npm - mobbdev - Versions diffs - 0.0.187 → 0.0.189 - Mend

mobbdev 0.0.187 → 0.0.189

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -55,7 +55,7 @@ Options:
 Examples:
   mobbdev scan -r https://github.com/WebGoat/WebGoat  Scan an existing repository
-Made with ❤️  by Mobb
+Made with ❤️ by Mobb
 ```
 To run a new SAST scan on a repo and get fixes, run the **Bugsy Scan** command. Example:

package/dist/index.mjs CHANGED Viewed

@@ -27,10 +27,6 @@ import yargs from "yargs/yargs";
 // src/args/commands/analyze.ts
 import fs5 from "node:fs";
-// src/commands/index.ts
-import fs4 from "node:fs";
-import path7 from "node:path";
 // src/constants.ts
 import path from "node:path";
 import { fileURLToPath } from "node:url";
@@ -317,6 +313,7 @@ var GetFixesDocument = `
       __typename
       ... on FixData {
         patch
+        patchOriginalEncodingBase64
         questions {
           defaultValue
           extraContext {
@@ -1004,6 +1001,7 @@ var FixExtraContextZ = z3.object({
 var PatchAndQuestionsZ = z3.object({
   __typename: z3.literal("FixData"),
   patch: z3.string(),
+  patchOriginalEncodingBase64: z3.string(),
   questions: z3.array(
     z3.object({
       name: z3.string(),
@@ -1340,9 +1338,9 @@ var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
 // src/features/analysis/index.ts
 import crypto from "node:crypto";
-import fs3 from "node:fs";
+import fs4 from "node:fs";
 import os from "node:os";
-import path6 from "node:path";
+import path7 from "node:path";
 import { pipeline } from "node:stream/promises";
 // src/utils/index.ts
@@ -1353,6 +1351,7 @@ __export(utils_exports, {
   getDirName: () => getDirName,
   getTopLevelDirName: () => getTopLevelDirName,
   keypress: () => keypress,
+  packageJson: () => packageJson,
   sleep: () => sleep
 });
@@ -1404,6 +1403,21 @@ function Spinner({ ci = false } = {}) {
   };
 }
+// src/utils/check_node_version.ts
+import fs from "node:fs";
+import path3 from "node:path";
+import semver from "semver";
+var packageJson = JSON.parse(
+  fs.readFileSync(path3.join(getDirName(), "../package.json"), "utf8")
+);
+if (!semver.satisfies(process.version, packageJson.engines.node)) {
+  console.error(
+    `
+\u26A0\uFE0F ${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
+  );
+  process.exit(1);
+}
 // src/utils/index.ts
 var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
 var CliError = class extends Error {
@@ -1416,7 +1430,6 @@ import Debug16 from "debug";
 import extract from "extract-zip";
 import fetch4 from "node-fetch";
 import open2 from "open";
-import semver from "semver";
 import tmp2 from "tmp";
 import { z as z22 } from "zod";
@@ -1981,6 +1994,11 @@ var insecureRandomness = {
     content: () => "We use the `RandomNumberGenerator` class from the `System.Security.Cryptography` package. Does this class exist for the .NET version you use?",
     description: () => "See [the official documentation](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.randomnumbergenerator?view=net-8.0#applies-to) for more details.",
     guidance: () => ""
+  },
+  net_version_gt_6: {
+    content: () => "We are able to offer a more concise solution if the .NET version is greater then .NET 6",
+    description: () => "",
+    guidance: () => ""
   }
 };
@@ -4526,9 +4544,9 @@ async function brokerRequestHandler(endpoint, options) {
 }
 // src/features/analysis/scm/scmSubmit/index.ts
-import fs from "node:fs/promises";
+import fs2 from "node:fs/promises";
 import parseDiff from "parse-diff";
-import path3 from "path";
+import path4 from "path";
 import { simpleGit } from "simple-git";
 import tmp from "tmp";
 import { z as z15 } from "zod";
@@ -4540,6 +4558,7 @@ var BaseSubmitToScmMessageZ = z14.object({
   fixes: z14.array(
     z14.object({
       fixId: z14.string().uuid(),
+      patchesOriginalEncodingBase64: z14.array(z14.string()),
       patches: z14.array(z14.string())
     })
   ),
@@ -4642,7 +4661,7 @@ var isValidBranchName = async (branchName) => {
 var FixesZ = z15.array(
   z15.object({
     fixId: z15.string(),
-    patches: z15.array(z15.string())
+    patchesOriginalEncodingBase64: z15.array(z15.string())
   })
 ).nonempty();
@@ -7257,8 +7276,8 @@ var GQLClient = class {
 };
 // src/features/analysis/pack.ts
-import fs2 from "node:fs";
-import path4 from "node:path";
