From 46d282c3e263ecc0fc8af3e5ee570678be6f251c Mon Sep 17 00:00:00 2001 From: Filip Maj Date: Wed, 11 Sep 2024 17:09:18 -0400 Subject: [PATCH 1/6] chore(deps): upgrade `path-to-regexp` to address a security vulnerability. fixes #2242 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 6c9f9c452..52eaa7432 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ "@types/tsscmp": "^1.0.0", "axios": "^1.7.4", "express": "^4.16.4", - "path-to-regexp": "^6.2.1", + "path-to-regexp": "^8.1.0", "promise.allsettled": "^1.0.2", "raw-body": "^2.3.3", "tsscmp": "^1.0.6" From 902cecf090fd3189fc3c333cb856dee06ee88f2c Mon Sep 17 00:00:00 2001 From: Filip Maj Date: Wed, 11 Sep 2024 17:26:57 -0400 Subject: [PATCH 2/6] cleanup tsconfig, build:clean when building --- package.json | 2 +- tsconfig.json | 74 ++++++++++++--------------------------------------- 2 files changed, 18 insertions(+), 58 deletions(-) diff --git a/package.json b/package.json index 52eaa7432..18a76a9c5 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ }, "scripts": { "prepare": "npm run build", - "build": "tsc", + "build": "npm run build:clean && tsc", "build:clean": "shx rm -rf ./dist ./coverage ./.nyc_output", "lint": "eslint --fix --ext .ts src", "mocha": "TS_NODE_PROJECT=tsconfig.json nyc mocha --config .mocharc.json \"src/**/*.spec.ts\"", diff --git a/tsconfig.json b/tsconfig.json index 3581059a9..9a28ff93e 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -1,68 +1,28 @@ { "$schema": "https://json.schemastore.org/tsconfig", "compilerOptions": { - /* Basic Options */ "skipLibCheck": true, - "target": "ES2018", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017','ES2018' or 'ESNEXT'. */ - "module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */ - // "resolveJsonModule": true, - // "lib": [], /* Specify library files to be included in the compilation. */ - // "allowJs": true, /* Allow javascript files to be compiled. */ - // "checkJs": true, /* Report errors in .js files. */ - // "jsx": "preserve", /* Specify JSX code generation: 'preserve', 'react-native', or 'react'. */ - "declaration": true, /* Generates corresponding '.d.ts' file. */ - "declarationMap": true, /* Generates a sourcemap for each corresponding '.d.ts' file. */ - "sourceMap": true, /* Generates corresponding '.map' file. */ - // "outFile": "./", /* Concatenate and emit output to single file. */ - "outDir": "dist", /* Redirect output structure to the directory. */ - // "rootDir": "./", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */ - // "composite": true, /* Enable project compilation */ - // "removeComments": true, /* Do not emit comments to output. */ - // "noEmit": true, /* Do not emit outputs. */ - // "importHelpers": true, /* Import emit helpers from 'tslib'. */ - // "downlevelIteration": true, /* Provide full support for iterables in 'for-of', spread, and destructuring when targeting 'ES5' or 'ES3'. */ - // "isolatedModules": true, /* Transpile each file as a separate module (similar to 'ts.transpileModule'). */ - - /* Strict Type-Checking Options */ - "strict": true, /* Enable all strict type-checking options. */ - // "noImplicitAny": true, /* Raise error on expressions and declarations with an implied 'any' type. */ - // "strictNullChecks": true, /* Enable strict null checks. */ - // "strictFunctionTypes": true, /* Enable strict checking of function types. */ - // "strictBindCallApply": true, /* Enable strict 'bind', 'call', and 'apply' methods on functions. */ - // "strictPropertyInitialization": true, /* Enable strict checking of property initialization in classes. */ - // "alwaysStrict": true, /* Parse in strict mode and emit "use strict" for each source file. */ - - /* Additional Checks */ - "noUnusedLocals": true, /* Report errors on unused locals. */ - "noUnusedParameters": true, /* Report errors on unused parameters. */ - "noImplicitReturns": true, /* Report error when not all code paths in function return a value. */ - "noFallthroughCasesInSwitch": true, /* Report errors for fallthrough cases in switch statement. */ - - /* Module Resolution Options */ - "moduleResolution": "node", /* Specify module resolution strategy: 'node' (Node.js) or 'classic' (TypeScript pre-1.6). */ - "baseUrl": ".", /* Base directory to resolve non-absolute module names. */ - "paths": { /* A series of entries which re-map imports to lookup locations relative to the 'baseUrl'. */ + "lib": ["ES2019"], + "target": "ES2019", + "module": "commonjs", + "declaration": true, + "declarationMap": true, + "sourceMap": true, + "outDir": "dist", + "strict": true, + "noUnusedLocals": true, + "noUnusedParameters": true, + "noImplicitReturns": true, + "noFallthroughCasesInSwitch": true, + "moduleResolution": "node", + "baseUrl": ".", + "paths": { "*": ["./types/*"] }, - // "rootDirs": [], /* List of root folders whose combined content represents the structure of the project at runtime. */ - // "typeRoots": [], /* List of folders to include type definitions from. */ - // "types": [], /* Type declaration files to be included in compilation. */ - // "allowSyntheticDefaultImports": true, /* Allow default imports from modules with no default export. This does not affect code emit, just typechecking. */ - "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */ - // "preserveSymlinks": true, /* Do not resolve the real path of symlinks. */ - - /* Source Map Options */ - // "sourceRoot": "", /* Specify the location where debugger should locate TypeScript files instead of source locations. */ - // "mapRoot": "", /* Specify the location where debugger should locate map files instead of generated locations. */ - // "inlineSourceMap": true, /* Emit a single file with source maps instead of having a separate file. */ - // "inlineSources": true, /* Emit the source alongside the sourcemaps within a single file; requires '--inlineSourceMap' or '--sourceMap' to be set. */ - - /* Experimental Options */ - // "experimentalDecorators": true, /* Enables experimental support for ES7 decorators. */ - // "emitDecoratorMetadata": true, /* Enables experimental support for emitting type metadata for decorators. */ + "esModuleInterop": true }, "include": [ - "src/**/*", + "src/**/*" ], "exclude": [ "**/*.spec.ts", From 2a25dee7eb5448ad4a85977d8c6742f046ae3003 Mon Sep 17 00:00:00 2001 From: Filip Maj Date: Wed, 11 Sep 2024 17:28:50 -0400 Subject: [PATCH 3/6] es2018? --- tsconfig.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tsconfig.json b/tsconfig.json index 9a28ff93e..f4f2751e1 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -2,8 +2,8 @@ "$schema": "https://json.schemastore.org/tsconfig", "compilerOptions": { "skipLibCheck": true, - "lib": ["ES2019"], - "target": "ES2019", + "lib": ["ES2018"], + "target": "ES2018", "module": "commonjs", "declaration": true, "declarationMap": true, From 79415ece44856090290b507d5c427dead7268ddb Mon Sep 17 00:00:00 2001 From: Filip Maj Date: Wed, 11 Sep 2024 17:46:54 -0400 Subject: [PATCH 4/6] try updating to latest ts-node --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 18a76a9c5..5cbc25a16 100644 --- a/package.json +++ b/package.json @@ -79,7 +79,7 @@ "shx": "^0.3.2", "sinon": "^7.3.1", "source-map-support": "^0.5.12", - "ts-node": "^8.1.0", + "ts-node": "^10.9.2", "tsd": "^0.22.0", "typescript": "4.8.4" }, From 46985c67f29703f0e5a8690d41fdae8e3684c4fc Mon Sep 17 00:00:00 2001 From: Filip Maj Date: Wed, 11 Sep 2024 18:06:05 -0400 Subject: [PATCH 5/6] drop node 12 support --- .github/workflows/ci-build.yml | 2 +- package.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index b10049dc4..e882eb93f 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -16,7 +16,7 @@ jobs: strategy: fail-fast: false matrix: - node-version: [12.x, 14.x, 16.x, 18.x, 20.x, 22.x] + node-version: [14.x, 16.x, 18.x, 20.x, 22.x] steps: - uses: actions/checkout@v4 diff --git a/package.json b/package.json index 5cbc25a16..1e7ff0e43 100644 --- a/package.json +++ b/package.json @@ -21,8 +21,8 @@ "dist/**/*" ], "engines": { - "node": ">=12.13.0", - "npm": ">=6.12.0" + "node": ">=14.21.3", + "npm": ">=6.14.18" }, "scripts": { "prepare": "npm run build", From 9823aee0d03bb055d9187d7ee25312328ece2fa9 Mon Sep 17 00:00:00 2001 From: Filip Maj Date: Wed, 11 Sep 2024 18:09:41 -0400 Subject: [PATCH 6/6] upgrade sinon to remove a warning while we are here --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1e7ff0e43..e735e046c 100644 --- a/package.json +++ b/package.json @@ -77,7 +77,7 @@ "nyc": "^15.1.0", "rewiremock": "^3.13.4", "shx": "^0.3.2", - "sinon": "^7.3.1", + "sinon": "^18.0.1", "source-map-support": "^0.5.12", "ts-node": "^10.9.2", "tsd": "^0.22.0",