diff --git a/.changeset/fuzzy-zebras-lose.md b/.changeset/fuzzy-zebras-lose.md new file mode 100644 index 00000000..5ed178e5 --- /dev/null +++ b/.changeset/fuzzy-zebras-lose.md @@ -0,0 +1,6 @@ +--- +"@nodesecure/scanner": minor +"@nodesecure/rc": minor +--- + +Update vulnera to v3.x.x diff --git a/workspaces/rc/package.json b/workspaces/rc/package.json index 6e5c4ad6..42452f29 100644 --- a/workspaces/rc/package.json +++ b/workspaces/rc/package.json @@ -47,7 +47,7 @@ "dependencies": { "@nodesecure/js-x-ray": "14.0.0", "@nodesecure/npm-types": "^1.2.0", - "@nodesecure/vulnera": "^2.0.1", + "@nodesecure/vulnera": "3.0.0", "@openally/config": "^1.0.1", "@openally/result": "2.0.0", "lodash.merge": "^4.6.2", diff --git a/workspaces/scanner/package.json b/workspaces/scanner/package.json index 1fc58646..d526e59a 100644 --- a/workspaces/scanner/package.json +++ b/workspaces/scanner/package.json @@ -76,7 +76,7 @@ "@nodesecure/tarball": "^3.5.0", "@nodesecure/tree-walker": "^2.5.0", "@nodesecure/utils": "^2.3.0", - "@nodesecure/vulnera": "^2.0.1", + "@nodesecure/vulnera": "3.0.0", "@openally/mutex": "^2.0.0", "fastest-levenshtein": "^1.0.16", "frequency-set": "^2.1.0", diff --git a/workspaces/scanner/src/comparePayloads.ts b/workspaces/scanner/src/comparePayloads.ts index 6438e133..e2d5e4dd 100644 --- a/workspaces/scanner/src/comparePayloads.ts +++ b/workspaces/scanner/src/comparePayloads.ts @@ -1,6 +1,6 @@ // Import Third-party Dependencies import type { Warning } from "@nodesecure/js-x-ray"; -import * as Vulnera from "@nodesecure/vulnera"; +import type { StandardVulnerability } from "@nodesecure/vulnera"; // Import Internal Dependencies import type { @@ -33,7 +33,7 @@ export interface DependencyComparison { publishers: ArrayDiff; maintainers: ArrayDiff; versions: VersionsComparisonResult; - vulnerabilities: ArrayDiff; + vulnerabilities: ArrayDiff; } export interface VersionsComparisonResult { diff --git a/workspaces/scanner/src/depWalker.ts b/workspaces/scanner/src/depWalker.ts index 9bb8a94c..2874d963 100644 --- a/workspaces/scanner/src/depWalker.ts +++ b/workspaces/scanner/src/depWalker.ts @@ -324,8 +324,8 @@ export async function depWalker( const isVulnHydratable = (strategy === "github-advisory" || strategy === "snyk") && isRemoteScanning; if (!isVulnHydratable) { - await hydratePayloadDependencies(dependencies as any, { - useStandardFormat: true, + await hydratePayloadDependencies(dependencies, { + useFormat: "Standard", path: location }); } diff --git a/workspaces/scanner/src/types.ts b/workspaces/scanner/src/types.ts index 7c245835..7db79cf3 100644 --- a/workspaces/scanner/src/types.ts +++ b/workspaces/scanner/src/types.ts @@ -1,6 +1,6 @@ // Import Third-party Dependencies import type { Warning } from "@nodesecure/js-x-ray"; -import * as Vulnera from "@nodesecure/vulnera"; +import type { StandardVulnerability, Kind } from "@nodesecure/vulnera"; import type { PackageModuleType } from "@nodesecure/mama"; import type { SpdxFileLicenseConformance } from "@nodesecure/conformance"; @@ -153,7 +153,7 @@ export interface Dependency { * * @see https://github.com/NodeSecure/vuln */ - vulnerabilities: Vulnera.StandardVulnerability[]; + vulnerabilities: StandardVulnerability[]; } export type Dependencies = Record; @@ -265,7 +265,7 @@ export interface Payload { /** Version of the scanner used to generate the result */ scannerVersion: string; /** Vulnerability strategy name (npm, snyk, node) */ - vulnerabilityStrategy: Vulnera.Kind; + vulnerabilityStrategy: Kind; metadata: Stats; } @@ -325,7 +325,7 @@ export interface Options { * * @default NONE */ - readonly vulnerabilityStrategy?: Vulnera.Kind; + readonly vulnerabilityStrategy?: Kind; /** * Analyze root package.