From 025d352a447bdff2601b533adc74fa9427a06a14 Mon Sep 17 00:00:00 2001 From: Steve Date: Thu, 14 Dec 2023 18:59:40 +0900 Subject: [PATCH] fix: incorrect version coercion in container's pip scanner (#4964) Fixed issue when some pip dependency versions that were not strictly semver were being coerced incorrectly --- package-lock.json | 98 ++++++++++++++++++++++++++--------------------- package.json | 2 +- 2 files changed, 56 insertions(+), 44 deletions(-) diff --git a/package-lock.json b/package-lock.json index 657a70a430..c54f2dee45 100644 --- a/package-lock.json +++ b/package-lock.json @@ -67,7 +67,7 @@ "semver": "^6.0.0", "snyk-config": "^5.0.0", "snyk-cpp-plugin": "2.24.0", - "snyk-docker-plugin": "6.5.9", + "snyk-docker-plugin": "^6.7.9", "snyk-go-plugin": "1.23.0", "snyk-gradle-plugin": "4.0.1", "snyk-module": "3.1.0", @@ -2714,9 +2714,9 @@ } }, "node_modules/@snyk/dep-graph": { - "version": "2.7.4", - "resolved": "https://registry.npmjs.org/@snyk/dep-graph/-/dep-graph-2.7.4.tgz", - "integrity": "sha512-YSEi5jT4caGTzJ3UAg3Q2LL66K+Tlwl2z1DXxfiQPEMHW84AalZiFgBky9AiHy2Zodn9m7OUyvNx1+IcrmEiaw==", + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/@snyk/dep-graph/-/dep-graph-2.8.0.tgz", + "integrity": "sha512-rx1fFfVkRqNAjRWpwIPj3A9LqYuTSEpB+LnSzI0vKj65IF8gSXDPhgCN9EUXwlOTobbDN8sHbbsHVYTuzWaH6A==", "dependencies": { "event-loop-spinner": "^2.1.0", "lodash.clone": "^4.5.0", @@ -8907,11 +8907,12 @@ } }, "node_modules/dockerfile-ast": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/dockerfile-ast/-/dockerfile-ast-0.2.1.tgz", - "integrity": "sha512-ut04CVM1G6zIITTcYPDIXhPZk9mCa21m4dfW8FcDDGxwgTQhYyHDu6U7M8klZ7QsjqVcJhryKi+TGOX6bjgKdQ==", + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/dockerfile-ast/-/dockerfile-ast-0.6.1.tgz", + "integrity": "sha512-m3rH2qHHU2pSTCppXgJT+1KLxhvkdROOxVPof5Yz4IPGSw6K+x0B0/RFdYgXN5zsIUTlbOSRyfDCv3/uVhnNmg==", "dependencies": { - "vscode-languageserver-types": "^3.16.0" + "vscode-languageserver-textdocument": "^1.0.8", + "vscode-languageserver-types": "^3.17.3" }, "engines": { "node": "*" @@ -17184,9 +17185,9 @@ } }, "node_modules/packageurl-js": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-1.0.2.tgz", - "integrity": "sha512-fWC4ZPxo80qlh3xN5FxfIoQD3phVY4+EyzTIqyksjhKNDmaicdpxSvkWwIrYTtv9C1/RcUN6pxaTwGmj2NzS6A==" + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-1.2.0.tgz", + "integrity": "sha512-JFoZnz1maKB0hTjn0YrmqRLgiU825SkbA370oe9ERcsKsj1EcBpe+CDo1EK9mrHc+18Hi5NmZbmXFQtP7YZEbw==" }, "node_modules/pacote": { "version": "17.0.4", @@ -19959,12 +19960,12 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/snyk-docker-plugin": { - "version": "6.5.9", - "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-6.5.9.tgz", - "integrity": "sha512-+htd0OFckcluij2w1/hJthMPF3GSYCo25KT7YRtb6rg3+tU8k/IPxZkoOFPvjPTsKQfFfVCWQ5c9xQr9VRWGpg==", + "version": "6.7.9", + "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-6.7.9.tgz", + "integrity": "sha512-nKWiud5JuBClYUirTHmeKlz/h4wDebqUh9k8ARHJWGu7mvRK6Uu3z0qjSUnUGNvBVcZfRcdL3F6mGmx+6Uf9zA==", "dependencies": { "@snyk/composer-lockfile-parser": "^1.4.1", - "@snyk/dep-graph": "^2.7.1", + "@snyk/dep-graph": "^2.8.0", "@snyk/docker-registry-v2-client": "^2.10.1", "@snyk/rpm-parser": "3.1.0", "@snyk/snyk-docker-pull": "^3.10.1", @@ -19972,16 +19973,16 @@ "chalk": "^2.4.2", "debug": "^4.1.1", "docker-modem": "3.0.8", - "dockerfile-ast": "0.2.1", + "dockerfile-ast": "0.6.1", "elfy": "^1.0.0", "event-loop-spinner": "^2.0.0", "gunzip-maybe": "^1.4.2", "mkdirp": "^1.0.4", - "packageurl-js": "^1.0.2", + "packageurl-js": "1.2.0", "semver": "^7.5.4", "shescape": "^1.7.4", - "snyk-nodejs-lockfile-parser": "^1.52.1", - "snyk-poetry-lockfile-parser": "^1.3.0", + "snyk-nodejs-lockfile-parser": "^1.52.6", + "snyk-poetry-lockfile-parser": "^1.4.0", "tar-stream": "^2.1.0", "tmp": "^0.2.1", "tslib": "^1", @@ -23137,10 +23138,15 @@ "node": ">=14.0.0" } }, + "node_modules/vscode-languageserver-textdocument": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/vscode-languageserver-textdocument/-/vscode-languageserver-textdocument-1.0.11.tgz", + "integrity": "sha512-X+8T3GoiwTVlJbicx/sIAF+yuJAqz8VvwJyoMVhwEMoEKE/fkDmrqUgDMyBECcM2A2frVZIUj5HI/ErRXCfOeA==" + }, "node_modules/vscode-languageserver-types": { - "version": "3.17.3", - "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.3.tgz", - "integrity": "sha512-SYU4z1dL0PyIMd4Vj8YOqFvHu7Hz/enbWtpfnVbJHU4Nd1YNYx8u0ennumc6h48GQNeOLxmwySmnADouT/AuZA==" + "version": "3.17.5", + "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz", + "integrity": "sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg==" }, "node_modules/w3c-hr-time": { "version": "1.0.2", @@ -26088,9 +26094,9 @@ } }, "@snyk/dep-graph": { - "version": "2.7.4", - "resolved": "https://registry.npmjs.org/@snyk/dep-graph/-/dep-graph-2.7.4.tgz", - "integrity": "sha512-YSEi5jT4caGTzJ3UAg3Q2LL66K+Tlwl2z1DXxfiQPEMHW84AalZiFgBky9AiHy2Zodn9m7OUyvNx1+IcrmEiaw==", + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/@snyk/dep-graph/-/dep-graph-2.8.0.tgz", + "integrity": "sha512-rx1fFfVkRqNAjRWpwIPj3A9LqYuTSEpB+LnSzI0vKj65IF8gSXDPhgCN9EUXwlOTobbDN8sHbbsHVYTuzWaH6A==", "requires": { "event-loop-spinner": "^2.1.0", "lodash.clone": "^4.5.0", @@ -30922,11 +30928,12 @@ } }, "dockerfile-ast": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/dockerfile-ast/-/dockerfile-ast-0.2.1.tgz", - "integrity": "sha512-ut04CVM1G6zIITTcYPDIXhPZk9mCa21m4dfW8FcDDGxwgTQhYyHDu6U7M8klZ7QsjqVcJhryKi+TGOX6bjgKdQ==", + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/dockerfile-ast/-/dockerfile-ast-0.6.1.tgz", + "integrity": "sha512-m3rH2qHHU2pSTCppXgJT+1KLxhvkdROOxVPof5Yz4IPGSw6K+x0B0/RFdYgXN5zsIUTlbOSRyfDCv3/uVhnNmg==", "requires": { - "vscode-languageserver-types": "^3.16.0" + "vscode-languageserver-textdocument": "^1.0.8", + "vscode-languageserver-types": "^3.17.3" } }, "doctrine": { @@ -37200,9 +37207,9 @@ "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==" }, "packageurl-js": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-1.0.2.tgz", - "integrity": "sha512-fWC4ZPxo80qlh3xN5FxfIoQD3phVY4+EyzTIqyksjhKNDmaicdpxSvkWwIrYTtv9C1/RcUN6pxaTwGmj2NzS6A==" + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-1.2.0.tgz", + "integrity": "sha512-JFoZnz1maKB0hTjn0YrmqRLgiU825SkbA370oe9ERcsKsj1EcBpe+CDo1EK9mrHc+18Hi5NmZbmXFQtP7YZEbw==" }, "pacote": { "version": "17.0.4", @@ -39277,12 +39284,12 @@ } }, "snyk-docker-plugin": { - "version": "6.5.9", - "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-6.5.9.tgz", - "integrity": "sha512-+htd0OFckcluij2w1/hJthMPF3GSYCo25KT7YRtb6rg3+tU8k/IPxZkoOFPvjPTsKQfFfVCWQ5c9xQr9VRWGpg==", + "version": "6.7.9", + "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-6.7.9.tgz", + "integrity": "sha512-nKWiud5JuBClYUirTHmeKlz/h4wDebqUh9k8ARHJWGu7mvRK6Uu3z0qjSUnUGNvBVcZfRcdL3F6mGmx+6Uf9zA==", "requires": { "@snyk/composer-lockfile-parser": "^1.4.1", - "@snyk/dep-graph": "^2.7.1", + "@snyk/dep-graph": "^2.8.0", "@snyk/docker-registry-v2-client": "^2.10.1", "@snyk/rpm-parser": "3.1.0", "@snyk/snyk-docker-pull": "^3.10.1", @@ -39290,16 +39297,16 @@ "chalk": "^2.4.2", "debug": "^4.1.1", "docker-modem": "3.0.8", - "dockerfile-ast": "0.2.1", + "dockerfile-ast": "0.6.1", "elfy": "^1.0.0", "event-loop-spinner": "^2.0.0", "gunzip-maybe": "^1.4.2", "mkdirp": "^1.0.4", - "packageurl-js": "^1.0.2", + "packageurl-js": "1.2.0", "semver": "^7.5.4", "shescape": "^1.7.4", - "snyk-nodejs-lockfile-parser": "^1.52.1", - "snyk-poetry-lockfile-parser": "^1.3.0", + "snyk-nodejs-lockfile-parser": "^1.52.6", + "snyk-poetry-lockfile-parser": "^1.4.0", "tar-stream": "^2.1.0", "tmp": "^0.2.1", "tslib": "^1", @@ -41731,10 +41738,15 @@ "integrity": "sha512-6TDy/abTQk+zDGYazgbIPc+4JoXdwC8NHU9Pbn4UJP1fehUyZmM4RHp5IthX7A6L5KS30PRui+j+tbbMMMafdw==", "dev": true }, + "vscode-languageserver-textdocument": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/vscode-languageserver-textdocument/-/vscode-languageserver-textdocument-1.0.11.tgz", + "integrity": "sha512-X+8T3GoiwTVlJbicx/sIAF+yuJAqz8VvwJyoMVhwEMoEKE/fkDmrqUgDMyBECcM2A2frVZIUj5HI/ErRXCfOeA==" + }, "vscode-languageserver-types": { - "version": "3.17.3", - "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.3.tgz", - "integrity": "sha512-SYU4z1dL0PyIMd4Vj8YOqFvHu7Hz/enbWtpfnVbJHU4Nd1YNYx8u0ennumc6h48GQNeOLxmwySmnADouT/AuZA==" + "version": "3.17.5", + "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz", + "integrity": "sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg==" }, "w3c-hr-time": { "version": "1.0.2", diff --git a/package.json b/package.json index 3c912b07b6..0ff766994c 100644 --- a/package.json +++ b/package.json @@ -114,7 +114,7 @@ "semver": "^6.0.0", "snyk-config": "^5.0.0", "snyk-cpp-plugin": "2.24.0", - "snyk-docker-plugin": "6.5.9", + "snyk-docker-plugin": "^6.7.9", "snyk-go-plugin": "1.23.0", "snyk-gradle-plugin": "4.0.1", "snyk-module": "3.1.0",