Improvement/arsn 423 bump dependencies

[benzekrimaha]

Issue : ARSN-423

[bert-e]

Hello benzekrimaha,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[bert-e]

Conflict

There is a conflict between your branch improvement/ARSN-423-bump-dependencies and the
destination branch development/8.2.

Please resolve the conflict on the feature branch (improvement/ARSN-423-bump-dependencies).

git fetch && \
git checkout origin/improvement/ARSN-423-bump-dependencies && \
git merge origin/development/8.2

Resolve merge conflicts and commit

git push origin HEAD:improvement/ARSN-423-bump-dependencies

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

[codecov]

Codecov Report

Attention: Patch coverage is 65.07463% with 117 lines in your changes missing coverage. Please review.

Project coverage is 66.58%. Comparing base (233ae61) to head (909eb1a).

Files with missing lines	Patch %	Lines
...orage/metadata/mongoclient/MongoClientInterface.ts	25.71%	26 Missing ⚠️
lib/policyEvaluator/RequestContext.ts	55.76%	23 Missing ⚠️
lib/patches/locationConstraints.ts	81.81%	10 Missing ⚠️
lib/auth/backends/ChainBackend.ts	27.27%	8 Missing ⚠️
lib/network/kmsAWS/Client.ts	71.42%	8 Missing ⚠️
lib/storage/metadata/mongoclient/LogConsumer.js	12.50%	7 Missing ⚠️
lib/s3routes/routesUtils.ts	0.00%	5 Missing ⚠️
lib/metrics/RedisClient.ts	0.00%	4 Missing ⚠️
lib/s3middleware/azureHelpers/mpuUtils.ts	0.00%	4 Missing ⚠️
lib/auth/auth.ts	57.14%	3 Missing ⚠️
... and 12 more

Additional details and impacted files

@@                 Coverage Diff                 @@
##           development/8.2    #2266      +/-   ##
===================================================
+ Coverage            66.45%   66.58%   +0.13%     
===================================================
  Files                  216      216              
  Lines                17443    17452       +9     
  Branches              3570     3619      +49     
===================================================
+ Hits                 11591    11620      +29     
+ Misses                5836     5828       -8     
+ Partials                16        4      -12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[williamlardier]

I think we should return undefined here, because if we reach this stage, it means the "key" was an array and a prefix that is unknown...

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

[benzekrimaha]

/approve

[benzekrimaha]

/wait

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

The following options are set: approve

[Kerkesni]

The goal of this was to exclude the email from the info we set in userInfo below, with the new change it's included again.

[benzekrimaha]

No the goal was not to exclude it , the value was declared but never used thus causing a lint error

[Kerkesni]

I'm pretty sure the email was removed from the log for security reasons, you check this commit 6374fc8 (the name of the variable also suggests it)

[williamlardier]

We can try another approach if we want to avoid the linting issue but yes, we should not print PII in the logs, and the auth info has some (the email)

[francoisferrand]

this should do it ?

Suggested change

	const { email, ...userInfoWithoutEmail } = authInfo.message.body.userInfo;
	const { ...userInfoWithoutEmail } = authInfo.message.body.userInfo;
	log.debug('received info from Vault', {
	...authInfo,
	const { email: _, ...userInfoWithoutEmail } = authInfo.message.body.userInfo;
	log.debug('received info from Vault', {
	...authInfo,

[francoisferrand]

i think it's the usual practice to keep the badges "displayed" on top of the README file, so they are visible when we open the github repository's page

[francoisferrand]

is this token "safe" to share here: where does it come from/what does it give access to?

Just tried without the token, and it seems to work jsut fine: even in a new "private browsing" window, so i guess we can just remove it...

Suggested change

	[codecov]: https://codecov.io/gh/scality/Arsenal/branch/development/8.1/graph/badge.svg?token=X0esXhJSwb
	[codecov]: https://codecov.io/gh/scality/Arsenal/branch/development/8.1/graph/badge.svg

[francoisferrand]

uneeded empty line (between a comment and the code it refers to) + space at end of line

Suggested change

[francoisferrand]

bad indent

Suggested change

	log.error('could not get list of collections', {
	method: 'getBucketInfos',
	error: err,
	});
	if (err && err instanceof ArsenalError) {
	return cb(err);
	}
	return cb(errors.InternalError);
	});
	}
	log.error('could not get list of collections', {
	method: 'getBucketInfos',
	error: err,
	});
	if (err && err instanceof ArsenalError) {
	return cb(err);
	}
	return cb(errors.InternalError);
	});
	}

or wrap ).catch(err => { to better show that there are 2 "nested" promises (catch relates to toArray().then, not to async.eachLimit)

Suggested change

	log.error('could not get list of collections', {
	method: 'getBucketInfos',
	error: err,
	});
	if (err && err instanceof ArsenalError) {
	return cb(err);
	}
	return cb(errors.InternalError);
	});
	}
	})
	).catch(err => {
	log.error('could not get list of collections', {
	method: 'getBucketInfos',
	error: err,
	});
	if (err && err instanceof ArsenalError) {
	return cb(err);
	}
	return cb(errors.InternalError);
	});

[francoisferrand]

extra empty line + space at end of line

[francoisferrand]

same here, weird indent : should wrap then ?