@socketsecurity/cli-with-sentry 0.14.97 → 0.14.98
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/instrument-with-sentry.js +2 -2
- package/dist/instrument-with-sentry.js.map +1 -1
- package/dist/module-sync/cli.js +168 -119
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/shadow-npm-inject.js +53 -53
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/module-sync/vendor.js +117 -114
- package/dist/module-sync/vendor.js.map +1 -1
- package/dist/require/cli.js +168 -119
- package/dist/require/cli.js.map +1 -1
- package/dist/require/shadow-npm-inject.js +53 -53
- package/dist/require/shadow-npm-inject.js.map +1 -1
- package/package.json +73 -69
|
@@ -41,7 +41,7 @@ const relConstantsPath = './constants'
|
|
|
41
41
|
Sentry.setTag(
|
|
42
42
|
'version',
|
|
43
43
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
|
|
44
|
-
'0.14.
|
|
44
|
+
'0.14.98:34de472:32aaa5f0:pub'
|
|
45
45
|
)
|
|
46
46
|
const constants = require(relConstantsPath)
|
|
47
47
|
if (constants.ENV.SOCKET_CLI_DEBUG) {
|
|
@@ -56,5 +56,5 @@ const relConstantsPath = './constants'
|
|
|
56
56
|
} = constants
|
|
57
57
|
setSentry(Sentry)
|
|
58
58
|
}
|
|
59
|
-
//# debugId=
|
|
59
|
+
//# debugId=2a41e4d4-7137-41d2-9710-a475fcfeadc1
|
|
60
60
|
//# sourceMappingURL=instrument-with-sentry.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"instrument-with-sentry.js","sources":["../../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n const Sentry = require('@sentry/node')\n Sentry.init({\n onFatalError(error: Error) {\n // Defer module loads until after Sentry.init is called.\n if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n }\n },\n dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n enabled: true,\n integrations: []\n })\n Sentry.setTag(\n 'environment',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n ? 'pub'\n : // The NODE_ENV convention is used by apps to define the runtime environment.\n // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n process.env['NODE_ENV']\n )\n Sentry.setTag(\n 'version',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n )\n const constants = require(relConstantsPath)\n if (constants.ENV.SOCKET_CLI_DEBUG) {\n Sentry.setTag('debugging', true)\n logger.log('[DEBUG] Set up Sentry.')\n } else {\n Sentry.setTag('debugging', false)\n }\n const {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n } = constants\n setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":"
|
|
1
|
+
{"version":3,"file":"instrument-with-sentry.js","sources":["../../src/instrument-with-sentry.ts"],"sourcesContent":["// This should ONLY be included in the special Sentry build!\n// Otherwise the Sentry dependency won't even be present in the manifest.\n\nimport { logger } from '@socketsecurity/registry/lib/logger'\n\n// Require constants with require(relConstantsPath) instead of require('./constants')\n// so Rollup doesn't generate a constants2.js chunk.\nconst relConstantsPath = './constants'\n// The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\nif (process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) {\n const Sentry = require('@sentry/node')\n Sentry.init({\n onFatalError(error: Error) {\n // Defer module loads until after Sentry.init is called.\n if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.fail('[DEBUG] [Sentry onFatalError]:', error)\n }\n },\n dsn: 'https://66736701db8e4ffac046bd09fa6aaced@o555220.ingest.us.sentry.io/4508846967619585',\n enabled: true,\n integrations: []\n })\n Sentry.setTag(\n 'environment',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\n ? 'pub'\n : // The NODE_ENV convention is used by apps to define the runtime environment.