snyk-nuget-plugin - npm Package Compare versions

Comparing version 1.34.0 to 1.35.0

dist/index.js

@@ -69,5 +69,3 @@ "use strict";
 with the debug (-d) flag at \x1b[4mhttps://support.snyk.io/hc/en-us/requests/new\x1b[0m.`);
-        // TODO: Replaced by a CLI argument when project is stabilized
-        const useRuntimeDependencies = true;
-        const result = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], useRuntimeDependencies, options['project-name-prefix'], options['target-framework']);
+        const result = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], options['project-name-prefix'], options['target-framework']);
         return {
@@ -74,0 +72,0 @@ dependencyGraph: result.dependencyGraph,

dist/nuget-parser/index.js

@@ -58,3 +58,3 @@ "use strict";
 }
-async function buildDepGraphFromFiles(root, targetFile, manifestType, useProjectNameFromAssetsFile, useRuntimeDependencies, projectNamePrefix, targetFramework) {
+async function buildDepGraphFromFiles(root, targetFile, manifestType, useProjectNameFromAssetsFile, projectNamePrefix, targetFramework) {
     var _a, _b;
@@ -101,15 +101,12 @@ const safeRoot = root || '.';
     }
-    let assemblyVersions = {};
-    if (useRuntimeDependencies) {
-        if (!runtimeAssembly.isSupported(decidedTargetFramework)) {
-            throw new errors_1.FileNotProcessableError(`runtime resolution flag is currently only supported for: .NET versions 5 and higher, all versions of .NET Core and all versions of .NET Standard projects. Supplied versions was parsed as: ${decidedTargetFramework}.`);
-        }
-        // Ensure `dotnet` is installed on the system or fail trying.
-        await dotnet.validate();
-        // Run `dotnet publish` to create a self-contained publishable binary with included .dlls for assembly version inspection.
-        const publishDir = await dotnet.publish(projectRootFolder, decidedTargetFramework);
-        // Then inspect the dependency graph for the runtimepackage's assembly versions.
-        const depsFile = path.resolve(publishDir, `${projectNameFromManifestFile}.deps.json`);
-        assemblyVersions = runtimeAssembly.generateRuntimeAssemblies(depsFile);
+    if (!runtimeAssembly.isSupported(decidedTargetFramework)) {
+        throw new errors_1.FileNotProcessableError(`runtime resolution flag is currently only supported for: .NET versions 5 and higher, all versions of .NET Core and all versions of .NET Standard projects. Supplied versions was parsed as: ${decidedTargetFramework}.`);
     }
+    // Ensure `dotnet` is installed on the system or fail trying.
+    await dotnet.validate();
+    // Run `dotnet publish` to create a self-contained publishable binary with included .dlls for assembly version inspection.
+    const publishDir = await dotnet.publish(projectRootFolder, decidedTargetFramework);
+    // Then inspect the dependency graph for the runtimepackage's assembly versions.
+    const depsFile = path.resolve(publishDir, `${projectNameFromManifestFile}.deps.json`);
+    const assemblyVersions = runtimeAssembly.generateRuntimeAssemblies(depsFile);
     const depGraph = parser.depParser.parse(resolvedProjectName, manifest, assemblyVersions);
@@ -116,0 +113,0 @@ return {

dist/nuget-parser/parsers/dotnet-core-v2-parser.js

@@ -22,12 +22,10 @@ "use strict";
         const childId = `${childNode.name}@${childNode.version}`;
-        // If we've supplied runtime assembly versions for self-contained dlls, overwrite the dependency version
+        // If we're looking at a  runtime assembly version for self-contained dlls, overwrite the dependency version
         // we've found in the graph with those from the runtime assembly, as they take precedence.
         let assemblyVersion = version;
-        if (runtimeAssembly) {
-            // The RuntimeAssembly type contains the name with a .dll suffix, as this is how .NET represents them in the
-            // dependency file. This must be stripped in order to match the elements during depGraph construction.
-            const dll = `${name}.dll`;
-            if (dll in runtimeAssembly) {
-                assemblyVersion = runtimeAssembly[dll];
-            }
+        // The RuntimeAssembly type contains the name with a .dll suffix, as this is how .NET represents them in the
+        // dependency file. This must be stripped in order to match the elements during depGraph construction.
+        const dll = `${name}.dll`;
+        if (dll in runtimeAssembly) {
+            assemblyVersion = runtimeAssembly[dll];
         }
@@ -92,9 +90,3 @@ if (localVisited.has(childId)) {
     debug('Trying to parse .net core manifest with v2 depGraph builder');
-    let result;
-    if (!runtimeAssembly) {
-        result = buildGraph(projectName, projectAssets);
-    }
-    else {
-        result = buildGraph(projectName, projectAssets, runtimeAssembly);
-    }
+    const result = buildGraph(projectName, projectAssets, runtimeAssembly);
     return result;
@@ -101,0 +93,0 @@ }

package.json

@@ -59,3 +59,3 @@ {
   },
-  "version": "1.34.0"
+  "version": "1.35.0"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

116570

decreased by-0.61%

Lines of code

1504

decreased by-0.86%

No dependency changes