npm - @contrast/contrast - Versions diffs - 1.0.23 → 1.0.24 - Mend

@contrast/contrast 1.0.23 → 1.0.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/audit/report/commonReportingFunctions.js +4 -1
package/dist/constants/constants.js +1 -1
package/dist/scaAnalysis/java/analysis.js +1 -1
package/package.json +1 -1
package/src/audit/report/commonReportingFunctions.js +5 -1
package/src/constants/constants.js +1 -1
package/src/scaAnalysis/java/analysis.js +1 -1

package/dist/audit/report/commonReportingFunctions.js CHANGED Viewed

@@ -135,7 +135,10 @@ function getIssueRow(cveArray) {
 }
 function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
     const guidanceModel = new ReportGuidanceModel();
-    const data = guidance[libraryName + '@' + libraryVersion];
+    const keyToFind = Object.keys(guidance).filter(key => {
+        return key.includes(libraryName + '@' + libraryVersion);
+    });
+    const data = guidance[keyToFind];
     if (data) {
         guidanceModel.minimum = data.minUpgradeVersion;
         guidanceModel.maximum = data.maxUpgradeVersion;

package/dist/constants/constants.js CHANGED Viewed

@@ -12,7 +12,7 @@ const MEDIUM = 'MEDIUM';
 const HIGH = 'HIGH';
 const CRITICAL = 'CRITICAL';
 const APP_NAME = 'contrast';
-const APP_VERSION = '1.0.23';
+const APP_VERSION = '1.0.24';
 const TIMEOUT = 120000;
 const HIGH_COLOUR = '#ff9900';
 const CRITICAL_COLOUR = '#e35858';

package/dist/scaAnalysis/java/analysis.js CHANGED Viewed

@@ -24,7 +24,7 @@ const determineProjectTypeAndCwd = (files, config) => {
 };
 const buildMaven = (config, projectData, timeout) => {
     let command = 'mvn';
-    let args = ['dependency:tree', '-B'];
+    let args = ['dependency:tree', '-B', '-Dscope=runtime'];
     if (config.mavenSettingsPath) {
         args.push('-s');
         args.push(config.mavenSettingsPath);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/contrast",
-  "version": "1.0.23",
+  "version": "1.0.24",
   "description": "Contrast Security's command line tool",
   "main": "dist/index.js",
   "bin": {

package/src/audit/report/commonReportingFunctions.js CHANGED Viewed

@@ -265,8 +265,12 @@ function getIssueRow(cveArray) {
 function gatherRemediationAdvice(guidance, libraryName, libraryVersion) {
   const guidanceModel = new ReportGuidanceModel()
-  const data = guidance[libraryName + '@' + libraryVersion]
+  //partial key search as Java returns the group but other languages do not
+  const keyToFind = Object.keys(guidance).filter(key => {
+    return key.includes(libraryName + '@' + libraryVersion)
+  })
+  const data = guidance[keyToFind]
   if (data) {
     guidanceModel.minimum = data.minUpgradeVersion
     guidanceModel.maximum = data.maxUpgradeVersion

package/src/constants/constants.js CHANGED Viewed

@@ -14,7 +14,7 @@ const HIGH = 'HIGH'
 const CRITICAL = 'CRITICAL'
 // App
 const APP_NAME = 'contrast'
-const APP_VERSION = '1.0.23'
+const APP_VERSION = '1.0.24'
 const TIMEOUT = 120000
 const HIGH_COLOUR = '#ff9900'
 const CRITICAL_COLOUR = '#e35858'

package/src/scaAnalysis/java/analysis.js CHANGED Viewed

@@ -30,7 +30,7 @@ const determineProjectTypeAndCwd = (files, config) => {
 const buildMaven = (config, projectData, timeout) => {
   let command = 'mvn'
-  let args = ['dependency:tree', '-B']
+  let args = ['dependency:tree', '-B', '-Dscope=runtime']
   if (config.mavenSettingsPath) {
     args.push('-s')
     args.push(config.mavenSettingsPath)