@coana-tech/cli 15.2.6 → 15.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +28 -2
- package/package.json +1 -1
- package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-amd64.gz +0 -0
- package/repos/coana-tech/goana/bin/goana-linux-arm64.gz +0 -0
- package/repos/coana-tech/javap-service/javap-service.jar +0 -0
package/cli.mjs
CHANGED
|
@@ -225628,13 +225628,39 @@ var PnpmFixingManager = class extends NpmEcosystemFixingManager {
|
|
|
225628
225628
|
if (result.error) {
|
|
225629
225629
|
logger.debug("finalize fixes stdout", result.stdout);
|
|
225630
225630
|
logger.debug("finalize fixes stderr", result.stderr);
|
|
225631
|
-
|
|
225631
|
+
const trustErrorMessage = buildPnpmTrustDowngradeMessage(`${result.stdout}
|
|
225632
|
+
${result.stderr}`);
|
|
225633
|
+
if (trustErrorMessage !== void 0) throw new Error(trustErrorMessage);
|
|
225634
|
+
throw new Error(buildPnpmFinalizeFailureMessage(result.stdout, result.stderr, result.error.message));
|
|
225632
225635
|
}
|
|
225633
225636
|
logger.info(
|
|
225634
225637
|
`Run 'pnpm install' in '${relative7(this.rootDir, this.subprojectPath) || "."}' to install the updated dependencies`
|
|
225635
225638
|
);
|
|
225636
225639
|
}
|
|
225637
225640
|
};
|
|
225641
|
+
function parsePnpmTrustDowngrade(output) {
|
|
225642
|
+
const match2 = output.match(/ERR_PNPM_TRUST_DOWNGRADE[^\n]*?"([^"]+)"/);
|
|
225643
|
+
return match2 ? { packageRef: match2[1] } : void 0;
|
|
225644
|
+
}
|
|
225645
|
+
function buildPnpmFinalizeFailureMessage(stdout, stderr, fallbackMessage) {
|
|
225646
|
+
const combined = [stderr.trim(), stdout.trim()].filter(Boolean).join("\n").trim();
|
|
225647
|
+
return combined ? `${fallbackMessage}
|
|
225648
|
+
|
|
225649
|
+
pnpm output:
|
|
225650
|
+
${combined}` : fallbackMessage;
|
|
225651
|
+
}
|
|
225652
|
+
function buildPnpmTrustDowngradeMessage(output) {
|
|
225653
|
+
const parsed = parsePnpmTrustDowngrade(output);
|
|
225654
|
+
if (!parsed) return void 0;
|
|
225655
|
+
const { packageRef } = parsed;
|
|
225656
|
+
return `pnpm refused to update the lockfile due to a trust-downgrade on "${packageRef}" (ERR_PNPM_TRUST_DOWNGRADE). This usually means the package lost its npm provenance attestation between releases \u2014 often a publishing-workflow regression rather than a real supply-chain incident.
|
|
225657
|
+
|
|
225658
|
+
To unblock the fix, edit pnpm-workspace.yaml at the workspace root (the same file your \`trustPolicy: no-downgrade\` setting lives in) and either:
|
|
225659
|
+
\u2022 set \`trustPolicy: off\` to disable the check entirely, or
|
|
225660
|
+
\u2022 keep the policy on and allow just this release via:
|
|
225661
|
+
trustPolicyExclude:
|
|
225662
|
+
- '${packageRef}'`;
|
|
225663
|
+
}
|
|
225638
225664
|
function getVersionNumber(version4) {
|
|
225639
225665
|
const pnpmLockVersionSuffix = /((\d+)\.(\d+)\.(\d+)((-((\d|[a-zA-Z]|\.)+)){0,1})((\+((\d|\.)+)){0,1}))(_|\()(.+)/;
|
|
225640
225666
|
const match2 = version4.match(pnpmLockVersionSuffix);
|
|
@@ -252321,7 +252347,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
|
|
|
252321
252347
|
}
|
|
252322
252348
|
|
|
252323
252349
|
// dist/version.js
|
|
252324
|
-
var version3 = "15.2.
|
|
252350
|
+
var version3 = "15.2.7";
|
|
252325
252351
|
|
|
252326
252352
|
// dist/cli-core.js
|
|
252327
252353
|
var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
|
package/package.json
CHANGED
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|