@socketsecurity/cli-with-sentry 1.0.18 → 1.0.19

package/dist/cli.js

@@ -3725,6 +3725,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
     autoMerge,
     cwd,
     limit,
+    minSatisfying,
     rangeStyle,
     spinner,
     test,
@@ -3876,7 +3877,10 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
           firstPatchedVersionIdentifier,
           vulnerableVersionRange
         } of infos) {
-          const newVersion = shadowNpmInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
+          const newVersion = shadowNpmInject.findBestPatchVersion(node, availableVersions, {
+            minSatisfying,
+            vulnerableVersionRange
+          });
           const newVersionPackument = newVersion ? packument.versions[newVersion] : undefined;
           if (!(newVersion && newVersionPackument)) {
             warningsForAfter.add(`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`);
@@ -4504,6 +4508,7 @@ async function handleFix({
   cwd,
   ghsas,
   limit,
+  minSatisfying,
   outputKind,
   purls,
   rangeStyle,
@@ -4578,23 +4583,25 @@ async function handleFix({
     }, outputKind);
     return;
   }
-  logger.logger.info(`Fixing packages for ${pkgEnvDetails.agent} v${pkgEnvDetails.agentVersion}.\n`);
   const {
-    agent
+    agent,
+    agentVersion
   } = pkgEnvDetails;
   if (agent !== NPM$7 && agent !== PNPM$6) {
     await outputFixResult({
       ok: false,
       message: 'Not supported.',
-      cause: `${agent} is not supported by this command.`
+      cause: `${agent} v${agentVersion} is not supported by this command.`
     }, outputKind);
     return;
   }
+  logger.logger.info(`Fixing packages for ${agent} v${agentVersion}.\n`);
   const fixer = agent === NPM$7 ? npmFix : pnpmFix;
   await outputFixResult(await fixer(pkgEnvDetails, {
     autoMerge,
     cwd,
     limit,
+    minSatisfying,
     purls,
     rangeStyle,
     spinner,
@@ -4633,6 +4640,17 @@ const config$H = {
       default: Infinity,
       description: 'The number of fixes to attempt at a time'
     },
+    maxSatisfying: {
+      type: 'boolean',
+      default: true,
+      description: 'Use the maximum satisfying version for dependency updates',
+      hidden: true
+    },
+    minSatisfying: {
+      type: 'boolean',
+      default: false,
+      description: 'Constrain dependency updates to the minimum satisfying version'
+    },
     purl: {
       type: 'string',
       default: [],
@@ -4736,6 +4754,8 @@ async function run$H(argv, importMeta, {
   }
   const ghsas = utils.cmdFlagValueToArray(cli.flags['ghsa']);
   const limit = (cli.flags['limit'] ? parseInt(String(cli.flags['limit'] || ''), 10) : Infinity) || Infinity;
+  const maxSatisfying = Boolean(cli.flags['maxSatisfying']);
+  const minSatisfying = Boolean(cli.flags['minSatisfying']) || !maxSatisfying;
   const purls = utils.cmdFlagValueToArray(cli.flags['purl']);
   const testScript = String(cli.flags['testScript'] || 'test');
   await handleFix({
@@ -4743,6 +4763,7 @@ async function run$H(argv, importMeta, {
     cwd,
     ghsas,
     limit,
+    minSatisfying,
     outputKind,
     purls,
     rangeStyle,
@@ -7599,27 +7620,10 @@ async function updateLockfile(pkgEnvDetails, options) {
   };
 }
 
-const {
-  VLT
-} = constants;
-async function applyOptimization(cwd, pin, prod) {
-  const result = await utils.detectAndValidatePackageEnvironment(cwd, {
-    cmdName: CMD_NAME,
-    logger: logger.logger,
-    prod
-  });
-  if (!result.ok) {
-    return result;
-  }
-  const pkgEnvDetails = result.data;
-  if (pkgEnvDetails.agent === VLT) {
-    return {
-      ok: false,
-      message: 'Unsupported',
-      cause: utils.cmdPrefixMessage(CMD_NAME, `${VLT} does not support overrides. Soon, though ⚡`)
-    };
-  }
-
+async function applyOptimization(pkgEnvDetails, {
+  pin,
+  prod
+}) {
   // Lazily access constants.spinner.
   const {
     spinner
@@ -7687,14 +7691,49 @@ function createActionMessage(verb, overrideCount, workspaceCount) {
   return `${verb} ${overrideCount} Socket.dev optimized ${words.pluralize('override', overrideCount)}${workspaceCount ? ` in ${workspaceCount} ${words.pluralize('workspace', workspaceCount)}` : ''}`;
 }
 
+const {
+  VLT
+} = constants;
 async function handleOptimize({
   cwd,
   outputKind,
   pin,
   prod
 }) {
-  const result = await applyOptimization(cwd, pin, prod);
-  await outputOptimizeResult(result, outputKind);
+  const pkgEnvCResult = await utils.detectAndValidatePackageEnvironment(cwd, {
+    cmdName: CMD_NAME,
+    logger: logger.logger,
+    prod
+  });
+  if (!pkgEnvCResult.ok) {
+    await outputOptimizeResult(pkgEnvCResult, outputKind);
+    return;
+  }
+  const pkgEnvDetails = pkgEnvCResult.data;
+  if (!pkgEnvDetails) {
+    await outputOptimizeResult({
+      ok: false,
+      message: 'No package found.',
+      cause: `No valid package environment found for project path: ${cwd}`
+    }, outputKind);
+    return;
+  }
+  const {
+    agent,
+    agentVersion
+  } = pkgEnvDetails;
+  if (agent === VLT) {
+    return {
+      ok: false,
+      message: 'Unsupported',
+      cause: utils.cmdPrefixMessage(CMD_NAME, `${agent} v${agentVersion} does not support overrides. Soon, though ⚡`)
+    };
+  }
+  logger.logger.info(`Optimizing packages for ${agent} v${agentVersion}.\n`);
+  await outputOptimizeResult(await applyOptimization(pkgEnvDetails, {
+    pin,
+    prod
+  }), outputKind);
 }
 
 const {
@@ -14188,5 +14227,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=395a6b0d-069d-4973-b244-16aa28360e30
+//# debugId=32ad27b9-7ef0-4597-96b8-7dac14a0ff3e
 //# sourceMappingURL=cli.js.map