\n // https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production\n process.env['NODE_ENV']\n )\n Sentry.setTag(\n 'version',\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n process.env['INLINED_SOCKET_CLI_VERSION_HASH']\n )\n const constants = require(relConstantsPath)\n if (constants.ENV.SOCKET_CLI_DEBUG) {\n Sentry.setTag('debugging', true)\n logger.log('[DEBUG] Set up Sentry.')\n } else {\n Sentry.setTag('debugging', false)\n }\n const {\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: { setSentry }\n } = constants\n setSentry(Sentry)\n} else if (require(relConstantsPath).ENV.SOCKET_CLI_DEBUG) {\n logger.log('[DEBUG] Sentry disabled explicitly.')\n}\n"],"names":["logger","dsn","enabled","integrations","process","Sentry","setSentry"],"mappings":";;;;;;;;;;;;;;;AAAA;AACA;;;AAIA;AACA;AACA;AACA;AACoD;AAClD;;;AAGI;;AAEEA;AACF;;AAEFC;AACAC;AACAC;AACF;;AAGE;AACAC;;AAQA;AACAA;AAEF;AACA;AACEC;AACAL;AACF;AACEK;AACF;;;AAGE;AAA+DC;AAAU;AAC3E;;AAEF","debugId":"2a41e4d4-7137-41d2-9710-a475fcfeadc1"}
|
package/dist/module-sync/cli.js
CHANGED
|
@@ -35,6 +35,7 @@ const arrays = require('@socketsecurity/registry/lib/arrays')
|
|
|
35
35
|
const registry = require('@socketsecurity/registry')
|
|
36
36
|
const npm = require('@socketsecurity/registry/lib/npm')
|
|
37
37
|
const packages = require('@socketsecurity/registry/lib/packages')
|
|
38
|
+
const packageurlJs = require('@socketregistry/packageurl-js')
|
|
38
39
|
const spawn = require('@socketsecurity/registry/lib/spawn')
|
|
39
40
|
const index_cjs = require('@socketregistry/hyrious__bun.lockb/index.cjs')
|
|
40
41
|
const sorts = require('@socketsecurity/registry/lib/sorts')
|
|
@@ -899,7 +900,7 @@ function emitBanner(name) {
|
|
|
899
900
|
logger.logger.error(getAsciiHeader(name))
|
|
900
901
|
}
|
|
901
902
|
function getAsciiHeader(command) {
|
|
902
|
-
const cliVersion = '0.14.
|
|
903
|
+
const cliVersion = '0.14.98:34de472:32aaa5f0:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
|
|
903
904
|
const nodeVersion = process$1.version
|
|
904
905
|
const apiToken = shadowNpmInject.getDefaultToken()
|
|
905
906
|
const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
|
|
@@ -1356,7 +1357,7 @@ async function runCycloneDX(yargvWithYes) {
|
|
|
1356
1357
|
await shadowBin(NPX$3, [
|
|
1357
1358
|
...yesArgs,
|
|
1358
1359
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SYNP_VERSION']".
|
|
1359
|
-
`synp@${'
|
|
1360
|
+
`synp@${'1.9.14'}`,
|
|
1360
1361
|
'--source-file',
|
|
1361
1362
|
`./${YARN_LOCK}`
|
|
1362
1363
|
])
|
|
@@ -1368,7 +1369,7 @@ async function runCycloneDX(yargvWithYes) {
|
|
|
1368
1369
|
await shadowBin(NPX$3, [
|
|
1369
1370
|
...yesArgs,
|
|
1370
1371
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']".
|
|
1371
|
-
`@cyclonedx/cdxgen@${'
|
|
1372
|
+
`@cyclonedx/cdxgen@${'11.2.3'}`,
|
|
1372
1373
|
...argvToArray(yargv)
|
|
1373
1374
|
])
|
|
1374
1375
|
if (cleanupPackageLock) {
|
|
@@ -3701,6 +3702,12 @@ const cmdDiffScan = {
|
|
|
3701
3702
|
}
|
|
3702
3703
|
|
|
3703
3704
|
const { GITHUB_REF_NAME } = constants
|
|
3705
|
+
function formatBranchName(str) {
|
|
3706
|
+
return str.replace(/[-_.]+/g, '-').replace(/[-a-zA-Z0-9]+/g, '') ?? ''
|
|
3707
|
+
}
|
|
3708
|
+
function getPkgNameFromPurlObj(purlObj) {
|
|
3709
|
+
return `${purlObj.namespace ? `${purlObj.namespace}/` : ''}${purlObj.name}`
|
|
3710
|
+
}
|
|
3704
3711
|
async function branchExists(branch, cwd = process.cwd()) {
|
|
3705
3712
|
try {
|
|
3706
3713
|
await spawn.spawn(
|
|
@@ -3762,8 +3769,28 @@ function getBaseBranch() {
|
|
|
3762
3769
|
'main'
|
|
3763
3770
|
)
|
|
3764
3771
|
}
|
|
3765
|
-
function getSocketBranchName(
|
|
3766
|
-
|
|
3772
|
+
