@coana-tech/cli 13.19.26 → 13.19.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli.js +42 -37
  2. package/package.json +1 -1
package/cli.js CHANGED
@@ -83364,10 +83364,10 @@ ${indent}`);
83364
83364
  var pathModule = __webpack_require__(0);
83365
83365
  var isWindows = process.platform === "win32";
83366
83366
  var fs = __webpack_require__(3);
83367
- var DEBUG3 = process.env.NODE_DEBUG && /fs/.test(process.env.NODE_DEBUG);
83367
+ var DEBUG = process.env.NODE_DEBUG && /fs/.test(process.env.NODE_DEBUG);
83368
83368
  function rethrow() {
83369
83369
  var callback;
83370
- if (DEBUG3) {
83370
+ if (DEBUG) {
83371
83371
  var backtrace = new Error();
83372
83372
  callback = debugCallback;
83373
83373
  } else
@@ -118447,10 +118447,10 @@ var require_old = __commonJS({
118447
118447
  var pathModule = require("path");
118448
118448
  var isWindows = process.platform === "win32";
118449
118449
  var fs = require("fs");
118450
- var DEBUG3 = process.env.NODE_DEBUG && /fs/.test(process.env.NODE_DEBUG);
118450
+ var DEBUG = process.env.NODE_DEBUG && /fs/.test(process.env.NODE_DEBUG);
118451
118451
  function rethrow() {
118452
118452
  var callback;
118453
- if (DEBUG3) {
118453
+ if (DEBUG) {
118454
118454
  var backtrace = new Error();
118455
118455
  callback = debugCallback;
118456
118456
  } else
@@ -189534,7 +189534,7 @@ function combineVulnPathDetails([vpd1, ...rest]) {
189534
189534
  }
189535
189535
  return res;
189536
189536
  }
189537
- var DEBUG, MESSAGE_PREFIX_FOR_FAILED_TO_PICK_VERSION, MESSAGE_PREFIX_FOR_NO_POTENTIAL_VERSIONS, FixesTask;
189537
+ var MESSAGE_PREFIX_FOR_FAILED_TO_PICK_VERSION, MESSAGE_PREFIX_FOR_NO_POTENTIAL_VERSIONS, FixesTask;
189538
189538
  var init_fixes_task = __esm({
189539
189539
  "../security-auditor/security-auditor-api/src/fixes-task.ts"() {
189540
189540
  "use strict";
@@ -189542,14 +189542,14 @@ var init_fixes_task = __esm({
189542
189542
  init_assertions();
189543
189543
  init_async();
189544
189544
  init_dependency_tree();
189545
- DEBUG = process.env.DEBUG;
189546
189545
  MESSAGE_PREFIX_FOR_FAILED_TO_PICK_VERSION = `Failed to pick a version`;
189547
189546
  MESSAGE_PREFIX_FOR_NO_POTENTIAL_VERSIONS = `No potential versions`;
189548
189547
  FixesTask = class {
189549
- constructor(pms, vms, packageStructure) {
189548
+ constructor(pms, vms, packageStructure, logger5) {
189550
189549
  this.pms = pms;
189551
189550
  this.vms = vms;
189552
189551
  this.packageStructure = packageStructure;
189552
+ this.logger = logger5;
189553
189553
  this.ecosystem = packageStructure.ecosystem ?? "NPM";
189554
189554
  this.parentsMap = /* @__PURE__ */ new Map();
189555
189555
  }
@@ -189568,24 +189568,29 @@ var init_fixes_task = __esm({
189568
189568
  };
189569
189569
  }
189570
189570
  const validNonVulnerableVersionsForAllVulns = [];
189571
- await applySeries(vulnerabilities, async (v) => {
189572
- try {
189573
- if (DEBUG) console.log("Starting finding fixes for vulnerability: ", v.url, "at ", (/* @__PURE__ */ new Date()).toString());
189574
- const { potentialVersionsForFix, vulnerabilityFixes } = await this.findFixForVulnerability(v);
189575
- if (DEBUG) console.log("Done finding fixes for vulnerability: ", v.url, "at ", (/* @__PURE__ */ new Date()).toString());
189576
- v.fix = {
189577
- type: "success",
189578
- vulnerabilityFixes
189579
- };
189580
