refactor: code structure supporting single source exhort payload to m…

…ulti source (#661) * refactor: single-source to multi-source Signed-off-by: Ilona Shishov <[email protected]> * docs: Updates to README.md and CHANGELOG.md (#662) * 12/4/23 - ritz303 : Updated the README.md and CHANGELOG.md for Service Preview * 12/4/23 - ritz303 : Minor edit --------- Co-authored-by: Aron Gunn <[email protected]> * chore: upgrade Exhort Javascript API version Signed-off-by: Ilona Shishov <[email protected]> * docs: added TypeDoc annotations Signed-off-by: Ilona Shishov <[email protected]> * feat: added remediation and recommendation quickfix feature Signed-off-by: Ilona Shishov <[email protected]> * chore: revert to single source Signed-off-by: Ilona Shishov <[email protected]> * fix: extension settings Signed-off-by: Ilona Shishov <[email protected]> * chore: upgrade Exhort Javascript API version Signed-off-by: Ilona Shishov <[email protected]> * 12/20/23 - ritz303 : Updated the README and CHANGELOG, plus updated screenshots (#670) Co-authored-by: Aron Gunn <[email protected]> * version: update package.json version Signed-off-by: Ilona Shishov <[email protected]> --------- Signed-off-by: Ilona Shishov <[email protected]> Co-authored-by: ritz303 <[email protected]> Co-authored-by: Aron Gunn <[email protected]>
fabric8-analytics · Dec 21, 2023 · 629d4c6 · 629d4c6
1 parent 106a93a
commit 629d4c6
Show file tree

Hide file tree

Showing 39 changed files with 1,215 additions and 931 deletions.
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -52,5 +52,6 @@ module.exports = {
         "no-unsafe-finally": "error",
         "new-parens": "error",
         "no-throw-literal": "error",
+        "no-useless-catch": "off"
     }
 }
diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
@@ -104,7 +104,7 @@ jobs:
             const response = await github.request('POST /repos/' + repo_name + '/releases', {
               tag_name: '${{ steps.bump.outputs.version }}',
               name: '${{ steps.bump.outputs.version }}',
-              prerelease: true,
+              prerelease: false,
               generate_release_notes: true
             })
             core.setOutput('upload_url', response.data.upload_url)

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -34,5 +34,5 @@
 		"out": true // set this to false to include "out" folder in search results
 	},
 	"typescript.tsdk": "./node_modules/typescript/lib",
-	"redhat.telemetry.enabled": true // we want to use the TS server from our node_modules folder to control its version
+	"redhat.telemetry.enabled": true
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,12 +1,22 @@
 # Change Log
+## 0.8.0 (Dec 11th 2023)
+- informational - Service Preview release of Red Hat Dependency Analytics (RHDA) extension.
+- informational - Configuration names for all supported executable paths in the extension settings have changed. These executable paths are only used for the analysis.
+- enhancement - Added support for error observation by using Sentry.
+- enhancement - Support for more complex SPDX SBOM relationships.
+- enhancement - Added recommendations and remediations in the _Quick Fix..._ tab.
+- fixes - Fixed an issue where unique Snyk vulnerability information was not being displayed in the Dependency Analytics report. See [PR#217](https://github.com/RHEcosystemAppEng/exhort/pull/217) for details.
+- fixes - Better valid and invalid token alert messages for the Snyk vulnerability information provider. See [PR#218](https://github.com/RHEcosystemAppEng/exhort/pull/218) for details.
+- fixes - Fixed analysis report discrepancies between Red Hat Dependency Analytics and Snyk’s analytics. See [PR#219](https://github.com/RHEcosystemAppEng/exhort/pull/219) for details.
+- fixes - Fixed the Go and Python package links so they point to their specific package manager website.
 ## 0.7.3 (Nov 8th 2023)
-- enhancement - Support for Golang and Python ecosystems. See [#656](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/656)
+- enhancement - Support for Golang and Python ecosystems. See [PR#656](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/656) for details.
 - enhancement - A new setting for Python and Go environments to restrict package analysis when there is a package version mis-match between the environment and the manifest file. See the [Features section](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/blob/master/README.md#features) of the README for more information.
 ## 0.7.0 (Sep 11th 2023)
-- fixes - Improved overall performance and stability with the analysis report.
 - informational - Alpha release of the new Red Hat Dependency Analytics (RHDA) extension.
-- informational - Code base refactoring from CRDA to RHDA alpha. See [#636](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/636)
+- informational - Code base refactoring from CRDA to RHDA alpha. See [PR#636](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/636) for details.
 - informational - Currently no support for Python and Go, but coming soon.
+- fixes - Improved overall performance and stability with the analysis report.
 ## 0.3.10 (May 22th 2022)
 - fixes - Extension breaks for Go version 1.17. See [#608](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/608)
 - fixes - Retry failed stack analysis requests. See [#609](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/609)

diff --git a/README.md b/README.md
@@ -101,13 +101,23 @@ The default path is `/tmp/redhatDependencyAnalyticsReport.html`.
 - **Component analysis**
 	<br >Upon opening a manifest file, such as a `pom.xml`, `package.json`, `go.mod` or `requirements.txt` file, a scan starts the analysis process.
 	The scan provides immediate inline feedback on detected security vulnerabilities for your application's dependencies.
-	Such dependencies are appropriately underlined in red, and hovering over it gives you a short summary of the security concern.
+	Such dependencies are appropriately underlined in red, and hovering over it gives you a short summary of the security concern from Snyk.
 	The summary has the full package name, version number, the amount of known security vulnerabilities, and the highest severity status of said vulnerabilities.
 
