mobbdev 1.0.46 → 1.0.50

package/dist/index.mjs

@@ -614,8 +614,12 @@ var GitReferenceDocument = `
 }
     `;
 var AutoPrAnalysisDocument = `
-    mutation autoPrAnalysis($analysisId: String!, $commitDirectly: Boolean) {
-  autoPrAnalysis(analysisId: $analysisId, sameBranchCommit: $commitDirectly) {
+    mutation autoPrAnalysis($analysisId: String!, $commitDirectly: Boolean, $prId: Int) {
+  autoPrAnalysis(
+    analysisId: $analysisId
+    sameBranchCommit: $commitDirectly
+    prId: $prId
+  ) {
     __typename
     ... on AutoPrSuccess {
       status
@@ -4303,6 +4307,26 @@ async function getAdoSdk(params) {
       }
       return parsedPullRequestStatus.data;
     },
+    async addCommentToAdoPullRequest({
+      repoUrl,
+      prNumber,
+      markdownComment
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      const comment = {
+        comments: [
+          {
+            parentCommentId: 0,
+            // Root comment
+            content: markdownComment,
+            commentType: 1
+            // Default type
+          }
+        ]
+      };
+      await git.createThread(comment, repo, prNumber, projectName);
+    },
     async getAdoIsRemoteBranch({
       repoUrl,
       branch
@@ -4618,7 +4642,8 @@ var CommitToSameBranchParamsZ = BaseSubmitToScmMessageZ.merge(
     branch: z19.string(),
     commitMessages: z19.array(z19.string()),
     commitDescriptions: z19.array(z19.string().nullish()),
-    githubCommentId: z19.number().nullish()
+    githubCommentId: z19.number().nullish(),
+    prId: z19.number().nullish()
   })
 );
 var SubmitFixesToDifferentBranchParamsZ = z19.object({
@@ -4677,7 +4702,8 @@ var GitCommitZ = z19.object({
 var SubmitFixesToSameBranchResponseMessageZ = z19.object({
   type: z19.literal(submitToScmMessageType.commitToSameBranch),
   githubCommentId: z19.number().nullish(),
-  commits: z19.array(GitCommitZ)
+  commits: z19.array(GitCommitZ),
+  prId: z19.number().nullish()
 }).merge(SubmitFixesBaseResponseMessageZ);
 var SubmitFixesToDifferentBranchResponseMessageZ = z19.object({
   type: z19.literal(submitToScmMessageType.submitFixesForDifferentBranch),
@@ -4932,16 +4958,16 @@ var AdoSCMLib = class extends SCMLib {
       repoUrl: this.url
     });
   }
-  async getPrUrl(prNumber) {
+  async getSubmitRequestUrl(submitRequestIdNumber) {
     this._validateUrl();
     const adoSdk = await this.getAdoSdk();
     return adoSdk.getAdoPrUrl({
       url: this.url,
-      prNumber
+      prNumber: submitRequestIdNumber
     });
   }
-  async getPrId(prUrl) {
-    const match = prUrl.match(/\/pullrequest\/(\d+)/);
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/pullrequest\/(\d+)/);
     return match?.[1] || "";
   }
   async getCommitUrl(commitId) {
@@ -4952,6 +4978,15 @@ var AdoSCMLib = class extends SCMLib {
       commitId
     });
   }
+  async addCommentToSubmitRequest(scmSubmitRequestId, comment) {
+    this._validateAccessTokenAndUrl();
+    const adoSdk = await this.getAdoSdk();
+    await adoSdk.addCommentToAdoPullRequest({
+      repoUrl: this.url,
+      prNumber: Number(scmSubmitRequestId),
+      markdownComment: comment
+    });
+  }
 };
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
@@ -4993,7 +5028,7 @@ function parseBitbucketOrganizationAndRepo(bitbucketUrl) {
   const validatedBitbucketResult = BitbucketParseResultZ.parse(parsingResult);
   return {
     workspace: validatedBitbucketResult.organization,
-    repoSlug: validatedBitbucketResult.repoName
+    repo_slug: validatedBitbucketResult.repoName
   };
 }
 function getBitbucketIntance(params) {
@@ -5033,11 +5068,11 @@ function getBitbucketSdk(params) {
       }));
     },
     async getBranchList(params2) {
-      const { workspace, repoSlug } = parseBitbucketOrganizationAndRepo(
+      const { workspace, repo_slug } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.refs.listBranches({
-        repo_slug: repoSlug,
+        repo_slug,
         workspace,
         pagelen: 100,
         //It seems to not work with very large numbers like 1000 (MAX_BRANCHES_FETCH) and returns a bad request response
@@ -5050,8 +5085,8 @@ function getBitbucketSdk(params) {
     },
     async getIsUserCollaborator(params2) {
       const { repoUrl } = params2;
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(repoUrl);
