inup 1.5.5 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +53 -10
- package/dist/cli.js +53 -31
- package/dist/config/constants.js +4 -6
- package/dist/config/package-meta.js +10 -0
- package/dist/config/project-config.js +11 -1
- package/dist/core/package-detector.js +37 -5
- package/dist/core/upgrade-runner.js +8 -10
- package/dist/core/upgrader.js +15 -11
- package/dist/features/changelog/clients/github-client.js +5 -6
- package/dist/features/changelog/services/changelog-service.js +2 -4
- package/dist/features/changelog/services/package-metadata-service.js +7 -23
- package/dist/features/changelog/services/release-notes-service.js +4 -29
- package/dist/features/debug/services/performance-tracker.js +6 -8
- package/dist/features/headless/headless-runner.js +53 -0
- package/dist/features/headless/index.js +27 -0
- package/dist/features/headless/report.js +64 -0
- package/dist/features/headless/types.js +6 -0
- package/dist/features/headless/vulnerability-audit.js +106 -0
- package/dist/index.js +1 -2
- package/dist/interactive-ui.js +15 -606
- package/dist/services/background-audit.js +3 -5
- package/dist/services/cache-manager.js +5 -7
- package/dist/services/http/inflight.js +22 -0
- package/dist/services/http/retry.js +30 -0
- package/dist/services/index.js +0 -1
- package/dist/services/npm-registry.js +20 -97
- package/dist/services/package-manager-detector.js +6 -3
- package/dist/services/persistent-cache.js +8 -13
- package/dist/types/domain.js +3 -0
- package/dist/types/streaming.js +3 -0
- package/dist/types/ui.js +3 -0
- package/dist/types.js +17 -0
- package/dist/ui/controllers/package-info-modal-controller.js +22 -31
- package/dist/ui/controllers/vulnerability-audit-controller.js +17 -8
- package/dist/ui/index.js +3 -0
- package/dist/ui/input-handler.js +58 -75
- package/dist/ui/keymap.js +208 -0
- package/dist/ui/modal/package-info-sections/release-notes.js +161 -0
- package/dist/ui/modal/package-info-sections/sections.js +174 -0
- package/dist/ui/modal/package-info-sections/text.js +75 -0
- package/dist/ui/modal/package-info-sections.js +15 -369
- package/dist/ui/modal/package-info.js +1 -1
- package/dist/ui/presenters/health.js +24 -0
- package/dist/ui/renderer/help-modal.js +75 -0
- package/dist/ui/renderer/index.js +2 -5
- package/dist/ui/renderer/package-list/interface.js +184 -0
- package/dist/ui/renderer/package-list/rows.js +177 -0
- package/dist/ui/renderer/package-list.js +15 -455
- package/dist/ui/session/action-dispatcher.js +233 -0
- package/dist/ui/session/index.js +13 -0
- package/dist/ui/session/interactive-session.js +280 -0
- package/dist/ui/session/selection-state-builder.js +149 -0
- package/dist/ui/state/filter-manager.js +17 -6
- package/dist/ui/state/modal-manager.js +35 -0
- package/dist/ui/state/navigation-manager.js +33 -4
- package/dist/ui/state/state-manager.js +68 -3
- package/dist/ui/state/theme-manager.js +1 -0
- package/dist/ui/themes-colors.js +16 -4
- package/dist/ui/themes.js +11 -19
- package/dist/ui/utils/cursor.js +12 -7
- package/dist/ui/utils/index.js +6 -1
- package/dist/ui/utils/text.js +3 -2
- package/dist/ui/utils/version.js +60 -86
- package/dist/utils/color.js +38 -0
- package/dist/utils/config.js +13 -1
- package/dist/utils/engines.js +63 -0
- package/dist/utils/filesystem/io.js +103 -0
- package/dist/utils/filesystem/paths.js +19 -0
- package/dist/utils/filesystem/scan.js +280 -0
- package/dist/utils/filesystem.js +17 -335
- package/dist/utils/index.js +3 -0
- package/dist/utils/manifest.js +35 -0
- package/dist/utils/version.js +38 -1
- package/package.json +8 -7
- package/dist/services/jsdelivr-registry.js +0 -395
|
@@ -38,15 +38,16 @@ const semver = __importStar(require("semver"));
|
|
|
38
38
|
