From badecb3c99eb8154b144431fb1d687fc88b47455 Mon Sep 17 00:00:00 2001 From: Sandor Trombitas Date: Mon, 9 Sep 2024 12:09:15 +0300 Subject: [PATCH 01/15] Revert "revert: "feat: change binary download url"" --- .gitignore | 1 + ts-binary-wrapper/src/bootstrap.ts | 5 +- ts-binary-wrapper/src/common.ts | 83 +++++++++++++++---- ts-binary-wrapper/src/index.ts | 6 +- ts-binary-wrapper/test/unit/common.spec.ts | 66 +++++++++++++-- .../test/util/prepareEnvironment.ts | 4 +- 6 files changed, 135 insertions(+), 30 deletions(-) diff --git a/.gitignore b/.gitignore index bc217c5e4f..f4a146b0f5 100644 --- a/.gitignore +++ b/.gitignore @@ -28,6 +28,7 @@ __outputs__ /ts-binary-wrapper/README.md /ts-binary-wrapper/SECURITY.md /ts-binary-wrapper/src/generated +/ts-binary-wrapper/node_modules # Diagnostic reports (https://nodejs.org/api/report.html) report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json diff --git a/ts-binary-wrapper/src/bootstrap.ts b/ts-binary-wrapper/src/bootstrap.ts index 19306c4344..61e6de0149 100644 --- a/ts-binary-wrapper/src/bootstrap.ts +++ b/ts-binary-wrapper/src/bootstrap.ts @@ -10,10 +10,11 @@ const errorContextMessage = 'Download Error'; if (process.argv.includes('exec')) { const filenameShasum = config.getShasumFile(); - const downloadUrl = config.getDownloadLocation(); + const { downloadUrl, backupUrl } = config.getDownloadLocations(); - const downloadError = await common.downloadExecutable( + const downloadError = await common.downloadWithBackup( downloadUrl, + backupUrl, executable, filenameShasum, ); diff --git a/ts-binary-wrapper/src/common.ts b/ts-binary-wrapper/src/common.ts index 793e487f30..46ef326bcd 100644 --- a/ts-binary-wrapper/src/common.ts +++ b/ts-binary-wrapper/src/common.ts @@ -21,6 +21,7 @@ const binaryDeploymentsFilePath = path.join( 'generated', 'binary-deployments.json', ); +export const integrationName = 'TS_BINARY_WRAPPER'; export class WrapperConfiguration { private version: string; @@ -45,9 +46,14 @@ export class WrapperConfiguration { return this.binaryName; } - public getDownloadLocation(): string { - const baseUrl = 'https://static.snyk.io/cli/v'; - return baseUrl + this.version + '/' + this.binaryName; + public getDownloadLocations(): { downloadUrl: string; backupUrl: string } { + const baseUrl = 'https://downloads.snyk.io/cli'; + const backupUrl = 'https://static.snyk.io/cli'; + + return { + downloadUrl: `${baseUrl}/v${this.version}/${this.binaryName}`, + backupUrl: `${backupUrl}/v${this.version}/${this.binaryName}`, + }; } public getLocalLocation(): string { @@ -60,6 +66,10 @@ export class WrapperConfiguration { } } +const logErrorWithTimeStamps = (...args) => { + console.error(`${new Date().toISOString()}:`, ...args); +}; + export function determineBinaryName(platform: string, arch: string): string { let osname = platform; let archname = arch; @@ -174,24 +184,33 @@ export function runWrapper(executable: string, cliArguments: string[]): number { const debug = debugEnabled(cliArguments); if (debug) { - console.error('Executing: ' + executable + ' ' + cliArguments.join(' ')); + logErrorWithTimeStamps( + 'Executing: ' + executable + ' ' + cliArguments.join(' '), + ); } const res = spawnSync(executable, cliArguments, { shell: false, stdio: 'inherit', + env: { + ...process.env, + SNYK_INTEGRATION_NAME: integrationName, + SNYK_INTEGRATION_VERSION: getCurrentVersion(versionFile), + }, }); if (res.status !== null) { if (debug) { - console.error(res); + logErrorWithTimeStamps(res); } return res.status; } else { - console.error(res); + logErrorWithTimeStamps(res); if (!formatErrorMessage((res.error as SpawnError).code)) { - console.error('Failed to spawn child process. (' + executable + ')'); + logErrorWithTimeStamps( + 'Failed to spawn child process. (' + executable + ')', + ); } return 2; @@ -232,7 +251,7 @@ export function formatErrorMessage(message: string): boolean { return false; } - console.error(getWarningMessage(warning)); + logErrorWithTimeStamps(getWarningMessage(warning)); return true; } @@ -242,7 +261,8 @@ export function downloadExecutable( filenameShasum: string, ): Promise { return new Promise(function(resolve) { - const options = new URL(downloadUrl); + logErrorWithTimeStamps('Starting download'); + const options = new URL(`${downloadUrl}?utm_source=${integrationName}`); const temp = path.join(__dirname, Date.now().toString()); const fileStream = fs.createWriteStream(temp); const shasum = createHash('sha256').setEncoding('hex'); @@ -271,19 +291,19 @@ export function downloadExecutable( if (filenameShasum && actualShasum != filenameShasum) { cleanupAfterError(Error('Shasum comparison failed!\n' + debugMessage)); } else { - console.error(debugMessage); + logErrorWithTimeStamps(debugMessage); // finally rename the file and change permissions fs.renameSync(temp, filename); fs.chmodSync(filename, 0o755); - console.error('Downloaded successfull! '); + logErrorWithTimeStamps('Downloaded successfull! '); } resolve(undefined); }); - console.error( - "Downloading from '" + downloadUrl + "' to '" + filename + "'", + logErrorWithTimeStamps( + "Downloading from '" + options.toString() + "' to '" + filename + "'", ); const req = https.get(options, (res) => { @@ -322,9 +342,42 @@ export function downloadExecutable( }); } +export async function downloadWithBackup( + downloadUrl: string, + backupUrl: string, + filename: string, + filenameShasum: string, +): Promise { + try { + const error = await downloadExecutable( + downloadUrl, + filename, + filenameShasum, + ); + if (error) { + logErrorWithTimeStamps(error); + logErrorWithTimeStamps( + `Failed to download from ${downloadUrl}! Trying to download from ${backupUrl} location...`, + ); + const backupError = await downloadExecutable( + backupUrl, + filename, + filenameShasum, + ); + + logErrorWithTimeStamps(backupError); + return backupError; + } + } catch (err) { + // Handle any unexpected errors + logErrorWithTimeStamps('An unexpected error occurred:', err); + throw err; // Rethrow if you want to propagate the error upwards + } +} + export async function logError( context: string, - err, + err: Error, printToConsole = true, ): Promise { if (isAnalyticsEnabled()) { @@ -345,7 +398,7 @@ export async function logError( // finally log the error to the console as well if (printToConsole) { - console.error('\n' + err); + logErrorWithTimeStamps('\n' + err); formatErrorMessage(err.message); } } diff --git a/ts-binary-wrapper/src/index.ts b/ts-binary-wrapper/src/index.ts index be7eb3cadd..2d3affc183 100644 --- a/ts-binary-wrapper/src/index.ts +++ b/ts-binary-wrapper/src/index.ts @@ -28,12 +28,14 @@ function run(executable: string): number { try { const config = common.getCurrentConfiguration(); const executable = config.getLocalLocation(); + const { downloadUrl, backupUrl } = config.getDownloadLocations(); if (!fs.existsSync(executable)) { console.error("Executable doesn't exist, trying to download."); - const downloadError = await common.downloadExecutable( - config.getDownloadLocation(), + const downloadError = await common.downloadWithBackup( + downloadUrl, + backupUrl, executable, config.getShasumFile(), ); diff --git a/ts-binary-wrapper/test/unit/common.spec.ts b/ts-binary-wrapper/test/unit/common.spec.ts index 26c80a535b..6468b1252c 100644 --- a/ts-binary-wrapper/test/unit/common.spec.ts +++ b/ts-binary-wrapper/test/unit/common.spec.ts @@ -132,7 +132,7 @@ describe('Get Shasum', () => { describe('Configuration', () => { it('Download and local location', async () => { const expectedDownloadLocation = - 'https://static.snyk.io/cli/v1.2.3/snyk-win.exe'; + 'https://downloads.snyk.io/cli/v1.2.3/snyk-win.exe'; const expectedLocalLocation = path.join( __dirname, '..', @@ -146,7 +146,7 @@ describe('Configuration', () => { '1234abcdef', ); - const actualDownloadLocation = config.getDownloadLocation(); + const actualDownloadLocation = config.getDownloadLocations().downloadUrl; expect(actualDownloadLocation).toEqual(expectedDownloadLocation); const actualLocalLocation = config.getLocalLocation(); @@ -219,7 +219,7 @@ describe('Testing binary bootstrapper', () => { // download the shasum first, here we don't expect a shasum comparison const shasumDownload = await common.downloadExecutable( - config.getDownloadLocation() + shafileExtension, + config.getDownloadLocations().downloadUrl + shafileExtension, shasumFile, '', ); @@ -227,9 +227,10 @@ describe('Testing binary bootstrapper', () => { expect(fs.existsSync(shasumFile)).toBeTruthy(); const expectedShasum = common.getCurrentSha256sum(binaryName, shasumFile); + const { downloadUrl } = config.getDownloadLocations(); // download binary next and use previously downloaded shasum to check validity const binaryDownload = await common.downloadExecutable( - config.getDownloadLocation(), + downloadUrl, config.getLocalLocation(), expectedShasum, ); @@ -241,10 +242,55 @@ describe('Testing binary bootstrapper', () => { try { // check if the binary is executable - fs.accessSync(config.getLocalLocation(), fs.constants.X_OK); + expect( + fs.accessSync(config.getLocalLocation(), fs.constants.X_OK), + ).not.toThrow(); + } catch { + // execution of binary not possible + } + + fs.unlinkSync(shasumFile); + fs.unlinkSync(config.getLocalLocation()); + }); + it('downloadWithBackup() succesfull', async () => { + const binaryName = 'snyk-macos'; + const shafileExtension = '.sha256'; + const config = new common.WrapperConfiguration('1.1080.0', binaryName, ''); + const shasumFile = + config.getLocalLocation() + Math.random() + shafileExtension; + const { downloadUrl } = config.getDownloadLocations(); + + // download the shasum first, here we don't expect a shasum comparison + const shasumDownload = await common.downloadWithBackup( + 'https://notdownloads.snyk.io/cli/v1.1080.0/snyk-macos.sha256', + downloadUrl + shafileExtension, + shasumFile, + '', + ); + expect(shasumDownload).toBeUndefined(); + expect(fs.existsSync(shasumFile)).toBeTruthy(); + const expectedShasum = common.getCurrentSha256sum(binaryName, shasumFile); + + // download binary next and use previously downloaded shasum to check validity + const binaryDownload = await common.downloadWithBackup( + 'https://notdownloads.snyk.io/cli/v1.1080.0/snyk-macos', + downloadUrl, + config.getLocalLocation(), + expectedShasum, + ); + expect(binaryDownload).toBeUndefined(); + expect(fs.existsSync(config.getLocalLocation())).toBeTruthy(); + + const stats = fs.statSync(config.getLocalLocation()); + expect(stats.mode).toEqual(0o100755); + + try { + // check if the binary is executable + expect( + fs.accessSync(config.getLocalLocation(), fs.constants.X_OK), + ).not.toThrow(); } catch { // execution of binary not possible - expect(false).toBeTruthy(); } fs.unlinkSync(shasumFile); @@ -257,10 +303,11 @@ describe('Testing binary bootstrapper', () => { const config = new common.WrapperConfiguration('1.1080.0', binaryName, ''); const shasumFile = config.getLocalLocation() + Math.random() + shafileExtension; + const { downloadUrl } = config.getDownloadLocations(); // download just any file and state a shasum expectation that never can be fullfilled const shasumDownload = await common.downloadExecutable( - config.getDownloadLocation() + shafileExtension, + downloadUrl + shafileExtension, shasumFile, 'incorrect-shasum', ); @@ -274,10 +321,11 @@ describe('Testing binary bootstrapper', () => { const config = new common.WrapperConfiguration('1.1080.0', binaryName, ''); const shasumFile = config.getLocalLocation() + Math.random() + shafileExtension; + const { downloadUrl } = config.getDownloadLocations(); // try to download a file that doesn't exis const shasumDownload = await common.downloadExecutable( - config.getDownloadLocation() + shafileExtension, + downloadUrl + shafileExtension, shasumFile, 'incorrect-shasum', ); @@ -298,7 +346,7 @@ describe('Testing binary bootstrapper', () => { }); }); -describe('isAnalyticsEnabled ', () => { +describe('isAnalyticsEnabled', () => { it('enabled', async () => { delete process.env.SNYK_DISABLE_ANALYTICS; expect(common.isAnalyticsEnabled()).toBeTruthy(); diff --git a/ts-binary-wrapper/test/util/prepareEnvironment.ts b/ts-binary-wrapper/test/util/prepareEnvironment.ts index cd624529fa..65e45ff594 100644 --- a/ts-binary-wrapper/test/util/prepareEnvironment.ts +++ b/ts-binary-wrapper/test/util/prepareEnvironment.ts @@ -79,6 +79,6 @@ export class TestEnvironmentSetup { if (process.argv.includes('exec')) { (async function() { const env = new TestEnvironmentSetup(); - await env.prepareEnvironment('1.1080.0'); - }); + await env.prepareEnvironment('1.1292.1'); + })(); } From 32951164c6d3488692154c88d4641b90915015f5 Mon Sep 17 00:00:00 2001 From: Sandor Trombitas Date: Tue, 10 Sep 2024 09:29:32 +0300 Subject: [PATCH 02/15] docs: release notes --- binary-releases/RELEASE_NOTES.md | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/binary-releases/RELEASE_NOTES.md b/binary-releases/RELEASE_NOTES.md index 2002d9ebcf..dfc0d90f1a 100644 --- a/binary-releases/RELEASE_NOTES.md +++ b/binary-releases/RELEASE_NOTES.md @@ -1,31 +1,7 @@ -## [1.1293.0](https://github.com/snyk/snyk/compare/v1.1292.3...v1.1293.0) (2024-08-16) +## [1.1293.1](https://github.com/snyk/snyk/compare/v1.1293.0...v1.1293.1) (2024-09-10) The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see [this documentation](https://docs.snyk.io/snyk-cli/releases-and-channels-for-the-snyk-cli) ### News -- Starting with this version, Snyk cli binaries will be distributed via `downloads.snyk.io` instead of `static.snyk.io`. This includes intallation from `npm`, `homebrew` and `scoop` as well as many of the CI/CD integrations. - -### Features - -- **sbom:** add support for license issues in sbom test ([6948668](https://github.com/snyk/snyk/commit/6948668d57523c2e7fd76ff363cf2d1625b6f0f3)) -- **auth:** Use OAuth2 as default authentication mechanism ([35949c4](https://github.com/snyk/snyk/commit/35949c4acdd3bcbd510a6ac076523f21366b91c2)) - **config:** Introduce config environment command ([0d8dd2b](https://github.com/snyk/snyk/commit/0d8dd2b04278e38fe5fd335ec3023f753c944988)) -- **container:** When docker is not installed, platform parameter is now supported ([64b405d](https://github.com/snyk/snyk/commit/64b405d02733fb2423798f4cfbff19fa04110c2d)) - -### Bug Fixes - -- **auth:** align auth failure error messages for oauth ([e3bfec3](https://github.com/snyk/snyk/commit/e3bfec354e56499a2266a45804d0a93d17f46bce)) -- **auth:** ensure environment variable precedence for auth tokens ([24417d6](https://github.com/snyk/snyk/commit/24417d6e7c7661c1a288a1f01502af17fdb54e64)) -- **test:** fix a bug related to multi-project .NET folder structures ([755a38f](https://github.com/snyk/snyk/commit/755a38fc6b5c7b4f7631fced9e8f0fd8ed391819)) -- **test:** multiple pnpm workspace improvements ([da5c14f](https://github.com/snyk/snyk/commit/da5c14fc344f17c7ac8c0969f2e0cb24ba59b6cd)) -- **test:** fixes a bug regarding Snyk attempting to get the dependencies from the wrong nuget \*.deps.json file.