-      const fullRepoName = `${workspace}/${repoSlug}`;
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(repoUrl);
+      const fullRepoName = `${workspace}/${repo_slug}`;
       const res = await bitbucketClient.user.listPermissionsForRepos({
         q: `repository.full_name~"${fullRepoName}"`
       });
@@ -5060,11 +5095,11 @@ function getBitbucketSdk(params) {
       ) ?? false;
     },
     async createPullRequest(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.pullrequests.create({
-        repo_slug: repoSlug,
+        repo_slug,
         workspace,
         _body: {
           type: "pullrequest",
@@ -5087,43 +5122,43 @@ function getBitbucketSdk(params) {
       return res.data;
     },
     async getDownloadlink(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.downloads.list({
-        repo_slug: repoSlug,
+        repo_slug,
         workspace
       });
       return res.data;
     },
     async getBranch(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.refs.getBranch({
         name: params2.branchName,
-        repo_slug: repoSlug,
+        repo_slug,
         workspace
       });
       return res.data;
     },
     async getRepo(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.repositories.get({
-        repo_slug: repoSlug,
+        repo_slug,
         workspace
       });
       return res.data;
     },
     async getCommit(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.repoUrl
       );
       const res = await bitbucketClient.commits.get({
         commit: params2.commitSha,
-        repo_slug: repoSlug,
+        repo_slug,
         workspace
       });
       return res.data;
@@ -5152,9 +5187,9 @@ function getBitbucketSdk(params) {
     },
     async getTagRef(params2) {
       const { tagName, repoUrl } = params2;
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(repoUrl);
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(repoUrl);
       const tagRes = await bitbucketClient.refs.getTag({
-        repo_slug: repoSlug,
+        repo_slug,
         workspace,
         name: tagName
       });
@@ -5187,12 +5222,31 @@ function getBitbucketSdk(params) {
       return `${parsedRepoUrl}/get/${sha}.zip`;
     },
     async getPullRequest(params2) {
-      const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(
         params2.url
       );
       const res = await bitbucketClient.pullrequests.get({
         pull_request_id: params2.prNumber,
-        repo_slug: repoSlug,
+        repo_slug,
+        workspace
+      });
+      return res.data;
+    },
+    async addCommentToPullRequest({
+      url,
+      prNumber,
+      markdownComment
+    }) {
+      const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(url);
+      const res = await bitbucketClient.pullrequests.createComment({
+        //@ts-expect-error tyep requires _body.type, but it its uses api fails
+        _body: {
+          content: {
+            raw: markdownComment
+          }
+        },
+        pull_request_id: prNumber,
+        repo_slug,
         workspace
       });
       return res.data;
@@ -5462,24 +5516,32 @@ var BitbucketSCMLib = class extends SCMLib {
     const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
     return z23.string().parse(repoRes.mainbranch?.name);
   }
-  getPrUrl(prNumber) {
+  getSubmitRequestUrl(submitRequestId) {
     this._validateUrl();
-    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
+    const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
     return Promise.resolve(
-      `https://bitbucket.org/${workspace}/${repoSlug}/pull-requests/${prNumber}`
+      `https://bitbucket.org/${workspace}/${repo_slug}/pull-requests/${submitRequestId}`
     );
   }
-  async getPrId(prUrl) {
-    const match = prUrl.match(/\/pull-requests\/(\d+)/);
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/pull-requests\/(\d+)/);
     return match?.[1] || "";
   }
   getCommitUrl(commitId) {
     this._validateUrl();
-    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
+    const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
     return Promise.resolve(
-      `https://bitbucket.org/${workspace}/${repoSlug}/commits/${commitId}`
+      `https://bitbucket.org/${workspace}/${repo_slug}/commits/${commitId}`
