test: check for available port

[thisislawatts]

Pull Request Submission Checklist

• Follows [CONTRIBUTING](https://github.com/snyk/cli/blob/main/CONTRIBUTING.md) guidelines
• Commit messages
    are release-note ready, emphasizing
    what was changed, not how.
• Includes detailed description of changes
• Contains risk assessment (Low | Medium | High)
• Highlights breaking API changes (if applicable)
• Links to automated tests covering new functionality
• Includes manual testing instructions (if necessary)
• Updates relevant GitBook documentation (PR link: ___)
• Includes product update to be announced in the next stable release notes

What does this PR do?

This PR updates the test infrastructure to dynamically find an available port for the mock HTTP server used in acceptance tests (specifically those testing the snyk sbom command).

It replaces the previous method of relying on environment variables or hardcoded default ports with a call to the new utility function, getAvailableServerPort, which uses the portfinder package to locate an open port.

Key changes:

1. Adds portfinder package as a dependency in package.json and package-lock.json.
2. Introduces a new utility function getAvailableServerPort in test/jest/util/getServerPort.ts to find an available port starting from a default of 4000.
3. Updates multiple acceptance test files (*-sboms.spec.ts, *-options.spec.ts, sbom.spec.ts, all-projects.spec.ts, yarn-options.spec.ts, pip-options.spec.ts) to use getAvailableServerPort and convert their beforeAll blocks to use async/await for proper port acquisition before starting the server.

This change is aimed at improving test reliability in concurrent or CI environments where hardcoded ports might already be in use.

Where should the reviewer start?

The most significant logical changes are in:

• test/jest/util/getServerPort.ts: This file contains the new getAvailableServerPort logic.
• package.json and package-lock.json: To confirm the addition of portfinder and the update to async.
• Any test file using beforeAll(async () => { ... }) and calling getAvailableServerPort(process): This shows how the new utility is integrated into the tests (e.g., test/jest/acceptance/snyk-sbom/all-projects.spec.ts).

How should this be manually tested?

As this is a change to test infrastructure, no manual testing is necessary outside of running the existing test suite.

What's the product update that needs to be communicated to CLI users?

No user-facing product update is needed, as this only affects the CLI's internal testing infrastructure.

Risk assessment (Low | Medium | High)?

Low. This change is contained entirely within the test utilities and acceptance tests. It does not affect the production code or CLI functionality used by end-users. It should only improve the robustness of testing.

Any background context you want to provide?

The acceptance tests were occasionally failing in CI due to suspected port conflicts when trying to start the mock server on a hardcoded or default environment port. The use of portfinder ensures that an unused port is reliably found before attempting to listen.

[github-actions]

	Warnings
⚠️	Since the CLI is unifying on a standard and improved tooling, we're starting to migrate old-style imports and exports to ES6 ones. A file you've modified is using either module.exports or require(). If you can, please update them to ES6 import syntax and export syntax. Files found: test/jest/util/getServerPort.ts
⚠️	There are multiple commits on your branch, please squash them locally before merging!

Generated by 🚫 dangerJS against 356b140