([2e17434](https://github.com/snyk/snyk/commit/2e17434de99d342ea7dcedf5ba5bd250aae85eb3)) -- **test:** support for pipenv with python 3.12 ([09df3bc](https://github.com/snyk/snyk/commit/09df3bc7dbcb184a56021ead7703732fa66ea273)) -- **test:** support multi-part comparison for python pip versions. ([b625eb9](https://github.com/snyk/snyk/commit/b625eb90410d69047ef87b65cc0289f9360251fe)) -- **container:** container monitor with --json now outputs valid json([039c9bd](https://github.com/snyk/snyk/commit/039c9bd13efa9397a8e442e80206bfabcc529125)) -- **container:** support hashing large .jar files ([6f82231](https://github.com/snyk/snyk/commit/6f822317209e8b60bb07bf073bdcb9c78f402eb8)) -- **sbom:** fix issues in JSON output of `sbom test` command, include CWE values on `CWE` property ([#5331](https://github.com/snyk/snyk/issues/5331)) ([99773c3](https://github.com/snyk/snyk/commit/99773c3eac6c41c61c9da7fc0f1b991e5298dc37)) -- **sbom:** include all detected dep-graphs of a container image ([ea43977](https://github.com/snyk/snyk/commit/ea439770e88093d1a99d88957f48ea63ea82b09a)) -- **iac:** fixed an issue where the resource path was missing for certain Terraform resources. [IAC-3015](<[0b5823a](https://github.com/snyk/snyk/commit/0b5823ae2673bfbec7a055c881e8055eeb8c01ee)>) -- **general:** map previously unhandled exit codes to exit code 2 ([9fde4fe](https://github.com/snyk/snyk/commit/9fde4fec680f2ae0650baf6b1cfed5908984e9ef)) -- **general:** use entitlements when signing bundled macos binaries ([bebc59c](https://github.com/snyk/snyk/commit/bebc59cbfbd20aef2e8531845579f2d78c5b07ca)) +- Starting with this version, Snyk cli binaries will be distributed via `downloads.snyk.io` instead of `static.snyk.io`. This includes intallation from `npm`. From 58c22d9bce8b02be4f22bc6cae4a827f92e75009 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20Scha=CC=88fer?= <101886095+PeterSchafer@users.noreply.github.com> Date: Fri, 30 Aug 2024 10:56:45 +0200 Subject: [PATCH 03/15] fix: upgrade go-getter to 1.7.5 From 70c9da145bdaacaaaff96e81a210782e2ac5b5c8 Mon Sep 17 00:00:00 2001 From: Luke Watts Date: Fri, 18 Oct 2024 13:07:25 +0200 Subject: [PATCH 04/15] docs: update release notes --- binary-releases/RELEASE_NOTES.md | 51 ++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 binary-releases/RELEASE_NOTES.md diff --git a/binary-releases/RELEASE_NOTES.md b/binary-releases/RELEASE_NOTES.md new file mode 100644 index 0000000000..6ee2abb304 --- /dev/null +++ b/binary-releases/RELEASE_NOTES.md @@ -0,0 +1,51 @@ +## [1.0.0-monorepo](https://github.com/snyk/snyk/compare/v1.1293.0...v1.0.0-monorepo) (2024-10-18) + +The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see [this documentation](https://docs.snyk.io/snyk-cli/releases-and-channels-for-the-snyk-cli) + +### Features + +* add CycloneDX 1.6 SBOM support ([1330fc2](https://github.com/snyk/snyk/commit/1330fc2442e48865ea2e1b27a94cf665ff4b0416)) +* add data transformation workflow [CLI-502] ([2cd3bfd](https://github.com/snyk/snyk/commit/2cd3bfd298b423ea632906cdd9b24ee5eac1c6d3)) +* automatic integration of language server 45d38517ca31d0dcbb30d35bc235b187f0c33156 ([e60dda0](https://github.com/snyk/snyk/commit/e60dda0c8c8d48a59a1260b221d5ac8bbc616093)) +* automatic integration of language server 56a46746f0be9d0ad20bc1c31e9aa8a66c8c31dc ([e5d8b68](https://github.com/snyk/snyk/commit/e5d8b68901b5934d7331a97ac56216532e1ece22)) +* automatic integration of language server 749398323e1918d99214e797aaf18adf0492d0a6 ([24cfd5a](https://github.com/snyk/snyk/commit/24cfd5ad30186089114307328d04bbfc8d11dc6f)) +* automatic integration of language server 871df13e7984636feb2c61570bff2d117828d8a3 ([507d402](https://github.com/snyk/snyk/commit/507d4023a3aaf78ee5340246946c43b9501b257e)) +* automatic integration of language server a8e770a8dcb46ad14861001a969c03694d7c2a30 ([0c22b2a](https://github.com/snyk/snyk/commit/0c22b2aa5329d3e5ca00ff23b7ec7472432b89ca)) +* automatic integration of language server e23b2e02a33de2f722a579a8fa10cccfa3d80d84 ([a3037bd](https://github.com/snyk/snyk/commit/a3037bd81389dbd7054b84ece9919ff87b9a44e9)) +* automatic integration of language server f340bd73b5146a0653b2126e7900c467c89e4398 ([0637bca](https://github.com/snyk/snyk/commit/0637bca3a1440e73b2ed874217db605732b6dee6)) +* automatic integration of language server f45a1a9e861a2f67a2aa6e624b755a411333298a ([771dce7](https://github.com/snyk/snyk/commit/771dce7ac5fc2daead08dba9187186bb81e4f687)) +* automatic integration of language server fa9fa4069fc2cd94b0b9aca67c27d2e7fd7ddacd ([ac946d1](https://github.com/snyk/snyk/commit/ac946d1f521d1006bbec279377b190781675dbbb)) +* conditionally write gaf data to file ([7f11919](https://github.com/snyk/snyk/commit/7f11919360cd01e97ede0467dd0f064134807157)) +* **deployment:** Deploy alpine arm64 binaries ([9daace4](https://github.com/snyk/snyk/commit/9daace4aa1bdb5d5939d91a118709a5f78b64bb8)) +* drop policy property on global Snyk object ([fef0d69](https://github.com/snyk/snyk/commit/fef0d69e7e67923b1b3d704ef79f8df696ef310e)) +* enable cocoapods to send graphs for cli monitor ([ca56c69](https://github.com/snyk/snyk/commit/ca56c695e65f11b44b0c50f93b892a0e03aea97a)) +* pass allow analytics flag to snyk-iac-test [IAC-3017] ([b12d3ac](https://github.com/snyk/snyk/commit/b12d3acf99a318c3841977ba4a3277b32a8baa22)) + + +### Bug Fixes + +* add normalize help for deriving target files [CLI-448] ([82efb50](https://github.com/snyk/snyk/commit/82efb50280569b5a3f290fda347d18d6a67170ca)) +* **auth:** missing auth issue with oauth ([57ae95c](https://github.com/snyk/snyk/commit/57ae95cf5e3fc3d4c744a782feae2def17e70493)) +* check iacNewEngine FF and pass it to snyk-iac-test [IAC-3059] ([2051a6d](https://github.com/snyk/snyk/commit/2051a6d38071a304dbef97784cfeac20c7f56d09)) +* default limit to max vulnerable paths per vuln, add override option ([302d7ac](https://github.com/snyk/snyk/commit/302d7ac5a396d85cc4c424421ef5b7cfa5f32297)) +* **deployment:** upload sequence to s3 ([e8499b0](https://github.com/snyk/snyk/commit/e8499b041c4ca38b8bed86c704989df2c6408c32)) +* do not show test deps for Dverbose mvn with dependencyManagement ([67e0de9](https://github.com/snyk/snyk/commit/67e0de94c13622c390aff4a5b34bba4791272577)) +* **docs:** update contributing.md ([c2ff465](https://github.com/snyk/snyk/commit/c2ff465c34da80a2630099ca0c3653092d3ec3f9)) +* fixed support for pnpm alias packages ([d506de1](https://github.com/snyk/snyk/commit/d506de1203483cf627680a7ad7aa30b1479ed76c)) +* **iac:** upgrade iac custom rules ext to address vulns [IAC-3065] ([d6cc509](https://github.com/snyk/snyk/commit/d6cc509d919165efa7392b0f0ef532d8840f1207)) +* **iac:** upgrade snyk-iac-test to v0.55.1 [IAC-2940] ([0dadc90](https://github.com/snyk/snyk/commit/0dadc901087b97040243bb8a65b4844df9096a3d)) +* ignore false positive ([71215f6](https://github.com/snyk/snyk/commit/71215f68d35e07b17f93fbe22a93eea36ec2b925)) +* point snyk policy out urls to snyk.io ([28509a3](https://github.com/snyk/snyk/commit/28509a303e5d2b783799291e8db4afd159cd7533)) +* respect default detection depth of 4 ([45a74ea](https://github.com/snyk/snyk/commit/45a74eaf68404a2c046fe11d73682a8b5750368f)) +* restore cert file if it was externally removed ([ef1547f](https://github.com/snyk/snyk/commit/ef1547fde9fa0e53897bbb8c51fa1cf3b02d78b8)) +* scan non publishable projects on improved net ([a6c0e67](https://github.com/snyk/snyk/commit/a6c0e671937a662c0f3b4bfa4eae4c232511f7e8)) +* scan nuget with PublishSingleFile turned on ([2c74298](https://github.com/snyk/snyk/commit/2c74298094b627ec2d5df6b57f5aa49f67d4c132)) +* type errors in tests ([2e39187](https://github.com/snyk/snyk/commit/2e39187881daebaf0458fde772141ce9848c6762)) +* update tests to the current policy schema version ([35acaa9](https://github.com/snyk/snyk/commit/35acaa97fce3bd2627f8246d02ae3b79984fd2bd)) +* upgrade go-getter to 1.7.5 ([970de96](https://github.com/snyk/snyk/commit/970de96595a931f4362c9c95fe2ce901c4c63b55)) +* upgrade go-getter to 1.7.5 ([f730f9d](https://github.com/snyk/snyk/commit/f730f9d8893f13bf896e39d908d6b6d3662b3a42)) +* upgrade iac extension and snyk-iac-test ([9134c05](https://github.com/snyk/snyk/commit/9134c05d3f060daaa4294f47b7d2831bef894e07)) +* upgrade slack/webhook to 7.0.3 ([8ab4433](https://github.com/snyk/snyk/commit/8ab4433d2b9e037cd181270f62d3295a9c6b9086)) +* upgrade slack/webhook to 7.0.3 ([7e1a035](https://github.com/snyk/snyk/commit/7e1a03539f6e8c8a4b6fd500e9b5ac0c5449d079)) +* use runtimeInfo to derive the version for cliv1 path ([652d1ba](https://github.com/snyk/snyk/commit/652d1ba0b4e59aa5e2bf16bf95f31898fc6068b0)) + From baef934d14cb88a128477618c3861235aee1cecc Mon Sep 17 00:00:00 2001 From: Sandor Trombitas Date: Wed, 16 Oct 2024 11:50:48 +0300 Subject: [PATCH 05/15] fix: update snyk-nodejs-plugin to fix micromatch vuln --- package-lock.json | 270 ++++++++++++++++++++++------------------------ package.json | 2 +- 2 files changed, 128 insertions(+), 144 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2fb7e99826..572b993ed4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -74,7 +74,7 @@ "snyk-module": "3.1.0", "snyk-mvn-plugin": "3.6.0", "snyk-nodejs-lockfile-parser": "1.58.10", - "snyk-nodejs-plugin": "1.3.3", + "snyk-nodejs-plugin": "1.3.4", "snyk-nuget-plugin": "2.7.8", "snyk-php-plugin": "1.9.2", "snyk-policy": "^4.0.0", @@ -20974,9 +20974,9 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/snyk-nodejs-plugin": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/snyk-nodejs-plugin/-/snyk-nodejs-plugin-1.3.3.tgz", - "integrity": "sha512-QWvN9mZzbYJAYP1oog8HITfWMyGsR7jey2BphnKvi+mgfq9VgopixryvhXv63m8jMCiTQZEUSTGd2qbR2uJVnA==", + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/snyk-nodejs-plugin/-/snyk-nodejs-plugin-1.3.4.tgz", + "integrity": "sha512-diUvn/H8RwNzDJZagHNp7SenTnaYf7YKnp6/qvLmyuft0q3vQrFJerYZAVRmyn6I+f07GL13dufOzLi9/BBkTA==", "dependencies": { "@snyk/cli-interface": "^2.13.0", "@snyk/dep-graph": "^2.7.4", @@ -20985,8 +20985,8 @@ "lodash.groupby": "^4.6.0", "lodash.isempty": "^4.4.0", "lodash.sortby": "^4.7.0", - "micromatch": "4.0.7", - "snyk-nodejs-lockfile-parser": "1.58.10", + "micromatch": "4.0.8", + "snyk-nodejs-lockfile-parser": "1.58.13", "snyk-resolve-deps": "4.8.0" }, "engines": { @@ -21004,93 +21004,90 @@ "@snyk/dep-graph": ">=1" } }, - "node_modules/snyk-nodejs-plugin/node_modules/hosted-git-info": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.1.0.tgz", - "integrity": "sha512-kyCuEOWjJqZuDbRHzL8V93NzQhwIB71oFWSyzVo+KPZI+pnQPPxucdkrOZvkLRnrf5URsQM+IJ09Dw29cRALIA==", + "node_modules/snyk-nodejs-plugin/node_modules/@snyk/error-catalog-nodejs-public": { + "version": "5.32.1", + "resolved": "https://registry.npmjs.org/@snyk/error-catalog-nodejs-public/-/error-catalog-nodejs-public-5.32.1.tgz", + "integrity": "sha512-qheDTzRn82lLDsp+GEz1dsXmxKKsqlk09Hy5fqLYwQBSXry/FVHNH0RfpBeGHNiWhfdbuGgxni9KTXVcCJJglg==", "dependencies": { - "lru-cache": "^6.0.0" - }, - "engines": { - "node": ">=10" + "tslib": "^2.6.2", + "uuid": "^9.0.0" } }, - "node_modules/snyk-nodejs-plugin/node_modules/hosted-git-info/node_modules/lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "dependencies": { - "yallist": "^4.0.0" - }, - "engines": { - "node": ">=10" - } + "node_modules/snyk-nodejs-plugin/node_modules/@snyk/error-catalog-nodejs-public/node_modules/tslib": { + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz", + "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA==" }, - "node_modules/snyk-nodejs-plugin/node_modules/hosted-git-info/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - }, - "node_modules/snyk-nodejs-plugin/node_modules/lru-cache": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", - "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", - "dependencies": { - "pseudomap": "^1.0.2", - "yallist": "^2.1.2" + "node_modules/snyk-nodejs-plugin/node_modules/@snyk/error-catalog-nodejs-public/node_modules/uuid": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], + "bin": { + "uuid": "dist/bin/uuid" } }, - "node_modules/snyk-nodejs-plugin/node_modules/micromatch": { - "version": "4.0.7", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz", - "integrity": "sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==", + "node_modules/snyk-nodejs-plugin/node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, + "node_modules/snyk-nodejs-plugin/node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", "dependencies": { - "braces": "^3.0.3", - "picomatch": "^2.3.1" + "argparse": "^2.0.1" }, - "engines": { - "node": ">=8.6" + "bin": { + "js-yaml": "bin/js-yaml.js" } }, "node_modules/snyk-nodejs-plugin/node_modules/semver": { - "version": "5.7.