Merge branch 'master' into fix-data-callback

Author: nd4p90x

.circleci/config.yml

@@ -26,9 +26,6 @@ workflows:
   static_analysis:
     jobs:
       - test
-      - size:
-          requires:
-            - test
       - coverage:
           requires:
             - test
@@ -100,13 +97,6 @@ jobs:
       - checkout
       - attach_workspace: { at: . }
       - run: yarn run report-coverage
-  size:
-    docker:
-      - image: circleci/node:10-browsers
-    steps:
-      - checkout
-      - attach_workspace: { at: . }
-      - run: yarn run size
   snyk:
     docker:
       - image: circleci/node:10-browsers

History.md

@@ -1,3 +1,20 @@
+v3.5.0 / 2021-1-5
+==========================
+* Update axios to fix the Server-Side Request Forgery vulnerability  (#259) 
+
+
+v3.4.1-beta.3 / 2020-10-26
+==========================
+* Update axios to fix the infinite retry bug (#255) 
+* Use a local instance of axios to prevent client options leaking to other contexts (#255)
+
+v3.4.1-beta.2 / 2020-06-10
+==========================
+* Update lodash (#222) (#221) from segmentio/dependabot/npm_and_yarn/lodash-4.17.11 8e9a91d
+* Fix typo (#220)
+* Update axios (#218)
+
+
 v3.4.1-beta.1 / 2019-06-20
 ==========================
 

index.js

@@ -45,8 +45,8 @@ class Analytics {
       enumerable: true,
       value: typeof options.enable === 'boolean' ? options.enable : true
     })
-
-    axiosRetry(axios, {
+    this.axiosClient = axios.create()
+    axiosRetry(this.axiosClient, {
       retries: options.retryCount || 3,
       retryCondition: this._isErrorRetryable,
       retryDelay: axiosRetry.exponentialDelay
@@ -279,7 +279,7 @@ class Analytics {
       req.timeout = typeof this.timeout === 'string' ? ms(this.timeout) : this.timeout
     }
 
-    axios(req)
+    this.axiosClient(req)
       .then(() => done())
       .catch(err => {
         if (err.response) {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "analytics-node",
-  "version": "3.4.0-beta.1",
+  "version": "3.5.0",
   "description": "The hassle-free way to integrate analytics into any Node.js application",
   "license": "MIT",
   "repository": "segmentio/analytics-node",
@@ -12,17 +12,10 @@
   "engines": {
     "node": ">=4"
   },
-  "size-limit": [
-    {
-      "limit": "25 KB",
-      "path": "index.js"
-    }
-  ],
   "scripts": {
     "circle-lint": ".buildscript/circle.sh",
     "dependencies": "yarn",
-    "size": "size-limit",
-    "test": "standard && nyc ava && .buildscript/e2e.sh",
+    "test": "standard && nyc ava --timeout=20s&& .buildscript/e2e.sh",
     "report-coverage": "nyc report --reporter=lcov > coverage.lcov && codecov",
     "np": "np --no-publish",
     "release": "yarn run np"
@@ -41,7 +34,7 @@
   ],
   "dependencies": {
     "@segment/loosely-validate-event": "^2.0.0",
-    "axios": "^0.19.0",
+    "axios": "^0.21.1",
     "axios-retry": "^3.0.2",
     "lodash.isstring": "^4.0.1",
     "md5": "^2.2.1",
@@ -61,8 +54,13 @@
     "nyc": "^14.1.1",
     "pify": "^4.0.1",
     "sinon": "^7.3.2",
-    "size-limit": "^1.3.5",
     "snyk": "^1.171.1",
     "standard": "^12.0.1"
+  },
+  "resolutions": {
+    "kind-of": "^6.0.3",
+    "lodash": "^4.17.19",
+    "set-value": "^2.0.1",
+    "yargs-parser": "^13.1.2"
   }
 }

test.js

@@ -19,6 +19,8 @@ const context = {
 
 const metadata = { nodeVersion: process.versions.node }
 const port = 4063
+const separateAxiosClientPort = 4064
+const retryCount = 5
 
 const createClient = options => {
   options = Object.assign({
@@ -33,6 +35,7 @@ const createClient = options => {
 }
 
 test.before.cb(t => {
+  let count = 0
   express()
     .use(bodyParser.json())
     .post('/v1/batch', (req, res) => {
@@ -62,6 +65,19 @@ test.before.cb(t => {
         return setTimeout(() => res.end(), 5000)
       }
 
+      if (batch[0] === 'axios-retry') {
+        if (count++ === retryCount) return res.json({})
+        return res.status(503).json({
+          error: { message: 'Service Unavailable' }
+        })
+      }
+
+      if (batch[0] === 'axios-retry-forever') {
+        return res.status(503).json({
+          error: { message: 'Service Unavailable' }
+        })
+      }
+
       res.json({})
     })
     .listen(port, t.end)
@@ -561,3 +577,63 @@ test('allows messages > 32kb', t => {
     client.track(event, noop)
   })
 })
+
+test('ensure that failed requests are retried', async t => {
+  const client = createClient({ retryCount: retryCount })
+  const callback = spy()
+
+  client.queue = [
+    {
+      message: 'axios-retry',
+      callback
+    }
+  ]
+
+  await t.notThrows(client.flush())
+})
+
+test('ensure that failed requests are not retried forever', async t => {
+  const client = createClient()
+  const callback = spy()
+
+  client.queue = [
+    {
+      message: 'axios-retry-forever',
+      callback
+    }
+  ]
+
+  await t.throws(client.flush())
+})
+
+test('ensure other axios clients are not impacted by axios-retry', async t => {
+  let client = createClient() // eslint-disable-line
+  const axios = require('axios')
+
+  let callCounter = 0
+
+  // Client will return a successful response for any requests beyond the first
+  let server = express()
+    .use(bodyParser.json())
+    .get('/v1/anotherEndpoint', (req, res) => {
+      if (callCounter > 0) {
+        res.status(200).send('Ok')
+      } else {
+        callCounter++
+        res.status(503).send('Service down')
+      }
+    })
+    .listen(separateAxiosClientPort)
+
+  await axios.get(`http://localhost:${separateAxiosClientPort}/v1/anotherEndpoint`)
+    .then(response => {
+      t.fail()
+    })
+    .catch(error => {
+      if (error) {
+        t.pass()
+      }
+    })
+
+  server.close()
+})