@socketsecurity/cli-with-sentry 0.15.34 → 0.15.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +165 -90
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/utils.js +12 -7
- package/dist/utils.js.map +1 -1
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -3667,44 +3667,70 @@ function getBaseGitBranch() {
|
|
|
3667
3667
|
// https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
|
|
3668
3668
|
'main';
|
|
3669
3669
|
}
|
|
3670
|
-
function getSocketBranchName(purl, newVersion,
|
|
3671
|
-
const purlObj =
|
|
3672
|
-
const
|
|
3673
|
-
const
|
|
3674
|
-
const
|
|
3675
|
-
|
|
3676
|
-
|
|
3677
|
-
|
|
3670
|
+
function getSocketBranchName(purl, newVersion, workspace) {
|
|
3671
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3672
|
+
const fmtType = formatBranchName(purlObj.type);
|
|
3673
|
+
const fmtWorkspace = workspace ? `${formatBranchName(workspace)}` : 'root';
|
|
3674
|
+
const fmtMaybeNamespace = purlObj.namespace ? `${formatBranchName(purlObj.namespace)}--` : '';
|
|
3675
|
+
const fmtFullName = `${fmtMaybeNamespace}${formatBranchName(purlObj.name)}`;
|
|
3676
|
+
const fmtVersion = formatBranchName(purlObj.version);
|
|
3677
|
+
const fmtNewVersion = formatBranchName(newVersion);
|
|
3678
|
+
return `socket/${fmtType}_${fmtWorkspace}_${fmtFullName}_${fmtVersion}_${fmtNewVersion}`;
|
|
3679
|
+
}
|
|
3680
|
+
function getSocketBranchPattern(options) {
|
|
3678
3681
|
const {
|
|
3682
|
+
newVersion,
|
|
3679
3683
|
purl,
|
|
3680
3684
|
workspace
|
|
3681
3685
|
} = {
|
|
3682
3686
|
__proto__: null,
|
|
3683
3687
|
...options
|
|
3684
3688
|
};
|
|
3685
|
-
const purlObj = purl ?
|
|
3686
|
-
const
|
|
3687
|
-
const
|
|
3688
|
-
const
|
|
3689
|
-
|
|
3690
|
-
|
|
3691
|
-
|
|
3692
|
-
|
|
3693
|
-
|
|
3694
|
-
|
|
3695
|
-
|
|
3696
|
-
|
|
3697
|
-
|
|
3698
|
-
|
|
3699
|
-
|
|
3700
|
-
|
|
3701
|
-
|
|
3702
|
-
|
|
3703
|
-
|
|
3704
|
-
|
|
3705
|
-
|
|
3706
|
-
|
|
3707
|
-
|
|
3689
|
+
const purlObj = purl ? utils.getPurlObject(purl) : null;
|
|
3690
|
+
const escType = purlObj ? regexps.escapeRegExp(purlObj.type) : '[^_]+';
|
|
3691
|
+
const escWorkspace = workspace ? `${regexps.escapeRegExp(formatBranchName(workspace))}` : 'root';
|
|
3692
|
+
const escMaybeNamespace = purlObj?.namespace ? `${regexps.escapeRegExp(formatBranchName(purlObj.namespace))}--` : '';
|
|
3693
|
+
const escFullName = purlObj ? `${escMaybeNamespace}${regexps.escapeRegExp(formatBranchName(purlObj.name))}` : '[^_]+';
|
|
3694
|
+
const escVersion = purlObj ? regexps.escapeRegExp(formatBranchName(purlObj.version)) : '[^_]+';
|
|
3695
|
+
const escNewVersion = newVersion ? regexps.escapeRegExp(formatBranchName(newVersion)) : '[^_]+';
|
|
3696
|
+
return new RegExp(`^socket/(${escType})_(${escWorkspace})_(${escFullName})_(${escVersion})_(${escNewVersion})$`);
|
|
