deps(snyk): update script to prune <0.0.0 and update snapshot (#11223)
This commit is contained in:
Patrick Hulce
GitHub
Родитель
f9006751a5
Коммит
611eb5126a
|
|
@ -51,16 +51,25 @@ function cleanAndFormat(vulnString) {
|
|||
}
|
||||
}
|
||||
|
||||
for (const libEntries of Object.values(snapshot.npm)) {
|
||||
for (const [packageName, libEntries] of Object.entries(snapshot.npm)) {
|
||||
libEntries.forEach((entry, i) => {
|
||||
// snyk uses a convention for <0.0.0 to represent a mistaken vulnerability in their database.
|
||||
// https://github.com/GoogleChrome/lighthouse/pull/11144#discussion_r465713835
|
||||
// From Lighthouse's perspective we don't need to care about these.
|
||||
const vulnerableVersions = entry.semver.vulnerable.filter(vuln => vuln !== '<0.0.0');
|
||||
|
||||
const pruned = {
|
||||
id: entry.id,
|
||||
severity: entry.severity,
|
||||
semver: {vulnerable: entry.semver.vulnerable},
|
||||
semver: {vulnerable: vulnerableVersions},
|
||||
};
|
||||
|
||||
libEntries[i] = pruned;
|
||||
});
|
||||
|
||||
const filteredEntries = libEntries.filter(entry => entry.semver.vulnerable.length);
|
||||
snapshot.npm[packageName] = filteredEntries;
|
||||
if (!filteredEntries.length) delete snapshot.npm[packageName];
|
||||
}
|
||||
|
||||
// Normal pretty JSON-stringify has too many newlines. This strikes the right signal:noise ratio
|
||||
|
|
|
|||
|
|
@ -47,10 +47,8 @@
|
|||
{"id":"SNYK-JS-DOJO-174933","severity":"medium","semver":{"vulnerable":["<1.2.0"]}},
|
||||
{"id":"SNYK-JS-DOJO-72305","severity":"medium","semver":{"vulnerable":["<1.14"]}},
|
||||
{"id":"npm:dojo:20180818","severity":"medium","semver":{"vulnerable":["<1.10.10",">=1.11.0 <1.11.6",">=1.12.0 <1.12.4",">=1.13.0 <1.13.1"]}},
|
||||
{"id":"npm:dojo:20160523","severity":"medium","semver":{"vulnerable":["<1.1.0"]}},
|
||||
{"id":"npm:dojo:20100614-6","severity":"medium","semver":{"vulnerable":["<1.4.2"]}},
|
||||
{"id":"npm:dojo:20100614","severity":"medium","semver":{"vulnerable":[">=0.4.0 <0.4.4",">=1.0.0 <1.0.3",">=1.1.0 <1.1.2",">=1.2.0 <1.2.4",">=1.3.0 <1.3.3",">=1.4.0 <1.4.2"]}},
|
||||
{"id":"npm:dojo:20090409","severity":"medium","semver":{"vulnerable":["<1.1"]}}
|
||||
{"id":"npm:dojo:20100614","severity":"medium","semver":{"vulnerable":[">=0.4.0 <0.4.4",">=1.0.0 <1.0.3",">=1.1.0 <1.1.2",">=1.2.0 <1.2.4",">=1.3.0 <1.3.3",">=1.4.0 <1.4.2"]}}
|
||||
],
|
||||
"foundation-sites":[
|
||||
{"id":"npm:foundation-sites:20170802","severity":"medium","semver":{"vulnerable":["<6.0.0"]}},
|
||||
|
|
@ -101,7 +99,7 @@
|
|||
{"id":"npm:knockout:20130701","severity":"medium","semver":{"vulnerable":[">=2.1.0-pre <3.0.0"]}}
|
||||
],
|
||||
"lodash":[
|
||||
{"id":"SNYK-JS-LODASH-567746","severity":"medium","semver":{"vulnerable":["<=4.17.15"]}},
|
||||
{"id":"SNYK-JS-LODASH-567746","severity":"medium","semver":{"vulnerable":["<4.17.16"]}},
|
||||
{"id":"SNYK-JS-LODASH-450202","severity":"high","semver":{"vulnerable":["<4.17.12"]}},
|
||||
{"id":"SNYK-JS-LODASH-73639","severity":"medium","semver":{"vulnerable":["<4.17.11"]}},
|
||||
{"id":"SNYK-JS-LODASH-73638","severity":"high","semver":{"vulnerable":["<4.17.11"]}},
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче