npm - @coana-tech/cli - Versions diffs - 14.12.90 → 14.12.92 - Mend

@coana-tech/cli 14.12.90 → 14.12.92

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/cli.mjs CHANGED Viewed

@@ -244541,7 +244541,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 // dist/version.js
-var version2 = "14.12.90";
+var version2 = "14.12.92";
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -244734,7 +244734,7 @@ var CliCore = class {
       this.sendProgress("RUN_ON_SUBPROJECT", true, this.rootWorkingDirectory);
       const isEcosystemToAnalyze = !this.options.purlTypes || this.options.purlTypes.some((purlType) => getAdvisoryEcosystemFromPurlType(purlType) === ecosystem);
       if (!isEcosystemToAnalyze) {
-        logger.info(`Skipping reachability analysis for ecosystem ${getPurlType(ecosystem)} due to it not being included in the list of ecosystems to analyze.`);
+        logger.info(`Skipping reachability analysis for ecosystem ${getPurlType(ecosystem)} since it is not included in the list of ecosystems to analyze.`);
       }
       vulnsWithResults.push(...Object.values(await this.runReachabilityAnalysisForWorkspaces(
         workspaceToAnalysisData,
@@ -245154,7 +245154,7 @@ Subproject: ${subproject}`);
       includeDirs: this.options.includeDirs ?? []
     }, resolve42(subprojectPath, workspacePath));
     if (shouldExcludeWorkspaceForAnalysis) {
-      logger.info(`${workspacePrefix}Skipping reachability analysis for workspace ${workspacePath} due to it being excluded.`);
+      logger.info(`${workspacePrefix}Skipping reachability analysis for workspace ${workspacePath} since it is excluded.`);
     }
     return shouldExcludeWorkspaceForAnalysis;
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.90",
+  "version": "14.12.92",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs CHANGED Viewed

@@ -80677,11 +80677,15 @@ async function exists(path10, mode) {
 // ../utils/src/go-utils.ts
 var modWhyRegex = /^\(main module does not need to vendor (?:module|package) (\S+)\)$/gm;
 async function runGoModWhy(moduleMode, projectFolder, toCheck) {
+  logger.debug(`Running 'go mod why' in ${projectFolder} with ${moduleMode ? "module" : "package"} mode`);
   const modWhyOutput = await runCommandResolveStdOut(
     // -vendor flag tells why to disregard imports in dependencies' tests
     ["go", ...`mod why${moduleMode ? " -m" : ""} -vendor`.split(" "), ...toCheck],
-    projectFolder
+    projectFolder,
+    { timeout: 30 * 60 * 1e3 }
+    // 30 minutes
   );
+  logger.debug(`'go mod why' finished`);
   return Array.from(modWhyOutput.matchAll(modWhyRegex), ([, m]) => m);
 }
 var getIrrelevantModules = runGoModWhy.bind(null, true);
@@ -80692,11 +80696,15 @@ async function getModuleInfo(goModPath) {
   return JSON.parse(stdout);
 }
 async function runGoModTidy(moduleDir, { continueOnError = false } = {}) {
+  logger.debug(`Running 'go mod tidy' in ${moduleDir}`);
   const { error } = await execNeverFail(["go", "mod", "tidy"], moduleDir);
+  logger.debug(`'go mod tidy' finished`);
   if (error) {
     const { Module, Go } = await getModuleInfo(moduleDir);
-    logger.warn(`'go mod tidy' failed for '${Module.Path}'${Go ? `@go${Go}` : ""} in '${moduleDir}' with error:
-${error.message}`);
+    logger.warn(
+      `'go mod tidy' failed for '${Module.Path}'${Go ? `@go${Go}` : ""} in '${moduleDir}' with error:
+${error.message}`
+    );
     if (!continueOnError) throw error;
   }
 }
@@ -111949,7 +111957,20 @@ var GoAnalyzer = class {
   }
   async runReachabilityAnalysis(vulns, analysisMetadataCollector, statusUpdater) {
     const vulnerablePackages = uniq9(vulns.flatMap((v) => v.vulnerabilityAccessPaths.map((vap) => vap.split(":")[0])));
-    const irrelevantPackages = new Set(await getIrrelevantPackages(this.projectDir, vulnerablePackages));
+    let irrelevantPackages;
+    try {
+      irrelevantPackages = new Set(await getIrrelevantPackages(this.projectDir, vulnerablePackages));
+    } catch (e) {
+      const message = `Error running 'go mod why' to get irrelevant packages: ${e instanceof Error ? e.message : String(e)}`;
+      logger.warn(message);
+      return vulns.map((v) => ({
+        ...v,
+        results: {
+          type: "analysisError",
+          message
+        }
+      }));
+    }
     const [unreachableVulns, otherVulns] = partition2(vulns, (v) => v.vulnerabilityAccessPaths.every((vap) => irrelevantPackages.has(vap.split(":")[0])));
     const res = otherVulns.length ? await analyzeWithHeuristics(this.state, otherVulns, [GoanaHeuristics.DEFAULT], false, new GoCodeAwareVulnerabilityScanner(this.projectDir, this.state.reachabilityAnalysisOptions), analysisMetadataCollector, statusUpdater) : [];
     if (unreachableVulns.length) {

package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/javap-service/javap-service.jar CHANGED Viewed

Binary file

package/repos/coana-tech/mambalade/dist/mambalade-0.3.15-py3-none-any.whl ADDED Viewed

Binary file

package/repos/coana-tech/mambalade/dist/mambalade-0.3.14-py3-none-any.whl DELETED Viewed

Binary file