     );
   }
+  async addCommentToSubmitRequest(submitRequestId, comment) {
+    this._validateUrl();
+    await this.bitbucketSdk.addCommentToPullRequest({
+      prNumber: Number(submitRequestId),
+      url: this.url,
+      markdownComment: comment
+    });
+  }
 };
 
 // src/features/analysis/scm/github/GithubSCMLib.ts
@@ -5640,6 +5702,14 @@ var GithubSCMLib = class extends SCMLib {
       prNumber: Number(scmSubmitRequestId)
     });
   }
+  async addCommentToSubmitRequest(submitRequestId, comment) {
+    this._validateAccessTokenAndUrl();
+    await this.githubSdk.createMarkdownCommentOnPullRequest({
+      repoUrl: this.url,
+      prNumber: Number(submitRequestId),
+      markdownComment: comment
+    });
+  }
   async getRepoBlameRanges(ref, path9) {
     this._validateUrl();
     return await this.githubSdk.getGithubBlameRanges({
@@ -5665,18 +5735,18 @@ var GithubSCMLib = class extends SCMLib {
     this._validateUrl();
     return await this.githubSdk.getGithubRepoDefaultBranch(this.url);
   }
-  async getPrUrl(prNumber) {
+  async getSubmitRequestUrl(submitRequestUrl) {
     this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
     const getPrRes = await this.githubSdk.getPr({
       owner,
       repo,
-      pull_number: prNumber
+      pull_number: submitRequestUrl
     });
     return getPrRes.data.html_url;
   }
-  async getPrId(prUrl) {
-    const match = prUrl.match(/\/pull\/(\d+)/);
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/pull\/(\d+)/);
     return match?.[1] || "";
   }
   async getCommitUrl(commitId) {
@@ -5826,6 +5896,9 @@ async function getGitlabIsUserCollaborator({
     const members = await api2.ProjectMembers.all(res.id, {
       includeInherited: true
     });
+    if (!username) {
+      return true;
+    }
     return !!members.find((member) => member.username === username);
   } catch (e) {
     return false;
@@ -5853,6 +5926,16 @@ async function getGitlabMergeRequestStatus({
       throw new Error(`unknown merge request state ${res.state}`);
   }
 }
+async function createMarkdownCommentOnPullRequest({
+  markdownComment,
+  accessToken,
+  repoUrl,
+  mrNumber
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+  return api2.MergeRequestNotes.create(projectPath, mrNumber, markdownComment);
+}
 async function getGitlabIsRemoteBranch({
   accessToken,
   repoUrl,
@@ -6174,7 +6257,14 @@ var GitlabSCMLib = class extends SCMLib {
   }
   async getUserHasAccessToRepo() {
     this._validateAccessTokenAndUrl();
-    const username = await this.getUsername();
+    let username = void 0;
+    try {
+      username = await this.getUsername();
+    } catch (e) {
+      console.warn(
+        "could not get username. this is okay if a project token is used"
+      );
+    }
     return getGitlabIsUserCollaborator({
       username,
       accessToken: this.accessToken,
@@ -6203,6 +6293,15 @@ var GitlabSCMLib = class extends SCMLib {
         throw new Error(`unknown state ${state}`);
     }
   }
+  async addCommentToSubmitRequest(submitRequestId, comment) {
+    this._validateAccessTokenAndUrl();
+    await createMarkdownCommentOnPullRequest({
+      accessToken: this.accessToken,
+      repoUrl: this.url,
+      mrNumber: Number(submitRequestId),
+      markdownComment: comment
+    });
+  }
   async getRepoBlameRanges(ref, path9) {
     this._validateUrl();
     return await getGitlabBlameRanges(
@@ -6230,17 +6329,17 @@ var GitlabSCMLib = class extends SCMLib {
       gitlabAuthToken: this.accessToken
     });
   }
-  async getPrUrl(prNumber) {
+  async getSubmitRequestUrl(submitRequestUrl) {
     this._validateAccessTokenAndUrl();
     const res = await getGitlabMergeRequest({
       url: this.url,
-      prNumber,
+      prNumber: submitRequestUrl,
       accessToken: this.accessToken
     });
     return res.web_url;
   }
-  async getPrId(prUrl) {
-    const match = prUrl.match(/\/merge_requests\/(\d+)/);
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/merge_requests\/(\d+)/);
     return match?.[1] || "";
   }
   async getCommitUrl(commitId) {
@@ -6325,12 +6424,12 @@ var StubSCMLib = class extends SCMLib {
     console.warn("getRepoDefaultBranch() returning empty string");
     return "";
   }
-  async getPrUrl(_prNumber) {
