socket 0.15.33 → 0.15.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +244 -150
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/shadow-inject.js.map +1 -1
- package/dist/utils.js +41 -30
- package/dist/utils.js.map +1 -1
- package/external/@socketsecurity/registry/lib/debug.js +37 -9
- package/package.json +4 -4
package/dist/cli.js
CHANGED
|
@@ -630,7 +630,7 @@ ${table}
|
|
|
630
630
|
process.exitCode = 1;
|
|
631
631
|
logger.logger.fail('There was a problem converting the logs to Markdown, please try the `--json` flag');
|
|
632
632
|
if (debug.isDebug()) {
|
|
633
|
-
debug.debugFn('
|
|
633
|
+
debug.debugFn('catch: unexpected\n', e);
|
|
634
634
|
}
|
|
635
635
|
return '';
|
|
636
636
|
}
|
|
@@ -1151,7 +1151,7 @@ async function run$O(argv, importMeta, {
|
|
|
1151
1151
|
async function getDefaultOrgSlug() {
|
|
1152
1152
|
const defaultOrgResult = utils.getConfigValueOrUndef('defaultOrg');
|
|
1153
1153
|
if (defaultOrgResult) {
|
|
1154
|
-
debug.debugFn('
|
|
1154
|
+
debug.debugFn('use: default org', defaultOrgResult);
|
|
1155
1155
|
return {
|
|
1156
1156
|
ok: true,
|
|
1157
1157
|
data: defaultOrgResult
|
|
@@ -1183,7 +1183,7 @@ async function getDefaultOrgSlug() {
|
|
|
1183
1183
|
data: `Was unable to determine the default organization for the current API token. Unable to continue.`
|
|
1184
1184
|
};
|
|
1185
1185
|
}
|
|
1186
|
-
debug.debugFn('
|
|
1186
|
+
debug.debugFn('resolve: org', slug);
|
|
1187
1187
|
return {
|
|
1188
1188
|
ok: true,
|
|
1189
1189
|
message: 'Retrieved default org from server',
|
|
@@ -1287,7 +1287,7 @@ async function fetchReportData(orgSlug, scanId, includeLicensePolicy) {
|
|
|
1287
1287
|
return JSON.parse(line);
|
|
1288
1288
|
} catch {
|
|
1289
1289
|
ok = false;
|
|
1290
|
-
debug.debugFn('
|
|
1290
|
+
debug.debugFn('fail: parse NDJSON\n', line);
|
|
1291
1291
|
return;
|
|
1292
1292
|
}
|
|
1293
1293
|
});
|
|
@@ -3667,44 +3667,70 @@ function getBaseGitBranch() {
|
|
|
3667
3667
|
// https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
|
|
3668
3668
|
'main';
|
|
3669
3669
|
}
|
|
3670
|
-
function getSocketBranchName(purl, newVersion,
|
|
3671
|
-
const purlObj =
|
|
3672
|
-
const
|
|
3673
|
-
const
|
|
3674
|
-
const
|
|
3675
|
-
|
|
3676
|
-
|
|
3677
|
-
|
|
3670
|
+
function getSocketBranchName(purl, newVersion, workspace) {
|
|
3671
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3672
|
+
const fmtType = formatBranchName(purlObj.type);
|
|
3673
|
+
const fmtWorkspace = workspace ? `${formatBranchName(workspace)}` : 'root';
|
|
3674
|
+
const fmtMaybeNamespace = purlObj.namespace ? `${formatBranchName(purlObj.namespace)}--` : '';
|
|
3675
|
+
const fmtFullName = `${fmtMaybeNamespace}${formatBranchName(purlObj.name)}`;
|
|
3676
|
+
const fmtVersion = formatBranchName(purlObj.version);
|
|
3677
|
+
const fmtNewVersion = formatBranchName(newVersion);
|
|
3678
|
+
return `socket/${fmtType}_${fmtWorkspace}_${fmtFullName}_${fmtVersion}_${fmtNewVersion}`;
|
|
3679
|
+
}
|
|
3680
|
+
function getSocketBranchPattern(options) {
|
|
3678
3681
|
const {
|
|
3682
|
+
newVersion,
|
|
3679
3683
|
purl,
|
|
3680
3684
|
workspace
|
|
3681
3685
|
} = {
|
|
3682
3686
|
__proto__: null,
|
|
3683
3687
|
...options
|
|
3684
3688
|
};
|
|
3685
|
-
const purlObj = purl ?
|
|
3686
|
-
const
|
|
3687
|
-
const
|
|
3688
|
-
const
|
|
3689
|
-
|
|
3690
|
-
|
|
3691
|
-
|
|
3692
|
-
|
|
3693
|
-
|
|
3694
|
-
|
|
3695
|
-
|
|
3696
|
-
|
|
3697
|
-
|
|
3698
|
-
|
|
3699
|
-
|
|
3700
|
-
|
|
3701
|
-
|
|
3702
|
-
|
|
3703
|
-
|
|
3704
|
-
|
|
3705
|
-
|
|
3706
|
-
|
|
3707
|
-
|
|
3689
|
+
const purlObj = purl ? utils.getPurlObject(purl) : null;
|
|
3690
|
+
const escType = purlObj ? regexps.escapeRegExp(purlObj.type) : '[^_]+';
|
|
3691
|
+
const escWorkspace = workspace ? `${regexps.escapeRegExp(formatBranchName(workspace))}` : 'root';
|
|
3692
|
+
const escMaybeNamespace = purlObj?.namespace ? `${regexps.escapeRegExp(formatBranchName(purlObj.namespace))}--` : '';
|
|
3693
|
+
const escFullName = purlObj ? `${escMaybeNamespace}${regexps.escapeRegExp(formatBranchName(purlObj.name))}` : '[^_]+';
|
|
3694
|
+
const escVersion = purlObj ? regexps.escapeRegExp(formatBranchName(purlObj.version)) : '[^_]+';
|
|
3695
|
+
const escNewVersion = newVersion ? regexps.escapeRegExp(formatBranchName(newVersion)) : '[^_]+';
|
|
3696
|
+
return new RegExp(`^socket/(${escType})_(${escWorkspace})_(${escFullName})_(${escVersion})_(${escNewVersion})$`);
|
|
3697
|
+
}
|
|
3698
|
+
function createSocketBranchParser(options) {
|
|
3699
|
+
const pattern = getSocketBranchPattern(options);
|
|
3700
|
+
return function parse(branch) {
|
|
3701
|
+
const match = pattern.exec(branch);
|
|
3702
|
+
if (!match) {
|
|
3703
|
+
return null;
|
|
3704
|
+
}
|
|
3705
|
+
const {
|
|
3706
|
+
0: type,
|
|
3707
|
+
1: workspace,
|
|
3708
|
+
2: fullName,
|
|
3709
|
+
3: version,
|
|
3710
|
+
4: newVersion
|
|
3711
|
+
} = match;
|
|
3712
|
+
return {
|
|
3713
|
+
newVersion,
|
|
3714
|
+
purl: utils.getPurlObject(`pkg:${type}/${fullName}@${version}`),
|
|
3715
|
+
workspace
|
|
3716
|
+
};
|
|
3717
|
+
};
|
|
3718
|
+
}
|
|
3719
|
+
function getSocketPullRequestTitle(purl, newVersion, workspace) {
|
|
3720
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3721
|
+
const fullName = utils.getPkgFullNameFromPurlObj(purlObj);
|
|
3722
|
+
return `Bump ${fullName} from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}`;
|
|
3723
|
+
}
|
|
3724
|
+
function getSocketPullRequestBody(purl, newVersion, workspace) {
|
|
3725
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3726
|
+
const fullName = utils.getPkgFullNameFromPurlObj(purlObj);
|
|
3727
|
+
const pkgOverviewUrl = utils.getSocketDevPackageOverviewUrlFromPurl(purlObj);
|
|
3728
|
+
return `Bump [${fullName}](${pkgOverviewUrl}) from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}.`;
|
|
3729
|
+
}
|
|
3730
|
+
function getSocketCommitMessage(purl, newVersion, workspace) {
|
|
3731
|
+
const purlObj = utils.getPurlObject(purl);
|
|
3732
|
+
const fullName = utils.getPkgFullNameFromPurlObj(purlObj);
|
|
3733
|
+
return `socket: Bump ${fullName} from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}`;
|
|
3708
3734
|
}
|
|
3709
3735
|
async function gitCleanFdx(cwd = process.cwd()) {
|
|
3710
3736
|
const stdioIgnoreOptions = {
|
|
@@ -3737,7 +3763,7 @@ async function gitCreateAndPushBranch(branch, commitMsg, filepaths, options) {
|
|
|
3737
3763
|
await spawn.spawn('git', ['push', '--force', '--set-upstream', 'origin', branch], stdioIgnoreOptions);
|
|
3738
3764
|
return true;
|
|
3739
3765
|
} catch (e) {
|
|
3740
|
-
debug.debugFn('
|
|
3766
|
+
debug.debugFn('catch: unexpected\n', e);
|
|
3741
3767
|
}
|
|
3742
3768
|
try {
|
|
3743
3769
|
// Will throw with exit code 1 if branch does not exist.
