npm - @ktpartners/dgs-platform - Versions diffs - 2.9.0 → 3.3.0 - Mend

@ktpartners/dgs-platform 2.9.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (166) hide show

package/CHANGELOG.md +197 -0
package/README.md +34 -2
package/agents/dgs-executor.md +124 -3
package/agents/dgs-idea-researcher.md +447 -0
package/agents/dgs-plan-checker.md +61 -3
package/agents/dgs-planner.md +51 -8
package/bin/install.js +44 -0
package/commands/dgs/abandon-quick.md +28 -0
package/commands/dgs/add-tests.md +2 -2
package/commands/dgs/audit-milestone.md +4 -3
package/commands/dgs/capture-principle.md +11 -11
package/commands/dgs/cleanup.md +2 -2
package/commands/dgs/complete-milestone.md +11 -11
package/commands/dgs/complete-quick.md +28 -0
package/commands/dgs/create-milestone-job.md +2 -2
package/commands/dgs/debug.md +3 -3
package/commands/dgs/develop-idea.md +1 -1
package/commands/dgs/diff-report.md +124 -0
package/commands/dgs/fast.md +3 -1
package/commands/dgs/health.md +1 -1
package/commands/dgs/map-codebase.md +6 -6
package/commands/dgs/new-milestone.md +5 -5
package/commands/dgs/new-project.md +8 -21
package/commands/dgs/package-scan.md +43 -0
package/commands/dgs/plan-milestone-gaps.md +1 -1
package/commands/dgs/progress.md +3 -3
package/commands/dgs/quick-abandon.md +8 -0
package/commands/dgs/quick-complete.md +8 -0
package/commands/dgs/quick.md +10 -3
package/commands/dgs/research-idea.md +3 -2
package/commands/dgs/research-phase.md +3 -3
package/commands/dgs/switch-project.md +14 -1
package/commands/dgs/write-spec.md +3 -3
package/deliver-great-systems/bin/dgs-tools.cjs +401 -32
package/deliver-great-systems/bin/lib/audit-tolerance.cjs +77 -0
package/deliver-great-systems/bin/lib/audit-tolerance.test.cjs +101 -0
package/deliver-great-systems/bin/lib/commands.cjs +626 -46
package/deliver-great-systems/bin/lib/commands.test.cjs +451 -0
package/deliver-great-systems/bin/lib/commit-verify.test.cjs +236 -0
package/deliver-great-systems/bin/lib/config.cjs +80 -6
package/deliver-great-systems/bin/lib/config.test.cjs +309 -0
package/deliver-great-systems/bin/lib/context.cjs +120 -0
package/deliver-great-systems/bin/lib/core.cjs +35 -14
package/deliver-great-systems/bin/lib/core.test.cjs +79 -1
package/deliver-great-systems/bin/lib/execution.cjs +49 -17
package/deliver-great-systems/bin/lib/fast-routing.cjs +199 -0
package/deliver-great-systems/bin/lib/fast-routing.test.cjs +108 -0
package/deliver-great-systems/bin/lib/final-commit-precondition.test.cjs +87 -0
package/deliver-great-systems/bin/lib/fixtures/package-scan/bundler-audit-gemfile.json +21 -0
package/deliver-great-systems/bin/lib/fixtures/package-scan/gate-parity-expected.md +186 -0
package/deliver-great-systems/bin/lib/fixtures/package-scan/gate-parity-runresult.json +235 -0
package/deliver-great-systems/bin/lib/fixtures/package-scan/govulncheck-import.json +3 -0
package/deliver-great-systems/bin/lib/fixtures/package-scan/npm-audit-v10.json +37 -0
package/deliver-great-systems/bin/lib/fixtures/package-scan/osv-clean.json +3 -0
package/deliver-great-systems/bin/lib/fixtures/package-scan/osv-vulns.json +77 -0
package/deliver-great-systems/bin/lib/fixtures/package-scan/pip-audit-requirements.json +28 -0
package/deliver-great-systems/bin/lib/fixtures/package-scan/snyk-lodash.json +30 -0
package/deliver-great-systems/bin/lib/fixtures/package-scan/snyk-workspaces.json +55 -0
