@socketsecurity/cli-with-sentry 0.14.91 → 0.14.93
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/constants.d.ts +7 -0
- package/dist/constants.js +14 -1
- package/dist/constants.js.map +1 -1
- package/dist/instrument-with-sentry.js +2 -2
- package/dist/instrument-with-sentry.js.map +1 -1
- package/dist/module-sync/cli.js +259 -248
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/shadow-npm-inject.js +7 -4
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/module-sync/types.d.ts +1 -0
- package/dist/require/cli.js +258 -247
- package/dist/require/cli.js.map +1 -1
- package/package.json +2 -2
package/dist/require/cli.js
CHANGED
|
@@ -417,7 +417,10 @@ ${mdTableStringNumber('Name', 'Counts', data['top_five_alert_types'])}
|
|
|
417
417
|
}
|
|
418
418
|
function displayAnalyticsScreen(data) {
|
|
419
419
|
const ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'))
|
|
420
|
-
|
|
420
|
+
// Lazily access constants.blessedOptions.
|
|
421
|
+
const screen = new ScreenWidget({
|
|
422
|
+
...constants.blessedOptions
|
|
423
|
+
})
|
|
421
424
|
const contrib = _socketInterop(require('blessed-contrib'))
|
|
422
425
|
const grid = new contrib.grid({
|
|
423
426
|
rows: 5,
|
|
@@ -912,7 +915,7 @@ function emitBanner(name) {
|
|
|
912
915
|
logger.logger.error(getAsciiHeader(name))
|
|
913
916
|
}
|
|
914
917
|
function getAsciiHeader(command) {
|
|
915
|
-
const cliVersion = '0.14.
|
|
918
|
+
const cliVersion = '0.14.93:8908783:3488860f:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
|
|
916
919
|
const nodeVersion = process$1.version
|
|
917
920
|
const apiToken = shadowNpmInject.getDefaultToken()
|
|
918
921
|
const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
|
|
@@ -3709,62 +3712,37 @@ const cmdDiffScan = {
|
|
|
3709
3712
|
}
|
|
3710
3713
|
}
|
|
3711
3714
|
|
|
3712
|
-
const {
|
|
3713
|
-
GITHUB_ACTIONS,
|
|
3714
|
-
GITHUB_REF_NAME,
|
|
3715
|
-
GITHUB_REPOSITORY,
|
|
3716
|
-
SOCKET_SECURITY_GITHUB_PAT
|
|
3717
|
-
} = constants
|
|
3718
|
-
async function branchExists(branch, cwd = process.cwd()) {
|
|
3719
|
-
try {
|
|
3720
|
-
await spawn.spawn(
|
|
3721
|
-
'git',
|
|
3722
|
-
['show-ref', '--verify', '--quiet', `refs/heads/${branch}`],
|
|
3723
|
-
{
|
|
3724
|
-
cwd,
|
|
3725
|
-
stdio: 'ignore'
|
|
3726
|
-
}
|
|
3727
|
-
)
|
|
3728
|
-
return true
|
|
3729
|
-
} catch {}
|
|
3730
|
-
return false
|
|
3731
|
-
}
|
|
3715
|
+
const { GITHUB_REF_NAME } = constants
|
|
3732
3716
|
async function checkoutBaseBranchIfAvailable(baseBranch, cwd = process.cwd()) {
|
|
3733
3717
|
try {
|
|
3734
|
-
const currentBranch = (
|
|
3735
|
-
await spawn.spawn('git', ['rev-parse', '--abbrev-ref', 'HEAD'], {
|
|
3736
|
-
cwd
|
|
3737
|
-
})
|
|
3738
|
-
).stdout.trim()
|
|
3739
|
-
if (currentBranch === baseBranch) {
|
|
3740
|
-
logger.logger.info(`Already on ${baseBranch}`)
|
|
3741
|
-
return
|
|
3742
|
-
}
|
|
3743
|
-
logger.logger.info(
|
|
3744
|
-
`Switching branch from ${currentBranch} to ${baseBranch}...`
|
|
3745
|
-
)
|
|
3746
3718
|
await spawn.spawn('git', ['checkout', baseBranch], {
|
|
3747
3719
|
cwd
|
|
3748
3720
|
})
|
|
3749
|
-
|
|
3721
|
+
await spawn.spawn('git', ['reset', '--hard', `origin/${baseBranch}`], {
|
|
3722
|
+
cwd
|
|
3723
|
+
})
|
|
3724
|
+
logger.logger.info(`Checked out and reset to ${baseBranch}`)
|
|
3750
3725
|
} catch {
|
|
3751
3726
|
logger.logger.warn(
|
|
3752
3727
|
`Could not switch to ${baseBranch}. Proceeding with HEAD.`
|
|
3753
3728
|
)
|
|
3754
3729
|
}
|
|
3755
3730
|
}
|
|
3756
|
-
function
|
|
3757
|
-
// Lazily access constants.ENV[
|
|
3758
|
-
|
|
3759
|
-
|
|
3760
|
-
|
|
3761
|
-
|
|
3762
|
-
|
|
3763
|
-
|
|
3764
|
-
owner: ownerSlashRepo.slice(0, slashIndex),
|
|
3765
|
-
repo: ownerSlashRepo.slice(slashIndex + 1)
|
|
3766
|
-
}
|
|
3731
|
+
function getBaseBranch() {
|
|
3732
|
+
// Lazily access constants.ENV[GITHUB_REF_NAME].
