Add UPC code to product_created Kafka event

[mikesir87]

Summary

• Added upc field to the product_created Kafka event payload
• Updated integration test to validate the upc field is included in published events

Related Issue

Resolves #19

Changes

This change allows consumers of the product_created Kafka event to access the UPC code directly from the event payload, eliminating the need for an immediate lookup.

Test Plan

• All existing tests pass
• Added test assertion to validate upc field is present in Kafka event
• Verified test passes with new assertion

🤖 Generated with Claude Code

[mikesir87]

This is a AI demo PR. Do not merge.

[github-actions]

Your image	dockerdevrel/catalog-service-node:pr-62
Current base image	node:22-bookworm-slim

Policy Status

(4/7 policies met, 2 missing data)

Status	Policy	Results
✅	Default non-root user
✅	No AGPL v3 licenses	0 packages
✅	No fixable critical or high vulnerabilities
✅	No high-profile vulnerabilities
❓	No outdated base images	No data Learn more ↗
❓	No unapproved base images	No data
⚠️	Missing supply chain attestation(s)	2 deviations

[github-actions]

Overview

Image reference	dockerdevrel/catalog-service-node:latest	dockerdevrel/catalog-service-node:pr-62
- digest	b630c97cef9b	58bc874da950
- tag	latest	pr-62
- environment	production
- provenance	781663d	7526db4
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	84 MB	83 MB (-1.1 MB)
- packages	293	522 (+229)
Base Image	node:22-slim also known as: • 22-bookworm-slim • jod-bookworm-slim • jod-slim • lts-bookworm-slim • lts-slim	node:22-bookworm-slim also known as: • 22-slim • 22.20-bookworm-slim • 22.20-slim • 22.20.0-bookworm-slim • 22.20.0-slim • jod-slim • lts-bookworm-slim • lts-slim
- vulnerabilities

Environment Variables (1 changes)

• ± 1 changed
• 3 unchanged

 NODE_ENV=production
-NODE_VERSION=22.13.0
+NODE_VERSION=22.20.0
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 YARN_VERSION=1.22.22

Labels (3 changes)

• ± 3 changed
• 5 unchanged

-org.opencontainers.image.created=2025-01-15T22:47:28.805Z
+org.opencontainers.image.created=2025-10-21T14:49:07.249Z
 org.opencontainers.image.description=
 org.opencontainers.image.licenses=CC0-1.0
-org.opencontainers.image.revision=781663d8eeebad7825a85796e942c08bc774cbd0
+org.opencontainers.image.revision=7526db41ebc7912c3cc0676f3e08cc272e825279
 org.opencontainers.image.source=https://github.com/dockersamples/catalog-service-node
 org.opencontainers.image.title=catalog-service-node
 org.opencontainers.image.url=https://github.com/dockersamples/catalog-service-node
-org.opencontainers.image.version=v0.2.0
+org.opencontainers.image.version=pr-62

Policies (1 improved, 1 worsened, 2 missing data)

Policy Name	dockerdevrel/catalog-service-node:latest	dockerdevrel/catalog-service-node:pr-62	Change	Standing
Default non-root user	✅	✅		No Change
No AGPL v3 licenses	✅	✅		No Change
No fixable critical or high vulnerabilities	⚠️ 7	✅	-7	Improved
No high-profile vulnerabilities	✅	✅		No Change
No outdated base images	⚠️	❓ No data
No unapproved base images	✅	❓ No data
Supply chain attestations	✅	⚠️ 2	+2	Worsened

Packages and Vulnerabilities (347 package changes and 43 vulnerability changes)

• ➕ 216 packages added
• ➖ 9 packages removed
• ♾️ 122 packages changed
• 155 packages unchanged

• ❗ 17 vulnerabilities added
• ✔️ 26 vulnerabilities removed

Changes for packages of type deb (61 changes)