package/deliver-great-systems/bin/lib/flat-migration.test.cjs +396 -0
package/deliver-great-systems/bin/lib/frontmatter.cjs +1 -1
package/deliver-great-systems/bin/lib/governance.cjs +211 -0
package/deliver-great-systems/bin/lib/governance.test.cjs +339 -0
package/deliver-great-systems/bin/lib/health-untracked-phase.test.cjs +269 -0
package/deliver-great-systems/bin/lib/ideas.cjs +206 -91
package/deliver-great-systems/bin/lib/ideas.test.cjs +244 -1
package/deliver-great-systems/bin/lib/init.cjs +357 -61
package/deliver-great-systems/bin/lib/init.test.cjs +625 -8
package/deliver-great-systems/bin/lib/jobs.cjs +131 -25
package/deliver-great-systems/bin/lib/jobs.test.cjs +193 -74
package/deliver-great-systems/bin/lib/migration.cjs +409 -1
package/deliver-great-systems/bin/lib/migration.test.cjs +158 -1
package/deliver-great-systems/bin/lib/milestone.cjs +154 -31
package/deliver-great-systems/bin/lib/milestone.test.cjs +203 -0
package/deliver-great-systems/bin/lib/package-adapters.cjs +530 -0
package/deliver-great-systems/bin/lib/package-adapters.test.cjs +618 -0
package/deliver-great-systems/bin/lib/package-ecosystems.cjs +350 -0
package/deliver-great-systems/bin/lib/package-ecosystems.test.cjs +348 -0
package/deliver-great-systems/bin/lib/package-runner.cjs +199 -0
package/deliver-great-systems/bin/lib/package-runner.test.cjs +198 -0
package/deliver-great-systems/bin/lib/package-scan-provenance.cjs +56 -0
package/deliver-great-systems/bin/lib/package-scan-provenance.test.cjs +103 -0
package/deliver-great-systems/bin/lib/package-scan-report.cjs +1140 -0
package/deliver-great-systems/bin/lib/package-scan-report.test.cjs +1963 -0
package/deliver-great-systems/bin/lib/package-scan-skill.cjs +96 -0
package/deliver-great-systems/bin/lib/package-scan-skill.test.cjs +136 -0
package/deliver-great-systems/bin/lib/package-scan.cjs +919 -0
package/deliver-great-systems/bin/lib/package-scan.test.cjs +2147 -0
package/deliver-great-systems/bin/lib/phase.cjs +146 -3
package/deliver-great-systems/bin/lib/phase.test.cjs +420 -0
package/deliver-great-systems/bin/lib/plan-number-validity.test.cjs +48 -0
package/deliver-great-systems/bin/lib/projects.cjs +65 -10
package/deliver-great-systems/bin/lib/projects.test.cjs +198 -2
package/deliver-great-systems/bin/lib/quick.cjs +739 -0
package/deliver-great-systems/bin/lib/quick.test.cjs +730 -0
package/deliver-great-systems/bin/lib/repos.cjs +37 -13
package/deliver-great-systems/bin/lib/review.cjs +1821 -0
package/deliver-great-systems/bin/lib/roadmap.cjs +34 -13
package/deliver-great-systems/bin/lib/specs.cjs +3 -81
package/deliver-great-systems/bin/lib/state-transition-gate.test.cjs +160 -0
package/deliver-great-systems/bin/lib/state.cjs +147 -55
package/deliver-great-systems/bin/lib/summary-frontmatter.cjs +54 -0
package/deliver-great-systems/bin/lib/summary-frontmatter.test.cjs +78 -0
package/deliver-great-systems/bin/lib/sweep-scope.test.cjs +263 -0
package/deliver-great-systems/bin/lib/sync.cjs +75 -0
package/deliver-great-systems/bin/lib/verify.cjs +198 -7
package/deliver-great-systems/bin/lib/verify.test.cjs +82 -0
package/deliver-great-systems/bin/lib/wave-0-template-rename.test.cjs +40 -0
package/deliver-great-systems/bin/lib/worktrees.cjs +790 -0
package/deliver-great-systems/bin/lib/worktrees.test.cjs +963 -0
package/deliver-great-systems/references/agent-step-reliability.md +60 -0
package/deliver-great-systems/references/conflict-resolution.md +4 -0
