snyksec
commented
11 months ago :tada: This PR is included in version 1.36.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Closed dotkas closed 11 months ago
snyksec
commented
11 months ago :tada: This PR is included in version 1.36.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
We have a big demand for scanning all
<TargetFramework>s inside a.csprojfile. Currently, we're only scanning the first target we find. This is sub-optimal.This PR is the first in a series, to keep things tight. The plugin did not adhere to the standards of https://github.com/snyk/snyk-cli-interface which allows for a plugin's
inspect()function to return either a single or multiple results.In order to allow this to happen, a large amount of type guards and other refactoring had to be done. So to not pollute the actual implementation of the solution with too big a PR, this has been split out to a separate PR.
Breaking changes 🙀
~I really don't think this actually is a change that will break anything, but it is nonetheless changing the object that gets returned. Namely, the returned
targetRuntimeis nowruntime.~~Basically, this is a lie: https://github.com/snyk/snyk-nuget-plugin/blob/cb11cd62dbd2446d441bbc7d0235467ac7eb26e9/lib/nuget-parser/types.ts#L29~
~Since: https://github.com/snyk/snyk-cli-interface/blob/65e87fe5a3bc735f49a6fd5f59ca19e67da090f6/legacy/plugin.ts#L87~
~In any case. I don't see the CLI is really using it, so the blast radius really ought to be nil, for our use cases at least. But this is a public repo, so, who knows.~
Ignore what I said, this will break everything. Keeping
.targetRuntime.