npm - mobbdev - Versions diffs - 1.4.7 → 1.4.9 - Mend

mobbdev 1.4.7 → 1.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/args/commands/upload_ai_blame.mjs +18 -6
package/dist/index.mjs +48 -26
package/package.json +10 -10

package/dist/args/commands/upload_ai_blame.mjs CHANGED Viewed

@@ -598,6 +598,7 @@ var init_client_generates = __esm({
       id
       organization {
         id
+        enableV2Fixes
         projects(where: {name: {_eq: $projectName}}) {
           name
           id
@@ -616,6 +617,7 @@ var init_client_generates = __esm({
       id
       organization {
         id
+        enableV2Fixes
       }
     }
   }
@@ -2707,7 +2709,7 @@ var init_env = __esm({
       GITLAB_API_TOKEN: z16.string().optional(),
       GITHUB_API_TOKEN: z16.string().optional(),
       GIT_PROXY_HOST: z16.string().optional().default("http://tinyproxy:8888"),
-      MAX_UPLOAD_FILE_SIZE_MB: z16.coerce.number().gt(0).default(5),
+      MAX_UPLOAD_FILE_SIZE_MB: z16.coerce.number().gt(0).default(2),
       GITHUB_API_CONCURRENCY: z16.coerce.number().gt(0).optional().default(10)
     });
     ({
@@ -3569,7 +3571,13 @@ var init_FileUtils = __esm({
         const results = [];
         const filePromises = [];
         for (const item of items) {
-          const fullPath = path4.join(dir, item);
+          const safeInput = path4.resolve(
+            path4.sep,
+            path4.normalize(
+              String(dir || "").replace("\0", "").replace(/^(\.\.(\/|\\$))+/, "")
+            )
+          );
+          const fullPath = path4.join(safeInput, item);
           try {
             await fsPromises.access(fullPath, fs4.constants.R_OK);
             const stat = await fsPromises.stat(fullPath);
@@ -3607,7 +3615,9 @@ var init_FileUtils = __esm({
       }) {
         try {
           const stats = fs4.statSync(dir);
-          if (!stats.isDirectory()) return [];
+          if (!stats.isDirectory()) {
+            return [];
+          }
         } catch {
           return [];
         }
@@ -3616,7 +3626,7 @@ var init_FileUtils = __esm({
           const { GitService: GitService2 } = await Promise.resolve().then(() => (init_GitService(), GitService_exports));
           const gitService = new GitService2(dir);
           gitMatcher = await gitService.getGitignoreMatcher();
-        } catch (e) {
+        } catch {
         }
         const allFiles = await this.processRootDirectory(dir, EXCLUDED_DIRS);
         const filteredFiles = allFiles.filter(
@@ -6945,7 +6955,8 @@ var GQLClient = class {
     const getLastOrgRes = await this._clientSdk.getLastOrg({ email });
     return {
       organizationId: getLastOrgRes?.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.id,
-      userName: getLastOrgRes?.user?.[0]?.name ?? ""
+      userName: getLastOrgRes?.user?.[0]?.name ?? "",
+      enableV2Fixes: getLastOrgRes?.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.enableV2Fixes === true
     };
   }
   async createCliLogin(variables) {
@@ -7027,7 +7038,8 @@ var GQLClient = class {
     }
     return {
       organizationId: organization.id,
-      projectId
+      projectId,
+      enableV2Fixes: organization.enableV2Fixes === true
     };
   }
   async getEncryptedApiToken(variables) {