 	**NOTE:** Add the `target` folder to your `.gitignore` file to exclude it from Git monitoring.
 
 	![ Animated screenshot showing the inline reporting feature of Red Hat Dependency Analytics ](images/screencasts/component-analysis.gif)
 
+- **Recommendations and remediations** 
+    <br >After running a detailed analysis report on a specific component version, you can view recommendations and remediations by using the _Quick Fix..._ menu.
+	If there is a Red Hat recommended package version available, you can replace your version with Red Hat's version.
+
+	![ Animated screenshot showing how to access the _Quick Fix..._ menu, and switching to a Red Hat recommended package version ](images/screencasts/quickfix.gif)
+
+	<br >**IMPORTANT:** For Maven projects only, when analyzing a `pom.xml` file.
+	You must configure Red Hat's generally available (GA) repository to use the recommendations or remediations.
+	Add this repository, `https://maven.repository.redhat.com/ga/`, to your project's configuration.
+
 - **Excluding dependencies with `exhortignore`**
 	<br >You can exclude a package from analysis by marking the package for exclusion.
 	If you wish to ignore vulnerabilities for a dependency in a `pom.xml` file, you must add `exhortignore` as a comment against the dependency, group id, artifact id, or version scopes of that particular dependency in the manifest file.

diff --git a/images/screencasts/component-analysis.gif b/images/screencasts/component-analysis.gif
diff --git a/images/screencasts/quickfix.gif b/images/screencasts/quickfix.gif
diff --git a/images/screenshots/extension-workspace-settings.png b/images/screenshots/extension-workspace-settings.png
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -2,7 +2,7 @@
   "name": "fabric8-analytics",
   "displayName": "Red Hat Dependency Analytics",
   "description": "Provides insights on security vulnerabilities in your application dependencies.",
-  "version": "0.7.5",
+  "version": "0.8.0",
   "author": "Red Hat",
   "publisher": "redhat",
   "preview": true,
@@ -187,7 +187,7 @@
         "redHatDependencyAnalytics.exhortSnykToken": {
           "type": "string",
           "default": "",
-          "description": "Red Hat Dependency Analytics server authentication token for Snyk.",
+          "description": "Red Hat Dependency Analytics authentication token for Snyk.",
           "scope": "window"
         },
         "redHatDependencyAnalytics.matchManifestVersions": {
@@ -202,43 +202,43 @@
           "description": "Path to a local file where the Red Hat Dependency Analytics report will be saved.",
           "scope": "window"
         },
-        "mvn.executable.path": {
+        "redHatDependencyAnalytics.mvn.executable.path": {
           "type": "string",
           "default": "",
           "description": "Specifies absolute path of mvn executable.",
           "scope": "window"
         },
-        "npm.executable.path": {
+        "redHatDependencyAnalytics.npm.executable.path": {
           "type": "string",
           "default": "",
           "description": "Specifies absolute path of npm executable.",
           "scope": "window"
         },
-        "go.executable.path": {
+        "redHatDependencyAnalytics.go.executable.path": {
           "type": "string",
           "default": "",
           "description": "Specifies absolute path of go executable.",
           "scope": "window"
         },
-        "python3.executable.path": {
+        "redHatDependencyAnalytics.python3.executable.path": {
           "type": "string",
           "default": "",
           "description": "Specifies absolute path of python3 executable, python3 takes precedence over python.",
           "scope": "window"
         },
-        "pip3.executable.path": {
+        "redHatDependencyAnalytics.pip3.executable.path": {
           "type": "string",
           "default": "",
           "description": "Specifies absolute path of pip3 executable, pip3 takes precedence over pip.",
           "scope": "window"
         },
-        "python.executable.path": {
+        "redHatDependencyAnalytics.python.executable.path": {
           "type": "string",
           "default": "",
           "description": "Specifies absolute path of python executable, python3 takes precedence over python.",
           "scope": "window"
         },
-        "pip.executable.path": {
+        "redHatDependencyAnalytics.pip.executable.path": {
           "type": "string",
           "default": "",
           "description": "Specifies absolute path of pip executable, pip3 takes precedence over pip.",
@@ -284,9 +284,9 @@
     "webpack-cli": "^5.1.4"
   },
   "dependencies": {
-    "@fabric8-analytics/fabric8-analytics-lsp-server": "^0.7.1-ea.18",
+    "@fabric8-analytics/fabric8-analytics-lsp-server": "^0.9.0",
     "@redhat-developer/vscode-redhat-telemetry": "^0.7.0",
-    "@RHEcosystemAppEng/exhort-javascript-api": "^0.0.2-ea.49",
+    "@RHEcosystemAppEng/exhort-javascript-api": "^0.1.1-ea.5",
     "fs": "^0.0.1-security",
     "path": "^0.12.7",
     "vscode-languageclient": "^8.1.0"

diff --git a/src/DepOutputChannel.ts b/src/DepOutputChannel.ts