@contrast/agent 4.20.1 → 4.20.2

package/lib/libraries.js

@@ -164,7 +164,7 @@ const getLibInfo = async (agent, eluEnabled) =>
 
       return libs;
     } catch (err) {
-      logger.error('unable to read installed dependencies. %o', err);
+      logger.error('unable to read installed dependencies: %o', err);
       return AppUpdate.libraries;
     }
   }, DEADZONE_NAME);

package/lib/list-installed.js

@@ -18,7 +18,7 @@ const semver = require('semver');
 const util = require('util');
 
 const {
-  AGENT_INFO: { SUPPORTED_NPM_VERSIONS }
+  AGENT_INFO: { SUPPORTED_NPM_VERSIONS },
 } = require('./constants');
 
 const VERSION_REGEX = /^npm@(\S+)\s+(\S+)$/m;
@@ -39,19 +39,18 @@ const execFile = util.promisify(require('child_process').execFile);
  * @returns {Promise<Result>}
  */
 module.exports = async function listInstalled(cwd, logger) {
-  const env = { ...process.env, NODE_OPTIONS: undefined };
-  const args = ['ls', '--json', '--prod', '--long'];
+  const execFileOpts = {
+    cwd,
+    env: { ...process.env, NODE_OPTIONS: undefined },
+    maxBuffer: 1024 * 1024 * 128,
+  };
   let stdout;
 
   try {
-    const result = await execFile('npm', ['help'], {
-      cwd,
-      env,
-      shell: true,
-    });
+    const result = await execFile('npm', ['help'], execFileOpts);
     stdout = result.stdout;
   } catch (err) {
-    logger.debug('`npm` returned an error: %o', err);
+    logger.trace('`npm help` returned an error: %o', err);
     // If npm encounters any errors whatsoever it will return with a non-zero
     // exit code but still output the relevant information to stdout.
     // If an even worse error occurs, we may not be able to parse stdout.
@@ -61,12 +60,13 @@ module.exports = async function listInstalled(cwd, logger) {
   const [, version, location] = stdout.match(VERSION_REGEX) || [];
   if (!version)
     throw new Error(
-      'Unable to locate `npm`. Please enable debug level logs for more information.'
+      "Unable to locate `npm`. `npm` is required for your application's libraries to be reported to Contrast for analysis. Please enable debug level logs for more information."
     );
 
   logger.debug('using npm version %s at %s', version, location);
 
-  if (semver.gte(version, '7.0.0')) args.push('--all');
+  const lsArgs = ['ls', '--json', '--long'];
+  if (semver.gte(version, '7.0.0')) lsArgs.push('--all');
   if (!semver.satisfies(version, SUPPORTED_NPM_VERSIONS))
     logger.warn(
       'The installed version of npm (%s at %s) can cause unexpected behavior. Please install a version that satisfies %s',
@@ -76,16 +76,10 @@ module.exports = async function listInstalled(cwd, logger) {
     );
 
   try {
-    const result = await execFile('npm', args, {
-      cwd,
-      env,
-      shell: true,
-      maxBuffer: 1024 * 1024 * 128,
-    });
-
+    const result = await execFile('npm', lsArgs, execFileOpts);
     stdout = result.stdout;
   } catch (err) {
-    logger.debug('`npm ls` returned an error: %o', err);
+    logger.trace('`npm ls` returned an error: %o', err);
     stdout = err.stdout || '';
   }
 
@@ -94,7 +88,7 @@ module.exports = async function listInstalled(cwd, logger) {
   } catch (err) {
     logger.trace('parsing the output of `npm ls` failed: %o', err);
     throw new Error(
-      '`npm ls` failed to provide a list of installed dependencies. Please enable debug level logs for more information.'
+      '`npm ls` failed to provide a list of installed dependencies. Please enable trace level logs for more information.'
     );
   }
 };

package/node_modules/moment/CHANGELOG.md

@@ -1,11 +1,23 @@
 Changelog
 =========
 
+### 2.29.4
+
+* Release Jul 6, 2022
+  * [#6015](https://github.com/moment/moment/pull/6015) [bugfix] Fix ReDoS in preprocessRFC2822 regex
+
+### 2.29.3 [Full changelog](https://gist.github.com/ichernev/edebd440f49adcaec72e5e77b791d8be)
+
+* Release Apr 17, 2022
+  * [#5995](https://github.com/moment/moment/pull/5995) [bugfix] Remove const usage
+  * [#5990](https://github.com/moment/moment/pull/5990) misc: fix advisory link
+
+
 ### 2.29.2 [See full changelog](https://gist.github.com/ichernev/1904b564f6679d9aac1ae08ce13bc45c)
 
 * Release Apr 3 2022
 
-Address https://github.com/advisories/GHSA-8hfj-j24r-96c4
+Address https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4
 
 ### 2.29.1 [See full changelog](https://gist.github.com/marwahaha/cc478ba01a1292ab4bd4e861d164d99b)
 

package/node_modules/moment/dist/locale/sr-cyrl.js

@@ -31,7 +31,8 @@ var translator = {
         return wordKey[2];
     },
     translate: function (number, withoutSuffix, key, isFuture) {
-        var wordKey = translator.words[key];
+        var wordKey = translator.words[key],
+            word;
 
         if (key.length === 1) {
             // Nominativ
@@ -39,7 +40,7 @@ var translator = {
             return isFuture || withoutSuffix ? wordKey[0] : wordKey[1];
         }
 
-        const word = translator.correctGrammaticalCase(number, wordKey);
+        word = translator.correctGrammaticalCase(number, wordKey);
         // Nominativ
         if (key === 'yy' && withoutSuffix && word === 'годину') {
             return number + ' година';

package/node_modules/moment/dist/locale/sr.js

@@ -31,7 +31,8 @@ var translator = {
         return wordKey[2];
     },
     translate: function (number, withoutSuffix, key, isFuture) {
-        var wordKey = translator.words[key];
+        var wordKey = translator.words[key],
+            word;
 
         if (key.length === 1) {
             // Nominativ
@@ -39,7 +40,7 @@ var translator = {
             return isFuture || withoutSuffix ? wordKey[0] : wordKey[1];
         }
 
-        const word = translator.correctGrammaticalCase(number, wordKey);
+        word = translator.correctGrammaticalCase(number, wordKey);
         // Nominativ
         if (key === 'yy' && withoutSuffix && word === 'godinu') {
             return number + ' godina';

package/node_modules/moment/dist/moment.js

@@ -1,5 +1,5 @@
 //! moment.js
-//! version : 2.29.2
+//! version : 2.29.4
 //! authors : Tim Wood, Iskren Chernev, Moment.js contributors
 //! license : MIT
 //! momentjs.com
@@ -2448,7 +2448,7 @@ function untruncateYear(yearStr) {
 function preprocessRFC2822(s) {
     // Remove comments and folding whitespace and replace multiple-spaces with a single space
     return s
-        .replace(/\([^)]*\)|[\n\t]/g, ' ')
+        .replace(/\([^()]*\)|[\n\t]/g, ' ')
         .replace(/(\s\s+)/g, ' ')
         .replace(/^\s\s*/, '')
         .replace(/\s\s*$/, '');
@@ -5629,7 +5629,7 @@ addParseToken('x', function (input, array, config) {
 
 //! moment.js
 
-hooks.version = '2.29.2';
+hooks.version = '2.29.4';
 
 setHookCallback(createLocal);
 

package/node_modules/moment/locale/sr-cyrl.js

@@ -38,7 +38,8 @@
             return wordKey[2];
         },
         translate: function (number, withoutSuffix, key, isFuture) {
-            var wordKey = translator.words[key];
+            var wordKey = translator.words[key],
+                word;
 
             if (key.length === 1) {
                 // Nominativ
@@ -46,7 +47,7 @@
                 return isFuture || withoutSuffix ? wordKey[0] : wordKey[1];
             }
 
-            const word = translator.correctGrammaticalCase(number, wordKey);
+            word = translator.correctGrammaticalCase(number, wordKey);
             // Nominativ
             if (key === 'yy' && withoutSuffix && word === 'годину') {
                 return number + ' година';

package/node_modules/moment/locale/sr.js

@@ -38,7 +38,8 @@
             return wordKey[2];
         },
         translate: function (number, withoutSuffix, key, isFuture) {
-            var wordKey = translator.words[key];
+            var wordKey = translator.words[key],
+                word;
 
             if (key.length === 1) {
                 // Nominativ
@@ -46,7 +47,7 @@
                 return isFuture || withoutSuffix ? wordKey[0] : wordKey[1];
             }
 
-            const word = translator.correctGrammaticalCase(number, wordKey);
+            word = translator.correctGrammaticalCase(number, wordKey);
             // Nominativ
             if (key === 'yy' && withoutSuffix && word === 'godinu') {
                 return number + ' godina';

package/node_modules/moment/min/locales.js

@@ -10097,7 +10097,8 @@
             return wordKey[2];
         },
         translate: function (number, withoutSuffix, key, isFuture) {
-            var wordKey = translator$1.words[key];
+            var wordKey = translator$1.words[key],
+                word;
 
             if (key.length === 1) {
                 // Nominativ
@@ -10105,7 +10106,7 @@
                 return isFuture || withoutSuffix ? wordKey[0] : wordKey[1];
             }
 
-            const word = translator$1.correctGrammaticalCase(number, wordKey);
+            word = translator$1.correctGrammaticalCase(number, wordKey);
             // Nominativ
             if (key === 'yy' && withoutSuffix && word === 'годину') {
                 return number + ' година';
@@ -10219,7 +10220,8 @@
             return wordKey[2];
         },
         translate: function (number, withoutSuffix, key, isFuture) {
-            var wordKey = translator$2.words[key];
+            var wordKey = translator$2.words[key],
+                word;
 
             if (key.length === 1) {
                 // Nominativ
@@ -10227,7 +10229,7 @@
                 return isFuture || withoutSuffix ? wordKey[0] : wordKey[1];
             }
 
-            const word = translator$2.correctGrammaticalCase(number, wordKey);
+            word = translator$2.correctGrammaticalCase(number, wordKey);
             // Nominativ
             if (key === 'yy' && withoutSuffix && word === 'godinu') {
                 return number + ' godina';