chore(deps): upgrade sinon to 21 (#2050)

leahecole · web-flow · commit 4915e97e56fe · 2025-07-08T15:13:08.000-04:00
* chore(deps): upgrade sinon to 21 * specify which timers to fake * use @feywind's util for timers * add crucial file
diff --git a/.github/scripts/package.json b/.github/scripts/package.json
@@ -16,6 +16,6 @@
     "devDependencies": {
         "@octokit/rest": "^19.0.0",
         "mocha": "^10.0.0",
-        "sinon": "^18.0.0"
+        "sinon": "^21.0.0"
     }
 }
diff --git a/package.json b/package.json
@@ -56,7 +56,7 @@
     "nock": "^14.0.1",
     "null-loader": "^4.0.0",
     "puppeteer": "^24.0.0",
-    "sinon": "^18.0.1",
+    "sinon": "^21.0.0",
     "ts-loader": "^8.0.0",
     "typescript": "^5.1.6",
     "webpack": "^5.21.2",
diff --git a/test/test.awsclient.ts b/test/test.awsclient.ts
@@ -29,7 +29,7 @@ import {
   getExpectedExternalAccountMetricsHeaderValue,
 } from './externalclienthelper';
 import {AwsSecurityCredentials} from '../src/auth/awsrequestsigner';
-
+import {TestUtils} from './utils';
 nock.disableNetConnect();
 
 const ONE_HOUR_IN_SECS = 3600;
@@ -175,7 +175,7 @@ describe('AwsClient', () => {
   );
 
   beforeEach(() => {
-    clock = sinon.useFakeTimers(referenceDate);
+    clock = TestUtils.useFakeTimers(sinon, referenceDate);
   });
 
   afterEach(() => {
diff --git a/test/test.awsrequestsigner.ts b/test/test.awsrequestsigner.ts
@@ -17,7 +17,7 @@ import {describe, it, afterEach, beforeEach} from 'mocha';
 import * as sinon from 'sinon';
 import {AwsRequestSigner} from '../src/auth/awsrequestsigner';
 import {GaxiosOptions} from 'gaxios';
-
+import {TestUtils} from './utils';
 /** Defines the interface to facilitate testing of AWS request signing. */
 interface AwsRequestSignerTest {
   // Test description.
@@ -41,7 +41,7 @@ describe('AwsRequestSigner', () => {
   const token = awsSecurityCredentials.Token;
 
   beforeEach(() => {
-    clock = sinon.useFakeTimers(0);
+    clock = TestUtils.useFakeTimers(sinon);
   });
 
   afterEach(() => {
diff --git a/test/test.baseexternalclient.ts b/test/test.baseexternalclient.ts
@@ -40,7 +40,7 @@ import {
   getExpectedExternalAccountMetricsHeaderValue,
 } from './externalclienthelper';
 import {DEFAULT_UNIVERSE} from '../src/auth/authclient';
-
+import {TestUtils} from './utils';
 nock.disableNetConnect();
 
 interface SampleResponse {
@@ -965,7 +965,7 @@ describe('BaseExternalAccountClient', () => {
       });
 
       it('should force refresh when cached credential is expired', async () => {
-        clock = sinon.useFakeTimers(0);
+        clock = TestUtils.useFakeTimers(sinon);
         const emittedEvents: Credentials[] = [];
         const stsSuccessfulResponse2 = Object.assign({}, stsSuccessfulResponse);
         stsSuccessfulResponse2.access_token = 'ACCESS_TOKEN2';
@@ -1063,7 +1063,8 @@ describe('BaseExternalAccountClient', () => {
       });
 
       it('should respect provided eagerRefreshThresholdMillis', async () => {
-        clock = sinon.useFakeTimers(0);
+        clock = TestUtils.useFakeTimers(sinon);
+
         const customThresh = 10 * 1000;
         const stsSuccessfulResponse2 = Object.assign({}, stsSuccessfulResponse);
         stsSuccessfulResponse2.access_token = 'ACCESS_TOKEN2';
@@ -1381,7 +1382,7 @@ describe('BaseExternalAccountClient', () => {
       });
 
       it('should force refresh when cached credential is expired', async () => {
-        clock = sinon.useFakeTimers(0);
+        clock = TestUtils.useFakeTimers(sinon);
         const emittedEvents: Credentials[] = [];
         const stsSuccessfulResponse2 = Object.assign({}, stsSuccessfulResponse);
         stsSuccessfulResponse2.access_token = 'ACCESS_TOKEN2';
@@ -1505,7 +1506,7 @@ describe('BaseExternalAccountClient', () => {
       });
 
