@socketsecurity/cli-with-sentry 0.14.91 → 0.14.93
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/constants.d.ts +7 -0
- package/dist/constants.js +14 -1
- package/dist/constants.js.map +1 -1
- package/dist/instrument-with-sentry.js +2 -2
- package/dist/instrument-with-sentry.js.map +1 -1
- package/dist/module-sync/cli.js +259 -248
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/shadow-npm-inject.js +7 -4
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/module-sync/types.d.ts +1 -0
- package/dist/require/cli.js +258 -247
- package/dist/require/cli.js.map +1 -1
- package/package.json +2 -2
package/dist/module-sync/cli.js
CHANGED
|
@@ -43,8 +43,8 @@ const arrays = require('@socketsecurity/registry/lib/arrays')
|
|
|
43
43
|
const registry = require('@socketsecurity/registry')
|
|
44
44
|
const npm = require('@socketsecurity/registry/lib/npm')
|
|
45
45
|
const packages = require('@socketsecurity/registry/lib/packages')
|
|
46
|
-
const rest = _socketInterop(require('@octokit/rest'))
|
|
47
46
|
const spawn = require('@socketsecurity/registry/lib/spawn')
|
|
47
|
+
const rest = _socketInterop(require('@octokit/rest'))
|
|
48
48
|
const lockfile_fs = _socketInterop(require('@pnpm/lockfile.fs'))
|
|
49
49
|
const lockfile_detectDepTypes = _socketInterop(
|
|
50
50
|
require('@pnpm/lockfile.detect-dep-types')
|
|
@@ -420,7 +420,10 @@ ${mdTableStringNumber('Name', 'Counts', data['top_five_alert_types'])}
|
|
|
420
420
|
}
|
|
421
421
|
function displayAnalyticsScreen(data) {
|
|
422
422
|
const ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'))
|
|
423
|
-
|
|
423
|
+
// Lazily access constants.blessedOptions.
|
|
424
|
+
const screen = new ScreenWidget({
|
|
425
|
+
...constants.blessedOptions
|
|
426
|
+
})
|
|
424
427
|
const contrib = _socketInterop(require('blessed-contrib'))
|
|
425
428
|
const grid = new contrib.grid({
|
|
426
429
|
rows: 5,
|
|
@@ -915,7 +918,7 @@ function emitBanner(name) {
|
|
|
915
918
|
logger.logger.error(getAsciiHeader(name))
|
|
916
919
|
}
|
|
917
920
|
function getAsciiHeader(command) {
|
|
918
|
-
const cliVersion = '0.14.
|
|
921
|
+
const cliVersion = '0.14.93:8908783:3488860f:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
|
|
919
922
|
const nodeVersion = process$1.version
|
|
920
923
|
const apiToken = shadowNpmInject.getDefaultToken()
|
|
921
924
|
const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
|
|
@@ -3712,62 +3715,37 @@ const cmdDiffScan = {
|
|
|
3712
3715
|
}
|
|
3713
3716
|
}
|
|
3714
3717
|
|
|
3715
|
-
const {
|
|
3716
|
-
GITHUB_ACTIONS,
|
|
3717
|
-
GITHUB_REF_NAME,
|
|
3718
|
-
GITHUB_REPOSITORY,
|
|
3719
|
-
SOCKET_SECURITY_GITHUB_PAT
|
|
3720
|
-
} = constants
|
|
3721
|
-
async function branchExists(branch, cwd = process.cwd()) {
|
|
3722
|
-
try {
|
|
3723
|
-
await spawn.spawn(
|
|
3724
|
-
'git',
|
|
3725
|
-
['show-ref', '--verify', '--quiet', `refs/heads/${branch}`],
|
|
3726
|
-
{
|
|
3727
|
-
cwd,
|
|
3728
|
-
stdio: 'ignore'
|
|
3729
|
-
}
|
|
3730
|
-
)
|
|
3731
|
-
return true
|
|
3732
|
-
} catch {}
|
|
3733
