fix: vendor nconf to remove vulnerable yargs version

BREAKING CHANGE: dropping argv parsing support because of vendored nconf module and removed yargs parser

lib/nconf/LICENSE

@@ -0,0 +1,19 @@
+Copyright (C) 2011 Charlie Robbins and the Contributors.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

lib/nconf/nconf.ts

@@ -0,0 +1,37 @@
+/*
+ * nconf.js: Top-level include for the nconf module
+ *
+ * (C) 2011, Charlie Robbins and the Contributors.
+ *
+ */
+
+import * as common from './nconf/common';
+import { Provider } from './nconf/provider';
+import * as formats from './nconf/formats';
+
+import { Env } from './nconf/stores/env';
+import { File } from './nconf/stores/file';
+import { Literal } from './nconf/stores/literal';
+import { Memory } from './nconf/stores/memory';
+
+//
+// `nconf` is by default an instance of `nconf.Provider`.
+//
+const nconf = new Provider();
+
+nconf.Env = Env;
+nconf.File = File;
+nconf.Literal = Literal;
+nconf.Memory = Memory;
+
+//
+// Expose the various components included with nconf
+//
+nconf.key = common.key;
+nconf.path = common.path;
+nconf.loadFiles = common.loadFiles;
+nconf.loadFilesSync = common.loadFilesSync;
+nconf.formats = formats;
+nconf.Provider = Provider;
+
+export default nconf;

lib/nconf/nconf/common.js → lib/nconf/nconf/common.ts

@@ -5,12 +5,10 @@
  *
  */
 
-var fs = require('fs'),
-    async = require('async'),
-    formats = require('./formats'),
-    Memory = require('./stores/memory').Memory;
-
-var common = exports;
+import * as fs from 'fs';
+import * as async from 'async';
+import * as formats from './formats';
+import { Memory } from './stores/memory';
 
 //
 // ### function path (key)
@@ -19,66 +17,66 @@ var common = exports;
 // If given null or undefined it should return an empty path.
 // '' should still be respected as a path.
 //
-common.path = function (key, separator) {
+export function path(key, separator) {
   separator = separator || ':';
   return key == null ? [] : key.split(separator);
-};
+}
 
 //
 // ### function key (arguments)
 // Returns a `:` joined string from the `arguments`.
 //
-common.key = function () {
-  return Array.prototype.slice.call(arguments).join(':');
-};
+export function key(...args) {
+  return Array.prototype.slice.call(args).join(':');
+}
 
 //
 // ### function key (arguments)
 // Returns a joined string from the `arguments`,
 // first argument is the join delimiter.
 //
-common.keyed = function () {
-  return Array.prototype.slice.call(arguments, 1).join(arguments[0]);
-};
+export function keyed(...args) {
+  return Array.prototype.slice.call(args, 1).join(args[0]);
+}
 
 //
 // ### function loadFiles (files, callback)
 // #### @files {Object|Array} List of files (or settings object) to load.
 // #### @callback {function} Continuation to respond to when complete.
 // Loads all the data in the specified `files`.
 //
-common.loadFiles = function (files, callback) {
+export function loadFiles(files, callback) {
   if (!files) {
     return callback(null, {});
   }
 
-  var options = Array.isArray(files) ? { files: files } : files;
+  const options = Array.isArray(files) ? { files: files } : files;
 
   //
   // Set the default JSON format if not already
   // specified
   //
   options.format = options.format || formats.json;
 
-  function parseFile (file, next) {
-    fs.readFile(file, function (err, data) {
+  function parseFile(file, next) {
+    fs.readFile(file, function(err, data) {
       return !err
         ? next(null, options.format.parse(data.toString()))
         : next(err);
     });
   }
 
-  async.map(options.files, parseFile, function (err, objs) {
-    return err ? callback(err) : callback(null, common.merge(objs));
+  async.map(options.files, parseFile, function(err, objs) {
+    return err ? callback(err) : callback(null, merge(objs));
   });
-};
+}
 
 //
 // ### function loadFilesSync (files)
 // #### @files {Object|Array} List of files (or settings object) to load.
 // Loads all the data in the specified `files` synchronously.
 //
-common.loadFilesSync = function (files) {
+export function loadFilesSync(files) {
   if (!files) {
     return;
   }
@@ -87,83 +85,87 @@ common.loadFilesSync = function (files) {
   // Set the default JSON format if not already
   // specified
   //
-  var options = Array.isArray(files) ? { files: files } : files;
+  const options = Array.isArray(files) ? { files: files } : files;
   options.format = options.format || formats.json;
 
-  return common.merge(options.files.map(function (file) {
-    return options.format.parse(fs.readFileSync(file, 'utf8'));
-  }));
-};
+  return merge(
+    options.files.map(function(file) {
+      return options.format.parse(fs.readFileSync(file, 'utf8'));
+    }),
+  );
+}
 
 //
 // ### function merge (objs)
 // #### @objs {Array} Array of object literals to merge
 // Merges the specified `objs` using a temporary instance
 // of `stores.Memory`.
 //
-common.merge = function (objs) {
-  var store = new Memory();
+export function merge(objs) {
+  const store = new Memory();
 
-  objs.forEach(function (obj) {
-    Object.keys(obj).forEach(function (key) {
+  objs.forEach(function(obj) {
+    Object.keys(obj).forEach(function(key) {
       store.merge(key, obj[key]);
     });
   });
 
   return store.store;
-};
+}
 
 //
 // ### function capitalize (str)
 // #### @str {string} String to capitalize
 // Capitalizes the specified `str`.
 //
-common.capitalize = function (str) {
+export function capitalize(str) {
   return str && str[0].toUpperCase() + str.slice(1);
-};
+}
 
 //
 // ### function parseValues (any)
 // #### @any {string} String to parse as native data-type or return as is
 // try to parse `any` as a native data-type
 //
-common.parseValues = function (value) {
-  var val = value;
-  
+export function parseValues(value) {
+  let val = value;
+
   try {
     val = JSON.parse(value);
   } catch (ignore) {
     // Check for any other well-known strings that should be "parsed"
-    if (value === 'undefined'){
+    if (value === 'undefined') {
       val = void 0;
     }
   }
 
   return val;
-};
+}
 
 //
 // ### function transform(map, fn)
 // #### @map {object} Object of key/value pairs to apply `fn` to
 // #### @fn {function} Transformation function that will be applied to every key/value pair
 // transform a set of key/value pairs and return the transformed result
-common.transform = function(map, fn) {
-  var pairs = Object.keys(map).map(function(key) {
-    var obj = { key: key, value: map[key]};
-    var result = fn.call(null, obj);
+export function transform(map, fn) {
+  const pairs = Object.keys(map).map(function(key) {
+    const obj = { key: key, value: map[key] };
+    const result = fn.call(null, obj);
 
     if (!result) {
       return null;
     } else if (result.key) {
       return result;
     }
 
-    var error = new Error('Transform function passed to store returned an invalid format: ' + JSON.stringify(result));
+    const error = new Error(
+      'Transform function passed to store returned an invalid format: ' +
+        JSON.stringify(result),
+    );
     error.name = 'RuntimeError';
     throw error;
   });
 
-
   return pairs
     .filter(function(pair) {
       return pair !== null;