|
|
@@ -3767,7 +3793,7 @@ async function gitEnsureIdentity(name, email, cwd = process.cwd()) {
|
|
|
3767
3793
|
try {
|
|
3768
3794
|
await spawn.spawn('git', ['config', prop, value], stdioIgnoreOptions);
|
|
3769
3795
|
} catch (e) {
|
|
3770
|
-
debug.debugFn('
|
|
3796
|
+
debug.debugFn('catch: unexpected\n', e);
|
|
3771
3797
|
}
|
|
3772
3798
|
}
|
|
3773
3799
|
}));
|
|
@@ -3807,7 +3833,7 @@ async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
|
|
|
3807
3833
|
data: rawFiles.map(relPath => path$1.normalizePath(relPath))
|
|
3808
3834
|
};
|
|
3809
3835
|
} catch (e) {
|
|
3810
|
-
debug.debugFn('
|
|
3836
|
+
debug.debugFn('catch: git diff --name-only failed\n', e);
|
|
3811
3837
|
return {
|
|
3812
3838
|
ok: false,
|
|
3813
3839
|
message: 'Git Error',
|
|
@@ -3819,9 +3845,15 @@ async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
|
|
|
3819
3845
|
let _octokit;
|
|
3820
3846
|
function getOctokit() {
|
|
3821
3847
|
if (_octokit === undefined) {
|
|
3848
|
+
// Lazily access constants.ENV.SOCKET_CLI_GITHUB_TOKEN.
|
|
3849
|
+
const {
|
|
3850
|
+
SOCKET_CLI_GITHUB_TOKEN
|
|
3851
|
+
} = constants.ENV;
|
|
3852
|
+
if (!SOCKET_CLI_GITHUB_TOKEN) {
|
|
3853
|
+
debug.debugFn('miss: SOCKET_CLI_GITHUB_TOKEN env var');
|
|
3854
|
+
}
|
|
3822
3855
|
_octokit = new vendor.Octokit({
|
|
3823
|
-
|
|
3824
|
-
auth: constants.ENV.SOCKET_CLI_GITHUB_TOKEN
|
|
3856
|
+
auth: SOCKET_CLI_GITHUB_TOKEN
|
|
3825
3857
|
});
|
|
3826
3858
|
}
|
|
3827
3859
|
return _octokit;
|
|
@@ -3829,10 +3861,16 @@ function getOctokit() {
|
|
|
3829
3861
|
let _octokitGraphql;
|
|
3830
3862
|
function getOctokitGraphql() {
|
|
3831
3863
|
if (!_octokitGraphql) {
|
|
3864
|
+
// Lazily access constants.ENV.SOCKET_CLI_GITHUB_TOKEN.
|
|
3865
|
+
const {
|
|
3866
|
+
SOCKET_CLI_GITHUB_TOKEN
|
|
3867
|
+
} = constants.ENV;
|
|
3868
|
+
if (!SOCKET_CLI_GITHUB_TOKEN) {
|
|
3869
|
+
debug.debugFn('miss: SOCKET_CLI_GITHUB_TOKEN env var');
|
|
3870
|
+
}
|
|
3832
3871
|
_octokitGraphql = vendor.graphql2.defaults({
|
|
3833
3872
|
headers: {
|
|
3834
|
-
|
|
3835
|
-
authorization: `token ${constants.ENV.SOCKET_CLI_GITHUB_TOKEN}`
|
|
3873
|
+
authorization: `token ${SOCKET_CLI_GITHUB_TOKEN}`
|
|
3836
3874
|
}
|
|
3837
3875
|
});
|
|
3838
3876
|
}
|
|
@@ -3878,25 +3916,30 @@ async function writeCache(key, data) {
|
|
|
3878
3916
|
}
|
|
3879
3917
|
await fs$2.writeJson(cacheJsonPath, data);
|
|
3880
3918
|
}
|
|
3881
|
-
async function cleanupOpenPrs(owner, repo,
|
|
3919
|
+
async function cleanupOpenPrs(owner, repo, options) {
|
|
3882
3920
|
const contextualMatches = await getOpenSocketPrsWithContext(owner, repo, options);
|
|
3883
3921
|
if (!contextualMatches.length) {
|
|
3884
3922
|
return [];
|
|
3885
3923
|
}
|
|
3886
3924
|
const cachesToSave = new Map();
|
|
3925
|
+
const {
|
|
3926
|
+
newVersion
|
|
3927
|
+
} = {
|
|
3928
|
+
__proto__: null,
|
|
3929
|
+
...options
|
|
3930
|
+
};
|
|
3887
3931
|
const octokit = getOctokit();
|
|
3888
3932
|
const settledMatches = await Promise.allSettled(contextualMatches.map(async ({
|
|
3889
3933
|
context,
|
|
3890
3934
|
match
|
|
3891
3935
|
}) => {
|
|
3892
3936
|
const {
|
|
3937
|
+
newVersion: prToVersion,
|
|
3893
3938
|
number: prNum
|
|
3894
3939
|
} = match;
|
|
3895
3940
|
const prRef = `PR #${prNum}`;
|
|
3896
|
-
const prToVersionText = /(?<= to )\S+/.exec(match.title)?.[0];
|
|
3897
|
-
const prToVersion = vendor.semverExports.coerce(prToVersionText);
|
|
3898
3941
|
// Close older PRs.
|
|
3899
|
-
if (prToVersion && vendor.semverExports.lt(prToVersion, newVersion)) {
|
|
3942
|
+
if (prToVersion && newVersion && vendor.semverExports.lt(prToVersion, newVersion)) {
|
|
3900
3943
|
try {
|
|
3901
3944
|
await octokit.pulls.update({
|
|
3902
3945
|
owner,
|
|
@@ -3904,14 +3947,14 @@ async function cleanupOpenPrs(owner, repo, newVersion, options) {
|
|
|
3904
3947
|
pull_number: prNum,
|
|
3905
3948
|
state: 'closed'
|
|
3906
3949
|
});
|
|
3907
|
-
debug.debugFn(`
|
|
3950
|
+
debug.debugFn(`close: ${prRef} for ${prToVersion}`);
|
|
3908
3951
|
// Remove entry from parent object.
|
|
3909
3952
|
context.parent.splice(context.index, 1);
|
|
3910
3953
|
// Mark cache to be saved.
|
|
3911
3954
|
cachesToSave.set(context.cacheKey, context.data);
|
|
3912
3955
|
return null;
|
|
3913
3956
|
} catch (e) {
|
|
3914
|
-
debug.debugFn(`
|
|
3957
|
+
debug.debugFn(`fail: close ${prRef} for ${prToVersion}\n`, e?.message || 'unknown error');
|
|
3915
3958
|
}
|
|
3916
3959
|
}
|
|
3917
3960
|
// Update stale PRs.
|
|
@@ -3924,7 +3967,7 @@ async function cleanupOpenPrs(owner, repo, newVersion, options) {
|
|
|
3924
3967
|
base: match.headRefName,
|
|
3925
3968
|
head: match.baseRefName
|
|
3926
3969
|
});
|
|
3927
|
-
debug.debugFn(
|
|
3970
|
+
debug.debugFn('update: stale', prRef);
|
|
3928
3971
|
// Update entry entry.