3697
|
+
}
|
|
3698
|
+
function createSocketBranchParser(options) {
|
|
3699
|
+
const pattern = getSocketBranchPattern(options);
|
|
3700
|
+
return function parse(branch) {
|
|
3701
|
+
const match = pattern.exec(branch);
|
|
3702
|
+
if (!match) {
|
|
3703
|
+
return null;
|
|
3704
|
+
}
|
|
3705
|
+
const {
|
|
3706
|
+
0: type,
|
|
3707
|
+
1: workspace,
|
|
3708
|
+
2: fullName,
|
|
3709
|
+
3: version,
|
|
3710
|
+
4: newVersion
|
|
3711
|
+
} = match;
|
|
3712
|
+
return {
|
|
3713
|
+
newVersion,
|
|
3714
|
+
purl: utils.getPurlObject(`pkg:${type}/${fullName}@${version}`),
|
|
3715
|
+
workspace
|
|
3716
|
+
};
|
|
3717
|
+
};
|
|
3718
|
+
}
|
|
3719
|
+
function getSocketPullRequestTitle(purl, newVersion, workspace) {
|
|
3720
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3721
|
+
const fullName = utils.getPkgFullNameFromPurlObj(purlObj);
|
|
3722
|
+
return `Bump ${fullName} from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}`;
|
|
3723
|
+
}
|
|
3724
|
+
function getSocketPullRequestBody(purl, newVersion, workspace) {
|
|
3725
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3726
|
+
const fullName = utils.getPkgFullNameFromPurlObj(purlObj);
|
|
3727
|
+
const pkgOverviewUrl = utils.getSocketDevPackageOverviewUrlFromPurl(purlObj);
|
|
3728
|
+
return `Bump [${fullName}](${pkgOverviewUrl}) from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}.`;
|
|
3729
|
+
}
|
|
3730
|
+
function getSocketCommitMessage(purl, newVersion, workspace) {
|
|
3731
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3732
|
+
const fullName = utils.getPkgFullNameFromPurlObj(purlObj);
|
|
3733
|
+
return `socket: Bump ${fullName} from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}`;
|
|
3708
3734
|
}
|
|
3709
3735
|
async function gitCleanFdx(cwd = process.cwd()) {
|
|
3710
3736
|
const stdioIgnoreOptions = {
|
|
@@ -3819,9 +3845,15 @@ async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
|
|
|
3819
3845
|
let _octokit;
|
|
3820
3846
|
function getOctokit() {
|
|
3821
3847
|
if (_octokit === undefined) {
|
|
3848
|
+
// Lazily access constants.ENV.SOCKET_CLI_GITHUB_TOKEN.
|
|
3849
|
+
const {
|
|
3850
|
+
SOCKET_CLI_GITHUB_TOKEN
|
|
3851
|
+
} = constants.ENV;
|
|
3852
|
+
if (!SOCKET_CLI_GITHUB_TOKEN) {
|
|
3853
|
+
debug.debugFn('miss: SOCKET_CLI_GITHUB_TOKEN env var');
|
|
3854
|
+
}
|
|
3822
3855
|
_octokit = new vendor.Octokit({
|
|
3823
|
-
|
|
3824
|
-
auth: constants.ENV.SOCKET_CLI_GITHUB_TOKEN
|
|
3856
|
+
auth: SOCKET_CLI_GITHUB_TOKEN
|
|
3825
3857
|
});
|
|
3826
3858
|
}
|
|
3827
3859
|
return _octokit;
|
|
@@ -3829,10 +3861,16 @@ function getOctokit() {
|
|
|
3829
3861
|
let _octokitGraphql;
|
|
3830
3862
|
function getOctokitGraphql() {
|
|
3831
3863
|
if (!_octokitGraphql) {
|
|
3864
|
+
// Lazily access constants.ENV.SOCKET_CLI_GITHUB_TOKEN.
