Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Memory consumption issues on Node JS 16.11.0+ #11956

Closed
EternallLight opened this issue Oct 13, 2021 · 285 comments
Closed

[Bug]: Memory consumption issues on Node JS 16.11.0+ #11956

EternallLight opened this issue Oct 13, 2021 · 285 comments

Comments

@EternallLight
Copy link

EternallLight commented Oct 13, 2021

🚨 As of Node 21.1.0, this has been fixed upstream. Hopefully the fixes will be backported to v18 and v20 as well (as of writing (Oct. 26 2023) they have not. Node 18.20.0 and Node 20.10.0 have the backports), but that is up to the Node.js project and nothing we control from here. Note that (native) ESM still has memory leaks - that can be tracked here: #14605. If you're unable to upgrade your version of Node, you can use --workerIdleMemoryLimit in Jest 29 and later. See https://jestjs.io/docs/configuration/#workeridlememorylimit-numberstring 🚨

Version

27.0.6

Steps to reproduce

  1. Install the latest Node JS (16.11.0 or later) or use the appropriate Docker image
  2. Set up a project with a multiplicity Jest tests
  3. Run node --expose-gc node_modules/.bin/jest --logHeapUsage and see how the memory consumption starts increasing.

Expected behavior

Since Jest calls global.gc() when Garbage Collector is exposed and --logHeapUsage flag is present, the memory usage should be stable.

Actual behavior

The memory usage increases with every new test

Additional context

We had some issues with Jest workers consuming all available RAM both on CI machine and locally.
After doing some research, we found that if we run Jest like the following node --expose-gc node_modules/.bin/jest --logHeapUsage, the heap size remains stable. After upgrading to Node JS v16.11.0, the issue was back. Node v16.10.0 works fine. I believe it was something accidentally introduced in the new Node, but it might be useful to take a look at this from Jest perspective in search of possible workarounds.
I'm also having the same behavior on my working machine, environment of which I'm pasting below 👇🏻

Environment

System:
    OS: macOS 11.6
    CPU: (8) x64 Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
  Binaries:
    Node: 16.11.0 - ~/.nvm/versions/node/v16.11.0/bin/node
    Yarn: 1.22.0 - ~/SomeFancyDir/webapp/node_modules/.bin/yarn
    npm: 8.0.0 - ~/.nvm/versions/node/v16.11.0/bin/npm
  npmPackages:
    jest: 27.0.6 => 27.0.6
@rthreei
Copy link

rthreei commented Nov 9, 2021

We're also experiencing this issue. Node 16.11+ and Jest v27 consumes significantly more memory. Node 16.10 and Jest v27 seems OK.

@blimmer
Copy link
Contributor

blimmer commented Nov 12, 2021

We're also unable to update to the LTS version of Node 16 (at the time of writing 16.13.0) because of this issue. We bisected the changes and identified that the upgrade from Node 16.10 to 16.11 caused our large Jest suite to hang indefinitely.

I took a look at the Node 16.11 changelog and I think the most likely culprit for this issue comes from the V8 update to 9.4 (PR). In V8 9.4, the new Sparkplug compiler is enabled by default (see also this Node issue).

I was hoping I could try disabling sparkplug to see verify that this is the issue. node exposes a V8 option to disable (--no-sparkplug), but I don't think it's passing through to the Jest workers when I call it like this:

node --no-sparkplug node_modules/.bin/jest

I also tried setting the V8 option in jest-environment-node here: https://github.com/facebook/jest/blob/42b020f2931ac04820521cc8037b7c430eb2fa2f/packages/jest-environment-node/src/index.ts#L109 via

setFlagsFromString('--no-sparkplug');

but I didn't see any change. I'm not sure if that means Sparkplug isn't causing the problem or if I'm not setting the V8 flag properly in the jest workers.

@SimenB - I see you've committed a good deal to jest-environment-node - any tips for how I might pass that V8 flag down through all the workers? If it's possible (even via patch-pacakge or something) I'd be happy to give it a shot on our test suite that's exhibiting the problem.

So I'm not exactly positive that this is the cause of the issue, but it seems like a potentially promising place to start looking.

@SimenB
Copy link
Member

SimenB commented Nov 12, 2021

any tips for how I might pass that V8 flag down through all the workers?

I would have thought https://github.com/facebook/jest/blob/e0b33b74b5afd738edc183858b5c34053cfc26dd/packages/jest-worker/src/workers/ChildProcessWorker.ts#L93-L94 made it so it was passed down...

@blimmer
Copy link
Contributor

blimmer commented Nov 12, 2021

It's possible the sparkplug thing is a red herring. Nothing else jumped out at me from that changelog.

I captured some heap size metrics to show the scale of the difference.

Node 16.10.0 (baseline)

> node --expose-gc ./node_modules/.bin/jest --logHeapUsage --maxWorkers ${TEST_PARALLELISM:-8} "--reporters=default" "--reporters=jest-junit"
(14.297 s, 211 MB heap size)
(16.811 s, 211 MB heap size)
(17.913 s, 211 MB heap size)
(18.382 s, 213 MB heap size)
(18.38 s, 214 MB heap size)
(19.122 s, 238 MB heap size)
(19.241 s, 211 MB heap size)
(21.969 s, 222 MB heap size)
(10.783 s, 268 MB heap size)
(6.974 s, 268 MB heap size)
(7.575 s, 267 MB heap size)
(7.404 s, 269 MB heap size)
(6.788 s, 288 MB heap size)
(6.907 s, 267 MB heap size)
(10.324 s, 268 MB heap size)
(6.796 s, 276 MB heap size)
(5.177 s, 282 MB heap size)
(5.638 s, 269 MB heap size)
(5.702 s, 269 MB heap size)
(268 MB heap size)
(6.432 s, 271 MB heap size)
(7.227 s, 268 MB heap size)
(7.276 s, 272 MB heap size)
(5.192 s, 278 MB heap size)
(271 MB heap size)
(5.053 s, 286 MB heap size)
(269 MB heap size)
(5.3 s, 272 MB heap size)
(281 MB heap size)
(274 MB heap size)
(281 MB heap size)
(5.018 s, 272 MB heap size)
(274 MB heap size)
(288 MB heap size)
(275 MB heap size)
(272 MB heap size)
(276 MB heap size)
(278 MB heap size)
(285 MB heap size)
(274 MB heap size)
(290 MB heap size)
(277 MB heap size)
(275 MB heap size)
(278 MB heap size)
(278 MB heap size)
(280 MB heap size)
(287 MB heap size)
(277 MB heap size)
(293 MB heap size)
(280 MB heap size)
(277 MB heap size)
(281 MB heap size)
(281 MB heap size)
(280 MB heap size)
(283 MB heap size)
(289 MB heap size)
(296 MB heap size)
(283 MB heap size)
(280 MB heap size)
(284 MB heap size)
(283 MB heap size)
(282 MB heap size)
(285 MB heap size)
(292 MB heap size)
(298 MB heap size)
(282 MB heap size)
(285 MB heap size)
(286 MB heap size)
(286 MB heap size)
(285 MB heap size)
(287 MB heap size)
(295 MB heap size)
(301 MB heap size)
(285 MB heap size)
(288 MB heap size)
(289 MB heap size)
(289 MB heap size)
(288 MB heap size)
(290 MB heap size)
(298 MB heap size)
(216 MB heap size)
(304 MB heap size)
(288 MB heap size)
(290 MB heap size)
(292 MB heap size)
(292 MB heap size)
(296 MB heap size)
(294 MB heap size)
(295 MB heap size)
(293 MB heap size)
(6.766 s, 283 MB heap size)
(7.887 s, 273 MB heap size)
(7.654 s, 308 MB heap size)
(8.406 s, 272 MB heap size)
(298 MB heap size)
(298 MB heap size)
(297 MB heap size)
(295 MB heap size)
(297 MB heap size)
(300 MB heap size)
(289 MB heap size)
(305 MB heap size)
(301 MB heap size)
(300 MB heap size)
(291 MB heap size)
(297 MB heap size)
(300 MB heap size)
(303 MB heap size)
(303 MB heap size)
(292 MB heap size)
(303 MB heap size)
(308 MB heap size)
(311 MB heap size)
(300 MB heap size)
(303 MB heap size)
(306 MB heap size)
(295 MB heap size)
(306 MB heap size)
(310 MB heap size)
(305 MB heap size)
(297 MB heap size)
(303 MB heap size)
(306 MB heap size)
(309 MB heap size)
(297 MB heap size)
(313 MB heap size)
(310 MB heap size)
(307 MB heap size)
(305 MB heap size)
(299 MB heap size)
(308 MB heap size)
(311 MB heap size)
(315 MB heap size)
(300 MB heap size)
(311 MB heap size)
(220 MB heap size)
(208 MB heap size)
(310 MB heap size)
(302 MB heap size)
(309 MB heap size)
(242 MB heap size)
(311 MB heap size)
(284 MB heap size)
(322 MB heap size)
(296 MB heap size)
(312 MB heap size)
(313 MB heap size)
(315 MB heap size)
(317 MB heap size)
(316 MB heap size)
(304 MB heap size)
(315 MB heap size)
(308 MB heap size)
(315 MB heap size)
(317 MB heap size)
(318 MB heap size)
(317 MB heap size)
(320 MB heap size)
(306 MB heap size)
(311 MB heap size)
(317 MB heap size)
(320 MB heap size)
(318 MB heap size)
(320 MB heap size)
(323 MB heap size)
(320 MB heap size)
(310 MB heap size)
(313 MB heap size)
(323 MB heap size)
(320 MB heap size)
(321 MB heap size)
(340 MB heap size)
(326 MB heap size)
(323 MB heap size)
(312 MB heap size)
(326 MB heap size)
(316 MB heap size)
(322 MB heap size)
(328 MB heap size)
(323 MB heap size)
(326 MB heap size)
(343 MB heap size)
(315 MB heap size)
(329 MB heap size)
(325 MB heap size)
(319 MB heap size)
(328 MB heap size)
(326 MB heap size)
(331 MB heap size)
(345 MB heap size)
(318 MB heap size)
(331 MB heap size)
(328 MB heap size)
(321 MB heap size)
(329 MB heap size)
(332 MB heap size)
(334 MB heap size)
(348 MB heap size)
(320 MB heap size)
(334 MB heap size)
(331 MB heap size)
(324 MB heap size)
(335 MB heap size)
(332 MB heap size)
(337 MB heap size)
(350 MB heap size)
(323 MB heap size)
(265 MB heap size)
(333 MB heap size)
(337 MB heap size)
(302 MB heap size)
(240 MB heap size)
(327 MB heap size)
(257 MB heap size)
(266 MB heap size)
(334 MB heap size)
(337 MB heap size)
(9.083 s, 342 MB heap size)
(9.235 s, 319 MB heap size)
(9.967 s, 321 MB heap size)
(9.455 s, 345 MB heap size)
(9.686 s, 359 MB heap size)
(12.938 s, 313 MB heap size)
(13.969 s, 340 MB heap size)
(14.6 s, 333 MB heap size)
(6.149 s, 340 MB heap size)
(8.209 s, 347 MB heap size)
(9.345 s, 337 MB heap size)
(10 s, 344 MB heap size)
(8.202 s, 360 MB heap size)
(7.368 s, 333 MB heap size)
(6.233 s, 342 MB heap size)
(6.243 s, 359 MB heap size)
(6.108 s, 342 MB heap size)
(363 MB heap size)
(5.324 s, 315 MB heap size)
(332 MB heap size)
(6.147 s, 338 MB heap size)
(345 MB heap size)
(5.909 s, 341 MB heap size)
(7.36 s, 325 MB heap size)
(5.155 s, 342 MB heap size)
(324 MB heap size)
(5.058 s, 364 MB heap size)
(313 MB heap size)
(5.34 s, 276 MB heap size)
(273 MB heap size)
(342 MB heap size)
(281 MB heap size)
(271 MB heap size)
(327 MB heap size)
(273 MB heap size)
(344 MB heap size)
(276 MB heap size)
(296 MB heap size)
(273 MB heap size)
(281 MB heap size)
(271 MB heap size)
(276 MB heap size)
(289 MB heap size)
(299 MB heap size)
(347 MB heap size)
(277 MB heap size)
(275 MB heap size)
(283 MB heap size)
(274 MB heap size)
(279 MB heap size)
(291 MB heap size)
(350 MB heap size)
(302 MB heap size)
(279 MB heap size)
(278 MB heap size)
(286 MB heap size)
(277 MB heap size)
(281 MB heap size)
(294 MB heap size)
(353 MB heap size)
(283 MB heap size)
(284 MB heap size)
(289 MB heap size)
(281 MB heap size)
(281 MB heap size)
(285 MB heap size)
(297 MB heap size)
(285 MB heap size)
(355 MB heap size)
(287 MB heap size)
(283 MB heap size)
(292 MB heap size)
(282 MB heap size)
(287 MB heap size)
(300 MB heap size)
(286 MB heap size)
(358 MB heap size)
(287 MB heap size)
(294 MB heap size)
(290 MB heap size)
(285 MB heap size)
(290 MB heap size)
(302 MB heap size)
(289 MB heap size)
(297 MB heap size)
(290 MB heap size)
(292 MB heap size)
(361 MB heap size)
(365 MB heap size)
(5.125 s, 298 MB heap size)
(6.13 s, 295 MB heap size)
(6.526 s, 304 MB heap size)
(6.928 s, 301 MB heap size)
(7.982 s, 281 MB heap size)
(8.516 s, 317 MB heap size)
(9.841 s, 313 MB heap size)
(5.477 s, 295 MB heap size)
(5.506 s, 312 MB heap size)
(296 MB heap size)
(294 MB heap size)
(301 MB heap size)
(298 MB heap size)
(326 MB heap size)
(301 MB heap size)
(297 MB heap size)
(294 MB heap size)
(294 MB heap size)
(330 MB heap size)
(295 MB heap size)
(301 MB heap size)
(330 MB heap size)
(296 MB heap size)
(323 MB heap size)
(297 MB heap size)
(297 MB heap size)
(316 MB heap size)
(297 MB heap size)
(304 MB heap size)
(332 MB heap size)
(298 MB heap size)
(308 MB heap size)
(319 MB heap size)
(300 MB heap size)
(300 MB heap size)
(300 MB heap size)
(334 MB heap size)
(306 MB heap size)
(301 MB heap size)
(310 MB heap size)
(303 MB heap size)
(322 MB heap size)
(302 MB heap size)
(302 MB heap size)
(337 MB heap size)
(310 MB heap size)
(212 MB heap size)
(209 MB heap size)
(304 MB heap size)
(253 MB heap size)
(230 MB heap size)
(265 MB heap size)
(286 MB heap size)
(312 MB heap size)
(5.316 s, 317 MB heap size)
(5.007 s, 307 MB heap size)
(8.481 s, 309 MB heap size)
(8.669 s, 289 MB heap size)
(10.421 s, 313 MB heap size)
(283 MB heap size)
(5.801 s, 316 MB heap size)
(336 MB heap size)
(13.269 s, 344 MB heap size)
(288 MB heap size)
(14.837 s, 338 MB heap size)
(288 MB heap size)
(331 MB heap size)
(285 MB heap size)
(302 MB heap size)
(287 MB heap size)
(340 MB heap size)
(297 MB heap size)
(297 MB heap size)
(287 MB heap size)
(313 MB heap size)
(291 MB heap size)
(343 MB heap size)
(300 MB heap size)
(279 MB heap size)
(298 MB heap size)
(290 MB heap size)
(293 MB heap size)
(314 MB heap size)
(303 MB heap size)
(345 MB heap size)
(282 MB heap size)
(301 MB heap size)
(25.518 s, 290 MB heap size)
(293 MB heap size)
(295 MB heap size)
(317 MB heap size)
(305 MB heap size)
(284 MB heap size)
(348 MB heap size)
(303 MB heap size)
(295 MB heap size)
(298 MB heap size)
(320 MB heap size)
(306 MB heap size)
(308 MB heap size)
(287 MB heap size)
(351 MB heap size)
(306 MB heap size)
(298 MB heap size)
(301 MB heap size)
(322 MB heap size)
(310 MB heap size)
(309 MB heap size)
(290 MB heap size)
(353 MB heap size)
(308 MB heap size)
(300 MB heap size)
(264 MB heap size)
(303 MB heap size)
(312 MB heap size)
(326 MB heap size)
(292 MB heap size)
(313 MB heap size)
(268 MB heap size)
(356 MB heap size)
(233 MB heap size)
(220 MB heap size)
(254 MB heap size)
(252 MB heap size)
(232 MB heap size)
(255 MB heap size)
(232 MB heap size)

Node 16.11.0 (problem introduced)