+import fs3 from "node:fs";
+import path5 from "node:path";
 import AdmZip from "adm-zip";
 import Debug11 from "debug";
 import { globby } from "globby";
@@ -7310,20 +7329,20 @@ async function pack(srcDirPath, vulnFiles) {
   const zip = new AdmZip();
   debug11("compressing files");
   for (const filepath of filepaths) {
-    const absFilepath = path4.join(srcDirPath, filepath.toString());
+    const absFilepath = path5.join(srcDirPath, filepath.toString());
     vulnFiles = vulnFiles.concat(_get_manifest_files_suffixes());
     if (!endsWithAny(
-      absFilepath.toString().replaceAll(path4.win32.sep, path4.posix.sep),
+      absFilepath.toString().replaceAll(path5.win32.sep, path5.posix.sep),
       vulnFiles
     )) {
       debug11("ignoring %s because it is not a vulnerability file", filepath);
       continue;
     }
-    if (fs2.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
+    if (fs3.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
       debug11("ignoring %s because the size is > 5MB", filepath);
       continue;
     }
-    const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs2.readFileSync(absFilepath);
+    const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs3.readFileSync(absFilepath);
     if (isBinary(null, data)) {
       debug11("ignoring %s because is seems to be a binary file", filepath);
       continue;
@@ -7460,7 +7479,7 @@ import Debug13 from "debug";
 import { existsSync } from "fs";
 import { createSpinner as createSpinner2 } from "nanospinner";
 import { type } from "os";
-import path5 from "path";
+import path6 from "path";
 var debug12 = Debug13("mobbdev:checkmarx");
 var require2 = createRequire(import.meta.url);
 var getCheckmarxPath = () => {
@@ -7520,9 +7539,9 @@ async function getCheckmarxReport({ reportPath, repositoryRoot, branch, projectN
     await startCheckmarxConfigationPrompt();
     await validateCheckamxCredentials();
   }
-  const extension = path5.extname(reportPath);
-  const filePath = path5.dirname(reportPath);
-  const fileName = path5.basename(reportPath, extension);
+  const extension = path6.extname(reportPath);
+  const filePath = path6.dirname(reportPath);
+  const fileName = path6.basename(reportPath, extension);
   const checkmarxCommandArgs = getCheckmarxCommandArgs({
     repoPath: repositoryRoot,
     branch,
@@ -7689,7 +7708,7 @@ async function downloadRepo({
   const { createSpinner: createSpinner4 } = Spinner2({ ci });
   const repoSpinner = createSpinner4("\u{1F4BE} Downloading Repo").start();
   debug15("download repo %s %s %s", repoUrl, dirname);
-  const zipFilePath = path6.join(dirname, "repo.zip");
+  const zipFilePath = path7.join(dirname, "repo.zip");
   debug15("download URL: %s auth headers: %o", downloadUrl, authHeaders);
   const response = await fetch4(downloadUrl, {
     method: "GET",
@@ -7702,19 +7721,19 @@ async function downloadRepo({
     repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
     throw new Error(`Can't access ${chalk4.bold(repoUrl)}`);
   }
-  const fileWriterStream = fs3.createWriteStream(zipFilePath);
+  const fileWriterStream = fs4.createWriteStream(zipFilePath);
   if (!response.body) {
     throw new Error("Response body is empty");
   }
   await pipeline(response.body, fileWriterStream);
   await extract(zipFilePath, { dir: dirname });
-  const repoRoot = fs3.readdirSync(dirname, { withFileTypes: true }).filter((dirent) => dirent.isDirectory()).map((dirent) => dirent.name)[0];
+  const repoRoot = fs4.readdirSync(dirname, { withFileTypes: true }).filter((dirent) => dirent.isDirectory()).map((dirent) => dirent.name)[0];
   if (!repoRoot) {
     throw new Error("Repo root not found");
   }
   debug15("repo root %s", repoRoot);
   repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
-  return path6.join(dirname, repoRoot);
+  return path7.join(dirname, repoRoot);
 }
 var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
 var LOGIN_CHECK_DELAY = 5 * 1e3;
@@ -7727,14 +7746,6 @@ var getReportUrl = ({
   fixReportId
 }) => `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${fixReportId}`;
 var debug15 = Debug16("mobbdev:index");
-var packageJson = JSON.parse(
-  fs3.readFileSync(path6.join(getDirName(), "../package.json"), "utf8")
-);
-if (!semver.satisfies(process.version, packageJson.engines.node)) {
