Fix audit failures (#388)

* differentiate between dependencies used by the web app and those used in development
* only run audit against web app deps
* fix issues with medium (or greater) severity

Signed-off-by: James Phillips <jamesdphillips@gmail.com>

Author: jamesdphillips

.circleci/config.yml

@@ -8,7 +8,7 @@ executors:
   build_env:
     resource_class: medium
     docker:
-      - image: circleci/node:lts
+      - image: cimg/node:14.18
 
 commands:
   install_deps:

config/jest/cssTransform.js

@@ -1,10 +1,12 @@
 // This is a custom Jest transformer turning style imports into empty objects.
 // http://facebook.github.io/jest/docs/tutorial-webpack.html
 
-export function process() {
-  return "module.exports = {};";
-}
-export function getCacheKey() {
-  // The output is always the same.
-  return "cssTransform";
-}
+module.exports = {
+  process() {
+    return "module.exports = {};";
+  },
+  getCacheKey() {
+    // The output is always the same.
+    return "cssTransform";
+  },
+};

config/jest/fileTransform.js

@@ -1,8 +1,10 @@
-import path from "path";
+const path = require("path");
 
 // This is a custom Jest transformer turning file imports into filenames.
 // http://facebook.github.io/jest/docs/tutorial-webpack.html
 
-export function process(src, filename) {
-  return `module.exports = ${JSON.stringify(path.basename(filename))};`;
-}
+module.exports = {
+  process(src, filename) {
+    return `module.exports = ${JSON.stringify(path.basename(filename))};`;
+  },
+};