function getSocketBranchName(purl, toVersion) {
|
|
3773
|
+
const purlObj = packageurlJs.PackageURL.fromString(purl)
|
|
3774
|
+
const namespace = formatBranchName(purlObj.namespace ?? '')
|
|
3775
|
+
const name = formatBranchName(purlObj.name)
|
|
3776
|
+
const version = formatBranchName(toVersion)
|
|
3777
|
+
const fullName = `${namespace ? `${namespace}-` : ''}${name}`
|
|
3778
|
+
return `socket-fix-${fullName}-${version}`
|
|
3779
|
+
}
|
|
3780
|
+
function getSocketPullRequestTitle(purl, toVersion) {
|
|
3781
|
+
const purlObj = packageurlJs.PackageURL.fromString(purl)
|
|
3782
|
+
const pkgName = getPkgNameFromPurlObj(purlObj)
|
|
3783
|
+
return `Bump ${pkgName} from ${purlObj.version} to ${toVersion}`
|
|
3784
|
+
}
|
|
3785
|
+
function getSocketPullRequestBody(purl, toVersion) {
|
|
3786
|
+
const purlObj = packageurlJs.PackageURL.fromString(purl)
|
|
3787
|
+
const pkgName = getPkgNameFromPurlObj(purlObj)
|
|
3788
|
+
return `Bumps [${pkgName}](https://socket.dev/${purlObj.type}/package/${pkgName}) from ${purlObj.version} to ${toVersion}.`
|
|
3789
|
+
}
|
|
3790
|
+
function getSocketCommitMessage(purl, toVersion) {
|
|
3791
|
+
const purlObj = packageurlJs.PackageURL.fromString(purl)
|
|
3792
|
+
const pkgName = getPkgNameFromPurlObj(purlObj)
|
|
3793
|
+
return `socket: Bump ${pkgName} from ${purlObj.version} to ${toVersion}`
|
|
3767
3794
|
}
|
|
3768
3795
|
|
|
3769
3796
|
const { GITHUB_ACTIONS, GITHUB_REPOSITORY, SOCKET_SECURITY_GITHUB_PAT } =
|
|
@@ -3778,6 +3805,18 @@ function getOctokit() {
|
|
|
3778
3805
|
}
|
|
3779
3806
|
return _octokit
|
|
3780
3807
|
}
|
|
3808
|
+
let _octokitGraphql
|
|
3809
|
+
function getOctokitGraphql() {
|
|
3810
|
+
if (!_octokitGraphql) {
|
|
3811
|
+
_octokitGraphql = vendor.graphql2.defaults({
|
|
3812
|
+
headers: {
|
|
3813
|
+
// Lazily access constants.ENV[SOCKET_SECURITY_GITHUB_PAT].
|
|
3814
|
+
authorization: `token ${constants.ENV[SOCKET_SECURITY_GITHUB_PAT]}`
|
|
3815
|
+
}
|
|
3816
|
+
})
|
|
3817
|
+
}
|
|
3818
|
+
return _octokitGraphql
|
|
3819
|
+
}
|
|
3781
3820
|
async function doesPullRequestExistForBranch(owner, repo, branch) {
|
|
3782
3821
|
const octokit = getOctokit()
|
|
3783
3822
|
const { data: prs } = await octokit.pulls.list({
|
|
@@ -3788,11 +3827,10 @@ async function doesPullRequestExistForBranch(owner, repo, branch) {
|
|
|
3788
3827
|
})
|
|
3789
3828
|
return prs.length > 0
|
|
3790
3829
|
}
|
|
3791
|
-
async function enableAutoMerge(
|
|
3792
|
-
const
|
|
3793
|
-
const { node_id: prId, number: prNumber } = prResponseData
|
|
3830
|
+
async function enableAutoMerge({ node_id: prId, number: prNumber }) {
|
|
3831
|
+
const octokitGraphql = getOctokitGraphql()
|
|
3794
3832
|
try {
|
|
3795
|
-
await
|
|
3833
|
+
await octokitGraphql(
|
|
3796
3834
|
`
|
|
3797
3835
|
mutation EnableAutoMerge($pullRequestId: ID!) {
|
|
3798
3836
|
enablePullRequestAutoMerge(input: {
|
|
@@ -3813,16 +3851,23 @@ async function enableAutoMerge(prResponseData) {
|
|
|
3813
3851
|
}
|
|
3814
3852
|
)
|
|
3815
3853
|
logger.logger.info(`Auto-merge enabled for PR #${prNumber}`)
|
|
3854
|
+
return true
|
|
3816
3855
|
} catch (e) {
|
|
3817
|
-
|
|
3856
|
+
let message = `Failed to enable auto-merge for PR #${prNumber}`
|
|
3857
|
+
if (e instanceof vendor.GraphqlResponseError && e.errors) {
|
|
3858
|
+
const details = e.errors.map(({ message }) => ` - ${message}`).join('\n')
|
|
3859
|
+
message += `:\n${details}`
|
|
3860
|
+
}
|
|
3861
|
+
logger.logger.error(message)
|
|
3862
|
+
return false
|
|
3818
3863
|
}
|
|
3819
3864
|
}
|
|
3820
|
-
function
|
|
3865
|
+
function getGitHubEnvRepoInfo() {
|
|
3821
3866
|
// Lazily access constants.ENV[GITHUB_REPOSITORY].
