snyk-nuget-plugin - npm Package Compare versions

Comparing version 1.20.0 to 1.21.0

dist/nuget-parser/csproj-parser.js

@@ -8,3 +8,2 @@ "use strict";
 const parseXML = require("xml2js");
-const _ = require("lodash");
 const debugModule = require("debug");
@@ -22,9 +21,8 @@ const framework_1 = require("./framework");
             parseXML.parseString(csprojContents, (err, parsedCsprojContents) => {
+                var _a, _b, _c, _d, _e;
                 if (err) {
                     reject(new errors_1.FileNotProcessableError(err));
                 }
-                const versionLoc = _.get(parsedCsprojContents, 'Project.PropertyGroup[0]');
-                const versions = _.compact(_.concat([], _.get(versionLoc, 'TargetFrameworkVersion[0]') ||
-                    _.get(versionLoc, 'TargetFramework[0]') ||
-                    _.get(versionLoc, 'TargetFrameworks[0]', '').split(';')));
+                const versionLoc = (_b = (_a = parsedCsprojContents === null || parsedCsprojContents === void 0 ? void 0 : parsedCsprojContents.Project) === null || _a === void 0 ? void 0 : _a.PropertyGroup) === null || _b === void 0 ? void 0 : _b[0];
+                const versions = [].concat((((_c = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFrameworkVersion) === null || _c === void 0 ? void 0 : _c[0]) || ((_d = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFramework) === null || _d === void 0 ? void 0 : _d[0]) || ((_e = versionLoc === null || versionLoc === void 0 ? void 0 : versionLoc.TargetFrameworks) === null || _e === void 0 ? void 0 : _e[0]) || '').split(';')).filter(Boolean);
                 if (versions.length < 1) {
@@ -35,3 +33,3 @@ debug('Could not find TargetFrameworkVersion/TargetFramework' +
                 }
-                frameworks = _.compact(_.map(versions, framework_1.toReadableFramework));
+                frameworks = versions.map(framework_1.toReadableFramework).filter(Boolean);
                 if (versions.length > 1 && frameworks.length < 1) {
@@ -38,0 +36,0 @@ debug('Could not find valid/supported .NET version in csproj file located at' + csprojPath);

dist/nuget-parser/dotnet-core-parser.js

@@ -5,3 +5,2 @@ "use strict";
 const errors_1 = require("../errors");
-const _ = require("lodash");
 const debugModule = require("debug");
@@ -21,2 +20,11 @@ const debug = debugModule('snyk');
 }
+function pick(obj, keys) {
+    const pickedObj = {};
+    Object.keys(obj).forEach((k) => {
+        if (keys.includes(k)) {
+            pickedObj[k] = obj[k];
+        }
+    });
+    return pickedObj;
+}
 function convertFromPathSyntax(path) {
@@ -100,5 +108,5 @@ let name = path.split('/').join('@'); // posix
     }
-    const tree = _.pick(treeMap, roots);
-    const freqSysDeps = _.pick(treeMap, Object.keys(freqDeps));
-    if (!_.isEmpty(freqSysDeps)) {
+    const tree = pick(treeMap, roots);
+    const freqSysDeps = pick(treeMap, Object.keys(freqDeps));
+    if (Object.keys(freqSysDeps).length > 0) {
         tree['freqSystemDependencies'] = {
@@ -113,3 +121,4 @@ name: 'freqSystemDependencies',
 function getFrameworkToRun(manifest) {
-    const frameworks = _.get(manifest, 'project.frameworks');
+    var _a;
+    const frameworks = (_a = manifest === null || manifest === void 0 ? void 0 : manifest.project) === null || _a === void 0 ? void 0 : _a.frameworks;
     debug(`Available frameworks: '${Object.keys(frameworks)}'`);
@@ -137,3 +146,3 @@ // not yet supporting multiple frameworks in the same assets file ->
     }
-    if (_.isEmpty(manifest.project.frameworks)) {
+    if (!manifest.project.frameworks || Object.keys(manifest.project.frameworks).length === 0) {
         throw new errors_1.InvalidManifestError('0 frameworks were found in project.assets.json');
@@ -144,3 +153,3 @@ }
     }
-    if (_.isEmpty(manifest.targets)) {
+    if (!manifest.targets || Object.keys(manifest.targets).length === 0) {
         throw new errors_1.InvalidManifestError('0 targets were found in project.assets.json');
@@ -147,0 +156,0 @@ }