-    console.warn("getPrUrl() returning empty string");
+  async getSubmitRequestUrl(_submitRequestIdNumber) {
+    console.warn("getSubmitRequestUrl() returning empty string");
     return "";
   }
-  async getPrId(_prUrl) {
-    console.warn("getPrId() returning empty string");
+  async getSubmitRequestId(_submitRequestUrl) {
+    console.warn("getSubmitRequestId() returning empty string");
     return "";
   }
   async getCommitUrl(_commitId) {
@@ -6341,6 +6440,9 @@ var StubSCMLib = class extends SCMLib {
     console.warn("_getUsernameForAuthUrl() returning empty string");
     return "";
   }
+  async addCommentToSubmitRequest(_submitRequestId, _comment) {
+    console.warn("addCommentToSubmitRequest() no-op");
+  }
 };
 
 // src/features/analysis/scm/scmFactory.ts
@@ -6566,6 +6668,16 @@ function getGithubSdk(params = {}) {
       }
       return res.data.state;
     },
+    async createMarkdownCommentOnPullRequest(params2) {
+      const { repoUrl, prNumber, markdownComment } = params2;
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      return octokit.rest.issues.createComment({
+        owner,
+        repo,
+        issue_number: prNumber,
+        body: markdownComment
+      });
+    },
     async getGithubIsRemoteBranch(params2) {
       const { repoUrl, branch } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
@@ -7302,7 +7414,7 @@ async function addFixCommentsForPr({
 import Debug9 from "debug";
 var debug9 = Debug9("mobbdev:handleAutoPr");
 async function handleAutoPr(params) {
-  const { gqlClient, analysisId, commitDirectly, createSpinner: createSpinner5 } = params;
+  const { gqlClient, analysisId, commitDirectly, prId, createSpinner: createSpinner5 } = params;
   const createAutoPrSpinner = createSpinner5(
     "\u{1F504} Waiting for the analysis to finish before initiating automatic pull request creation"
   ).start();
@@ -7313,7 +7425,8 @@ async function handleAutoPr(params) {
     callback: async (analysisId2) => {
       const autoPrAnalysisRes = await gqlClient.autoPrAnalysis(
         analysisId2,
-        commitDirectly
+        commitDirectly,
+        prId
       );
       debug9("auto pr analysis res %o", autoPrAnalysisRes);
       if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrError") {
@@ -7771,10 +7884,11 @@ var GQLClient = class {
     }
     return res.analysis;
   }
-  async autoPrAnalysis(analysisId, commitDirectly) {
+  async autoPrAnalysis(analysisId, commitDirectly, prId) {
     return this._clientSdk.autoPrAnalysis({
       analysisId,
-      commitDirectly
+      commitDirectly,
+      prId
     });
   }
   async getFixes(fixIds) {
@@ -8242,7 +8356,7 @@ async function uploadFile({
 
 // src/features/analysis/index.ts
 var { CliError: CliError2, Spinner: Spinner2 } = utils_exports;
-function _getScanSource(command) {
+function _getScanSource(command, ci) {
   if (command === "review")
     return "AUTO_FIXER" /* AutoFixer */;
   const envToCi = [
@@ -8258,6 +8372,9 @@ function _getScanSource(command) {
       return source;
     }
   }
+  if (ci) {
+    return "CI_UNKNOWN" /* CiUnknown */;
+  }
   return "CLI" /* Cli */;
 }
 async function downloadRepo({
@@ -8445,7 +8562,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
     command,
     organizationId: userOrganizationId,
     autoPr,
-    commitDirectly
+    commitDirectly,
+    pullRequest
   } = params;
   debug16("start %s %s", dirname, repo);
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
@@ -8554,7 +8672,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
     gqlClient,
     fixReportId: reportUploadInfo.fixReportId,
     projectId,
-    command
+    command,
+    ci
   });
   uploadReportSpinner.success({ text: "\u{1F4C1} Report uploaded successfully" });
   const mobbSpinner = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
@@ -8570,7 +8689,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
       sha,
       experimentalEnabled,
       pullRequest: params.pullRequest,
-      scanSource: _getScanSource(command)
+      scanSource: _getScanSource(command, ci)
     }
   });
   if (sendReportRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
@@ -8585,6 +8704,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
       gqlClient,
       analysisId: reportUploadInfo.fixReportId,
