snyk-nuget-plugin
Advanced tools
Comparing version 1.34.0 to 1.35.0
@@ -69,5 +69,3 @@ "use strict"; | ||
with the debug (-d) flag at \x1b[4mhttps://support.snyk.io/hc/en-us/requests/new\x1b[0m.`); | ||
// TODO: Replaced by a CLI argument when project is stabilized | ||
const useRuntimeDependencies = true; | ||
const result = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], useRuntimeDependencies, options['project-name-prefix'], options['target-framework']); | ||
const result = await nugetParser.buildDepGraphFromFiles(root, targetFile, manifestType, options['assets-project-name'], options['project-name-prefix'], options['target-framework']); | ||
return { | ||
@@ -74,0 +72,0 @@ dependencyGraph: result.dependencyGraph, |
@@ -58,3 +58,3 @@ "use strict"; | ||
} | ||
async function buildDepGraphFromFiles(root, targetFile, manifestType, useProjectNameFromAssetsFile, useRuntimeDependencies, projectNamePrefix, targetFramework) { | ||
async function buildDepGraphFromFiles(root, targetFile, manifestType, useProjectNameFromAssetsFile, projectNamePrefix, targetFramework) { | ||
var _a, _b; | ||
@@ -101,15 +101,12 @@ const safeRoot = root || '.'; | ||
} | ||
let assemblyVersions = {}; | ||
if (useRuntimeDependencies) { | ||
if (!runtimeAssembly.isSupported(decidedTargetFramework)) { | ||
throw new errors_1.FileNotProcessableError(`runtime resolution flag is currently only supported for: .NET versions 5 and higher, all versions of .NET Core and all versions of .NET Standard projects. Supplied versions was parsed as: ${decidedTargetFramework}.`); | ||
} | ||
// Ensure `dotnet` is installed on the system or fail trying. | ||
await dotnet.validate(); | ||
// Run `dotnet publish` to create a self-contained publishable binary with included .dlls for assembly version inspection. | ||
const publishDir = await dotnet.publish(projectRootFolder, decidedTargetFramework); | ||
// Then inspect the dependency graph for the runtimepackage's assembly versions. | ||
const depsFile = path.resolve(publishDir, `${projectNameFromManifestFile}.deps.json`); | ||
assemblyVersions = runtimeAssembly.generateRuntimeAssemblies(depsFile); | ||
if (!runtimeAssembly.isSupported(decidedTargetFramework)) { | ||
throw new errors_1.FileNotProcessableError(`runtime resolution flag is currently only supported for: .NET versions 5 and higher, all versions of .NET Core and all versions of .NET Standard projects. Supplied versions was parsed as: ${decidedTargetFramework}.`); | ||
} | ||
// Ensure `dotnet` is installed on the system or fail trying. | ||
await dotnet.validate(); | ||
// Run `dotnet publish` to create a self-contained publishable binary with included .dlls for assembly version inspection. | ||
const publishDir = await dotnet.publish(projectRootFolder, decidedTargetFramework); | ||
// Then inspect the dependency graph for the runtimepackage's assembly versions. | ||
const depsFile = path.resolve(publishDir, `${projectNameFromManifestFile}.deps.json`); | ||
const assemblyVersions = runtimeAssembly.generateRuntimeAssemblies(depsFile); | ||
const depGraph = parser.depParser.parse(resolvedProjectName, manifest, assemblyVersions); | ||
@@ -116,0 +113,0 @@ return { |
@@ -22,12 +22,10 @@ "use strict"; | ||
const childId = `${childNode.name}@${childNode.version}`; | ||
// If we've supplied runtime assembly versions for self-contained dlls, overwrite the dependency version | ||
// If we're looking at a runtime assembly version for self-contained dlls, overwrite the dependency version | ||
// we've found in the graph with those from the runtime assembly, as they take precedence. | ||
let assemblyVersion = version; | ||
if (runtimeAssembly) { | ||
// The RuntimeAssembly type contains the name with a .dll suffix, as this is how .NET represents them in the | ||
// dependency file. This must be stripped in order to match the elements during depGraph construction. | ||
const dll = `${name}.dll`; | ||
if (dll in runtimeAssembly) { | ||
assemblyVersion = runtimeAssembly[dll]; | ||
} | ||
// The RuntimeAssembly type contains the name with a .dll suffix, as this is how .NET represents them in the | ||
// dependency file. This must be stripped in order to match the elements during depGraph construction. | ||
const dll = `${name}.dll`; | ||
if (dll in runtimeAssembly) { | ||
assemblyVersion = runtimeAssembly[dll]; | ||
} | ||
@@ -92,9 +90,3 @@ if (localVisited.has(childId)) { | ||
debug('Trying to parse .net core manifest with v2 depGraph builder'); | ||
let result; | ||
if (!runtimeAssembly) { | ||
result = buildGraph(projectName, projectAssets); | ||
} | ||
else { | ||
result = buildGraph(projectName, projectAssets, runtimeAssembly); | ||
} | ||
const result = buildGraph(projectName, projectAssets, runtimeAssembly); | ||
return result; | ||
@@ -101,0 +93,0 @@ } |
@@ -59,3 +59,3 @@ { | ||
}, | ||
"version": "1.34.0" | ||
"version": "1.35.0" | ||
} |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
116570
1504