[email protected] - Security package updates (#2516)

* Snyk package updates

* Versioning and changelogs

* Update jest

* More version and changelog updates

* Update test transform

* Change window to global.window in searchbox tests

* Undo changes

* Try again

* Mock JSON

* Use JSON instead of window.JSON

* Try jsdom statement

* logging

* Remove logging and set item in test

* Improve localStorage mocking in checkout tests

* Update chromedriver

CHANGELOG.md

@@ -3,6 +3,16 @@
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## v7.56.1
+
+_April 26, 2024_
+
+### Changed
+
+- Assorted security package updates.
+- Update `chromedriver` to v124
+
+
 ## v7.56.0
 
 _April 10, 2024_

package.json

@@ -1,6 +1,6 @@
 {
   "name": "root",
-  "version": "7.56.0",
+  "version": "7.56.1",
   "private": true,
   "scripts": {
     "build": "NODE_OPTIONS=--openssl-legacy-provider cross-env-shell turbo run build --continue --token=${TURBO_TOKEN}",
@@ -85,13 +85,13 @@
     "allure-commandline": "2.17.2",
     "axe-core": "4.3.5",
     "axe-reports": "1.1.11",
-    "axios": "0.21.4",
+    "axios": "0.28.1",
     "axios-mock-adapter": "1.19.0",
     "babel-core": "7.0.0-bridge.0",
     "babel-jest": "29.7.0",
     "babel-loader": "8.1.0",
     "bundlewatch": "0.3.3",
-    "chromedriver": "122.0.6",
+    "chromedriver": "124.0.1",
     "core-js": "3.36.1",
     "cross-env": "7.0.2",
     "css-loader": "1.0.1",
@@ -125,7 +125,7 @@
     "stylelint": "16.1.0",
     "stylelint-scss": "3.18.0",
     "turbo": "1.6.0",
-    "vite": "2.9.16",
+    "vite": "2.9.18",
     "vue": "2.6.10",
     "vue-router": "3.5.2",
     "vue-svg-loader": "0.16.0",

packages/components/molecules/f-searchbox/CHANGELOG.md

@@ -3,6 +3,15 @@
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## v6.9.1
+
+_April 26, 2024_
+
+### Changed
+
+- Update `axios` to latest v0 version.
+
+
 ## v6.9.0
 
 _March 13, 2024_

packages/components/molecules/f-searchbox/package.json

@@ -2,7 +2,7 @@
   "name": "@justeat/f-searchbox",
   "description": "Fozzie Searchbox – Just Eat Takeaway Global Searchbox",
   "tag": "beta",
-  "version": "6.9.0",
+  "version": "6.9.1",
   "main": "dist/f-searchbox.umd.min.js",
   "maxBundleSize": "60kB",
   "files": [
@@ -56,7 +56,7 @@
   ],
   "dependencies": {
     "@justeat/f-services": "1.x",
-    "axios": "0.21.2",
+    "axios": "0.28.1",
     "lodash.debounce": "4.0.8"
   },
   "peerDependencies": {

packages/components/molecules/f-searchbox/src/services/general.services.js

@@ -82,15 +82,14 @@ const generateFormQueryUrl = (queryString, formUrl) => {
 const fullAddressLocalStorageService = {
     setItem (key, value = {}) {
         if (window.localStorage) {
-            window.localStorage.setItem(key, window.JSON.stringify(value));
+            window.localStorage.setItem(key, JSON.stringify(value));
         }
     },
 
     getItem (key) {
         if (window.localStorage) {
             const item = window.localStorage.getItem(key);
-
-            return item ? window.JSON.parse(item) : false;
+            return item ? JSON.parse(item) : false;
         }
 
         return false;

packages/components/molecules/f-searchbox/src/services/tests/general.services.test.js

@@ -269,7 +269,7 @@ describe('`general.services`', () => {
 
                     it('should return an item when the key exists in localStorage', () => {
                         // Arrange
-                        jest.spyOn(window.localStorage, 'getItem');
+                        generalServices.fullAddressLocalStorageService.setItem('key', { city: 'london' });
 
                         // Act
                         const result = generalServices.fullAddressLocalStorageService.getItem('key');
@@ -278,11 +278,8 @@ describe('`general.services`', () => {
                         expect(result).toEqual({ city: 'london' });
                     });
 