|
-
return false
|
|
3734
|
-
}
|
|
3718
|
+
const { GITHUB_REF_NAME } = constants
|
|
3735
3719
|
async function checkoutBaseBranchIfAvailable(baseBranch, cwd = process.cwd()) {
|
|
3736
3720
|
try {
|
|
3737
|
-
const currentBranch = (
|
|
3738
|
-
await spawn.spawn('git', ['rev-parse', '--abbrev-ref', 'HEAD'], {
|
|
3739
|
-
cwd
|
|
3740
|
-
})
|
|
3741
|
-
).stdout.trim()
|
|
3742
|
-
if (currentBranch === baseBranch) {
|
|
3743
|
-
logger.logger.info(`Already on ${baseBranch}`)
|
|
3744
|
-
return
|
|
3745
|
-
}
|
|
3746
|
-
logger.logger.info(
|
|
3747
|
-
`Switching branch from ${currentBranch} to ${baseBranch}...`
|
|
3748
|
-
)
|
|
3749
3721
|
await spawn.spawn('git', ['checkout', baseBranch], {
|
|
3750
3722
|
cwd
|
|
3751
3723
|
})
|
|
3752
|
-
|
|
3724
|
+
await spawn.spawn('git', ['reset', '--hard', `origin/${baseBranch}`], {
|
|
3725
|
+
cwd
|
|
3726
|
+
})
|
|
3727
|
+
logger.logger.info(`Checked out and reset to ${baseBranch}`)
|
|
3753
3728
|
} catch {
|
|
3754
3729
|
logger.logger.warn(
|
|
3755
3730
|
`Could not switch to ${baseBranch}. Proceeding with HEAD.`
|
|
3756
3731
|
)
|
|
3757
3732
|
}
|
|
3758
3733
|
}
|
|
3759
|
-
function
|
|
3760
|
-
// Lazily access constants.ENV[
|
|
3761
|
-
|
|
3762
|
-
|
|
3763
|
-
|
|
3764
|
-
|
|
3765
|
-
|
|
3766
|
-
|
|
3767
|
-
|
|
3768
|
-
|
|
3769
|
-
}
|
|
3734
|
+
function getBaseBranch() {
|
|
3735
|
+
// Lazily access constants.ENV[GITHUB_REF_NAME].
|
|
3736
|
+
return (
|
|
3737
|
+
constants.ENV[GITHUB_REF_NAME] ??
|
|
3738
|
+
// GitHub defaults to branch name "main"
|
|
3739
|
+
// https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
|
|
3740
|
+
'main'
|
|
3741
|
+
)
|
|
3742
|
+
}
|
|
3743
|
+
function getSocketBranchName(name, version) {
|
|
3744
|
+
return `socket-fix-${name}-${version.replace(/\./g, '-')}`
|
|
3770
3745
|
}
|
|
3746
|
+
|
|
3747
|
+
const { GITHUB_ACTIONS, GITHUB_REPOSITORY, SOCKET_SECURITY_GITHUB_PAT } =
|
|
3748
|
+
constants
|
|
3771
3749
|
let _octokit
|
|
3772
3750
|
function getOctokit() {
|
|
3773
3751
|
if (_octokit === undefined) {
|
|
@@ -3778,6 +3756,16 @@ function getOctokit() {
|
|
|
3778
3756
|
}
|
|
3779
3757
|
return _octokit
|
|
3780
3758
|
}
|
|
3759
|
+
async function doesPullRequestExistForBranch(owner, repo, branch) {
|
|
3760
|
+
const octokit = getOctokit()
|
|
3761
|
+
const { data: prs } = await octokit.pulls.list({
|
|
3762
|
+
owner,
|
|
3763
|
+
repo,
|
|
3764
|
+
head: `${owner}:${branch}`,
|
|
3765
|
+
state: 'open'
|
|
3766
|
+
})
|
|
3767
|
+
return prs.length > 0
|
|
3768
|
+
}
|
|
3781
3769
|
async function enableAutoMerge(prResponseData) {
|
|
3782
3770
|
const octokit = getOctokit()
|
|
3783
3771
|
const { node_id: prId, number: prNumber } = prResponseData
|
|
@@ -3807,7 +3795,27 @@ async function enableAutoMerge(prResponseData) {
|
|
|
3807
3795
|
logger.logger.error(`Failed to enable auto-merge for PR #${prNumber}:`, e)
|
|
3808
3796
|
}
|
|
3809
3797
|
}
|
|
3810
|
-
|
|
3798
|
+
function getGitHubRepoInfo() {
|
|
3799
|
+
// Lazily access constants.ENV[GITHUB_REPOSITORY].