> node --expose-gc --no-sparkplug ./node_modules/.bin/jest --logHeapUsage --maxWorkers ${TEST_PARALLELISM:-8} "--reporters=default" "--reporters=jest-junit"
(41.727 s, 217 MB heap size)
(42.441 s, 217 MB heap size)
(42.452 s, 216 MB heap size)
(45.134 s, 217 MB heap size)
(45.868 s, 220 MB heap size)
(46.713 s, 245 MB heap size)
(49.371 s, 247 MB heap size)
(9.725 s, 328 MB heap size)
(12.574 s, 329 MB heap size)
(54.825 s, 218 MB heap size)
(8.787 s, 340 MB heap size)
(13.189 s, 329 MB heap size)
(13.471 s, 328 MB heap size)
(10.219 s, 341 MB heap size)
(14.752 s, 333 MB heap size)
(8.109 s, 397 MB heap size)
(10.887 s, 386 MB heap size)
(13.786 s, 387 MB heap size)
(8.03 s, 385 MB heap size)
(13.016 s, 388 MB heap size)
(9.036 s, 419 MB heap size)
(332 MB heap size)
(16.237 s, 328 MB heap size)
(10.056 s, 390 MB heap size)
(7.183 s, 458 MB heap size)
(6.975 s, 446 MB heap size)
(9.844 s, 411 MB heap size)
(7.222 s, 423 MB heap size)
(7.276 s, 426 MB heap size)
(6.49 s, 520 MB heap size)
(7.583 s, 444 MB heap size)
(14.041 s, 416 MB heap size)
(10.527 s, 386 MB heap size)
(6.191 s, 415 MB heap size)
(8.422 s, 510 MB heap size)
(6.528 s, 581 MB heap size)
(7.28 s, 486 MB heap size)
(9.558 s, 523 MB heap size)
(7.271 s, 423 MB heap size)
(6.011 s, 545 MB heap size)
(7.171 s, 477 MB heap size)
(9.289 s, 414 MB heap size)
(16.893 s, 496 MB heap size)
(9.017 s, 642 MB heap size)
(7.173 s, 521 MB heap size)
(9.823 s, 548 MB heap size)
(6.973 s, 606 MB heap size)
(7.009 s, 565 MB heap size)
(6.953 s, 416 MB heap size)
(8.185 s, 483 MB heap size)
(581 MB heap size)
(8.146 s, 489 MB heap size)
(5.061 s, 609 MB heap size)
(5.397 s, 666 MB heap size)
(6.634 s, 541 MB heap size)
(5.866 s, 476 MB heap size)
(8.275 s, 670 MB heap size)
(529 MB heap size)
(9.576 s, 478 MB heap size)
(6.206 s, 643 MB heap size)
(7.119 s, 670 MB heap size)
(6.208 s, 538 MB heap size)
(10.041 s, 550 MB heap size)
(6.383 s, 623 MB heap size)
(8.896 s, 727 MB heap size)
(6.355 s, 477 MB heap size)
(6.294 s, 704 MB heap size)
(5.112 s, 599 MB heap size)
(12.077 s, 748 MB heap size)
(5.699 s, 731 MB heap size)
(730 MB heap size)
(6.233 s, 722 MB heap size)
(7.113 s, 549 MB heap size)
(8.579 s, 684 MB heap size)
(6.936 s, 776 MB heap size)
(6.933 s, 659 MB heap size)
(6.843 s, 794 MB heap size)
(10.345 s, 539 MB heap size)
(5.048 s, 842 MB heap size)
(609 MB heap size)
(5.361 s, 783 MB heap size)
(6.001 s, 682 MB heap size)
(6.456 s, 828 MB heap size)
(5.785 s, 854 MB heap size)
(5.447 s, 451 MB heap size)
(5.668 s, 670 MB heap size)
(5.305 s, 843 MB heap size)
(7.549 s, 720 MB heap size)
(6.11 s, 903 MB heap size)
(5.761 s, 743 MB heap size)
(731 MB heap size)
(6.164 s, 889 MB heap size)
(5.513 s, 914 MB heap size)
(5.31 s, 904 MB heap size)
(5.111 s, 963 MB heap size)
(6.897 s, 512 MB heap size)
(6.214 s, 782 MB heap size)
(5.568 s, 805 MB heap size)
(573 MB heap size)
(5.445 s, 949 MB heap size)
(1024 MB heap size)
(6.722 s, 793 MB heap size)
(842 MB heap size)
(6.405 s, 964 MB heap size)
(8.361 s, 975 MB heap size)
(5.613 s, 865 MB heap size)
(902 MB heap size)
(5.719 s, 1009 MB heap size)
(5.861 s, 1084 MB heap size)
(5.734 s, 854 MB heap size)
(5.225 s, 1026 MB heap size)
(7.716 s, 633 MB heap size)
(5.191 s, 926 MB heap size)
(6.251 s, 974 MB heap size)
(1069 MB heap size)
(1085 MB heap size)
(1145 MB heap size)
(6.744 s, 962 MB heap size)
(5.617 s, 915 MB heap size)
(6.088 s, 653 MB heap size)
(1034 MB heap size)
(5.324 s, 987 MB heap size)
(5.146 s, 1130 MB heap size)
(1146 MB heap size)
(713 MB heap size)
(5.612 s, 1223 MB heap size)
(5.552 s, 975 MB heap size)
(1094 MB heap size)
(6.886 s, 963 MB heap size)
(6.49 s, 1048 MB heap size)
(1205 MB heap size)
(5.253 s, 1192 MB heap size)
(5.241 s, 775 MB heap size)
(1265 MB heap size)
(1156 MB heap size)
(1022 MB heap size)
(6.167 s, 1035 MB heap size)
(5.235 s, 1266 MB heap size)
(5.017 s, 1273 MB heap size)
(7.344 s, 1107 MB heap size)
(5.872 s, 1329 MB heap size)
(5.267 s, 1084 MB heap size)
(6.312 s, 1216 MB heap size)
(9.271 s, 837 MB heap size)
(1329 MB heap size)
(1315 MB heap size)
(10.02 s, 1107 MB heap size)
(1389 MB heap size)
(6.675 s, 983 MB heap size)
(1144 MB heap size)
(1276 MB heap size)
(5.482 s, 775 MB heap size)
(1375 MB heap size)
(5.25 s, 1390 MB heap size)
(5.264 s, 1204 MB heap size)
(5.69 s, 1449 MB heap size)
(5.953 s, 1042 MB heap size)
(6.997 s, 1031 MB heap size)
(1339 MB heap size)
(6.208 s, 845 MB heap size)
(5.602 s, 1435 MB heap size)
(1265 MB heap size)
(1092 MB heap size)
(6.002 s, 1103 MB heap size)
(898 MB heap size)
(9.446 s, 1462 MB heap size)
(6.544 s, 1510 MB heap size)
(6.159 s, 1400 MB heap size)
(1495 MB heap size)
(1328 MB heap size)
(5.141 s, 1152 MB heap size)
(1513 MB heap size)
(5.133 s, 957 MB heap size)
(5.965 s, 1164 MB heap size)
(1571 MB heap size)
(6.002 s, 1397 MB heap size)
(5.063 s, 1556 MB heap size)
(5.68 s, 1388 MB heap size)
(1018 MB heap size)
(6.518 s, 1212 MB heap size)
(5.141 s, 1631 MB heap size)
(6.407 s, 1574 MB heap size)
(6.51 s, 1224 MB heap size)
(5.082 s, 1466 MB heap size)
(1616 MB heap size)
(1078 MB heap size)
(1448 MB heap size)
(6.306 s, 1273 MB heap size)
(5.142 s, 1691 MB heap size)
(1677 MB heap size)
(5.811 s, 1077 MB heap size)
(1139 MB heap size)
(6.226 s, 1435 MB heap size)
(1508 MB heap size)
(1138 MB heap size)
(6.122 s, 1213 MB heap size)
(1736 MB heap size)
(1199 MB heap size)
(1496 MB heap size)
(15.376 s, 1528 MB heap size)
(1272 MB heap size)
(5.026 s, 1198 MB heap size)
(10.881 s, 1763 MB heap size)
(1258 MB heap size)
(8.77 s, 1580 MB heap size)
(1556 MB heap size)
(5.052 s, 1797 MB heap size)
(1586 MB heap size)
(1333 MB heap size)
(1322 MB heap size)
(1631 MB heap size)
(5.567 s, 1259 MB heap size)
(1616 MB heap size)
(5.411 s, 1857 MB heap size)
(6.565 s, 1755 MB heap size)
(1646 MB heap size)
(1691 MB heap size)
(1322 MB heap size)
(5.522 s, 1382 MB heap size)
(5.783 s, 1393 MB heap size)
(1549 MB heap size)
(5.275 s, 1676 MB heap size)
(1918 MB heap size)
(1442 MB heap size)
(1751 MB heap size)
(5.368 s, 1382 MB heap size)
(5.263 s, 1454 MB heap size)
(1661 MB heap size)
(5.433 s, 1736 MB heap size)
(1978 MB heap size)
(1502 MB heap size)
(1442 MB heap size)
(1812 MB heap size)
(1514 MB heap size)
(1737 MB heap size)
(1796 MB heap size)
(2038 MB heap size)
(17.555 s, 1800 MB heap size)
(1563 MB heap size)
(1502 MB heap size)
(1872 MB heap size)
(1574 MB heap size)
(1797 MB heap size)
(1428 MB heap size)
(1857 MB heap size)
(2099 MB heap size)
(1750 MB heap size)
(1562 MB heap size)
(6.206 s, 1569 MB heap size)
(1635 MB heap size)
(1933 MB heap size)
(6.031 s, 1560 MB heap size)
(1917 MB heap size)
(1862 MB heap size)
(2159 MB heap size)
(1623 MB heap size)
(1629 MB heap size)
(1694 MB heap size)
(5.348 s, 1637 MB heap size)
(1938 MB heap size)
(2218 MB heap size)
(6.073 s, 1978 MB heap size)
(1689 MB heap size)
(1683 MB heap size)
(1755 MB heap size)
(1543 MB heap size)
(1697 MB heap size)
(1998 MB heap size)
(2038 MB heap size)
(5.306 s, 2285 MB heap size)
(1749 MB heap size)
(1815 MB heap size)
(1677 MB heap size)
(2072 MB heap size)
(1757 MB heap size)
(2059 MB heap size)
(2098 MB heap size)
(2345 MB heap size)
(1875 MB heap size)
(1753 MB heap size)
(1817 MB heap size)
(2115 MB heap size)
(8.092 s, 1810 MB heap size)
(2118 MB heap size)
(2158 MB heap size)
(2405 MB heap size)
(1936 MB heap size)
(1814 MB heap size)
(5.142 s, 1877 MB heap size)
(1869 MB heap size)
(2138 MB heap size)
(5.164 s, 2192 MB heap size)
(2180 MB heap size)
(1874 MB heap size)
(2465 MB heap size)
(1996 MB heap size)
(1931 MB heap size)
(5.237 s, 1938 MB heap size)
(2252 MB heap size)
(5.079 s, 2247 MB heap size)
(2239 MB heap size)
(2057 MB heap size)
(1934 MB heap size)
(2525 MB heap size)
(1997 MB heap size)
(1990 MB heap size)
(2312 MB heap size)
(2307 MB heap size)
(2305 MB heap size)
(2116 MB heap size)
(2258 MB heap size)
(1995 MB heap size)
(2586 MB heap size)
(5.015 s, 2058 MB heap size)
(2050 MB heap size)
(2365 MB heap size)
(2373 MB heap size)
(2176 MB heap size)
(2390 MB heap size)
(2055 MB heap size)
(2337 MB heap size)
(2645 MB heap size)
(2118 MB heap size)
(2110 MB heap size)
(2433 MB heap size)
(2053 MB heap size)
(2237 MB heap size)
(2114 MB heap size)
(2450 MB heap size)
(2447 MB heap size)
(2178 MB heap size)
(2706 MB heap size)
(2180 MB heap size)
(2296 MB heap size)
(2175 MB heap size)
(2511 MB heap size)
(2507 MB heap size)
(2239 MB heap size)
(2767 MB heap size)
(2553 MB heap size)
(2241 MB heap size)
(2163 MB heap size)
(2235 MB heap size)
(2362 MB heap size)
(2567 MB heap size)
(5.929 s, 2598 MB heap size)
(2826 MB heap size)
(2613 MB heap size)
(2301 MB heap size)
(2293 MB heap size)
(2422 MB heap size)
(2301 MB heap size)
(2627 MB heap size)
(2284 MB heap size)
(2623 MB heap size)
(2887 MB heap size)
(2673 MB heap size)
(2286 MB heap size)
(2367 MB heap size)
(2369 MB heap size)
(2361 MB heap size)
(2687 MB heap size)
(2684 MB heap size)
(2419 MB heap size)
(2733 MB heap size)
(2963 MB heap size)
(2429 MB heap size)
(2427 MB heap size)
(2421 MB heap size)
(2747 MB heap size)
(2495 MB heap size)
(2489 MB heap size)
(2744 MB heap size)
(2793 MB heap size)
(2488 MB heap size)
(3007 MB heap size)
(2481 MB heap size)
(2807 MB heap size)
(2549 MB heap size)
(2804 MB heap size)
(2555 MB heap size)
(2854 MB heap size)
(2547 MB heap size)
(3067 MB heap size)
(2541 MB heap size)
(2867 MB heap size)
(2863 MB heap size)
(2615 MB heap size)
(2609 MB heap size)
(2607 MB heap size)
(2914 MB heap size)
(3127 MB heap size)
(2601 MB heap size)
(2927 MB heap size)
(2669 MB heap size)
(2667 MB heap size)
(2974 MB heap size)
(3187 MB heap size)
(2662 MB heap size)
(2681 MB heap size)
(2988 MB heap size)
(2729 MB heap size)
(2984 MB heap size)
(2727 MB heap size)
(2723 MB heap size)
(3247 MB heap size)
(2757 MB heap size)
(3048 MB heap size)
(2789 MB heap size)
(5.435 s, 3044 MB heap size)
(11.665 s, 2788 MB heap size)
(12.754 s, 2859 MB heap size)

I'll log out the code you posted to make sure it's being passed down.

@blimmer
Copy link
Contributor

blimmer commented Nov 12, 2021

Yep, @SimenB you were correct - the --no-sparkplug flag does appear to be making it down to the workers. Thanks for pointing me to that code.

Screen Shot 2021-11-12 at 10 53 37 AM

@EternallLight and @rthreei - is there anything about your codebase that's notable to potentially cause this issue? The only thing I can think of on my end is that we make heavy use of async_hooks and have historically had issues upgrading in the 16.x series related to them.

I'm sure the jest team would love to have some kind of reproducibility to try to look more closely at this, but I'm struggling to develop a small reproducible case.

@rthreei
Copy link

rthreei commented Nov 12, 2021

@blimmer nothing in particular is notable about our codebase. It's not a small codebase, but not very big either. Prior to 16.11, there were known memory leaks when running test suite (potentially around lodash); maybe made worse by 16.11.

@SimenB
Copy link
Member

SimenB commented Nov 15, 2021

If it's specifically in 16.11, you can probably try to build node yourself and bisect https://github.com/nodejs/node/compare/v16.10.0..v16.11.0. Figuring out which commit that introduced it might help understand when one (or more) of your code, Node and Jest does wrong 🙂

@pustovalov
Copy link

pustovalov commented Nov 15, 2021

Looks like in new version of node, garbage collector will no longer clear memory until it reaches the limit.

RAM: 4GB

Node v14.17.3

node --expose-gc --trace_gc ./node_modules/.bin/jest app/javascript --forceExit --ci -w=2 --coverage --logHeapUsage > log/jest_memory_usage.log

Max memory usage:

[552:0x49fcc00]   116300 ms: Scavenge 700.3 (726.1) -> 692.0 (729.6) MB, 4.4 / 0.0 ms  (average mu = 0.983, current mu = 0.990) allocation failure 

full log:
https://gist.github.com/pustovalov/ad8bcd84b0b6bd6abec301982e03ed55

Node v16.13.0

node --expose-gc --trace_gc ./node_modules/.bin/jest app/javascript --forceExit --ci -w=2 --coverage --logHeapUsage > log/current-node-16.log

Max memory usage:

[10321:0x7fdd67100000]   865787 ms: Scavenge 2939.4 (3351.0) -> 2924.0 (3351.0) MB, 3.1 / 0.0 ms  (average mu = 0.346, current mu = 0.315) allocation failure 

full log:
https://gist.github.com/pustovalov/01cc1f484566f4b692fb405335b5f78d

Node v16.13.0 with max-old-space-size

based on how much memory the process was using when it used node v14, set a limit in 700mb

node --expose-gc --trace_gc --max-old-space-size=700 ./node_modules/.bin/jest app/javascript --forceExit --ci -w=2 --coverage --logHeapUsage > log/jest_memory_usage.log

Max memory usage:

[1040:0x66e7250]   193826 ms: Scavenge 603.6 (640.0) -> 592.4 (643.3) MB, 9.2 / 0.0 ms  (average mu = 0.823, current mu = 0.844) allocation failure 

full log:
https://gist.github.com/pustovalov/a86545aa38708d6dda479ee9a1bc4e1d

If you set a limit that will be equal to the maximum amount of RAM, then the process will crash because the cleaning will begin only when this limit is reached

  System:
    OS: macOS 11.6
    CPU: (8) x64 Intel(R) Core(TM) i5-8259U CPU @ 2.30GHz
  Binaries:
    Node: 16.13.0 - /usr/local/Cellar/node@16/16.13.0/bin/node
    Yarn: 1.22.17 - /usr/local/bin/yarn
    npm: 8.1.0 - /usr/local/Cellar/node@16/16.13.0/bin/npm
  npmPackages:
    jest: ^27.3.1 => 27.3.1

@luiz290788
Copy link

If it's specifically in 16.11, you can probably try to build node yourself and bisect https://github.com/nodejs/node/compare/v16.10.0..v16.11.0. Figuring out which commit that introduced it might help understand when one (or more) of your code, Node and Jest does wrong 🙂

I've tried that. I was able to reproduce the issue on the last commit on v8 upgrade. It looks like the problem is related to v8 upgrade inside of node.

@B4nan
Copy link

B4nan commented Nov 16, 2021

Looks like I am hitting this as well. It happens only when doing coverage (as it eats more memory), and it ends up with hard failure. Locking node version to 16.10 helps, node 17 fails the same. Fails locally too.

Maybe one interesting note, it started to happen after I upgraded node-mongodb to v4, failed pipeline here.

@jgoz
Copy link

jgoz commented Nov 16, 2021

Trying to find potentially related issues in NodeJS and this one jumped out at me: nodejs/node#40014

And the associated V8 bug: https://bugs.chromium.org/p/v8/issues/detail?id=12198

@luiz290788
Copy link

I was trying to isolate the issue from our codebase and created this repo. It looks like that even for very simple test suites, the problem is there.

@mousetree
Copy link

We had consistent out of memory errors on node 16.13, reverting to 16.10 solved the problem for us.

@mb21
Copy link

mb21 commented Dec 2, 2021

Same here. On node 16.13.1, heap size goes up to 500MB while on node 16.10, it stays at 50MB with the following repro:

mkdir test
cd test
npm install jest
mkdir src
echo 'it("a", () => expect(0).toBeFalsy())' > src/a.test.js
for i in {1..100}; do cp src/a.test.js "src/a$i.test.js"; done
./node_modules/jest/bin/jest.js --runInBand --logHeapUsage

Edit: install Volta and do volta run --node 20.1.0 -- node ./node_modules/jest/bin/jest.js --runInBand --logHeapUsag to test a specific node version

@LukeNotable
Copy link

Running mb21's test on various Node versions confirms that everything after 16.10 (including 16.13.1 and 17.2.0) shows the same ever-growing heap, also running 3 times as slow.

We weren't able to get CI to finish running our tests under the latest Node 16, although somehow Node 17 was fine. 🤔

@lukeapage
Copy link
Contributor

I've just tracked down this issue - for us it is a 2-5x performance regression (hopefully those key words help people find this). I've also tested the latest nodejs 16 & 17 versions without luck.

running a subset of tests, Memory in windows task manager on 16.10 reaches 900mb per worker. On 16.11.0 it reaches 1800mb per worker.

@tzimmermann
Copy link

tzimmermann commented Dec 9, 2021

Also hitting this after upgrading to Node 16.13. It's quite bad for us, as we cannot resolve some CVEs that have been fixed in 16.13 already.

I understand the underlying v8 issue is closed (wontfix), so I don't have much hope we'll have this fixed in a new node version any time soon.

So I am wondering:

  • Are there plans to solve/work around this issue somehow from the jest side?
  • Is anyone aware if this memory leak has implications beyond slowing down jest, i.e. should we hold back with updating node servers running in production?

