Skip to content

Commit

Permalink
Merge pull request #488 from snyk/fix/IM-132-vuln-fixes
Browse files Browse the repository at this point in the history
fix: vulnerable packages, Node version, packaging
novalex authored Jun 26, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
2 parents de985c1 + bcff763 commit 32a27c1
Showing 18 changed files with 261 additions and 268 deletions.
7 changes: 2 additions & 5 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ main_only: &main_only
defaults: &defaults
resource_class: small
docker:
- image: circleci/node:12
- image: cimg/node:20.11.1

jobs:
security-scans:
@@ -27,7 +27,6 @@ jobs:
mode: auto
release-branch: master # TODO: remove when master branch is renamed
iac-scan: disabled
open-source-scan: critical # TODO: remove this once Axios vulns are fixed
open-source-additional-arguments: --exclude=test

build-test-monitor:
@@ -44,8 +43,7 @@ jobs:
- checkout
- run: npm install
- run: npm test
- run: npx tsc
- run: npm run pkg-binaries-linux
- run: npm run pkg-binaries:linux
- run: ./snyk-api-import-linux help

build-test-from-fork:
@@ -54,7 +52,6 @@ jobs:
- checkout
- run: npm install
- run: npm test
- run: npx tsc

workflows:
version: 2
2 changes: 1 addition & 1 deletion .nvmrc
Original file line number Diff line number Diff line change
@@ -1 +1 @@
12
20
8 changes: 4 additions & 4 deletions .releaserc
Original file line number Diff line number Diff line change
@@ -9,22 +9,22 @@
{
"//": "build the macos",
"path": "@semantic-release/exec",
"cmd": "npx [email protected] dist/index.js -r './dist/**/*.js' -t mac-x64-12.18.2 -o snyk-api-import-macos"
"cmd": "npm run pkg-binaries:macos"
},
{
"//": "build the linux",
"path": "@semantic-release/exec",
"cmd": "npx [email protected] dist/index.js -r './dist/**/*.js' -t linux-x64-12.16.2 -o snyk-api-import-linux"
"cmd": "npm run pkg-binaries:linux"
},
{
"//": "build the alpine",
"path": "@semantic-release/exec",
"cmd": "npx [email protected] dist/index.js -r './dist/**/*.js' -t alpine-x64-12.9.1 -o snyk-api-import-alpine"
"cmd": "npm run pkg-binaries:alpine"
},
{
"//": "build the windows binaries",
"path": "@semantic-release/exec",
"cmd": "npx [email protected] dist/index.js -r './dist/**/*.js' -t windows-x64-12.18.2 -o snyk-api-import-win.exe"
"cmd": "npm run pkg-binaries:windows"
},
{
"//": "shasum all binaries",
10 changes: 0 additions & 10 deletions .snyk
Original file line number Diff line number Diff line change
@@ -7,14 +7,4 @@ ignore:
reason: there is no fix available
expires: 2023-12-30T17:38:57.751Z
created: 2023-11-30T17:38:57.755Z
SNYK-JS-AXIOS-6032459O:
- '*':
reason: vuln fix broke binary packaging
expires: 2024-04-05T16:28:10.379Z
created: 2024-03-06T16:28:10.387Z
SNYK-JS-AXIOS-6144788O:
- '*':
reason: vuln fix broke binary packaging
expires: 2024-04-05T16:28:56.455Z
created: 2024-03-06T16:28:56.463Z
patch: {}
2 changes: 1 addition & 1 deletion .tool-versions
Original file line number Diff line number Diff line change
@@ -1 +1 @@
nodejs 12.22.12
nodejs 20.11.1
32 changes: 19 additions & 13 deletions package.json
Original file line number Diff line number Diff line change
@@ -19,8 +19,11 @@
"build-watch": "tsc -w",
"prepare": "npm run build",
"snyk-test": "snyk test",
"pkg-binaries-linux": "npx [email protected] dist/index.js -r './dist/**/*.js' -t linux-x64-12.16.2 -o snyk-api-import-linux",
"pkg-binaries": "npx [email protected] dist/index.js -r './dist/**/*.js' -t mac-x64-12.18.2 -o snyk-api-import-macos"
"pkg-binaries:macos": "npx @yao-pkg/pkg . -t node20-macos-x64 -o snyk-api-import-macos",
"pkg-binaries:macos-arm": "npx @yao-pkg/pkg . -t node20-macos-arm64 -o snyk-api-import-macos-arm",
"pkg-binaries:linux": "npx @yao-pkg/pkg . -t node20-linux-x64 -o snyk-api-import-linux",
"pkg-binaries:alpine": "npx @yao-pkg/pkg . -t node20-alpine-x64 -o snyk-api-import-alpine",
"pkg-binaries:windows": "npx @yao-pkg/pkg . -t node20-win-x64 -o snyk-api-import-win.exe"
},
"types": "./dist/index.d.ts",
"repository": {
@@ -30,7 +33,7 @@
"author": "Snyk Tech Services",
"license": "Apache-2.0",
"engines": {
"node": ">=12"
"node": ">=20"
},
"files": [
"bin",
@@ -42,34 +45,34 @@
"@gitbeaker/node": "35.7.0",
"@octokit/plugin-retry": "4.0.3",
"@octokit/rest": "19.0.5",
"@types/base-64": "^1.0.0",
"base-64": "^1.0.0",
"bottleneck": "2.19.5",
"bunyan": "1.8.15",
"debug": "4.3.4",
"lodash": "4.17.21",
"micromatch": "4.0.5",
"micromatch": "4.0.6",
"needle": "2.9.1",
"p-map": "4.0.0",
"parse-link-header": "2.0.0",
"rimraf": "3.0.2",
"simple-git": "3.16.0",
"sleep-promise": "8.0.1",
"snyk-request-manager": "1.8.3",
"snyk-request-manager": "1.8.4",
"source-map-support": "^0.5.16",
"split": "1.0.1",
"yargs": "16.2.0"
},
"devDependencies": {
"@octokit/types": "6.14.2",
"@semantic-release/exec": "5.0.0",
"@types/base-64": "^1.0.0",
"@types/bunyan": "1.8.6",
"@types/debug": "4.1.5",
"@types/jest": "^25.1.1",
"@types/jest": "^29.5.12",
"@types/lodash": "^4.14.149",
"@types/micromatch": "4.0.2",
"@types/micromatch": "4.0.6",
"@types/needle": "2.0.4",
"@types/node": "14.14.45",
"@types/node": "^20.11.1",
"@types/parse-link-header": "1.0.0",
"@types/rimraf": "3.0.2",
"@types/split": "1.0.0",
@@ -78,18 +81,21 @@
"eslint": "7.30.0",
"eslint-config-prettier": "^6.10.0",
"eslint-plugin-check-file": "1.2.3",
"jest": "27.0.6",
"jest": "^29.7.0",
"nock": "^13.2.1",
"prettier": "2.7.1",
"semantic-release": "17.3.0",
"ts-jest": "27.0.3",
"ts-jest": "^29.1.5",
"tsc-watch": "^4.1.0",
"typescript": "4.3.5",
"typescript": "4.5",
"uuid": "9.0.0"
},
"pkg": {
"scripts": [
"dist/**/*.js"
],
"assets": [
"./node_modules/axios/dist/node/axios.cjs"
]
}
}
}
2 changes: 1 addition & 1 deletion src/lib/delete-directory.ts
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@ import * as fs from 'fs';

