@socketsecurity/cli-with-sentry 0.14.46 → 0.14.48

package/dist/module-sync/edge.d.ts

@@ -41,7 +41,6 @@ declare const Edge: EdgeClass;
 declare class SafeEdge extends Edge {
     #private;
     constructor(options: EdgeOptions);
-    get accept(): string | undefined;
     get bundled(): boolean;
     get error(): "DETACHED" | "MISSING" | "PEER LOCAL" | "INVALID" | null;
     get from(): SafeNode | null;

package/dist/module-sync/index.d.ts

@@ -31,21 +31,21 @@ interface OverrideSetClass {
     isEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
 }
 declare const OverrideSet: OverrideSetClass;
-// Implementation code not related to patch https://github.com/npm/cli/pull/7025
+// Implementation code not related to patch https://github.com/npm/cli/pull/8089
 // is based on https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/override-set.js:
 declare class SafeOverrideSet extends OverrideSet {
     // Patch adding doOverrideSetsConflict is based on
-    // https://github.com/npm/cli/pull/7025.
+    // https://github.com/npm/cli/pull/8089.
     static doOverrideSetsConflict(first: SafeOverrideSet | undefined, second: SafeOverrideSet | undefined): boolean;
     // Patch adding findSpecificOverrideSet is based on
-    // https://github.com/npm/cli/pull/7025.
+    // https://github.com/npm/cli/pull/8089.
     static findSpecificOverrideSet(first: SafeOverrideSet | undefined, second: SafeOverrideSet | undefined): SafeOverrideSet | undefined;
     // Patch adding childrenAreEqual is based on
-    // https://github.com/npm/cli/pull/7025.
+    // https://github.com/npm/cli/pull/8089.
     childrenAreEqual(otherOverrideSet: SafeOverrideSet): boolean;
     getEdgeRule(edge: SafeEdge): SafeOverrideSet;
     // Patch adding isEqual is based on
-    // https://github.com/npm/cli/pull/7025.
+    // https://github.com/npm/cli/pull/8089.
     isEqual(otherOverrideSet: SafeOverrideSet | undefined): boolean;
 }
 declare const depValid: (child: SafeNode, requested: string, accept: string | undefined, requester: SafeNode) => boolean;

package/dist/module-sync/index.js

@@ -270,7 +270,7 @@ async function setupSdk(apiToken = getDefaultToken(), apiBaseUrl = getDefaultApi
 }
 
 const {
-  LOOP_SENTINEL: LOOP_SENTINEL$2,
+  LOOP_SENTINEL: LOOP_SENTINEL$1,
   NPM_REGISTRY_URL: NPM_REGISTRY_URL$1
 } = constants;
 function getUrlOrigin(input) {
@@ -298,7 +298,7 @@ function getPackagesToQueryFromDiff(diff_, options) {
     length: queueLength
   } = queue;
   while (pos < queueLength) {
-    if (pos === LOOP_SENTINEL$2) {
+    if (pos === LOOP_SENTINEL$1) {
       throw new Error('Detected infinite loop while walking Arborist diff');
     }
     const diff = queue[pos++];
@@ -779,39 +779,32 @@ function getLogger() {
   return _log;
 }
 
-const {
-  LOOP_SENTINEL: LOOP_SENTINEL$1
-} = constants;
 const OverrideSet = require(npmPaths.getArboristOverrideSetClassPath());
 
-// Implementation code not related to patch https://github.com/npm/cli/pull/7025
+// Implementation code not related to patch https://github.com/npm/cli/pull/8089
 // is based on https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/override-set.js:
 class SafeOverrideSet extends OverrideSet {
   // Patch adding doOverrideSetsConflict is based on
-  // https://github.com/npm/cli/pull/7025.
+  // https://github.com/npm/cli/pull/8089.
   static doOverrideSetsConflict(first, second) {
-    // If override sets contain one another then we can try to use the more specific
-    // one. However, if neither one is more specific, then we consider them to be
-    // in conflict.
+    // If override sets contain one another then we can try to use the more
+    // specific one. If neither one is more specific, then we consider them to
+    // be in conflict.
     return this.findSpecificOverrideSet(first, second) === undefined;
   }
 
