chore(security): bump packages, remove shrinkwrap, add lockfile (#146)

* chore(security): bump packages, remove shrinkwrap, add lockfile * chore(cicd): fix ci workflow, linting, and various other changes
godaddy · Sep 12, 2023 · 85e0571 · 85e0571
1 parent 75f8d00
commit 85e0571
Show file tree

Hide file tree

Showing 11 changed files with 2,550 additions and 3,643 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -1,27 +1,35 @@
 name: Test
 
-on: [push]
+on: 
+  pull_request:
+    branches:
+      - "*"
+  push:
+    branches:
+      - "main"
 
 jobs:
   test:
     runs-on: ubuntu-latest
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      LOCALSTACK: 1
-      LOCALSTACK_URL: http://127.0.0.1:4566
     services:
       localstack:
-        image: localstack/localstack:0.11.6
+        image: localstack/localstack
         ports:
           - 4566:4566
+        env:
+          SERVICES: dynamodb,s3
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v3
         with:
-          node-version: 14
-      - run: npm i -g [email protected]
-      - run: npm ci
-      - run: npm run init-localstack
-      - run: npm test
+          node-version: 16
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Initialize Localstack
+        run: npm run init-localstack
+
+      - name: Run Tests
+        run: npm test
diff --git a/README.md b/README.md
@@ -136,7 +136,7 @@ PUT /objects/:name/:env
 #### Upload new asset
 
 ```json5
-POST /assets
+POST /cdn
 
 <binary-data>
 ```

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,16 @@
+version: "3.8"
+
+services:
+  localstack:
+    container_name: "${LOCALSTACK_DOCKER_NAME-localstack_main}"
+    image: localstack/localstack
+    ports:
+      - "4566:4566"            # LocalStack Gateway
+      - "9999:8080"
+    environment:
+      - DEBUG=${DEBUG-}
+      - SERVICES=dynamodb,s3
+      - DOCKER_HOST=unix:///var/run/docker.sock
+    volumes:
+      - "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
+      - "/var/run/docker.sock:/var/run/docker.sock"
diff --git a/lib/plugins/cdn.js b/lib/plugins/cdn.js
@@ -72,26 +72,31 @@ module.exports = fp(
         await new Promise((resolve, reject) => {
           stream
             .pipe(tar.t())
+            // eslint-disable-next-line max-statements
             .on('entry', async (entry) => {
-              const {
-                header: { path: filename }
-              } = entry;
-              fastify.log.info(`Processing file ${filename}`);
-              const buffer = await fastify.streamToBuffer(entry);
-              if (filename === '_metadata.json') {
-                const unsafeJson = buffer.toString('utf8');
-                fastify.log.debug(unsafeJson);
-                try {
-                  metadata = JSON.parse(unsafeJson);
-                } catch (err) {
-                  fastify.log.warning(err);
-                  stream.removeAllListeners('entry');
-                  reject(err);
+              try {
+                const {
+                  header: { path: filename }
+                } = entry;
+                fastify.log.info(`Processing file ${filename}`);
+                const buffer = await fastify.streamToBuffer(entry);
+                if (filename === '_metadata.json') {
+                  const unsafeJson = buffer.toString('utf8');
+                  fastify.log.debug(unsafeJson);
+                  try {
+                    metadata = JSON.parse(unsafeJson);
+                  } catch (err) {
+                    fastify.log.warning(err);
+                    stream.removeAllListeners('entry');
+                    reject(err);
+                  }
+                  return;
                 }
-                return;
+                const { id } = finger(filename, { content: buffer });
+                files.push({ id, name: filename, data: buffer });
+              } catch (err) {
+                fastify.log.warning(`Unable to parse tarball: ${err}`);
               }
-              const { id } = finger(filename, { content: buffer });
-              files.push({ id, name: filename, data: buffer });
             })
             .on('error', reject)
             .on('finish', resolve);

diff --git a/lib/plugins/object.js b/lib/plugins/object.js
@@ -1,4 +1,4 @@
-const compareVersions = require('compare-versions');
+const { compareVersions } = require('compare-versions/lib/umd');
 const fp = require('fastify-plugin');
 
 const OBJECTS_TABLE = 'warehouse-objects';

diff --git a/lib/routes/objects.js b/lib/routes/objects.js
@@ -192,7 +192,7 @@ module.exports =
           );
 
           res.header('Cache-Control', 'public, max-age: 60');
-          res.send(heads.filter((head) => head !== null));
+          res.send(heads.filter((head) => head != null));
         }
     });