const github_client_1 = require("../clients/github-client");
|
|
39
39
|
const changelog_parser_1 = require("../parsers/changelog-parser");
|
|
40
40
|
const github_release_html_parser_1 = require("../parsers/github-release-html-parser");
|
|
41
|
-
const constants_1 = require("../../../config/constants");
|
|
42
41
|
const RELEASE_NOTES_FETCH_TIMEOUT_MS = 5000;
|
|
43
42
|
const PREFER_GITHUB_RELEASE_PAGE = true;
|
|
44
43
|
class ReleaseNotesService {
|
|
44
|
+
metadataService;
|
|
45
|
+
githubClient;
|
|
46
|
+
releaseNotesCache = new Map();
|
|
47
|
+
releaseNotesInFlight = new Map();
|
|
45
48
|
constructor(metadataService, githubClient = new github_client_1.GitHubClient()) {
|
|
46
49
|
this.metadataService = metadataService;
|
|
47
50
|
this.githubClient = githubClient;
|
|
48
|
-
this.releaseNotesCache = new Map();
|
|
49
|
-
this.releaseNotesInFlight = new Map();
|
|
50
51
|
}
|
|
51
52
|
clearCache() {
|
|
52
53
|
this.releaseNotesCache.clear();
|
|
@@ -87,9 +88,6 @@ class ReleaseNotesService {
|
|
|
87
88
|
return notes;
|
|
88
89
|
}
|
|
89
90
|
}
|
|
90
|
-
const changelogNotes = await this.fetchJsdelivrChangelog(packageName, version, signal);
|
|
91
|
-
if (changelogNotes)
|
|
92
|
-
return changelogNotes;
|
|
93
91
|
return null;
|
|
94
92
|
}
|
|
95
93
|
getGitHubSources(repoUrl, version, signal) {
|
|
@@ -152,29 +150,6 @@ class ReleaseNotesService {
|
|
|
152
150
|
return null;
|
|
153
151
|
return (0, changelog_parser_1.extractVersionSection)(fullText, version);
|
|
154
152
|
}
|
|
155
|
-
async fetchJsdelivrChangelog(packageName, version, signal) {
|
|
156
|
-
const fullText = await this.fetchPublishedPackageChangelog(packageName, version, signal);
|
|
157
|
-
if (!fullText)
|
|
158
|
-
return null;
|
|
159
|
-
return (0, changelog_parser_1.extractVersionSection)(fullText, version);
|
|
160
|
-
}
|
|
161
|
-
async fetchPublishedPackageChangelog(packageName, version, signal) {
|
|
162
|
-
try {
|
|
163
|
-
const response = await fetch(`${constants_1.JSDELIVR_CDN_URL}/${encodeURIComponent(packageName)}@${version}/CHANGELOG.md`, {
|
|
164
|
-
method: 'GET',
|
|
165
|
-
signal,
|
|
166
|
-
});
|
|
167
|
-
if (!response.ok)
|
|
168
|
-
return null;
|
|
169
|
-
return await response.text();
|
|
170
|
-
}
|
|
171
|
-
catch (error) {
|
|
172
|
-
if (error instanceof DOMException && error.name === 'AbortError') {
|
|
173
|
-
throw error;
|
|
174
|
-
}
|
|
175
|
-
return null;
|
|
176
|
-
}
|
|
177
|
-
}
|
|
178
153
|
}
|
|
179
154
|
exports.ReleaseNotesService = ReleaseNotesService;
|
|
180
155
|
//# sourceMappingURL=release-notes-service.js.map
|
|
@@ -2,14 +2,12 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.getPerformanceTracker = getPerformanceTracker;
|
|
4
4
|
class PerformanceTracker {
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
this.packageManager = null;
|
|
12
|
-
}
|
|
5
|
+
startedAt = null;
|
|
6
|
+
phases = {};
|
|
7
|
+
counts = {};
|
|
8
|
+
batches = [];
|
|
9
|
+
failedPackages = [];
|
|
10
|
+
packageManager = null;
|
|
13
11
|
start() {
|
|
14
12
|
this.startedAt = Date.now();
|
|
15
13
|
this.phases = {};
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.HeadlessRunner = void 0;
|
|
7
|
+
const chalk_1 = __importDefault(require("chalk"));
|
|
8
|
+
const package_detector_1 = require("../../core/package-detector");
|
|
9
|
+
const vulnerability_audit_1 = require("./vulnerability-audit");
|
|
10
|
+
const report_1 = require("./report");
|
|
11
|
+
/**
|
|
12
|
+
* Non-interactive entry point. Resolves the outdated list without rendering the TUI, then either
|
|
13
|
+
* emits a JSON report (--json) or a plain line-based report. With --check, sets a non-zero exit
|
|
14
|
+
* code when updates exist so CI can gate on it. Read-only: never writes package.json or installs.