|
|
3865
|
+
const {
|
|
3866
|
+
SOCKET_CLI_GITHUB_TOKEN
|
|
3867
|
+
} = constants.ENV;
|
|
3868
|
+
if (!SOCKET_CLI_GITHUB_TOKEN) {
|
|
3869
|
+
debug.debugFn('miss: SOCKET_CLI_GITHUB_TOKEN env var');
|
|
3870
|
+
}
|
|
3832
3871
|
_octokitGraphql = vendor.graphql2.defaults({
|
|
3833
3872
|
headers: {
|
|
3834
|
-
|
|
3835
|
-
authorization: `token ${constants.ENV.SOCKET_CLI_GITHUB_TOKEN}`
|
|
3873
|
+
authorization: `token ${SOCKET_CLI_GITHUB_TOKEN}`
|
|
3836
3874
|
}
|
|
3837
3875
|
});
|
|
3838
3876
|
}
|
|
@@ -3878,25 +3916,30 @@ async function writeCache(key, data) {
|
|
|
3878
3916
|
}
|
|
3879
3917
|
await fs$2.writeJson(cacheJsonPath, data);
|
|
3880
3918
|
}
|
|
3881
|
-
async function cleanupOpenPrs(owner, repo,
|
|
3919
|
+
async function cleanupOpenPrs(owner, repo, options) {
|
|
3882
3920
|
const contextualMatches = await getOpenSocketPrsWithContext(owner, repo, options);
|
|
3883
3921
|
if (!contextualMatches.length) {
|
|
3884
3922
|
return [];
|
|
3885
3923
|
}
|
|
3886
3924
|
const cachesToSave = new Map();
|
|
3925
|
+
const {
|
|
3926
|
+
newVersion
|
|
3927
|
+
} = {
|
|
3928
|
+
__proto__: null,
|
|
3929
|
+
...options
|
|
3930
|
+
};
|
|
3887
3931
|
const octokit = getOctokit();
|
|
3888
3932
|
const settledMatches = await Promise.allSettled(contextualMatches.map(async ({
|
|
3889
3933
|
context,
|
|
3890
3934
|
match
|
|
3891
3935
|
}) => {
|
|
3892
3936
|
const {
|
|
3937
|
+
newVersion: prToVersion,
|
|
3893
3938
|
number: prNum
|
|
3894
3939
|
} = match;
|
|
3895
3940
|
const prRef = `PR #${prNum}`;
|
|
3896
|
-
const prToVersionText = /(?<= to )\S+/.exec(match.title)?.[0];
|
|
3897
|
-
const prToVersion = vendor.semverExports.coerce(prToVersionText);
|
|
3898
3941
|
// Close older PRs.
|
|
3899
|
-
if (prToVersion && vendor.semverExports.lt(prToVersion, newVersion)) {
|
|
3942
|
+
if (prToVersion && newVersion && vendor.semverExports.lt(prToVersion, newVersion)) {
|
|
3900
3943
|
try {
|
|
3901
3944
|
await octokit.pulls.update({
|
|
3902
3945
|
owner,
|
|
@@ -3911,7 +3954,7 @@ async function cleanupOpenPrs(owner, repo, newVersion, options) {
|
|
|
3911
3954
|
cachesToSave.set(context.cacheKey, context.data);
|
|
3912
3955
|
return null;
|
|
3913
3956
|
} catch (e) {
|
|
3914
|
-
debug.debugFn(`fail: close ${prRef}\n`, e?.message || 'unknown error');
|
|
3957
|
+
debug.debugFn(`fail: close ${prRef} for ${prToVersion}\n`, e?.message || 'unknown error');
|
|
3915
3958
|
}
|
|
3916
3959
|
}
|
|
3917
3960
|
// Update stale PRs.
|
|
@@ -3990,9 +4033,15 @@ async function enablePrAutoMerge({
|
|
|
3990
4033
|
enabled: false
|
|
3991
4034
|
};
|
|
3992
4035
|
}
|
|
3993
|
-
function
|
|
4036
|
+
function getGithubEnvRepoInfo() {
|
|
3994
4037
|
// Lazily access constants.ENV.GITHUB_REPOSITORY.