|
|
3800
|
+
const ownerSlashRepo = constants.ENV[GITHUB_REPOSITORY]
|
|
3801
|
+
const slashIndex = ownerSlashRepo.indexOf('/')
|
|
3802
|
+
if (slashIndex === -1) {
|
|
3803
|
+
throw new Error('GITHUB_REPOSITORY environment variable not set')
|
|
3804
|
+
}
|
|
3805
|
+
return {
|
|
3806
|
+
owner: ownerSlashRepo.slice(0, slashIndex),
|
|
3807
|
+
repo: ownerSlashRepo.slice(slashIndex + 1)
|
|
3808
|
+
}
|
|
3809
|
+
}
|
|
3810
|
+
async function openGitHubPullRequest(
|
|
3811
|
+
owner,
|
|
3812
|
+
repo,
|
|
3813
|
+
baseBranch,
|
|
3814
|
+
branch,
|
|
3815
|
+
name,
|
|
3816
|
+
version,
|
|
3817
|
+
cwd = process.cwd()
|
|
3818
|
+
) {
|
|
3811
3819
|
// Lazily access constants.ENV[GITHUB_ACTIONS].
|
|
3812
3820
|
if (constants.ENV[GITHUB_ACTIONS]) {
|
|
3813
3821
|
// Lazily access constants.ENV[SOCKET_SECURITY_GITHUB_PAT].
|
|
@@ -3815,38 +3823,11 @@ async function openGitHubPullRequest(name, targetVersion, cwd = process.cwd()) {
|
|
|
3815
3823
|
if (!pat) {
|
|
3816
3824
|
throw new Error('Missing SOCKET_SECURITY_GITHUB_PAT environment variable')
|
|
3817
3825
|
}
|
|
3818
|
-
const
|
|
3819
|
-
// Lazily access constants.ENV[GITHUB_REF_NAME].
|
|
3820
|
-
constants.ENV[GITHUB_REF_NAME] ??
|
|
3821
|
-
// GitHub defaults to branch name "main"
|
|
3822
|
-
// https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
|
|
3823
|
-
'main'
|
|
3824
|
-
const branch = `socket-fix-${name}-${targetVersion.replace(/\./g, '-')}`
|
|
3825
|
-
const commitMsg = `chore: upgrade ${name} to ${targetVersion}`
|
|
3826
|
-
const { owner, repo } = getGitHubRepoInfo()
|
|
3826
|
+
const commitMsg = `chore: upgrade ${name} to ${version}`
|
|
3827
3827
|
const url = `https://x-access-token:${pat}@github.com/${owner}/${repo}`
|
|
3828
3828
|
await spawn.spawn('git', ['remote', 'set-url', 'origin', url], {
|
|
3829
3829
|
cwd
|
|
3830
3830
|
})
|
|
3831
|
-
if (await branchExists(branch, cwd)) {
|
|
3832
|
-
logger.logger.warn(
|
|
3833
|
-
`Branch "${branch}" already exists. Skipping creation.`
|
|
3834
|
-
)
|
|
3835
|
-
} else {
|
|
3836
|
-
await checkoutBaseBranchIfAvailable(baseBranch, cwd)
|
|
3837
|
-
await spawn.spawn('git', ['checkout', '-b', branch], {
|
|
3838
|
-
cwd
|
|
3839
|
-
})
|
|
3840
|
-
await spawn.spawn('git', ['add', 'package.json', 'pnpm-lock.yaml'], {
|
|
3841
|
-
cwd
|
|
3842
|
-
})
|
|
3843
|
-
await spawn.spawn('git', ['commit', '-m', commitMsg], {
|
|
3844
|
-
cwd
|
|
3845
|
-
})
|
|
3846
|
-
await spawn.spawn('git', ['push', '--set-upstream', 'origin', branch], {
|
|
3847
|
-
cwd
|
|
3848
|
-
})
|
|
3849
|
-
}
|
|
3850
3831
|
const octokit = getOctokit()
|
|
3851
3832
|
return await octokit.pulls.create({
|
|
3852
3833
|
owner,
|
|
@@ -3854,7 +3835,7 @@ async function openGitHubPullRequest(name, targetVersion, cwd = process.cwd()) {
|
|
|
3854
3835
|
title: commitMsg,
|
|
3855
3836
|
head: branch,
|
|
3856
3837
|
base: baseBranch,
|
|
3857
|
-
body: `[socket] Upgrade \`${name}\` to ${
