Merge branch 'main' into dependabot/npm_and_yarn/octokit/request-error-5.1.1
This commit is contained in:
@@ -0,0 +1,3 @@
|
|||||||
|
# Managed and Maintained by:
|
||||||
|
|
||||||
|
* @advanced-security/advanced-security-dependency-graph
|
||||||
Vendored
+14
-8
@@ -47,13 +47,19 @@ class MavenDependencyGraph {
|
|||||||
const artifact = this.packageUrlToArtifact[depPackage.packageURL.toString()];
|
const artifact = this.packageUrlToArtifact[depPackage.packageURL.toString()];
|
||||||
let scope = getDependencyScopeForMavenScope(artifact.scopes);
|
let scope = getDependencyScopeForMavenScope(artifact.scopes);
|
||||||
manifest.addDirectDependency(depPackage, scope);
|
manifest.addDirectDependency(depPackage, scope);
|
||||||
function addTransitiveDeps(dependencies) {
|
function addTransitiveDeps(dependencies, seen = new Set()) {
|
||||||
if (dependencies) {
|
if (dependencies) {
|
||||||
dependencies.forEach(transitiveDep => {
|
dependencies.forEach(transitiveDep => {
|
||||||
const transitiveDepArtifact = packageUrlToArtifact[transitiveDep.packageURL.toString()];
|
let purl = transitiveDep.packageURL.toString();
|
||||||
|
if (seen.has(purl)) {
|
||||||
|
// we're in a cycle! skip this one.
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
const transitiveDepArtifact = packageUrlToArtifact[purl];
|
||||||
const transitiveDepScope = getDependencyScopeForMavenScope(transitiveDepArtifact.scopes);
|
const transitiveDepScope = getDependencyScopeForMavenScope(transitiveDepArtifact.scopes);
|
||||||
manifest.addIndirectDependency(transitiveDep, transitiveDepScope);
|
manifest.addIndirectDependency(transitiveDep, transitiveDepScope);
|
||||||
addTransitiveDeps(transitiveDep.dependencies);
|
seen.add(purl);
|
||||||
|
addTransitiveDeps(transitiveDep.dependencies, seen);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -484,7 +490,7 @@ const depgraph_1 = __nccwpck_require__(8047);
|
|||||||
const maven_runner_1 = __nccwpck_require__(7433);
|
const maven_runner_1 = __nccwpck_require__(7433);
|
||||||
const file_utils_1 = __nccwpck_require__(799);
|
const file_utils_1 = __nccwpck_require__(799);
|
||||||
const packageData = __nccwpck_require__(2876);
|
const packageData = __nccwpck_require__(2876);
|
||||||
const DEPGRAPH_MAVEN_PLUGIN_VERSION = '4.0.2';
|
const DEPGRAPH_MAVEN_PLUGIN_VERSION = '4.0.3';
|
||||||
function generateSnapshot(directory, mvnConfig, snapshotConfig) {
|
function generateSnapshot(directory, mvnConfig, snapshotConfig) {
|
||||||
return __awaiter(this, void 0, void 0, function* () {
|
return __awaiter(this, void 0, void 0, function* () {
|
||||||
var _a, _b;
|
var _a, _b;
|
||||||
@@ -512,11 +518,11 @@ function generateSnapshot(directory, mvnConfig, snapshotConfig) {
|
|||||||
snapshot.job.correlator = (snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.correlator)
|
snapshot.job.correlator = (snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.correlator)
|
||||||
? snapshotConfig.correlator
|
? snapshotConfig.correlator
|
||||||
: (_b = snapshot.job) === null || _b === void 0 ? void 0 : _b.correlator;
|
: (_b = snapshot.job) === null || _b === void 0 ? void 0 : _b.correlator;
|
||||||
const specifiedRef = getNonEmtptyValue(snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.ref);
|
const specifiedRef = getNonEmptyValue(snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.ref);
|
||||||
