@socketsecurity/cli-with-sentry 0.15.53 → 0.15.54
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js
CHANGED
|
@@ -4316,10 +4316,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4316
4316
|
isCi && repoInfo ? await getOpenSocketPrs(repoInfo.owner, repoInfo.repo, {
|
|
4317
4317
|
author: gitUser
|
|
4318
4318
|
}) : [];
|
|
4319
|
-
|
|
4320
|
-
debug.debugFn(`found: ${openPrs.length} open PRs`);
|
|
4321
|
-
}
|
|
4322
|
-
let count = isCi ? openPrs.length : 0;
|
|
4319
|
+
let count = 0;
|
|
4323
4320
|
const arb = new shadowInject.Arborist({
|
|
4324
4321
|
path: rootPath,
|
|
4325
4322
|
...shadowInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
|
|
@@ -4330,9 +4327,9 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4330
4327
|
let alertsMap;
|
|
4331
4328
|
try {
|
|
4332
4329
|
alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertsMapOptions({
|
|
4333
|
-
limit: limit
|
|
4330
|
+
limit: Math.max(limit, openPrs.length)
|
|
4334
4331
|
})) : await shadowInject.getAlertsMapFromArborist(arb, getAlertsMapOptions({
|
|
4335
|
-
limit: limit
|
|
4332
|
+
limit: Math.max(limit, openPrs.length)
|
|
4336
4333
|
}));
|
|
4337
4334
|
} catch (e) {
|
|
4338
4335
|
spinner?.stop();
|
|
@@ -4344,7 +4341,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4344
4341
|
};
|
|
4345
4342
|
}
|
|
4346
4343
|
const infoByPartialPurl = utils.getCveInfoFromAlertsMap(alertsMap, {
|
|
4347
|
-
limit: limit
|
|
4344
|
+
limit: Math.max(limit, openPrs.length)
|
|
4348
4345
|
});
|
|
4349
4346
|
if (!infoByPartialPurl) {
|
|
4350
4347
|
spinner?.stop();
|
|
@@ -4381,11 +4378,14 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4381
4378
|
const infoEntry = sortedInfoEntries[i];
|
|
4382
4379
|
const partialPurlObj = utils.getPurlObject(infoEntry[0]);
|
|
4383
4380
|
const name = packages.resolvePackageName(partialPurlObj);
|
|
4384
|
-
|
|
4381
|
+
const infos = [...infoEntry[1].values()];
|
|
4382
|
+
if (!infos.length) {
|
|
4383
|
+
continue infoEntriesLoop;
|
|
4384
|
+
}
|
|
4385
|
+
const activeBranches = [];
|
|
4385
4386
|
if (isCi) {
|
|
4386
4387
|
const branchFullName = getSocketBranchFullNameComponent(partialPurlObj);
|
|
4387
4388
|
const branchPurlType = getSocketBranchPurlTypeComponent(partialPurlObj);
|
|
4388
|
-
const activeBranches = [];
|
|
4389
4389
|
for (const pr of openPrs) {
|
|
4390
4390
|
const parsedBranch = branchParser(pr.headRefName);
|
|
4391
4391
|
if (branchPurlType === parsedBranch?.type && branchFullName === parsedBranch?.fullName) {
|
|
@@ -4397,10 +4397,6 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4397
4397
|
} else if (openPrs.length) {
|
|
4398
4398
|
debug.debugFn('miss: 0 active branches found');
|
|
4399
4399
|
}
|
|
4400
|
-
infos = infos.filter(info => !activeBranches.find(b => b.newVersion === info.firstPatchedVersionIdentifier));
|
|
4401
|
-
}
|
|
4402
|
-
if (!infos.length) {
|
|
4403
|
-
continue infoEntriesLoop;
|
|
4404
4400
|
}
|
|
4405
4401
|
logger.logger.log(`Processing vulns for ${name}:`);
|
|
4406
4402
|
logger.logger.indent();
|
|
@@ -4428,6 +4424,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4428
4424
|
const pkgPath = path.dirname(pkgJsonPath);
|
|
4429
4425
|
const isWorkspaceRoot = pkgJsonPath === pkgEnvDetails.editablePkgJson.filename;
|
|
4430
4426
|
const workspace = isWorkspaceRoot ? 'root' : path.relative(rootPath, pkgPath);
|
|
4427
|
+
const branchWorkspace = isCi ? getSocketBranchWorkspaceComponent(workspace) : '';
|
|
4431
4428
|
const oldVersions = arrays.arrayUnique(shadowInject.findPackageNodes(actualTree, name).map(n => n.target?.version ?? n.version).filter(Boolean));
|
|
4432
4429
|
if (!oldVersions.length) {
|
|
4433
4430
|
debug.debugFn(`skip: ${name} not found\n`);
|
|
@@ -4467,6 +4464,15 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4467
4464
|
continue infosLoop;
|
|
4468
4465
|
}
|
|
4469
4466
|
const newVersion = shadowInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
|
|
4467
|
+
if (activeBranches.find(b => b.workspace === branchWorkspace && b.newVersion === newVersion)) {
|
|
4468
|
+
debug.debugFn(`skip: open PR found for ${name}@${newVersion}`);
|
|
4469
|
+
if (++count >= limit) {
|
|
4470
|
+
logger.logger.dedent();
|
|
4471
|
+
spinner?.dedent();
|
|
4472
|
+
break infoEntriesLoop;
|
|
4473
|
+
}
|
|
4474
|
+
continue infosLoop;
|
|
4475
|
+
}
|
|
4470
4476
|
const newVersionPackument = newVersion ? packument.versions[newVersion] : undefined;
|
|
4471
4477
|
if (!(newVersion && newVersionPackument)) {
|
|
4472
4478
|
warningsForAfter.add(`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`);
|
|
@@ -7676,12 +7682,14 @@ function includesBun(lockSrc, name, lockName) {
|
|
|
7676
7682
|
function includesPnpm(lockSrc, name) {
|
|
7677
7683
|
const escapedName = regexps.escapeRegExp(name);
|
|
7678
7684
|
return new RegExp(
|
|
7679
|
-
// Detects the package name
|
|
7680
|
-
//
|
|
7685
|
+
// Detects the package name.
|
|
7686
|
+
// v9.0 and v6.0 lockfile patterns:
|
|
7681
7687
|
// 'name'
|
|
7682
7688
|
// name:
|
|
7683
7689
|
// name@
|
|
7684
|
-
|
|
7690
|
+
// v6.0 lockfile patterns:
|
|
7691
|
+
// /name@
|
|
7692
|
+
`(?<=^\\s*)(?:'${escapedName}'|/?${escapedName}(?=[:@]))`, 'm').test(lockSrc);
|
|
7685
7693
|
}
|
|
7686
7694
|
function includesVlt(lockSrc, name) {
|
|
7687
7695
|
// Detects the package name in the following cases:
|
|
@@ -14372,5 +14380,5 @@ void (async () => {
|
|
|
14372
14380
|
await utils.captureException(e);
|
|
14373
14381
|
}
|
|
14374
14382
|
})();
|
|
14375
|
-
//# debugId=
|
|
14383
|
+
//# debugId=c367b9c2-15d4-4650-9e2f-c8866daf46cd
|
|
14376
14384
|
//# sourceMappingURL=cli.js.map
|