   // Patch adding findSpecificOverrideSet is based on
-  // https://github.com/npm/cli/pull/7025.
+  // https://github.com/npm/cli/pull/8089.
   static findSpecificOverrideSet(first, second) {
-    let overrideSet = second;
-    while (overrideSet) {
+    for (let overrideSet = second; overrideSet; overrideSet = overrideSet.parent) {
       if (overrideSet.isEqual(first)) {
         return second;
       }
-      overrideSet = overrideSet.parent;
     }
-    overrideSet = first;
-    while (overrideSet) {
+    for (let overrideSet = first; overrideSet; overrideSet = overrideSet.parent) {
       if (overrideSet.isEqual(second)) {
         return first;
       }
-      overrideSet = overrideSet.parent;
     }
     // The override sets are incomparable. Neither one contains the other.
     const log = getLogger();
@@ -820,40 +813,24 @@ class SafeOverrideSet extends OverrideSet {
   }
 
   // Patch adding childrenAreEqual is based on
-  // https://github.com/npm/cli/pull/7025.
+  // https://github.com/npm/cli/pull/8089.
   childrenAreEqual(otherOverrideSet) {
-    const queue = [[this, otherOverrideSet]];
-    let pos = 0;
-    let {
-      length: queueLength
-    } = queue;
-    while (pos < queueLength) {
-      if (pos === LOOP_SENTINEL$1) {
-        throw new Error('Detected infinite loop while comparing override sets');
+    if (this.children.size !== otherOverrideSet.children.size) {
+      return false;
+    }
+    for (const {
+      0: key,
+      1: childOverrideSet
+    } of this.children) {
+      const otherChildOverrideSet = otherOverrideSet.children.get(key);
+      if (!otherChildOverrideSet) {
+        return false;
       }
-      const {
-        0: currSet,
-        1: currOtherSet
-      } = queue[pos++];
-      const {
-        children
-      } = currSet;
-      const {
-        children: otherChildren
-      } = currOtherSet;
-      if (children.size !== otherChildren.size) {
+      if (childOverrideSet.value !== otherChildOverrideSet.value) {
         return false;
       }
-      for (const key of children.keys()) {
-        if (!otherChildren.has(key)) {
-          return false;
-        }
-        const child = children.get(key);
-        const otherChild = otherChildren.get(key);
-        if (child.value !== otherChild.value) {
-          return false;
-        }
-        queue[queueLength++] = [child, otherChild];
+      if (!childOverrideSet.childrenAreEqual(otherChildOverrideSet)) {
+        return false;
       }
     }
     return true;
@@ -869,22 +846,23 @@ class SafeOverrideSet extends OverrideSet {
       }
       // Patch replacing
       // let spec = npa(`${edge.name}@${edge.spec}`)
-      // is based on https://github.com/npm/cli/pull/7025.
+      // is based on https://github.com/npm/cli/pull/8089.
       //
       // We need to use the rawSpec here, because the spec has the overrides
-      // applied to it already.
-      let spec = npa(`${edge.name}@${edge.rawSpec}`);
+      // applied to it already. The rawSpec can be undefined, so we need to use
+      // the fallback value of spec if it is.
+      let spec = npa(`${edge.name}@${edge.rawSpec || edge.spec}`);
       if (spec.type === 'alias') {
         spec = spec.subSpec;
       }
       if (spec.type === 'git') {
-        if (spec.gitRange && rule.keySpec && semver.intersects(spec.gitRange, rule.keySpec)) {
+        if (spec.gitRange && semver.intersects(spec.gitRange, rule.keySpec)) {
           return rule;
         }
         continue;
       }
       if (spec.type === 'range' || spec.type === 'version') {
-        if (rule.keySpec && semver.intersects(spec.fetchSpec, rule.keySpec)) {
+        if (semver.intersects(spec.fetchSpec, rule.keySpec)) {
           return rule;
         }
         continue;
@@ -898,7 +876,7 @@ class SafeOverrideSet extends OverrideSet {
   }
 
