snyk-nuget-plugin 2.11.0 → 2.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -15,6 +15,19 @@ exports.FILTERED_DEPENDENCY_PREFIX = [
|
|
|
15
15
|
// dependencies are causing noise for the customers and are not of interested.
|
|
16
16
|
'runtime',
|
|
17
17
|
];
|
|
18
|
+
/**
|
|
19
|
+
* Finds the actual resolved version of a package in the targets section.
|
|
20
|
+
* This is necessary because NuGet may resolve to a different version than what's
|
|
21
|
+
* declared in transitive dependencies due to version constraints and resolution rules.
|
|
22
|
+
*/
|
|
23
|
+
function findActualResolvedVersion(allPackagesForFramework, packageName) {
|
|
24
|
+
for (const key of Object.keys(allPackagesForFramework)) {
|
|
25
|
+
if (key.startsWith(`${packageName}/`)) {
|
|
26
|
+
return key.split('/')[1];
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
return null;
|
|
30
|
+
}
|
|
18
31
|
function recursivelyPopulateNodes(depGraphBuilder, allPackagesForFramework, parentID, dependencies, overrides, visited) {
|
|
19
32
|
if (!dependencies) {
|
|
20
33
|
return;
|
|
@@ -28,16 +41,31 @@ function recursivelyPopulateNodes(depGraphBuilder, allPackagesForFramework, pare
|
|
|
28
41
|
debug(`${childName} matched a prefix we ignore, not adding to graph`);
|
|
29
42
|
continue;
|
|
30
43
|
}
|
|
31
|
-
|
|
44
|
+
let actualResolvedVersion = childResolvedVersion;
|
|
45
|
+
let childPkgEntry = allPackagesForFramework[`${childName}/${childResolvedVersion}`];
|
|
32
46
|
if (!childPkgEntry) {
|
|
33
|
-
|
|
34
|
-
|
|
47
|
+
// Find the actual resolved version for this package name in the targets section
|
|
48
|
+
// NuGet may resolve to a different version than what's declared in transitive dependencies
|
|
49
|
+
actualResolvedVersion = findActualResolvedVersion(allPackagesForFramework, childName);
|
|
50
|
+
if (!actualResolvedVersion) {
|
|
51
|
+
debug(`Child package ${childName} not found in lock file packages for framework.`);
|
|
52
|
+
continue;
|
|
53
|
+
}
|
|
54
|
+
if (childResolvedVersion !== actualResolvedVersion) {
|
|
55
|
+
debug(`Version mismatch for ${childName}: declared ${childResolvedVersion}, using resolved ${actualResolvedVersion}`);
|
|
56
|
+
}
|
|
57
|
+
childPkgEntry =
|
|
58
|
+
allPackagesForFramework[`${childName}/${actualResolvedVersion}`];
|
|
59
|
+
if (!childPkgEntry) {
|
|
60
|
+
debug(`Child package ${childName}@${actualResolvedVersion} not found in lock file packages for framework (this should not happen).`);
|
|
61
|
+
continue;
|
|
62
|
+
}
|
|
35
63
|
}
|
|
36
|
-
const childID = `${childName}@${
|
|
37
|
-
let finalVersion =
|
|
64
|
+
const childID = `${childName}@${actualResolvedVersion}`;
|
|
65
|
+
let finalVersion = actualResolvedVersion;
|
|
38
66
|
// If we're looking at a runtime assembly version for self-contained dlls, overwrite the dependency version
|
|
39
67
|
// we've found in the graph with those from the runtime assembly, as they take precedence.
|
|
40
|
-
if (+
|
|
68
|
+
if (+actualResolvedVersion.split('.')[0] < 6 &&
|
|
41
69
|
childName in overrides.overridesAssemblies &&
|
|
42
70
|
+overrides.overridesAssemblies[childName].split('.')[0] < 6) {
|
|
43
71
|
finalVersion = overrides.overrideVersion;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet-core-v3-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v3-parser.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"dotnet-core-v3-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v3-parser.ts"],"names":[],"mappings":";;;AAoQA,sBAaC;AAjRD,qCAAqC;AAErC,+CAAkD;AAClD,yCAAoD;AAGpD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,oDAAoD;AACvC,QAAA,0BAA0B,GAAG;IACxC,gHAAgH;IAChH,oHAAoH;IACpH,sHAAsH;IACtH,sHAAsH;IACtH,8EAA8E;IAC9E,SAAS;CACV,CAAC;AAEF;;;;GAIG;AACH,SAAS,yBAAyB,CAChC,uBAA+C,EAC/C,WAAmB;IAEnB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,EAAE,CAAC;QACvD,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,WAAW,GAAG,CAAC,EAAE,CAAC;YACtC,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,wBAAwB,CAC/B,eAAgC,EAChC,uBAA+C,EAC/C,QAAgB,EAChB,YAAoC,EACpC,SAAoB,EACpB,OAAqB;IAErB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;IACT,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IACrC,KAAK,MAAM,CAAC,SAAS,EAAE,oBAAoB,CAAC,IAAI,MAAM,CAAC,OAAO,CAC5D,YAAY,CACb,EAAE,CAAC;QACF,MAAM,YAAY,GAAG,WAAW,IAAI,IAAI,GAAG,EAAU,CAAC;QACtD,gHAAgH;QAChH,+FAA+F;QAC/F,IACE,kCAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EACzE,CAAC;YACD,KAAK,CAAC,GAAG,SAAS,kDAAkD,CAAC,CAAC;YACtE,SAAS;QACX,CAAC;QAED,IAAI,qBAAqB,GAAkB,oBAAoB,CAAC;QAEhE,IAAI,aAAa,GACf,uBAAuB,CAAC,GAAG,SAAS,IAAI,oBAAoB,EAAE,CAAC,CAAC;QAClE,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,gFAAgF;YAChF,2FAA2F;YAC3F,qBAAqB,GAAG,yBAAyB,CAC/C,uBAAuB,EACvB,SAAS,CACV,CAAC;YACF,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBAC3B,KAAK,CACH,iBAAiB,SAAS,iDAAiD,CAC5E,CAAC;gBACF,SAAS;YACX,CAAC;YAED,IAAI,oBAAoB,KAAK,qBAAqB,EAAE,CAAC;gBACnD,KAAK,CACH,wBAAwB,SAAS,cAAc,oBAAoB,oBAAoB,qBAAqB,EAAE,CAC/G,CAAC;YACJ,CAAC;YAED,aAAa;gBACX,uBAAuB,CAAC,GAAG,SAAS,IAAI,qBAAqB,EAAE,CAAC,CAAC;YACnE,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,KAAK,CACH,iBAAiB,SAAS,IAAI,qBAAqB,0EAA0E,CAC9H,CAAC;gBACF,SAAS;YACX,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,SAAS,IAAI,qBAAqB,EAAE,CAAC;QAExD,IAAI,YAAY,GAAG,qBAAqB,CAAC;QAEzC,2GAA2G;QAC3G,0FAA0F;QAC1F,IACE,CAAC,qBAAqB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YACxC,SAAS,IAAI,SAAS,CAAC,mBAAmB;YAC1C,CAAC,SAAS,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAC3D,CAAC;YACD,YAAY,GAAG,SAAS,CAAC,eAAe,CAAC;QAC3C,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,OAAO,SAAS,CAAC;YACrC,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,EAC1C,QAAQ,EACR;gBACE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAC3B,CACF,CAAC;YACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,KAAK,CAAC,iCAAiC,QAAQ,OAAO,OAAO,EAAE,CAAC,CAAC;YACjE,SAAS;QACX,CAAC;QAED,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,EAC1C,OAAO,CACR,CAAC;QACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE1B,KAAK,CAAC,sBAAsB,QAAQ,OAAO,OAAO,EAAE,CAAC,CAAC;QAEtD,wBAAwB,CACtB,eAAe,EACf,uBAAuB,EACvB,OAAO,EACP,aAAa,CAAC,YAAY,EAC1B,SAAS,EACT,YAAY,CACb,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,WAAmB,EACnB,eAAuB,EACvB,aAA4B,EAC5B,SAAoB;IAEpB,MAAM,eAAe,GAAG,IAAI,2BAAe,CACzC,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO;KACvC,CACF,CAAC;IAEF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,gFAAgF;QAChF,MAAM,IAAI,6BAAoB,CAC5B,mDAAmD,CACpD,CAAC;IACJ,CAAC;IAED,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IAElE,+GAA+G;IAC/G,wEAAwE;IACxE,gDAAgD;IAChD,MAAM,cAAc,GAAG,sBAAsB,CAAC,MAAM,CAClD,CAAC,MAAM,EAAE,EAAE,CACT,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,CAC3E,CAAC;IAEF,oHAAoH;IACpH,MAAM,qBAAqB,GACzB,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAE5E,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,gFAAgF;QAChF,MAAM,IAAI,6BAAoB,CAC5B,kEAAkE,eAAe,aAAa,CAC/F,CAAC;IACJ,CAAC;IAED,IAAI,qBAAqB,KAAK,eAAe,EAAE,CAAC;QAC9C,KAAK,CACH,SAAS,qBAAqB,yBAAyB,eAAe,sBAAsB,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CACxH,CAAC;IACJ,CAAC;IAED,MAAM,uBAAuB,GAAG,aAAa,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAE7E,0DAA0D;IAC1D,MAAM,kBAAkB,GAA2B,EAAE,CAAC;IACtD,aAAa,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,CAAC,OAAO,CACtE,CAAC,UAAkB,EAAE,EAAE;QACrB,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9C,kBAAkB,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC,CACF,CAAC;IAEF,KAAK,CACH,8CAA8C,qBAAqB,MAAM,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAC5G,CAAC;IAEF,IAAI,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,KAAK,CACH,iFAAiF,CAClF,CAAC;QACF,8DAA8D;QAC9D,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;IACjC,CAAC;IAED,sDAAsD;IACtD,wBAAwB,CACtB,eAAe,EACf,uBAAuB,EACvB,WAAW,EACX,kBAAkB,EAAE,sCAAsC;IAC1D,SAAS,CACV,CAAC;IAEF,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAuB;IAC/C,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,IAAI,6BAAoB,CAC5B,oDAAoD,CACrD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,IAAI,6BAAoB,CAC5B,iDAAiD,CAClD,CAAC;IACJ,CAAC;IAED,IACE,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU;QAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EACrD,CAAC;QACD,MAAM,IAAI,6BAAoB,CAC5B,gDAAgD,CACjD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,IAAI,6BAAoB,CAC5B,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,6BAAoB,CAC5B,6CAA6C,CAC9C,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAgB,KAAK,CACnB,WAAmB,EACnB,eAAuB,EACvB,aAA4B,EAC5B,SAAoB;IAEpB,KAAK,CACH,uEAAuE,CACxE,CAAC;IAEF,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAEhC,OAAO,aAAa,CAAC,WAAW,EAAE,eAAe,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;AAC/E,CAAC"}
|
package/package.json
CHANGED