Merge pull request #1142 from Shopify/dependabot/npm_and_yarn/isbot-4…

….4.0 Bump isbot from 3.7.0 to 4.4.0
Shopify · Jan 22, 2024 · 2382142 · 2382142
2 parents 580ef75 + cc62d36
commit 2382142
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 8 deletions.
diff --git a/packages/shopify-api/lib/auth/oauth/oauth.ts b/packages/shopify-api/lib/auth/oauth/oauth.ts
@@ -1,4 +1,4 @@
-import isbot from 'isbot';
+import {isbot} from 'isbot';
 
 import {throwFailedRequest} from '../../clients/common';
 import ProcessedQuery from '../../utils/processed-query';
@@ -74,7 +74,11 @@ export function begin(config: ConfigInterface): OAuthBegin {
     const request = await abstractConvertRequest(adapterArgs);
     const response = await abstractConvertIncomingResponse(adapterArgs);
 
-    if (isbot(request.headers['User-Agent'])) {
+    let userAgent = request.headers['User-Agent'];
+    if (Array.isArray(userAgent)) {
+      userAgent = userAgent[0];
+    }
+    if (isbot(userAgent)) {
       logForBot({request, log, func: 'begin'});
       response.statusCode = 410;
       return abstractConvertResponse(response, adapterArgs);
@@ -140,7 +144,11 @@ export function callback(config: ConfigInterface): OAuthCallback {
     const shop = query.get('shop')!;
 
     const response = {} as NormalizedResponse;
-    if (isbot(request.headers['User-Agent'])) {
+    let userAgent = request.headers['User-Agent'];
+    if (Array.isArray(userAgent)) {
+      userAgent = userAgent[0];
+    }
+    if (isbot(userAgent)) {
       logForBot({request, log, func: 'callback'});
       throw new ShopifyErrors.BotActivityDetected(
         'Invalid OAuth callback initiated by bot',

diff --git a/packages/shopify-api/package.json b/packages/shopify-api/package.json
@@ -74,7 +74,7 @@
     "@shopify/network": "^3.2.1",
     "@shopify/storefront-api-client": "^0.2.2",
     "compare-versions": "^5.0.3",
-    "isbot": "^3.6.10",
+    "isbot": "^4.4.0",
     "jose": "^4.9.1",
     "node-fetch": "^2.6.1",
     "tslib": "^2.0.3",

diff --git a/yarn.lock b/yarn.lock
@@ -6197,10 +6197,10 @@ isarray@^2.0.5:
   resolved "https://registry.yarnpkg.com/isarray/-/isarray-2.0.5.tgz#8af1e4c1221244cc62459faf38940d4e644a5723"
   integrity sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==
 
-isbot@^3.6.10:
-  version "3.7.0"
-  resolved "https://registry.yarnpkg.com/isbot/-/isbot-3.7.0.tgz#c68eb005c03e3d225a0ea559211da2bff94bb1ce"
-  integrity sha512-9BcjlI89966BqWJmYdTnRub85sit931MyCthSIPtgoOsTjoW7A2MVa09HzPpYE2+G4vyAxfDvR0AbUGV0FInQg==
+isbot@^4.4.0:
+  version "4.4.0"
+  resolved "https://registry.yarnpkg.com/isbot/-/isbot-4.4.0.tgz#897ce9f2e498de6181027660ca80de8734d1ef81"
+  integrity sha512-8ZvOWUA68kyJO4hHJdWjyreq7TYNWTS9y15IzeqVdKxR9pPr3P/3r9AHcoIv9M0Rllkao5qWz2v1lmcyKIVCzQ==
 
 isexe@^2.0.0:
   version "2.0.0"