package.json

@@ -13,7 +13,7 @@
     "tsconfig.json"
   ],
   "engines": {
-    "node": ">= 8",
+    "node": ">=14 <16",
     "npm": ">= 5.2.0",
     "yarn": "^1.13.0"
   },
@@ -45,18 +45,70 @@
   "dependencies": {
     "@10xjs/date-input-controller": "0.1.6",
     "@10xjs/form": "^0.1.7",
+    "@material-ui/core": "^4.9.4",
+    "@material-ui/icons": "^4.9.1",
+    "@material-ui/styles": "^4.9.0",
+    "@material-ui/system": "^4.9.3",
+    "@material-ui/utils": "^4.7.1",
+    "@vx/axis": "^0.0.190",
+    "apollo-cache": "^1.3.0",
+    "apollo-cache-inmemory": "^1.5.1",
+    "apollo-client": "^2.6.2",
+    "apollo-link": "^1.2.11",
+    "apollo-link-batch-http": "^1.2.11",
+    "apollo-link-context": "^1.0.18",
+    "autosuggest-highlight": "^3.1.1",
+    "bluebird": "^3.5.1",
+    "bugnet": "^0.1.1",
+    "classnames": "^2.2.5",
+    "connect-history-api-fallback": "^1.6.0",
+    "core-js": "^2.5.6",
+    "cronstrue": "^1.31.0",
+    "d3-scale": "^3.0.0",
+    "debounce": "^1.2.0",
+    "deepmerge": "^3.2.0",
+    "error-stack-parser": "^2.0.2",
+    "es6-error": "^4.1.1",
+    "express": "^4.16.4",
+    "fbjs": "^1.0.0",
+    "fuse.js": "^3.4.5",
+    "git-rev-sync": "^1.12.0",
+    "graphql": "^14.4.2",
+    "graphql-tag": "^2.9.2",
+    "highlight.js": "^10.4.1",
+    "hoist-non-react-statics": "^2.5.0",
+    "intl": "^1.2.5",
+    "intl-relativeformat": "^2.1.0",
+    "lodash": "^4.17.21",
+    "material-ui-chip-input": "^1.0.0",
+    "mousetrap": "^1.6.3",
+    "prop-types": "^15.6.0",
+    "react": "^16.8.6",
+    "react-apollo": "^2.5.6",
+    "react-autosuggest": "^10.1.0",
+    "react-dom": "^16.8.6",
+    "react-event-listener": "^0.6.3",
+    "react-media": "^1.8.0",
+    "react-resize-observer": "^1.1.1",
+    "react-router": "^5.1.2",
+    "react-router-dom": "^5.1.2",
+    "react-spring": "^8.0.27",
+    "regenerator-runtime": "^0.11.1",
+    "seed-random": "^2.2.0",
+    "ts-md5": "^1.2.4",
+    "typeface-roboto": "^0.0.54",
+    "url-search-params-polyfill": "^2.0.3",
+    "warning": "^3.0.0",
+    "whatwg-fetch": "^2.0.4"
+  },
+  "devDependencies": {
     "@babel/core": "^7.0.0",
     "@babel/plugin-proposal-class-properties": "^7.0.0",
     "@babel/plugin-syntax-dynamic-import": "^7.0.0",
     "@babel/preset-env": "^7.0.0",
     "@babel/preset-flow": "^7.0.0",
     "@babel/preset-react": "^7.0.0",
     "@babel/preset-typescript": "^7.3.3",
-    "@material-ui/core": "^4.9.4",
-    "@material-ui/icons": "^4.9.1",
-    "@material-ui/styles": "^4.9.0",
-    "@material-ui/system": "^4.9.3",
-    "@material-ui/utils": "^4.7.1",
     "@octokit/plugin-throttling": "^2.4.0",
     "@octokit/rest": "^16.23.2",
     "@sensuapp/eslint-plugin": "^1.0.0",
@@ -70,6 +122,7 @@
     "@storybook/core-events": "^5.3.21",
     "@storybook/react": "^5.3.21",
     "@storybook/theming": "^5.3.21",
+    "@testing-library/jest-dom": "^5.15.0",
     "@testing-library/react": "^8.0.1",
     "@types/autosuggest-highlight": "^3.1.1",
     "@types/classnames": "^2.2.7",
@@ -85,39 +138,20 @@
     "@types/react-router-dom": "^5.1.3",
     "@typescript-eslint/eslint-plugin": "^1.9.0",
     "@typescript-eslint/parser": "^1.9.0",
-    "@vx/axis": "^0.0.190",
     "add-asset-html-webpack-plugin": "^3.1.3",
-    "apollo-cache": "^1.3.0",
-    "apollo-cache-inmemory": "^1.5.1",
-    "apollo-client": "^2.6.2",
-    "apollo-link": "^1.2.11",
-    "apollo-link-batch-http": "^1.2.11",
-    "apollo-link-context": "^1.0.18",
     "autoprefixer": "^7.1.2",
-    "autosuggest-highlight": "^3.1.1",
     "aws-sdk": "^2.437.0",
     "babel-eslint": "^10.0.1",
     "babel-jest": "^24.8.0",
     "babel-loader": "^8.0.0",
     "babel-plugin-module-resolver": "^3.1.1",
     "babel-plugin-transform-react-remove-prop-types": "^0.4.13",
-    "bluebird": "^3.5.1",
-    "bugnet": "^0.1.1",
     "case-sensitive-paths-webpack-plugin": "^2.1.2",
     "chalk": "^2.4.2",
     "circular-dependency-plugin": "^5.0.2",
-    "classnames": "^2.2.5",
     "clean-webpack-plugin": "^0.1.19",
     "compression": "^1.7.4",
-    "connect-history-api-fallback": "^1.6.0",
-    "core-js": "^2.5.6",
-    "cronstrue": "^1.31.0",
     "css-loader": "^2.0.0",
-    "d3-scale": "^3.0.0",
-    "debounce": "^1.2.0",
-    "deepmerge": "^3.2.0",
-    "error-stack-parser": "^2.0.2",
-    "es6-error": "^4.1.1",
     "eslint": "^5.5.0",
     "eslint-config-prettier": "^4.1.0",
     "eslint-import-resolver-babel-module": "^5.1.0",
@@ -129,65 +163,34 @@
     "eslint-plugin-react": "^7.12.0",
     "eslint-plugin-react-hooks": "^1.6.0",
     "esm": "^3.2.16",
-    "express": "^4.16.4",
-    "fbjs": "^1.0.0",
     "file-loader": "^3.0.1",
     "flow-bin": "^0.84.0",
-    "fuse.js": "^3.4.5",
-    "git-rev-sync": "^1.12.0",
     "glob": "^7.1.2",
     "glob-to-regexp": "^0.4.1",
-    "graphql": "^14.4.2",
-    "graphql-tag": "^2.9.2",
-    "highlight.js": "^10.4.1",
-    "hoist-non-react-statics": "^2.5.0",
     "html-loader": "^0.5.5",
     "html-webpack-plugin": "^3.2.0",
     "http-proxy-middleware": "^1.0.5",
-    "intl": "^1.2.5",
-    "intl-relativeformat": "^2.1.0",
+    "jest": "24",
     "jest-circus": "^24.8.0",
     "jest-dom": "^3.4.0",
     "jest-junit": "^6.4.0",
     "killable": "^1.0.0",
     "loader-utils": "^1.2.3",
-    "lodash": "^4.17.21",
-    "material-ui-chip-input": "^1.0.0",
     "mngen": "^1.1.0",
     "modernizr": "^3.6.0",
-    "mousetrap": "^1.6.3",
     "prettier": "^1.16.4",
-    "prop-types": "^15.6.0",
     "raw-loader": "^0.5.1",
-    "react": "^16.8.6",
-    "react-apollo": "^2.5.6",
-    "react-autosuggest": "^10.1.0",
-    "react-dom": "^16.8.6",
-    "react-event-listener": "^0.6.3",
-    "react-media": "^1.8.0",
-    "react-resize-observer": "^1.1.1",
-    "react-router": "^5.1.2",
-    "react-router-dom": "^5.1.2",
-    "react-spring": "^8.0.27",
-    "regenerator-runtime": "^0.11.1",
-    "seed-random": "^2.2.0",
     "semver": "^5.6.0",
     "style-loader": "^0.23.1",
     "terser-webpack-plugin": "^2.0.0",
     "ts-jest": "^24.0.2",
-    "ts-md5": "^1.2.4",
-    "typeface-roboto": "^0.0.54",
     "typescript": "^3.9.7",
-    "uglifyjs-webpack-plugin": "^1.2.5",
     "url-loader": "^1.0.1",
-    "url-search-params-polyfill": "^2.0.3",
     "value-loader": "^0.1.4",
-    "warning": "^3.0.0",
     "webpack": "^4.43.0",
     "webpack-cli": "^3.2.3",
     "webpack-dev-middleware": "^4.0.0-rc.1",
     "webpack-stats-plugin": "^0.2.1",
-    "whatwg-fetch": "^2.0.4",
     "worker-loader": "^2.0.0"
   },
   "jest": {

scripts/audit-deps.js

@@ -7,7 +7,7 @@ const acceptable = ["info", "low"];
 // Run report
 let report;
 try {
-  report = execSync("yarn audit --json", { encoding: "utf-8" });
+  report = execSync("yarn audit --groups dependencies --json", { encoding: "utf-8" });
 } catch (e) {
   report = e.stdout;
 }

src/lib/component/base/RelativeDate/RelativeDate.test.js

@@ -1,6 +1,7 @@
 import React from "/vendor/react";
 import IntlRelativeFormat from "intl-relativeformat";
 import { render } from "@testing-library/react";
+import '@testing-library/jest-dom'
 
 import RelativeDate from "./RelativeDate";