@coana-tech/cli 13.19.16 → 13.19.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.js +140 -112
- package/package.json +1 -1
package/cli.js
CHANGED
|
@@ -7063,7 +7063,7 @@ var require_buffer_list = __commonJS({
|
|
|
7063
7063
|
}
|
|
7064
7064
|
}, {
|
|
7065
7065
|
key: "join",
|
|
7066
|
-
value: function
|
|
7066
|
+
value: function join12(s3) {
|
|
7067
7067
|
if (this.length === 0) return "";
|
|
7068
7068
|
var p2 = this.head;
|
|
7069
7069
|
var ret = "" + p2.data;
|
|
@@ -13661,7 +13661,7 @@ var require_lodash = __commonJS({
|
|
|
13661
13661
|
}
|
|
13662
13662
|
return mapped.length && mapped[0] === arrays[0] ? baseIntersection(mapped, undefined2, comparator) : [];
|
|
13663
13663
|
});
|
|
13664
|
-
function
|
|
13664
|
+
function join12(array, separator) {
|
|
13665
13665
|
return array == null ? "" : nativeJoin.call(array, separator);
|
|
13666
13666
|
}
|
|
13667
13667
|
function last2(array) {
|
|
@@ -13813,7 +13813,7 @@ var require_lodash = __commonJS({
|
|
|
13813
13813
|
comparator = typeof comparator == "function" ? comparator : undefined2;
|
|
13814
13814
|
return baseUniq(baseFlatten(arrays, 1, isArrayLikeObject, true), undefined2, comparator);
|
|
13815
13815
|
});
|
|
13816
|
-
function
|
|
13816
|
+
function uniq2(array) {
|
|
13817
13817
|
return array && array.length ? baseUniq(array) : [];
|
|
13818
13818
|
}
|
|
13819
13819
|
function uniqBy(array, iteratee2) {
|
|
@@ -15475,7 +15475,7 @@ var require_lodash = __commonJS({
|
|
|
15475
15475
|
lodash.union = union;
|
|
15476
15476
|
lodash.unionBy = unionBy;
|
|
15477
15477
|
lodash.unionWith = unionWith;
|
|
15478
|
-
lodash.uniq =
|
|
15478
|
+
lodash.uniq = uniq2;
|
|
15479
15479
|
lodash.uniqBy = uniqBy;
|
|
15480
15480
|
lodash.uniqWith = uniqWith;
|
|
15481
15481
|
lodash.unset = unset;
|
|
@@ -15580,7 +15580,7 @@ var require_lodash = __commonJS({
|
|
|
15580
15580
|
lodash.isUndefined = isUndefined2;
|
|
15581
15581
|
lodash.isWeakMap = isWeakMap;
|
|
15582
15582
|
lodash.isWeakSet = isWeakSet;
|
|
15583
|
-
lodash.join =
|
|
15583
|
+
lodash.join = join12;
|
|
15584
15584
|
lodash.kebabCase = kebabCase;
|
|
15585
15585
|
lodash.last = last2;
|
|
15586
15586
|
lodash.lastIndexOf = lastIndexOf;
|
|
@@ -17300,7 +17300,7 @@ var require_safe_stable_stringify = __commonJS({
|
|
|
17300
17300
|
return circularValue;
|
|
17301
17301
|
}
|
|
17302
17302
|
let res = "";
|
|
17303
|
-
let
|
|
17303
|
+
let join12 = ",";
|
|
17304
17304
|
const originalIndentation = indentation;
|
|
17305
17305
|
if (Array.isArray(value)) {
|
|
17306
17306
|
if (value.length === 0) {
|
|
@@ -17314,7 +17314,7 @@ var require_safe_stable_stringify = __commonJS({
|
|
|
17314
17314
|
indentation += spacer;
|
|
17315
17315
|
res += `
|
|
17316
17316
|
${indentation}`;
|
|
17317
|
-
|
|
17317
|
+
join12 = `,
|
|
17318
17318
|
${indentation}`;
|
|
17319
17319
|
}
|
|
17320
17320
|
const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
|
|
@@ -17322,13 +17322,13 @@ ${indentation}`;
|
|
|
17322
17322
|
for (; i5 < maximumValuesToStringify - 1; i5++) {
|
|
17323
17323
|
const tmp2 = stringifyFnReplacer(String(i5), value, stack2, replacer, spacer, indentation);
|
|
17324
17324
|
res += tmp2 !== void 0 ? tmp2 : "null";
|
|
17325
|
-
res +=
|
|
17325
|
+
res += join12;
|
|
17326
17326
|
}
|
|
17327
17327
|
const tmp = stringifyFnReplacer(String(i5), value, stack2, replacer, spacer, indentation);
|
|
17328
17328
|
res += tmp !== void 0 ? tmp : "null";
|
|
17329
17329
|
if (value.length - 1 > maximumBreadth) {
|
|
17330
17330
|
const removedKeys = value.length - maximumBreadth - 1;
|
|
17331
|
-
res += `${
|
|
17331
|
+
res += `${join12}"... ${getItemCount(removedKeys)} not stringified"`;
|
|
17332
17332
|
}
|
|
17333
17333
|
if (spacer !== "") {
|
|
17334
17334
|
res += `
|
|
@@ -17349,7 +17349,7 @@ ${originalIndentation}`;
|
|
|
17349
17349
|
let separator = "";
|
|
17350
17350
|
if (spacer !== "") {
|
|
17351
17351
|
indentation += spacer;
|
|
17352
|
-
|
|
17352
|
+
join12 = `,
|
|
17353
17353
|
${indentation}`;
|
|
17354
17354
|
whitespace2 = " ";
|
|
17355
17355
|
}
|
|
@@ -17363,13 +17363,13 @@ ${indentation}`;
|
|
|
17363
17363
|
const tmp = stringifyFnReplacer(key2, value, stack2, replacer, spacer, indentation);
|
|
17364
17364
|
if (tmp !== void 0) {
|
|
17365
17365
|
res += `${separator}${strEscape(key2)}:${whitespace2}${tmp}`;
|
|
17366
|
-
separator =
|
|
17366
|
+
separator = join12;
|
|
17367
17367
|
}
|
|
17368
17368
