Fix broken sarif export

[JarLob]

Plus upgrade sarif schema to 2.1.0

[phosphore]

About ba73cfd, this is needed for some checks where no location is present afaik. Or is it a Sarif spec requirement to have at least 0:0 for the lin:col? issue.location could be undefined in some checks (e.g. CSP?)

[JarLob]

Yes, I was testing with different Sarif viewers like VS Code and VS. Implementations differ. First I thought to skip region at all, but this combination is the best common denominator. Sarif also doesn't like 0:0, so having 1:1 when no file is available doesn't change anything. The change affects only the exported sarif json file.

[phosphore]

Fair enough. Is issue.location always present tho?
ba73cfd#diff-e97b0ce1d9051faf00c21306911cf6bcfd8a245e5783ec1a9b448dc6c8dd8966R116-R117

[JarLob]

Yes, it is 0:0 if no file. Can check location for undefined if you think it is better.
The final version btw is:

startLine: issue.location.line === 0 ? 1 : issue.location.line, // This is odd, VS and VS Code highlight the line correctly, but min value is 1
startColumn: issue.location.column + 1, // sarif columns start from 1
charLength: issue.sample ? issue.sample.length : 0

I dropped the check for N/A. Just adjust indices and set charLength to zero if sample is not available.

[phosphore]

Thank you very much @JarLob <3
I'll merge this and create a new v1.8.1 tag here and on NPM.