|
|
3929
3972
|
if (context.apiType === 'graphql') {
|
|
3930
3973
|
context.entry.mergeStateStatus = 'CLEAN';
|
|
@@ -3935,7 +3978,7 @@ async function cleanupOpenPrs(owner, repo, newVersion, options) {
|
|
|
3935
3978
|
cachesToSave.set(context.cacheKey, context.data);
|
|
3936
3979
|
} catch (e) {
|
|
3937
3980
|
const message = e?.message || 'Unknown error';
|
|
3938
|
-
debug.debugFn(`
|
|
3981
|
+
debug.debugFn(`fail: update ${prRef} - ${message}`);
|
|
3939
3982
|
}
|
|
3940
3983
|
}
|
|
3941
3984
|
return match;
|
|
@@ -3990,9 +4033,15 @@ async function enablePrAutoMerge({
|
|
|
3990
4033
|
enabled: false
|
|
3991
4034
|
};
|
|
3992
4035
|
}
|
|
3993
|
-
function
|
|
4036
|
+
function getGithubEnvRepoInfo() {
|
|
3994
4037
|
// Lazily access constants.ENV.GITHUB_REPOSITORY.
|
|
3995
|
-
const
|
|
4038
|
+
const {
|
|
4039
|
+
GITHUB_REPOSITORY
|
|
4040
|
+
} = constants.ENV;
|
|
4041
|
+
if (!GITHUB_REPOSITORY) {
|
|
4042
|
+
debug.debugFn('miss: GITHUB_REPOSITORY env var');
|
|
4043
|
+
}
|
|
4044
|
+
const ownerSlashRepo = GITHUB_REPOSITORY;
|
|
3996
4045
|
const slashIndex = ownerSlashRepo.indexOf('/');
|
|
3997
4046
|
if (slashIndex === -1) {
|
|
3998
4047
|
return null;
|
|
@@ -4002,6 +4051,9 @@ function getGitHubEnvRepoInfo() {
|
|
|
4002
4051
|
repo: ownerSlashRepo.slice(slashIndex + 1)
|
|
4003
4052
|
};
|
|
4004
4053
|
}
|
|
4054
|
+
async function getOpenSocketPrs(owner, repo, options) {
|
|
4055
|
+
return (await getOpenSocketPrsWithContext(owner, repo, options)).map(d => d.match);
|
|
4056
|
+
}
|
|
4005
4057
|
async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
4006
4058
|
const options = {
|
|
4007
4059
|
__proto__: null,
|
|
@@ -4013,7 +4065,7 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4013
4065
|
const checkAuthor = strings.isNonEmptyString(author);
|
|
4014
4066
|
const octokit = getOctokit();
|
|
4015
4067
|
const octokitGraphql = getOctokitGraphql();
|
|
4016
|
-
const
|
|
4068
|
+
const prBranchParser = createSocketBranchParser(options);
|
|
4017
4069
|
const contextualMatches = [];
|
|
4018
4070
|
try {
|
|
4019
4071
|
// Optimistically fetch only the first 50 open PRs using GraphQL to minimize
|
|
@@ -4047,7 +4099,8 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4047
4099
|
const node = nodes[i];
|
|
4048
4100
|
const login = node.author?.login;
|
|
4049
4101
|
const matchesAuthor = checkAuthor ? login === author : true;
|
|
4050
|
-
|
|
4102
|
+
const matchesBranch = prBranchParser(node.headRefName);
|
|
4103
|
+
if (matchesAuthor && matchesBranch) {
|
|
4051
4104
|
contextualMatches.push({
|
|
4052
4105
|
context: {
|
|
4053
4106
|
apiType: 'graphql',
|
|
@@ -4059,6 +4112,7 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4059
4112
|
},
|
|
4060
4113
|
match: {
|
|
4061
4114
|
...node,
|
|
4115
|
+
...matchesBranch,
|
|
4062
4116
|
author: login ?? '<unknown>'
|
|
4063
4117
|
}
|
|
4064
4118
|
});
|
|
@@ -4089,7 +4143,8 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4089
4143
|
const pr = allOpenPrs[i];
|
|
4090
4144
|
const login = pr.user?.login;
|
|
4091
4145
|
const matchesAuthor = checkAuthor ? login === author : true;
|
|
4092
|
-
|
|
4146
|
+
const matchesBranch = prBranchParser(pr.head.ref);
|
|
4147
|
+
if (matchesAuthor && matchesBranch) {
|
|
4093
4148
|
contextualMatches.push({
|
|
4094
4149
|
context: {
|
|
4095
4150
|
apiType: 'rest',
|
|
@@ -4100,6 +4155,7 @@ async function getOpenSocketPrsWithContext(owner, repo, options_) {
|
|
|
4100
4155
|
parent: allOpenPrs
|
|
4101
4156
|
},
|
|
4102
4157
|
match: {
|
|
4158
|
+
...matchesBranch,
|
|
4103
4159
|
author: login ?? '<unknown>',
|
|
4104
4160
|
baseRefName: pr.base.ref,
|
|
4105
4161
|
headRefName: pr.head.ref,
|
|
@@ -4124,18 +4180,19 @@ async function openPr(owner, repo, branch, purl, newVersion, options) {
|
|
|
4124
4180
|
};
|
|
4125
4181
|
// Lazily access constants.ENV.GITHUB_ACTIONS.
|
|
4126
4182
|
if (!constants.ENV.GITHUB_ACTIONS) {
|
|
4127
|
-
debug.debugFn('
|
|
4183
|
+
debug.debugFn('miss: GITHUB_ACTIONS env var');
|
|
4128
4184
|
return null;
|
|
4129
4185
|
}
|
|
4186
|
+
const purlObj = utils.getPurlObject(purl);
|
|
4130
4187
|
const octokit = getOctokit();
|
|
4131
4188
|
try {
|
|
4132
4189
|
return await octokit.pulls.create({
|
|
4133
4190
|
owner,
|
|
4134
4191
|
repo,
|
|
4135
|
-
title: getSocketPullRequestTitle(
|
|
4192
|
+
title: getSocketPullRequestTitle(purlObj, newVersion, workspace),
|
|
4136
4193
|
head: branch,
|
|
4137
4194
|
base: baseBranch,
|
|
4138
|
-
body: getSocketPullRequestBody(
|
|
4195
|
+
body: getSocketPullRequestBody(purlObj, newVersion, workspace)
|
|
4139
4196
|
});
|
|
4140
4197
|
} catch (e) {
|
|
4141
4198
|
let message = `Failed to open pull request`;
|
|
@@ -4164,7 +4221,7 @@ async function prExistForBranch(owner, repo, branch) {
|
|
|
4164
4221
|
} catch {}
|
|
4165
4222
|
return false;
|
|
4166
4223
|
}
|
|
4167
|
-
async function
|
|
4224
|
+
async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()) {
|
|
4168
4225
|
const stdioIgnoreOptions = {
|
|
4169
4226
|
cwd,
|
|
4170
4227
|
stdio: 'ignore'
|
|
@@ -4173,7 +4230,7 @@ async function setGitRemoteGitHubRepoUrl(owner, repo, token, cwd = process.cwd()
|
|
|
4173
4230
|
try {
|
|
4174
4231
|
await spawn.spawn('git', ['remote', 'set-url', 'origin', url], stdioIgnoreOptions);
|
|
4175
4232
|
} catch (e) {
|
|
4176
|
-
debug.debugFn('
|
|
4233
|
+
debug.debugFn('catch: unexpected\n', e);
|
|
4177
4234
|
}
|
|
4178
4235
|
}
|
|
4179
4236
|
|
|
@@ -4228,10 +4285,26 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4228
4285
|
const {
|
|
4229
4286
|
spinner
|
|
4230
4287
|
} = constants;
|
|
4231
|
-
spinner?.start();
|
|
4232
4288
|
const {
|
|
4233
4289
|
pkgPath: rootPath
|
|
4234
4290
|
} = pkgEnvDetails;
|
|
4291
|
+
|
|
4292
|
+
// Lazily access constants.ENV properties.
