@socketsecurity/cli-with-sentry 0.14.85 → 0.14.87

package/dist/require/cli.js

@@ -912,7 +912,7 @@ function emitBanner(name) {
   logger.logger.error(getAsciiHeader(name))
 }
 function getAsciiHeader(command) {
-  const cliVersion = '0.14.85:f285d45:d2e4291f:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
+  const cliVersion = '0.14.87:0330c30:e39f7589:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
   const nodeVersion = process$1.version
   const apiToken = shadowNpmInject.getDefaultToken()
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
@@ -3900,7 +3900,6 @@ async function npmFix(
   const editablePkgJson = await packages.readPackageJson(cwd, {
     editable: true
   })
-  const { content: pkgJson } = editablePkgJson
   await arb.buildIdealTree()
   for (const { 0: name, 1: infos } of infoByPkg) {
     const hasUpgrade = !!registry.getManifestData(NPM$f, name)
@@ -3942,36 +3941,40 @@ async function npmFix(
           continue
         }
         const oldSpec = `${name}@${oldVersion}`
+        let targetVersion
+        let failed = false
+        let installed = false
+        let saved = false
         if (
           shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)
         ) {
-          const targetVersion = node.package.version
+          targetVersion = node.package.version
           const fixSpec = `${name}@^${targetVersion}`
           const revertData = {
-            ...(pkgJson.dependencies
+            ...(editablePkgJson.content.dependencies
               ? {
-                  dependencies: pkgJson.dependencies
+                  dependencies: editablePkgJson.content.dependencies
                 }
               : undefined),
-            ...(pkgJson.optionalDependencies
+            ...(editablePkgJson.content.optionalDependencies
               ? {
-                  optionalDependencies: pkgJson.optionalDependencies
+                  optionalDependencies:
+                    editablePkgJson.content.optionalDependencies
                 }
               : undefined),
-            ...(pkgJson.peerDependencies
+            ...(editablePkgJson.content.peerDependencies
               ? {
-                  peerDependencies: pkgJson.peerDependencies
+                  peerDependencies: editablePkgJson.content.peerDependencies
                 }
               : undefined)
           }
           spinner?.info(`Installing ${fixSpec}`)
-          let saved = false
-          let installed = false
           try {
             shadowNpmInject.updatePackageJsonFromNode(
               editablePkgJson,
               arb.idealTree,
               node,
+              targetVersion,
               rangeStyle
             )
             // eslint-disable-next-line no-await-in-loop
@@ -3993,20 +3996,8 @@ async function npmFix(
             }
             spinner?.successAndStop(`Fixed ${name}`)
             spinner?.start()
-            // Lazily access constants.ENV[CI].
-            if (constants.ENV[CI$1]) {
-              // eslint-disable-next-line no-await-in-loop
-              const prResponse = await openGitHubPullRequest(
-                name,
-                targetVersion,
-                cwd
-              )
-              if (autoMerge) {
-                // eslint-disable-next-line no-await-in-loop
-                await enableAutoMerge(prResponse.data)
-              }
-            }
           } catch {
+            failed = true
             spinner?.error(`Reverting ${fixSpec}`)
             if (saved) {
               editablePkgJson.update(revertData)
@@ -4022,8 +4013,35 @@ async function npmFix(
             spinner?.failAndStop(`Failed to fix ${oldSpec}`)
           }
         } else {
+          failed = true
           spinner?.failAndStop(`Could not patch ${oldSpec}`)
         }
+        if (
+          !failed &&
+          // Check targetVersion to make TypeScript happy.
+          targetVersion &&
+          // Lazily access constants.ENV[CI].
+          constants.ENV[CI$1]
+        ) {
+          let prResponse
+          try {
+            // eslint-disable-next-line no-await-in-loop
+            prResponse = await openGitHubPullRequest(name, targetVersion, cwd)
+          } catch (e) {
+            logger.logger.error('Failed to open pull request', e)
+          }
+          if (prResponse && autoMerge) {
+            try {
+              // eslint-disable-next-line no-await-in-loop
+              await enableAutoMerge(prResponse.data)
+            } catch (e) {
+              logger.logger.error(
+                'Failed to enable auto-merge in pull request',
+                e
+              )
+            }
+          }
+        }
       }
     }
   }
@@ -4211,7 +4229,7 @@ function runAgentInstall(pkgEnvDetails, options) {
     ...options
   }
   const skipNodeHardenFlags =
-    pkgEnvDetails.agent === PNPM$a && pkgEnvDetails.agentVersion.major < 11
+    agent === PNPM$a && pkgEnvDetails.agentVersion.major < 11
   return spawn.spawn(agentExecPath, ['install', ...args], {
     spinner,
     stdio: 'inherit',
@@ -4232,8 +4250,15 @@ function runAgentInstall(pkgEnvDetails, options) {
 }
 