@jgoz
Copy link

jgoz commented Dec 9, 2021

  • Is anyone aware if this memory leak has implications beyond slowing down jest, i.e. should we hold back with updating node servers running in production?

I did some local profiling and didn't see any significant difference in memory consumption between 16.10 and 16.13 for our production app, but we aren't using vm.Script

@LukeNotable
Copy link

Following a suggestion on the Node issue, I tried running with the Node option --no-compilation-cache. Suddenly my CI with 5000 tests works again, and furthermore it finishes without the ~1GB of memory leakage that I always saw under Node 14 (and of course without the 5GB+ that would leak under Node 16.13 until OOM). The downside is that it seems to take about 25–50% longer to finish.

@amiedes
Copy link

amiedes commented Dec 15, 2021

We've been recently hit by this bug (or combination of them) in several services of our stack. It's been an inconvenience for use since once the heap size exceeded the 2GB available by GitHub Actions machines, our CI/CD process was failing 100% of the time.

I believe the "modules accumulating in the heap" bug has been present in Jest for some time, but that in combination with the changes in Node from v16.10 to v16.11 has made it much more severe. We're certain that bug exists in Jest, as we've managed to replicate it with a "dummy repo", as several other people have stated.

The fact that the ticket created in Node JS was closed as a WONTFIX is a bit worrying. I currently lack the knowledge to judge the discussions which happened there, but if that wasn't a bug at the end probably the solution falls on the Jest side.

After trying to extract as much information from the different GitHub issues that have been created in Jest, TS-Jest and Node, and trying several approaches, the only path for us was to downgrade back to Node v16.10.

These are some of the statistics we gathered in the process:

Node @jest/core isolatedModules runInBand Comp. cache Initial H Final H H ratio Time
17.2.0 27.3.1 true true true 133 MB 2236 MB ~33 MB 144 s
16.13.0 27.3.1 true true true 131 MB 2220 MB ~30 MB 130 s
16.13.0 27.3.1 true true false 126 MB 1712 MB ~25 MB 113 s
16.13.0 27.3.1 false true true 287 MB 2393 MB ~30 MB 140 s
16.10.0 27.3.1 true true true 123 MB 790 MB ~10 MB 77 s
16.10.0 27.3.1 true true false 118 MB 1676 MB ~25 MB 110 s
16.10.0 27.3.1 false true true 280 MB 952 MB ~10 MB 90 s

Some explanations about the columns:

  • Node: version of NodeJS
  • @jest/core: version of the Jest core
  • isolatedModules: the setting defined via jest.config.json
  • runInBand: specified by the --runInBand Jest flag
  • Comp. cache: specified by the NodeJS --no-compilation-cache flag
  • Initial H: heap size after running the first test
  • Final H: heap size after running the last test
  • H ratio: heap size increase after each test
  • Time: time the whole suite needed to run

The most relevant tickets related to this matter:

We hope this issue is given the importance it deserves, as keeping the Node version pinned to v16.10 or relying on bigger CI machines to compensate this is a poor strategy for the future.

@lukeapage
Copy link
Contributor

@amiedes it looks to me like the v8 bug was closed as won’t fix but the nodejs bug is still open.

I’m just a interested spectator and don’t have a 100% understanding but it seems to me like no one has indicated a belief this is a jest bug.

@pustovalov
Copy link

@amiedes can you try to run jest in this way?

node --expose-gc --trace_gc --max-old-space-size=700 ./node_modules/.bin/jest app/javascript --runInBand --logHeapUsage > log/jest_memory_usage.log

@xereda
Copy link

xereda commented Oct 26, 2023

Can confirm: 21.1.0 means we can finally run our massive jest -i database test suite again (previously we had to split it into 4 separate runs to avoid running out of RAM). Total execution time is down from 2m12 for the four split test suites to 1m33 for running the entire lot. Huge thanks to everyone involved, and we'd love to see this backported to Node 20 (and ideally Node 18) so we don't have to split the runs in CI any more. Thanks again ❤️

What is the "-i" parameter for? There is no such parameter in the Jest documentation.

@uladzimirdev
Copy link

What is the "-i" parameter for?

https://jestjs.io/docs/cli#--runinband

@l0gicgate
Copy link

l0gicgate commented Oct 26, 2023

This addressed our issue as well with Jest constantly using more memory between tests. Unfortunately could not use workerIdleMemoryLimit setting as our runners are using Linux where memory isn't reported correctly.

I'm curious as to what the fix is, I've looked at the release and cannot find the commit that addresses this. It should be way more notable in the release notes that this was fixed

https://nodejs.org/en/blog/release/v21.1.0

Either way, very thankful this has been addressed after 2 years. Hoping for a backport to 20 and 18. We need this fix in an LTS version.

@joyeecheung
Copy link

joyeecheung commented Oct 27, 2023

I'm curious as to what the fix is, I've looked at the release and cannot find the commit that addresses this. It should be way more notable in the release notes that this was fixed

The commits that fixed it are in the vm: fix V8 compilation cache support for vm.Script part in that blog post, where Jest was also mentioned, though it may not be immediately obvious why. I think the issues described from the Jest side are multi-faceted and as #11956 (comment) mentioned this only mitigated the regressions for pure CJS compilation (i.e. regression comes back when there's actual import() or --experimental-vm-modules).

To summarize, the regression was introduced when Node.js implemented the importModuleDynamically option back in v16, to retrieve this option when import() is called within the script compiled, Node.js needs to set a host-defined option for this script. Previously, when V8 re-compiled a script that it has seen before, it could do a quick lookup on an internal table and return the script that's already compiled, making subsequent compilation almost free. The introduction of host-defined options resulted in cache misses, because in the implementation of Node.js up until not long ago, this option was different for every script compiled. The cache miss not only resulted in a performance regression (then V8 had to compile the previously-seen scripts from scratch every time), but could also contribute to higher memory usage (every script subsequently compiled is cached again with a slightly different option even though the source code remains the same). There was also another source of memory leak coming from how the scripts are managed within Node.js. To fix the issues, we worked around the problem in Node.js by:

  1. Rework the memory management of the scripts and host-defined options in module: rework of memory management in vm APIs with the importModuleDynamically option nodejs/node#48510 which needed additional V8 API support that we upstreamed (see the PR for a detailed write-up of what was happening)
  2. Use a constant host-defined option as the default when importModuleDynamically isn't configured vm: use default host-defined options when importModuleDynamically is not set nodejs/node#49950 - and because it's a constant for all scripts compiled without this option, the cache can be hit again in this case. However, this would still require some changes from Jest's side, so we did 3.
  3. For Jest's use case, where importModuleDynamically is always configured but will throw a warning when --experimental-vm-modules isn't set (because then you can't actually do anything useful with that option anyway), we use another constant option to throw a built-in warning that serve the same purpose in vm: reject in importModuleDynamically without --experimental-vm-modules nodejs/node#50137, which finally leads to automatic fix of this issue in v21.1.0 without further changes from Jest's side.

So the issues are only mitigated, but not yet fully fixed - it comes back when --experimental-vm-modules is used. See nodejs/node#35375 (comment) about remaining issues & ideas about how they can be fixed/worked around, so it's still work in progress.

thomasridd added a commit to ministryofjustice/hmpps-authorization that referenced this issue Nov 2, 2023
* Initial commit

* Alee/init (#1)

* Initial commit

* 🎉 Initial drop of code

* 🎨 Small tidy up

* Adding circle build and updating node to v14

* Adding helm config

* Fix wiremock port and update package.json

Co-authored-by: Jon Brighton <brightonsbox@hotmail.com>
Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>

* Fixing docker image (#2)

* Fix secret name (#3)

* Correcting variable names and removing unnecessary ones (#4)

* Fixing variable name (#5)

* Removing trailing slashes from env vars (#6)

* Fix hostname (#7)

* Update dependencies (#8)

* Update dependencies

Also move to use declaration overrides for describing additional possible fields in session data

Also removing/moving unnecessary prod dependencies

Moving jest tests to run in parallel

* Fix types for user

* Do not allow any warnings

* Correcting test results path

* Reducing docker image size (#9)

Also
* Update dependencies
* Adopt standard github gitignore for node projects
* Using body typography

* Add rename script (#10)

* Add rename script

* PR reviews

* Removing unused vars

* Alee/decoupling auth client from redis (#11)

* Decoupling auth client from redis impl

* Update to latest hmpps orb version (#12)

* Fixing build-info.json placement (#13)

* Convert to arrow functions in utils (#14)

* Convert to arrow functions in utils

* Remove returns and fix prettier issues

* Make the use of logger naming consistent (#15)

* Adding outdated job (#16)

* Adding outdated job

* Updating dependencies

* Removing patch to minor version

* Updating dependencies (#17)

* Moving to enable no-implicit-any (#18)

* DT-1659: 🔨 Remove helm copying secrets from AWS (#19)

* Adding moj design system (#20)

* Add new veracode scan for schedueled workflow (#21)

* Add new veracode scan for schedueled workflow

* Re-add - check_outdated job

* Removing deprecated body parser (#22)

* DT-1627: 📄 Update license with correct year (#23)

* Added missing ping endpoint as used by Kubernetes for liveliness probe (#24)

* DT-2012 - upgrade hmpps orb, and add veracode policy scan job. (#25)

* Use generic-service and generic-prometheus-alerts charts (#26)

* Updating dependencies and adding slack notifications to outdated checks (#27)

* Updating dependencies and adding slack notifications to outdated checks

* Add slack orb

* Moving to group middleware into related modules, following the pattern established in prison staff hub (#28)

* Fix the slack notification on `check_outdated` (#30)

* Ensure that the `SLACK_ACCESS_TOKEN` env var is set for `check_outdated`

As the final step (on fail) is a slack notification we need to use a context containing the variable.

* Refactor the channel for alerts into parameters

This establishes a reusable pattern in case consumers wish to notify slack on other jobs.

* Updating node dependencies (#31)

* Fixing configuration of security audit (#32)

The "medium" configuration was not an acceptable term, should be one of
"info", "low", "moderate", "high" or "critical". This meant that it
would not pick up on anything!

* Alee/update dependencies (#33)

* Updating dependencies and node

* Use parameterised slack channel rather than default of typescript alerts channel

* Extracting out executor

* DT-2166 - add trivy image scanning job (#35)

* Fix trivy scan job slack notifications channel (#36)

* Use node executor and parameterise the version (#34)

* WFP-322 use the hmpps/node executor to build

* WFP-322 parameterise the node version in the executor

* WFP-322 use node version parameter in integration test image

* WFP-322 integration tests use new node_redis executor

Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* Deploy template project to template k8s namespace (#37)

* Deploy template project to template k8s namespace

* DT-2260 - update to latest circleci orb and chart dependencies (#38)

* Updating dependencies and improving README (#39)

* DT-2282: ⬆️ Fix veracode policy scan (#40)

* Moving cypress tests to typescript (#41)

* DT-2404: 💄 Switch to sign in / out instead of login / out (#42)

* DT-2404: 💄 Switch to sign in / out instead of login / out

* DT-2404: 💄 Don't need .gitignore for husky any more

* DT-2404: ✅ Run tests automatically on commit (#43)

* Update dependencies (#44)

* DT-2297 - Veracode - switch to daily pipeline scan (results in circleci), and weekly policy scan (upload to veracode portal). (#45)

* DT-2297- randomise timing of circleci security workflow due to rate limiting at veracode. (#47)

* update typescript (#48)

* Fixing docker caching apt-get layer (#49)

* Fix docker build failing, and reduce image size (#50)

* Remove use of semi colons before arrays (#51)

* Remove use of semi-colons before arrays

* Fix typos in README

* WFP-610 update to npmv7 and fix some audit (#52)

* WFP-610 update to npm 7

* WFP-610 update outdated dependencies

* WFP-610 fixed some audit vulnerabilities

* WFP-610 updated passport-oauth2

* WFP-610 upgrade to jest-junit 13 to bring in new ansi-regex (#54)

* Upgrading dependencies (#55)

* FIXBUILD: update ansi-regex subdependency (#56)

* DT-2702: 🔨 Use new generic service configuration (#57)

* Update dependencies (#58)

* Moving to use HMPPS header (#59)

* Moving to use HMPPS header

* Removing explicit reference to DPS

* Fix path of unit test results that are uploaded as artifacts (#60)

and properly indent "build" job (jobs should be an array of [name] to dictionary)

Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>

* DT-2814: 🐛 Fix cron timings for veracode (#61)

* NN-3747 fixing json structure for the stubUserRoles call and populating the user directly and not from the request because passport isn't in the test stack (#62)

* Bumping node version (#63)

Also fixing open handle in test and bumping dependencies

* DT-2796: 🔨 Migrate dev to live context (#64)

* Update dependencies and move to NPM v8 (#65)

* Upgrading dependencies (#66)

* Update modules and remove express-request-id (#67)

* INC-163 Timeout Fix - Correctly sets the timeout for a HttpAgent (#69)

* ⬆️ update dependencies and 💄add no-only-tests linting rule for cypress (#70)

* ⬆️ update dependencies

* 💄Add no-only-tests linting rule for cypress

* SDI-60: 🔨 Add global protect and petty france to allowlists (#71)

* Update dependencies (#72)

* DCS-1442 jquery-ui.css coep fix (#73)

* Fixing docker caching issue (#74)

Need to refer to build args before calling apt-get upgrade otherwise the set of packages are cached and not upgraded. Docker cannot cache anything in layers after a dynamic variable has been used

Also bumping version of node and fixing test compilation issue

* Setup prometheus metrics by default. (#75)

This change sets up prometheus metrics to be available on port 3001, and
with the helm chart changes they will automatically get scraped and be
available for alerts and dashboards in grafana.

The added metrics include:

- General nodejs stats: memory use, gc etc
- HTTP server requests: counters and timings of all served HTTP requests
  by the app.
- HTTP client requests: counters and timings of all HTTP requests to
  other upstream APIs (as long as they are based off `restClient.ts`).
- Upstream healthchecks: guages recording the status/health of each
  upstream service when the healthcheck is tested.

This is all backported from the `manage-recalls-ui` app, please let me
know what you think. :)

* Bump minimist from 1.2.5 to 1.2.6 (#76)

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update dependencies (#77)

* Audit fix (#79)

* NN-4060: App Insights only works with bunyan v1 (#80)

Co-authored-by: sp-watson <steve.watson@digital,justice.gov.uk>

* Update orb and dependencies (#82)

* Stop metrics test from hitting a real service and occasionally timing out (#81)

Co-authored-by: Jon Wyatt <>
Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* SDI-181: 🔧 Add jira notifications for new projects (#83)

* Adding better redis error handling (#84)

* SDI-181: 🔧 Use new cimg redis executor (#85)

* SDI-181: 🔧 Use new cimg redis executor

* SDI-181: 🔧 Improve docker ignore and use released orb instead

* SDI-181: ⬆️ Bump node minor version

* SLM-245 Restore cache prior to running up the app for the integration tests (#86)

This caused an issue with our build where we received a segmentation fault as soon as the integration tests called the node app. Segmentation faults generally indicate an issue with one of the native C/C++ modules and it appears that one of these modules was relying on something we have stashed in the cache.

* SDI-88: 🚨 Fix querystring warning (#87)

* SDI-88: 🚨 Fix querystring warning

* SDI-88: 🚨 Second attempt to querystring warning

* SDI-88: 🐛 Fix cookie session down as a dependency (#88)

* SDI-88: ♻️  Tidy up mocks and switch to multiplatform builds (#89)

* Allow async get to take an array of strings for paths like original get method (#90)

* SDI-182: ✨ Switch to using connection string instead (#91)

* Update README.md (#92)

* SDI-88: ✅ Add token verification integration tests (#94)

* Minor "code smell" fixes suggested by Sonar Cloud (#95)

* INC-567: Remove unnecessary type assertions

* INC-567: Return resolved promise directly

* SDI-211: 🔒️ Bump versions to fix security issues and cope with passport major upgrade (#96)

* Updating dependencies (#97)

* SDI-211: 🎨 Enforce trailing comma on functions too (#98)

* SDI-211: 🎨 Enforce arrow parens (#99)

* Bump dependencies (#100)

* SDI-218: ⬆  Upgrade cypress to v10 (#101)

* ⬆️ Update dependencies (#102)

* Ignore false positive around nodemon (#103)

* Ignore false positive around nodemon

* Manage version of audit ci and provide full path to ignored dependency

* Updating dependencies (#104)

* Update dependencies (#105)

* Create services container (#106)

This allows passing through a container of wired up services through to route

This approach has been used for the dps-shared and farsight projects and it leads to a testing approach that scales more naturally. Means you can pass through the services through to where they are needed and this can grow without changes propagating through the application

Also extracted standard router into standalone middleware as the current approach relies on mutation and encourages making multiple copies of it.

* SDI-265: ♻️  Minor improvements (#107)

* SDI-265: 🚨 Add lint check for only (#108)

* Update Jest to v28 and minor dependency updates (#109)

* Remove duplicate <main> elements (#110)

The govuk/template.njk which the layout.njk extends which these files use already includes a <main> element

According to the HTML spec there should only be one <main> element present in the document at a time

* Bumping dependencies and fixing page width (#111)

* Bumping dependencies and fixing page width

There seems to be a lot of variability in page width so going with something that seems most popular in HMPPS

* Run tests in band

Partially to fix tests hanging in circle, but also as test seems to run almost twice as fast (after clearing cache)

* Add a `cspNonce` to the webSecurity setup (#112)

Based on what I’ve seen elsewhere, this seems to now be a common
approach to allow us to inline scripts, see:

https://content-security-policy.com/nonce

The GOV.UK frontend has now been updated to support the use of the
`cspNonce` local - see:

 alphagov/govuk-frontend@2e40d74

So we no longer need to add the inline hash, which is vulnerable to if
the code in the frontend template is changed.

I’ve also removed the domain-specific overrides for jQuery scripts and
styles, as we can use the nonce for this too.

* Update dependencies 2022-08-22 (#113)

* Update dependencies to fix check outdated flagging typescript (#114)

* Update dependencies 2022-09-09 (#115)

* Speeding up jest tests (#116)

This speeds up the running of jest tests by enabling isolatedModules
which has the effect of [disabling typechecking](https://kulshekhar.github.io/ts-jest/docs/getting-started/options/isolatedModules)

It also drastically reduces memory usage, allowing for running tests in
parallel locally at least.

On my laptop this reduces the time to run the tests in this project from
~14 seconds to ~4 seconds. On larger projects the effect is much more pronounced,
welcome-people-to-prison reduces build time from ~2mins, 20 seconds to ~25
seconds. In circle we still need to run in band but this is still
significantly faster than before, in WPIP it reduces the build by over 1 min.

Type checking is still available in the IDE, it is also part of the
husky pre-commit hook and run by circle as part of the build, so the
risk of type errors slipping through are very small.

