fix: bump to v10

Author: parker-snyk

.eslintignore

@@ -2,18 +2,6 @@
 version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
-  SNYK-JS-TAR-15307072:
-    - 'snyk-nodejs-lockfile-parser > @yarnpkg/core > tar':
-        reason: 'Indirect dependency from snyk-nodejs-lockfile-parser, waiting for upstream fix'
-        expires: 2026-05-06T00:00:00.000Z
-  SNYK-JS-TAR-15416075:
-    - 'snyk-nodejs-lockfile-parser > @yarnpkg/core > tar':
-        reason: 'Indirect dependency from snyk-nodejs-lockfile-parser, waiting for upstream fix'
-        expires: 2026-05-06T00:00:00.000Z
-  SNYK-JS-TAR-15456201:
-    - 'snyk-nodejs-lockfile-parser > @yarnpkg/core > tar':
-        reason: 'Indirect dependency from snyk-nodejs-lockfile-parser, waiting for upstream fix'
-        expires: 2026-05-06T00:00:00.000Z
   SNYK-JS-LODASH-15869625:
     - '*':
         reason: 'Indirect dependency, waiting for upstream fix'

.eslintrc.json

@@ -17,6 +17,7 @@ schemas:
     enum:
       - autoDetectedUserInstructions
       - binaries
+      - baseRuntimes
       - depGraph
       - dockerfileAnalysis
       - dockerLayers

.snyk

@@ -0,0 +1,46 @@
+import eslint from "@eslint/js";
+import tseslint from "typescript-eslint";
+import eslintConfigPrettier from "eslint-config-prettier/flat";
+
+export default tseslint.config(
+  {
+    ignores: ["dist/", "node_modules/"],
+  },
+  eslint.configs.recommended,
+  ...tseslint.configs.recommended,
+  eslintConfigPrettier,
+  {
+    rules: {
+      "no-shadow": "off",
+      "@typescript-eslint/no-shadow": "off",
+      "@typescript-eslint/naming-convention": "off",
+      "no-bitwise": "off",
+      "max-classes-per-file": "off",
+      "no-console": "off",
+      "@typescript-eslint/no-explicit-any": "off",
+      "no-case-declarations": "off",
+      "no-useless-escape": "off",
+      "no-prototype-builtins": "off",
+      "@typescript-eslint/no-require-imports": "off",
+      "@typescript-eslint/no-namespace": "off",
+      "no-control-regex": "off",
+      // New in ESLint v10 recommended — not part of the pre-migration rule set
+      "preserve-caught-error": "off",
+      "no-useless-assignment": "off",
+
+      // New in typescript-eslint v8 recommended — not part of the pre-migration rule set
+      "@typescript-eslint/no-empty-object-type": "off",
+      "@typescript-eslint/no-unused-expressions": "off",
+
+      "@typescript-eslint/no-unused-vars": [
+        "error",
+        {
+          argsIgnorePattern: "^_",
+          varsIgnorePattern: "^_",
+          // v8 changed the default from "none" to "all"; restore old behaviour
+          caughtErrors: "none",
+        },
+      ],
+    },
+  },
+);

components/common.yaml

@@ -136,7 +136,7 @@ async function depGraphFromNodeModules(
       }
 
       const depGraph = await legacy.depTreeToGraph(
-        pkgTree,
+        pkgTree as any,
         pkgTree.type || "npm",
       );
 
@@ -417,7 +417,7 @@ function stripUndefinedLabels(
   parserResult: lockFileParser.PkgTree,
 ): lockFileParser.PkgTree {
   const optionalLabels = parserResult.labels;
-  const mandatoryLabels: Record<string, string> = {};
+  const mandatoryLabels: Record<string, any> = {};
   if (optionalLabels) {
     for (const currentLabelName of Object.keys(optionalLabels)) {
       if (optionalLabels[currentLabelName] !== undefined) {
@@ -428,7 +428,7 @@ function stripUndefinedLabels(
   const parserResultWithProperLabels = Object.assign({}, parserResult, {
     labels: mandatoryLabels,
   });
-  return parserResultWithProperLabels;
+  return parserResultWithProperLabels as lockFileParser.PkgTree;
 }
 
 async function buildDepGraph(
@@ -513,7 +513,10 @@ async function buildDepGraphFromDepTree(
     // Don't provide a default manifest file name, prefer the parser to infer it.
   );
   const strippedLabelsParserResult = stripUndefinedLabels(parserResult);
-  return await legacy.depTreeToGraph(strippedLabelsParserResult, lockfileType);
+  return await legacy.depTreeToGraph(
+    strippedLabelsParserResult as any,
+    lockfileType,
+  );
 }
 