 const { CI, NPM: NPM$c, OVERRIDES: OVERRIDES$2, PNPM: PNPM$9 } = constants
-async function install(pkgEnvDetails, arb, options) {
-  const { spinner } = {
+async function getActualTree(cwd = process.cwd()) {
+  const arb = new shadowNpmInject.SafeArborist({
+    path: cwd,
+    ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
+  })
+  return await arb.loadActual()
+}
+async function install(pkgEnvDetails, options) {
+  const { cwd, spinner } = {
     __proto__: null,
     ...options
   }
@@ -4242,8 +4267,7 @@ async function install(pkgEnvDetails, arb, options) {
     spinner,
     stdio: debug.isDebug() ? 'inherit' : 'ignore'
   })
-  arb.actualTree = null
-  await arb.loadActual()
+  return await getActualTree(cwd)
 }
 async function pnpmFix(
   pkgEnvDetails,
@@ -4272,12 +4296,7 @@ async function pnpmFix(
   const editablePkgJson = await packages.readPackageJson(cwd, {
     editable: true
   })
-  const { content: pkgJson } = editablePkgJson
-  const arb = new shadowNpmInject.SafeArborist({
-    path: cwd,
-    ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
-  })
-  await arb.loadActual()
+  let actualTree = await getActualTree(cwd)
   for (const { 0: name, 1: infos } of infoByPkg) {
     if (registry.getManifestData(NPM$c, name)) {
       spinner?.info(`Skipping ${name}. Socket Optimize package exists.`)
@@ -4285,7 +4304,7 @@ async function pnpmFix(
     }
     const specs = arrays.arrayUnique(
       shadowNpmInject
-        .findPackageNodes(arb.actualTree, name)
+        .findPackageNodes(actualTree, name)
         .map(n => `${n.name}@${n.version}`)
     )
     const packument =
@@ -4305,7 +4324,7 @@ async function pnpmFix(
         vulnerableVersionRange
       } of infos) {
         const node = shadowNpmInject.findPackageNode(
-          arb.actualTree,
+          actualTree,
           name,
           oldVersion
         )
@@ -4322,15 +4341,22 @@ async function pnpmFix(
         const targetPackument = targetVersion
           ? packument.versions[targetVersion]
           : undefined
+        let failed = false
+        let installed = false
+        let saved = false
         if (targetVersion && targetPackument) {
-          const oldPnpm = pkgJson[PNPM$9]
-          const pnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
+          const oldPnpm = editablePkgJson.content[PNPM$9]
+          const oldPnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
           const oldOverrides = oldPnpm?.[OVERRIDES$2]
-          const overridesCount = oldOverrides
+          const oldOverridesCount = oldOverrides
             ? Object.keys(oldOverrides).length
             : 0
           const overrideKey = `${node.name}@${vulnerableVersionRange}`
-          const overrideRange = `^${targetVersion}`
+          const overrideRange = shadowNpmInject.applyRange(
+            oldOverrides?.[overrideKey] ?? targetVersion,
+            targetVersion,
+            rangeStyle
+          )
           const fixSpec = `${name}@${overrideRange}`
           const updateData = {
             [PNPM$9]: {
@@ -4342,11 +4368,11 @@ async function pnpmFix(
             }
           }
           const revertData = {
-            [PNPM$9]: pnpmKeyCount
+            [PNPM$9]: oldPnpmKeyCount
               ? {
                   ...oldPnpm,
                   [OVERRIDES$2]:
-                    overridesCount === 1
+                    oldOverridesCount === 1
                       ? undefined
                       : {
                           [overrideKey]: undefined,
@@ -4354,31 +4380,31 @@ async function pnpmFix(
                         }
                 }
               : undefined,
-            ...(pkgJson.dependencies
+            ...(editablePkgJson.content.dependencies
               ? {
-                  dependencies: pkgJson.dependencies
+                  dependencies: editablePkgJson.content.dependencies
                 }
               : undefined),
-            ...(pkgJson.optionalDependencies
+            ...(editablePkgJson.content.optionalDependencies
               ? {
-                  optionalDependencies: pkgJson.optionalDependencies
+                  optionalDependencies:
+                    editablePkgJson.content.optionalDependencies
                 }
               : undefined),
-            ...(pkgJson.peerDependencies
+            ...(editablePkgJson.content.peerDependencies
               ? {
-                  peerDependencies: pkgJson.peerDependencies
+                  peerDependencies: editablePkgJson.content.peerDependencies
                 }
               : undefined)
           }
           spinner?.info(`Installing ${fixSpec}`)
-          let saved = false
-          let installed = false
           try {
             editablePkgJson.update(updateData)
             shadowNpmInject.updatePackageJsonFromNode(
               editablePkgJson,
-              arb.actualTree,
+              actualTree,
               node,
+              targetVersion,
               rangeStyle
             )
             // eslint-disable-next-line no-await-in-loop
@@ -4386,7 +4412,7 @@ async function pnpmFix(
             saved = true
 
