Vulnerability fix (#2)

seansund · web-flow · commit eb4941c4a64e · 2020-03-31T18:51:50.000-04:00
* Fixes *some* vulnerability issues

* Applies npm audit fix --force

* Applies minor updates

* Updates types

* Upgrades typescript-rest and typescript-ioc modules

* Fixes (most) security vulnerabilities

* Upgrades package versions to the latest
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -36,43 +36,45 @@
   "dependencies": {
     "cors": "^2.8.5",
     "express-pino-logger": "^4.0.0",
-    "pino": "^5.16.0",
+    "pino": "^6.0.0",
     "rxjs": "^6.5.2",
-    "superagent": "^5.0.5",
-    "tslib": "^1.10.0",
-    "typescript-ioc": "^1.2.5",
-    "typescript-rest": "^2.0.0",
-    "typescript-rest-swagger": "0.0.24"
+    "superagent": "^5.2.2",
+    "tslib": "^1.11.1",
+    "typescript-ioc": "^3.2.1",
+    "typescript-rest": "^3.0.1",
+    "typescript-rest-ioc": "^1.0.0",
+    "typescript-rest-swagger": "^1.1.1"
   },
   "devDependencies": {
-    "@babel/core": "^7.4.3",
-    "@babel/preset-env": "^7.4.3",
-    "@babel/preset-typescript": "^7.3.3",
-    "@pact-foundation/pact": "^9.6.0",
-    "@pact-foundation/pact-node": "^10.2.4",
+    "@babel/core": "^7.9.0",
+    "@babel/preset-env": "^7.9.0",
+    "@babel/preset-typescript": "^7.9.0",
+    "@pact-foundation/pact": "^9.9.2",
+    "@pact-foundation/pact-node": "^10.8.0",
     "@types/cors": "^2.8.4",
-    "@types/express": "^4.17.0",
-    "@types/jest": "^24.0.11",
+    "@types/express": "^4.17.3",
+    "@types/express-pino-logger": "^4.0.2",
+    "@types/jest": "^25.1.4",
     "@types/jest-plugin-context": "^2.9.2",
-    "@types/node": "^11.13.19",
-    "@types/pino": "^5.15.3",
-    "@types/superagent": "^4.1.3",
+    "@types/node": "^13.9.0",
+    "@types/pino": "^5.17.0",
+    "@types/superagent": "^4.1.7",
     "@types/supertest": "^2.0.8",
-    "@types/yargs": "^13.0.0",
-    "babel-jest": "^24.7.1",
-    "jest": "^24.7.1",
+    "@types/yargs": "^15.0.4",
+    "babel-jest": "^25.2.4",
+    "jest": "^25.2.4",
     "jest-plugin-context": "^2.9.0",
     "jest-sonar-reporter": "^2.0.0",
-    "npm-check": "^5.9.0",
-    "pino-pretty": "^3.5.0",
-    "rimraf": "^2.6.3",
-    "sonarqube-scanner": "^2.5.0",
+    "npm-check": "^5.9.2",
+    "pino-pretty": "^3.6.1",
+    "rimraf": "^3.0.2",
+    "sonarqube-scanner": "^2.6.0",
     "supertest": "^4.0.2",
-    "ts-jest": "^24.0.2",
-    "ts-node": "^8.1.0",
-    "tslint": "^5.16.0",
-    "typescript": "^3.4.4",
-    "yargs": "^13.2.2"
+    "ts-jest": "^25.3.0",
+    "ts-node": "^8.8.1",
+    "tslint": "^6.1.0",
+    "typescript": "^3.8.3",
+    "yargs": "^15.3.1"
   },
   "repository": {
     "type": "git",
diff --git a/rest.config b/rest.config
@@ -0,0 +1,3 @@
+{
+  "serviceFactory": "typescript-rest-ioc"
+}
diff --git a/src/controllers/health.controller.ts b/src/controllers/health.controller.ts
@@ -1,8 +1,5 @@
-import {AutoWired, Singleton} from 'typescript-ioc';
-import {GET, Path,Accept,ContextAccept} from 'typescript-rest';
+import {GET, Path} from 'typescript-rest';
 
-@AutoWired
-@Singleton
 @Path('/health')
 export class HealthController {
 
diff --git a/src/controllers/hello-world.controller.ts b/src/controllers/hello-world.controller.ts
@@ -1,10 +1,8 @@
 import {GET, Path, PathParam} from 'typescript-rest';
-import {AutoWired, Inject, Singleton} from 'typescript-ioc';
+import {Inject} from 'typescript-ioc';
 import {HelloWorldApi} from '../services';
 import {LoggerApi} from '../logger';
 