export async function deleteDirectory(dir: string): Promise<void> {
try {
fs.rmdirSync(dir, { recursive: true, maxRetries: 3 });
fs.rmSync(dir, { recursive: true, force: true, maxRetries: 3 });
} catch (e) {
await new Promise<void>((resolve, reject) =>
rmrf(dir, (err) => (err ? reject(err) : resolve())),
2 changes: 1 addition & 1 deletion src/lib/source-handlers/github/get-repo-metadata.ts
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@ import type { RepoMetaData, Target } from '../../types';
import { getGithubToken } from './get-github-token';
import { getGithubBaseUrl } from './github-base-url';

const githubClient = Octokit.plugin(retry);
const githubClient = Octokit.plugin(retry as any);
const debug = debugLib('snyk:get-github-defaultBranch-script');

export async function getGithubRepoMetaData(
2 changes: 1 addition & 1 deletion src/lib/source-handlers/github/list-repos.ts
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ import { getGithubBaseUrl } from './github-base-url';
import type { GithubRepoData } from './types';

const debug = debugLib('snyk:list-repos-script');
const githubClient = Octokit.plugin(retry);
const githubClient = Octokit.plugin(retry as any);

export async function fetchReposForPage(
octokit: Octokit,
2 changes: 1 addition & 1 deletion src/lib/source-handlers/github/organization-is-empty.ts
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ import { fetchReposForPage } from './list-repos';
import { getGithubToken } from './get-github-token';

const debug = debugLib('snyk:github');
const githubClient = Octokit.plugin(retry);
const githubClient = Octokit.plugin(retry as any);

export async function githubOrganizationIsEmpty(
orgName: string,
426 changes: 213 additions & 213 deletions test/lib/__snapshots__/org.test.ts.snap