|
}
|
|
17369
17369
|
if (keyLength > maximumBreadth) {
|
|
17370
17370
|
const removedKeys = keyLength - maximumBreadth;
|
|
17371
17371
|
res += `${separator}"...":${whitespace2}"${getItemCount(removedKeys)} not stringified"`;
|
|
17372
|
-
separator =
|
|
17372
|
+
separator = join12;
|
|
17373
17373
|
}
|
|
17374
17374
|
if (spacer !== "" && separator.length > 1) {
|
|
17375
17375
|
res = `
|
|
@@ -17410,7 +17410,7 @@ ${originalIndentation}`;
|
|
|
17410
17410
|
}
|
|
17411
17411
|
const originalIndentation = indentation;
|
|
17412
17412
|
let res = "";
|
|
17413
|
-
let
|
|
17413
|
+
let join12 = ",";
|
|
17414
17414
|
if (Array.isArray(value)) {
|
|
17415
17415
|
if (value.length === 0) {
|
|
17416
17416
|
return "[]";
|
|
@@ -17423,7 +17423,7 @@ ${originalIndentation}`;
|
|
|
17423
17423
|
indentation += spacer;
|
|
17424
17424
|
res += `
|
|
17425
17425
|
${indentation}`;
|
|
17426
|
-
|
|
17426
|
+
join12 = `,
|
|
17427
17427
|
${indentation}`;
|
|
17428
17428
|
}
|
|
17429
17429
|
const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
|
|
@@ -17431,13 +17431,13 @@ ${indentation}`;
|
|
|
17431
17431
|
for (; i5 < maximumValuesToStringify - 1; i5++) {
|
|
17432
17432
|
const tmp2 = stringifyArrayReplacer(String(i5), value[i5], stack2, replacer, spacer, indentation);
|
|
17433
17433
|
res += tmp2 !== void 0 ? tmp2 : "null";
|
|
17434
|
-
res +=
|
|
17434
|
+
res += join12;
|
|
17435
17435
|
}
|
|
17436
17436
|
const tmp = stringifyArrayReplacer(String(i5), value[i5], stack2, replacer, spacer, indentation);
|
|
17437
17437
|
res += tmp !== void 0 ? tmp : "null";
|
|
17438
17438
|
if (value.length - 1 > maximumBreadth) {
|
|
17439
17439
|
const removedKeys = value.length - maximumBreadth - 1;
|
|
17440
|
-
res += `${
|
|
17440
|
+
res += `${join12}"... ${getItemCount(removedKeys)} not stringified"`;
|
|
17441
17441
|
}
|
|
17442
17442
|
if (spacer !== "") {
|
|
17443
17443
|
res += `
|
|
@@ -17450,7 +17450,7 @@ ${originalIndentation}`;
|
|
|
17450
17450
|
let whitespace2 = "";
|
|
17451
17451
|
if (spacer !== "") {
|
|
17452
17452
|
indentation += spacer;
|
|
17453
|
-
|
|
17453
|
+
join12 = `,
|
|
17454
17454
|
${indentation}`;
|
|
17455
17455
|
whitespace2 = " ";
|
|
17456
17456
|
}
|
|
@@ -17459,7 +17459,7 @@ ${indentation}`;
|
|
|
17459
17459
|
const tmp = stringifyArrayReplacer(key2, value[key2], stack2, replacer, spacer, indentation);
|
|
17460
17460
|
if (tmp !== void 0) {
|
|
17461
17461
|
res += `${separator}${strEscape(key2)}:${whitespace2}${tmp}`;
|
|
17462
|
-
separator =
|
|
17462
|
+
separator = join12;
|
|
17463
17463
|
}
|
|
17464
17464
|
}
|
|
17465
17465
|
if (spacer !== "" && separator.length > 1) {
|
|
@@ -17517,20 +17517,20 @@ ${originalIndentation}`;
|
|
|
17517
17517
|
indentation += spacer;
|
|
17518
17518
|
let res2 = `
|
|
17519
17519
|
${indentation}`;
|
|
17520
|
-
const
|
|
17520
|
+
const join13 = `,
|
|
17521
17521
|
${indentation}`;
|
|
17522
17522
|
const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
|
|
17523
17523
|
let i5 = 0;
|
|
17524
17524
|
for (; i5 < maximumValuesToStringify - 1; i5++) {
|
|
17525
17525
|
const tmp2 = stringifyIndent(String(i5), value[i5], stack2, spacer, indentation);
|
|
17526
17526
|
res2 += tmp2 !== void 0 ? tmp2 : "null";
|
|
17527
|
-
res2 +=
|
|
17527
|
+
res2 += join13;
|
|
17528
17528
|
}
|
|
17529
17529
|
const tmp = stringifyIndent(String(i5), value[i5], stack2, spacer, indentation);
|
|
17530
17530
|
res2 += tmp !== void 0 ? tmp : "null";
|
|
17531
17531
|
if (value.length - 1 > maximumBreadth) {
|
|
17532
17532
|
const removedKeys = value.length - maximumBreadth - 1;
|
|
17533
|
-
res2 += `${
|
|
17533
|
+
res2 += `${join13}"... ${getItemCount(removedKeys)} not stringified"`;
|
|
17534
17534
|
}
|
|
17535
17535
|
res2 += `
|
|
17536
17536
|
${originalIndentation}`;
|
|
@@ -17546,16 +17546,16 @@ ${originalIndentation}`;
|
|
|
17546
17546
|
return '"[Object]"';
|
|
17547
17547
|
}
|
|
17548
17548
|
indentation += spacer;
|
|
17549
|
-
const
|
|
17549
|
+
const join12 = `,
|
|
17550
17550
|
${indentation}`;
|
|
17551
17551
|
let res = "";
|
|
17552
17552
|
let separator = "";
|
|
17553
17553
|
let maximumPropertiesToStringify = Math.min(keyLength, maximumBreadth);
|
|
17554
17554
|
if (isTypedArrayWithEntries(value)) {
|
|
17555
|
-
res += stringifyTypedArray(value,
|
|
17555
|
+
res += stringifyTypedArray(value, join12, maximumBreadth);
|
|
17556
17556
|
keys = keys.slice(value.length);
|
|
17557
