diff --git a/node_modules/@npmcli/query/lib/index.js b/node_modules/@npmcli/query/lib/index.js index c7888d5bb5de6..db7dc345a8c75 100644 --- a/node_modules/@npmcli/query/lib/index.js +++ b/node_modules/@npmcli/query/lib/index.js @@ -166,6 +166,46 @@ const fixupOutdated = astNode => { } } +const fixupVuln = astNode => { + const vulns = [] + if (astNode.nodes.length) { + for (const selector of astNode.nodes) { + const vuln = {} + for (const node of selector.nodes) { + if (node.type !== 'attribute') { + throw Object.assign( + new Error(':vuln pseudo-class only accepts attribute matchers or "cwe" tag'), + { code: 'EQUERYATTR' } + ) + } + if (!['severity', 'cwe'].includes(node._attribute)) { + throw Object.assign( + new Error(':vuln pseudo-class only matches "severity" and "cwe" attributes'), + { code: 'EQUERYATTR' } + ) + } + if (!node.operator) { + node.operator = '=' + node.value = '*' + } + if (node.operator !== '=') { + throw Object.assign( + new Error(':vuln pseudo-class attribute selector only accepts "=" operator', node), + { code: 'EQUERYATTR' } + ) + } + if (!vuln[node._attribute]) { + vuln[node._attribute] = [] + } + vuln[node._attribute].push(node._value) + } + vulns.push(vuln) + } + astNode.vulns = vulns + astNode.nodes.length = 0 + } +} + // a few of the supported ast nodes need to be tweaked in order to properly be // interpreted as proper arborist query selectors, namely semver ranges from // both ids and :semver pseudo-class selectors need to be translated from what @@ -192,6 +232,8 @@ const transformAst = selector => { return fixupTypes(nextAstNode) case ':outdated': return fixupOutdated(nextAstNode) + case ':vuln': + return fixupVuln(nextAstNode) } }) } diff --git a/node_modules/@npmcli/query/package.json b/node_modules/@npmcli/query/package.json index 5f9fb2744538a..ad45c18c44cd6 100644 --- a/node_modules/@npmcli/query/package.json +++ b/node_modules/@npmcli/query/package.json @@ -1,11 +1,11 @@ { "name": "@npmcli/query", - "version": "3.0.1", + "version": "3.1.0", "description": "npm query parser and tools", "main": "lib/index.js", "scripts": { "test": "tap", - "lint": "eslint \"**/*.js\"", + "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"", "postlint": "template-oss-check", "template-oss-apply": "template-oss-apply --force", "lintfix": "npm run lint -- --fix", @@ -39,12 +39,12 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.18.0", + "version": "4.21.3", "publish": true }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.18.0", + "@npmcli/template-oss": "4.21.3", "tap": "^16.2.0" }, "dependencies": { diff --git a/package-lock.json b/package-lock.json index 1b7e1aa128c15..05406c6f7fe86 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1893,9 +1893,9 @@ } }, "node_modules/@npmcli/query": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@npmcli/query/-/query-3.0.1.tgz", - "integrity": "sha512-0jE8iHBogf/+bFDj+ju6/UMLbJ39c8h6nSe6qile+dB7PJ0iV3gNqcb2vtt6WWCBrxv9uAjzUT/8vroluulidA==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@npmcli/query/-/query-3.1.0.tgz", + "integrity": "sha512-C/iR0tk7KSKGldibYIB9x8GtO/0Bd0I2mhOaDb8ucQL/bQVTmGoeREaFj64Z5+iCBRf3dQfed0CjJL7I8iTkiQ==", "dependencies": { "postcss-selector-parser": "^6.0.10" }, @@ -16035,7 +16035,7 @@ "@npmcli/name-from-folder": "^2.0.0", "@npmcli/node-gyp": "^3.0.0", "@npmcli/package-json": "^5.0.0", - "@npmcli/query": "^3.0.1", + "@npmcli/query": "^3.1.0", "@npmcli/run-script": "^7.0.2", "bin-links": "^4.0.1", "cacache": "^18.0.0", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index d1d145af06c6a..6e6d52024b50c 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -11,7 +11,7 @@ "@npmcli/name-from-folder": "^2.0.0", "@npmcli/node-gyp": "^3.0.0", "@npmcli/package-json": "^5.0.0", - "@npmcli/query": "^3.0.1", + "@npmcli/query": "^3.1.0", "@npmcli/run-script": "^7.0.2", "bin-links": "^4.0.1", "cacache": "^18.0.0",