snyk-nuget-plugin 2.11.1 → 2.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -15,20 +15,7 @@ exports.FILTERED_DEPENDENCY_PREFIX = [
|
|
|
15
15
|
// dependencies are causing noise for the customers and are not of interested.
|
|
16
16
|
'runtime',
|
|
17
17
|
];
|
|
18
|
-
|
|
19
|
-
* Finds the actual resolved version of a package in the targets section.
|
|
20
|
-
* This is necessary because NuGet may resolve to a different version than what's
|
|
21
|
-
* declared in transitive dependencies due to version constraints and resolution rules.
|
|
22
|
-
*/
|
|
23
|
-
function findActualResolvedVersion(allPackagesForFramework, packageName) {
|
|
24
|
-
for (const key of Object.keys(allPackagesForFramework)) {
|
|
25
|
-
if (key.startsWith(`${packageName}/`)) {
|
|
26
|
-
return key.split('/')[1];
|
|
27
|
-
}
|
|
28
|
-
}
|
|
29
|
-
return null;
|
|
30
|
-
}
|
|
31
|
-
function recursivelyPopulateNodes(depGraphBuilder, allPackagesForFramework, parentID, dependencies, overrides, visited) {
|
|
18
|
+
function recursivelyPopulateNodes(depGraphBuilder, resolvedPackages, parentID, dependencies, overrides, visited) {
|
|
32
19
|
if (!dependencies) {
|
|
33
20
|
return;
|
|
34
21
|
}
|
|
@@ -41,25 +28,16 @@ function recursivelyPopulateNodes(depGraphBuilder, allPackagesForFramework, pare
|
|
|
41
28
|
debug(`${childName} matched a prefix we ignore, not adding to graph`);
|
|
42
29
|
continue;
|
|
43
30
|
}
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
}
|
|
54
|
-
if (childResolvedVersion !== actualResolvedVersion) {
|
|
55
|
-
debug(`Version mismatch for ${childName}: declared ${childResolvedVersion}, using resolved ${actualResolvedVersion}`);
|
|
56
|
-
}
|
|
57
|
-
childPkgEntry =
|
|
58
|
-
allPackagesForFramework[`${childName}/${actualResolvedVersion}`];
|
|
59
|
-
if (!childPkgEntry) {
|
|
60
|
-
debug(`Child package ${childName}@${actualResolvedVersion} not found in lock file packages for framework (this should not happen).`);
|
|
61
|
-
continue;
|
|
62
|
-
}
|
|
31
|
+
// Find the actual resolved version and target for this package name
|
|
32
|
+
// NuGet may resolve to a different version than what's declared in transitive dependencies
|
|
33
|
+
const resolvedPackage = resolvedPackages[childName];
|
|
34
|
+
if (!resolvedPackage) {
|
|
35
|
+
debug(`Child package ${childName} not found in lock file packages for framework.`);
|
|
36
|
+
continue;
|
|
37
|
+
}
|
|
38
|
+
const { resolvedVersion: actualResolvedVersion, target: childPkgEntry } = resolvedPackage;
|
|
39
|
+
if (childResolvedVersion !== actualResolvedVersion) {
|
|
40
|
+
debug(`Version mismatch for ${childName}: declared ${childResolvedVersion}, using resolved ${actualResolvedVersion}`);
|
|
63
41
|
}
|
|
64
42
|
const childID = `${childName}@${actualResolvedVersion}`;
|
|
65
43
|
let finalVersion = actualResolvedVersion;
|
|
@@ -83,7 +61,7 @@ function recursivelyPopulateNodes(depGraphBuilder, allPackagesForFramework, pare
|
|
|
83
61
|
depGraphBuilder.connectDep(parentID, childID);
|
|
84
62
|
localVisited.add(childID);
|
|
85
63
|
debug(`Adding dependency: ${parentID} -> ${childID}`);
|
|
86
|
-
recursivelyPopulateNodes(depGraphBuilder,
|
|
64
|
+
recursivelyPopulateNodes(depGraphBuilder, resolvedPackages, childID, childPkgEntry.dependencies, overrides, localVisited);
|
|
87
65
|
}
|
|
88
66
|
}
|
|
89
67
|
function buildDepGraph(projectName, targetFramework, projectAssets, overrides) {
|
|