- validNonVulnerableVersionsForAllVulns.push(potentialVersionsForFix);
189581
- } catch (e) {
189582
- if (DEBUG) {
189583
- console.log("Failed to find fix for vulnerability: ", v.url, "at ", (/* @__PURE__ */ new Date()).toString());
189584
- console.log(e.stack);
189571
+ await asyncForEach(
189572
+ vulnerabilities,
189573
+ async (v) => {
189574
+ try {
189575
+ this.logger?.debug(`Starting finding fixes for vulnerability: ${v.url} at ${(/* @__PURE__ */ new Date()).toString()}`);
189576
+ const { potentialVersionsForFix, vulnerabilityFixes } = await this.findFixForVulnerability(v);
189577
+ this.logger?.debug(`Done finding fixes for vulnerability: ${v.url} at ${(/* @__PURE__ */ new Date()).toString()}`);
189578
+ v.fix = {
189579
+ type: "success",
189580
+ vulnerabilityFixes
189581
+ };
189582
+ validNonVulnerableVersionsForAllVulns.push(potentialVersionsForFix);
189583
+ } catch (e) {
189584
+ this.logger?.error({
189585
+ message: "Failed to find fix for vulnerability",
189586
+ vulnerability: v.url,
189587
+ stack: e.stack
189588
+ });
189589
+ v.fix = transformErrorToVulnerabilityFixes(e);
189585
189590
  }
189586
- v.fix = transformErrorToVulnerabilityFixes(e);
189587
- }
189588
- });
189591
+ },
189592
+ 5
189593
+ );
189589
189594
  const validNonVulnerableVersionsOfVulnerableDependenciesCombined = combinePotentialVersions(validNonVulnerableVersionsForAllVulns);
189590
189595
  const computeCombinedFix = async (vulnerabilities2, potentialVersionsCombined) => {
189591
189596
  try {
@@ -189622,11 +189627,8 @@ var init_fixes_task = __esm({
189622
189627
  */
189623
189628
  async findFixForVulnerability(vuln) {
189624
189629
  const potentialVersionsForFix = await this.computePotentialVersionsForFixWrapper(vuln);
189625
- if (DEBUG) {
189626
- console.log("Found potential versions, now choosing fixed versions", "at ", (/* @__PURE__ */ new Date()).toString());
189627
- console.log("vuln.vulnChainDetails", JSON.stringify(vuln.vulnChainDetails, null, 2));
189628
- console.log("potentialVersionsForFix", JSON.stringify(potentialVersionsForFix, null, 2));
189629
- }
189630
+ this.logger?.debug(`Found potential versions, now choosing fixed versions for ${vuln.url}`);
189631
+ this.logger?.debug(`potentialVersionsForFix: ${JSON.stringify(potentialVersionsForFix)}`);
189630
189632
  const vulnerabilityFixes = await this.chooseFixesFromPotentialVersionsForFix(
189631
189633
  vuln.vulnChainDetails,
189632
189634
  potentialVersionsForFix
@@ -189955,7 +189957,7 @@ var security_auditor_exports = {};
189955
189957
  __export(security_auditor_exports, {
189956
189958
  SecurityAuditor: () => SecurityAuditor
189957
189959
  });
189958
- var DEBUG2, SecurityAuditor;
189960
+ var SecurityAuditor;
189959
189961
  var init_security_auditor = __esm({
189960
189962
  "../security-auditor/security-auditor-api/src/security-auditor.ts"() {
189961
189963
  "use strict";
@@ -189966,16 +189968,16 @@ var init_security_auditor = __esm({
189966
189968
  init_fixes_task();
189967
189969
  init_coana_supported_vulnerabilities_loader();
189968
189970
  init_vulnerabilities_supported_db();
189969
- DEBUG2 = process.env.DEBUG;
189970
189971
  SecurityAuditor = class {
189971
189972
  /**
189972
189973
  * @param enableMissingVulnerabilitySupportReporting - if true, then slack reporting is enabled. Still requires SLACK_OAUTH_TOKEN and SLACK_CHANNEL_ID to be set.
