Merge upstream:main

This commit is contained in:
github-actions[bot]
2025-12-22 00:38:27 +00:00
8 changed files with 8813 additions and 4825 deletions
+1 -1
View File
@@ -22,7 +22,7 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Component detection
uses: advanced-security/component-detection-dependency-submission-action@v0.0.3
uses: advanced-security/component-detection-dependency-submission-action@v0.1.0
```
### Configuration options
+38
View File
@@ -156,6 +156,44 @@ describe("ComponentDetection.processComponentsToManifests", () => {
expect(manifests[0].indirectDependencies()).toHaveLength(1);
expect(manifests[0].countDependencies()).toBe(1);
});
test("un-escapes URL-encoded locationsFoundAt", () => {
const componentsFound = [
{
component: {
name: "test-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "nuget",
Name: "test-package",
Version: "1.0.0"
},
id: "test-package 1.0.0 - nuget"
},
isDevelopmentDependency: false,
topLevelReferrers: [], // Empty = direct dependency
locationsFoundAt: ["/my%20project/my%20project.csproj"]
}
];
const dependencyGraphs: DependencyGraphs = {
"my project/my project.csproj": {
graph: { "test-package": null },
explicitlyReferencedComponentIds: ["test-package 1.0.0 - nuget"],
developmentDependencies: [],
dependencies: []
}
};
const manifests = ComponentDetection.processComponentsToManifests(componentsFound, dependencyGraphs);
expect(manifests).toHaveLength(1);
expect(manifests[0].name).toBe("my project/my project.csproj");
expect(manifests[0].directDependencies()).toHaveLength(1);
expect(manifests[0].indirectDependencies()).toHaveLength(0);
expect(manifests[0].countDependencies()).toBe(1);
});
});
describe('normalizeDependencyGraphPaths', () => {
+3 -1
View File
@@ -154,7 +154,9 @@ export default class ComponentDetection {
packages.forEach((pkg: ComponentDetectionPackage) => {
pkg.locationsFoundAt.forEach((location: any) => {
// Use the normalized path (remove leading slash if present)
const normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
let normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
// Unescape the path, as upstream ComponentDetection emits locationsFoundAt in URL-encoded form
normalizedLocation = decodeURIComponent(normalizedLocation);
if (!manifests.find((manifest: Manifest) => manifest.name == normalizedLocation)) {
const manifest = new Manifest(normalizedLocation, normalizedLocation);
Generated Vendored
+3 -1
View File
@@ -36129,7 +36129,9 @@ class ComponentDetection {
pkg.locationsFoundAt.forEach((location) => {
var _a, _b;
// Use the normalized path (remove leading slash if present)
const normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
let normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
// Unescape the path, as upstream ComponentDetection emits locationsFoundAt in URL-encoded form
normalizedLocation = decodeURIComponent(normalizedLocation);
if (!manifests.find((manifest) => manifest.name == normalizedLocation)) {
const manifest = new dependency_submission_toolkit_1.Manifest(normalizedLocation, normalizedLocation);
manifests.push(manifest);
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
+8736 -4790
View File
File diff suppressed because it is too large Load Diff
+13 -13
View File
@@ -30,22 +30,22 @@
"@actions/github": "^6.0.1",
"@github/dependency-submission-toolkit": "^2.0.5",
"cross-fetch": "^4.1.0",
"dotenv": "^16.5.0",
"dotenv": "^17.2.3",
"fs": "^0.0.1-security",
"octokit": "^4.1.3",
"tar": "^7.4.3",
"yaml": "^2.7.1"
"octokit": "^5.0.5",
"tar": "^7.5.2",
"yaml": "^2.8.1"
},
"devDependencies": {
"@babel/preset-env": "^7.27.2",
"@babel/preset-typescript": "^7.27.1",
"@eslint/js": "^9.26.0",
"@types/glob": "^8.1.0",
"@types/jest": "^29.5.14",
"@vercel/ncc": "^0.38.3",
"eslint": "^9.26.0",
"jest": "^29.7.0",
"@babel/preset-env": "^7.28.5",
"@babel/preset-typescript": "^7.28.5",
"@eslint/js": "^9.39.1",
"@types/glob": "^9.0.0",
"@types/jest": "^30.0.0",
"@vercel/ncc": "^0.38.4",
"eslint": "^9.39.1",
"jest": "^30.2.0",
"jest-transform-stub": "^2.0.0",
"ts-jest": "^29.3.2"
"ts-jest": "^29.4.5"
}
}
+18 -18
View File
@@ -685,9 +685,9 @@
"dev": true
},
"node_modules/@eslint/eslintrc/node_modules/js-yaml": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -2273,9 +2273,9 @@
}
},
"node_modules/eslint/node_modules/js-yaml": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"dependencies": {
"argparse": "^2.0.1"
@@ -3541,9 +3541,9 @@
"dev": true
},
"node_modules/js-yaml": {
"version": "3.14.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
"version": "3.14.2",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"dependencies": {
"argparse": "^1.0.7",
@@ -5338,9 +5338,9 @@
"dev": true
},
"js-yaml": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -6538,9 +6538,9 @@
}
},
"js-yaml": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
"dev": true,
"requires": {
"argparse": "^2.0.1"
@@ -7525,9 +7525,9 @@
"dev": true
},
"js-yaml": {
"version": "3.14.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
"version": "3.14.2",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
"dev": true,
"requires": {
"argparse": "^1.0.7",