if (specifiedRef) {
|
if (specifiedRef) {
|
||||||
snapshot.ref = specifiedRef;
|
snapshot.ref = specifiedRef;
|
||||||
}
|
}
|
||||||
const specifiedSha = getNonEmtptyValue(snapshot === null || snapshot === void 0 ? void 0 : snapshot.sha);
|
const specifiedSha = getNonEmptyValue(snapshot === null || snapshot === void 0 ? void 0 : snapshot.sha);
|
||||||
if (specifiedSha) {
|
if (specifiedSha) {
|
||||||
snapshot.sha = specifiedSha;
|
snapshot.sha = specifiedSha;
|
||||||
}
|
}
|
||||||
@@ -616,7 +622,7 @@ function getRepositoryRelativePath(file) {
|
|||||||
core.debug(`Snapshot relative file = ${result}`);
|
core.debug(`Snapshot relative file = ${result}`);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
function getNonEmtptyValue(str) {
|
function getNonEmptyValue(str) {
|
||||||
if (str) {
|
if (str) {
|
||||||
const trimmed = str.trim();
|
const trimmed = str.trim();
|
||||||
if (trimmed.length > 0) {
|
if (trimmed.length > 0) {
|
||||||
@@ -33295,7 +33301,7 @@ exports.submitSnapshot = L;
|
|||||||
/***/ ((module) => {
|
/***/ ((module) => {
|
||||||
|
|
||||||
"use strict";
|
"use strict";
|
||||||
module.exports = JSON.parse('{"name":"maven-dependency-submission-action","version":"4.1.1","description":"Submit Maven dependencies to GitHub dependency submission API","main":"index.js","scripts":{"base-build":"npm ci && tsc","build":"npm run base-build && npm exec -- @vercel/ncc build --source-map lib/src/index.js","build-exe":"npm run build && pkg package.json --compress Gzip","test":"vitest --run"},"repository":{"type":"git","url":"git+https://github.com/advanced-security/maven-dependency-submission-action.git"},"keywords":[],"author":"GitHub, Inc","license":"MIT","bugs":{"url":"https://github.com/advanced-security/maven-dependency-submission-action/issues"},"homepage":"https://github.com/advanced-security/maven-dependency-submission-action","dependencies":{"@actions/core":"^1.10.1","@actions/exec":"^1.1.1","@github/dependency-submission-toolkit":"^2.0.0","commander":"^12.0.0","packageurl-js":"^1.2.0"},"devDependencies":{"@types/chai":"^4.3.1","@vercel/ncc":"^0.38.1","chai":"^4.3.6","@yao-pkg/pkg":"^5.11.5","ts-node":"^10.9.2","typescript":"^5.3.3","vitest":"^1.2.1"},"bin":{"cli":"lib/src/executable/cli.js"},"pkg":{"targets":["node20-linux-x64","node20-win-x64","node20-macos-x64"],"assets":["package.json"],"publicPackages":"*","outputPath":"cli"}}');
|
module.exports = JSON.parse('{"name":"maven-dependency-submission-action","version":"4.1.2","description":"Submit Maven dependencies to GitHub dependency submission API","main":"index.js","scripts":{"base-build":"npm ci && tsc","build":"npm run base-build && npm exec -- @vercel/ncc build --source-map lib/src/index.js","build-exe":"npm run build && pkg package.json --compress Gzip","test":"vitest --run"},"repository":{"type":"git","url":"git+https://github.com/advanced-security/maven-dependency-submission-action.git"},"keywords":[],"author":"GitHub, Inc","license":"MIT","bugs":{"url":"https://github.com/advanced-security/maven-dependency-submission-action/issues"},"homepage":"https://github.com/advanced-security/maven-dependency-submission-action","dependencies":{"@actions/core":"^1.10.1","@actions/exec":"^1.1.1","@github/dependency-submission-toolkit":"^2.0.0","commander":"^12.0.0","packageurl-js":"^1.2.0"},"devDependencies":{"@types/chai":"^4.3.1","@vercel/ncc":"^0.38.1","chai":"^4.3.6","@yao-pkg/pkg":"^5.11.5","ts-node":"^10.9.2","typescript":"^5.3.3","vitest":"^1.6.1"},"bin":{"cli":"lib/src/executable/cli.js"},"pkg":{"targets":["node20-linux-x64","node20-win-x64","node20-macos-x64"],"assets":["package.json"],"publicPackages":"*","outputPath":"cli"}}');
