hof 21.0.12-axios-beta → 21.0.12-upgrade-vuln-pkgs-beta

package/model/index.js

@@ -5,9 +5,7 @@ const _ = require('lodash');
 const axios = require('axios').default;
 const url = require('url');
 const EventEmitter = require('events').EventEmitter;
-
-const axiosSetting = require('./apis/axios-settings')
-
+const axiosSetting = require('./apis/axios-settings');
 const REFERENCE = /^\$ref:/;
 
 function timeDiff(from, to, d) {
@@ -32,7 +30,7 @@ module.exports = class Model extends EventEmitter {
     this._request = axios;
   }
 
-  save(options, callback) {
+  async save(options, callback) {
     if (typeof options === 'function' && arguments.length === 1) {
       callback = options;
       options = {};
@@ -40,21 +38,18 @@ module.exports = class Model extends EventEmitter {
       options = {};
     }
 
-    return this.prepare().then(data => {
-      data = JSON.stringify(data);
-      const reqConf = this.requestConfig(options);
-      reqConf.method = options.method || 'POST';
-
-      reqConf.headers = Object.assign({
-        'Content-Type': 'application/json',
-        'User-Agent': 'Axios 0.25.0',
-        'Content-Length': Buffer.byteLength(data)
-      }, reqConf.headers || {});
-      return this.request(reqConf, data, callback);
-    });
+    let data = await this.prepare();
+    data = JSON.stringify(data);
+    const reqConf = this.requestConfig(options);
+    reqConf.method = options.method || 'POST';
+    reqConf.headers = Object.assign({
+      'Content-Type': 'application/json',
+      'Content-Length': Buffer.byteLength(data)
+    }, reqConf.headers || {});
+    return await this.request(reqConf, data, callback);
   }
 
-  fetch(options, callback) {
+  async fetch(options, callback) {
     if (typeof options === 'function' && arguments.length === 1) {
       callback = options;
       options = {};
@@ -63,10 +58,10 @@ module.exports = class Model extends EventEmitter {
     }
     const reqConf = this.requestConfig(options);
     reqConf.method = options.method || 'GET';
-    return this.request(reqConf, callback);
+    return await this.request(reqConf, callback);
   }
 
-  delete(options, callback) {
+  async delete(options, callback) {
     if (typeof options === 'function' && arguments.length === 1) {
       callback = options;
       options = {};
@@ -75,7 +70,7 @@ module.exports = class Model extends EventEmitter {
     }
     const reqConf = this.requestConfig(options);
     reqConf.method = options.method || 'DELETE';
-    return this.request(reqConf, callback);
+    return await this.request(reqConf, callback);
   }
 
   requestConfig(options) {
@@ -88,7 +83,7 @@ module.exports = class Model extends EventEmitter {
     });
   }
 
-  request(originalSettings, body, callback) {
+  async request(originalSettings, body, callback) {
     if (typeof body === 'function' && arguments.length === 2) {
       callback = body;
       body = undefined;
@@ -96,108 +91,114 @@ module.exports = class Model extends EventEmitter {
 
     let settings = Object.assign({}, originalSettings);
     settings.timeout = settings.timeout || this.options.timeout;
-    settings = axiosSetting(settings, body)
+    settings = axiosSetting(settings, body);
     settings = _.omit(settings, urlKeys);
     this.emit('sync', originalSettings);
 
-    const promise = Promise.resolve().then(() => this.auth()).then(authData => {
+    try {
+      const authData = await this.auth();
       let authVal = authData;
       if (typeof authVal === 'string') {
-        const auth = authVal.split(':');
+        const [user, ...rest] = authVal.split(':');
         authVal = {
-          user: auth.shift(),
-          pass: auth.join(':'),
+          user,
+          pass: rest.join(':'),
           sendImmediately: true
         };
       }
-      if(authVal) {
-        settings.headers = Object.assign({}, settings.headers, {Authorization: `Bearer ${authVal.bearer}`});
+      if (authVal) {
+        settings.headers = {
+          ...settings.headers,
+          Authorization: `Bearer ${authVal.bearer}`
+        };
       }
-      settings.auth = undefined;
-      console.log("SETTINGS ************")
-      console.log(settings)
-      console.log("SETTINGS ************")
-    })
-      .then(() => {
-        const startTime = process.hrtime();
-        let timeoutTimer;
-
-        return new Promise((resolve, reject) => {
-          const _callback = (err, data, statusCode) => {
-            if (timeoutTimer) {
-              clearTimeout(timeoutTimer);
-              timeoutTimer = null;
-            }
 
-            const endTime = process.hrtime();
-            const responseTime = timeDiff(startTime, endTime);
-            if (err) {
-              console.log("*****ERRR********")
-              console.log(err)
-              console.log("*****ERRR********")
-              this.emit('fail', err, data, originalSettings, statusCode, responseTime);
-              reject(err);
-            } else {
-              console.log("SUCCESS>>>>>>>>>>>>>>>")
-              this.emit('success', data, originalSettings, statusCode, responseTime);
-              resolve(data);
-            }
-            // if (err) {
-            //   console.log("err11")
-            //   console.log(err)
-            //   console.log("err11")
-            //   reject(err);
-            // } else {
-            //   resolve(data);
-            // }
-          };
-          this._request(settings)
-            .then(response => {
-              return this.handleResponse(response, (error, data, status) => {
-                if (error) {
-                  error.headers = response.headers;
-                }
-                _callback(error, data, status);
+      const startTime = process.hrtime();
+      let timeoutTimer;
+
+      if (timeoutTimer) {
+        clearTimeout(timeoutTimer);
+        timeoutTimer = null;
+      }
+
+      const data = await new Promise((resolve, reject) => {
+        const _callback = (err, responseData, statusCode) => {
+          if (timeoutTimer) {
+            clearTimeout(timeoutTimer);
+            timeoutTimer = null;
+          }
+
+          const endTime = process.hrtime();
+          const responseTime = timeDiff(startTime, endTime);
+          if (err) {
+            this.emit('fail', err, responseData, originalSettings, statusCode, responseTime);
+            reject(err);
+          } else {
+            this.emit('success', responseData, originalSettings, statusCode, responseTime);
+            resolve(responseData);
+          }
+        };
+
+        this._request(settings)
+          .then(response => {
+            return this.handleResponse(response)
+              .then(responseData => _callback(null, responseData, response.status))
+              .catch(error => {
+                error.headers = response.headers;
+                _callback(error, null, response.status);
               });
-            }).catch(err => {
-              if (err.code === 'ETIMEDOUT' || err.code === 'ESOCKETTIMEDOUT') {
-                err.message = 'Connection timed out';
-                err.status = 504;
-              }
-              err.status = err.status || 503;
-              return _callback(err, null, err.status);
-            });
-        });
+          })
+          .catch(err => {
+            if (err.code === 'ETIMEDOUT' || err.code === 'ESOCKETTIMEDOUT') {
+              err.message = 'Connection timed out';
+              err.status = 504;
+            }
+            err.status = err.status || 503;
+            return _callback(err, null, err.status);
+          });
       });
 
-    if (typeof callback === 'function') {
-      return promise.then(data => callback(null, data), callback);
+      if (typeof callback === 'function') {
+        callback(null, data);
+      }
+      return data;
+    } catch (error) {
+      if (typeof callback === 'function') {
+        callback(error);
+      }
+      return error;
     }
-    return promise;
   }
 
-  handleResponse(response, callback) {
-    let data = {};
+  async handleResponse(response) {
+    let data = null;
     try {
-      data = typeof response.data === 'object' ? response.data : JSON.parse(response.data || '{}');
+      if (typeof response.data === 'object') {
+        data = response.data;
+      } else if (typeof response.data === 'string' && response.data.trim() !== '') {
+        data = JSON.parse(response.data);
+      } else {
+        data = {};
+      }
     } catch (err) {
+      err.message = 'Failed to parse response data';
       err.status = response.status;
       err.body = response.data;
-      return callback(err, null, response.status);
+      throw err;
     }
-    return this.parseResponse(response.status, data, callback);
+    return await this.parseResponse(response.status, data);
   }
 
-  parseResponse(statusCode, data, callback) {
+  async parseResponse(statusCode, data) {
     if (statusCode < 400) {
       try {
-        data = this.parse(data);
-        callback(null, data, statusCode);
+        data = await this.parse(data);
+        return data;
       } catch (err) {
-        callback(err, null, statusCode);
+        throw err;
       }
     } else {
-      callback(this.parseError(statusCode, data), data, statusCode);
+      throw this.parseError(statusCode, data);
     }
   }
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "hof",
   "description": "A bootstrap for HOF projects",
-  "version": "21.0.12-axios-beta",
+  "version": "21.0.12-upgrade-vuln-pkgs-beta",
   "license": "MIT",
   "main": "index.js",
   "author": "HomeOffice",
@@ -32,8 +32,7 @@
     "test:acceptance_browser": "ACCEPTANCE_WITH_BROWSER=true TAGS=\"${TAGS:=@feature}\" yarn run test:cucumber",
     "test:cucumber": "cucumber-js -f @cucumber/pretty-formatter \"sandbox/test/_features/**/*.feature\" --require sandbox/test/_features/test.setup.js --require \"sandbox/test/_features/step_definitions/**/*.js\" --tags $TAGS",
     "ci": "travis-conditions",
-    "postversion": "git push && git push --tags",
-    "test-single": "mocha"
+    "postversion": "git push && git push --tags"
   },
   "dependencies": {
     "aliasify": "^2.1.0",
@@ -54,12 +53,12 @@
     "duplexify": "^3.5.0",
     "express": "^4.17.1",
     "express-healthcheck": "^0.1.0",
-    "express-partial-templates": "^0.2.0",
+    "express-partial-templates": "^0.2.1",
     "express-session": "^1.13.0",
     "findup": "^0.1.5",
     "glob": "^7.2.0",
     "govuk-elements-sass": "^3.1.3",
-    "govuk-frontend": "3.14",
+    "govuk-frontend": "3.15",
     "govuk_template_mustache": "^0.26.0",
     "helmet": "^3.22.0",
     "hogan-express-strict": "^0.5.4",
@@ -68,7 +67,7 @@
     "i18n-future": "^2.0.0",
     "i18n-lookup": "^0.1.0",
     "is-pdf": "^1.0.0",
-    "libphonenumber-js": "^1.9.37",
+    "libphonenumber-js": "^1.9.44",
     "lodash": "^4.17.21",
     "markdown-it": "^12.3.2",
     "minimatch": "^3.0.7",
@@ -81,8 +80,7 @@
     "nodemailer-ses-transport": "^1.5.1",
     "nodemailer-smtp-transport": "^2.7.4",
     "nodemailer-stub-transport": "^1.1.0",
-    "notifications-node-client": "^6.0.0",
-    "object-mapper": "^6.2.0",
+    "notifications-node-client": "^8.2.0",
     "redis": "^3.1.2",
     "reqres": "^3.0.1",
     "rimraf": "^3.0.2",
@@ -98,6 +96,7 @@
     "@cucumber/cucumber": "^7.3.0",
     "@cucumber/pretty-formatter": "^1.0.0-alpha.1",
     "@types/jest": "^26.0.14",
+    "@xmldom/xmldom": "~0.8.4",
     "chai": "^3.5.0",
     "chai-as-promised": "^7.1.1",
     "chai-subset": "^1.6.0",
@@ -124,14 +123,13 @@
     "playwright": "^1.16.3",
     "postcode": "0.2.2",
     "proxyquire": "^1.7.11",
-    "release-it": "^14.10.0",
+    "release-it": "^16.2.1",
     "sinon": "^11.1.1",
     "sinon-chai": "^3.7.0",
     "supertest": "^3.0.0",
     "travis-conditions": "0.0.0",
     "watchify": "^4.0.0",
-    "webdriverio": "^4.14.4",
-    "xmldom": "^0.6.0"
+    "webdriverio": "^4.14.4"
   },
   "mocha": {
     "reporter": "spec",

package/pull_request.md

@@ -0,0 +1,16 @@
+## What? 
+## Why? 
+## How? 
+## Testing?
+## Screenshots (optional)
+## Anything Else? (optional)
+## Check list
+
+- [ ] I have reviewed my own pull request for linting issues (e.g. adding new lines)
+- [ ] I have written tests (if relevant)
+- [ ] I have created a JIRA number for my branch
+- [ ] I have created a JIRA number for my commit
+- [ ] I have followed the chris beams method for my commit https://cbea.ms/git-commit/
+here is an [example commit](https://github.com/UKHomeOfficeForms/hof/commit/810959f391187c7c4af6db262bcd143b50093a6e)
+- [ ] Ensure drone builds are green especially tests
+- [ ] I will squash the commits before merging

package/sandbox/package.json

@@ -16,7 +16,7 @@
   "author": "",
   "dependencies": {
     "govuk-frontend": "3.14",
-    "jquery": "^3.6.0",
+    "jquery": "^3.7.1",
     "sass": "^1.53.0",
     "typeahead-aria": "^1.0.4"
   },

package/sandbox/yarn.lock

@@ -34,11 +34,11 @@ brace-expansion@^1.1.7:
     concat-map "0.0.1"
 
 braces@~3.0.2:
-  version "3.0.2"
-  resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107"
-  integrity sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789"
+  integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==
   dependencies:
-    fill-range "^7.0.1"
+    fill-range "^7.1.1"
 
 "chokidar@>=3.0.0 <4.0.0", chokidar@^3.5.2:
   version "3.5.3"
@@ -67,10 +67,10 @@ debug@^3.2.7:
   dependencies:
     ms "^2.1.1"
 
-fill-range@^7.0.1:
-  version "7.0.1"
-  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40"
-  integrity sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==
+fill-range@^7.1.1:
+  version "7.1.1"
+  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292"
+  integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==
   dependencies:
     to-regex-range "^5.0.1"
 
@@ -130,11 +130,16 @@ is-number@^7.0.0:
   resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b"
   integrity sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==
 
-jquery@>=1.11, jquery@^3.6.0:
+jquery@>=1.11:
   version "3.6.0"
   resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.0.tgz#c72a09f15c1bdce142f49dbf1170bdf8adac2470"
   integrity sha512-JVzAR/AjBvVt2BmYhxRCSYysDsPcssdmTFnzyLEts9qNwmjmu4JTAMYubEfwVOSwpQ1I1sKKFcxhZCI2buerfw==
 
+jquery@^3.7.1:
+  version "3.7.1"
+  resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.7.1.tgz#083ef98927c9a6a74d05a6af02806566d16274de"
+  integrity sha512-m4avr8yL8kmFN8psrbFFFmB/If14iN5o9nw/NgnnM+kybDJpRsAynV2BsfpTYrTRysYUdADVD7CkUUizgkpLfg==
+
 minimatch@^3.0.4:
   version "3.1.2"
   resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b"