	Package	Version dockerdevrel/catalog-service-node:latest	Version dockerdevrel/catalog-service-node:pr-62
➕	acl		2.3.1-3
➕	attr		1:2.5.1-4
➕	audit		1:3.0.9-1
♾️	base-files	12.4+deb12u9	12.4+deb12u12
♾️	bash	5.2.15-2+b7	5.2.15-2+b9
➕	bzip2		1.0.8-5
➕	cdebconf		0.270
➕	db5.3		5.3.28+dfsg2-1
♾️	debian-archive-keyring	2023.3+deb12u1	2023.3+deb12u2
➕	gcc-12		12.2.0-14+deb12u1
			Added vulnerabilities (1):
♾️	gcc-12-base	12.2.0-14	12.2.0-14+deb12u1
➕	glibc		2.36-9+deb12u13
			Added vulnerabilities (7):
➕	gmp		2:6.2.1+dfsg1-1.1
➕	gnupg2		2.2.40-1.1+deb12u1
			Added vulnerabilities (1):
➕	gnutls28		3.7.9-2+deb12u5
			Added vulnerabilities (1):
♾️	gpgv	2.2.40-1.1	2.2.40-1.1+deb12u1
♾️	init-system-helpers	1.65.2	1.65.2+deb12u1
♾️	libc-bin	2.36-9+deb12u9	2.36-9+deb12u13
♾️	libc6	2.36-9+deb12u9	2.36-9+deb12u13
		Removed vulnerabilities (3):
➕	libcap-ng		0.8.3-1
♾️	libcap2	1:2.66-4	1:2.66-4+deb12u2
		Removed vulnerabilities (1):
♾️	libcom-err2	1.47.0-2	1.47.0-2+b2
♾️	libext2fs2	1.47.0-2	1.47.0-2+b2
➕	libffi		3.4.4-1
♾️	libgcc-s1	12.2.0-14	12.2.0-14+deb12u1
♾️	libgnutls30	3.7.9-2+deb12u3	3.7.9-2+deb12u5
		Removed vulnerabilities (5):
➕	libgpg-error		1.46-1
➕	libidn2		2.3.3-1
♾️	liblzma5	5.4.1-0.2	5.4.1-1
		Removed vulnerabilities (1):
➕	libmd		1.0.4-2
➕	libseccomp		2.5.4-1+deb12u1
➕	libselinux		3.4-1
➕	libsemanage		3.4-1
➕	libsepol		3.4-2.1
♾️	libss2	1.47.0-2	1.47.0-2+b2
♾️	libstdc++6	12.2.0-14	12.2.0-14+deb12u1
		Removed vulnerabilities (1):
♾️	libsystemd0	252.33-1~deb12u1	252.39-1~deb12u1
♾️	libtasn1-6	4.19.0-2	4.19.0-2+deb12u1
		Removed vulnerabilities (1):
♾️	libudev1	252.33-1~deb12u1	252.39-1~deb12u1
		Removed vulnerabilities (1):
➕	libunistring		1.0-2
➕	libxcrypt		1:4.4.33-2
➕	libzstd		1.5.4+dfsg2-5
♾️	login	1:4.13+dfsg1-1+b1	1:4.13+dfsg1-1+deb12u1
♾️	logsave	1.47.0-2	1.47.0-2+b2
➕	lz4		1.9.4-1
➕	ncurses		6.4-4
➕	nettle		3.8.1-2
➕	p11-kit		0.24.1-2
➕	pam		1.5.2-6+deb12u1
♾️	passwd	1:4.13+dfsg1-1+b1	1:4.13+dfsg1-1+deb12u1
		Removed vulnerabilities (2):
➕	pcre2		10.42-1
➕	perl		5.36.0-7+deb12u3
			Added vulnerabilities (2):
♾️	perl-base	5.36.0-7+deb12u1	5.36.0-7+deb12u3
		Removed vulnerabilities (3):
➕	shadow		1:4.13+dfsg1-1+deb12u1
			Added vulnerabilities (1):
➕	systemd		252.39-1~deb12u1
			Added vulnerabilities (4):
➕	sysvinit		3.06-4
♾️	tzdata	2024b-0+deb12u1	2025b-0+deb12u2
➕	usrmerge		37~deb12u1
➕	xxhash		0.8.1-1
➕	xz-utils		5.4.1-1
➕	zlib		1:1.2.13.dfsg-1