|
|
3822
3867
|
const ownerSlashRepo = constants.ENV[GITHUB_REPOSITORY]
|
|
3823
3868
|
const slashIndex = ownerSlashRepo.indexOf('/')
|
|
3824
3869
|
if (slashIndex === -1) {
|
|
3825
|
-
throw new Error('GITHUB_REPOSITORY environment variable
|
|
3870
|
+
throw new Error('Missing GITHUB_REPOSITORY environment variable')
|
|
3826
3871
|
}
|
|
3827
3872
|
return {
|
|
3828
3873
|
owner: ownerSlashRepo.slice(0, slashIndex),
|
|
@@ -3834,8 +3879,8 @@ async function openGitHubPullRequest(
|
|
|
3834
3879
|
repo,
|
|
3835
3880
|
baseBranch,
|
|
3836
3881
|
branch,
|
|
3837
|
-
|
|
3838
|
-
|
|
3882
|
+
purl,
|
|
3883
|
+
toVersion,
|
|
3839
3884
|
cwd = process.cwd()
|
|
3840
3885
|
) {
|
|
3841
3886
|
// Lazily access constants.ENV[GITHUB_ACTIONS].
|
|
@@ -3850,19 +3895,34 @@ async function openGitHubPullRequest(
|
|
|
3850
3895
|
cwd
|
|
3851
3896
|
})
|
|
3852
3897
|
const octokit = getOctokit()
|
|
3853
|
-
|
|
3854
|
-
|
|
3855
|
-
|
|
3856
|
-
|
|
3857
|
-
|
|
3858
|
-
|
|
3859
|
-
|
|
3860
|
-
|
|
3861
|
-
|
|
3862
|
-
|
|
3863
|
-
|
|
3864
|
-
|
|
3898
|
+
try {
|
|
3899
|
+
return await octokit.pulls.create({
|
|
3900
|
+
owner,
|
|
3901
|
+
repo,
|
|
3902
|
+
title: getSocketPullRequestTitle(purl, toVersion),
|
|
3903
|
+
head: branch,
|
|
3904
|
+
base: baseBranch,
|
|
3905
|
+
body: getSocketPullRequestBody(purl, toVersion)
|
|
3906
|
+
})
|
|
3907
|
+
} catch (e) {
|
|
3908
|
+
let message = `Failed to open pull request`
|
|
3909
|
+
if (e instanceof vendor.RequestError) {
|
|
3910
|
+
const restErrors = e.response?.data?.['errors']
|
|
3911
|
+
if (Array.isArray(restErrors)) {
|
|
3912
|
+
const details = restErrors
|
|
3913
|
+
.map(
|
|
3914
|
+
restErr =>
|
|
3915
|
+
`- ${restErr.message ?? `${restErr.resource}.${restErr.field} (${restErr.code})`}`
|
|
3916
|
+
)
|
|
3917
|
+
.join('\n')
|
|
3918
|
+
message += `:\n${details}`
|
|
3919
|
+
}
|
|
3920
|
+
}
|
|
3921
|
+
logger.logger.error(message)
|
|
3922
|
+
return null
|
|
3923
|
+
}
|
|
3865
3924
|
}
|
|
3925
|
+
throw new Error('Missing GITHUB_ACTIONS environment variable')
|
|
3866
3926
|
}
|
|
3867
3927
|
|
|
3868
3928
|
const { CI: CI$1, NPM: NPM$f } = constants
|
|
@@ -3928,7 +3988,9 @@ async function npmFix(
|
|
|
3928
3988
|
for (const spec of specs) {
|
|
3929
3989
|
const lastAtSignIndex = spec.lastIndexOf('@')
|
|
3930
3990
|
const name = spec.slice(0, lastAtSignIndex)
|
|
3931
|
-
const
|
|
3991
|
+
const fromVersion = spec.slice(lastAtSignIndex + 1)
|
|
3992
|
+
const fromSpec = `${name}@${fromVersion}`
|
|
3993
|
+
const fromPurl = `pkg:npm/${fromSpec}`
|
|
3932
3994
|
for (const {
|
|
3933
3995
|
firstPatchedVersionIdentifier,
|
|
3934
3996
|
vulnerableVersionRange
|
|
@@ -3940,27 +4002,32 @@ async function npmFix(
|
|
|
3940
4002
|
const node = shadowNpmInject.findPackageNode(
|
|
3941
4003
|
arb.idealTree,
|
|
3942
4004
|
name,
|
|
3943
|
-
|
|
4005
|
+
fromVersion
|
|
3944
4006
|
)
|
|
3945
4007
|
if (!node) {
|
|
3946
4008
|
continue
|
|
3947
4009
|
}
|
|
3948
|
-
const oldSpec = `${name}@${oldVersion}`
|
|
3949
4010
|
if (
|
|
3950
4011
|
!shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)
|
|
3951
4012
|
) {
|
|
3952
|
-
spinner?.failAndStop(`Could not patch ${
|
|
4013
|
+
spinner?.failAndStop(`Could not patch ${fromSpec}`)
|
|
3953
4014
|
return
|
|
3954
4015
|
}
|
|
3955
|
-
const
|
|
4016
|
+
const toVersion = node.package.version
|
|
4017
|
+
const toVersionRange = shadowNpmInject.applyRange(
|
|
4018
|
+
fromVersion,
|
|
4019
|
+
toVersion,
|
|
4020
|
+
rangeStyle
|
|
4021
|
+
)
|
|
4022
|
+
const toSpec = `${name}@${toVersionRange}`
|
|
3956
4023
|
let branch
|
|
3957
4024
|
let owner
|
|
3958
4025
|
let repo
|
|
3959
4026
|
let shouldOpenPr = false
|
|
3960
4027
|
// Lazily access constants.ENV[CI].
|
|
3961
4028
|
if (constants.ENV[CI$1]) {
|
|
3962
|
-
;({ owner, repo } =
|
|
3963
|
-
branch = getSocketBranchName(name,
|
|
4029
|
+
;({ owner, repo } = getGitHubEnvRepoInfo())
|
|
4030
|
+
branch = getSocketBranchName(name, toVersion)
|
|
3964
4031
|
// eslint-disable-next-line no-await-in-loop
|
|
3965
4032
|
shouldOpenPr = !(await doesPullRequestExistForBranch(
|
|
3966
4033
|
owner,
|
|
@@ -3968,7 +4035,6 @@ async function npmFix(
|
|
|
3968
4035
|
branch
|
|
3969
4036
|
))
|
|
3970
4037
|
}
|
|
3971
|
-
const fixSpec = `${name}@^${targetVersion}`
|
|
3972
4038
|
const revertData = {
|
|
3973
4039
|
...(editablePkgJson.content.dependencies
|
|
3974
4040
|
? {
|
|
@@ -3987,7 +4053,7 @@ async function npmFix(
|
|
|
3987
4053
|
}
|
|
3988
4054
|
: undefined)
|
|
3989
4055
|
}
|
|
3990
|
-
spinner?.info(`Installing ${
|
|
4056
|
+
spinner?.info(`Installing ${toSpec}`)
|
|
3991
4057
|
const baseBranch = getBaseBranch()
|
|
3992
4058
|
|
|
3993
4059
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -3999,7 +4065,7 @@ async function npmFix(
|
|
|
3999
4065
|
editablePkgJson,
|
|
4000
4066
|
arb.idealTree,
|
|
4001
4067
|
node,
|
|
4002
|
-
|
|
4068
|
+
toVersion,
|
|
4003
4069
|
rangeStyle
|
|
4004
4070
|
)
|
|
4005
4071
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4012,7 +4078,7 @@ async function npmFix(
|
|
|
4012
4078
|
})
|
|
4013
4079
|
installed = true
|
|
4014
4080
|
if (test) {
|
|
4015
|
-
spinner?.info(`Testing ${
|
|
4081
|
+
spinner?.info(`Testing ${toSpec}`)
|
|
4016
4082
|
// eslint-disable-next-line no-await-in-loop
|
|
4017
4083
|
await npm.runScript(testScript, [], {
|
|
4018
4084
|
spinner,
|
|
@@ -4022,7 +4088,7 @@ async function npmFix(
|
|
|
4022
4088
|
spinner?.successAndStop(`Fixed ${name}`)
|
|
4023
4089
|
spinner?.start()
|
|
4024
4090
|
} catch {
|
|
4025
|
-
spinner?.error(`Reverting ${
|
|
4091
|
+
spinner?.error(`Reverting ${toSpec}`)
|
|
4026
4092
|
if (saved) {
|
|
4027
4093
|
editablePkgJson.update(revertData)
|
|
4028
4094
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4034,35 +4100,29 @@ async function npmFix(
|
|
|
4034
4100
|
cwd
|
|
4035
4101
|
})
|
|
4036
4102
|
}
|
|
4037
|
-
spinner?.failAndStop(`Failed to fix ${
|
|
4103
|
+
spinner?.failAndStop(`Failed to fix ${fromSpec}`)
|
|
4038
4104
|
return
|
|
4039
4105
|
}
|
|
4040
4106
|
if (shouldOpenPr) {
|
|
4041
|
-
|
|
4042
|
-
|
|
4043
|
-
|
|
4044
|
-
|
|
4045
|
-
|
|
4046
|
-
|
|
4047
|
-
|
|
4048
|
-
|
|
4049
|
-
|
|
4050
|
-
|
|
4051
|
-
|
|
4052
|
-
|
|
4053
|
-
|
|
4054
|
-
|
|
4055
|
-
|
|
4107
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4108
|
+
await createAndPushBranchIfNeeded(
|
