mBuild & Clean:\033[0m" \
+	&& echo "  \033[1;32mbuild       	\033[0m : Build the project (yarn build)" \
+	&& echo "  \033[1;32mclean       	\033[0m : Remove build and node_modules folders" \
+	&& echo "" \
+	&& echo "\033[1;36mTests:\033[0m" \
+	&& echo "  \033[1;32mtest        	\033[0m : Run unit tests" \
+	&& echo "  \033[1;32mtest-unit   	\033[0m : Run unit tests (alias for test)" \
+	&& echo "" \
+	&& echo "\033[1;36mAudit & Dependencies:\033[0m" \
+	&& echo "  \033[1;32maudit       	\033[0m : Security audit of dependencies (yarn audit)" \
+	&& echo "  \033[1;32mcheck-deps  	\033[0m : Check for unused dependencies (depcheck)" \
+	&& echo "  \033[1;32mdedupe      	\033[0m : Deduplicate dependencies in yarn.lock" \
+	&& echo "  \033[1;32mcheck-registry\033[0m : Ensure all dependencies come from npmjs.org or yarnpkg.com"
+
 install:
+	yarn install --frozen-lockfile
+
+install-mutable:
 	yarn install
 
 build:
 	yarn build
 
 clean:
-	rm -rf build \
-		node_modules
+	rm -rf build node_modules
 
 test: test-unit
 
 test-unit:
 	yarn test
+
+audit:
+	yarn audit
+
+dedupe:
+	yarn dedupe && yarn install --frozen-lockfile
+
+check-registry:
+	@echo "\033[1;36mChecking that all dependencies come from npmjs.org or yarnpkg.com...\033[0m"
+	@awk '/^  resolved / {print $$2}' yarn.lock | grep -Ev 'npmjs.org|yarnpkg.com' && (echo '\033[1;31mSome dependencies are not from npmjs.org or yarnpkg.com!\033[0m' && exit 1) || echo '\033[1;32mAll dependencies are from npmjs.org or yarnpkg.com.\033[0m'

package/README.md

@@ -10,6 +10,10 @@ It should be the only way to make calls to ArrowSphere's API with Node.js code.
 
 To use this package, you need valid access to ArrowSphere, with a valid API key.
 
+# ⚠️ Security Disclaimer
+
+**Please exercise extreme caution when installing new dependencies. Always verify the source and reputation of any library before adding it to your project, to avoid introducing malicious packages.**
+
 ## Installation
 
 Install the latest version with

package/build/abstractGraphQLClient.d.ts

@@ -1,8 +1,7 @@
-import { GraphQLClient } from 'graphql-request';
-import * as Dom from 'graphql-request/dist/types.dom';
 import { Options } from './abstractRestfulClient';
 import { GetProductsType } from './catalog';
 import { AbstractHttpClient } from './AbstractHttpClient';
+import { GraphQLClient } from 'graphql-request';
 export declare type GraphQLResponseTypes = GetProductsType;
 export declare abstract class AbstractGraphQLClient extends AbstractHttpClient {
     /**
@@ -10,7 +9,7 @@ export declare abstract class AbstractGraphQLClient extends AbstractHttpClient {
      * Use getClientInstance() to access it.
      */
     protected graphQLClient: GraphQLClient;
-    protected optionsHeader?: Dom.RequestInit['headers'];
+    protected optionsHeader?: RequestInit['headers'];
     protected options: Options;
     private getClientInstance;
     setOptions(options: Options): this;

package/build/abstractGraphQLClient.js

@@ -24,10 +24,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AbstractGraphQLClient = void 0;
-const graphql_request_1 = require("graphql-request");
 const path = __importStar(require("path"));
 const json_to_graphql_query_1 = require("json-to-graphql-query");
 const AbstractHttpClient_1 = require("./AbstractHttpClient");
+const graphql_request_1 = require("graphql-request");
 class AbstractGraphQLClient extends AbstractHttpClient_1.AbstractHttpClient {
     constructor() {
         super(...arguments);

