@socketsecurity/cli-with-sentry 0.15.34 → 0.15.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +161 -90
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/utils.js +12 -7
- package/dist/utils.js.map +1 -1
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -3667,44 +3667,70 @@ function getBaseGitBranch() {
|
|
|
3667
3667
|
// https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
|
|
3668
3668
|
'main';
|
|
3669
3669
|
}
|
|
3670
|
-
function getSocketBranchName(purl, newVersion,
|
|
3671
|
-
const purlObj =
|
|
3672
|
-
const
|
|
3673
|
-
const
|
|
3674
|
-
const
|
|
3675
|
-
|
|
3676
|
-
|
|
3677
|
-
|
|
3670
|
+
function getSocketBranchName(purl, newVersion, workspace) {
|
|
3671
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3672
|
+
const fmtType = formatBranchName(purlObj.type);
|
|
3673
|
+
const fmtWorkspace = workspace ? `${formatBranchName(workspace)}` : 'root';
|
|
3674
|
+
const fmtMaybeNamespace = purlObj.namespace ? `${formatBranchName(purlObj.namespace)}--` : '';
|
|
3675
|
+
const fmtFullName = `${fmtMaybeNamespace}${formatBranchName(purlObj.name)}`;
|
|
3676
|
+
const fmtVersion = formatBranchName(purlObj.version);
|
|
3677
|
+
const fmtNewVersion = formatBranchName(newVersion);
|
|
3678
|
+
return `socket/${fmtType}_${fmtWorkspace}_${fmtFullName}_${fmtVersion}_${fmtNewVersion}`;
|
|
3679
|
+
}
|
|
3680
|
+
function getSocketBranchPattern(options) {
|
|
3678
3681
|
const {
|
|
3682
|
+
newVersion,
|
|
3679
3683
|
purl,
|
|
3680
3684
|
workspace
|
|
3681
3685
|
} = {
|
|
3682
3686
|
__proto__: null,
|
|
3683
3687
|
...options
|
|
3684
3688
|
};
|
|
3685
|
-
const purlObj = purl ?
|
|
3686
|
-
const
|
|
3687
|
-
const
|
|
3688
|
-
const
|
|
3689
|
-
|
|
3690
|
-
|
|
3691
|
-
|
|
3692
|
-
|
|
3693
|
-
|
|
3694
|
-
|
|
3695
|
-
|
|
3696
|
-
|
|
3697
|
-
|
|
3698
|
-
|
|
3699
|
-
|
|
3700
|
-
|
|
3701
|
-
|
|
3702
|
-
|
|
3703
|
-
|
|
3704
|
-
|
|
3705
|
-
|
|
3706
|
-
|
|
3707
|
-
|
|
3689
|
+
const purlObj = purl ? utils.getPurlObject(purl) : null;
|
|
3690
|
+
const escType = purlObj ? regexps.escapeRegExp(purlObj.type) : '[^_]+';
|
|
3691
|
+
const escWorkspace = workspace ? `${regexps.escapeRegExp(formatBranchName(workspace))}` : 'root';
|
|
3692
|
+
const escMaybeNamespace = purlObj?.namespace ? `${regexps.escapeRegExp(formatBranchName(purlObj.namespace))}--` : '';
|
|
3693
|
+
const escFullName = purlObj ? `${escMaybeNamespace}${regexps.escapeRegExp(formatBranchName(purlObj.name))}` : '[^_]+';
|
|
3694
|
+
const escVersion = purlObj ? regexps.escapeRegExp(formatBranchName(purlObj.version)) : '[^_]+';
|
|
3695
|
+
const escNewVersion = newVersion ? regexps.escapeRegExp(formatBranchName(newVersion)) : '[^_]+';
|
|
3696
|
+
return new RegExp(`^socket/(${escType})_(${escWorkspace})_(${escFullName})_(${escVersion})_(${escNewVersion})$`);
|
|
