@socketsecurity/cli-with-sentry 1.0.74 → 1.0.75

package/dist/vendor.js

@@ -35520,7 +35520,7 @@ var isInteractiveExports = /*@__PURE__*/ requireIsInteractive();
 var dist$e = {};
 
 var name$2 = "@socketsecurity/sdk";
-var version$5 = "1.4.65";
+var version$5 = "1.4.67";
 var license = "MIT";
 var description = "SDK for the Socket API client";
 var author = {
@@ -35603,22 +35603,22 @@ var scripts = {
 	"update:deps": "npx --yes npm-check-updates"
 };
 var dependencies = {
-	"@socketsecurity/registry": "1.0.245"
+	"@socketsecurity/registry": "1.0.249"
 };
 var devDependencies = {
-	"@biomejs/biome": "2.1.2",
+	"@biomejs/biome": "2.1.3",
 	"@dotenvx/dotenvx": "1.48.3",
 	"@eslint/compat": "1.3.1",
-	"@eslint/js": "9.31.0",
+	"@eslint/js": "9.32.0",
 	"@types/node": "24.1.0",
 	"@typescript-eslint/parser": "8.38.0",
 	"@vitest/coverage-v8": "3.2.4",
 	"del-cli": "6.0.0",
-	eslint: "9.31.0",
+	eslint: "9.32.0",
 	"eslint-import-resolver-typescript": "4.4.4",
 	"eslint-plugin-import-x": "4.16.1",
-	"eslint-plugin-jsdoc": "51.4.1",
-	"eslint-plugin-n": "17.21.0",
+	"eslint-plugin-jsdoc": "52.0.0",
+	"eslint-plugin-n": "17.21.3",
 	"eslint-plugin-sort-destructure-keys": "2.0.0",
 	"eslint-plugin-unicorn": "56.0.1",
 	globals: "16.3.0",
@@ -35626,10 +35626,10 @@ var devDependencies = {
 	husky: "9.1.7",
 	knip: "5.62.0",
 	"lint-staged": "16.1.2",
-	nock: "14.0.6",
+	nock: "14.0.7",
 	"npm-run-all2": "8.0.4",
 	"openapi-typescript": "6.7.6",
-	oxlint: "1.8.0",
+	oxlint: "1.9.0",
 	"type-coverage": "2.29.7",
 	typescript: "~5.8.3",
 	"typescript-eslint": "8.38.0",
@@ -35785,18 +35785,18 @@ function requireDist$e () {
 	        });
 	        // Send the headers now. If the server would reject this request, it should
 	        // do so asap. This prevents us from sending more data to it then necessary.
-	        // If it will reject we could just await the `req.on(response` now but if it
-	        // accepts the request then the response will not come until after the final
-	        // file. So we can't await the response at this time. Just proceed, carefully.
+	        // If it will reject we could just await the `req.on(response, ...` now but
+	        // if it accepts the request then the response will not come until after the
+	        // final file. So we can't await the response at this time. Just proceed,
+	        // carefully.
 	        req.flushHeaders();
 	        // Wait for the response. It may arrive at any point during the request or
 	        // afterwards. Node will flush the output buffer at some point, initiating
 	        // the request, and the server can decide to reject the request immediately
 	        // or at any point later (ike a timeout). We should handle those cases.
-	        getResponse(req).then(res => {
-	            // Note: this returns the response to the caller to createUploadRequest
-	            pass(res);
-	        }, async (err) => {
+	        getResponse(req).then(
+	        // Note: this returns the response to the caller to createUploadRequest.
+	        pass, async (err) => {
 	            // Note: this will throw an error for the caller to createUploadRequest
 	            if (err.response && !isResponseOk(err.response)) {
 	                fail(new ResponseError(err.response, `${err.method} request failed`));
@@ -35859,7 +35859,6 @@ function requireDist$e () {
 	                req.end();
 	            }
 	        }
-	        pass(getResponse(req));
 	    });
 	}
 	async function getErrorResponseBody(response) {
@@ -41145,7 +41144,7 @@ async function defaultBrowser() {
 const execFile = require$$1$6.promisify(childProcess.execFile);
 
