Skip to content

Commit

Permalink
Merge pull request #1732 from forcedotcom/release-4.9.0
Browse files Browse the repository at this point in the history 
RELEASE @W-17615470@: Conducting 4.9.0 release
  • Loading branch information
@stephen-carter-at-sf
stephen-carter-at-sf authored Jan 28, 2025
2 parents b5377db + f8909ec commit 69042a6
Show file tree
Hide file tree
Showing 5 changed files with 84 additions and 16 deletions.
9 changes: 2 additions & 7 deletions .github/workflows/create-release-branch.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ jobs:
git push --set-upstream origin $INTERIM_BRANCH_NAME
# Update dependencies.
- run: |
yarn upgrade
node tools/UpdateRetireJsVulns.js
# Use the GraphQL API to create a signed commit with the various changes.
- name: Commit to interim branch
Expand All @@ -70,12 +69,11 @@ jobs:
MESSAGE="Preparing for v$NEW_VERSION release."
# GraphQL needs the latest versions of the files we changed, as Base64 encoded strings.
NEW_PACKAGE="$(cat package.json | base64)"
NEW_YARN_LOCK="$(cat yarn.lock | base64)"
NEW_RETIREJS_VULNS="$(cat retire-js/RetireJsVulns.json | base64)"
gh api graphql -F message="$MESSAGE" -F oldOid=`git rev-parse HEAD` -F branch="$BRANCH" \
-F newPackage="$NEW_PACKAGE" -F newYarnLock="$NEW_YARN_LOCK" -F newRetireJsVulns="$NEW_RETIREJS_VULNS" \
-F newPackage="$NEW_PACKAGE" -F newRetireJsVulns="$NEW_RETIREJS_VULNS" \
-f query='
mutation ($message: String!, $oldOid: GitObjectID!, $branch: String!, $newPackage: Base64String!, $newYarnLock: Base64String!, $newRetireJsVulns: Base64String!) {
mutation ($message: String!, $oldOid: GitObjectID!, $branch: String!, $newPackage: Base64String!, $newRetireJsVulns: Base64String!) {
createCommitOnBranch(input: {
branch: {
repositoryNameWithOwner: "forcedotcom/sfdx-scanner",
Expand All @@ -89,9 +87,6 @@ jobs:
{
path: "package.json",
contents: $newPackage
}, {
path: "yarn.lock",
contents: $newYarnLock
}, {
path: "retire-js/RetireJsVulns.json",
contents: $newRetireJsVulns
Expand Down
8 changes: 4 additions & 4 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@salesforce/sfdx-scanner",
"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
"version": "4.8.0",
"version": "4.9.0",
"author": "Salesforce Code Analyzer Team",
"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
"dependencies": {
Expand Down Expand Up @@ -143,13 +143,13 @@
"prepack": "rm -rf lib && tsc -b && oclif manifest && oclif readme && oclif lock && npm shrinkwrap",
"postpack": "rm -f oclif.manifest.json oclif.lock npm-shrinkwrap.json",
"lint-typescript": "eslint ./src --ext .ts --max-warnings 0",
"test": "./gradlew test jacocoTestCoverageVerification && nyc mocha --timeout 60000 --retries 5 \"./test/**/*.test.ts\"",
"test-quiet": "cross-env SFGE_LOGGING=false ./gradlew test jacocoTestCoverageVerification && nyc mocha --timeout 60000 --retries 5 \"./test/**/*.test.ts\"",
"test": "./gradlew test jacocoTestCoverageVerification && cross-env NODE_OPTIONS=--no-experimental-strip-types nyc mocha --timeout 60000 --retries 5 \"./test/**/*.test.ts\"",
"test-quiet": "cross-env SFGE_LOGGING=false ./gradlew test jacocoTestCoverageVerification && cross-env NODE_OPTIONS=--no-experimental-strip-types nyc mocha --timeout 60000 --retries 5 \"./test/**/*.test.ts\"",
"test-cli-messaging": "./gradlew cli-messaging:test cli-messaging:jacocoTestCoverageVerification",
"test-pmd-cataloger": "./gradlew pmd-cataloger:test pmd-cataloger:jacocoTestCoverageVerification",
"test-sfge": "./gradlew sfge:test sfge:jacocoTestCoverageVerification",
"test-sfge-quiet": "cross-env SFGE_LOGGING=false ./gradlew sfge:test sfge:jacocoTestCoverageVerification",
"test-typescript": "tsc -b && nyc mocha --timeout 60000 \"./test/**/*.test.ts\"",
"test-typescript": "tsc -b && cross-env NODE_OPTIONS=--no-experimental-strip-types nyc mocha --timeout 60000 \"./test/**/*.test.ts\"",
"version": "oclif readme && git add README.md"
}
}
14 changes: 13 additions & 1 deletion pmd7/build.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ repositories {
}

