Self-inflicted wounds: All Alexa requests firing NEW_USER rather than expected intent function

amazon-alexa

#1

New behavior as of today:

   "request": {
      "type": "IntentRequest",
      "requestId": "amzn1.echo-api.request.e58a65ba-0aa0-46b9-b780-5875b70cad02",
      "locale": "en-US",
      "timestamp": "2021-09-22T21:08:09Z",
      "intent": {
         "name": "LatestEpisodeIntent",
         "confirmationStatus": "NONE"
      }
   }

but what’s reaching my jovo app.js is a call to NEW_USER() rather than LatestEpisodeIntent(). In fact, I’m getting sent to NEW_USER() even in response to

   "request": {
      "type": "SessionEndedRequest",
      "requestId": "amzn1.echo-api.request.7a0173ca-724b-4119-acc0-6514fe340780",
      "timestamp": "2021-09-22T21:36:15Z",
      "locale": "en-US",
      "reason": "EXCEEDED_MAX_REPROMPTS"
   }

This also happens when I feed requests to it via the Developer Console’s test page.

I tried rebuilding the development directory – did a “jovo new test”, copied my source files in, added the date-fns package via npm, and did “jovo run” from there without any other npm update requests. This copy is working in the debugger (more or less, subject to the debugger’s limitations), but when I connect my account to it as a beta user, requests via the Echo are all winding up in NEW_USER.

I am very confused, and rather frustrated…

ANY assistance in figuring out what’s going on would be much more than welcome. Stupid questions welcome.

(Of course this misbehavior started on the first day when I was going to have real beta users. Murphy’s law.)

(And no, fixing my deploy problem did not resolve this one.)


#2

Just tried building and deploying the standard podcast example, and it seems to be working. So somewhere, somehow, I seem to have stepped on the request routing in my own app.

No idea how I managed that.

Best thought I’ve got right now, unless someone on the Jovo team can offer suggestions on how to debug this, is to hope I have an archived copy from before it broke.

Or comment it all out, re-enable progressively, and see how far I get before it blows up… Tried replacing just the contents of the app.setHandler() function, and that didn’t cure it, so the problem appears to be elsewhere.

Apologies for the noise; to some extent I’m using this as a Rubber Duck to record what I’ve tried.


Minor discovery: If you’ve just deleted and recreated the Alexa skill, it apparently insists on putting you into NEW_USER on the first invocation even if you use the “ask my_app to…” formulation. That’s annoying for a developer… though most users will probably “open” first, in which case this is a reasonable behavior.

Not sure why I was getting trapped there, though.

I’m trying to debug by starting with the primitive podcast player example and bringing in my changes one at a time. Hopefully this will find the point where it fails… Simply trying to revert to earlier code didn’t seem to be curing it for me.


#3

For what it’s worth, returning to the sample podcast player and then progressively copying my changes back into it is working, so far.

I’m starting to suspect that my big mistake was indeed letting NPM do audit -force. I really hate seeing the 5 high vulnerabilities and would like to have those resolved, but by definition anything that needs --force may be a breaking change and, well, it broke.

Any chance the Jovo developers could look at what the actual problems are and figure out how to make the code compatible with the new libraries?

