@socketsecurity/cli-with-sentry 0.15.8 → 0.15.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.config/tsconfig.dts.tsbuildinfo +1 -1
- package/dist/cli.js +81 -44
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +5 -3
- package/dist/constants.js.map +1 -1
- package/dist/shadow-inject.js +7 -3
- package/dist/shadow-inject.js.map +1 -1
- package/dist/types/commands/fix/npm-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/pnpm-fix.d.mts.map +1 -1
- package/dist/types/shadow/npm/arborist-helpers.d.mts.map +1 -1
- package/dist/vendor.js +35 -31
- package/dist/vendor.js.map +1 -1
- package/external/@socketsecurity/registry/lib/logger.d.ts +1 -0
- package/external/@socketsecurity/registry/lib/logger.js +9 -0
- package/external/@socketsecurity/registry/package.json +2 -2
- package/package.json +5 -5
package/dist/cli.js
CHANGED
|
@@ -4059,7 +4059,9 @@ async function install$1(arb, options) {
|
|
|
4059
4059
|
path: cwd
|
|
4060
4060
|
})
|
|
4061
4061
|
newArb.idealTree = await arb.buildIdealTree()
|
|
4062
|
-
|
|
4062
|
+
const actualTree = await newArb.reify()
|
|
4063
|
+
arb.actualTree = actualTree
|
|
4064
|
+
return actualTree
|
|
4063
4065
|
}
|
|
4064
4066
|
async function npmFix(
|
|
4065
4067
|
pkgEnvDetails,
|
|
@@ -4119,7 +4121,13 @@ async function npmFix(
|
|
|
4119
4121
|
const sortedInfoEntries = [...infoByPkgName.entries()].sort((a, b) =>
|
|
4120
4122
|
sorts.naturalCompare(a[0], b[0])
|
|
4121
4123
|
)
|
|
4122
|
-
|
|
4124
|
+
infoEntriesLoop: for (
|
|
4125
|
+
let i = 0, { length } = sortedInfoEntries;
|
|
4126
|
+
i < length;
|
|
4127
|
+
i += 1
|
|
4128
|
+
) {
|
|
4129
|
+
const { 0: name, 1: infos } = sortedInfoEntries[i]
|
|
4130
|
+
const isLastInfoEntry = i === length - 1
|
|
4123
4131
|
logger.logger.log(`Processing vulnerable package: ${name}`)
|
|
4124
4132
|
logger.logger.indent()
|
|
4125
4133
|
spinner?.indent()
|
|
@@ -4134,11 +4142,11 @@ async function npmFix(
|
|
|
4134
4142
|
)
|
|
4135
4143
|
logger.logger.dedent()
|
|
4136
4144
|
spinner?.dedent()
|
|
4137
|
-
continue
|
|
4145
|
+
continue infoEntriesLoop
|
|
4138
4146
|
}
|
|
4139
4147
|
const availableVersions = Object.keys(packument.versions)
|
|
4140
4148
|
const warningsForAfter = new Set()
|
|
4141
|
-
for (const pkgJsonPath of pkgJsonPaths) {
|
|
4149
|
+
pkgJsonPathsLoop: for (const pkgJsonPath of pkgJsonPaths) {
|
|
4142
4150
|
const pkgPath = path.dirname(pkgJsonPath)
|
|
4143
4151
|
const isWorkspaceRoot =
|
|
4144
4152
|
pkgJsonPath === pkgEnvDetails.editablePkgJson.filename
|
|
@@ -4146,6 +4154,7 @@ async function npmFix(
|
|
|
4146
4154
|
? 'root'
|
|
4147
4155
|
: path.relative(rootPath, pkgPath)
|
|
4148
4156
|
logger.logger.log(`Checking workspace: ${workspaceName}`)
|
|
4157
|
+
const workspaceLogCallCount = logger.logger.logCallCount
|
|
4149
4158
|
|
|
4150
4159
|
// eslint-disable-next-line no-await-in-loop
|
|
4151
4160
|
actualTree = await install$1(arb, {
|
|
@@ -4161,12 +4170,7 @@ async function npmFix(
|
|
|
4161
4170
|
logger.logger.warn(
|
|
4162
4171
|
`Unexpected condition: Lockfile entries not found for ${name}.\n`
|
|
4163
4172
|
)
|
|
4164
|
-
|
|
4165
|
-
console.dir(actualTree, {
|
|
4166
|
-
depth: 999
|
|
4167
|
-
