chore: update dependencies (#227)

PierreDemailly · web-flow · commit 4f8210656456 · 2023-08-02T09:31:50.000+02:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -41,16 +41,16 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: Checkout repository
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@0225834cc549ee0ca93cb085b92954821a145866 # v2.3.5
+        uses: github/codeql-action/init@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -63,7 +63,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@0225834cc549ee0ca93cb085b92954821a145866 # v2.3.5
+        uses: github/codeql-action/autobuild@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -76,6 +76,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0225834cc549ee0ca93cb085b92954821a145866 # v2.3.5
+        uses: github/codeql-action/analyze@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
@@ -18,18 +18,18 @@ jobs:
       fail-fast: false
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
-      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c
+        uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: ${{ matrix.node-version }}
       - name: Install dependencies
         run: npm install
       - name: Run tests
         run: npm run coverage
       - name: Send coverage report to Codecov
-        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
+        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -32,17 +32,17 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: "Checkout code"
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.1.0
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
+        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -72,6 +72,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v2.1.27
+        uses: github/codeql-action/upload-sarif@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/vis-network.yml b/.github/workflows/vis-network.yml
@@ -22,13 +22,13 @@ jobs:
       fail-fast: false
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
-      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: ${{ matrix.node-version }}
       - name: Install dependencies
diff --git a/package.json b/package.json
@@ -59,37 +59,37 @@
   },
   "homepage": "https://github.com/NodeSecure/cli#readme",
   "devDependencies": {
-    "@myunisoft/httpie": "^1.11.0",
-    "@nodesecure/eslint-config": "^1.7.0",
+    "@myunisoft/httpie": "^2.0.1",
+    "@nodesecure/eslint-config": "^1.7.1",
     "@nodesecure/size-satisfies": "^1.1.0",
     "@nodesecure/vis-network": "^1.4.0",
-    "@types/node": "^20.2.5",
-    "c8": "^7.14.0",
+    "@types/node": "^20.4.5",
+    "c8": "^8.0.1",
     "cross-env": "^7.0.3",
-    "esbuild": "^0.17.19",
-    "eslint": "^8.41.0",
-    "esmock": "^2.3.0",
+    "esbuild": "^0.18.17",
+    "eslint": "^8.46.0",
+    "esmock": "^2.3.5",
     "http-server": "^14.1.1",
     "pkg-ok": "^3.0.0",
-    "pretty-bytes": "^6.1.0",
+    "pretty-bytes": "^6.1.1",
     "strip-ansi": "^7.1.0"
   },
   "dependencies": {
     "@nodesecure/documentation-ui": "^1.3.0",
     "@nodesecure/flags": "^2.4.0",
-    "@nodesecure/i18n": "^3.2.0",
-    "@nodesecure/npm-registry-sdk": "^1.5.2",
-    "@nodesecure/ossf-scorecard-sdk": "^1.1.1",
+    "@nodesecure/i18n": "^3.2.2",
+    "@nodesecure/npm-registry-sdk": "^1.6.1",
+    "@nodesecure/ossf-scorecard-sdk": "^2.0.0",
     "@nodesecure/rc": "^1.4.0",
     "@nodesecure/scanner": "^4.0.0",
     "@nodesecure/utils": "^1.1.0",
     "@nodesecure/vuln": "^1.7.0",
     "@openally/result": "^1.2.0",
     "@polka/send-type": "^0.5.2",
     "@topcli/cliui": "^1.1.0",
-    "@topcli/spinner": "^2.0.0",
+    "@topcli/spinner": "^2.1.2",
     "cacache": "^17.1.3",
-    "dotenv": "^16.1.3",
+    "dotenv": "^16.3.1",
     "filenamify": "^6.0.0",
     "ini": "^4.1.1",
     "kleur": "^4.1.5",
@@ -98,7 +98,7 @@
     "polka": "^0.5.2",
     "qoa": "^0.2.0",
     "sade": "^1.8.1",
-    "semver": "^7.5.1",
+    "semver": "^7.5.4",
     "server-destroy": "^1.0.1",
     "sirv": "^2.0.3",
     "zup": "0.0.1"
diff --git a/test/commands/scorecard.test.js b/test/commands/scorecard.test.js
@@ -38,7 +38,7 @@ test("scorecard should display fastify scorecard", async() => {
   const scorecardCliOptions = {
     path: kProcessPath,
     args: [packageName],
-    undiciMockAgentOptions: {
+    undiciMockAgentOptions: [{
       baseUrl: API_URL,
       intercept: {
         path: `/projects/github.com/${packageName}`,
@@ -48,9 +48,23 @@ test("scorecard should display fastify scorecard", async() => {
         body: mockBody,
         status: 200
       }
-    }
+    },
+    {
+      baseUrl: "https://api.github.com",
+      intercept: {
+        path: "/repos/fastify/fastify",
+        method: "GET"
+      },
+      response: {
+        body: {
+          full_name: "fastify/fastify"
+        },
+        status: 200
+      }
+    }]
   };
 
+
   const givenLines = await arrayFromAsync(runProcess(scorecardCliOptions));
   const expectedLines = getExpectedScorecardLines(packageName, mockBody);
 
@@ -62,7 +76,7 @@ test("should not display scorecard for unknown repository", async() => {
   const scorecardCliOptions = {
     path: kProcessPath,
     args: [packageName],
-    undiciMockAgentOptions: {
+    undiciMockAgentOptions: [{
       baseUrl: API_URL,
       intercept: {
         path: `/projects/github.com/${packageName}`,
@@ -72,7 +86,7 @@ test("should not display scorecard for unknown repository", async() => {
         body: {},
         status: 500
       }
-    }
+    }]
   };
 
   const expectedLines = [
diff --git a/test/helpers/cliCommandRunner.js b/test/helpers/cliCommandRunner.js
@@ -31,12 +31,15 @@ export async function* runProcess(options) {
 export function prepareProcess(command, args = process.argv.slice(2)) {
   process.once("message", (undiciMockAgentOptions) => {
     if (undiciMockAgentOptions) {
-      const { baseUrl, intercept, response } = undiciMockAgentOptions;
       const mockAgent = new MockAgent();
-      const pool = mockAgent.get(baseUrl);
+      for (const mock of undiciMockAgentOptions) {
+        const { baseUrl, intercept, response } = mock;
+        const pool = mockAgent.get(baseUrl);
+
+        pool.intercept(intercept).reply(response.status, () => response.body);
+      }
 
       mockAgent.disableNetConnect();
-      pool.intercept(intercept).reply(response.status, () => response.body);
       setGlobalDispatcher(mockAgent);
     }
 
diff --git a/test/httpServer.test.js b/test/httpServer.test.js
@@ -35,12 +35,13 @@ const kConfigKey = "cli-config";
 describe("httpServer", () => {
   let httpServer;
 
-  before((done) => {
+  before(async() => {
     httpServer = buildServer(JSON_PATH, {
       port: HTTP_PORT,
       openLink: false
     });
-    httpServer.server.on("listening", () => done(1));
+    await once(httpServer.server, "listening");
+
     enableDestroy(httpServer.server);
   }, { timeout: 5000 });
 