@@ -110,6 +88,11 @@ function buildDepGraph(projectName, targetFramework, projectAssets, overrides) {
|
|
|
110
88
|
debug(`Using ${assetsTargetFramework} instead of requested ${targetFramework} (partial matches: ${partialMatches.join(',')})`);
|
|
111
89
|
}
|
|
112
90
|
const allPackagesForFramework = projectAssets.targets[assetsTargetFramework];
|
|
91
|
+
const resolvedPackages = {};
|
|
92
|
+
for (const [key, target] of Object.entries(allPackagesForFramework)) {
|
|
93
|
+
const [name, version] = key.split('/');
|
|
94
|
+
resolvedPackages[name] = { resolvedVersion: version, target };
|
|
95
|
+
}
|
|
113
96
|
// Identify direct dependencies for the selected framework
|
|
114
97
|
const directDependencies = {};
|
|
115
98
|
projectAssets.projectFileDependencyGroups[assetsTargetFramework].forEach((dependency) => {
|
|
@@ -123,7 +106,7 @@ function buildDepGraph(projectName, targetFramework, projectAssets, overrides) {
|
|
|
123
106
|
return depGraphBuilder.build();
|
|
124
107
|
}
|
|
125
108
|
// Start recursive population from direct dependencies
|
|
126
|
-
recursivelyPopulateNodes(depGraphBuilder,
|
|
109
|
+
recursivelyPopulateNodes(depGraphBuilder, resolvedPackages, 'root-node', directDependencies, // Pass the direct dependencies object
|
|
127
110
|
overrides);
|
|
128
111
|
return depGraphBuilder.build();
|
|
129
112
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet-core-v3-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v3-parser.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"dotnet-core-v3-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v3-parser.ts"],"names":[],"mappings":";;;AA0OA,sBAaC;AAvPD,qCAAqC;AAErC,+CAAkD;AAClD,yCAAoD;AAGpD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,oDAAoD;AACvC,QAAA,0BAA0B,GAAG;IACxC,gHAAgH;IAChH,oHAAoH;IACpH,sHAAsH;IACtH,sHAAsH;IACtH,8EAA8E;IAC9E,SAAS;CACV,CAAC;AAEF,SAAS,wBAAwB,CAC/B,eAAgC,EAChC,gBAAqC,EACrC,QAAgB,EAChB,YAAoC,EACpC,SAAoB,EACpB,OAAqB;IAErB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;IACT,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IACrC,KAAK,MAAM,CAAC,SAAS,EAAE,oBAAoB,CAAC,IAAI,MAAM,CAAC,OAAO,CAC5D,YAAY,CACb,EAAE,CAAC;QACF,MAAM,YAAY,GAAG,WAAW,IAAI,IAAI,GAAG,EAAU,CAAC;QACtD,gHAAgH;QAChH,+FAA+F;QAC/F,IACE,kCAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EACzE,CAAC;YACD,KAAK,CAAC,GAAG,SAAS,kDAAkD,CAAC,CAAC;YACtE,SAAS;QACX,CAAC;QAED,oEAAoE;QACpE,2FAA2F;QAC3F,MAAM,eAAe,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;QACpD,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,KAAK,CACH,iBAAiB,SAAS,iDAAiD,CAC5E,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,EAAE,aAAa,EAAE,GACrE,eAAe,CAAC;QAElB,IAAI,oBAAoB,KAAK,qBAAqB,EAAE,CAAC;YACnD,KAAK,CACH,wBAAwB,SAAS,cAAc,oBAAoB,oBAAoB,qBAAqB,EAAE,CAC/G,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,SAAS,IAAI,qBAAqB,EAAE,CAAC;QAExD,IAAI,YAAY,GAAG,qBAAqB,CAAC;QAEzC,2GAA2G;QAC3G,0FAA0F;QAC1F,IACE,CAAC,qBAAqB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YACxC,SAAS,IAAI,SAAS,CAAC,mBAAmB;YAC1C,CAAC,SAAS,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAC3D,CAAC;YACD,YAAY,GAAG,SAAS,CAAC,eAAe,CAAC;QAC3C,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,OAAO,SAAS,CAAC;YACrC,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,EAC1C,QAAQ,EACR;gBACE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAC3B,CACF,CAAC;YACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,KAAK,CAAC,iCAAiC,QAAQ,OAAO,OAAO,EAAE,CAAC,CAAC;YACjE,SAAS;QACX,CAAC;QAED,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