From 472398fa155c7e5dbf9e438810db85ca1a492913 Mon Sep 17 00:00:00 2001 From: Emiliano Sanchez Date: Mon, 5 Aug 2024 20:44:18 +0100 Subject: [PATCH 1/5] Vulnerability fixes --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0347aa1..350b8e4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "0.6.0", "license": "Apache-2.0", "dependencies": { - "@splitsoftware/splitio-commons": "1.15.0", + "@splitsoftware/splitio-commons": "1.16.0", "dotenv": "^9.0.1", "node-fetch": "^2.6.7", "yargs": "^17.0.1" @@ -1488,9 +1488,9 @@ } }, "node_modules/@splitsoftware/splitio-commons": { - "version": "1.15.0", - "resolved": "https://registry.npmjs.org/@splitsoftware/splitio-commons/-/splitio-commons-1.15.0.tgz", - "integrity": "sha512-hCgh6pcAhSKXtDO6VvB+qKoiMH5u+rR/BX/rYuGwD25zjebbngg/iZXqErVbR3XiwveKL+ZBK/Kq9WieBKLZFg==", + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/@splitsoftware/splitio-commons/-/splitio-commons-1.16.0.tgz", + "integrity": "sha512-k16cCWJOWut/NB5W1d9hQEYPxFrZXO66manp+8d6RjZYH4r+Q6lu82NYjDcfh5E93H9v+TVKcQLAmpVofbjcvg==", "dependencies": { "tslib": "^2.3.1" }, @@ -10626,9 +10626,9 @@ } }, "@splitsoftware/splitio-commons": { - "version": "1.15.0", - "resolved": "https://registry.npmjs.org/@splitsoftware/splitio-commons/-/splitio-commons-1.15.0.tgz", - "integrity": "sha512-hCgh6pcAhSKXtDO6VvB+qKoiMH5u+rR/BX/rYuGwD25zjebbngg/iZXqErVbR3XiwveKL+ZBK/Kq9WieBKLZFg==", + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/@splitsoftware/splitio-commons/-/splitio-commons-1.16.0.tgz", + "integrity": "sha512-k16cCWJOWut/NB5W1d9hQEYPxFrZXO66manp+8d6RjZYH4r+Q6lu82NYjDcfh5E93H9v+TVKcQLAmpVofbjcvg==", "requires": { "tslib": "^2.3.1" } diff --git a/package.json b/package.json index c754a6c..14b47e3 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ "prepublishOnly": "npm run check && npm run test && npm run build" }, "dependencies": { - "@splitsoftware/splitio-commons": "1.15.0", + "@splitsoftware/splitio-commons": "1.16.0", "dotenv": "^9.0.1", "node-fetch": "^2.6.7", "yargs": "^17.0.1" From 2c2038532e203eee782d4aa42d1cf3f2fee60bca Mon Sep 17 00:00:00 2001 From: Emiliano Sanchez Date: Mon, 5 Aug 2024 20:47:18 +0100 Subject: [PATCH 2/5] Add changelog entry --- CHANGES.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES.txt b/CHANGES.txt index b772664..7c94a1a 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,7 @@ +0.7.0 (August 6, 2024) + - Added `sync.requestOptions.agent` option to allow passing a custom NodeJS HTTP(S) Agent with specific configurations for the Synchronizer requests, like custom TLS settings or a network proxy (See https://help.split.io/hc/en-us/articles/4421513571469-Split-JavaScript-synchronizer-tools#proxy). + - Updated some transitive dependencies for vulnerability fixes. + 0.6.0 (May 13, 2024) - Added a new configuration option `sync.flagSpecVersion` to specify the flags spec version of feature flag definitions to be fetched and stored. - Updated @splitsoftware/splitio-commons package to version 1.15.0 that includes minor updates: From 4e3754be4f06276bba4a791aac3230f7a678d632 Mon Sep 17 00:00:00 2001 From: Emiliano Sanchez Date: Mon, 5 Aug 2024 21:14:54 +0100 Subject: [PATCH 3/5] Add config.sync.requestOptions.agent --- src/Synchronizer.ts | 10 ++++++-- src/settings/__tests__/index.spec.ts | 2 ++ src/settings/index.ts | 3 +++ types/index.d.ts | 34 ++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+), 2 deletions(-) diff --git a/src/Synchronizer.ts b/src/Synchronizer.ts index a376f58..72b6c5b 100644 --- a/src/Synchronizer.ts +++ b/src/Synchronizer.ts @@ -88,8 +88,14 @@ export class Synchronizer { * The Split's HTTPclient, required to make the requests to the API. */ this._splitApi = splitApiFactory( - this.settings, - { getFetch: Synchronizer._getFetch }, + this.settings, // @ts-expect-error + { + getFetch: Synchronizer._getFetch, + getOptions(settings: ISettings) { + // @ts-expect-error + if (settings.sync.requestOptions) return settings.sync.requestOptions; + }, + }, telemetryTrackerFactory() // no-op telemetry tracker ); } diff --git a/src/settings/__tests__/index.spec.ts b/src/settings/__tests__/index.spec.ts index e4f2d5b..12a1ac4 100644 --- a/src/settings/__tests__/index.spec.ts +++ b/src/settings/__tests__/index.spec.ts @@ -17,6 +17,7 @@ describe('synchronizerSettingsValidator', () => { sync: { // @ts-expect-error flagSpecVersion: 'invalid', + requestOptions: { agent: false }, }, storage: { wrapper: {} }, }; @@ -26,6 +27,7 @@ describe('synchronizerSettingsValidator', () => { expect(settings.scheduler.impressionsPerPost).toBe(defaults.scheduler.impressionsPerPost); expect(settings.scheduler.maxRetries).toBe(config.scheduler!.maxRetries); expect(settings.sync.flagSpecVersion).toBe('1.1'); + expect(settings.sync.requestOptions).toBe(config.sync!.requestOptions); }); }); diff --git a/src/settings/index.ts b/src/settings/index.ts index efdd77e..0ad6c55 100644 --- a/src/settings/index.ts +++ b/src/settings/index.ts @@ -48,6 +48,9 @@ export function synchronizerSettingsValidator( // @ts-ignore, override readonly prop settings.mode = undefined; // "producer" mode + // if provided, keeps reference to the `requestOptions` object + if (settings.sync.requestOptions) settings.sync.requestOptions = config!.sync!.requestOptions; + const { scheduler, log } = settings; // @TODO validate synchronizerMode eventually diff --git a/types/index.d.ts b/types/index.d.ts index 862b1c7..b94454f 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -1,6 +1,7 @@ // Type definitions for Split JavaScript Sync Tools // Project: http://www.split.io/ // Definitions by: Emiliano Sanchez +import { RequestOptions } from 'http'; export = JsSyncTools; @@ -186,6 +187,39 @@ declare module JsSyncTools { * @default 'OPTIMIZED' */ impressionsMode?: ImpressionsMode + /** + * Custom options object for HTTP(S) requests in NodeJS. + * If provided, this object is merged with the options object passed for Node-Fetch calls. + * @see {@link https://www.npmjs.com/package/node-fetch#options} + */ + requestOptions?: { + /** + * Custom NodeJS HTTP(S) Agent used for HTTP(S) requests. + * + * You can use it, for example, for certificate pinning or setting a network proxy: + * + * ```javascript + * const { HttpsProxyAgent } = require('https-proxy-agent'); + * + * const proxyAgent = new HttpsProxyAgent(process.env.HTTPS_PROXY || 'http://10.10.1.10:1080'); + * + * const synchronizer = Synchronizer({ + * ... + * sync: { + * requestOptions: { + * agent: proxyAgent + * } + * } + * }) + * ``` + * + * @see {@link https://nodejs.org/api/https.html#class-httpsagent} + * + * @property {http.Agent | https.Agent} agent + * @default undefined + */ + agent?: RequestOptions['agent'] + }, } /** * Scheduler settings. From cada0b04e6a69f9e3aa99131df4894ec16e81264 Mon Sep 17 00:00:00 2001 From: Emiliano Sanchez Date: Mon, 5 Aug 2024 21:15:25 +0100 Subject: [PATCH 4/5] rc --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 350b8e4..e1e9158 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@splitsoftware/splitio-sync-tools", - "version": "0.6.0", + "version": "0.6.1-rc.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@splitsoftware/splitio-sync-tools", - "version": "0.6.0", + "version": "0.6.1-rc.0", "license": "Apache-2.0", "dependencies": { "@splitsoftware/splitio-commons": "1.16.0", diff --git a/package.json b/package.json index 14b47e3..d9114e2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@splitsoftware/splitio-sync-tools", - "version": "0.6.0", + "version": "0.6.1-rc.0", "description": "Split JavaScript Sync Tools", "main": "lib/cjs/index.js", "module": "lib/esm/index.js", From c897b085e2c69a628c557deac35fc260c03dc7d3 Mon Sep 17 00:00:00 2001 From: Emiliano Sanchez Date: Mon, 5 Aug 2024 21:49:00 +0100 Subject: [PATCH 5/5] stable version --- CHANGES.txt | 2 +- package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 7c94a1a..7130c42 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,4 @@ -0.7.0 (August 6, 2024) +0.7.0 (August 5, 2024) - Added `sync.requestOptions.agent` option to allow passing a custom NodeJS HTTP(S) Agent with specific configurations for the Synchronizer requests, like custom TLS settings or a network proxy (See https://help.split.io/hc/en-us/articles/4421513571469-Split-JavaScript-synchronizer-tools#proxy). - Updated some transitive dependencies for vulnerability fixes. diff --git a/package-lock.json b/package-lock.json index e1e9158..037ba48 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@splitsoftware/splitio-sync-tools", - "version": "0.6.1-rc.0", + "version": "0.7.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@splitsoftware/splitio-sync-tools", - "version": "0.6.1-rc.0", + "version": "0.7.0", "license": "Apache-2.0", "dependencies": { "@splitsoftware/splitio-commons": "1.16.0", diff --git a/package.json b/package.json index d9114e2..3cd5333 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@splitsoftware/splitio-sync-tools", - "version": "0.6.1-rc.0", + "version": "0.7.0", "description": "Split JavaScript Sync Tools", "main": "lib/cjs/index.js", "module": "lib/esm/index.js",