@coana-tech/cli 14.0.11 → 14.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli.js +30 -41
  2. package/package.json +1 -1
package/cli.js CHANGED
@@ -89011,7 +89011,10 @@ var init_nuget_fixing_manager = __esm({
89011
89011
  async (wsPath) => {
89012
89012
  const fixesWithId = fixes[wsPath];
89013
89013
  const dependencyTree = fixingInfo.dependencyTrees[wsPath];
89014
- const projectFilePath = (0, import_path10.join)(this.getAbsWsPath(wsPath), fixingInfo.projectFiles[wsPath]);
89014
+ const projectFiles = fixingInfo.projectFiles[wsPath];
89015
+ if (projectFiles.length !== 1)
89016
+ throw new Error("Applying fixes to workspaces with more than 1 project file currently not supported");
89017
+ const projectFilePath = (0, import_path10.join)(this.getAbsWsPath(wsPath), projectFiles[0]);
89015
89018
  const initialProjectFile = await (0, import_promises9.readFile)(projectFilePath, "utf-8");
89016
89019
  const initialLockFile = await this.restoreWorkspaceAndParseLockFile(wsPath);
89017
89020
  await applySeries(fixesWithId, async ({ fixId, vulnerabilityFixes }) => {
@@ -89028,7 +89031,10 @@ var init_nuget_fixing_manager = __esm({
89028
89031
  await applySeries(workspacePaths, async (wsPath) => {
89029
89032
  const finalProjectFile = workspaceToResults[wsPath].projectFile;
89030
89033
  const finalLockFile = workspaceToResults[wsPath].lockFile;
89031
- await (0, import_promises9.writeFile)((0, import_path10.join)(this.getAbsWsPath(wsPath), fixingInfo.projectFiles[wsPath]), finalProjectFile);
89034
+ const projectFiles = fixingInfo.projectFiles[wsPath];
89035
+ if (projectFiles.length !== 1)
89036
+ throw new Error("Applying fixes to workspaces with more than 1 project file currently not supported");
89037
+ await (0, import_promises9.writeFile)((0, import_path10.join)(this.getAbsWsPath(wsPath), projectFiles[0]), finalProjectFile);
89032
89038
  await (0, import_promises9.writeFile)(this.getLockFilePath(wsPath), JSON.stringify(finalLockFile, null, 2));
89033
89039
  });
89034
89040
  if (solutionFiles) {
@@ -89060,24 +89066,20 @@ var init_nuget_fixing_manager = __esm({
89060
89066
  });
89061
89067
  const conflictCache = new Cache();
89062
89068
  await applySeries(vulnFixes, async ({ dependencyIdentifier, dependencyName, fixedVersion }) => {
89063
- await applySeries(
89064
- dependencyTree.transitiveDependencies[dependencyIdentifier].frameworks?.filter(
89065
- (framework) => typeCache.get(framework)?.get(dependencyName) === "Direct"
89066
- ) ?? [],
89067
- async (framework) => {
89068
- const nugetRange = NuGetRange.parse(requestedCache.get(framework)?.get(dependencyName) ?? "0.0.0");
89069
- const nugetFixedVersion = NuGetVersion.parse(fixedVersion);
89070
- conflictCache.computeIfAbsent(framework, Cache.create).putIfAbsent(dependencyName, !nugetRange.contains(nugetFixedVersion));
89071
- const updatedNugetRange = NuGetRange.combineRanges(nugetRange, NuGetRange.combineVersions(nugetFixedVersion));
89072
- requestedCache.computeIfAbsent(framework, Cache.create).set(dependencyName, updatedNugetRange.toString());
89073
- }
89074
- );
89069
+ const framework = dependencyTree.transitiveDependencies[dependencyIdentifier].framework;
89070
+ if (framework && typeCache.get(framework)?.get(dependencyName) === "Direct") {
89071
+ const nugetRange = NuGetRange.parse(requestedCache.get(framework)?.get(dependencyName) ?? "0.0.0");
89072
+ const nugetFixedVersion = NuGetVersion.parse(fixedVersion);
89073
+ conflictCache.computeIfAbsent(framework, Cache.create).putIfAbsent(dependencyName, !nugetRange.contains(nugetFixedVersion));
89074
+ const updatedNugetRange = NuGetRange.combineRanges(nugetRange, NuGetRange.combineVersions(nugetFixedVersion));
89075
+ requestedCache.computeIfAbsent(framework, Cache.create).set(dependencyName, updatedNugetRange.toString());
89076
+ }
89075
89077
  });
89076
89078
  await applySeries(vulnFixes, async ({ dependencyIdentifier, dependencyName, fixedVersion }) => {
89077
- await applySeries(
89078
- dependencyTree.transitiveDependencies[dependencyIdentifier].frameworks ?? [],
89079
- async (framework) => await this.addPackage(dependencyName, fixedVersion, framework, wsPath)
89080
- );
89079
+ const framework = dependencyTree.transitiveDependencies[dependencyIdentifier].framework;
89080
+ if (framework) {
89081
+ await this.addPackage(dependencyName, fixedVersion, framework, wsPath);
89082
+ }
89081
89083
  });
89082
89084
  const lockFileWithFixes = await this.restoreWorkspaceAndParseLockFile(wsPath);
89083
89085
  Object.entries(lockFileWithFixes.dependencies).forEach(([framework, nameToDetails]) => {
@@ -89097,29 +89099,16 @@ var init_nuget_fixing_manager = __esm({
89097
89099
  });
89098
89100
  await (0, import_promises9.writeFile)(projectFilePath, initialProjectFile);
89099
89101
  await applySeries(vulnFixes, async ({ dependencyIdentifier, dependencyName }) => {
89100
- await applySeries(
89101
- dependencyTree.transitiveDependencies[dependencyIdentifier].frameworks?.filter(
89102
- (framework) => conflictCache.get(framework)?.get(dependencyName)
89103
- ) ?? [],
89104
- // Add dependency with the updated version range that accomodates the fixed version.
89105
- // Using this range, instead of 'fixedVersion' or '[fixedVersion]' avoids .NET downgrade error.
89106
- // A downgrade error happens in the following case:
89107
- // - Project file for workspace A specifies dependency D at version range r1
89108
- // - Project file for workspace B specifies dependency on workspace A and on dependency D at range r2
89109
- // - The lower bound for r2 is less than the lower bound for r1
89110
- // Assuming the fix version is an upgrade, using the updated requested range will keep the lower
89111
- // bound on r1 after applying a fix to workspace A.
89112
- // Note, if fixed version can be a downgrade, applying a fix to workspace B *can* introduce a downgrade error!
89113
- async (framework) => {
89114
- const updatedRange = requestedCache.get(framework)?.get(dependencyName);
89115
- if (!updatedRange) {
89116
- throw new Error(
89117
- `unexpected empty requested cache for dependency ${dependencyName}, framework ${framework}, workspace ${wsPath}`
89118
- );
89119
- }
89120
- await this.addPackage(dependencyName, updatedRange.toString(), framework, wsPath);
89102
+ const framework = dependencyTree.transitiveDependencies[dependencyIdentifier].framework;
89103
+ if (framework && conflictCache.get(framework)?.get(dependencyName)) {
89104
+ const updatedRange = requestedCache.get(framework)?.get(dependencyName);
89105
+ if (!updatedRange) {
89106
+ throw new Error(
89107
+ `unexpected empty requested cache for dependency ${dependencyName}, framework ${framework}, workspace ${wsPath}`
89108
+ );
89121
89109
  }
89122
- );
89110
+ await this.addPackage(dependencyName, updatedRange.toString(), framework, wsPath);
89111
+ }
89123
89112
  });
89124
89113
  await (0, import_promises9.writeFile)(this.getLockFilePath(wsPath), JSON.stringify(lockFileWithFixes, null, 2));
89125
89114
  }
@@ -193993,7 +193982,7 @@ var require_version = __commonJS({
193993
193982
  "use strict";
193994
193983
  Object.defineProperty(exports2, "__esModule", { value: true });
193995
193984
  exports2.version = void 0;
193996
- exports2.version = "14.0.11";
193985
+ exports2.version = "14.0.12";
193997
193986
  }
193998
193987
  });
193999
193988
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@coana-tech/cli",
3
- "version": "14.0.11",
3
+ "version": "14.0.12",
4
4
  "description": "Coana CLI",
5
5
  "bin": {
6
6
  "@coana-tech/cli": "./cli.js"