       commitDirectly,
+      prId: pullRequest,
       createSpinner: createSpinner5
     });
   }
@@ -8674,7 +8794,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
       gqlClient,
       fixReportId: reportUploadInfo.fixReportId,
       projectId,
-      command
+      command,
+      ci
     });
     const srcFileStatus = await fsPromises.lstat(srcPath);
     const zippingSpinner = createSpinner5("\u{1F4E6} Zipping repo").start();
@@ -8711,7 +8832,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
           repoUrl: repo || gitInfo.repoUrl || getTopLevelDirName(srcPath),
           reference: ref || gitInfo.reference || "no-branch",
           sha: commitHash || gitInfo.hash || "0123456789abcdef",
-          scanSource: _getScanSource(command),
+          scanSource: _getScanSource(command, ci),
           pullRequest: params.pullRequest
         }
       });
@@ -8758,6 +8879,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
         gqlClient,
         analysisId: reportUploadInfo.fixReportId,
         commitDirectly,
+        prId: pullRequest,
         createSpinner: createSpinner5
       });
     }
@@ -8769,7 +8891,8 @@ async function _digestReport({
   gqlClient,
   fixReportId,
   projectId,
-  command
+  command,
+  ci
 }) {
   const digestSpinner = createSpinner4(
     progressMassages.processingVulnerabilityReport
@@ -8779,7 +8902,7 @@ async function _digestReport({
       {
         fixReportId,
         projectId,
-        scanSource: _getScanSource(command)
+        scanSource: _getScanSource(command, ci)
       }
     );
     try {
@@ -8864,7 +8987,8 @@ async function analyze({
   mobbProjectName,
   organizationId,
   autoPr,
-  commitDirectly
+  commitDirectly,
+  pullRequest
 }, { skipPrompts = false } = {}) {
   !ci && await showWelcomeMessage(skipPrompts);
   await runAnalysis(
@@ -8880,7 +9004,8 @@ async function analyze({
       organizationId,
       command: "analyze",
       autoPr,
-      commitDirectly
+      commitDirectly,
+      pullRequest
     },
     { skipPrompts }
   );
@@ -9198,7 +9323,12 @@ function analyzeBuilder(yargs2) {
     alias: "commit-hash",
     describe: chalk8.bold("Hash of the commit"),
     type: "string"
-  }).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("org", organizationIdOptions).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).option("auto-pr", autoPrOption).option("commit-directly", commitDirectlyOption).example(
+  }).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("org", organizationIdOptions).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).option("auto-pr", autoPrOption).option("commit-directly", commitDirectlyOption).option("pull-request", {
+    alias: ["pr", "pr-number", "pr-id"],
+    describe: chalk8.bold("Number of the pull request"),
+    type: "number",
+    demandOption: false
+  }).example(
     "npx mobbdev@latest analyze -r https://github.com/WebGoat/WebGoat -f <your_vulnerability_report_path>",
     "analyze an existing repository"
   ).help();
@@ -9223,6 +9353,11 @@ Can't access ${chalk8.bold(argv.f)}`);
       "--commit-directly flag requires --auto-pr to be provided as well"
     );
   }
+  if (argv.pullRequest && !argv["commit-directly"]) {
+    throw new CliError(
+      "--pull-request flag requires --commit-directly to be provided as well"
+    );
+  }
   validateReportFileFormat(argv.f);
 }
 async function analyzeHandler(args) {
@@ -9251,7 +9386,7 @@ function reviewBuilder(yargs2) {
     type: "string",
     demandOption: true
   }).option("pull-request", {
-    alias: "pr",
+    alias: ["pr", "pr-number", "pr-id"],
     describe: chalk9.bold("Number of the pull request"),
     type: "number",
     demandOption: true

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.46",
+  "version": "1.0.50",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -35,10 +35,10 @@
     "@octokit/core": "5.2.0",
     "@octokit/graphql": "5.0.6",
     "@octokit/plugin-rest-endpoint-methods": "7.2.3",
-    "@octokit/request-error": "5.1.0",
+    "@octokit/request-error": "5.1.1",
     "@types/libsodium-wrappers": "0.7.14",
     "adm-zip": "0.5.16",
-    "axios": "1.7.9",
+    "axios": "1.8.2",
     "azure-devops-node-api": "12.1.0",
     "bitbucket": "2.11.0",
     "chalk": "5.4.1",