feat: add multi-path-same-vuln regression fixture (#528)#761
Open
Ayush7614 wants to merge 1 commit into
Open
Conversation
Collaborator
|
Hey @Ayush7614 - this branch is a bit behind main. Could you rebase against main and force-push? Happy to review once it's up to date. |
Craft a minimal express lockfile where qs@6.15.1 and qs@6.14.2 share the same advisory but need different fix commands — npm update qs for the body-parser within-range path and npm install express@4.22.2 for the direct express parent upgrade.
Ayush7614
force-pushed
the
feat/multi-path-same-vuln
branch
from
bb98fe3 to
02ada3d
Compare
Collaborator
Author
|
@sonukapoor Rebased onto latest |
Collaborator
|
Hey, this branch is behind main - could you rebase against the latest main and push? Happy to pick this up for review once it's up to date. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
examples/multi-path-same-vuln/for discussion Help wanted: edge case lockfile fixtures for regression testing #528 fixture 3qsadvisory via two paths with different parent ranges — each gets the correct fix commandtests/fixture-scan.test.tsScan output
Produces:
npm update qsfor qs@6.15.1 via body-parser (within-range)npm install express@4.22.2for qs@6.14.2 via express (parent upgrade)Test plan
npm test -- tests/fixture-scan.test.ts -t multi-path-same-vulnnode dist/index.js examples/multi-path-same-vuln --verboseCloses fixture 3 from #528