3697
|
+
}
|
|
3698
|
+
function createSocketBranchParser(options) {
|
|
3699
|
+
const pattern = getSocketBranchPattern(options);
|
|
3700
|
+
return function parse(branch) {
|
|
3701
|
+
const match = pattern.exec(branch);
|
|
3702
|
+
if (!match) {
|
|
3703
|
+
return null;
|
|
3704
|
+
}
|
|
3705
|
+
const {
|
|
3706
|
+
0: type,
|
|
3707
|
+
1: workspace,
|
|
3708
|
+
2: fullName,
|
|
3709
|
+
3: version,
|
|
3710
|
+
4: newVersion
|
|
3711
|
+
} = match;
|
|
3712
|
+
return {
|
|
3713
|
+
newVersion,
|
|
3714
|
+
purl: utils.getPurlObject(`pkg:${type}/${fullName}@${version}`),
|
|
3715
|
+
workspace
|
|
3716
|
+
};
|
|
3717
|
+
};
|
|
3718
|
+
}
|
|
3719
|
+
function getSocketPullRequestTitle(purl, newVersion, workspace) {
|
|
3720
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3721
|
+
const fullName = utils.getPkgFullNameFromPurlObj(purlObj);
|
|
3722
|
+
return `Bump ${fullName} from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}`;
|
|
3723
|
+
}
|
|
3724
|
+
function getSocketPullRequestBody(purl, newVersion, workspace) {
|
|
3725
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3726
|
+
const fullName = utils.getPkgFullNameFromPurlObj(purlObj);
|
|
3727
|
+
const pkgOverviewUrl = utils.getSocketDevPackageOverviewUrlFromPurl(purlObj);
|
|
3728
|
+
return `Bump [${fullName}](${pkgOverviewUrl}) from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}.`;
|
|
3729
|
+
}
|
|
3730
|
+
function getSocketCommitMessage(purl, newVersion, workspace) {
|
|
3731
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3732
|
+
const fullName = utils.getPkgFullNameFromPurlObj(purlObj);
|
|
3733
|
+
return `socket: Bump ${fullName} from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}`;
|
|
3708
3734
|
}
|
|
3709
3735
|
async function gitCleanFdx(cwd = process.cwd()) {
|
|
3710
3736
|
const stdioIgnoreOptions = {
|
|
@@ -3819,9 +3845,15 @@ async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
|
|
|
3819
3845
|
let _octokit;
|
|
3820
3846
|
function getOctokit() {
|
|
3821
3847
|
if (_octokit === undefined) {
|
|
3848
|
+
// Lazily access constants.ENV.SOCKET_CLI_GITHUB_TOKEN.
|
|
3849
|
+
const {
|
|
3850
|
+
SOCKET_CLI_GITHUB_TOKEN
|
|
3851
|
+
} = constants.ENV;
|
|
3852
|
+
if (!SOCKET_CLI_GITHUB_TOKEN) {
|
|
3853
|
+
debug.debugFn('miss: SOCKET_CLI_GITHUB_TOKEN env var');
|
|
3854
|
+
}
|
|
3822
3855
|
_octokit = new vendor.Octokit({
|
|
3823
|
-
|
|
3824
|
-
auth: constants.ENV.SOCKET_CLI_GITHUB_TOKEN
|
|
3856
|
+
auth: SOCKET_CLI_GITHUB_TOKEN
|
|
3825
3857
|
});
|
|
3826
3858
|
}
|
|
3827
3859
|
return _octokit;
|
|
@@ -3829,10 +3861,16 @@ function getOctokit() {
|
|
|
3829
3861
|
let _octokitGraphql;
|
|
3830
3862
|
function getOctokitGraphql() {
|
|
3831
3863
|
if (!_octokitGraphql) {
|
|
3864
|
+
// Lazily access constants.ENV.SOCKET_CLI_GITHUB_TOKEN.