|
|
3838
|
+
body: `[socket] Upgrade \`${name}\` to ${version}`
|
|
3858
3839
|
})
|
|
3859
3840
|
} else {
|
|
3860
3841
|
throw new Error(
|
|
@@ -3944,92 +3925,102 @@ async function npmFix(
|
|
|
3944
3925
|
continue
|
|
3945
3926
|
}
|
|
3946
3927
|
const oldSpec = `${name}@${oldVersion}`
|
|
3947
|
-
let targetVersion
|
|
3948
|
-
let failed = false
|
|
3949
|
-
let installed = false
|
|
3950
|
-
let saved = false
|
|
3951
3928
|
if (
|
|
3952
|
-
shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)
|
|
3929
|
+
!shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)
|
|
3953
3930
|
) {
|
|
3954
|
-
|
|
3955
|
-
|
|
3956
|
-
|
|
3957
|
-
|
|
3958
|
-
|
|
3959
|
-
|
|
3960
|
-
|
|
3961
|
-
|
|
3962
|
-
|
|
3963
|
-
|
|
3964
|
-
|
|
3965
|
-
|
|
3966
|
-
|
|
3967
|
-
|
|
3968
|
-
|
|
3969
|
-
|
|
3970
|
-
|
|
3971
|
-
|
|
3972
|
-
|
|
3931
|
+
spinner?.failAndStop(`Could not patch ${oldSpec}`)
|
|
3932
|
+
return
|
|
3933
|
+
}
|
|
3934
|
+
const targetVersion = node.package.version
|
|
3935
|
+
const fixSpec = `${name}@^${targetVersion}`
|
|
3936
|
+
const revertData = {
|
|
3937
|
+
...(editablePkgJson.content.dependencies
|
|
3938
|
+
? {
|
|
3939
|
+
dependencies: editablePkgJson.content.dependencies
|
|
3940
|
+
}
|
|
3941
|
+
: undefined),
|
|
3942
|
+
...(editablePkgJson.content.optionalDependencies
|
|
3943
|
+
? {
|
|
3944
|
+
optionalDependencies:
|
|
3945
|
+
editablePkgJson.content.optionalDependencies
|
|
3946
|
+
}
|
|
3947
|
+
: undefined),
|
|
3948
|
+
...(editablePkgJson.content.peerDependencies
|
|
3949
|
+
? {
|
|
3950
|
+
peerDependencies: editablePkgJson.content.peerDependencies
|
|
3951
|
+
}
|
|
3952
|
+
: undefined)
|
|
3953
|
+
}
|
|
3954
|
+
spinner?.info(`Installing ${fixSpec}`)
|
|
3955
|
+
const { owner, repo } = getGitHubRepoInfo()
|
|
3956
|
+
const baseBranch = getBaseBranch()
|
|
3957
|
+
const branch = getSocketBranchName(name, targetVersion)
|
|
3958
|
+
|
|
3959
|
+
// eslint-disable-next-line no-await-in-loop
|
|
3960
|
+
await checkoutBaseBranchIfAvailable(baseBranch, cwd)
|
|
3961
|
+
let installed = false
|
|
3962
|
+
let saved = false
|
|
3963
|
+
try {
|
|
3964
|
+
shadowNpmInject.updatePackageJsonFromNode(
|
|
3965
|
+
editablePkgJson,
|
|
3966
|
+
arb.idealTree,
|
|
3967
|
+
node,
|
|
3968
|
+
targetVersion,
|
|
3969
|
+
rangeStyle
|
|
3970
|
+
)
|
|
3971
|
+
// eslint-disable-next-line no-await-in-loop
|
|
3972
|
+
await editablePkgJson.save()
|
|
3973
|
+
saved = true
|
|
3974
|
+
|
|
3975
|
+
// eslint-disable-next-line no-await-in-loop
|
|
3976
|
+
await install$1(arb.idealTree, {
|
|
3977
|
+
cwd
|
|
3978
|
+
})
|
|
3979
|
+
installed = true
|
|
3980
|
+
if (test) {
|
|
3981
|
+
spinner?.info(`Testing ${fixSpec}`)
|
|
3982
|
+
// eslint-disable-next-line no-await-in-loop
|
|
3983
|
+
await npm.runScript(testScript, [], {
|
|
3984
|
+
spinner,
|
|
3985
|
+
stdio: 'ignore'
|
|
3986
|
+
})
|
|
3973
3987
|
}
|
|
3974
|
-
spinner?.