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", - "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==", "bin": { - "semver": "bin/semver" - } - }, - "node_modules/snyk-nodejs-plugin/node_modules/snyk-module": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/snyk-module/-/snyk-module-3.2.0.tgz", - "integrity": "sha512-6MLJyi4OMOZtCWTzGgRMEEw9qQ1fAwKoj5XYXfKOjIsohi3ubKsVfvSoScj0IovtiKowm2iCZ+VIRPJab6nCxA==", - "dependencies": { - "debug": "^4.1.1", - "hosted-git-info": "^4.0.2" + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" } }, - "node_modules/snyk-nodejs-plugin/node_modules/snyk-resolve-deps": { - "version": "4.8.0", - "resolved": "https://registry.npmjs.org/snyk-resolve-deps/-/snyk-resolve-deps-4.8.0.tgz", - "integrity": "sha512-/pXaStapn8ldr68e1Bs2gmxoQpiB3fnjfZSfzY82bxedmSKzQgTJ5vhf1P9kALj3IBEb1wYaQ/MtNH5E9DK0/g==", + "node_modules/snyk-nodejs-plugin/node_modules/snyk-nodejs-lockfile-parser": { + "version": "1.58.13", + "resolved": "https://registry.npmjs.org/snyk-nodejs-lockfile-parser/-/snyk-nodejs-lockfile-parser-1.58.13.tgz", + "integrity": "sha512-VBxAewF3cIpGCOclzvZqW7e0PAHMIqSWV88Gz/OLkeTN3Hmw2POMwgYU1Bbhe/1ypKCO0QQPdAfegK1z0QlEJw==", "dependencies": { - "ansicolors": "^0.3.2", - "debug": "^4.3.4", - "lodash": "^4.17.21", - "lru-cache": "^4.1.5", - "semver": "^5.7.2", - "snyk-module": "^3.2.0", - "snyk-resolve": "^1.1.0", - "snyk-tree": "^1.0.0", - "snyk-try-require": "^2.0.2", - "then-fs": "^2.0.0" + "@snyk/dep-graph": "^2.3.0", + "@snyk/error-catalog-nodejs-public": "^5.16.0", + "@snyk/graphlib": "2.1.9-patch.3", + "@yarnpkg/core": "^2.4.0", + "@yarnpkg/lockfile": "^1.1.0", + "dependency-path": "^9.2.8", + "event-loop-spinner": "^2.0.0", + "js-yaml": "^4.1.0", + "lodash.clonedeep": "^4.5.0", + "lodash.flatmap": "^4.5.0", + "lodash.isempty": "^4.4.0", + "lodash.topairs": "^4.3.0", + "micromatch": "^4.0.8", + "p-map": "^4.0.0", + "semver": "^7.6.0", + "snyk-config": "^5.0.0", + "tslib": "^1.9.3", + "uuid": "^8.3.0" + }, + "bin": { + "parse-nodejs-lockfile": "bin/index.js" + }, + "engines": { + "node": ">=10" } }, - "node_modules/snyk-nodejs-plugin/node_modules/yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha512-ncTzHV7NvsQZkYe1DW7cbDLm0YpzHmZF5r/iyP3ZnQtMiJ+pjzisCiMNI+Sj+xQF5pXhSHxSB3uDbsBTzY/c2A==" - }, "node_modules/snyk-nuget-plugin": { "version": "2.7.8", "resolved": "https://registry.npmjs.org/snyk-nuget-plugin/-/snyk-nuget-plugin-2.7.8.tgz", @@ -40233,9 +40230,9 @@ } }, "snyk-nodejs-plugin": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/snyk-nodejs-plugin/-/snyk-nodejs-plugin-1.3.3.tgz", - "integrity": "sha512-QWvN9mZzbYJAYP1oog8HITfWMyGsR7jey2BphnKvi+mgfq9VgopixryvhXv63m8jMCiTQZEUSTGd2qbR2uJVnA==", + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/snyk-nodejs-plugin/-/snyk-nodejs-plugin-1.3.4.tgz", + "integrity": "sha512-diUvn/H8RwNzDJZagHNp7SenTnaYf7YKnp6/qvLmyuft0q3vQrFJerYZAVRmyn6I+f07GL13dufOzLi9/BBkTA==", "requires": { "@snyk/cli-interface": "^2.13.0", "@snyk/dep-graph": "^2.7.4", @@ -40244,8 +40241,8 @@ "lodash.groupby": "^4.6.0", "lodash.isempty": "^4.4.0", "lodash.sortby": "^4.7.0", - "micromatch": "4.0.7", - "snyk-nodejs-lockfile-parser": "1.58.10", + "micromatch": "4.0.8", + "snyk-nodejs-lockfile-parser": "1.58.13", "snyk-resolve-deps": "4.8.0" }, "dependencies": { @@ -40257,82 +40254,69 @@ "@types/graphlib": "^2" } }, - "hosted-git-info": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.1.0.tgz", - "integrity": "sha512-kyCuEOWjJqZuDbRHzL8V93NzQhwIB71oFWSyzVo+KPZI+pnQPPxucdkrOZvkLRnrf5URsQM+IJ09Dw29cRALIA==", + "@snyk/error-catalog-nodejs-public": { + "version": "5.32.1", + "resolved": "https://registry.npmjs.org/@snyk/error-catalog-nodejs-public/-/error-catalog-nodejs-public-5.32.1.tgz", + "integrity": "sha512-qheDTzRn82lLDsp+GEz1dsXmxKKsqlk09Hy5fqLYwQBSXry/FVHNH0RfpBeGHNiWhfdbuGgxni9KTXVcCJJglg==", "requires": { - "lru-cache": "^6.0.0" + "tslib": "^2.6.2", + "uuid": "^9.0.0" }, "dependencies": { - "lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "requires": { - "yallist": "^4.0.0" - } + "tslib": { + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz", + "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA==" }, - "yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + "uuid": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==" } } }, - "lru-cache": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz", - "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==", - "requires": { - "pseudomap": "^1.0.2", - "yallist": "^2.1.2" - } + "argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" }, - "micromatch": { - "version": "4.0.7", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz", - "integrity": "sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==", + "js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", "requires": { - "braces": "^3.0.3", - "picomatch": "^2.3.1" + "argparse": "^2.0.1" } }, "semver": { - "version": "5.7.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", - "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" - }, - "snyk-module": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/snyk-module/-/snyk-module-3.2.0.tgz", - "integrity": "sha512-6MLJyi4OMOZtCWTzGgRMEEw9qQ1fAwKoj5XYXfKOjIsohi3ubKsVfvSoScj0IovtiKowm2iCZ+VIRPJab6nCxA==", - "requires": { - "debug": "^4.1.1", - "hosted-git-info": "^4.0.2" - } + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==" }, - "snyk-resolve-deps": { - "version": "4.8.0", - "resolved": "https://registry.npmjs.org/snyk-resolve-deps/-/snyk-resolve-deps-4.8.0.tgz", - "integrity": "sha512-/pXaStapn8ldr68e1Bs2gmxoQpiB3fnjfZSfzY82bxedmSKzQgTJ5vhf1P9kALj3IBEb1wYaQ/MtNH5E9DK0/g==", - "requires": { - "ansicolors": "^0.3.2", - "debug": "^4.3.4", - "lodash": "^4.17.21", - "lru-cache": "^4.1.5", - "semver": "^5.7.2", - "snyk-module": "^3.2.0", - "snyk-resolve": "^1.1.0", - "snyk-tree": "^1.0.0", - "snyk-try-require": "^2.0.2", - "then-fs": "^2.0.0" + "snyk-nodejs-lockfile-parser": { + "version": "1.58.13", + "resolved": "https://registry.npmjs.org/snyk-nodejs-lockfile-parser/-/snyk-nodejs-lockfile-parser-1.58.13.tgz", + "integrity": "sha512-VBxAewF3cIpGCOclzvZqW7e0PAHMIqSWV88Gz/OLkeTN3Hmw2POMwgYU1Bbhe/1ypKCO0QQPdAfegK1z0QlEJw==", + "requires": { + "@snyk/dep-graph": "^2.3.0", + "@snyk/error-catalog-nodejs-public": "^5.16.0", + "@snyk/graphlib": "2.1.9-patch.3", + "@yarnpkg/core": "^2.4.0", + "@yarnpkg/lockfile": "^1.1.0", + "dependency-path": "^9.2.8", + "event-loop-spinner": "^2.0.0", + "js-yaml": "^4.1.0", + "lodash.clonedeep": "^4.5.0", + "lodash.flatmap": "^4.5.0", + "lodash.isempty": "^4.4.0", + "lodash.topairs": "^4.3.0", + "micromatch": "^4.0.8", + "p-map": "^4.0.0", + "semver": "^7.6.0", + "snyk-config": "^5.0.0", + "tslib": "^1.9.3", + "uuid": "^8.3.0" } - }, - "yallist": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz", - "integrity": "sha512-ncTzHV7NvsQZkYe1DW7cbDLm0YpzHmZF5r/iyP3ZnQtMiJ+pjzisCiMNI+Sj+xQF5pXhSHxSB3uDbsBTzY/c2A==" } } }, diff --git a/package.json b/package.json index 3e53e3c127..9199a61f37 100644 --- a/package.json +++ b/package.json @@ -122,7 +122,7 @@ "snyk-module": "3.1.0", "snyk-mvn-plugin": "3.6.0", "snyk-nodejs-lockfile-parser": "1.58.10", - "snyk-nodejs-plugin": "1.3.3", + "snyk-nodejs-plugin": "1.3.4", "snyk-nuget-plugin": "2.7.8", "snyk-php-plugin": "1.9.2", "snyk-policy": "^4.0.0", From 151f63df5fe94f7c2734b9cb227b9eb25f35d412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maximilian=20Comb=C3=BCchen?= Date: Mon, 14 Oct 2024 09:59:47 +0200 Subject: [PATCH 06/15] fix: add missing option `--gradle-normalize-deps` to SBOM command --- cliv2/go.mod | 4 ++-- cliv2/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cliv2/go.mod b/cliv2/go.mod index 35de902e5a..2960b31075 100644 --- a/cliv2/go.mod +++ b/cliv2/go.mod @@ -12,9 +12,9 @@ require ( github.com/google/uuid v1.6.0 github.com/pkg/errors v0.9.1 github.com/rs/zerolog v1.33.0 - github.com/snyk/cli-extension-dep-graph v0.0.0-20240426125928-8d56ac52821e + github.com/snyk/cli-extension-dep-graph v0.0.0-20241014075215-311d3c8a423f github.com/snyk/cli-extension-iac-rules v0.0.0-20241008152401-24c8cf03a1a3 - github.com/snyk/cli-extension-sbom v0.0.0-20240820111700-68258cba52c7 + github.com/snyk/cli-extension-sbom v0.0.0-20241014075233-2c0dbfc5f3b6 github.com/snyk/container-cli v0.0.0-20240821111304-7ca1c415a5d7 github.com/snyk/error-catalog-golang-public v0.0.0-20240809094525-c48d19c27edb github.com/snyk/go-application-framework v0.0.0-20241009095349-dc0fb55f3eb3 diff --git a/cliv2/go.sum b/cliv2/go.sum index e1e0cc9553..bf126fba8f 100644 --- a/cliv2/go.sum +++ b/cliv2/go.sum @@ -750,12 +750,12 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= -github.com/snyk/cli-extension-dep-graph v0.0.0-20240426125928-8d56ac52821e h1:j17Ujw51/2SC3m1hbNCUwxFc8aNIFyfpnwFAszgEM8c= -github.com/snyk/cli-extension-dep-graph v0.0.0-20240426125928-8d56ac52821e/go.mod h1:QF3v8HBpOpyudYNCuR8LqfULutO76c91sBdLzD+pBJU= +github.com/snyk/cli-extension-dep-graph v0.0.0-20241014075215-311d3c8a423f h1:xZK+6ug+pNgnIfPFGkQtxBZwcN/6RoXpQruRHimjfKM= +github.com/snyk/cli-extension-dep-graph v0.0.0-20241014075215-311d3c8a423f/go.mod h1:QF3v8HBpOpyudYNCuR8LqfULutO76c91sBdLzD+pBJU= github.com/snyk/cli-extension-iac-rules v0.0.0-20241008152401-24c8cf03a1a3 h1:AQMi52/aevl9bBSzwxGLz9kxInojkSe/Q6j1s1s6yJg= github.com/snyk/cli-extension-iac-rules v0.0.0-20241008152401-24c8cf03a1a3/go.mod h1:A/DNK3ZnUgqOKJ33Lc1z5KbbHqRSBgwCWw9KuyJu0xQ= -github.com/snyk/cli-extension-sbom v0.0.0-20240820111700-68258cba52c7 h1:+xhigV8lkriZ8riIg79Yx/sDpKZV9ihz2iAM0Xa8/V4= -github.com/snyk/cli-extension-sbom v0.0.0-20240820111700-68258cba52c7/go.mod h1:5CaY1bgvJY/uoG/1plLOf8T8o9AkwoBIGvw34RfRLZw= +github.com/snyk/cli-extension-sbom v0.0.0-20241014075233-2c0dbfc5f3b6 h1:vywmAvDiMsmsK6ehG9KpOUVdi5Gcv35R35DLuF4v+Ms= +github.com/snyk/cli-extension-sbom v0.0.0-20241014075233-2c0dbfc5f3b6/go.mod h1:5CaY1bgvJY/uoG/1plLOf8T8o9AkwoBIGvw34RfRLZw= github.com/snyk/code-client-go v1.10.0 h1:t/hBINxj4lKvoo681uGhxHBpMued/j68p2sHbB9qbfo= github.com/snyk/code-client-go v1.10.0/go.mod h1:orU911flV1kJQOlxxx0InUQkAfpBrcERsb2olfnlI8s= github.com/snyk/container-cli v0.0.0-20240821111304-7ca1c415a5d7 h1:Zn5BcV76oFAbJm5tDygU945lvoZ3yY8FoRFDC3YpwF8= From a54317939e0b795732e36cd024ed80d5bf5cc167 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maximilian=20Comb=C3=BCchen?= Date: Wed, 16 Oct 2024 10:33:43 +0200 Subject: [PATCH 07/15] fix: include CVE in JSON output of `sbom test` command --- cliv2/go.mod | 2 +- cliv2/go.sum | 4 ++-- test/jest/acceptance/snyk-sbom-test/all-projects.spec.ts | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/cliv2/go.mod b/cliv2/go.mod index 2960b31075..7dbd932d22 100644 --- a/cliv2/go.mod +++ b/cliv2/go.mod @@ -14,7 +14,7 @@ require ( github.com/rs/zerolog v1.33.0 github.com/snyk/cli-extension-dep-graph v0.0.0-20241014075215-311d3c8a423f github.com/snyk/cli-extension-iac-rules v0.0.0-20241008152401-24c8cf03a1a3 - github.com/snyk/cli-extension-sbom v0.0.0-20241014075233-2c0dbfc5f3b6 + github.com/snyk/cli-extension-sbom v0.0.0-20241016065306-0df2be5b3b8f github.com/snyk/container-cli v0.0.0-20240821111304-7ca1c415a5d7 github.com/snyk/error-catalog-golang-public v0.0.0-20240809094525-c48d19c27edb github.com/snyk/go-application-framework v0.0.0-20241009095349-dc0fb55f3eb3 diff --git a/cliv2/go.sum b/cliv2/go.sum index bf126fba8f..d34ec444c5 100644 --- a/cliv2/go.sum +++ b/cliv2/go.sum @@ -754,8 +754,8 @@ github.com/snyk/cli-extension-dep-graph v0.0.0-20241014075215-311d3c8a423f h1:xZ github.com/snyk/cli-extension-dep-graph v0.0.0-20241014075215-311d3c8a423f/go.mod h1:QF3v8HBpOpyudYNCuR8LqfULutO76c91sBdLzD+pBJU= github.com/snyk/cli-extension-iac-rules v0.0.0-20241008152401-24c8cf03a1a3 h1:AQMi52/aevl9bBSzwxGLz9kxInojkSe/Q6j1s1s6yJg= github.com/snyk/cli-extension-iac-rules v0.0.0-20241008152401-24c8cf03a1a3/go.mod h1:A/DNK3ZnUgqOKJ33Lc1z5KbbHqRSBgwCWw9KuyJu0xQ= -github.com/snyk/cli-extension-sbom v0.0.0-20241014075233-2c0dbfc5f3b6 h1:vywmAvDiMsmsK6ehG9KpOUVdi5Gcv35R35DLuF4v+Ms= -github.com/snyk/cli-extension-sbom v0.0.0-20241014075233-2c0dbfc5f3b6/go.mod h1:5CaY1bgvJY/uoG/1plLOf8T8o9AkwoBIGvw34RfRLZw= +github.com/snyk/cli-extension-sbom v0.0.0-20241016065306-0df2be5b3b8f h1:dlL+f+5sjHj4JCzW/Evl1x9UREXLyc3M4KjoZvQx0Bs= +github.com/snyk/cli-extension-sbom v0.0.0-20241016065306-0df2be5b3b8f/go.mod h1:5CaY1bgvJY/uoG/1plLOf8T8o9AkwoBIGvw34RfRLZw= github.com/snyk/code-client-go v1.10.0 h1:t/hBINxj4lKvoo681uGhxHBpMued/j68p2sHbB9qbfo= github.com/snyk/code-client-go v1.10.0/go.mod h1:orU911flV1kJQOlxxx0InUQkAfpBrcERsb2olfnlI8s= github.com/snyk/container-cli v0.0.0-20240821111304-7ca1c415a5d7 h1:Zn5BcV76oFAbJm5tDygU945lvoZ3yY8FoRFDC3YpwF8= diff --git a/test/jest/acceptance/snyk-sbom-test/all-projects.spec.ts b/test/jest/acceptance/snyk-sbom-test/all-projects.spec.ts index 0b935b29d9..3c7fb8c5a4 100644 --- a/test/jest/acceptance/snyk-sbom-test/all-projects.spec.ts +++ b/test/jest/acceptance/snyk-sbom-test/all-projects.spec.ts @@ -98,6 +98,7 @@ describe('snyk sbom test (mocked server only)', () => { expect(stdout).toContain('"version":"3.0.4",'); expect(stdout).toContain('"name":"minimatch"'); expect(stdout).toContain('"CWE":["CWE-1333"]'); + expect(stdout).toContain('"CVE":["CVE-2022-3517"]'); expect(stdout).toContain('"semver":{"vulnerable":["3.0.4"]}'); expect(code).toEqual(1); From 7ca7919b2a73a2163980167bfa2e6d5d741a1bdb Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Fri, 18 Oct 2024 13:00:17 +0200 Subject: [PATCH 08/15] fix: update snyk-ls to latest fixes --- cliv2/go.mod | 2 +- cliv2/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cliv2/go.mod b/cliv2/go.mod index 7dbd932d22..9db7dacd64 100644 --- a/cliv2/go.mod +++ b/cliv2/go.mod @@ -20,7 +20,7 @@ require ( github.com/snyk/go-application-framework v0.0.0-20241009095349-dc0fb55f3eb3 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 github.com/snyk/snyk-iac-capture v0.6.5 - github.com/snyk/snyk-ls v0.0.0-20241009134219-56a46746f0be + github.com/snyk/snyk-ls v0.0.0-20241018081540-0c956c5aef5b github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 diff --git a/cliv2/go.sum b/cliv2/go.sum index d34ec444c5..9d205a653b 100644 --- a/cliv2/go.sum +++ b/cliv2/go.sum @@ -770,8 +770,8 @@ github.com/snyk/policy-engine v0.31.3 h1:FepCg6QN/X8uvxYjF+WwB2aiBPJB+NENDgKQeI/ github.com/snyk/policy-engine v0.31.3/go.mod h1:Z9/hcngz+2txX4QfQRwfODk8F7w4mr/IQOvCtIosnLo= github.com/snyk/snyk-iac-capture v0.6.5 h1:992DXCAJSN97KtUh8T5ndaWwd/6ZCal2bDkRXqM1u/E= github.com/snyk/snyk-iac-capture v0.6.5/go.mod