# npm audit report

braces  <2.3.1
Regular Expression Denial of Service - https://npmjs.com/advisories/786
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/jest-cli/node_modules/braces
node_modules/jest-config/node_modules/braces
node_modules/jest-haste-map/node_modules/braces
node_modules/jest-message-util/node_modules/braces
node_modules/jest-runtime/node_modules/braces
node_modules/test-exclude/node_modules/braces
  micromatch  0.2.0 - 2.3.11
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of parse-glob
  node_modules/jest-cli/node_modules/micromatch
  node_modules/jest-config/node_modules/micromatch
  node_modules/jest-haste-map/node_modules/micromatch
  node_modules/jest-message-util/node_modules/micromatch
  node_modules/jest-runtime/node_modules/micromatch
  node_modules/test-exclude/node_modules/micromatch
    jest-cli  12.1.1-alpha.2935e14d || 12.1.2-alpha.6230044c - 24.8.0
    Depends on vulnerable versions of jest-config
    Depends on vulnerable versions of jest-haste-map
    Depends on vulnerable versions of jest-message-util
    Depends on vulnerable versions of jest-runner
    Depends on vulnerable versions of jest-snapshot
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of yargs
    node_modules/jest-cli
      jest  18.5.0-alpha.7da3df39 - 22.4.4 || 23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-cli
      node_modules/jest
    jest-config  18.5.0-alpha.7da3df39 - 24.0.0-alpha.16
    Depends on vulnerable versions of babel-jest
    Depends on vulnerable versions of jest-jasmine2
    Depends on vulnerable versions of jest-util
    Depends on vulnerable versions of micromatch
    node_modules/jest-config
      jest-runner  21.0.0-alpha.1 - 22.4.4 || 23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-config
      Depends on vulnerable versions of jest-haste-map
      node_modules/jest-runner
      jest-runtime  12.1.1-alpha.2935e14d - 24.8.0
      Depends on vulnerable versions of babel-plugin-istanbul
      Depends on vulnerable versions of jest-config
      Depends on vulnerable versions of jest-haste-map
      Depends on vulnerable versions of jest-message-util
      Depends on vulnerable versions of jest-util
      Depends on vulnerable versions of micromatch
      Depends on vulnerable versions of yargs
      node_modules/jest-runtime
    jest-haste-map  16.1.0-alpha.691b0e22 - 24.0.0
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of sane
    node_modules/jest-haste-map
    jest-message-util  18.5.0-alpha.7da3df39 - 23.1.0 || 23.4.0 - 24.0.0-alpha.16
    Depends on vulnerable versions of micromatch
    node_modules/jest-message-util
      expect  21.0.0-beta.1 - 22.4.3 || 23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-message-util
      node_modules/expect
        jest-jasmine2  18.5.0-alpha.7da3df39 - 22.4.4 || 23.4.0 - 23.6.0
        Depends on vulnerable versions of expect
        Depends on vulnerable versions of jest-message-util
        Depends on vulnerable versions of jest-snapshot
        Depends on vulnerable versions of jest-util
        node_modules/jest-jasmine2
      jest-snapshot  23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-message-util
      node_modules/jest-snapshot
        jest-resolve-dependencies  23.4.0 - 23.6.0
        Depends on vulnerable versions of jest-snapshot
        node_modules/jest-resolve-dependencies
      jest-util  18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
      Depends on vulnerable versions of jest-message-util
      node_modules/jest-util
        jest-environment-jsdom  18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
        Depends on vulnerable versions of jest-util
        node_modules/jest-environment-jsdom
        jest-environment-node  18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
        Depends on vulnerable versions of jest-util
        node_modules/jest-environment-node
    test-exclude  <=4.2.3
    Depends on vulnerable versions of micromatch
    node_modules/test-exclude
      babel-plugin-istanbul  <=5.0.0
      Depends on vulnerable versions of test-exclude
      node_modules/babel-plugin-istanbul
        babel-jest  14.2.0-alpha.ca8bfb6e - 24.0.0-alpha.16
        Depends on vulnerable versions of babel-plugin-istanbul
        node_modules/babel-jest