})
|
|
4168
|
-
}
|
|
4169
|
-
continue
|
|
4173
|
+
continue pkgJsonPathsLoop
|
|
4170
4174
|
}
|
|
4171
4175
|
|
|
4172
4176
|
// Always re-read the editable package.json to avoid stale mutations
|
|
@@ -4175,7 +4179,7 @@ async function npmFix(
|
|
|
4175
4179
|
const editablePkgJson = await packages.readPackageJson(pkgJsonPath, {
|
|
4176
4180
|
editable: true
|
|
4177
4181
|
})
|
|
4178
|
-
for (const oldVersion of oldVersions) {
|
|
4182
|
+
oldVersionsLoop: for (const oldVersion of oldVersions) {
|
|
4179
4183
|
const oldId = `${name}@${oldVersion}`
|
|
4180
4184
|
const oldPurl = utils.idToPurl(oldId)
|
|
4181
4185
|
const node = shadowInject.findPackageNode(actualTree, name, oldVersion)
|
|
@@ -4183,9 +4187,9 @@ async function npmFix(
|
|
|
4183
4187
|
logger.logger.warn(
|
|
4184
4188
|
`Unexpected condition: Arborist node not found, skipping ${oldId}`
|
|
4185
4189
|
)
|
|
4186
|
-
continue
|
|
4190
|
+
continue oldVersionsLoop
|
|
4187
4191
|
}
|
|
4188
|
-
for (const {
|
|
4192
|
+
infosLoop: for (const {
|
|
4189
4193
|
firstPatchedVersionIdentifier,
|
|
4190
4194
|
vulnerableVersionRange
|
|
4191
4195
|
} of infos.values()) {
|
|
@@ -4201,7 +4205,7 @@ async function npmFix(
|
|
|
4201
4205
|
warningsForAfter.add(
|
|
4202
4206
|
`No update applied. ${oldId} needs >=${firstPatchedVersionIdentifier}`
|
|
4203
4207
|
)
|
|
4204
|
-
continue
|
|
4208
|
+
continue infosLoop
|
|
4205
4209
|
}
|
|
4206
4210
|
const newVersionRange = utils.applyRange(
|
|
4207
4211
|
oldVersion,
|
|
@@ -4248,8 +4252,12 @@ async function npmFix(
|
|
|
4248
4252
|
if (isCi) {
|
|
4249
4253
|
// eslint-disable-next-line no-await-in-loop
|
|
4250
4254
|
await gitResetAndClean(baseBranch, cwd)
|
|
4255
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4256
|
+
actualTree = await install$1(arb, {
|
|
4257
|
+
cwd
|
|
4258
|
+
})
|
|
4251
4259
|
}
|
|
4252
|
-
continue
|
|
4260
|
+
continue infosLoop
|
|
4253
4261
|
}
|
|
4254
4262
|
spinner?.start()
|
|
4255
4263
|
spinner?.info(`Installing ${newId} in ${workspaceName}`)
|
|
@@ -4286,14 +4294,14 @@ async function npmFix(
|
|
|
4286
4294
|
debug.debugLog(
|
|
4287
4295
|
`Branch "${branch}" exists, skipping PR creation.`
|
|
4288
4296
|
)
|
|
4289
|
-
continue
|
|
4297
|
+
continue infosLoop
|
|
4290
4298
|
}
|
|
4291
4299
|
// eslint-disable-next-line no-await-in-loop
|
|
4292
4300
|
if (await gitRemoteBranchExists(branch, cwd)) {
|
|
4293
4301
|
debug.debugLog(
|
|
4294
4302
|
`Remote branch "${branch}" exists, skipping PR creation.`
|
|
4295
4303
|
)
|
|
4296
|
-
continue
|
|
4304
|
+
continue infosLoop
|
|
4297
4305
|
}
|
|
4298
4306
|
const moddedFilepaths =
|
|
4299
4307
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4308,7 +4316,7 @@ async function npmFix(
|
|
|
4308
4316
|
logger.logger.warn(
|
|
4309
4317
|
'Unexpected condition: Nothing to commit, skipping PR creation.'
|
|
4310
4318
|
)
|
|
4311
|
-
continue
|
|
4319
|
+
continue infosLoop
|
|
4312
4320
|
}
|
|
4313
4321
|
if (
|
|
4314
4322
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4322,7 +4330,7 @@ async function npmFix(
|
|
|
4322
4330
|
logger.logger.warn(
|
|
4323
4331
|
'Unexpected condition: Push failed, skipping PR creation.'