   // Patch adding isEqual is based on
-  // https://github.com/npm/cli/pull/7025.
+  // https://github.com/npm/cli/pull/8089.
   isEqual(otherOverrideSet) {
     if (this === otherOverrideSet) {
       return true;
@@ -921,7 +899,7 @@ class SafeOverrideSet extends OverrideSet {
 
 const Node = require(npmPaths.getArboristNodeClassPath());
 
-// Implementation code not related to patch https://github.com/npm/cli/pull/7025
+// Implementation code not related to patch https://github.com/npm/cli/pull/8089
 // is based on https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/node.js:
 class SafeNode extends Node {
   // Return true if it's safe to remove this node, because anything that is
@@ -957,7 +935,7 @@ class SafeNode extends Node {
     // if (preferDedupe || semver.gte(other.version, this.version)) {
     //   return true
     // }
-    // is based on https://github.com/npm/cli/pull/7025.
+    // is based on https://github.com/npm/cli/pull/8089.
     //
     // If we prefer dedupe, or if the version is equal, take the other.
     if (preferDedupe || semver.eq(other.version, this.version)) {
@@ -988,7 +966,7 @@ class SafeNode extends Node {
     // if (node.overrides !== this.overrides) {
     //   return false
     // }
-    // is based on https://github.com/npm/cli/pull/7025.
+    // is based on https://github.com/npm/cli/pull/8089.
     //
     // If this node has no dependencies, then it's irrelevant to check the
     // override rules of the replacement node.
@@ -1023,7 +1001,7 @@ class SafeNode extends Node {
     return result;
   }
 
-  // Patch adding deleteEdgeIn is based on https://github.com/npm/cli/pull/7025.
+  // Patch adding deleteEdgeIn is based on https://github.com/npm/cli/pull/8089.
   deleteEdgeIn(edge) {
     this.edgesIn.delete(edge);
     const {
@@ -1038,7 +1016,7 @@ class SafeNode extends Node {
     // if (edge.overrides) {
     //   this.overrides = edge.overrides
     // }
-    // is based on https://github.com/npm/cli/pull/7025.
+    // is based on https://github.com/npm/cli/pull/8089.
     //
     // We need to handle the case where the new edge in has an overrides field
     // which is different from the current value.
@@ -1054,26 +1032,51 @@ class SafeNode extends Node {
   get overridden() {
     // Patch replacing
     // return !!(this.overrides && this.overrides.value && this.overrides.name === this.name)
-    // is based on https://github.com/npm/cli/pull/7025.
+    // is based on https://github.com/npm/cli/pull/8089.
     if (!this.overrides || !this.overrides.value || this.overrides.name !== this.name) {
       return false;
     }
-    // The overrides rule is for a package with this name, but some override rules
-    // only apply to specific versions. To make sure this package was actually
-    // overridden, we check whether any edge going in had the rule applied to it,
-    // in which case its overrides set is different than its source node.
+    // The overrides rule is for a package with this name, but some override
+    // rules only apply to specific versions. To make sure this package was
+    // actually overridden, we check whether any edge going in had the rule
+    // applied to it, in which case its overrides set is different than its
+    // source node.
     for (const edge of this.edgesIn) {
       if (edge.overrides && edge.overrides.name === this.name && edge.overrides.value === this.version) {
-        if (!edge.overrides?.isEqual(edge.from?.overrides)) {
+        if (!edge.overrides.isEqual(edge.from?.overrides)) {
           return true;
         }
       }
     }
     return false;
   }
+  set parent(newParent) {
+    // Patch removing
+    // if (parent.overrides) {
+    //   this.overrides = parent.overrides.getNodeRule(this)
+    // }
+    // is based on https://github.com/npm/cli/pull/8089.
+    //
+    // The "parent" setter is a really large and complex function. To satisfy
+    // the patch we hold on to the old overrides value and set `this.overrides`
+    // to `undefined` so that the condition we want to remove is not hit.
+    const {
+      overrides
+    } = this;
+    if (overrides) {
+      this.overrides = undefined;
+    }
+    try {
+      super.parent = newParent;
+      this.overrides = overrides;
+    } catch (e) {
+      this.overrides = overrides;
+      throw e;
+    }
+  }
 