glob-parent  <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/glob-base/node_modules/glob-parent
node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    glob-watcher  >=3.0.0
    Depends on vulnerable versions of chokidar
    node_modules/glob-watcher
  glob-base  *
  Depends on vulnerable versions of glob-parent
  node_modules/glob-base
    parse-glob  >=2.1.0
    Depends on vulnerable versions of glob-base
    node_modules/parse-glob
      micromatch  0.2.0 - 2.3.11
      Depends on vulnerable versions of braces
      Depends on vulnerable versions of parse-glob
      node_modules/jest-cli/node_modules/micromatch
      node_modules/jest-config/node_modules/micromatch
      node_modules/jest-haste-map/node_modules/micromatch
      node_modules/jest-message-util/node_modules/micromatch
      node_modules/jest-runtime/node_modules/micromatch
      node_modules/test-exclude/node_modules/micromatch
        jest-cli  12.1.1-alpha.2935e14d || 12.1.2-alpha.6230044c - 24.8.0
        Depends on vulnerable versions of jest-config
        Depends on vulnerable versions of jest-haste-map
        Depends on vulnerable versions of jest-message-util
        Depends on vulnerable versions of jest-runner
        Depends on vulnerable versions of jest-snapshot
        Depends on vulnerable versions of micromatch
        Depends on vulnerable versions of yargs
        node_modules/jest-cli
          jest  18.5.0-alpha.7da3df39 - 22.4.4 || 23.4.0 - 23.6.0
          Depends on vulnerable versions of jest-cli
          node_modules/jest
        jest-config  18.5.0-alpha.7da3df39 - 24.0.0-alpha.16
        Depends on vulnerable versions of babel-jest
        Depends on vulnerable versions of jest-jasmine2
        Depends on vulnerable versions of jest-util
        Depends on vulnerable versions of micromatch
        node_modules/jest-config
          jest-runner  21.0.0-alpha.1 - 22.4.4 || 23.4.0 - 23.6.0
          Depends on vulnerable versions of jest-config
          Depends on vulnerable versions of jest-haste-map
          node_modules/jest-runner
          jest-runtime  12.1.1-alpha.2935e14d - 24.8.0
          Depends on vulnerable versions of babel-plugin-istanbul
          Depends on vulnerable versions of jest-config
          Depends on vulnerable versions of jest-haste-map
          Depends on vulnerable versions of jest-message-util
          Depends on vulnerable versions of jest-util
          Depends on vulnerable versions of micromatch
          Depends on vulnerable versions of yargs
          node_modules/jest-runtime
        jest-haste-map  16.1.0-alpha.691b0e22 - 24.0.0
        Depends on vulnerable versions of micromatch
        Depends on vulnerable versions of sane
        node_modules/jest-haste-map
        jest-message-util  18.5.0-alpha.7da3df39 - 23.1.0 || 23.4.0 - 24.0.0-alpha.16
        Depends on vulnerable versions of micromatch
        node_modules/jest-message-util
          expect  21.0.0-beta.1 - 22.4.3 || 23.4.0 - 23.6.0
          Depends on vulnerable versions of jest-message-util
          node_modules/expect
            jest-jasmine2  18.5.0-alpha.7da3df39 - 22.4.4 || 23.4.0 - 23.6.0
            Depends on vulnerable versions of expect
            Depends on vulnerable versions of jest-message-util
            Depends on vulnerable versions of jest-snapshot
            Depends on vulnerable versions of jest-util
            node_modules/jest-jasmine2
          jest-snapshot  23.4.0 - 23.6.0
          Depends on vulnerable versions of jest-message-util
          node_modules/jest-snapshot
            jest-resolve-dependencies  23.4.0 - 23.6.0
            Depends on vulnerable versions of jest-snapshot
            node_modules/jest-resolve-dependencies
          jest-util  18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
          Depends on vulnerable versions of jest-message-util
          node_modules/jest-util
            jest-environment-jsdom  18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
            Depends on vulnerable versions of jest-util
            node_modules/jest-environment-jsdom
            jest-environment-node  18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
            Depends on vulnerable versions of jest-util
            node_modules/jest-environment-node
        test-exclude  <=4.2.3
        Depends on vulnerable versions of micromatch
        node_modules/test-exclude
          babel-plugin-istanbul  <=5.0.0
          Depends on vulnerable versions of test-exclude
          node_modules/babel-plugin-istanbul
            babel-jest  14.2.0-alpha.ca8bfb6e - 24.0.0-alpha.16
            Depends on vulnerable versions of babel-plugin-istanbul
            node_modules/babel-jest
  glob-stream  >=5.3.0
  Depends on vulnerable versions of glob-parent
  node_modules/glob-stream
    vinyl-fs  >=2.4.2
    Depends on vulnerable versions of glob-stream
    node_modules/vinyl-fs

