snyk-nuget-plugin 2.3.2 → 2.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/nuget-parser/parsers/dotnet-core-v2-parser.js +4 -12
  2. package/dist/nuget-parser/parsers/dotnet-core-v2-parser.js.map +1 -1
  3. package/dist/nuget-parser/runtime-assembly.js +22 -24
  4. package/dist/nuget-parser/runtime-assembly.js.map +1 -1
  5. package/package.json +1 -1
package/dist/nuget-parser/parsers/dotnet-core-v2-parser.js CHANGED
@@ -77,23 +77,15 @@ function buildGraph(projectName, projectAssets, publishedProjectDeps, runtimeAss
77
77
  if (!restoreProjectName) {
78
78
  throw new errors_1.InvalidManifestError(`no project name containing ${projectAssets.project.restore.projectName} found in ${runtimeTarget} object, cannot continue without it`);
79
79
  }
80
- const topLevelDependencies = Object.keys(publishedProjectDeps.targets[runtimeTarget][restoreProjectName]
81
- .dependencies);
80
+ // Find names and versions of all dependencies of the root package. These are already structured correctly in
81
+ // the deps.json generated by `dotnet publish`.
82
+ const topLevelDepPackages = publishedProjectDeps.targets[runtimeTarget][restoreProjectName]
83
+ .dependencies;
82
84
  // Iterate over all the dependencies found in the target dependency list, and build the depGraph based off of that.
83
85
  const targetDependencies = Object.entries(publishedProjectDeps.targets[runtimeTarget]).reduce((acc, entry) => {
84
86
  const [nameWithVersion, pkg] = entry;
85
87
  return { ...acc, [nameWithVersion]: pkg };
86
88
  }, {});
87
- const topLevelDepPackages = topLevelDependencies.reduce((acc, topLevelDepName) => {
88
- const nameWithVersion = Object.keys(targetDependencies).find((targetDep) =>
89
- // Lowercase the comparison, as .csproj <PackageReference>s are not case-sensitive, and can be written however you like.
90
- targetDep.toLowerCase().startsWith(topLevelDepName.toLowerCase()));
91
- if (!nameWithVersion) {
92
- throw new errors_1.InvalidManifestError(`cant find a name and a version in assets file, something's very malformed`);
93
- }
94
- const [name, version] = nameWithVersion.split('/');
95
- return { ...acc, [name]: version };
96
- }, {});
97
89
  const rootNode = {
98
90
  type: 'root',
99
91
  dependencies: topLevelDepPackages,
package/dist/nuget-parser/parsers/dotnet-core-v2-parser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"dotnet-core-v2-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v2-parser.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AAErC,+CAAkD;AAMlD,yCAAoD;AAEpD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAYlC,oDAAoD;AACvC,QAAA,0BAA0B,GAAG;IACxC,gHAAgH;IAChH,oHAAoH;IACpH,sHAAsH;IACtH,sHAAsH;IACtH,8EAA8E;IAC9E,SAAS;CACV,CAAC;AAEF,SAAS,wBAAwB,CAC/B,eAAgC,EAChC,UAAyC,EACzC,IAAmB,EACnB,eAAiC,EACjC,OAAqB;IAErB,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;IAEtE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9D,MAAM,YAAY,GAAG,OAAO,IAAI,IAAI,GAAG,EAAU,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE3B,gHAAgH;QAChH,+FAA+F;QAC/F,IAAI,kCAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YACzE,KAAK,CAAC,GAAG,IAAI,kDAAkD,CAAC,CAAC;YACjE,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG;YAChB,GAAG,UAAU,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;YACnC,IAAI;YACJ,OAAO;SACR,CAAC;QAEF,MAAM,OAAO,GAAG,GAAG,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QAEzD,4GAA4G;QAC5G,0FAA0F;QAC1F,IAAI,eAAe,GAAG,OAAO,CAAC;QAC9B,4GAA4G;QAC5G,sGAAsG;QACtG,MAAM,GAAG,GAAG,GAAG,IAAI,MAAM,CAAC;QAC1B,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;YAC3B,eAAe,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,OAAO,SAAS,CAAC;YACrC,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,QAAQ,EACR;gBACE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAC3B,CACF,CAAC;YACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,OAAO,CACR,CAAC;QACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE1B,wBAAwB,CACtB,eAAe,EACf,UAAU,EACV,SAAS,EACT,eAAe,EACf,YAAY,CACb,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CACjB,WAAmB,EACnB,aAA4B,EAC5B,oBAA0C,EAC1C,eAAiC;IAEjC,MAAM,eAAe,GAAG,IAAI,2BAAe,CACzC,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO;KACvC,CACF,CAAC;IAEF,iHAAiH;IACjH,qDAAqD;IACrD,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAC,IAAI,CAAC;IAE9D,oFAAoF;IACpF,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,6BAAoB,CAC5B,2HAA2H,CAC5H,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,aAAa,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,6BAAoB,CAC5B,MAAM,aAAa,sDAAsD,CAC1E,CAAC;IACJ,CAAC;IAED,iHAAiH;IACjH,kHAAkH;IAClH,2GAA2G;IAC3G,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CACpC,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAC5C,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAEvE,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,6BAAoB,CAC5B,8BAA8B,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,aAAa,aAAa,qCAAqC,CACvI,CAAC;IACJ,CAAC;IAED,MAAM,oBAAoB,GAAG,MAAM,CAAC,IAAI,CACtC,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,kBAAkB,CAAC;SAC5D,YAAY,CAChB,CAAC;IAEF,mHAAmH;IACnH,MAAM,kBAAkB,GAAkC,MAAM,CAAC,OAAO,CACtE,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAC5C,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACtB,MAAM,CAAC,eAAe,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;QACrC,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC;IAC5C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,mBAAmB,GAAG,oBAAoB,CAAC,MAAM,CACrD,CAAC,GAAG,EAAE,eAAe,EAAE,EAAE;QACvB,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAC1D,CAAC,SAAS,EAAE,EAAE;QACZ,wHAAwH;QACxH,SAAS,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC,CACpE,CAAC;QACF,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAI,6BAAoB,CAC5B,2EAA2E,CAC5E,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEnD,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC;IACrC,CAAC,EACD,EAAE,CACH,CAAC;IAEF,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,mBAAmB;KACjB,CAAC;IAEnB,wBAAwB,CACtB,eAAe,EACf,kBAAkB,EAClB,QAAQ,EACR,eAAe,CAChB,CAAC;IAEF,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAgB,KAAK,CACnB,WAAmB,EACnB,aAA4B,EAC5B,oBAA0C,EAC1C,eAAiC;IAEjC,KAAK,CAAC,6DAA6D,CAAC,CAAC;IAErE,MAAM,MAAM,GAAG,UAAU,CACvB,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,eAAe,CAChB,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAfD,sBAeC"}
1
+ {"version":3,"file":"dotnet-core-v2-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v2-parser.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AAErC,+CAAkD;AAMlD,yCAAoD;AAEpD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAYlC,oDAAoD;AACvC,QAAA,0BAA0B,GAAG;IACxC,gHAAgH;IAChH,oHAAoH;IACpH,sHAAsH;IACtH,sHAAsH;IACtH,8EAA8E;IAC9E,SAAS;CACV,CAAC;AAEF,SAAS,wBAAwB,CAC/B,eAAgC,EAChC,UAAyC,EACzC,IAAmB,EACnB,eAAiC,EACjC,OAAqB;IAErB,MAAM,QAAQ,GACZ,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;IAEtE,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9D,MAAM,YAAY,GAAG,OAAO,IAAI,IAAI,GAAG,EAAU,CAAC;QAClD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAE3B,gHAAgH;QAChH,+FAA+F;QAC/F,IAAI,kCAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YACzE,KAAK,CAAC,GAAG,IAAI,kDAAkD,CAAC,CAAC;YACjE,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG;YAChB,GAAG,UAAU,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;YACnC,IAAI;YACJ,OAAO;SACR,CAAC;QAEF,MAAM,OAAO,GAAG,GAAG,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QAEzD,4GAA4G;QAC5G,0FAA0F;QAC1F,IAAI,eAAe,GAAG,OAAO,CAAC;QAC9B,4GAA4G;QAC5G,sGAAsG;QACtG,MAAM,GAAG,GAAG,GAAG,IAAI,MAAM,CAAC;QAC1B,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;YAC3B,eAAe,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,OAAO,SAAS,CAAC;YACrC,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,QAAQ,EACR;gBACE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAC3B,CACF,CAAC;YACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,EAClD,OAAO,CACR,CAAC;QACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE1B,wBAAwB,CACtB,eAAe,EACf,UAAU,EACV,SAAS,EACT,eAAe,EACf,YAAY,CACb,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