Skip to content

Commit

Permalink
update README, deps, gha, fixes prettier & tests on node v18
Browse files Browse the repository at this point in the history
  • Loading branch information
@PierreDemailly
PierreDemailly committed Jan 21, 2024
1 parent c34a667 commit 8fafa0a
Show file tree
Hide file tree
Showing 14 changed files with 176 additions and 164 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,16 +41,16 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -60,7 +60,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
uses: github/codeql-action/autobuild@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -73,6 +73,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
with:
category: "/language:${{matrix.language}}"
8 changes: 4 additions & 4 deletions .github/workflows/node.js.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,13 @@ jobs:
fail-fast: false
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.6.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
with:
node-version: ${{ matrix.node-version }}
- name: Install dependencies
Expand All @@ -34,6 +34,6 @@ jobs:
run: npm run lint
- name: Build project
run: npm run build
- uses: NodeSecure/ci-action@e3ac9c03585752e979622279106a161e94d5717b # v1
- uses: NodeSecure/ci-action@177c57fe32c75cafabe87f6e4515d277cc37ae6c # v1.4.1
with:
warnings: off
10 changes: 5 additions & 5 deletions .github/workflows/scorecard.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,17 +32,17 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: "Checkout code"
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.1.0
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with:
results_file: results.sarif
results_format: sarif
Expand All @@ -64,14 +64,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.1.27
uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -308,7 +308,7 @@ only the "Console" reporter is available.

## Requirements

- [Node.js](https://nodejs.org/en/) v16 or higher
- [Node.js](https://nodejs.org/en/) v18 or higher

## Contributors ✨

Expand Down
52 changes: 26 additions & 26 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,44 +60,44 @@
"lint": "eslint ."
},
"devDependencies": {
"@nodesecure/eslint-config": "^1.3.0",
"@types/chai": "^4.3.0",
"@types/lodash.set": "^4.3.6",
"@types/mocha": "^10.0.1",
"@types/mock-fs": "^4.13.1",
"@types/node": "^20.2.5",
"@types/pluralize": "^0.0.30",
"@types/sade": "^1.7.4",
"chai": "^4.3.4",
"@nodesecure/eslint-config": "^1.9.0",
"@types/chai": "^4.3.11",
"@types/lodash.set": "^4.3.9",
"@types/mocha": "^10.0.6",
"@types/mock-fs": "^4.13.4",
"@types/node": "^20.11.5",
"@types/pluralize": "^0.0.33",
"@types/sade": "^1.7.8",
"chai": "^5.0.0",
"cross-env": "^7.0.3",
"eslint": "^8.4.1",
"eslint-config-prettier": "^9.0.0",
"eslint-import-resolver-typescript": "^3.5.3",
"eslint-plugin-prettier": "^4.0.0",
"eslint": "^8.56.0",
"eslint-config-prettier": "^9.1.0",
"eslint-import-resolver-typescript": "^3.6.1",
"eslint-plugin-prettier": "^5.1.3",
"mocha": "^10.2.0",
"mock-fs": "^5.1.2",
"prettier": "^2.5.1",
"rimraf": "^5.0.0",
"ts-node": "^10.8.1",
"mock-fs": "^5.2.0",
"prettier": "^3.2.4",
"rimraf": "^5.0.5",
"ts-node": "^10.9.2",
"typescript": "^5.0.4"
},
"dependencies": {
"@nodesecure/i18n": "^3.2.0",
"@nodesecure/js-x-ray": "^6.0.1",
"@nodesecure/rc": "^1.2.1",
"@nodesecure/scanner": "^4.0.0",
"@nodesecure/i18n": "^3.5.0",
"@nodesecure/js-x-ray": "^6.3.0",
"@nodesecure/rc": "^1.5.0",
"@nodesecure/scanner": "^5.3.0",
"@nodesecure/vulnera": "^1.8.0",
"@slimio/async-cli-spinner": "^0.5.2",
"ajv": "^8.11.2",
"ajv": "^8.12.0",
"glob": "^10.3.10",
"kleur": "^4.1.5",
"lodash.set": "^4.3.2",
"pluralize": "^8.0.0",
"pretty-ms": "^8.0.0",
"pretty-ms": "^9.0.0",
"sade": "^1.8.1",
"table": "^6.8.1",
"ts-pattern": "^5.0.1",
"ts-results": "^3.3.0",
"tsx": "^4.0.0"
"ts-pattern": "^5.0.6",
"@openally/result": "^1.2.0",
"tsx": "^4.7.0"
}
}
30 changes: 15 additions & 15 deletions src/analysis/interpretation/interpret.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ describe("Pipeline check workflow", () => {
kDefaultRuntimeConfiguration
);

assert.equal(status,pipeline.status.FAILURE);
assert.equal(status, pipeline.status.FAILURE);
});
});