|
|
3995
|
-
const
|
|
4038
|
+
const {
|
|
4039
|
+
GITHUB_REPOSITORY
|
|
4040
|
+
} = constants.ENV;
|
|
4041
|
+
if (!GITHUB_REPOSITORY) {
|
|
4042
|
+
debug.debugFn('miss: GITHUB_REPOSITORY env var');
|
|
4043
|
+
}
|
|
4044
|
+
const ownerSlashRepo = GITHUB_REPOSITORY;
|
|
3996
4045
|
const slashIndex = ownerSlashRepo.indexOf('/');
|
|
3997
4046
|
if (slashIndex === -1) {
|
|
3998
4047
|
return null;
|
|
@@ -4016,7 +4065,7 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4016
4065
|
const checkAuthor = strings.isNonEmptyString(author);
|
|
4017
4066
|
const octokit = getOctokit();
|
|
4018
4067
|
const octokitGraphql = getOctokitGraphql();
|
|
4019
|
-
const
|
|
4068
|
+
const prBranchParser = createSocketBranchParser(options);
|
|
4020
4069
|
const contextualMatches = [];
|
|
4021
4070
|
try {
|
|
4022
4071
|
// Optimistically fetch only the first 50 open PRs using GraphQL to minimize
|
|
@@ -4050,7 +4099,10 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4050
4099
|
const node = nodes[i];
|
|
4051
4100
|
const login = node.author?.login;
|
|
4052
4101
|
const matchesAuthor = checkAuthor ? login === author : true;
|
|
4053
|
-
|
|
4102
|
+
const matchesBranch = prBranchParser(node.headRefName);
|
|
4103
|
+
debug.debugFn('gql node.headRefName', node.headRefName);
|
|
4104
|
+
debug.debugFn('qgl matchesBranch', matchesBranch);
|
|
4105
|
+
if (matchesAuthor && matchesBranch) {
|
|
4054
4106
|
contextualMatches.push({
|
|
4055
4107
|
context: {
|
|
4056
4108
|
apiType: 'graphql',
|
|
@@ -4062,6 +4114,7 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4062
4114
|
},
|
|
4063
4115
|
match: {
|
|
4064
4116
|
...node,
|
|
4117
|
+
...matchesBranch,
|
|
4065
4118
|
author: login ?? '<unknown>'
|
|
4066
4119
|
}
|
|
4067
4120
|
});
|
|
@@ -4092,7 +4145,10 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4092
4145
|
const pr = allOpenPrs[i];
|
|
4093
4146
|
const login = pr.user?.login;
|
|
4094
4147
|
const matchesAuthor = checkAuthor ? login === author : true;
|
|
4095
|
-
|
|
4148
|
+
const matchesBranch = prBranchParser(pr.head.ref);
|
|
4149
|
+
debug.debugFn('octa node.headRefName', pr.head.ref);
|
|
4150
|
+
debug.debugFn('octa matchesBranch', matchesBranch);
|
|
4151
|
+
if (matchesAuthor && matchesBranch) {
|
|
4096
4152
|
contextualMatches.push({
|
|
4097
4153
|
context: {
|
|
4098
4154
|
apiType: 'rest',
|
|
@@ -4103,6 +4159,7 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4103
4159
|
parent: allOpenPrs
|
|
4104
4160
|
},
|
|
4105
4161
|
match: {
|
|
4162
|
+
...matchesBranch,
|
|
4106
4163
|
author: login ?? '<unknown>',
|
|
4107
4164
|
baseRefName: pr.base.ref,
|
|
4108
4165
|
headRefName: pr.head.ref,
|
|
@@ -4130,15 +4187,16 @@ async function openPr(owner, repo, branch, purl, newVersion, options) {
|
|
|
4130
