Address vulnerabilities (#46)

* Address vulnerabilities * Replace circleci with workflow * Switch to require
heroku · Sep 4, 2024 · 6cd038e · 6cd038e
1 parent 4968102
commit 6cd038e
Show file tree

Hide file tree

Showing 11 changed files with 1,849 additions and 969 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,25 @@
+name: Node CI Suite
+
+on:
+  push
+
+jobs:
+  test:
+
+    runs-on: ${{ matrix.os }}
+    name: Node Tests
+
+    strategy:
+      matrix:
+        node-version: [ 16.x, 20.x ]
+        os: [ ubuntu-24.04, pub-hk-ubuntu-24.04-arm-small ]
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+      - run: npm install -g yarn
+      - run: yarn --frozen-lockfile --ignore-engines
+      - run: yarn test
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+/node_modules/
+
diff --git a/circle.yml b/circle.yml
diff --git a/commands/add.js b/commands/add.js
@@ -5,20 +5,20 @@ const co = require('co')
 const accounts = require('../lib/accounts')
 
 function * run (context, heroku) {
-  const {name} = context.args
+  const { name } = context.args
   if (accounts.list().find(a => a.name === name)) {
     cli.error(`${name} already exists`)
     cli.exit(1)
   }
 
-  let auth = yield cli.login({sso: context.flags.sso, skipLogout: true})
+  const auth = yield cli.login({ sso: context.flags.sso, skipLogout: true })
   accounts.add(name, auth.email, auth.token)
 }
 
 module.exports = {
   topic: 'accounts',
   command: 'add',
-  args: [{name: 'name'}],
-  flags: [{name: 'sso', description: 'login for enterprise users under SSO'}],
+  args: [{ name: 'name' }],
+  flags: [{ name: 'sso', description: 'login for enterprise users under SSO' }],
   run: cli.command(co.wrap(run))
 }
diff --git a/commands/current.js b/commands/current.js
@@ -5,7 +5,7 @@ const co = require('co')
 const accounts = require('../lib/accounts')
 
 function * run (context, heroku) {
-  var account = accounts.current()
+  const account = accounts.current()
   if (account) {
     cli.log(`${account}`)
   } else {

diff --git a/commands/index.js b/commands/index.js
@@ -5,7 +5,7 @@ const cli = require('heroku-cli-util')
 const accounts = require('../lib/accounts')
 
 function * run (context, heroku) {
-  for (let account of accounts.list().map(a => a.name)) {
+  for (const account of accounts.list().map(a => a.name)) {
     if (account === accounts.current()) {
       cli.log(`* ${account}`)
     } else {

diff --git a/commands/remove.js b/commands/remove.js
@@ -5,7 +5,7 @@ const co = require('co')
 const accounts = require('../lib/accounts')
 
 function * run (context, heroku) {
-  const {name} = context.args
+  const { name } = context.args
   if (!accounts.list().find(a => a.name === name)) {
     cli.error(`${name} does not exist`)
     cli.exit(1)
@@ -22,6 +22,6 @@ function * run (context, heroku) {
 module.exports = {
   topic: 'accounts',
   command: 'remove',
-  args: [{name: 'name'}],
+  args: [{ name: 'name' }],
   run: cli.command(co.wrap(run))
 }
diff --git a/commands/set.js b/commands/set.js
@@ -5,7 +5,7 @@ const co = require('co')
 const accounts = require('../lib/accounts')
 
 function * run (context, heroku) {
-  const {name} = context.args
+  const { name } = context.args
   if (!accounts.list().find(a => a.name === name)) {
     cli.error(`${name} does not exist`)
     cli.exit(1)
@@ -17,6 +17,6 @@ function * run (context, heroku) {
 module.exports = {
   topic: 'accounts',
   command: 'set',
-  args: [{name: 'name'}],
+  args: [{ name: 'name' }],
   run: cli.command(co.wrap(run))
 }
diff --git a/lib/accounts.js b/lib/accounts.js
@@ -1,11 +1,10 @@
 'use strict'
 
+const YAML = require('yaml')
 const fs = require('fs')
 const os = require('os')
 const path = require('path')
 const Netrc = require('netrc')
-const YAML = require('yamljs')
-const mkdirp = require('mkdirp')
 
 function configDir () {
   const legacyDir = path.join(os.homedir(), '.heroku')
@@ -22,7 +21,7 @@ const netrcpath = path.join(os.homedir(), netrcfile)
 const netrc = Netrc(netrcpath)
 
 function account (name) {
-  let account = YAML.load(path.join(basedir, name))
+  const account = YAML.parse(path.join(basedir, name))
   if (account[':username']) {
     // convert from ruby symbols
     account.username = account[':username']
@@ -36,26 +35,27 @@ function account (name) {
 function list () {
   try {
     return fs.readdirSync(basedir)
-    .map(name => Object.assign(account(name), {name}))
+      .map(name => Object.assign(account(name), { name }))
   } catch (err) {
     return []
   }
 }
 
 function current () {
   if (netrc['api.heroku.com']) {
-    let current = list().find(a => a.username === netrc['api.heroku.com'].login)
+    const current = list().find(a => a.username === netrc['api.heroku.com'].login)
     return current ? current.name : null
   } else {
     return null
   }
 }
 
 function add (name, username, password) {
-  mkdirp.sync(basedir)
+  fs.mkdirSync(basedir, { recursive: true })
+
   fs.writeFileSync(
     path.join(basedir, name),
-    YAML.stringify({username, password}),
+    YAML.stringify({ username, password }),
     'utf8'
   )
   fs.chmodSync(path.join(basedir, name), 0o600)
@@ -66,13 +66,13 @@ function remove (name) {
 }
 
 function set (name) {
-  let current = account(name)
+  const current = account(name)
   netrc['git.heroku.com'] = netrc['api.heroku.com'] = {}
   netrc['git.heroku.com'].login = netrc['api.heroku.com'].login = current.username
   netrc['git.heroku.com'].password = netrc['api.heroku.com'].password = current.password
 
   // see https://github.com/camshaft/netrc/blob/44290a902b21c8fea2f1c051db1d1350630aa15c/index.js#L101
-  var data = Netrc.format(netrc) + '\n'
+  const data = Netrc.format(netrc) + '\n'
   fs.writeFileSync(netrcpath, data)
 }
 

diff --git a/package.json b/package.json
@@ -2,7 +2,7 @@
   "name": "heroku-accounts",
   "description": "manage multiple heroku accounts",
   "version": "1.1.7",
-  "author": "Jeff Dickey @dickeyxxx",
+  "author": "Heroku",
   "bugs": "https://github.com/heroku/heroku-accounts/issues",
   "files": [
     "/index.js",
@@ -11,13 +11,12 @@
   ],
   "dependencies": {
     "co": "4.6.0",
-    "heroku-cli-util": "^8.0.10",
-    "mkdirp": "0.5.1",
+    "heroku-cli-util": "^8.0.12",
     "netrc": "0.1.4",
-    "yamljs": "^0.3.0"
+    "yaml": "2.5.0"
   },
   "devDependencies": {
-    "standard": "^10.0.3"
+    "standard": "^17.1.0"
   },
   "homepage": "https://github.com/heroku/heroku-accounts",
   "keywords": [