|
4109
|
+
branch,
|
|
4110
|
+
getSocketCommitMessage(fromPurl, toVersion),
|
|
4111
|
+
cwd
|
|
4112
|
+
)
|
|
4113
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4114
|
+
const prResponse = await openGitHubPullRequest(
|
|
4115
|
+
owner,
|
|
4116
|
+
repo,
|
|
4117
|
+
baseBranch,
|
|
4118
|
+
branch,
|
|
4119
|
+
fromPurl,
|
|
4120
|
+
toVersion,
|
|
4121
|
+
cwd
|
|
4122
|
+
)
|
|
4056
4123
|
if (prResponse && autoMerge) {
|
|
4057
|
-
|
|
4058
|
-
|
|
4059
|
-
await enableAutoMerge(prResponse.data)
|
|
4060
|
-
} catch (e) {
|
|
4061
|
-
logger.logger.error(
|
|
4062
|
-
'Failed to enable auto-merge in pull request',
|
|
4063
|
-
e
|
|
4064
|
-
)
|
|
4065
|
-
}
|
|
4124
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4125
|
+
await enableAutoMerge(prResponse.data)
|
|
4066
4126
|
}
|
|
4067
4127
|
}
|
|
4068
4128
|
}
|
|
@@ -4341,7 +4401,9 @@ async function pnpmFix(
|
|
|
4341
4401
|
for (const spec of specs) {
|
|
4342
4402
|
const lastAtSignIndex = spec.lastIndexOf('@')
|
|
4343
4403
|
const name = spec.slice(0, lastAtSignIndex)
|
|
4344
|
-
const
|
|
4404
|
+
const fromVersion = spec.slice(lastAtSignIndex + 1)
|
|
4405
|
+
const fromSpec = `${name}@${fromVersion}`
|
|
4406
|
+
const fromPurl = `pkg:npm/${fromSpec}`
|
|
4345
4407
|
for (const {
|
|
4346
4408
|
firstPatchedVersionIdentifier,
|
|
4347
4409
|
vulnerableVersionRange
|
|
@@ -4349,33 +4411,45 @@ async function pnpmFix(
|
|
|
4349
4411
|
const node = shadowNpmInject.findPackageNode(
|
|
4350
4412
|
actualTree,
|
|
4351
4413
|
name,
|
|
4352
|
-
|
|
4414
|
+
fromVersion
|
|
4353
4415
|
)
|
|
4354
4416
|
if (!node) {
|
|
4355
4417
|
continue
|
|
4356
4418
|
}
|
|
4357
|
-
const oldSpec = `${name}@${oldVersion}`
|
|
4358
4419
|
const availableVersions = Object.keys(packument.versions)
|
|
4359
|
-
const
|
|
4420
|
+
const toVersion = shadowNpmInject.findBestPatchVersion(
|
|
4360
4421
|
node,
|
|
4361
4422
|
availableVersions,
|
|
4362
4423
|
vulnerableVersionRange
|
|
4363
4424
|
)
|
|
4364
|
-
const targetPackument =
|
|
4365
|
-
? packument.versions[
|
|
4425
|
+
const targetPackument = toVersion
|
|
4426
|
+
? packument.versions[toVersion]
|
|
4366
4427
|
: undefined
|
|
4367
|
-
if (!(
|
|
4368
|
-
spinner?.failAndStop(`Could not patch ${
|
|
4428
|
+
if (!(toVersion && targetPackument)) {
|
|
4429
|
+
spinner?.failAndStop(`Could not patch ${fromSpec}`)
|
|
4369
4430
|
return
|
|
4370
4431
|
}
|
|
4432
|
+
const oldPnpm = editablePkgJson.content[PNPM$9]
|
|
4433
|
+
const oldPnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
|
|
4434
|
+
const oldOverrides = oldPnpm?.[OVERRIDES$2]
|
|
4435
|
+
const oldOverridesCount = oldOverrides
|
|
4436
|
+
? Object.keys(oldOverrides).length
|
|
4437
|
+
: 0
|
|
4438
|
+
const overrideKey = `${name}@${vulnerableVersionRange}`
|
|
4439
|
+
const toVersionRange = shadowNpmInject.applyRange(
|
|
4440
|
+
oldOverrides?.[overrideKey] ?? fromVersion,
|
|
4441
|
+
toVersion,
|
|
4442
|
+
rangeStyle
|
|
4443
|
+
)
|
|
4444
|
+
const toSpec = `${name}@${toVersionRange}`
|
|
4371
4445
|
let branch
|
|
4372
4446
|
let owner
|
|
4373
4447
|
let repo
|
|
4374
4448
|
let shouldOpenPr = false
|
|
4375
4449
|
// Lazily access constants.ENV[CI].