(We could possibly add a typechecking stage before running jest and it
would still be much faster but not adding unless it becomes apparent
that we need it )

It would be worth to re-assess this after jest 29 as there seems to be
some fixes around a [memory issue](jestjs/jest#11956) that is part of node in versions
> 16.10

NB: This will not work if type declaration (`d.ts`) files contain enums
or any other constructs that generate javascript code. This seems to be
a bit of an anti-pattern anyway (see [here](https://lukasbehal.com/2017-05-22-enums-in-declaration-files/)).
Other tooling such as cypress will only allow you to import
types from these files.

* Removing colour from logs in production mode (#117)

* Move ingress (#118)

* Move ingress

* CHange generic service to latest

* SDI-345: ⬆️  Upgrade node and cypress (#119)

* SDI-345: ⬆️  Upgrade node and cypress

* SDI-345: ⬆️  Actually upgrade cypress

* Fixing logging (#120)

There was an issue where we weren't sending trace info to app insights.
This is because appInsights needs to be imported before bunyan is
imported so it can do its instrumentation magic.

There was a related issue that obscured this. It was previously
impossible to test app insights locally as dotenv wasn't set up
correctly - it needed to happen before app insights is imported or app
insights would prevent the app starting up.

So this moves dotenv to dev dependencies and preloads it before running the app via start:dev.

This removes some code that is only relevant for local development.
It also means the application runs similar locally to how it would run
in docker or kubernetes - it just expects the environment variables to
be present.

Also moving the app insights import so it's very apparent that it's the first thing that happens when the app starts.

* Update dependencies 2022-09-28 (#121)

* ⬆️Upgrade to latest helm chart versions (#122)

* Adding badges (#123)

* Adding badges

* Update README.md

* Updating node to v18 (#124)

* Set helm timeout to 5 minutes (#125)

* Use official redis image for docker-compose (#126)

Which is suitable for arm64 and consistent with docker-compose-test which was updated with ministryofjustice/hmpps-template-typescript#89

* Update Helm config to match Kotlin template (#127)

* Update dependencies 2022-11-15 (#128)

* Update dependencies 2022-11-16 (#129)

* Update node images (#130)

* SDI-476: ⬆  Bump versions (#131)

* Update dependencies 2022-12-08 (#132)

* Update dependencies 2022-12-19 (#133)

* Bump jsonwebtoken from 8.5.1 to 9.0.0 (#136)

Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0.
- [Release notes](https://github.com/auth0/node-jsonwebtoken/releases)
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix conflicting prettier / eslint rule (#135)

In eslint, we ask for a trailing comma, while the prettier rules are set
to `es5`. This causes issues if you have your IDE set up to fix on save,
as one linter kicks in before the other, causing conflicting fixes.

Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* SDI-523: 🔒️ Fix / ignoresecurity issues (#138)

* HEAT-41: use npm outdated job from HMPPS Orb; update other dependencies (#139)

* Update dependencies 2023-01-24 (#140)

* Update dependencies 2023-01-31 (#141)

* Update dependencies 2023-02-01 (#142)

* Configure Renovate (#144)

* Add renovate.json

* HEAT-52: source Renovate config from shared HMPPS repo

* HEAT-52: tweak dependencies pinned by Renovate

Inherit the ones from https://github.com/ministryofjustice/hmpps-renovate-config/blob/main/node.json

* HEAT-52: manually bump Slack Orb as Renovate was complaining 'Can't find version matching 4.4.2 for slack'

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update Helm release generic-service to v2.4.0 (#146)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update peter-evans/create-pull-request action to v4 (#148)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update actions/checkout action to v3 (#147)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add .nvmrc file, Prettier support for Nunjucks and use SCSS (#143)

* Add .nvmrc file with node version set to `18`
Update npm engine version to `^9`
Add `prettier-plugin-jinja-template` as dev dependency plus config
Refactor `.sass` files to `.scss` for consistency

* Add newline to .nvmrc

---------

Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Revert build_multiplatform_docker because it causes the build to take over an hour (#149)

See Slack discussion https://mojdt.slack.com/archives/C69NWE339/p1671529301455009?thread_ts=1671529075.740459&cid=C69NWE339

* Update dependency cypress to ^12.5.1 (#150)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-52: reduce the size of the PR body by specifying prBodyTemplate (#152)

This should help with GitHub integration in Slack

* Update all non major NPM dependencies (#151)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#153)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#155)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#156)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#159)

* Update all non major NPM dependencies

* Reduce Renovate stabilityDays so that it raises fewer PRs

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update Helm release generic-service to v2.5.0 (#161)

* Update Helm release generic-service to v2.5.0

* Drop generic-service params no longer required

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update node image and regenerate package-lock.json (#165)

* Update hmpps-orb to v7.2.1 (#166)

* Upgrade to connect-redis 7 and update other dependencies (#168)

* Upgrade to connect-redis 7 and update other dependencies

* Remove legacy mode

* Fix npm prune warning

* Upgrade to typescript 5 (#169)

* Add HMPPS Auth URL to form-action CSP string (#170)

Update the Content Security Policy to allow the HMPPS Auth URL as a possible form action target.

Currently, if a 403 error occurs on a GET request, this will be captured by the error handling setup in errorHandler.ts, and the user will be redirected to the sign out URL, which then redirects to the HMPPS Auth URL. However, if a 403 error occurs on a POST request, this second redirect may not occur, and the user may, depending on their choice of browser, be frozen on the form page they just submitted.

Due to CSP implementation details that vary between browsers, adding the HMPPS Auth URL to our form action targets allows this second redirect to occur as expected.

* Update TypeScript etc 2023-04-03 (#174)

* Removing unnecessary build (#172)

All 3 processes: tsc, sass and copy-views are run by concurrently at start up anyway

* Update dependencies 2023-04-12 (#177)

* SDIT-738: ⚡️ Cache static resources for 1 hour (#178)

* Update dependencies 2023-04-21 (#181)

* Fix security vuln 2023-04-25 (#183)

* Update Helm release generic-service to v2.6.2 (#182)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* SDIT-760: 🔧 Upgrade redis to 7 (#186)

* Update Helm release generic-service to v2.6.3 (#184)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Tie css cache to version of application (#188)

At the moment the cache is linked to the start up time of pod, so get unnecessary cache misses for each pod in the cluster and also when pods restart

This ties the cache to the git short hash of the deployment

* Fix version not appearing in application insights (#190)

* Fix version not appearing in application insights

This previously relied on running a shell script to generate a file with a json payload in it.

The code that read this file to extract out the version for the cache improvement and also setting the application version in app insights, was looking in the wrong location

There was another location that looked up the file and read in the details for the health endpoint which was looking in the right place

This change moves to reading the version and git reference into an env var in the docker file instead, which means we can centralise how this info is made available and remove the additional file management

This should be a safe fix as the build info file was previously being generated from the docker build anyway - so the file should be available

* Tidy up passing around application version

* Update Helm release generic-prometheus-alerts to v1.3.2 (#189)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add PreProd and Prod helm config (#193)

As per Kotlin Template https://github.com/ministryofjustice/hmpps-template-kotlin/tree/main/helm_deploy

* Update slack orb to v4.12.5 (#185)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update peter-evans/create-pull-request action to v5 (#175)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#176)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Node.js to v18.16 (#191)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependencies 2023-06-07 (#196)

* Do not retry POST requests by default (#197)

It doesn't really make sense to retry non-idempotent calls

Also moving sanitised error over to a real error rather than a object. Makes it a little bit easier to test these: 'expect(..).reject.throws' etc.. doesn't work if you don't have really errors

* Adding changelog (#198)

* Have `sanitisedError` always return an Error instance (#199)

… for the same reasons as explained in ministryofjustice/hmpps-template-typescript#197

* Update all non major NPM dependencies (#195)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#200)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix semver vuln (#202)

* Update govuk-frontend to 4.7.0 (#205)

* Update all non major NPM dependencies (#204)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-82: Add productId and /info endpoint (#212)

* HEAT-82: Add productId and /info endpoint

* Update README and default value

* Update values.yaml to point at README.md

* Update README with dev portal URL (#213)

* Update README with dev portal URL

* Fix URL

* Fix info endpoint test description (#214)

* Update CHANGELOG.md (#216)

* Fix linting, update modules, remove override (#219)

* Move /info to health check block (#220)

* Update dependencies 2023-09-05 (#226)

* Update dependencies 2023-09-05

* Fix node version

* Fix CircleCI workflows for cypress (#223)

* Persist compiled stylesheets to workspace so that integration tests can load styles properly
* Upload cypress screenshot and video artefacts from correct location

* Fix cypress config and remove some vestigial code (#228)

* Remove unused/vestigial integration test method
* Remove deleted cypress config option
* Update copyright date

* Update readme (#229)

* Update Helm release generic-prometheus-alerts to v1.3.3 (#224)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update redis Docker tag to v7.2 (#221)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Node.js to v18.18 (#230)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-106: Standardise endpoints (#231)

* HEAT-106: Standardise endpoints

* Fix e2e

* Correct response

* Update Dockerfile to pull through branch name

* Amend output checks for int tests

* Fix bugs and add Changelog

* SDIT-1088: ✨ Get components to always return status even if failed (#232)

* SDIT-1108: 🔧 Don't default build args (#233)

* SDIT-1108: 🔧 Don't default build args

* SDIT-1108: 🔧 Copy across args to env variables

* SDIT-1108: 🔧 Add in docker compose build args and missing env vars

* SDIT-1108: ♻️ Fix deprecated syntax version of ENV (#234)

* SDIT-1108: ✨ Add in environment name to header (#235)

* SDIT-1108: 📝 Add new environment name to changelog (#236)

* NON-270: Improve REST client (#238)

* Improve REST client typing information and add PATCH, PUT and DELETE methods allowing for query parameters as well as body payloads
* Propagate user types into `res.locals` in request handlers

* Update actions/checkout action to v4 (#225)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#210)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Helm release generic-service to v2.6.5 (#237)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependencies 2023-10-17 (#243)

* HAAR-1891: Update deprecated endpoints with new endpoints (#247)

* HAAR-1891: Update deprecated endpoints with new (manage users api) endpoints

* HAAR-1891: Update following PR comments

* HAAR-1891: Added MANAGE_USERS_API_URL values.

* HAAR-1891: Added MANAGE_USERS_API_URL values.

* Update renovate.json (#248)

…to prevent Node docker image from being updated beyond LTS

* Move to Node 20 plus minor updates (#249)

* Update CHANGELOG for node 20 change (#250)

* Update CHANGELOG for node 20 change

* Missed update link

* Update jwt-decode module to version 4.0.0 (#252)

* Update CHANGELOG.md (#253)

* Added changelog for PR #247 (#254)

* fix integration test

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>
Co-authored-by: Jon Brighton <brightonsbox@hotmail.com>
Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>
Co-authored-by: Matt <34448412+mattops@users.noreply.github.com>
Co-authored-by: Paul Solecki <51918433+psoleckimoj@users.noreply.github.com>
Co-authored-by: petergphillips <peter@greenthistle.co.uk>
Co-authored-by: Andy Marke <andy.marke@digital.justice.gov.uk>
Co-authored-by: Darren Oakley <darren.oakley@digital.justice.gov.uk>
Co-authored-by: markreesmoj <76954782+markreesmoj@users.noreply.github.com>
Co-authored-by: Connor Glynn <66882795+connormaglynn@users.noreply.github.com>
Co-authored-by: Gareth.m.Davies <gareth.davies@digital.justice.gov.uk>
Co-authored-by: ushkarev <ushkarev@users.noreply.github.com>
Co-authored-by: richardpopple <richard.popple@digital.justice.gov.uk>
Co-authored-by: Michael Willis <michael.willis@digital.justice.gov.uk>
Co-authored-by: Louise N <louise.norris@digital.justice.gov.uk>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: sp-watson <77974320+sp-watson@users.noreply.github.com>
Co-authored-by: sp-watson <steve.watson@digital,justice.gov.uk>
Co-authored-by: Jon Wyatt <jonnywyatt2@gmail.com>
Co-authored-by: Mike Halma <58170926+mikehalmamoj@users.noreply.github.com>
Co-authored-by: Richard James <44123869+richpjames@users.noreply.github.com>
Co-authored-by: Stuart Harrison <pezholio@gmail.com>
Co-authored-by: Neil Mendum <nmendum@gmail.com>
Co-authored-by: carlov20 <carlov20@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: David Middleton <122619525+davidmiddletonmoj@users.noreply.github.com>
Co-authored-by: Gareth.m.Davies <gareth.m.davies@gmail.com>
Co-authored-by: bryangaledxw <94137563+bryangaledxw@users.noreply.github.com>
Co-authored-by: ravmoj <104509282+ravmoj@users.noreply.github.com>
simon-mitchell pushed a commit to ministryofjustice/hmpps-authorization that referenced this issue Nov 8, 2023
* Initial commit

* Alee/init (#1)

* Initial commit

* 🎉 Initial drop of code

* 🎨 Small tidy up

* Adding circle build and updating node to v14

* Adding helm config

* Fix wiremock port and update package.json

Co-authored-by: Jon Brighton <brightonsbox@hotmail.com>
Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>

* Fixing docker image (#2)

* Fix secret name (#3)

* Correcting variable names and removing unnecessary ones (#4)

* Fixing variable name (#5)

* Removing trailing slashes from env vars (#6)

* Fix hostname (#7)

* Update dependencies (#8)

* Update dependencies

Also move to use declaration overrides for describing additional possible fields in session data

Also removing/moving unnecessary prod dependencies

Moving jest tests to run in parallel

* Fix types for user

* Do not allow any warnings

* Correcting test results path

* Reducing docker image size (#9)

Also
* Update dependencies
* Adopt standard github gitignore for node projects
* Using body typography

* Add rename script (#10)

* Add rename script

* PR reviews

* Removing unused vars

* Alee/decoupling auth client from redis (#11)

* Decoupling auth client from redis impl

* Update to latest hmpps orb version (#12)

* Fixing build-info.json placement (#13)

* Convert to arrow functions in utils (#14)

* Convert to arrow functions in utils

* Remove returns and fix prettier issues

* Make the use of logger naming consistent (#15)

* Adding outdated job (#16)

* Adding outdated job

* Updating dependencies

* Removing patch to minor version

* Updating dependencies (#17)

* Moving to enable no-implicit-any (#18)

* DT-1659: 🔨 Remove helm copying secrets from AWS (#19)

* Adding moj design system (#20)

* Add new veracode scan for schedueled workflow (#21)

* Add new veracode scan for schedueled workflow

* Re-add - check_outdated job

* Removing deprecated body parser (#22)

* DT-1627: 📄 Update license with correct year (#23)

* Added missing ping endpoint as used by Kubernetes for liveliness probe (#24)

* DT-2012 - upgrade hmpps orb, and add veracode policy scan job. (#25)

* Use generic-service and generic-prometheus-alerts charts (#26)

* Updating dependencies and adding slack notifications to outdated checks (#27)

* Updating dependencies and adding slack notifications to outdated checks

* Add slack orb

* Moving to group middleware into related modules, following the pattern established in prison staff hub (#28)

* Fix the slack notification on `check_outdated` (#30)

* Ensure that the `SLACK_ACCESS_TOKEN` env var is set for `check_outdated`

As the final step (on fail) is a slack notification we need to use a context containing the variable.

* Refactor the channel for alerts into parameters

This establishes a reusable pattern in case consumers wish to notify slack on other jobs.

* Updating node dependencies (#31)

* Fixing configuration of security audit (#32)

The "medium" configuration was not an acceptable term, should be one of
"info", "low", "moderate", "high" or "critical". This meant that it
would not pick up on anything!

* Alee/update dependencies (#33)

* Updating dependencies and node

* Use parameterised slack channel rather than default of typescript alerts channel

* Extracting out executor

* DT-2166 - add trivy image scanning job (#35)

* Fix trivy scan job slack notifications channel (#36)

* Use node executor and parameterise the version (#34)

* WFP-322 use the hmpps/node executor to build

* WFP-322 parameterise the node version in the executor

* WFP-322 use node version parameter in integration test image

* WFP-322 integration tests use new node_redis executor

Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* Deploy template project to template k8s namespace (#37)

* Deploy template project to template k8s namespace

* DT-2260 - update to latest circleci orb and chart dependencies (#38)

* Updating dependencies and improving README (#39)

* DT-2282: ⬆️ Fix veracode policy scan (#40)

* Moving cypress tests to typescript (#41)

* DT-2404: 💄 Switch to sign in / out instead of login / out (#42)

* DT-2404: 💄 Switch to sign in / out instead of login / out

* DT-2404: 💄 Don't need .gitignore for husky any more

* DT-2404: ✅ Run tests automatically on commit (#43)

* Update dependencies (#44)

* DT-2297 - Veracode - switch to daily pipeline scan (results in circleci), and weekly policy scan (upload to veracode portal). (#45)

* DT-2297- randomise timing of circleci security workflow due to rate limiting at veracode. (#47)

* update typescript (#48)

* Fixing docker caching apt-get layer (#49)

* Fix docker build failing, and reduce image size (#50)

* Remove use of semi colons before arrays (#51)

* Remove use of semi-colons before arrays

* Fix typos in README

* WFP-610 update to npmv7 and fix some audit (#52)

* WFP-610 update to npm 7

* WFP-610 update outdated dependencies

* WFP-610 fixed some audit vulnerabilities

* WFP-610 updated passport-oauth2

* WFP-610 upgrade to jest-junit 13 to bring in new ansi-regex (#54)

* Upgrading dependencies (#55)

* FIXBUILD: update ansi-regex subdependency (#56)

* DT-2702: 🔨 Use new generic service configuration (#57)

* Update dependencies (#58)

* Moving to use HMPPS header (#59)

* Moving to use HMPPS header

* Removing explicit reference to DPS

* Fix path of unit test results that are uploaded as artifacts (#60)

and properly indent "build" job (jobs should be an array of [name] to dictionary)

Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>

* DT-2814: 🐛 Fix cron timings for veracode (#61)

* NN-3747 fixing json structure for the stubUserRoles call and populating the user directly and not from the request because passport isn't in the test stack (#62)

* Bumping node version (#63)

Also fixing open handle in test and bumping dependencies

* DT-2796: 🔨 Migrate dev to live context (#64)

* Update dependencies and move to NPM v8 (#65)

* Upgrading dependencies (#66)

* Update modules and remove express-request-id (#67)

* INC-163 Timeout Fix - Correctly sets the timeout for a HttpAgent (#69)

* ⬆️ update dependencies and 💄add no-only-tests linting rule for cypress (#70)

* ⬆️ update dependencies

* 💄Add no-only-tests linting rule for cypress

* SDI-60: 🔨 Add global protect and petty france to allowlists (#71)

* Update dependencies (#72)

* DCS-1442 jquery-ui.css coep fix (#73)

* Fixing docker caching issue (#74)

Need to refer to build args before calling apt-get upgrade otherwise the set of packages are cached and not upgraded. Docker cannot cache anything in layers after a dynamic variable has been used

Also bumping version of node and fixing test compilation issue

* Setup prometheus metrics by default. (#75)

This change sets up prometheus metrics to be available on port 3001, and
with the helm chart changes they will automatically get scraped and be
available for alerts and dashboards in grafana.

