1
0
Fork 0
mirror of https://github.com/imjasonh/govulncheck-action synced 2026-07-18 06:35:32 +00:00

build: migrate to ESM and esbuild

Updates the project to use ESM modules and replaces ncc with esbuild. This fixes build failures caused by newer @actions/core versions which use strict ESM exports that ncc cannot resolve.

Also updates tests to use ESM and dependency injection.

Signed-off-by: Jason Hall <imjasonh@gmail.com>
This commit is contained in:
Jason Hall 2026-02-21 02:54:49 -05:00
parent a6757f0e87
commit c4a3cd53b0
17 changed files with 22935 additions and 28919 deletions

View file

@ -1,4 +1,5 @@
const VulnerabilityParser = require('../lib/parser');
import VulnerabilityParser from '../lib/parser.js';
import { describe, it, expect, beforeEach } from '@jest/globals';
describe('VulnerabilityParser', () => {
let parser;
@ -14,9 +15,9 @@ describe('VulnerabilityParser', () => {
{"finding":{"osv":"GO-2023-5678","trace":[{"module":"another.com/package"}]}}
{"progress":"scanning packages"}
`;
const vulnerabilities = parser.parse(output);
expect(vulnerabilities).toHaveLength(2);
expect(vulnerabilities[0].finding.osv).toBe('GO-2023-1234');
expect(vulnerabilities[1].finding.osv).toBe('GO-2023-5678');
@ -31,7 +32,7 @@ describe('VulnerabilityParser', () => {
const output = `Invalid JSON line
{"finding":{"osv":"GO-2023-1234","trace":[{"module":"example.com/vulnerable"}]}}
Another invalid line`;
const vulnerabilities = parser.parse(output);
expect(vulnerabilities).toHaveLength(1);
});
@ -40,7 +41,7 @@ Another invalid line`;
const output = `{"progress":"scanning packages"}
{"config":{"db":"latest"}}
{"finding":{"osv":"GO-2023-1234","trace":[{"module":"example.com/vulnerable"}]}}`;
const vulnerabilities = parser.parse(output);
expect(vulnerabilities).toHaveLength(1);
});
@ -58,7 +59,7 @@ Another invalid line`;
"trace": [{"module": "another.com/package"}]
}
}`;
const vulnerabilities = parser.parse(output);
expect(vulnerabilities).toHaveLength(2);
expect(vulnerabilities[0].finding.osv).toBe('GO-2023-1234');
@ -72,18 +73,18 @@ Another invalid line`;
{"osv":{"id":"GO-2023-5678","summary":"Another vulnerability"}}
{"finding":{"osv":"GO-2023-5678","trace":[{"module":"another.com/package"}]}}
`;
const vulnerabilities = parser.parse(output);
expect(vulnerabilities).toHaveLength(2);
expect(vulnerabilities[0].osvDetails).toEqual({
id: 'GO-2023-1234',
summary: 'Critical vulnerability',
aliases: ['CVE-2023-1234']
aliases: ['CVE-2023-1234'],
});
expect(vulnerabilities[1].osvDetails).toEqual({
id: 'GO-2023-5678',
summary: 'Another vulnerability'
summary: 'Another vulnerability',
});
});
@ -101,7 +102,7 @@ Another invalid line`;
"trace": [{"module": "another.com/package"}]
}
}`;
const vulnerabilities = parser.parse(output);
expect(vulnerabilities).toHaveLength(2);
});
@ -119,12 +120,12 @@ Another invalid line`;
"trace": [{"module": "example.com/vulnerable"}]
}
}`;
const vulnerabilities = parser.parse(output);
expect(vulnerabilities).toHaveLength(1);
expect(vulnerabilities[0].osvDetails).toEqual({
id: 'GO-2023-1234',
summary: 'Critical vulnerability'
summary: 'Critical vulnerability',
});
});
});
@ -134,18 +135,18 @@ Another invalid line`;
const vulnerabilities = [
{
finding: {
trace: [{ module: 'example.com/vulnerable' }, { module: 'other.com/pkg' }]
}
trace: [{ module: 'example.com/vulnerable' }, { module: 'other.com/pkg' }],
},
},
{
finding: {
trace: [{ module: 'example.com/vulnerable' }, { module: 'third.com/lib' }]
}
}
trace: [{ module: 'example.com/vulnerable' }, { module: 'third.com/lib' }],
},
},
];
const modules = parser.extractUniqueModules(vulnerabilities);
expect(modules).toEqual(['example.com/vulnerable']);
});
@ -158,9 +159,9 @@ Another invalid line`;
const vulnerabilities = [
{ finding: {} },
{ finding: { trace: [] } },
{ finding: { trace: [{}] } }
{ finding: { trace: [{}] } },
];
const modules = parser.extractUniqueModules(vulnerabilities);
expect(modules).toEqual([]);
});
@ -175,19 +176,19 @@ Another invalid line`;
trace: [
{
position: { filename: 'main.go', line: 42 },
function: 'vulnerable.Function'
function: 'vulnerable.Function',
},
{
position: { filename: 'utils.go', line: 10 },
function: 'helper.Process'
}
]
}
}
function: 'helper.Process',
},
],
},
},
];
const callSites = parser.extractCallSites(vulnerabilities);
expect(callSites).toHaveLength(1);
expect(callSites[0]).toEqual({
filename: 'utils.go',
@ -196,7 +197,7 @@ Another invalid line`;
vulnerableFunction: 'vulnerable.Function',
osv: 'GO-2023-1234',
osvDetails: null,
fixedVersion: null
fixedVersion: null,
});
});
@ -207,14 +208,14 @@ Another invalid line`;
trace: [
{ function: 'no.Position' },
{ position: {} },
{ position: { filename: 'file.go' } }
]
}
}
{ position: { filename: 'file.go' } },
],
},
},
];
const callSites = parser.extractCallSites(vulnerabilities);
expect(callSites).toHaveLength(1);
expect(callSites[0]).toEqual({
filename: 'file.go',
@ -223,7 +224,7 @@ Another invalid line`;
vulnerableFunction: 'no.Position',
osv: null,
osvDetails: null,
fixedVersion: null
fixedVersion: null,
});
});
@ -232,4 +233,4 @@ Another invalid line`;
expect(callSites).toEqual([]);
});
});
});
});