Fix: sonatype-2023-4801 (#272) in inflight - update packages to remov…

…e dependency on inflight package * disable broken coverage target for now. restore coverage targets later - see Issue #273
sonatype-nexus-community · Dec 13, 2023 · 2b257a5 · 2b257a5
1 parent 94cd45a
commit 2b257a5
Show file tree

Hide file tree

Showing 8 changed files with 735 additions and 567 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -38,11 +38,11 @@ jobs:
       - run:
           name: test
           command: yarn test-ci
-      - run:
-          name: code coverage
-          command: |
-            yarn coverage
-            yarn generate-coverage-report
+#      - run:
+#          name: code coverage
+#          command: |
+#            yarn coverage
+#            yarn generate-coverage-report
       - store_test_results:
           path: reports
       - store_artifacts:

diff --git a/package.json b/package.json
@@ -16,8 +16,10 @@
   "resolutions": {
     "hosted-git-info": "^3.0.8",
     "y18n": "^5.0.8",
-    "minimatch": "^3.0.5",
-    "semver": "^7.5.2"
+    "minimatch": ">=3.0.5",
+    "semver": "^7.5.2",
+    "read-package-json": ">=7.0.0",
+    "glob": ">=9.3.5"
   },
   "scripts": {
     "test": "mocha -r ts-node/register src/**/*.spec.ts",
@@ -64,18 +66,17 @@
     "@types/node": "^12.12.27",
     "@types/node-fetch": "^2.5.4",
     "@types/node-persist": "^3.0.0",
-    "@types/rimraf": "^2.0.3",
     "@types/sinon": "^7.5.1",
     "@types/ssri": "^6.0.1",
     "@types/uuid": "^3.4.7",
     "@types/yargs": "^13.0.8",
     "@types/yarnpkg__lockfile": "^1.1.3",
-    "@typescript-eslint/eslint-plugin": "^2.20.0",
-    "@typescript-eslint/parser": "^2.20.0",
+    "@typescript-eslint/eslint-plugin": "^6.13.2",
+    "@typescript-eslint/parser": "^6.13.2",
     "@yarnpkg/lockfile": "^1.1.0",
     "chai": "4.2.0",
     "chai-as-promised": "7.1.1",
-    "eslint": "^6.8.0",
+    "eslint": "^7.1.0",
     "eslint-config-prettier": "^6.10.0",
     "eslint-plugin-prettier": "^3.1.2",
     "mocha": "^8.3.1",
@@ -84,10 +85,10 @@
     "nock": "11.7.0",
     "nyc": "^15.0.0",
     "prettier": "^1.19.1",
-    "rimraf": "^3.0.0",
+    "rimraf": "^4.0.0",
     "sinon": "^8.0.2",
     "ts-node": "^8.5.4",
-    "typescript": "^3.7.3"
+    "typescript": "^5.3.3"
   },
   "dependencies": {
     "@xmldom/xmldom": "^0.8.5",

diff --git a/src/Application/Application.spec.ts b/src/Application/Application.spec.ts
@@ -44,6 +44,7 @@ describe('Application', () => {
     sinon
       .stub(OssIndexRequestService.prototype, 'callOSSIndexOrGetFromCache')
       .callsFake(async function(this: any): Promise<any> {
+        // eslint-disable-next-line @typescript-eslint/no-this-alias
         ossIndexRequestService = this;
         return [
           {

diff --git a/src/CycloneDX/Types/Component.ts b/src/CycloneDX/Types/Component.ts
@@ -20,7 +20,7 @@ import { Hash } from './Hash';
 export interface Component {
   '@type': string;
   '@bom-ref': string;
-  group: string;
+  group?: string;
   name: string;
   version: string;
   description?: Object;

diff --git a/src/Services/RequestHelpers.spec.ts b/src/Services/RequestHelpers.spec.ts
@@ -33,23 +33,21 @@ describe('RequestHelpers', () => {
   });
 
