feat: license update, prodsec/security_scans added (#4)

gemaxim · web-flow · commit 11f1bc01fbf6 · 2024-04-11T15:38:46.000+03:00
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -2,7 +2,7 @@ version: 2.1
 
 orbs:
   win: circleci/windows@2.4.0
-  prodsec: snyk/prodsec-orb@1.0
+  prodsec: snyk/prodsec-orb@1
 
 filters_branches_ignore_main: &filters_branches_ignore_main
   filters:
@@ -61,6 +61,16 @@ commands:
           command: npm --version
 
 jobs:
+  security-scans:
+    <<: *defaults
+    resource_class: small
+    docker:
+      - image: cimg/node:<< parameters.node_version >>
+    steps:
+      - checkout
+      - install_deps
+      - prodsec/security_scans:
+          mode: auto
   lint:
     <<: *defaults
     docker:
@@ -108,6 +118,11 @@ workflows:
           context:
             - snyk-bot-slack
           channel: os-team-managed-alerts
+      - security-scans:
+          name: Perform security scans for PRs
+          context:
+            - open_source-managed
+          <<: *filters_branches_ignore_main
       - lint:
           name: Lint
           context: nodejs-install
@@ -131,5 +146,4 @@ workflows:
           context: nodejs-install
           requires:
             - Lint
-          <<: *filters_branches_ignore_main
-
+          <<: *filters_branches_ignore_main
diff --git a/LICENSE b/LICENSE
@@ -1,4 +1,4 @@
-Copyright 2018 Snyk Ltd.
+Copyright 2024 Snyk Ltd.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/lib/npm-modules-parser.ts b/lib/npm-modules-parser.ts
@@ -5,14 +5,15 @@ import * as baseDebug from 'debug';
 import { isEmpty } from 'lodash';
 import { Options } from './types';
 import { getFileContents } from './utils';
+import { PkgTree } from 'snyk-nodejs-lockfile-parser';
 
 const debug = baseDebug('snyk-nodejs-plugin');
 
 export async function parse(
   root: string,
   targetFile: string,
   options: Options,
-): Promise<resolveNodeDeps.PackageExpanded> {
+): Promise<PkgTree> {
   if (targetFile.endsWith('yarn.lock')) {
     options.file =
       options.file && options.file.replace('yarn.lock', 'package.json');
diff --git a/package.json b/package.json
@@ -43,7 +43,7 @@
     "lodash.sortby": "^4.7.0",
     "micromatch": "4.0.2",
     "snyk-nodejs-lockfile-parser": "1.52.11",
-    "snyk-resolve-deps": "4.7.3"
+    "snyk-resolve-deps": "4.8.0"
   },
   "devDependencies": {
     "@types/jest": "^29.5.3",

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-Copyright 2018 Snyk Ltd.`
	`1`	`+Copyright 2024 Snyk Ltd.`
`2`	`2`
`3`	`3`	`Licensed under the Apache License, Version 2.0 (the "License");`
`4`	`4`	`you may not use this file except in compliance with the License.`