 // Path to included `xdg-open`.
-const __dirname$1 = path$2.dirname(require$$0$7.fileURLToPath((typeof document === 'undefined' ? require$$0$7.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('vendor.js', document.baseURI).href))));
+const __dirname$1 = path$2.dirname(require$$0$7.fileURLToPath(require('node:url').pathToFileURL(__filename).href));
 const localXdgOpenPath = path$2.join(__dirname$1, 'xdg-open');
 const {
   platform,
@@ -173351,7 +173350,7 @@ if (nodeVersion) {
 }
 // Creates a yargs-parser instance using Node.js standard libraries:
 const env = process ? process.env : {};
-const require$1 = require$$5$3.createRequire ? require$$5$3.createRequire((typeof document === 'undefined' ? require$$0$7.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('vendor.js', document.baseURI).href))) : undefined;
+const require$1 = require$$5$3.createRequire ? require$$5$3.createRequire(require('node:url').pathToFileURL(__filename).href) : undefined;
 const parser = new YargsParser({
   cwd: process.cwd,
   env: () => {
@@ -175379,5 +175378,5 @@ exports.terminalLinkExports = terminalLinkExports;
 exports.updater = updater$1;
 exports.yargsParser = yargsParser;
 exports.yoctocolorsCjsExports = yoctocolorsCjsExports;
-//# debugId=c66d6223-e897-4176-a9ee-b09c5e53964a
+//# debugId=b6f8acfa-f5fe-4675-8815-59265cc818de
 //# sourceMappingURL=vendor.js.map

package/external/@coana-tech/cli/cli.mjs

@@ -207551,18 +207551,16 @@ var MavenSocketUpgradeManager = class {
 
 // ../fixing-management/src/fixing-management/npm/npm-ecosystem-socket-fixing-manager.ts
 import { dirname as dirname5, join as join9, relative as relative6 } from "path";
+import { existsSync as existsSync10 } from "fs";
 var NpmSocketUpgradeManager = class {
   constructor(rootDir) {
     this.rootDir = rootDir;
   }
   async applySocketArtifactUpgrades(upgrades, artifacts) {
-    const { subprojectToUpgrade, workspaceToPackageManager } = await this.groupUpgradesBySubprojectAndWorkspace(
-      upgrades,
-      artifacts
-    );
+    const subprojectToUpgrade = await this.groupUpgradesBySubprojectAndWorkspace(upgrades, artifacts);
     for (const [subprojectDir, workspaceToUpgrade] of subprojectToUpgrade) {
       const fixingManager = getFixingManagerFromPackageManager(
-        workspaceToPackageManager.get(workspaceToUpgrade.keys().next().value) ?? "NPM",
+        getPackageMangerForDirectory(subprojectDir),
         this.rootDir,
         subprojectDir
       );
@@ -207572,7 +207570,6 @@ var NpmSocketUpgradeManager = class {
   async groupUpgradesBySubprojectAndWorkspace(upgrades, artifacts) {
     const subprojectToUpgrade = /* @__PURE__ */ new Map();
     const workspaceToSubproject = /* @__PURE__ */ new Map();
-    const workspaceToPackageManager = /* @__PURE__ */ new Map();
     for (const upgrade of upgrades) {
       const artifact = artifacts[upgrade.idx];
       const lockFiles = artifact.manifestFiles?.filter(
@@ -207586,10 +207583,6 @@ var NpmSocketUpgradeManager = class {
         const workspaces = isPnpmLockFile ? await getWorkspacePathsFromPnpmLockFile(subprojectDir, true) : await getWorkspacePathsFromPackageJSON(subprojectDir, true);
         for (const workspace of workspaces) {
           workspaceToSubproject.set(join9(subprojectDir, workspace), subprojectDir);
-          workspaceToPackageManager.set(
-            join9(subprojectDir, workspace),
-            isPnpmLockFile ? "PNPM" : lockFile.file.endsWith("yarn.lock") ? "YARN" : "NPM"
-          );
         }
       }
       const packageJsonFiles = artifact.manifestFiles?.filter((a4) => a4.file.endsWith("package.json"));
@@ -207606,7 +207599,7 @@ var NpmSocketUpgradeManager = class {
         subprojectToUpgrade.get(subprojectDir)?.get(workspacePath)?.push(upgrade);
       }
     }
-    return { subprojectToUpgrade, workspaceToPackageManager };
+    return subprojectToUpgrade;
   }
   async applySecurityFixesForSocketArtifacts(fixingManager, artifacts, workspaceTofixes) {
     for (const [workspacePath, upgrades] of workspaceTofixes.entries()) {
@@ -207643,6 +207636,15 @@ function getFixingManagerFromPackageManager(packageManager, rootDir, subprojectP
     return new YarnFixingManager(rootDir, subprojectPath);
   }
 }
+function getPackageMangerForDirectory(directory) {
+  if (existsSync10(join9(directory, "pnpm-lock.yaml")) || existsSync10(join9(directory, "pnpm-lock.yml"))) {
+    return "PNPM";
+  } else if (existsSync10(join9(directory, "yarn.lock"))) {
+    return "YARN";
+  } else {
+    return "NPM";
+  }
+}
 
