@sentry/cli 1.74.5 → 1.75.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/checksums.txt +9 -9
- package/js/helper.js +17 -9
- package/js/logger.js +14 -0
- package/package.json +9 -7
- package/scripts/install.js +17 -17
- package/scripts/test-vercel-nft.js +27 -0
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,16 @@
|
|
|
2
2
|
|
|
3
3
|
"You know what they say. Fool me once, strike one, but fool me twice... strike three." — Michael Scott
|
|
4
4
|
|
|
5
|
+
## 1.75.0
|
|
6
|
+
|
|
7
|
+
- feat(backport): Replace `npmlog` dependency in order to avoid vulnerability (#1445)
|
|
8
|
+
|
|
9
|
+
## 1.74.6
|
|
10
|
+
|
|
11
|
+
### Various fixes & improvements
|
|
12
|
+
|
|
13
|
+
- feat: Replace usage of eval to obfuscate binary path from bundlers (#1375)
|
|
14
|
+
|
|
5
15
|
## 1.74.5
|
|
6
16
|
|
|
7
17
|
### Various fixes & improvements
|
package/checksums.txt
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
sentry-cli-Darwin-arm64=
|
|
2
|
-
sentry-cli-Darwin-universal=
|
|
3
|
-
sentry-cli-Darwin-x86_64=
|
|
4
|
-
sentry-cli-Linux-aarch64=
|
|
5
|
-
sentry-cli-Linux-armv7=
|
|
6
|
-
sentry-cli-Linux-i686=
|
|
7
|
-
sentry-cli-Linux-x86_64=
|
|
8
|
-
sentry-cli-Windows-i686.exe=
|
|
9
|
-
sentry-cli-Windows-x86_64.exe=
|
|
1
|
+
sentry-cli-Darwin-arm64=6b7cc7d3579ba5ff1595517ac665eafd21c749713f4569aad623acd464fc4804
|
|
2
|
+
sentry-cli-Darwin-universal=b64d948db80b4a462e54b869ea9e258c62d1a9facbfaa57c68756695dad9f41c
|
|
3
|
+
sentry-cli-Darwin-x86_64=5f7f8a35d36f96fb5c354a6b0c668cb6707a4ed5d535c155f9dcfb324cc76035
|
|
4
|
+
sentry-cli-Linux-aarch64=c93f55cae48e91495b0f13bc50ae8a057f76452b73c40752ab4aab30f4ef19ce
|
|
5
|
+
sentry-cli-Linux-armv7=c81b622bd11cf01228ece983f538ac2689b2dd49bf3ebb44ff605bf9e254ca32
|
|
6
|
+
sentry-cli-Linux-i686=b1a1ea42ed158935f84d783fe7c8efbb6ebc8615f441e6dd93380d3d4bc93257
|
|
7
|
+
sentry-cli-Linux-x86_64=19b4c6d3bcb65df151a22aa188bae4804c8a7b8dcd4051893125781188b43f5f
|
|
8
|
+
sentry-cli-Windows-i686.exe=2040dc25c0349d7d542a53a2a4d83a249873b07980c6a384ac91c4d265ffbb43
|
|
9
|
+
sentry-cli-Windows-x86_64.exe=691d7e2bf77b1ac097d9f3c31be7478e7ae936383d5e2704cfdc884ffcdaf8d3
|
package/js/helper.js
CHANGED
|
@@ -1,21 +1,29 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
const path = require('path');
|
|
3
4
|
const childProcess = require('child_process');
|
|
4
5
|
|
|
5
6
|
/**
|
|
6
|
-
*
|
|
7
|
-
* @
|
|
7
|
+
* This convoluted function resolves the path to the `sentry-cli` binary in a
|
|
8
|
+
* way that can't be analysed by @vercel/nft.
|
|
9
|
+
*
|
|
10
|
+
* Without this, the binary can be detected as an asset and included by bundlers
|
|
11
|
+
* that use @vercel/nft.