The added metrics include:

- General nodejs stats: memory use, gc etc
- HTTP server requests: counters and timings of all served HTTP requests
  by the app.
- HTTP client requests: counters and timings of all HTTP requests to
  other upstream APIs (as long as they are based off `restClient.ts`).
- Upstream healthchecks: guages recording the status/health of each
  upstream service when the healthcheck is tested.

This is all backported from the `manage-recalls-ui` app, please let me
know what you think. :)

* Bump minimist from 1.2.5 to 1.2.6 (#76)

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update dependencies (#77)

* Audit fix (#79)

* NN-4060: App Insights only works with bunyan v1 (#80)

Co-authored-by: sp-watson <steve.watson@digital,justice.gov.uk>

* Update orb and dependencies (#82)

* Stop metrics test from hitting a real service and occasionally timing out (#81)

Co-authored-by: Jon Wyatt <>
Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* SDI-181: 🔧 Add jira notifications for new projects (#83)

* Adding better redis error handling (#84)

* SDI-181: 🔧 Use new cimg redis executor (#85)

* SDI-181: 🔧 Use new cimg redis executor

* SDI-181: 🔧 Improve docker ignore and use released orb instead

* SDI-181: ⬆️ Bump node minor version

* SLM-245 Restore cache prior to running up the app for the integration tests (#86)

This caused an issue with our build where we received a segmentation fault as soon as the integration tests called the node app. Segmentation faults generally indicate an issue with one of the native C/C++ modules and it appears that one of these modules was relying on something we have stashed in the cache.

* SDI-88: 🚨 Fix querystring warning (#87)

* SDI-88: 🚨 Fix querystring warning

* SDI-88: 🚨 Second attempt to querystring warning

* SDI-88: 🐛 Fix cookie session down as a dependency (#88)

* SDI-88: ♻️  Tidy up mocks and switch to multiplatform builds (#89)

* Allow async get to take an array of strings for paths like original get method (#90)

* SDI-182: ✨ Switch to using connection string instead (#91)

* Update README.md (#92)

* SDI-88: ✅ Add token verification integration tests (#94)

* Minor "code smell" fixes suggested by Sonar Cloud (#95)

* INC-567: Remove unnecessary type assertions

* INC-567: Return resolved promise directly

* SDI-211: 🔒️ Bump versions to fix security issues and cope with passport major upgrade (#96)

* Updating dependencies (#97)

* SDI-211: 🎨 Enforce trailing comma on functions too (#98)

* SDI-211: 🎨 Enforce arrow parens (#99)

* Bump dependencies (#100)

* SDI-218: ⬆  Upgrade cypress to v10 (#101)

* ⬆️ Update dependencies (#102)

* Ignore false positive around nodemon (#103)

* Ignore false positive around nodemon

* Manage version of audit ci and provide full path to ignored dependency

* Updating dependencies (#104)

* Update dependencies (#105)

* Create services container (#106)

This allows passing through a container of wired up services through to route

This approach has been used for the dps-shared and farsight projects and it leads to a testing approach that scales more naturally. Means you can pass through the services through to where they are needed and this can grow without changes propagating through the application

Also extracted standard router into standalone middleware as the current approach relies on mutation and encourages making multiple copies of it.

* SDI-265: ♻️  Minor improvements (#107)

* SDI-265: 🚨 Add lint check for only (#108)

* Update Jest to v28 and minor dependency updates (#109)

* Remove duplicate <main> elements (#110)

The govuk/template.njk which the layout.njk extends which these files use already includes a <main> element

According to the HTML spec there should only be one <main> element present in the document at a time

* Bumping dependencies and fixing page width (#111)

* Bumping dependencies and fixing page width

There seems to be a lot of variability in page width so going with something that seems most popular in HMPPS

* Run tests in band

Partially to fix tests hanging in circle, but also as test seems to run almost twice as fast (after clearing cache)

* Add a `cspNonce` to the webSecurity setup (#112)

Based on what I’ve seen elsewhere, this seems to now be a common
approach to allow us to inline scripts, see:

https://content-security-policy.com/nonce

The GOV.UK frontend has now been updated to support the use of the
`cspNonce` local - see:

 alphagov/govuk-frontend@2e40d74

So we no longer need to add the inline hash, which is vulnerable to if
the code in the frontend template is changed.

I’ve also removed the domain-specific overrides for jQuery scripts and
styles, as we can use the nonce for this too.

* Update dependencies 2022-08-22 (#113)

* Update dependencies to fix check outdated flagging typescript (#114)

* Update dependencies 2022-09-09 (#115)

* Speeding up jest tests (#116)

This speeds up the running of jest tests by enabling isolatedModules
which has the effect of [disabling typechecking](https://kulshekhar.github.io/ts-jest/docs/getting-started/options/isolatedModules)

It also drastically reduces memory usage, allowing for running tests in
parallel locally at least.

On my laptop this reduces the time to run the tests in this project from
~14 seconds to ~4 seconds. On larger projects the effect is much more pronounced,
welcome-people-to-prison reduces build time from ~2mins, 20 seconds to ~25
seconds. In circle we still need to run in band but this is still
significantly faster than before, in WPIP it reduces the build by over 1 min.

Type checking is still available in the IDE, it is also part of the
husky pre-commit hook and run by circle as part of the build, so the
risk of type errors slipping through are very small.

(We could possibly add a typechecking stage before running jest and it
would still be much faster but not adding unless it becomes apparent
that we need it )

It would be worth to re-assess this after jest 29 as there seems to be
some fixes around a [memory issue](jestjs/jest#11956) that is part of node in versions
> 16.10

NB: This will not work if type declaration (`d.ts`) files contain enums
or any other constructs that generate javascript code. This seems to be
a bit of an anti-pattern anyway (see [here](https://lukasbehal.com/2017-05-22-enums-in-declaration-files/)).
Other tooling such as cypress will only allow you to import
types from these files.

* Removing colour from logs in production mode (#117)

* Move ingress (#118)

* Move ingress

* CHange generic service to latest

* SDI-345: ⬆️  Upgrade node and cypress (#119)

* SDI-345: ⬆️  Upgrade node and cypress

* SDI-345: ⬆️  Actually upgrade cypress

* Fixing logging (#120)

There was an issue where we weren't sending trace info to app insights.
This is because appInsights needs to be imported before bunyan is
imported so it can do its instrumentation magic.

There was a related issue that obscured this. It was previously
impossible to test app insights locally as dotenv wasn't set up
correctly - it needed to happen before app insights is imported or app
insights would prevent the app starting up.

So this moves dotenv to dev dependencies and preloads it before running the app via start:dev.

This removes some code that is only relevant for local development.
It also means the application runs similar locally to how it would run
in docker or kubernetes - it just expects the environment variables to
be present.

Also moving the app insights import so it's very apparent that it's the first thing that happens when the app starts.

* Update dependencies 2022-09-28 (#121)

* ⬆️Upgrade to latest helm chart versions (#122)

* Adding badges (#123)

* Adding badges

* Update README.md

* Updating node to v18 (#124)

* Set helm timeout to 5 minutes (#125)

* Use official redis image for docker-compose (#126)

Which is suitable for arm64 and consistent with docker-compose-test which was updated with ministryofjustice/hmpps-template-typescript#89

* Update Helm config to match Kotlin template (#127)

* Update dependencies 2022-11-15 (#128)

* Update dependencies 2022-11-16 (#129)

* Update node images (#130)

* SDI-476: ⬆  Bump versions (#131)

* Update dependencies 2022-12-08 (#132)

* Update dependencies 2022-12-19 (#133)

* Bump jsonwebtoken from 8.5.1 to 9.0.0 (#136)

Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0.
- [Release notes](https://github.com/auth0/node-jsonwebtoken/releases)
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix conflicting prettier / eslint rule (#135)

In eslint, we ask for a trailing comma, while the prettier rules are set
to `es5`. This causes issues if you have your IDE set up to fix on save,
as one linter kicks in before the other, causing conflicting fixes.

Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* SDI-523: 🔒️ Fix / ignoresecurity issues (#138)

* HEAT-41: use npm outdated job from HMPPS Orb; update other dependencies (#139)

* Update dependencies 2023-01-24 (#140)

* Update dependencies 2023-01-31 (#141)

* Update dependencies 2023-02-01 (#142)

* Configure Renovate (#144)

* Add renovate.json

* HEAT-52: source Renovate config from shared HMPPS repo

* HEAT-52: tweak dependencies pinned by Renovate

Inherit the ones from https://github.com/ministryofjustice/hmpps-renovate-config/blob/main/node.json

* HEAT-52: manually bump Slack Orb as Renovate was complaining 'Can't find version matching 4.4.2 for slack'

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update Helm release generic-service to v2.4.0 (#146)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update peter-evans/create-pull-request action to v4 (#148)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update actions/checkout action to v3 (#147)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add .nvmrc file, Prettier support for Nunjucks and use SCSS (#143)

* Add .nvmrc file with node version set to `18`
Update npm engine version to `^9`
Add `prettier-plugin-jinja-template` as dev dependency plus config
Refactor `.sass` files to `.scss` for consistency

* Add newline to .nvmrc

---------

Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Revert build_multiplatform_docker because it causes the build to take over an hour (#149)

See Slack discussion https://mojdt.slack.com/archives/C69NWE339/p1671529301455009?thread_ts=1671529075.740459&cid=C69NWE339

* Update dependency cypress to ^12.5.1 (#150)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-52: reduce the size of the PR body by specifying prBodyTemplate (#152)

This should help with GitHub integration in Slack

* Update all non major NPM dependencies (#151)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#153)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#155)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#156)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#159)

* Update all non major NPM dependencies

* Reduce Renovate stabilityDays so that it raises fewer PRs

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update Helm release generic-service to v2.5.0 (#161)

* Update Helm release generic-service to v2.5.0

* Drop generic-service params no longer required

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update node image and regenerate package-lock.json (#165)

* Update hmpps-orb to v7.2.1 (#166)

* Upgrade to connect-redis 7 and update other dependencies (#168)

* Upgrade to connect-redis 7 and update other dependencies

* Remove legacy mode

* Fix npm prune warning

* Upgrade to typescript 5 (#169)

* Add HMPPS Auth URL to form-action CSP string (#170)

Update the Content Security Policy to allow the HMPPS Auth URL as a possible form action target.

Currently, if a 403 error occurs on a GET request, this will be captured by the error handling setup in errorHandler.ts, and the user will be redirected to the sign out URL, which then redirects to the HMPPS Auth URL. However, if a 403 error occurs on a POST request, this second redirect may not occur, and the user may, depending on their choice of browser, be frozen on the form page they just submitted.

Due to CSP implementation details that vary between browsers, adding the HMPPS Auth URL to our form action targets allows this second redirect to occur as expected.

* Update TypeScript etc 2023-04-03 (#174)

* Removing unnecessary build (#172)

All 3 processes: tsc, sass and copy-views are run by concurrently at start up anyway

* Update dependencies 2023-04-12 (#177)

* SDIT-738: ⚡️ Cache static resources for 1 hour (#178)

* Update dependencies 2023-04-21 (#181)

* Fix security vuln 2023-04-25 (#183)

* Update Helm release generic-service to v2.6.2 (#182)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* SDIT-760: 🔧 Upgrade redis to 7 (#186)

* Update Helm release generic-service to v2.6.3 (#184)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Tie css cache to version of application (#188)

At the moment the cache is linked to the start up time of pod, so get unnecessary cache misses for each pod in the cluster and also when pods restart

This ties the cache to the git short hash of the deployment

* Fix version not appearing in application insights (#190)

* Fix version not appearing in application insights

This previously relied on running a shell script to generate a file with a json payload in it.

The code that read this file to extract out the version for the cache improvement and also setting the application version in app insights, was looking in the wrong location

There was another location that looked up the file and read in the details for the health endpoint which was looking in the right place

This change moves to reading the version and git reference into an env var in the docker file instead, which means we can centralise how this info is made available and remove the additional file management

This should be a safe fix as the build info file was previously being generated from the docker build anyway - so the file should be available

* Tidy up passing around application version

* Update Helm release generic-prometheus-alerts to v1.3.2 (#189)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add PreProd and Prod helm config (#193)

As per Kotlin Template https://github.com/ministryofjustice/hmpps-template-kotlin/tree/main/helm_deploy

* Update slack orb to v4.12.5 (#185)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update peter-evans/create-pull-request action to v5 (#175)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#176)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Node.js to v18.16 (#191)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependencies 2023-06-07 (#196)

* Do not retry POST requests by default (#197)

It doesn't really make sense to retry non-idempotent calls

Also moving sanitised error over to a real error rather than a object. Makes it a little bit easier to test these: 'expect(..).reject.throws' etc.. doesn't work if you don't have really errors

* Adding changelog (#198)

* Have `sanitisedError` always return an Error instance (#199)

… for the same reasons as explained in ministryofjustice/hmpps-template-typescript#197

* Update all non major NPM dependencies (#195)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#200)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix semver vuln (#202)

* Update govuk-frontend to 4.7.0 (#205)

* Update all non major NPM dependencies (#204)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-82: Add productId and /info endpoint (#212)

* HEAT-82: Add productId and /info endpoint

* Update README and default value

* Update values.yaml to point at README.md

* Update README with dev portal URL (#213)

* Update README with dev portal URL

* Fix URL

* Fix info endpoint test description (#214)

* Update CHANGELOG.md (#216)

* Fix linting, update modules, remove override (#219)

* Move /info to health check block (#220)

* Update dependencies 2023-09-05 (#226)

* Update dependencies 2023-09-05

* Fix node version

* Fix CircleCI workflows for cypress (#223)

* Persist compiled stylesheets to workspace so that integration tests can load styles properly
* Upload cypress screenshot and video artefacts from correct location

* Fix cypress config and remove some vestigial code (#228)

* Remove unused/vestigial integration test method
* Remove deleted cypress config option
* Update copyright date

* Update readme (#229)

* Update Helm release generic-prometheus-alerts to v1.3.3 (#224)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update redis Docker tag to v7.2 (#221)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Node.js to v18.18 (#230)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-106: Standardise endpoints (#231)

* HEAT-106: Standardise endpoints

* Fix e2e

* Correct response

* Update Dockerfile to pull through branch name

* Amend output checks for int tests

* Fix bugs and add Changelog

* SDIT-1088: ✨ Get components to always return status even if failed (#232)

* SDIT-1108: 🔧 Don't default build args (#233)

* SDIT-1108: 🔧 Don't default build args

* SDIT-1108: 🔧 Copy across args to env variables

* SDIT-1108: 🔧 Add in docker compose build args and missing env vars

* SDIT-1108: ♻️ Fix deprecated syntax version of ENV (#234)

* SDIT-1108: ✨ Add in environment name to header (#235)

* SDIT-1108: 📝 Add new environment name to changelog (#236)

* NON-270: Improve REST client (#238)

* Improve REST client typing information and add PATCH, PUT and DELETE methods allowing for query parameters as well as body payloads
* Propagate user types into `res.locals` in request handlers

* Update actions/checkout action to v4 (#225)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#210)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Helm release generic-service to v2.6.5 (#237)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependencies 2023-10-17 (#243)

* add tests for list base clients page

* add view base client page

* Fix errors in template

* basic view for create new base client screen

* HAAR-1891: Update deprecated endpoints with new endpoints (#247)

* HAAR-1891: Update deprecated endpoints with new (manage users api) endpoints

* HAAR-1891: Update following PR comments

* HAAR-1891: Added MANAGE_USERS_API_URL values.

* HAAR-1891: Added MANAGE_USERS_API_URL values.