|
|
4324
4332
|
)
|
|
4325
|
-
continue
|
|
4333
|
+
continue infosLoop
|
|
4326
4334
|
}
|
|
4327
4335
|
// eslint-disable-next-line no-await-in-loop
|
|
4328
4336
|
await cleanupOpenPrs(owner, repo, oldPurl, newVersion, {
|
|
@@ -4357,6 +4365,10 @@ async function npmFix(
|
|
|
4357
4365
|
if (isCi) {
|
|
4358
4366
|
// eslint-disable-next-line no-await-in-loop
|
|
4359
4367
|
await gitResetAndClean(baseBranch, cwd)
|
|
4368
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4369
|
+
actualTree = await install$1(arb, {
|
|
4370
|
+
cwd
|
|
4371
|
+
})
|
|
4360
4372
|
}
|
|
4361
4373
|
if (errored) {
|
|
4362
4374
|
if (!isCi) {
|
|
@@ -4368,6 +4380,10 @@ async function npmFix(
|
|
|
4368
4380
|
ignoreWhitespace: true
|
|
4369
4381
|
})
|
|
4370
4382
|
])
|
|
4383
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4384
|
+
actualTree = await install$1(arb, {
|
|
4385
|
+
cwd
|
|
4386
|
+
})
|
|
4371
4387
|
}
|
|
4372
4388
|
spinner?.failAndStop(
|
|
4373
4389
|
`Update failed for ${oldId} in ${workspaceName}`,
|
|
@@ -4375,16 +4391,18 @@ async function npmFix(
|
|
|
4375
4391
|
)
|
|
4376
4392
|
}
|
|
4377
4393
|
if (++count >= limit) {
|
|
4378
|
-
break
|
|
4394
|
+
break infoEntriesLoop
|
|
4379
4395
|
}
|
|
4380
4396
|
}
|
|
4381
4397
|
}
|
|
4382
|
-
logger.logger.
|
|
4398
|
+
if (logger.logger.logCallCount > workspaceLogCallCount) {
|
|
4399
|
+
logger.logger.log('')
|
|
4400
|
+
}
|
|
4383
4401
|
}
|
|
4384
4402
|
for (const warningText of warningsForAfter) {
|
|
4385
4403
|
logger.logger.warn(warningText)
|
|
4386
4404
|
}
|
|
4387
|
-
if (
|
|
4405
|
+
if (!isLastInfoEntry) {
|
|
4388
4406
|
logger.logger.log('')
|
|
4389
4407
|
}
|
|
4390
4408
|
logger.logger.dedent()
|
|
@@ -4516,7 +4534,13 @@ async function pnpmFix(
|
|
|
4516
4534
|
const sortedInfoEntries = [...infoByPkgName.entries()].sort((a, b) =>
|
|
4517
4535
|
sorts.naturalCompare(a[0], b[0])
|
|
4518
4536
|
)
|
|
4519
|
-
|
|
4537
|
+
infoEntriesLoop: for (
|
|
4538
|
+
let i = 0, { length } = sortedInfoEntries;
|
|
4539
|
+
i < length;
|
|
4540
|
+
i += 1
|
|
4541
|
+
) {
|
|
4542
|
+
const { 0: name, 1: infos } = sortedInfoEntries[i]
|
|
4543
|
+
const isLastInfoEntry = i === length - 1
|
|
4520
4544
|
logger.logger.log(`Processing vulnerable package: ${name}`)
|
|
4521
4545
|
logger.logger.indent()
|
|
4522
4546
|
spinner?.indent()
|
|
@@ -4531,11 +4555,11 @@ async function pnpmFix(
|
|
|
4531
4555
|
)
|
|
4532
4556
|
logger.logger.dedent()
|
|
4533
4557
|
spinner?.dedent()
|
|
4534
|
-
continue
|
|
4558
|
+
continue infoEntriesLoop
|
|
4535
4559
|
}
|
|
4536
4560
|
const availableVersions = Object.keys(packument.versions)
|
|
4537
4561
|
const warningsForAfter = new Set()
|
|
4538
|
-
for (const pkgJsonPath of pkgJsonPaths) {
|
|
4562
|
+
pkgJsonPathsLoop: for (const pkgJsonPath of pkgJsonPaths) {
|
|
4539
4563
|
const pkgPath = path.dirname(pkgJsonPath)
|
|
4540
4564
|
const isWorkspaceRoot =
|
|
4541
4565
|
pkgJsonPath === pkgEnvDetails.editablePkgJson.filename
|
|
@@ -4543,6 +4567,7 @@ async function pnpmFix(
|
|
|
4543
4567
|
? 'root'
|
|
4544
4568
|
: path.relative(rootPath, pkgPath)
|
|
4545
4569
|
logger.logger.log(`Checking workspace: ${workspaceName}`)
|
|
4570
|
+
const workspaceLogCallCount = logger.logger.logCallCount
|
|
4546
4571
|
|
|
4547
4572
|
// eslint-disable-next-line no-await-in-loop
|