|
|
12
|
+
* @returns {string} The path to the sentry-cli binary
|
|
8
13
|
*/
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
);
|
|
14
|
+
function getBinaryPath() {
|
|
15
|
+
const parts = [];
|
|
16
|
+
parts.push(__dirname);
|
|
17
|
+
parts.push('..');
|
|
18
|
+
parts.push(`sentry-cli${process.platform === 'win32' ? '.exe' : ''}`);
|
|
19
|
+
return path.resolve(...parts);
|
|
20
|
+
}
|
|
12
21
|
|
|
13
22
|
/**
|
|
14
|
-
*
|
|
15
|
-
*
|
|
16
|
-
* ref: https://github.com/getsentry/sentry-javascript/issues/3865
|
|
17
|
-
* ref: https://github.com/vercel/nft/issues/203
|
|
23
|
+
* Absolute path to the sentry-cli binary (platform dependent).
|
|
24
|
+
* @type {string}
|
|
18
25
|
*/
|
|
26
|
+
let binaryPath = getBinaryPath();
|
|
19
27
|
|
|
20
28
|
/**
|
|
21
29
|
* Overrides the default binary path with a mock value, useful for testing.
|
package/js/logger.js
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
const format = require('util').format;
|
|
4
|
+
|
|
5
|
+
module.exports = class Logger {
|
|
6
|
+
constructor(stream) {
|
|
7
|
+
this.stream = stream;
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
log() {
|
|
11
|
+
const message = format(...arguments);
|
|
12
|
+
this.stream.write(`[sentry-cli] ${message}\n`);
|
|
13
|
+
}
|
|
14
|
+
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sentry/cli",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.75.0",
|
|
4
4
|
"description": "A command line utility to work with Sentry. https://docs.sentry.io/hosted/learn/cli/",
|
|
5
5
|
"homepage": "https://docs.sentry.io/hosted/learn/cli/",
|
|
6
6
|
"license": "BSD-3-Clause",
|
|
@@ -28,22 +28,23 @@
|
|
|
28
28
|
"fix": "npm-run-all fix:eslint fix:prettier",
|
|
29
29
|
"fix:eslint": "eslint --fix bin/* scripts/**/*.js js/**/*.js",
|
|
30
30
|
"fix:prettier": "prettier --write bin/* scripts/**/*.js js/**/*.js",
|
|
31
|
-
"test": "npm-run-all test:jest test:eslint test:prettier",
|
|
31
|
+
"test": "npm-run-all test:jest test:eslint test:prettier test:vercel-nft",
|
|
32
32
|
"test:jest": "jest",
|
|
33
33
|
"test:watch": "jest --watch --notify",
|
|
34
34
|
"test:eslint": "eslint bin/* scripts/**/*.js js/**/*.js",
|
|
35
|
-
"test:prettier": "prettier --check bin/* scripts/**/*.js js/**/*.js"
|
|
35
|
+
"test:prettier": "prettier --check bin/* scripts/**/*.js js/**/*.js",
|
|
36
|
+
"test:vercel-nft": "node scripts/test-vercel-nft.js"
|
|
36
37
|
},
|
|
37
38
|
"dependencies": {
|
|
38
39
|
"https-proxy-agent": "^5.0.0",
|
|
39
40
|
"mkdirp": "^0.5.5",
|
|
40
41
|
"node-fetch": "^2.6.7",
|
|
41
|
-
"npmlog": "^4.1.2",
|
|
42
42
|
"progress": "^2.0.3",
|
|
43
43
|
"proxy-from-env": "^1.1.0",