17557
|
maximumPropertiesToStringify -= value.length;
|
|
17558
|
-
separator =
|
|
17558
|
+
separator = join12;
|
|
17559
17559
|
}
|
|
17560
17560
|
if (deterministic) {
|
|
17561
17561
|
keys = insertSort(keys);
|
|
@@ -17566,13 +17566,13 @@ ${indentation}`;
|
|
|
17566
17566
|
const tmp = stringifyIndent(key2, value[key2], stack2, spacer, indentation);
|
|
17567
17567
|
if (tmp !== void 0) {
|
|
17568
17568
|
res += `${separator}${strEscape(key2)}: ${tmp}`;
|
|
17569
|
-
separator =
|
|
17569
|
+
separator = join12;
|
|
17570
17570
|
}
|
|
17571
17571
|
}
|
|
17572
17572
|
if (keyLength > maximumBreadth) {
|
|
17573
17573
|
const removedKeys = keyLength - maximumBreadth;
|
|
17574
17574
|
res += `${separator}"...": "${getItemCount(removedKeys)} not stringified"`;
|
|
17575
|
-
separator =
|
|
17575
|
+
separator = join12;
|
|
17576
17576
|
}
|
|
17577
17577
|
if (separator !== "") {
|
|
17578
17578
|
res = `
|
|
@@ -95303,7 +95303,9 @@ var require_file_utils = __commonJS({
|
|
|
95303
95303
|
exports2.excludeFiles = excludeFiles;
|
|
95304
95304
|
exports2.copyFiles = copyFiles;
|
|
95305
95305
|
exports2.findParent = findParent2;
|
|
95306
|
+
exports2.getAllFilesRec = getAllFilesRec;
|
|
95306
95307
|
var promises_12 = require("fs/promises");
|
|
95308
|
+
var lodash_1 = require_lodash();
|
|
95307
95309
|
var micromatch_1 = require_micromatch();
|
|
95308
95310
|
var path_1 = require("path");
|
|
95309
95311
|
var async_1 = (init_async(), __toCommonJS(async_exports));
|
|
@@ -95331,6 +95333,23 @@ var require_file_utils = __commonJS({
|
|
|
95331
95333
|
} while (curr !== last2);
|
|
95332
95334
|
return void 0;
|
|
95333
95335
|
}
|
|
95336
|
+
async function getAllFilesRec(dir, excludeDirs) {
|
|
95337
|
+
async function helper(dir2, arrayOfFiles) {
|
|
95338
|
+
const files = await (0, promises_12.readdir)(dir2);
|
|
95339
|
+
for (const file of files) {
|
|
95340
|
+
const filePath = (0, path_1.join)(dir2, file);
|
|
95341
|
+
const info = await (0, promises_12.stat)(filePath);
|
|
95342
|
+
if (info.isDirectory()) {
|
|
95343
|
+
if (!excludeDirs?.includes(file))
|
|
95344
|
+
await helper(filePath, arrayOfFiles);
|
|
95345
|
+
} else {
|
|
95346
|
+
arrayOfFiles.push(filePath);
|
|
95347
|
+
}
|
|
95348
|
+
}
|
|
95349
|
+
return arrayOfFiles;
|
|
95350
|
+
}
|
|
95351
|
+
return (0, lodash_1.uniq)(await helper(dir, []));
|
|
95352
|
+
}
|
|
95334
95353
|
}
|
|
95335
95354
|
});
|
|
95336
95355
|
|
|
@@ -95585,10 +95604,11 @@ function findParent(dir, predicate, wholePath) {
|
|
|
95585
95604
|
} while (curr !== last2);
|
|
95586
95605
|
return void 0;
|
|
95587
95606
|
}
|
|
95588
|
-
var import_micromatch, import_path17;
|
|
95607
|
+
var import_lodash4, import_micromatch, import_path17;
|
|
95589
95608
|
var init_file_utils = __esm({
|
|
95590
95609
|
"../utils/src/file-utils.ts"() {
|
|
95591
95610
|
"use strict";
|
|
95611
|
+
import_lodash4 = __toESM(require_lodash());
|
|
95592
95612
|
import_micromatch = __toESM(require_micromatch());
|
|
95593
95613
|
import_path17 = require("path");
|
|
95594
95614
|
init_async();
|
|
@@ -95596,21 +95616,21 @@ var init_file_utils = __esm({
|
|
|
95596
95616
|
});
|
|
95597
95617
|
|
|
95598
95618
|
// ../utils/src/constants.ts
|
|
95599
|
-
var import_path18,
|
|
95619
|
+
var import_path18, import_lodash5, COANA_ROOT2, COANA_REPOS_PATH, REQUIREMENTS_FILES_SEARCH_DEPTH;
|
|
95600
95620
|
var init_constants2 = __esm({
|
|
95601
95621
|
"../utils/src/constants.ts"() {
|
|
95602
95622
|
"use strict";
|
|
95603
95623
|
import_path18 = require("path");
|
|
95604
95624
|
init_file_utils();
|
|
95605
|
-
|
|
95606
|
-
COANA_ROOT2 = (0,
|
|
95625
|
+
import_lodash5 = __toESM(require_lodash());
|
|
95626
|
+
COANA_ROOT2 = (0, import_lodash5.once)(() => {
|
|
95607
95627
|
const coanaRoot = process.env.COANA_ROOT ?? findParent(__dirname, (d2) => ["coana-package-manager", "coana"].includes(d2));
|
|
95608
95628
|
if (!coanaRoot) {
|
|
95609
95629
|
throw new Error("COANA_ROOT not set and could not be found");
|
|
95610
95630
|
}
|
|
95611
95631
|
return coanaRoot;
|
|
95612
95632
|
});
|
|
95613
|
-
COANA_REPOS_PATH = (0,
|
|
95633
|
+
COANA_REPOS_PATH = (0, import_lodash5.once)(() => {
|
|
95614
95634
|
return process.env.COANA_REPOS_PATH ?? (0, import_path18.resolve)(COANA_ROOT2(), "coana-repos");
|
|
95615
95635
|
});
|
|
95616
95636
|
REQUIREMENTS_FILES_SEARCH_DEPTH = 2;
|
|
@@ -95618,17 +95638,17 @@ var init_constants2 = __esm({
|
|
|
