snyk-nuget-plugin 2.11.0 → 2.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -15,7 +15,7 @@ exports.FILTERED_DEPENDENCY_PREFIX = [
|
|
|
15
15
|
// dependencies are causing noise for the customers and are not of interested.
|
|
16
16
|
'runtime',
|
|
17
17
|
];
|
|
18
|
-
function recursivelyPopulateNodes(depGraphBuilder,
|
|
18
|
+
function recursivelyPopulateNodes(depGraphBuilder, resolvedPackages, parentID, dependencies, overrides, visited) {
|
|
19
19
|
if (!dependencies) {
|
|
20
20
|
return;
|
|
21
21
|
}
|
|
@@ -28,16 +28,22 @@ function recursivelyPopulateNodes(depGraphBuilder, allPackagesForFramework, pare
|
|
|
28
28
|
debug(`${childName} matched a prefix we ignore, not adding to graph`);
|
|
29
29
|
continue;
|
|
30
30
|
}
|
|
31
|
-
|
|
32
|
-
|
|
31
|
+
// Find the actual resolved version and target for this package name
|
|
32
|
+
// NuGet may resolve to a different version than what's declared in transitive dependencies
|
|
33
|
+
const resolvedPackage = resolvedPackages[childName];
|
|
34
|
+
if (!resolvedPackage) {
|
|
33
35
|
debug(`Child package ${childName} not found in lock file packages for framework.`);
|
|
34
36
|
continue;
|
|
35
37
|
}
|
|
36
|
-
const
|
|
37
|
-
|
|
38
|
+
const { resolvedVersion: actualResolvedVersion, target: childPkgEntry } = resolvedPackage;
|
|
39
|
+
if (childResolvedVersion !== actualResolvedVersion) {
|
|
40
|
+
debug(`Version mismatch for ${childName}: declared ${childResolvedVersion}, using resolved ${actualResolvedVersion}`);
|
|
41
|
+
}
|
|
42
|
+
const childID = `${childName}@${actualResolvedVersion}`;
|
|
43
|
+
let finalVersion = actualResolvedVersion;
|
|
38
44
|
// If we're looking at a runtime assembly version for self-contained dlls, overwrite the dependency version
|
|
39
45
|
// we've found in the graph with those from the runtime assembly, as they take precedence.
|
|
40
|
-
if (+
|
|
46
|
+
if (+actualResolvedVersion.split('.')[0] < 6 &&
|
|
41
47
|
childName in overrides.overridesAssemblies &&
|
|
42
48
|
+overrides.overridesAssemblies[childName].split('.')[0] < 6) {
|
|
43
49
|
finalVersion = overrides.overrideVersion;
|
|
@@ -55,7 +61,7 @@ function recursivelyPopulateNodes(depGraphBuilder, allPackagesForFramework, pare
|
|
|
55
61
|
depGraphBuilder.connectDep(parentID, childID);
|
|
56
62
|
localVisited.add(childID);
|
|
57
63
|
debug(`Adding dependency: ${parentID} -> ${childID}`);
|
|
58
|
-
recursivelyPopulateNodes(depGraphBuilder,
|
|
64
|
+
recursivelyPopulateNodes(depGraphBuilder, resolvedPackages, childID, childPkgEntry.dependencies, overrides, localVisited);
|
|
59
65
|
}
|
|
60
66
|
}
|
|
61
67
|
function buildDepGraph(projectName, targetFramework, projectAssets, overrides) {
|
|
@@ -82,6 +88,11 @@ function buildDepGraph(projectName, targetFramework, projectAssets, overrides) {
|
|
|
82
88
|
debug(`Using ${assetsTargetFramework} instead of requested ${targetFramework} (partial matches: ${partialMatches.join(',')})`);
|
|
83
89
|
}
|
|
84
90
|
const allPackagesForFramework = projectAssets.targets[assetsTargetFramework];
|
|
91
|
+
const resolvedPackages = {};
|
|
92
|
+
for (const [key, target] of Object.entries(allPackagesForFramework)) {
|
|
93
|
+
const [name, version] = key.split('/');