h1:e47i55EmM0F69ZxyFHC4sCi7vyaJW6DLoaamJJCzWGk= -github.com/snyk/snyk-ls v0.0.0-20241009134219-56a46746f0be h1:QBKSlJktuoeTiXMt6IftT8Q4nehdaZPodl/bwhbD78I= -github.com/snyk/snyk-ls v0.0.0-20241009134219-56a46746f0be/go.mod h1:ymVHnn1JE/pqWhTHSQEz/1MP8FmYYfYFszaptaaI/PE= +github.com/snyk/snyk-ls v0.0.0-20241018081540-0c956c5aef5b h1:rrI6VwY4WfJ9iCIUx4j0Y9bsQu16IVjVbwvzu/srVV4= +github.com/snyk/snyk-ls v0.0.0-20241018081540-0c956c5aef5b/go.mod h1:ymVHnn1JE/pqWhTHSQEz/1MP8FmYYfYFszaptaaI/PE= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/sourcegraph/go-lsp v0.0.0-20240223163137-f80c5dd31dfd h1:Dq5WSzWsP1TbVi10zPWBI5LKEBDg4Y1OhWEph1wr5WQ= From 7798d13e072870462e77a72355d0bf1611c41bbb Mon Sep 17 00:00:00 2001 From: Luke Watts Date: Fri, 18 Oct 2024 16:45:40 +0200 Subject: [PATCH 09/15] fix(deps): address security vulnerability in snyk-php-plugin --- package-lock.json | 110 +++++++++++++++++++++++++++++++++++++++------- package.json | 2 +- 2 files changed, 94 insertions(+), 18 deletions(-) diff --git a/package-lock.json b/package-lock.json index 572b993ed4..9b9db4184c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -76,7 +76,7 @@ "snyk-nodejs-lockfile-parser": "1.58.10", "snyk-nodejs-plugin": "1.3.4", "snyk-nuget-plugin": "2.7.8", - "snyk-php-plugin": "1.9.2", + "snyk-php-plugin": "1.10.0", "snyk-policy": "^4.0.0", "snyk-python-plugin": "2.2.1", "snyk-resolve-deps": "4.8.0", @@ -21136,22 +21136,66 @@ } }, "node_modules/snyk-php-plugin": { - "version": "1.9.2", - "resolved": "https://registry.npmjs.org/snyk-php-plugin/-/snyk-php-plugin-1.9.2.tgz", - "integrity": "sha512-IQcdsQBqqXVRY5DatlI7ASy4flbhtU2V7cr4P2rK9rkFnVHO6LHcitwKXVZa9ocdOmpZDzk7U6iwHJkVFcR6OA==", + "version": "1.10.0", + "resolved": "https://registry.npmjs.org/snyk-php-plugin/-/snyk-php-plugin-1.10.0.tgz", + "integrity": "sha512-S3DgV/R2xQabG11WWsBp5DstW/jXP4L11yll2xp3laWIo8/Jey3hhsf0WNHqv33Uh7B7VN5dgg/eA8moKY57yw==", "dependencies": { "@snyk/cli-interface": "^2.9.1", "@snyk/composer-lockfile-parser": "^1.4.1", - "tslib": "1.11.1" + "@snyk/dep-graph": "^1.22.0", + "tslib": "1.14.1" }, "engines": { "node": ">=8" } }, - "node_modules/snyk-php-plugin/node_modules/tslib": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.11.1.tgz", - "integrity": "sha512-aZW88SY8kQbU7gpV19lN24LtXh/yD4ZZg6qieAJDDg+YBsJcSmLGK9QpnUjAKVG/xefmvJGd1WUmfpT/g6AJGA==" + "node_modules/snyk-php-plugin/node_modules/@snyk/dep-graph": { + "version": "1.31.0", + "resolved": "https://registry.npmjs.org/@snyk/dep-graph/-/dep-graph-1.31.0.tgz", + "integrity": "sha512-nGSua40dcI/ISDDW46EYSjwVZxdWohb4bDlHFYtudL5bxo0PV9wFA1QeZewKQVeHLVaGkrESXdqQubP0pFf4vA==", + "dependencies": { + "event-loop-spinner": "^2.1.0", + "lodash.clone": "^4.5.0", + "lodash.constant": "^3.0.0", + "lodash.filter": "^4.6.0", + "lodash.foreach": "^4.5.0", + "lodash.isempty": "^4.4.0", + "lodash.isequal": "^4.5.0", + "lodash.isfunction": "^3.0.9", + "lodash.isundefined": "^3.0.1", + "lodash.keys": "^4.2.0", + "lodash.map": "^4.6.0", + "lodash.reduce": "^4.6.0", + "lodash.size": "^4.2.0", + "lodash.transform": "^4.6.0", + "lodash.union": "^4.6.0", + "lodash.values": "^4.3.0", + "object-hash": "^2.0.3", + "semver": "^7.0.0", + "tslib": "^1.13.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/snyk-php-plugin/node_modules/object-hash": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", + "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==", + "engines": { + "node": ">= 6" + } + }, + "node_modules/snyk-php-plugin/node_modules/semver": { + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } }, "node_modules/snyk-poetry-lockfile-parser": { "version": "1.4.2", @@ -40361,19 +40405,51 @@ } }, "snyk-php-plugin": { - "version": "1.9.2", - "resolved": "https://registry.npmjs.org/snyk-php-plugin/-/snyk-php-plugin-1.9.2.tgz", - "integrity": "sha512-IQcdsQBqqXVRY5DatlI7ASy4flbhtU2V7cr4P2rK9rkFnVHO6LHcitwKXVZa9ocdOmpZDzk7U6iwHJkVFcR6OA==", + "version": "1.10.0", + "resolved": "https://registry.npmjs.org/snyk-php-plugin/-/snyk-php-plugin-1.10.0.tgz", + "integrity": "sha512-S3DgV/R2xQabG11WWsBp5DstW/jXP4L11yll2xp3laWIo8/Jey3hhsf0WNHqv33Uh7B7VN5dgg/eA8moKY57yw==", "requires": { "@snyk/cli-interface": "^2.9.1", "@snyk/composer-lockfile-parser": "^1.4.1", - "tslib": "1.11.1" + "@snyk/dep-graph": "^1.22.0", + "tslib": "1.14.1" }, "dependencies": { - "tslib": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.11.1.tgz", - "integrity": "sha512-aZW88SY8kQbU7gpV19lN24LtXh/yD4ZZg6qieAJDDg+YBsJcSmLGK9QpnUjAKVG/xefmvJGd1WUmfpT/g6AJGA==" + "@snyk/dep-graph": { + "version": "1.31.0", + "resolved": "https://registry.npmjs.org/@snyk/dep-graph/-/dep-graph-1.31.0.tgz", + "integrity": "sha512-nGSua40dcI/ISDDW46EYSjwVZxdWohb4bDlHFYtudL5bxo0PV9wFA1QeZewKQVeHLVaGkrESXdqQubP0pFf4vA==", + "requires": { + "event-loop-spinner": "^2.1.0", + "lodash.clone": "^4.5.0", + "lodash.constant": "^3.0.0", + "lodash.filter": "^4.6.0", + "lodash.foreach": "^4.5.0", + "lodash.isempty": "^4.4.0", + "lodash.isequal": "^4.5.0", + "lodash.isfunction": "^3.0.9", + "lodash.isundefined": "^3.0.1", + "lodash.keys": "^4.2.0", + "lodash.map": "^4.6.0", + "lodash.reduce": "^4.6.0", + "lodash.size": "^4.2.0", + "lodash.transform": "^4.6.0", + "lodash.union": "^4.6.0", + "lodash.values": "^4.3.0", + "object-hash": "^2.0.3", + "semver": "^7.0.0", + "tslib": "^1.13.0" + } + }, + "object-hash": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", + "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==" + }, + "semver": { + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==" } } }, diff --git a/package.json b/package.json index 9199a61f37..9247a7e33b 100644 --- a/package.json +++ b/package.json @@ -124,7 +124,7 @@ "snyk-nodejs-lockfile-parser": "1.58.10", "snyk-nodejs-plugin": "1.3.4", "snyk-nuget-plugin": "2.7.8", - "snyk-php-plugin": "1.9.2", + "snyk-php-plugin": "1.10.0", "snyk-policy": "^4.0.0", "snyk-python-plugin": "2.2.1", "snyk-resolve-deps": "4.8.0", From c614284b4f1f88c7b0784c6133aab630f57ea0a4 Mon Sep 17 00:00:00 2001 From: Luke Watts Date: Mon, 21 Oct 2024 14:59:59 +0200 Subject: [PATCH 10/15] fix(deps): address security vulnerability in snyk-gradle-plugin --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9b9db4184c..5d228578bc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -70,7 +70,7 @@ "snyk-cpp-plugin": "2.24.0", "snyk-docker-plugin": "6.13.2", "snyk-go-plugin": "1.23.0", - "snyk-gradle-plugin": "4.1.0", + "snyk-gradle-plugin": "4.6.0", "snyk-module": "3.1.0", "snyk-mvn-plugin": "3.6.0", "snyk-nodejs-lockfile-parser": "1.58.10", @@ -20536,9 +20536,9 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/snyk-gradle-plugin": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/snyk-gradle-plugin/-/snyk-gradle-plugin-4.1.0.tgz", - "integrity": "sha512-7b13PetdNbM9rFMMjmCfoRYiI9mqU9qmGeBvscnhWPVZ9TGBg8jgF54L/23++8VsGPhIAhX+IokqjVrD0+81ew==", + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/snyk-gradle-plugin/-/snyk-gradle-plugin-4.6.0.tgz", + "integrity": "sha512-Gt0m0jcpR16MxH3048BvYJnMKmJPoc6pJqvxI+WE8856yaE8EKOxrDGMhsSjAmJrJe1kzBXYysKog1xsWQ4E4g==", "dependencies": { "@snyk/cli-interface": "2.11.3", "@snyk/dep-graph": "^1.28.0", @@ -39922,9 +39922,9 @@ } }, "snyk-gradle-plugin": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/snyk-gradle-plugin/-/snyk-gradle-plugin-4.1.0.tgz", - "integrity": "sha512-7b13PetdNbM9rFMMjmCfoRYiI9mqU9qmGeBvscnhWPVZ9TGBg8jgF54L/23++8VsGPhIAhX+IokqjVrD0+81ew==", + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/snyk-gradle-plugin/-/snyk-gradle-plugin-4.6.0.tgz", + "integrity": "sha512-Gt0m0jcpR16MxH3048BvYJnMKmJPoc6pJqvxI+WE8856yaE8EKOxrDGMhsSjAmJrJe1kzBXYysKog1xsWQ4E4g==", "requires": { "@snyk/cli-interface": "2.11.3", "@snyk/dep-graph": "^1.28.0", diff --git a/package.json b/package.json index 9247a7e33b..33d48c275d 100644 --- a/package.json +++ b/package.json @@ -118,7 +118,7 @@ "snyk-cpp-plugin": "2.24.0", "snyk-docker-plugin": "6.13.2", "snyk-go-plugin": "1.23.0", - "snyk-gradle-plugin": "4.1.0", + "snyk-gradle-plugin": "4.6.0", "snyk-module": "3.1.0", "snyk-mvn-plugin": "3.6.0", "snyk-nodejs-lockfile-parser": "1.58.10", From d23d69fb91c71cd71e58ac7f008075d605671ca9 Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Wed, 23 Oct 2024 10:33:02 +0200 Subject: [PATCH 11/15] fix: update styles --- cliv2/go.mod | 2 +- cliv2/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cliv2/go.mod b/cliv2/go.mod index 9db7dacd64..1ec0e378af 100644 --- a/cliv2/go.mod +++ b/cliv2/go.mod @@ -20,7 +20,7 @@ require ( github.com/snyk/go-application-framework v0.0.0-20241009095349-dc0fb55f3eb3 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 github.com/snyk/snyk-iac-capture v0.6.5 - github.com/snyk/snyk-ls v0.0.0-20241018081540-0c956c5aef5b + github.com/snyk/snyk-ls v0.0.0-20241023081930-58542b73ae23 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 diff --git a/cliv2/go.sum b/cliv2/go.sum index 9d205a653b..36fd1e0b64 100644 --- a/cliv2/go.sum +++ b/cliv2/go.sum @@ -770,8 +770,8 @@ github.com/snyk/policy-engine v0.31.3 h1:FepCg6QN/X8uvxYjF+WwB2aiBPJB+NENDgKQeI/ github.com/snyk/policy-engine v0.31.3/go.mod h1:Z9/hcngz+2txX4QfQRwfODk8F7w4mr/IQOvCtIosnLo= github.com/snyk/snyk-iac-capture v0.6.5 h1:992DXCAJSN97KtUh8T5ndaWwd/6ZCal2bDkRXqM1u/E= github.com/snyk/snyk-iac-capture v0.6.5/go.mod h1:e47i55EmM0F69ZxyFHC4sCi7vyaJW6DLoaamJJCzWGk= -github.com/snyk/snyk-ls v0.0.0-20241018081540-0c956c5aef5b h1:rrI6VwY4WfJ9iCIUx4j0Y9bsQu16IVjVbwvzu/srVV4= -github.com/snyk/snyk-ls v0.0.0-20241018081540-0c956c5aef5b/go.mod h1:ymVHnn1JE/pqWhTHSQEz/1MP8FmYYfYFszaptaaI/PE= +github.com/snyk/snyk-ls v0.0.0-20241023081930-58542b73ae23 h1:Cyd+e6EXUEggfAWMDC9vesqNRfCTfiWvgfO+HVbQhd4= +github.com/snyk/snyk-ls v0.0.0-20241023081930-58542b73ae23/go.mod h1:ymVHnn1JE/pqWhTHSQEz/1MP8FmYYfYFszaptaaI/PE= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/sourcegraph/go-lsp v0.0.0-20240223163137-f80c5dd31dfd h1:Dq5WSzWsP1TbVi10zPWBI5LKEBDg4Y1OhWEph1wr5WQ= From 07a9f6bbde5ad7caf03d798c9330129c3ee34c0f Mon Sep 17 00:00:00 2001 From: Bastian Doetsch Date: Wed, 23 Oct 2024 14:44:34 +0200 Subject: [PATCH 12/15] fix: make scans run async --- cliv2/go.mod | 2 +- cliv2/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cliv2/go.mod b/cliv2/go.mod index 1ec0e378af..7a261b5062 100644 --- a/cliv2/go.mod +++ b/cliv2/go.mod @@ -20,7 +20,7 @@ require ( github.com/snyk/go-application-framework v0.0.0-20241009095349-dc0fb55f3eb3 github.com/snyk/go-httpauth v0.0.0-20240307114523-1f5ea3f55c65 github.com/snyk/snyk-iac-capture v0.6.5 - github.com/snyk/snyk-ls v0.0.0-20241023081930-58542b73ae23 + github.com/snyk/snyk-ls v0.0.0-20241023124225-627b73041471 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 diff --git a/cliv2/go.sum b/cliv2/go.sum index 36fd1e0b64..01c7c68eb1 100644 --- a/cliv2/go.sum +++ b/cliv2/go.sum @@ -770,8 +770,8 @@ github.com/snyk/policy-engine v0.31.3 h1:FepCg6QN/X8uvxYjF+WwB2aiBPJB+NENDgKQeI/ github.com/snyk/policy-engine v0.31.3/go.mod h1:Z9/hcngz+2txX4QfQRwfODk8F7w4mr/IQOvCtIosnLo= github.com/snyk/snyk-iac-capture v0.6.5 h1:992DXCAJSN97KtUh8T5ndaWwd/6ZCal2bDkRXqM1u/E= github.com/snyk/snyk-iac-capture v0.6.5/go.mod h1:e47i55EmM0F69ZxyFHC4sCi7vyaJW6DLoaamJJCzWGk= -github.com/snyk/snyk-ls v0.0.0-20241023081930-58542b73ae23 h1:Cyd+e6EXUEggfAWMDC9vesqNRfCTfiWvgfO+HVbQhd4= -github.com/snyk/snyk-ls v0.0.0-20241023081930-58542b73ae23/go.mod h1:ymVHnn1JE/pqWhTHSQEz/1MP8FmYYfYFszaptaaI/PE= +github.com/snyk/snyk-ls v0.0.0-20241023124225-627b73041471 h1:k2mJ+C7chUf+THMsgbUBFTxxMBNBeGEdz6NrMbZHt/o= +github.com/snyk/snyk-ls v0.0.0-20241023124225-627b73041471/go.mod h1:ymVHnn1JE/pqWhTHSQEz/1MP8FmYYfYFszaptaaI/PE= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/sourcegraph/go-lsp v0.0.0-20240223163137-f80c5dd31dfd h1:Dq5WSzWsP1TbVi10zPWBI5LKEBDg4Y1OhWEph1wr5WQ= From e024276f5f7c85acb5bcc5df89d17ff75f303bb5 Mon Sep 17 00:00:00 2001 From: Luke Watts Date: Wed, 23 Oct 2024 14:55:46 +0200 Subject: [PATCH 13/15] Revert "fix: respect default detection depth of 4" This reverts commit 45a74eaf68404a2c046fe11d73682a8b5750368f. --- src/lib/constants.ts | 3 - src/lib/find-files.ts | 47 ++-- src/lib/plugins/get-deps-from-plugin.ts | 3 +- src/lib/plugins/get-extra-project-count.ts | 3 - .../workspaces/mono-repo-nested/.gitignore | 2 - .../workspaces/mono-repo-nested/README.md | 5 - .../mono-repo-nested/level-1/level-2/Gemfile | 5 - .../level-1/level-2/Gemfile.lock | 19 -- .../level-1/level-2/level-3/level-4/Gemfile | 5 - .../level-2/level-3/level-4/Gemfile.lock | 19 -- .../level-3/level-4/level-5/level-6/Gemfile | 6 - .../level-4/level-5/level-6/Gemfile.lock | 71 ------ .../level-3/level-4/level-5/package-lock.json | 18 -- .../level-3/level-4/level-5/package.json | 14 -- .../level-1/level-2/level-3/package-lock.json | 18 -- .../level-1/level-2/level-3/package.json | 14 -- .../level-1/node_modules/node-uuid/README.md | 203 ------------------ .../node_modules/node-uuid/package.json | 56 ----- .../level-1/node_modules/qs/Readme.md | 38 ---- .../level-1/node_modules/qs/package.json | 40 ---- .../mono-repo-nested/level-1/package.json | 35 --- .../node_modules/node-uuid/README.md | 203 ------------------ .../node_modules/node-uuid/package.json | 56 ----- .../node_modules/qs/Readme.md | 38 ---- .../node_modules/qs/package.json | 40 ---- .../mono-repo-nested/package-lock.json | 18 -- .../workspaces/mono-repo-nested/package.json | 14 -- .../acceptance/snyk-test/all-projects.spec.ts | 42 ---- test/tap/find-files.test.ts | 24 --- 29 files changed, 22 insertions(+), 1037 deletions(-) delete mode 100644 test/acceptance/workspaces/mono-repo-nested/.gitignore delete mode 100644 test/acceptance/workspaces/mono-repo-nested/README.md delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/level-2/Gemfile delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/level-2/Gemfile.lock delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/Gemfile delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/Gemfile.lock delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/level-6/Gemfile delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/level-6/Gemfile.lock delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/package-lock.json delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/package.json delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/package-lock.json delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/package.json delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/node-uuid/README.md delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/node-uuid/package.json delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/qs/Readme.md delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/qs/package.json delete mode 100644 test/acceptance/workspaces/mono-repo-nested/level-1/package.json delete mode 100644 test/acceptance/workspaces/mono-repo-nested/node_modules/node-uuid/README.md delete mode 100644 test/acceptance/workspaces/mono-repo-nested/node_modules/node-uuid/package.json delete mode 100644 test/acceptance/workspaces/mono-repo-nested/node_modules/qs/Readme.md delete mode 100644 test/acceptance/workspaces/mono-repo-nested/node_modules/qs/package.json delete mode 100644 test/acceptance/workspaces/mono-repo-nested/package-lock.json delete mode 100644 test/acceptance/workspaces/mono-repo-nested/package.json diff --git a/src/lib/constants.ts b/src/lib/constants.ts index 61b2bd178e..c88460e4d2 100644 --- a/src/lib/constants.ts +++ b/src/lib/constants.ts @@ -10,6 +10,3 @@ export const CALL_PATH_LEADING_ELEMENTS = 2; // Number of function names to show in the end of an abbreviated call path export const CALL_PATH_TRAILING_ELEMENTS = 2; - -// Number of subdirectories to search when running monitor or test -export const MAX_DETECTION_DEPTH = 4; diff --git a/src/lib/find-files.ts b/src/lib/find-files.ts index f841d34547..5da2328277 100644 --- a/src/lib/find-files.ts +++ b/src/lib/find-files.ts @@ -3,14 +3,13 @@ import * as pathLib from 'path'; import * as sortBy from 'lodash.sortby'; import * as groupBy from 'lodash.groupby'; +import * as assign from 'lodash.assign'; import { detectPackageManagerFromFile } from './detect'; import * as debugModule from 'debug'; import { PNPM_FEATURE_FLAG, SUPPORTED_MANIFEST_FILES, } from './package-managers'; -import * as merge from 'lodash.merge'; -import { MAX_DETECTION_DEPTH } from './constants'; const debug = debugModule('snyk:find-files'); @@ -56,12 +55,28 @@ interface FindFilesRes { const ignoreFolders = ['node_modules', '.build']; interface FindFilesConfig { + path: string; + ignore?: string[]; + filter?: string[]; + levelsDeep?: number; + featureFlags?: Set; +} + +type DefaultFindConfig = { path: string; ignore: string[]; filter: string[]; levelsDeep: number; featureFlags: Set; -} +}; + +const defaultFindConfig: DefaultFindConfig = { + path: '', + ignore: [], + filter: [], + levelsDeep: 4, + featureFlags: new Set(), +}; /** * Find all files in given search path. Returns paths to files found. @@ -71,10 +86,8 @@ interface FindFilesConfig { * @param filter (optional) file names to find. If not provided all files are returned. * @param levelsDeep (optional) how many levels deep to search, defaults to two, this path and one sub directory. */ -export async function find( - findConfig: Partial, -): Promise { - const config = getFindConfig(findConfig); +export async function find(findConfig: FindFilesConfig): Promise { + const config: DefaultFindConfig = assign({}, defaultFindConfig, findConfig); const found: string[] = []; const foundAll: string[] = []; @@ -139,28 +152,10 @@ function findFile(path: string, filter: string[] = []): string | null { return null; } -function getFindConfig(option: Partial): FindFilesConfig { - const result = merge( - { - path: '', - ignore: [], - filter: [], - levelsDeep: MAX_DETECTION_DEPTH, - featureFlags: new Set(), - }, - option, - ); - - if (isNaN(result.levelsDeep) || result.levelsDeep === null) { - result.levelsDeep = MAX_DETECTION_DEPTH; - } - return result; -} - async function findInDirectory( findConfig: FindFilesConfig, ): Promise { - const config = getFindConfig(findConfig); + const config: DefaultFindConfig = assign({}, defaultFindConfig, findConfig); const files = await readDirectory(config.path); const toFind = files .filter((file) => !config.ignore.includes(file)) diff --git a/src/lib/plugins/get-deps-from-plugin.ts b/src/lib/plugins/get-deps-from-plugin.ts index 718e7fd430..13c4039a27 100644 --- a/src/lib/plugins/get-deps-from-plugin.ts +++ b/src/lib/plugins/get-deps-from-plugin.ts @@ -21,7 +21,6 @@ import { convertSingleResultToMultiCustom } from './convert-single-splugin-res-t import { convertMultiResultToMultiCustom } from './convert-multi-plugin-res-to-multi-custom'; import { processYarnWorkspaces } from './nodejs-plugin/yarn-workspaces-parser'; import { ScannedProject } from '@snyk/cli-interface/legacy/common'; -import { MAX_DETECTION_DEPTH } from '../constants'; const debug = debugModule('snyk-test'); @@ -44,7 +43,7 @@ export async function getDepsFromPlugin( ): Promise { if (Object.keys(multiProjectProcessors).some((key) => options[key])) { const scanType = options.yarnWorkspaces ? 'yarnWorkspaces' : 'allProjects'; - const levelsDeep = options.detectionDepth || MAX_DETECTION_DEPTH; + const levelsDeep = options.detectionDepth; const ignore = options.exclude ? options.exclude.split(',') : []; const { files: targetFiles, allFilesFound } = await find({ diff --git a/src/lib/plugins/get-extra-project-count.ts b/src/lib/plugins/get-extra-project-count.ts index c6d3ffca28..a923d9f83c 100644 --- a/src/lib/plugins/get-extra-project-count.ts +++ b/src/lib/plugins/get-extra-project-count.ts @@ -2,7 +2,6 @@ import { legacyPlugin as pluginApi } from '@snyk/cli-interface'; import { find } from '../find-files'; import { AUTO_DETECTABLE_FILES } from '../detect'; import { Options } from '../types'; -import { MAX_DETECTION_DEPTH } from '../constants'; export async function getExtraProjectCount( root: string, @@ -24,8 +23,6 @@ export async function getExtraProjectCount( path: root, ignore: [], filter: AUTO_DETECTABLE_FILES, - levelsDeep: MAX_DETECTION_DEPTH, - featureFlags: new Set(), }); const foundProjectsCount = extraTargetFiles.length > 1 ? extraTargetFiles.length - 1 : undefined; diff --git a/test/acceptance/workspaces/mono-repo-nested/.gitignore b/test/acceptance/workspaces/mono-repo-nested/.gitignore deleted file mode 100644 index 9c108a1068..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -target -project/target diff --git a/test/acceptance/workspaces/mono-repo-nested/README.md b/test/acceptance/workspaces/mono-repo-nested/README.md deleted file mode 100644 index 4290b5add4..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Simple Monorepo - -This repository contains a number of different projects, both at the root and in directories. - -It is used as a simple test fixture for monorepo and multi-language support on [Snyk.io](https://snyk.io). As such, each "project" is merely the files needed to describe dependencies. diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/Gemfile b/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/Gemfile deleted file mode 100644 index 8827060912..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/Gemfile +++ /dev/null @@ -1,5 +0,0 @@ -source "https://rubygems.org" - -gem "rack-cache", "~> 1.1.0" -gem "rack", "~> 1.6.2" -gem "rack-protection", "~> 1.5.0" diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/Gemfile.lock b/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/Gemfile.lock deleted file mode 100644 index f8cd4503f8..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/Gemfile.lock +++ /dev/null @@ -1,19 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - rack (1.6.5) - rack-cache (1.1) - rack (>= 0.4) - rack-protection (1.5.3) - rack - -PLATFORMS - ruby - -DEPENDENCIES - rack (~> 1.6.2) - rack-cache (~> 1.1.0) - rack-protection (~> 1.5.0) - -BUNDLED WITH - 1.14.3 diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/Gemfile b/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/Gemfile deleted file mode 100644 index 8827060912..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/Gemfile +++ /dev/null @@ -1,5 +0,0 @@ -source "https://rubygems.org" - -gem "rack-cache", "~> 1.1.0" -gem "rack", "~> 1.6.2" -gem "rack-protection", "~> 1.5.0" diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/Gemfile.lock b/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/Gemfile.lock deleted file mode 100644 index f8cd4503f8..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/Gemfile.lock +++ /dev/null @@ -1,19 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - rack (1.6.5) - rack-cache (1.1) - rack (>= 0.4) - rack-protection (1.5.3) - rack - -PLATFORMS - ruby - -DEPENDENCIES - rack (~> 1.6.2) - rack-cache (~> 1.1.0) - rack-protection (~> 1.5.0) - -BUNDLED WITH - 1.14.3 diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/level-6/Gemfile b/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/level-6/Gemfile deleted file mode 100644 index eaaf55a49f..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/level-6/Gemfile +++ /dev/null @@ -1,6 +0,0 @@ -source :rubygems - -gem "sinatra" -gem "haml" -gem "httparty" -gem "actionpack" diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/level-6/Gemfile.lock b/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/level-6/Gemfile.lock deleted file mode 100644 index c204545ac4..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/level-6/Gemfile.lock +++ /dev/null @@ -1,71 +0,0 @@ -GEM - remote: http://rubygems.org/ - specs: - actionpack (4.2.5) - actionview (= 4.2.5) - activesupport (= 4.2.5) - rack (~> 1.6) - rack-test (~> 0.6.2) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (4.2.5) - activesupport (= 4.2.5) - builder (~> 3.1) - erubis (~> 2.7.0) - rails-dom-testing (~> 1.0, >= 1.0.5) - rails-html-sanitizer (~> 1.0, >= 1.0.2) - activesupport (4.2.5) - i18n (~> 0.7) - json (~> 1.7, >= 1.7.7) - minitest (~> 5.1) - thread_safe (~> 0.3, >= 0.3.4) - tzinfo (~> 1.1) - builder (3.2.2) - erubis (2.7.0) - haml (3.1.4) - httparty (0.8.1) - multi_json - multi_xml - i18n (0.7.0) - json (1.8.3) - loofah (2.0.3) - nokogiri (>= 1.5.9) - mini_portile2 (2.1.0) - minitest (5.9.1) - multi_json (1.12.1) - multi_xml (0.5.5) - nokogiri (1.6.8.1) - mini_portile2 (~> 2.1.0) - rack (1.6.4) - rack-protection (1.5.3) - rack - rack-test (0.6.3) - rack (>= 1.0) - rails-deprecated_sanitizer (1.0.3) - activesupport (>= 4.2.0.alpha) - rails-dom-testing (1.0.7) - activesupport (>= 4.2.0.beta, < 5.0) - nokogiri (~> 1.6.0) - rails-deprecated_sanitizer (>= 1.0.1) - rails-html-sanitizer (1.0.3) - loofah (~> 2.0) - sinatra (1.3.2) - rack (~> 1.3, >= 1.3.6) - rack-protection (~> 1.2) - tilt (~> 1.3, >= 1.3.3) - thread_safe (0.3.5) - tilt (1.4.1) - tzinfo (1.2.2) - thread_safe (~> 0.1) - -PLATFORMS - ruby - -DEPENDENCIES - actionpack - haml - httparty - sinatra - -BUNDLED WITH - 1.13.2 diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/package-lock.json b/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/package-lock.json deleted file mode 100644 index fce7bf7f28..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/package-lock.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "shallow-goof", - "version": "0.0.1", - "lockfileVersion": 1, - "requires": true, - "dependencies": { - "node-uuid": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.0.tgz", - "integrity": "sha1-B/myM3Vy/2J1x3Xh1IUT86RdemU=" - }, - "qs": { - "version": "0.0.6", - "resolved": "https://registry.npmjs.org/qs/-/qs-0.0.6.tgz", - "integrity": "sha1-SBZZt+W/al6omAEN5a7TXrRp4SQ=" - } - } -} diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/package.json b/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/package.json deleted file mode 100644 index 4b2ecd8d3d..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/level-4/level-5/package.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "name": "shallow-goof", - "version": "0.0.1", - "description": "A vulnerable demo application", - "homepage": "https://snyk.io/", - "repository": { - "type": "git", - "url": "https://github.com/Snyk/shallow-goof" - }, - "dependencies": { - "qs": "0.0.6", - "node-uuid": "1.4.0" - } -} diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/package-lock.json b/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/package-lock.json deleted file mode 100644 index fce7bf7f28..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/package-lock.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "shallow-goof", - "version": "0.0.1", - "lockfileVersion": 1, - "requires": true, - "dependencies": { - "node-uuid": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.0.tgz", - "integrity": "sha1-B/myM3Vy/2J1x3Xh1IUT86RdemU=" - }, - "qs": { - "version": "0.0.6", - "resolved": "https://registry.npmjs.org/qs/-/qs-0.0.6.tgz", - "integrity": "sha1-SBZZt+W/al6omAEN5a7TXrRp4SQ=" - } - } -} diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/package.json b/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/package.json deleted file mode 100644 index 4b2ecd8d3d..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/level-2/level-3/package.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "name": "shallow-goof", - "version": "0.0.1", - "description": "A vulnerable demo application", - "homepage": "https://snyk.io/", - "repository": { - "type": "git", - "url": "https://github.com/Snyk/shallow-goof" - }, - "dependencies": { - "qs": "0.0.6", - "node-uuid": "1.4.0" - } -} diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/node-uuid/README.md b/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/node-uuid/README.md deleted file mode 100644 index d62f7a14d4..