95618
95638
|
});
|
|
95619
95639
|
|
|
95620
95640
|
// ../other-modules-communicator/src/constants.ts
|
|
95621
|
-
var
|
|
95641
|
+
var import_lodash6, import_path19, PACKAGE_MANAGER_SCRIPT_PATH, REACHABILITY_ANALYZERS_SCRIPT_PATH, DOCKER_ENV_VARS_BLACKLIST;
|
|
95622
95642
|
var init_constants3 = __esm({
|
|
95623
95643
|
"../other-modules-communicator/src/constants.ts"() {
|
|
95624
95644
|
"use strict";
|
|
95625
|
-
|
|
95645
|
+
import_lodash6 = __toESM(require_lodash());
|
|
95626
95646
|
import_path19 = require("path");
|
|
95627
95647
|
init_constants2();
|
|
95628
|
-
PACKAGE_MANAGER_SCRIPT_PATH = (0,
|
|
95648
|
+
PACKAGE_MANAGER_SCRIPT_PATH = (0, import_lodash6.once)(() => {
|
|
95629
95649
|
return process.env.PACKAGE_MANAGER_SCRIPT_PATH ?? (0, import_path19.resolve)(COANA_ROOT2(), "packages", "package-management", "dist", "package-management-cli.js");
|
|
95630
95650
|
});
|
|
95631
|
-
REACHABILITY_ANALYZERS_SCRIPT_PATH = (0,
|
|
95651
|
+
REACHABILITY_ANALYZERS_SCRIPT_PATH = (0, import_lodash6.once)(() => {
|
|
95632
95652
|
return process.env.REACHABILITY_ANALYZERS_SCRIPT_PATH ?? (0, import_path19.resolve)(COANA_ROOT2(), "packages", "reachability-analyzers", "dist", "reachability-analyzers-cli.js");
|
|
95633
95653
|
});
|
|
95634
95654
|
DOCKER_ENV_VARS_BLACKLIST = [
|
|
@@ -95650,13 +95670,13 @@ var other_modules_communicator_exports = {};
|
|
|
95650
95670
|
__export(other_modules_communicator_exports, {
|
|
95651
95671
|
OtherModulesCommunicator: () => OtherModulesCommunicator
|
|
95652
95672
|
});
|
|
95653
|
-
var import_promises11,
|
|
95673
|
+
var import_promises11, import_lodash7, import_path20, import_logger_singleton7, OtherModulesCommunicator;
|
|
95654
95674
|
var init_other_modules_communicator = __esm({
|
|
95655
95675
|
"../other-modules-communicator/src/other-modules-communicator.ts"() {
|
|
95656
95676
|
"use strict";
|
|
95657
95677
|
init_docker_manager();
|
|
95658
95678
|
import_promises11 = require("fs/promises");
|
|
95659
|
-
|
|
95679
|
+
import_lodash7 = __toESM(require_lodash());
|
|
95660
95680
|
import_path20 = require("path");
|
|
95661
95681
|
init_command_utils();
|
|
95662
95682
|
init_tmp_file();
|
|
@@ -95670,7 +95690,7 @@ var init_other_modules_communicator = __esm({
|
|
|
95670
95690
|
this.options = options;
|
|
95671
95691
|
}
|
|
95672
95692
|
// Memoize temporary directory per subprojectPath
|
|
95673
|
-
getTmpDirForSubproject = (0,
|
|
95693
|
+
getTmpDirForSubproject = (0, import_lodash7.memoize)(
|
|
95674
95694
|
async (_subprojectPath) => createTmpDirectory(`coana-other-modules-communicator`)
|
|
95675
95695
|
);
|
|
95676
95696
|
getSpinnerTextForPackageManagerCommand(cmd, packageManagerName, subprojectPath) {
|
|
@@ -95705,7 +95725,7 @@ var init_other_modules_communicator = __esm({
|
|
|
95705
95725
|
return this.options.runWithoutDocker ? subprojectPath : (0, import_path20.resolve)("/project", (0, import_path20.relative)(this.rootWorkingDir, subprojectPath));
|
|
95706
95726
|
}
|
|
95707
95727
|
// options shared between package-management and reachability-analyzers
|
|
95708
|
-
commonOptions = (0,
|
|
95728
|
+
commonOptions = (0, import_lodash7.once)(
|
|
95709
95729
|
() => argt`${this.options.debug && "--debug"} ${this.options.silent && "--silent"}
|
|
95710
95730
|
--coana-log-path=${this.options.coanaLogPath} --silent-spinner`
|
|
95711
95731
|
);
|
|
@@ -123330,7 +123350,7 @@ function prettyPrintAxiosError(error) {
|
|
|
123330
123350
|
requestBodyExcerpt = error.config?.data.toString();
|
|
123331
123351
|
}
|
|
123332
123352
|
}
|
|
123333
|
-
const errorContext = (0,
|
|
123353
|
+
const errorContext = (0, import_lodash8.pickBy)(
|
|
123334
123354
|
{
|
|
123335
123355
|
url: error.config?.url,
|
|
123336
123356
|
method: error.config?.method,
|
|
@@ -123349,11 +123369,11 @@ function prettyPrintAxiosError(error) {
|
|
|
123349
123369
|
console.error("Unknown Axios error", error.message);
|
|
123350
123370
|
}
|
|
123351
123371
|
}
|
|
123352
|
-
var
|
|
123372
|
+
var import_lodash8;
|
|
123353
123373
|
var init_axios_error = __esm({
|
|
123354
123374
|
"../utils/src/dashboard-api/axios-error.ts"() {
|
|
123355
123375
|
"use strict";
|
|
123356
|
-
|
|
123376
|
+
import_lodash8 = __toESM(require_lodash());
|
|
123357
123377
|
}
|
|
123358
123378
|
});
|
|
123359
123379
|
|
|
@@ -124082,7 +124102,7 @@ function convertDetectedOccurrenceToLegacyFormat(detectedOccurrence, ecosystem)
|
|
|
124082
124102
