chore(security): minor updates

Author: awlayton

.eslintrc.yaml

@@ -50,10 +50,12 @@ overrides:
       ecmaVersion: 2020
       project: ./**/tsconfig.*
     rules:
+      prettier/prettier: off
       '@typescript-eslint/naming-convention':
         [
           error,
           { selector: default, format: [camelCase] },
+          { selector: import, modifiers: [default], format: null },
           { selector: objectLiteralProperty, format: null },
           { selector: enumMember, format: [PascalCase] },
           { selector: typeProperty, format: null },
@@ -63,6 +65,7 @@ overrides:
             format: [camelCase, UPPER_CASE],
             leadingUnderscore: allow,
           },
+          { selector: variable, modifiers: [destructured], format: null },
           {
             selector: parameter,
             format: [camelCase],
@@ -77,8 +80,9 @@ overrides:
           },
 
           { selector: typeLike, format: [PascalCase] },
+          { selector: parameter, modifiers: [destructured], format: null },
         ]
-      '@typescript-eslint/restrict-template-expressions': off
+      '@typescript-eslint/restrict-template-expressions': 0
       '@typescript-eslint/no-shadow': warn
       '@typescript-eslint/no-unused-vars':
         [
@@ -114,6 +118,7 @@ rules:
          */
       onNonMatchingHeader: append
       nonMatchingTolerance: 0.7
+  '@typescript-eslint/no-shadow': [warn, { allow: [_] }]
   sonarjs/no-duplicate-string: [warn, { threshold: 5 }]
   sonarjs/cognitive-complexity: warn
   eslint-comments/no-unused-disable: off
@@ -126,14 +131,24 @@ rules:
   eslint-comments/no-use: off
   no-secrets/no-secrets: [error, { tolerance: 5 }]
   no-empty-label: off
-  no-warning-comments: off
+  no-warning-comments: 0
   node/no-missing-import: off
   import/no-unresolved: off
   unicorn/prefer-spread: off
+  unicorn/prevent-abbreviations:
+    - warn
+    - replacements:
+        db: false
+        req: false
+        res: false
+        err: false
+        doc: false
+        docs: false
   no-constructor-bind/no-constructor-bind: error
   no-constructor-bind/no-constructor-state: error
   sort-imports: [warn, { allowSeparatedGroups: true }]
   ava/no-ignored-test-files: off
   ava/no-import-test-files: off
   ava/no-skip-test: warn
   ava/no-skip-assert: warn
+  ava/use-test: off

.github/dependabot.yml

@@ -1,6 +1,6 @@
 version: 2
 updates:
-  - package-ecosystem: 'github-actions'
-    directory: '/'
+  - package-ecosystem: github-actions
+    directory: /
     schedule:
-      interval: 'daily'
+      interval: daily

.github/workflows/codeql-analysis.yml

@@ -9,7 +9,7 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: 'CodeQL'
+name: CodeQL
 
 on:
   push:
@@ -18,7 +18,7 @@ on:
     # The branches below must be a subset of the branches above
     branches: [master]
   schedule:
-    - cron: '25 20 * * 4'
+    - cron: 25 20 * * 4
 
 jobs:
   analyze:
@@ -28,7 +28,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ['javascript']
+        language: [javascript]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed

.gitignore

@@ -153,5 +153,6 @@ dist
 .yarn/*
 !.yarn/releases
 !.yarn/plugins
+!.yarn/patches
 !.yarn/versions
 .pnp.*

.yarn/releases/yarn-4.2.2.cjs renamed to .yarn/releases/yarn-4.3.1.cjs

@@ -4,7 +4,7 @@ packageExtensions:
       pkg-conf: ^3.0.0
   chalk@5.0.1:
     dependencies:
-      "#ansi-styles": "npm:ansi-styles@6.1.0"
-      "#supports-color": "npm:supports-color@9.2.2"
+      "#ansi-styles": npm:ansi-styles@6.1.0
+      "#supports-color": npm:supports-color@9.2.2
 
-yarnPath: .yarn/releases/yarn-4.2.2.cjs
+yarnPath: .yarn/releases/yarn-4.3.1.cjs