|
|
15
|
+
*
|
|
16
|
+
* This is the headless counterpart to the interactive `UpgradeRunner`; it shares only the
|
|
17
|
+
* `PackageDetector` (the scan/resolve layer), not the UI/upgrade machinery.
|
|
18
|
+
*/
|
|
19
|
+
class HeadlessRunner {
|
|
20
|
+
detector;
|
|
21
|
+
constructor(options) {
|
|
22
|
+
this.detector = new package_detector_1.PackageDetector(options);
|
|
23
|
+
}
|
|
24
|
+
async run(options) {
|
|
25
|
+
try {
|
|
26
|
+
if (!this.detector.hasPackageJson()) {
|
|
27
|
+
throw new Error('No package.json found in current directory');
|
|
28
|
+
}
|
|
29
|
+
const packages = await this.detector.getOutdatedPackages();
|
|
30
|
+
const outdated = this.detector.getOutdatedPackagesOnly(packages);
|
|
31
|
+
// Audit the current versions (one bulk request, best-effort) and cross-reference each
|
|
32
|
+
// advisory against the upgrade targets, so the report says whether upgrading *fixes* it.
|
|
33
|
+
const vulnerabilities = await (0, vulnerability_audit_1.auditVulnerabilities)(outdated);
|
|
34
|
+
if (options.json) {
|
|
35
|
+
// stdout is reserved for the JSON document only.
|
|
36
|
+
console.log(JSON.stringify((0, report_1.buildHeadlessReport)(packages, outdated, vulnerabilities), null, 2));
|
|
37
|
+
}
|
|
38
|
+
else {
|
|
39
|
+
console.log((0, report_1.renderPlainReport)(outdated, vulnerabilities));
|
|
40
|
+
}
|
|
41
|
+
// Exit 1 only means "updates exist" (like `prettier --check`); 2 is reserved for errors.
|
|
42
|
+
if (options.check && outdated.length > 0) {
|
|
43
|
+
process.exitCode = 1;
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
catch (error) {
|
|
47
|
+
console.error(chalk_1.default.red(`Error: ${error instanceof Error ? error.message : String(error)}`));
|
|
48
|
+
process.exit(2);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
exports.HeadlessRunner = HeadlessRunner;
|
|
53
|
+
//# sourceMappingURL=headless-runner.js.map
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
exports.renderPlainReport = exports.buildHeadlessReport = exports.upgradeClears = exports.auditVulnerabilities = exports.HeadlessRunner = void 0;
|
|
18
|
+
__exportStar(require("./types"), exports);
|
|
19
|
+
var headless_runner_1 = require("./headless-runner");
|
|
20
|
+
Object.defineProperty(exports, "HeadlessRunner", { enumerable: true, get: function () { return headless_runner_1.HeadlessRunner; } });
|
|
21
|
+
var vulnerability_audit_1 = require("./vulnerability-audit");
|
|
22
|
+
Object.defineProperty(exports, "auditVulnerabilities", { enumerable: true, get: function () { return vulnerability_audit_1.auditVulnerabilities; } });
|
|
23
|
+
Object.defineProperty(exports, "upgradeClears", { enumerable: true, get: function () { return vulnerability_audit_1.upgradeClears; } });
|
|
24
|
+
var report_1 = require("./report");
|
|
25
|
+
Object.defineProperty(exports, "buildHeadlessReport", { enumerable: true, get: function () { return report_1.buildHeadlessReport; } });
|
|
26
|
+
Object.defineProperty(exports, "renderPlainReport", { enumerable: true, get: function () { return report_1.renderPlainReport; } });
|
|
27
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.buildHeadlessReport = buildHeadlessReport;
|
|
4
|
+
exports.renderPlainReport = renderPlainReport;
|
|
5
|
+
const types_1 = require("./types");
|
|
6
|
+
/** Build the machine-readable `--json` payload from the scanned + outdated package sets. */
|
|
7
|
+
function buildHeadlessReport(all, outdated, vulnerabilities) {
|
|
8
|
+
return {
|
|
9
|
+