|
|
3733
|
+
return (
|
|
3734
|
+
constants.ENV[GITHUB_REF_NAME] ??
|
|
3735
|
+
// GitHub defaults to branch name "main"
|
|
3736
|
+
// https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
|
|
3737
|
+
'main'
|
|
3738
|
+
)
|
|
3767
3739
|
}
|
|
3740
|
+
function getSocketBranchName(name, version) {
|
|
3741
|
+
return `socket-fix-${name}-${version.replace(/\./g, '-')}`
|
|
3742
|
+
}
|
|
3743
|
+
|
|
3744
|
+
const { GITHUB_ACTIONS, GITHUB_REPOSITORY, SOCKET_SECURITY_GITHUB_PAT } =
|
|
3745
|
+
constants
|
|
3768
3746
|
let _octokit
|
|
3769
3747
|
function getOctokit() {
|
|
3770
3748
|
if (_octokit === undefined) {
|
|
@@ -3775,6 +3753,16 @@ function getOctokit() {
|
|
|
3775
3753
|
}
|
|
3776
3754
|
return _octokit
|
|
3777
3755
|
}
|
|
3756
|
+
async function doesPullRequestExistForBranch(owner, repo, branch) {
|
|
3757
|
+
const octokit = getOctokit()
|
|
3758
|
+
const { data: prs } = await octokit.pulls.list({
|
|
3759
|
+
owner,
|
|
3760
|
+
repo,
|
|
3761
|
+
head: `${owner}:${branch}`,
|
|
3762
|
+
state: 'open'
|
|
3763
|
+
})
|
|
3764
|
+
return prs.length > 0
|
|
3765
|
+
}
|
|
3778
3766
|
async function enableAutoMerge(prResponseData) {
|
|
3779
3767
|
const octokit = getOctokit()
|
|
3780
3768
|
const { node_id: prId, number: prNumber } = prResponseData
|
|
@@ -3804,7 +3792,27 @@ async function enableAutoMerge(prResponseData) {
|
|
|
3804
3792
|
logger.logger.error(`Failed to enable auto-merge for PR #${prNumber}:`, e)
|
|
3805
3793
|
}
|
|
3806
3794
|
}
|
|
3807
|
-
|
|
3795
|
+
function getGitHubRepoInfo() {
|
|
3796
|
+
// Lazily access constants.ENV[GITHUB_REPOSITORY].
|
|
3797
|
+
const ownerSlashRepo = constants.ENV[GITHUB_REPOSITORY]
|
|
3798
|
+
const slashIndex = ownerSlashRepo.indexOf('/')
|
|
3799
|
+
if (slashIndex === -1) {
|
|
3800
|
+
throw new Error('GITHUB_REPOSITORY environment variable not set')
|
|
3801
|
+
}
|
|
3802
|
+
return {
|
|
3803
|
+
owner: ownerSlashRepo.slice(0, slashIndex),
|
|
3804
|
+
repo: ownerSlashRepo.slice(slashIndex + 1)
|
|
3805
|
+
}
|
|
3806
|
+
}
|
|
3807
|
+
async function openGitHubPullRequest(
|
|
3808
|
+
owner,
|
|
3809
|
+
repo,
|
|
3810
|
+
baseBranch,
|
|
3811
|
+
branch,
|
|
3812
|
+
name,
|
|
3813
|
+
version,
|
|
3814
|
+
cwd = process.cwd()
|
|
3815
|
+
) {
|
|
3808
3816
|
// Lazily access constants.ENV[GITHUB_ACTIONS].
