Security update sfcc node version

.eslintrc.json

@@ -1,6 +1,9 @@
 {
     "root": true,
     "extends": "airbnb-base/legacy",
+    "parserOptions": {
+        "ecmaVersion": 2020
+    },
     "rules": {
         "import/no-unresolved": "off",
         "indent": ["error", 4, { "SwitchCase": 1, "VariableDeclarator": 1 }],

.github/workflows/aqua.yml

@@ -1,4 +1,5 @@
 name: Aqua
+
 on:
   pull_request:
     branches:
@@ -7,25 +8,43 @@ on:
 
 jobs:
   aqua:
-    name: Aqua scanner
+    name: Code scanning
     runs-on: ubuntu-24.04
+
+    permissions:
+      contents: read
+      id-token: write
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          show-progress: false
+
+      - name: Authenticate to Google Cloud
+        id: gcloud-auth
+        uses: google-github-actions/auth@v2
+        with:
+          token_format: access_token
+          workload_identity_provider: projects/699052769907/locations/global/workloadIdentityPools/github-identity-pool-shared/providers/github-identity-provider-shared  # yamllint disable-line
+          service_account: github-gar-sfcc-cartridge@lyrical-carver-335213.iam.gserviceaccount.com
+
+      - name: Authenticate to Artifact Registry
+        uses: docker/login-action@v3
+        with:
+          registry: europe-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.gcloud-auth.outputs.access_token }}
 
       - name: Run Aqua scanner
         uses: docker://aquasec/aqua-scanner
-        with:
-          args: trivy fs --sast --reachability --scanners misconfig,vuln,secret .
-          # To customize which severities add the following flag: --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-          # To enable SAST scanning, add: --sast
-          # To enable reachability scanning, add: --reachability
-          # To enable npm/dotnet non-lock file scanning, add: --package-json / --dotnet-proj
         env:
           AQUA_KEY: ${{ secrets.AQUA_KEY }}
           AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
           GITHUB_TOKEN: ${{ github.token }}
           AQUA_URL: https://api.eu-1.supply-chain.cloud.aquasec.com
           CSPM_URL: https://eu-1.api.cloudsploit.com
-          TRIVY_RUN_AS_PLUGIN: "aqua"
-          # For http/https proxy configuration add env vars: HTTP_PROXY/HTTPS_PROXY, CA-CRET (path to CA certificate)
+          TRIVY_RUN_AS_PLUGIN: aqua
+          TRIVY_DB_REPOSITORY: europe-docker.pkg.dev/lyrical-carver-335213/aquasec/trivy-db:2
+        with:
+          args: trivy fs --sast --reachability --scanners misconfig,vuln,secret .

.github/workflows/ci.yml

@@ -14,7 +14,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [12.x]
+        node-version: [22.x]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
 
     steps:

.gitignore

@@ -29,3 +29,4 @@ metadata/
 
 # coverage report
 /coverage
+.nyc_output/

.jshintrc

@@ -1,9 +1,9 @@
 {
   "node": true,
-  "esversion": 8,
+  "esversion": 11,
   "expr": true,
   "predef": [
     "describe",
     "it"
   ]
-}
+}

.nvmrc

@@ -1 +1 @@
-v12.22.12
+v22.11.0

.nyc_output/processinfo/index.json

@@ -0,0 +1 @@
+{"processes":{"7f257bda-e4fe-452a-8d29-148b62a63c36":{"parent":null,"children":[]}},"files":{"/Users/franceberut/work/Projects/pre-purchase/integrations/sfcc-cartridge/cartridges/int_alma/cartridge/scripts/helpers/almaConfigHelper.js":["7f257bda-e4fe-452a-8d29-148b62a63c36"],"/Users/franceberut/work/Projects/pre-purchase/integrations/sfcc-cartridge/cartridges/int_alma/cartridge/scripts/helpers/almaCheckoutHelper.js":["7f257bda-e4fe-452a-8d29-148b62a63c36"],"/Users/franceberut/work/Projects/pre-purchase/integrations/sfcc-cartridge/cartridges/int_alma/cartridge/scripts/helpers/almaEligibilityHelper.js":["7f257bda-e4fe-452a-8d29-148b62a63c36"],"/Users/franceberut/work/Projects/pre-purchase/integrations/sfcc-cartridge/cartridges/int_alma/cartridge/scripts/helpers/almaOrderHelper.js":["7f257bda-e4fe-452a-8d29-148b62a63c36"],"/Users/franceberut/work/Projects/pre-purchase/integrations/sfcc-cartridge/cartridges/int_alma/cartridge/scripts/helpers/almaPaymentHelper.js":["7f257bda-e4fe-452a-8d29-148b62a63c36"],"/Users/franceberut/work/Projects/pre-purchase/integrations/sfcc-cartridge/cartridges/int_alma/cartridge/scripts/helpers/almaPlanHelper.js":["7f257bda-e4fe-452a-8d29-148b62a63c36"],"/Users/franceberut/work/Projects/pre-purchase/integrations/sfcc-cartridge/cartridges/int_alma/cartridge/scripts/helpers/almaRefundHelper.js":["7f257bda-e4fe-452a-8d29-148b62a63c36"],"/Users/franceberut/work/Projects/pre-purchase/integrations/sfcc-cartridge/cartridges/int_alma/cartridge/scripts/helpers/almaSecurityHelper.js":["7f257bda-e4fe-452a-8d29-148b62a63c36"],"/Users/franceberut/work/Projects/pre-purchase/integrations/sfcc-cartridge/cartridges/int_alma/cartridge/scripts/steps/CapturePaymentOrders.js":["7f257bda-e4fe-452a-8d29-148b62a63c36"],"/Users/franceberut/work/Projects/pre-purchase/integrations/sfcc-cartridge/cartridges/int_alma/cartridge/scripts/steps/CheckRefund.js":["7f257bda-e4fe-452a-8d29-148b62a63c36"]},"externalIds":{}}

