snyk-nuget-plugin
Advanced tools
Comparing version 1.20.0 to 1.21.0
@@ -8,3 +8,2 @@ "use strict"; | ||
const parseXML = require("xml2js"); | ||
const _ = require("lodash"); | ||
const debugModule = require("debug"); | ||
@@ -22,9 +21,8 @@ const framework_1 = require("./framework"); | ||
parseXML.parseString(csprojContents, (err, parsedCsprojContents) => { | ||
var _a, _b, _c, _d, _e; | ||
if (err) { | ||
reject(new errors_1.FileNotProcessableError(err)); | ||
} | ||
const versionLoc = _.get(parsedCsprojContents, 'Project.PropertyGroup[0]'); | ||
const versions = _.compact(_.concat([], _.get(versionLoc, 'TargetFrameworkVersion[0]') || | ||
_.get(versionLoc, 'TargetFramework[0]') || | ||
_.get(versionLoc, 'TargetFrameworks[0]', '').split(';'))); | ||
const versionLoc = (_b = (_a = parsedCsprojContents === null || parsedCsprojContents === void 0 ? void 0 : parsedCsprojContents.Project) === null || _a === void 0 ? void 0 : _a.PropertyGroup) === null || _b === void 0 ? void 0 : _b[0]; | ||
const versions = [].concat((((_c = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFrameworkVersion) === null || _c === void 0 ? void 0 : _c[0]) || ((_d = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFramework) === null || _d === void 0 ? void 0 : _d[0]) || ((_e = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFrameworks) === null || _e === void 0 ? void 0 : _e[0]) || '').split(';')).filter(Boolean); | ||
if (versions.length < 1) { | ||
@@ -35,3 +33,3 @@ debug('Could not find TargetFrameworkVersion/TargetFramework' + | ||
} | ||
frameworks = _.compact(_.map(versions, framework_1.toReadableFramework)); | ||
frameworks = versions.map(framework_1.toReadableFramework).filter(Boolean); | ||
if (versions.length > 1 && frameworks.length < 1) { | ||
@@ -38,0 +36,0 @@ debug('Could not find valid/supported .NET version in csproj file located at' + csprojPath); |
@@ -5,3 +5,2 @@ "use strict"; | ||
const errors_1 = require("../errors"); | ||
const _ = require("lodash"); | ||
const debugModule = require("debug"); | ||
@@ -21,2 +20,11 @@ const debug = debugModule('snyk'); | ||
} | ||
function pick(obj, keys) { | ||
const pickedObj = {}; | ||
Object.keys(obj).forEach((k) => { | ||
if (keys.includes(k)) { | ||
pickedObj[k] = obj[k]; | ||
} | ||
}); | ||
return pickedObj; | ||
} | ||
function convertFromPathSyntax(path) { | ||
@@ -100,5 +108,5 @@ let name = path.split('/').join('@'); // posix | ||
} | ||
const tree = _.pick(treeMap, roots); | ||
const freqSysDeps = _.pick(treeMap, Object.keys(freqDeps)); | ||
if (!_.isEmpty(freqSysDeps)) { | ||
const tree = pick(treeMap, roots); | ||
const freqSysDeps = pick(treeMap, Object.keys(freqDeps)); | ||
if (Object.keys(freqSysDeps).length > 0) { | ||
tree['freqSystemDependencies'] = { | ||
@@ -113,3 +121,4 @@ name: 'freqSystemDependencies', | ||
function getFrameworkToRun(manifest) { | ||
const frameworks = _.get(manifest, 'project.frameworks'); | ||
var _a; | ||
const frameworks = (_a = manifest === null || manifest === void 0 ? void 0 : manifest.project) === null || _a === void 0 ? void 0 : _a.frameworks; | ||
debug(`Available frameworks: '${Object.keys(frameworks)}'`); | ||
@@ -137,3 +146,3 @@ // not yet supporting multiple frameworks in the same assets file -> | ||
} | ||
if (_.isEmpty(manifest.project.frameworks)) { | ||
if (!manifest.project.frameworks || Object.keys(manifest.project.frameworks).length === 0) { | ||
throw new errors_1.InvalidManifestError('0 frameworks were found in project.assets.json'); | ||
@@ -144,3 +153,3 @@ } | ||
} | ||
if (_.isEmpty(manifest.targets)) { | ||
if (!manifest.targets || Object.keys(manifest.targets).length === 0) { | ||
throw new errors_1.InvalidManifestError('0 targets were found in project.assets.json'); | ||
@@ -147,0 +156,0 @@ } |
@@ -7,3 +7,2 @@ "use strict"; | ||
const csproj_parser_1 = require("./csproj-parser"); | ||
const _ = require("lodash"); | ||
const debugModule = require("debug"); | ||
@@ -46,2 +45,3 @@ const debug = debugModule('snyk'); | ||
async function buildDepTreeFromFiles(root, targetFile, packagesFolderPath, manifestType, useProjectNameFromAssetsFile, projectNamePrefix) { | ||
