strong-error-handler - npm Package Compare versions

Comparing version 5.0.2 to 5.0.5

CHANGES.md

@@ -0,1 +1,53 @@
+2023-12-07, Version 5.0.5
+=========================
+
+ * chore: update github/codeql-action action to v2.22.9 (renovate[bot])
+
+ * chore: update step-security/harden-runner action to v2.6.1 (renovate[bot])
+
+ * chore: add badges (Rifa Achrinza)
+
+ * ci: further harden workflows (Rifa Achrinza)
+
+ * ci: fix Scorecard issues (Rifa Achrinza)
+
+ * chore: lock file maintenance (renovate[bot])
+
+ * chore: update dependency eslint to ^8.55.0 (renovate[bot])
+
+ * chore: update github/codeql-action action to v2.22.8 (renovate[bot])
+
+ * chore: update commitlint monorepo to ^18.4.3 (renovate[bot])
+
+ * chore: update dependency eslint to ^8.54.0 (renovate[bot])
+
+ * chore: update commitlint monorepo to ^18.4.2 (renovate[bot])
+
+ * chore: update github/codeql-action action to v2.22.7 (renovate[bot])
+
+ * chore: update github/codeql-action action to v2.22.6 (renovate[bot])
+
+ * chore: update commitlint monorepo (renovate[bot])
+
+ * fix(cve-2023-29827): replace EJS with Handlebars to resolve security warning (KalleV)
+
+ * ci: align CI configuration (Rifa Achrinza)
+
+ * chore: update dependency @types/express to ^4.17.21 (renovate[bot])
+
+ * chore: update dependency eslint to ^8.53.0 (renovate[bot])
+
+ * chore: update dependency @commitlint/config-conventional to ^18.1.0 (renovate[bot])
+
+ * chore: update dependency @commitlint/config-conventional to v18 (renovate[bot])
+
+ * chore: update dependency eslint to ^8.52.0 (renovate[bot])
+
+ * chore: update dependency @commitlint/config-conventional to ^17.8.1 (renovate[bot])
+
+ * chore: update dependency @types/express to ^4.17.20 (renovate[bot])
+
+ * chore: update dependency http-status to ^1.7.3 (renovate[bot])
+
+
 2023-10-16, Version 5.0.2
@@ -2,0 +54,0 @@ =========================

lib/send-html.js

@@ -7,3 +7,3 @@ // Copyright IBM Corp. 2016. All Rights Reserved.
 'use strict';
-const ejs = require('ejs');
+const handlebars = require('handlebars');
 const fs = require('fs');
@@ -20,2 +20,9 @@ const path = require('path');
 
+/**
+ * Sends HTML response to the client.
+ *
+ * @param {Object} res - The response object.
+ * @param {Object} data - The data object to be rendered in the HTML.
+ * @param {Object} options - The options object.
+ */
 function sendHtml(res, data, options) {
@@ -29,2 +36,31 @@ const toRender = {options, data};
 /**
+ * Returns the content of a Handlebars partial file as a string.
+ * @param {string} name - The name of the Handlebars partial file.
+ * @returns {string} The content of the Handlebars partial file as a string.
+ */
+function partial(name) {
+  const partialPath = path.resolve(assetDir, `${name}.hbs`);
+  const partialContent = fs.readFileSync(partialPath, 'utf8');
+  return partialContent;
+}
+
+handlebars.registerHelper('partial', partial);
+
+/**
+ * Checks if the given property is a standard property.
+ * @param {string} prop - The property to check.
+ * @param {Object} options - The Handlebars options object.
+ * @returns {string} - The result of the Handlebars template.
+ */
+function standardProps(prop, options) {
+  const standardProps = ['name', 'statusCode', 'message', 'stack'];
+  if (standardProps.indexOf(prop) === -1) {
+    return options.fn(this);
+  }
+  return options.inverse(this);
+}
+
+handlebars.registerHelper('standardProps', standardProps);
+
+/**
  * Compile and cache the file with the `filename` key in options
@@ -38,11 +74,19 @@ *
   const fileContent = fs.readFileSync(filepath, 'utf8');
-  return ejs.compile(fileContent, options);
+  return handlebars.compile(fileContent, options);
 }
 
