From fb3bbb72d448ac37a465b31233b21381917422f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kat=20March=C3=A1n?= Date: Tue, 18 Dec 2018 14:36:47 -0800 Subject: [PATCH] npm-audit-report@1.3.2 Ref: https://github.com/npm/npm-audit-report/pull/34 Credit: @melkikh --- node_modules/npm-audit-report/CHANGELOG.md | 12 +++++++++ node_modules/npm-audit-report/package.json | 22 ++++++++-------- .../npm-audit-report/reporters/detail.js | 4 +-- .../npm-audit-report/reporters/parseable.js | 25 +++++++++++-------- package-lock.json | 6 ++--- package.json | 2 +- 6 files changed, 43 insertions(+), 28 deletions(-) diff --git a/node_modules/npm-audit-report/CHANGELOG.md b/node_modules/npm-audit-report/CHANGELOG.md index 4cf6a1acda0a3..941a18741b600 100644 --- a/node_modules/npm-audit-report/CHANGELOG.md +++ b/node_modules/npm-audit-report/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## [1.3.2](https://github.com/npm/npm-audit-report/compare/v1.3.1...v1.3.2) (2018-12-18) + + +### Bug Fixes + +* **parseable:** add support for critical vulns and more resolves on update/install action ([#28](https://github.com/npm/npm-audit-report/issues/28)) ([5e27893](https://github.com/npm/npm-audit-report/commit/5e27893)) +* **security:** audit fix ([ff9faf3](https://github.com/npm/npm-audit-report/commit/ff9faf3)) +* **urls:** Replace hardcoded URL to advisory with a URL from audit response ([#34](https://github.com/npm/npm-audit-report/issues/34)) ([e2fe95b](https://github.com/npm/npm-audit-report/commit/e2fe95b)) + + + ## [1.3.1](https://github.com/npm/npm-audit-report/compare/v1.3.0...v1.3.1) (2018-07-10) diff --git a/node_modules/npm-audit-report/package.json b/node_modules/npm-audit-report/package.json index 0f76601e27020..905c0ce33da3d 100644 --- a/node_modules/npm-audit-report/package.json +++ b/node_modules/npm-audit-report/package.json @@ -1,27 +1,27 @@ { - "_from": "npm-audit-report@^1.2.1", - "_id": "npm-audit-report@1.3.1", + "_from": "npm-audit-report@1.3.2", + "_id": "npm-audit-report@1.3.2", "_inBundle": false, - "_integrity": "sha512-SjTF8ZP4rOu3JiFrTMi4M1CmVo2tni2sP4TzhyCMHwnMGf6XkdGLZKt9cdZ12esKf0mbQqFyU9LtY0SoeahL7g==", + "_integrity": "sha512-abeqS5ONyXNaZJPGAf6TOUMNdSe1Y6cpc9MLBRn+CuUoYbfdca6AxOyXVlfIv9OgKX+cacblbG5w7A6ccwoTPw==", "_location": "/npm-audit-report", "_phantomChildren": {}, "_requested": { - "type": "range", + "type": "version", "registry": true, - "raw": "npm-audit-report@^1.2.1", + "raw": "npm-audit-report@1.3.2", "name": "npm-audit-report", "escapedName": "npm-audit-report", - "rawSpec": "^1.2.1", + "rawSpec": "1.3.2", "saveSpec": null, - "fetchSpec": "^1.2.1" + "fetchSpec": "1.3.2" }, "_requiredBy": [ "#USER", "/" ], - "_resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-1.3.1.tgz", - "_shasum": "e79ea1fcb5ffaf3031102b389d5222c2b0459632", - "_spec": "npm-audit-report@^1.2.1", + "_resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-1.3.2.tgz", + "_shasum": "303bc78cd9e4c226415076a4f7e528c89fc77018", + "_spec": "npm-audit-report@1.3.2", "_where": "/Users/zkat/Documents/code/work/npm", "author": { "name": "Adam Baldwin" @@ -76,5 +76,5 @@ "update-coc": "weallbehave -o . && git add CODE_OF_CONDUCT.md && git commit -m 'docs(coc): updated CODE_OF_CONDUCT.md'", "update-contrib": "weallcontribute -o . && git add CONTRIBUTING.md && git commit -m 'docs(contributing): updated CONTRIBUTING.md'" }, - "version": "1.3.1" + "version": "1.3.2" } diff --git a/node_modules/npm-audit-report/reporters/detail.js b/node_modules/npm-audit-report/reporters/detail.js index 2cbb8fea50b25..f6e822eb7ae6f 100644 --- a/node_modules/npm-audit-report/reporters/detail.js +++ b/node_modules/npm-audit-report/reporters/detail.js @@ -117,7 +117,7 @@ const report = function (data, options) { {'Package': advisory.module_name}, {'Dependency of': `${resolution.path.split('>')[0]} ${resolution.dev ? '[dev]' : ''}`}, {'Path': `${resolution.path.split('>').join(Utils.color(' > ', 'grey', config.withColor))}`}, - {'More