|
|
3865
|
+
const {
|
|
3866
|
+
SOCKET_CLI_GITHUB_TOKEN
|
|
3867
|
+
} = constants.ENV;
|
|
3868
|
+
if (!SOCKET_CLI_GITHUB_TOKEN) {
|
|
3869
|
+
debug.debugFn('miss: SOCKET_CLI_GITHUB_TOKEN env var');
|
|
3870
|
+
}
|
|
3832
3871
|
_octokitGraphql = vendor.graphql2.defaults({
|
|
3833
3872
|
headers: {
|
|
3834
|
-
|
|
3835
|
-
authorization: `token ${constants.ENV.SOCKET_CLI_GITHUB_TOKEN}`
|
|
3873
|
+
authorization: `token ${SOCKET_CLI_GITHUB_TOKEN}`
|
|
3836
3874
|
}
|
|
3837
3875
|
});
|
|
3838
3876
|
}
|
|
@@ -3878,25 +3916,30 @@ async function writeCache(key, data) {
|
|
|
3878
3916
|
}
|
|
3879
3917
|
await fs$2.writeJson(cacheJsonPath, data);
|
|
3880
3918
|
}
|
|
3881
|
-
async function cleanupOpenPrs(owner, repo,
|
|
3919
|
+
async function cleanupOpenPrs(owner, repo, options) {
|
|
3882
3920
|
const contextualMatches = await getOpenSocketPrsWithContext(owner, repo, options);
|
|
3883
3921
|
if (!contextualMatches.length) {
|
|
3884
3922
|
return [];
|
|
3885
3923
|
}
|
|
3886
3924
|
const cachesToSave = new Map();
|
|
3925
|
+
const {
|
|
3926
|
+
newVersion
|
|
3927
|
+
} = {
|
|
3928
|
+
__proto__: null,
|
|
3929
|
+
...options
|
|
3930
|
+
};
|
|
3887
3931
|
const octokit = getOctokit();
|
|
3888
3932
|
const settledMatches = await Promise.allSettled(contextualMatches.map(async ({
|
|
3889
3933
|
context,
|
|
3890
3934
|
match
|
|
3891
3935
|
}) => {
|
|
3892
3936
|
const {
|
|
3937
|
+
newVersion: prToVersion,
|
|
3893
3938
|
number: prNum
|
|
3894
3939
|
} = match;
|
|
3895
3940
|
const prRef = `PR #${prNum}`;
|
|
3896
|
-
const prToVersionText = /(?<= to )\S+/.exec(match.title)?.[0];
|
|
3897
|
-
const prToVersion = vendor.semverExports.coerce(prToVersionText);
|
|
3898
3941
|
// Close older PRs.
|
|
3899
|
-
if (prToVersion && vendor.semverExports.lt(prToVersion, newVersion)) {
|
|
3942
|
+
if (prToVersion && newVersion && vendor.semverExports.lt(prToVersion, newVersion)) {
|
|
3900
3943
|
try {
|
|
3901
3944
|
await octokit.pulls.update({
|
|
3902
3945
|
owner,
|
|
@@ -3911,7 +3954,7 @@ async function cleanupOpenPrs(owner, repo, newVersion, options) {
|
|
|
3911
3954
|
cachesToSave.set(context.cacheKey, context.data);
|
|
3912
3955
|
return null;
|
|
3913
3956
|
} catch (e) {
|
|
3914
|
-
debug.debugFn(`fail: close ${prRef}\n`, e?.message || 'unknown error');
|
|
3957
|
+
debug.debugFn(`fail: close ${prRef} for ${prToVersion}\n`, e?.message || 'unknown error');
|
|
3915
3958
|
}
|
|
3916
3959
|
}
|
|
3917
3960
|
// Update stale PRs.
|
|
@@ -3990,9 +4033,15 @@ async function enablePrAutoMerge({
|
|
|
3990
4033
|
enabled: false
|
|
3991
4034
|
};
|
|
3992
4035
|
}
|
|
3993
|
-
function
|
|
4036
|
+
function getGithubEnvRepoInfo() {
|
|
3994
4037
|
// Lazily access constants.ENV.GITHUB_REPOSITORY.
|
|
3995
|
-
const
|
|
4038
|
+
const {
|
|
4039
|
+
GITHUB_REPOSITORY
|
|
4040
|
+
} = constants.ENV;
|
|
4041
|
+
if (!GITHUB_REPOSITORY) {
|
|
4042
|
+
debug.debugFn('miss: GITHUB_REPOSITORY env var');
|
|
4043
|
+
}
|
|
4044
|
+
const ownerSlashRepo = GITHUB_REPOSITORY;
|
|
3996
4045
|
const slashIndex = ownerSlashRepo.indexOf('/');
|
|
3997
4046
|
if (slashIndex === -1) {
|
|
3998
4047
|
return null;
|
|
@@ -4016,7 +4065,7 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4016
4065
|
const checkAuthor = strings.isNonEmptyString(author);
|
|
4017
4066
|
const octokit = getOctokit();
|
|
4018
4067
|
const octokitGraphql = getOctokitGraphql();
|
|
4019
|
-
const
|
|
4068
|
+
const prBranchParser = createSocketBranchParser(options);
|
|
4020
4069
|
const contextualMatches = [];
|
|
4021
4070
|
try {
|
|
4022
4071
|
// Optimistically fetch only the first 50 open PRs using GraphQL to minimize
|
|
@@ -4050,7 +4099,8 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4050
4099
|
const node = nodes[i];
|
|
4051
4100
|
const login = node.author?.login;
|
|
4052
4101
|
const matchesAuthor = checkAuthor ? login === author : true;
|
|
4053
|
-
|
|
4102
|
+
const matchesBranch = prBranchParser(node.headRefName);
|
|
4103
|
+
if (matchesAuthor && matchesBranch) {
|
|
4054
4104
|
contextualMatches.push({
|
|
4055
4105
|
context: {
|
|
4056
4106
|
apiType: 'graphql',
|
|
@@ -4062,6 +4112,7 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4062
4112
|
},
|
|
4063
4113
|
match: {
|
|
4064
4114
|
...node,
|
|
4115
|
+
...matchesBranch,
|
|
4065
4116
|
author: login ?? '<unknown>'
|
|
4066
4117
|
}
|
|
4067
4118
|
});
|
|
@@ -4092,7 +4143,8 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4092
4143
|
const pr = allOpenPrs[i];
|
|
4093
4144
|
const login = pr.user?.login;
|
|
4094
4145
|
const matchesAuthor = checkAuthor ? login === author : true;
|
|
4095
|
-
|
|
4146
|
+
const matchesBranch = prBranchParser(pr.head.ref);
|
|
4147
|
+
if (matchesAuthor && matchesBranch) {
|
|
4096
4148
|
contextualMatches.push({
|
|
4097
4149
|
context: {
|
|
4098
4150
|
apiType: 'rest',
|
|
@@ -4103,6 +4155,7 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4103
4155
|
parent: allOpenPrs
|
|
4104
4156
|
},
|
|
4105
4157
|
match: {
|
|
4158
|
+
...matchesBranch,
|
|
4106
4159
|
author: login ?? '<unknown>',
|
|
4107
4160
|
baseRefName: pr.base.ref,
|
|
4108
4161
|
headRefName: pr.head.ref,
|
|
@@ -4130,15 +4183,16 @@ async function openPr(owner, repo, branch, purl, newVersion, options) {
|
|
|
4130
4183
|
debug.debugFn('miss: GITHUB_ACTIONS env var');
|
|
4131
4184
|
return null;
|
|
4132
4185
|
}
|
|
4186
|
+
const purlObj = utils.getPurlObject(purl);
|
|
4133
4187
|
const octokit = getOctokit();
|
|
4134
4188
|
try {
|
|
4135
4189
|
return await octokit.pulls.create({
|
|
4136
4190
|
owner,
|
|
4137
4191
|
repo,
|
|
4138
|
-
title: getSocketPullRequestTitle(
|
|
4192
|
+
title: getSocketPullRequestTitle(purlObj, newVersion, workspace),
|
|
4139
4193
|
head: branch,
|
|
4140
4194
|
base: baseBranch,
|
|
4141
|
-
body: getSocketPullRequestBody(
|
|
4195
|
+
body: getSocketPullRequestBody(purlObj, newVersion, workspace)
|
|
4142
4196
|
});
|
|
4143
4197
|
} catch (e) {
|
|
4144
4198
|
let message = `Failed to open pull request`;
|
|
@@ -4167,7 +4221,7 @@ async function prExistForBranch(owner, repo, branch) {
|
|
|
4167
4221
|
} catch {}
|
|
4168
4222
|
return false;
|
|
4169
4223
|
}
|
|
4170
|
-
async function
|
|
4224
|
+
async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()) {
|
|
4171
4225
|
const stdioIgnoreOptions = {
|
|
4172
4226
|
cwd,
|
|
4173
4227
|
stdio: 'ignore'
|
|
@@ -4240,15 +4294,17 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4240
4294
|
const gitUser = constants.ENV.SOCKET_CLI_GIT_USER_NAME;
|
|
4241
4295
|
const githubToken = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
|
|
4242
4296
|
const isCi = !!(constants.ENV.CI && constants.ENV.GITHUB_ACTIONS && constants.ENV.GITHUB_REPOSITORY && gitEmail && gitUser && githubToken);
|
|
4297
|
+
const repoInfo = isCi ? getGithubEnvRepoInfo() : null;
|
|
4243
4298
|
spinner?.start();
|
|
4244
|
-
|
|
4245
|
-
|
|
4246
|
-
|
|
4247
|
-
|
|
4248
|
-
|
|
4249
|
-
|
|
4250
|
-
})
|
|
4251
|
-
}
|
|
4299
|
+
const openPrs =
|
|
4300
|
+
// Check repoInfo to make TypeScript happy.