       it('should respect provided eagerRefreshThresholdMillis', async () => {
-        clock = sinon.useFakeTimers(0);
+        clock = TestUtils.useFakeTimers(sinon);
         const customThresh = 10 * 1000;
         const stsSuccessfulResponse2 = Object.assign({}, stsSuccessfulResponse);
         stsSuccessfulResponse2.access_token = 'ACCESS_TOKEN2';
@@ -2540,7 +2541,7 @@ describe('BaseExternalAccountClient', () => {
 
   describe('setCredentials()', () => {
     it('should allow injection of GCP access tokens directly', async () => {
-      clock = sinon.useFakeTimers(0);
+      clock = TestUtils.useFakeTimers(sinon);
       const credentials = {
         access_token: 'INJECTED_ACCESS_TOKEN',
         // Simulate token expires in 10mins.
@@ -2581,7 +2582,7 @@ describe('BaseExternalAccountClient', () => {
     });
 
     it('should not expire injected creds with no expiry_date', async () => {
-      clock = sinon.useFakeTimers(0);
+      clock = TestUtils.useFakeTimers(sinon);
       const credentials = {
         access_token: 'INJECTED_ACCESS_TOKEN',
       };
diff --git a/test/test.downscopedclient.ts b/test/test.downscopedclient.ts
@@ -32,7 +32,7 @@ import {
   getErrorFromOAuthErrorResponse,
 } from '../src/auth/oauth2common';
 import {GetAccessTokenResponse} from '../src/auth/authclient';
-
+import {TestUtils} from './utils';
 nock.disableNetConnect();
 
 /** A dummy class used as source credential for testing. */
@@ -376,7 +376,7 @@ describe('DownscopedClient', () => {
   describe('getAccessToken()', () => {
     it('should return current unexpired cached DownscopedClient access token', async () => {
       const now = new Date().getTime();
-      clock = sinon.useFakeTimers(now);
+      clock = TestUtils.useFakeTimers(sinon, now);
       const credentials = {
         access_token: 'DOWNSCOPED_CLIENT_ACCESS_TOKEN',
         expiry_date: now + ONE_HOUR_IN_SECS * 1000,
@@ -415,7 +415,7 @@ describe('DownscopedClient', () => {
 
     it('should refresh a new DownscopedClient access when cached one gets expired', async () => {
       const now = new Date().getTime();
-      clock = sinon.useFakeTimers(now);
+      clock = TestUtils.useFakeTimers(sinon, now);
       const emittedEvents: Credentials[] = [];
       const credentials = {
         access_token: 'DOWNSCOPED_CLIENT_ACCESS_TOKEN',
diff --git a/test/test.executableresponse.ts b/test/test.executableresponse.ts
@@ -25,6 +25,7 @@ import {
   ExecutableResponseJson,
 } from '../src/auth/executable-response';
 import * as sinon from 'sinon';
+import {TestUtils} from './utils';
 
 const SAML_SUBJECT_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:saml2';
 const OIDC_SUBJECT_TOKEN_TYPE1 = 'urn:ietf:params:oauth:token-type:id_token';
@@ -35,7 +36,7 @@ describe('ExecutableResponse', () => {
   const referenceTime = 1653429377000;
 
   beforeEach(() => {
-    clock = sinon.useFakeTimers({now: referenceTime});
+    clock = TestUtils.useFakeTimers(sinon, referenceTime);
   });
 
   afterEach(() => {
diff --git a/test/test.externalaccountauthorizeduserclient.ts b/test/test.externalaccountauthorizeduserclient.ts
@@ -30,6 +30,7 @@ import {
   OAuthErrorResponse,
 } from '../src/auth/oauth2common';
 import {DEFAULT_UNIVERSE} from '../src/auth/authclient';
+import {TestUtils} from './utils';
 
 nock.disableNetConnect();
 
