search

ToothlessGear / node-gcm

A NodeJS wrapper library port to send data to Android devices via Google Cloud Messaging
https://github.com/ToothlessGear/node-gcm
Other
1.3k stars 208 forks source link

versionbumped dependency 'request' #320

Closed jkowalleck closed 6 years ago

jkowalleck commented 6 years ago

the dependency request had a security issue in one of its dependencies lately. decided to bump to the latest version: 2.8.7.0

before i changed anything:

                       === npm audit security report ===                        

# Run  npm update stringstream --depth 2  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Out-of-bounds Read                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ stringstream                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ request                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ request > stringstream                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/664                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

[!] 1 vulnerability found - Packages audited: 130 (59 dev, 6 optional)
    Severity: 1 Moderate

after my chnages to package.json : 

                       === npm audit security report ===                        

[+] no known vulnerabilities found
    Packages audited: 120 (59 dev, 6 optional)

changes were made:

  1. modified package.json
  2. run npm install
  3. run npm test

test results looked the same, before and after the change, no diffs besides some timings.

> node-gcm@1.0.1 test /home/flow/Documents/Coding/node/node-gcm
> mocha test/**/*Spec.js

  UNIT Message
    constructor
      ✓ can be instantiated with no state
      ✓ should call new on constructor if user does not
      ✓ should create an message with properties passed in
      ✓ should only set properties passed into constructor
    addData()
      ✓ should add properties to the message data object given a key and value
      ✓ should only set values on data object, not top level message
      ✓ should set the data property to the object passed in
      ✓ should overwrite data object when an object is passed in
      ✓ should not overwrite data if not passed an object
      ✓ should not overwrite data if passed an empty object
      - should do something if not called properly
    addDataWithKeyValue()
Message#addDataWithKeyValue has been deprecated. Please use Message#addData instead.
      ✓ should add properties to the message data object given a key and value
Message#addDataWithKeyValue has been deprecated. Please use Message#addData instead.
      ✓ should only set values on data object, not top level message
      - should do something if not called properly
    addDataWithObject()
Message#addDataWithObject has been deprecated. Please use Message#addData instead.
      ✓ should set the data property to the object passed in
Message#addDataWithObject has been deprecated. Please use Message#addData instead.
      ✓ should overwrite data object when an object is passed in
Message#addDataWithObject has been deprecated. Please use Message#addData instead.
      ✓ should not overwrite data if not passed an object
Message#addDataWithObject has been deprecated. Please use Message#addData instead.
      ✓ should not overwrite data if passed an empty object
    addNotification()
      ✓ should add attribute on notification object if pass key and value
      ✓ should set the notification property to the object passed in
    toJson()
      ✓ should return well-formed data for GCM if it is valid
      ✓ should return well-formed data for GCM if it describes a notification
      ✓ should ignore non-standard fields when serializing

  UNIT Sender
    constructor
      ✓ should call new on constructor if user does not
      ✓ should create a Sender with key and options passed in
      - should do something if not passed a valid key
    sendNoRetry()
      ✓ should set proxy, maxSockets, timeout and/or strictSSL of req object if passed into constructor
      ✓ should not override internal request params if passed into constructor (except timeout)
      ✓ should not override internal request headers if passed into constructor
      ✓ should allow extending request headers if passed into constructor
      ✓ should not set strictSSL of req object if not passed into constructor
      ✓ should set the API key of req object if passed in API key
      ✓ should send a JSON object as the body of the request
      ✓ should set properties of body with message properties
      ✓ should set the registration_ids to reg tokens implicitly passed in
      ✓ should set the registration_ids to reg tokens explicitly passed in
      ✓ should set the registration_ids to reg tokens explicitly passed in
      ✓ should set the to field if a single reg (or other) token is passed in
      ✓ should set the to field if a single reg token is passed in as a string
      ✓ should set the to field if a single reg token is passed inside the recipient array
      ✓ should set the to field if a single reg token is passed inside the registrationTokens array
      ✓ should set the to field if a single reg token is passed inside the registrationIDs array
      ✓ should set the to field if a topic is passed in
      ✓ should set the to field if a to recipient is passed in
      ✓ should set the condition field if multiple topics are passed in
      ✓ should pass an error into callback if recipient is an empty object
      ✓ should pass an error into callback if recipient keys are invalid
      ✓ should pass an error into callback if provided more than one recipient key
      ✓ should pass an error into callback if registrationIds is not an array
      ✓ should pass an error into callback if registrationTokens is not an array
      ✓ should pass an error into callback if to is not a string
      ✓ should pass an error into callback if topic is not a string
      ✓ should pass an error into callback if notificationKey is not a string
      ✓ should pass an error into callback if to is empty
      ✓ should pass an error into callback if topic is empty
      ✓ should pass an error into callback if notificationKey is empty
      ✓ should pass an error into callback if no recipient provided
      ✓ should pass an error into callback if request returns an error
      ✓ should return the status code as an error if returned a 500
      ✓ should return the status code as an error if returned a 401
      ✓ should return the status code as an error if returned a 400
      ✓ should pass an error into the callback if resBody cannot be parsed
      ✓ should pass in parsed resBody into callback on success
    send()
Firing send
      ✓ should pass reg tokens to sendNoRetry, even if it is an empty array
Firing send
      ✓ should pass reg tokens to sendNoRetry, even if it is an empty object
Firing send
      ✓ should pass reg tokens to sendNoRetry, even if some keys are invalid
Firing send
      ✓ should pass the message and the regToken to sendNoRetry on call
Firing send
      ✓ should pass the message and the regTokens to sendNoRetry on call
Firing send
      ✓ should pass the response into callback if successful for token
Firing send
      ✓ should pass the response into callback if successful for tokens
Firing send
      ✓ should pass the error into callback if failure and no retry for token
Firing send
      ✓ should pass the error into callback if failure and no retry for tokens
Firing send
Firing send
      ✓ should retry number of times passed into call and do exponential backoff (1004ms)
Firing send
Firing send
Firing send
      ✓ should retry if not all regTokens were successfully sent (303ms)
Firing send
Firing send
      ✓ should retry all regTokens in event of an error (1001ms)
Firing send
Firing send
      ✓ should update the failures and successes correctly when retrying (1002ms)
Firing send
Firing send
Firing send
Firing send
      ✓ should update the failures and successes correctly when retrying and failing some (703ms)

  74 passing (4s)
  3 pending
eladnava commented 6 years ago

@jkowalleck Thanks for the PR! @hypesystem LGTM, can we merge?

hypesystem commented 6 years ago

Sounds good :smile: thanks again @jkowalleck !

eladnava commented 6 years ago

Merged, can you please publish @hypesystem?

hypesystem commented 6 years ago

Published as 1.0.2