|
|
4301
|
+
isCi && repoInfo ? await getOpenSocketPrs(repoInfo.owner, repoInfo.repo, {
|
|
4302
|
+
author: gitUser
|
|
4303
|
+
}) : [];
|
|
4304
|
+
if (openPrs.length) {
|
|
4305
|
+
debug.debugFn(`found: ${openPrs.length} open PRs`);
|
|
4306
|
+
}
|
|
4307
|
+
let count = isCi ? openPrs.length : 0;
|
|
4252
4308
|
const arb = new shadowInject.Arborist({
|
|
4253
4309
|
path: rootPath,
|
|
4254
4310
|
...shadowInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
|
|
@@ -4259,9 +4315,9 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4259
4315
|
let alertsMap;
|
|
4260
4316
|
try {
|
|
4261
4317
|
alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertsMapOptions({
|
|
4262
|
-
limit
|
|
4318
|
+
limit: limit + openPrs.length
|
|
4263
4319
|
})) : await shadowInject.getAlertsMapFromArborist(arb, getAlertsMapOptions({
|
|
4264
|
-
limit
|
|
4320
|
+
limit: limit + openPrs.length
|
|
4265
4321
|
}));
|
|
4266
4322
|
} catch (e) {
|
|
4267
4323
|
spinner?.stop();
|
|
@@ -4273,7 +4329,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4273
4329
|
};
|
|
4274
4330
|
}
|
|
4275
4331
|
const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
|
|
4276
|
-
limit
|
|
4332
|
+
limit: limit + openPrs.length
|
|
4277
4333
|
});
|
|
4278
4334
|
if (!infoByPkgName) {
|
|
4279
4335
|
spinner?.stop();
|
|
@@ -4306,10 +4362,15 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4306
4362
|
length
|
|
4307
4363
|
} = sortedInfoEntries; i < length; i += 1) {
|
|
4308
4364
|
const isLastInfoEntry = i === length - 1;
|
|
4365
|
+
const infoEntry = sortedInfoEntries[i];
|
|
4309
4366
|
const {
|
|
4310
|
-
0: name
|
|
4311
|
-
|
|
4312
|
-
|
|
4367
|
+
0: name
|
|
4368
|
+
} = infoEntry;
|
|
4369
|
+
const openPrsForPkg = openPrs.filter(pr => name === packages.resolvePackageName(pr.purl));
|
|
4370
|
+
const infos = [...infoEntry[1].values()].filter(info => !openPrsForPkg.find(pr => pr.newVersion === info.firstPatchedVersionIdentifier));
|
|
4371
|
+
if (!infos.length) {
|
|
4372
|
+
continue infoEntriesLoop;
|
|
4373
|
+
}
|
|
4313
4374
|
logger.logger.log(`Processing vulns for ${name}:`);
|
|
4314
4375
|
logger.logger.indent();
|
|
4315
4376
|
spinner?.indent();
|
|
@@ -4447,7 +4508,9 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4447
4508
|
error = e;
|
|
4448
4509
|
}
|
|
4449
4510
|
spinner?.stop();
|
|
4450
|
-
|
|
4511
|
+
|
|
4512
|
+
// Check repoInfo to make TypeScript happy.
|
|
4513
|
+
if (!errored && isCi && repoInfo) {
|
|
4451
4514
|
try {
|
|
4452
4515
|
// eslint-disable-next-line no-await-in-loop
|
|
4453
4516
|
const result = await gitUnstagedModifiedFiles(cwd);
|
|
@@ -4503,7 +4566,8 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4503
4566
|
}
|
|
4504
4567
|
|
|
4505
4568
|
// eslint-disable-next-line no-await-in-loop
|
|
4506
|
-
await Promise.allSettled([
|
|
4569
|
+
await Promise.allSettled([setGitRemoteGithubRepoUrl(repoInfo.owner, repoInfo.repo, githubToken, cwd), cleanupOpenPrs(repoInfo.owner, repoInfo.repo, {
|
|
4570
|
+
newVersion,
|
|
4507
4571
|
purl: oldPurl,
|
|
4508
4572
|
workspace
|
|
4509
4573
|
})]);
|
|
@@ -4670,15 +4734,17 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4670
4734
|
const gitUser = constants.ENV.SOCKET_CLI_GIT_USER_NAME;
|
|
4671
4735
|
const githubToken = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
|
|
4672
4736
|
const isCi = !!(constants.ENV.CI && constants.ENV.GITHUB_ACTIONS && constants.ENV.GITHUB_REPOSITORY && gitEmail && gitUser && githubToken);
|
|
4737
|
+
const repoInfo = isCi ? getGithubEnvRepoInfo() : null;
|
|
4673
4738
|
spinner?.start();
|
|
4674
|
-
|
|
4675
|
-
|
|
4676
|
-
|
|
4677
|
-
|
|
4678
|
-
|
|
4679
|
-
|
|
4680
|
-
})
|
|
4681
|
-
}
|
|
4739
|
+
const openPrs =
|
|
4740
|
+
// Check repoInfo to make TypeScript happy.
