npm - @dwp/govuk-casa - Versions diffs - 9.7.0 → 10.0.0 - Mend

@dwp/govuk-casa 9.7.0 → 10.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/dist/assets/css/casa.css +1 -1
package/dist/assets/css/casa.css.map +1 -1
package/dist/casa.d.ts +81 -41
package/dist/casa.d.ts.map +1 -0
package/dist/casa.js +72 -99
package/dist/core-plugins/edit-snapshot/src/configure.d.ts +1 -0
package/dist/core-plugins/edit-snapshot/src/configure.d.ts.map +1 -0
package/dist/core-plugins/edit-snapshot/src/configure.js +7 -14
package/dist/core-plugins/edit-snapshot/src/index.d.ts +1 -0
package/dist/core-plugins/edit-snapshot/src/index.d.ts.map +1 -0
package/dist/core-plugins/edit-snapshot/src/index.js +3 -9
package/dist/core-plugins/edit-snapshot/src/post-steer-hook.d.ts +2 -1
package/dist/core-plugins/edit-snapshot/src/post-steer-hook.d.ts.map +1 -0
package/dist/core-plugins/edit-snapshot/src/post-steer-hook.js +8 -13
package/dist/core-plugins/edit-snapshot/src/pre-steer-hook.d.ts +2 -1
package/dist/core-plugins/edit-snapshot/src/pre-steer-hook.d.ts.map +1 -0
package/dist/core-plugins/edit-snapshot/src/pre-steer-hook.js +13 -18
package/dist/core-plugins/edit-snapshot/src/utils.d.ts +8 -5
package/dist/core-plugins/edit-snapshot/src/utils.d.ts.map +1 -0
package/dist/core-plugins/edit-snapshot/src/utils.js +37 -19
package/dist/core-plugins/index.d.ts +1 -0
package/dist/core-plugins/index.d.ts.map +1 -0
package/dist/core-plugins/index.js +1 -9
package/dist/lib/CasaTemplateLoader.d.ts +1 -0
package/dist/lib/CasaTemplateLoader.d.ts.map +1 -0
package/dist/lib/CasaTemplateLoader.js +2 -6
package/dist/lib/JourneyContext.d.ts +22 -11
package/dist/lib/JourneyContext.d.ts.map +1 -0
package/dist/lib/JourneyContext.js +40 -45
package/dist/lib/MutableRouter.d.ts +74 -55
package/dist/lib/MutableRouter.d.ts.map +1 -0
package/dist/lib/MutableRouter.js +48 -45
package/dist/lib/NullObject.d.ts +3 -0
package/dist/lib/NullObject.d.ts.map +1 -0
package/dist/lib/NullObject.js +3 -0
package/dist/lib/Plan.d.ts +2 -1
package/dist/lib/Plan.d.ts.map +1 -0
package/dist/lib/Plan.js +44 -62
package/dist/lib/ValidationError.d.ts +2 -1
package/dist/lib/ValidationError.d.ts.map +1 -0
package/dist/lib/ValidationError.js +3 -11
package/dist/lib/ValidatorFactory.d.ts +5 -6
package/dist/lib/ValidatorFactory.d.ts.map +1 -0
package/dist/lib/ValidatorFactory.js +4 -12
package/dist/lib/configuration-ingestor.d.ts +10 -22
package/dist/lib/configuration-ingestor.d.ts.map +1 -0
package/dist/lib/configuration-ingestor.js +61 -143
package/dist/lib/configure.d.ts +2 -1
package/dist/lib/configure.d.ts.map +1 -0
package/dist/lib/configure.js +40 -52
package/dist/lib/constants.d.ts +1 -0
package/dist/lib/constants.d.ts.map +1 -0
package/dist/lib/constants.js +8 -12
package/dist/lib/context-id-generators.d.ts +1 -0
package/dist/lib/context-id-generators.d.ts.map +1 -0
package/dist/lib/context-id-generators.js +4 -9
package/dist/lib/end-session.d.ts +2 -1
package/dist/lib/end-session.d.ts.map +1 -0
package/dist/lib/end-session.js +4 -11
package/dist/lib/field.d.ts +2 -1
package/dist/lib/field.d.ts.map +1 -0
package/dist/lib/field.js +11 -21
package/dist/lib/index.d.ts +1 -0
package/dist/lib/index.d.ts.map +1 -0
package/dist/lib/index.js +13 -65
package/dist/lib/logger.d.ts +25 -2
package/dist/lib/logger.d.ts.map +1 -0
package/dist/lib/logger.js +18 -9
package/dist/lib/mount.d.ts +1 -0
package/dist/lib/mount.d.ts.map +1 -0
package/dist/lib/mount.js +10 -16
package/dist/lib/nunjucks-filters.d.ts +7 -3
package/dist/lib/nunjucks-filters.d.ts.map +1 -0
package/dist/lib/nunjucks-filters.js +58 -71
package/dist/lib/nunjucks.d.ts +2 -2
package/dist/lib/nunjucks.d.ts.map +1 -0
package/dist/lib/nunjucks.js +12 -25
package/dist/lib/utils.d.ts +4 -2
package/dist/lib/utils.d.ts.map +1 -0
package/dist/lib/utils.js +14 -28
package/dist/lib/validators/dateObject.d.ts +1 -0
package/dist/lib/validators/dateObject.d.ts.map +1 -0
package/dist/lib/validators/dateObject.js +14 -21
package/dist/lib/validators/email.d.ts +1 -0
package/dist/lib/validators/email.d.ts.map +1 -0
package/dist/lib/validators/email.js +8 -15
package/dist/lib/validators/inArray.d.ts +1 -0
package/dist/lib/validators/inArray.d.ts.map +1 -0
package/dist/lib/validators/inArray.js +8 -15
package/dist/lib/validators/index.d.ts +1 -0
package/dist/lib/validators/index.d.ts.map +1 -0
package/dist/lib/validators/index.js +21 -27
package/dist/lib/validators/nino.d.ts +1 -0
package/dist/lib/validators/nino.d.ts.map +1 -0
package/dist/lib/validators/nino.js +6 -13
package/dist/lib/validators/postalAddressObject.d.ts +1 -0
package/dist/lib/validators/postalAddressObject.d.ts.map +1 -0
package/dist/lib/validators/postalAddressObject.js +12 -19
package/dist/lib/validators/range.d.ts +1 -0
package/dist/lib/validators/range.d.ts.map +1 -0
package/dist/lib/validators/range.js +6 -13
package/dist/lib/validators/regex.d.ts +1 -0
package/dist/lib/validators/regex.d.ts.map +1 -0
package/dist/lib/validators/regex.js +6 -13
package/dist/lib/validators/required.d.ts +1 -0
package/dist/lib/validators/required.d.ts.map +1 -0
package/dist/lib/validators/required.js +9 -17
package/dist/lib/validators/strlen.d.ts +1 -0
package/dist/lib/validators/strlen.d.ts.map +1 -0
package/dist/lib/validators/strlen.js +6 -13
package/dist/lib/validators/wordCount.d.ts +1 -0
package/dist/lib/validators/wordCount.d.ts.map +1 -0
package/dist/lib/validators/wordCount.js +6 -13
package/dist/lib/waypoint-url.d.ts +3 -2
package/dist/lib/waypoint-url.d.ts.map +1 -0
package/dist/lib/waypoint-url.js +12 -19
package/dist/middleware/body-parser.d.ts +1 -0
package/dist/middleware/body-parser.d.ts.map +1 -0
package/dist/middleware/body-parser.js +4 -9
package/dist/middleware/csrf.d.ts +1 -0
package/dist/middleware/csrf.d.ts.map +1 -0
package/dist/middleware/csrf.js +4 -8
package/dist/middleware/data.d.ts +2 -3
package/dist/middleware/data.d.ts.map +1 -0
package/dist/middleware/data.js +23 -25
package/dist/middleware/gather-fields.d.ts +3 -1
package/dist/middleware/gather-fields.d.ts.map +1 -0
package/dist/middleware/gather-fields.js +13 -14
package/dist/middleware/i18n.d.ts +1 -0
package/dist/middleware/i18n.d.ts.map +1 -0
package/dist/middleware/i18n.js +26 -31
package/dist/middleware/post.d.ts +1 -0
package/dist/middleware/post.d.ts.map +1 -0
package/dist/middleware/post.js +3 -10
package/dist/middleware/pre.d.ts +2 -1
package/dist/middleware/pre.d.ts.map +1 -0
package/dist/middleware/pre.js +6 -12
package/dist/middleware/progress-journey.d.ts +5 -3
package/dist/middleware/progress-journey.d.ts.map +1 -0
package/dist/middleware/progress-journey.js +20 -18
package/dist/middleware/sanitise-fields.d.ts +5 -3
package/dist/middleware/sanitise-fields.d.ts.map +1 -0
package/dist/middleware/sanitise-fields.js +25 -17
package/dist/middleware/serve-first-waypoint.d.ts +1 -0
package/dist/middleware/serve-first-waypoint.d.ts.map +1 -0
package/dist/middleware/serve-first-waypoint.js +3 -6
package/dist/middleware/session.d.ts +15 -0
package/dist/middleware/session.d.ts.map +1 -0
package/dist/middleware/session.js +53 -57
package/dist/middleware/skip-waypoint.d.ts +3 -2
package/dist/middleware/skip-waypoint.d.ts.map +1 -0
package/dist/middleware/skip-waypoint.js +15 -14
package/dist/middleware/steer-journey.d.ts +2 -1
package/dist/middleware/steer-journey.d.ts.map +1 -0
package/dist/middleware/steer-journey.js +7 -13
package/dist/middleware/strip-proxy-path.d.ts +3 -2
package/dist/middleware/strip-proxy-path.d.ts.map +1 -0
package/dist/middleware/strip-proxy-path.js +24 -24
package/dist/middleware/validate-fields.d.ts +7 -4
package/dist/middleware/validate-fields.d.ts.map +1 -0
package/dist/middleware/validate-fields.js +22 -11
package/dist/routes/ancillary.d.ts +1 -0
package/dist/routes/ancillary.d.ts.map +1 -0
package/dist/routes/ancillary.js +3 -10
package/dist/routes/journey.d.ts +7 -2
package/dist/routes/journey.d.ts.map +1 -0
package/dist/routes/journey.js +56 -55
package/dist/routes/static.d.ts +1 -0
package/dist/routes/static.d.ts.map +1 -0
package/dist/routes/static.js +15 -23
package/package.json +20 -26
package/src/casa.js +49 -29
package/src/core-plugins/edit-snapshot/src/post-steer-hook.js +1 -0
package/src/core-plugins/edit-snapshot/src/pre-steer-hook.js +2 -1
package/src/core-plugins/edit-snapshot/src/utils.js +29 -1
package/src/lib/JourneyContext.js +31 -28
package/src/lib/MutableRouter.js +47 -38
package/src/lib/NullObject.js +4 -0
package/src/lib/Plan.js +41 -55
package/src/lib/ValidationError.js +2 -4
package/src/lib/ValidatorFactory.js +3 -5
package/src/lib/configuration-ingestor.js +18 -38
package/src/lib/configure.js +7 -10
package/src/lib/end-session.js +1 -1
package/src/lib/field.js +7 -12
package/src/lib/logger.js +16 -0
package/src/lib/mount.js +1 -1
package/src/lib/nunjucks-filters.js +51 -61
package/src/lib/nunjucks.js +3 -12
package/src/lib/utils.js +2 -1
package/src/lib/validators/dateObject.js +3 -4
package/src/lib/validators/postalAddressObject.js +6 -7
package/src/lib/validators/required.js +1 -3
package/src/lib/waypoint-url.js +15 -19
package/src/middleware/csrf.js +1 -1
package/src/middleware/data.js +13 -13
package/src/middleware/gather-fields.js +8 -2
package/src/middleware/i18n.js +9 -6
package/src/middleware/pre.js +1 -1
package/src/middleware/progress-journey.js +8 -0
package/src/middleware/sanitise-fields.js +17 -2
package/src/middleware/session.js +53 -12
package/src/middleware/skip-waypoint.js +8 -1
package/src/middleware/steer-journey.js +1 -1
package/src/middleware/strip-proxy-path.js +21 -16
package/src/middleware/validate-fields.js +19 -0
package/src/routes/journey.js +18 -8
package/src/routes/static.js +5 -4
package/views/casa/layouts/journey.njk +1 -1
package/views/casa/layouts/main.njk +11 -21
package/dist/casa.js.map +0 -1
package/dist/core-plugins/edit-snapshot/src/configure.js.map +0 -1
package/dist/core-plugins/edit-snapshot/src/index.js.map +0 -1
package/dist/core-plugins/edit-snapshot/src/post-steer-hook.js.map +0 -1
package/dist/core-plugins/edit-snapshot/src/pre-steer-hook.js.map +0 -1
package/dist/core-plugins/edit-snapshot/src/utils.js.map +0 -1
package/dist/core-plugins/index.js.map +0 -1
package/dist/lib/CasaTemplateLoader.js.map +0 -1
package/dist/lib/JourneyContext.js.map +0 -1
package/dist/lib/MutableRouter.js.map +0 -1
package/dist/lib/Plan.js.map +0 -1
package/dist/lib/ValidationError.js.map +0 -1
package/dist/lib/ValidatorFactory.js.map +0 -1
package/dist/lib/configuration-ingestor.js.map +0 -1
package/dist/lib/configure.js.map +0 -1
package/dist/lib/constants.js.map +0 -1
package/dist/lib/context-id-generators.js.map +0 -1
package/dist/lib/dirname.cjs +0 -1
package/dist/lib/dirname.d.cts +0 -2
package/dist/lib/end-session.js.map +0 -1
package/dist/lib/field.js.map +0 -1
package/dist/lib/index.js.map +0 -1
package/dist/lib/logger.js.map +0 -1
package/dist/lib/mount.js.map +0 -1
package/dist/lib/nunjucks-filters.js.map +0 -1
package/dist/lib/nunjucks.js.map +0 -1
package/dist/lib/utils.js.map +0 -1
package/dist/lib/validators/dateObject.js.map +0 -1
package/dist/lib/validators/email.js.map +0 -1
package/dist/lib/validators/inArray.js.map +0 -1
package/dist/lib/validators/index.js.map +0 -1
package/dist/lib/validators/nino.js.map +0 -1
package/dist/lib/validators/postalAddressObject.js.map +0 -1
package/dist/lib/validators/range.js.map +0 -1
package/dist/lib/validators/regex.js.map +0 -1
package/dist/lib/validators/required.js.map +0 -1
package/dist/lib/validators/strlen.js.map +0 -1
package/dist/lib/validators/wordCount.js.map +0 -1
package/dist/lib/waypoint-url.js.map +0 -1
package/dist/middleware/body-parser.js.map +0 -1
package/dist/middleware/csrf.js.map +0 -1
package/dist/middleware/data.js.map +0 -1
package/dist/middleware/dirname.cjs +0 -1
package/dist/middleware/dirname.d.cts +0 -2
package/dist/middleware/gather-fields.js.map +0 -1
package/dist/middleware/i18n.js.map +0 -1
package/dist/middleware/post.js.map +0 -1
package/dist/middleware/pre.js.map +0 -1
package/dist/middleware/progress-journey.js.map +0 -1
package/dist/middleware/sanitise-fields.js.map +0 -1
package/dist/middleware/serve-first-waypoint.js.map +0 -1
package/dist/middleware/session.js.map +0 -1
package/dist/middleware/skip-waypoint.js.map +0 -1
package/dist/middleware/steer-journey.js.map +0 -1
package/dist/middleware/strip-proxy-path.js.map +0 -1
package/dist/middleware/validate-fields.js.map +0 -1
package/dist/mjs/esm-wrapper.js +0 -20
package/dist/mjs/package.json +0 -3
package/dist/package.json +0 -3
package/dist/routes/ancillary.js.map +0 -1
package/dist/routes/dirname.cjs +0 -1
package/dist/routes/dirname.d.cts +0 -2
package/dist/routes/journey.js.map +0 -1
package/dist/routes/static.js.map +0 -1
package/src/lib/dirname.cjs +0 -1
package/src/middleware/dirname.cjs +0 -1
package/src/routes/dirname.cjs +0 -1

package/src/lib/nunjucks-filters.js CHANGED Viewed

@@ -1,82 +1,72 @@
-import merge from "deepmerge";
+import deepmerge from "@fastify/deepmerge";
 import { DateTime } from "luxon";
 import nunjucks from "nunjucks";
+import isPlainObject from "is-plain-obj";
+import NullObject from "./NullObject.js";
-const { all: deepmergeAll } = merge;
-// Arrays will be merged such that elements at the same index will be merged
-// into each other
-// ref: https://www.npmjs.com/package/deepmerge
-const combineMerge = (target, source, options) => {
-  const destination = target.slice();
-  for (let index = 0; index < source.length; index++) {
-    // ESLint disabled as `index` is only an integer
-    /* eslint-disable security/detect-object-injection */
-    const item = source[index];
-    if (typeof destination[index] === "undefined") {
-      destination[index] = options.cloneUnlessOtherwiseSpecified(item, options);
-    } else if (options.isMergeableObject(item)) {
-      destination[index] = merge(target[index], item, options);
-    } else if (target.indexOf(item) === -1) {
-      destination.push(item);
-    }
-    /* eslint-enable security/detect-object-injection */
-  }
-  return destination;
-};
-// Allows objects to be deepmerged and retain their type, without becoming [object Object]
-// ref: https://github.com/jonschlinkert/is-plain-object/blob/master/is-plain-object.js
-/**
- * @param {any} o Value to test
- * @returns {boolean} True if an object
- */
-function isObject(o) {
-  return Object.prototype.toString.call(o) === "[object Object]";
-}
+const merge = deepmerge({
+  all: true,
+  onlyDefinedProperties: true,
+  isMergeableObject: isMergable,
+  mergeArray(options) {
+    const deepmerge = options.deepmerge;
+    const clone = options.clone;
+    return function (target, source) {
+      let i = 0;
+      const tl = target.length;
+      const sl = source.length;
+      const il = Math.max(tl, sl);
+      const result = new Array(il);
+      /* eslint-disable security/detect-object-injection */
+      for (i = 0; i < il; ++i) {
+        const targetItem = target[i];
+        const sourceItem = source[i];
+        if (i < sl) {
+          result[i] = deepmerge(targetItem, sourceItem);
+        } else {
+          result[i] = clone(targetItem);
+        }
+      }
+      /* eslint-enable security/detect-object-injection */
+      return result;
+    };
+  },
+});
 /**
- * @param {any} o Value to test
- * @returns {boolean} True if a plain object or array
+ * Returns true if object is mergable (plain object or Array)
+ *
+ * @param {object} object Input object
+ * @returns {boolean} Is mergable
  */
-function isPlainObjectOrArray(o) {
-  if (Array.isArray(o)) {
-    return true;
-  }
-  if (isObject(o) === false) {
-    return false;
-  }
-  const ctor = o.constructor;
-  if (ctor === undefined) {
-    return true;
-  }
-  const prot = ctor.prototype;
-  if (isObject(prot) === false) {
-    return false;
-  }
-  return Object.hasOwn(prot, "isPrototypeOf");
+function isMergable(object) {
+  return Array.isArray(object) || isPlainObject(object);
 }
 /**
- * @param {...any} objects Objects to merge
+ * Merge multiple objects into one object
+ *
+ * @memberof NunjucksFilters
+ * @param {...(object | Array)} objects Objects to merge
  * @returns {object} Merged object
  */
 function mergeObjects(...objects) {
-  return deepmergeAll([Object.create(null), ...objects], {
-    arrayMerge: combineMerge,
-    isMergeableObject: isPlainObjectOrArray,
-  });
+  const merged = merge(new NullObject(), ...objects);
+  if (merged === null) {
+    for (const object of objects) {
+      if (!isMergable(object)) {
+        throw new TypeError(`Cannot convert ${typeof object} to object`);
+      }
+    }
+  }
+  return merged;
 }
 /**
  * Determine whether a value exists in a list.
  *
  * @memberof NunjucksFilters
- * @param {any[]} source List of items to search
+ * @param {Array} source List of items to search
  * @param {any} search Item to search within the `source`
  * @returns {boolean} True if the search item was found
  */

package/src/lib/nunjucks.js CHANGED Viewed

@@ -1,7 +1,5 @@
-import { readFileSync } from "node:fs";
-import { resolve } from "node:path";
 import { Environment } from "nunjucks";
-import dirname from "./dirname.cjs";
+import packageInfo from "../../package.json" with { type: "json" };
 import CasaTemplateLoader from "./CasaTemplateLoader.js";
 import {
   mergeObjects,
@@ -20,11 +18,10 @@ import {
  * Create a Nunjucks environment.
  *
  * @param {NunjucksOptions} options Nunjucks options
- * @param {boolean} govukRebrand GovukRebrand flag
  * @returns {Environment} Nunjucks Environment instance
  * @access private
  */
-export default function nunjucksConfig({ views = [], govukRebrand }) {
+export default function nunjucksConfig({ views = [] }) {
   // Prepare a single Nunjucks environment for all responses to use. Note that
   // we cannot prepare response-specific global functions/filters if we use a
   // single environment, but the performance gains of doing so are significant.
@@ -45,13 +42,7 @@ export default function nunjucksConfig({ views = [], govukRebrand }) {
   // Globals
   // These can't be modified once set. But they can be overridden by res.locals.
-  env.addGlobal(
-    "casaVersion",
-    /* eslint-disable-next-line security/detect-non-literal-fs-filename */
-    JSON.parse(readFileSync(resolve(dirname, "../../package.json"))).version,
-  );
-  env.addGlobal("govukRebrand", govukRebrand);
+  env.addGlobal("casaVersion", packageInfo.version);
   env.addGlobal("mergeObjects", mergeObjects);
   env.addGlobal("includes", includes);
   env.addGlobal("formatDateObject", formatDateObject);

package/src/lib/utils.js CHANGED Viewed

@@ -44,7 +44,8 @@ export function isStringable(value) {
  * @param {string} hookName Hook name (including scope prefix)
  * @param {string} path URL path to match (relative to mountUrl)
  * @param {Hook[]} hooks Hooks to be applied at the page level
- * @returns {Function[]} An array of middleware that should be applied
+ * @returns {import("express").RequestHandler[]} An array of middleware that
+ *   should be applied
  * @access private
  */
 export function resolveMiddlewareHooks(hookName, path, hooks = []) {

package/src/lib/validators/dateObject.js CHANGED Viewed

@@ -1,11 +1,10 @@
+import isPlainObject from "is-plain-obj";
 import { DateTime } from "luxon";
-import lodash from "lodash";
+import NullObject from "../NullObject.js";
 import ValidationError from "../ValidationError.js";
 import ValidatorFactory from "../ValidatorFactory.js";
 import { stringifyInput, stripWhitespace } from "../utils.js";
-const { isPlainObject } = lodash;
 /**
  * @typedef {import("../../casa").ErrorMessageConfig} ErrorMessageConfig
  * @access private
@@ -172,7 +171,7 @@ export default class DateObject extends ValidatorFactory {
             mm: stripWhitespace(stringifyInput(value.mm)),
             yyyy: stripWhitespace(stringifyInput(value.yyyy)),
           }
-        : Object.create(null);
+        : new NullObject();
     }
     return undefined;
   }

package/src/lib/validators/postalAddressObject.js CHANGED Viewed

@@ -1,10 +1,9 @@
-import lodash from "lodash";
+import isPlainObject from "is-plain-obj";
+import NullObject from "../NullObject.js";
 import ValidationError from "../ValidationError.js";
 import ValidatorFactory from "../ValidatorFactory.js";
 import { stringifyInput } from "../utils.js";
-const { isPlainObject } = lodash; // CommonjS
 /**
  * @typedef {import("../../casa").ErrorMessageConfig} ErrorMessageConfig
  * @access private
@@ -91,7 +90,7 @@ export default class PostalAddressObject extends ValidatorFactory {
         : err;
     // Work out required/optional parts based on config
-    const reqF = Object.create(null);
+    const reqF = new NullObject();
     const reqC = cfg.requiredFields;
     reqF.address1 = reqC.indexOf("address1") > -1;
     reqF.address2 = reqC.indexOf("address2") > -1;
@@ -140,7 +139,7 @@ export default class PostalAddressObject extends ValidatorFactory {
         if (condMissingOrRegexMismatch || condExceedStrlen) {
           valid = false;
           errorMsgs.push(
-            Object.assign(Object.create(null), objectifyError(attr[3]), {
+            Object.assign(new NullObject(), objectifyError(attr[3]), {
               fieldKeySuffix: `[${k}]`,
             }),
           );
@@ -163,7 +162,7 @@ export default class PostalAddressObject extends ValidatorFactory {
   sanitise(value) {
     // Only objects are supported
     if (!isPlainObject(value)) {
-      return Object.create(null);
+      return new NullObject();
     }
     // Prune unrecognised attributes, and coerce to Strings
@@ -179,6 +178,6 @@ export default class PostalAddressObject extends ValidatorFactory {
         .filter(([k]) => validKeys.includes(k))
         .map(([k, v]) => [k, stringifyInput(v)]),
     );
-    return Object.assign(Object.create(null), pruned);
+    return Object.assign(new NullObject(), pruned);
   }
 }

package/src/lib/validators/required.js CHANGED Viewed

@@ -1,10 +1,8 @@
-import lodash from "lodash";
+import isPlainObject from "is-plain-obj";
 import { isEmpty, isStringable, stringifyInput } from "../utils.js";
 import ValidatorFactory from "../ValidatorFactory.js";
 import ValidationError from "../ValidationError.js";
-const { isPlainObject } = lodash; // CommonJS
 /**
  * @typedef {import("../../casa").ErrorMessageConfig} ErrorMessageConfig
  * @access private

package/src/lib/waypoint-url.js CHANGED Viewed

@@ -1,3 +1,5 @@
+import NullObject from "./NullObject.js";
 /**
  * @typedef {import("./index").JourneyContext} JourneyContext
  * @access private
@@ -14,7 +16,7 @@ const reUrlProtocolExtract = /^url:\/\/(.+)$/i;
  * @access private
  */
 const sanitiseWaypoint = (w) =>
-  w.replace(/[^/a-z0-9_-]/gi, "").replace(/\/+/g, "/");
+  w.replace(/[^/a-z0-9_-]+/gi, "").replace(/\/+/g, "/");
 /**
  * Sanitise a waypoint string, with allowed URL parameters: contextid =
@@ -25,32 +27,26 @@ const sanitiseWaypoint = (w) =>
  * @access private
  */
 const sanitiseWaypointWithAllowedParams = (w) => {
-  // Extract URL params
-  const parts = w.split("?");
-  if (parts.length !== 2) {
+  const queryIndex = w.indexOf("?");
+  if (queryIndex === -1 || queryIndex !== w.lastIndexOf("?")) {
     return sanitiseWaypoint(w);
   }
-  const [waypoint, rawParams] = parts;
-  const urlSearchParams = new URLSearchParams(rawParams);
-  // Strip all but those parameters allowed
-  const validatedUrlSearchParams = new URLSearchParams();
-  for (const pk of ["contextid"]) {
-    if (urlSearchParams.has(pk)) {
-      validatedUrlSearchParams.set(pk, urlSearchParams.get(pk));
-    }
+  const waypoint = w.substring(0, queryIndex);
+  const urlSearchParams = new URLSearchParams(w.substring(queryIndex + 1));
+  let query = "";
+  if (urlSearchParams.has("contextid")) {
+    query += `?contextid=${encodeURIComponent(urlSearchParams.get("contextid"))}`;
   }
-  return `${sanitiseWaypoint(waypoint)}?${validatedUrlSearchParams.toString()}`.replace(
-    /\?$/,
-    "",
-  );
+  return `${sanitiseWaypoint(waypoint)}${query}`;
 };
 /**
  * Generate a URL pointing at a particular waypoint.
  *
- * @memberof module:@dwp/govuk-casa
+ * @memberof module:"@dwp/govuk-casa"
  * @example
  *   // generates: /path/details?edit&editorigin=%2Fsomewhere%2Felse
  *   waypointUrl({
@@ -80,7 +76,7 @@ export default function waypointUrl(
     editOrigin,
     skipTo,
     routeName = "next",
-  } = Object.create(null),
+  } = new NullObject(),
 ) {
   const url = new URL("https://placeholder.test");

package/src/middleware/csrf.js CHANGED Viewed

@@ -16,7 +16,7 @@ import { csrfSync } from "csrf-sync";
  */
 export default function csrfMiddleware() {
   const { csrfSynchronisedProtection } = csrfSync({
-    getTokenFromRequest: (req) => req.body._csrf,
+    getTokenFromRequest: (req) => req.body?._csrf,
   });
   return [
     csrfSynchronisedProtection,

package/src/middleware/data.js CHANGED Viewed

@@ -22,8 +22,14 @@ import waypointUrl from "../lib/waypoint-url.js";
  * @access private
  */
+/**
+ * Get edit orgin
+ *
+ * @param {import("express").Request} req Express request
+ * @returns {string} Currently set edit origin
+ */
 const editOrigin = (req) => {
-  if (Object.hasOwn(req.query, "editorigin")) {
+  if (req.query && Object.hasOwn(req.query, "editorigin")) {
     return waypointUrl({ waypoint: req.query.editorigin });
   }
   if (req.body && Object.hasOwn(req.body, "editorigin")) {
@@ -43,16 +49,9 @@ const editOrigin = (req) => {
  * @param {Plan} opts.plan CASA Plan
  * @param {ContextEventHandler[]} opts.events Event handlers
  * @param {ContextIdGenerator} opts.contextIdGenerator Content ID generator
- * @param {boolean} ops.govukRebrand Govuk rebrand feature flag
- * @param opts.govukRebrand
  * @returns {RequestHandler[]} Middleware functions
  */
-export default function dataMiddleware({
-  plan,
-  events,
-  contextIdGenerator,
-  govukRebrand,
-}) {
+export default function dataMiddleware({ plan, events, contextIdGenerator }) {
   return [
     (req, res, next) => {
       /* ------------------------------------------------ Request decorations */
@@ -73,9 +72,11 @@ export default function dataMiddleware({
         // Edit mode
         editMode:
-          (Object.hasOwn(req.query, "edit") &&
+          (req.query &&
+            Object.hasOwn(req.query, "edit") &&
             Object.hasOwn(req.query, "editorigin")) ||
-          (Object.hasOwn(req.body, "edit") &&
+          (req.body &&
+            Object.hasOwn(req.body, "edit") &&
             Object.hasOwn(req.body, "editorigin")),
         editOrigin: editOrigin(req),
       };
@@ -131,8 +132,7 @@ export default function dataMiddleware({
       //   htmlLang = req.language is provided by i18n-http-middleware
       //   assetPath = used for linking to static assets in the govuk-frontend module
       res.locals.htmlLang = req.language;
-      const rebrandAssetPath = govukRebrand ? "/rebrand" : "";
-      res.locals.assetPath = `${staticMountUrl}govuk/assets${rebrandAssetPath}`;
+      res.locals.assetPath = `${staticMountUrl}govuk/assets`;
       // Function for building URLs. This will be curried with the `mountUrl`,
       // `journeyContext`, `edit` and `editOrigin` for convenience. This means

package/src/middleware/gather-fields.js CHANGED Viewed

@@ -4,6 +4,7 @@
 // - Remove validation date of JourneyContext so it can re-evaluted
 import JourneyContext from "../lib/JourneyContext.js";
+import NullObject from "../lib/NullObject.js";
 import { REQUEST_PHASE_GATHER } from "../lib/constants.js";
 /**
@@ -11,6 +12,11 @@ import { REQUEST_PHASE_GATHER } from "../lib/constants.js";
  * @access private
  */
+/**
+ * @typedef {import("express").RequestHandler} RequestHandler
+ * @access private
+ */
 /**
  * Gather the field data from `req.body` into the current JourneyContext
  *
@@ -21,7 +27,7 @@ import { REQUEST_PHASE_GATHER } from "../lib/constants.js";
  * @param {object} obj Options
  * @param {string} obj.waypoint Waypoint
  * @param {PageField[]} [obj.fields] Fields. Default is `[]`
- * @returns {Array} Array of middleware
+ * @returns {RequestHandler[]} Array of middleware
  */
 export default ({ waypoint, fields = [] }) => [
   (req, res, next) => {
@@ -35,7 +41,7 @@ export default ({ waypoint, fields = [] }) => [
     // Ignore data for any non-persistent fields
     // ESLint disabled as `fields`, `i` and `name` are dev-controlled
     /* eslint-disable security/detect-object-injection */
-    const persistentBody = Object.create(null);
+    const persistentBody = new NullObject();
     for (let i = 0, l = fields.length; i < l; i++) {
       if (
         fields[i].meta.persist &&

package/src/middleware/i18n.js CHANGED Viewed

@@ -2,9 +2,10 @@ import { createInstance } from "i18next";
 import { LanguageDetector, handle } from "i18next-http-middleware";
 import { resolve, basename } from "node:path";
 import { existsSync, readFileSync, readdirSync } from "node:fs";
-import deepmerge from "deepmerge";
+import deepmerge from "@fastify/deepmerge";
 import { load as jsYamlLoad } from "js-yaml";
 import logger from "../lib/logger.js";
+import NullObject from "../lib/NullObject.js";
 /**
  * @typedef {import("express").RequestHandler} RequestHandler
@@ -13,6 +14,8 @@ import logger from "../lib/logger.js";
 const log = logger("middleware:i18n");
+const merge = deepmerge({ onlyDefinedProperties: true });
 const loadJson = (file) => {
   // Strip out newlines (this is a legacy feature which we're keeping for
   // backwards compatibility).
@@ -35,13 +38,13 @@ const extract = (file) => {
 };
 const loadResources = (languages, directories) => {
-  const store = Object.create(null);
+  const store = new NullObject();
   for (const language of languages) {
     // ESLint disabled as `store`, `language` and `ns` are all dev-controlled,
     // and this function is only called once, at boot-time.
     /* eslint-disable security/detect-object-injection */
-    store[language] = Object.create(null);
+    store[language] = new NullObject();
     for (const basedir of directories) {
       const dir = resolve(basedir, language);
@@ -56,10 +59,10 @@ const loadResources = (languages, directories) => {
         const { ns, data } = extract(resolve(dir, file));
         if (store[language][ns] === undefined) {
-          store[language][ns] = Object.create(null);
+          store[language][ns] = new NullObject();
         }
-        store[language][ns] = deepmerge(store[language][ns], data);
+        store[language][ns] = merge(store[language][ns], data);
       }
     }
     /* eslint-enable security/detect-object-injection */
@@ -115,7 +118,7 @@ export default function i18nMiddleware({
       if (!req.session.language) {
         req.session.language = languages[0];
       }
-      if (req?.query.lang && languages.includes(req.query.lang)) {
+      if (req.query?.lang && languages.includes(req.query.lang)) {
         req.session.language = String(req.query.lang);
       }
       next();

package/src/middleware/pre.js CHANGED Viewed

@@ -33,7 +33,7 @@ function casaCspNonce(req, res) {
  * @param {object} opts Options
  * @param {HelmetConfigurator} opts.helmetConfigurator Function to customise
  *   Helmet configuration
- * @returns {Function[]} List of middleware
+ * @returns {import("express").RequestHandler[]} List of middleware
  */
 export default ({ helmetConfigurator = (config) => config } = {}) => [
   // Only allow certain request methods

package/src/middleware/progress-journey.js CHANGED Viewed

@@ -25,6 +25,14 @@ const saveAndRedirect = (session, journeyContext, url, res, next) => {
   });
 };
+/**
+ * Get "progress journey" middleware for a given waypoint
+ *
+ * @param {object} opts Options
+ * @param {string} opts.waypoint Waypoint
+ * @param {Plan} opts.plan CASA Plan
+ * @returns {import("express").RequestHandler[]} Middleware functions
+ */
 export default ({ waypoint, plan }) => [
   (req, res, next) => {
     // Determine the next available waypoint after the current one

package/src/middleware/sanitise-fields.js CHANGED Viewed

@@ -4,7 +4,16 @@
 import fieldFactory from "../lib/field.js";
 import JourneyContext from "../lib/JourneyContext.js";
+import NullObject from "../lib/NullObject.js";
+/**
+ * Get "sanitise fields" middleware for a given waypoint
+ *
+ * @param {object} opts Options
+ * @param {string} opts.waypoint Waypoint
+ * @param {PageField[]} opts.fields Fields to sanitise
+ * @returns {import("express").RequestHandler[]} Middleware functions
+ */
 export default ({ waypoint, fields = [] }) => {
   // Add some common, transient fields to ensure they survive beyond this sanitisation process
   fields.push(
@@ -35,9 +44,10 @@ export default ({ waypoint, fields = [] }) => {
       // those that do not have an entry in `fields`)
       // EsLint disabled as `fields`, `i` & `name` are only controlled by dev
       /* eslint-disable security/detect-object-injection */
-      const prunedBody = Object.create(null);
+      const prunedBody = new NullObject();
       for (let i = 0, l = fields.length; i < l; i++) {
         if (
+          req.body &&
           Object.hasOwn(req.body, fields[i].name) &&
           req.body[fields[i].name] !== undefined
         ) {
@@ -54,7 +64,7 @@ export default ({ waypoint, fields = [] }) => {
       // Second, prune any fields that do not pass the validation conditional,
       // and process those that do.
-      const sanitisedBody = Object.create(null);
+      const sanitisedBody = new NullObject();
       for (let i = 0, l = fields.length; i < l; i++) {
         const field =
           fields[i]; /* eslint-disable-line security/detect-object-injection */
@@ -78,3 +88,8 @@ export default ({ waypoint, fields = [] }) => {
     },
   ];
 };
+/**
+ * @typedef {import("../casa").PageField} PageField
+ * @access private
+ */