@@ -110,7 +111,7 @@ describe('ExternalAccountAuthorizedUserClient', () => {
     expires_in: 3600,
   };
   beforeEach(() => {
-    clock = sinon.useFakeTimers(referenceDate);
+    clock = TestUtils.useFakeTimers(sinon, referenceDate);
   });
 
   afterEach(() => {
diff --git a/test/test.pluggableauthclient.ts b/test/test.pluggableauthclient.ts
@@ -37,6 +37,7 @@ import {
 } from '../src/auth/executable-response';
 import {PluggableAuthHandler} from '../src/auth/pluggable-auth-handler';
 import {StsSuccessfulResponse} from '../src/auth/stscredentials';
+import {TestUtils} from './utils';
 
 const OIDC_SUBJECT_TOKEN_TYPE1 = 'urn:ietf:params:oauth:token-type:id_token';
 const SAML_SUBJECT_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:saml2';
@@ -113,7 +114,7 @@ describe('PluggableAuthClient', () => {
       GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES: '1',
     });
     sandbox.stub(process, 'env').value(envVars);
-    clock = sinon.useFakeTimers({now: referenceTime});
+    clock = TestUtils.useFakeTimers(sinon, referenceTime);
 
     responseJson = {
       success: true,
diff --git a/test/test.pluggableauthhandler.ts b/test/test.pluggableauthhandler.ts
@@ -30,6 +30,7 @@ import {
 } from '../src/auth/pluggable-auth-handler';
 import * as assert from 'assert';
 import {ExecutableError} from '../src/auth/pluggable-auth-client';
+import {TestUtils} from './utils';
 
 const OIDC_SUBJECT_TOKEN_TYPE1 = 'urn:ietf:params:oauth:token-type:id_token';
 const SAML_SUBJECT_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:saml2';
@@ -121,8 +122,7 @@ describe('PluggableAuthHandler', () => {
     beforeEach(() => {
       // Stub environment variables
       sandbox.stub(process, 'env').value(process.env);
-      clock = sandbox.useFakeTimers({now: referenceTime});
-
+      clock = TestUtils.useFakeTimers(sinon, referenceTime);
       defaultResponseJson = {
         success: true,
         version: 1,
@@ -371,8 +371,7 @@ describe('PluggableAuthHandler', () => {
     let defaultResponseJson: ExecutableResponseJson;
 
     beforeEach(() => {
-      clock = sandbox.useFakeTimers({now: referenceTime});
-
+      clock = TestUtils.useFakeTimers(sinon, referenceTime);
       defaultResponseJson = {
         success: true,
         version: 1,
diff --git a/test/test.util.ts b/test/test.util.ts
@@ -16,6 +16,7 @@ import {strict as assert} from 'assert';
 import * as sinon from 'sinon';
 
 import {LRUCache, removeUndefinedValuesInObject} from '../src/util';
+import {TestUtils} from './utils';
 
 describe('util', () => {
   let sandbox: sinon.SinonSandbox;
@@ -61,7 +62,7 @@ describe('util', () => {
     it('should evict items older than a supplied `maxAge`', async () => {
       const maxAge = 50;
 
-      sandbox.clock = sinon.useFakeTimers();
+      sandbox.clock = TestUtils.useFakeTimers(sandbox);
 
       const lru = new LRUCache({capacity: 5, maxAge});
 
diff --git a/test/utils.ts b/test/utils.ts
@@ -0,0 +1,58 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import {SinonSandbox, SinonFakeTimers} from 'sinon';
+
+type FakeTimersParam = Parameters<SinonSandbox['useFakeTimers']>[0];
+interface FakeTimerConfig {
+  now?: number | Date;
+  toFake?: string[];
+}
+
+/**
+ * Utilities for unit test code.
+ *
+ * @private
+ */
+export class TestUtils {
+  /**
+   * This helper should be used to enable fake timers for Sinon sandbox.
+   * sinon adds a timer to `nextTick` by default beginning in v19
+   *  manually specifying the timers like this replicates the behavior pre v19
+   *
+   * @param sandbox The sandbox
+   * @param now An optional date to set for "now"
+   * @returns The clock object from useFakeTimers()
+   */
+  static useFakeTimers(
+    sandbox: SinonSandbox,
+    now?: number | Date,
+  ): SinonFakeTimers {
+    const config: FakeTimerConfig = {
+      toFake: [
+        'setTimeout',
+        'clearTimeout',
+        'setInterval',
+        'clearInterval',
+        'Date',
+      ],
+    };
+    if (now) {
+      config.now = now;
+    }
+
+    // The types are screwy in useFakeTimers(). I'm just going to pick one.
+    return sandbox.useFakeTimers(config as FakeTimersParam);
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,6 @@`
`16`	`16`	`"devDependencies": {`
`17`	`17`	`"@octokit/rest": "^19.0.0",`
`18`	`18`	`"mocha": "^10.0.0",`
`19`		`- "sinon": "^18.0.0"`
	`19`	`+ "sinon": "^21.0.0"`
`20`	`20`	`}`
`21`	`21`	`}`