4187
|
debug.debugFn('miss: GITHUB_ACTIONS env var');
|
|
4131
4188
|
return null;
|
|
4132
4189
|
}
|
|
4190
|
+
const purlObj = utils.getPurlObject(purl);
|
|
4133
4191
|
const octokit = getOctokit();
|
|
4134
4192
|
try {
|
|
4135
4193
|
return await octokit.pulls.create({
|
|
4136
4194
|
owner,
|
|
4137
4195
|
repo,
|
|
4138
|
-
title: getSocketPullRequestTitle(
|
|
4196
|
+
title: getSocketPullRequestTitle(purlObj, newVersion, workspace),
|
|
4139
4197
|
head: branch,
|
|
4140
4198
|
base: baseBranch,
|
|
4141
|
-
body: getSocketPullRequestBody(
|
|
4199
|
+
body: getSocketPullRequestBody(purlObj, newVersion, workspace)
|
|
4142
4200
|
});
|
|
4143
4201
|
} catch (e) {
|
|
4144
4202
|
let message = `Failed to open pull request`;
|
|
@@ -4167,7 +4225,7 @@ async function prExistForBranch(owner, repo, branch) {
|
|
|
4167
4225
|
} catch {}
|
|
4168
4226
|
return false;
|
|
4169
4227
|
}
|
|
4170
|
-
async function
|
|
4228
|
+
async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()) {
|
|
4171
4229
|
const stdioIgnoreOptions = {
|
|
4172
4230
|
cwd,
|
|
4173
4231
|
stdio: 'ignore'
|
|
@@ -4240,15 +4298,17 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4240
4298
|
const gitUser = constants.ENV.SOCKET_CLI_GIT_USER_NAME;
|
|
4241
4299
|
const githubToken = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
|
|
4242
4300
|
const isCi = !!(constants.ENV.CI && constants.ENV.GITHUB_ACTIONS && constants.ENV.GITHUB_REPOSITORY && gitEmail && gitUser && githubToken);
|
|
4301
|
+
const repoInfo = isCi ? getGithubEnvRepoInfo() : null;
|
|
4243
4302
|
spinner?.start();
|
|
4244
|
-
|
|
4245
|
-
|
|
4246
|
-
|
|
4247
|
-
|
|
4248
|
-
|
|
4249
|
-
|
|
4250
|
-
})
|
|
4251
|
-
}
|
|
4303
|
+
const openPrs =
|
|
4304
|
+
// Check repoInfo to make TypeScript happy.
|
|
4305
|
+
isCi && repoInfo ? await getOpenSocketPrs(repoInfo.owner, repoInfo.repo, {
|
|
4306
|
+
author: gitUser
|
|
4307
|
+
}) : [];
|
|
4308
|
+
if (openPrs.length) {
|
|
4309
|
+
debug.debugFn(`found: ${openPrs.length} open PRs`);
|
|
4310
|
+
}
|
|
4311
|
+
let count = isCi ? openPrs.length : 0;
|
|
4252
4312
|
const arb = new shadowInject.Arborist({
|
|
4253
4313
|
path: rootPath,
|
|
4254
4314
|
...shadowInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
|
|
@@ -4259,9 +4319,9 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4259
4319
|
let alertsMap;
|
|
4260
4320
|
try {
|
|
4261
4321
|
alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertsMapOptions({
|
|
4262
|
-
limit
|
|
4322
|
+
limit: limit + openPrs.length
|
|
4263
4323
|
})) : await shadowInject.getAlertsMapFromArborist(arb, getAlertsMapOptions({
|
|
4264
|
-
limit
|
|
4324
|
+
limit: limit + openPrs.length
|
|
4265
4325
|
}));
|
|
4266
4326
|
} catch (e) {
|
|
4267
4327
|
spinner?.stop();
|
|