|
|
94
|
+
resolvedPackages[name] = { resolvedVersion: version, target };
|
|
95
|
+
}
|
|
85
96
|
// Identify direct dependencies for the selected framework
|
|
86
97
|
const directDependencies = {};
|
|
87
98
|
projectAssets.projectFileDependencyGroups[assetsTargetFramework].forEach((dependency) => {
|
|
@@ -95,7 +106,7 @@ function buildDepGraph(projectName, targetFramework, projectAssets, overrides) {
|
|
|
95
106
|
return depGraphBuilder.build();
|
|
96
107
|
}
|
|
97
108
|
// Start recursive population from direct dependencies
|
|
98
|
-
recursivelyPopulateNodes(depGraphBuilder,
|
|
109
|
+
recursivelyPopulateNodes(depGraphBuilder, resolvedPackages, 'root-node', directDependencies, // Pass the direct dependencies object
|
|
99
110
|
overrides);
|
|
100
111
|
return depGraphBuilder.build();
|
|
101
112
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet-core-v3-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v3-parser.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"dotnet-core-v3-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v3-parser.ts"],"names":[],"mappings":";;;AA0OA,sBAaC;AAvPD,qCAAqC;AAErC,+CAAkD;AAClD,yCAAoD;AAGpD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,oDAAoD;AACvC,QAAA,0BAA0B,GAAG;IACxC,gHAAgH;IAChH,oHAAoH;IACpH,sHAAsH;IACtH,sHAAsH;IACtH,8EAA8E;IAC9E,SAAS;CACV,CAAC;AAEF,SAAS,wBAAwB,CAC/B,eAAgC,EAChC,gBAAqC,EACrC,QAAgB,EAChB,YAAoC,EACpC,SAAoB,EACpB,OAAqB;IAErB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;IACT,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IACrC,KAAK,MAAM,CAAC,SAAS,EAAE,oBAAoB,CAAC,IAAI,MAAM,CAAC,OAAO,CAC5D,YAAY,CACb,EAAE,CAAC;QACF,MAAM,YAAY,GAAG,WAAW,IAAI,IAAI,GAAG,EAAU,CAAC;QACtD,gHAAgH;QAChH,+FAA+F;QAC/F,IACE,kCAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EACzE,CAAC;YACD,KAAK,CAAC,GAAG,SAAS,kDAAkD,CAAC,CAAC;YACtE,SAAS;QACX,CAAC;QAED,oEAAoE;QACpE,2FAA2F;QAC3F,MAAM,eAAe,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;QACpD,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,KAAK,CACH,iBAAiB,SAAS,iDAAiD,CAC5E,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,EAAE,aAAa,EAAE,GACrE,eAAe,CAAC;QAElB,IAAI,oBAAoB,KAAK,qBAAqB,EAAE,CAAC;YACnD,KAAK,CACH,wBAAwB,SAAS,cAAc,oBAAoB,oBAAoB,qBAAqB,EAAE,CAC/G,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,SAAS,IAAI,qBAAqB,EAAE,CAAC;QAExD,IAAI,YAAY,GAAG,qBAAqB,CAAC;QAEzC,2GAA2G;QAC3G,0FAA0F;QAC1F,IACE,CAAC,qBAAqB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YACxC,SAAS,IAAI,SAAS,CAAC,mBAAmB;YAC1C,CAAC,SAAS,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAC3D,CAAC;YACD,YAAY,GAAG,SAAS,CAAC,eAAe,CAAC;QAC3C,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,OAAO,SAAS,CAAC;YACrC,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,EAC1C,QAAQ,EACR;gBACE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAC3B,CACF,CAAC;YACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,KAAK,CAAC,iCAAiC,QAAQ,OAAO,OAAO,EAAE,CAAC,CAAC;YACjE,SAAS;QACX,CAAC;QAED,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,EAC1C,OAAO,CACR,CAAC;QACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE1B,KAAK,CAAC,sBAAsB,QAAQ,OAAO,OAAO,EAAE,CAAC,CAAC;QAEtD,wBAAwB,CACtB,eAAe,EACf,gBAAgB,EAChB,OAAO,EACP,aAAa,CAAC,YAAY,EAC1B,SAAS,EACT,YAAY,CACb,