deps: @npmcli/[email protected]

Author: wraithgar

node_modules/@npmcli/query/lib/index.js

@@ -166,6 +166,46 @@ const fixupOutdated = astNode => {
   }
 }
 
+const fixupVuln = astNode => {
+  const vulns = []
+  if (astNode.nodes.length) {
+    for (const selector of astNode.nodes) {
+      const vuln = {}
+      for (const node of selector.nodes) {
+        if (node.type !== 'attribute') {
+          throw Object.assign(
+            new Error(':vuln pseudo-class only accepts attribute matchers or "cwe" tag'),
+            { code: 'EQUERYATTR' }
+          )
+        }
+        if (!['severity', 'cwe'].includes(node._attribute)) {
+          throw Object.assign(
+            new Error(':vuln pseudo-class only matches "severity" and "cwe" attributes'),
+            { code: 'EQUERYATTR' }
+          )
+        }
+        if (!node.operator) {
+          node.operator = '='
+          node.value = '*'
+        }
+        if (node.operator !== '=') {
+          throw Object.assign(
+            new Error(':vuln pseudo-class attribute selector only accepts "=" operator', node),
+            { code: 'EQUERYATTR' }
+          )
+        }
+        if (!vuln[node._attribute]) {
+          vuln[node._attribute] = []
+        }
+        vuln[node._attribute].push(node._value)
+      }
+      vulns.push(vuln)
+    }
+    astNode.vulns = vulns
+    astNode.nodes.length = 0
+  }
+}
+
 // a few of the supported ast nodes need to be tweaked in order to properly be
 // interpreted as proper arborist query selectors, namely semver ranges from
 // both ids and :semver pseudo-class selectors need to be translated from what
@@ -192,6 +232,8 @@ const transformAst = selector => {
         return fixupTypes(nextAstNode)
       case ':outdated':
         return fixupOutdated(nextAstNode)
+      case ':vuln':
+        return fixupVuln(nextAstNode)
     }
   })
 }

node_modules/@npmcli/query/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@npmcli/query",
-  "version": "3.0.1",
+  "version": "3.1.0",
   "description": "npm query parser and tools",
   "main": "lib/index.js",
   "scripts": {
     "test": "tap",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "postlint": "template-oss-check",
     "template-oss-apply": "template-oss-apply --force",
     "lintfix": "npm run lint -- --fix",
@@ -39,12 +39,12 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.18.0",
+    "version": "4.21.3",
     "publish": true
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.18.0",
+    "@npmcli/template-oss": "4.21.3",
     "tap": "^16.2.0"
   },
   "dependencies": {

package-lock.json

@@ -1893,9 +1893,9 @@
       }
     },
     "node_modules/@npmcli/query": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@npmcli/query/-/query-3.0.1.tgz",
-      "integrity": "sha512-0jE8iHBogf/+bFDj+ju6/UMLbJ39c8h6nSe6qile+dB7PJ0iV3gNqcb2vtt6WWCBrxv9uAjzUT/8vroluulidA==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@npmcli/query/-/query-3.1.0.tgz",
+      "integrity": "sha512-C/iR0tk7KSKGldibYIB9x8GtO/0Bd0I2mhOaDb8ucQL/bQVTmGoeREaFj64Z5+iCBRf3dQfed0CjJL7I8iTkiQ==",
       "dependencies": {
         "postcss-selector-parser": "^6.0.10"
       },
@@ -16035,7 +16035,7 @@
         "@npmcli/name-from-folder": "^2.0.0",
         "@npmcli/node-gyp": "^3.0.0",
         "@npmcli/package-json": "^5.0.0",
-        "@npmcli/query": "^3.0.1",
+        "@npmcli/query": "^3.1.0",
         "@npmcli/run-script": "^7.0.2",
         "bin-links": "^4.0.1",
         "cacache": "^18.0.0",

workspaces/arborist/package.json

@@ -11,7 +11,7 @@
     "@npmcli/name-from-folder": "^2.0.0",
     "@npmcli/node-gyp": "^3.0.0",
     "@npmcli/package-json": "^5.0.0",
-    "@npmcli/query": "^3.0.1",
+    "@npmcli/query": "^3.1.0",
     "@npmcli/run-script": "^7.0.2",
     "bin-links": "^4.0.1",
     "cacache": "^18.0.0",