|
|
4376
4450
|
if (constants.ENV[CI]) {
|
|
4377
|
-
;({ owner, repo } =
|
|
4378
|
-
branch = getSocketBranchName(name,
|
|
4451
|
+
;({ owner, repo } = getGitHubEnvRepoInfo())
|
|
4452
|
+
branch = getSocketBranchName(name, toVersion)
|
|
4379
4453
|
// eslint-disable-next-line no-await-in-loop
|
|
4380
4454
|
shouldOpenPr = !(await doesPullRequestExistForBranch(
|
|
4381
4455
|
owner,
|
|
@@ -4383,24 +4457,11 @@ async function pnpmFix(
|
|
|
4383
4457
|
branch
|
|
4384
4458
|
))
|
|
4385
4459
|
}
|
|
4386
|
-
const oldPnpm = editablePkgJson.content[PNPM$9]
|
|
4387
|
-
const oldPnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
|
|
4388
|
-
const oldOverrides = oldPnpm?.[OVERRIDES$2]
|
|
4389
|
-
const oldOverridesCount = oldOverrides
|
|
4390
|
-
? Object.keys(oldOverrides).length
|
|
4391
|
-
: 0
|
|
4392
|
-
const overrideKey = `${node.name}@${vulnerableVersionRange}`
|
|
4393
|
-
const overrideRange = shadowNpmInject.applyRange(
|
|
4394
|
-
oldOverrides?.[overrideKey] ?? targetVersion,
|
|
4395
|
-
targetVersion,
|
|
4396
|
-
rangeStyle
|
|
4397
|
-
)
|
|
4398
|
-
const fixSpec = `${name}@${overrideRange}`
|
|
4399
4460
|
const updateData = {
|
|
4400
4461
|
[PNPM$9]: {
|
|
4401
4462
|
...oldPnpm,
|
|
4402
4463
|
[OVERRIDES$2]: {
|
|
4403
|
-
[overrideKey]:
|
|
4464
|
+
[overrideKey]: toVersionRange,
|
|
4404
4465
|
...oldOverrides
|
|
4405
4466
|
}
|
|
4406
4467
|
}
|
|
@@ -4435,7 +4496,7 @@ async function pnpmFix(
|
|
|
4435
4496
|
}
|
|
4436
4497
|
: undefined)
|
|
4437
4498
|
}
|
|
4438
|
-
spinner?.info(`Installing ${
|
|
4499
|
+
spinner?.info(`Installing ${toSpec}`)
|
|
4439
4500
|
const baseBranch = getBaseBranch()
|
|
4440
4501
|
|
|
4441
4502
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4448,7 +4509,7 @@ async function pnpmFix(
|
|
|
4448
4509
|
editablePkgJson,
|
|
4449
4510
|
actualTree,
|
|
4450
4511
|
node,
|
|
4451
|
-
|
|
4512
|
+
toVersion,
|
|
4452
4513
|
rangeStyle
|
|
4453
4514
|
)
|
|
4454
4515
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4461,7 +4522,7 @@ async function pnpmFix(
|
|
|
4461
4522
|
})
|
|
4462
4523
|
installed = true
|
|
4463
4524
|
if (test) {
|
|
4464
|
-
spinner?.info(`Testing ${
|
|
4525
|
+
spinner?.info(`Testing ${toSpec}`)
|
|
4465
4526
|
// eslint-disable-next-line no-await-in-loop
|
|
4466
4527
|
await npm.runScript(testScript, [], {
|
|
4467
4528
|
spinner,
|
|
@@ -4471,7 +4532,7 @@ async function pnpmFix(
|
|
|
4471
4532
|
spinner?.successAndStop(`Fixed ${name}`)
|
|
4472
4533
|
spinner?.start()
|
|
4473
4534
|
} catch (e) {
|
|
4474
|
-
spinner?.error(`Reverting ${
|
|