CACjB,WAAmB,EACnB,aAA4B,EAC5B,oBAA0C,EAC1C,eAAiC;IAEjC,MAAM,eAAe,GAAG,IAAI,2BAAe,CACzC,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO;KACvC,CACF,CAAC;IAEF,iHAAiH;IACjH,qDAAqD;IACrD,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAC,IAAI,CAAC;IAE9D,oFAAoF;IACpF,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,6BAAoB,CAC5B,2HAA2H,CAC5H,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,aAAa,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,6BAAoB,CAC5B,MAAM,aAAa,sDAAsD,CAC1E,CAAC;IACJ,CAAC;IAED,iHAAiH;IACjH,kHAAkH;IAClH,2GAA2G;IAC3G,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CACpC,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAC5C,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAEvE,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,6BAAoB,CAC5B,8BAA8B,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,aAAa,aAAa,qCAAqC,CACvI,CAAC;IACJ,CAAC;IAED,6GAA6G;IAC7G,+CAA+C;IAC/C,MAAM,mBAAmB,GACvB,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,kBAAkB,CAAC;SAC5D,YAAY,CAAC;IAElB,mHAAmH;IACnH,MAAM,kBAAkB,GAAkC,MAAM,CAAC,OAAO,CACtE,oBAAoB,CAAC,OAAO,CAAC,aAAa,CAAC,CAC5C,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACtB,MAAM,CAAC,eAAe,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;QACrC,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC;IAC5C,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,MAAM;QACZ,YAAY,EAAE,mBAAmB;KACjB,CAAC;IAEnB,wBAAwB,CACtB,eAAe,EACf,kBAAkB,EAClB,QAAQ,EACR,eAAe,CAChB,CAAC;IAEF,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAgB,KAAK,CACnB,WAAmB,EACnB,aAA4B,EAC5B,oBAA0C,EAC1C,eAAiC;IAEjC,KAAK,CAAC,6DAA6D,CAAC,CAAC;IAErE,MAAM,MAAM,GAAG,UAAU,CACvB,WAAW,EACX,aAAa,EACb,oBAAoB,EACpB,eAAe,CAChB,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAfD,sBAeC"}
package/dist/nuget-parser/runtime-assembly.js CHANGED
@@ -21,23 +21,21 @@ function generateRuntimeAssemblies(deps) {
21
21
  if (!deps.targets) {
22
22
  throw new errors.FileNotProcessableError('could not find any targets in deps file');
23
23
  }
24
- // Run through all TargetFrameworks, indexed for example
25
- // .NETCoreApp,Version=v6.0/osx-arm64,
26
- // .NETCoreApp,Version=v6.0/alpine-armv6
24
+ if (!(runtimeTargetName in deps.targets)) {
25
+ throw new errors.FileNotProcessableError(`could not locate ${runtimeTargetName} in list of targets, cannot continue`);
26
+ }
27
+ // Run through all runtimepacks in target, indexed for example as
28
+ // runtimepack.Microsoft.NETCore.App.Runtime.osx-arm64/7.0.14
29
+ // runtimepack.Microsoft.AspNetCore.App.Runtime.osx-arm64/7.0.14
27
30
  // ... etc.
28
31
  // See all: https://github.com/dotnet/runtime/blob/bd83e17052d3c09022bad1d91dca860ca6b27ab9/src/libraries/Microsoft.NETCore.Platforms/src/runtime.json
29
32
  let runtimeAssemblyVersions = {};
30
- Object.entries(deps.targets).forEach(([target, dependencies]) => {
31
- // Ignore target frameworks without dependencies, as they hold no dlls and thus no assembly versions to gauge.
32
- if ((0, lodash_1.isEmpty)(dependencies)) {
33
- return;
34
- }
35
- // Since we're running `dotnet publish` with `--use-current-runtime`, this should exist in the dependency list,
36
- // but guard against it to ensure good user feedback in case we did something wrong.
37
- const runtimePack = Object.keys(dependencies).find((dep) => dep.startsWith('runtimepack'));
38
- if (!runtimePack) {
39
- throw new errors.FileNotProcessableError(`could not find any runtimepack.* identifier in the ${target} dependency`);
40
- }
33
+ const runtimePacks = Object.keys(deps.targets[runtimeTargetName]).filter((t) => t.startsWith('runtimepack'));
34
+ if (runtimePacks.length <= 0) {
35
+ throw new errors.FileNotProcessableError(`could not find any runtimepack.* identifiers in ${runtimeTargetName}, cannot continue`);
36
+ }
37
+ runtimePacks.forEach((runtimePack) => {
38
+ const dependencies = deps.targets[runtimeTargetName][runtimePack];
41
39
  // The runtimepack contains all the current RuntimeIdentifier (RID) assemblies which we are interested in.
