socket 1.0.68 → 1.0.69
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +26 -3
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/types/commands/fix/agent-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
- package/dist/types/utils/git.d.mts.map +1 -1
- package/dist/utils.js +34 -17
- package/dist/utils.js.map +1 -1
- package/dist/vendor.js +5328 -952
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -3761,7 +3761,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
|
|
|
3761
3761
|
debug.debugFn('notice', `miss: CVEs expected, but not found, for ${name}`);
|
|
3762
3762
|
continue infoEntriesLoop;
|
|
3763
3763
|
}
|
|
3764
|
-
logger.logger.log(`Processing
|
|
3764
|
+
logger.logger.log(`Processing '${name}'`);
|
|
3765
3765
|
logger.logger.indent();
|
|
3766
3766
|
spinner?.indent();
|
|
3767
3767
|
if (registry.getManifestData(partialPurlObj.type, name)) {
|
|
@@ -3777,6 +3777,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
|
|
|
3777
3777
|
}
|
|
3778
3778
|
const availableVersions = Object.keys(packument.versions);
|
|
3779
3779
|
const prs = getPrsForPurl(fixEnv, infoEntry[0]);
|
|
3780
|
+
const vulnVersions = new Set();
|
|
3780
3781
|
const warningsForAfter = new Set();
|
|
3781
3782
|
|
|
3782
3783
|
// eslint-disable-next-line no-unused-labels
|
|
@@ -3851,6 +3852,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
|
|
|
3851
3852
|
});
|
|
3852
3853
|
const newVersionPackument = newVersion ? packument.versions[newVersion] : undefined;
|
|
3853
3854
|
if (!(newVersion && newVersionPackument)) {
|
|
3855
|
+
vulnVersions.add(oldVersion);
|
|
3854
3856
|
warningsForAfter.add(`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`);
|
|
3855
3857
|
continue infosLoop;
|
|
3856
3858
|
}
|
|
@@ -3918,6 +3920,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
|
|
|
3918
3920
|
hasAnnouncedWorkspace = true;
|
|
3919
3921
|
workspaceLogCallCount = logger.logger.logCallCount;
|
|
3920
3922
|
}
|
|
3923
|
+
vulnVersions.add(oldVersion);
|
|
3921
3924
|
const newId = `${name}@${utils.applyRange(refRange, newVersion, rangeStyle)}`;
|
|
3922
3925
|
spinner?.start();
|
|
3923
3926
|
spinner?.info(`Installing ${newId} in ${workspace}.`);
|
|
@@ -4097,6 +4100,9 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
|
|
|
4097
4100
|
for (const warningText of warningsForAfter) {
|
|
4098
4101
|
logger.logger.warn(warningText);
|
|
4099
4102
|
}
|
|
4103
|
+
if (!warningsForAfter.size && !vulnVersions.size) {
|
|
4104
|
+
logger.logger.info('No vulnerable versions found.');
|
|
4105
|
+
}
|
|
4100
4106
|
if (!isLastInfoEntry) {
|
|
4101
4107
|
logger.logger.logNewline();
|
|
4102
4108
|
}
|
|
@@ -4751,12 +4757,29 @@ async function run$H(argv, importMeta, {
|
|
|
4751
4757
|
return;
|
|
4752
4758
|
}
|
|
4753
4759
|
const orgSlug = orgSlugCResult.data;
|
|
4760
|
+
const rawPurls = utils.cmdFlagValueToArray(cli.flags['purl']);
|
|
4761
|
+
const purls = [];
|
|
4762
|
+
for (const purl of rawPurls) {
|
|
4763
|
+
let version;
|
|
4764
|
+
try {
|
|
4765
|
+
version = vendor.packageurlJsExports$1.PackageURL.fromString(purl)?.version;
|
|
4766
|
+
} catch {}
|
|
4767
|
+
if (version) {
|
|
4768
|
+
purls.push(purl);
|
|
4769
|
+
} else {
|
|
4770
|
+
logger.logger.warn(`--purl ${purl} is missing a version and will be ignored.`);
|
|
4771
|
+
}
|
|
4772
|
+
}
|
|
4773
|
+
if (rawPurls.length !== purls.length && !purls.length) {
|
|
4774
|
+
process.exitCode = 1;
|
|
4775
|
+
logger.logger.fail('No valid --purl values provided.');
|
|
4776
|
+
return;
|
|
4777
|
+
}
|
|
4754
4778
|
const ghsas = utils.cmdFlagValueToArray(cli.flags['ghsa']);
|
|
4755
4779
|
const limit = (cli.flags['limit'] ? parseInt(String(cli.flags['limit'] || ''), 10) : Infinity) || Infinity;
|
|
4756
4780
|
const maxSatisfying = Boolean(cli.flags['maxSatisfying']);
|
|
4757
4781
|
const minSatisfying = Boolean(cli.flags['minSatisfying']) || !maxSatisfying;
|
|
4758
4782
|
const prCheck = Boolean(cli.flags['prCheck']);
|
|
4759
|
-
const purls = utils.cmdFlagValueToArray(cli.flags['purl']);
|
|
4760
4783
|
const testScript = String(cli.flags['testScript'] || 'test');
|
|
4761
4784
|
await handleFix({
|
|
4762
4785
|
autoMerge,
|
|
@@ -14522,5 +14545,5 @@ void (async () => {
|
|
|
14522
14545
|
await utils.captureException(e);
|
|
14523
14546
|
}
|
|
14524
14547
|
})();
|
|
14525
|
-
//# debugId=
|
|
14548
|
+
//# debugId=515ed3c2-cd4e-41ad-a7f6-57b0b6683173
|
|
14526
14549
|
//# sourceMappingURL=cli.js.map
|