@itwin/build-tools 3.0.0-dev.79 → 3.0.0-dev.80

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +2 -2
  2. package/scripts/rush/audit.js +9 -8
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@itwin/build-tools",
3
- "version": "3.0.0-dev.79",
3
+ "version": "3.0.0-dev.80",
4
4
  "description": "Bentley build tools",
5
5
  "license": "MIT",
6
6
  "repository": {
@@ -39,7 +39,7 @@
39
39
  "yargs": "^16.0.0"
40
40
  },
41
41
  "devDependencies": {
42
- "@itwin/eslint-plugin": "3.0.0-dev.79",
42
+ "@itwin/eslint-plugin": "3.0.0-dev.80",
43
43
  "@types/node": "14.14.31",
44
44
  "eslint": "^7.11.0"
45
45
  },
package/scripts/rush/audit.js CHANGED
@@ -37,12 +37,13 @@ const rushCommonDir = path.join(__dirname, "../../../../common/");
37
37
  // for development dependencies only.
38
38
  // All security issues should be addressed asap.
39
39
  const excludedAdvisories = [
40
- 1700, // https://npmjs.com/advisories/1700
41
- 1754, // https://npmjs.com/advisories/1754. Waiting for fix, https://github.com/svg/svgo/pull/1485.
42
- 1755, // https://npmjs.com/advisories/1755. Waiting for fix, https://github.com/sindresorhus/normalize-url/issues/135
43
- 1779, // https://npmjs.com/advisories/1779. Waiting for fix in @bentley/react-scripts
44
- 1780, // https://npmjs.com/advisories/1780. Waiting for fix in @bentley/react-scripts
45
- 1781, // https://npmjs.com/advisories/1781. Waiting for fix in @bentley/react-scripts
40
+ "GHSA-8p5q-j9m2-g8wr", // https://github.com/advisories/GHSA-8p5q-j9m2-g8wr.
41
+ "GHSA-ww39-953v-wcq6", // https://github.com/advisories/GHSA-ww39-953v-wcq6.
42
+ "GHSA-8v27-2fg9-7h62", // https://github.com/advisories/GHSA-8v27-2fg9-7h62.
43
+ "GHSA-33f9-j839-rf8h", // https://github.com/advisories/GHSA-33f9-j839-rf8h.
44
+ "GHSA-c36v-fmgq-m8hx", // https://github.com/advisories/GHSA-c36v-fmgq-m8hx.
45
+ "GHSA-4jqc-8m5r-9rpr", // https://github.com/advisories/GHSA-4jqc-8m5r-9rpr.
46
+ "GHSA-whgm-jr23-g3j9", // https://github.com/advisories/GHSA-whgm-jr23-g3j9.
46
47
  ];
47
48
 
48
49
  let shouldFailBuild = false;
@@ -57,10 +58,10 @@ const rushCommonDir = path.join(__dirname, "../../../../common/");
57
58
  const message = `${severity} Security Vulnerability: ${advisory.title} in ${advisory.module_name} (from ${mpath}). See ${advisory.url} for more info.`;
58
59
 
59
60
  // For now, we'll only treat CRITICAL and HIGH vulnerabilities as errors in CI builds.
60
- if (!excludedAdvisories.includes(advisory.id) && (severity === "HIGH" || severity === "CRITICAL")) {
61
+ if (!excludedAdvisories.includes(advisory.github_advisory_id) && (severity === "HIGH" || severity === "CRITICAL")) {
61
62
  logBuildError(message);
62
63
  shouldFailBuild = true;
63
- } else if (excludedAdvisories.includes(advisory.id) || severity === "MODERATE") // Only warn on MODERATE severity items
64
+ } else if (excludedAdvisories.includes(advisory.github_advisory_id) || severity === "MODERATE") // Only warn on MODERATE severity items
64
65
  logBuildWarning(message);
65
66
  }
66
67
  }