|
4548
4573
|
actualTree = await install(pkgEnvDetails, {
|
|
@@ -4559,12 +4584,7 @@ async function pnpmFix(
|
|
|
4559
4584
|
logger.logger.warn(
|
|
4560
4585
|
`Unexpected condition: Lockfile entries not found for ${name}.\n`
|
|
4561
4586
|
)
|
|
4562
|
-
|
|
4563
|
-
console.dir(actualTree, {
|
|
4564
|
-
depth: 999
|
|
4565
|
-
})
|
|
4566
|
-
}
|
|
4567
|
-
continue
|
|
4587
|
+
continue pkgJsonPathsLoop
|
|
4568
4588
|
}
|
|
4569
4589
|
|
|
4570
4590
|
// Always re-read the editable package.json to avoid stale mutations
|
|
@@ -4576,7 +4596,7 @@ async function pnpmFix(
|
|
|
4576
4596
|
// Get current overrides for revert logic
|
|
4577
4597
|
const oldPnpmSection = editablePkgJson.content[PNPM$7]
|
|
4578
4598
|
const oldOverrides = oldPnpmSection?.[OVERRIDES$2]
|
|
4579
|
-
for (const oldVersion of oldVersions) {
|
|
4599
|
+
oldVersionsLoop: for (const oldVersion of oldVersions) {
|
|
4580
4600
|
const oldId = `${name}@${oldVersion}`
|
|
4581
4601
|
const oldPurl = utils.idToPurl(oldId)
|
|
4582
4602
|
const node = shadowInject.findPackageNode(actualTree, name, oldVersion)
|
|
@@ -4584,9 +4604,9 @@ async function pnpmFix(
|
|
|
4584
4604
|
logger.logger.warn(
|
|
4585
4605
|
`Unexpected condition: Arborist node not found, skipping ${oldId}`
|
|
4586
4606
|
)
|
|
4587
|
-
continue
|
|
4607
|
+
continue oldVersionsLoop
|
|
4588
4608
|
}
|
|
4589
|
-
for (const {
|
|
4609
|
+
infosLoop: for (const {
|
|
4590
4610
|
firstPatchedVersionIdentifier,
|
|
4591
4611
|
vulnerableVersionRange
|
|
4592
4612
|
} of infos.values()) {
|
|
@@ -4602,7 +4622,7 @@ async function pnpmFix(
|
|
|
4602
4622
|
warningsForAfter.add(
|
|
4603
4623
|
`No update applied. ${oldId} needs >=${firstPatchedVersionIdentifier}`
|
|
4604
4624
|
)
|
|
4605
|
-
continue
|
|
4625
|
+
continue infosLoop
|
|
4606
4626
|
}
|
|
4607
4627
|
const overrideKey = `${name}@${vulnerableVersionRange}`
|
|
4608
4628
|
const newVersionRange = utils.applyRange(
|
|
@@ -4676,8 +4696,13 @@ async function pnpmFix(
|
|
|
4676
4696
|
if (isCi) {
|
|
4677
4697
|
// eslint-disable-next-line no-await-in-loop
|
|
4678
4698
|
await gitResetAndClean(baseBranch, cwd)
|
|
4699
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4700
|
+
actualTree = await install(pkgEnvDetails, {
|
|
4701
|
+
cwd,
|
|
4702
|
+
spinner
|
|
4703
|
+
})
|
|
4679
4704
|
}
|
|
4680
|
-
continue
|
|
4705
|
+
continue infosLoop
|
|
4681
4706
|
}
|
|
4682
4707
|
spinner?.start()
|
|
4683
4708
|
spinner?.info(`Installing ${newId} in ${workspaceName}`)
|
|
@@ -4716,14 +4741,14 @@ async function pnpmFix(
|
|
|
4716
4741
|
debug.debugLog(
|
|
4717
4742
|
`Branch "${branch}" exists, skipping PR creation.`
|
|
4718
4743
|
)
|
|
4719
|
-
continue
|
|
4744
|
+
continue infosLoop
|
|
4720
4745
|
}
|
|
4721
4746
|
// eslint-disable-next-line no-await-in-loop
|
|
4722
4747
|
if (await gitRemoteBranchExists(branch, cwd)) {
|
|
4723
4748
|
debug.debugLog(
|
|
4724
4749
|
`Remote branch "${branch}" exists, skipping PR creation.`
|
|
4725
4750
|
)
|
|
4726
|
-
continue
|
|
4751
|
+
continue infosLoop
|
|
4727
4752
|
}
|
|
4728
4753
|
const moddedFilepaths =
|
|
4729
4754
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4737,7 +4762,7 @@ async function pnpmFix(
|
|
|
4737
4762
|
logger.logger.warn(
|
|
4738
4763
|
'Unexpected condition: Nothing to commit, skipping PR creation.'