merge  <2.1.1
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1666
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/merge
  exec-sh  <=0.3.1
  Depends on vulnerable versions of merge
  node_modules/exec-sh
    sane  1.0.4 - 4.0.2
    Depends on vulnerable versions of exec-sh
    Depends on vulnerable versions of watch
    node_modules/sane
      jest-haste-map  16.1.0-alpha.691b0e22 - 24.0.0
      Depends on vulnerable versions of micromatch
      Depends on vulnerable versions of sane
      node_modules/jest-haste-map
        jest-cli  12.1.1-alpha.2935e14d || 12.1.2-alpha.6230044c - 24.8.0
        Depends on vulnerable versions of jest-config
        Depends on vulnerable versions of jest-haste-map
        Depends on vulnerable versions of jest-message-util
        Depends on vulnerable versions of jest-runner
        Depends on vulnerable versions of jest-snapshot
        Depends on vulnerable versions of micromatch
        Depends on vulnerable versions of yargs
        node_modules/jest-cli
          jest  18.5.0-alpha.7da3df39 - 22.4.4 || 23.4.0 - 23.6.0
          Depends on vulnerable versions of jest-cli
          node_modules/jest
        jest-runner  21.0.0-alpha.1 - 22.4.4 || 23.4.0 - 23.6.0
        Depends on vulnerable versions of jest-config
        Depends on vulnerable versions of jest-haste-map
        node_modules/jest-runner
        jest-runtime  12.1.1-alpha.2935e14d - 24.8.0
        Depends on vulnerable versions of babel-plugin-istanbul
        Depends on vulnerable versions of jest-config
        Depends on vulnerable versions of jest-haste-map
        Depends on vulnerable versions of jest-message-util
        Depends on vulnerable versions of jest-util
        Depends on vulnerable versions of micromatch
        Depends on vulnerable versions of yargs
        node_modules/jest-runtime
    watch  >=0.14.0
    Depends on vulnerable versions of exec-sh
    node_modules/watch

yargs-parser  <=13.1.1 || 14.0.0 - 15.0.0 || 16.0.0 - 18.1.1
Prototype Pollution - https://npmjs.com/advisories/1500
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/jest-cli/node_modules/yargs-parser
node_modules/jest-runtime/node_modules/yargs-parser
node_modules/yargs-parser
  yargs  4.0.0-alpha1 - 12.0.5 || 14.1.0 || 15.0.0 - 15.2.0
  Depends on vulnerable versions of yargs-parser
  node_modules/jest-cli/node_modules/yargs
  node_modules/jest-runtime/node_modules/yargs
  node_modules/yargs
    gulp-cli  >=2.0.0
    Depends on vulnerable versions of yargs
    node_modules/gulp-cli
      gulp  >=4.0.0
      Depends on vulnerable versions of gulp-cli
      node_modules/gulp
    jest-cli  12.1.1-alpha.2935e14d || 12.1.2-alpha.6230044c - 24.8.0
    Depends on vulnerable versions of jest-config
    Depends on vulnerable versions of jest-haste-map
    Depends on vulnerable versions of jest-message-util
    Depends on vulnerable versions of jest-runner
    Depends on vulnerable versions of jest-snapshot
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of yargs
    node_modules/jest-cli
      jest  18.5.0-alpha.7da3df39 - 22.4.4 || 23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-cli
      node_modules/jest
    jest-runtime  12.1.1-alpha.2935e14d - 24.8.0
    Depends on vulnerable versions of babel-plugin-istanbul
    Depends on vulnerable versions of jest-config
    Depends on vulnerable versions of jest-haste-map
    Depends on vulnerable versions of jest-message-util
    Depends on vulnerable versions of jest-util
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of yargs
    node_modules/jest-runtime

34 vulnerabilities (21 low, 8 moderate, 5 high)

#4

Back on the air. Sigh. Thanks for letting me vent while working through this; feel free to delete this thread if desired, or keep it as an example of what not to do .