|
|
3809
3817
|
if (constants.ENV[GITHUB_ACTIONS]) {
|
|
3810
3818
|
// Lazily access constants.ENV[SOCKET_SECURITY_GITHUB_PAT].
|
|
@@ -3812,38 +3820,11 @@ async function openGitHubPullRequest(name, targetVersion, cwd = process.cwd()) {
|
|
|
3812
3820
|
if (!pat) {
|
|
3813
3821
|
throw new Error('Missing SOCKET_SECURITY_GITHUB_PAT environment variable')
|
|
3814
3822
|
}
|
|
3815
|
-
const
|
|
3816
|
-
// Lazily access constants.ENV[GITHUB_REF_NAME].
|
|
3817
|
-
constants.ENV[GITHUB_REF_NAME] ??
|
|
3818
|
-
// GitHub defaults to branch name "main"
|
|
3819
|
-
// https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
|
|
3820
|
-
'main'
|
|
3821
|
-
const branch = `socket-fix-${name}-${targetVersion.replace(/\./g, '-')}`
|
|
3822
|
-
const commitMsg = `chore: upgrade ${name} to ${targetVersion}`
|
|
3823
|
-
const { owner, repo } = getGitHubRepoInfo()
|
|
3823
|
+
const commitMsg = `chore: upgrade ${name} to ${version}`
|
|
3824
3824
|
const url = `https://x-access-token:${pat}@github.com/${owner}/${repo}`
|
|
3825
3825
|
await spawn.spawn('git', ['remote', 'set-url', 'origin', url], {
|
|
3826
3826
|
cwd
|
|
3827
3827
|
})
|
|
3828
|
-
if (await branchExists(branch, cwd)) {
|
|
3829
|
-
logger.logger.warn(
|
|
3830
|
-
`Branch "${branch}" already exists. Skipping creation.`
|
|
3831
|
-
)
|
|
3832
|
-
} else {
|
|
3833
|
-
await checkoutBaseBranchIfAvailable(baseBranch, cwd)
|
|
3834
|
-
await spawn.spawn('git', ['checkout', '-b', branch], {
|
|
3835
|
-
cwd
|
|
3836
|
-
})
|
|
3837
|
-
await spawn.spawn('git', ['add', 'package.json', 'pnpm-lock.yaml'], {
|
|
3838
|
-
cwd
|
|
3839
|
-
})
|
|
3840
|
-
await spawn.spawn('git', ['commit', '-m', commitMsg], {
|
|
3841
|
-
cwd
|
|
3842
|
-
})
|
|
3843
|
-
await spawn.spawn('git', ['push', '--set-upstream', 'origin', branch], {
|
|
3844
|
-
cwd
|
|
3845
|
-
})
|
|
3846
|
-
}
|
|
3847
3828
|
const octokit = getOctokit()
|
|
3848
3829
|
return await octokit.pulls.create({
|
|
3849
3830
|
owner,
|
|
@@ -3851,7 +3832,7 @@ async function openGitHubPullRequest(name, targetVersion, cwd = process.cwd()) {
|
|
|
3851
3832
|
title: commitMsg,
|
|
3852
3833
|
head: branch,
|
|
3853
3834
|
base: baseBranch,
|
|
3854
|
-
body: `[socket] Upgrade \`${name}\` to ${
|
|
3835
|
+
body: `[socket] Upgrade \`${name}\` to ${version}`
|
|
3855
3836
|
})
|
|
3856
3837
|
} else {
|
|
3857
3838
|
throw new Error(
|
|
@@ -3941,92 +3922,102 @@ async function npmFix(
|
|
|
3941
3922
|
continue
|
|
3942
3923
|
}
|
|
3943
3924
|
const oldSpec = `${name}@${oldVersion}`
|
|
3944
|
-
let targetVersion
|
|
3945
|
-
