Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: SonarSource/sonar-scanner-npm
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 182af86acd05d63880605a8f11f174896ed59acd
Choose a base ref
...
head repository: SonarSource/sonar-scanner-npm
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: e06fd72f81f4c44bf068d695aa6cffd9ab3b4a08
Choose a head ref
  • 5 commits
  • 6 files changed
  • 4 contributors

Commits on Aug 19, 2024

  1. Update license headers to include 2024 (#164)

    @Wohops
    Wohops authored Aug 19, 2024
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    34464c5 View commit details

Commits on Aug 26, 2024

  1. BUILD-6088 Create SECURITY.md (#166)

    @SamirM-BE
    SamirM-BE authored Aug 26, 2024
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    06ee76f View commit details

Commits on Sep 2, 2024

  1. SCANNPM-46 Bump axios to 1.7.7 fix CVE-2024-39338 

    Co-authored-by: axi92 <1394837+axi92@users.noreply.github.com>
    @7PH @axi92
    7PH and axi92 committed Sep 2, 2024
    Copy the full SHA
    dc5d494 View commit details

  2. SCANNPM-46 Bump micromatch to 4.0.8 to fix CVE-2024-4067

    @7PH
    7PH committed Sep 2, 2024
    Copy the full SHA
    59e62da View commit details

  3. NO-JIRA Bump version to 4.2.2

    @7PH
    7PH committed Sep 2, 2024
    Loading
    Loading status checks…
    Copy the full SHA
    e06fd72 View commit details
Showing with 56 additions and 19 deletions.
  1. +13 −0 SECURITY.md
  2. +35 −11 package-lock.json
  3. +2 −2 package.json
  4. +4 −4 tools/orchestrator/package-lock.json
  5. +1 −1 tools/orchestrator/package.json
  6. +1 −1 tools/orchestrator/src/stop.java
13 changes: 13 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Reporting Security Issues

A mature software vulnerability treatment process is a cornerstone of a robust information security management system. Contributions from the community play an important role in the evolution and security of our products, and in safeguarding the security and privacy of our users.

If you believe you have discovered a security vulnerability in Sonar's products, we encourage you to report it immediately.

To responsibly report a security issue, please email us at [security@sonarsource.com](mailto:security@sonarsource.com). Sonar’s security team will acknowledge your report, guide you through the next steps, or request additional information if necessary. Customers with a support contract can also report the vulnerability directly through the support channel.

For security vulnerabilities found in third-party libraries, please also contact the library's owner or maintainer directly.

## Responsible Disclosure Policy

For more information about disclosing a security vulnerability to Sonar, please refer to our community post: [Responsible Vulnerability Disclosure](https://community.sonarsource.com/t/responsible-vulnerability-disclosure/9317).
46 changes: 35 additions & 11 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "sonarqube-scanner",
"description": "SonarQube/SonarCloud Scanner for the JavaScript world",
"version": "4.2.1",
"version": "4.2.2",
"homepage": "https://github.com/SonarSource/sonar-scanner-npm",
"author": {
"name": "Fabrice Bellingard",
@@ -25,7 +25,7 @@
},
"dependencies": {
"adm-zip": "0.5.12",
"axios": "1.6.8",
"axios": "1.7.7",
"commander": "12.0.0",
"fs-extra": "11.2.0",
"hpagent": "1.2.0",
8 changes: 4 additions & 4 deletions tools/orchestrator/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion tools/orchestrator/package.json
View file
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@
"author": "",
"license": "ISC",
"dependencies": {
"axios": "1.6.8",
"axios": "1.7.7",
"mkdirp": "3.0.1"
},
"devDependencies": {
2 changes: 1 addition & 1 deletion tools/orchestrator/src/stop.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
* sonar-scanner-npm
* Copyright (C) 2011-2022 SonarSource SA
* Copyright (C) 2011-2024 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or