package/dist/index.mjs CHANGED Viewed

@@ -598,6 +598,7 @@ var init_client_generates = __esm({
       id
       organization {
         id
+        enableV2Fixes
         projects(where: {name: {_eq: $projectName}}) {
           name
           id
@@ -616,6 +617,7 @@ var init_client_generates = __esm({
       id
       organization {
         id
+        enableV2Fixes
       }
     }
   }
@@ -2756,7 +2758,7 @@ var init_env = __esm({
       GITLAB_API_TOKEN: z15.string().optional(),
       GITHUB_API_TOKEN: z15.string().optional(),
       GIT_PROXY_HOST: z15.string().optional().default("http://tinyproxy:8888"),
-      MAX_UPLOAD_FILE_SIZE_MB: z15.coerce.number().gt(0).default(5),
+      MAX_UPLOAD_FILE_SIZE_MB: z15.coerce.number().gt(0).default(2),
       GITHUB_API_CONCURRENCY: z15.coerce.number().gt(0).optional().default(10)
     });
     ({
@@ -3621,7 +3623,13 @@ var init_FileUtils = __esm({
         const results = [];
         const filePromises = [];
         for (const item of items) {
-          const fullPath = path.join(dir, item);
+          const safeInput = path.resolve(
+            path.sep,
+            path.normalize(
+              String(dir || "").replace("\0", "").replace(/^(\.\.(\/|\\$))+/, "")
+            )
+          );
+          const fullPath = path.join(safeInput, item);
           try {
             await fsPromises.access(fullPath, fs.constants.R_OK);
             const stat5 = await fsPromises.stat(fullPath);
@@ -3659,7 +3667,9 @@ var init_FileUtils = __esm({
       }) {
         try {
           const stats = fs.statSync(dir);
-          if (!stats.isDirectory()) return [];
+          if (!stats.isDirectory()) {
+            return [];
+          }
         } catch {
           return [];
         }
@@ -3668,7 +3678,7 @@ var init_FileUtils = __esm({
           const { GitService: GitService2 } = await Promise.resolve().then(() => (init_GitService(), GitService_exports));
           const gitService = new GitService2(dir);
           gitMatcher = await gitService.getGitignoreMatcher();
-        } catch (e) {
+        } catch {
         }
         const allFiles = await this.processRootDirectory(dir, EXCLUDED_DIRS);
         const filteredFiles = allFiles.filter(
@@ -13309,7 +13319,8 @@ var GQLClient = class {
     const getLastOrgRes = await this._clientSdk.getLastOrg({ email });
     return {
       organizationId: getLastOrgRes?.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.id,
-      userName: getLastOrgRes?.user?.[0]?.name ?? ""
+      userName: getLastOrgRes?.user?.[0]?.name ?? "",
+      enableV2Fixes: getLastOrgRes?.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.enableV2Fixes === true
     };
   }
   async createCliLogin(variables) {
@@ -13391,7 +13402,8 @@ var GQLClient = class {
     }
     return {
       organizationId: organization.id,
-      projectId
+      projectId,
+      enableV2Fixes: organization.enableV2Fixes === true
     };
   }
   async getEncryptedApiToken(variables) {
@@ -15697,7 +15709,7 @@ function getManifestFilesSuffixes() {
 }
 async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
   debug18("pack folder %s", srcDirPath);
-  let git = void 0;
+  let git;
   try {
     git = simpleGit3({
       baseDir: srcDirPath,
@@ -15743,7 +15755,11 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
       }
     }
     if (fs9.lstatSync(absFilepath).size > MCP_MAX_FILE_SIZE) {
-      debug18("ignoring %s because the size is > 5MB", filepath);
+      debug18(
+        "ignoring %s \u2014 file size exceeds MCP_MAX_FILE_SIZE (%d bytes)",
+        filepath,
+        MCP_MAX_FILE_SIZE
+      );
       continue;
     }
     let data;
@@ -16124,7 +16140,9 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
 init_client_generates();
 var { CliError: CliError2, Spinner: Spinner2 } = utils_exports;
 function _getScanSource(command, ci) {
-  if (command === "review") return "AUTO_FIXER" /* AutoFixer */;
+  if (command === "review") {
+    return "AUTO_FIXER" /* AutoFixer */;
+  }
   const envToCi = [
     ["GITLAB_CI", "CI_GITLAB" /* CiGitlab */],
     ["GITHUB_ACTIONS", "CI_GITHUB" /* CiGithub */],
@@ -16341,7 +16359,11 @@ async function _scan(params, { skipPrompts = false } = {}) {
   if (!mobbProjectName) {
     throw new Error("mobbProjectName is required");
   }
-  const { projectId, organizationId } = await gqlClient.getLastOrgAndNamedProject({
+  const {
+    projectId,
+    organizationId,