@@ -4273,7 +4333,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4273
4333
|
};
|
|
4274
4334
|
}
|
|
4275
4335
|
const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
|
|
4276
|
-
limit
|
|
4336
|
+
limit: limit + openPrs.length
|
|
4277
4337
|
});
|
|
4278
4338
|
if (!infoByPkgName) {
|
|
4279
4339
|
spinner?.stop();
|
|
@@ -4306,10 +4366,15 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4306
4366
|
length
|
|
4307
4367
|
} = sortedInfoEntries; i < length; i += 1) {
|
|
4308
4368
|
const isLastInfoEntry = i === length - 1;
|
|
4369
|
+
const infoEntry = sortedInfoEntries[i];
|
|
4309
4370
|
const {
|
|
4310
|
-
0: name
|
|
4311
|
-
|
|
4312
|
-
|
|
4371
|
+
0: name
|
|
4372
|
+
} = infoEntry;
|
|
4373
|
+
const openPrsForPkg = openPrs.filter(pr => name === packages.resolvePackageName(pr.purl));
|
|
4374
|
+
const infos = [...infoEntry[1].values()].filter(info => !openPrsForPkg.find(pr => pr.newVersion === info.firstPatchedVersionIdentifier));
|
|
4375
|
+
if (!infos.length) {
|
|
4376
|
+
continue infoEntriesLoop;
|
|
4377
|
+
}
|
|
4313
4378
|
logger.logger.log(`Processing vulns for ${name}:`);
|
|
4314
4379
|
logger.logger.indent();
|
|
4315
4380
|
spinner?.indent();
|
|
@@ -4447,7 +4512,9 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4447
4512
|
error = e;
|
|
4448
4513
|
}
|
|
4449
4514
|
spinner?.stop();
|
|
4450
|
-
|
|
4515
|
+
|
|
4516
|
+
// Check repoInfo to make TypeScript happy.
|
|
4517
|
+
if (!errored && isCi && repoInfo) {
|
|
4451
4518
|
try {
|
|
4452
4519
|
// eslint-disable-next-line no-await-in-loop
|
|
4453
4520
|
const result = await gitUnstagedModifiedFiles(cwd);
|
|
@@ -4503,7 +4570,8 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4503
4570
|
}
|
|
4504
4571
|
|
|
4505
4572
|
// eslint-disable-next-line no-await-in-loop
|
|
4506
|
-
await Promise.allSettled([
|
|
4573
|
+
await Promise.allSettled([setGitRemoteGithubRepoUrl(repoInfo.owner, repoInfo.repo, githubToken, cwd), cleanupOpenPrs(repoInfo.owner, repoInfo.repo, {
|
|
4574
|
+
newVersion,
|
|
4507
4575
|
purl: oldPurl,
|
|
4508
4576
|
workspace
|
|
4509
4577
|
})]);
|
|
@@ -4670,15 +4738,17 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4670
4738
|
const gitUser = constants.ENV.SOCKET_CLI_GIT_USER_NAME;
|
|
4671
4739
|
const githubToken = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
|
|
4672
4740
|
const isCi = !!(constants.ENV.CI && constants.ENV.GITHUB_ACTIONS && constants.ENV.GITHUB_REPOSITORY && gitEmail && gitUser && githubToken);
|
|
4741
|
+
const repoInfo = isCi ? getGithubEnvRepoInfo() : null;
|
|
4673
4742
|
spinner?.start();
|
|
4674
|
-
|
|
4675
|
-
|
|
4676
|
-
|
|
4677
|
-
|
|
4678
|
-
|
|
4679
|
-
|
|
4680
|
-
})
|
|
4681
|
-
}
|
|
4743
|
+
const openPrs =
|
|
4744
|
+
// Check repoInfo to make TypeScript happy.