-@AutoWired
-@Singleton
 @Path('/hello')
 export class HelloWorldController {
 
diff --git a/src/logger/index.ts b/src/logger/index.ts
@@ -1,3 +1,8 @@
 export * from './logger.api';
 export * from './logger-noop.service';
-export * from './logger-pino.service';
+export * from './logger-pino.service';
+
+import { Container } from "typescript-ioc";
+import config from './ioc.config';
+
+Container.configure(...config);
diff --git a/src/logger/ioc.config.ts b/src/logger/ioc.config.ts
@@ -0,0 +1,13 @@
+import {ContainerConfiguration, Scope} from 'typescript-ioc';
+import {LoggerApi} from './logger.api';
+import {PinoLoggerService} from './logger-pino.service';
+
+const config: ContainerConfiguration[] = [
+  {
+    bind: LoggerApi,
+    to: PinoLoggerService,
+    scope: Scope.Singleton
+  }
+];
+
+export default config;
diff --git a/src/logger/logger-pino.service.ts b/src/logger/logger-pino.service.ts
@@ -1,4 +1,3 @@
-import {Provides, Singleton} from 'typescript-ioc';
 import * as pino from 'pino';
 import * as expressPino from 'express-pino-logger';
 
@@ -53,8 +52,6 @@ class ChildLogger extends LoggerApi {
   }
 }
 
-@Provides(LoggerApi)
-@Singleton
 export class PinoLoggerService extends ChildLogger {
   constructor() {
     super(PinoLoggerService.buildLogger());
diff --git a/src/server.ts b/src/server.ts
@@ -32,8 +32,6 @@ export class ApiServer {
     this.logger.apply(this.app);
     this.app.use(cors());
 
-    Server.useIoC(true);
-
     if (!apiContext || apiContext === '/') {
       this.app.use(express.static(path.join(process.cwd(), 'public'), { maxAge: 31557600000 }));
     } else {
diff --git a/src/services/hello-world.service.ts b/src/services/hello-world.service.ts
@@ -1,9 +1,7 @@
 import {HelloWorldApi} from './hello-world.api';
-import {Inject, Provides, Singleton} from 'typescript-ioc';
+import {Inject} from 'typescript-ioc';
 import {LoggerApi} from '../logger';
 
-@Singleton
-@Provides(HelloWorldApi)
 export class HelloWorldService implements HelloWorldApi {
   logger: LoggerApi;
 
diff --git a/src/services/index.ts b/src/services/index.ts
@@ -1,2 +1,7 @@
 export * from './hello-world.api';
 export * from './hello-world.service';
+
+import { Container } from "typescript-ioc";
+import config from './ioc.config';
+
+Container.configure(...config);
diff --git a/src/services/ioc.config.ts b/src/services/ioc.config.ts
@@ -0,0 +1,13 @@
+import {ContainerConfiguration, Scope} from 'typescript-ioc';
+import {HelloWorldApi} from './hello-world.api';
+import {HelloWorldService} from './hello-world.service';
+
+const config: ContainerConfiguration[] = [
+  {
+    bind: HelloWorldApi,
+    to: HelloWorldService,
+    scope: Scope.Singleton
+  }
+];
+
+export default config;
diff --git a/src/workers/index.ts b/src/workers/index.ts
@@ -1,2 +1,7 @@
+import {Container} from 'typescript-ioc';
+import {config} from './worker-manager';
+
 export * from './worker-manager';
 export * from './simple.worker';
+
+Container.configure(...config);
diff --git a/src/workers/worker-manager.ts b/src/workers/worker-manager.ts
@@ -1,5 +1,5 @@
 import {WorkerApi} from './worker.api';
-import {Container, Inject, Provides, Singleton} from 'typescript-ioc';
+import {Container, ContainerConfiguration, Inject} from 'typescript-ioc';
 import {LoggerApi} from '../logger';
 import {forkJoin, Observable} from 'rxjs';
 
@@ -10,7 +10,6 @@ export abstract class WorkerManager {
   abstract workerCount(): number;
 }
 
-@Provides(WorkerManager)
 class WorkerManagerImpl implements WorkerManager {
   @Inject
   _logger: LoggerApi;
@@ -49,4 +48,11 @@ class WorkerManagerImpl implements WorkerManager {
   }
 }
 
-export const workerManager: WorkerManager = Container.get(WorkerManager);
+export const config: ContainerConfiguration[] = [
+  {
+    bind: WorkerManager,
+    to: WorkerManagerImpl,
+  }
+];
+
+export const workerManager: WorkerManager = Container.get(WorkerManagerImpl);
diff --git a/test/workers/simple.worker.spec.ts b/test/workers/simple.worker.spec.ts
@@ -15,7 +15,7 @@ describe('simple.worker', () => {
     beforeEach(() => {
       Container
         .bind(SimpleWorkerConfig)
-        .provider({get: () => ({runInterval: 500})});
+        .factory(() => ({runInterval: 500}));
       Container
         .bind(LoggerApi)
         .to(NoopLoggerService);

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{`
	`2`	`+ "serviceFactory": "typescript-rest-ioc"`
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-import {Provides, Singleton} from 'typescript-ioc';`
`2`	`1`	`import * as pino from 'pino';`
`3`	`2`	`import * as expressPino from 'express-pino-logger';`
`4`	`3`
`@@ -53,8 +52,6 @@ class ChildLogger extends LoggerApi {`
`53`	`52`	`}`
`54`	`53`	`}`
`55`	`54`
`56`		`-@Provides(LoggerApi)`
`57`		`-@Singleton`
`58`	`55`	`export class PinoLoggerService extends ChildLogger {`
`59`	`56`	`constructor() {`
`60`	`57`	`super(PinoLoggerService.buildLogger());`