|
affectedPackages: detectedOccurrence.affectedPackages,
|
|
124083
124103
|
type: getTypeFromEcosystem(ecosystem),
|
|
124084
124104
|
match: {},
|
|
124085
|
-
affectedAppCodePoints: (0,
|
|
124105
|
+
affectedAppCodePoints: (0, import_lodash9.map)(detectedOccurrence.stacks, "0.sourceLocation")
|
|
124086
124106
|
};
|
|
124087
124107
|
}
|
|
124088
124108
|
return {
|
|
@@ -124113,11 +124133,11 @@ function getTypeFromEcosystem(ecosystem) {
|
|
|
124113
124133
|
throw new Error(`Unsupported ecosystem: ${ecosystem}`);
|
|
124114
124134
|
}
|
|
124115
124135
|
}
|
|
124116
|
-
var
|
|
124136
|
+
var import_lodash9;
|
|
124117
124137
|
var init_detected_occurrence_utils = __esm({
|
|
124118
124138
|
"../web-compat-utils/src/detected-occurrence-utils.ts"() {
|
|
124119
124139
|
"use strict";
|
|
124120
|
-
|
|
124140
|
+
import_lodash9 = __toESM(require_lodash());
|
|
124121
124141
|
init_dist();
|
|
124122
124142
|
}
|
|
124123
124143
|
});
|
|
@@ -129908,7 +129928,7 @@ var init_ecosystem_manager = __esm({
|
|
|
129908
129928
|
});
|
|
129909
129929
|
|
|
129910
129930
|
// ../utils/src/python-versions-manager.ts
|
|
129911
|
-
var import_semver4, import_child_process2,
|
|
129931
|
+
var import_semver4, import_child_process2, import_lodash10, systemPython;
|
|
129912
129932
|
var init_python_versions_manager = __esm({
|
|
129913
129933
|
"../utils/src/python-versions-manager.ts"() {
|
|
129914
129934
|
"use strict";
|
|
@@ -129917,8 +129937,8 @@ var init_python_versions_manager = __esm({
|
|
|
129917
129937
|
init_logger_singleton();
|
|
129918
129938
|
init_pip_utils();
|
|
129919
129939
|
import_child_process2 = require("child_process");
|
|
129920
|
-
|
|
129921
|
-
systemPython = (0,
|
|
129940
|
+
import_lodash10 = __toESM(require_lodash());
|
|
129941
|
+
systemPython = (0, import_lodash10.once)(() => (0, import_child_process2.execFileSync)("which", ["python"], { encoding: "utf8" }).trim());
|
|
129922
129942
|
}
|
|
129923
129943
|
});
|
|
129924
129944
|
|
|
@@ -171249,13 +171269,13 @@ var init_esm11 = __esm({
|
|
|
171249
171269
|
function getUrlForArtifact(repository, groupId, artifactId, type, classifier, version2) {
|
|
171250
171270
|
return `${repository}/${groupId.replaceAll(".", "/")}/${artifactId}/${version2}/${artifactId}-${version2}${classifier ? `-${classifier}` : ""}.${type ?? "jar"}`;
|
|
171251
171271
|
}
|
|
171252
|
-
var
|
|
171272
|
+
var import_lodash11, MAVEN_PUBLIC_REPOSITORIES, memoizedParseShellArgs;
|
|
171253
171273
|
var init_maven_utils = __esm({
|
|
171254
171274
|
"../utils/src/maven-utils.ts"() {
|
|
171255
171275
|
"use strict";
|
|
171256
171276
|
init_command_utils();
|
|
171257
171277
|
init_esm11();
|
|
171258
|
-
|
|
171278
|
+
import_lodash11 = __toESM(require_lodash());
|
|
171259
171279
|
MAVEN_PUBLIC_REPOSITORIES = [
|
|
171260
171280
|
"https://repo1.maven.org/maven2",
|
|
171261
171281
|
"https://packages.atlassian.com/artifactory/maven-atlassian-external",
|
|
@@ -171265,7 +171285,7 @@ var init_maven_utils = __esm({
|
|
|
171265
171285
|
"https://maven.wso2.org/nexus/content/repositories/public",
|
|
171266
171286
|
"https://nexus.bedatadriven.com/content/groups/public"
|
|
171267
171287
|
];
|
|
171268
|
-
memoizedParseShellArgs = (0,
|
|
171288
|
+
memoizedParseShellArgs = (0, import_lodash11.memoize)(parseShellArgs);
|
|
171269
171289
|
}
|
|
171270
171290
|
});
|
|
171271
171291
|
|
|
@@ -171523,8 +171543,8 @@ var init_vulnerabilities_supported_db = __esm({
|
|
|
171523
171543
|
async getAllActiveCoanaSupportedVulnerabilities() {
|
|
171524
171544
|
return this.vulnerabilitiesSupportedCollection.find({ active: true, withdrawnAt: null }).toArray();
|
|
171525
171545
|
}
|
|
171526
|
-
async getAllCoanaSupportedVulnerabilities() {
|
|
171527
|
-
return this.vulnerabilitiesSupportedCollection.find({}).toArray();
|
|
171546
|
+
async getAllCoanaSupportedVulnerabilities(ecosystem) {
|
|
171547
|
+
return this.vulnerabilitiesSupportedCollection.find(ecosystem !== void 0 ? { ecosystem } : {}).toArray();
|
|
171528
171548
|
}
|
|
171529
171549
|
async getCoanaSupportedVulnerability(ecosystem, advisory) {
|
|
171530
171550
|
return this.vulnerabilitiesSupportedCollection.findOne({
|
|
@@ -171586,35 +171606,41 @@ var coana_supported_vulnerabilities_loader_exports = {};
|
|
|
171586
171606
|
__export(coana_supported_vulnerabilities_loader_exports, {
|
|
171587
171607
|
CoanaSupportedVulnerabilitiesLoader: () => CoanaSupportedVulnerabilitiesLoader