|
|
4293
|
+
const gitEmail = constants.ENV.SOCKET_CLI_GIT_USER_EMAIL;
|
|
4294
|
+
const gitUser = constants.ENV.SOCKET_CLI_GIT_USER_NAME;
|
|
4295
|
+
const githubToken = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
|
|
4296
|
+
const isCi = !!(constants.ENV.CI && constants.ENV.GITHUB_ACTIONS && constants.ENV.GITHUB_REPOSITORY && gitEmail && gitUser && githubToken);
|
|
4297
|
+
const repoInfo = isCi ? getGithubEnvRepoInfo() : null;
|
|
4298
|
+
spinner?.start();
|
|
4299
|
+
const openPrs =
|
|
4300
|
+
// Check repoInfo to make TypeScript happy.
|
|
4301
|
+
isCi && repoInfo ? await getOpenSocketPrs(repoInfo.owner, repoInfo.repo, {
|
|
4302
|
+
author: gitUser
|
|
4303
|
+
}) : [];
|
|
4304
|
+
if (openPrs.length) {
|
|
4305
|
+
debug.debugFn(`found: ${openPrs.length} open PRs`);
|
|
4306
|
+
}
|
|
4307
|
+
let count = isCi ? openPrs.length : 0;
|
|
4235
4308
|
const arb = new shadowInject.Arborist({
|
|
4236
4309
|
path: rootPath,
|
|
4237
4310
|
...shadowInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
|
|
@@ -4242,14 +4315,13 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4242
4315
|
let alertsMap;
|
|
4243
4316
|
try {
|
|
4244
4317
|
alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertsMapOptions({
|
|
4245
|
-
limit
|
|
4318
|
+
limit: limit + openPrs.length
|
|
4246
4319
|
})) : await shadowInject.getAlertsMapFromArborist(arb, getAlertsMapOptions({
|
|
4247
|
-
limit
|
|
4320
|
+
limit: limit + openPrs.length
|
|
4248
4321
|
}));
|
|
4249
4322
|
} catch (e) {
|
|
4250
4323
|
spinner?.stop();
|
|
4251
|
-
debug.debugFn('
|
|
4252
|
-
debug.debugFn(e);
|
|
4324
|
+
debug.debugFn('catch: PURL API\n', e);
|
|
4253
4325
|
return {
|
|
4254
4326
|
ok: false,
|
|
4255
4327
|
message: 'API Error',
|
|
@@ -4257,7 +4329,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4257
4329
|
};
|
|
4258
4330
|
}
|
|
4259
4331
|
const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
|
|
4260
|
-
limit
|
|
4332
|
+
limit: limit + openPrs.length
|
|
4261
4333
|
});
|
|
4262
4334
|
if (!infoByPkgName) {
|
|
4263
4335
|
spinner?.stop();
|
|
@@ -4269,17 +4341,14 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4269
4341
|
}
|
|
4270
4342
|
};
|
|
4271
4343
|
}
|
|
4272
|
-
|
|
4273
|
-
// Lazily access constants.ENV properties.
|
|
4274
|
-
const token = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
|
|
4275
|
-
const isCi = !!(constants.ENV.CI && constants.ENV.GITHUB_ACTIONS && constants.ENV.GITHUB_REPOSITORY && token);
|
|
4276
4344
|
const baseBranch = isCi ? getBaseGitBranch() : '';
|
|
4277
4345
|
const workspacePkgJsonPaths = await utils.globWorkspace(pkgEnvDetails.agent, rootPath);
|
|
4278
4346
|
const pkgJsonPaths = [...workspacePkgJsonPaths,
|
|
4279
4347
|
// Process the workspace root last since it will add an override to package.json.
|
|
4280
4348
|
pkgEnvDetails.editablePkgJson.filename];
|
|
4349
|
+
const sortedInfoEntries = [...infoByPkgName.entries()].sort((a, b) => sorts.naturalCompare(a[0], b[0]));
|
|
4281
4350
|
const handleInstallFail = () => {
|
|
4282
|
-
debug.debugFn(`
|
|
4351
|
+
debug.debugFn(`fail: ${pkgEnvDetails.agent} install\n`);
|
|
4283
4352
|
logger.logger.dedent();
|
|
4284
4353
|
spinner?.dedent();
|
|
4285
4354
|
return {
|
|
@@ -4289,21 +4358,24 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4289
4358
|
};
|
|
4290
4359
|
};
|
|
4291
4360
|
spinner?.stop();
|
|
4292
|
-
let count = 0;
|
|
4293
|
-
const sortedInfoEntries = [...infoByPkgName.entries()].sort((a, b) => sorts.naturalCompare(a[0], b[0]));
|
|
4294
4361
|
infoEntriesLoop: for (let i = 0, {
|
|
4295
4362
|
length
|
|
4296
4363
|
} = sortedInfoEntries; i < length; i += 1) {
|
|
4297
4364
|
const isLastInfoEntry = i === length - 1;
|
|
4365
|
+
const infoEntry = sortedInfoEntries[i];
|
|
4298
4366
|
const {
|
|
4299
|
-
0: name
|
|
4300
|
-
|
|
4301
|
-
|
|
4367
|
+
0: name
|
|
4368
|
+
} = infoEntry;
|
|
4369
|
+
const openPrsForPkg = openPrs.filter(pr => name === packages.resolvePackageName(pr.purl));
|
|
4370
|
+
const infos = [...infoEntry[1].values()].filter(info => !openPrsForPkg.find(pr => pr.newVersion === info.firstPatchedVersionIdentifier));
|
|
4371
|
+
if (!infos.length) {
|
|
4372
|
+
continue infoEntriesLoop;
|
|
4373
|
+
}
|
|
4302
4374
|
logger.logger.log(`Processing vulns for ${name}:`);
|
|
4303
4375
|
logger.logger.indent();
|
|
4304
4376
|
spinner?.indent();
|
|
4305
4377
|
if (registry.getManifestData(NPM$a, name)) {
|
|
4306
|
-
debug.debugFn(`Socket Optimize
|
|
4378
|
+
debug.debugFn(`found: Socket Optimize variant for ${name}`);
|
|
4307
4379
|
}
|
|
4308
4380
|
// eslint-disable-next-line no-await-in-loop
|
|
4309
4381
|
const packument = await packages.fetchPackagePackument(name);
|
|
@@ -4327,7 +4399,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4327
4399
|
const workspace = isWorkspaceRoot ? 'root' : path.relative(rootPath, pkgPath);
|
|
4328
4400
|
const oldVersions = arrays.arrayUnique(shadowInject.findPackageNodes(actualTree, name).map(n => n.target?.version ?? n.version).filter(Boolean));
|
|
4329
4401
|
if (!oldVersions.length) {
|
|
4330
|
-
debug.debugFn(
|
|
4402
|
+
debug.debugFn(`skip: ${name} not found\n`);
|
|
4331
4403
|
// Skip to next package.