|
|
44
44
|
"which": "^2.0.2"
|
|
45
45
|
},
|
|
46
46
|
"devDependencies": {
|
|
47
|
+
"@vercel/nft": "^0.22.1",
|
|
47
48
|
"eslint": "^6.8.0",
|
|
48
49
|
"eslint-config-airbnb-base": "^14.1.0",
|
|
49
50
|
"eslint-config-prettier": "^6.10.1",
|
|
@@ -52,14 +53,15 @@
|
|
|
52
53
|
"npm-run-all": "^4.1.5",
|
|
53
54
|
"prettier": "^1.19.1"
|
|
54
55
|
},
|
|
55
|
-
"resolutions": {
|
|
56
|
-
"npmlog/**/ansi-regex": "^3.0.1"
|
|
57
|
-
},
|
|
58
56
|
"jest": {
|
|
59
57
|
"collectCoverage": true,
|
|
60
58
|
"testEnvironment": "node",
|
|
61
59
|
"testPathIgnorePatterns": [
|
|
62
60
|
"src/utils"
|
|
63
61
|
]
|
|
62
|
+
},
|
|
63
|
+
"volta": {
|
|
64
|
+
"node": "10.24.1",
|
|
65
|
+
"yarn": "1.22.19"
|
|
64
66
|
}
|
|
65
67
|
}
|
package/scripts/install.js
CHANGED
|
@@ -17,17 +17,11 @@ const ProgressBar = require('progress');
|
|
|
17
17
|
const Proxy = require('proxy-from-env');
|
|
18
18
|
// NOTE: Can be dropped in favor of `fs.mkdirSync(path, { recursive: true })` once we stop supporting Node 8.x
|
|
19
19
|
const mkdirp = require('mkdirp');
|
|
20
|
-
const npmLog = require('npmlog');
|
|
21
20
|
const which = require('which');
|
|
22
21
|
|
|
23
22
|
const helper = require('../js/helper');
|
|
24
23
|
const pkgInfo = require('../package.json');
|
|
25
|
-
|
|
26
|
-
const CDN_URL =
|
|
27
|
-
process.env.SENTRYCLI_LOCAL_CDNURL ||
|
|
28
|
-
process.env.npm_config_sentrycli_cdnurl ||
|
|
29
|
-
process.env.SENTRYCLI_CDNURL ||
|
|
30
|
-
'https://downloads.sentry-cdn.com/sentry-cli';
|
|
24
|
+
const Logger = require('../js/logger');
|
|
31
25
|
|
|
32
26
|
function getLogStream(defaultStream) {
|
|
33
27
|
const logStream = process.env.SENTRYCLI_LOG_STREAM || defaultStream;
|
|
@@ -45,6 +39,14 @@ function getLogStream(defaultStream) {
|
|
|
45
39
|
);
|
|
46
40
|
}
|
|
47
41
|
|
|
42
|
+
const logger = new Logger(getLogStream('stderr'));
|
|
43
|
+
|
|
44
|
+
const CDN_URL =
|
|
45
|
+
process.env.SENTRYCLI_LOCAL_CDNURL ||
|
|
46
|
+
process.env.npm_config_sentrycli_cdnurl ||
|
|
47
|
+
process.env.SENTRYCLI_CDNURL ||
|
|
48
|
+
'https://downloads.sentry-cdn.com/sentry-cli';
|
|
49
|
+
|
|
48
50
|
function shouldRenderProgressBar() {
|
|
49
51
|
const silentFlag = process.argv.some(v => v === '--silent');
|
|
50
52
|
const silentConfig = process.env.npm_config_loglevel === 'silent';
|
|
@@ -165,14 +167,14 @@ function validateChecksum(tempPath, name) {
|
|
|
165
167
|
}
|
|
166
168
|
}
|
|
167
169
|
} catch (e) {
|
|
168
|
-
|
|
170
|
+
logger.log(
|
|
169
171
|
'Checksums are generated when the package is published to npm. They are not available directly in the source repository. Skipping validation.'