* Update renovate.json (#248)

…to prevent Node docker image from being updated beyond LTS

* post new base client with error loop

* added controller tests

* add tests for presenter

* add test for expiry today

* Move to Node 20 plus minor updates (#249)

* Update CHANGELOG for node 20 change (#250)

* Update CHANGELOG for node 20 change

* Missed update link

* Update jwt-decode module to version 4.0.0 (#252)

* Update CHANGELOG.md (#253)

* correct test comments and refactor time functions

* Added changelog for PR #247 (#254)

* display edit base clients details page

* Add post update functionality

* update test comments

* update comments

* display edit base clients deployment details page

* add update deployment flow

* fix integration test

* remove excess helm folder

* add manage-users-api to docker-compose

* add remove client instance code

* page to display Delete Client confirmation

* test update

* delete functionality - validation

* add filter functionality

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>
Co-authored-by: Jon Brighton <brightonsbox@hotmail.com>
Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>
Co-authored-by: Matt <34448412+mattops@users.noreply.github.com>
Co-authored-by: Paul Solecki <51918433+psoleckimoj@users.noreply.github.com>
Co-authored-by: petergphillips <peter@greenthistle.co.uk>
Co-authored-by: Andy Marke <andy.marke@digital.justice.gov.uk>
Co-authored-by: Darren Oakley <darren.oakley@digital.justice.gov.uk>
Co-authored-by: markreesmoj <76954782+markreesmoj@users.noreply.github.com>
Co-authored-by: Connor Glynn <66882795+connormaglynn@users.noreply.github.com>
Co-authored-by: Gareth.m.Davies <gareth.davies@digital.justice.gov.uk>
Co-authored-by: ushkarev <ushkarev@users.noreply.github.com>
Co-authored-by: richardpopple <richard.popple@digital.justice.gov.uk>
Co-authored-by: Michael Willis <michael.willis@digital.justice.gov.uk>
Co-authored-by: Louise N <louise.norris@digital.justice.gov.uk>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: sp-watson <77974320+sp-watson@users.noreply.github.com>
Co-authored-by: sp-watson <steve.watson@digital,justice.gov.uk>
Co-authored-by: Jon Wyatt <jonnywyatt2@gmail.com>
Co-authored-by: Mike Halma <58170926+mikehalmamoj@users.noreply.github.com>
Co-authored-by: Richard James <44123869+richpjames@users.noreply.github.com>
Co-authored-by: Stuart Harrison <pezholio@gmail.com>
Co-authored-by: Neil Mendum <nmendum@gmail.com>
Co-authored-by: carlov20 <carlov20@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: David Middleton <122619525+davidmiddletonmoj@users.noreply.github.com>
Co-authored-by: Gareth.m.Davies <gareth.m.davies@gmail.com>
Co-authored-by: bryangaledxw <94137563+bryangaledxw@users.noreply.github.com>
Co-authored-by: ravmoj <104509282+ravmoj@users.noreply.github.com>
@SimenB
Copy link
Member

SimenB commented Nov 14, 2023

Node 20 with backport coming Thursday: nodejs/node#50682

simon-mitchell pushed a commit to ministryofjustice/hmpps-authorization that referenced this issue Nov 17, 2023
* Initial commit

* Alee/init (#1)

* Initial commit

* 🎉 Initial drop of code

* 🎨 Small tidy up

* Adding circle build and updating node to v14

* Adding helm config

* Fix wiremock port and update package.json

Co-authored-by: Jon Brighton <brightonsbox@hotmail.com>
Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>

* Fixing docker image (#2)

* Fix secret name (#3)

* Correcting variable names and removing unnecessary ones (#4)

* Fixing variable name (#5)

* Removing trailing slashes from env vars (#6)

* Fix hostname (#7)

* Update dependencies (#8)

* Update dependencies

Also move to use declaration overrides for describing additional possible fields in session data

Also removing/moving unnecessary prod dependencies

Moving jest tests to run in parallel

* Fix types for user

* Do not allow any warnings

* Correcting test results path

* Reducing docker image size (#9)

Also
* Update dependencies
* Adopt standard github gitignore for node projects
* Using body typography

* Add rename script (#10)

* Add rename script

* PR reviews

* Removing unused vars

* Alee/decoupling auth client from redis (#11)

* Decoupling auth client from redis impl

* Update to latest hmpps orb version (#12)

* Fixing build-info.json placement (#13)

* Convert to arrow functions in utils (#14)

* Convert to arrow functions in utils

* Remove returns and fix prettier issues

* Make the use of logger naming consistent (#15)

* Adding outdated job (#16)

* Adding outdated job

* Updating dependencies

* Removing patch to minor version

* Updating dependencies (#17)

* Moving to enable no-implicit-any (#18)

* DT-1659: 🔨 Remove helm copying secrets from AWS (#19)

* Adding moj design system (#20)

* Add new veracode scan for schedueled workflow (#21)

* Add new veracode scan for schedueled workflow

* Re-add - check_outdated job

* Removing deprecated body parser (#22)

* DT-1627: 📄 Update license with correct year (#23)

* Added missing ping endpoint as used by Kubernetes for liveliness probe (#24)

* DT-2012 - upgrade hmpps orb, and add veracode policy scan job. (#25)

* Use generic-service and generic-prometheus-alerts charts (#26)

* Updating dependencies and adding slack notifications to outdated checks (#27)

* Updating dependencies and adding slack notifications to outdated checks

* Add slack orb

* Moving to group middleware into related modules, following the pattern established in prison staff hub (#28)

* Fix the slack notification on `check_outdated` (#30)

* Ensure that the `SLACK_ACCESS_TOKEN` env var is set for `check_outdated`

As the final step (on fail) is a slack notification we need to use a context containing the variable.

* Refactor the channel for alerts into parameters

This establishes a reusable pattern in case consumers wish to notify slack on other jobs.

* Updating node dependencies (#31)

* Fixing configuration of security audit (#32)

The "medium" configuration was not an acceptable term, should be one of
"info", "low", "moderate", "high" or "critical". This meant that it
would not pick up on anything!

* Alee/update dependencies (#33)

* Updating dependencies and node

* Use parameterised slack channel rather than default of typescript alerts channel

* Extracting out executor

* DT-2166 - add trivy image scanning job (#35)

* Fix trivy scan job slack notifications channel (#36)

* Use node executor and parameterise the version (#34)

* WFP-322 use the hmpps/node executor to build

* WFP-322 parameterise the node version in the executor

* WFP-322 use node version parameter in integration test image

* WFP-322 integration tests use new node_redis executor

Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* Deploy template project to template k8s namespace (#37)

* Deploy template project to template k8s namespace

* DT-2260 - update to latest circleci orb and chart dependencies (#38)

* Updating dependencies and improving README (#39)

* DT-2282: ⬆️ Fix veracode policy scan (#40)

* Moving cypress tests to typescript (#41)

* DT-2404: 💄 Switch to sign in / out instead of login / out (#42)

* DT-2404: 💄 Switch to sign in / out instead of login / out

* DT-2404: 💄 Don't need .gitignore for husky any more

* DT-2404: ✅ Run tests automatically on commit (#43)

* Update dependencies (#44)

* DT-2297 - Veracode - switch to daily pipeline scan (results in circleci), and weekly policy scan (upload to veracode portal). (#45)

* DT-2297- randomise timing of circleci security workflow due to rate limiting at veracode. (#47)

* update typescript (#48)

* Fixing docker caching apt-get layer (#49)

* Fix docker build failing, and reduce image size (#50)

* Remove use of semi colons before arrays (#51)

* Remove use of semi-colons before arrays

* Fix typos in README

* WFP-610 update to npmv7 and fix some audit (#52)

* WFP-610 update to npm 7

* WFP-610 update outdated dependencies

* WFP-610 fixed some audit vulnerabilities

* WFP-610 updated passport-oauth2

* WFP-610 upgrade to jest-junit 13 to bring in new ansi-regex (#54)

* Upgrading dependencies (#55)

* FIXBUILD: update ansi-regex subdependency (#56)

* DT-2702: 🔨 Use new generic service configuration (#57)

* Update dependencies (#58)

* Moving to use HMPPS header (#59)

* Moving to use HMPPS header

* Removing explicit reference to DPS

* Fix path of unit test results that are uploaded as artifacts (#60)

and properly indent "build" job (jobs should be an array of [name] to dictionary)

Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>

* DT-2814: 🐛 Fix cron timings for veracode (#61)

* NN-3747 fixing json structure for the stubUserRoles call and populating the user directly and not from the request because passport isn't in the test stack (#62)

* Bumping node version (#63)

Also fixing open handle in test and bumping dependencies

* DT-2796: 🔨 Migrate dev to live context (#64)

* Update dependencies and move to NPM v8 (#65)

* Upgrading dependencies (#66)

* Update modules and remove express-request-id (#67)

* INC-163 Timeout Fix - Correctly sets the timeout for a HttpAgent (#69)

* ⬆️ update dependencies and 💄add no-only-tests linting rule for cypress (#70)

* ⬆️ update dependencies

* 💄Add no-only-tests linting rule for cypress

* SDI-60: 🔨 Add global protect and petty france to allowlists (#71)

* Update dependencies (#72)

* DCS-1442 jquery-ui.css coep fix (#73)

* Fixing docker caching issue (#74)

Need to refer to build args before calling apt-get upgrade otherwise the set of packages are cached and not upgraded. Docker cannot cache anything in layers after a dynamic variable has been used

Also bumping version of node and fixing test compilation issue

* Setup prometheus metrics by default. (#75)

This change sets up prometheus metrics to be available on port 3001, and
with the helm chart changes they will automatically get scraped and be
available for alerts and dashboards in grafana.

The added metrics include:

- General nodejs stats: memory use, gc etc
- HTTP server requests: counters and timings of all served HTTP requests
  by the app.
- HTTP client requests: counters and timings of all HTTP requests to
  other upstream APIs (as long as they are based off `restClient.ts`).
- Upstream healthchecks: guages recording the status/health of each
  upstream service when the healthcheck is tested.

This is all backported from the `manage-recalls-ui` app, please let me
know what you think. :)

* Bump minimist from 1.2.5 to 1.2.6 (#76)

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update dependencies (#77)

* Audit fix (#79)

* NN-4060: App Insights only works with bunyan v1 (#80)

Co-authored-by: sp-watson <steve.watson@digital,justice.gov.uk>

* Update orb and dependencies (#82)

* Stop metrics test from hitting a real service and occasionally timing out (#81)

Co-authored-by: Jon Wyatt <>
Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* SDI-181: 🔧 Add jira notifications for new projects (#83)

* Adding better redis error handling (#84)

* SDI-181: 🔧 Use new cimg redis executor (#85)

* SDI-181: 🔧 Use new cimg redis executor

* SDI-181: 🔧 Improve docker ignore and use released orb instead

* SDI-181: ⬆️ Bump node minor version

* SLM-245 Restore cache prior to running up the app for the integration tests (#86)

This caused an issue with our build where we received a segmentation fault as soon as the integration tests called the node app. Segmentation faults generally indicate an issue with one of the native C/C++ modules and it appears that one of these modules was relying on something we have stashed in the cache.

* SDI-88: 🚨 Fix querystring warning (#87)

* SDI-88: 🚨 Fix querystring warning

* SDI-88: 🚨 Second attempt to querystring warning

* SDI-88: 🐛 Fix cookie session down as a dependency (#88)

* SDI-88: ♻️  Tidy up mocks and switch to multiplatform builds (#89)

* Allow async get to take an array of strings for paths like original get method (#90)

* SDI-182: ✨ Switch to using connection string instead (#91)

* Update README.md (#92)

* SDI-88: ✅ Add token verification integration tests (#94)

* Minor "code smell" fixes suggested by Sonar Cloud (#95)

* INC-567: Remove unnecessary type assertions

* INC-567: Return resolved promise directly

* SDI-211: 🔒️ Bump versions to fix security issues and cope with passport major upgrade (#96)

* Updating dependencies (#97)

* SDI-211: 🎨 Enforce trailing comma on functions too (#98)

* SDI-211: 🎨 Enforce arrow parens (#99)

* Bump dependencies (#100)

* SDI-218: ⬆  Upgrade cypress to v10 (#101)

* ⬆️ Update dependencies (#102)

* Ignore false positive around nodemon (#103)

* Ignore false positive around nodemon

* Manage version of audit ci and provide full path to ignored dependency

* Updating dependencies (#104)

* Update dependencies (#105)

* Create services container (#106)

This allows passing through a container of wired up services through to route

This approach has been used for the dps-shared and farsight projects and it leads to a testing approach that scales more naturally. Means you can pass through the services through to where they are needed and this can grow without changes propagating through the application

Also extracted standard router into standalone middleware as the current approach relies on mutation and encourages making multiple copies of it.

* SDI-265: ♻️  Minor improvements (#107)

* SDI-265: 🚨 Add lint check for only (#108)

* Update Jest to v28 and minor dependency updates (#109)

* Remove duplicate <main> elements (#110)

The govuk/template.njk which the layout.njk extends which these files use already includes a <main> element

According to the HTML spec there should only be one <main> element present in the document at a time

* Bumping dependencies and fixing page width (#111)

* Bumping dependencies and fixing page width

There seems to be a lot of variability in page width so going with something that seems most popular in HMPPS

* Run tests in band

Partially to fix tests hanging in circle, but also as test seems to run almost twice as fast (after clearing cache)

* Add a `cspNonce` to the webSecurity setup (#112)

Based on what I’ve seen elsewhere, this seems to now be a common
approach to allow us to inline scripts, see:

https://content-security-policy.com/nonce

The GOV.UK frontend has now been updated to support the use of the
`cspNonce` local - see:

 alphagov/govuk-frontend@2e40d74

So we no longer need to add the inline hash, which is vulnerable to if
the code in the frontend template is changed.

I’ve also removed the domain-specific overrides for jQuery scripts and
styles, as we can use the nonce for this too.

* Update dependencies 2022-08-22 (#113)

* Update dependencies to fix check outdated flagging typescript (#114)

* Update dependencies 2022-09-09 (#115)

* Speeding up jest tests (#116)

This speeds up the running of jest tests by enabling isolatedModules
which has the effect of [disabling typechecking](https://kulshekhar.github.io/ts-jest/docs/getting-started/options/isolatedModules)

It also drastically reduces memory usage, allowing for running tests in
parallel locally at least.

On my laptop this reduces the time to run the tests in this project from
~14 seconds to ~4 seconds. On larger projects the effect is much more pronounced,
welcome-people-to-prison reduces build time from ~2mins, 20 seconds to ~25
seconds. In circle we still need to run in band but this is still
significantly faster than before, in WPIP it reduces the build by over 1 min.

Type checking is still available in the IDE, it is also part of the
husky pre-commit hook and run by circle as part of the build, so the
risk of type errors slipping through are very small.

(We could possibly add a typechecking stage before running jest and it
would still be much faster but not adding unless it becomes apparent
that we need it )

It would be worth to re-assess this after jest 29 as there seems to be
some fixes around a [memory issue](jestjs/jest#11956) that is part of node in versions
> 16.10

NB: This will not work if type declaration (`d.ts`) files contain enums
or any other constructs that generate javascript code. This seems to be
a bit of an anti-pattern anyway (see [here](https://lukasbehal.com/2017-05-22-enums-in-declaration-files/)).
Other tooling such as cypress will only allow you to import
types from these files.

* Removing colour from logs in production mode (#117)

* Move ingress (#118)

* Move ingress

* CHange generic service to latest

* SDI-345: ⬆️  Upgrade node and cypress (#119)

* SDI-345: ⬆️  Upgrade node and cypress

* SDI-345: ⬆️  Actually upgrade cypress

* Fixing logging (#120)

There was an issue where we weren't sending trace info to app insights.
This is because appInsights needs to be imported before bunyan is
imported so it can do its instrumentation magic.

There was a related issue that obscured this. It was previously
impossible to test app insights locally as dotenv wasn't set up
correctly - it needed to happen before app insights is imported or app
insights would prevent the app starting up.

So this moves dotenv to dev dependencies and preloads it before running the app via start:dev.

This removes some code that is only relevant for local development.
It also means the application runs similar locally to how it would run
in docker or kubernetes - it just expects the environment variables to
be present.

Also moving the app insights import so it's very apparent that it's the first thing that happens when the app starts.

* Update dependencies 2022-09-28 (#121)

* ⬆️Upgrade to latest helm chart versions (#122)

* Adding badges (#123)

* Adding badges

* Update README.md

* Updating node to v18 (#124)

* Set helm timeout to 5 minutes (#125)

* Use official redis image for docker-compose (#126)

Which is suitable for arm64 and consistent with docker-compose-test which was updated with ministryofjustice/hmpps-template-typescript#89

* Update Helm config to match Kotlin template (#127)

* Update dependencies 2022-11-15 (#128)

* Update dependencies 2022-11-16 (#129)

* Update node images (#130)

* SDI-476: ⬆  Bump versions (#131)

* Update dependencies 2022-12-08 (#132)

* Update dependencies 2022-12-19 (#133)

* Bump jsonwebtoken from 8.5.1 to 9.0.0 (#136)

Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0.
- [Release notes](https://github.com/auth0/node-jsonwebtoken/releases)
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix conflicting prettier / eslint rule (#135)

In eslint, we ask for a trailing comma, while the prettier rules are set
to `es5`. This causes issues if you have your IDE set up to fix on save,
as one linter kicks in before the other, causing conflicting fixes.

Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* SDI-523: 🔒️ Fix / ignoresecurity issues (#138)

* HEAT-41: use npm outdated job from HMPPS Orb; update other dependencies (#139)

* Update dependencies 2023-01-24 (#140)

* Update dependencies 2023-01-31 (#141)

* Update dependencies 2023-02-01 (#142)

* Configure Renovate (#144)

* Add renovate.json

* HEAT-52: source Renovate config from shared HMPPS repo

* HEAT-52: tweak dependencies pinned by Renovate

Inherit the ones from https://github.com/ministryofjustice/hmpps-renovate-config/blob/main/node.json

* HEAT-52: manually bump Slack Orb as Renovate was complaining 'Can't find version matching 4.4.2 for slack'

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update Helm release generic-service to v2.4.0 (#146)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update peter-evans/create-pull-request action to v4 (#148)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update actions/checkout action to v3 (#147)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add .nvmrc file, Prettier support for Nunjucks and use SCSS (#143)

* Add .nvmrc file with node version set to `18`
Update npm engine version to `^9`
Add `prettier-plugin-jinja-template` as dev dependency plus config
Refactor `.sass` files to `.scss` for consistency

* Add newline to .nvmrc

---------

Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Revert build_multiplatform_docker because it causes the build to take over an hour (#149)

See Slack discussion https://mojdt.slack.com/archives/C69NWE339/p1671529301455009?thread_ts=1671529075.740459&cid=C69NWE339

* Update dependency cypress to ^12.5.1 (#150)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-52: reduce the size of the PR body by specifying prBodyTemplate (#152)

This should help with GitHub integration in Slack

* Update all non major NPM dependencies (#151)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#153)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#155)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#156)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#159)

* Update all non major NPM dependencies

* Reduce Renovate stabilityDays so that it raises fewer PRs

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update Helm release generic-service to v2.5.0 (#161)

* Update Helm release generic-service to v2.5.0

* Drop generic-service params no longer required

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update node image and regenerate package-lock.json (#165)

* Update hmpps-orb to v7.2.1 (#166)

* Upgrade to connect-redis 7 and update other dependencies (#168)

* Upgrade to connect-redis 7 and update other dependencies

* Remove legacy mode

* Fix npm prune warning

* Upgrade to typescript 5 (#169)

* Add HMPPS Auth URL to form-action CSP string (#170)

Update the Content Security Policy to allow the HMPPS Auth URL as a possible form action target.

Currently, if a 403 error occurs on a GET request, this will be captured by the error handling setup in errorHandler.ts, and the user will be redirected to the sign out URL, which then redirects to the HMPPS Auth URL. However, if a 403 error occurs on a POST request, this second redirect may not occur, and the user may, depending on their choice of browser, be frozen on the form page they just submitted.

Due to CSP implementation details that vary between browsers, adding the HMPPS Auth URL to our form action targets allows this second redirect to occur as expected.

* Update TypeScript etc 2023-04-03 (#174)

* Removing unnecessary build (#172)

All 3 processes: tsc, sass and copy-views are run by concurrently at start up anyway

* Update dependencies 2023-04-12 (#177)

* SDIT-738: ⚡️ Cache static resources for 1 hour (#178)

* Update dependencies 2023-04-21 (#181)

* Fix security vuln 2023-04-25 (#183)

* Update Helm release generic-service to v2.6.2 (#182)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* SDIT-760: 🔧 Upgrade redis to 7 (#186)

* Update Helm release generic-service to v2.6.3 (#184)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Tie css cache to version of application (#188)

At the moment the cache is linked to the start up time of pod, so get unnecessary cache misses for each pod in the cluster and also when pods restart

This ties the cache to the git short hash of the deployment

* Fix version not appearing in application insights (#190)

* Fix version not appearing in application insights

This previously relied on running a shell script to generate a file with a json payload in it.