|
|
4745
|
+
isCi && repoInfo ? await getOpenSocketPrs(repoInfo.owner, repoInfo.repo, {
|
|
4746
|
+
author: gitUser
|
|
4747
|
+
}) : [];
|
|
4748
|
+
if (openPrs.length) {
|
|
4749
|
+
debug.debugFn(`found: ${openPrs.length} open PRs`);
|
|
4750
|
+
}
|
|
4751
|
+
let count = isCi ? openPrs.length : 0;
|
|
4682
4752
|
let actualTree;
|
|
4683
4753
|
const lockfilePath = path.join(rootPath, 'pnpm-lock.yaml');
|
|
4684
4754
|
let lockfileContent = await utils.readPnpmLockfile(lockfilePath);
|
|
@@ -4727,9 +4797,9 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4727
4797
|
let alertsMap;
|
|
4728
4798
|
try {
|
|
4729
4799
|
alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertsMapOptions({
|
|
4730
|
-
limit
|
|
4800
|
+
limit: limit + openPrs.length
|
|
4731
4801
|
})) : await utils.getAlertsMapFromPnpmLockfile(lockfile, getAlertsMapOptions({
|
|
4732
|
-
limit
|
|
4802
|
+
limit: limit + openPrs.length
|
|
4733
4803
|
}));
|
|
4734
4804
|
} catch (e) {
|
|
4735
4805
|
spinner?.stop();
|
|
@@ -4741,7 +4811,7 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4741
4811
|
};
|
|
4742
4812
|
}
|
|
4743
4813
|
const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
|
|
4744
|
-
limit
|
|
4814
|
+
limit: limit + openPrs.length
|
|
4745
4815
|
});
|
|
4746
4816
|
if (!infoByPkgName) {
|
|
4747
4817
|
spinner?.stop();
|
|
@@ -4773,10 +4843,15 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4773
4843
|
length
|
|
4774
4844
|
} = sortedInfoEntries; i < length; i += 1) {
|
|
4775
4845
|
const isLastInfoEntry = i === length - 1;
|
|
4846
|
+
const infoEntry = sortedInfoEntries[i];
|
|
4776
4847
|
const {
|
|
4777
|
-
0: name
|
|
4778
|
-
|
|
4779
|
-
|
|
4848
|
+
0: name
|
|
4849
|
+
} = infoEntry;
|
|
4850
|
+
const openPrsForPkg = openPrs.filter(pr => name === packages.resolvePackageName(pr.purl));
|
|
4851
|
+
const infos = [...infoEntry[1].values()].filter(info => !openPrsForPkg.find(pr => pr.newVersion === info.firstPatchedVersionIdentifier));
|
|
4852
|
+
if (!infos.length) {
|
|
4853
|
+
continue infoEntriesLoop;
|
|
4854
|
+
}
|
|
4780
4855
|
logger.logger.log(`Processing vulns for ${name}:`);
|
|
4781
4856
|
logger.logger.indent();
|
|
4782
4857
|
spinner?.indent();
|
|
@@ -4985,7 +5060,9 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4985
5060
|
errored = true;
|
|
4986
5061
|
}
|
|
4987
5062
|
spinner?.stop();
|
|
4988
|
-
|
|
5063
|
+
|
|
5064
|
+
// Check repoInfo to make TypeScript happy.