package/deliver-great-systems/references/context-tiers.md +4 -0
package/deliver-great-systems/references/package-scan-config.md +151 -0
package/deliver-great-systems/references/questioning.md +0 -30
package/deliver-great-systems/references/spec-review-loop.md +1 -2
package/deliver-great-systems/references/workflow-conventions.md +29 -0
package/deliver-great-systems/skills/dgs-tests/package-scan.md +44 -0
package/deliver-great-systems/templates/REVIEW.md +35 -0
package/deliver-great-systems/templates/VALIDATION.md +1 -1
package/deliver-great-systems/templates/claude-md.md +27 -0
package/deliver-great-systems/templates/package-scan-report.md +108 -0
package/deliver-great-systems/templates/project.md +6 -170
package/deliver-great-systems/templates/summary.md +3 -1
package/deliver-great-systems/workflows/abandon-quick.md +89 -0
package/deliver-great-systems/workflows/add-idea.md +3 -3
package/deliver-great-systems/workflows/add-phase.md +5 -0
package/deliver-great-systems/workflows/add-tests.md +14 -0
package/deliver-great-systems/workflows/add-todo.md +1 -0
package/deliver-great-systems/workflows/approve-spec.md +25 -4
package/deliver-great-systems/workflows/audit-milestone.md +66 -10
package/deliver-great-systems/workflows/audit-phase.md +15 -5
package/deliver-great-systems/workflows/cancel-job.md +2 -2
package/deliver-great-systems/workflows/check-todos.md +2 -3
package/deliver-great-systems/workflows/codereview.md +103 -9
package/deliver-great-systems/workflows/complete-milestone.md +218 -24
package/deliver-great-systems/workflows/complete-quick.md +106 -0
package/deliver-great-systems/workflows/consolidate-ideas.md +1 -1
package/deliver-great-systems/workflows/create-milestone-job.md +4 -4
package/deliver-great-systems/workflows/develop-idea.md +11 -11
package/deliver-great-systems/workflows/diagnose-issues.md +14 -0
package/deliver-great-systems/workflows/discuss-idea.md +1 -1
package/deliver-great-systems/workflows/discuss-phase.md +3 -2
package/deliver-great-systems/workflows/execute-phase.md +209 -33
package/deliver-great-systems/workflows/execute-plan.md +22 -22
package/deliver-great-systems/workflows/help.md +53 -20
package/deliver-great-systems/workflows/import-spec.md +65 -7
package/deliver-great-systems/workflows/init-product.md +45 -167
package/deliver-great-systems/workflows/new-milestone.md +140 -33
package/deliver-great-systems/workflows/new-project.md +60 -331
package/deliver-great-systems/workflows/package-scan.md +59 -0
package/deliver-great-systems/workflows/plan-phase.md +79 -1
package/deliver-great-systems/workflows/progress-all.md +133 -0
package/deliver-great-systems/workflows/quick-abandon.md +89 -0
package/deliver-great-systems/workflows/quick-complete.md +106 -0
package/deliver-great-systems/workflows/quick.md +328 -26
package/deliver-great-systems/workflows/refine-spec.md +1 -1
package/deliver-great-systems/workflows/research-idea.md +77 -139
package/deliver-great-systems/workflows/resume-project.md +2 -2
package/deliver-great-systems/workflows/run-job.md +29 -43
package/deliver-great-systems/workflows/settings.md +13 -77
package/deliver-great-systems/workflows/validate-phase.md +39 -1
package/deliver-great-systems/workflows/verify-work.md +14 -0
package/deliver-great-systems/workflows/write-spec.md +11 -13
package/hooks/dist/dgs-enforce-discipline.js +196 -0
package/package.json +1 -1
package/scripts/build-hooks.js +1 -0