|
|
170
172
|
);
|
|
171
173
|
return;
|
|
172
174
|
}
|
|
173
175
|
|
|
174
176
|
if (!storedHash) {
|
|
175
|
-
|
|
177
|
+
logger.log(`Checksum for ${name} not found, skipping validation.`);
|
|
176
178
|
return;
|
|
177
179
|
}
|
|
178
180
|
|
|
@@ -187,7 +189,7 @@ function validateChecksum(tempPath, name) {
|
|
|
187
189
|
`Checksum validation for ${name} failed.\nExpected: ${storedHash}\nReceived: ${currentHash}`
|
|
188
190
|
);
|
|
189
191
|
} else {
|
|
190
|
-
|
|
192
|
+
logger.log('Checksum validation passed.');
|
|
191
193
|
}
|
|
192
194
|
}
|
|
193
195
|
|
|
@@ -199,7 +201,7 @@ function downloadBinary() {
|
|
|
199
201
|
if (process.env.SENTRYCLI_USE_LOCAL === '1') {
|
|
200
202
|
try {
|
|
201
203
|
const binPath = which.sync('sentry-cli');
|
|
202
|
-
|
|
204
|
+
logger.log(`Using local binary: ${binPath}`);
|
|
203
205
|
fs.copyFileSync(binPath, outputPath);
|
|
204
206
|
return Promise.resolve();
|
|
205
207
|
} catch (e) {
|
|
@@ -217,7 +219,7 @@ function downloadBinary() {
|
|
|
217
219
|
|
|
218
220
|
const cachedPath = getCachedPath(downloadUrl);
|
|
219
221
|
if (fs.existsSync(cachedPath)) {
|
|
220
|
-
|
|
222
|
+
logger.log(`Using cached binary: ${cachedPath}`);
|
|
221
223
|
fs.copyFileSync(cachedPath, outputPath);
|
|
222
224
|
return Promise.resolve();
|
|
223
225
|
}
|
|
@@ -225,10 +227,10 @@ function downloadBinary() {
|
|
|
225
227
|
const proxyUrl = Proxy.getProxyForUrl(downloadUrl);
|
|
226
228
|
const agent = proxyUrl ? new HttpsProxyAgent(proxyUrl) : null;
|
|
227
229
|
|
|
228
|
-
|
|
230
|
+
logger.log(`Downloading from ${downloadUrl}`);
|
|
229
231
|
|
|
230
232
|
if (proxyUrl) {
|
|
231
|
-
|
|
233
|
+
logger.log(`Using proxy URL: ${proxyUrl}`);
|
|
232
234
|
}
|
|
233
235
|
|
|
234
236
|
return fetch(downloadUrl, {
|
|
@@ -316,10 +318,8 @@ if (process.env.SENTRYCLI_LOCAL_CDNURL) {
|
|
|
316
318
|
process.on('exit', () => server.close());
|
|
317
319
|
}
|
|
318
320
|
|
|
319
|
-
npmLog.stream = getLogStream('stderr');
|
|
320
|
-
|
|
321
321
|
if (process.env.SENTRYCLI_SKIP_DOWNLOAD === '1') {
|
|
322
|
-
|
|
322
|
+
logger.log(`Skipping download because SENTRYCLI_SKIP_DOWNLOAD=1 detected.`);
|
|
323
323
|
process.exit(0);
|
|
324
324
|
}
|
|
325
325
|
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
const major = process.versions.node.split('.')[0];
|
|
2
|
+
|
|
3
|
+
// @vercel/nft doe not support Node.js v8
|
|
4
|
+
if (major < 10) {
|
|
5
|
+
process.exit(0);
|
|
6
|
+
}
|
|
7
|
+
|
|
8
|
+
// eslint-disable-next-line import/no-extraneous-dependencies
|
|
9
|
+
const { nodeFileTrace } = require('@vercel/nft');
|
|
10
|
+
|
|
11
|
+
const entryPoint = require.resolve('..');
|
|
12
|
+
|
|
13
|
+
// Trace the module entrypoint
|
|
14
|
+
nodeFileTrace([entryPoint]).then(result => {
|
|
15
|
+
// eslint-disable-next-line no-console
|
|
16
|
+
console.log('@vercel/nft traced dependencies:', Array.from(result.fileList));
|
|
17
|
+
|
|
18
|
+
// If either binary is picked up, fail the test
|
|
19
|
+
if (result.fileList.has('sentry-cli') || result.fileList.has('sentry-cli.exe')) {
|
|
20
|
+
// eslint-disable-next-line no-console
|
|
21
|
+
console.error('ERROR: The sentry-cli binary should not be found by @vercel/nft');
|
|
22
|
+
process.exit(-1);
|
|
23
|
+
} else {
|
|
24
|
+
// eslint-disable-next-line no-console
|
|
25
|
+
console.log('The sentry-cli binary was not traced by @vercel/nft');
|
|
26
|
+
}
|
|
27
|
+
});
|