,EAC1C,OAAO,CACR,CAAC;QACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE1B,KAAK,CAAC,sBAAsB,QAAQ,OAAO,OAAO,EAAE,CAAC,CAAC;QAEtD,wBAAwB,CACtB,eAAe,EACf,gBAAgB,EAChB,OAAO,EACP,aAAa,CAAC,YAAY,EAC1B,SAAS,EACT,YAAY,CACb,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,WAAmB,EACnB,eAAuB,EACvB,aAA4B,EAC5B,SAAoB;IAEpB,MAAM,eAAe,GAAG,IAAI,2BAAe,CACzC,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO;KACvC,CACF,CAAC;IAEF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,gFAAgF;QAChF,MAAM,IAAI,6BAAoB,CAC5B,mDAAmD,CACpD,CAAC;IACJ,CAAC;IAED,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IAElE,+GAA+G;IAC/G,wEAAwE;IACxE,gDAAgD;IAChD,MAAM,cAAc,GAAG,sBAAsB,CAAC,MAAM,CAClD,CAAC,MAAM,EAAE,EAAE,CACT,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,CAC3E,CAAC;IAEF,oHAAoH;IACpH,MAAM,qBAAqB,GACzB,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAE5E,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,gFAAgF;QAChF,MAAM,IAAI,6BAAoB,CAC5B,kEAAkE,eAAe,aAAa,CAC/F,CAAC;IACJ,CAAC;IAED,IAAI,qBAAqB,KAAK,eAAe,EAAE,CAAC;QAC9C,KAAK,CACH,SAAS,qBAAqB,yBAAyB,eAAe,sBAAsB,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CACxH,CAAC;IACJ,CAAC;IAED,MAAM,uBAAuB,GAAG,aAAa,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAE7E,MAAM,gBAAgB,GAAwB,EAAE,CAAC;IACjD,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,EAAE,CAAC;QACpE,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACvC,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAChE,CAAC;IAED,0DAA0D;IAC1D,MAAM,kBAAkB,GAA2B,EAAE,CAAC;IACtD,aAAa,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,CAAC,OAAO,CACtE,CAAC,UAAkB,EAAE,EAAE;QACrB,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9C,kBAAkB,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC,CACF,CAAC;IAEF,KAAK,CACH,8CAA8C,qBAAqB,MAAM,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAC5G,CAAC;IAEF,IAAI,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,KAAK,CACH,iFAAiF,CAClF,CAAC;QACF,8DAA8D;QAC9D,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;IACjC,CAAC;IAED,sDAAsD;IACtD,wBAAwB,CACtB,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,kBAAkB,EAAE,sCAAsC;IAC1D,SAAS,CACV,CAAC;IAEF,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAuB;IAC/C,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,IAAI,6BAAoB,CAC5B,oDAAoD,CACrD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,IAAI,6BAAoB,CAC5B,iDAAiD,CAClD,CAAC;IACJ,CAAC;IAED,IACE,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU;QAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EACrD,CAAC;QACD,MAAM,IAAI,6BAAoB,CAC5B,gDAAgD,CACjD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,IAAI,6BAAoB,CAC5B,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,6BAAoB,CAC5B,6CAA6C,CAC9C,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAgB,KAAK,CACnB,WAAmB,EACnB,eAAuB,EACvB,aAA4B,EAC5B,SAAoB;IAEpB,KAAK,CACH,uEAAuE,CACxE,CAAC;IAEF,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAEhC,OAAO,aAAa,CAAC,WAAW,EAAE,eAAe,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;AAC/E,CAAC"}
|
|
@@ -89,5 +89,9 @@ export type Overrides = {
|
|
|
89
89
|
overridesAssemblies: AssemblyVersions;
|
|
90
90
|
overrideVersion: string;
|
|
91
91
|
};
|
|
92
|
+
export type ResolvedPackagesMap = Record<string, {
|
|
93
|
+
readonly resolvedVersion: string;
|
|
94
|
+
readonly target: Target;
|
|
95
|
+
}>;
|
|
92
96
|
export type DotnetCoreV2Results = DotnetCoreV2Result[];
|
|
93
97
|
export {};
|
package/package.json
CHANGED