API-2239 / API-2184 Vulnerabilities in the Javascript SDK (#134)

* API-2239 update simple-oauth2 and  @hapi/hoek, use node 12

* API-2239 update elliptic, simple oauth

* API-2239 update jest

* API-2239 update eslint

* API-2239 update gulp js doc deps

* API-2239 update babel/gulp

* API-2239 update simple oauth 2 3.4.0

* API-2239 sample files using client credentials

* API-2239 add tag and metaproperties samples

* API-2239 add node 12 for tests, github action

* API-2239 update node versions tests, github action

* API-2239 update node versions publish, github action

* API-2239 update Dockerfile, README/package version

Author: ahongbynder

.github/workflows/publish.yml

@@ -17,7 +17,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [ 8.x, 10.x, 11.x ]
+        node-version:  [ 12.x, 14.x, 16.x, 17.x, 18.x ]
 
     steps:
       - uses: actions/checkout@v4

.github/workflows/run-tests.yml

@@ -16,7 +16,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [ 8.x, 10.x, 11.x ]
+        node-version: [ 12.x, 14.x, 16.x, 17.x, 18.x ]
 
     steps:
       - uses: actions/checkout@v4

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:11
+FROM node:12
 
 RUN mkdir /app
 WORKDIR /app

README.md

@@ -12,7 +12,7 @@ interface to communicate with
 
 To use this SDK, you will need:
 
-- [Node.js **v6.3.0 or above**](https://nodejs.org/)
+- [Node.js **v12 or above**](https://nodejs.org/) (SDK Version 2.5.0 and above)
 
 Node installation will include [NPM](https://www.npmjs.com/), which is
 responsible for dependency management.

gulpfile.js

@@ -17,15 +17,15 @@ gulp.task("lint", () => {
     .pipe(eslint.format());
 });
 
-gulp.task("babel", () => {
+gulp.task("babel", async () => {
   gulp
     .src("src/*.js")
     .pipe(
       babel({
-        presets: ["env"],
-        plugins: ["transform-object-rest-spread",
-            ["transform-runtime", {
-                "polyfill": false,
+        presets: ["@babel/preset-env"],
+        plugins: ["@babel/plugin-proposal-object-rest-spread",
+            // polyfill skipped by default
+            ["@babel/plugin-transform-runtime", {
                 "regenerator": true
                 }
             ]
@@ -35,9 +35,9 @@ gulp.task("babel", () => {
     .pipe(gulp.dest("dist"));
 });
 
-gulp.task("build", () => {
+gulp.task("build", async () => {
   webpack({
-    entry: ["babel-polyfill", path.join(__dirname, "./src/bynder-js-sdk")],
+    entry: ["@babel/polyfill", path.join(__dirname, "./src/bynder-js-sdk")],
     output: {
       path: path.join(__dirname, "/dist/"),
       filename: "bundle.js",
@@ -52,17 +52,17 @@ gulp.task("build", () => {
           test: /\.js$/,
           exclude: /node_modules/,
           loader: "babel-loader",
-          query: {
-            presets: ["env"],
-            plugins: ["transform-object-rest-spread"],
+          options: {
+            presets: ["@babel/preset-env"],
+            plugins: ["@babel/plugin-proposal-object-rest-spread"],
           }
         },
         {
           test: /\.js$/,
           include: /node_modules\/proper-url-join/,
           loader: "babel-loader",
-          query: {
-            presets: [["env", { "modules": 'commonjs' }]],
+          options: {
+            presets: [["@babel/preset-env", { "modules": 'commonjs' }]],
             plugins: ["add-module-exports"]
           }
         }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bynder/bynder-js-sdk",
-  "version": "2.4.0",
+  "version": "2.5.0",
   "description": "Bynder Javascript SDK",
   "main": "./dist/bynder-js-sdk.js",
   "scripts": {
@@ -14,48 +14,57 @@
     "dist/bynder-js-sdk.js"
   ],
   "devDependencies": {
-    "babel": "^6.23.0",
-    "babel-core": "^6.26.3",
-    "babel-loader": "^7.1.5",
+    "@babel/core": "^7.26.9",
+    "@babel/plugin-transform-object-rest-spread": "^7.25.9",
+    "@babel/polyfill": "^7.0.0",
+    "@babel/preset-env": "^7.0.0",
+    "babel-core": "^7.0.0-bridge.0",
+    "babel-jest": "^24.0.0",
+    "babel-loader": "^8.0.0",
     "babel-plugin-add-module-exports": "^1.0.4",
-    "babel-polyfill": "^6.26.0",
-    "babel-preset-env": "^1.7.0",
-    "eslint": "~3.7.1",
+    "eslint": "^5.0.0",
     "eslint-config-airbnb": "^18.0.1",
     "eslint-plugin-import": "^2.18.2",
     "eslint-plugin-jsx-a11y": "^6.2.3",
     "eslint-plugin-react": "^7.15.1",
-    "gulp": "^3.9.1",
-    "gulp-babel": "^7.0.1",
+    "gulp": "^4.0.0",
+    "gulp-babel": "^8.0.0",
     "gulp-connect": "^5.7.0",
     "gulp-eslint": "^6.0.0",
-    "gulp-jsdoc3": "^2.0.0",
-    "jest": "^24.9.0",
+    "gulp-jsdoc3": "^3.0.0",
+    "jest": "^28.1.3",
     "json-loader": "^0.5.7",
     "path": "^0.12.7",
-    "webpack": "^4.41.0"
+    "webpack": "^4.44.2"
   },
   "dependencies": {
-    "axios": "^0.27.2",
-    "babel-plugin-transform-object-rest-spread": "^6.26.0",
-    "babel-plugin-transform-runtime": "^6.23.0",
-    "elliptic": "6.5.4",
+    "@babel/core": "^7.26.9",
+    "@babel/plugin-proposal-object-rest-spread": "^7.0.0",
+    "@babel/plugin-transform-runtime": "^7.0.0",
+    "axios": "^0.28.0",
+    "elliptic": "6.6.1",
     "handlebars": "4.7.7",
     "ini": "1.3.8",
     "is-url": "^1.2.4",
     "isomorphic-form-data": "^1.0.0",
     "proper-url-join": "^1.2.0",
     "query-string": "6.14.1",
-    "simple-oauth2": "^2.5.1",
+    "simple-oauth2": "^3.4.0",
     "ssri": "6.0.2",
     "websocket-extensions": "0.1.4",
     "y18n": "4.0.3",
     "yargs-parser": "13.1.2"
   },
   "resolutions": {
+    "braces": "^3.0.3",
     "graceful-fs": "^4.2.4",
     "lodash": "^4.17.21",
-    "@hapi/hoek": "8.5.0"
+    "json5": "2.2.3",
+    "micromatch": "4.0.8",
+    "postcss": "8.4.31",
+    "sanitize-html": "2.12.1",
+    "send": "0.19.0",
+    "serialize-javascript": "6.0.2"
   },
   "repository": "[email protected]:Bynder/bynder-js-sdk.git"
 }

