search

aquasecurity / go-dep-parser

Dependency Parser for Multiple Programming Languages
MIT License
145 stars 109 forks source link

fix(yarn): parse protocols for dependencies #275

Closed DmitriyLewen closed 12 months ago

DmitriyLewen commented 12 months ago

Description

Support protocols for dependencies section. See aquasecurity/trivy/issues/5611 for more information

DmitriyLewen commented 12 months ago

Looks like yarn team add this change only for yarn.lock v2. debug dependency for yarn.lock v1:

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1

debug@4.3.4:
  version "4.3.4"
  resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865"
  integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==
  dependencies:
    ms "2.1.2"

ms@2.1.2:
  version "2.1.2"
  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
  integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==

It works as expected with this file.