Dockerfile

@@ -1,5 +1,5 @@
-# SFCC Cartridge requires npm 6.14^ and node 12.22.12
-FROM node:12
+# SFCC Cartridge requires npm 10.9^ and node 22.11.0
+FROM node:22
 
 # Create app directory, and make it the current directory
 RUN mkdir -p /app

Taskfile.yml

@@ -2,8 +2,8 @@ version: 3
 
 env:
   REPOSITORY: sfcc-cartridge
-  # This project requires node 12.x.
-  # You can set RUN_IN_DOCKER env var to true to run the tasks if you don't have node 12.x installed.
+  # This project requires node 22.x.
+  # You can set RUN_IN_DOCKER env var to true to run the tasks if you don't have node 22.x installed.
   RUN_IN_DOCKER: '{{ .RUN_IN_DOCKER | default "false" }}'
 
 tasks:
@@ -53,9 +53,9 @@ tasks:
     cmds:
       - |
         {{if eq .RUN_IN_DOCKER "true"}}
-          docker compose run --build --rm sfcc-cartridge node site_preference_builder/compress.js && node site_preference_builder/main.js
+          docker compose run --build --rm sfcc-cartridge node site_preference_builder/compress.cjs && node site_preference_builder/main.cjs
         {{else}}
-          node site_preference_builder/compress.js && node site_preference_builder/main.js
+          node site_preference_builder/compress.cjs && node site_preference_builder/main.cjs
         {{end}}
 
   test:
@@ -72,7 +72,8 @@ tasks:
     desc: Run linter
     deps:
       - js:lint
-      - css:lint
+# Removing css lint, as sgmf-scripts only lint scss files but we are using css files
+# TODO : use another linter for css files
 
   js:lint:
     desc: Run JS linter
@@ -175,7 +176,7 @@ tasks:
     deps:
       - gh-cli
     desc: Create a release pull request
-    cmds: 
+    cmds:
       - gh workflow run release-pull-request.yml
       - cmd: sleep 2
         silent: true
@@ -197,7 +198,7 @@ tasks:
         msg: |
           ⚠️ This task requires a changelog message.
           Please provide a changelog message. Example: `task hotfix CHANGELOG_MESSAGE='This is a message'`.
-    cmds: 
+    cmds:
       - gh workflow run hotfix-pull-request.yml -F changelog-message='{{.CHANGELOG_MESSAGE}}'
       - cmd: sleep 2
         silent: true

cartridges/int_alma/cartridge/controllers/Alma.js

@@ -163,7 +163,8 @@ server.get('PaymentSuccess', function (req, res, next) {
     paymentHelper.emptyCurrentBasket();
     orderHelper.addAlmaPaymentDetails(order, paymentHelper.getPaymentDetails(paymentObj));
 
-    res.render('checkout/confirmation/confirmation',
+    res.render(
+        'checkout/confirmation/confirmation',
         buildViewParams(paymentObj, order, req.locale.id, req.currentCustomer.profile)
     );
 
@@ -350,7 +351,6 @@ server.post(
             });
         }
 
-
         return next();
     }
 );
@@ -406,9 +406,11 @@ server.get(
         }
 
         return next();
-    });
+    }
+);
 