-                    it('should return false when the key does NOT exists in localStorage', () => {
-                        // Arrange
-                        jest.spyOn(window.localStorage, 'getItem');
-
-                        // Act
+                    it('should return false when the key does NOT exist in localStorage', () => {
+                        // Arrange & Act
                         const result = generalServices.fullAddressLocalStorageService.getItem('non-existing-key');
 
                         // Assert

packages/components/molecules/f-user-message/CHANGELOG.md

@@ -3,6 +3,15 @@
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## v4.4.1
+
+_April 26, 2024_
+
+### Changed
+
+- Update `axios` to latest v0 version.
+
+
 ## v4.4.0
 
 _March 13, 2024_
@@ -55,7 +64,7 @@ _June 23, 2022_
 
 ## v3.2.1
 
-_Jun 9, 2022_
+_June 9, 2022_
 
 ### Changed
 

packages/components/molecules/f-user-message/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@justeat/f-user-message",
   "description": "Fozzie User Message – Globalised User Message Component",
-  "version": "4.3.0",
+  "version": "4.3.1",
   "main": "dist/f-user-message.umd.min.js",
   "maxBundleSize": "28kB",
   "files": [
@@ -48,7 +48,7 @@
   "dependencies": {
     "@justeat/f-services": "1.x",
     "@justeattakeaway/pie-icons-vue": "2.0.0-beta.1",
-    "axios": "0.21.2",
+    "axios": "0.28.1",
     "lodash-es": "4.17.21"
   },
   "peerDependencies": {

packages/components/organisms/f-content-cards/CHANGELOG.md

@@ -3,6 +3,15 @@
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## v10.6.1
+
+_April 26, 2024_
+
+### Changed
+
+- Remove `jest` from dev dependencies (should come from the root).
+
+
 ## v10.6.0
 
 _April 16, 2024_
@@ -241,7 +250,7 @@ _June 27, 2022_
 
 ## v7.4.1
 
-_Jun 24, 2022_
+_June 24, 2022_
 
 ### Changed
 

packages/components/organisms/f-content-cards/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@justeat/f-content-cards",
   "description": "Fozzie Content Cards",
-  "version": "10.6.0",
+  "version": "10.6.1",
   "main": "dist/f-content-cards.umd.min.js",
   "maxBundleSize": "85kB",
   "files": [
@@ -76,7 +76,6 @@
     "crypto-js": "4.2.0",
     "date-fns": "^2.17.0",
     "http-request-mock": "^1.8.17",
-    "jest": "27.0.0",
     "jsdom-testing-mocks": "^1.6.0",
     "vue": "2.6.10",
     "xhr-mock": "2.5.1"

packages/components/organisms/f-cookie-banner/CHANGELOG.md

@@ -3,6 +3,15 @@
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## v4.12.1
+
+_April 26, 2024_
+
+### Changed
+
+- Update `prerender-spa-plugin` to recommended version.
+
+
 ## v4.12.0
 
 _March 13, 2024_

packages/components/organisms/f-cookie-banner/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@justeat/f-cookie-banner",
   "description": "Fozzie Cookie Banner - Cookie Banner",
-  "version": "4.12.0",
+  "version": "4.12.1",
   "main": "dist/f-cookie-banner.umd.min.js",
   "maxBundleSize": "92kB",
   "files": [
@@ -70,7 +70,7 @@
     "gulp-concat": "2.6.1",
     "gulp-rename": "2.0.0",
     "gulp-replace": "1.1.3",
-    "prerender-spa-plugin": "3.2.1",
+    "prerender-spa-plugin": "3.4.0",
     "vue-cli-plugin-prerender-spa": "1.1.6",
     "vue-template-compiler": "2.6.10"
   },

packages/components/pages/f-checkout/CHANGELOG.md

@@ -3,6 +3,16 @@
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## v4.13.1
+
+_April 26, 2024_
+
+### Changed
+
+- Update `axios` to latest version.
+- Improve localStorage mocking in tests.
+
+
 ## v4.13.0
 