             // eslint-disable-next-line no-await-in-loop
-            await install(pkgEnvDetails, arb, {
+            actualTree = await install(pkgEnvDetails, {
               spinner
             })
             installed = true
@@ -4400,21 +4426,8 @@ async function pnpmFix(
             }
             spinner?.successAndStop(`Fixed ${name}`)
             spinner?.start()
-
-            // Lazily access constants.ENV[CI].
-            if (constants.ENV[CI]) {
-              // eslint-disable-next-line no-await-in-loop
-              const prResponse = await openGitHubPullRequest(
-                name,
-                targetVersion,
-                cwd
-              )
-              if (autoMerge) {
-                // eslint-disable-next-line no-await-in-loop
-                await enableAutoMerge(prResponse.data)
-              }
-            }
           } catch (e) {
+            failed = true
             spinner?.error(`Reverting ${fixSpec}`, e)
             if (saved) {
               editablePkgJson.update(revertData)
@@ -4423,15 +4436,42 @@ async function pnpmFix(
             }
             if (installed) {
               // eslint-disable-next-line no-await-in-loop
-              await install(pkgEnvDetails, arb, {
+              actualTree = await install(pkgEnvDetails, {
                 spinner
               })
             }
             spinner?.failAndStop(`Failed to fix ${oldSpec}`)
           }
         } else {
+          failed = true
           spinner?.failAndStop(`Could not patch ${oldSpec}`)
         }
+        if (
+          !failed &&
+          // Check targetVersion to make TypeScript happy.
+          targetVersion &&
+          // Lazily access constants.ENV[CI].
+          constants.ENV[CI]
+        ) {
+          let prResponse
+          try {
+            // eslint-disable-next-line no-await-in-loop
+            prResponse = await openGitHubPullRequest(name, targetVersion, cwd)
+          } catch (e) {
+            logger.logger.error('Failed to open pull request', e)
+          }
+          if (prResponse && autoMerge) {
+            try {
+              // eslint-disable-next-line no-await-in-loop
+              await enableAutoMerge(prResponse.data)
+            } catch (e) {
+              logger.logger.error(
+                'Failed to enable auto-merge in pull request',
+                e
+              )
+            }
+          }
+        }
       }
     }
   }
@@ -6365,13 +6405,13 @@ const depsIncludesByAgent = new Map([
   [YARN_CLASSIC$5, matchLsCmdViewHumanStdout]
 ])
 