Changes for packages of type generic (1 changes)

	Package	Version dockerdevrel/catalog-service-node:latest	Version dockerdevrel/catalog-service-node:pr-62
➖	node	22.13.0
		Removed vulnerabilities (6):

Changes for packages of type github (1 changes)

	Package	Version dockerdevrel/catalog-service-node:latest	Version dockerdevrel/catalog-service-node:pr-62
➕	node		22.20.0

Changes for packages of type npm (284 changes)

	Package	Version dockerdevrel/catalog-service-node:latest	Version dockerdevrel/catalog-service-node:pr-62
♾️	@aws-sdk/client-s3	3.670.0	3.729.0
♾️	@aws-sdk/client-sso	3.670.0	3.726.0
♾️	@aws-sdk/client-sso-oidc	3.670.0	3.726.0
♾️	@aws-sdk/client-sts	3.670.0	3.726.1
♾️	@aws-sdk/core	3.667.0	3.723.0
♾️	@aws-sdk/credential-provider-env	3.667.0	3.723.0
♾️	@aws-sdk/credential-provider-http	3.667.0	3.723.0
♾️	@aws-sdk/credential-provider-ini	3.670.0	3.726.0
♾️	@aws-sdk/credential-provider-node	3.670.0	3.726.0
♾️	@aws-sdk/credential-provider-process	3.667.0	3.723.0
♾️	@aws-sdk/credential-provider-sso	3.670.0	3.726.0
♾️	@aws-sdk/credential-provider-web-identity	3.667.0	3.723.0
♾️	@aws-sdk/middleware-bucket-endpoint	3.667.0	3.726.0
♾️	@aws-sdk/middleware-expect-continue	3.667.0	3.723.0
♾️	@aws-sdk/middleware-flexible-checksums	3.669.0	3.729.0
♾️	@aws-sdk/middleware-host-header	3.667.0	3.723.0
♾️	@aws-sdk/middleware-location-constraint	3.667.0	3.723.0
♾️	@aws-sdk/middleware-logger	3.667.0	3.723.0
♾️	@aws-sdk/middleware-recursion-detection	3.667.0	3.723.0
♾️	@aws-sdk/middleware-sdk-s3	3.669.0	3.723.0
♾️	@aws-sdk/middleware-ssec	3.667.0	3.723.0
♾️	@aws-sdk/middleware-user-agent	3.669.0	3.726.0
♾️	@aws-sdk/region-config-resolver	3.667.0	3.723.0
♾️	@aws-sdk/signature-v4-multi-region	3.669.0	3.723.0
♾️	@aws-sdk/token-providers	3.667.0	3.723.0
♾️	@aws-sdk/types	3.667.0	3.723.0
♾️	@aws-sdk/util-arn-parser	3.568.0	3.723.0
♾️	@aws-sdk/util-endpoints	3.667.0	3.726.0
♾️	@aws-sdk/util-locate-window	3.568.0	3.723.0
♾️	@aws-sdk/util-user-agent-browser	3.670.0	3.723.0
♾️	@aws-sdk/util-user-agent-node	3.669.0	3.726.0
♾️	@aws-sdk/xml-builder	3.662.0	3.723.0
➕	@isaacs/cliui		8.0.2
➕	@isaacs/fs-minipass		4.0.1
➕	@isaacs/string-locale-compare		1.1.0
➕	@npmcli/agent		3.0.0
➕	@npmcli/arborist		8.0.1