|
|
3975
|
-
|
|
3976
|
-
|
|
3977
|
-
|
|
3978
|
-
|
|
3979
|
-
|
|
3980
|
-
targetVersion,
|
|
3981
|
-
rangeStyle
|
|
3982
|
-
)
|
|
3988
|
+
spinner?.successAndStop(`Fixed ${name}`)
|
|
3989
|
+
spinner?.start()
|
|
3990
|
+
} catch {
|
|
3991
|
+
spinner?.error(`Reverting ${fixSpec}`)
|
|
3992
|
+
if (saved) {
|
|
3993
|
+
editablePkgJson.update(revertData)
|
|
3983
3994
|
// eslint-disable-next-line no-await-in-loop
|
|
3984
3995
|
await editablePkgJson.save()
|
|
3985
|
-
|
|
3986
|
-
|
|
3996
|
+
}
|
|
3997
|
+
if (installed) {
|
|
3987
3998
|
// eslint-disable-next-line no-await-in-loop
|
|
3988
|
-
await install$1(
|
|
3999
|
+
await install$1(revertTree, {
|
|
3989
4000
|
cwd
|
|
3990
4001
|
})
|
|
3991
|
-
installed = true
|
|
3992
|
-
if (test) {
|
|
3993
|
-
spinner?.info(`Testing ${fixSpec}`)
|
|
3994
|
-
// eslint-disable-next-line no-await-in-loop
|
|
3995
|
-
await npm.runScript(testScript, [], {
|
|
3996
|
-
spinner,
|
|
3997
|
-
stdio: 'ignore'
|
|
3998
|
-
})
|
|
3999
|
-
}
|
|
4000
|
-
spinner?.successAndStop(`Fixed ${name}`)
|
|
4001
|
-
spinner?.start()
|
|
4002
|
-
} catch {
|
|
4003
|
-
failed = true
|
|
4004
|
-
spinner?.error(`Reverting ${fixSpec}`)
|
|
4005
|
-
if (saved) {
|
|
4006
|
-
editablePkgJson.update(revertData)
|
|
4007
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4008
|
-
await editablePkgJson.save()
|
|
4009
|
-
}
|
|
4010
|
-
if (installed) {
|
|
4011
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4012
|
-
await install$1(revertTree, {
|
|
4013
|
-
cwd
|
|
4014
|
-
})
|
|
4015
|
-
}
|
|
4016
|
-
spinner?.failAndStop(`Failed to fix ${oldSpec}`)
|
|
4017
4002
|
}
|
|
4018
|
-
|
|
4019
|
-
|
|
4020
|
-
spinner?.failAndStop(`Could not patch ${oldSpec}`)
|
|
4003
|
+
spinner?.failAndStop(`Failed to fix ${oldSpec}`)
|
|
4004
|
+
return
|
|
4021
4005
|
}
|
|
4022
4006
|
if (
|
|
4023
|
-
!failed &&
|
|
4024
|
-
// Check targetVersion to make TypeScript happy.
|
|
4025
|
-
targetVersion &&
|
|
4026
4007
|
// Lazily access constants.ENV[CI].
|
|
4027
|
-
constants.ENV[CI$1]
|
|
4008
|
+
constants.ENV[CI$1] &&
|
|
4009
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4010
|
+
!(await doesPullRequestExistForBranch(owner, repo, branch))
|
|
4028
4011
|
) {
|
|
4029
4012
|
let prResponse
|
|
4030
4013
|
try {
|
|
4031
4014
|
// eslint-disable-next-line no-await-in-loop
|
|
4032
|
-
prResponse = await openGitHubPullRequest(
|
|
4015
|
+
prResponse = await openGitHubPullRequest(
|
|
4016
|
+
owner,
|
|
4017
|
+
repo,
|
|
4018
|
+
baseBranch,
|
|
4019
|
+
branch,
|
|
4020
|
+
name,
|
|
4021
|
+
targetVersion,
|
|
4022
|
+
cwd
|
|
4023
|
+
)
|
|
4033
4024
|
} catch (e) {
|
|
4034
4025
|
logger.logger.error('Failed to open pull request', e)
|
|
4035
4026
|
}
|
|
@@ -4344,122 +4335,133 @@ async function pnpmFix(
|
|
|
4344
4335
|
const targetPackument = targetVersion
|
|
4345
4336
|
? packument.versions[targetVersion]
|
|
4346
4337
|
: undefined
|
|
4347
|
-
|
|
4338
|
+
if (!(targetVersion && targetPackument)) {
|
|
4339
|
+
spinner?.failAndStop(`Could not patch ${oldSpec}`)
|
|
4340
|
+
return
|
|
4341
|
+
}
|
|
4342
|
+
const oldPnpm = editablePkgJson.content[PNPM$9]
|
|
4343
|
+
const oldPnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
|
|
4344
|
+
const oldOverrides = oldPnpm?.[OVERRIDES$2]
|
|
4345
|
+
const oldOverridesCount = oldOverrides
|
|
4346
|
+
? Object.keys(oldOverrides).length
|
|
4347
|
+
: 0
|
|
4348
|
+
const overrideKey = `${node.name}@${vulnerableVersionRange}`
|
|
4349
|
+
const overrideRange = shadowNpmInject.applyRange(
|
|
4350
|
+
oldOverrides?.[overrideKey] ?? targetVersion,
|
|
4351
|
+
targetVersion,
|
|
4352
|
+
rangeStyle
|
|
4353
|
+
)
|
|
4354
|
+
const fixSpec = `${name}@${overrideRange}`
