fix

package
v3.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 9, 2026 License: AGPL-3.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Apply 

func Apply(root string, plans []FixCandidate) error

func ApplyOverride 

func ApplyOverride(root string, p FixCandidate) error

ApplyOverride pins the (transitive) package to its safe version via the package manager's override mechanism in the nearest package.json: 

npm / bun → "overrides"
pnpm      → "pnpm": { "overrides" }
yarn      → "resolutions"

No-op (nil) when no package.json is found in the manifest's directory.

func BestInRange 

func BestInRange(candidates []string, constraint string) string

func RunInstall 

func RunInstall(ctx context.Context, batches []FixBatch, dryRun bool, w io.Writer) error

func Satisfies 

func Satisfies(version, constraint string) bool

Types

type Batch 

type Batch struct {
	Plans  []FixCandidate
	Counts ProofCounts
}

func BuildPlans 

func BuildPlans(vulns []scan.EnrichedVuln, packages []scan.ScopedPackage, groups []scan.ManifestGroup, insights []vdb.CliPackageInsight, opts Options) Batch

type FixBatch 

type FixBatch struct {
	SourceFile string
	Ecosystem  string
	Dir        string
	Plans      []FixCandidate
}

func GroupBatches 

func GroupBatches(root string, plans []FixCandidate) []FixBatch

type FixCandidate 

type FixCandidate struct {
	PackageName      string
	Ecosystem        string
	CurrentVer       string
	SourceFile       string
	IsDirect         bool
	ParentName       string
	ParentRange      string
	ParentTarget     string // resolved parent version for a parent-upgrade (npm only)
	TargetVer        string
	Method           FixMethod
	PackageManager   string // concrete resolver (npm/pnpm/yarn/bun/...) for the manifest, when known
	Command          string
	CveIDs           []string
	Reason           string
	Skipped          bool
	SkipReason       string
	RejectedVersions []SafeVersionRejection // populated when SkipReason contains "no Safe-Harbour"
	LatestAvailable  string                 // newest known version for context in the proof-of-work output
}

func SelectManifests 

func SelectManifests(plans []FixCandidate, manifest string, yes bool) ([]FixCandidate, error)

type FixMethod 

type FixMethod string
const (
	MethodDirectBump    FixMethod = "direct-bump"
	MethodOverride      FixMethod = "override"
	MethodParentUpdate  FixMethod = "parent-update"
	MethodParentUpgrade FixMethod = "parent-upgrade"
)

type Options 

type Options struct {
	Strategy     Strategy
	MaxMajorBump int
	Manifest     string
	Yes          bool
	PathExplicit bool
}

type ProofCounts 

type ProofCounts struct {
	Direct                  int
	TransitiveParentUpdate  int
	TransitiveParentUpgrade int
	TransitiveOverride      int
	UnresolvedDeepChains    int
}

func CountPlans 

func CountPlans(plans []FixCandidate) ProofCounts

type SafeVersionRejection added in v3.21.0 

type SafeVersionRejection struct {
	Version   string
	VulnCount int
	ExplCount int
	IsMalware bool
}

SafeVersionRejection records why a candidate Safe-Harbour version could not be used as an autofix target (vuln count, exploit count, or malware flag).

type Strategy 

type Strategy string
const (
	StrategyLatest Strategy = "latest"
	StrategySafest Strategy = "safest"
	StrategyStable Strategy = "stable"
)

func ValidateStrategy 

func ValidateStrategy(s string) (Strategy, error)

type TargetDecision 

type TargetDecision struct {
	Skipped bool
	Reason  string
}

func ResolveTarget 

func ResolveTarget(current string, strategy Strategy, latest []vdb.CliVersionStamp, safe []vdb.CliSafeHarbourVersion, summary *vdb.CliSafeHarbourSummary, maxMajorBump int) (string, TargetDecision)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.