diff options
author | Luke Karrys <luke@lukekarrys.com> | 2022-04-12 03:53:33 +0300 |
---|---|---|
committer | Nathan Fritz <fritzy@github.com> | 2022-04-14 00:34:34 +0300 |
commit | aa4a4da336a6ec1963394fdbd06acb173c842d26 (patch) | |
tree | bd3067cf24129834b18098f05bebe678eea460c0 /workspaces/arborist/tap-snapshots | |
parent | e992b4a21ecdd96aa33c59682c0ac0cc8a30d776 (diff) |
fix(arborist): dont skip adding advisories to audit based on name/range
When generating an audit report, a cache of seen advisories is kept to
avoid doing any repeat fanout work on its nodes. Previously this cache
was also preventing audits from being added to the report. This has been
fixed so the cache is only used to prevent extra work, but all valid
advisories are added to the output.
Fixes #4681
Diffstat (limited to 'workspaces/arborist/tap-snapshots')
-rw-r--r-- | workspaces/arborist/tap-snapshots/test/audit-report.js.test.cjs | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/workspaces/arborist/tap-snapshots/test/audit-report.js.test.cjs b/workspaces/arborist/tap-snapshots/test/audit-report.js.test.cjs index 91d7ecffc..cc1354e64 100644 --- a/workspaces/arborist/tap-snapshots/test/audit-report.js.test.cjs +++ b/workspaces/arborist/tap-snapshots/test/audit-report.js.test.cjs @@ -124,6 +124,15 @@ exports[`test/audit-report.js TAP all severity levels > json version 1`] = ` "range": "<3.0.8 || >=4.0.0 <4.5.3" }, { + "source": 1325, + "name": "handlebars", + "dependency": "handlebars", + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1325", + "severity": "high", + "range": "<3.0.8 || >=4.0.0 <4.5.3" + }, + { "source": 755, "name": "handlebars", "dependency": "handlebars", @@ -448,6 +457,15 @@ exports[`test/audit-report.js TAP all severity levels > json version 1`] = ` "url": "https://npmjs.com/advisories/1478", "severity": "high", "range": ">=4.1.0" + }, + { + "source": 1479, + "name": "subtext", + "dependency": "subtext", + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1479", + "severity": "high", + "range": ">=0.0.0" } ], "effects": [], @@ -559,6 +577,15 @@ exports[`test/audit-report.js TAP audit outdated nyc and mkdirp > json version 1 "range": "<3.0.8 || >=4.0.0 <4.5.3" }, { + "source": 1325, + "name": "handlebars", + "dependency": "handlebars", + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1325", + "severity": "high", + "range": "<3.0.8 || >=4.0.0 <4.5.3" + }, + { "source": 755, "name": "handlebars", "dependency": "handlebars", @@ -919,6 +946,15 @@ exports[`test/audit-report.js TAP audit outdated nyc and mkdirp with before: opt "range": "<3.0.8 || >=4.0.0 <4.5.3" }, { + "source": 1325, + "name": "handlebars", + "dependency": "handlebars", + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1325", + "severity": "high", + "range": "<3.0.8 || >=4.0.0 <4.5.3" + }, + { "source": 755, "name": "handlebars", "dependency": "handlebars", @@ -1279,6 +1315,15 @@ exports[`test/audit-report.js TAP audit outdated nyc and mkdirp with newer endpo "range": "<3.0.8 || >=4.0.0 <4.5.3" }, { + "source": 1325, + "name": "handlebars", + "dependency": "handlebars", + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1325", + "severity": "high", + "range": "<3.0.8 || >=4.0.0 <4.5.3" + }, + { "source": 755, "name": "handlebars", "dependency": "handlebars", @@ -2150,6 +2195,20 @@ Object { "dependency": "handlebars", "id": undefined, "name": "handlebars", + "range": "<3.0.8 || >=4.0.0 <4.5.3", + "severity": "high", + "source": 1325, + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1325", + "versions": undefined, + "vulnerableVersions": undefined, + }, + Object { + "cvss": undefined, + "cwe": undefined, + "dependency": "handlebars", + "id": undefined, + "name": "handlebars", "range": "<=4.0.13 || >=4.1.0 <4.1.2", "severity": "critical", "source": 755, @@ -2629,6 +2688,20 @@ Object { "dependency": "handlebars", "id": undefined, "name": "handlebars", + "range": "<3.0.8 || >=4.0.0 <4.5.3", + "severity": "high", + "source": 1325, + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1325", + "versions": undefined, + "vulnerableVersions": undefined, + }, + Object { + "cvss": undefined, + "cwe": undefined, + "dependency": "handlebars", + "id": undefined, + "name": "handlebars", "range": "<=4.0.13 || >=4.1.0 <4.1.2", "severity": "critical", "source": 755, @@ -2797,6 +2870,20 @@ Object { "dependency": "handlebars", "id": undefined, "name": "handlebars", + "range": "<3.0.8 || >=4.0.0 <4.5.3", + "severity": "high", + "source": 1325, + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1325", + "versions": undefined, + "vulnerableVersions": undefined, + }, + Object { + "cvss": undefined, + "cwe": undefined, + "dependency": "handlebars", + "id": undefined, + "name": "handlebars", "range": "<=4.0.13 || >=4.1.0 <4.1.2", "severity": "critical", "source": 755, @@ -3276,6 +3363,20 @@ Object { "dependency": "handlebars", "id": undefined, "name": "handlebars", + "range": "<3.0.8 || >=4.0.0 <4.5.3", + "severity": "high", + "source": 1325, + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1325", + "versions": undefined, + "vulnerableVersions": undefined, + }, + Object { + "cvss": undefined, + "cwe": undefined, + "dependency": "handlebars", + "id": undefined, + "name": "handlebars", "range": "<=4.0.13 || >=4.1.0 <4.1.2", "severity": "critical", "source": 755, @@ -3464,6 +3565,20 @@ Object { "dependency": "handlebars", "id": undefined, "name": "handlebars", + "range": "<3.0.8 || >=4.0.0 <4.5.3", + "severity": "high", + "source": 1325, + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1325", + "versions": undefined, + "vulnerableVersions": undefined, + }, + Object { + "cvss": undefined, + "cwe": undefined, + "dependency": "handlebars", + "id": undefined, + "name": "handlebars", "range": "<=4.0.13 || >=4.1.0 <4.1.2", "severity": "critical", "source": 755, @@ -3933,6 +4048,20 @@ Object { "dependency": "handlebars", "id": undefined, "name": "handlebars", + "range": "<3.0.8 || >=4.0.0 <4.5.3", + "severity": "high", + "source": 1325, + "title": "Prototype Pollution", + "url": "https://npmjs.com/advisories/1325", + "versions": undefined, + "vulnerableVersions": undefined, + }, + Object { + "cvss": undefined, + "cwe": undefined, + "dependency": "handlebars", + "id": undefined, + "name": "handlebars", "range": "<=4.0.13 || >=4.1.0 <4.1.2", "severity": "critical", "source": 755, |