MEND scan (#400)

.gitignore

@@ -65,3 +65,6 @@ debug/
 test.js
 dev/
 .npmrc
+
+# MEND unified agent
+wss-unified-agent.jar

.travis.yml

@@ -2,11 +2,20 @@ language: node_js
 node_js:
   - "16"
 
+before_install:
+  - export WS_APIKEY=${WS_APIKEY}
+  - export WS_USERKEY=${WS_USERKEY}
+  - export WS_PRODUCTNAME=${WS_PRODUCTNAME}
+  - export WS_PROJECTNAME=razeedeploy-core
+  - export WS_WSS_URL=https://ibmets.whitesourcesoftware.com/agent
+
 script:
   - if [ "${TRAVIS_PULL_REQUEST}" != "false" ]; then npx audit-ci --config audit-ci.json --only=prod; else npx audit-ci --config audit-ci.json || true; fi
   - npm run lint
   - npm test
   - if [ -n "${TRAVIS_TAG}" ]; then npm version --no-git-tag-version "${TRAVIS_TAG}"; fi
+  # Perform UA scan on non-PR builds
+  - if [ "${TRAVIS_PULL_REQUEST}" = "false" ]; then curl -LJO https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar; java -jar wss-unified-agent.jar -d . || echo "UA Scan Error occurred"; fi
 
 deploy:
   - provider: npm

audit-ci.json

@@ -14,14 +14,14 @@
       "GHSA-p8p7-x288-28g6": {
         "active": true,
         "notes": "The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP)",
-        "expiry": "2023-10-01"
+        "expiry": "2023-12-31"
       }
     },
     {
       "GHSA-72xf-g2v4-qvf3": {
         "active": true,
         "notes": "The Request package (see above) requires tough-cookie at a vulnerable version.",
-        "expiry": "2023-10-01"
+        "expiry": "2023-12-31"
       }
     }    ],
   "skip-dev": true