|
|
171588
171608
|
});
|
|
171589
|
-
var CoanaSupportedVulnerabilitiesLoader;
|
|
171609
|
+
var CoanaSupportedVulnerabilitiesLoader, OfflineCoanaSupportedVulnerabilitiesLoader, DatabaseCoanaSupportedVulnerabilitiesLoader;
|
|
171590
171610
|
var init_coana_supported_vulnerabilities_loader = __esm({
|
|
171591
171611
|
"../security-auditor/security-auditor-api/src/package-meta-data/coana-supported-vulnerabilities-loader.ts"() {
|
|
171592
171612
|
"use strict";
|
|
171593
171613
|
init_vulnerabilities_supported_db();
|
|
171594
171614
|
CoanaSupportedVulnerabilitiesLoader = class {
|
|
171595
|
-
|
|
171596
|
-
|
|
171597
|
-
|
|
171598
|
-
|
|
171599
|
-
|
|
171600
|
-
constructor(
|
|
171601
|
-
|
|
171602
|
-
|
|
171603
|
-
|
|
171604
|
-
|
|
171615
|
+
static create(ecosystemToUrlToVulnerabilityDetails) {
|
|
171616
|
+
return ecosystemToUrlToVulnerabilityDetails ? new OfflineCoanaSupportedVulnerabilitiesLoader(ecosystemToUrlToVulnerabilityDetails) : new DatabaseCoanaSupportedVulnerabilitiesLoader();
|
|
171617
|
+
}
|
|
171618
|
+
};
|
|
171619
|
+
OfflineCoanaSupportedVulnerabilitiesLoader = class extends CoanaSupportedVulnerabilitiesLoader {
|
|
171620
|
+
constructor(ecosystemToUrlToVulnerabilityDetails) {
|
|
171621
|
+
super();
|
|
171622
|
+
this.ecosystemToUrlToVulnerabilityDetails = ecosystemToUrlToVulnerabilityDetails;
|
|
171623
|
+
}
|
|
171624
|
+
async getCoanaSupportedVulnerability(ecosystem, advisoryUrl) {
|
|
171625
|
+
return { type: "offline", data: this.ecosystemToUrlToVulnerabilityDetails[ecosystem]?.[advisoryUrl] };
|
|
171605
171626
|
}
|
|
171627
|
+
};
|
|
171628
|
+
DatabaseCoanaSupportedVulnerabilitiesLoader = class extends CoanaSupportedVulnerabilitiesLoader {
|
|
171606
171629
|
coanaSupportedVulnerabilitiesPromise;
|
|
171630
|
+
constructor(vulnerabilitiesSupportedDbInterface) {
|
|
171631
|
+
super();
|
|
171632
|
+
this.coanaSupportedVulnerabilitiesPromise = vulnerabilitiesSupportedDbInterface ? Promise.resolve(vulnerabilitiesSupportedDbInterface) : CoanaSupportedVulnerabilitiesDBInterface.create();
|
|
171633
|
+
}
|
|
171607
171634
|
async getCoanaSupportedVulnerability(ecosystem, advisoryUrl) {
|
|
171608
|
-
if (this.ecosystemToUrlToCoanaVulnerabilityMeta)
|
|
171609
|
-
return { type: "offline", data: this.ecosystemToUrlToCoanaVulnerabilityMeta[ecosystem]?.[advisoryUrl] };
|
|
171610
171635
|
const vulnSupportDBEntry = await (await this.coanaSupportedVulnerabilitiesPromise).getCoanaSupportedVulnerability(ecosystem, advisoryUrl.replace("https://github.com/advisories/", ""));
|
|
171611
171636
|
if (!vulnSupportDBEntry) return void 0;
|
|
171612
171637
|
return { type: "database", data: vulnSupportDBEntry };
|
|
171613
171638
|
}
|
|
171614
171639
|
async close() {
|
|
171615
|
-
|
|
171616
|
-
|
|
171617
|
-
|
|
171640
|
+
await (await this.coanaSupportedVulnerabilitiesPromise).close();
|
|
171641
|
+
}
|
|
171642
|
+
async getCoanaSupportedVulnerabilities(ecosystem) {
|
|
171643
|
+
return (await this.coanaSupportedVulnerabilitiesPromise).getAllCoanaSupportedVulnerabilities(ecosystem);
|
|
171618
171644
|
}
|
|
171619
171645
|
};
|
|
171620
171646
|
}
|
|
@@ -189413,11 +189439,9 @@ var init_in_memory_vulnerability_metadata_store = __esm({
|
|
|
189413
189439
|
init_vulnerability_collection_builder();
|
|
189414
189440
|
init_coana_supported_vulnerabilities_loader();
|
|
189415
189441
|
InMemoryVulnerabilityMetadataStore = class {
|
|
189416
|
-
vulnerabilityDB
|
|
189417
|
-
|
|
189418
|
-
|
|
189419
|
-
this.vulnerabilityDB = vulnerabilityDB ?? computeAdvisoryDB();
|
|
189420
|
-
this.vulnerabilitiesAccessPathsLoader = vulnerabilitiesAccessPathsLoader ?? new CoanaSupportedVulnerabilitiesLoader();
|
|
189442
|
+
constructor(vulnerabilityDB = computeAdvisoryDB(), vulnerabilitiesAccessPathsLoader = CoanaSupportedVulnerabilitiesLoader.create()) {
|
|
189443
|
+
this.vulnerabilityDB = vulnerabilityDB;
|
|
189444
|
+
this.vulnerabilitiesAccessPathsLoader = vulnerabilitiesAccessPathsLoader;
|
|
189421
189445
|
}
|
|
189422
189446
|
async getVulnerabilities(ecosystem, packageName) {
|
|
189423
189447
|
const cves = (await this.vulnerabilityDB)[ecosystem][packageName];
|
|
@@ -189946,18 +189970,17 @@ var init_security_auditor = __esm({
|
|
|
189946
189970
|
/**
|
|
189947
189971
|
* @param enableMissingVulnerabilitySupportReporting - if true, then slack reporting is enabled. Still requires SLACK_OAUTH_TOKEN and SLACK_CHANNEL_ID to be set.