schemaVersion: types_1.HEADLESS_SCHEMA_VERSION,
|
|
10
|
+
summary: {
|
|
11
|
+
total: all.length,
|
|
12
|
+
outdated: outdated.length,
|
|
13
|
+
major: outdated.filter((pkg) => pkg.hasMajorUpdate).length,
|
|
14
|
+
vulnerable: vulnerabilities.size,
|
|
15
|
+
},
|
|
16
|
+
outdated: outdated.map((pkg) => {
|
|
17
|
+
const entry = {
|
|
18
|
+
name: pkg.name,
|
|
19
|
+
current: pkg.currentVersion,
|
|
20
|
+
range: pkg.rangeVersion,
|
|
21
|
+
latest: pkg.latestVersion,
|
|
22
|
+
type: pkg.type,
|
|
23
|
+
packageJsonPath: pkg.packageJsonPath,
|
|
24
|
+
hasMajorUpdate: pkg.hasMajorUpdate,
|
|
25
|
+
};
|
|
26
|
+
if (pkg.deprecated)
|
|
27
|
+
entry.deprecated = pkg.deprecated;
|
|
28
|
+
if (pkg.enginesNode)
|
|
29
|
+
entry.enginesNode = pkg.enginesNode;
|
|
30
|
+
const vulnerability = vulnerabilities.get(pkg);
|
|
31
|
+
if (vulnerability)
|
|
32
|
+
entry.vulnerability = vulnerability;
|
|
33
|
+
return entry;
|
|
34
|
+
}),
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
/** Render the plain, line-based report (one line per package + a recap) as a single string. */
|
|
38
|
+
function renderPlainReport(outdated, vulnerabilities) {
|
|
39
|
+
if (outdated.length === 0) {
|
|
40
|
+
return 'All dependencies are up to date — no upgrades needed.';
|
|
41
|
+
}
|
|
42
|
+
const lines = outdated.map((pkg) => {
|
|
43
|
+
const major = pkg.hasMajorUpdate ? ' (major)' : '';
|
|
44
|
+
const deprecated = pkg.deprecated ? ' [deprecated]' : '';
|
|
45
|
+
return `${pkg.name} ${pkg.currentVersion} → ${pkg.latestVersion} [${pkg.type}]${major}${vulnMarker(vulnerabilities.get(pkg))}${deprecated}`;
|
|
46
|
+
});
|
|
47
|
+
const fileCount = new Set(outdated.map((pkg) => pkg.packageJsonPath)).size;
|
|
48
|
+
const vulnNote = vulnerabilities.size > 0 ? ` — ${vulnerabilities.size} with known vulnerabilities` : '';
|
|
49
|
+
lines.push('', `${outdated.length} package(s) outdated across ${fileCount} file(s)${vulnNote}.`);
|
|
50
|
+
return lines.join('\n');
|
|
51
|
+
}
|
|
52
|
+
/** A compact `[vuln: N sev → verdict]` tag for the plain report; '' when there are none. */
|
|
53
|
+
function vulnMarker(vulnerability) {
|
|
54
|
+
if (!vulnerability)
|
|
55
|
+
return '';
|
|
56
|
+
// Prefer the cheaper fix: if the in-range bump already clears it, that's the safer action.
|
|
57
|
+
const verdict = vulnerability.fixedByRange
|
|
58
|
+
? 'fixed by range upgrade'
|
|
59
|
+
: vulnerability.fixedByLatest
|
|
60
|
+
? 'fixed by latest only'
|
|
61
|
+
: 'not fixed by upgrade';
|
|
62
|
+
return ` [vuln: ${vulnerability.count} ${vulnerability.highestSeverity} → ${verdict}]`;
|
|
63
|
+
}
|
|
64
|
+
//# sourceMappingURL=report.js.map
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HEADLESS_SCHEMA_VERSION = void 0;
|
|
4
|
+
/** Bump when the `--json` shape changes in a way consumers (scripts, agents) must adapt to. */
|
|
5
|
+
exports.HEADLESS_SCHEMA_VERSION = 1;
|
|
6
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.auditVulnerabilities = auditVulnerabilities;
|
|
37
|
+
exports.upgradeClears = upgradeClears;
|
|
38
|
+
const semver = __importStar(require("semver"));
|
|
39
|
+
const services_1 = require("../../services");
|
|
40
|
+
const utils_1 = require("../../utils");
|
|
41
|
+
/**
|
|
42
|
+
* Audit the outdated packages' currently-installed versions (one bulk request, matching the
|
|
43
|
+
* interactive audit) and, for each advisory, cross-reference its affected range against the
|
|
44
|
+
* upgrade targets — so callers can state whether upgrading actually *fixes* the issue.