dist/nuget-parser/index.js

@@ -7,3 +7,2 @@ "use strict";
 const csproj_parser_1 = require("./csproj-parser");
-const _ = require("lodash");
 const debugModule = require("debug");
@@ -46,2 +45,3 @@ const debug = debugModule('snyk');
 async function buildDepTreeFromFiles(root, targetFile, packagesFolderPath, manifestType, useProjectNameFromAssetsFile, projectNamePrefix) {
+    var _a, _b;
     const safeRoot = root || '.';
@@ -94,3 +94,3 @@ const safeTargetFile = targetFile || '.';
     if (manifestType === 'dotnet-core' && useProjectNameFromAssetsFile) {
-        const projectName = _.get(manifest, 'project.restore.projectName');
+        const projectName = (_b = (_a = manifest === null || manifest === void 0 ? void 0 : manifest.project) === null || _a === void 0 ? void 0 : _a.restore) === null || _b === void 0 ? void 0 : _b.projectName;
         if (projectName) {
@@ -97,0 +97,0 @@ tree.name = projectName;

dist/nuget-parser/nuspec-parser.js

@@ -8,3 +8,2 @@ "use strict";
 const parseXML = require("xml2js");
-const _ = require("lodash");
 const debugModule = require("debug");
@@ -36,8 +35,8 @@ const debug = debugModule('snyk');
                 // we have dependency version conflict resolution implemented
-                _(result.package.metadata).forEach((metadata) => {
-                    _(metadata.dependencies).forEach((rawDependency) => {
+                result.package.metadata.forEach((metadata) => {
+                    metadata.dependencies.forEach((rawDependency) => {
                         // Find and add target framework version specific dependencies
                         const depsForTargetFramework = extractDepsForTargetFramework(rawDependency, targetFramework);
                         if (depsForTargetFramework && depsForTargetFramework.group) {
-                            ownDeps = _.concat(ownDeps, extractDepsFromRaw(depsForTargetFramework.group.dependency));
+                            ownDeps = ownDeps.concat(extractDepsFromRaw(depsForTargetFramework.group.dependency));
                         }
@@ -49,7 +48,7 @@ // Find all groups with no targetFramework attribute
                             depsFromPlainGroups.forEach((depGroup) => {
-                                ownDeps = _.concat(ownDeps, extractDepsFromRaw(depGroup.dependency));
+                                ownDeps = ownDeps.concat(extractDepsFromRaw(depGroup.dependency));
                             });
                         }
                         // Add the default dependencies
-                        ownDeps = _.concat(ownDeps, extractDepsFromRaw(rawDependency.dependency));
+                        ownDeps = ownDeps.concat(extractDepsFromRaw(rawDependency.dependency));
                     });
@@ -72,3 +71,6 @@ });
 function extractDepsForPlainGroups(rawDependency) {
-    return _(rawDependency.group)
+    if (!rawDependency.group) {
+        return [];
+    }
+    return rawDependency.group
         .filter((group) => {
@@ -80,9 +82,12 @@ // valid group with no attributes or no `targetFramework` attribute
 function extractDepsForTargetFramework(rawDependency, targetFramework) {
-    return rawDependency && _(rawDependency.group)
-        .filter((group) => {
-        return group && group.$ && group.$.targetFramework &&
+    if (!rawDependency || !rawDependency.group) {
+        return;
+    }
+    return rawDependency.group.filter((group) => {
+        var _a;
+        return ((_a = group === null || group === void 0 ? void 0 : group.$) === null || _a === void 0 ? void 0 : _a.targetFramework) &&
             targetFrameworkRegex.test(group.$.targetFramework);
     })
         .map((group) => {
-        const parts = _.split(group.$.targetFramework, targetFrameworkRegex);
+        const parts = group.$.targetFramework.split(targetFrameworkRegex);
         return {
@@ -94,3 +99,9 @@ framework: parts[1],
     })
-        .orderBy(['framework', 'version'], ['asc', 'desc'])
+        .sort((a, b) => {
+        if (a.framework === b.framework) {
+            return Number(b.version) - Number(a.version);
+        }
+        return a.framework > b.framework ? -1 : 1;
+    })
+        // .orderBy(['framework', 'version'], ['asc', 'desc'])
         .find((group) => {
@@ -102,4 +113,7 @@ return targetFramework.framework === group.framework &&
 function extractDepsFromRaw(rawDependencies) {
+    if (!rawDependencies) {
+        return [];
+    }
     const deps = [];
-    _.forEach(rawDependencies, (dep) => {
+    rawDependencies.forEach((dep) => {
         if (dep && dep.$) {
@@ -106,0 +120,0 @@ deps.push({

package.json

@@ -36,3 +36,2 @@ {
   "dependencies": {
-    "lodash": "^4.17.20",
     "debug": "^4.1.1",
@@ -53,3 +52,3 @@ "dotnet-deps-parser": "5.0.0",
   },
-  "version": "1.20.0"
+  "version": "1.21.0"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

68272

increased by2.97%

Dependency count

6

decreased by-14.29%

Lines of code

898

increased by2.51%

Dependency changes

• - Removedlodash@^4.17.20

• - Removedlodash@4.17.21(transitive)