snyk-nuget-plugin 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -30,35 +30,37 @@ function recursivelyPopulateNodes(depGraphBuilder, resolvedPackages, parentID, d
|
|
|
30
30
|
}
|
|
31
31
|
// Find the actual resolved version and target for this package name
|
|
32
32
|
// NuGet may resolve to a different version than what's declared in transitive dependencies
|
|
33
|
-
|
|
33
|
+
// and use the lowercased name as NuGet packages are case-insensitive
|
|
34
|
+
const lowercaseChildName = childName.toLowerCase();
|
|
35
|
+
const resolvedPackage = resolvedPackages[lowercaseChildName];
|
|
34
36
|
if (!resolvedPackage) {
|
|
35
37
|
debug(`Child package ${childName} not found in lock file packages for framework.`);
|
|
36
38
|
continue;
|
|
37
39
|
}
|
|
38
|
-
const { resolvedVersion: actualResolvedVersion, target: childPkgEntry } = resolvedPackage;
|
|
40
|
+
const { name: actualPkgName, resolvedVersion: actualResolvedVersion, target: childPkgEntry, } = resolvedPackage;
|
|
39
41
|
if (childResolvedVersion !== actualResolvedVersion) {
|
|
40
42
|
debug(`Version mismatch for ${childName}: declared ${childResolvedVersion}, using resolved ${actualResolvedVersion}`);
|
|
41
43
|
}
|
|
42
|
-
const childID = `${
|
|
44
|
+
const childID = `${actualPkgName}@${actualResolvedVersion}`;
|
|
43
45
|
let finalVersion = actualResolvedVersion;
|
|
44
46
|
// If we're looking at a runtime assembly version for self-contained dlls, overwrite the dependency version
|
|
45
47
|
// we've found in the graph with those from the runtime assembly, as they take precedence.
|
|
46
48
|
if (overrides.overrideVersion &&
|
|
47
49
|
+actualResolvedVersion.split('.')[0] < 6 &&
|
|
48
|
-
|
|
49
|
-
+overrides.overridesAssemblies[
|
|
50
|
+
actualPkgName in overrides.overridesAssemblies &&
|
|
51
|
+
+overrides.overridesAssemblies[actualPkgName].split('.')[0] < 6) {
|
|
50
52
|
finalVersion = overrides.overrideVersion;
|
|
51
53
|
}
|
|
52
54
|
if (localVisited.has(childID)) {
|
|
53
55
|
const prunedID = `${childID}:pruned`;
|
|
54
|
-
depGraphBuilder.addPkgNode({ name:
|
|
56
|
+
depGraphBuilder.addPkgNode({ name: actualPkgName, version: finalVersion }, prunedID, {
|
|
55
57
|
labels: { pruned: 'true' },
|
|
56
58
|
});
|
|
57
59
|
depGraphBuilder.connectDep(parentID, prunedID);
|
|
58
60
|
debug(`Pruning duplicate dependency: ${parentID} -> ${childID}`);
|
|
59
61
|
continue;
|
|
60
62
|
}
|
|
61
|
-
depGraphBuilder.addPkgNode({ name:
|
|
63
|
+
depGraphBuilder.addPkgNode({ name: actualPkgName, version: finalVersion }, childID);
|
|
62
64
|
depGraphBuilder.connectDep(parentID, childID);
|
|
63
65
|
localVisited.add(childID);
|
|
64
66
|
debug(`Adding dependency: ${parentID} -> ${childID}`);
|
|
@@ -92,7 +94,12 @@ function buildDepGraph(projectName, targetFramework, projectAssets, overrides) {
|
|
|
92
94
|
const resolvedPackages = {};
|
|
93
95
|
for (const [key, target] of Object.entries(allPackagesForFramework)) {
|
|
94
96
|
const [name, version] = key.split('/');
|
|
95
|
-
|
|
97
|
+
// Use the lowercased name for lookups as NuGet packages are case-insensitive.
|
|
98
|
+
resolvedPackages[name.toLowerCase()] = {
|
|
99
|
+
name,
|
|
100
|
+
resolvedVersion: version,
|
|
101
|
+
target,
|
|
102
|
+
};
|
|
96
103
|
}
|
|
97
104
|
// Identify direct dependencies for the selected framework
|
|
98
105
|
const directDependencies = {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotnet-core-v3-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v3-parser.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"dotnet-core-v3-parser.js","sourceRoot":"","sources":["../../../lib/nuget-parser/parsers/dotnet-core-v3-parser.ts"],"names":[],"mappings":";;;AAqPA,sBAaC;AAlQD,qCAAqC;AAErC,+CAAkD;AAClD,yCAAoD;AAGpD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;AAElC,oDAAoD;AACvC,QAAA,0BAA0B,GAAG;IACxC,gHAAgH;IAChH,oHAAoH;IACpH,sHAAsH;IACtH,sHAAsH;IACtH,8EAA8E;IAC9E,SAAS;CACV,CAAC;AAEF,SAAS,wBAAwB,CAC/B,eAAgC,EAChC,gBAAqC,EACrC,QAAgB,EAChB,YAAoC,EACpC,SAAoB,EACpB,OAAqB;IAErB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;IACT,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IACrC,KAAK,MAAM,CAAC,SAAS,EAAE,oBAAoB,CAAC,IAAI,MAAM,CAAC,OAAO,CAC5D,YAAY,CACb,EAAE,CAAC;QACF,MAAM,YAAY,GAAG,WAAW,IAAI,IAAI,GAAG,EAAU,CAAC;QACtD,gHAAgH;QAChH,+FAA+F;QAC/F,IACE,kCAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EACzE,CAAC;YACD,KAAK,CAAC,GAAG,SAAS,kDAAkD,CAAC,CAAC;YACtE,SAAS;QACX,CAAC;QAED,oEAAoE;QACpE,2FAA2F;QAC3F,qEAAqE;QACrE,MAAM,kBAAkB,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QACnD,MAAM,eAAe,GAAG,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;QAC7D,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,KAAK,CACH,iBAAiB,SAAS,iDAAiD,CAC5E,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,EACJ,IAAI,EAAE,aAAa,EACnB,eAAe,EAAE,qBAAqB,EACtC,MAAM,EAAE,aAAa,GACtB,GAAG,eAAe,CAAC;QAEpB,IAAI,oBAAoB,KAAK,qBAAqB,EAAE,CAAC;YACnD,KAAK,CACH,wBAAwB,SAAS,cAAc,oBAAoB,oBAAoB,qBAAqB,EAAE,CAC/G,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,aAAa,IAAI,qBAAqB,EAAE,CAAC;QAE5D,IAAI,YAAY,GAAG,qBAAqB,CAAC;QAEzC,2GAA2G;QAC3G,0FAA0F;QAC1F,IACE,SAAS,CAAC,eAAe;YACzB,CAAC,qBAAqB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YACxC,aAAa,IAAI,SAAS,CAAC,mBAAmB;YAC9C,CAAC,SAAS,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAC/D,CAAC;YACD,YAAY,GAAG,SAAS,CAAC,eAAe,CAAC;QAC3C,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,GAAG,OAAO,SAAS,CAAC;YACrC,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY,EAAE,EAC9C,QAAQ,EACR;gBACE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE;aAC3B,CACF,CAAC;YACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,KAAK,CAAC,iCAAiC,QAAQ,OAAO,OAAO,EAAE,CAAC,CAAC;YACjE,SAAS;QACX,CAAC;QAED,eAAe,CAAC,UAAU,CACxB,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY,EAAE,EAC9C,OAAO,CACR,CAAC;QACF,eAAe,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE1B,KAAK,CAAC,sBAAsB,QAAQ,OAAO,OAAO,EAAE,CAAC,CAAC;QAEtD,wBAAwB,CACtB,eAAe,EACf,gBAAgB,EAChB,OAAO,EACP,aAAa,CAAC,YAAY,EAC1B,SAAS,EACT,YAAY,CACb,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,WAAmB,EACnB,eAAuB,EACvB,aAA4B,EAC5B,SAAoB;IAEpB,MAAM,eAAe,GAAG,IAAI,2BAAe,CACzC,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,OAAO;KACvC,CACF,CAAC;IAEF,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,gFAAgF;QAChF,MAAM,IAAI,6BAAoB,CAC5B,mDAAmD,CACpD,CAAC;IACJ,CAAC;IAED,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IAElE,+GAA+G;IAC/G,wEAAwE;IACxE,gDAAgD;IAChD,MAAM,cAAc,GAAG,sBAAsB,CAAC,MAAM,CAClD,CAAC,MAAM,EAAE,EAAE,CACT,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,CAC3E,CAAC;IAEF,oHAAoH;IACpH,MAAM,qBAAqB,GACzB,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAE5E,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC3B,gFAAgF;QAChF,MAAM,IAAI,6BAAoB,CAC5B,kEAAkE,eAAe,aAAa,CAC/F,CAAC;IACJ,CAAC;IAED,IAAI,qBAAqB,KAAK,eAAe,EAAE,CAAC;QAC9C,KAAK,CACH,SAAS,qBAAqB,yBAAyB,eAAe,sBAAsB,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CACxH,CAAC;IACJ,CAAC;IAED,MAAM,uBAAuB,GAAG,aAAa,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAE7E,MAAM,gBAAgB,GAAwB,EAAE,CAAC;IACjD,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,EAAE,CAAC;QACpE,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACvC,8EAA8E;QAC9E,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,GAAG;YACrC,IAAI;YACJ,eAAe,EAAE,OAAO;YACxB,MAAM;SACP,CAAC;IACJ,CAAC;IAED,0DAA0D;IAC1D,MAAM,kBAAkB,GAA2B,EAAE,CAAC;IACtD,aAAa,CAAC,2BAA2B,CAAC,qBAAqB,CAAC,CAAC,OAAO,CACtE,CAAC,UAAkB,EAAE,EAAE;QACrB,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9C,kBAAkB,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC,CACF,CAAC;IAEF,KAAK,CACH,8CAA8C,qBAAqB,MAAM,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAC5G,CAAC;IAEF,IAAI,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,KAAK,CACH,iFAAiF,CAClF,CAAC;QACF,8DAA8D;QAC9D,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;IACjC,CAAC;IAED,sDAAsD;IACtD,wBAAwB,CACtB,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,kBAAkB,EAAE,sCAAsC;IAC1D,SAAS,CACV,CAAC;IAEF,OAAO,eAAe,CAAC,KAAK,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAuB;IAC/C,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,IAAI,6BAAoB,CAC5B,oDAAoD,CACrD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,IAAI,6BAAoB,CAC5B,iDAAiD,CAClD,CAAC;IACJ,CAAC;IAED,IACE,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU;QAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EACrD,CAAC;QACD,MAAM,IAAI,6BAAoB,CAC5B,gDAAgD,CACjD,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACtB,MAAM,IAAI,6BAAoB,CAC5B,8CAA8C,CAC/C,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,6BAAoB,CAC5B,6CAA6C,CAC9C,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAgB,KAAK,CACnB,WAAmB,EACnB,eAAuB,EACvB,aAA4B,EAC5B,SAAoB;IAEpB,KAAK,CACH,uEAAuE,CACxE,CAAC;IAEF,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAEhC,OAAO,aAAa,CAAC,WAAW,EAAE,eAAe,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;AAC/E,CAAC"}
|
package/package.json
CHANGED