-  throw new CliError2(
-    `${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
-  );
-}
 var config2 = new Configstore(packageJson.name, { apiToken: "" });
 debug15("config %o", config2);
 async function runAnalysis(params, options) {
@@ -7837,7 +7848,7 @@ async function getReport(params, { skipPrompts }) {
     authHeaders: scm.getAuthHeaders(),
     downloadUrl
   });
-  const reportPath = path6.join(dirname, "report.json");
+  const reportPath = path7.join(dirname, "report.json");
   switch (scanner) {
     case "snyk":
       await getSnykReport(reportPath, repositoryRoot, { skipPrompts });
@@ -8337,10 +8348,7 @@ async function analyze({
     { skipPrompts }
   );
 }
-var packageJson2 = JSON.parse(
-  fs4.readFileSync(path7.join(getDirName(), "../package.json"), "utf8")
-);
-var config3 = new Configstore2(packageJson2.name, { apiToken: "" });
+var config3 = new Configstore2(packageJson.name, { apiToken: "" });
 async function addScmToken(addScmTokenOptions) {
   const { apiKey, token, organization, scmType, url, refreshToken } = addScmTokenOptions;
   const gqlClient = new GQLClient({
@@ -8738,7 +8746,7 @@ var parseArgs = async (args) => {
     handler() {
       yargsInstance.showHelp();
     }
-  }).strictOptions().help("h").alias("h", "help").epilog(chalk9.bgBlue("Made with \u2764\uFE0F  by Mobb")).showHelpOnFail(true).wrap(Math.min(120, yargsInstance.terminalWidth())).parse();
+  }).strictOptions().help("h").alias("h", "help").epilog(chalk9.bgBlue("Made with \u2764\uFE0F by Mobb")).showHelpOnFail(true).wrap(Math.min(120, yargsInstance.terminalWidth())).parse();
 };
 // src/index.ts

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.187",
+  "version": "0.0.189",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -28,25 +28,25 @@
   "author": "",
   "license": "MIT",
   "dependencies": {
-    "@gitbeaker/core": "41.1.1",
-    "@gitbeaker/requester-utils": "41.1.1",
-    "@gitbeaker/rest": "41.1.1",
+    "@gitbeaker/core": "41.3.0",
+    "@gitbeaker/requester-utils": "41.3.0",
+    "@gitbeaker/rest": "41.3.0",
     "@octokit/core": "5.2.0",
     "@octokit/graphql": "5.0.6",
     "@octokit/plugin-rest-endpoint-methods": "7.2.3",
     "@octokit/request-error": "3.0.3",
     "@types/libsodium-wrappers": "0.7.13",
     "adm-zip": "0.5.16",
-    "axios": "1.7.7",
+    "axios": "1.7.9",
     "azure-devops-node-api": "12.1.0",
     "bitbucket": "2.11.0",
     "chalk": "5.3.0",
     "chalk-animation": "2.0.3",
     "configstore": "6.0.0",
-    "debug": "4.3.7",
-    "dotenv": "16.4.5",
+    "debug": "4.4.0",
+    "dotenv": "16.4.7",
     "extract-zip": "2.0.1",
-    "globby": "13.2.2",
+    "globby": "14.0.2",
     "graphql": "16.9.0",
     "graphql-request": "6.1.0",
     "graphql-tag": "2.12.6",
@@ -62,7 +62,7 @@
     "parse-diff": "0.11.1",
     "semver": "7.6.3",
     "simple-git": "3.27.0",
-    "snyk": "1.1294.0",
+    "snyk": "1.1294.2",
     "supports-color": "9.4.0",
     "tar": "6.2.1",
     "tmp": "0.2.3",
@@ -74,12 +74,12 @@
   },
   "devDependencies": {
     "@graphql-codegen/cli": "5.0.3",
-    "@graphql-codegen/typescript": "4.1.1",
+    "@graphql-codegen/typescript": "4.1.2",
     "@graphql-codegen/typescript-graphql-request": "6.2.0",
-    "@graphql-codegen/typescript-operations": "4.3.1",
+    "@graphql-codegen/typescript-operations": "4.4.0",
     "@octokit/request-error": "3.0.3",
-    "@octokit/types": "13.6.1",
-    "@types/adm-zip": "0.5.5",
+    "@octokit/types": "13.6.2",
+    "@types/adm-zip": "0.5.7",
     "@types/chalk-animation": "1.6.3",
     "@types/configstore": "6.0.2",
     "@types/debug": "4.1.12",
@@ -92,19 +92,19 @@
     "@types/yargs": "17.0.33",
     "@typescript-eslint/eslint-plugin": "7.17.0",
     "@typescript-eslint/parser": "7.17.0",
-    "@vitest/coverage-istanbul": "2.1.4",
-    "@vitest/ui": "^2.1.2",
+    "@vitest/coverage-istanbul": "2.1.8",
+    "@vitest/ui": "2.1.8",
     "eslint": "8.57.0",
     "eslint-plugin-import": "2.31.0",
     "eslint-plugin-prettier": "5.2.1",
     "eslint-plugin-simple-import-sort": "10.0.0",
-    "prettier": "3.3.3",
+    "prettier": "3.4.2",
     "tsup": "7.2.0",
     "typescript": "4.9.5",
-    "vitest": "2.1.4"
+    "vitest": "2.1.8"
   },
   "engines": {
-    "node": ">=18.18.0"
+    "node": ">=18.20.4"
   },
   "files": [
     "bin/cli.mjs",