Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(nodejs): remove unused fields for the pnpm lockfile #4630

Merged
merged 4 commits into from
Jun 19, 2023
Merged

fix(nodejs): remove unused fields for the pnpm lockfile #4630

merged 4 commits into from
Jun 19, 2023

Conversation

nikpivkin
Copy link
Contributor

@nikpivkin nikpivkin commented Jun 14, 2023
edited
Loading

Description

I have deleted unused fields so that changes in the pnpm lockfile specification do not affect the parser operation.

Before

go run cmd/trivy/main.go fs -f json --scanners vuln /Users/tososomaru/projects/trivy-test/pnpm-turbo-docker-monorepo -d
2023-06-15T17:17:42.747+0600    DEBUG   Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-06-15T17:17:42.755+0600    DEBUG   cache dir:  /Users/tososomaru/Library/Caches/trivy
2023-06-15T17:17:42.755+0600    DEBUG   DB update was skipped because the local DB is the latest
2023-06-15T17:17:42.755+0600    DEBUG   DB Schema: 2, UpdatedAt: 2023-06-15 06:08:18.929820658 +0000 UTC, NextUpdate: 2023-06-15 12:08:18.929820158 +0000 UTC, DownloadedAt: 2023-06-15 06:18:51.189024 +0000 UTC
2023-06-15T17:17:42.755+0600    INFO    Vulnerability scanning is enabled
2023-06-15T17:17:42.755+0600    DEBUG   Vulnerability type:  [os library]
2023-06-15T17:17:42.756+0600    DEBUG   Walk the file tree rooted at '/Users/tososomaru/projects/trivy-test/pnpm-turbo-docker-monorepo' in parallel
2023-06-15T17:17:42.763+0600    DEBUG   Analysis error: unable to parse pnpm-lock.yaml: failed to parse pnpm-lock.yaml: failed to parse pnpm-lock.yaml: decode error: yaml: unmarshal errors:
  line 8: cannot unmarshal !!map into string
  ....
  line 171: cannot unmarshal !!map into string
2023-06-15T17:17:42.773+0600    DEBUG   OS is not detected.
2023-06-15T17:17:42.773+0600    DEBUG   Detected OS: unknown
2023-06-15T17:17:42.773+0600    INFO    Number of language-specific files: 0
{
  "SchemaVersion": 2,
  "ArtifactName": "/Users/tososomaru/projects/trivy-test/pnpm-turbo-docker-monorepo",
  "ArtifactType": "filesystem",
  "Metadata": {
    "ImageConfig": {
      "architecture": "",
      "created": "0001-01-01T00:00:00Z",
      "os": "",
      "rootfs": {
        "type": "",
        "diff_ids": null
      },
      "config": {}
    }
  }
}

After

go run cmd/trivy/main.go fs -f json --scanners vuln /Users/tososomaru/projects/trivy-test/pnpm-turbo-docker-monorepo -d
2023-06-15T17:16:38.881+0600    DEBUG   Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-06-15T17:16:38.894+0600    DEBUG   cache dir:  /Users/tososomaru/Library/Caches/trivy
2023-06-15T17:16:38.895+0600    DEBUG   DB update was skipped because the local DB is the latest
2023-06-15T17:16:38.895+0600    DEBUG   DB Schema: 2, UpdatedAt: 2023-06-15 06:08:18.929820658 +0000 UTC, NextUpdate: 2023-06-15 12:08:18.929820158 +0000 UTC, DownloadedAt: 2023-06-15 06:18:51.189024 +0000 UTC
2023-06-15T17:16:38.895+0600    INFO    Vulnerability scanning is enabled
2023-06-15T17:16:38.895+0600    DEBUG   Vulnerability type:  [os library]
2023-06-15T17:16:38.896+0600    DEBUG   Walk the file tree rooted at '/Users/tososomaru/projects/trivy-test/pnpm-turbo-docker-monorepo' in parallel
2023-06-15T17:16:38.917+0600    DEBUG   OS is not detected.
2023-06-15T17:16:38.917+0600    DEBUG   Detected OS: unknown
2023-06-15T17:16:38.917+0600    INFO    Number of language-specific files: 1
2023-06-15T17:16:38.917+0600    INFO    Detecting pnpm vulnerabilities...
2023-06-15T17:16:38.917+0600    DEBUG   Detecting library vulnerabilities, type: pnpm, path: pnpm-lock.yaml
{
  "SchemaVersion": 2,
  "ArtifactName": "/Users/tososomaru/projects/trivy-test/pnpm-turbo-docker-monorepo",
  "ArtifactType": "filesystem",
  "Metadata": {
    "ImageConfig": {
      "architecture": "",
      "created": "0001-01-01T00:00:00Z",
      "os": "",
      "rootfs": {
        "type": "",
        "diff_ids": null
      },
      "config": {}
    }
  }
}

Related issues

Related PRs

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@knqyf263
Copy link
Collaborator

The title should be fix(nodejs) as this change actually resolves the problem.

@nikpivkin nikpivkin changed the title refactor(nodejs): remove unused fields for the pnpm lockfile fix(nodejs): remove unused fields for the pnpm lockfile Jun 15, 2023
@nikpivkin nikpivkin marked this pull request as ready for review June 15, 2023 04:16
@nikpivkin nikpivkin requested a review from knqyf263 as a code owner June 15, 2023 04:16
@knqyf263
Copy link
Collaborator

@nikpivkin Did you confirm it worked with https://github.com/kikar/pnpm-turbo-docker-monorepo?

@nikpivkin
Copy link
Contributor Author

@knqyf263 Yes, I updated the description and added an example before and after

@knqyf263 knqyf263 added this pull request to the merge queue Jun 15, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jun 15, 2023
@knqyf263 knqyf263 enabled auto-merge June 19, 2023 02:55
@knqyf263 knqyf263 added this pull request to the merge queue Jun 19, 2023
Merged via the queue into aquasecurity:main with commit 0e01851 Jun 19, 2023
12 checks passed
@nikpivkin nikpivkin deleted the fix/pnpm-unused-fields branch July 20, 2023 16:06
AnaisUrlichs pushed a commit to AnaisUrlichs/trivy that referenced this pull request Aug 10, 2023
@nikpivkin @knqyf263 @AnaisUrlichs
fix(nodejs): remove unused fields for the pnpm lockfile (aquasecurity…
372c6a8 
…#4630)

* refactor(nodejs): remove unused fields for the pnpm lockfile

* run go mod tidy

---------

Co-authored-by: knqyf263 <knqyf263@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PNPM scanning is broken
2 participants
@nikpivkin @knqyf263