var _a, _b; | ||
const safeRoot = root || '.'; | ||
@@ -94,3 +94,3 @@ const safeTargetFile = targetFile || '.'; | ||
if (manifestType === 'dotnet-core' && useProjectNameFromAssetsFile) { | ||
const projectName = _.get(manifest, 'project.restore.projectName'); | ||
const projectName = (_b = (_a = manifest === null || manifest === void 0 ? void 0 : manifest.project) === null || _a === void 0 ? void 0 : _a.restore) === null || _b === void 0 ? void 0 : _b.projectName; | ||
if (projectName) { | ||
@@ -97,0 +97,0 @@ tree.name = projectName; |
@@ -8,3 +8,2 @@ "use strict"; | ||
const parseXML = require("xml2js"); | ||
const _ = require("lodash"); | ||
const debugModule = require("debug"); | ||
@@ -36,8 +35,8 @@ const debug = debugModule('snyk'); | ||
// we have dependency version conflict resolution implemented | ||
_(result.package.metadata).forEach((metadata) => { | ||
_(metadata.dependencies).forEach((rawDependency) => { | ||
result.package.metadata.forEach((metadata) => { | ||
metadata.dependencies.forEach((rawDependency) => { | ||
// Find and add target framework version specific dependencies | ||
const depsForTargetFramework = extractDepsForTargetFramework(rawDependency, targetFramework); | ||
if (depsForTargetFramework && depsForTargetFramework.group) { | ||
ownDeps = _.concat(ownDeps, extractDepsFromRaw(depsForTargetFramework.group.dependency)); | ||
ownDeps = ownDeps.concat(extractDepsFromRaw(depsForTargetFramework.group.dependency)); | ||
} | ||
@@ -49,7 +48,7 @@ // Find all groups with no targetFramework attribute | ||
depsFromPlainGroups.forEach((depGroup) => { | ||
ownDeps = _.concat(ownDeps, extractDepsFromRaw(depGroup.dependency)); | ||
ownDeps = ownDeps.concat(extractDepsFromRaw(depGroup.dependency)); | ||
}); | ||
} | ||
// Add the default dependencies | ||
ownDeps = _.concat(ownDeps, extractDepsFromRaw(rawDependency.dependency)); | ||
ownDeps = ownDeps.concat(extractDepsFromRaw(rawDependency.dependency)); | ||
}); | ||
@@ -72,3 +71,6 @@ }); | ||
function extractDepsForPlainGroups(rawDependency) { | ||
return _(rawDependency.group) | ||
if (!rawDependency.group) { | ||
return []; | ||
} | ||
return rawDependency.group | ||
.filter((group) => { | ||
@@ -80,9 +82,12 @@ // valid group with no attributes or no `targetFramework` attribute | ||
function extractDepsForTargetFramework(rawDependency, targetFramework) { | ||
return rawDependency && _(rawDependency.group) | ||
.filter((group) => { | ||
return group && group.$ && group.$.targetFramework && | ||
if (!rawDependency || !rawDependency.group) { | ||
return; | ||
} | ||
return rawDependency.group.filter((group) => { | ||
var _a; | ||
return ((_a = group === null || group === void 0 ? void 0 : group.$) === null || _a === void 0 ? void 0 : _a.targetFramework) && | ||
targetFrameworkRegex.test(group.$.targetFramework); | ||
}) | ||
.map((group) => { | ||
const parts = _.split(group.$.targetFramework, targetFrameworkRegex); | ||
const parts = group.$.targetFramework.split(targetFrameworkRegex); | ||
return { | ||
@@ -94,3 +99,9 @@ framework: parts[1], | ||
}) | ||
.orderBy(['framework', 'version'], ['asc', 'desc']) | ||
.sort((a, b) => { | ||
if (a.framework === b.framework) { | ||
return Number(b.version) - Number(a.version); | ||
} | ||
return a.framework > b.framework ? -1 : 1; | ||
}) | ||
// .orderBy(['framework', 'version'], ['asc', 'desc']) | ||
.find((group) => { | ||
@@ -102,4 +113,7 @@ return targetFramework.framework === group.framework && | ||
function extractDepsFromRaw(rawDependencies) { | ||
if (!rawDependencies) { | ||
return []; | ||
} | ||
const deps = []; | ||
_.forEach(rawDependencies, (dep) => { | ||
rawDependencies.forEach((dep) => { | ||
if (dep && dep.$) { | ||
@@ -106,0 +120,0 @@ deps.push({ |
@@ -36,3 +36,2 @@ { | ||
"dependencies": { | ||
"lodash": "^4.17.20", | ||
"debug": "^4.1.1", | ||
@@ -53,3 +52,3 @@ "dotnet-deps-parser": "5.0.0", | ||
}, | ||
"version": "1.20.0" | ||
"version": "1.21.0" | ||
} |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
68272
6
898
- Removedlodash@^4.17.20
- Removedlodash@4.17.21(transitive)