   // Patch adding recalculateOutEdgesOverrides is based on
-  // https://github.com/npm/cli/pull/7025.
+  // https://github.com/npm/cli/pull/8089.
   recalculateOutEdgesOverrides() {
     // For each edge out propagate the new overrides through.
     for (const edge of this.edgesOut.values()) {
@@ -1090,13 +1093,11 @@ class SafeNode extends Node {
     // if (!this.overrides && this.parent && this.parent.overrides) {
     //   this.overrides = this.parent.overrides.getNodeRule(this)
     // }
-    // is based on https://github.com/npm/cli/pull/7025.
+    // is based on https://github.com/npm/cli/pull/8089.
     //
     // The "root" setter is a really large and complex function. To satisfy the
     // patch we add a dummy value to `this.overrides` so that the condition we
-    // want to remove,
-    // if (!this.overrides && this.parent && this.parent.overrides) {
-    // , is not hit.
+    // want to remove is not hit.
     if (!this.overrides) {
       this.overrides = new SafeOverrideSet({
         overrides: ''
@@ -1197,7 +1198,7 @@ const Edge = require(npmPaths.getArboristEdgeClassPath());
 // The Edge class makes heavy use of private properties which subclasses do NOT
 // have access to. So we have to recreate any functionality that relies on those
 // private properties and use our own "safe" prefixed non-conflicting private
-// properties. Implementation code not related to patch https://github.com/npm/cli/pull/7025
+// properties. Implementation code not related to patch https://github.com/npm/cli/pull/8089
 // is based on https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/edge.js.
 //
 // The npm application
@@ -1206,39 +1207,26 @@ const Edge = require(npmPaths.getArboristEdgeClassPath());
 //
 // An edge in the dependency graph.
 // Represents a dependency relationship of some kind.
-const initializedSafeEdges = new WeakSet();
 class SafeEdge extends Edge {
-  #safeAccept;
   #safeError;
   #safeExplanation;
   #safeFrom;
-  #safeName;
   #safeTo;
   constructor(options) {
     const {
-      accept,
-      from,
-      name
+      from
     } = options;
     // Defer to supper to validate options and assign non-private values.
     super(options);
-    if (accept !== undefined) {
-      this.#safeAccept = accept || '*';
-    }
     if (from.constructor !== SafeNode) {
       Reflect.setPrototypeOf(from, SafeNode.prototype);
     }
     this.#safeError = null;
     this.#safeExplanation = null;
     this.#safeFrom = from;
-    this.#safeName = name;
     this.#safeTo = null;
-    initializedSafeEdges.add(this);
     this.reload(true);
   }
-  get accept() {
-    return this.#safeAccept;
-  }
   get bundled() {
     return !!this.#safeFrom?.package?.bundleDependencies?.includes(this.name);
   }
@@ -1250,13 +1238,16 @@ class SafeEdge extends Edge {
         } else {
           this.#safeError = 'MISSING';
         }
-      } else if (this.peer && this.#safeFrom === this.#safeTo.parent && !this.#safeFrom?.isTop) {
+      } else if (this.peer && this.#safeFrom === this.#safeTo.parent &&
+      // Patch adding "?." use based on
+      // https://github.com/npm/cli/pull/8089.
+      !this.#safeFrom?.isTop) {
         this.#safeError = 'PEER LOCAL';
       } else if (!this.satisfiedBy(this.#safeTo)) {
         this.#safeError = 'INVALID';
       }
       // Patch adding "else if" condition is based on
-      // https://github.com/npm/cli/pull/7025.
+      // https://github.com/npm/cli/pull/8089.
       else if (this.overrides && this.#safeTo.edgesOut.size && SafeOverrideSet.doOverrideSetsConflict(this.overrides, this.#safeTo.overrides)) {
         // Any inconsistency between the edge's override set and the target's
         // override set is potentially problematic. But we only say the edge is
@@ -1282,20 +1273,14 @@ class SafeEdge extends Edge {