-server.get('Plans',
+server.get(
+    'Plans',
     server.middleware.https,
     function (req, res, next) {
         var getLocale = require('*/cartridge/scripts/helpers/almaHelpers').getLocale;
@@ -424,6 +426,7 @@ server.get('Plans',
             plans: almaPlanHelper.getPlansForCheckout(getLocale(req), currentBasket, isDeferredCaptureEnabled)
         });
         return next();
-    });
+    }
+);
 
 module.exports = server.exports();

cartridges/int_alma/cartridge/controllers/Checkout.js

@@ -17,7 +17,6 @@ function getAlmaInfo() {
     };
 }
 
-
 /**
  * Fetch all the Alma URL needed by frontend
  * @returns {Object} string urls
@@ -47,7 +46,6 @@ server.append('Begin', function (req, res, next) {
     var almaConfigInfo = getAlmaInfo();
     var almaConfigHelper = require('*/cartridge/scripts/helpers/almaConfigHelper');
 
-
     var BasketMgr = require('dw/order/BasketMgr');
     var currentBasket = BasketMgr.getCurrentBasket();
 
@@ -82,5 +80,4 @@ server.append('Begin', function (req, res, next) {
     next();
 });
 
-
 module.exports = server.exports();

cartridges/int_alma/cartridge/scripts/helpers/almaCheckoutHelper.js

@@ -86,9 +86,9 @@ function getCreditInfo(plan, currencyCode) {
  * @returns {string} the message to display fees
  */
 function getPaymentFees(plan, currencyCode) {
-    return plan.payment_plan[0].customer_fee > 0 ?
-        Resource.msgf('alma.with_fee', 'alma', null, formatCurrency(plan.payment_plan[0].customer_fee / 100, currencyCode)) :
-        Resource.msg('alma.not_fee', 'alma', null);
+    return plan.payment_plan[0].customer_fee > 0
+        ? Resource.msgf('alma.with_fee', 'alma', null, formatCurrency(plan.payment_plan[0].customer_fee / 100, currencyCode))
+        : Resource.msg('alma.not_fee', 'alma', null);
 }
 
 /**
@@ -112,40 +112,40 @@ function getInstallmentCountAfterFirst(plan) {
 function getPaymentInstallments(plan, currencyCode) {
     // deferred payment
     if (plan.deferred_days > 0) {
-        return Resource.msgf(getPropertyCategory(plan) + '.installments', 'alma', null,
+        return Resource.msgf(
+            getPropertyCategory(plan) + '.installments',
+            'alma',
+            null,
             formatCurrency(plan.payment_plan[0].purchase_amount / 100, currencyCode),
             plan.deferred_days
         );
     }
 
     // pay now
     if (plan.installments_count === 1 && plan.deferred_days === 0) {
-        return formatCurrency(plan.payment_plan[0].purchase_amount / 100, currencyCode) + ' ' +
-            Resource.msgf(getPropertyCategory(plan) + '.installments', 'alma', null);
+        return formatCurrency(plan.payment_plan[0].purchase_amount / 100, currencyCode) + ' '
+            + Resource.msgf(getPropertyCategory(plan) + '.installments', 'alma', null);
     }
     // on shipment payment
     if (isOnShipmentPaymentEnabled(plan.installments_count)) {
-        return formatCurrency(plan.payment_plan[0].purchase_amount / 100, currencyCode) + ' ' +
-            Resource.msg(getPropertyCategory(plan) + '.installments.onshipment', 'alma', null) + ' ' +
-            getInstallmentCountAfterFirst(plan) +
-            formatCurrency(plan.payment_plan[1].purchase_amount / 100, currencyCode)
-        ;
+        return formatCurrency(plan.payment_plan[0].purchase_amount / 100, currencyCode) + ' '
+            + Resource.msg(getPropertyCategory(plan) + '.installments.onshipment', 'alma', null) + ' '
+            + getInstallmentCountAfterFirst(plan)
+            + formatCurrency(plan.payment_plan[1].purchase_amount / 100, currencyCode);
     }
     // on deferred capture
     if (almaPaymentHelper.isAvailableForManualCapture(almaConfigHelper.isDeferredCaptureEnable(), plan.installments_count, plan.deferred_days)) {
-        return formatCurrency(plan.payment_plan[0].purchase_amount / 100, currencyCode) + ' ' +
-            plan.payment_plan[0].localized_due_date +
-            Resource.msg(getPropertyCategory(plan) + '.installments.then', 'alma', null) + ' ' +
-            getInstallmentCountAfterFirst(plan) +
-            formatCurrency(plan.payment_plan[1].purchase_amount / 100, currencyCode)
-        ;
+        return formatCurrency(plan.payment_plan[0].purchase_amount / 100, currencyCode) + ' '
+            + plan.payment_plan[0].localized_due_date
+            + Resource.msg(getPropertyCategory(plan) + '.installments.then', 'alma', null) + ' '
+            + getInstallmentCountAfterFirst(plan)
+            + formatCurrency(plan.payment_plan[1].purchase_amount / 100, currencyCode);
     }
     // installment payment
-    return formatCurrency(plan.payment_plan[0].purchase_amount / 100, currencyCode) + ' ' +
-        Resource.msg(getPropertyCategory(plan) + '.installments', 'alma', null) + ' ' +
-        getInstallmentCountAfterFirst(plan) +
-        formatCurrency(plan.payment_plan[1].purchase_amount / 100, currencyCode)
-    ;
+    return formatCurrency(plan.payment_plan[0].purchase_amount / 100, currencyCode) + ' '
+        + Resource.msg(getPropertyCategory(plan) + '.installments', 'alma', null) + ' '
+        + getInstallmentCountAfterFirst(plan)
+        + formatCurrency(plan.payment_plan[1].purchase_amount / 100, currencyCode);
 }
 