42
40
  // Such as
43
41
  // "runtimepack.Microsoft.NETCore.App.Runtime.osx-arm64/6.0.16": {
@@ -46,10 +44,10 @@ function generateRuntimeAssemblies(deps) {
46
44
  // }
47
45
  // }
48
46
  // We traverse all those and store them for the dependency graph build.
49
- if (!('runtime' in dependencies[runtimePack])) {
47
+ if (!('runtime' in dependencies)) {
50
48
  throw new errors.FileNotProcessableError(`could not find any runtime list in the ${runtimePack} dependency`);
51
49
  }
52
- const runtimes = dependencies[runtimePack]['runtime'];
50
+ const runtimes = dependencies['runtime'];
53
51
  // Dig down into the specific runtimepack which contains all the assembly versions of
54
52
  // the bundled DLLs for the given runtime, as:
55
53
  // "runtimepack.Microsoft.NETCore.App.Runtime.osx-arm64/6.0.16": {
@@ -65,14 +63,14 @@ function generateRuntimeAssemblies(deps) {
65
63
  // (...)
66
64
  // We currently only address assemblyVersions. FileVersion might become relevant, depending
67
65
  // on how vulnerabilities are reported in the future.
68
- runtimeAssemblyVersions = Object.entries(runtimes).reduce((acc, [dll, versions]) => {
69
- // Take the version number (N.N.N.N) and remove the last element, in order for vulndb to understand anything.
70
- acc[dll] = versions.assemblyVersion.split('.').slice(0, -1).join('.');
71
- return acc;
72
- }, {});
73
- // `dotnet publish` does not support multiple consecutive `--runtime` parameters, so there should really only
74
- // be one. Thus, drop iterating more.
75
- return;
66
+ runtimeAssemblyVersions = {
67
+ ...runtimeAssemblyVersions,
68
+ ...Object.entries(runtimes).reduce((acc, [dll, versions]) => {
69
+ // Take the version number (N.N.N.N) and remove the last element, in order for vulndb to understand anything.
70
+ acc[dll] = versions.assemblyVersion.split('.').slice(0, -1).join('.');
71
+ return acc;
72
+ }, {}),
73
+ };
76
74
  });
77
75
  if ((0, lodash_1.isEmpty)(runtimeAssemblyVersions)) {
78
76
  throw new errors.FileNotProcessableError('collection of runtime assembly versions was empty, that should not happen');
package/dist/nuget-parser/runtime-assembly.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"runtime-assembly.js","sourceRoot":"","sources":["../../lib/nuget-parser/runtime-assembly.ts"],"names":[],"mappings":";;;AACA,qCAAqC;AACrC,mCAAiC;AACjC,qCAAqC;AAErC,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAWlC,oEAAoE;AACpE,yGAAyG;AACzG,6GAA6G;AAC7G,8GAA8G;AAC9G,yBAAyB;AACzB,kHAAkH;AAClH,wBAAwB;AACxB,wFAAwF;AACxF,iHAAiH;AACjH,4EAA4E;AAC5E,SAAgB,yBAAyB,CACvC,IAA0B;IAE1B,MAAM,iBAAiB,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;IAElD,KAAK,CAAC,sCAAsC,iBAAiB,EAAE,CAAC,CAAC;IAEjE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,yCAAyC,CAC1C,CAAC;IACJ,CAAC;IAED,wDAAwD;IACxD,sCAAsC;IACtC,wCAAwC;IACxC,WAAW;IACX,sJAAsJ;IACtJ,IAAI,uBAAuB,GAAqB,EAAE,CAAC;IACnD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE,EAAE;QACzE,8GAA8G;QAC9G,IAAI,IAAA,gBAAO,EAAC,YAAY,CAAC,EAAE,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,+GAA+G;QAC/G,oFAAoF;QACpF,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACzD,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,CAC9B,CAAC;QAEF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,sDAAsD,