 export function getLockFileVersion(

eslint.config.mjs

@@ -0,0 +1,11 @@
+import { ExtractedLayers } from "../../extractor/types";
+import { BaseRuntime } from "../../facts";
+import { getJavaRuntimeReleaseContent } from "../../inputs/base-runtimes/static";
+import { parseJavaRuntimeRelease } from "./parser";
+
+export function detectJavaRuntime(
+  extractedLayers: ExtractedLayers,
+): BaseRuntime | null {
+  const releaseContent = getJavaRuntimeReleaseContent(extractedLayers);
+  return releaseContent ? parseJavaRuntimeRelease(releaseContent) : null;
+}

lib/analyzer/applications/node.ts

@@ -0,0 +1,34 @@
+import { BaseRuntime } from "../../facts";
+
+const VALID_VERSION_PATTERN =
+  /^(?!.*\.\.)[0-9]+(?:[._+a-zA-Z0-9-]*[a-zA-Z0-9])?$/;
+
+const regex = /^\s*JAVA_VERSION\s*=\s*(?:(["'])(.*?)\1|([^#\r\n]+))/gm;
+
+function isValidJavaVersion(version: string): boolean {
+  if (!version || version.length === 0) {
+    return false;
+  }
+  return VALID_VERSION_PATTERN.test(version);
+}
+
+export function parseJavaRuntimeRelease(content: string): BaseRuntime | null {
+  if (!content || content.trim().length === 0) {
+    return null;
+  }
+  try {
+    const matches = [...content.matchAll(regex)];
+
+    if (matches.length !== 1) {
+      return null;
+    }
+    const version = (matches[0][2] || matches[0][3] || "").trim();
+
+    if (!isValidJavaVersion(version)) {
+      return null;
+    }
+    return { type: "java", version };
+  } catch (error) {
+    return null;
+  }
+}

lib/analyzer/base-runtimes/index.ts

@@ -15,6 +15,7 @@ import {
   getDpkgFileContentAction,
   getExtFileContentAction,
 } from "../inputs/apt/static";
+import { getJavaRuntimeReleaseAction } from "../inputs/base-runtimes/static";
 import {
   getBinariesHashes,
   getNodeBinariesFileContentAction,
@@ -67,6 +68,7 @@ import { jarFilesToScannedResults } from "./applications/java";
 import { pipFilesToScannedProjects } from "./applications/python";
 import { getApplicationFiles } from "./applications/runtime-common";
 import { AppDepsScanResultWithoutTarget } from "./applications/types";
+import { detectJavaRuntime } from "./base-runtimes";
 import * as osReleaseDetector from "./os-release";
 import { analyze as apkAnalyze } from "./package-managers/apk";
 import {
@@ -105,6 +107,7 @@ export async function analyze(
     ...getOsReleaseActions,
     getNodeBinariesFileContentAction,
     getOpenJDKBinariesFileContentAction,
+    getJavaRuntimeReleaseAction,
     getDpkgPackageFileContentAction,
     getRedHatRepositoriesContentAction,
   ];
@@ -233,6 +236,8 @@ export async function analyze(
   }
 
   const binaries = getBinariesHashes(extractedLayers);
+  const javaRuntime = detectJavaRuntime(extractedLayers);
+  const baseRuntimes = javaRuntime ? [javaRuntime] : undefined;
 
   const applicationDependenciesScanResults: AppDepsScanResultWithoutTarget[] =
     [];
@@ -309,6 +314,7 @@ export async function analyze(
     platform,
     results,
     binaries,
+    baseRuntimes,
     imageLayers: manifestLayers,
     rootFsLayers,
     applicationDependenciesScanResults,

lib/analyzer/base-runtimes/parser.ts

@@ -1,4 +1,5 @@
 import { ImageName } from "../extractor/image";
+import { BaseRuntime } from "../facts";
 import { AutoDetectedUserInstructions, ManifestFile } from "../types";
 import {
   AppDepsScanResultWithoutTarget,
@@ -75,6 +76,7 @@ export interface StaticAnalysis {
   osRelease: OSRelease;
   results: ImageAnalysis[];
   binaries: string[];
+  baseRuntimes?: BaseRuntime[];
   imageLayers: string[];
   rootFsLayers?: string[];
   autoDetectedUserInstructions?: AutoDetectedUserInstructions;