|
|
4355
|
+
const updateData = {
|
|
4356
|
+
[PNPM$9]: {
|
|
4357
|
+
...oldPnpm,
|
|
4358
|
+
[OVERRIDES$2]: {
|
|
4359
|
+
[overrideKey]: overrideRange,
|
|
4360
|
+
...oldOverrides
|
|
4361
|
+
}
|
|
4362
|
+
}
|
|
4363
|
+
}
|
|
4364
|
+
const revertData = {
|
|
4365
|
+
[PNPM$9]: oldPnpmKeyCount
|
|
4366
|
+
? {
|
|
4367
|
+
...oldPnpm,
|
|
4368
|
+
[OVERRIDES$2]:
|
|
4369
|
+
oldOverridesCount === 1
|
|
4370
|
+
? undefined
|
|
4371
|
+
: {
|
|
4372
|
+
[overrideKey]: undefined,
|
|
4373
|
+
...oldOverrides
|
|
4374
|
+
}
|
|
4375
|
+
}
|
|
4376
|
+
: undefined,
|
|
4377
|
+
...(editablePkgJson.content.dependencies
|
|
4378
|
+
? {
|
|
4379
|
+
dependencies: editablePkgJson.content.dependencies
|
|
4380
|
+
}
|
|
4381
|
+
: undefined),
|
|
4382
|
+
...(editablePkgJson.content.optionalDependencies
|
|
4383
|
+
? {
|
|
4384
|
+
optionalDependencies:
|
|
4385
|
+
editablePkgJson.content.optionalDependencies
|
|
4386
|
+
}
|
|
4387
|
+
: undefined),
|
|
4388
|
+
...(editablePkgJson.content.peerDependencies
|
|
4389
|
+
? {
|
|
4390
|
+
peerDependencies: editablePkgJson.content.peerDependencies
|
|
4391
|
+
}
|
|
4392
|
+
: undefined)
|
|
4393
|
+
}
|
|
4394
|
+
spinner?.info(`Installing ${fixSpec}`)
|
|
4395
|
+
const { owner, repo } = getGitHubRepoInfo()
|
|
4396
|
+
const baseBranch = getBaseBranch()
|
|
4397
|
+
const branch = getSocketBranchName(name, targetVersion)
|
|
4398
|
+
|
|
4399
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4400
|
+
await checkoutBaseBranchIfAvailable(baseBranch, cwd)
|
|
4348
4401
|
let installed = false
|
|
4349
4402
|
let saved = false
|
|
4350
|
-
|
|
4351
|
-
|
|
4352
|
-
|
|
4353
|
-
|
|
4354
|
-
|
|
4355
|
-
|
|
4356
|
-
: 0
|
|
4357
|
-
const overrideKey = `${node.name}@${vulnerableVersionRange}`
|
|
4358
|
-
const overrideRange = shadowNpmInject.applyRange(
|
|
4359
|
-
oldOverrides?.[overrideKey] ?? targetVersion,
|
|
4403
|
+
try {
|
|
4404
|
+
editablePkgJson.update(updateData)
|
|
4405
|
+
shadowNpmInject.updatePackageJsonFromNode(
|
|
4406
|
+
editablePkgJson,
|
|
4407
|
+
actualTree,
|
|
4408
|
+
node,
|
|
4360
4409
|
targetVersion,
|
|
4361
4410
|
rangeStyle
|
|
4362
4411
|
)
|
|
4363
|
-
|
|
4364
|
-
|
|
4365
|
-
|
|
4366
|
-
|
|
4367
|
-
|
|
4368
|
-
|
|
4369
|
-
|
|
4370
|
-
|
|
4371
|
-
|
|
4372
|
-
|
|
4373
|
-
|
|
4374
|
-
|
|
4375
|
-
|
|
4376
|
-
|
|
4377
|
-
|
|
4378
|
-
|
|
4379
|
-
? undefined
|
|
4380
|
-
: {
|
|
4381
|
-
[overrideKey]: undefined,
|
|
4382
|
-
...oldOverrides
|
|
4383
|
-
}
|
|
4384
|
-
}
|
|
4385
|
-
: undefined,
|
|
4386
|
-
...(editablePkgJson.content.dependencies
|
|
4387
|
-
? {
|
|
4388
|
-
dependencies: editablePkgJson.content.dependencies
|
|
4389
|
-
}
|
|
4390
|
-
: undefined),
|
|
4391
|
-
...(editablePkgJson.content.optionalDependencies
|
|
4392
|
-
? {
|
|
4393
|
-
optionalDependencies:
|
|
4394
|
-
editablePkgJson.content.optionalDependencies
|
|
4395
|
-
}
|
|
4396
|
-
: undefined),
|
|
4397
|
-
...(editablePkgJson.content.peerDependencies
|
|
4398
|
-
? {
|
|
4399
|
-
peerDependencies: editablePkgJson.content.peerDependencies
|
|
4400
|
-
}
|
|
4401
|
-
: undefined)
|
|
4412
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4413
|
+
await editablePkgJson.save()
|
|
4414
|
+
saved = true
|
|
4415
|
+
|
|
4416
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4417
|
+
actualTree = await install(pkgEnvDetails, {
|
|
4418
|
+
spinner
|
|
4419
|
+
})
|
|
4420
|
+
installed = true
|
|
4421
|
+
if (test) {
|
|
4422
|
+
spinner?.info(`Testing ${fixSpec}`)
|
|
4423
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4424
|
+
await npm.runScript(testScript, [], {
|
|
4425
|
+
spinner,
|
|
4426
|
+
stdio: 'ignore'
|
|
4427
|
+
})
|
|
4402
4428
|
}
|
|
4403
|
-
spinner?.