package/deliver-great-systems/bin/lib/fixtures/package-scan/gate-parity-runresult.json ADDED Viewed

@@ -0,0 +1,235 @@
+{
+  "exit_code": 0,
+  "tool_per_target": {
+    "api": "snyk",
+    "worker": "pip-audit",
+    "_product_root": "npm-audit"
+  },
+  "repo_results": [
+    {
+      "repo": "api",
+      "ecosystem": "node",
+      "tool_used": "snyk",
+      "outcome": "ok",
+      "durationMs": 2400,
+      "findings": [
+        {
+          "id": "pkg-001",
+          "tool": "snyk",
+          "ecosystem": "node",
+          "repo": "api",
+          "manifest_path": "packages/api/package.json",
+          "package_name": "lodash",
+          "installed_version": "4.17.15",
+          "vulnerability": {
+            "cve": "CVE-2021-23337",
+            "title": "Command Injection in lodash",
+            "description": "Versions of lodash prior to 4.17.21 are vulnerable to Command Injection.",
+            "reference_url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
+          },
+          "severity": "high",
+          "cvss_score": 7.2,
+          "cvss_vector": null,
+          "direct_or_transitive": "direct",
+          "dependency_chain": [
+            { "name": "api", "version": "1.0.0" },
+            { "name": "lodash", "version": "4.17.15" }
+          ],
+          "chain_available": true,
+          "fix_version": "4.17.21",
+          "remediation": "upgrade to lodash@4.17.21",
+          "licence": null
+        },
+        {
+          "id": "pkg-002",
+          "tool": "snyk",
+          "ecosystem": "node",
+          "repo": "api",
+          "manifest_path": "packages/api/package.json",
+          "package_name": "gpl-licensed-dep",
+          "installed_version": "2.0.0",
+          "vulnerability": {
+            "cve": null,
+            "title": "Prototype Pollution in gpl-licensed-dep",
+            "description": "Multi-line\ndescription with\nembedded newlines.",
+            "reference_url": "https://example.com/advisory"
+          },
+          "severity": "moderate",
+          "cvss_score": null,
+          "cvss_vector": null,
+          "direct_or_transitive": "transitive",
+          "dependency_chain": null,
+          "chain_available": false,
+          "fix_version": null,
+          "remediation": null,
+          "licence": "GPL-3.0"
+        }
+      ]
+    },
+    {
+      "repo": "worker",
+      "ecosystem": "python",
+      "tool_used": "pip-audit",
+      "outcome": "ok",
+      "durationMs": 1800,
+      "findings": [
+        {
+          "id": "pkg-003",
+          "tool": "pip-audit",
+          "ecosystem": "python",
+          "repo": "worker",
+          "manifest_path": null,
+          "package_name": "requests",
+          "installed_version": "2.25.0",
+          "vulnerability": {
+            "cve": "CVE-2023-32681",
+            "title": "Unintended leak of Proxy-Authorization header",
+            "description": "Requests is a HTTP library.",
+            "reference_url": null
+          },
+          "severity": null,
+          "cvss_score": null,
+          "cvss_vector": null,
+          "direct_or_transitive": null,
+          "dependency_chain": null,
+          "chain_available": false,
+          "fix_version": "2.31.0",
+          "remediation": "pip install requests==2.31.0"
+        }
+      ]
+    },
+    {
+      "repo": "_product_root",
+      "ecosystem": "node",
+      "tool_used": "npm-audit",
+      "outcome": "ok",
+      "durationMs": 900,
+      "findings": [
+        {
+          "id": "pkg-004",
+          "tool": "npm-audit",
+          "ecosystem": "node",
+          "repo": "_product_root",
+          "manifest_path": null,
+          "package_name": "express",