samples/brands_client_credentials.js

@@ -0,0 +1,18 @@
+const Bynder = require('../dist/bynder-js-sdk.js');
+const configs = require('../secret.json');
+
+
+const brandsSample = async () => {
+    const bynder = new Bynder(configs);
+    const token = await bynder.getTokenClientCredentials(); 
+
+    bynder.getBrands()
+        .then((data) => {
+            console.log(data);
+        })
+        .catch((error) => {
+            console.error(error);
+        });
+}
+
+brandsSample();

samples/collections_client_credentials.js

@@ -0,0 +1,18 @@
+const Bynder = require('../dist/bynder-js-sdk.js');
+const configs = require('../secret.json');
+
+
+const collectionsSample = async () => {
+    const bynder = new Bynder(configs);
+    const token = await bynder.getTokenClientCredentials(); 
+
+    bynder.getCollections()
+        .then((data) => {
+            console.log(data);
+        })
+        .catch((error) => {
+            console.error(error);
+        });
+}
+
+collectionsSample();

samples/media_client_credentials.js

@@ -0,0 +1,28 @@
+const Bynder = require('../dist/bynder-js-sdk.js');
+const configs = require('../secret.json');
+
+
+const mediaSample = async () => {
+    const bynder = new Bynder(configs);
+    const token = await bynder.getTokenClientCredentials(); 
+
+    bynder.getMediaList({
+        type: 'image',
+        limit: 9,
+        page: 1
+    })
+    .then((data) => {
+        console.log('getAssets with parameters', data, '\n\n');
+        return bynder.getMediaList();
+    })
+    .then((data) => {
+        console.log('getAssetsTotal', data, '\n\n');
+        return bynder.getMediaList({
+            page: 1,
+            limit: 9
+        });
+    })
+}
+
+mediaSample();
+

samples/metaproperties_client_credentials.js

@@ -0,0 +1,15 @@
+const Bynder = require('../dist/bynder-js-sdk.js');
+const configs = require('../secret.json');
+
+
+const metapropertySample = async () => {
+    const bynder = new Bynder(configs);
+    const token = await bynder.getTokenClientCredentials(); 
+
+    bynder.getMetaproperties()
+    .then((data) => {
+        console.log('getMetaproperties', data, '\n\n');
+    })
+}
+
+metapropertySample();

samples/smartfilters_client_credentials.js

@@ -0,0 +1,17 @@
+const Bynder = require('../dist/bynder-js-sdk.js');
+const configs = require('../secret.json');
+
+const smartFiltersSample = async () => {
+    const bynder = new Bynder(configs);
+    const token = await bynder.getTokenClientCredentials(); 
+
+    bynder.getSmartfilters()
+      .then((data) => {
+        console.log(data);
+      })
+      .catch((error) => {
+        console.error(error);
+      });
+}
+
+smartFiltersSample();

samples/tags_client_credentials.js

@@ -0,0 +1,18 @@
+const Bynder = require('../dist/bynder-js-sdk.js');
+const configs = require('../secret.json');
+
+const tagSample = async () => {
+    const bynder = new Bynder(configs);
+    const token = await bynder.getTokenClientCredentials(); 
+
+    bynder.getTags()
+        .then((data) => {
+            console.log(data);
+        })
+        .catch((error) => {
+            console.log(error);
+        });
+}
+
+tagSample();
+

samples/upload_client_credentials.js

@@ -0,0 +1,29 @@
+const fs = require('fs');
+const path = require('path');
+const Bynder = require('../dist/bynder-js-sdk.js');
+const configs = require('../secret.json');
+
+const uploadSample = async () => {
+    const bynder = new Bynder(configs);
+    const token = await bynder.getTokenClientCredentials(); 
+    
+    bynder.getBrands()
+        .then((data) => {
+            const brand = data[0];
+            const file = `${__dirname}/testasset.png`;
+            return bynder.uploadFile({
+              filename: path.basename(file),
+              body: fs.readFileSync(file),
+              data: {
+                brandId: brand.id,
+                name: 'test asset'
+              }
+            }, console.log);
+        })
+        .then(console.log)
+        .catch((error) => {
+            console.error(error);
+        });
+}
+
+uploadSample()