let failed = false
|
|
3946
|
-
let installed = false
|
|
3947
|
-
let saved = false
|
|
3948
3925
|
if (
|
|
3949
|
-
shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)
|
|
3926
|
+
!shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)
|
|
3950
3927
|
) {
|
|
3951
|
-
|
|
3952
|
-
|
|
3953
|
-
|
|
3954
|
-
|
|
3955
|
-
|
|
3956
|
-
|
|
3957
|
-
|
|
3958
|
-
|
|
3959
|
-
|
|
3960
|
-
|
|
3961
|
-
|
|
3962
|
-
|
|
3963
|
-
|
|
3964
|
-
|
|
3965
|
-
|
|
3966
|
-
|
|
3967
|
-
|
|
3968
|
-
|
|
3969
|
-
|
|
3928
|
+
spinner?.failAndStop(`Could not patch ${oldSpec}`)
|
|
3929
|
+
return
|
|
3930
|
+
}
|
|
3931
|
+
const targetVersion = node.package.version
|
|
3932
|
+
const fixSpec = `${name}@^${targetVersion}`
|
|
3933
|
+
const revertData = {
|
|
3934
|
+
...(editablePkgJson.content.dependencies
|
|
3935
|
+
? {
|
|
3936
|
+
dependencies: editablePkgJson.content.dependencies
|
|
3937
|
+
}
|
|
3938
|
+
: undefined),
|
|
3939
|
+
...(editablePkgJson.content.optionalDependencies
|
|
3940
|
+
? {
|
|
3941
|
+
optionalDependencies:
|
|
3942
|
+
editablePkgJson.content.optionalDependencies
|
|
3943
|
+
}
|
|
3944
|
+
: undefined),
|
|
3945
|
+
...(editablePkgJson.content.peerDependencies
|
|
3946
|
+
? {
|
|
3947
|
+
peerDependencies: editablePkgJson.content.peerDependencies
|
|
3948
|
+
}
|
|
3949
|
+
: undefined)
|
|
3950
|
+
}
|
|
3951
|
+
spinner?.info(`Installing ${fixSpec}`)
|
|
3952
|
+
const { owner, repo } = getGitHubRepoInfo()
|
|
3953
|
+
const baseBranch = getBaseBranch()
|
|
3954
|
+
const branch = getSocketBranchName(name, targetVersion)
|
|
3955
|
+
|
|
3956
|
+
// eslint-disable-next-line no-await-in-loop
|
|
3957
|
+
await checkoutBaseBranchIfAvailable(baseBranch, cwd)
|
|
3958
|
+
let installed = false
|
|
3959
|
+
let saved = false
|
|
3960
|
+
try {
|
|
3961
|
+
shadowNpmInject.updatePackageJsonFromNode(
|
|
3962
|
+
editablePkgJson,
|
|
3963
|
+
arb.idealTree,
|
|
3964
|
+
node,
|
|
3965
|
+
targetVersion,
|
|
3966
|
+
rangeStyle
|
|
3967
|
+
)
|
|
3968
|
+
// eslint-disable-next-line no-await-in-loop
|
|
3969
|
+
await editablePkgJson.save()
|
|
3970
|
+
saved = true
|
|
3971
|
+
|
|
3972
|
+
// eslint-disable-next-line no-await-in-loop
|
|
3973
|
+
await install$1(arb.idealTree, {
|
|
3974
|
+
cwd
|
|
3975
|
+
})
|
|
3976
|
+
installed = true
|
|
3977
|
+
if (test) {
|
|
3978
|
+
spinner?.info(`Testing ${fixSpec}`)
|
|
3979
|
+
// eslint-disable-next-line no-await-in-loop
|
|
3980
|
+
await npm.runScript(testScript, [], {
|
|
3981
|
+
spinner,
|
|
3982
|
+
stdio: 'ignore'
|
|
3983
|
+
})
|
|
3970
3984
|
}
|
|
3971
|
-
spinner?.