   it('getAgent() should return undefined when no env variable is set', () => {
-    // eslint-disable-next-line @typescript-eslint/camelcase
     process.env.http_proxy = 'no-proxy';
 
     const res = RequestHelpers.getAgent();
     expect(res).to.be.undefined;
   });
 
   it('getAgent() should return a proxy httpAgent when env variable is set', () => {
-    // eslint-disable-next-line @typescript-eslint/camelcase
     process.env.http_proxy = 'http://test.local:8080';
     const res = RequestHelpers.getAgent();
     expect(res).not.to.be.undefined;
     if (res) {
-      // eslint-disable-next-line @typescript-eslint/ban-ts-ignore
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
       // @ts-ignore
       expect(res.proxy.host).to.equal('test.local');
-      // eslint-disable-next-line @typescript-eslint/ban-ts-ignore
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
       // @ts-ignore
       expect(res.proxy.port).to.equal(8080);
     }
@@ -59,7 +57,7 @@ describe('RequestHelpers', () => {
     const res = RequestHelpers.getAgent(true);
     expect(res).not.to.be.undefined;
     if (res) {
-      // eslint-disable-next-line @typescript-eslint/ban-ts-ignore
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
       // @ts-ignore
       expect(res.options.rejectUnauthorized).to.equal(false);
     }
@@ -74,36 +72,34 @@ describe('RequestHelpers', () => {
     const res = RequestHelpers.getAgent(true);
     expect(res).not.to.be.undefined;
     if (res) {
-      // eslint-disable-next-line @typescript-eslint/ban-ts-ignore
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
       // @ts-ignore
       expect(res.options.rejectUnauthorized).to.equal(false);
-      // eslint-disable-next-line @typescript-eslint/ban-ts-ignore
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
       // @ts-ignore
       expect(res.proxy.host).to.equal('test.local');
-      // eslint-disable-next-line @typescript-eslint/ban-ts-ignore
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
       // @ts-ignore
       expect(res.proxy.port).to.equal(8080);
     }
   });
   */
 
   it('should return an httpAgent when env variable is set', () => {
-    // eslint-disable-next-line @typescript-eslint/camelcase
     process.env.http_proxy = 'http://test.local:8080';
     const res = RequestHelpers.getHttpAgent();
     expect(res).not.to.be.undefined;
     if (res) {
-      // eslint-disable-next-line @typescript-eslint/ban-ts-ignore
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
       // @ts-ignore
       expect(res.proxy.host).to.equal('test.local');
-      // eslint-disable-next-line @typescript-eslint/ban-ts-ignore
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
       // @ts-ignore
       expect(res.proxy.port).to.equal(8080);
     }
   });
 
   it('should return undefined when no env variable is set', () => {
-    // eslint-disable-next-line @typescript-eslint/camelcase
     process.env.http_proxy = 'no-proxy';
 
     const res = RequestHelpers.getHttpAgent();

diff --git a/src/Types/IqServerResult.ts b/src/Types/IqServerResult.ts
@@ -39,6 +39,7 @@ export class IqServerResult {
 class Component {
   readonly packageUrl: string;
   readonly hash: string;
+  // eslint-disable-next-line
   readonly componentIdentifier: {};
   readonly proprietary: boolean;
 
@@ -61,8 +62,11 @@ class ComponentIdentifier {
 }
 
 class LicenseData {
+  // eslint-disable-next-line
   readonly declaredLicenses: {};
+  // eslint-disable-next-line
   readonly observedLicenses: {};
+  // eslint-disable-next-line
   readonly overriddenLicenses: {};
   readonly status: string;
 

diff --git a/tsconfig.json b/tsconfig.json
@@ -10,6 +10,7 @@
     "sourceMap": true,
     "declaration": true,
     "resolveJsonModule": true,
+    "useUnknownInCatchVariables": false,
   },
   "include": [
     "src/**/*.d.ts",