From 16d4c9f0e48a18719f1461460504a4228f8f663d Mon Sep 17 00:00:00 2001
From: Gar <gar+gh@danger.computer>
Date: Fri, 23 Feb 2024 07:56:40 -0800
Subject: [PATCH] deps: @npmcli/query@3.1.0

---
 node_modules/@npmcli/query/lib/index.js | 42 +++++++++++++++++++++++++
 node_modules/@npmcli/query/package.json |  8 ++---
 package-lock.json                       |  8 ++---
 workspaces/arborist/package.json        |  2 +-
 4 files changed, 51 insertions(+), 9 deletions(-)

diff --git a/node_modules/@npmcli/query/lib/index.js b/node_modules/@npmcli/query/lib/index.js
index c7888d5bb5de6..db7dc345a8c75 100644
--- a/node_modules/@npmcli/query/lib/index.js
+++ b/node_modules/@npmcli/query/lib/index.js
@@ -166,6 +166,46 @@ const fixupOutdated = astNode => {
   }
 }
 
+const fixupVuln = astNode => {
+  const vulns = []
+  if (astNode.nodes.length) {
+    for (const selector of astNode.nodes) {
+      const vuln = {}
+      for (const node of selector.nodes) {
+        if (node.type !== 'attribute') {
+          throw Object.assign(
+            new Error(':vuln pseudo-class only accepts attribute matchers or "cwe" tag'),
+            { code: 'EQUERYATTR' }
+          )
+        }
+        if (!['severity', 'cwe'].includes(node._attribute)) {
+          throw Object.assign(
+            new Error(':vuln pseudo-class only matches "severity" and "cwe" attributes'),
+            { code: 'EQUERYATTR' }
+          )
+        }
+        if (!node.operator) {
+          node.operator = '='
+          node.value = '*'
+        }
+        if (node.operator !== '=') {
+          throw Object.assign(
+            new Error(':vuln pseudo-class attribute selector only accepts "=" operator', node),
+            { code: 'EQUERYATTR' }
+          )
+        }
+        if (!vuln[node._attribute]) {
+          vuln[node._attribute] = []
+        }
+        vuln[node._attribute].push(node._value)
+      }
+      vulns.push(vuln)
+    }
+    astNode.vulns = vulns
+    astNode.nodes.length = 0
+  }
+}
+
 // a few of the supported ast nodes need to be tweaked in order to properly be
 // interpreted as proper arborist query selectors, namely semver ranges from
 // both ids and :semver pseudo-class selectors need to be translated from what
@@ -192,6 +232,8 @@ const transformAst = selector => {
         return fixupTypes(nextAstNode)
       case ':outdated':
         return fixupOutdated(nextAstNode)
+      case ':vuln':
+        return fixupVuln(nextAstNode)
     }
   })
 }
diff --git a/node_modules/@npmcli/query/package.json b/node_modules/@npmcli/query/package.json
index 5f9fb2744538a..ad45c18c44cd6 100644
--- a/node_modules/@npmcli/query/package.json
+++ b/node_modules/@npmcli/query/package.json
@@ -1,11 +1,11 @@
 {
   "name": "@npmcli/query",
-  "version": "3.0.1",
+  "version": "3.1.0",
   "description": "npm query parser and tools",
   "main": "lib/index.js",
   "scripts": {
     "test": "tap",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "postlint": "template-oss-check",
     "template-oss-apply": "template-oss-apply --force",
     "lintfix": "npm run lint -- --fix",
@@ -39,12 +39,12 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.18.0",
+    "version": "4.21.3",
     "publish": true
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.18.0",
+    "@npmcli/template-oss": "4.21.3",
     "tap": "^16.2.0"
   },
   "dependencies": {
diff --git a/package-lock.json b/package-lock.json
index 502a149e867d5..a3ff0384a0abd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1894,9 +1894,9 @@
       }
     },
     "node_modules/@npmcli/query": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@npmcli/query/-/query-3.0.1.tgz",
-      "integrity": "sha512-0jE8iHBogf/+bFDj+ju6/UMLbJ39c8h6nSe6qile+dB7PJ0iV3gNqcb2vtt6WWCBrxv9uAjzUT/8vroluulidA==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@npmcli/query/-/query-3.1.0.tgz",
+      "integrity": "sha512-C/iR0tk7KSKGldibYIB9x8GtO/0Bd0I2mhOaDb8ucQL/bQVTmGoeREaFj64Z5+iCBRf3dQfed0CjJL7I8iTkiQ==",
       "dependencies": {
         "postcss-selector-parser": "^6.0.10"
       },
@@ -16178,7 +16178,7 @@
         "@npmcli/name-from-folder": "^2.0.0",
         "@npmcli/node-gyp": "^3.0.0",
         "@npmcli/package-json": "^5.0.0",
-        "@npmcli/query": "^3.0.1",
+        "@npmcli/query": "^3.1.0",
         "@npmcli/run-script": "^7.0.2",
         "bin-links": "^4.0.1",
         "cacache": "^18.0.0",
diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json
index d1d145af06c6a..6e6d52024b50c 100644
--- a/workspaces/arborist/package.json
+++ b/workspaces/arborist/package.json
@@ -11,7 +11,7 @@
     "@npmcli/name-from-folder": "^2.0.0",
     "@npmcli/node-gyp": "^3.0.0",
     "@npmcli/package-json": "^5.0.0",
-    "@npmcli/query": "^3.0.1",
+    "@npmcli/query": "^3.1.0",
     "@npmcli/run-script": "^7.0.2",
     "bin-links": "^4.0.1",
     "cacache": "^18.0.0",