snyk-policy
Advanced tools
Comparing version 1.25.0 to 1.25.1
@@ -8,3 +8,3 @@ // FIXME move to ext module | ||
const path = require('path'); | ||
const statSync = require('fs').statSync; | ||
const { statSync } = require('fs'); | ||
let { parsePackageString: moduleToObject } = require('snyk-module'); | ||
@@ -11,0 +11,0 @@ |
@@ -7,3 +7,3 @@ module.exports = filterPatched; | ||
const path = require('path'); | ||
const statSync = require('fs').statSync; | ||
const { statSync } = require('fs'); | ||
const getVulnSource = require('./get-vuln-source'); | ||
@@ -73,3 +73,5 @@ | ||
res = statSync(oldFlag); | ||
} catch (e) {} | ||
} catch (e) { | ||
// continue regardless of error | ||
} | ||
} | ||
@@ -76,0 +78,0 @@ |
@@ -1,2 +0,2 @@ | ||
const fs = require('promise-fs'); | ||
const { lstatSync, promises: fs } = require('fs'); | ||
const path = require('path'); | ||
@@ -98,3 +98,3 @@ const debug = require('debug')('snyk:policy'); | ||
try { | ||
if (fs.lstatSync(filename).isDirectory()) { | ||
if (lstatSync(filename).isDirectory()) { | ||
filename = path.join(filename, '/.snyk'); | ||
@@ -101,0 +101,0 @@ } |
@@ -6,2 +6,13 @@ module.exports = { | ||
/** | ||
* @typedef Vulnerability | ||
* @type {Object} | ||
* @property {string[]} from - the dependency path in which it was introduced. This should include the project itself. | ||
*/ | ||
/** | ||
* @typedef IgnoreRule | ||
* @type {Object.<string, Object>} | ||
*/ | ||
const debug = require('debug')('snyk:policy'); | ||
@@ -109,2 +120,9 @@ const debugPolicy = require('debug')('snyk:protect'); | ||
/** | ||
* Returns whether any of the ignore rule paths match the path in which the vulnerability was introduced | ||
* @param {Vulnerability} vuln a single vulnerability, where `from` contains the dependency path in which it was introduced | ||
* @param {IgnoreRule} rule an ignore rule for the given vulnerability with one or more paths to ignore | ||
* @param {('packageManager'|'exact')} matchStrategy | ||
* @returns whether any ignore rules match the vulnerabilities import path | ||
*/ | ||
function matchToRule(vuln, rule, matchStrategy = 'packageManager') { | ||
@@ -111,0 +129,0 @@ return Object.keys(rule).some(function (path) { |
@@ -21,10 +21,10 @@ { | ||
"devDependencies": { | ||
"@commitlint/cli": "^12.1.4", | ||
"eslint": "^5.0.0", | ||
"eslint-config-prettier": "^5.0.0", | ||
"@commitlint/cli": "^17.6.1", | ||
"eslint": "^8.38.0", | ||
"eslint-config-prettier": "^8.8.0", | ||
"npm-run-all": "^4.1.5", | ||
"prettier": "^2.0.5", | ||
"proxyquire": "^2.1.0", | ||
"sinon": "^4.0.0", | ||
"tap": "^12.0.1", | ||
"sinon": "^15.0.4", | ||
"tap": "^16.3.4", | ||
"tap-only": "0.0.5" | ||
@@ -37,3 +37,2 @@ }, | ||
"lodash.clonedeep": "^4.5.0", | ||
"promise-fs": "^2.1.1", | ||
"semver": "^7.3.4", | ||
@@ -48,3 +47,9 @@ "snyk-module": "^3.0.0", | ||
}, | ||
"version": "1.25.0" | ||
"tap": { | ||
"branches": 85, | ||
"functions": 95, | ||
"lines": 90, | ||
"statements": 90 | ||
}, | ||
"version": "1.25.1" | ||
} |
@@ -101,2 +101,9 @@ # snyk-policy | ||
[Version ranges](https://github.com/npm/node-semver#versions) may also be used. For example, the following will all match the root dependency above: | ||
``` | ||
@remy/protect-test@1.x | ||
@remy/protect-test@>=1.0.1 | ||
@remy/protect-test@^1.0.2 | ||
``` | ||
## Usage | ||
@@ -103,0 +110,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
49224
8
22
1028
249
3
- Removedpromise-fs@^2.1.1