Expand Down Expand Up @@ -131,8 +131,8 @@ describe("Pipeline check workflow", () => {
kDefaultRuntimeConfiguration
);

assert.equal(status,pipeline.status.FAILURE);
assert.deepEqual(data,{
assert.equal(status, pipeline.status.FAILURE);
assert.deepEqual(data, {
warnings: [],
dependencies: {
vulnerabilities: [],
Expand Down Expand Up @@ -218,7 +218,7 @@ describe("Pipeline check workflow", () => {
});

expectNsciPipelineToBeSuccessful(status);
assert.deepEqual(data,{
assert.deepEqual(data, {
warnings: [],
dependencies: {
vulnerabilities: [],
Expand Down Expand Up @@ -275,7 +275,7 @@ describe("Pipeline check workflow", () => {
} as Warnings
});

assert.equal(status,pipeline.status.FAILURE);
assert.equal(status, pipeline.status.FAILURE);

expectNsciPayloadToHaveWarnings(data.dependencies.warnings, [
{
Expand Down Expand Up @@ -414,7 +414,7 @@ describe("Pipeline check workflow", () => {
kDefaultRuntimeConfiguration
);

assert.equal(data.dependencies.vulnerabilities.length,0);
assert.equal(data.dependencies.vulnerabilities.length, 0);
});

describe("When providing default runtime configuration", () => {
Expand Down Expand Up @@ -444,7 +444,7 @@ describe("Pipeline check workflow", () => {
kDefaultRuntimeConfiguration
);

assert.equal(status,pipeline.status.FAILURE);
assert.equal(status, pipeline.status.FAILURE);
});
});
});
Expand All @@ -463,7 +463,7 @@ describe("Pipeline check workflow", () => {
ignorePatterns
});

assert.deepEqual(data.dependencies.warnings,[]);
assert.deepEqual(data.dependencies.warnings, []);
expectNsciPipelineToBeSuccessful(status);
});

Expand All @@ -480,7 +480,7 @@ describe("Pipeline check workflow", () => {
ignorePatterns
});

assert.ok(data.dependencies.warnings.length>0);
assert.ok(data.dependencies.warnings.length > 0);
expectNsciPipelineToFail(status);
});
});
Expand Down Expand Up @@ -513,7 +513,7 @@ describe("Pipeline check workflow", () => {
});

expectNsciPipelineToBeSuccessful(status);
assert.deepEqual(data,{
assert.deepEqual(data, {
warnings: [],
dependencies: {
vulnerabilities: [],
Expand Down Expand Up @@ -551,7 +551,7 @@ describe("Pipeline check workflow", () => {
});

expectNsciPipelineToFail(status);
assert.deepEqual(data.dependencies.vulnerabilities[0],{
assert.deepEqual(data.dependencies.vulnerabilities[0], {
origin: "npm",
package: "express",
title: "Vuln...",
Expand Down Expand Up @@ -598,8 +598,8 @@ describe("Pipeline check workflow", () => {
});

expectNsciPipelineToFail(status);
assert.equal(data.dependencies.vulnerabilities.length,1);
assert.deepEqual(data.dependencies.vulnerabilities[0],{
assert.equal(data.dependencies.vulnerabilities.length, 1);
assert.deepEqual(data.dependencies.vulnerabilities[0], {
origin: "npm",
package: "express",
title: "Express vuln that should not be ignored",
Expand Down Expand Up @@ -687,11 +687,11 @@ function makePartialScannerDependencies(
}

function expectNsciPipelineToBeSuccessful(status: pipeline.Status): void {
assert.equal(status,pipeline.status.SUCCESS);
assert.equal(status, pipeline.status.SUCCESS);
}

function expectNsciPipelineToFail(status: pipeline.Status): void {
assert.equal(status,pipeline.status.FAILURE);
assert.equal(status, pipeline.status.FAILURE);
}

function expectNsciPayloadToHaveWarnings(
Expand Down
19 changes: 11 additions & 8 deletions src/analysis/interpretation/interpret.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,15 +93,18 @@ function excludeIgnoredDependenciesWarnings(
return dependenciesWarnings;
}

return dependenciesWarnings.filter(function excludeIgnorableWarnings(
dependencyWarnings
) {
function hasWarnings(warn: Warning): boolean {
return ignorePatterns.warnings.has(warn.kind, dependencyWarnings.package);
}
return dependenciesWarnings.filter(
function excludeIgnorableWarnings(dependencyWarnings) {
function hasWarnings(warn: Warning): boolean {
return ignorePatterns.warnings.has(
warn.kind,
dependencyWarnings.package
);
}

return !dependencyWarnings.warnings.find(hasWarnings);
});
return !dependencyWarnings.warnings.find(hasWarnings);
}
);
}

/**
Expand Down
Loading

0 comments on commit 8fafa0a

Please sign in to comment.