-function getDependencyEntries(pkgJson) {
+function getDependencyEntries(editablePkgJson) {
   const {
     dependencies,
     devDependencies,
     optionalDependencies,
     peerDependencies
-  } = pkgJson
+  } = editablePkgJson.content
   return [
     [
       'dependencies',
@@ -6422,8 +6462,8 @@ const {
   YARN_BERRY: YARN_BERRY$3,
   YARN_CLASSIC: YARN_CLASSIC$4
 } = constants
-function getOverridesDataBun(pkgJson) {
-  const overrides = pkgJson?.[RESOLUTIONS$1] ?? {}
+function getOverridesDataBun(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
   return {
     type: YARN_BERRY$3,
     overrides
@@ -6432,8 +6472,8 @@ function getOverridesDataBun(pkgJson) {
 
 // npm overrides documentation:
 // https://docs.npmjs.com/cli/v10/configuring-npm/package-json#overrides
-function getOverridesDataNpm(pkgJson) {
-  const overrides = pkgJson?.[OVERRIDES$1] ?? {}
+function getOverridesDataNpm(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[OVERRIDES$1] ?? {}
   return {
     type: NPM$5,
     overrides
@@ -6442,15 +6482,15 @@ function getOverridesDataNpm(pkgJson) {
 
 // pnpm overrides documentation:
 // https://pnpm.io/package_json#pnpmoverrides
-function getOverridesDataPnpm(pkgJson) {
-  const overrides = pkgJson?.pnpm?.[OVERRIDES$1] ?? {}
+function getOverridesDataPnpm(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[PNPM$5]?.[OVERRIDES$1] ?? {}
   return {
     type: PNPM$5,
     overrides
   }
 }
-function getOverridesDataVlt(pkgJson) {
-  const overrides = pkgJson?.[OVERRIDES$1] ?? {}
+function getOverridesDataVlt(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[OVERRIDES$1] ?? {}
   return {
     type: VLT$3,
     overrides
@@ -6459,8 +6499,8 @@ function getOverridesDataVlt(pkgJson) {
 
 // Yarn resolutions documentation:
 // https://yarnpkg.com/configuration/manifest#resolutions
-function getOverridesDataYarn(pkgJson) {
-  const overrides = pkgJson?.[RESOLUTIONS$1] ?? {}
+function getOverridesDataYarn(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
   return {
     type: YARN_BERRY$3,
     overrides
@@ -6469,8 +6509,8 @@ function getOverridesDataYarn(pkgJson) {
 
 // Yarn resolutions documentation:
 // https://classic.yarnpkg.com/en/docs/selective-version-resolutions
-function getOverridesDataClassic(pkgJson) {
-  const overrides = pkgJson?.[RESOLUTIONS$1] ?? {}
+function getOverridesDataYarnClassic(editablePkgJson) {
+  const overrides = editablePkgJson.content?.[RESOLUTIONS$1] ?? {}
   return {
     type: YARN_CLASSIC$4,
     overrides
@@ -6482,12 +6522,12 @@ const overridesDataByAgent = new Map([
   [PNPM$5, getOverridesDataPnpm],
   [VLT$3, getOverridesDataVlt],
   [YARN_BERRY$3, getOverridesDataYarn],
-  [YARN_CLASSIC$4, getOverridesDataClassic]
+  [YARN_CLASSIC$4, getOverridesDataYarnClassic]
 ])
 