The code that read this file to extract out the version for the cache improvement and also setting the application version in app insights, was looking in the wrong location

There was another location that looked up the file and read in the details for the health endpoint which was looking in the right place

This change moves to reading the version and git reference into an env var in the docker file instead, which means we can centralise how this info is made available and remove the additional file management

This should be a safe fix as the build info file was previously being generated from the docker build anyway - so the file should be available

* Tidy up passing around application version

* Update Helm release generic-prometheus-alerts to v1.3.2 (#189)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add PreProd and Prod helm config (#193)

As per Kotlin Template https://github.com/ministryofjustice/hmpps-template-kotlin/tree/main/helm_deploy

* Update slack orb to v4.12.5 (#185)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update peter-evans/create-pull-request action to v5 (#175)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#176)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Node.js to v18.16 (#191)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependencies 2023-06-07 (#196)

* Do not retry POST requests by default (#197)

It doesn't really make sense to retry non-idempotent calls

Also moving sanitised error over to a real error rather than a object. Makes it a little bit easier to test these: 'expect(..).reject.throws' etc.. doesn't work if you don't have really errors

* Adding changelog (#198)

* Have `sanitisedError` always return an Error instance (#199)

… for the same reasons as explained in ministryofjustice/hmpps-template-typescript#197

* Update all non major NPM dependencies (#195)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#200)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix semver vuln (#202)

* Update govuk-frontend to 4.7.0 (#205)

* Update all non major NPM dependencies (#204)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-82: Add productId and /info endpoint (#212)

* HEAT-82: Add productId and /info endpoint

* Update README and default value

* Update values.yaml to point at README.md

* Update README with dev portal URL (#213)

* Update README with dev portal URL

* Fix URL

* Fix info endpoint test description (#214)

* Update CHANGELOG.md (#216)

* Fix linting, update modules, remove override (#219)

* Move /info to health check block (#220)

* Update dependencies 2023-09-05 (#226)

* Update dependencies 2023-09-05

* Fix node version

* Fix CircleCI workflows for cypress (#223)

* Persist compiled stylesheets to workspace so that integration tests can load styles properly
* Upload cypress screenshot and video artefacts from correct location

* Fix cypress config and remove some vestigial code (#228)

* Remove unused/vestigial integration test method
* Remove deleted cypress config option
* Update copyright date

* Update readme (#229)

* Update Helm release generic-prometheus-alerts to v1.3.3 (#224)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update redis Docker tag to v7.2 (#221)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Node.js to v18.18 (#230)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-106: Standardise endpoints (#231)

* HEAT-106: Standardise endpoints

* Fix e2e

* Correct response

* Update Dockerfile to pull through branch name

* Amend output checks for int tests

* Fix bugs and add Changelog

* SDIT-1088: ✨ Get components to always return status even if failed (#232)

* SDIT-1108: 🔧 Don't default build args (#233)

* SDIT-1108: 🔧 Don't default build args

* SDIT-1108: 🔧 Copy across args to env variables

* SDIT-1108: 🔧 Add in docker compose build args and missing env vars

* SDIT-1108: ♻️ Fix deprecated syntax version of ENV (#234)

* SDIT-1108: ✨ Add in environment name to header (#235)

* SDIT-1108: 📝 Add new environment name to changelog (#236)

* NON-270: Improve REST client (#238)

* Improve REST client typing information and add PATCH, PUT and DELETE methods allowing for query parameters as well as body payloads
* Propagate user types into `res.locals` in request handlers

* Update actions/checkout action to v4 (#225)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#210)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Helm release generic-service to v2.6.5 (#237)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependencies 2023-10-17 (#243)

* add tests for list base clients page

* add view base client page

* Fix errors in template

* basic view for create new base client screen

* HAAR-1891: Update deprecated endpoints with new endpoints (#247)

* HAAR-1891: Update deprecated endpoints with new (manage users api) endpoints

* HAAR-1891: Update following PR comments

* HAAR-1891: Added MANAGE_USERS_API_URL values.

* HAAR-1891: Added MANAGE_USERS_API_URL values.

* Update renovate.json (#248)

…to prevent Node docker image from being updated beyond LTS

* post new base client with error loop

* added controller tests

* add tests for presenter

* add test for expiry today

* Move to Node 20 plus minor updates (#249)

* Update CHANGELOG for node 20 change (#250)

* Update CHANGELOG for node 20 change

* Missed update link

* Update jwt-decode module to version 4.0.0 (#252)

* Update CHANGELOG.md (#253)

* correct test comments and refactor time functions

* Added changelog for PR #247 (#254)

* display edit base clients details page

* Add post update functionality

* update test comments

* update comments

* display edit base clients deployment details page

* add update deployment flow

* fix integration test

* remove excess helm folder

* add manage-users-api to docker-compose

* add remove client instance code

* page to display Delete Client confirmation

* test update

* delete functionality - validation

* add filter functionality

* setup homepage tests

* base-client-list integration tests

* correct failing test

* remove template files

* fix service filter

* integration tests for main base client view screen

* Add base client tests

* edit base client details testing

* integration tests for edit deployment

* Integration tests for Client instance add and delete functionality

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>
Co-authored-by: Jon Brighton <brightonsbox@hotmail.com>
Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>
Co-authored-by: Matt <34448412+mattops@users.noreply.github.com>
Co-authored-by: Paul Solecki <51918433+psoleckimoj@users.noreply.github.com>
Co-authored-by: petergphillips <peter@greenthistle.co.uk>
Co-authored-by: Andy Marke <andy.marke@digital.justice.gov.uk>
Co-authored-by: Darren Oakley <darren.oakley@digital.justice.gov.uk>
Co-authored-by: markreesmoj <76954782+markreesmoj@users.noreply.github.com>
Co-authored-by: Connor Glynn <66882795+connormaglynn@users.noreply.github.com>
Co-authored-by: Gareth.m.Davies <gareth.davies@digital.justice.gov.uk>
Co-authored-by: ushkarev <ushkarev@users.noreply.github.com>
Co-authored-by: richardpopple <richard.popple@digital.justice.gov.uk>
Co-authored-by: Michael Willis <michael.willis@digital.justice.gov.uk>
Co-authored-by: Louise N <louise.norris@digital.justice.gov.uk>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: sp-watson <77974320+sp-watson@users.noreply.github.com>
Co-authored-by: sp-watson <steve.watson@digital,justice.gov.uk>
Co-authored-by: Jon Wyatt <jonnywyatt2@gmail.com>
Co-authored-by: Mike Halma <58170926+mikehalmamoj@users.noreply.github.com>
Co-authored-by: Richard James <44123869+richpjames@users.noreply.github.com>
Co-authored-by: Stuart Harrison <pezholio@gmail.com>
Co-authored-by: Neil Mendum <nmendum@gmail.com>
Co-authored-by: carlov20 <carlov20@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: David Middleton <122619525+davidmiddletonmoj@users.noreply.github.com>
Co-authored-by: Gareth.m.Davies <gareth.m.davies@gmail.com>
Co-authored-by: bryangaledxw <94137563+bryangaledxw@users.noreply.github.com>
Co-authored-by: ravmoj <104509282+ravmoj@users.noreply.github.com>
@hwildwood
Copy link

hwildwood commented Nov 22, 2023

Node 20.10.0 has been released including the fixes mentioned in this PR 🎉

https://github.com/nodejs/node/releases/tag/v20.10.0

@AlecksJohannes
Copy link

AlecksJohannes commented Nov 23, 2023

We are close to victory folks 😆 , 1 approval at a time!

docker-library/official-images#15761

@karlhorky
Copy link
Contributor

PR for Homebrew on macOS:

@pwadmore-ea
Copy link

Please can I ask if the resolution will be backported to Node.js 18?

@Smrtnyk
Copy link

Smrtnyk commented Nov 23, 2023

Please can I ask if the resolution will be backported to Node.js 18?

I don't think jest is the place where that gets decided

@karlhorky
Copy link
Contributor

karlhorky commented Nov 23, 2023

@pwadmore-ea this was asked over here in the Node.js repo:

Seems like it's being backported here:

ide added a commit to expo/expo that referenced this issue Dec 2, 2023
Why
---
Node 20.10.0 includes a memory leak fix in V8's compilation cache. This matters for Jest test suites, which repeatedly discard and reload the environment. See jestjs/jest#11956.

How
---
Used setup-node to explicitly install Node 20. Getting the latest version will include the V8 fix. Also upgraded the checkout action (breaking change is that it uses Node 20 itself internally).

If this works well, we could consider using setup-node's own Yarn node_modules caching instead of our own but that is out of the scope of this PR.

Test Plan
---
Make sure this passes in CI.
ide added a commit to expo/expo that referenced this issue Dec 2, 2023
Why
---
Node 20.10.0 includes a memory leak fix in V8's compilation cache. This
matters for Jest test suites, which repeatedly discard and reload the
environment. See jestjs/jest#11956.

With a sample size of one, the check-packages step ran in
[27m46s](https://github.com/expo/expo/actions/runs/7067532822/job/19241013344?pr=25709)
with Node 20.10.0 and
[31m27s](https://github.com/expo/expo/actions/runs/7067530553/job/19241009110?pr=25711)
with Node 18.18.2.

How
---
Used setup-node to explicitly install Node 20. Getting the latest
version will include the V8 fix. Also upgraded the checkout action
(breaking change is that it uses Node 20 itself internally).

If this works well, we could consider using setup-node's own Yarn
node_modules caching instead of our own but that is out of the scope of
this PR.

Test Plan
---
Make sure this passes in CI.
@kevinverelst
Copy link

Hi, I'm having the same problem but as far as I understand, version 20.11.0 of node should have this fixed?

brightonsbox added a commit to ministryofjustice/hmpps-audit-poc-ui that referenced this issue Dec 18, 2023
* Initial commit

* Alee/init (#1)

* Initial commit

* 🎉 Initial drop of code

* 🎨 Small tidy up

* Adding circle build and updating node to v14

* Adding helm config

* Fix wiremock port and update package.json

Co-authored-by: Jon Brighton <brightonsbox@hotmail.com>
Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>

* Fixing docker image (#2)

* Fix secret name (#3)

* Correcting variable names and removing unnecessary ones (#4)

* Fixing variable name (#5)

* Removing trailing slashes from env vars (#6)

* Fix hostname (#7)

* Update dependencies (#8)

* Update dependencies

Also move to use declaration overrides for describing additional possible fields in session data

Also removing/moving unnecessary prod dependencies

Moving jest tests to run in parallel

* Fix types for user

* Do not allow any warnings

* Correcting test results path

* Reducing docker image size (#9)

Also
* Update dependencies
* Adopt standard github gitignore for node projects
* Using body typography

* Add rename script (#10)

* Add rename script

* PR reviews

* Removing unused vars

* Alee/decoupling auth client from redis (#11)

* Decoupling auth client from redis impl

* Update to latest hmpps orb version (#12)

* Fixing build-info.json placement (#13)

* Convert to arrow functions in utils (#14)

* Convert to arrow functions in utils

* Remove returns and fix prettier issues

* Make the use of logger naming consistent (#15)

* Adding outdated job (#16)

* Adding outdated job

* Updating dependencies

* Removing patch to minor version

* Updating dependencies (#17)

* Moving to enable no-implicit-any (#18)

* DT-1659: 🔨 Remove helm copying secrets from AWS (#19)

* Adding moj design system (#20)

* Add new veracode scan for schedueled workflow (#21)

* Add new veracode scan for schedueled workflow

* Re-add - check_outdated job

* Removing deprecated body parser (#22)

* DT-1627: 📄 Update license with correct year (#23)

* Added missing ping endpoint as used by Kubernetes for liveliness probe (#24)

* DT-2012 - upgrade hmpps orb, and add veracode policy scan job. (#25)

* Use generic-service and generic-prometheus-alerts charts (#26)

* Updating dependencies and adding slack notifications to outdated checks (#27)

* Updating dependencies and adding slack notifications to outdated checks

* Add slack orb

* Moving to group middleware into related modules, following the pattern established in prison staff hub (#28)

* Fix the slack notification on `check_outdated` (#30)

* Ensure that the `SLACK_ACCESS_TOKEN` env var is set for `check_outdated`

As the final step (on fail) is a slack notification we need to use a context containing the variable.

* Refactor the channel for alerts into parameters

This establishes a reusable pattern in case consumers wish to notify slack on other jobs.

* Updating node dependencies (#31)

* Fixing configuration of security audit (#32)

The "medium" configuration was not an acceptable term, should be one of
"info", "low", "moderate", "high" or "critical". This meant that it
would not pick up on anything!

* Alee/update dependencies (#33)

* Updating dependencies and node

* Use parameterised slack channel rather than default of typescript alerts channel

* Extracting out executor

* DT-2166 - add trivy image scanning job (#35)

* Fix trivy scan job slack notifications channel (#36)

* Use node executor and parameterise the version (#34)

* WFP-322 use the hmpps/node executor to build

* WFP-322 parameterise the node version in the executor

* WFP-322 use node version parameter in integration test image

* WFP-322 integration tests use new node_redis executor

Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* Deploy template project to template k8s namespace (#37)

* Deploy template project to template k8s namespace

* DT-2260 - update to latest circleci orb and chart dependencies (#38)

* Updating dependencies and improving README (#39)

* DT-2282: ⬆️ Fix veracode policy scan (#40)

* Moving cypress tests to typescript (#41)

* DT-2404: 💄 Switch to sign in / out instead of login / out (#42)

* DT-2404: 💄 Switch to sign in / out instead of login / out

* DT-2404: 💄 Don't need .gitignore for husky any more

* DT-2404: ✅ Run tests automatically on commit (#43)

* Update dependencies (#44)

* DT-2297 - Veracode - switch to daily pipeline scan (results in circleci), and weekly policy scan (upload to veracode portal). (#45)

* DT-2297- randomise timing of circleci security workflow due to rate limiting at veracode. (#47)

* update typescript (#48)

* Fixing docker caching apt-get layer (#49)

* Fix docker build failing, and reduce image size (#50)

* Remove use of semi colons before arrays (#51)

* Remove use of semi-colons before arrays

* Fix typos in README

* WFP-610 update to npmv7 and fix some audit (#52)

* WFP-610 update to npm 7

* WFP-610 update outdated dependencies

* WFP-610 fixed some audit vulnerabilities

* WFP-610 updated passport-oauth2

* WFP-610 upgrade to jest-junit 13 to bring in new ansi-regex (#54)

* Upgrading dependencies (#55)

* FIXBUILD: update ansi-regex subdependency (#56)

* DT-2702: 🔨 Use new generic service configuration (#57)

* Update dependencies (#58)

* Moving to use HMPPS header (#59)

* Moving to use HMPPS header

* Removing explicit reference to DPS

* Fix path of unit test results that are uploaded as artifacts (#60)

and properly indent "build" job (jobs should be an array of [name] to dictionary)

Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>

* DT-2814: 🐛 Fix cron timings for veracode (#61)

* NN-3747 fixing json structure for the stubUserRoles call and populating the user directly and not from the request because passport isn't in the test stack (#62)

* Bumping node version (#63)

Also fixing open handle in test and bumping dependencies

* DT-2796: 🔨 Migrate dev to live context (#64)

* Update dependencies and move to NPM v8 (#65)

* Upgrading dependencies (#66)

* Update modules and remove express-request-id (#67)

* INC-163 Timeout Fix - Correctly sets the timeout for a HttpAgent (#69)

* ⬆️ update dependencies and 💄add no-only-tests linting rule for cypress (#70)

* ⬆️ update dependencies

* 💄Add no-only-tests linting rule for cypress

* SDI-60: 🔨 Add global protect and petty france to allowlists (#71)

* Update dependencies (#72)

* DCS-1442 jquery-ui.css coep fix (#73)

* Fixing docker caching issue (#74)

Need to refer to build args before calling apt-get upgrade otherwise the set of packages are cached and not upgraded. Docker cannot cache anything in layers after a dynamic variable has been used

Also bumping version of node and fixing test compilation issue

* Setup prometheus metrics by default. (#75)

This change sets up prometheus metrics to be available on port 3001, and
with the helm chart changes they will automatically get scraped and be
available for alerts and dashboards in grafana.

The added metrics include:

- General nodejs stats: memory use, gc etc
- HTTP server requests: counters and timings of all served HTTP requests
  by the app.
- HTTP client requests: counters and timings of all HTTP requests to
  other upstream APIs (as long as they are based off `restClient.ts`).
- Upstream healthchecks: guages recording the status/health of each
  upstream service when the healthcheck is tested.

This is all backported from the `manage-recalls-ui` app, please let me
know what you think. :)

* Bump minimist from 1.2.5 to 1.2.6 (#76)

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update dependencies (#77)

* Audit fix (#79)

* NN-4060: App Insights only works with bunyan v1 (#80)

Co-authored-by: sp-watson <steve.watson@digital,justice.gov.uk>

* Update orb and dependencies (#82)

* Stop metrics test from hitting a real service and occasionally timing out (#81)

Co-authored-by: Jon Wyatt <>
Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* SDI-181: 🔧 Add jira notifications for new projects (#83)

* Adding better redis error handling (#84)

* SDI-181: 🔧 Use new cimg redis executor (#85)

* SDI-181: 🔧 Use new cimg redis executor

* SDI-181: 🔧 Improve docker ignore and use released orb instead

* SDI-181: ⬆️ Bump node minor version

* SLM-245 Restore cache prior to running up the app for the integration tests (#86)

This caused an issue with our build where we received a segmentation fault as soon as the integration tests called the node app. Segmentation faults generally indicate an issue with one of the native C/C++ modules and it appears that one of these modules was relying on something we have stashed in the cache.

* SDI-88: 🚨 Fix querystring warning (#87)

* SDI-88: 🚨 Fix querystring warning

* SDI-88: 🚨 Second attempt to querystring warning

* SDI-88: 🐛 Fix cookie session down as a dependency (#88)

* SDI-88: ♻️  Tidy up mocks and switch to multiplatform builds (#89)

* Allow async get to take an array of strings for paths like original get method (#90)

* SDI-182: ✨ Switch to using connection string instead (#91)

* Update README.md (#92)

* SDI-88: ✅ Add token verification integration tests (#94)

* Minor "code smell" fixes suggested by Sonar Cloud (#95)

* INC-567: Remove unnecessary type assertions

* INC-567: Return resolved promise directly

* SDI-211: 🔒️ Bump versions to fix security issues and cope with passport major upgrade (#96)

* Updating dependencies (#97)

* SDI-211: 🎨 Enforce trailing comma on functions too (#98)

* SDI-211: 🎨 Enforce arrow parens (#99)

* Bump dependencies (#100)

* SDI-218: ⬆  Upgrade cypress to v10 (#101)

* ⬆️ Update dependencies (#102)

* Ignore false positive around nodemon (#103)

* Ignore false positive around nodemon

* Manage version of audit ci and provide full path to ignored dependency

* Updating dependencies (#104)

* Update dependencies (#105)

* Create services container (#106)

This allows passing through a container of wired up services through to route

This approach has been used for the dps-shared and farsight projects and it leads to a testing approach that scales more naturally. Means you can pass through the services through to where they are needed and this can grow without changes propagating through the application

Also extracted standard router into standalone middleware as the current approach relies on mutation and encourages making multiple copies of it.

