no guarantee that a cveRecords property will exist

[ElectricNroff]

In https://raw.githubusercontent.com/CVEProject/cvelistV5/main/.github/workflows/dist/index.js at dbd65c7

const response = await cveService.cve({ queryString });
let cves = [];
response.cveRecords.forEach(obj => {

const cves = await service.cve({ queryString });
const cveIds = [];
cves.cveRecords.forEach(record => {

const cves = await service.cve({ queryString });
// console.log(`getCvesByPage().cves=${JSON.stringify(cves, null, 2)}`);
const cveIds = [];
cves.cveRecords.forEach(record => {

there's no guarantee that a query to a CVE Services API in AWS will have a response with the application/json content type. In recent and realistic cases, the response can instead have:

Content-type: text/html

<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
</body>
</html>

(for example, this was seen in production 2023-02-12T21:01Z)

For the text/html content type, Axios won't create a JavaScript object, and accessing the cveRecords property will fail.

There was a request for the CVE Services API documentation to mention that text/html may occur, but there was no action on this request: CVEProject/cve-services#549

To resolve this, one possibility is to read the cveRecords property only if the content type is application/json. (It is also realistic for the cveRecords property to be missing when the content type is application/json but the status is 429 - as shown in CVEProject/cve-services#885 - but this perhaps has not occurred in recent months.)