|
|
5065
|
+
if (!errored && isCi && repoInfo) {
|
|
4989
5066
|
try {
|
|
4990
5067
|
// eslint-disable-next-line no-await-in-loop
|
|
4991
5068
|
const result = await gitUnstagedModifiedFiles(cwd);
|
|
@@ -5044,7 +5121,8 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
5044
5121
|
}
|
|
5045
5122
|
|
|
5046
5123
|
// eslint-disable-next-line no-await-in-loop
|
|
5047
|
-
await Promise.allSettled([
|
|
5124
|
+
await Promise.allSettled([setGitRemoteGithubRepoUrl(repoInfo.owner, repoInfo.repo, githubToken, cwd), cleanupOpenPrs(repoInfo.owner, repoInfo.repo, {
|
|
5125
|
+
newVersion,
|
|
5048
5126
|
purl: oldPurl,
|
|
5049
5127
|
workspace
|
|
5050
5128
|
})]);
|
|
@@ -11324,7 +11402,7 @@ async function createScanFromGithub({
|
|
|
11324
11402
|
scansCreated += 1;
|
|
11325
11403
|
}
|
|
11326
11404
|
}
|
|
11327
|
-
logger.logger.success(targetRepos.length, '
|
|
11405
|
+
logger.logger.success(targetRepos.length, 'GitHub repos detected');
|
|
11328
11406
|
logger.logger.success(scansCreated, 'with supported Manifest files');
|
|
11329
11407
|
return {
|
|
11330
11408
|
ok: true,
|
|
@@ -11373,11 +11451,11 @@ async function scanOneRepo(repoSlug, {
|
|
|
11373
11451
|
} = repoResult.data;
|
|
11374
11452
|
logger.logger.info(`Default branch: \`${defaultBranch}\``);
|
|
11375
11453
|
const treeResult = await getRepoBranchTree({
|
|
11454
|
+
defaultBranch,
|
|
11455
|
+
githubToken,
|
|
11376
11456
|
orgGithub,
|
|
11377
11457
|
repoSlug,
|
|
11378
|
-
repoApiUrl
|
|
11379
|
-
defaultBranch,
|
|
11380
|
-
githubToken
|
|
11458
|
+
repoApiUrl
|
|
11381
11459
|
});
|
|
11382
11460
|
if (!treeResult.ok) {
|
|
11383
11461
|
return treeResult;
|
|
@@ -11555,26 +11633,23 @@ async function downloadManifestFile({
|
|
|
11555
11633
|
downloadUrl = JSON.parse(downloadUrlText).download_url;
|
|
11556
11634
|
} catch {
|
|
11557
11635
|
logger.logger.fail(`GitHub response contained invalid JSON for download url for: ${file}`);
|
|
11558
|
-
debug.debugFn('content: raw (not JSON)', downloadUrlText);
|
|
11559
11636
|
return {
|
|
11560
11637
|
ok: false,
|
|
11561
11638
|
message: 'Invalid JSON response',
|
|
11562
11639
|
cause: `Server responded with invalid JSON for download url ${downloadUrl}`
|
|
11563
11640
|
};
|
|
11564
11641
|
}
|
|
11565
|
-
debug.debugFn('download: manifest file');
|
|
11566
11642
|
const localPath = path.join(tmpDir, file);
|
|
11567
|
-
debug.debugFn('download:', downloadUrl, '->', localPath);
|
|
11643
|
+
debug.debugFn('download: manifest file started', downloadUrl, '->', localPath);
|
|
11568
11644
|
|
|
11569
11645
|
// Now stream the file to that file...
|
|
11570
|
-
|
|
11571
11646
|
const result = await streamDownloadWithFetch(localPath, downloadUrl);
|
|
11572
11647
|
if (!result.ok) {
|
|
11573
11648
|
// Do we proceed? Bail? Hrm...
|
|
11574
11649
|
logger.logger.fail(`Failed to download manifest file, skipping to next file. File: ${file}`);
|
|
11575
11650
|
return result;
|
|
11576
11651
|
}
|
|
11577
|
-
debug.
|
|
11652
|
+
debug.debugFn('download: manifest file completed');
|
|
11578
11653
|
return {
|
|
11579
11654
|
ok: true,
|
|
11580
11655
|
data: undefined
|
|
@@ -13605,5 +13680,5 @@ void (async () => {
|
|
|
13605
13680
|
await utils.captureException(e);
|
|
13606
13681
|
}
|
|
13607
13682
|
})();
|
|
13608
|
-
//# debugId=
|
|
13683
|
+
//# debugId=38099217-d20f-4a32-ab28-1f8227909c96
|
|
13609
13684
|
//# sourceMappingURL=cli.js.map
|