Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

fix(deps): bump Octokit dependencies to mitigate ReDos, devDependency modernization, bump prettier #318

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Feb 14, 2025
Merged

fix(deps): bump Octokit dependencies to mitigate ReDos, devDependency modernization, bump prettier #318

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
97e4b1b
maint: modernize devDependencies
wolfy1339 Jan 3, 2025
2999d44
chore(deps): update dependency prettier to v3.5.1
renovate[bot] Feb 13, 2025
deaf64d
fix(deps): bump Octokit dependencies to mitigate ReDos
wolfy1339 Feb 13, 2025
1443e61
Merge branch 'main' into dev-deps
wolfy1339 Feb 13, 2025
f241374
Merge branch 'octokit-redos' into renovate/prettier-3.x
wolfy1339 Feb 14, 2025
92b2e20
Merge branch 'dev-deps' into renovate/prettier-3.x
wolfy1339 Feb 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5,928 changes: 1,823 additions & 4,105 deletions 5,928 package-lock.json
View file
Open in desktop

Large diffs are not rendered by default.

53 changes: 9 additions & 44 deletions 53 package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"lint": "prettier --check '{src,test,scripts}/**/*' README.md package.json",
"lint:fix": "prettier --write '{src,test,scripts}/**/*' README.md package.json",
"pretest": "npm run -s lint",
"test": "NODE_OPTIONS=\"$NODE_OPTIONS --experimental-vm-modules\" npx jest --coverage"
"test": "vitest run --coverage"
},
"repository": "https://github.com/octokit/auth-oauth-user.js",
"keywords": [
Expand All @@ -24,62 +24,27 @@
"author": "Gregor Martynus (https://dev.to/gr2m)",
"license": "MIT",
"dependencies": {
"@octokit/auth-oauth-device": "^7.1.2",
"@octokit/oauth-methods": "^5.1.2",
"@octokit/request": "^9.1.4",
"@octokit/auth-oauth-device": "^7.1.3",
"@octokit/oauth-methods": "^5.1.3",
"@octokit/request": "^9.2.1",
"@octokit/types": "^13.6.2",
"universal-user-agent": "^7.0.0"
},
"devDependencies": {
"@octokit/core": "^6.1.3",
"@octokit/tsconfig": "^4.0.0",
"@types/jest": "^29.0.0",
"@types/node": "^22.0.0",
"@vitest/coverage-v8": "^2.1.8",
"esbuild": "^0.25.0",
"fetch-mock": "npm:@gr2m/fetch-mock@9.11.0-pull-request-644.1",
"fetch-mock": "^11.0.0",
"glob": "^11.0.0",
"jest": "^29.0.0",
"mockdate": "^3.0.4",
"prettier": "3.4.2",
"prettier": "3.5.1",
"semantic-release-plugin-update-version-in-files": "^1.1.0",
"ts-jest": "^29.0.0",
"typescript": "^5.0.0"
},
"jest": {
"extensionsToTreatAsEsm": [
".ts"
],
"transform": {
"^.+\\.(ts|tsx)$": [
"ts-jest",
{
"tsconfig": "test/tsconfig.test.json",
"useESM": true
}
]
},
"coverageThreshold": {
"global": {
"statements": 100,
"branches": 100,
"functions": 100,
"lines": 100
}
},
"moduleNameMapper": {
"^(.+)\\.jsx?$": "$1"
}
"typescript": "^5.0.0",
"vitest": "^2.1.8"
},
"release": {
"branches": [
"+([0-9]).x",
"main",
"next",
{
"name": "beta",
"prerelease": true
}
],
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
Expand Down
4 changes: 2 additions & 2 deletions 4 src/auth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ export async function auth(
| GitHubAppAuthentication
| GitHubAppAuthenticationWithExpiration;
} catch (error: any) {
// istanbul ignore else
/* v8 ignore next 5 */
if (error.status === 404) {
error.message = "[@octokit/auth-oauth-user] Token is invalid";

Expand All @@ -143,7 +143,7 @@ export async function auth(
request: state.request,
});
} catch (error: any) {
// istanbul ignore if
/* v8 ignore next */
if (error.status !== 404) throw error;
}

Expand Down
6 changes: 3 additions & 3 deletions 6 src/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import * as OctokitTypes from "@octokit/types";
import * as DeviceTypes from "@octokit/auth-oauth-device";
import * as OAuthMethodsTypes from "@octokit/oauth-methods";
import type * as OctokitTypes from "@octokit/types";
import type * as DeviceTypes from "@octokit/auth-oauth-device";
import type * as OAuthMethodsTypes from "@octokit/oauth-methods";

export type ClientType = "oauth-app" | "github-app";