+    enableV2Fixes: orgEnableV2Fixes
+  } = await gqlClient.getLastOrgAndNamedProject({
     projectName: mobbProjectName,
     userDefinedOrganizationId: userOrganizationId
   });
@@ -16591,7 +16613,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
         srcPath,
         vulnFiles,
         repoUploadInfo,
-        isIncludeAllFiles: false
+        isIncludeAllFiles: orgEnableV2Fixes
       });
       gitInfo2 = res.gitInfo;
     } else {
@@ -17804,16 +17826,23 @@ function groupSkills(files, root, baseDir) {
       standalone.push(f);
     } else {
       const folderName = relFromSkills.slice(0, slashIdx);
-      if (!folderMap.has(folderName)) {
-        folderMap.set(folderName, []);
+      const folderKey = rel.slice(
+        0,
+        skillsIdx + skillsMarker.length + folderName.length
+      );
+      let bucket = folderMap.get(folderKey);
+      if (!bucket) {
+        bucket = { folderName, files: [] };
+        folderMap.set(folderKey, bucket);
       }
-      folderMap.get(folderName).push(f);
+      bucket.files.push(f);
     }
   }
   const groups = [];
   for (const f of standalone) {
     const name = path14.basename(f.path, path14.extname(f.path));
-    const sessionKey = `skill:${root}:${name}`;
+    const standaloneRel = path14.relative(baseDir, f.path).replace(/\\/g, "/");
+    const sessionKey = `skill:${root}:${standaloneRel}`;
     groups.push({
       name,
       root,
@@ -17824,17 +17853,10 @@ function groupSkills(files, root, baseDir) {
       sessionKey
     });
   }
-  for (const [folderName, folderFiles] of folderMap) {
+  for (const [folderKey, { folderName, files: folderFiles }] of folderMap) {
     const maxMtimeMs = Math.max(...folderFiles.map((f) => f.mtimeMs));
-    const anyFile = folderFiles[0];
-    const rel = path14.relative(baseDir, anyFile.path).replace(/\\/g, "/");
-    const skillsIdx = rel.indexOf("skills/");
-    const skillRelPath = rel.slice(
-      0,
-      skillsIdx + "skills/".length + folderName.length
-    );
-    const skillPath = path14.join(baseDir, skillRelPath);
-    const sessionKey = `skill:${root}:${folderName}`;
+    const skillPath = path14.join(baseDir, folderKey);
+    const sessionKey = `skill:${root}:${folderKey}`;
     groups.push({
       name: folderName,
       root,
@@ -19190,7 +19212,7 @@ function createLogger(config2) {
 // src/features/claude_code/hook_logger.ts
 var DD_RUM_TOKEN = true ? "pubf59c0182545bfb4c299175119f1abf9b" : "";
-var CLI_VERSION = true ? "1.4.7" : "unknown";
+var CLI_VERSION = true ? "1.4.9" : "unknown";
 var NAMESPACE = "mobbdev-claude-code-hook-logs";
 var claudeCodeVersion;
 function buildDdTags() {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.4.7",
+  "version": "1.4.9",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",
@@ -59,8 +59,8 @@
     "@octokit/core": "5.2.0",
     "@octokit/request-error": "5.1.1",
     "@openredaction/openredaction": "1.0.4",
-    "adm-zip": "0.5.16",
-    "axios": "1.13.5",
+    "adm-zip": "0.5.17",
+    "axios": "1.16.0",
     "azure-devops-node-api": "15.1.2",
     "bitbucket": "2.12.0",
     "chalk": "5.6.2",
@@ -80,8 +80,8 @@
     "https-proxy-agent": "7.0.6",
     "ignore": "7.0.5",
     "inquirer": "9.3.8",
-    "isomorphic-ws": "5.0.0",
     "istextorbinary": "9.5.0",
+    "isomorphic-ws": "5.0.0",
     "jsonc-parser": "3.3.1",
     "libsodium-wrappers": "0.7.15",
     "multimatch": "7.0.0",
@@ -96,13 +96,13 @@
     "sax": "1.6.0",
     "semver": "7.7.4",
     "shell-quote": "1.8.3",
-    "simple-git": "3.33.0",
-    "snyk": "1.1303.2",
+    "simple-git": "3.36.0",
+    "snyk": "1.1304.1",
     "tar": "7.5.13",
     "tmp": "0.2.5",
     "tmp-promise": "3.0.3",
     "undici": "6.24.0",
-    "uuid": "11.1.0",
+    "uuid": "11.1.1",
     "ws": "8.20.0",
     "xml2js": "0.6.2",
     "yargs": "17.7.2",
@@ -115,7 +115,7 @@
     "@graphql-codegen/typescript-operations": "4.6.1",
     "@graphql-eslint/eslint-plugin": "4.4.0",
     "@octokit/types": "13.10.0",
-    "@types/adm-zip": "0.5.7",
+    "@types/adm-zip": "0.5.8",
     "@types/chalk-animation": "1.6.3",
     "@types/configstore": "6.0.2",
     "@types/debug": "4.1.13",
@@ -141,8 +141,8 @@
     "eslint-plugin-prettier": "5.5.5",
     "eslint-plugin-simple-import-sort": "12.1.1",
     "msw": "2.10.5",
-    "nock": "14.0.11",
-    "prettier": "3.8.1",
+    "nock": "14.0.14",
+    "prettier": "3.8.3",
     "tsup": "8.5.1",
     "typescript": "5.9.3",
     "vitest": "3.2.4"