➕	@npmcli/config		9.0.0
➕	@npmcli/fs		4.0.0
➕	@npmcli/git		6.0.3
➕	@npmcli/installed-package-contents		3.0.0
➕	@npmcli/map-workspaces		4.0.2
➕	@npmcli/metavuln-calculator		8.0.1
➕	@npmcli/name-from-folder		3.0.0
➕	@npmcli/node-gyp		4.0.0
➕	@npmcli/package-json		6.2.0
➕	@npmcli/promise-spawn		8.0.2
➕	@npmcli/query		4.0.1
➕	@npmcli/redact		3.2.2
➕	@npmcli/run-script		9.1.0
➕	@pkgjs/parseargs		0.11.0
➕	@sigstore/bundle		3.1.0
➕	@sigstore/core		2.0.0
➕	@sigstore/protobuf-specs		0.4.3
➕	@sigstore/sign		3.1.0
➕	@sigstore/tuf		3.1.1
➕	@sigstore/verify		2.1.1
♾️	@smithy/abort-controller	3.1.5	4.0.1
♾️	@smithy/chunked-blob-reader	3.0.0	5.0.0
♾️	@smithy/chunked-blob-reader-native	3.0.0	4.0.0
♾️	@smithy/config-resolver	3.0.9	4.0.1
♾️	@smithy/core	2.4.8	3.1.1
♾️	@smithy/credential-provider-imds	3.2.4	4.0.1
♾️	@smithy/eventstream-codec	3.1.6	4.0.1
♾️	@smithy/eventstream-serde-browser	3.0.10	4.0.1
♾️	@smithy/eventstream-serde-config-resolver	3.0.7	4.0.1
♾️	@smithy/eventstream-serde-node	3.0.9	4.0.1
♾️	@smithy/eventstream-serde-universal	3.0.9	4.0.1
♾️	@smithy/fetch-http-handler	3.2.9	5.0.1
♾️	@smithy/hash-blob-browser	3.1.6	4.0.1
♾️	@smithy/hash-node	3.0.7	4.0.1
♾️	@smithy/hash-stream-node	3.1.6	4.0.1
♾️	@smithy/invalid-dependency	3.0.7	4.0.1
♾️	@smithy/is-array-buffer	3.0.0	4.0.0
♾️	@smithy/md5-js	3.0.7	4.0.1
♾️	@smithy/middleware-content-length	3.0.9	4.0.1
♾️	@smithy/middleware-endpoint	3.1.4	4.0.2
♾️	@smithy/middleware-retry	3.0.23	4.0.3
♾️	@smithy/middleware-serde	3.0.7	4.0.1
♾️	@smithy/middleware-stack	3.0.7	4.0.1
♾️	@smithy/node-config-provider	3.1.8	4.0.1
♾️	@smithy/node-http-handler	3.2.4	4.0.2
♾️	@smithy/property-provider	3.1.7	4.0.1
♾️	@smithy/protocol-http	4.1.4	5.0.1
♾️	@smithy/querystring-builder	3.0.7	4.0.1
♾️	@smithy/querystring-parser	3.0.7	4.0.1
♾️	@smithy/service-error-classification	3.0.7	4.0.1
♾️	@smithy/shared-ini-file-loader	3.1.8	4.0.1
♾️	@smithy/signature-v4	4.2.0	5.0.1
♾️	@smithy/smithy-client	3.4.0	4.1.2
♾️	@smithy/types	3.5.0	4.1.0
♾️	@smithy/url-parser	3.0.7	4.0.1
♾️	@smithy/util-base64	3.0.0	4.0.0
♾️	@smithy/util-body-length-browser	3.0.0	4.0.0
♾️	@smithy/util-body-length-node	3.0.0	4.0.0
♾️	@smithy/util-buffer-from	3.0.0	4.0.0
♾️	@smithy/util-config-provider	3.0.0	4.0.0