|
|
189948
189972
|
*/
|
|
189949
|
-
constructor(pms, vms, enableMissingVulnerabilitySupportReporting, coanaSupportedVulnerabilitiesLoader =
|
|
189973
|
+
constructor(pms, vms, enableMissingVulnerabilitySupportReporting, coanaSupportedVulnerabilitiesLoader = CoanaSupportedVulnerabilitiesLoader.create()) {
|
|
189950
189974
|
this.pms = pms;
|
|
189951
189975
|
this.vms = vms;
|
|
189952
189976
|
this.enableMissingVulnerabilitySupportReporting = enableMissingVulnerabilitySupportReporting;
|
|
189977
|
+
this.coanaSupportedVulnerabilitiesLoader = coanaSupportedVulnerabilitiesLoader;
|
|
189953
189978
|
if (enableMissingVulnerabilitySupportReporting) {
|
|
189954
189979
|
this.slackReporter = new SlackReporter();
|
|
189955
189980
|
this.coanaSupportedVulnerabilitiesDbInterface = CoanaSupportedVulnerabilitiesDBInterface.create();
|
|
189956
189981
|
}
|
|
189957
|
-
this.coanaSupportedVulnerabilitiesLoader = coanaSupportedVulnerabilitiesLoader ?? new CoanaSupportedVulnerabilitiesLoader();
|
|
189958
189982
|
}
|
|
189959
189983
|
slackReporter;
|
|
189960
|
-
coanaSupportedVulnerabilitiesLoader;
|
|
189961
189984
|
coanaSupportedVulnerabilitiesDbInterface;
|
|
189962
189985
|
/**
|
|
189963
189986
|
* If vulnerabilitiesMap is provided, then it's used to look for vulnerabilities instead
|
|
@@ -190129,7 +190152,7 @@ var init_security_auditor = __esm({
|
|
|
190129
190152
|
if (this.coanaSupportedVulnerabilitiesDbInterface) {
|
|
190130
190153
|
await (await this.coanaSupportedVulnerabilitiesDbInterface).close();
|
|
190131
190154
|
}
|
|
190132
|
-
await this.coanaSupportedVulnerabilitiesLoader.close();
|
|
190155
|
+
await this.coanaSupportedVulnerabilitiesLoader.close?.();
|
|
190133
190156
|
}
|
|
190134
190157
|
};
|
|
190135
190158
|
}
|
|
@@ -190189,8 +190212,8 @@ var require_vulnerability_scanning = __commonJS({
|
|
|
190189
190212
|
logger_singleton_1.logger.info("using offline vulnerability scanner db");
|
|
190190
190213
|
const offlineVulnerabilityScannerDB = JSON.parse(await (0, promises_12.readFile)(offlineVulnerabilityScannerDBPath, "utf-8"));
|
|
190191
190214
|
const { ecosystemToUrlToVulnerabilityDetails, vulnerabilityDatabase } = offlineVulnerabilityScannerDB;
|
|
190192
|
-
const coanaSupportedVulnerabilitiesLoader =
|
|
190193
|
-
const vulnerabilityAccessPathLoader =
|
|
190215
|
+
const coanaSupportedVulnerabilitiesLoader = coana_supported_vulnerabilities_loader_1.CoanaSupportedVulnerabilitiesLoader.create(ecosystemToUrlToVulnerabilityDetails);
|
|
190216
|
+
const vulnerabilityAccessPathLoader = coana_supported_vulnerabilities_loader_1.CoanaSupportedVulnerabilitiesLoader.create(ecosystemToUrlToVulnerabilityDetails);
|
|
190194
190217
|
const pms = new in_memory_package_metadata_store_1.InMemoryPackageMetadataStore(
|
|
190195
190218
|
// packageMetaData is left as an empty object since it's only used during
|
|
190196
190219
|
// the vulnerability fix algorithm, which isn't currently supported in offline mode
|
|
@@ -190212,7 +190235,7 @@ var require_version = __commonJS({
|
|
|
190212
190235
|
"use strict";
|
|
190213
190236
|
Object.defineProperty(exports2, "__esModule", { value: true });
|
|
190214
190237
|
exports2.version = void 0;
|
|
190215
|
-
exports2.version = "13.19.
|
|
190238
|
+
exports2.version = "13.19.18";
|
|
190216
190239
|
}
|
|
190217
190240
|
});
|
|
190218
190241
|
|
|
@@ -190599,7 +190622,7 @@ var require_cli_core = __commonJS({
|
|
|
190599
190622
|
}
|
|
190600
190623
|
return workspacePaths.map((workspacePath) => {
|
|
190601
190624
|
const codeAwareScanResultsForAllPackages = [];
|
|
190602
|
-
codeAwareScanResultsForAllPackages.push(...transformToReportVulnerabilities(workspaceToAugmentedVulnerabilities[workspacePath], projectInfo[workspacePath].directDependenciesMap ?? {}, subprojectPath, workspacePath, rootWorkingDirectory));
|
|
190625
|
+
codeAwareScanResultsForAllPackages.push(...this.transformToReportVulnerabilities(workspaceToAugmentedVulnerabilities[workspacePath], projectInfo[workspacePath].directDependenciesMap ?? {}, subprojectPath, workspacePath, rootWorkingDirectory));
|
|
190603
190626
|
return {
|
|
190604
190627
|
subprojectPath: (0, path_1.relative)(rootWorkingDirectory, subprojectPath) || ".",
|
|
190605
190628
|
workspacePath,
|
|
@@ -190635,38 +190658,43 @@ var require_cli_core = __commonJS({
|
|
|
190635
190658
|
...workspacePath ? { workspacePath } : {}
|
|
190636
190659
|
}, isStartEvent, this.reportId, this.options.apiKey);
|
|
190637
190660
|
}
|
|
190661
|
+
/**
|
|
190662
|
+
* Augment the results field of the `vulns` with metadata.