|
|
45
|
+
*
|
|
46
|
+
* Best-effort: `fetchVulnerabilities` swallows network errors and returns an empty map, so a
|
|
47
|
+
* failed audit never blocks the report. Returns only the vulnerable packages, keyed by package.
|
|
48
|
+
*/
|
|
49
|
+
async function auditVulnerabilities(outdated) {
|
|
50
|
+
const result = new Map();
|
|
51
|
+
if (outdated.length === 0)
|
|
52
|
+
return result;
|
|
53
|
+
// The bulk advisory API is keyed by package name (one version per name), so dedupe by name.
|
|
54
|
+
const versions = new Map();
|
|
55
|
+
for (const pkg of outdated) {
|
|
56
|
+
if (!versions.has(pkg.name))
|
|
57
|
+
versions.set(pkg.name, pkg.currentVersion);
|
|
58
|
+
}
|
|
59
|
+
const advisories = await (0, services_1.fetchVulnerabilities)(versions);
|
|
60
|
+
if (advisories.size === 0)
|
|
61
|
+
return result;
|
|
62
|
+
for (const pkg of outdated) {
|
|
63
|
+
const found = advisories.get(pkg.name);
|
|
64
|
+
if (!found || found.vulnerabilities.length === 0 || !found.highestSeverity)
|
|
65
|
+
continue;
|
|
66
|
+
result.set(pkg, summarizeVulnerability(pkg, found.vulnerabilities, found.highestSeverity));
|
|
67
|
+
}
|
|
68
|
+
return result;
|
|
69
|
+
}
|
|
70
|
+
function summarizeVulnerability(pkg, vulnerabilities, highestSeverity) {
|
|
71
|
+
const advisories = vulnerabilities.map((vuln) => ({
|
|
72
|
+
id: vuln.id,
|
|
73
|
+
title: vuln.title,
|
|
74
|
+
severity: vuln.severity,
|
|
75
|
+
url: vuln.url,
|
|
76
|
+
vulnerableVersions: vuln.vulnerable_versions,
|
|
77
|
+
fixedByRange: upgradeClears(pkg.rangeVersion, vuln.vulnerable_versions),
|
|
78
|
+
fixedByLatest: upgradeClears(pkg.latestVersion, vuln.vulnerable_versions),
|
|
79
|
+
}));
|
|
80
|
+
return {
|
|
81
|
+
count: advisories.length,
|
|
82
|
+
highestSeverity,
|
|
83
|
+
fixedByRange: advisories.every((advisory) => advisory.fixedByRange),
|
|
84
|
+
fixedByLatest: advisories.every((advisory) => advisory.fixedByLatest),
|
|
85
|
+
advisories,
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* True when upgrading to `target` escapes an advisory's affected range. Conservative: if either
|
|
90
|
+
* the target or the advisory range can't be parsed, we do NOT claim a fix — `semver.satisfies`
|
|
91
|
+
* treats an invalid range as "matches nothing", which would otherwise read as a false "fixed".
|
|
92
|
+
*/
|
|
93
|
+
function upgradeClears(target, vulnerableVersions) {
|
|
94
|
+
const comparable = (0, utils_1.toComparableVersion)(target);
|
|
95
|
+
if (!comparable)
|
|
96
|
+
return false;
|
|
97
|
+
if (semver.validRange(vulnerableVersions) === null)
|
|
98
|
+
return false;
|
|
99
|
+
try {
|
|
100
|
+
return !semver.satisfies(comparable, vulnerableVersions, { includePrerelease: true });
|
|
101
|
+
}
|
|
102
|
+
catch {
|
|
103
|
+
return false;
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
//# sourceMappingURL=vulnerability-audit.js.map
|
package/dist/index.js
CHANGED
|
@@ -3,8 +3,7 @@
|
|
|
3
3
|
* Public API for inup
|
|
4
4
|
*/
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.
|
|
6
|
+
exports.UpgradeRunner = void 0;
|
|
7
7
|
var core_1 = require("./core");
|
|
8
8
|
Object.defineProperty(exports, "UpgradeRunner", { enumerable: true, get: function () { return core_1.UpgradeRunner; } });
|
|
9
|
-
Object.defineProperty(exports, "PnpmUpgradeInteractive", { enumerable: true, get: function () { return core_1.PnpmUpgradeInteractive; } });
|
|
10
9
|
//# sourceMappingURL=index.js.map
|