♾️	@smithy/util-defaults-mode-browser	3.0.23	4.0.3
♾️	@smithy/util-defaults-mode-node	3.0.23	4.0.3
♾️	@smithy/util-endpoints	2.1.3	3.0.1
♾️	@smithy/util-hex-encoding	3.0.0	4.0.0
♾️	@smithy/util-middleware	3.0.7	4.0.1
♾️	@smithy/util-retry	3.0.7	4.0.1
♾️	@smithy/util-stream	3.1.9	4.0.2
♾️	@smithy/util-uri-escape	3.0.0	4.0.0
♾️	@smithy/util-utf8	3.0.0	4.0.0
♾️	@smithy/util-waiter	3.1.6	4.0.2
➕	@tufjs/canonical-json		2.0.0
➕	@tufjs/models		3.0.1
➕	abbrev		3.0.1
➕	agent-base		7.1.3
➕	ansi-regex		6.1.0
➕	ansi-styles		6.2.1
➕	aproba		2.0.0
➕	archy		1.0.0
➕	balanced-match		1.0.2
➕	bin-links		5.0.0
➕	binary-extensions		2.3.0
➕	brace-expansion		2.0.2
➕	cacache		19.0.1
➖	call-bind	1.0.7
➕	call-bind-apply-helpers		1.0.1
➕	call-bound		1.0.3
➕	chalk		5.4.1
➕	chownr		3.0.0
➕	ci-info		4.2.0
➕	cidr-regex		4.1.3
➕	cli-columns		4.0.0
➕	cmd-shim		7.0.0
➕	color-convert		2.0.1
➕	color-name		1.1.4
➕	common-ancestor-path		1.0.1
♾️	concat-stream	1.6.2	2.0.0
➖	core-util-is	1.0.3
♾️	corepack	0.30.0	0.34.0
➕	cross-spawn		7.0.6
➕	cssesc		3.0.0
♾️	debug	2.6.9	4.4.1
➖	define-data-property	1.1.4
➕	diff		5.2.0
♾️	dotenv	16.4.5	16.4.7
➕	dunder-proto		1.0.1
➕	eastasianwidth		0.2.0
➕	emoji-regex		9.2.2
➕	encoding		0.1.13
➕	env-paths		2.2.1
➕	err-code		2.0.3
♾️	es-define-property	1.0.0	1.0.1
➕	es-object-atoms		1.1.1
➕	exponential-backoff		3.1.2
♾️	express	4.21.1	4.21.2
➕	fastest-levenshtein		1.0.16
➕	fdir		6.4.6
➕	foreground-child		3.3.1
➕	fs-minipass		3.0.3
♾️	get-intrinsic	1.2.4	1.2.7
➕	get-proto		1.0.1
➕	glob		10.4.5
➕	graceful-fs		4.2.11
➖	has-property-descriptors	1.0.2
➖	has-proto	1.1.0
➕	hosted-git-info		8.1.0
➕	http-cache-semantics		4.2.0
➕	http-proxy-agent		7.0.2
➕	https-proxy-agent		7.0.6
♾️	iconv-lite	0.4.24	0.6.3
➕	ignore-walk		7.0.0
➕	imurmurhash		0.1.4
➕	ini		5.0.0
➕	init-package-json		7.0.2
➕	ip-address		9.0.5
➕	ip-regex		5.0.0
➕	is-cidr		5.1.1
➕	is-fullwidth-code-point		3.0.0
➖	isarray	1.0.0
➕	isexe		3.1.1
➕	jackspeak		3.4.3
➕	jsbn		1.1.0
➕	json-parse-even-better-errors		4.0.0
➕	json-stringify-nice		1.1.4
➕	jsonparse		1.3.1
➕	just-diff		6.0.2
➕	just-diff-apply		5.5.0
➕	libnpmaccess		9.0.0
➕	libnpmdiff		7.0.1
➕	libnpmexec		9.0.1
➕	libnpmfund		6.0.1
➕	libnpmhook		11.0.0
➕	libnpmorg		7.0.0
➕	libnpmpack		8.0.1
➕	libnpmpublish		10.0.1