info': `https://nodesecurity.io/advisories/${advisory.id}`} + {'More info': advisory.url || `https://www.npmjs.com/advisories/${advisory.id}`} ) log(table.toString() + '\n\n') @@ -160,7 +160,7 @@ const report = function (data, options) { {'Patched in': patchedIn}, {'Dependency of': `${resolution.path.split('>')[0]} ${resolution.dev ? '[dev]' : ''}`}, {'Path': `${resolution.path.split('>').join(Utils.color(' > ', 'grey', config.withColor))}`}, - {'More info': `https://nodesecurity.io/advisories/${advisory.id}`} + {'More info': advisory.url || `https://www.npmjs.com/advisories/${advisory.id}`} ) log(table.toString()) }) diff --git a/node_modules/npm-audit-report/reporters/parseable.js b/node_modules/npm-audit-report/reporters/parseable.js index 363359772916c..1d46ef22716cd 100644 --- a/node_modules/npm-audit-report/reporters/parseable.js +++ b/node_modules/npm-audit-report/reporters/parseable.js @@ -11,6 +11,7 @@ const report = function (data, options) { const actions = function (data, config) { let accumulator = { + critical: '', high: '', moderate: '', low: '' @@ -25,16 +26,18 @@ const report = function (data, options) { l.recommendation = recommendation.cmd l.breaking = recommendation.isBreaking ? 'Y' : 'N' - // TODO: Verify: The advisory seems to repeat and be the same for all the 'resolves'. Is it true? - const advisory = data.advisories[action.resolves[0].id] - l.sevLevel = advisory.severity - l.severity = advisory.title - l.package = advisory.module_name - l.moreInfo = `https://nodesecurity.io/advisories/${advisory.id}` - l.path = action.resolves[0].path + action.resolves.forEach((resolution) => { + const advisory = data.advisories[resolution.id] + + l.sevLevel = advisory.severity + l.severity = advisory.title + l.package = advisory.module_name + l.moreInfo = advisory.url || `https://www.npmjs.com/advisories/${advisory.id}` + l.path = resolution.path - accumulator[advisory.severity] += [action.action, l.package, l.sevLevel, l.recommendation, l.severity, l.moreInfo, l.path, l.breaking] - .join('\t') + '\n' + accumulator[advisory.severity] += [action.action, l.package, l.sevLevel, l.recommendation, l.severity, l.moreInfo, l.path, l.breaking] + .join('\t') + '\n' + }) // forEach resolves } if (action.action === 'review') { @@ -44,7 +47,7 @@ const report = function (data, options) { l.sevLevel = advisory.severity l.severity = advisory.title l.package = advisory.module_name - l.moreInfo = `https://nodesecurity.io/advisories/${advisory.id}` + l.moreInfo = advisory.url || `https://www.npmjs.com/advisories/${advisory.id}` l.patchedIn = advisory.patched_versions.replace(' ', '') === '<0.0.0' ? 'No patch available' : advisory.patched_versions l.path = resolution.path @@ -53,7 +56,7 @@ const report = function (data, options) { } // is review }) // forEach actions } - return accumulator['high'] + accumulator['moderate'] + accumulator['low'] + return accumulator['critical'] + accumulator['high'] + accumulator['moderate'] + accumulator['low'] } const exitCode = function (metadata) { diff --git a/package-lock.json b/package-lock.json index 836772c4f15b3..58fe37370bda7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3014,9 +3014,9 @@ } }, "npm-audit-report": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-1.3.1.tgz", - "integrity": "sha512-SjTF8ZP4rOu3JiFrTMi4M1CmVo2tni2sP4TzhyCMHwnMGf6XkdGLZKt9cdZ12esKf0mbQqFyU9LtY0SoeahL7g==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-1.3.2.tgz", + "integrity": "sha512-abeqS5ONyXNaZJPGAf6TOUMNdSe1Y6cpc9MLBRn+CuUoYbfdca6AxOyXVlfIv9OgKX+cacblbG5w7A6ccwoTPw==", "requires": { "cli-table3": "^0.5.0", "console-control-strings": "^1.1.0" diff --git a/package.json b/package.json index f2fdbe0c155db..518032ba3b8e9 100644 --- a/package.json +++ b/package.json @@ -90,7 +90,7 @@ "node-gyp": "^3.8.0", "nopt": "~4.0.1", "normalize-package-data": "~2.4.0", - "npm-audit-report": "^1.3.1", + "npm-audit-report": "^1.3.2", "npm-cache-filename": "~1.0.2", "npm-install-checks": "~3.0.0", "npm-lifecycle": "^2.1.0",