@splitsoftware/splitio 10.26.1-rc.3 → 10.26.2-rc.0

package/CHANGES.txt

@@ -1,5 +1,10 @@
-10.26.1 (June 13, 2024)
+10.27.0 (June 25, 2024)
+ - Added `sync.requestOptions.agent` property to SDK configuration, to pass a custom HTTP(S) Agent to the SDK requests in NodeJS. This allows the SDK to use a custom agent with specific configurations, like a network proxy or custom TLS settings (See https://help.split.io/hc/en-us/articles/360020564931-Node-js-SDK#proxy).
+ - Updated some transitive dependencies for vulnerability fixes.
+
+10.26.1 (June 14, 2024)
  - Updated the internal imports of 'os' and 'ioredis' modules for NodeJS, to use EcmaScript 'import' rather than CommonJS 'require' for the ES modules build. This avoids runtime errors on some scenarios when bundling the SDK into a .mjs file or importing it from a .mjs file.
+ - Updated eventsource dependency for NodeJS. The eventsource v1.1.2 dependency was removed, and the SDK now uses an embedded adaptation that can accept an HTTP(S) agent option, like other HTTP(S) requests.
  - Updated @splitsoftware/splitio-commons package to version 1.16.0 that includes some vulnerability and bug fixes.
  - Bugfixing - Restored some input validation error logs that were removed in version 10.24.0. The logs inform the user when the `getTreatment(s)` methods are called with an invalid value as feature flag name or flag set name.
  - Bugfixing - Fixed localhost mode to emit SDK_UPDATE when mocked feature flags are updated in the `features` object map of the config object (Related to issue https://github.com/splitio/javascript-browser-client/issues/119).

package/es/platform/getOptions/node.js

@@ -8,6 +8,9 @@ var agent = new https.Agent({
     keepAliveMsecs: 1500
 });
 export function getOptions(settings) {
+    // User provided options take precedence
+    if (settings.sync.requestOptions)
+        return settings.sync.requestOptions;
     // If some URL is not HTTPS, we don't use the agent, to let the SDK connect to HTTP endpoints
     if (find(settings.urls, function (url) { return !url.startsWith('https:'); }))
         return;

package/es/settings/defaults/version.js

@@ -1 +1 @@
-export var packageVersion = '10.26.1-rc.3';
+export var packageVersion = '10.26.2-rc.0';

package/es/settings/node.js

@@ -14,5 +14,9 @@ var params = {
     // In Node.js the SDK ignores `config.integrations`, so a validator for integrations is not required
 };
 export function settingsFactory(config) {
-    return settingsValidation(config, params);
+    var settings = settingsValidation(config, params);
+    // if provided, keeps reference to the `requestOptions` object
+    if (settings.sync.requestOptions)
+        settings.sync.requestOptions = config.sync.requestOptions;
+    return settings;
 }

package/lib/platform/getOptions/node.js

@@ -12,6 +12,9 @@ var agent = new https_1.default.Agent({
     keepAliveMsecs: 1500
 });
 function getOptions(settings) {
+    // User provided options take precedence
+    if (settings.sync.requestOptions)
+        return settings.sync.requestOptions;
     // If some URL is not HTTPS, we don't use the agent, to let the SDK connect to HTTP endpoints
     if ((0, lang_1.find)(settings.urls, function (url) { return !url.startsWith('https:'); }))
         return;

package/lib/settings/defaults/version.js

@@ -1,4 +1,4 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.packageVersion = void 0;
-exports.packageVersion = '10.26.1-rc.3';
+exports.packageVersion = '10.26.2-rc.0';

package/lib/settings/node.js

@@ -17,6 +17,10 @@ var params = {
     // In Node.js the SDK ignores `config.integrations`, so a validator for integrations is not required
 };
 function settingsFactory(config) {
-    return (0, settingsValidation_1.settingsValidation)(config, params);
+    var settings = (0, settingsValidation_1.settingsValidation)(config, params);
+    // if provided, keeps reference to the `requestOptions` object
+    if (settings.sync.requestOptions)
+        settings.sync.requestOptions = config.sync.requestOptions;
+    return settings;
 }
 exports.settingsFactory = settingsFactory;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@splitsoftware/splitio",
-  "version": "10.26.1-rc.3",
+  "version": "10.26.2-rc.0",
   "description": "Split SDK",
   "files": [
     "README.md",
@@ -40,7 +40,7 @@
     "node": ">=6"
   },
   "dependencies": {
-    "@splitsoftware/splitio-commons": "1.15.1-rc.3",
+    "@splitsoftware/splitio-commons": "1.16.0",
     "@types/google.analytics": "0.0.40",
     "@types/ioredis": "^4.28.0",
     "bloom-filters": "^3.0.0",

package/src/platform/getEventSource/eventsource.js

@@ -82,7 +82,7 @@ function EventSource(url, eventSourceInitDict) {
   function onConnectionClosed(message) {
     if (readyState === EventSource.CLOSED) return;
     readyState = EventSource.CONNECTING;
-    _emit('error', new Event('error', {message: message}));
+    _emit('error', new Event('error', { message: message }));
 
     // The url may have been changed by a temporary redirect. If that's the case,
     // revert it now, and flag that we are no longer pointing to a new origin
@@ -177,7 +177,7 @@ function EventSource(url, eventSourceInitDict) {
       self.connectionInProgress = false;
       // Handle HTTP errors
       if (res.statusCode === 500 || res.statusCode === 502 || res.statusCode === 503 || res.statusCode === 504) {
-        _emit('error', new Event('error', {status: res.statusCode, message: res.statusMessage}));
+        _emit('error', new Event('error', { status: res.statusCode, message: res.statusMessage }));
         onConnectionClosed();
         return;
       }
@@ -187,7 +187,7 @@ function EventSource(url, eventSourceInitDict) {
         var location = res.headers.location;
         if (!location) {
           // Server sent redirect response without Location header.
-          _emit('error', new Event('error', {status: res.statusCode, message: res.statusMessage}));
+          _emit('error', new Event('error', { status: res.statusCode, message: res.statusMessage }));
           return;
         }
         var prevOrigin = getOrigin(url);
@@ -200,7 +200,7 @@ function EventSource(url, eventSourceInitDict) {
       }
 
       if (res.statusCode !== 200) {
-        _emit('error', new Event('error', {status: res.statusCode, message: res.statusMessage}));
+        _emit('error', new Event('error', { status: res.statusCode, message: res.statusMessage }));
         return self.close();
       }
 
@@ -386,9 +386,9 @@ EventSource.prototype.constructor = EventSource; // make stacktraces readable
 /**
  * Ready states
  */
-Object.defineProperty(EventSource, 'CONNECTING', {enumerable: true, value: 0});
-Object.defineProperty(EventSource, 'OPEN', {enumerable: true, value: 1});
-Object.defineProperty(EventSource, 'CLOSED', {enumerable: true, value: 2});
+Object.defineProperty(EventSource, 'CONNECTING', { enumerable: true, value: 0 });
+Object.defineProperty(EventSource, 'OPEN', { enumerable: true, value: 1 });
+Object.defineProperty(EventSource, 'CLOSED', { enumerable: true, value: 2 });
 
 EventSource.prototype.CONNECTING = 0;
 EventSource.prototype.OPEN = 1;

package/src/platform/getOptions/node.js

@@ -11,6 +11,9 @@ const agent = new https.Agent({
 });
 
 export function getOptions(settings) {
+  // User provided options take precedence
+  if (settings.sync.requestOptions) return settings.sync.requestOptions;
+
   // If some URL is not HTTPS, we don't use the agent, to let the SDK connect to HTTP endpoints
   if (find(settings.urls, url => !url.startsWith('https:'))) return;
 

package/src/settings/defaults/version.js

@@ -1 +1 @@
-export const packageVersion = '10.26.1-rc.3';
+export const packageVersion = '10.26.2-rc.0';

package/src/settings/node.js

@@ -17,5 +17,9 @@ const params = {
 };
 
 export function settingsFactory(config) {
-  return settingsValidation(config, params);
+  const settings = settingsValidation(config, params);
+
+  // if provided, keeps reference to the `requestOptions` object
+  if (settings.sync.requestOptions) settings.sync.requestOptions = config.sync.requestOptions;
+  return settings;
 }

package/types/splitio.d.ts

@@ -4,6 +4,7 @@
 
 /// <reference types="google.analytics" />
 import { RedisOptions } from "ioredis";
+import { RequestOptions } from "http";
 
 export as namespace SplitIO;
 export = SplitIO;
@@ -1168,6 +1169,41 @@ declare namespace SplitIO {
      * @default 'standalone'
      */
     mode?: 'standalone'
+    sync?: INodeBasicSettings['sync'] & {
+      /**
+       * Custom options object for HTTP(S) requests in NodeJS.
+       * If provided, this object is merged with the options object passed by the SDK for EventSource and Node-Fetch calls.
+       * @see {@link https://www.npmjs.com/package/node-fetch#options}
+       */
+      requestOptions?: {
+        /**
+         * Custom NodeJS HTTP(S) Agent used by the SDK for HTTP(S) requests.
+         *
+         * You can use it, for example, for certificate pinning or setting a network proxy:
+         *
+         * ```javascript
+         * const { HttpsProxyAgent } = require('https-proxy-agent');
+         *
+         * const proxyAgent = new HttpsProxyAgent(process.env.HTTPS_PROXY || 'http://10.10.1.10:1080');
+         *
+         * const factory = SplitFactory({
+         *   ...
+         *   sync: {
+         *     requestOptions: {
+         *       agent: proxyAgent
+         *     }
+         *   }
+         * })
+         * ```
+         *
+         * @see {@link https://nodejs.org/api/https.html#class-httpsagent}
+         *
+         * @property {http.Agent | https.Agent} agent
+         * @default undefined
+         */
+        agent?: RequestOptions["agent"]
+      },
+    }
   }
   /**
    * Settings interface with async storage for SDK instances created on NodeJS.