|
|
4404
|
-
|
|
4405
|
-
|
|
4406
|
-
|
|
4407
|
-
|
|
4408
|
-
|
|
4409
|
-
node,
|
|
4410
|
-
targetVersion,
|
|
4411
|
-
rangeStyle
|
|
4412
|
-
)
|
|
4429
|
+
spinner?.successAndStop(`Fixed ${name}`)
|
|
4430
|
+
spinner?.start()
|
|
4431
|
+
} catch (e) {
|
|
4432
|
+
spinner?.error(`Reverting ${fixSpec}`, e)
|
|
4433
|
+
if (saved) {
|
|
4434
|
+
editablePkgJson.update(revertData)
|
|
4413
4435
|
// eslint-disable-next-line no-await-in-loop
|
|
4414
4436
|
await editablePkgJson.save()
|
|
4415
|
-
|
|
4416
|
-
|
|
4437
|
+
}
|
|
4438
|
+
if (installed) {
|
|
4417
4439
|
// eslint-disable-next-line no-await-in-loop
|
|
4418
4440
|
actualTree = await install(pkgEnvDetails, {
|
|
4419
4441
|
spinner
|
|
4420
4442
|
})
|
|
4421
|
-
installed = true
|
|
4422
|
-
if (test) {
|
|
4423
|
-
spinner?.info(`Testing ${fixSpec}`)
|
|
4424
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4425
|
-
await npm.runScript(testScript, [], {
|
|
4426
|
-
spinner,
|
|
4427
|
-
stdio: 'ignore'
|
|
4428
|
-
})
|
|
4429
|
-
}
|
|
4430
|
-
spinner?.successAndStop(`Fixed ${name}`)
|
|
4431
|
-
spinner?.start()
|
|
4432
|
-
} catch (e) {
|
|
4433
|
-
failed = true
|
|
4434
|
-
spinner?.error(`Reverting ${fixSpec}`, e)
|
|
4435
|
-
if (saved) {
|
|
4436
|
-
editablePkgJson.update(revertData)
|
|
4437
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4438
|
-
await editablePkgJson.save()
|
|
4439
|
-
}
|
|
4440
|
-
if (installed) {
|
|
4441
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4442
|
-
actualTree = await install(pkgEnvDetails, {
|
|
4443
|
-
spinner
|
|
4444
|
-
})
|
|
4445
|
-
}
|
|
4446
|
-
spinner?.failAndStop(`Failed to fix ${oldSpec}`)
|
|
4447
4443
|
}
|
|
4448
|
-
|
|
4449
|
-
|
|
4450
|
-
spinner?.failAndStop(`Could not patch ${oldSpec}`)
|
|
4444
|
+
spinner?.failAndStop(`Failed to fix ${oldSpec}`)
|
|
4445
|
+
return
|
|
4451
4446
|
}
|
|
4452
4447
|
if (
|
|
4453
|
-
!failed &&
|
|
4454
|
-
// Check targetVersion to make TypeScript happy.
|
|
4455
|
-
targetVersion &&
|
|
4456
4448
|
// Lazily access constants.ENV[CI].