|
|
4741
|
+
isCi && repoInfo ? await getOpenSocketPrs(repoInfo.owner, repoInfo.repo, {
|
|
4742
|
+
author: gitUser
|
|
4743
|
+
}) : [];
|
|
4744
|
+
if (openPrs.length) {
|
|
4745
|
+
debug.debugFn(`found: ${openPrs.length} open PRs`);
|
|
4746
|
+
}
|
|
4747
|
+
let count = isCi ? openPrs.length : 0;
|
|
4682
4748
|
let actualTree;
|
|
4683
4749
|
const lockfilePath = path.join(rootPath, 'pnpm-lock.yaml');
|
|
4684
4750
|
let lockfileContent = await utils.readPnpmLockfile(lockfilePath);
|
|
@@ -4727,9 +4793,9 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4727
4793
|
let alertsMap;
|
|
4728
4794
|
try {
|
|
4729
4795
|
alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertsMapOptions({
|
|
4730
|
-
limit
|
|
4796
|
+
limit: limit + openPrs.length
|
|
4731
4797
|
})) : await utils.getAlertsMapFromPnpmLockfile(lockfile, getAlertsMapOptions({
|
|
4732
|
-
limit
|
|
4798
|
+
limit: limit + openPrs.length
|
|
4733
4799
|
}));
|
|
4734
4800
|
} catch (e) {
|
|
4735
4801
|
spinner?.stop();
|
|
@@ -4741,7 +4807,7 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4741
4807
|
};
|
|
4742
4808
|
}
|
|
4743
4809
|
const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
|
|
4744
|
-
limit
|
|
4810
|
+
limit: limit + openPrs.length
|
|
4745
4811
|
});
|
|
4746
4812
|
if (!infoByPkgName) {
|
|
4747
4813
|
spinner?.stop();
|
|
@@ -4773,10 +4839,15 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4773
4839
|
length
|
|
4774
4840
|
} = sortedInfoEntries; i < length; i += 1) {
|
|
4775
4841
|
const isLastInfoEntry = i === length - 1;
|
|
4842
|
+
const infoEntry = sortedInfoEntries[i];
|
|
4776
4843
|
const {
|
|
4777
|
-
0: name
|
|
4778
|
-
|
|
4779
|
-
|
|
4844
|
+
0: name
|
|
4845
|
+
} = infoEntry;
|
|
4846
|
+
const openPrsForPkg = openPrs.filter(pr => name === packages.resolvePackageName(pr.purl));
|
|
4847
|
+
const infos = [...infoEntry[1].values()].filter(info => !openPrsForPkg.find(pr => pr.newVersion === info.firstPatchedVersionIdentifier));
|
|
4848
|
+
if (!infos.length) {
|
|
4849
|
+
continue infoEntriesLoop;
|
|
4850
|
+
}
|
|
4780
4851
|
logger.logger.log(`Processing vulns for ${name}:`);
|
|
4781
4852
|
logger.logger.indent();
|
|
4782
4853
|
spinner?.indent();
|
|
@@ -4985,7 +5056,9 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4985
5056
|
errored = true;
|
|
4986
5057
|
}
|
|
4987
5058
|
spinner?.stop();
|
|
4988
|
-
|
|
5059
|
+
|
|
5060
|
+
// Check repoInfo to make TypeScript happy.