MAAM,aAAa,CAC1E,CAAC;QACJ,CAAC;QAED,0GAA0G;QAC1G,UAAU;QACV,oEAAoE;QACpE,uBAAuB;QACvB,kEAAkE;QAClE,aAAa;QACb,MAAM;QACN,uEAAuE;QACvE,IAAI,CAAC,CAAC,SAAS,IAAI,YAAY,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,0CAA0C,WAAW,aAAa,CACnE,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,CAAC;QAEtD,qFAAqF;QACrF,8CAA8C;QAC9C,kEAAkE;QAClE,iBAAiB;QACjB,gCAAgC;QAChC,sCAAsC;QACtC,wCAAwC;QACxC,SAAS;QACT,0CAA0C;QAC1C,uCAAuC;QACvC,2CAA2C;QAC3C,SAAS;QACT,SAAS;QACT,2FAA2F;QAC3F,qDAAqD;QACrD,uBAAuB,GAAG,MAAM,CAAC,OAAO,CAAC,QAAoB,CAAC,CAAC,MAAM,CACnE,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE;YACvB,6GAA6G;YAC7G,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtE,OAAO,GAAG,CAAC;QACb,CAAC,EACD,EAAE,CACH,CAAC;QAEF,6GAA6G;QAC7G,qCAAqC;QACrC,OAAO;IACT,CAAC,CAAC,CAAC;IAEH,IAAI,IAAA,gBAAO,EAAC,uBAAuB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,+CAA+C,iBAAiB,EAAE,CAAC,CAAC;IAE1E,OAAO,uBAAuB,CAAC;AACjC,CAAC;AA3FD,8DA2FC"}
1
+ {"version":3,"file":"runtime-assembly.js","sourceRoot":"","sources":["../../lib/nuget-parser/runtime-assembly.ts"],"names":[],"mappings":";;;AACA,qCAAqC;AACrC,mCAAiC;AACjC,qCAAqC;AAErC,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AASlC,oEAAoE;AACpE,yGAAyG;AACzG,6GAA6G;AAC7G,8GAA8G;AAC9G,yBAAyB;AACzB,kHAAkH;AAClH,wBAAwB;AACxB,wFAAwF;AACxF,iHAAiH;AACjH,4EAA4E;AAC5E,SAAgB,yBAAyB,CACvC,IAA0B;IAE1B,MAAM,iBAAiB,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;IAElD,KAAK,CAAC,sCAAsC,iBAAiB,EAAE,CAAC,CAAC;IAEjE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,yCAAyC,CAC1C,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,oBAAoB,iBAAiB,sCAAsC,CAC5E,CAAC;IACJ,CAAC;IAED,iEAAiE;IACjE,6DAA6D;IAC7D,gEAAgE;IAChE,WAAW;IACX,sJAAsJ;IACtJ,IAAI,uBAAuB,GAAqB,EAAE,CAAC;IAEnD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,MAAM,CACtE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CACnC,CAAC;IACF,IAAI,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,mDAAmD,iBAAiB,mBAAmB,CACxF,CAAC;IACJ,CAAC;IAED,YAAY,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;QACnC,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,WAAW,CAAC,CAAC;QAClE,0GAA0G;QAC1G,UAAU;QACV,oEAAoE;QACpE,uBAAuB;QACvB,kEAAkE;QAClE,aAAa;QACb,MAAM;QACN,uEAAuE;QACvE,IAAI,CAAC,CAAC,SAAS,IAAI,YAAY,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,0CAA0C,WAAW,aAAa,CACnE,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QAEzC,qFAAqF;QACrF,8CAA8C;QAC9C,kEAAkE;QAClE,iBAAiB;QACjB,gCAAgC;QAChC,sCAAsC;QACtC,wCAAwC;QACxC,SAAS;QACT,0CAA0C;QAC1C,uCAAuC;QACvC,2CAA2C;QAC3C,SAAS;QACT,SAAS;QACT,2FAA2F;QAC3F,qDAAqD;QACrD,uBAAuB,GAAG;YACxB,GAAG,uBAAuB;YAC1B,GAAG,MAAM,CAAC,OAAO,CAAC,QAAoB,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE;gBACtE,6GAA6G;gBAC7G,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtE,OAAO,GAAG,CAAC;YACb,CAAC,EAAE,EAAE,CAAC;SACP,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,IAAI,IAAA,gBAAO,EAAC,uBAAuB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,MAAM,CAAC,uBAAuB,CACtC,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,+CAA+C,iBAAiB,EAAE,CAAC,CAAC;IAE1E,OAAO,uBAAuB,CAAC;AACjC,CAAC;AAvFD,8DAuFC"}
package/package.json CHANGED
@@ -58,5 +58,5 @@
58
58
  "ts-jest": "^29.1.1",
59
59
  "typescript": "^5.1.6"
60
60
  },
61
- "version": "2.3.2"
61
+ "version": "2.3.3"
62
62
  }