|
|
3972
|
-
|
|
3973
|
-
|
|
3974
|
-
|
|
3975
|
-
|
|
3976
|
-
|
|
3977
|
-
targetVersion,
|
|
3978
|
-
rangeStyle
|
|
3979
|
-
)
|
|
3985
|
+
spinner?.successAndStop(`Fixed ${name}`)
|
|
3986
|
+
spinner?.start()
|
|
3987
|
+
} catch {
|
|
3988
|
+
spinner?.error(`Reverting ${fixSpec}`)
|
|
3989
|
+
if (saved) {
|
|
3990
|
+
editablePkgJson.update(revertData)
|
|
3980
3991
|
// eslint-disable-next-line no-await-in-loop
|
|
3981
3992
|
await editablePkgJson.save()
|
|
3982
|
-
|
|
3983
|
-
|
|
3993
|
+
}
|
|
3994
|
+
if (installed) {
|
|
3984
3995
|
// eslint-disable-next-line no-await-in-loop
|
|
3985
|
-
await install$1(
|
|
3996
|
+
await install$1(revertTree, {
|
|
3986
3997
|
cwd
|
|
3987
3998
|
})
|
|
3988
|
-
installed = true
|
|
3989
|
-
if (test) {
|
|
3990
|
-
spinner?.info(`Testing ${fixSpec}`)
|
|
3991
|
-
// eslint-disable-next-line no-await-in-loop
|
|
3992
|
-
await npm.runScript(testScript, [], {
|
|
3993
|
-
spinner,
|
|
3994
|
-
stdio: 'ignore'
|
|
3995
|
-
})
|
|
3996
|
-
}
|
|
3997
|
-
spinner?.successAndStop(`Fixed ${name}`)
|
|
3998
|
-
spinner?.start()
|
|
3999
|
-
} catch {
|
|
4000
|
-
failed = true
|
|
4001
|
-
spinner?.error(`Reverting ${fixSpec}`)
|
|
4002
|
-
if (saved) {
|
|
4003
|
-
editablePkgJson.update(revertData)
|
|
4004
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4005
|
-
await editablePkgJson.save()
|
|
4006
|
-
}
|
|
4007
|
-
if (installed) {
|
|
4008
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4009
|
-
await install$1(revertTree, {
|
|
4010
|
-
cwd
|
|
4011
|
-
})
|
|
4012
|
-
}
|
|
4013
|
-
spinner?.failAndStop(`Failed to fix ${oldSpec}`)
|
|
4014
3999
|
}
|
|
4015
|
-
|
|
4016
|
-
|
|
4017
|
-
spinner?.failAndStop(`Could not patch ${oldSpec}`)
|
|
4000
|
+
spinner?.failAndStop(`Failed to fix ${oldSpec}`)
|
|
4001
|
+
return
|
|
4018
4002
|
}
|
|
4019
4003
|
if (
|
|
4020
|
-
!failed &&
|
|
4021
|
-
// Check targetVersion to make TypeScript happy.
|
|
4022
|
-
targetVersion &&
|
|
4023
4004
|
// Lazily access constants.ENV[CI].
|
|
4024
|
-
constants.ENV[CI$1]
|
|
4005
|
+
constants.ENV[CI$1] &&
|
|
4006
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4007
|
+
!(await doesPullRequestExistForBranch(owner, repo, branch))
|
|
4025
4008
|
) {
|
|
4026
4009
|
let prResponse
|
|
4027
4010
|
try {
|
|
4028
4011
|
// eslint-disable-next-line no-await-in-loop
|
|
4029
|
-
prResponse = await openGitHubPullRequest(
|
|
4012
|
+
prResponse = await openGitHubPullRequest(
|
|
4013
|
+
owner,
|
|
4014
|
+
repo,
|
|
4015
|
+
baseBranch,
|
|
4016
|
+
branch,
|
|
4017
|
+
name,
|
|
4018
|
+
targetVersion,
|
|
4019
|
+
cwd
|
|
4020
|
+
)
|
|
4030
4021
|
} catch (e) {
|
|
4031
4022
|
logger.logger.error('Failed to open pull request', e)
|
|
4032
4023
|
}
|
|
@@ -4341,122 +4332,133 @@ async function pnpmFix(
|
|
|
4341
4332
|
const targetPackument = targetVersion
|
|
4342
4333
|
? packument.versions[targetVersion]
|
|
4343
4334
|
: undefined
|
|
4344
|
-
|
|
4335
|
+
if (!(targetVersion && targetPackument)) {
|
|
4336
|
+
spinner?.failAndStop(`Could not patch ${oldSpec}`)
|
|
4337
|
+
return
|
|
4338
|
+
}
|
|
4339
|
+
const oldPnpm = editablePkgJson.content[PNPM$9]
|
|
4340
|
+
const oldPnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
|
|
4341
|
+
const oldOverrides = oldPnpm?.[OVERRIDES$2]
|
|
4342
|
+
const oldOverridesCount = oldOverrides
|
|
4343
|
+
? Object.keys(oldOverrides).length
|
|
4344
|
+
: 0
|
|
4345
|
+
const overrideKey = `${node.name}@${vulnerableVersionRange}`
|
|
4346
|
+
const overrideRange = shadowNpmInject.applyRange(
|
|
4347
|
+
oldOverrides?.[overrideKey] ?? targetVersion,
|
|
4348
|
+
targetVersion,
|
|
4349
|
+
rangeStyle
|
|
4350
|
+
)
|
|
4351
|
+
const fixSpec = `${name}@${overrideRange}`
