updated vulnerable dependencies

package.json

@@ -14,7 +14,6 @@
     "@types/base-64": "^0.1.3",
     "@types/btoa": "^1.2.3",
     "@types/cookie": "^0.3.3",
-    "@types/download": "^6.2.4",
     "@types/js-yaml": "^3.12.1",
     "@types/node-fetch": "^2.5.4",
     "@types/object-hash": "^1.3.1",
@@ -29,9 +28,7 @@
     "base-64": "^0.1.0",
     "btoa": "^1.2.1",
     "cli-ux": "^5.4.2",
-    "download": "^8.0.0",
     "form-data": "^3.0.0",
-    "glob-fs": "^0.1.7",
     "gql": "^1.1.2",
     "graphql": "^14.5.8",
     "graphql-tag": "^2.10.1",

src/commands/assets/load.ts

@@ -1,8 +1,10 @@
 import { flags } from '@oclif/command';
 import { performance } from 'perf_hooks';
 import * as loadYamlFile from 'load-yaml-file';
-import * as download from 'download';
+import * as fetch from 'node-fetch';
 import * as fs from 'fs';
+import * as util from 'util';
+import { pipeline } from 'stream';
 
 import Command from '../../base';
 
@@ -61,10 +63,15 @@ export default class LoadAssets extends Command {
 							}
 						};
 					}
+					const streamPipeline = util.promisify(pipeline);
 					// eslint-disable-next-line no-await-in-loop
-					await download(jahiaAsset.source, undefined, options).then((data) => {
-						fs.writeFileSync(jahiaAsset.filepath, data);
-					});
+					const response = await fetch(jahiaAsset.source, options).catch((error: any) => console.log(error));
+					// eslint-disable-next-line no-await-in-loop
+					await streamPipeline(response.body, fs.createWriteStream(jahiaAsset.filepath));
+					if (response.status > 400) {
+						console.log('ERROR fetching artifact')
+						console.log(response)
+					}
 				} else {
 					console.log('WARNING: Asset type not supported');
 				}

src/commands/manifest/run.ts

@@ -5,8 +5,10 @@ import cli from 'cli-ux';
 import { performance } from 'perf_hooks';
 import * as loadYamlFile from 'load-yaml-file';
 import * as fs from 'fs';
-import * as download from 'download';
 import { v4 as uuidv4 } from 'uuid';
+import * as fetch from 'node-fetch';
+import * as util from 'util';
+import { pipeline } from 'stream';
 
 import Command from '../../base';
 
@@ -59,7 +61,13 @@ export default class ManifestRun extends Command {
     if (["htt", "ftp"].includes(flags.manifest.slice(0,3))) {
       manifestfile = '/tmp/' + uuidv4() + '.yml'
       console.log('Processing manifest from URL, saving it to: ' + manifestfile);
-      fs.writeFileSync(manifestfile, await download(flags.manifest));
+      const streamPipeline = util.promisify(pipeline);
+      const response = await fetch(flags.manifest).catch((error: any) => console.log(error));
+      await streamPipeline(response.body, fs.createWriteStream(manifestfile));
+      if (response.status > 400) {
+        console.log('ERROR fetching artifact')
+        console.log(response)
+      }      
     }
     if (fs.existsSync(manifestfile) === false) {
       console.log('ERROR: Unable to locate manifest file');

src/components/assets/fetch/index.ts

@@ -1,7 +1,9 @@
 import cli from 'cli-ux';
 import { performance } from 'perf_hooks';
-import * as download from 'download';
 import * as fs from 'fs';
+import * as fetch from 'node-fetch';
+import * as util from 'util';
+import { pipeline } from 'stream';
 
 /* eslint max-params: ["error", 5] */
 const assetsFetch = async (job: {
@@ -23,9 +25,17 @@ const assetsFetch = async (job: {
 				headers: { Authorization: 'Basic ' + Buffer.from(job.username + ':' + job.password).toString('base64') }
 			};
 		}
-		await download(job.source, undefined, options).then((data) => {
-			fs.writeFileSync(job.filepath, data);
-		});
+
+		const streamPipeline = util.promisify(pipeline);
+		const response = await fetch(job.source, options).catch((error: any) => console.log(error));
+		await streamPipeline(response.body, fs.createWriteStream(job.filepath));
+		if (response.status > 400) {
+			console.log('ERROR fetching artifact')
+			console.log(response)
+		}
+		// await download(job.source, undefined, options).then((data) => {
+		// 	fs.writeFileSync(job.filepath, data);
+		// });
 		cli.action.stop(' done (' + Math.round(performance.now() - t0) + ' ms)');
 	} else {
 		console.log('WARNING: Asset type not supported');