This PR addresses reported vulnerabilities by triaging GitHub code scanning alerts related to various package dependencies, necessitating either minor or major version updates.
To ensure effective updates, I have removed the root package-lock.json ๐ฆ, which caused some related errors. This PR aims to resolve these vulnerabilities ๐ก๏ธ, enhance code readability ๐, and significantly reduce duplicated code in libs/common, particularly around MongoDB connectivity.
Resolution โ๏ธ
Dependency Updates: ๐ฆ Updated several dependencies to their latest versions.
TypeScript Configuration: ๐ ๏ธ Standardized TS config to ES2018 to leverage named capture groups in RegEx.
MongoDB Refactor: ๐๏ธ Introduced a streamlined MongoDB driver class in libs/common to adhere to DRY principles, eliminating redundant code and arguments for MongoDB initialisation.
The new approach allows for a simple, two-line MongoDB initialisation as shown below:
import { MongoDbClient } from '@ukef/dtfs2-common/mongo-db-client';
const mongoConnection = new MongoDbClient();
This enables any microservice to either use an existing connection or establish a new one to the specified MongoDB database, reducing the number of threads required for new connections from different microservices or independent applications (e.g., utils/**).
Commonized MongoDB Connection Types: ๐ Consolidated MongoDB connection status types under libs/common.
Improved Test Coverage: ๐งช Added epochDate to the utilisation-report.controller Jest test to handle null values correctly for the Date type.
Miscellaneous โ
Removed Redundant package-lock.json Files: ๐๏ธ Eliminated unnecessary package-lock.json files due to DTFS's adoption of NPM workspaces.
Node & NPM Updates: โฌ๏ธ Updated node to >=22.8.0 and npm to >=10.8.2 across all package.json files.
Environment Variable Addition: ๐ Added ENVIRONMENT variable to the database (MSSQL) step for accurate GitHub environment referencing.
New type-check:all Script: ๐งน Added to housekeeping for comprehensive type-checking across the codebase.
Introduction โ๏ธ
This PR addresses reported vulnerabilities by triaging GitHub code scanning alerts related to various package dependencies, necessitating either minor or major version updates.
To ensure effective updates, I have removed the root
package-lock.json
๐ฆ, which caused some related errors. This PR aims to resolve these vulnerabilities ๐ก๏ธ, enhance code readability ๐, and significantly reduce duplicated code inlibs/common
, particularly around MongoDB connectivity.Resolution โ๏ธ
ES2018
to leverage named capture groups in RegEx.MongoDB Refactor: ๐๏ธ Introduced a streamlined MongoDB driver class in
libs/common
to adhere to DRY principles, eliminating redundant code and arguments for MongoDB initialisation.The new approach allows for a simple, two-line MongoDB initialisation as shown below:
This enables any microservice to either use an existing connection or establish a new one to the specified MongoDB database, reducing the number of threads required for new connections from different microservices or independent applications (e.g.,
utils/**
).libs/common
.epochDate
to theutilisation-report.controller
Jest test to handlenull
values correctly for theDate
type.Miscellaneous โ
package-lock.json
Files: ๐๏ธ Eliminated unnecessarypackage-lock.json
files due to DTFS's adoption of NPM workspaces.node
to>=22.8.0
andnpm
to>=10.8.2
across allpackage.json
files.ENVIRONMENT
variable to thedatabase
(MSSQL) step for accurate GitHub environment referencing.type-check:all
Script: ๐งน Added tohousekeeping
for comprehensive type-checking across the codebase.logger
utility with nativeconsole
due to unicode interpretation issues in Azure logs.Mongo
specific environment variables in.env.sample
.libs/common
constants are used forPortal
values.MONGODB_URI_LOCALHOST
for test suite execution with MongoDB localhost connection string.