+          "installed_version": "",
+          "vulnerability": {
+            "cve": null,
+            "title": "express Critical vulnerability",
+            "description": null,
+            "reference_url": "https://github.com/advisories/GHSA-xxxx"
+          },
+          "severity": "critical",
+          "cvss_score": 9.8,
+          "cvss_vector": null,
+          "direct_or_transitive": "direct",
+          "dependency_chain": null,
+          "chain_available": false,
+          "fix_version": null,
+          "remediation": null
+        }
+      ]
+    }
+  ],
+  "findings": [
+    {
+      "id": "pkg-001",
+      "tool": "snyk",
+      "ecosystem": "node",
+      "repo": "api",
+      "manifest_path": "packages/api/package.json",
+      "package_name": "lodash",
+      "installed_version": "4.17.15",
+      "vulnerability": {
+        "cve": "CVE-2021-23337",
+        "title": "Command Injection in lodash",
+        "description": "Versions of lodash prior to 4.17.21 are vulnerable to Command Injection.",
+        "reference_url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
+      },
+      "severity": "high",
+      "cvss_score": 7.2,
+      "cvss_vector": null,
+      "direct_or_transitive": "direct",
+      "dependency_chain": [
+        { "name": "api", "version": "1.0.0" },
+        { "name": "lodash", "version": "4.17.15" }
+      ],
+      "chain_available": true,
+      "fix_version": "4.17.21",
+      "remediation": "upgrade to lodash@4.17.21",
+      "licence": null
+    },
+    {
+      "id": "pkg-002",
+      "tool": "snyk",
+      "ecosystem": "node",
+      "repo": "api",
+      "manifest_path": "packages/api/package.json",
+      "package_name": "gpl-licensed-dep",
+      "installed_version": "2.0.0",
+      "vulnerability": {
+        "cve": null,
+        "title": "Prototype Pollution in gpl-licensed-dep",
+        "description": "Multi-line\ndescription with\nembedded newlines.",
+        "reference_url": "https://example.com/advisory"
+      },
+      "severity": "moderate",
+      "cvss_score": null,
+      "cvss_vector": null,
+      "direct_or_transitive": "transitive",
+      "dependency_chain": null,
+      "chain_available": false,
+      "fix_version": null,
+      "remediation": null,
+      "licence": "GPL-3.0"
+    },
+    {
+      "id": "pkg-003",
+      "tool": "pip-audit",
+      "ecosystem": "python",
+      "repo": "worker",
+      "manifest_path": null,
+      "package_name": "requests",
+      "installed_version": "2.25.0",
+      "vulnerability": {
+        "cve": "CVE-2023-32681",
+        "title": "Unintended leak of Proxy-Authorization header",
+        "description": "Requests is a HTTP library.",
+        "reference_url": null
+      },
+      "severity": null,
+      "cvss_score": null,
+      "cvss_vector": null,
+      "direct_or_transitive": null,
+      "dependency_chain": null,
+      "chain_available": false,
+      "fix_version": "2.31.0",
+      "remediation": "pip install requests==2.31.0"
+    },
+    {
+      "id": "pkg-004",
+      "tool": "npm-audit",
+      "ecosystem": "node",
+      "repo": "_product_root",
+      "manifest_path": null,
+      "package_name": "express",
+      "installed_version": "",
+      "vulnerability": {
+        "cve": null,
+        "title": "express Critical vulnerability",
+        "description": null,
+        "reference_url": "https://github.com/advisories/GHSA-xxxx"
+      },
+      "severity": "critical",
+      "cvss_score": 9.8,
+      "cvss_vector": null,
+      "direct_or_transitive": "direct",
+      "dependency_chain": null,
+      "chain_available": false,
+      "fix_version": null,
+      "remediation": null
+    }
+  ],
+  "skipped": [],
+  "diagnostics": []
+}