|
|
4457
|
-
constants.ENV[CI]
|
|
4449
|
+
constants.ENV[CI] &&
|
|
4450
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4451
|
+
!(await doesPullRequestExistForBranch(owner, repo, branch))
|
|
4458
4452
|
) {
|
|
4459
4453
|
let prResponse
|
|
4460
4454
|
try {
|
|
4461
4455
|
// eslint-disable-next-line no-await-in-loop
|
|
4462
|
-
prResponse = await openGitHubPullRequest(
|
|
4456
|
+
prResponse = await openGitHubPullRequest(
|
|
4457
|
+
owner,
|
|
4458
|
+
repo,
|
|
4459
|
+
baseBranch,
|
|
4460
|
+
branch,
|
|
4461
|
+
name,
|
|
4462
|
+
targetVersion,
|
|
4463
|
+
cwd
|
|
4464
|
+
)
|
|
4463
4465
|
} catch (e) {
|
|
4464
4466
|
logger.logger.error('Failed to open pull request', e)
|
|
4465
4467
|
}
|
|
@@ -4907,9 +4909,14 @@ const config$z = {
|
|
|
4907
4909
|
hidden: true,
|
|
4908
4910
|
flags: {
|
|
4909
4911
|
...commonFlags,
|
|
4912
|
+
autoPilot: {
|
|
4913
|
+
type: 'boolean',
|
|
4914
|
+
default: false,
|
|
4915
|
+
description: `Shorthand for --autoMerge --test`
|
|
4916
|
+
},
|
|
4910
4917
|
autoMerge: {
|
|
4911
4918
|
type: 'boolean',
|
|
4912
|
-
default:
|
|
4919
|
+
default: false,
|
|
4913
4920
|
description: `Enable auto-merge for pull requests that Socket opens.\n See ${terminalLink('GitHub documentation', 'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository')} for managing auto-merge for pull requests in your repository.`
|
|
4914
4921
|
},
|
|
4915
4922
|
rangeStyle: {
|
|
@@ -4928,7 +4935,7 @@ const config$z = {
|
|
|
4928
4935
|
},
|
|
4929
4936
|
test: {
|
|
4930
4937
|
type: 'boolean',
|
|
4931
|
-
default:
|
|
4938
|
+
default: false,
|
|
4932
4939
|
description: 'Verify the fix by running unit tests'
|
|
4933
4940
|
},
|
|
4934
4941
|
testScript: {
|
|
@@ -4975,6 +4982,7 @@ async function run$z(argv, importMeta, { parentName }) {
|
|
|
4975
4982
|
const { spinner } = constants
|
|
4976
4983
|
await runFix({
|
|
4977
4984
|
autoMerge: Boolean(cli.flags['autoMerge']),
|
|
4985
|
+
autoPilot: Boolean(cli.flags['autoPilot']),
|
|
4978
4986
|
spinner,
|
|
4979
4987
|
rangeStyle: cli.flags['rangeStyle'] ?? undefined,
|
|
4980
4988
|
test: Boolean(cli.flags['test']),
|
|
@@ -10843,7 +10851,10 @@ async function outputThreatFeed(data, { outputKind }) {
|
|
|
10843
10851
|
|
|
10844
10852
|
// Note: this temporarily takes over the terminal (just like `man` does).
|
|
10845
10853
|
const ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'))
|
|
10846
|
-
|
|
10854
|
+
// Lazily access constants.blessedOptions.
|
|
10855
|
+
const screen = new ScreenWidget({
|
|
10856
|
+
...constants.blessedOptions
|
|
10857
|
+
})
|
|
10847
10858
|
// Register these keys first so you can always exit, even when it gets stuck
|
|
10848
10859
|
// If we don't do this and the code crashes, the user must hard-kill the
|
|
10849
10860
|
// node process just to exit it. That's very bad UX.
|
|
@@ -11350,7 +11361,7 @@ void (async () => {
|
|
|
11350
11361
|
await updateNotifier({
|
|
11351
11362
|
name: SOCKET_CLI_BIN_NAME,
|
|
11352
11363
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
11353
|
-
version: '0.14.
|
|
11364
|
+
version: '0.14.93',
|
|
11354
11365
|
ttl: 86_400_000 /* 24 hours in milliseconds */
|
|
11355
11366
|
})
|
|
11356
11367
|
try {
|
|
@@ -11418,5 +11429,5 @@ void (async () => {
|
|
|
11418
11429
|
await shadowNpmInject.captureException(e)
|
|
11419
11430
|
}
|
|
11420
11431
|
})()
|
|
11421
|
-
//# debugId=
|
|
11432
|
+
//# debugId=9a650fbf-5fa4-435c-a720-2f0161a7fc92
|
|
11422
11433
|
//# sourceMappingURL=cli.js.map
|