|
||||||
|
|
||||||
/***/ })
|
/***/ })
|
||||||
|
|
||||||
|
|||||||
Vendored
+1
-1
File diff suppressed because one or more lines are too long
@@ -116,6 +116,25 @@ describe('depgraph', () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe('cycle-tree', () => {
|
||||||
|
let depGraph;
|
||||||
|
beforeAll(() => {
|
||||||
|
depGraph = parseDependencyJson(getTestDataFile("cycle-tree"));
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should parse out the top level dependencies', () => {
|
||||||
|
const mavenDependencies = new MavenDependencyGraph(depGraph);
|
||||||
|
expect(mavenDependencies.getPackageCount()).to.equal(3);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should be able to generate a manifest despite having a cycle', () => {
|
||||||
|
const mavenDependencies = new MavenDependencyGraph(depGraph);
|
||||||
|
const manifest = mavenDependencies.createManifest();
|
||||||
|
|
||||||
|
expect(manifest.name).to.equal('hadoop-main');
|
||||||
|
expect(manifest.countDependencies()).to.equal(2);
|
||||||
|
})
|
||||||
|
});
|
||||||
|
|
||||||
describe('bs-parent-dep-tree', () => {
|
describe('bs-parent-dep-tree', () => {
|
||||||
|
|
||||||
|
|||||||
+9
-3
@@ -85,13 +85,19 @@ export class MavenDependencyGraph {
|
|||||||
let scope = getDependencyScopeForMavenScope(artifact.scopes);
|
let scope = getDependencyScopeForMavenScope(artifact.scopes);
|
||||||
manifest.addDirectDependency(depPackage, scope);
|
manifest.addDirectDependency(depPackage, scope);
|
||||||
|
|
||||||
function addTransitiveDeps(dependencies) {
|
function addTransitiveDeps(dependencies, seen: Set<string> = new Set()) {
|
||||||
if (dependencies) {
|
if (dependencies) {
|
||||||
dependencies.forEach(transitiveDep => {
|
dependencies.forEach(transitiveDep => {
|
||||||
const transitiveDepArtifact = packageUrlToArtifact[transitiveDep.packageURL.toString()];
|
let purl = transitiveDep.packageURL.toString();
|
||||||
|
if (seen.has(purl)) {
|
||||||
|
// we're in a cycle! skip this one.
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
const transitiveDepArtifact = packageUrlToArtifact[purl];
|
||||||
const transitiveDepScope = getDependencyScopeForMavenScope(transitiveDepArtifact.scopes);
|
const transitiveDepScope = getDependencyScopeForMavenScope(transitiveDepArtifact.scopes);
|
||||||
manifest.addIndirectDependency(transitiveDep, transitiveDepScope);
|
manifest.addIndirectDependency(transitiveDep, transitiveDepScope);
|
||||||
addTransitiveDeps(transitiveDep.dependencies);
|
seen.add(purl);
|
||||||
|
addTransitiveDeps(transitiveDep.dependencies, seen);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ import { MavenRunner } from './maven-runner';
|
|||||||
import { loadFileContents } from './utils/file-utils';
|
import { loadFileContents } from './utils/file-utils';
|
||||||
|
|
||||||
const packageData = require('../package.json');
|
const packageData = require('../package.json');
|
||||||
const DEPGRAPH_MAVEN_PLUGIN_VERSION = '4.0.2';
|
const DEPGRAPH_MAVEN_PLUGIN_VERSION = '4.0.3';
|
||||||
|
|
||||||
export type MavenConfiguration = {
