remove discord link and update for current Rust and crates

README.md

@@ -1,6 +1,6 @@
 ![Vuln Reach Logo](https://github.com/phylum-dev/vuln-reach/raw/main/assets/logo.png)
 
-![GitHub Repo stars](https://img.shields.io/github/stars/phylum-dev/vuln-reach) ![GitHub](https://img.shields.io/github/license/phylum-dev/vuln-reach) ![Discord](https://img.shields.io/discord/1070071012353376387)
+![GitHub Repo stars](https://img.shields.io/github/stars/phylum-dev/vuln-reach) ![GitHub](https://img.shields.io/github/license/phylum-dev/vuln-reach)
 
 ---
 

vuln-reach-cli/src/main.rs

@@ -2,15 +2,15 @@ use std::collections::HashMap;
 use std::fmt::Display;
 use std::path::{Path, PathBuf};
 
-use anyhow::{anyhow, Result};
+use anyhow::{Result, anyhow};
 use clap::Parser;
 use futures::future;
 use serde::de::Error;
 use serde::{Deserialize, Deserializer};
 use tokio::fs;
+use vuln_reach::javascript::package::Package;
 use vuln_reach::javascript::package::reachability::{NodePath, VulnerableNode};
 use vuln_reach::javascript::package::resolver::PackageResolver;
-use vuln_reach::javascript::package::Package;
 use vuln_reach::javascript::project::Project;
 
 type StdResult<T, E> = std::result::Result<T, E>;

vuln-reach/Cargo.toml

@@ -7,7 +7,7 @@ authors = ["Phylum, Inc. <engineering@phylum.io>"]
 repository = "https://github.com/phylum-dev/vuln-reach"
 documentation = "https://docs.rs/vuln-reach"
 license-file = "../LICENSE"
-rust-version = "1.74"
+rust-version = "1.82"
 readme = "../README.md"
 
 [dependencies]

vuln-reach/src/javascript/lang/accesses.rs

@@ -5,7 +5,7 @@ use lazy_static::lazy_static;
 use tree_sitter::{Node, Query, QueryCursor};
 
 use super::symbol_table::SymbolTable;
-use crate::{Cursor, Error, Result, Tree, TreeCursorCache, JS};
+use crate::{Cursor, Error, JS, Result, Tree, TreeCursorCache};
 
 /// An instance of a variable access (call or right-hand assignment).
 /// Represents an edge from the access scope to the declaration scope.
@@ -308,7 +308,7 @@ impl<'a> AccessGraph<'a> {
                 // act like a declaration in their scope.
                 if let Some(accessor) = declaration_access.accessor.filter(|node| {
                     let mut cursor = Cursor::new(self.tree, *node).unwrap();
-                    cursor.goto_parent().map_or(false, |node| node.kind() != "formal_parameters")
+                    cursor.goto_parent().is_some_and(|node| node.kind() != "formal_parameters")
                 }) {
                     // If the accessor is suitable, push it onto the queue alongside the
                     // path that leads to it.

vuln-reach/src/javascript/lang/exports.rs

@@ -4,7 +4,7 @@ use std::collections::{HashMap, HashSet};
 use lazy_static::lazy_static;
 use tree_sitter::{Node, Query, QueryCursor};
 
-use crate::{Error, Tree, JS};
+use crate::{Error, JS, Tree};
 
 // CommonJS
 //

vuln-reach/src/javascript/lang/imports.rs

@@ -6,7 +6,7 @@ use std::ops::Deref;
 use lazy_static::lazy_static;
 use tree_sitter::{Node, Query, QueryCursor};
 
-use crate::{Cursor, Error, Tree, JS};
+use crate::{Cursor, Error, JS, Tree};
 
 // CommonJS
 //

vuln-reach/src/javascript/module/mod.rs

@@ -15,10 +15,10 @@ use crate::javascript::lang::exports::{CommonJsExports, EsmExports, Exports};
 use crate::javascript::lang::imports::Imports;
 use crate::javascript::lang::symbol_table::SymbolTable;
 pub use crate::javascript::module::module_cache::ModuleCache;
+pub use crate::javascript::module::resolver::ModuleResolver;
 pub use crate::javascript::module::resolver::fs::FilesystemModuleResolver;
 pub use crate::javascript::module::resolver::mem::MemModuleResolver;
 pub use crate::javascript::module::resolver::tgz::TarballModuleResolver;
-pub use crate::javascript::module::resolver::ModuleResolver;
 use crate::{Error, Result, Tree};
 
 #[derive(Clone, Debug)]
@@ -86,19 +86,19 @@ impl Module {
         self.borrow_tree()
     }
 
-    pub fn imports(&self) -> &Imports {
+    pub fn imports(&self) -> &Imports<'_> {
         self.borrow_imports()
     }
 