|
|
4352
|
+
const updateData = {
|
|
4353
|
+
[PNPM$9]: {
|
|
4354
|
+
...oldPnpm,
|
|
4355
|
+
[OVERRIDES$2]: {
|
|
4356
|
+
[overrideKey]: overrideRange,
|
|
4357
|
+
...oldOverrides
|
|
4358
|
+
}
|
|
4359
|
+
}
|
|
4360
|
+
}
|
|
4361
|
+
const revertData = {
|
|
4362
|
+
[PNPM$9]: oldPnpmKeyCount
|
|
4363
|
+
? {
|
|
4364
|
+
...oldPnpm,
|
|
4365
|
+
[OVERRIDES$2]:
|
|
4366
|
+
oldOverridesCount === 1
|
|
4367
|
+
? undefined
|
|
4368
|
+
: {
|
|
4369
|
+
[overrideKey]: undefined,
|
|
4370
|
+
...oldOverrides
|
|
4371
|
+
}
|
|
4372
|
+
}
|
|
4373
|
+
: undefined,
|
|
4374
|
+
...(editablePkgJson.content.dependencies
|
|
4375
|
+
? {
|
|
4376
|
+
dependencies: editablePkgJson.content.dependencies
|
|
4377
|
+
}
|
|
4378
|
+
: undefined),
|
|
4379
|
+
...(editablePkgJson.content.optionalDependencies
|
|
4380
|
+
? {
|
|
4381
|
+
optionalDependencies:
|
|
4382
|
+
editablePkgJson.content.optionalDependencies
|
|
4383
|
+
}
|
|
4384
|
+
: undefined),
|
|
4385
|
+
...(editablePkgJson.content.peerDependencies
|
|
4386
|
+
? {
|
|
4387
|
+
peerDependencies: editablePkgJson.content.peerDependencies
|
|
4388
|
+
}
|
|
4389
|
+
: undefined)
|
|
4390
|
+
}
|
|
4391
|
+
spinner?.info(`Installing ${fixSpec}`)
|
|
4392
|
+
const { owner, repo } = getGitHubRepoInfo()
|
|
4393
|
+
const baseBranch = getBaseBranch()
|
|
4394
|
+
const branch = getSocketBranchName(name, targetVersion)
|
|
4395
|
+
|
|
4396
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4397
|
+
await checkoutBaseBranchIfAvailable(baseBranch, cwd)
|
|
4345
4398
|
let installed = false
|
|
4346
4399
|
let saved = false
|
|
4347
|
-
|
|
4348
|
-
|
|
4349
|
-
|
|
4350
|
-
|
|
4351
|
-
|
|
4352
|
-
|
|
4353
|
-
: 0
|
|
4354
|
-
const overrideKey = `${node.name}@${vulnerableVersionRange}`
|
|
4355
|
-
const overrideRange = shadowNpmInject.applyRange(
|
|
4356
|
-
oldOverrides?.[overrideKey] ?? targetVersion,
|
|
4400
|
+
try {
|
|
4401
|
+
editablePkgJson.update(updateData)
|
|
4402
|
+
shadowNpmInject.updatePackageJsonFromNode(
|
|
4403
|
+
editablePkgJson,
|
|
4404
|
+
actualTree,
|
|
4405
|
+
node,
|
|
4357
4406
|
targetVersion,
|
|
4358
4407
|
rangeStyle
|
|
4359
4408
|
)
|
|
4360
|
-
|
|
4361
|
-
|
|
4362
|
-
|
|
4363
|
-
|
|
4364
|
-
|
|
4365
|
-
|
|
4366
|
-
|
|
4367
|
-
|
|
4368
|
-
|
|
4369
|
-
|
|
4370
|
-
|
|
4371
|
-
|
|
4372
|
-
|
|
4373
|
-
|
|
4374
|
-
|
|
4375
|
-
|
|
4376
|
-
? undefined
|
|
4377
|
-
: {
|
|
4378
|
-
[overrideKey]: undefined,
|
|
4379
|
-
...oldOverrides
|
|
4380
|
-
}
|
|
4381
|
-
}
|
|
4382
|
-
: undefined,
|
|
4383
|
-
...(editablePkgJson.content.dependencies
|
|
4384
|
-
? {
|
|
4385
|
-
dependencies: editablePkgJson.content.dependencies
|
|
4386
|
-
}
|
|
4387
|
-
: undefined),
|
|
4388
|
-
...(editablePkgJson.content.optionalDependencies
|
|
4389
|
-
? {
|
|
4390
|
-
optionalDependencies:
|
|
4391
|
-
editablePkgJson.content.optionalDependencies
|
|
4392
|
-
}
|
|
4393
|
-
: undefined),
|
|
4394
|
-
...(editablePkgJson.content.peerDependencies
|
|
4395
|
-
? {
|
|
4396
|
-
peerDependencies: editablePkgJson.content.peerDependencies
|
|
4397
|
-
}
|
|
4398
|
-
: undefined)
|
|
4409
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4410
|
+
await editablePkgJson.save()
|
|
4411
|
+
saved = true
|
|
4412
|
+
|
|
4413
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4414
|
+
actualTree = await install(pkgEnvDetails, {
|
|
4415
|
+
spinner
|
|
4416
|
+
})
|
|
4417
|
+
installed = true
|
|
4418
|
+
if (test) {
|
|
4419
|
+
spinner?.info(`Testing ${fixSpec}`)
|
|
4420
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4421
|
+
await npm.runScript(testScript, [], {
|
|
4422
|
+
spinner,
|
|
4423
|
+
stdio: 'ignore'
|
|
4424
|
+
})
|
|
4399
4425
|
}
|
|
4400
|
-
spinner?.