* SDI-265: ♻️  Minor improvements (#107)

* SDI-265: 🚨 Add lint check for only (#108)

* Update Jest to v28 and minor dependency updates (#109)

* Remove duplicate <main> elements (#110)

The govuk/template.njk which the layout.njk extends which these files use already includes a <main> element

According to the HTML spec there should only be one <main> element present in the document at a time

* Bumping dependencies and fixing page width (#111)

* Bumping dependencies and fixing page width

There seems to be a lot of variability in page width so going with something that seems most popular in HMPPS

* Run tests in band

Partially to fix tests hanging in circle, but also as test seems to run almost twice as fast (after clearing cache)

* Add a `cspNonce` to the webSecurity setup (#112)

Based on what I’ve seen elsewhere, this seems to now be a common
approach to allow us to inline scripts, see:

https://content-security-policy.com/nonce

The GOV.UK frontend has now been updated to support the use of the
`cspNonce` local - see:

 alphagov/govuk-frontend@2e40d74

So we no longer need to add the inline hash, which is vulnerable to if
the code in the frontend template is changed.

I’ve also removed the domain-specific overrides for jQuery scripts and
styles, as we can use the nonce for this too.

* Update dependencies 2022-08-22 (#113)

* Update dependencies to fix check outdated flagging typescript (#114)

* Update dependencies 2022-09-09 (#115)

* Speeding up jest tests (#116)

This speeds up the running of jest tests by enabling isolatedModules
which has the effect of [disabling typechecking](https://kulshekhar.github.io/ts-jest/docs/getting-started/options/isolatedModules)

It also drastically reduces memory usage, allowing for running tests in
parallel locally at least.

On my laptop this reduces the time to run the tests in this project from
~14 seconds to ~4 seconds. On larger projects the effect is much more pronounced,
welcome-people-to-prison reduces build time from ~2mins, 20 seconds to ~25
seconds. In circle we still need to run in band but this is still
significantly faster than before, in WPIP it reduces the build by over 1 min.

Type checking is still available in the IDE, it is also part of the
husky pre-commit hook and run by circle as part of the build, so the
risk of type errors slipping through are very small.

(We could possibly add a typechecking stage before running jest and it
would still be much faster but not adding unless it becomes apparent
that we need it )

It would be worth to re-assess this after jest 29 as there seems to be
some fixes around a [memory issue](jestjs/jest#11956) that is part of node in versions
> 16.10

NB: This will not work if type declaration (`d.ts`) files contain enums
or any other constructs that generate javascript code. This seems to be
a bit of an anti-pattern anyway (see [here](https://lukasbehal.com/2017-05-22-enums-in-declaration-files/)).
Other tooling such as cypress will only allow you to import
types from these files.

* Removing colour from logs in production mode (#117)

* Move ingress (#118)

* Move ingress

* CHange generic service to latest

* SDI-345: ⬆️  Upgrade node and cypress (#119)

* SDI-345: ⬆️  Upgrade node and cypress

* SDI-345: ⬆️  Actually upgrade cypress

* Fixing logging (#120)

There was an issue where we weren't sending trace info to app insights.
This is because appInsights needs to be imported before bunyan is
imported so it can do its instrumentation magic.

There was a related issue that obscured this. It was previously
impossible to test app insights locally as dotenv wasn't set up
correctly - it needed to happen before app insights is imported or app
insights would prevent the app starting up.

So this moves dotenv to dev dependencies and preloads it before running the app via start:dev.

This removes some code that is only relevant for local development.
It also means the application runs similar locally to how it would run
in docker or kubernetes - it just expects the environment variables to
be present.

Also moving the app insights import so it's very apparent that it's the first thing that happens when the app starts.

* Update dependencies 2022-09-28 (#121)

* ⬆️Upgrade to latest helm chart versions (#122)

* Adding badges (#123)

* Adding badges

* Update README.md

* Updating node to v18 (#124)

* Set helm timeout to 5 minutes (#125)

* Use official redis image for docker-compose (#126)

Which is suitable for arm64 and consistent with docker-compose-test which was updated with ministryofjustice/hmpps-template-typescript#89

* Update Helm config to match Kotlin template (#127)

* Update dependencies 2022-11-15 (#128)

* Update dependencies 2022-11-16 (#129)

* Update node images (#130)

* SDI-476: ⬆  Bump versions (#131)

* Update dependencies 2022-12-08 (#132)

* Update dependencies 2022-12-19 (#133)

* Bump jsonwebtoken from 8.5.1 to 9.0.0 (#136)

Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) from 8.5.1 to 9.0.0.
- [Release notes](https://github.com/auth0/node-jsonwebtoken/releases)
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix conflicting prettier / eslint rule (#135)

In eslint, we ask for a trailing comma, while the prettier rules are set
to `es5`. This causes issues if you have your IDE set up to fix on save,
as one linter kicks in before the other, causing conflicting fixes.

Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* SDI-523: 🔒️ Fix / ignoresecurity issues (#138)

* HEAT-41: use npm outdated job from HMPPS Orb; update other dependencies (#139)

* Update dependencies 2023-01-24 (#140)

* Update dependencies 2023-01-31 (#141)

* Update dependencies 2023-02-01 (#142)

* Configure Renovate (#144)

* Add renovate.json

* HEAT-52: source Renovate config from shared HMPPS repo

* HEAT-52: tweak dependencies pinned by Renovate

Inherit the ones from https://github.com/ministryofjustice/hmpps-renovate-config/blob/main/node.json

* HEAT-52: manually bump Slack Orb as Renovate was complaining 'Can't find version matching 4.4.2 for slack'

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update Helm release generic-service to v2.4.0 (#146)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update peter-evans/create-pull-request action to v4 (#148)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update actions/checkout action to v3 (#147)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add .nvmrc file, Prettier support for Nunjucks and use SCSS (#143)

* Add .nvmrc file with node version set to `18`
Update npm engine version to `^9`
Add `prettier-plugin-jinja-template` as dev dependency plus config
Refactor `.sass` files to `.scss` for consistency

* Add newline to .nvmrc

---------

Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Revert build_multiplatform_docker because it causes the build to take over an hour (#149)

See Slack discussion https://mojdt.slack.com/archives/C69NWE339/p1671529301455009?thread_ts=1671529075.740459&cid=C69NWE339

* Update dependency cypress to ^12.5.1 (#150)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-52: reduce the size of the PR body by specifying prBodyTemplate (#152)

This should help with GitHub integration in Slack

* Update all non major NPM dependencies (#151)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#153)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#155)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#156)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#159)

* Update all non major NPM dependencies

* Reduce Renovate stabilityDays so that it raises fewer PRs

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update Helm release generic-service to v2.5.0 (#161)

* Update Helm release generic-service to v2.5.0

* Drop generic-service params no longer required

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* Update node image and regenerate package-lock.json (#165)

* Update hmpps-orb to v7.2.1 (#166)

* Upgrade to connect-redis 7 and update other dependencies (#168)

* Upgrade to connect-redis 7 and update other dependencies

* Remove legacy mode

* Fix npm prune warning

* Upgrade to typescript 5 (#169)

* Add HMPPS Auth URL to form-action CSP string (#170)

Update the Content Security Policy to allow the HMPPS Auth URL as a possible form action target.

Currently, if a 403 error occurs on a GET request, this will be captured by the error handling setup in errorHandler.ts, and the user will be redirected to the sign out URL, which then redirects to the HMPPS Auth URL. However, if a 403 error occurs on a POST request, this second redirect may not occur, and the user may, depending on their choice of browser, be frozen on the form page they just submitted.

Due to CSP implementation details that vary between browsers, adding the HMPPS Auth URL to our form action targets allows this second redirect to occur as expected.

* Update TypeScript etc 2023-04-03 (#174)

* Removing unnecessary build (#172)

All 3 processes: tsc, sass and copy-views are run by concurrently at start up anyway

* Update dependencies 2023-04-12 (#177)

* SDIT-738: ⚡️ Cache static resources for 1 hour (#178)

* Update dependencies 2023-04-21 (#181)

* Fix security vuln 2023-04-25 (#183)

* Update Helm release generic-service to v2.6.2 (#182)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>

* SDIT-760: 🔧 Upgrade redis to 7 (#186)

* Update Helm release generic-service to v2.6.3 (#184)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Tie css cache to version of application (#188)

At the moment the cache is linked to the start up time of pod, so get unnecessary cache misses for each pod in the cluster and also when pods restart

This ties the cache to the git short hash of the deployment

* Fix version not appearing in application insights (#190)

* Fix version not appearing in application insights

This previously relied on running a shell script to generate a file with a json payload in it.

The code that read this file to extract out the version for the cache improvement and also setting the application version in app insights, was looking in the wrong location

There was another location that looked up the file and read in the details for the health endpoint which was looking in the right place

This change moves to reading the version and git reference into an env var in the docker file instead, which means we can centralise how this info is made available and remove the additional file management

This should be a safe fix as the build info file was previously being generated from the docker build anyway - so the file should be available

* Tidy up passing around application version

* Update Helm release generic-prometheus-alerts to v1.3.2 (#189)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add PreProd and Prod helm config (#193)

As per Kotlin Template https://github.com/ministryofjustice/hmpps-template-kotlin/tree/main/helm_deploy

* Update slack orb to v4.12.5 (#185)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update peter-evans/create-pull-request action to v5 (#175)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#176)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Node.js to v18.16 (#191)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependencies 2023-06-07 (#196)

* Do not retry POST requests by default (#197)

It doesn't really make sense to retry non-idempotent calls

Also moving sanitised error over to a real error rather than a object. Makes it a little bit easier to test these: 'expect(..).reject.throws' etc.. doesn't work if you don't have really errors

* Adding changelog (#198)

* Have `sanitisedError` always return an Error instance (#199)

… for the same reasons as explained in ministryofjustice/hmpps-template-typescript#197

* Update all non major NPM dependencies (#195)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#200)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix semver vuln (#202)

* Update govuk-frontend to 4.7.0 (#205)

* Update all non major NPM dependencies (#204)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-82: Add productId and /info endpoint (#212)

* HEAT-82: Add productId and /info endpoint

* Update README and default value

* Update values.yaml to point at README.md

* Update README with dev portal URL (#213)

* Update README with dev portal URL

* Fix URL

* Fix info endpoint test description (#214)

* Update CHANGELOG.md (#216)

* Fix linting, update modules, remove override (#219)

* Move /info to health check block (#220)

* Update dependencies 2023-09-05 (#226)

* Update dependencies 2023-09-05

* Fix node version

* Fix CircleCI workflows for cypress (#223)

* Persist compiled stylesheets to workspace so that integration tests can load styles properly
* Upload cypress screenshot and video artefacts from correct location

* Fix cypress config and remove some vestigial code (#228)

* Remove unused/vestigial integration test method
* Remove deleted cypress config option
* Update copyright date

* Update readme (#229)

* Update Helm release generic-prometheus-alerts to v1.3.3 (#224)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update redis Docker tag to v7.2 (#221)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Node.js to v18.18 (#230)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HEAT-106: Standardise endpoints (#231)

* HEAT-106: Standardise endpoints

* Fix e2e

* Correct response

* Update Dockerfile to pull through branch name

* Amend output checks for int tests

* Fix bugs and add Changelog

* SDIT-1088: ✨ Get components to always return status even if failed (#232)

* SDIT-1108: 🔧 Don't default build args (#233)

* SDIT-1108: 🔧 Don't default build args

* SDIT-1108: 🔧 Copy across args to env variables

* SDIT-1108: 🔧 Add in docker compose build args and missing env vars

* SDIT-1108: ♻️ Fix deprecated syntax version of ENV (#234)

* SDIT-1108: ✨ Add in environment name to header (#235)

* SDIT-1108: 📝 Add new environment name to changelog (#236)

* NON-270: Improve REST client (#238)

* Improve REST client typing information and add PATCH, PUT and DELETE methods allowing for query parameters as well as body payloads
* Propagate user types into `res.locals` in request handlers

* Update actions/checkout action to v4 (#225)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update all non major NPM dependencies (#210)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update Helm release generic-service to v2.6.5 (#237)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependencies 2023-10-17 (#243)

* HAAR-1891: Update deprecated endpoints with new endpoints (#247)

* HAAR-1891: Update deprecated endpoints with new (manage users api) endpoints

* HAAR-1891: Update following PR comments

* HAAR-1891: Added MANAGE_USERS_API_URL values.

* HAAR-1891: Added MANAGE_USERS_API_URL values.

* Update renovate.json (#248)

…to prevent Node docker image from being updated beyond LTS

* Move to Node 20 plus minor updates (#249)

* Update CHANGELOG for node 20 change (#250)

* Update CHANGELOG for node 20 change

* Missed update link

* Update jwt-decode module to version 4.0.0 (#252)

* Update CHANGELOG.md (#253)

* Added changelog for PR #247 (#254)

* Update all non major NPM dependencies (#239)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* HAAR-1891: Add newly-included Manage Users api to health checks (#255)

* Add newly-included Manage Users api to health checks

* Update change log

* Migrating project to use groups in allowlist (#257)

* Updating generic service version to 2.8

* This PR migrates the project to use groups of IPs in their allowlist.

By referring to groups to IP addresses, we can centralize the definition of groups of ip addresses.
If these lists require changing in the future, we can change the definition once and future deploys across all services will automatically include these new IPs.

1 allowlist(s) have been detected that can be migrated.



## Allowlist: helm_deploy/hmpps-template-typescript/values.yaml

### New Groups

The effect of applying this PR is as follows:

- The following groups will be applied: `internal`
- The size of the allowlist defined in this file will change: `8 => 0 (8 removed)`

### Added IPs

The new Group membership will result in the following IPs being added to your allowlist by applying this PR:

  Merging this PR should not result in any additional IP addresses being added to the allowlist.

### Removed IPs

The following IPs have been identified as unnecessary and will be removed by applying this PR:


- health-kick (35.177.252.195/32)

* SDIT-1223: ✨ Add in role_ prefix if not set by caller (#261)

* SDIT-1223: ⬆️ Switch to latest wiremock (#262)

* SDIT-1223: 🎨 Open chrome by default (#263)

Co-authored-by: Steve Rendell <32732937+steverendell@users.noreply.github.com>

* Update all non major NPM dependencies (#259)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* SDIT-1223: 🎨 Minor cypress improvements (#265)

* SDIT-1248: 🔨 Fix pushing JIRA deployment information (#266)

* SDIT-1223: 🎨 Improve cypress healthcheck (#267)

* SDIT-1223: 🎨 Rename breadcrumb to be lowercase (#268)

* SDIT-1223: 🎨 Rename breadcrumb to be lowercase

* Rename breadCrumb.njk to breadcrumb.njk

* Update all non major NPM dependencies (#264)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependencies 2023-11-21 (#272)

* Use in-memory token store when developing locally (#273)

* Use in-memory token store when developing locally

Removes the need for a local Redis container

* Remove docker-compose dependency

* Default to disabled when running locally

* Rename to InMemoryTokenStore + explicitly create session MemoryStore

* Remove getUserRoles as an api call and add as decoded from the token (#274)

Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>

* Requre user input when excucting rename script to ensure slack alert channels are set correctly. (#277)

* fix rename project github workflow, correct inputs key. (#278)

* prompt for user input if script is run manually/locally (#279)

* PI-1717 Set session cookie name per-project (#280)

* PI-1717 Set session cookie name per-project

* Add `.session` suffix

* Ensure product ID is set when bootstraping new projects (#281)

* Update dependencies 2023-12-08 (#282)

* HAAR-2061: Remove deprecated filed (#285)

* HAAR-2061:
1 ) Removed staffId (userId has same info),
2) activeCaseLoadId : can be derived from 'me/caseloads' endpoint in 'nomis-user-roles-api'

* HAAR-2061: Remove staffId from stub

* Add execute permission back to rename-project.bash script (#286)

* Remove jQueryUI, initialise moj frontend (#288)

* HAAR-2154: update project with latest form typescript template

* HAAR-2154: update Sign-in test

* HAAR-2154: delete login test as we have signin test

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Andrew Lee <1517745+andrewrlee@users.noreply.github.com>
Co-authored-by: Jon Brighton <brightonsbox@hotmail.com>
Co-authored-by: Jon Brighton <jonathan.brighton@digital.justice.gov.uk>
Co-authored-by: Matt <34448412+mattops@users.noreply.github.com>
Co-authored-by: Paul Solecki <51918433+psoleckimoj@users.noreply.github.com>
Co-authored-by: petergphillips <peter@greenthistle.co.uk>
Co-authored-by: Andy Marke <andy.marke@digital.justice.gov.uk>
Co-authored-by: Darren Oakley <darren.oakley@digital.justice.gov.uk>
Co-authored-by: markreesmoj <76954782+markreesmoj@users.noreply.github.com>
Co-authored-by: Connor Glynn <66882795+connormaglynn@users.noreply.github.com>
Co-authored-by: Gareth.m.Davies <gareth.davies@digital.justice.gov.uk>
Co-authored-by: ushkarev <ushkarev@users.noreply.github.com>
Co-authored-by: richardpopple <richard.popple@digital.justice.gov.uk>
Co-authored-by: Michael Willis <michael.willis@digital.justice.gov.uk>
Co-authored-by: Louise N <louise.norris@digital.justice.gov.uk>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: sp-watson <77974320+sp-watson@users.noreply.github.com>
Co-authored-by: sp-watson <steve.watson@digital,justice.gov.uk>
Co-authored-by: Jon Wyatt <jonnywyatt2@gmail.com>
Co-authored-by: Mike Halma <58170926+mikehalmamoj@users.noreply.github.com>
Co-authored-by: Richard James <44123869+richpjames@users.noreply.github.com>
Co-authored-by: Stuart Harrison <pezholio@gmail.com>
Co-authored-by: Neil Mendum <nmendum@gmail.com>
Co-authored-by: carlov20 <carlov20@users.noreply.github.com>
Co-authored-by: Neil Mendum <neil.mendum@digital.justice.gov.uk>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: David Middleton <122619525+davidmiddletonmoj@users.noreply.github.com>
Co-authored-by: Gareth.m.Davies <gareth.m.davies@gmail.com>
Co-authored-by: bryangaledxw <94137563+bryangaledxw@users.noreply.github.com>
Co-authored-by: ravmoj <104509282+ravmoj@users.noreply.github.com>
Co-authored-by: Steve Rendell <32732937+steverendell@users.noreply.github.com>
Co-authored-by: Marcus Aspin <maspin@unilink.com>
Co-authored-by: Tom Ridd <twridd@gmail.com>
Copy link

github-actions bot commented Jan 6, 2024

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Please note this issue tracker is not a help forum. We recommend using StackOverflow or our discord channel for questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests