From c28d1cc23d829d371365d0532afb85a920f8e191 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 14 Aug 2024 18:23:05 +0000 Subject: [PATCH 1/3] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-7361793 --- package-lock.json | 9 +++++---- package.json | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7ea612065..28b6449a5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7,7 +7,7 @@ "name": "snyk-broker", "license": "Apache-2.0", "dependencies": { - "axios": "1.6.8", + "axios": "^1.7.4", "axios-retry": "^3.9.1", "body-parser": "^1.19.0", "bunyan": "^1.8.12", @@ -2544,9 +2544,10 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/axios": { - "version": "1.6.8", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.8.tgz", - "integrity": "sha512-v/ZHtJDU39mDpyBoFVkETcd/uNdxrWRrg3bKpOKzXFA6Bvqopts6ALSMU3y6ijYxbw2B+wPrIv46egTzJXCLGQ==", + "version": "1.7.4", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz", + "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==", + "license": "MIT", "dependencies": { "follow-redirects": "^1.15.6", "form-data": "^4.0.0", diff --git a/package.json b/package.json index 194793712..f6a4808ed 100644 --- a/package.json +++ b/package.json @@ -59,7 +59,7 @@ "typescript": "^4.9.3" }, "dependencies": { - "axios": "1.6.8", + "axios": "1.7.4", "axios-retry": "^3.9.1", "body-parser": "^1.19.0", "bunyan": "^1.8.12", From 4448b13bb8c8772cfb105c8ecf303d466071e2e1 Mon Sep 17 00:00:00 2001 From: Matt Rogers Date: Tue, 20 Aug 2024 10:11:01 +0100 Subject: [PATCH 2/3] fix: add json encoding to test --- test/functional/systemcheck-universal.test.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/functional/systemcheck-universal.test.ts b/test/functional/systemcheck-universal.test.ts index 8c443723f..0da01e50a 100644 --- a/test/functional/systemcheck-universal.test.ts +++ b/test/functional/systemcheck-universal.test.ts @@ -407,7 +407,12 @@ describe('broker client systemcheck endpoint', () => { const response = await axiosClient.get( `http://localhost:${bc.port}/systemcheck`, - { timeout: 10_000 }, + { + timeout: 10_000, + headers: { + 'Content-Type': 'application/json', + }, + }, ); expect(response.data).toBeInstanceOf(Array); From d0c65b7e674b974118999642a45bf02133743335 Mon Sep 17 00:00:00 2001 From: Matt Rogers Date: Tue, 20 Aug 2024 10:30:42 +0100 Subject: [PATCH 3/3] fix: encode universal systemcheck handler as json --- lib/client/routesHandler/systemCheckHandler.ts | 2 +- test/functional/systemcheck-universal.test.ts | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/client/routesHandler/systemCheckHandler.ts b/lib/client/routesHandler/systemCheckHandler.ts index e1166a071..4c568f169 100644 --- a/lib/client/routesHandler/systemCheckHandler.ts +++ b/lib/client/routesHandler/systemCheckHandler.ts @@ -40,7 +40,7 @@ export const systemCheckHandler = async (req: Request, res: Response) => { } validationResults.push(result); } - res.status(isValidationPassing ? 200 : 500).send(validationResults); + res.status(isValidationPassing ? 200 : 500).json(validationResults); } else { const brokerClientValidationMethod = clientOpts.config.brokerClientValidationMethod || 'GET'; diff --git a/test/functional/systemcheck-universal.test.ts b/test/functional/systemcheck-universal.test.ts index 0da01e50a..9fc633287 100644 --- a/test/functional/systemcheck-universal.test.ts +++ b/test/functional/systemcheck-universal.test.ts @@ -409,9 +409,6 @@ describe('broker client systemcheck endpoint', () => { `http://localhost:${bc.port}/systemcheck`, { timeout: 10_000, - headers: { - 'Content-Type': 'application/json', - }, }, );