|
|
4401
|
-
|
|
4402
|
-
|
|
4403
|
-
|
|
4404
|
-
|
|
4405
|
-
|
|
4406
|
-
node,
|
|
4407
|
-
targetVersion,
|
|
4408
|
-
rangeStyle
|
|
4409
|
-
)
|
|
4426
|
+
spinner?.successAndStop(`Fixed ${name}`)
|
|
4427
|
+
spinner?.start()
|
|
4428
|
+
} catch (e) {
|
|
4429
|
+
spinner?.error(`Reverting ${fixSpec}`, e)
|
|
4430
|
+
if (saved) {
|
|
4431
|
+
editablePkgJson.update(revertData)
|
|
4410
4432
|
// eslint-disable-next-line no-await-in-loop
|
|
4411
4433
|
await editablePkgJson.save()
|
|
4412
|
-
|
|
4413
|
-
|
|
4434
|
+
}
|
|
4435
|
+
if (installed) {
|
|
4414
4436
|
// eslint-disable-next-line no-await-in-loop
|
|
4415
4437
|
actualTree = await install(pkgEnvDetails, {
|
|
4416
4438
|
spinner
|
|
4417
4439
|
})
|
|
4418
|
-
installed = true
|
|
4419
|
-
if (test) {
|
|
4420
|
-
spinner?.info(`Testing ${fixSpec}`)
|
|
4421
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4422
|
-
await npm.runScript(testScript, [], {
|
|
4423
|
-
spinner,
|
|
4424
|
-
stdio: 'ignore'
|
|
4425
|
-
})
|
|
4426
|
-
}
|
|
4427
|
-
spinner?.successAndStop(`Fixed ${name}`)
|
|
4428
|
-
spinner?.start()
|
|
4429
|
-
} catch (e) {
|
|
4430
|
-
failed = true
|
|
4431
|
-
spinner?.error(`Reverting ${fixSpec}`, e)
|
|
4432
|
-
if (saved) {
|
|
4433
|
-
editablePkgJson.update(revertData)
|
|
4434
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4435
|
-
await editablePkgJson.save()
|
|
4436
|
-
}
|
|
4437
|
-
if (installed) {
|
|
4438
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4439
|
-
actualTree = await install(pkgEnvDetails, {
|
|
4440
|
-
spinner
|
|
4441
|
-
})
|
|
4442
|
-
}
|
|
4443
|
-
spinner?.failAndStop(`Failed to fix ${oldSpec}`)
|
|
4444
4440
|
}
|
|
4445
|
-
|
|
4446
|
-
|
|
4447
|
-
spinner?.failAndStop(`Could not patch ${oldSpec}`)
|
|
4441
|
+
spinner?.failAndStop(`Failed to fix ${oldSpec}`)
|
|
4442
|
+
return
|
|
4448
4443
|
}
|
|
4449
4444
|
if (
|
|
4450
|
-
!failed &&
|
|
4451
|
-
// Check targetVersion to make TypeScript happy.
|
|
4452
|
-
targetVersion &&
|
|
4453
4445
|
// Lazily access constants.ENV[CI].
|
|
4454
|
-
constants.ENV[CI]
|
|
4446
|
+
constants.ENV[CI] &&
|
|
4447
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4448
|
+
!(await doesPullRequestExistForBranch(owner, repo, branch))
|
|
4455
4449
|
) {
|
|
4456
4450
|
let prResponse
|
|
4457
4451
|
try {
|
|
4458
4452
|
// eslint-disable-next-line no-await-in-loop
|
|
4459
|
-
prResponse = await openGitHubPullRequest(
|
|
4453
|
+
prResponse = await openGitHubPullRequest(
|
|
4454
|
+
owner,
|
|
4455
|
+
repo,
|
|
4456
|
+
baseBranch,
|
|
4457
|
+
branch,
|
|
4458
|
+
name,
|
|
4459
|
+
targetVersion,
|
|
4460
|
+
cwd
|
|
4461
|
+
)
|
|
4460
4462
|
} catch (e) {
|
|
4461
4463
|
logger.logger.error('Failed to open pull request', e)
|
|
4462
4464
|
}
|
|
@@ -4904,9 +4906,14 @@ const config$z = {
|
|
|
4904
4906
|
hidden: true,
|
|
4905
4907
|
flags: {
|
|
4906
4908
|
...commonFlags,
|
|
4909
|
+
autoPilot: {
|
|
4910
|
+
type: 'boolean',
|
|
4911
|
+
default: false,
|
|
4912
|
+
description: `Shorthand for --autoMerge --test`
|
|
4913
|
+
},
|
|
4907
4914
|
autoMerge: {
|
|
4908
4915
|
type: 'boolean',
|
|
4909
|
-
default:
|
|
4916
|
+
default: false,
|
|
4910
4917
|
description: `Enable auto-merge for pull requests that Socket opens.\n See ${terminalLink('GitHub documentation', 'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository')} for managing auto-merge for pull requests in your repository.`
|
|
4911
4918
|
},
|
|
4912
4919
|
rangeStyle: {
|
|
@@ -4925,7 +4932,7 @@ const config$z = {
|
|
|
4925
4932
|
},
|
|
4926
4933
|
test: {
|
|
4927
4934
|
type: 'boolean',
|
|
4928
|
-
default:
|
|
4935
|
+
default: false,
|
|
4929
4936
|
description: 'Verify the fix by running unit tests'
|
|
4930
4937
|
},
|
|
4931
4938
|
testScript: {
|
|
@@ -4972,6 +4979,7 @@ async function run$z(argv, importMeta, { parentName }) {
|
|
|
4972
4979
|
const { spinner } = constants
|
|
4973
4980
|
await runFix({
|
|
4974
4981
|
autoMerge: Boolean(cli.flags['autoMerge']),
|
|
4982
|
+
autoPilot: Boolean(cli.flags['autoPilot']),
|
|
4975
4983
|
spinner,
|
|
4976
4984
|
rangeStyle: cli.flags['rangeStyle'] ?? undefined,
|
|
4977
4985
|
test: Boolean(cli.flags['test']),
|
|
@@ -10842,7 +10850,10 @@ async function outputThreatFeed(data, { outputKind }) {
|
|
|
10842
10850
|
|
|
10843
10851
|
// Note: this temporarily takes over the terminal (just like `man` does).
|
|
10844
10852
|
const ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'))
|
|
10845
|
-
|
|
10853
|
+
// Lazily access constants.blessedOptions.
|
|
10854
|
+
const screen = new ScreenWidget({
|
|
10855
|
+
...constants.blessedOptions
|
|
10856
|
+
})
|
|
10846
10857
|
// Register these keys first so you can always exit, even when it gets stuck
|
|
10847
10858
|
// If we don't do this and the code crashes, the user must hard-kill the
|
|
10848
10859
|
// node process just to exit it. That's very bad UX.
|
|
@@ -11349,7 +11360,7 @@ void (async () => {
|
|
|
11349
11360
|
await vendor.updater({
|
|
11350
11361
|
name: SOCKET_CLI_BIN_NAME,
|
|
11351
11362
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
11352
|
-
version: '0.14.
|
|
11363
|
+
version: '0.14.93',
|
|
11353
11364
|
ttl: 86_400_000 /* 24 hours in milliseconds */
|
|
11354
11365
|
})
|
|
11355
11366
|
try {
|
|
@@ -11417,5 +11428,5 @@ void (async () => {
|
|
|
11417
11428
|
await shadowNpmInject.captureException(e)
|
|
11418
11429
|
}
|
|
11419
11430
|
})()
|
|
11420
|
-
//# debugId=
|
|
11431
|
+
//# debugId=3c2ff94f-317f-469e-8671-72f84fc1fa28
|
|
11421
11432
|
//# sourceMappingURL=cli.js.map
|