package/deliver-great-systems/bin/lib/fixtures/package-scan/govulncheck-import.json ADDED Viewed

@@ -0,0 +1,3 @@
+{"message":{"type":"osv","osv":{"id":"GO-2023-1878","summary":"Improper input validation in golang.org/x/net","details":"Uncontrolled recursion in golang.org/x/net/html can cause a denial of service.","aliases":["CVE-2023-3978"],"references":[{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2023-1878"},{"type":"FIX","url":"https://go.dev/cl/514896"}]}}}
+{"message":{"type":"finding","finding":{"osv":"GO-2023-1878","fixed_version":"v0.13.0","trace":[{"module":"example.com/myapp","version":"v0.1.0"},{"module":"golang.org/x/net","version":"v0.12.0","function":"html.Parse"}]}}}
+{"message":{"type":"finding","finding":{"osv":"GO-2023-1878","fixed_version":"v0.13.0","trace":[{"module":"golang.org/x/net","version":"v0.12.0","function":"html.Tokenize"}]}}}

package/deliver-great-systems/bin/lib/fixtures/package-scan/npm-audit-v10.json ADDED Viewed

@@ -0,0 +1,37 @@
+{
+  "auditReportVersion": 2,
+  "vulnerabilities": {
+    "lodash": {
+      "name": "lodash",
+      "severity": "high",
+      "isDirect": false,
+      "via": [
+        {
+          "source": 1523,
+          "name": "lodash",
+          "dependency": "lodash",
+          "title": "Prototype Pollution in lodash",
+          "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw",
+          "severity": "high",
+          "cwe": ["CWE-1321"],
+          "cvss": {
+            "score": 7.4,
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+          },
+          "range": "<4.17.21"
+        }
+      ],
+      "effects": [],
+      "range": "<4.17.21",
+      "nodes": ["node_modules/lodash"],
+      "fixAvailable": {
+        "name": "lodash",
+        "version": "4.17.21",
+        "isSemVerMajor": false
+      }
+    }
+  },
+  "metadata": {
+    "vulnerabilities": { "info": 0, "low": 0, "moderate": 0, "high": 1, "critical": 0, "total": 1 }
+  }
+}

package/deliver-great-systems/bin/lib/fixtures/package-scan/osv-clean.json ADDED Viewed

@@ -0,0 +1,3 @@
+{
+  "results": []
+}

package/deliver-great-systems/bin/lib/fixtures/package-scan/osv-vulns.json ADDED Viewed

@@ -0,0 +1,77 @@
+{
+  "results": [
+    {
+      "source": {
+        "path": "packages/api/package-lock.json",
+        "type": "lockfile"
+      },
+      "packages": [
+        {
+          "package": {
+            "name": "lodash",
+            "version": "4.17.20",
+            "ecosystem": "npm"
+          },
+          "vulnerabilities": [
+            {
+              "id": "GHSA-p6mc-m468-83gw",
+              "summary": "Prototype Pollution in lodash",
+              "details": "Versions of lodash prior to 4.17.21 are vulnerable to prototype pollution.",
+              "aliases": ["CVE-2020-8203"],
+              "severity": [
+                { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }
+              ],
+              "references": [
+                { "type": "WEB", "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw" }
+              ],
+              "affected": [
+                {
+                  "package": { "name": "lodash", "ecosystem": "npm" },
+                  "ranges": [
+                    {
+                      "type": "SEMVER",
+                      "events": [
+                        { "introduced": "0" },
+                        { "fixed": "4.17.21" }
+                      ]
+                    }
+                  ],
+                  "versions": ["4.17.20"]
+                }
+              ]
+            }
+          ]
+        },
+        {
+          "package": {
+            "name": "minimist",
+            "version": "1.2.0",
+            "ecosystem": "npm"
+          },
+          "vulnerabilities": [
+            {
+              "id": "GHSA-vh95-rmgr-6w4m",
+              "summary": "Prototype Pollution in minimist",
+              "details": "minimist before 1.2.3 is vulnerable.",
+              "aliases": ["CVE-2020-7598"],
+              "severity": [
+                { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }
+              ],
+              "references": [
+                { "type": "WEB", "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m" }
+              ],
+              "affected": [
+                {
+                  "package": { "name": "minimist", "ecosystem": "npm" },
+                  "ranges": [
+                    { "type": "SEMVER", "events": [{ "introduced": "0" }, { "fixed": "1.2.3" }] }
+                  ]
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

package/deliver-great-systems/bin/lib/fixtures/package-scan/pip-audit-requirements.json ADDED Viewed

