Fix vulnerability

mapbox · Aug 9, 2023 · fbc9d24 · fbc9d24
1 parent dedef04
commit fbc9d24
Show file tree

Hide file tree

Showing 7 changed files with 2,254 additions and 3,913 deletions.
diff --git a/.nvmrc b/.nvmrc
@@ -1,2 +1,2 @@
-v12.20.1
+v16
 
diff --git a/.travis.yml b/.travis.yml
@@ -1,5 +1,4 @@
 language: node_js
 node_js:
-- 12
-- 14
+- 16
 script: npm test
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@mapbox/quilt",
-  "version": "0.2.0",
+  "version": "1.0.0",
   "description": "A light-weight utility library for patching static tiles together.",
   "main": "index.js",
   "directories": {
@@ -13,6 +13,10 @@
     "type": "git",
     "url": "git+https://github.com/mapbox/quilt.git"
   },
+  "engines": {
+    "node": "16.20.0",
+    "npm": "9"
+  },
   "keywords": [
     "mapbox",
     "map",
@@ -41,14 +45,14 @@
   "homepage": "https://github.com/mapbox/quilt#readme",
   "dependencies": {
     "@mapbox/sphericalmercator": "^1.1.0",
-    "mapnik": "^4.5.4",
-    "node-fetch": "^2.6.0",
+    "mapnik": "^4.5.9",
+    "node-fetch": "^2.6.12",
     "p-retry": "^4.2.0"
   },
   "devDependencies": {
     "@mapbox/eslint-config-mapbox": "^2.0.1",
-    "eslint": "^5.16.0",
+    "eslint": "^8.46.0",
     "eslint-plugin-node": "^9.1.0",
-    "jest": "^25.2.0"
+    "jest": "^29.6.2"
   }
 }
diff --git a/src/get-static-tile.js b/src/get-static-tile.js
@@ -8,7 +8,6 @@ function getStaticTile(url, pxOffsets) {
   const getImg = async (attempt) => {
     (attempt > 1) ? url += '&fresh=true' : url;
     const response = await fetch(url);
-
     // Throw if resource doesn't exist to trigger a retry
     if (response.status === 404) {
       throw new Error(response.statusText);

diff --git a/test/get-static-tile.test.js b/test/get-static-tile.test.js
@@ -34,17 +34,26 @@ describe('getStaticTile', () => {
   });
 
   test('retries on 404', async () => {
-    const response = Promise.resolve({
+    const response404 = Promise.resolve({
       status: 404,
       buffer: jest.fn()
     });
+    const response200 = Promise.resolve({
+      status: 200,
+      buffer: jest.fn(() => ({
+        toString: jest.fn()
+      }))
+    });
 
-    fetch.mockImplementation(() => response);
-    const staticTile = getStaticTile(urlFixture, pxFixture);
-    expect(staticTile).resolves.toEqual({
-      decoded: null,
-      original: undefined
+    fetch.mockImplementationOnce(() => response404).mockImplementationOnce(() => response200);
+    const staticTile = await getStaticTile(urlFixture, pxFixture);
+    expect(staticTile).toEqual({
+      buffer: expect.any(Object),
+      reencode: true,
+      x: 256,
+      y: 256
     });
+    expect(fetch).toHaveBeenCalledTimes(2);
   });
 
   test('throws on 403', async () => {

diff --git a/test/index.test.js b/test/index.test.js
@@ -17,6 +17,10 @@ const mockBuffer = fs.readFileSync(__dirname + '/fixtures/fake-tile.png');
 const options = [[0, 0], 1, 500, false];
 
 describe('makeGetQuilt', () => {
+  beforeEach(() => {
+    fetch.mockClear();
+  });
+
   test('returns on 200', async () => {
     const response = Promise.resolve({
       status: 200,
@@ -31,14 +35,20 @@ describe('makeGetQuilt', () => {
   });
 
   test('retries on 404', async () => {
-    const response = Promise.resolve({
+    const response404 = Promise.resolve({
       status: 404,
       buffer: jest.fn()
     });
+    const response200 = Promise.resolve({
+      status: 200,
+      buffer: () => { return mockBuffer; }
+    });
 
-    fetch.mockImplementation(() => response);
+    fetch.mockImplementationOnce(() => response404).mockImplementation(() => response200);
     const getQuilt = makeGetQuilt(...options);
-    expect(getQuilt(fixture)).resolves.toEqual(undefined);
+    const image = await getQuilt(fixture);
+    expect(image).toEqual(expect.any(Buffer));
+    expect(fetch).toHaveBeenCalledTimes(5);
   });
 
   test('throws on 403', async () => {