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,WAAmB,EACnB,eAAuB,EACvB,aAA4B,EAC5B,SAAoB;IAEpB,MAAM,eAAe,GAAG,IAAI,2BAAe,CACzC,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO;KACvC,CACF,CAAC;IAEF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,gFAAgF;QAChF,MAAM,IAAI,6BAAoB,CAC5B,mDAAmD,CACpD,CAAC;IACJ,CAAC;IAED,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IAElE,+GAA+G;IAC/G,wEAAwE;IACxE,gDAAgD;IAChD,MAAM,cAAc,GAAG,sBAAsB,CAAC,MAAM,CAClD,CAAC,MAAM,EAAE,EAAE,CACT,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,CAC3E,CAAC;IAEF,oHAAoH;IACpH,MAAM,qBAAqB,GACzB,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAE5E,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,gFAAgF;QAChF,MAAM,IAAI,6BAAoB,CAC5B,kEAAkE,eAAe,aAAa,CAC/F,CAAC;IACJ,CAAC;IAED,IAAI,qBAAqB,KAAK,eAAe,EAAE,CAAC;QAC9C,KAAK,CACH,SAAS,qBAAqB,yBAAyB,eAAe,sBAAsB,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CACxH,CAAC;IACJ,CAAC;IAED,MAAM,uBAAuB,GAAG,aAAa,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAE7E,MAAM,gBAAgB,GAAwB,EAAE,CAAC;IACjD,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,EAAE,CAAC;QACpE,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACvC,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAChE,CAAC;IAED,0DAA0D;IAC1D,MAAM,kBAAkB,GAA2B,EAAE,CAAC;IACtD,aAAa,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,CAAC,OAAO,CACtE,CAAC,UAAkB,EAAE,EAAE;QACrB,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9C,kBAAkB,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC,CACF,CAAC;IAEF,KAAK,CACH,8CAA8C,qBAAqB,MAAM,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAC5G,CAAC;IAEF,IAAI,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,KAAK,CACH,iFAAiF,CAClF,CAAC;QACF,8DAA8D;QAC9D,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;IACjC,CAAC;IAED,sDAAsD;IACtD,wBAAwB,CACtB,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,kBAAkB,EAAE,sCAAsC;IAC1D,SAAS,CACV,CAAC;IAEF,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAuB;IAC/C,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,IAAI,6BAAoB,CAC5B,oDAAoD,CACrD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,IAAI,6BAAoB,CAC5B,iDAAiD,CAClD,CAAC;IACJ,CAAC;IAED,IACE,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU;QAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EACrD,CAAC;QACD,MAAM,IAAI,6BAAoB,CAC5B,gDAAgD,CACjD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,IAAI,6BAAoB,CAC5B,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,6BAAoB,CAC5B,6CAA6C,CAC9C,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAgB,KAAK,CACnB,WAAmB,EACnB,eAAuB,EACvB,aAA4B,EAC5B,SAAoB;IAEpB,KAAK,CACH,uEAAuE,CACxE,CAAC;IAEF,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAEhC,OAAO,aAAa,CAAC,WAAW,EAAE,eAAe,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;AAC/E,CAAC"}
|
|
@@ -89,5 +89,9 @@ export type Overrides = {
|
|
|
89
89
|
overridesAssemblies: AssemblyVersions;
|
|
90
90
|
overrideVersion: string;
|
|
91
91
|
};
|
|
92
|
+
export type ResolvedPackagesMap = Record<string, {
|
|
93
|
+
readonly resolvedVersion: string;
|
|
94
|
+
readonly target: Target;
|
|
95
|
+
}>;
|
|
92
96
|
export type DotnetCoreV2Results = DotnetCoreV2Result[];
|
|
93
97
|
export {};
|
package/package.json
CHANGED