➕	libnpmsearch		8.0.0
➕	libnpmteam		7.0.0
➕	libnpmversion		7.0.0
➕	lru-cache		10.4.3
➕	make-fetch-happen		14.0.3
➕	math-intrinsics		1.1.0
➕	minimatch		9.0.5
➕	minipass		7.1.2
➕	minipass-collect		2.0.1
➕	minipass-fetch		4.0.1
➕	minipass-flush		1.0.5
➕	minipass-pipeline		1.2.4
➕	minipass-sized		1.0.3
➕	minizlib		3.0.2
♾️	mkdirp	0.5.6	3.0.1
♾️	multer	1.4.5-lts.1	2.0.2
		Removed vulnerabilities (1):
➕	mute-stream		2.0.0
♾️	negotiator	0.6.3	1.0.0
➕	node-gyp		11.2.0
➕	nopt		8.1.0
➕	normalize-package-data		7.0.0
➕	npm		10.9.3
➕	npm-audit-report		6.0.0
➕	npm-bundled		4.0.0
➕	npm-install-checks		7.1.1
➕	npm-normalize-package-bin		4.0.0
➕	npm-package-arg		12.0.2
➕	npm-packlist		9.0.0
➕	npm-pick-manifest		10.0.0
➕	npm-profile		11.0.1
➕	npm-registry-fetch		18.0.2
➕	npm-user-validate		3.0.0
➕	p-map		7.0.3
➕	package-json-from-dist		1.0.1
➕	pacote		20.0.0
➕	parse-conflict-json		4.0.0
➕	path-key		3.1.1
➕	path-scurry		1.11.1
♾️	path-to-regexp	0.1.10	0.1.12
		Removed vulnerabilities (1):
♾️	pg	8.13.0	8.13.1
➕	picomatch		4.0.2
➕	postcss-selector-parser		7.1.0
➕	proc-log		5.0.0
➖	process-nextick-args	2.0.1
➕	proggy		3.0.0
➕	promise-all-reject-late		1.0.1
➕	promise-call-limit		3.0.2
➕	promise-retry		2.0.1
➕	promzard		2.0.0
➕	qrcode-terminal		0.12.0
➕	read		4.1.0
➕	read-cmd-shim		5.0.0
➕	read-package-json-fast		4.0.0
♾️	readable-stream	2.3.8	3.6.2
➕	retry		0.12.0
➕	semver		7.7.2
➖	set-function-length	1.2.2
➕	shebang-command		2.0.0
➕	shebang-regex		3.0.0
♾️	side-channel	1.0.6	1.1.0
➕	side-channel-list		1.0.0
➕	side-channel-map		1.0.1
➕	side-channel-weakmap		1.0.2
➕	signal-exit		4.1.0
➕	sigstore		3.1.0
➕	smart-buffer		4.2.0
➕	socks		2.8.5
➕	socks-proxy-agent		8.0.5
➕	spdx-correct		3.2.0
➕	spdx-exceptions		2.5.0
➕	spdx-expression-parse		4.0.0
➕	spdx-license-ids		3.0.21
➕	sprintf-js		1.1.3
➕	ssri		12.0.0
➕	string-width		5.1.2
➕	strip-ansi		7.1.0
➕	supports-color		9.4.0
➕	tar		7.4.3
➕	text-table		0.2.0
➕	tiny-relative-date		1.3.0
➕	tinyglobby		0.2.14
➕	treeverse		3.0.0
♾️	tslib	2.7.0	2.8.1
➕	tuf-js		3.0.1
➕	unique-filename		4.0.0
➕	unique-slug		5.0.0
➕	validate-npm-package-license		3.0.4
➕	validate-npm-package-name		6.0.1
➕	walk-up-path		3.0.1
➕	which		5.0.0
➕	wrap-ansi		8.1.0
➕	write-file-atomic		6.0.0
➕	yallist		5.0.0