.yarnrc.yml

@@ -1,6 +1,6 @@
 {
   "name": "@trellisfw/monitor",
-  "version": "2.2.2",
+  "version": "2.2.3",
   "description": "A Trellis microservice to respond to monitor pings, spawn and check things internally, and respond with success or fail",
   "main": "dist/index.js",
   "type": "module",
@@ -36,15 +36,15 @@
   "dependencies": {
     "@oada/client": "5.1.0",
     "convict": "^6.2.4",
-    "debug": "^4.3.4",
+    "debug": "^4.3.5",
     "dotenv": "^16.4.5",
     "express": "^4.19.2",
     "ksuid": "^3.0.0",
-    "micromatch": "^4.0.5",
+    "micromatch": "^4.0.7",
     "moment": "^2.30.1",
     "node-cron": "^3.0.3",
     "tiny-json-http": "^7.5.1",
-    "tslib": "^2.6.2"
+    "tslib": "^2.6.3"
   },
   "devDependencies": {
     "@ava/typescript": "^5.0.0",
@@ -53,14 +53,14 @@
     "@types/convict": "^6.1.6",
     "@types/debug": "^4.1.12",
     "@types/express": "^4.17.21",
-    "@types/micromatch": "^4.0.7",
-    "@types/node": "20.12.12",
+    "@types/micromatch": "^4.0.9",
+    "@types/node": "20.14.11",
     "@types/node-cron": "^3.0.11",
     "@types/sinonjs__fake-timers": "^8.1.5",
     "@types/tiny-json-http": "^7.3.4",
-    "@typescript-eslint/eslint-plugin": "^7.10.0",
-    "@typescript-eslint/parser": "^7.10.0",
-    "@yarnpkg/sdks": "^3.1.2",
+    "@typescript-eslint/eslint-plugin": "^7.16.1",
+    "@typescript-eslint/parser": "^7.16.1",
+    "@yarnpkg/sdks": "^3.1.3",
     "ava": "6.1.3",
     "ava-nock": "^2.1.0",
     "cross-env": "^7.0.3",
@@ -75,28 +75,31 @@
     "eslint-plugin-escompat": "^3.4.0",
     "eslint-plugin-eslint-comments": "^3.2.0",
     "eslint-plugin-filenames": "^1.3.2",
-    "eslint-plugin-github": "^5.0.0-2",
+    "eslint-plugin-github": "^5.0.1",
     "eslint-plugin-i18n-text": "^1.0.1",
     "eslint-plugin-import": "^2.29.1",
     "eslint-plugin-no-constructor-bind": "^2.0.4",
     "eslint-plugin-no-only-tests": "^3.1.0",
     "eslint-plugin-no-secrets": "^1.0.2",
     "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-notice": "^0.9.10",
+    "eslint-plugin-notice": "^1.0.0",
     "eslint-plugin-optimize-regex": "^1.2.1",
     "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-promise": "^6.1.1",
-    "eslint-plugin-regexp": "^2.5.0",
-    "eslint-plugin-security": "^3.0.0",
+    "eslint-plugin-promise": "^6.4.0",
+    "eslint-plugin-regexp": "^2.6.0",
+    "eslint-plugin-security": "^3.0.1",
     "eslint-plugin-sonarjs": "^1.0.3",
-    "eslint-plugin-unicorn": "^53.0.0",
+    "eslint-plugin-unicorn": "^54.0.0",
     "isomorphic-timers-promises": "^1.0.1",
     "minimist": "^1.2.8",
     "nock": "^13.5.4",
-    "prettier": "^3.2.5",
-    "typescript": "^5.4.5"
+    "prettier": "^3.3.3",
+    "typescript": "^5.5.3"
   },
-  "packageManager": "yarn@4.2.2",
+  "resolutions": {
+    "xlsx": "https://cdn.sheetjs.com/xlsx-0.20.2/xlsx-0.20.2.tgz"
+  },
+  "packageManager": "yarn@4.3.1",
   "volta": {
     "node": "20.13.1"
   }

package.json

@@ -15,6 +15,7 @@
  * limitations under the License.
  */
 
+// eslint-disable-next-line unicorn/import-style
 import { dirname, join } from 'node:path';
 import url from 'node:url';
 

src/config.ts

@@ -15,6 +15,9 @@
  * limitations under the License.
  */
 
+import config from './config.js';
+
+// eslint-disable-next-line unicorn/import-style
 import { join } from 'node:path';
 import { readdir } from 'node:fs/promises';
 
@@ -31,8 +34,6 @@ import * as testers from './testers.js';
 import type { TestResult as ITestResult } from './testers.js';
 import { notifySlack } from './notifiers.js';
 
-import config from './config.js';
-
 const error = debug('trellis-monitor:error');
 const info = debug('trellis-monitor:info');
 const trace = debug('trellis-monitor:trace');

src/index.ts

@@ -112,7 +112,7 @@ test('should fail on check after posting stale asn-staging ksuid key', async (t)
     t.is(status, 'failure');
   } catch (error: unknown) {
     // @ts-expect-error errors are annoying
-    if (!['ECONNREFUSED', 'ENETUNREACH'].includes(error.code)) {
+    if (!['ECONNREFUSED', 'ENETUNREACH'].includes(`${error.code}`)) {
       // Service is running, but something went wrong
       throw error as Error;
     }

test/service.test.ts

@@ -15,12 +15,13 @@
  * limitations under the License.
  */
 
+import test from 'ava';
+
 import { fileURLToPath } from 'node:url';
 
 import { configure, setupTests } from 'ava-nock';
-import test from 'ava';
 
-// import FakeTimers from '@sinonjs/fake-timers';
+// Import FakeTimers from '@sinonjs/fake-timers';
 
 // Fake the time
 /*
@@ -59,9 +60,10 @@ export default function setup(
     fixtureDir,
     headerFilter: {
       // Don't record tokens
+      // eslint-disable-next-line unicorn/no-null
       'authorization': () => null,
       // Don't record content lengths?
-      // eslint-disable-next-line @typescript-eslint/naming-convention
+      // eslint-disable-next-line @typescript-eslint/naming-convention, unicorn/no-null
       'content-length': () => null,
       'content-location': filterVariables,
       ...headerFilter,

test/setup.ts

@@ -15,17 +15,18 @@
  * limitations under the License.
  */
 
-import { setTimeout } from 'isomorphic-timers-promises';
+import config from '../dist/config.js';
 
 import test from 'ava';
 
+import ksuid from 'ksuid';
+import { setTimeout } from 'isomorphic-timers-promises';
+
 import type { OADAClient } from '@oada/client';
 import { connect } from '@oada/client';
-import ksuid from 'ksuid';
 
 import setup from './setup.js';
 
-import config from '../dist/config.js';
 import { staleKsuidKeys } from '../dist/testers.js';
 
 const { domain, token } = config.get('oada');