chore: update step-security/harden-runner action to v2.8.0

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/workflows/codeql-analysis.yml

@@ -20,25 +20,26 @@ jobs:
       actions: read
 
     steps:
-    - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+    - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
       with:
         disable-sudo: true
         egress-policy: block
         allowed-endpoints: >
           api.github.com:443
           github.com:443
+          objects.githubusercontent.com:443
 
     - name: Checkout repository
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       with:
         persist-credentials: false
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+      uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
       with:
         languages: javascript-typescript
         config-file: .github/codeql/codeql-config.yml
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+      uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
 

.github/workflows/continuous-integration.yml

@@ -31,7 +31,7 @@ jobs:
       fail-fast: false
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         if: ${{ matrix.os == 'ubuntu-latest' }}
         with:
           disable-sudo: true
@@ -41,11 +41,11 @@ jobs:
             github.com:443
             nodejs.org:443
             registry.npmjs.org:443
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: ${{ matrix.node-version }}
           cache: npm
@@ -59,7 +59,7 @@ jobs:
     name: Code Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -68,11 +68,11 @@ jobs:
             github.com:443
             nodejs.org:443
             registry.npmjs.org:443
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
       - name: Use Node.js 20
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: 20
           cache: 'npm'
@@ -89,19 +89,19 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.event.pull_request }}
     steps:
-      - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             github.com:443
             registry.npmjs.org:443
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           fetch-depth: 0
           persist-credentials: false
       - name: Use Node.js 20
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: 20
           cache: npm
@@ -125,18 +125,18 @@ jobs:
     name: Lockfile Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             github.com:443
             registry.npmjs.org:443
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
       - name: Use Node.js 20
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: 20
           cache: npm

.github/workflows/scorecards.yml

@@ -32,7 +32,7 @@ jobs:
       id-token: write
 
     steps:
-      - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         if: ${{ matrix.os == 'ubuntu-latest' }}
         with:
           disable-sudo: true
@@ -47,11 +47,11 @@ jobs:
             rekor.sigstore.dev:443
             tuf-repo-cdn.sigstore.dev:443
             www.bestpractices.dev:443
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
 
-      - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+      - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -66,13 +66,13 @@ jobs:
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
-      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: OSSF Scorecard SARIF file
           path: results.sarif
           retention-days: 90
 
       # Upload the results to GitHub's code scanning dashboard.
-      - uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+      - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
         with:
           sarif_file: results.sarif

CHANGES.md

@@ -1,12 +1,34 @@
-2024-01-09, Version 5.0.6
+2024-02-12, Version 5.0.7
 =========================
 
+ * chore: lock file maintenance (renovate[bot])
+
+ * chore: update dependency lockfile-lint to ^4.13.1 (renovate[bot])
+
+ * chore: update dependency lockfile-lint to ^4.13.0 (renovate[bot])
+
+ * chore: update dependency mocha to ^10.3.0 (renovate[bot])
+
+ * chore: update actions/setup-node action to v4.0.2 (renovate[bot])
+
+ * chore: update step-security/harden-runner action to v2.7.0 (renovate[bot])
+
+ * chore: update github/codeql-action action to v3.24.0 (renovate[bot])
+
+ * chore: update github/codeql-action action to v3.23.2 (renovate[bot])
+
+ * chore: update commitlint monorepo to ^18.6.0 (renovate[bot])
+
+ * chore: update github/codeql-action action to v3.23.1 (renovate[bot])
+
+ * chore: update dependency supertest to ^6.3.4 (renovate[bot])
+
+ * chore: update dependency chai to ^4.4.1 (renovate[bot])
+
  * chore: update github/codeql-action action to v3 (renovate[bot])
 
  * chore: update github/codeql-action action to v2.23.0 (renovate[bot])
 
- * chore: lock file maintenance (renovate[bot])
-
  * chore: update dependency chai to ^4.4.0 (renovate[bot])
 
  * chore: update commitlint monorepo to ^18.4.4 (renovate[bot])

package.json

@@ -2,7 +2,7 @@
   "name": "strong-error-handler",
   "description": "Error handler for use in development and production environments.",
   "license": "MIT",
-  "version": "5.0.6",
+  "version": "5.0.7",
   "engines": {
     "node": ">=16"
   },
@@ -21,21 +21,21 @@
     "debug": "^4.3.4",
     "fast-safe-stringify": "^2.1.1",
     "handlebars": "^4.7.8",
-    "http-status": "^1.7.3",
+    "http-status": "^1.7.4",
     "js2xmlparser": "^5.0.0",
     "strong-globalize": "^6.0.6"
   },
   "devDependencies": {
-    "@commitlint/cli": "^18.4.4",
-    "@commitlint/config-conventional": "^18.4.4",
+    "@commitlint/cli": "^19.3.0",
+    "@commitlint/config-conventional": "^19.2.2",
     "@types/express": "^4.17.21",
-    "chai": "^4.4.0",
-    "eslint": "^8.56.0",
+    "chai": "^5.1.1",
+    "eslint": "^8.57.0",
     "eslint-config-loopback": "^13.1.0",
-    "express": "^4.18.2",
-    "lockfile-lint": "^4.12.1",
-    "mocha": "^10.2.0",
-    "supertest": "^6.3.3"
+    "express": "^4.19.2",
+    "lockfile-lint": "^4.13.2",
+    "mocha": "^10.4.0",
+    "supertest": "^7.0.0"
   },
   "browser": {
     "strong-error-handler": false

test/handler.test.mjs

@@ -5,13 +5,15 @@
 
 'use strict';
 
-const cloneAllProperties = require('../lib/clone.js');
-const debug = require('debug')('test');
-const expect = require('chai').expect;
-const express = require('express');
-const strongErrorHandler = require('..');
-const supertest = require('supertest');
-const util = require('util');
+import cloneAllProperties from '../lib/clone.js';
+import debugFactory from 'debug';
+import express from 'express';
+import strongErrorHandler from '../lib/handler.js';
+import supertest from 'supertest';
+import util from 'node:util';
+import {expect} from 'chai';
+
+const debug = debugFactory('test');
 
 describe('strong-error-handler', function() {
   before(setupHttpServerAndClient);
@@ -137,8 +139,7 @@ describe('strong-error-handler', function() {
         // the error name & message
         expect(msg).to.contain('TypeError: ERROR-NAME');
         // the stack
-        expect(msg).to.contain(__filename);
-
+        expect(msg).to.contain(import.meta.url);
         done();
       });
     });
@@ -161,7 +162,7 @@ describe('strong-error-handler', function() {
         expect(msg).to.contain('TypeError: ERR1');
         expect(msg).to.contain('Error: ERR2');
         // verify that stacks are included too
-        expect(msg).to.contain(__filename);
+        expect(msg).to.contain(import.meta.url);
 
         done();
       });