 _March 13, 2024_

packages/components/pages/f-checkout/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@justeat/f-checkout",
   "description": "Fozzie Checkout - Fozzie Checkout Component",
-  "version": "4.13.0",
+  "version": "4.13.1",
   "main": "dist/f-checkout.umd.min.js",
   "maxBundleSize": "102kB",
   "files": [
@@ -55,7 +55,7 @@
   "dependencies": {
     "@justeat/f-globalisation": "1.x",
     "@justeat/f-services": "1.x",
-    "axios": "1.6.0",
+    "axios": "1.6.8",
     "jwt-decode": "3.1.2",
     "vue-scrollto": "2.20.0",
     "vuelidate": "0.7.6"

packages/components/pages/f-checkout/src/services/tests/addressService.test.js

@@ -1,6 +1,5 @@
 import { when } from 'jest-when';
 import addressService from '../addressService';
-import localStorageMock from '../../../test-utils/local-storage/local-storage-mock';
 import { Addresses } from '../../../stories/helpers/addresses';
 
 const area511Line = {
@@ -53,6 +52,11 @@ const australiaAddressAdditional = {
 };
 
 describe('addressService', () => {
+    afterEach(() => {
+        jest.restoreAllMocks();
+        window.localStorage.clear();
+    });
+
     describe('getClosestAddress ::', () => {
         const ukAddressesData = { Addresses: [area511Line, bristol2Lines, london3LinesDefault] };
         const auAddressesData = { Addresses: [australiaAddressDefault, australiaAddressAdditional], DefaultAddress: defaultAustraliaId };
@@ -159,15 +163,6 @@ describe('addressService', () => {
 
     describe('isAddressInLocalStorage ::', () => {
         describe('if localStorage exists', () => {
-            beforeEach(() => {
-                Object.defineProperty(window, 'localStorage', { value: localStorageMock });
-            });
-
-            afterEach(() => {
-                window.localStorage.clear();
-                jest.resetAllMocks();
-            });
-
             describe('when the address does NOT exist in local storage', () => {
                 it('should return false', () => {
                     expect(addressService.isAddressInLocalStorage()).toBe(false);
@@ -205,35 +200,21 @@ describe('addressService', () => {
         });
 
         describe('if localStorage does NOT exist', () => {
-            beforeAll(() => {
-                Object.defineProperty(window, 'localStorage', { value: null });
-            });
-
-            afterAll(() => {
-                window.localStorage.clear();
-                jest.resetAllMocks();
-            });
-
             it('should return false', () => {
+                // Arrange
+                const localStorageSpy = jest.spyOn(window, 'localStorage', 'get');
+                localStorageSpy.mockReturnValue(null);
+
                 // Assert
                 expect(addressService.isAddressInLocalStorage()).toBe(false);
             });
         });
     });
 
     describe('getAddressFromLocalStorage ::', () => {
-        beforeEach(() => {
-            Object.defineProperty(window, 'localStorage', { value: localStorageMock });
-        });
-
-        afterEach(() => {
-            window.localStorage.clear();
-            jest.resetAllMocks();
-        });
-
         describe('when the address does NOT exist in local storage', () => {
             it('should return null', () => {
-                // Assert
+                // Act & Assert
                 expect(addressService.getAddressFromLocalStorage()).toBe(null);
             });
         });
@@ -489,7 +470,9 @@ describe('addressService', () => {
         describe('when local storage is available', () => {
             it('save address in local storage correctly', () => {
                 // Arrange
-                const spy = jest.spyOn(window.localStorage, 'setItem');
+                const spyFn = jest.fn();
+                const localStorageSpy = jest.spyOn(window, 'localStorage', 'get');
+                localStorageSpy.mockReturnValue({ setItem: spyFn });
                 const expectedValue = JSON.stringify({
                     PostalCode: addressDetails.postcode,
                     Line1: addressDetails.line1,
@@ -504,7 +487,7 @@ describe('addressService', () => {
                 addressService.setAddressInLocalStorage(addressDetails);
 
                 // Assert
-                expect(spy).toHaveBeenCalledWith('je-full-address-details', expectedValue);
+                expect(spyFn).toHaveBeenCalledWith('je-full-address-details', expectedValue);
             });
         });
     });

packages/components/pages/f-offers/CHANGELOG.md

@@ -3,6 +3,15 @@
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## v2.3.1
+
+_April 26, 2024_
+
+### Changed
+
+- Update `axios` to latest v0 version.
+
+
 ## v2.3.0
 
 _March 13, 2024_