@@ -0,0 +1,28 @@
+{
+  "dependencies": [
+    {
+      "name": "requests",
+      "version": "2.20.0",
+      "vulns": [
+        {
+          "id": "GHSA-x84v-xcm2-53pg",
+          "fix_versions": ["2.20.1", "2.21.0"],
+          "description": "Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon redirect.",
+          "aliases": ["CVE-2018-18074"]
+        }
+      ]
+    },
+    {
+      "name": "urllib3",
+      "version": "1.24.1",
+      "vulns": [
+        {
+          "id": "PYSEC-2019-132",
+          "fix_versions": ["1.24.2"],
+          "description": "urllib3 before 1.24.2 does not remove the Authorization header on cross-origin redirects.",
+          "aliases": ["CVE-2019-11324"]
+        }
+      ]
+    }
+  ]
+}

package/deliver-great-systems/bin/lib/fixtures/package-scan/snyk-lodash.json ADDED Viewed

@@ -0,0 +1,30 @@
+{
+  "ok": false,
+  "targetFile": "package.json",
+  "projectName": "your-app",
+  "displayTargetFile": "package.json",
+  "foundProjectCount": 1,
+  "vulnerabilities": [
+    {
+      "id": "SNYK-JS-LODASH-590103",
+      "title": "Prototype Pollution",
+      "description": "lodash is vulnerable to prototype pollution via zipObjectDeep.",
+      "packageName": "lodash",
+      "version": "4.17.20",
+      "severity": "critical",
+      "cvssScore": 9.8,
+      "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+      "identifiers": {
+        "CVE": ["CVE-2020-8203"],
+        "CWE": ["CWE-1321"]
+      },
+      "from": ["your-app@1.0.0", "auth-lib@2.3.1", "lodash@4.17.20"],
+      "upgradePath": [false, "auth-lib@2.3.2", "lodash@4.17.21"],
+      "fixedIn": ["4.17.21"],
+      "isUpgradable": true,
+      "isPatchable": false,
+      "url": "https://snyk.io/vuln/SNYK-JS-LODASH-590103",
+      "license": "MIT"
+    }
+  ]
+}

package/deliver-great-systems/bin/lib/fixtures/package-scan/snyk-workspaces.json ADDED Viewed

@@ -0,0 +1,55 @@
+{
+  "ok": false,
+  "projects": [
+    {
+      "targetFile": "packages/api/package.json",
+      "projectName": "api",
+      "vulnerabilities": [
+        {
+          "id": "SNYK-JS-LODASH-590103",
+          "title": "Prototype Pollution",
+          "packageName": "lodash",
+          "version": "4.17.20",
+          "severity": "critical",
+          "cvssScore": 9.8,
+          "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "identifiers": { "CVE": ["CVE-2020-8203"] },
+          "from": ["api@1.0.0", "lodash@4.17.20"],
+          "upgradePath": [false, "lodash@4.17.21"],
+          "fixedIn": ["4.17.21"],
+          "isUpgradable": true
+        },
+        {
+          "id": "SNYK-JS-MINIMIST-559764",
+          "title": "Prototype Pollution",
+          "packageName": "minimist",
+          "version": "1.2.0",
+          "severity": "medium",
+          "cvssScore": 5.6,
+          "identifiers": { "CVE": ["CVE-2020-7598"] },
+          "from": ["api@1.0.0", "mkdirp@0.5.1", "minimist@1.2.0"],
+          "fixedIn": ["1.2.3"],
+          "isUpgradable": true
+        }
+      ]
+    },
+    {
+      "targetFile": "packages/web/package.json",
+      "projectName": "web",
+      "vulnerabilities": [
+        {
+          "id": "SNYK-JS-AXIOS-1038255",
+          "title": "Server-Side Request Forgery",
+          "packageName": "axios",
+          "version": "0.21.0",
+          "severity": "high",
+          "cvssScore": 7.5,
+          "identifiers": { "CVE": ["CVE-2020-28168"] },
+          "from": ["web@1.0.0", "axios@0.21.0"],
+          "fixedIn": ["0.21.1"],
+          "isUpgradable": true
+        }
+      ]
+    }
+  ]
+}