 const { PNPM: PNPM$4 } = constants
 const PNPM_WORKSPACE = `${PNPM$4}-workspace`
-async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
+async function getWorkspaceGlobs(agent, pkgPath, editablePkgJson) {
   let workspacePatterns
   if (agent === PNPM$4) {
     for (const workspacePath of [
@@ -6506,7 +6546,7 @@ async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
       }
     }
   } else {
-    workspacePatterns = pkgJson['workspaces']
+    workspacePatterns = editablePkgJson.content['workspaces']
   }
   return Array.isArray(workspacePatterns)
     ? workspacePatterns
@@ -6779,8 +6819,7 @@ function getHighestEntryIndex(entries, keys) {
   return getEntryIndexes(entries, keys).at(-1) ?? -1
 }
 function updatePkgJsonField(editablePkgJson, field, value) {
-  const { content: pkgJson } = editablePkgJson
-  const oldValue = pkgJson[field]
+  const oldValue = editablePkgJson.content[field]
   if (oldValue) {
     // The field already exists so we simply update the field value.
     if (field === PNPM$1) {
@@ -6831,7 +6870,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
   // Since the field doesn't exist we want to insert it into the package.json
   // in a place that makes sense, e.g. close to the "dependencies" field. If
   // we can't find a place to insert the field we'll add it to the bottom.
-  const entries = Object.entries(pkgJson)
+  const entries = Object.entries(editablePkgJson.content)
   let insertIndex = -1
   let isPlacingHigher = false
   if (field === OVERRIDES) {
@@ -6930,9 +6969,12 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
       editable: true
     })
   }
-  const { content: pkgJson } = editablePkgJson
   const workspaceName = path$1.relative(rootPath, pkgPath)
-  const workspaceGlobs = await getWorkspaceGlobs(agent, pkgPath, pkgJson)
+  const workspaceGlobs = await getWorkspaceGlobs(
+    agent,
+    pkgPath,
+    editablePkgJson
+  )
   const isRoot = pkgPath === rootPath
   const isLockScanned = isRoot && !prod
   const isWorkspace = !!workspaceGlobs
@@ -6952,19 +6994,19 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
     )
   }
   const overridesDataObjects = []
-  if (pkgJson['private'] || isWorkspace) {
-    overridesDataObjects.push(overridesDataByAgent.get(agent)(pkgJson))
+  if (editablePkgJson.content['private'] || isWorkspace) {
+    overridesDataObjects.push(overridesDataByAgent.get(agent)(editablePkgJson))
   } else {
     overridesDataObjects.push(
-      overridesDataByAgent.get(NPM$1)(pkgJson),
-      overridesDataByAgent.get(YARN_CLASSIC)(pkgJson)
+      overridesDataByAgent.get(NPM$1)(editablePkgJson),
+      overridesDataByAgent.get(YARN_CLASSIC)(editablePkgJson)
     )
   }
   spinner?.setText(
     `Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`
   )
   const depAliasMap = new Map()
-  const depEntries = getDependencyEntries(pkgJson)
+  const depEntries = getDependencyEntries(editablePkgJson)
   const manifestEntries = manifestNpmOverrides.filter(({ 1: data }) =>
     semver.satisfies(
       // Roughly check Node range as semver.coerce will strip leading
@@ -11307,7 +11349,7 @@ void (async () => {
   await vendor.updater({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: '0.14.85',
+    version: '0.14.87',
     ttl: 86_400_000 /* 24 hours in milliseconds */
   })
   try {
@@ -11375,5 +11417,5 @@ void (async () => {
     await shadowNpmInject.captureException(e)
   }
 })()
-//# debugId=4588b62f-01ad-45c5-b794-41f01c684e1f
+//# debugId=a4b7d441-5d8c-4b09-b5f2-ba36e572f667
 //# sourceMappingURL=cli.js.map