|
export type MavenConfiguration = {
|
||||||
ignoreMavenWrapper?: boolean;
|
ignoreMavenWrapper?: boolean;
|
||||||
@@ -58,12 +58,12 @@ export async function generateSnapshot(directory: string, mvnConfig?: MavenConfi
|
|||||||
? snapshotConfig.correlator
|
? snapshotConfig.correlator
|
||||||
: snapshot.job?.correlator;
|
: snapshot.job?.correlator;
|
||||||
|
|
||||||
const specifiedRef = getNonEmtptyValue(snapshotConfig?.ref);
|
const specifiedRef = getNonEmptyValue(snapshotConfig?.ref);
|
||||||
if (specifiedRef) {
|
if (specifiedRef) {
|
||||||
snapshot.ref = specifiedRef;
|
snapshot.ref = specifiedRef;
|
||||||
}
|
}
|
||||||
|
|
||||||
const specifiedSha = getNonEmtptyValue(snapshot?.sha);
|
const specifiedSha = getNonEmptyValue(snapshot?.sha);
|
||||||
if (specifiedSha) {
|
if (specifiedSha) {
|
||||||
snapshot.sha = specifiedSha;
|
snapshot.sha = specifiedSha;
|
||||||
}
|
}
|
||||||
@@ -173,7 +173,7 @@ function getRepositoryRelativePath(file) {
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
function getNonEmtptyValue(str?: string) {
|
function getNonEmptyValue(str?: string) {
|
||||||
if (str) {
|
if (str) {
|
||||||
const trimmed = str.trim();
|
const trimmed = str.trim();
|
||||||
if (trimmed.length > 0) {
|
if (trimmed.length > 0) {
|
||||||
|
|||||||
@@ -0,0 +1,57 @@
|
|||||||
|
{
|
||||||
|
"graphName" : "hadoop-main",
|
||||||
|
"artifacts" : [ {
|
||||||
|
"id" : "org.apache.hadoop:hadoop-annotations:jar:compile",
|
||||||
|
"numericId" : 1,
|
||||||
|
"groupId" : "org.apache.hadoop",
|
||||||
|
"artifactId" : "hadoop-annotations",
|
||||||
|
"version" : "3.5.0-SNAPSHOT",
|
||||||
|
"optional" : false,
|
||||||
|
"scopes" : [ "compile" ],
|
||||||
|
"types" : [ "jar" ]
|
||||||
|
}, {
|
||||||
|
"id" : "jdiff:jdiff:jar:provided",
|
||||||
|
"numericId" : 2,
|
||||||
|
"groupId" : "jdiff",
|
||||||
|
"artifactId" : "jdiff",
|
||||||
|
"version" : "1.0.9",
|
||||||
|
"optional" : false,
|
||||||
|
"scopes" : [ "provided" ],
|
||||||
|
"types" : [ "jar" ]
|
||||||
|
}, {
|
||||||
|
"id" : "org.apache.hadoop:hadoop-project-dist:pom:compile",
|
||||||
|
"numericId" : 3,
|
||||||
|
"groupId" : "org.apache.hadoop",
|
||||||
|
"artifactId" : "hadoop-project-dist",
|
||||||
|
"version" : "3.5.0-SNAPSHOT",
|
||||||
|
"optional" : false,
|
||||||
|
"scopes" : [ "compile" ],
|
||||||
|
"types" : [ "pom" ]
|
||||||
|
} ],
|
||||||
|
"dependencies" : [ {
|
||||||
|
"from" : "org.apache.hadoop:hadoop-annotations:jar:compile",
|
||||||
|
"to" : "jdiff:jdiff:jar:provided",
|
||||||
|
"numericFrom" : 1,
|
||||||
|
"numericTo" : 2,
|
||||||
|
"resolution" : "INCLUDED"
|
||||||
|
}, {
|
||||||
|
"from" : "org.apache.hadoop:hadoop-annotations:jar:compile",
|
||||||
|
"to" : "jdiff:jdiff:jar:provided",
|
||||||
|
"numericFrom" : 1,
|
||||||
|
"numericTo" : 3,
|
||||||
|
"resolution" : "INCLUDED"
|
||||||
|
}, {
|
||||||
|
"from" : "jdiff:jdiff:jar:provided",
|
||||||
|
"to" : "org.apache.hadoop:hadoop-project-dist:pom:compile",
|
||||||
|
"numericFrom" : 2,
|
||||||
|
"numericTo" : 3,
|
||||||
|
"resolution" : "INCLUDED"
|
||||||
|
}, {
|
||||||
|
"from" : "org.apache.hadoop:hadoop-project-dist:pom:compile",
|
||||||
|
"to" : "jdiff:jdiff:jar:provided",
|
||||||
|
"numericFrom" : 3,
|
||||||
|
"numericTo" : 2,
|
||||||
|
"resolution" : "INCLUDED"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user