UNPKG

snyk-mvn-plugin

Version:

Snyk CLI Maven plugin

github.com/snyk/snyk-mvn-plugin

snyk/snyk-mvn-plugin

109 lines 4.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.NO_OP_VERSION_RESOLVER = void 0; exports.createVersionResolver = createVersionResolver; const index_1 = require("../index"); const resolve_parser_1 = require("./resolve-parser"); const dependency_1 = require("./dependency"); /** * Create a dependency key for lookups * @param groupId The dependency group ID * @param artifactId The dependency artifact ID * @returns A key string for the dependency */ function createDependencyKey(groupId, artifactId) { return `${groupId}:${artifactId}`; } /** * Check if a version is a metaversion that needs resolution * @param version The version string to check * @returns True if the version is a metaversion */ function isMetaversion(version) { return version === 'RELEASE' || version === 'LATEST'; } /** * Create a VersionResolver from Maven dependency:resolve output * * @param resolveResult The raw output from `mvn dependency:resolve` * @returns A VersionResolver instance * * Note: For older Maven versions (e.g., 3.3.9) that don't provide proper project * separation in resolve output, all resolutions are stored under 'default' project. * This can cause issues in rare edge cases where multiple modules have conflicting * versions of the same dependency (e.g., one uses LATEST, another uses fixed version). * In such cases, the last resolved version wins. This requires: EOL Maven version + * metaversions + conflicting version strategies - an extremely unlikely scenario. */ function createVersionResolver(resolveResult) { const resolvedVersions = (0, resolve_parser_1.parseResolveResult)(resolveResult); const projectResolutionMap = new Map(); // Build project-specific resolution maps for (const resolvedVersion of resolvedVersions) { const key = createDependencyKey(resolvedVersion.groupId, resolvedVersion.artifactId); // Use projectId if available, otherwise use a default project const projectId = resolvedVersion.projectId || 'default'; if (!projectResolutionMap.has(projectId)) { projectResolutionMap.set(projectId, new Map()); } projectResolutionMap.get(projectId)?.set(key, resolvedVersion); } // Private helper function in closure - not exposed in interface function resolveVersion(groupId, artifactId, projectId) { const key = createDependencyKey(groupId, artifactId); // Use provided projectId or fall back to 'default' const targetProjectId = projectId || 'default'; const projectResolutions = projectResolutionMap.get(targetProjectId); if (projectResolutions && projectResolutions.has(key)) { return projectResolutions.get(key)?.version; } // Fallback: if not found in specific project, try 'default' // This handles cases where older Maven versions don't provide proper project separation if (targetProjectId !== 'default') { const defaultResolutions = projectResolutionMap.get('default'); if (defaultResolutions && defaultResolutions.has(key)) { return defaultResolutions.get(key)?.version; } } // No resolution found return undefined; } return { resolveDependencyId(dependencyId, projectId) { const dependency = (0, dependency_1.parseDependency)(dependencyId); // Only resolve if this is a metaversion if (!isMetaversion(dependency.version)) { return dependencyId; } // Try to resolve the metaversion using private helper const resolvedVersion = resolveVersion(dependency.groupId, dependency.artifactId, projectId); if (resolvedVersion) { // Build new dependency string with resolved version const resolvedDependency = { ...dependency, version: resolvedVersion, }; return (0, dependency_1.buildDependencyString)(resolvedDependency); } // If resolution failed, return original ID (0, index_1.debug)(`Resolution failed for ${dependencyId}`); return dependencyId; }, }; } /** * Singleton no-op VersionResolver (Null Object pattern) * * Used when no metaversions are detected or when dependency:resolve fails. * Implements the VersionResolver interface but performs no actual resolution. * * Since no-op resolvers are stateless, we export a singleton to avoid creating * multiple instances unnecessarily. */ exports.NO_OP_VERSION_RESOLVER = { resolveDependencyId(dependencyId) { // No-op: never resolves, always returns original return dependencyId; }, }; //# sourceMappingURL=version-resolver.js.map