|
|
5061
|
+
if (!errored && isCi && repoInfo) {
|
|
4989
5062
|
try {
|
|
4990
5063
|
// eslint-disable-next-line no-await-in-loop
|
|
4991
5064
|
const result = await gitUnstagedModifiedFiles(cwd);
|
|
@@ -5044,7 +5117,8 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
5044
5117
|
}
|
|
5045
5118
|
|
|
5046
5119
|
// eslint-disable-next-line no-await-in-loop
|
|
5047
|
-
await Promise.allSettled([
|
|
5120
|
+
await Promise.allSettled([setGitRemoteGithubRepoUrl(repoInfo.owner, repoInfo.repo, githubToken, cwd), cleanupOpenPrs(repoInfo.owner, repoInfo.repo, {
|
|
5121
|
+
newVersion,
|
|
5048
5122
|
purl: oldPurl,
|
|
5049
5123
|
workspace
|
|
5050
5124
|
})]);
|
|
@@ -11324,7 +11398,7 @@ async function createScanFromGithub({
|
|
|
11324
11398
|
scansCreated += 1;
|
|
11325
11399
|
}
|
|
11326
11400
|
}
|
|
11327
|
-
logger.logger.success(targetRepos.length, '
|
|
11401
|
+
logger.logger.success(targetRepos.length, 'GitHub repos detected');
|
|
11328
11402
|
logger.logger.success(scansCreated, 'with supported Manifest files');
|
|
11329
11403
|
return {
|
|
11330
11404
|
ok: true,
|
|
@@ -11373,11 +11447,11 @@ async function scanOneRepo(repoSlug, {
|
|
|
11373
11447
|
} = repoResult.data;
|
|
11374
11448
|
logger.logger.info(`Default branch: \`${defaultBranch}\``);
|
|
11375
11449
|
const treeResult = await getRepoBranchTree({
|
|
11450
|
+
defaultBranch,
|
|
11451
|
+
githubToken,
|
|
11376
11452
|
orgGithub,
|
|
11377
11453
|
repoSlug,
|
|
11378
|
-
repoApiUrl
|
|
11379
|
-
defaultBranch,
|
|
11380
|
-
githubToken
|
|
11454
|
+
repoApiUrl
|
|
11381
11455
|
});
|
|
11382
11456
|
if (!treeResult.ok) {
|
|
11383
11457
|
return treeResult;
|
|
@@ -11555,26 +11629,23 @@ async function downloadManifestFile({
|
|
|
11555
11629
|
downloadUrl = JSON.parse(downloadUrlText).download_url;
|
|
11556
11630
|
} catch {
|
|
11557
11631
|
logger.logger.fail(`GitHub response contained invalid JSON for download url for: ${file}`);
|
|
11558
|
-
debug.debugFn('content: raw (not JSON)', downloadUrlText);
|
|
11559
11632
|
return {
|
|
11560
11633
|
ok: false,
|
|
11561
11634
|
message: 'Invalid JSON response',
|
|
11562
11635
|
cause: `Server responded with invalid JSON for download url ${downloadUrl}`
|
|
11563
11636
|
};
|
|
11564
11637
|
}
|
|
11565
|
-
debug.debugFn('download: manifest file');
|
|
11566
11638
|
const localPath = path.join(tmpDir, file);
|
|
11567
|
-
debug.debugFn('download:', downloadUrl, '->', localPath);
|
|
11639
|
+
debug.debugFn('download: manifest file started', downloadUrl, '->', localPath);
|
|
11568
11640
|
|
|
11569
11641
|
// Now stream the file to that file...
|
|
11570
|
-
|
|
11571
11642
|
const result = await streamDownloadWithFetch(localPath, downloadUrl);
|
|
11572
11643
|
if (!result.ok) {
|
|
11573
11644
|
// Do we proceed? Bail? Hrm...
|
|
11574
11645
|
logger.logger.fail(`Failed to download manifest file, skipping to next file. File: ${file}`);
|
|
11575
11646
|
return result;
|
|
11576
11647
|
}
|
|
11577
|
-
debug.
|
|
11648
|
+
debug.debugFn('download: manifest file completed');
|
|
11578
11649
|
return {
|
|
11579
11650
|
ok: true,
|
|
11580
11651
|
data: undefined
|
|
@@ -13605,5 +13676,5 @@ void (async () => {
|
|
|
13605
13676
|
await utils.captureException(e);
|
|
13606
13677
|
}
|
|
13607
13678
|
})();
|
|
13608
|
-
//# debugId=
|
|
13679
|
+
//# debugId=563527a7-7f37-46a5-b38a-7455caa4e1aa
|
|
13609
13680
|
//# sourceMappingURL=cli.js.map
|