|
|
4332
4404
|
logger.logger.dedent();
|
|
4333
4405
|
spinner?.dedent();
|
|
@@ -4343,7 +4415,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4343
4415
|
let hasAnnouncedWorkspace = false;
|
|
4344
4416
|
let workspaceLogCallCount = logger.logger.logCallCount;
|
|
4345
4417
|
if (debug.isDebug()) {
|
|
4346
|
-
debug.debugFn(`
|
|
4418
|
+
debug.debugFn(`check: workspace ${workspace}`);
|
|
4347
4419
|
hasAnnouncedWorkspace = true;
|
|
4348
4420
|
workspaceLogCallCount = logger.logger.logCallCount;
|
|
4349
4421
|
}
|
|
@@ -4352,7 +4424,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4352
4424
|
const oldPurl = utils.idToPurl(oldId);
|
|
4353
4425
|
const node = shadowInject.findPackageNode(actualTree, name, oldVersion);
|
|
4354
4426
|
if (!node) {
|
|
4355
|
-
debug.debugFn(
|
|
4427
|
+
debug.debugFn(`skip: ${oldId} not found`);
|
|
4356
4428
|
continue oldVersionsLoop;
|
|
4357
4429
|
}
|
|
4358
4430
|
infosLoop: for (const {
|
|
@@ -4360,7 +4432,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4360
4432
|
vulnerableVersionRange
|
|
4361
4433
|
} of infos.values()) {
|
|
4362
4434
|
if (vendor.semverExports.gte(oldVersion, firstPatchedVersionIdentifier)) {
|
|
4363
|
-
debug.debugFn(
|
|
4435
|
+
debug.debugFn(`skip: ${oldId} is >= ${firstPatchedVersionIdentifier}`);
|
|
4364
4436
|
continue infosLoop;
|
|
4365
4437
|
}
|
|
4366
4438
|
const newVersion = shadowInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
|
|
@@ -4396,7 +4468,7 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4396
4468
|
if (!(await editablePkgJson.save({
|
|
4397
4469
|
ignoreWhitespace: true
|
|
4398
4470
|
}))) {
|
|
4399
|
-
debug.debugFn(
|
|
4471
|
+
debug.debugFn(`skip: ${workspace}/package.json unchanged`);
|
|
4400
4472
|
// Reset things just in case.
|
|
4401
4473
|
if (isCi) {
|
|
4402
4474
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4436,7 +4508,9 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4436
4508
|
error = e;
|
|
4437
4509
|
}
|
|
4438
4510
|
spinner?.stop();
|
|
4439
|
-
|
|
4511
|
+
|
|
4512
|
+
// Check repoInfo to make TypeScript happy.
|
|
4513
|
+
if (!errored && isCi && repoInfo) {
|
|
4440
4514
|
try {
|
|
4441
4515
|
// eslint-disable-next-line no-await-in-loop
|
|
4442
4516
|
const result = await gitUnstagedModifiedFiles(cwd);
|
|
@@ -4454,23 +4528,24 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4454
4528
|
logger.logger.warn('Unexpected condition: Nothing to commit, skipping PR creation.');
|
|
4455
4529
|
continue infosLoop;
|
|
4456
4530
|
}
|
|
4457
|
-
const repoInfo = getGitHubEnvRepoInfo();
|
|
4458
4531
|
const branch = getSocketBranchName(oldPurl, newVersion, workspace);
|
|
4459
4532
|
let skipPr = false;
|
|
4460
4533
|
if (
|
|
4461
4534
|
// eslint-disable-next-line no-await-in-loop
|
|
4462
4535
|
await prExistForBranch(repoInfo.owner, repoInfo.repo, branch)) {
|
|
4463
4536
|
skipPr = true;
|
|
4464
|
-
debug.debugFn(`
|
|
4537
|
+
debug.debugFn(`skip: branch "${branch}" exists`);
|
|
4465
4538
|
}
|
|
4466
4539
|
// eslint-disable-next-line no-await-in-loop
|
|
4467
4540
|
else if (await gitRemoteBranchExists(branch, cwd)) {
|
|
4468
4541
|
skipPr = true;
|
|
4469
|
-
debug.debugFn(`
|
|
4542
|
+
debug.debugFn(`skip: remote branch "${branch}" exists`);
|
|
4470
4543
|
} else if (
|
|
4471
4544
|
// eslint-disable-next-line no-await-in-loop
|
|
4472
4545
|
!(await gitCreateAndPushBranch(branch, getSocketCommitMessage(oldPurl, newVersion, workspace), moddedFilepaths, {
|
|
4473
|
-
cwd
|
|
4546
|
+
cwd,
|
|
4547
|
+
email: gitEmail,
|
|
4548
|
+
user: gitUser
|
|
4474
4549
|
}))) {
|
|
4475
4550
|
skipPr = true;
|
|
4476
4551
|
logger.logger.warn('Unexpected condition: Push failed, skipping PR creation.');
|
|
@@ -4491,7 +4566,8 @@ async function npmFix(pkgEnvDetails, {
|
|
|
4491
4566
|
}
|
|
4492
4567
|
|
|
4493
4568
|
// eslint-disable-next-line no-await-in-loop
|
|
4494
|
-
await Promise.allSettled([
|
|
4569
|
+
await Promise.allSettled([setGitRemoteGithubRepoUrl(repoInfo.owner, repoInfo.repo, githubToken, cwd), cleanupOpenPrs(repoInfo.owner, repoInfo.repo, {
|
|
4570
|
+
newVersion,
|
|
4495
4571
|
purl: oldPurl,
|
|
4496
4572
|
workspace
|
|
4497
4573
|
})]);
|
|
@@ -4652,7 +4728,23 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4652
4728
|
const {
|
|
4653
4729
|
pkgPath: rootPath
|
|
4654
4730
|
} = pkgEnvDetails;
|
|
4731
|
+
|
|
4732
|
+
// Lazily access constants.ENV properties.
|
|
4733
|
+
const gitEmail = constants.ENV.SOCKET_CLI_GIT_USER_EMAIL;
|
|
4734
|
+
const gitUser = constants.ENV.SOCKET_CLI_GIT_USER_NAME;
|
|
4735
|
+
const githubToken = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
|
|
4736
|
+
const isCi = !!(constants.ENV.CI && constants.ENV.GITHUB_ACTIONS && constants.ENV.GITHUB_REPOSITORY && gitEmail && gitUser && githubToken);
|
|
4737
|
+
const repoInfo = isCi ? getGithubEnvRepoInfo() : null;
|
|
4655
4738
|
spinner?.start();
|
|
4739
|
+
const openPrs =
|
|
4740
|
+
// Check repoInfo to make TypeScript happy.
|
|
4741
|
+
isCi && repoInfo ? await getOpenSocketPrs(repoInfo.owner, repoInfo.repo, {
|
|
4742
|
+
author: gitUser
|
|
4743
|
+
}) : [];
|
|
4744
|
+
if (openPrs.length) {
|
|
4745
|
+
debug.debugFn(`found: ${openPrs.length} open PRs`);
|
|
4746
|
+
}
|
|
4747
|
+
let count = isCi ? openPrs.length : 0;
|
|
4656
4748
|
let actualTree;
|
|
4657
4749
|
const lockfilePath = path.join(rootPath, 'pnpm-lock.yaml');
|
|
4658
4750
|
let lockfileContent = await utils.readPnpmLockfile(lockfilePath);
|
|
@@ -4701,14 +4793,13 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4701
4793
|
let alertsMap;
|
|
4702
4794
|
try {
|
|
4703
4795
|
alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertsMapOptions({
|
|
4704
|
-
limit
|
|
4796
|
+
limit: limit + openPrs.length
|
|
4705
4797
|
})) : await utils.getAlertsMapFromPnpmLockfile(lockfile, getAlertsMapOptions({
|
|
4706
|
-
limit
|
|
4798
|
+
limit: limit + openPrs.length
|
|
4707
4799
|
}));
|
|
4708
4800
|
} catch (e) {
|
|
4709
4801
|
spinner?.stop();
|
|
4710
|
-
debug.debugFn('
|
|
4711
|
-
debug.debugFn(e);
|
|
4802
|
+
debug.debugFn('catch: PURL API\n', e);
|
|
4712
4803
|
return {
|
|
4713
4804
|
ok: false,
|
|
4714
4805
|
message: 'API Error',
|
|
@@ -4716,7 +4807,7 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4716
4807
|
};
|
|
4717
4808
|
}
|
|
4718
4809
|
const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
|
|
4719
|
-
limit
|
|
4810
|
+
limit: limit + openPrs.length
|
|
4720
4811
|
});
|
|
4721
4812
|
if (!infoByPkgName) {
|
|
4722
4813
|
spinner?.stop();
|
|
@@ -4728,15 +4819,12 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4728
4819
|
}
|
|
4729
4820
|
};
|
|
4730
4821
|
}
|
|
4731
|
-
|
|
4732
|
-
// Lazily access constants.ENV properties.