// Keep this in sync with src/Constants.ts > PMD7_VERSION
var pmd7Version = "7.8.0"
var pmd7Version = "7.9.0"

val pmdDist7Dir = "$buildDir/../../dist/pmd7"

Expand All @@ -26,6 +26,18 @@ dependencies {
implementation("net.sourceforge.pmd:pmd-xml:$pmd7Version")
}

// TEMPORARY - FOR SOME REASON WHEN UPGRADING TO PMD 7.9.0, THE TRANSITIVE DEPENDENCY:
// io.github.apex-dev-tools:apex-parser
// IS GETTING PULLED IN AS 4.3.1 INSTEAD OF THE LISTED 4.3.0 AND IT SEEMS TO HAVE A BUG: A MISSING DEPENDENCY LISTED.
// SO WE SHOULD FORCE 4.3.0 TO GET PULLED IN INSTEAD UNTIL THIS IS FIXED.
// See https://github.com/pmd/pmd/issues/5456
// TODO: As soon as the pmd folks fix this ^... we should remove this workaround:
configurations.all {
resolutionStrategy {
force("io.github.apex-dev-tools:apex-parser:4.3.0")
}
}

tasks.register<Copy>("copyDependencies") {
from(configurations.runtimeClasspath)
into("$pmdDist7Dir/lib")
Expand Down
67 changes: 64 additions & 3 deletions retire-js/RetireJsVulns.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4957,8 +4957,7 @@
"identifiers": {
"summary": "Regular Expression Denial of Service (ReDoS), Affecting moment package, versions >=2.18.0 <2.29.4",
"CVE": [
"CVE-2022-31129",
"CVE-2023-22467"
"CVE-2022-31129"
],
"githubID": "GHSA-wc69-rhjr-hc9g"
},
Expand Down Expand Up @@ -6815,6 +6814,27 @@
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "13.0.0",
"below": "13.5.8",
"cwe": [
"CWE-770"
],
"severity": "medium",
"identifiers": {
"summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
"CVE": [
"CVE-2024-56332"
],
"githubID": "GHSA-7m27-7ghc-44w9"
},
"info": [
"https://github.com/advisories/GHSA-7m27-7ghc-44w9",
"https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "13.4.0",
"below": "14.1.1",
Expand Down Expand Up @@ -6906,6 +6926,48 @@
"https://github.com/vercel/next.js",
"https://github.com/vercel/next.js/releases/tag/v14.2.15"
]
},
{
"atOrAbove": "14.0.0",
"below": "14.2.21",
"cwe": [
"CWE-770"
],
"severity": "medium",
"identifiers": {
"summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
"CVE": [
"CVE-2024-56332"
],
"githubID": "GHSA-7m27-7ghc-44w9"
},
"info": [
"https://github.com/advisories/GHSA-7m27-7ghc-44w9",
"https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
"https://github.com/vercel/next.js"
]
},
{
"atOrAbove": "15.0.0",
"below": "15.1.2",
"cwe": [
"CWE-770"
],
"severity": "medium",
"identifiers": {
"summary": "Next.js Allows a Denial of Service (DoS) with Server Actions",
"CVE": [
"CVE-2024-56332"
],
"githubID": "GHSA-7m27-7ghc-44w9"
},
"info": [
"https://github.com/advisories/GHSA-7m27-7ghc-44w9",
"https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9",
"https://nvd.nist.gov/vuln/detail/CVE-2024-56332",
"https://github.com/vercel/next.js"
]
}
],
"extractors": {
Expand Down Expand Up @@ -7867,7 +7929,6 @@
"identifiers": {
"summary": "PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF",
"CVE": [
"CVE-2024-34342",
"CVE-2024-4367"
],
"githubID": "GHSA-wgrm-67xf-hhpq"
Expand Down
2 changes: 1 addition & 1 deletion src/Constants.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import os = require('os');
import path = require('path');

// Keep this in sync with <repoRoot>/pmd7/build.gradle.kts > pmd7Version
export const PMD7_VERSION = '7.8.0';
export const PMD7_VERSION = '7.9.0';

export const PMD_APPEXCHANGE_RULES_VERSION = '0.16';

Expand Down

0 comments on commit 69042a6

Please sign in to comment.