   // @ts-ignore: Incorrectly typed as a property instead of an accessor.
   get spec() {
     if (this.overrides?.value && this.overrides.value !== '*' && this.overrides.name === this.name) {
-      // Patch adding "if" condition is based on
-      // https://github.com/npm/cli/pull/7025.
-      //
-      // If this edge has the same overrides field as the source, then we're not
-      // applying an override for this edge.
-      if (this.overrides === this.#safeFrom?.overrides) {
-        // The Edge rawSpec getter will retrieve the private Edge #spec property.
-        return this.rawSpec;
-      }
       if (this.overrides.value.startsWith('$')) {
         const ref = this.overrides.value.slice(1);
         // We may be a virtual root, if we are we want to resolve reference
         // overrides from the real root, not the virtual one.
-        const pkg = this.#safeFrom?.sourceReference ? this.#safeFrom.sourceReference.root.package : this.#safeFrom?.root?.package;
+        //
+        // Patch adding "?." use based on
+        // https://github.com/npm/cli/pull/8089.
+        const pkg = this.#safeFrom?.sourceReference ? this.#safeFrom?.sourceReference.root.package : this.#safeFrom?.root?.package;
         if (pkg?.devDependencies?.[ref]) {
           return pkg.devDependencies[ref];
         }
@@ -1322,10 +1307,11 @@ class SafeEdge extends Edge {
   detach() {
     this.#safeExplanation = null;
     // Patch replacing
-    // if (this.#safeTo) {
-    //   this.#safeTo.edgesIn.delete(this)
+    // if (this.#to) {
+    //   this.#to.edgesIn.delete(this)
     // }
-    // is based on https://github.com/npm/cli/pull/7025.
+    // this.#from.edgesOut.delete(this.#name)
+    // is based on https://github.com/npm/cli/pull/8089.
     this.#safeTo?.deleteEdgeIn(this);
     this.#safeFrom?.edgesOut.delete(this.name);
     this.#safeTo = null;
@@ -1365,38 +1351,34 @@ class SafeEdge extends Edge {
     return this.#safeExplanation;
   }
   reload(hard = false) {
-    if (!initializedSafeEdges.has(this)) {
-      // Skip if called during super constructor.
-      return;
-    }
     this.#safeExplanation = null;
-    // Patch adding newOverrideSet and oldOverrideSet is based on
-    // https://github.com/npm/cli/pull/7025.
+    // Patch replacing
+    // if (this.#from.overrides) {
+    // is based on https://github.com/npm/cli/pull/8089.
+    let needToUpdateOverrideSet = false;
     let newOverrideSet;
     let oldOverrideSet;
     if (this.#safeFrom?.overrides) {
-      // Patch replacing
-      // this.overrides = this.#safeFrom.overrides.getEdgeRule(this)
-      // is based on https://github.com/npm/cli/pull/7025.
-      const newOverrideSet = this.#safeFrom.overrides.getEdgeRule(this);
+      newOverrideSet = this.#safeFrom.overrides.getEdgeRule(this);
       if (newOverrideSet && !newOverrideSet.isEqual(this.overrides)) {
         // If there's a new different override set we need to propagate it to
         // the nodes. If we're deleting the override set then there's no point
         // propagating it right now since it will be filled with another value
         // later.
+        needToUpdateOverrideSet = true;
         oldOverrideSet = this.overrides;
         this.overrides = newOverrideSet;
       }
     } else {
       this.overrides = undefined;
     }
+    // Patch adding "?." use based on
+    // https://github.com/npm/cli/pull/8089.
     const newTo = this.#safeFrom?.resolve(this.name);
     if (newTo !== this.#safeTo) {
       // Patch replacing
-      // if (this.#safeTo) {
-      //   this.#safeTo.edgesIn.delete(this)
-      // }
-      // is based on https://github.com/npm/cli/pull/7025.
+      // this.#to.edgesIn.delete(this)
+      // is based on https://github.com/npm/cli/pull/8089.
       this.#safeTo?.deleteEdgeIn(this);
       this.#safeTo = newTo ?? null;
       this.#safeError = null;