|
|
4733
|
-
const token = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
|
|
4734
|
-
const isCi = !!(constants.ENV.CI && constants.ENV.GITHUB_ACTIONS && constants.ENV.GITHUB_REPOSITORY && token);
|
|
4735
4822
|
const baseBranch = isCi ? getBaseGitBranch() : '';
|
|
4736
4823
|
const workspacePkgJsonPaths = await utils.globWorkspace(pkgEnvDetails.agent, rootPath);
|
|
4737
4824
|
const pkgJsonPaths = [...workspacePkgJsonPaths,
|
|
4738
4825
|
// Process the workspace root last since it will add an override to package.json.
|
|
4739
4826
|
pkgEnvDetails.editablePkgJson.filename];
|
|
4827
|
+
const sortedInfoEntries = [...infoByPkgName.entries()].sort((a, b) => sorts.naturalCompare(a[0], b[0]));
|
|
4740
4828
|
const handleInstallFail = () => {
|
|
4741
4829
|
logger.logger.dedent();
|
|
4742
4830
|
spinner?.dedent();
|
|
@@ -4747,21 +4835,24 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4747
4835
|
};
|
|
4748
4836
|
};
|
|
4749
4837
|
spinner?.stop();
|
|
4750
|
-
let count = 0;
|
|
4751
|
-
const sortedInfoEntries = [...infoByPkgName.entries()].sort((a, b) => sorts.naturalCompare(a[0], b[0]));
|
|
4752
4838
|
infoEntriesLoop: for (let i = 0, {
|
|
4753
4839
|
length
|
|
4754
4840
|
} = sortedInfoEntries; i < length; i += 1) {
|
|
4755
4841
|
const isLastInfoEntry = i === length - 1;
|
|
4842
|
+
const infoEntry = sortedInfoEntries[i];
|
|
4756
4843
|
const {
|
|
4757
|
-
0: name
|
|
4758
|
-
|
|
4759
|
-
|
|
4844
|
+
0: name
|
|
4845
|
+
} = infoEntry;
|
|
4846
|
+
const openPrsForPkg = openPrs.filter(pr => name === packages.resolvePackageName(pr.purl));
|
|
4847
|
+
const infos = [...infoEntry[1].values()].filter(info => !openPrsForPkg.find(pr => pr.newVersion === info.firstPatchedVersionIdentifier));
|
|
4848
|
+
if (!infos.length) {
|
|
4849
|
+
continue infoEntriesLoop;
|
|
4850
|
+
}
|
|
4760
4851
|
logger.logger.log(`Processing vulns for ${name}:`);
|
|
4761
4852
|
logger.logger.indent();
|
|
4762
4853
|
spinner?.indent();
|
|
4763
4854
|
if (registry.getManifestData(NPM$9, name)) {
|
|
4764
|
-
debug.debugFn(`Socket Optimize
|
|
4855
|
+
debug.debugFn(`found: Socket Optimize variant for ${name}`);
|
|
4765
4856
|
}
|
|
4766
4857
|
// eslint-disable-next-line no-await-in-loop
|
|
4767
4858
|
const packument = await packages.fetchPackagePackument(name);
|
|
@@ -4786,6 +4877,10 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4786
4877
|
|
|
4787
4878
|
// actualTree may not be defined on the first iteration of pkgJsonPathsLoop.
|
|
4788
4879
|
if (!actualTree) {
|
|
4880
|
+
if (!isCi) {
|
|
4881
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4882
|
+
await utils.removeNodeModules(cwd);
|
|
4883
|
+
}
|
|
4789
4884
|
const maybeActualTree = isCi && fs$1.existsSync(path.join(rootPath, 'node_modules')) ?
|
|
4790
4885
|
// eslint-disable-next-line no-await-in-loop
|
|
4791
4886
|
await getActualTree(cwd) :
|
|
@@ -4808,7 +4903,7 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4808
4903
|
}
|
|
4809
4904
|
const oldVersions = arrays.arrayUnique(shadowInject.findPackageNodes(actualTree, name).map(n => n.version).filter(Boolean));
|
|
4810
4905
|
if (!oldVersions.length) {
|
|
4811
|
-
debug.debugFn(
|
|
4906
|
+
debug.debugFn(`skip: ${name} not found\n`);
|
|
4812
4907
|
// Skip to next package.
|
|
4813
4908
|
logger.logger.dedent();
|
|
4814
4909
|
spinner?.dedent();
|
|
@@ -4827,7 +4922,7 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4827
4922
|
let hasAnnouncedWorkspace = false;
|
|
4828
4923
|
let workspaceLogCallCount = logger.logger.logCallCount;
|
|
4829
4924
|
if (debug.isDebug()) {
|
|
4830
|
-
debug.debugFn(`
|
|
4925
|
+
debug.debugFn(`check: workspace ${workspace}`);
|
|
4831
4926
|
hasAnnouncedWorkspace = true;
|
|
4832
4927
|
workspaceLogCallCount = logger.logger.logCallCount;
|
|
4833
4928
|
}
|
|
@@ -4836,7 +4931,7 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4836
4931
|
const oldPurl = utils.idToPurl(oldId);
|
|
4837
4932
|
const node = shadowInject.findPackageNode(actualTree, name, oldVersion);
|
|
4838
4933
|
if (!node) {
|
|
4839
|
-
debug.debugFn(
|
|
4934
|
+
debug.debugFn(`skip: ${oldId} not found`);
|
|
4840
4935
|
continue oldVersionsLoop;
|
|
4841
4936
|
}
|
|
4842
4937
|
infosLoop: for (const {
|
|
@@ -4844,7 +4939,7 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4844
4939
|
vulnerableVersionRange
|
|
4845
4940
|
} of infos.values()) {
|
|
4846
4941
|
if (vendor.semverExports.gte(oldVersion, firstPatchedVersionIdentifier)) {
|
|
4847
|
-
debug.debugFn(
|
|
4942
|
+
debug.debugFn(`skip: ${oldId} is >= ${firstPatchedVersionIdentifier}`);
|
|
4848
4943
|
continue infosLoop;
|
|
4849
4944
|
}
|
|
4850
4945
|
const newVersion = shadowInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
|
|
@@ -4902,7 +4997,7 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4902
4997
|
if (!(await editablePkgJson.save({
|
|
4903
4998
|
ignoreWhitespace: true
|
|
4904
4999
|
}))) {
|
|
4905
|
-
debug.debugFn(
|
|
5000
|
+
debug.debugFn(`skip: ${workspace}/package.json unchanged`);
|
|
4906
5001
|
// Reset things just in case.
|
|
4907
5002
|
if (isCi) {
|
|
4908
5003
|
// eslint-disable-next-line no-await-in-loop
|
|
@@ -4961,7 +5056,9 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4961
5056
|
errored = true;
|
|
4962
5057
|
}
|
|
4963
5058
|
spinner?.stop();
|
|
4964
|
-
|
|
5059
|
+
|
|
5060
|
+
// Check repoInfo to make TypeScript happy.
|
|
5061
|
+
if (!errored && isCi && repoInfo) {
|
|
4965
5062
|
try {
|
|
4966
5063
|
// eslint-disable-next-line no-await-in-loop
|
|
4967
5064
|
const result = await gitUnstagedModifiedFiles(cwd);
|
|
@@ -4977,23 +5074,24 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
4977
5074
|
logger.logger.warn('Unexpected condition: Nothing to commit, skipping PR creation.');
|
|
4978
5075
|
continue infosLoop;
|
|
4979
5076
|
}
|
|
4980
|
-
const repoInfo = getGitHubEnvRepoInfo();
|
|
4981
5077
|
const branch = getSocketBranchName(oldPurl, newVersion, workspace);
|
|
4982
5078
|
let skipPr = false;
|
|
4983
5079
|
if (
|
|
4984
5080
|
// eslint-disable-next-line no-await-in-loop
|
|
4985
5081
|
await prExistForBranch(repoInfo.owner, repoInfo.repo, branch)) {
|
|
4986
5082
|
skipPr = true;
|
|
4987
|
-
debug.debugFn(`
|
|
5083
|
+
debug.debugFn(`skip: branch "${branch}" exists`);
|
|
4988
5084
|
}
|
|
4989
5085
|
// eslint-disable-next-line no-await-in-loop
|
|
4990
5086
|
else if (await gitRemoteBranchExists(branch, cwd)) {
|
|
4991
5087
|
skipPr = true;
|
|
4992
|
-
debug.debugFn(`
|
|
5088
|
+
debug.debugFn(`skip: remote branch "${branch}" exists`);
|
|
4993
5089
|
} else if (
|
|
4994
5090
|
// eslint-disable-next-line no-await-in-loop
|
|
4995
5091
|
!(await gitCreateAndPushBranch(branch, getSocketCommitMessage(oldPurl, newVersion, workspace), moddedFilepaths, {
|
|
4996
|
-
cwd
|
|
5092
|
+
cwd,
|
|
5093
|
+
email: gitEmail,
|
|
5094
|
+
user: gitUser
|
|
4997
5095
|
}))) {
|
|
4998
5096
|
skipPr = true;
|
|
4999
5097
|
logger.logger.warn('Unexpected condition: Push failed, skipping PR creation.');
|
|
@@ -5019,7 +5117,8 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
5019
5117
|
}
|
|
5020
5118
|
|
|
5021
5119
|
// eslint-disable-next-line no-await-in-loop
|
|
5022
|
-
await Promise.allSettled([
|
|
5120
|
+
await Promise.allSettled([setGitRemoteGithubRepoUrl(repoInfo.owner, repoInfo.repo, githubToken, cwd), cleanupOpenPrs(repoInfo.owner, repoInfo.repo, {
|
|
5121
|
+
newVersion,
|
|
5023
5122
|
purl: oldPurl,
|
|
5024
5123
|
workspace
|
|
5025
5124
|
})]);
|
|
@@ -5130,12 +5229,14 @@ async function pnpmFix(pkgEnvDetails, {
|
|
|
5130
5229
|
spinner?.dedent();
|
|
5131
5230
|
}
|
|
5132
5231
|
spinner?.stop();
|
|
5232
|
+
|
|
5233
|
+
// Or, did we change anything?
|
|
5133
5234
|
return {
|
|
5134
5235
|
ok: true,
|
|
5135
5236
|
data: {
|
|
5136
5237
|
fixed: true
|
|
5137
5238
|
}
|
|
5138
|
-
};
|
|
5239
|
+
};
|
|
5139
5240
|
}
|
|
5140
5241
|
|
|
5141
5242
|
const {
|
|
@@ -5634,9 +5735,9 @@ async function setupTabCompletion(targetName) {
|
|
|
5634
5735
|
|
|
5635
5736
|
// Target dir is something like ~/.local/share/socket/settings/completion (linux)
|
|
5636
5737
|
const targetDir = path.dirname(targetPath);
|
|
5637
|
-
debug.debugFn('
|
|
5738
|
+
debug.debugFn('target: path + dir', targetPath, targetDir);
|
|
5638
5739
|
if (!fs$1.existsSync(targetDir)) {
|
|
5639
|
-
debug.debugFn('
|
|
5740
|
+
debug.debugFn('create: target dir');
|
|
5640
5741
|
fs$1.mkdirSync(targetDir, {
|
|
5641
5742
|
recursive: true
|
|
5642
5743
|
});
|
|
@@ -8016,7 +8117,7 @@ async function updateLockfile(pkgEnvDetails, options) {
|
|
|
8016
8117
|
}
|
|
8017
8118
|
} catch (e) {
|
|
8018
8119
|
spinner?.stop();
|
|
8019
|
-
debug.debugFn(e);
|
|
8120
|
+
debug.debugFn('fail: update\n', e);
|
|
8020
8121
|
return {
|
|
8021
8122
|
ok: false,
|
|
8022
8123
|
message: 'Update failed',
|
|
@@ -9859,7 +9960,7 @@ async function fetchListAllRepos({
|
|
|
9859
9960
|
page: String(nextPage)
|
|
9860
9961
|
}), 'list of repositories');
|
|
9861
9962
|
if (!result.ok) {
|
|
9862
|
-
debug.debugFn('
|
|
9963
|
+
debug.debugFn('fail: fetch repo\n', result);
|
|
9863
9964
|
return result;
|
|
9864
9965
|
}
|
|
9865
9966
|
result.data.results.forEach(row => rows.push(row));
|
|
@@ -11297,7 +11398,7 @@ async function createScanFromGithub({
|
|
|
11297
11398
|
scansCreated += 1;
|
|
11298
11399
|
}
|
|
11299
11400
|
}
|
|
11300
|
-
logger.logger.success(targetRepos.length, '
|
|
11401
|
+
logger.logger.success(targetRepos.length, 'GitHub repos detected');
|
|
11301
11402
|
logger.logger.success(scansCreated, 'with supported Manifest files');
|
|
11302
11403
|
return {
|
|
11303
11404
|
ok: true,
|
|
@@ -11346,11 +11447,11 @@ async function scanOneRepo(repoSlug, {
|
|
|
11346
11447
|
} = repoResult.data;
|
|
11347
11448
|
logger.logger.info(`Default branch: \`${defaultBranch}\``);
|
|
11348
11449
|
const treeResult = await getRepoBranchTree({
|
|
11450
|
+
defaultBranch,
|
|
11451
|
+
githubToken,
|
|
11349
11452
|
orgGithub,
|
|
11350
11453
|
repoSlug,
|
|
11351
|
-
repoApiUrl
|
|
11352
|
-
defaultBranch,
|
|
11353
|
-
githubToken
|
|
11454
|
+
repoApiUrl
|
|
11354
11455
|
});
|
|
11355
11456
|
if (!treeResult.ok) {
|
|
11356
11457
|
return treeResult;
|
|
@@ -11366,7 +11467,7 @@ async function scanOneRepo(repoSlug, {
|
|
|
11366
11467
|
};
|
|
11367
11468
|
}
|
|
11368
11469
|
const tmpDir = fs$1.mkdtempSync(path.join(os.tmpdir(), repoSlug));
|
|
11369
|
-
debug.debugFn('
|
|
11470
|
+
debug.debugFn('init: temp dir for scan root', tmpDir);
|
|
11370
11471
|
const downloadResult = await testAndDownloadManifestFiles({
|
|
11371
11472
|
files,
|
|
11372
11473
|
tmpDir,
|
|
@@ -11479,7 +11580,7 @@ async function testAndDownloadManifestFile({
|
|
|
11479
11580
|
repoApiUrl,
|
|
11480
11581
|
tmpDir
|
|
11481
11582
|
}) {
|
|
11482
|
-
debug.debugFn('
|
|
11583
|
+
debug.debugFn('test: file', file);
|
|
11483
11584
|
if (!SUPPORTED_FILE_PATTERNS.some(regex => regex.test(file))) {
|
|
11484
11585
|
// Not an error.
|
|
11485
11586
|
return {
|
|
@@ -11489,7 +11590,7 @@ async function testAndDownloadManifestFile({
|
|
|
11489
11590
|
}
|
|
11490
11591
|
};
|
|
11491
11592
|
}
|
|
11492
|
-
debug.
|
|
11593
|
+
debug.debugFn('found: manifest file', file);
|
|
11493
11594
|
const result = await downloadManifestFile({
|
|
11494
11595
|
file,
|
|
11495
11596
|
tmpDir,
|
|
@@ -11497,15 +11598,12 @@ async function testAndDownloadManifestFile({
|
|
|
11497
11598
|
repoApiUrl,
|
|
11498
11599
|
githubToken
|
|
11499
11600
|
});
|
|
11500
|
-
|
|
11501
|
-
return result;
|
|
11502
|
-
}
|
|
11503
|
-
return {
|
|
11601
|
+
return result.ok ? {
|
|
11504
11602
|
ok: true,
|
|
11505
11603
|
data: {
|
|
11506
11604
|
isManifest: true
|
|
11507
11605
|
}
|
|
11508
|
-
};
|
|
11606
|
+
} : result;
|
|
11509
11607
|
}
|
|
11510
11608
|
async function downloadManifestFile({
|
|
11511
11609
|
defaultBranch,
|
|
@@ -11514,44 +11612,40 @@ async function downloadManifestFile({
|
|
|
11514
11612
|
repoApiUrl,
|
|
11515
11613
|
tmpDir
|
|
11516
11614
|
}) {
|
|
11517
|
-
debug.
|
|
11615
|
+
debug.debugFn('request: download url from GitHub');
|
|
11518
11616
|
const fileUrl = `${repoApiUrl}/contents/${file}?ref=${defaultBranch}`;
|
|
11519
|
-
debug.debugFn('
|
|
11617
|
+
debug.debugFn('url: file', fileUrl);
|
|
11520
11618
|
const downloadUrlResponse = await fetch(fileUrl, {
|
|
11521
11619
|
method: 'GET',
|
|
11522
11620
|
headers: {
|
|
11523
11621
|
Authorization: `Bearer ${githubToken}`
|
|
11524
11622
|
}
|
|
11525
11623
|
});
|
|
11526
|
-
debug.
|
|
11624
|
+
debug.debugFn('complete: request');
|
|
11527
11625
|
const downloadUrlText = await downloadUrlResponse.text();
|
|
11528
|
-
debug.debugFn('
|
|
11626
|
+
debug.debugFn('response: raw download url', downloadUrlText);
|
|
11529
11627
|
let downloadUrl;
|
|
11530
11628
|
try {
|
|
11531
11629
|
downloadUrl = JSON.parse(downloadUrlText).download_url;
|
|
11532
11630
|
} catch {
|
|
11533
11631
|
logger.logger.fail(`GitHub response contained invalid JSON for download url for: ${file}`);
|
|
11534
|
-
debug.debugLog(`[DEBUG] The not-json-content:`);
|
|
11535
|
-
debug.debugLog(downloadUrlText);
|
|
11536
11632
|
return {
|
|
11537
11633
|
ok: false,
|
|
11538
11634
|
message: 'Invalid JSON response',
|
|
11539
11635
|
cause: `Server responded with invalid JSON for download url ${downloadUrl}`
|
|
11540
11636
|
};
|
|
11541
11637
|
}
|
|
11542
|
-
debug.debugLog(`[DEBUG] Downloading manifest file...`);
|
|
11543
11638
|
const localPath = path.join(tmpDir, file);
|
|
11544
|
-
debug.debugFn('
|
|
11639
|
+
debug.debugFn('download: manifest file started', downloadUrl, '->', localPath);
|
|
11545
11640
|
|
|
11546
11641
|
// Now stream the file to that file...
|
|
11547
|
-
|
|
11548
11642
|
const result = await streamDownloadWithFetch(localPath, downloadUrl);
|
|
11549
11643
|
if (!result.ok) {
|
|
11550
11644
|
// Do we proceed? Bail? Hrm...
|
|
11551
11645
|
logger.logger.fail(`Failed to download manifest file, skipping to next file. File: ${file}`);
|
|
11552
11646
|
return result;
|
|
11553
11647
|
}
|
|
11554
|
-
debug.
|
|
11648
|
+
debug.debugFn('download: manifest file completed');
|
|
11555
11649
|
return {
|
|
11556
11650
|
ok: true,
|
|
11557
11651
|
data: undefined
|
|
@@ -11628,14 +11722,14 @@ async function getLastCommitDetails({
|
|
|
11628
11722
|
}) {
|
|
11629
11723
|
logger.logger.info(`Requesting last commit for default branch ${defaultBranch} for ${orgGithub}/${repoSlug}...`);
|
|
11630
11724
|
const commitApiUrl = `${repoApiUrl}/commits?sha=${defaultBranch}&per_page=1`;
|
|
11631
|
-
debug.debugFn('
|
|
11725
|
+
debug.debugFn('url: commit', commitApiUrl);
|
|
11632
11726
|
const commitResponse = await fetch(commitApiUrl, {
|
|
11633
11727
|
headers: {
|
|
11634
11728
|
Authorization: `Bearer ${githubToken}`
|
|
11635
11729
|
}
|
|
11636
11730
|
});
|
|
11637
11731
|
const commitText = await commitResponse.text();
|
|
11638
|
-
debug.debugFn('
|
|
11732
|
+
debug.debugFn('response: commit', commitText);
|
|
11639
11733
|
let lastCommit;
|
|
11640
11734
|
try {
|
|
11641
11735
|
lastCommit = JSON.parse(commitText)?.[0];
|
|
@@ -11722,7 +11816,7 @@ async function getRepoDetails({
|
|
|
11722
11816
|
repoSlug
|
|
11723
11817
|
}) {
|
|
11724
11818
|
const repoApiUrl = `${githubApiUrl}/repos/${orgGithub}/${repoSlug}`;
|
|
11725
|
-
debug.debugFn('
|
|
11819
|
+
debug.debugFn('url: repo', repoApiUrl);
|
|
11726
11820
|
const repoDetailsResponse = await fetch(repoApiUrl, {
|
|
11727
11821
|
method: 'GET',
|
|
11728
11822
|
headers: {
|
|
@@ -11731,7 +11825,7 @@ async function getRepoDetails({
|
|
|
11731
11825
|
});
|
|
11732
11826
|
logger.logger.success(`Request completed.`);
|
|
11733
11827
|
const repoDetailsText = await repoDetailsResponse.text();
|
|
11734
|
-
debug.debugFn('
|
|
11828
|
+
debug.debugFn('response: repo', repoDetailsText);
|
|
11735
11829
|
let repoDetails;
|
|
11736
11830
|
try {
|
|
11737
11831
|
repoDetails = JSON.parse(repoDetailsText);
|
|
@@ -11770,7 +11864,7 @@ async function getRepoBranchTree({
|
|
|
11770
11864
|
}) {
|
|
11771
11865
|
logger.logger.info(`Requesting default branch file tree; branch \`${defaultBranch}\`, repo \`${orgGithub}/${repoSlug}\`...`);
|
|
11772
11866
|
const treeApiUrl = `${repoApiUrl}/git/trees/${defaultBranch}?recursive=1`;
|
|
11773
|
-
debug.debugFn('
|
|
11867
|
+
debug.debugFn('url: tree', treeApiUrl);
|
|
11774
11868
|
const treeResponse = await fetch(treeApiUrl, {
|
|
11775
11869
|
method: 'GET',
|
|
11776
11870
|
headers: {
|
|
@@ -11778,7 +11872,7 @@ async function getRepoBranchTree({
|
|
|
11778
11872
|
}
|
|
11779
11873
|
});
|
|
11780
11874
|
const treeText = await treeResponse.text();
|
|
11781
|
-
debug.debugFn('
|
|
11875
|
+
debug.debugFn('response: tree', treeText);
|
|
11782
11876
|
let treeDetails;
|
|
11783
11877
|
try {
|
|
11784
11878
|
treeDetails = JSON.parse(treeText);
|
|
@@ -12555,7 +12649,7 @@ async function fetchScan(orgSlug, scanId) {
|
|
|
12555
12649
|
return JSON.parse(line);
|
|
12556
12650
|
} catch {
|
|
12557
12651
|
ok = false;
|
|
12558
|
-
debug.debugFn('
|
|
12652
|
+
debug.debugFn('fail: parse NDJSON\n', line);
|
|
12559
12653
|
return null;
|
|
12560
12654
|
}
|
|
12561
12655
|
});
|
|
@@ -13340,7 +13434,7 @@ Do you want to install "safe npm" (this will create an alias to the socket-npm c
|
|
|
13340
13434
|
}
|
|
13341
13435
|
}
|
|
13342
13436
|
} catch (e) {
|
|
13343
|
-
debug.debugFn('
|
|
13437
|
+
debug.debugFn('fail: setup tab completion\n', e);
|
|
13344
13438
|
// Ignore. Skip tab completion setup.
|
|
13345
13439
|
}
|
|
13346
13440
|
if (!updatedTabCompletion) {
|
|
@@ -13582,5 +13676,5 @@ void (async () => {
|
|
|
13582
13676
|
await utils.captureException(e);
|
|
13583
13677
|
}
|
|
13584
13678
|
})();
|
|
13585
|
-
//# debugId=
|
|
13679
|
+
//# debugId=563527a7-7f37-46a5-b38a-7455caa4e1aa
|
|
13586
13680
|
//# sourceMappingURL=cli.js.map
|