-// loads and cache default error templates
+/**
+ * Loads the default error handlebars template from the asset directory and compiles it.
+ * @returns {Function} The compiled handlebars template function.
+ */
 function loadDefaultTemplates() {
-  const defaultTemplate = path.resolve(assetDir, 'default-error.ejs');
+  const defaultTemplate = path.resolve(assetDir, 'default-error.hbs');
   return compileTemplate(defaultTemplate);
 }
 
+/**
+ * Sends an HTML response with the given body to the provided response object.
+ * @param {Object} res - The response object to send the HTML response to.
+ * @param {string} body - The HTML body to send in the response.
+ */
 function sendResponse(res, body) {
@@ -49,0 +93,0 @@ res.setHeader('Content-Type', 'text/html; charset=utf-8');

package.json

@@ -5,3 +5,3 @@ {
   "license": "MIT",
-  "version": "5.0.2",
+  "version": "5.0.5",
   "engines": {
@@ -23,5 +23,5 @@ "node": ">=16"
     "debug": "^4.3.4",
-    "ejs": "^3.1.9",
     "fast-safe-stringify": "^2.1.1",
-    "http-status": "^1.7.0",
+    "handlebars": "^4.7.8",
+    "http-status": "^1.7.3",
     "js2xmlparser": "^5.0.0",
@@ -31,8 +31,10 @@ "strong-globalize": "^6.0.6"
   "devDependencies": {
-    "@commitlint/config-conventional": "^17.8.0",
-    "@types/express": "^4.17.19",
+    "@commitlint/cli": "^18.4.3",
+    "@commitlint/config-conventional": "^18.4.3",
+    "@types/express": "^4.17.21",
     "chai": "^4.3.10",
-    "eslint": "^8.51.0",
+    "eslint": "^8.55.0",
     "eslint-config-loopback": "^13.1.0",
     "express": "^4.18.2",
+    "lockfile-lint": "^4.12.1",
     "mocha": "^10.2.0",
@@ -39,0 +41,0 @@ "supertest": "^6.3.3"

README.md

 # strong-error-handler
 
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8058/badge)](https://www.bestpractices.dev/projects/8058)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/loopbackio/strong-error-handler/badge)](https://securityscorecards.dev/viewer/?uri=github.com/loopbackio/strong-error-handler)
+[![Continuous Integration](https://github.com/loopbackio/strong-error-handler/actions/workflows/continuous-integration.yml/badge.svg)](https://github.com/loopbackio/strong-error-handler/actions/workflows/continuous-integration.yml)
+[![CodeQL](https://github.com/loopbackio/strong-error-handler/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/loopbackio/strong-error-handler/actions/workflows/codeql-analysis.yml)
+
 This package is an error handler for use in both development (debug) and production environments.
@@ -4,0 +9,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

67582

increased by18.21%

Number of package files

43

increased by2.38%

Lines of code

522

increased by1.75%

Number of lines in readme file

288

increased by1.77%

Worsened metrics

Dev dependency count

10

increased by25%

Dependency changes

• + Addedhandlebars@^4.7.8

• + Addedhandlebars@4.7.8(transitive)

• + Addedminimist@1.2.8(transitive)

• + Addedneo-async@2.6.2(transitive)

• + Addedsource-map@0.6.1(transitive)

• + Addeduglify-js@3.19.3(transitive)

• + Addedwordwrap@1.0.0(transitive)

• - Removedejs@^3.1.9

• - Removedansi-styles@4.3.0(transitive)

• - Removedasync@3.2.6(transitive)

• - Removedbrace-expansion@2.0.1(transitive)

• - Removedchalk@4.1.2(transitive)

• - Removedcolor-convert@2.0.1(transitive)

• - Removedcolor-name@1.1.4(transitive)

• - Removedejs@3.1.10(transitive)

• - Removedfilelist@1.0.4(transitive)

• - Removedhas-flag@4.0.0(transitive)

• - Removedjake@10.9.2(transitive)

• - Removedminimatch@5.1.6(transitive)

• - Removedsupports-color@7.2.0(transitive)

• Updatedhttp-status@^1.7.3