@@ -1405,8 +1387,8 @@ class SafeEdge extends Edge {
       this.#safeError = null;
     }
     // Patch adding "else if" condition based on
-    // https://github.com/npm/cli/pull/7025.
-    else if (oldOverrideSet) {
+    // https://github.com/npm/cli/pull/8089.
+    else if (needToUpdateOverrideSet && this.#safeTo) {
       // Propagate the new override set to the target node.
       this.#safeTo.updateOverridesEdgeInRemoved(oldOverrideSet);
       this.#safeTo.updateOverridesEdgeInAdded(newOverrideSet);
@@ -1417,42 +1399,43 @@ class SafeEdge extends Edge {
     // if (node.name !== this.#name) {
     //   return false
     // }
-    // is based on https://github.com/npm/cli/pull/7025.
-    if (node.name !== this.#safeName || !this.#safeFrom) {
+    // is based on https://github.com/npm/cli/pull/8089.
+    if (node.name !== this.name || !this.#safeFrom) {
       return false;
     }
     // NOTE: this condition means we explicitly do not support overriding
     // bundled or shrinkwrapped dependencies
     if (node.hasShrinkwrap || node.inShrinkwrap || node.inBundle) {
-      return depValid(node, this.rawSpec, this.#safeAccept, this.#safeFrom);
+      return depValid(node, this.rawSpec, this.accept, this.#safeFrom);
     }
     // Patch replacing
     // return depValid(node, this.spec, this.#accept, this.#from)
-    // is based on https://github.com/npm/cli/pull/7025.
+    // is based on https://github.com/npm/cli/pull/8089.
     //
     // If there's no override we just use the spec.
     if (!this.overrides?.keySpec) {
-      return depValid(node, this.spec, this.#safeAccept, this.#safeFrom);
+      return depValid(node, this.spec, this.accept, this.#safeFrom);
     }
     // There's some override. If the target node satisfies the overriding spec
     // then it's okay.
-    if (depValid(node, this.spec, this.#safeAccept, this.#safeFrom)) {
+    if (depValid(node, this.spec, this.accept, this.#safeFrom)) {
       return true;
     }
     // If it doesn't, then it should at least satisfy the original spec.
-    if (!depValid(node, this.rawSpec, this.#safeAccept, this.#safeFrom)) {
+    if (!depValid(node, this.rawSpec, this.accept, this.#safeFrom)) {
       return false;
     }
     // It satisfies the original spec, not the overriding spec. We need to make
     // sure it doesn't use the overridden spec.
-    // For example, we might have an ^8.0.0 rawSpec, and an override that makes
-    // keySpec=8.23.0 and the override value spec=9.0.0.
-    // If the node is 9.0.0, then it's okay because it's consistent with spec.
-    // If the node is 8.24.0, then it's okay because it's consistent with the rawSpec.
-    // If the node is 8.23.0, then it's not okay because even though it's consistent
-    // with the rawSpec, it's also consistent with the keySpec.
-    // So we're looking for ^8.0.0 or 9.0.0 and not 8.23.0.
-    return !depValid(node, this.overrides.keySpec, this.#safeAccept, this.#safeFrom);
+    // For example:
+    //   we might have an ^8.0.0 rawSpec, and an override that makes
+    //   keySpec=8.23.0 and the override value spec=9.0.0.
+    //   If the node is 9.0.0, then it's okay because it's consistent with spec.
+    //   If the node is 8.24.0, then it's okay because it's consistent with the rawSpec.
+    //   If the node is 8.23.0, then it's not okay because even though it's consistent
+    //   with the rawSpec, it's also consistent with the keySpec.
+    //   So we're looking for ^8.0.0 or 9.0.0 and not 8.23.0.
+    return !depValid(node, this.overrides.keySpec, this.accept, this.#safeFrom);
   }
 }
 
@@ -1875,5 +1858,5 @@ exports.safeReadFile = safeReadFile;
 exports.setupSdk = setupSdk;
 exports.updateNode = updateNode;
 exports.updateSetting = updateSetting;
-//# debugId=bc1a40b8-b3bc-4fab-bf8f-449be5be1570
+//# debugId=ef8c61fe-d663-4083-9f0b-171ef78dda81
 //# sourceMappingURL=index.js.map