-    pub fn exports(&self) -> &Exports {
+    pub fn exports(&self) -> &Exports<'_> {
         self.borrow_exports()
     }
 
-    pub fn symbol_table(&self) -> &SymbolTable {
+    pub fn symbol_table(&self) -> &SymbolTable<'_> {
         self.borrow_symbol_table()
     }
 
-    pub fn accesses(&self) -> &AccessGraph {
+    pub fn accesses(&self) -> &AccessGraph<'_> {
         self.borrow_accesses()
     }
 

vuln-reach/src/javascript/module/module_cache.rs

@@ -4,9 +4,9 @@ use std::fmt::Write;
 use std::path::{Path, PathBuf};
 
 use super::resolver::resolve_path;
+use crate::Result;
 use crate::javascript::lang::imports::Imports;
 use crate::javascript::module::{Module, ModuleResolver};
-use crate::Result;
 
 // Type aliases are just for clarity.
 type RelativeSpec = PathBuf;

vuln-reach/src/javascript/module/resolver/fs.rs

@@ -4,8 +4,8 @@ use std::path::{Path, PathBuf};
 use walkdir::WalkDir;
 
 use super::{entry_point, is_valid_js_extension};
-use crate::javascript::module::resolver::ModuleResolver;
 use crate::javascript::module::Module;
+use crate::javascript::module::resolver::ModuleResolver;
 use crate::{Error, Result, Tree};
 
 pub struct FilesystemModuleResolver {

vuln-reach/src/javascript/module/resolver/mem.rs

@@ -2,8 +2,8 @@ use std::collections::HashMap;
 use std::path::{Path, PathBuf};
 
 use super::{entry_point, is_valid_js_extension};
-use crate::javascript::module::resolver::ModuleResolver;
 use crate::javascript::module::Module;
+use crate::javascript::module::resolver::ModuleResolver;
 use crate::{Error, Result, Tree};
 
 pub struct MemModuleResolver {

vuln-reach/src/javascript/module/resolver/mod.rs

@@ -7,7 +7,7 @@ use std::path::{Path, PathBuf};
 use serde::Deserialize;
 
 use crate::javascript::module::Module;
-use crate::{util, Error, Result};
+use crate::{Error, Result, util};
 
 /// Trait for implementing module resolvers.
 pub trait ModuleResolver {
@@ -114,7 +114,7 @@ fn is_relative<P: AsRef<Path>>(path: P) -> bool {
 }
 
 fn is_valid_js_extension<P: AsRef<Path>>(path: P) -> bool {
-    path.as_ref().extension().map_or(false, |ext| {
+    path.as_ref().extension().is_some_and(|ext| {
         let lowercase_ext = ext.to_string_lossy().to_lowercase();
         ["js", "mjs", "cjs"].contains(&&*lowercase_ext)
     })

vuln-reach/src/javascript/module/resolver/tgz.rs

@@ -6,8 +6,8 @@ use flate2::read::GzDecoder;
 use tar::Archive;
 
 use super::{entry_point, is_valid_js_extension};
-use crate::javascript::module::resolver::ModuleResolver;
 use crate::javascript::module::Module;
+use crate::javascript::module::resolver::ModuleResolver;
 use crate::{Error, Result, Tree};
 
 pub struct TarballModuleResolver {

vuln-reach/src/javascript/package/mod.rs

@@ -10,12 +10,12 @@ use std::path::{Path, PathBuf};
 use reachability::{PackageReachability, VulnerableNode};
 
 use super::lang::imports::{CommonJsImports, EsmImports};
+use crate::Result;
 use crate::javascript::lang::imports::Imports;
 use crate::javascript::module::{
     FilesystemModuleResolver, MemModuleResolver, Module, ModuleCache, ModuleResolver,
     TarballModuleResolver,
 };
-use crate::Result;
 
 /// A Javascript package.
 pub struct Package<R: ModuleResolver> {
@@ -60,7 +60,7 @@ where
     /// For convenience, we are going to mark all imports that _don't_ resolve
     /// inside the package as foreign; true unreachable exports will be just
     /// dropped.
-    pub fn foreign_imports(&self) -> HashMap<&PathBuf, Imports> {
+    pub fn foreign_imports(&self) -> HashMap<&PathBuf, Imports<'_>> {
         let mut foreign_imports = HashMap::new();
 
         // Strategy for detecting foreign imports: discard trivially relative

vuln-reach/src/javascript/project/mod.rs

@@ -7,8 +7,8 @@ use serde::{Deserialize, Serialize};
 use tree_sitter::Node;
 
 use super::lang::imports::Imports;
-use super::package::reachability::{PackageReachability, VulnerableNode};
 use super::package::Package;
+use super::package::reachability::{PackageReachability, VulnerableNode};
 use crate::javascript::module::resolver::ModuleResolver;
 use crate::javascript::package::reachability::NodePath;
 use crate::javascript::package::resolver::PackageResolver;