4535
|
+
spinner?.error(`Reverting ${toSpec}`, e)
|
|
4475
4536
|
if (saved) {
|
|
4476
4537
|
editablePkgJson.update(revertData)
|
|
4477
4538
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4483,41 +4544,29 @@ async function pnpmFix(
|
|
|
4483
4544
|
spinner
|
|
4484
4545
|
})
|
|
4485
4546
|
}
|
|
4486
|
-
spinner?.failAndStop(`Failed to fix ${
|
|
4547
|
+
spinner?.failAndStop(`Failed to fix ${fromSpec}`)
|
|
4487
4548
|
return
|
|
4488
4549
|
}
|
|
4489
4550
|
if (shouldOpenPr) {
|
|
4490
4551
|
// eslint-disable-next-line no-await-in-loop
|
|
4491
4552
|
await createAndPushBranchIfNeeded(
|
|
4492
4553
|
branch,
|
|
4493
|
-
|
|
4554
|
+
getSocketCommitMessage(fromPurl, toVersion),
|
|
4555
|
+
cwd
|
|
4556
|
+
)
|
|
4557
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4558
|
+
const prResponse = await openGitHubPullRequest(
|
|
4559
|
+
owner,
|
|
4560
|
+
repo,
|
|
4561
|
+
baseBranch,
|
|
4562
|
+
branch,
|
|
4563
|
+
fromPurl,
|
|
4564
|
+
toVersion,
|
|
4494
4565
|
cwd
|
|
4495
4566
|
)
|
|
4496
|
-
let prResponse
|
|
4497
|
-
try {
|
|
4498
|
-
// eslint-disable-next-line no-await-in-loop
|
|
4499
|
-
prResponse = await openGitHubPullRequest(
|
|
4500
|
-
owner,
|
|
4501
|
-
repo,
|
|
4502
|
-
baseBranch,
|
|
4503
|
-
branch,
|
|
4504
|
-
name,
|
|
4505
|
-
targetVersion,
|
|
4506
|
-
cwd
|
|
4507
|
-
)
|
|
4508
|
-
} catch (e) {
|
|
4509
|
-
logger.logger.error('Failed to open pull request', e)
|
|
4510
|
-
}
|
|
4511
4567
|
if (prResponse && autoMerge) {
|
|
4512
|
-
|
|
4513
|
-
|
|
4514
|
-
await enableAutoMerge(prResponse.data)
|
|
4515
|
-
} catch (e) {
|
|
4516
|
-
logger.logger.error(
|
|
4517
|
-
'Failed to enable auto-merge in pull request',
|
|
4518
|
-
e
|
|
4519
|
-
)
|
|
4520
|
-
}
|
|
4568
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4569
|
+
await enableAutoMerge(prResponse.data)
|
|
4521
4570
|
}
|
|
4522
4571
|
}
|
|
4523
4572
|
}
|
|
@@ -11439,7 +11488,7 @@ void (async () => {
|
|
|
11439
11488
|
await vendor.updater({
|
|
11440
11489
|
name: SOCKET_CLI_BIN_NAME,
|
|
11441
11490
|
// The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
|
|
11442
|
-
version: '0.14.
|
|
11491
|
+
version: '0.14.98',
|
|
11443
11492
|
ttl: 86_400_000 /* 24 hours in milliseconds */
|
|
11444
11493
|
})
|
|
11445
11494
|
try {
|
|
@@ -11507,5 +11556,5 @@ void (async () => {
|
|
|
11507
11556
|
await shadowNpmInject.captureException(e)
|
|
11508
11557
|
}
|
|
11509
11558
|
})()
|
|
11510
|
-
//# debugId=
|
|
11559
|
+
//# debugId=daa49c76-000e-474d-9135-b9bd3769de57
|
|
11511
11560
|
//# sourceMappingURL=cli.js.map
|