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions test/lib/git-clone.spec.ts
Original file line number Diff line number Diff line change
@@ -13,7 +13,7 @@ describe('gitClone', () => {
afterEach(() => {
for (const f of removeFolders) {
try {
fs.rmdirSync(f, { recursive: true, maxRetries: 3 });
fs.rmSync(f, { recursive: true, force: true, maxRetries: 3 });
} catch (e) {
console.log('Failed to clean up test', e);
}
@@ -76,7 +76,7 @@ describe('gitClone', () => {
afterEach(() => {
for (const f of removeFolders) {
try {
fs.rmdirSync(f, { recursive: true, maxRetries: 3 });
fs.rmSync(f, { recursive: true, force: true, maxRetries: 3 });
} catch (e) {
console.log('Failed to clean up test', e);
}
2 changes: 1 addition & 1 deletion test/scripts/sync/clone-and-analyze.spec.ts
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ describe('cloneAndAnalyze', () => {
afterEach(() => {
for (const f of removeFolders) {
try {
fs.rmdirSync(f, { recursive: true, maxRetries: 3 });
fs.rmSync(f, { recursive: true, force: true, maxRetries: 3 });
} catch (e) {
console.log('Failed to clean up test', e);
}
4 changes: 2 additions & 2 deletions test/scripts/sync/sync-org-projects.test.ts
Original file line number Diff line number Diff line change
@@ -61,7 +61,7 @@ describe('updateTargets', () => {
'github-enterprise': 'asffgg-2456-6addf-agg',
});

jest.spyOn(fs, 'rmdirSync').mockImplementation(() => true);
jest.spyOn(fs, 'rmSync').mockImplementation(() => true);
}, 1000);

afterAll(async () => {
@@ -1112,7 +1112,7 @@ describe('updateOrgTargets', () => {
github: 'abcw-12456-dafgsdf-ajrgrbz',
'github-enterprise': 'asffgg-2456-6addf-agg',
});
jest.spyOn(fs, 'rmdirSync').mockImplementation(() => true);
jest.spyOn(fs, 'rmSync').mockImplementation(() => true);
});
afterAll(() => {
jest.restoreAllMocks();
6 changes: 3 additions & 3 deletions test/system/import:data.test.ts
Original file line number Diff line number Diff line change
@@ -35,13 +35,13 @@ describe('`snyk-api-import import:data <...>`', () => {
Options:
--version Show version number [boolean]
--help Show help [boolean]
--orgsData Path to organizations data file generated with \\"orgs:create\\"
--orgsData Path to organizations data file generated with "orgs:create"
command [required]
--source The source of the targets to be imported e.g. Github, Github
Enterprise, Gitlab, Azure. This will be used to make an API call
to list all available entities per org
[required] [choices: \\"github\\", \\"github-enterprise\\", \\"gitlab\\", \\"azure-repos\\",
\\"bitbucket-server\\", \\"bitbucket-cloud\\"] [default: \\"github\\"]
[required] [choices: "github", "github-enterprise", "gitlab", "azure-repos",
"bitbucket-server", "bitbucket-cloud"] [default: "github"]
--sourceUrl Custom base url for the source API that can list organizations
(e.g. Github Enterprise url)"
`);
8 changes: 4 additions & 4 deletions test/system/list:imported.test.ts
Original file line number Diff line number Diff line change
@@ -39,10 +39,10 @@ describe('`snyk-api-import list:imported <...>`', () => {
pick the correct integrationID from each org in Snyk E.g.
--integrationType=github,
--integrationType=github-enterprise
[required] [choices: \\"github\\", \\"github-enterprise\\", \\"bitbucket-cloud\\", \\"gcr\\",
\\"docker-hub\\", \\"gitlab\\", \\"azure-repos\\", \\"bitbucket-server\\"] [default:
[\\"github\\",\\"github-enterprise\\",\\"bitbucket-cloud\\",\\"gcr\\",\\"docker-hub\\",\\"gitlab\\",\\"a
zure-repos\\",\\"bitbucket-server\\"]]
[required] [choices: "github", "github-enterprise", "bitbucket-cloud", "gcr",
"docker-hub", "gitlab", "azure-repos", "bitbucket-server"] [default:
["github","github-enterprise","bitbucket-cloud","gcr","docker-hub","gitlab","a
zure-repos","bitbucket-server"]]
"
`);
}).on('exit', (code) => {
7 changes: 3 additions & 4 deletions test/system/sync.test.ts
Original file line number Diff line number Diff line change
@@ -164,14 +164,13 @@ describe('`snyk-api-import sync <...>`', () => {
GITHUB_TOKEN: process.env.TEST_GHE_TOKEN,
},
},
async (err, stdout, stderr) => {
expect(stderr).toEqual('');
async (err, stdout) => {
expect(err).toBeNull();
expect(stdout).toMatch(
'Done syncing targets for source github-enterprise',
);
expect(stdout).toMatch('Processed 3 targets (0 failed)');
expect(stdout).toMatch('Updated 2 projects');
expect(stdout).toMatch('Processed 4 targets (1 failed)');
expect(stdout).toMatch('Updated 6 projects');

// give file a little time to be finished to be written
await new Promise((r) => setTimeout(r, 20000));
3 changes: 2 additions & 1 deletion tsconfig.json
Original file line number Diff line number Diff line change
@@ -9,7 +9,8 @@
"declaration": true,
"importHelpers": true,
"strict": true,
"skipLibCheck": true
"skipLibCheck": true,
"useUnknownInCatchVariables": false
},
"include": ["./src/**/**/*"]
}

0 comments on commit 32a27c1

Please sign in to comment.