|
|
4739
4764
|
)
|
|
4740
|
-
continue
|
|
4765
|
+
continue infosLoop
|
|
4741
4766
|
}
|
|
4742
4767
|
if (
|
|
4743
4768
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4751,7 +4776,7 @@ async function pnpmFix(
|
|
|
4751
4776
|
logger.logger.warn(
|
|
4752
4777
|
'Unexpected condition: Push failed, skipping PR creation.'
|
|
4753
4778
|
)
|
|
4754
|
-
continue
|
|
4779
|
+
continue infosLoop
|
|
4755
4780
|
}
|
|
4756
4781
|
// eslint-disable-next-line no-await-in-loop
|
|
4757
4782
|
await cleanupOpenPrs(owner, repo, oldPurl, newVersion, {
|
|
@@ -4786,6 +4811,11 @@ async function pnpmFix(
|
|
|
4786
4811
|
if (isCi) {
|
|
4787
4812
|
// eslint-disable-next-line no-await-in-loop
|
|
4788
4813
|
await gitResetAndClean(baseBranch, cwd)
|
|
4814
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4815
|
+
actualTree = await install(pkgEnvDetails, {
|
|
4816
|
+
cwd,
|
|
4817
|
+
spinner
|
|
4818
|
+
})
|
|
4789
4819
|
}
|
|
4790
4820
|
if (errored) {
|
|
4791
4821
|
if (!isCi) {
|
|
@@ -4797,6 +4827,11 @@ async function pnpmFix(
|
|
|
4797
4827
|
ignoreWhitespace: true
|
|
4798
4828
|
})
|
|
4799
4829
|
])
|
|
4830
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4831
|
+
actualTree = await install(pkgEnvDetails, {
|
|
4832
|
+
cwd,
|
|
4833
|
+
spinner
|
|
4834
|
+
})
|
|
4800
4835
|
}
|
|
4801
4836
|
spinner?.failAndStop(
|
|
4802
4837
|
`Update failed for ${oldId} in ${workspaceName}`,
|
|
@@ -4804,16 +4839,18 @@ async function pnpmFix(
|
|
|
4804
4839
|
)
|
|
4805
4840
|
}
|
|
4806
4841
|
if (++count >= limit) {
|
|
4807
|
-
break
|
|
4842
|
+
break infoEntriesLoop
|
|
4808
4843
|
}
|
|
4809
4844
|
}
|
|
4810
4845
|
}
|
|
4811
|
-
logger.logger.
|
|
4846
|
+
if (logger.logger.logCallCount > workspaceLogCallCount) {
|
|
4847
|
+
logger.logger.log('')
|
|
4848
|
+
}
|
|
4812
4849
|
}
|
|
4813
4850
|
for (const warningText of warningsForAfter) {
|
|
4814
4851
|
logger.logger.warn(warningText)
|
|
4815
4852
|
}
|
|
4816
|
-
if (
|
|
4853
|
+
if (!isLastInfoEntry) {
|
|
4817
4854
|
logger.logger.log('')
|
|
4818
4855
|
}
|
|
4819
4856
|
logger.logger.dedent()
|
|
@@ -12366,5 +12403,5 @@ void (async () => {
|
|
|
12366
12403
|
await utils.captureException(e)
|
|
12367
12404
|
}
|
|
12368
12405
|
})()
|
|
12369
|
-
//# debugId=
|
|
12406
|
+
//# debugId=55747463-2478-4bf7-b270-e981f6a95bd1
|
|
12370
12407
|
//# sourceMappingURL=cli.js.map
|