189973
189974
  */
189974
- constructor(pms, vms, enableMissingVulnerabilitySupportReporting, coanaSupportedVulnerabilitiesLoader = CoanaSupportedVulnerabilitiesLoader.create()) {
189975
+ constructor(pms, vms, enableMissingVulnerabilitySupportReporting, coanaSupportedVulnerabilitiesLoader = CoanaSupportedVulnerabilitiesLoader.create(), nestLogger) {
189975
189976
  this.pms = pms;
189976
189977
  this.vms = vms;
189977
189978
  this.enableMissingVulnerabilitySupportReporting = enableMissingVulnerabilitySupportReporting;
189978
189979
  this.coanaSupportedVulnerabilitiesLoader = coanaSupportedVulnerabilitiesLoader;
189980
+ this.nestLogger = nestLogger;
189979
189981
  if (enableMissingVulnerabilitySupportReporting) {
189980
189982
  this.slackReporter = new SlackReporter();
189981
189983
  this.coanaSupportedVulnerabilitiesDbInterface = CoanaSupportedVulnerabilitiesDBInterface.create();
@@ -190110,7 +190112,10 @@ var init_security_auditor = __esm({
190110
190112
  const patchedVersions = await this.findPatchedVersionsForVulnerability(vulnerability);
190111
190113
  return { ...vulnerability, patchedVersions };
190112
190114
  } catch (error) {
190113
- console.error(error.message);
190115
+ this.nestLogger?.error(
190116
+ `Error while fetching patched versions for vulnerability ${vulnerability.url}`,
190117
+ error.stack
190118
+ );
190114
190119
  return vulnerability;
190115
190120
  }
190116
190121
  })
@@ -190142,9 +190147,9 @@ var init_security_auditor = __esm({
190142
190147
  }
190143
190148
  async findFixes(vulnerabilities, packageStructure) {
190144
190149
  const startTime = Date.now();
190145
- if (DEBUG2) console.log("Starting findFixes at " + Date.now().toString());
190146
- const fixes = await new FixesTask(this.pms, this.vms, packageStructure).findFixes(vulnerabilities);
190147
- if (DEBUG2) console.log("Completed findFixes at " + Date.now().toString());
190150
+ this.nestLogger?.debug("Starting findFixes at " + (/* @__PURE__ */ new Date()).toISOString());
190151
+ const fixes = await new FixesTask(this.pms, this.vms, packageStructure, this.nestLogger).findFixes(vulnerabilities);
190152
+ this.nestLogger?.debug("Completed findFixes at " + (/* @__PURE__ */ new Date()).toISOString());
190148
190153
  return Object.assign(fixes, { metadata: { computeFixesDuration: Date.now() - startTime } });
190149
190154
  }
190150
190155
  async close() {
@@ -190236,7 +190241,7 @@ var require_version = __commonJS({
190236
190241
  "use strict";
190237
190242
  Object.defineProperty(exports2, "__esModule", { value: true });
190238
190243
  exports2.version = void 0;
190239
- exports2.version = "13.19.26";
190244
+ exports2.version = "13.19.28";
190240
190245
  }
190241
190246
  });
190242
190247
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@coana-tech/cli",
3
- "version": "13.19.26",
3
+ "version": "13.19.28",
4
4
  "description": "Coana CLI",
5
5
  "bin": {
6
6
  "@coana-tech/cli": "./cli.js"