package/build/abstractRestfulClient.d.ts

@@ -34,7 +34,7 @@ export declare enum FileUploadKeys {
 }
 export declare type Payload = Record<string, unknown> | Array<Payload>;
 export interface PayloadWithFile {
-    [FileUploadKeys.Fields]?: Record<string, unknown>;
+    [FileUploadKeys.Fields]?: Record<string, File>;
     [FileUploadKeys.File]?: File;
 }
 export declare type Options = {

package/build/abstractRestfulClient.js

@@ -209,7 +209,7 @@ class AbstractRestfulClient extends AbstractHttpClient_1.AbstractHttpClient {
      * @param options - Options to send
      */
     async postFile(payload, parameters = {}, headers = {}, options = {}) {
-        var _a;
+        var _a, _b;
         if (!payload[FileUploadKeys.File]) {
             throw new Error('File upload required');
         }
@@ -220,8 +220,8 @@ class AbstractRestfulClient extends AbstractHttpClient_1.AbstractHttpClient {
             headers: this.prepareHeaders(headers),
         };
         const formData = new FormData();
-        formData.append(FileUploadKeys.File, payload[FileUploadKeys.File]);
-        for (const [key, value] of Object.entries((_a = payload[FileUploadKeys.Fields]) !== null && _a !== void 0 ? _a : {})) {
+        formData.append(FileUploadKeys.File, (_a = payload[FileUploadKeys.File]) !== null && _a !== void 0 ? _a : '');
+        for (const [key, value] of Object.entries((_b = payload[FileUploadKeys.Fields]) !== null && _b !== void 0 ? _b : {})) {
             console.log(`${key}: ${value}`);
             formData.set(key, value);
         }

package/package.json

@@ -4,7 +4,7 @@
     "type": "git",
     "url": "https://github.com/ArrowSphere/nodejs-api-client.git"
   },
-  "version": "3.227.0",
+  "version": "3.228.0",
   "description": "Node.js client for ArrowSphere's public API",
   "main": "build/index.js",
   "types": "build/index.d.ts",
@@ -34,9 +34,9 @@
     "@types/validatorjs": "3.15.0",
     "@types/chai": "4.2.15",
     "@types/chai-as-promised": "7.1.3",
-    "@types/lodash": "^4.14.191",
+    "@types/lodash": "4.14.191",
     "@types/mocha": "8.2.0",
-    "@types/node": "^18.19.9",
+    "@types/node": "18.19.9",
     "@types/sinon": "9.0.10",
     "@types/sinon-chai": "3.2.5",
     "@typescript-eslint/eslint-plugin": "5.58.0",
@@ -53,14 +53,12 @@
     "lint-staged": "13.2.1",
     "mocha": "10.2.0",
     "mocha-suppress-logs": "0.3.1",
-    "nock": "13.0.7",
+    "nock": "14.0.10",
     "nyc": "15.1.0",
     "prettier": "2.2.1",
-    "rimraf": "5.0.0",
     "sinon": "9.2.4",
     "sinon-chai": "3.5.0",
-    "source-map-support": "0.5.19",
-    "ts-node": "^10.9.1",
+    "ts-node": "10.9.1",
     "typescript": "4.7.4"
   },
   "husky": {
@@ -82,12 +80,12 @@
     "test": "tests"
   },
   "dependencies": {
-    "axios": "1.8.2",
-    "graphql": "^16.3.0",
-    "graphql-request": "4.2.0",
-    "json-to-graphql-query": "^2.2.5",
-    "lodash": "^4.17.21",
-    "type-fest": "^2.19.0",
+    "axios": "1.13.2",
+    "graphql": "16.8.1",
+    "graphql-request": "7.3.5",
+    "json-to-graphql-query": "2.2.5",
+    "lodash": "4.17.21",
+    "type-fest": "2.19.0",
     "validatorjs": "3.22.1"
   }
 }