 /**

cartridges/int_alma/cartridge/scripts/helpers/almaConfigHelper.js

@@ -1,3 +1,5 @@
+'use strict';
+
 var Site = require('dw/system/Site');
 
 /**

cartridges/int_alma/cartridge/scripts/helpers/almaEligibilityHelper.js

@@ -27,7 +27,6 @@ function callEligibility(param) {
     return [];
 }
 
-
 /**
  * Get eligibility params for a given set of plan, a locale and a basket
  * @param  {Object} plansForEligibility Alma plans

cartridges/int_alma/cartridge/scripts/helpers/almaHelpers.js

@@ -16,7 +16,6 @@ function getSfccVersion() {
     return sfccMajor + '.' + sfccMinor;
 }
 
-
 /**
  * Return current Api key
  * @returns {string} current api key
@@ -220,7 +219,6 @@ function formatItem(product, productLine, locale) {
     };
 }
 
-
 module.exports = {
     addHeaders: addHeaders,
     formatCustomerData: formatCustomerData,

cartridges/int_alma/cartridge/scripts/helpers/almaOrderHelper.js

@@ -74,7 +74,6 @@ function getPartialCaptureAmount(order) {
     return order.custom.ALMA_Deferred_Capture_Partial_Amount;
 }
 
-
 module.exports = {
     addPidToOrder: addPidToOrder,
     addAlmaPaymentDetails: addAlmaPaymentDetails,

cartridges/int_alma/cartridge/scripts/helpers/almaPaymentHelper.js

@@ -54,7 +54,6 @@ function getPaymentObj(almaPaymentId) {
     return JSON.parse(httpResult.getObject().text);
 }
 
-
 /**
  * Once Alma API return a success for the Order payment, accept the Order
  * @param {dw.order.Order} order the order to accept
@@ -100,17 +99,19 @@ function getPaymentDetails(paymentObj) {
     }
     var payDetail = '';
     var payPlan = paymentObj.payment_plan;
+    // TODO: muting no-plusplus rule until we refactor more efficiently the code to match Node >=22
+    // eslint-disable-next-line no-plusplus
     for (var i = 0, l = payPlan.length; i < l; i++) {
-        payDetail +=
-            StringUtils.formatCalendar(
+        payDetail
+            += StringUtils.formatCalendar(
                 new Calendar(new Date(payPlan[i].due_date * 1000)),
                 'dd/MM/yyyy'
-            ) +
-            ': ' +
-            formatCurrency(payPlan[i].purchase_amount / 100, 'EUR') +
-            ' ' +
-            payPlan[i].state +
-            '  ';
+            )
+            + ': '
+            + formatCurrency(payPlan[i].purchase_amount / 100, 'EUR')
+            + ' '
+            + payPlan[i].state
+            + '  ';
     }
     return payDetail;
 }
@@ -409,7 +410,6 @@ function buildPaymentData(installmentsCount, deferredDays, locale, isManualCaptu
         paymentData.payment.capture_method = 'manual';
     }
 
-
     var products = currentBasket.getAllProductLineItems();
     var items = [];
 
@@ -423,7 +423,6 @@ function buildPaymentData(installmentsCount, deferredDays, locale, isManualCaptu
         items: items
     };
 
-
     return paymentData;
 }
 
@@ -483,7 +482,6 @@ function isPaymentAuthorizationExpired(paymentObj) {
     return authorizationExpiresAtDate.getTime() < today.getTime();
 }
 
-
 module.exports = {
     orderStatusEquals: orderStatusEquals,
     getPaymentObj: getPaymentObj,