|
|
190663
|
+
*/
|
|
190664
|
+
transformToReportVulnerabilities(vulns, directDependencies, subprojectPath, workspacePath, projectDir) {
|
|
190665
|
+
return vulns.map((v) => {
|
|
190666
|
+
const vulnerableNode = Object.values(v.vulnChainDetails?.transitiveDependencies ?? []).find((node) => node.vulnerable);
|
|
190667
|
+
if (!vulnerableNode) {
|
|
190668
|
+
throw new Error(`AssertionError: Unable to find vulnerable node in vulnChainDetails ${JSON.stringify(v.vulnChainDetails)}} for vulnerability ${v.url}`);
|
|
190669
|
+
}
|
|
190670
|
+
const reachability = (0, vulnerability_reachability_1.getVulnReachability)(v.results);
|
|
190671
|
+
let dependencyType = getDependencyType(v.vulnChainDetails, v.results, directDependencies, reachability);
|
|
190672
|
+
if (!dependencyType || dependencyType === "unknown") {
|
|
190673
|
+
dependencyType = "prod&dev";
|
|
190674
|
+
if (this.options.apiKey) {
|
|
190675
|
+
(0, dashboard_integration_1.sendWarningToDashboard)("Unable to determine dependency type", { subprojectPath, workspacePath }, { vulnChainDetails: v.vulnChainDetails, results: v.results, directDependencies, reachability }, this.reportId, this.options.apiKey);
|
|
190676
|
+
}
|
|
190677
|
+
}
|
|
190678
|
+
return {
|
|
190679
|
+
vulnerabilityUrl: v.url,
|
|
190680
|
+
vulnerabilityUnreachableByPrecomputation: v.unreachableByPrecomputation ? v.unreachableByPrecomputation : "NOT_COMPUTED",
|
|
190681
|
+
// vulnChainDetails is always present
|
|
190682
|
+
// we only keep it as optional (potentially undefined) to
|
|
190683
|
+
// handle requests to the backend from old version of the CLI.
|
|
190684
|
+
vulnChainDetails: v.vulnChainDetails,
|
|
190685
|
+
subprojectPath: getRelativeSubprojectPath(subprojectPath, projectDir),
|
|
190686
|
+
workspacePath,
|
|
190687
|
+
codeAwareScanResult: v.results,
|
|
190688
|
+
packageName: vulnerableNode.packageName,
|
|
190689
|
+
packageVersion: vulnerableNode.version ?? "",
|
|
190690
|
+
ecosystem: v.ecosystem ?? "NPM",
|
|
190691
|
+
dependencyType,
|
|
190692
|
+
reachability
|
|
190693
|
+
};
|
|
190694
|
+
});
|
|
190695
|
+
}
|
|
190638
190696
|
};
|
|
190639
190697
|
exports2.CliCore = CliCore;
|
|
190640
|
-
function transformToReportVulnerabilities(vulns, directDependencies, subprojectPath, workspacePath, projectDir) {
|
|
190641
|
-
return vulns.map((v) => {
|
|
190642
|
-
const vulnerableNode = Object.values(v.vulnChainDetails?.transitiveDependencies ?? []).find((node) => node.vulnerable);
|
|
190643
|
-
if (!vulnerableNode) {
|
|
190644
|
-
throw new Error(`AssertionError: Unable to find vulnerable node in vulnChainDetails ${JSON.stringify(v.vulnChainDetails)}} for vulnerability ${v.url}`);
|
|
190645
|
-
}
|
|
190646
|
-
const reachability = (0, vulnerability_reachability_1.getVulnReachability)(v.results);
|
|
190647
|
-
const dependencyType = getDependencyType(v.vulnChainDetails, v.results, directDependencies, reachability);
|
|
190648
|
-
if (dependencyType === "unknown") {
|
|
190649
|
-
logger_singleton_1.logger.info(JSON.stringify(v.vulnChainDetails, null, 2), JSON.stringify(v.results, null, 2), directDependencies, reachability);
|
|
190650
|
-
throw new Error(`AssertionError: Unable to determine dependency type for vulnerability ${v.url} with reachability ${reachability}`);
|
|
190651
|
-
}
|
|
190652
|
-
return {
|
|
190653
|
-
vulnerabilityUrl: v.url,
|
|
190654
|
-
vulnerabilityUnreachableByPrecomputation: v.unreachableByPrecomputation ? v.unreachableByPrecomputation : "NOT_COMPUTED",
|
|
190655
|
-
// vulnChainDetails is always present
|
|
190656
|
-
// we only keep it as optional (potentially undefined) to
|
|
190657
|
-
// handle requests to the backend from old version of the CLI.
|
|
190658
|
-
vulnChainDetails: v.vulnChainDetails,
|
|
190659
|
-
subprojectPath: getRelativeSubprojectPath(subprojectPath, projectDir),
|
|
190660
|
-
workspacePath,
|
|
190661
|
-
codeAwareScanResult: v.results,
|
|
190662
|
-
packageName: vulnerableNode.packageName,
|
|
190663
|
-
packageVersion: vulnerableNode.version ?? "",
|
|
190664
|
-
ecosystem: v.ecosystem ?? "NPM",
|
|
190665
|
-
dependencyType,
|
|
190666
|
-
reachability
|
|
190667
|
-
};
|
|
190668
|
-
});
|
|
190669
|
-
}
|
|
190670
190698
|
function getRelativeSubprojectPath(subprojectPath, projectDir) {
|
|
190671
190699
|
return (0, path_1.relative)(projectDir, subprojectPath) || ".";
|
|
190672
190700
|
}
|