Expand Down
33 changes: 26 additions & 7 deletions 33 test/octokit.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
import { describe, expect, it, test } from "vitest";
import { Octokit } from "@octokit/core";
import fetchMock, { type MockMatcherFunction } from "fetch-mock";
import fetchMock from "fetch-mock";

import { createOAuthUserAuth } from "../src/index.js";

describe("Octokit + OAuth web flow", () => {
it("README example", async () => {
const matchCreateTokenRequest: MockMatcherFunction = (url, options) => {
const matchCreateTokenRequest: fetchMock.MockMatcherFunction = (
url,
options,
) => {
expect(url).toEqual("https://github.com/login/oauth/access_token");
expect(options.headers).toEqual(
expect.objectContaining({
Expand All @@ -17,7 +21,10 @@ describe("Octokit + OAuth web flow", () => {
return true;
};

const matchGetUserRequest: MockMatcherFunction = (url, options) => {
const matchGetUserRequest: fetchMock.MockMatcherFunction = (
url,
options,
) => {
expect(url).toEqual("https://api.github.com/user");
expect(options.headers).toEqual(
expect.objectContaining({
Expand Down Expand Up @@ -61,7 +68,10 @@ describe("Octokit + OAuth web flow", () => {
});

it("GitHub App auth", async () => {
const matchCreateTokenRequest: MockMatcherFunction = (url, options) => {
const matchCreateTokenRequest: fetchMock.MockMatcherFunction = (
url,
options,
) => {
expect(url).toEqual("https://github.com/login/oauth/access_token");
expect(options.headers).toEqual(
expect.objectContaining({
Expand All @@ -73,7 +83,10 @@ describe("Octokit + OAuth web flow", () => {
return true;
};

const matchGetUserRequest: MockMatcherFunction = (url, options) => {
const matchGetUserRequest: fetchMock.MockMatcherFunction = (
url,
options,
) => {
expect(url).toEqual("https://api.github.com/user");
expect(options.headers).toEqual(
expect.objectContaining({
Expand Down Expand Up @@ -119,7 +132,10 @@ describe("Octokit + OAuth web flow", () => {
});

test("Sets clientId/clientSecret as Basic auth for /authentication/{clientId}/* requests", async () => {
const matchCheckTokenRequest: MockMatcherFunction = (url, options) => {
const matchCheckTokenRequest: fetchMock.MockMatcherFunction = (
url,
options,
) => {
expect(url).toEqual(
"https://api.github.com/applications/1234567890abcdef1234/token",
);
Expand Down Expand Up @@ -166,7 +182,10 @@ test("Sets clientId/clientSecret as Basic auth for /authentication/{clientId}/*
});

test("Sets no auth for OAuth Web flow requests", async () => {
const matchCreateTokenRequest: MockMatcherFunction = (url, options) => {
const matchCreateTokenRequest: fetchMock.MockMatcherFunction = (
url,
options,
) => {
expect(url).toEqual("https://github.com/login/oauth/access_token");
// @ts-ignore
expect(options.headers.authorization).toBeUndefined();
Expand Down
1 change: 1 addition & 0 deletions 1 test/smoke.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import { describe, expect, it } from "vitest";
import { createOAuthUserAuth, requiresBasicAuth } from "../src/index.js";

describe("Smoke test", () => {
Expand Down
6 changes: 3 additions & 3 deletions 6 test/standalone.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { describe, expect, it, test, vi } from "vitest";
import fetchMock from "fetch-mock";
import MockDate from "mockdate";
import { request } from "@octokit/request";
import { jest } from "@jest/globals";

import { createOAuthUserAuth } from "../src/index.js";

Expand Down Expand Up @@ -187,7 +187,7 @@ describe("OAuth device flow", () => {
user_code: "usercode123",
verification_uri: "https://github.com/login/device",
expires_in: 900,
// use low number because jest.useFakeTimers() & jest.runAllTimers() didn't work for me
// use low number because vi.useFakeTimers() & vi.runAllTimers() didn't work for me
interval: 0.005,
},
{
Expand Down Expand Up @@ -223,7 +223,7 @@ describe("OAuth device flow", () => {
},
);

const onVerification = jest.fn();
const onVerification = vi.fn();
const auth = createOAuthUserAuth({
clientId: "1234567890abcdef1234",
clientSecret: "secret",
Expand Down
13 changes: 13 additions & 0 deletions 13 vite.config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
import { defineConfig } from "vite";

export default defineConfig({
test: {
coverage: {
include: ["src/**/*.ts"],
reporter: ["html"],
thresholds: {
100: true,
},
},
},
});
Loading
Morty Proxy This is a proxified and sanitized view of the page, visit original site.