Dependency updates to fix security vulnerabilities (#306)

* build(deps): Updated superagent,cookiejar,qs to the latest version

Update superagent to latest version for fixing security vulnerabilities

* build(deps): Locking superagent types to 4.1.13 due to failing build

* extend cookie expiry dates

* use a more reliable site for network tests

* use webooks.site for echo tests

* ditch console log

* increase timeout on tests that hit webook.site

---------

Co-authored-by: Keith Cirkel <keithamus@users.noreply.github.com>

Author: Trickfilm400

package-lock.json

@@ -51,13 +51,13 @@
   },
   "dependencies": {
     "@types/chai": "4",
-    "@types/superagent": "^4.1.10",
+    "@types/superagent": "4.1.13",
     "charset": "^1.0.1",
-    "cookiejar": "^2.1.2",
+    "cookiejar": "^2.1.4",
     "is-ip": "^2.0.0",
     "methods": "^1.1.2",
-    "qs": "^6.5.1",
-    "superagent": "^6.1.0"
+    "qs": "^6.11.2",
+    "superagent": "^8.0.9"
   },
   "devDependencies": {
     "@semantic-release/changelog": "^5.0.1",

package.json

@@ -300,7 +300,7 @@ describe('assertions', function () {
       headers: {
         'set-cookie': [
           'name=value',
-          'name2=value2; Expires=Wed, 09 Jun 2021 10:18:14 GMT'
+          'name2=value2; Expires=Wed, 09 Jun 2038 10:18:14 GMT'
         ]
       }
     };
@@ -333,7 +333,7 @@ describe('assertions', function () {
       headers: {
         'set-cookie': [
           'name=value;',
-          'name2=value2; Expires=Wed, 09 Jun 2021 10:18:14 GMT',
+          'name2=value2; Expires=Wed, 09 Jun 2038 10:18:14 GMT',
           'name3=value3; Domain=.somedomain.com',
         ]
       }
@@ -369,7 +369,7 @@ describe('assertions', function () {
     var agent = chai.request.agent();
     var cookies = [
       'name=value',
-      'name2=value2; Expires=Wed, 09 Jun 2021 10:18:14 GMT',
+      'name2=value2; Expires=Wed, 09 Jun 2038 10:18:14 GMT',
       'name3=value3; Domain=.somedomain.com',
     ];
     if (agent.jar)  // Using superagent.Agent (node)

test/http.js

@@ -17,8 +17,8 @@ describe('request', function () {
     });
 
     it('can request a web page', function (done) {
-      request('https://httpbin.org')
-        .get('/html')
+      request('https://chaijs.com')
+        .get('/guide/')
         .end(function (err, res) {
           res.should.have.status(200);
           res.should.be.html;
@@ -35,8 +35,8 @@ describe('request', function () {
     });
 
     it('can request JSON data', function (done) {
-      request('https://httpbin.org')
-        .get('/get')
+      request('https://chaijs.com')
+        .get('/package-lock.json')
         .end(function (err, res) {
           res.should.have.status(200);
           res.should.be.json;
@@ -49,47 +49,76 @@ describe('request', function () {
     });
 
     it('can read response headers', function (done) {
-      request('https://httpbin.org')
-        .get('/response-headers')
-        .query({'content-type': 'application/json'})
-        .query({'pragma': 'test1'})
-        .query({'location': 'test2'})
-        .query({'x-api-key': 'test3'})
+      this.timeout(5000)
+      request('https://webhook.site')
+        .post('/token')
         .end(function (err, res) {
-          res.should.have.status(200);
-
-          // Content-Type and Pragma are supported on Node and browser
-          res.should.be.json;
-          res.should.have.header('Content-Type', /json$/);
-          res.should.have.header('Pragma', 'test1');
+          const uuid = res.body.uuid;
+          request('https://webhook.site')
+            .get('/' + uuid)
+            .query({'content-type': 'application/json'})
+            .query({'pragma': 'test1'})
+            .query({'location': 'test2'})
+            .query({'x-api-key': 'test3'})
+            .end(function (err, res) {
+              res.should.have.status(200);
+              request('https://webhook.site')
+                .get('/token/' + uuid + '/requests?sorting=newest&per_page=1')
+                .end(function (err, res) {
+                  // Content-Type and Pragma are supported on Node and browser
+                  res.should.be.json;
+                  res.should.have.nested.property('.body.data.0.query.content-type', 'application/json')
+                  res.should.have.nested.property('.body.data.0.query.pragma', 'test1')
 
-          // When running in a browser, only "simple" headers are readable
-          // https://www.w3.org/TR/cors/#simple-response-header
-          isNode && res.should.have.header('Location', 'test2');
-          isNode && res.should.have.header('X-API-Key', 'test3');
-          isBrowser && res.should.not.have.header('Location');
-          isBrowser && res.should.not.have.header('X-API-Key');
+                  // When running in a browser, only "simple" headers are readable
+                  // https://www.w3.org/TR/cors/#simple-response-header
+                  isNode && res.should.have.nested.property('.body.data.0.query.location', 'test2')
+                  isNode && res.should.have.nested.property('.body.data.0.query.x-api-key', 'test3')
+                  isBrowser && res.should.not.have.nested.property('.body.data.0.query.location');
+                  isBrowser && res.should.not.have.nested.property('.body.data.0.query.x-api-key');
 
-          done(err);
+                  done(err);
+                });
+            });
         });
     });
 
     it('succeeds when response has an error status', function (done) {
-      request('https://httpbin.org')
-        .get('/status/400')
+      request('https://chaijs.com')
+        .get('/404')
         .end(function (err, res) {
-          res.should.have.status(400);
+          res.should.have.status(404);
           done(err);
         });
     });
 
     it('can be augmented with promises', function (done) {
-      request('https://httpbin.org')
-        .get('/get')
-        .set('X-API-Key', 'test3')
+      this.timeout(5000)
+      let uuid = ''
+      request('https://webhook.site')
+        .post('/token')
+        .then(function (res) {
+          uuid = res.body.uuid;
+          return res.body.uuid;
+        })
+        .then(function (uuid) {
+          return request('https://webhook.site')
+            .get('/' + uuid)
+            .query({'content-type': 'application/json'})
+            .query({'x-api-key': 'test3'})
+        })
         .then(function (res) {
           res.should.have.status(200);
-          res.body.headers['X-Api-Key'].should.equal('test3');
+          return request('https://webhook.site')
+            .get('/token/' + uuid + '/requests?sorting=newest&per_page=1')
+        })
+        .then(function (res) {
+          res.should.have.status(200);
+          res.should.be.json;
+          res.should.have.nested.property('.body.data.0.query.content-type', 'application/json')
+          res.should.have.nested.property('.body.data.0.query.x-api-key', 'test3')
+        })
+        .then(function () {
           throw new Error('Testing catch');
         })
         .then(function () {
@@ -103,11 +132,11 @@ describe('request', function () {
         .then(done, done);
     });
 
-    it('can resolve a promise given status code of 400', function () {
-      return request('https://httpbin.org')
-        .get('/status/400')
+    it('can resolve a promise given status code of 404', function () {
+      return request('https://chaijs.com')
+        .get('/404')
         .then(function (res) {
-          res.should.have.status(400);
+          res.should.have.status(404);
         });
     });
   });