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/node-uuid/README.md +++ /dev/null @@ -1,203 +0,0 @@ -# node-uuid - -Simple, fast generation of [RFC4122](http://www.ietf.org/rfc/rfc4122.txt) UUIDS. - -Features: - -* Generate RFC4122 version 1 or version 4 UUIDs -* Runs in node.js and all browsers. -* Cryptographically strong random # generation on supporting platforms -* 1.1K minified and gzip'ed (Want something smaller? Check this [crazy shit](https://gist.github.com/982883) out! ) -* [Annotated source code](http://broofa.github.com/node-uuid/docs/uuid.html) - -## Getting Started - -Install it in your browser: - -```html - -``` - -Or in node.js: - -``` -npm install node-uuid -``` - -```javascript -var uuid = require('node-uuid'); -``` - -Then create some ids ... - -```javascript -// Generate a v1 (time-based) id -uuid.v1(); // -> '6c84fb90-12c4-11e1-840d-7b25c5ee775a' - -// Generate a v4 (random) id -uuid.v4(); // -> '110ec58a-a0f2-4ac4-8393-c866d813b8d1' -``` - -## API - -### uuid.v1([`options` [, `buffer` [, `offset`]]]) - -Generate and return a RFC4122 v1 (timestamp-based) UUID. - -* `options` - (Object) Optional uuid state to apply. Properties may include: - - * `node` - (Array) Node id as Array of 6 bytes (per 4.1.6). Default: Randomly generated ID. See note 1. - * `clockseq` - (Number between 0 - 0x3fff) RFC clock sequence. Default: An internally maintained clockseq is used. - * `msecs` - (Number | Date) Time in milliseconds since unix Epoch. Default: The current time is used. - * `nsecs` - (Number between 0-9999) additional time, in 100-nanosecond units. Ignored if `msecs` is unspecified. Default: internal uuid counter is used, as per 4.2.1.2. - -* `buffer` - (Array | Buffer) Array or buffer where UUID bytes are to be written. -* `offset` - (Number) Starting index in `buffer` at which to begin writing. - -Returns `buffer`, if specified, otherwise the string form of the UUID - -Notes: - -1. The randomly generated node id is only guaranteed to stay constant for the lifetime of the current JS runtime. (Future versions of this module may use persistent storage mechanisms to extend this guarantee.) - -Example: Generate string UUID with fully-specified options - -```javascript -uuid.v1({ - node: [0x01, 0x23, 0x45, 0x67, 0x89, 0xab], - clockseq: 0x1234, - msecs: new Date('2011-11-01').getTime(), - nsecs: 5678 -}); // -> "710b962e-041c-11e1-9234-0123456789ab" -``` - -Example: In-place generation of two binary IDs - -```javascript -// Generate two ids in an array -var arr = new Array(32); // -> [] -uuid.v1(null, arr, 0); // -> [02 a2 ce 90 14 32 11 e1 85 58 0b 48 8e 4f c1 15] -uuid.v1(null, arr, 16); // -> [02 a2 ce 90 14 32 11 e1 85 58 0b 48 8e 4f c1 15 02 a3 1c b0 14 32 11 e1 85 58 0b 48 8e 4f c1 15] - -// Optionally use uuid.unparse() to get stringify the ids -uuid.unparse(buffer); // -> '02a2ce90-1432-11e1-8558-0b488e4fc115' -uuid.unparse(buffer, 16) // -> '02a31cb0-1432-11e1-8558-0b488e4fc115' -``` - -### uuid.v4([`options` [, `buffer` [, `offset`]]]) - -Generate and return a RFC4122 v4 UUID. - -* `options` - (Object) Optional uuid state to apply. Properties may include: - - * `random` - (Number[16]) Array of 16 numbers (0-255) to use in place of randomly generated values - * `rng` - (Function) Random # generator to use. Set to one of the built-in generators - `uuid.mathRNG` (all platforms), `uuid.nodeRNG` (node.js only), `uuid.whatwgRNG` (WebKit only) - or a custom function that returns an array[16] of byte values. - -* `buffer` - (Array | Buffer) Array or buffer where UUID bytes are to be written. -* `offset` - (Number) Starting index in `buffer` at which to begin writing. - -Returns `buffer`, if specified, otherwise the string form of the UUID - -Example: Generate string UUID with fully-specified options - -```javascript -uuid.v4({ - random: [ - 0x10, 0x91, 0x56, 0xbe, 0xc4, 0xfb, 0xc1, 0xea, - 0x71, 0xb4, 0xef, 0xe1, 0x67, 0x1c, 0x58, 0x36 - ] -}); -// -> "109156be-c4fb-41ea-b1b4-efe1671c5836" -``` - -Example: Generate two IDs in a single buffer - -```javascript -var buffer = new Array(32); // (or 'new Buffer' in node.js) -uuid.v4(null, buffer, 0); -uuid.v4(null, buffer, 16); -``` - -### uuid.parse(id[, buffer[, offset]]) -### uuid.unparse(buffer[, offset]) - -Parse and unparse UUIDs - - * `id` - (String) UUID(-like) string - * `buffer` - (Array | Buffer) Array or buffer where UUID bytes are to be written. Default: A new Array or Buffer is used - * `offset` - (Number) Starting index in `buffer` at which to begin writing. Default: 0 - -Example parsing and unparsing a UUID string - -```javascript -var bytes = uuid.parse('797ff043-11eb-11e1-80d6-510998755d10'); // -> -var string = uuid.unparse(bytes); // -> '797ff043-11eb-11e1-80d6-510998755d10' -``` - -### uuid.noConflict() - -(Browsers only) Set `uuid` property back to it's previous value. - -Returns the node-uuid object. - -Example: - -```javascript -var myUuid = uuid.noConflict(); -myUuid.v1(); // -> '6c84fb90-12c4-11e1-840d-7b25c5ee775a' -``` - -## Deprecated APIs - -Support for the following v1.2 APIs is available in v1.3, but is deprecated and will be removed in the next major version. - -### uuid([format [, buffer [, offset]]]) - -uuid() has become uuid.v4(), and the `format` argument is now implicit in the `buffer` argument. (i.e. if you specify a buffer, the format is assumed to be binary). - -### uuid.BufferClass - -The class of container created when generating binary uuid data if no buffer argument is specified. This is expected to go away, with no replacement API. - -## Testing - -In node.js - -``` -> cd test -> node test.js -``` - -In Browser - -``` -open test/test.html -``` - -### Benchmarking - -Requires node.js - -``` -npm install uuid uuid-js -node benchmark/benchmark.js -``` - -For a more complete discussion of node-uuid performance, please see the `benchmark/README.md` file, and the [benchmark wiki](https://github.com/broofa/node-uuid/wiki/Benchmark) - -For browser performance [checkout the JSPerf tests](http://jsperf.com/node-uuid-performance). - -## Release notes - -v1.4 -* Improved module context detection -* Removed public RNG functions - -v1.3.2: -* Improve tests and handling of v1() options (Issue #24) -* Expose RNG option to allow for perf testing with different generators - -v1.3: -* Support for version 1 ids, thanks to [@ctavan](https://github.com/ctavan)! -* Support for node.js crypto API -* De-emphasizing performance in favor of a) cryptographic quality PRNGs where available and b) more manageable code diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/node-uuid/package.json b/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/node-uuid/package.json deleted file mode 100644 index fc6297d963..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/node-uuid/package.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "_from": "node-uuid@1.4.0", - "_id": "node-uuid@1.4.0", - "_inBundle": false, - "_integrity": "sha1-B/myM3Vy/2J1x3Xh1IUT86RdemU=", - "_location": "/node-uuid", - "_phantomChildren": {}, - "_requested": { - "type": "version", - "registry": true, - "raw": "node-uuid@1.4.0", - "name": "node-uuid", - "escapedName": "node-uuid", - "rawSpec": "1.4.0", - "saveSpec": null, - "fetchSpec": "1.4.0" - }, - "_requiredBy": [ - "/" - ], - "_resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.0.tgz", - "_shasum": "07f9b2337572ff6275c775e1d48513f3a45d7a65", - "_spec": "node-uuid@1.4.0", - "_where": "/Users/orsagie/snyk-fixtures/monorepo-simple", - "author": { - "name": "Robert Kieffer", - "email": "robert@broofa.com" - }, - "bugs": { - "url": "https://github.com/broofa/node-uuid/issues" - }, - "bundleDependencies": false, - "contributors": [ - { - "name": "Christoph Tavan", - "email": "dev@tavan.de" - } - ], - "deprecated": "Use uuid module instead", - "description": "Rigorous implementation of RFC4122 (v1 and v4) UUIDs.", - "homepage": "https://github.com/broofa/node-uuid#readme", - "keywords": [ - "uuid", - "guid", - "rfc4122" - ], - "lib": ".", - "main": "./uuid.js", - "name": "node-uuid", - "repository": { - "type": "git", - "url": "git+https://github.com/broofa/node-uuid.git" - }, - "url": "http://github.com/broofa/node-uuid", - "version": "1.4.0" -} diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/qs/Readme.md b/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/qs/Readme.md deleted file mode 100644 index 78cbe24bd4..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/qs/Readme.md +++ /dev/null @@ -1,38 +0,0 @@ - -# node-querystring - - query string parser for node supporting nesting, as it was removed from `0.3.x`, so this library provides the previous and commonly desired behaviour (and twice as fast). Used by [express](http://expressjs.com), [connect](http://senchalabs.github.com/connect) and others. - -## Installation - - $ npm install qs - -## Examples - - require('querystring').parse('user[name][first]=tj&user[email]=tj'); - // => { user: { name: { first: 'tj' }}} - -## License - -(The MIT License) - -Copyright (c) 2010 TJ Holowaychuk <tj@vision-media.ca> - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -'Software'), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/qs/package.json b/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/qs/package.json deleted file mode 100644 index a03148ff13..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/node_modules/qs/package.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "_from": "qs@0.0.6", - "_id": "qs@0.0.6", - "_inBundle": false, - "_integrity": "sha1-SBZZt+W/al6omAEN5a7TXrRp4SQ=", - "_location": "/qs", - "_phantomChildren": {}, - "_requested": { - "type": "version", - "registry": true, - "raw": "qs@0.0.6", - "name": "qs", - "escapedName": "qs", - "rawSpec": "0.0.6", - "saveSpec": null, - "fetchSpec": "0.0.6" - }, - "_requiredBy": [ - "/" - ], - "_resolved": "https://registry.npmjs.org/qs/-/qs-0.0.6.tgz", - "_shasum": "481659b7e5bf6a5ea898010de5aed35eb469e124", - "_spec": "qs@0.0.6", - "_where": "/Users/orsagie/snyk-fixtures/monorepo-simple", - "author": { - "name": "TJ Holowaychuk", - "email": "tj@vision-media.ca", - "url": "http://tjholowaychuk.com" - }, - "bundleDependencies": false, - "deprecated": false, - "description": "querystring parser", - "engines": { - "node": "*" - }, - "main": "index", - "name": "qs", - "repository": {}, - "version": "0.0.6" -} diff --git a/test/acceptance/workspaces/mono-repo-nested/level-1/package.json b/test/acceptance/workspaces/mono-repo-nested/level-1/package.json deleted file mode 100644 index 5211b26c8e..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/level-1/package.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "goof", - "version": "0.0.3", - "description": "A vulnerable todo demo application", - "homepage": "https://snyk.io/", - "repository": { - "type": "git", - "url": "https://github.com/Snyk/snyk-todo-list-demo-app/" - }, - "scripts": { - "start": "node app.js", - "cleanup": "mongo express-todo --eval 'db.todos.remove({});'" - }, - "dependencies": { - "body-parser": "1.9.0", - "cookie-parser": "1.3.3", - "ejs": "1.0.0", - "ejs-locals": "1.0.2", - "errorhandler": "1.2.0", - "express": "4.12.4", - "express-fileupload": "0.0.5", - "humanize-ms": "1.0.1", - "marked": "0.3.5", - "method-override": "latest", - "moment": "2.15.1", - "mongoose": "4.2.4", - "morgan": "latest", - "ms": "^0.7.1", - "npmconf": "0.0.24", - "optional": "^0.1.3", - "st": "0.2.4", - "stream-buffers": "^3.0.1", - "tap": "^5.7.0" - } -} diff --git a/test/acceptance/workspaces/mono-repo-nested/node_modules/node-uuid/README.md b/test/acceptance/workspaces/mono-repo-nested/node_modules/node-uuid/README.md deleted file mode 100644 index d62f7a14d4..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/node_modules/node-uuid/README.md +++ /dev/null @@ -1,203 +0,0 @@ -# node-uuid - -Simple, fast generation of [RFC4122](http://www.ietf.org/rfc/rfc4122.txt) UUIDS. - -Features: - -* Generate RFC4122 version 1 or version 4 UUIDs -* Runs in node.js and all browsers. -* Cryptographically strong random # generation on supporting platforms -* 1.1K minified and gzip'ed (Want something smaller? Check this [crazy shit](https://gist.github.com/982883) out! ) -* [Annotated source code](http://broofa.github.com/node-uuid/docs/uuid.html) - -## Getting Started - -Install it in your browser: - -```html - -``` - -Or in node.js: - -``` -npm install node-uuid -``` - -```javascript -var uuid = require('node-uuid'); -``` - -Then create some ids ... - -```javascript -// Generate a v1 (time-based) id -uuid.v1(); // -> '6c84fb90-12c4-11e1-840d-7b25c5ee775a' - -// Generate a v4 (random) id -uuid.v4(); // -> '110ec58a-a0f2-4ac4-8393-c866d813b8d1' -``` - -## API - -### uuid.v1([`options` [, `buffer` [, `offset`]]]) - -Generate and return a RFC4122 v1 (timestamp-based) UUID. - -* `options` - (Object) Optional uuid state to apply. Properties may include: - - * `node` - (Array) Node id as Array of 6 bytes (per 4.1.6). Default: Randomly generated ID. See note 1. - * `clockseq` - (Number between 0 - 0x3fff) RFC clock sequence. Default: An internally maintained clockseq is used. - * `msecs` - (Number | Date) Time in milliseconds since unix Epoch. Default: The current time is used. - * `nsecs` - (Number between 0-9999) additional time, in 100-nanosecond units. Ignored if `msecs` is unspecified. Default: internal uuid counter is used, as per 4.2.1.2. - -* `buffer` - (Array | Buffer) Array or buffer where UUID bytes are to be written. -* `offset` - (Number) Starting index in `buffer` at which to begin writing. - -Returns `buffer`, if specified, otherwise the string form of the UUID - -Notes: - -1. The randomly generated node id is only guaranteed to stay constant for the lifetime of the current JS runtime. (Future versions of this module may use persistent storage mechanisms to extend this guarantee.) - -Example: Generate string UUID with fully-specified options - -```javascript -uuid.v1({ - node: [0x01, 0x23, 0x45, 0x67, 0x89, 0xab], - clockseq: 0x1234, - msecs: new Date('2011-11-01').getTime(), - nsecs: 5678 -}); // -> "710b962e-041c-11e1-9234-0123456789ab" -``` - -Example: In-place generation of two binary IDs - -```javascript -// Generate two ids in an array -var arr = new Array(32); // -> [] -uuid.v1(null, arr, 0); // -> [02 a2 ce 90 14 32 11 e1 85 58 0b 48 8e 4f c1 15] -uuid.v1(null, arr, 16); // -> [02 a2 ce 90 14 32 11 e1 85 58 0b 48 8e 4f c1 15 02 a3 1c b0 14 32 11 e1 85 58 0b 48 8e 4f c1 15] - -// Optionally use uuid.unparse() to get stringify the ids -uuid.unparse(buffer); // -> '02a2ce90-1432-11e1-8558-0b488e4fc115' -uuid.unparse(buffer, 16) // -> '02a31cb0-1432-11e1-8558-0b488e4fc115' -``` - -### uuid.v4([`options` [, `buffer` [, `offset`]]]) - -Generate and return a RFC4122 v4 UUID. - -* `options` - (Object) Optional uuid state to apply. Properties may include: - - * `random` - (Number[16]) Array of 16 numbers (0-255) to use in place of randomly generated values - * `rng` - (Function) Random # generator to use. Set to one of the built-in generators - `uuid.mathRNG` (all platforms), `uuid.nodeRNG` (node.js only), `uuid.whatwgRNG` (WebKit only) - or a custom function that returns an array[16] of byte values. - -* `buffer` - (Array | Buffer) Array or buffer where UUID bytes are to be written. -* `offset` - (Number) Starting index in `buffer` at which to begin writing. - -Returns `buffer`, if specified, otherwise the string form of the UUID - -Example: Generate string UUID with fully-specified options - -```javascript -uuid.v4({ - random: [ - 0x10, 0x91, 0x56, 0xbe, 0xc4, 0xfb, 0xc1, 0xea, - 0x71, 0xb4, 0xef, 0xe1, 0x67, 0x1c, 0x58, 0x36 - ] -}); -// -> "109156be-c4fb-41ea-b1b4-efe1671c5836" -``` - -Example: Generate two IDs in a single buffer - -```javascript -var buffer = new Array(32); // (or 'new Buffer' in node.js) -uuid.v4(null, buffer, 0); -uuid.v4(null, buffer, 16); -``` - -### uuid.parse(id[, buffer[, offset]]) -### uuid.unparse(buffer[, offset]) - -Parse and unparse UUIDs - - * `id` - (String) UUID(-like) string - * `buffer` - (Array | Buffer) Array or buffer where UUID bytes are to be written. Default: A new Array or Buffer is used - * `offset` - (Number) Starting index in `buffer` at which to begin writing. Default: 0 - -Example parsing and unparsing a UUID string - -```javascript -var bytes = uuid.parse('797ff043-11eb-11e1-80d6-510998755d10'); // -> -var string = uuid.unparse(bytes); // -> '797ff043-11eb-11e1-80d6-510998755d10' -``` - -### uuid.noConflict() - -(Browsers only) Set `uuid` property back to it's previous value. - -Returns the node-uuid object. - -Example: - -```javascript -var myUuid = uuid.noConflict(); -myUuid.v1(); // -> '6c84fb90-12c4-11e1-840d-7b25c5ee775a' -``` - -## Deprecated APIs - -Support for the following v1.2 APIs is available in v1.3, but is deprecated and will be removed in the next major version. - -### uuid([format [, buffer [, offset]]]) - -uuid() has become uuid.v4(), and the `format` argument is now implicit in the `buffer` argument. (i.e. if you specify a buffer, the format is assumed to be binary). - -### uuid.BufferClass - -The class of container created when generating binary uuid data if no buffer argument is specified. This is expected to go away, with no replacement API. - -## Testing - -In node.js - -``` -> cd test -> node test.js -``` - -In Browser - -``` -open test/test.html -``` - -### Benchmarking - -Requires node.js - -``` -npm install uuid uuid-js -node benchmark/benchmark.js -``` - -For a more complete discussion of node-uuid performance, please see the `benchmark/README.md` file, and the [benchmark wiki](https://github.com/broofa/node-uuid/wiki/Benchmark) - -For browser performance [checkout the JSPerf tests](http://jsperf.com/node-uuid-performance). - -## Release notes - -v1.4 -* Improved module context detection -* Removed public RNG functions - -v1.3.2: -* Improve tests and handling of v1() options (Issue #24) -* Expose RNG option to allow for perf testing with different generators - -v1.3: -* Support for version 1 ids, thanks to [@ctavan](https://github.com/ctavan)! -* Support for node.js crypto API -* De-emphasizing performance in favor of a) cryptographic quality PRNGs where available and b) more manageable code diff --git a/test/acceptance/workspaces/mono-repo-nested/node_modules/node-uuid/package.json b/test/acceptance/workspaces/mono-repo-nested/node_modules/node-uuid/package.json deleted file mode 100644 index fc6297d963..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/node_modules/node-uuid/package.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "_from": "node-uuid@1.4.0", - "_id": "node-uuid@1.4.0", - "_inBundle": false, - "_integrity": "sha1-B/myM3Vy/2J1x3Xh1IUT86RdemU=", - "_location": "/node-uuid", - "_phantomChildren": {}, - "_requested": { - "type": "version", - "registry": true, - "raw": "node-uuid@1.4.0", - "name": "node-uuid", - "escapedName": "node-uuid", - "rawSpec": "1.4.0", - "saveSpec": null, - "fetchSpec": "1.4.0" - }, - "_requiredBy": [ - "/" - ], - "_resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.0.tgz", - "_shasum": "07f9b2337572ff6275c775e1d48513f3a45d7a65", - "_spec": "node-uuid@1.4.0", - "_where": "/Users/orsagie/snyk-fixtures/monorepo-simple", - "author": { - "name": "Robert Kieffer", - "email": "robert@broofa.com" - }, - "bugs": { - "url": "https://github.com/broofa/node-uuid/issues" - }, - "bundleDependencies": false, - "contributors": [ - { - "name": "Christoph Tavan", - "email": "dev@tavan.de" - } - ], - "deprecated": "Use uuid module instead", - "description": "Rigorous implementation of RFC4122 (v1 and v4) UUIDs.", - "homepage": "https://github.com/broofa/node-uuid#readme", - "keywords": [ - "uuid", - "guid", - "rfc4122" - ], - "lib": ".", - "main": "./uuid.js", - "name": "node-uuid", - "repository": { - "type": "git", - "url": "git+https://github.com/broofa/node-uuid.git" - }, - "url": "http://github.com/broofa/node-uuid", - "version": "1.4.0" -} diff --git a/test/acceptance/workspaces/mono-repo-nested/node_modules/qs/Readme.md b/test/acceptance/workspaces/mono-repo-nested/node_modules/qs/Readme.md deleted file mode 100644 index 78cbe24bd4..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/node_modules/qs/Readme.md +++ /dev/null @@ -1,38 +0,0 @@ - -# node-querystring - - query string parser for node supporting nesting, as it was removed from `0.3.x`, so this library provides the previous and commonly desired behaviour (and twice as fast). Used by [express](http://expressjs.com), [connect](http://senchalabs.github.com/connect) and others. - -## Installation - - $ npm install qs - -## Examples - - require('querystring').parse('user[name][first]=tj&user[email]=tj'); - // => { user: { name: { first: 'tj' }}} - -## License - -(The MIT License) - -Copyright (c) 2010 TJ Holowaychuk <tj@vision-media.ca> - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -'Software'), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/test/acceptance/workspaces/mono-repo-nested/node_modules/qs/package.json b/test/acceptance/workspaces/mono-repo-nested/node_modules/qs/package.json deleted file mode 100644 index a03148ff13..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/node_modules/qs/package.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "_from": "qs@0.0.6", - "_id": "qs@0.0.6", - "_inBundle": false, - "_integrity": "sha1-SBZZt+W/al6omAEN5a7TXrRp4SQ=", - "_location": "/qs", - "_phantomChildren": {}, - "_requested": { - "type": "version", - "registry": true, - "raw": "qs@0.0.6", - "name": "qs", - "escapedName": "qs", - "rawSpec": "0.0.6", - "saveSpec": null, - "fetchSpec": "0.0.6" - }, - "_requiredBy": [ - "/" - ], - "_resolved": "https://registry.npmjs.org/qs/-/qs-0.0.6.tgz", - "_shasum": "481659b7e5bf6a5ea898010de5aed35eb469e124", - "_spec": "qs@0.0.6", - "_where": "/Users/orsagie/snyk-fixtures/monorepo-simple", - "author": { - "name": "TJ Holowaychuk", - "email": "tj@vision-media.ca", - "url": "http://tjholowaychuk.com" - }, - "bundleDependencies": false, - "deprecated": false, - "description": "querystring parser", - "engines": { - "node": "*" - }, - "main": "index", - "name": "qs", - "repository": {}, - "version": "0.0.6" -} diff --git a/test/acceptance/workspaces/mono-repo-nested/package-lock.json b/test/acceptance/workspaces/mono-repo-nested/package-lock.json deleted file mode 100644 index fce7bf7f28..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/package-lock.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "shallow-goof", - "version": "0.0.1", - "lockfileVersion": 1, - "requires": true, - "dependencies": { - "node-uuid": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.0.tgz", - "integrity": "sha1-B/myM3Vy/2J1x3Xh1IUT86RdemU=" - }, - "qs": { - "version": "0.0.6", - "resolved": "https://registry.npmjs.org/qs/-/qs-0.0.6.tgz", - "integrity": "sha1-SBZZt+W/al6omAEN5a7TXrRp4SQ=" - } - } -} diff --git a/test/acceptance/workspaces/mono-repo-nested/package.json b/test/acceptance/workspaces/mono-repo-nested/package.json deleted file mode 100644 index 4b2ecd8d3d..0000000000 --- a/test/acceptance/workspaces/mono-repo-nested/package.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "name": "shallow-goof", - "version": "0.0.1", - "description": "A vulnerable demo application", - "homepage": "https://snyk.io/", - "repository": { - "type": "git", - "url": "https://github.com/Snyk/shallow-goof" - }, - "dependencies": { - "qs": "0.0.6", - "node-uuid": "1.4.0" - } -} diff --git a/test/jest/acceptance/snyk-test/all-projects.spec.ts b/test/jest/acceptance/snyk-test/all-projects.spec.ts index 0a19fd9c39..fdc4fd6433 100644 --- a/test/jest/acceptance/snyk-test/all-projects.spec.ts +++ b/test/jest/acceptance/snyk-test/all-projects.spec.ts @@ -198,48 +198,6 @@ describe('snyk test --all-projects (mocked server only)', () => { expect(stderr).toEqual(''); }); - test('`test mono-repo-nested --all-projects` defaults to 4 max depth', async () => { - const project = await createProjectFromWorkspace('mono-repo-nested'); - - const { code, stdout, stderr } = await runSnykCLI('test --all-projects', { - cwd: project.path(), - env, - }); - - const backendRequests = server.getRequests().filter((req: any) => { - return req.url.includes('/api/v1/test'); - }); - - expect(backendRequests).toHaveLength(4); - backendRequests.forEach((req: any) => { - expect(req.method).toEqual('POST'); - expect(req.headers['x-snyk-cli-version']).not.toBeUndefined(); - expect(req.url).toMatch('/api/v1/test'); - }); - - expect(code).toEqual(0); - - const dirSeparator = process.platform === 'win32' ? '\\' : '/'; - - expect(stdout).toMatch('Target file: package-lock.json'); - expect(stdout).toMatch( - `Target file: level-1${dirSeparator}package.json`, - ); - expect(stdout).toMatch( - `Target file: level-1${dirSeparator}level-2${dirSeparator}Gemfile.lock`, - ); - expect(stdout).toMatch( - `Target file: level-1${dirSeparator}level-2${dirSeparator}level-3${dirSeparator}package-lock.json`, - ); - expect(stdout).not.toMatch( - `level-1${dirSeparator}level-2${dirSeparator}level-3${dirSeparator}level-4${dirSeparator}level-5${dirSeparator}package-lock.json`, - ); - expect(stdout).not.toMatch( - `level-1${dirSeparator}level-2${dirSeparator}level-3${dirSeparator}level-4${dirSeparator}level-5${dirSeparator}level-6${dirSeparator}Gemfile.lock`, - ); - expect(stderr).toBe(''); - }); - test('`test empty --all-projects`', async () => { const project = await createProjectFromWorkspace('empty'); diff --git a/test/tap/find-files.test.ts b/test/tap/find-files.test.ts index 131f4629cd..c2d2410631 100644 --- a/test/tap/find-files.test.ts +++ b/test/tap/find-files.test.ts @@ -2,13 +2,9 @@ import * as path from 'path'; import { test } from 'tap'; import { find } from '../../src/lib/find-files'; import { getFixturePath } from '../jest/util/getFixturePath'; -import { getWorkspacePath } from '../jest/util/getWorkspacePath'; const testFixture = getFixturePath('find-files'); -// eslint-disable-next-line @typescript-eslint/no-unused-vars -const skiptest = (name, _) => console.log(`Skipping ${name}`); - test('find all files in test fixture', async (t) => { // six levels deep to find all const { files: result, allFilesFound } = await find({ @@ -75,26 +71,6 @@ test('find all files in test fixture', async (t) => { ); }); -test('defaults to only detecting files up to 4 layers deep when undefined', async (t) => { - // - const { files: result } = await find({ - path: getWorkspacePath('mono-repo-nested'), - levelsDeep: undefined, - }); - - t.same(result.length, 4); -}); - -test('defaults to only detecting files up to 4 layers deep when null', async (t) => { - // - const { files: result } = await find({ - path: getWorkspacePath('mono-repo-nested'), - levelsDeep: NaN, - }); - - t.same(result.length, 4); -}); - test('find all files in test fixture ignoring node_modules', async (t) => { // six levels deep to ensure node_modules is tested const { files: result } = await find({ From a274f78059a3871518098198c785a1608bbe1531 Mon Sep 17 00:00:00 2001 From: Luke Watts Date: Wed, 23 Oct 2024 16:57:23 +0200 Subject: [PATCH 14/15] docs: capture latest updates in release notes --- binary-releases/RELEASE_NOTES.md | 62 ++++++++++++++------------------ 1 file changed, 26 insertions(+), 36 deletions(-) diff --git a/binary-releases/RELEASE_NOTES.md b/binary-releases/RELEASE_NOTES.md index 3778f95150..eb51da8262 100644 --- a/binary-releases/RELEASE_NOTES.md +++ b/binary-releases/RELEASE_NOTES.md @@ -2,49 +2,39 @@ The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see [this documentation](https://docs.snyk.io/snyk-cli/releases-and-channels-for-the-snyk-cli) +### News + +* **CycloneDX 1.6 SBOM support** This new version now supports generating CycloneDX 1.6 SBOMs using the `snyk sbom` command, providing you with more comprehensive and detailed information about your software components and their dependencies. [Read more about the CycloneDX version announcement here](https://cyclonedx.org/news/cyclonedx-v1.6-released/). +* **Improved CLI monitoring of large Cocoapods projects** When doing a `snyk monitor` on very large Cocoapods applications, the CLI sometimes returned an `Invalid String OOM` error and the operation would fail. Although this error was rare, we have fixed it so large Cocoapods applications can now be monitored successfully. +* **Fix for security issue** The Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted (PHP|Gradle) project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk always recommends not scanning untrusted projects. + + ### Features -* add CycloneDX 1.6 SBOM support ([1330fc2](https://github.com/snyk/snyk/commit/1330fc2442e48865ea2e1b27a94cf665ff4b0416)) -* add data transformation workflow [CLI-502] ([2cd3bfd](https://github.com/snyk/snyk/commit/2cd3bfd298b423ea632906cdd9b24ee5eac1c6d3)) -* automatic integration of language server 45d38517ca31d0dcbb30d35bc235b187f0c33156 ([e60dda0](https://github.com/snyk/snyk/commit/e60dda0c8c8d48a59a1260b221d5ac8bbc616093)) -* automatic integration of language server 56a46746f0be9d0ad20bc1c31e9aa8a66c8c31dc ([e5d8b68](https://github.com/snyk/snyk/commit/e5d8b68901b5934d7331a97ac56216532e1ece22)) -* automatic integration of language server 749398323e1918d99214e797aaf18adf0492d0a6 ([24cfd5a](https://github.com/snyk/snyk/commit/24cfd5ad30186089114307328d04bbfc8d11dc6f)) -* automatic integration of language server 871df13e7984636feb2c61570bff2d117828d8a3 ([507d402](https://github.com/snyk/snyk/commit/507d4023a3aaf78ee5340246946c43b9501b257e)) -* automatic integration of language server a8e770a8dcb46ad14861001a969c03694d7c2a30 ([0c22b2a](https://github.com/snyk/snyk/commit/0c22b2aa5329d3e5ca00ff23b7ec7472432b89ca)) -* automatic integration of language server e23b2e02a33de2f722a579a8fa10cccfa3d80d84 ([a3037bd](https://github.com/snyk/snyk/commit/a3037bd81389dbd7054b84ece9919ff87b9a44e9)) -* automatic integration of language server f340bd73b5146a0653b2126e7900c467c89e4398 ([0637bca](https://github.com/snyk/snyk/commit/0637bca3a1440e73b2ed874217db605732b6dee6)) -* automatic integration of language server f45a1a9e861a2f67a2aa6e624b755a411333298a ([771dce7](https://github.com/snyk/snyk/commit/771dce7ac5fc2daead08dba9187186bb81e4f687)) -* automatic integration of language server fa9fa4069fc2cd94b0b9aca67c27d2e7fd7ddacd ([ac946d1](https://github.com/snyk/snyk/commit/ac946d1f521d1006bbec279377b190781675dbbb)) -* conditionally write gaf data to file ([7f11919](https://github.com/snyk/snyk/commit/7f11919360cd01e97ede0467dd0f064134807157)) +* **sbom:** add CycloneDX 1.6 SBOM support ([1330fc2](https://github.com/snyk/snyk/commit/1330fc2442e48865ea2e1b27a94cf665ff4b0416)) * **deployment:** Deploy alpine arm64 binaries ([9daace4](https://github.com/snyk/snyk/commit/9daace4aa1bdb5d5939d91a118709a5f78b64bb8)) -* drop policy property on global Snyk object ([fef0d69](https://github.com/snyk/snyk/commit/fef0d69e7e67923b1b3d704ef79f8df696ef310e)) -* enable cocoapods to send graphs for cli monitor ([ca56c69](https://github.com/snyk/snyk/commit/ca56c695e65f11b44b0c50f93b892a0e03aea97a)) -* pass allow analytics flag to snyk-iac-test [IAC-3017] ([b12d3ac](https://github.com/snyk/snyk/commit/b12d3acf99a318c3841977ba4a3277b32a8baa22)) +* **monitor:** enable cocoapods to send graphs for cli monitor ([ca56c69](https://github.com/snyk/snyk/commit/ca56c695e65f11b44b0c50f93b892a0e03aea97a)) +* **iac:** pass allow analytics flag to snyk-iac-test [IAC-3017] ([b12d3ac](https://github.com/snyk/snyk/commit/b12d3acf99a318c3841977ba4a3277b32a8baa22)) ### Bug Fixes -* add normalize help for deriving target files [CLI-448] ([82efb50](https://github.com/snyk/snyk/commit/82efb50280569b5a3f290fda347d18d6a67170ca)) +* **all:** restore cert file if it was externally removed ([ef1547f](https://github.com/snyk/snyk/commit/ef1547fde9fa0e53897bbb8c51fa1cf3b02d78b8)) * **auth:** missing auth issue with oauth ([57ae95c](https://github.com/snyk/snyk/commit/57ae95cf5e3fc3d4c744a782feae2def17e70493)) -* check iacNewEngine FF and pass it to snyk-iac-test [IAC-3059] ([2051a6d](https://github.com/snyk/snyk/commit/2051a6d38071a304dbef97784cfeac20c7f56d09)) -* default limit to max vulnerable paths per vuln, add override option ([302d7ac](https://github.com/snyk/snyk/commit/302d7ac5a396d85cc4c424421ef5b7cfa5f32297)) -* **deployment:** upload sequence to s3 ([e8499b0](https://github.com/snyk/snyk/commit/e8499b041c4ca38b8bed86c704989df2c6408c32)) -* do not show test deps for Dverbose mvn with dependencyManagement ([67e0de9](https://github.com/snyk/snyk/commit/67e0de94c13622c390aff4a5b34bba4791272577)) -* **docs:** update contributing.md ([c2ff465](https://github.com/snyk/snyk/commit/c2ff465c34da80a2630099ca0c3653092d3ec3f9)) -* fixed support for pnpm alias packages ([d506de1](https://github.com/snyk/snyk/commit/d506de1203483cf627680a7ad7aa30b1479ed76c)) * **iac:** upgrade iac custom rules ext to address vulns [IAC-3065] ([d6cc509](https://github.com/snyk/snyk/commit/d6cc509d919165efa7392b0f0ef532d8840f1207)) * **iac:** upgrade snyk-iac-test to v0.55.1 [IAC-2940] ([0dadc90](https://github.com/snyk/snyk/commit/0dadc901087b97040243bb8a65b4844df9096a3d)) -* ignore false positive ([71215f6](https://github.com/snyk/snyk/commit/71215f68d35e07b17f93fbe22a93eea36ec2b925)) -* point snyk policy out urls to snyk.io ([28509a3](https://github.com/snyk/snyk/commit/28509a303e5d2b783799291e8db4afd159cd7533)) -* respect default detection depth of 4 ([45a74ea](https://github.com/snyk/snyk/commit/45a74eaf68404a2c046fe11d73682a8b5750368f)) -* restore cert file if it was externally removed ([ef1547f](https://github.com/snyk/snyk/commit/ef1547fde9fa0e53897bbb8c51fa1cf3b02d78b8)) -* scan non publishable projects on improved net ([a6c0e67](https://github.com/snyk/snyk/commit/a6c0e671937a662c0f3b4bfa4eae4c232511f7e8)) -* scan nuget with PublishSingleFile turned on ([2c74298](https://github.com/snyk/snyk/commit/2c74298094b627ec2d5df6b57f5aa49f67d4c132)) -* type errors in tests ([2e39187](https://github.com/snyk/snyk/commit/2e39187881daebaf0458fde772141ce9848c6762)) -* update tests to the current policy schema version ([35acaa9](https://github.com/snyk/snyk/commit/35acaa97fce3bd2627f8246d02ae3b79984fd2bd)) -* upgrade go-getter to 1.7.5 ([970de96](https://github.com/snyk/snyk/commit/970de96595a931f4362c9c95fe2ce901c4c63b55)) -* upgrade go-getter to 1.7.5 ([f730f9d](https://github.com/snyk/snyk/commit/f730f9d8893f13bf896e39d908d6b6d3662b3a42)) -* upgrade iac extension and snyk-iac-test ([9134c05](https://github.com/snyk/snyk/commit/9134c05d3f060daaa4294f47b7d2831bef894e07)) -* upgrade slack/webhook to 7.0.3 ([8ab4433](https://github.com/snyk/snyk/commit/8ab4433d2b9e037cd181270f62d3295a9c6b9086)) -* upgrade slack/webhook to 7.0.3 ([7e1a035](https://github.com/snyk/snyk/commit/7e1a03539f6e8c8a4b6fd500e9b5ac0c5449d079)) -* use runtimeInfo to derive the version for cliv1 path ([652d1ba](https://github.com/snyk/snyk/commit/652d1ba0b4e59aa5e2bf16bf95f31898fc6068b0)) \ No newline at end of file +* **monitor:** add normalize help for deriving target files [CLI-448] ([82efb50](https://github.com/snyk/snyk/commit/82efb50280569b5a3f290fda347d18d6a67170ca)) +* **sbom:** include CVE in JSON output of sbom test command ([a543179](https://github.com/snyk/cli/commit/a54317939e0b795732e36cd024ed80d5bf5cc167)) +* **sbom:** add missing option --gradle-normalize-deps to SBOM command ([151f63d](https://github.com/snyk/cli/commit/151f63df5fe94f7c2734b9cb227b9eb25f35d412)) +* **test:** default limit to max vulnerable paths per vuln, add override option `--max-vulnerable-paths` ([302d7ac](https://github.com/snyk/snyk/commit/302d7ac5a396d85cc4c424421ef5b7cfa5f32297)) +* **test:** do not show test deps for Dverbose mvn with dependencyManagement ([67e0de9](https://github.com/snyk/snyk/commit/67e0de94c13622c390aff4a5b34bba4791272577)) +* **test:** fixed support for pnpm alias packages ([d506de1](https://github.com/snyk/snyk/commit/d506de1203483cf627680a7ad7aa30b1479ed76c)) +* **test:** point snyk policy out urls to snyk.io ([28509a3](https://github.com/snyk/snyk/commit/28509a303e5d2b783799291e8db4afd159cd7533)) +* **test:** scan non publishable projects on improved net ([a6c0e67](https://github.com/snyk/snyk/commit/a6c0e671937a662c0f3b4bfa4eae4c232511f7e8)) +* **test:** scan nuget with PublishSingleFile turned on ([2c74298](https://github.com/snyk/snyk/commit/2c74298094b627ec2d5df6b57f5aa49f67d4c132)) +* **dependencies:** update snyk-nodejs-plugin to fix micromatch vuln ([baef934](https://github.com/snyk/cli/commit/baef934d14cb88a128477618c3861235aee1cecc)) +* **dependencies:** address security vulnerability in snyk-php-plugin CVE-2024-48963 ([7798d13](https://github.com/snyk/cli/commit/7798d13e072870462e77a72355d0bf1611c41bbb)) +* **dependencies:** address security vulnerability in snyk-gradle-plugin CVE-2024-48964 ([c614284](https://github.com/snyk/cli/commit/c614284b4f1f88c7b0784c6133aab630f57ea0a4)) +* **dependencies:** upgrade go-getter to 1.7.5 ([970de96](https://github.com/snyk/snyk/commit/970de96595a931f4362c9c95fe2ce901c4c63b55)) +* **dependencies:** upgrade iac extension and snyk-iac-test ([9134c05](https://github.com/snyk/snyk/commit/9134c05d3f060daaa4294f47b7d2831bef894e07)) +* **dependencies:** upgrade slack/webhook to 7.0.3 ([8ab4433](https://github.com/snyk/snyk/commit/8ab4433d2b9e037cd181270f62d3295a9c6b9086)) \ No newline at end of file From 27af72457f725ba42658b90c696418ec80f3a950 Mon Sep 17 00:00:00 2001 From: Luke Watts Date: Wed, 23 Oct 2024 21:30:15 +0200 Subject: [PATCH 15/15] chore: drop RELEASE_NOTES --- binary-releases/RELEASE_NOTES.md | 40 -------------------------------- 1 file changed, 40 deletions(-) delete mode 100644 binary-releases/RELEASE_NOTES.md diff --git a/binary-releases/RELEASE_NOTES.md b/binary-releases/RELEASE_NOTES.md deleted file mode 100644 index eb51da8262..0000000000 --- a/binary-releases/RELEASE_NOTES.md +++ /dev/null @@ -1,40 +0,0 @@ -## [1.1294.0](https://github.com/snyk/snyk/compare/v1.1293.0...v1.1294.0) (2024-10-23) - -The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see [this documentation](https://docs.snyk.io/snyk-cli/releases-and-channels-for-the-snyk-cli) - -### News - -* **CycloneDX 1.6 SBOM support** This new version now supports generating CycloneDX 1.6 SBOMs using the `snyk sbom` command, providing you with more comprehensive and detailed information about your software components and their dependencies. [Read more about the CycloneDX version announcement here](https://cyclonedx.org/news/cyclonedx-v1.6-released/). -* **Improved CLI monitoring of large Cocoapods projects** When doing a `snyk monitor` on very large Cocoapods applications, the CLI sometimes returned an `Invalid String OOM` error and the operation would fail. Although this error was rare, we have fixed it so large Cocoapods applications can now be monitored successfully. -* **Fix for security issue** The Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted (PHP|Gradle) project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk always recommends not scanning untrusted projects. - - -### Features - -* **sbom:** add CycloneDX 1.6 SBOM support ([1330fc2](https://github.com/snyk/snyk/commit/1330fc2442e48865ea2e1b27a94cf665ff4b0416)) -* **deployment:** Deploy alpine arm64 binaries ([9daace4](https://github.com/snyk/snyk/commit/9daace4aa1bdb5d5939d91a118709a5f78b64bb8)) -* **monitor:** enable cocoapods to send graphs for cli monitor ([ca56c69](https://github.com/snyk/snyk/commit/ca56c695e65f11b44b0c50f93b892a0e03aea97a)) -* **iac:** pass allow analytics flag to snyk-iac-test [IAC-3017] ([b12d3ac](https://github.com/snyk/snyk/commit/b12d3acf99a318c3841977ba4a3277b32a8baa22)) - - -### Bug Fixes - -* **all:** restore cert file if it was externally removed ([ef1547f](https://github.com/snyk/snyk/commit/ef1547fde9fa0e53897bbb8c51fa1cf3b02d78b8)) -* **auth:** missing auth issue with oauth ([57ae95c](https://github.com/snyk/snyk/commit/57ae95cf5e3fc3d4c744a782feae2def17e70493)) -* **iac:** upgrade iac custom rules ext to address vulns [IAC-3065] ([d6cc509](https://github.com/snyk/snyk/commit/d6cc509d919165efa7392b0f0ef532d8840f1207)) -* **iac:** upgrade snyk-iac-test to v0.55.1 [IAC-2940] ([0dadc90](https://github.com/snyk/snyk/commit/0dadc901087b97040243bb8a65b4844df9096a3d)) -* **monitor:** add normalize help for deriving target files [CLI-448] ([82efb50](https://github.com/snyk/snyk/commit/82efb50280569b5a3f290fda347d18d6a67170ca)) -* **sbom:** include CVE in JSON output of sbom test command ([a543179](https://github.com/snyk/cli/commit/a54317939e0b795732e36cd024ed80d5bf5cc167)) -* **sbom:** add missing option --gradle-normalize-deps to SBOM command ([151f63d](https://github.com/snyk/cli/commit/151f63df5fe94f7c2734b9cb227b9eb25f35d412)) -* **test:** default limit to max vulnerable paths per vuln, add override option `--max-vulnerable-paths` ([302d7ac](https://github.com/snyk/snyk/commit/302d7ac5a396d85cc4c424421ef5b7cfa5f32297)) -* **test:** do not show test deps for Dverbose mvn with dependencyManagement ([67e0de9](https://github.com/snyk/snyk/commit/67e0de94c13622c390aff4a5b34bba4791272577)) -* **test:** fixed support for pnpm alias packages ([d506de1](https://github.com/snyk/snyk/commit/d506de1203483cf627680a7ad7aa30b1479ed76c)) -* **test:** point snyk policy out urls to snyk.io ([28509a3](https://github.com/snyk/snyk/commit/28509a303e5d2b783799291e8db4afd159cd7533)) -* **test:** scan non publishable projects on improved net ([a6c0e67](https://github.com/snyk/snyk/commit/a6c0e671937a662c0f3b4bfa4eae4c232511f7e8)) -* **test:** scan nuget with PublishSingleFile turned on ([2c74298](https://github.com/snyk/snyk/commit/2c74298094b627ec2d5df6b57f5aa49f67d4c132)) -* **dependencies:** update snyk-nodejs-plugin to fix micromatch vuln ([baef934](https://github.com/snyk/cli/commit/baef934d14cb88a128477618c3861235aee1cecc)) -* **dependencies:** address security vulnerability in snyk-php-plugin CVE-2024-48963 ([7798d13](https://github.com/snyk/cli/commit/7798d13e072870462e77a72355d0bf1611c41bbb)) -* **dependencies:** address security vulnerability in snyk-gradle-plugin CVE-2024-48964 ([c614284](https://github.com/snyk/cli/commit/c614284b4f1f88c7b0784c6133aab630f57ea0a4)) -* **dependencies:** upgrade go-getter to 1.7.5 ([970de96](https://github.com/snyk/snyk/commit/970de96595a931f4362c9c95fe2ce901c4c63b55)) -* **dependencies:** upgrade iac extension and snyk-iac-test ([9134c05](https://github.com/snyk/snyk/commit/9134c05d3f060daaa4294f47b7d2831bef894e07)) -* **dependencies:** upgrade slack/webhook to 7.0.3 ([8ab4433](https://github.com/snyk/snyk/commit/8ab4433d2b9e037cd181270f62d3295a9c6b9086)) \ No newline at end of file