Update NodeJS backend dependencies. #214
Conversation
The latest versions of our dependencies now expect ESM over CommonJS. I made the conversion because this is the current standard
Moved these from exported object interfaces into module interfaces
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Prevents accidental glob expansion in shell commands
trev-dev
force-pushed
the
fix/HD-26946
branch
from
12955e7 to
05400e5
Compare
|
| const user = getSessionUser(req); | ||
| return user && user.jwt; | ||
| } | ||
|
|
||
| async function deleteData(token, url, correlationID) { | ||
| export async function deleteData(token, url, correlationID) { |
Check failure
Code scanning / CodeQL
Server-side request forgery Critical
There was a problem hiding this comment.
@arcshiftsolutions SO I made a check to validate the user supplied params. The super-duper smart AI assistant can't understand that it's inside of a try block, that when caught, returns a bad request already.
There was a problem hiding this comment.
@trev-dev - Yeah we ran into the same thing - the CodeQL engine isn't always smart enough to see what we're doing in middleware.
| @@ -88,7 +98,7 @@ | |||
| } | |||
| } | |||
|
|
|||
| async function getData(token, url, correlationID) { | |||
| export async function getData(token, url, correlationID) { | |||
Check failure
Code scanning / CodeQL
Server-side request forgery Critical
trev-dev
force-pushed
the
fix/HD-26946
branch
from
40d34ce to
1de22cc
Compare
squash into removal
|
Jira: HD-26946
The goal of this pull request is to update the NodeJS backend and its dependencies. Due to some of the updates being incompatible with CommonJS modules, I opted to refactor the backend into the ESM (EcmaScript Module) format. This is the standard for JavaScript, whereas CJS was more of a node/webpack/bundler thing.
Breaking changes for nats and passport have been addressed as well. Check the commit messages, I tried to keep things granular.
Jest was also dropped in favor of Vitest. Vitest is actually prepared to test ESM files. This change removed a great deal of bloat from the dependency tree and sped up tests a great deal.