 // ../fixing-management/src/main.ts
 var fixingManagerConstructors = {
@@ -207688,7 +207690,7 @@ async function applySocketUpgrades(ecosystem, rootDir, upgrades, artifacts) {
 
 // dist/cli-apply-fix.js
 var import_lodash12 = __toESM(require_lodash(), 1);
-import { existsSync as existsSync12 } from "fs";
+import { existsSync as existsSync13 } from "fs";
 
 // ../other-modules-communicator/src/other-modules-communicator.ts
 import { execFileSync } from "child_process";
@@ -208434,7 +208436,7 @@ async function detectVariantMaven(projectDir) {
 }
 
 // ../docker-management/src/maven/gradle-version-detector.ts
-import { existsSync as existsSync10 } from "fs";
+import { existsSync as existsSync11 } from "fs";
 import { join as join12 } from "path";
 import { readFile as readFile14 } from "fs/promises";
 async function detectVariantGradle(projectDir) {
@@ -208442,7 +208444,7 @@ async function detectVariantGradle(projectDir) {
 }
 async function detect(projectDir) {
   const gradleWrapperPropertiesPath = join12(projectDir, "gradle", "wrapper", "gradle-wrapper.properties");
-  const gradleWrapperProperties = existsSync10(gradleWrapperPropertiesPath) ? (await readFile14(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const gradleWrapperProperties = existsSync11(gradleWrapperPropertiesPath) ? (await readFile14(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!gradleWrapperProperties) return void 0;
   const distributionUrlRegex = /.*gradle-(\d+(\.\d+(\.\d+)?)?)/;
   for (const prop2 of gradleWrapperProperties) {
@@ -208456,7 +208458,7 @@ async function detect(projectDir) {
 }
 
 // ../docker-management/src/maven/sbt-version-detector.ts
-import { existsSync as existsSync11 } from "fs";
+import { existsSync as existsSync12 } from "fs";
 import { join as join13 } from "path";
 import { readFile as readFile15 } from "fs/promises";
 async function detectVariantSbt(projectDir) {
@@ -208464,7 +208466,7 @@ async function detectVariantSbt(projectDir) {
 }
 async function detect2(projectDir) {
   const sbtBuildPropertiesPath = join13(projectDir, "project", "build.properties");
-  const sbtBuildProperties = existsSync11(sbtBuildPropertiesPath) ? (await readFile15(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const sbtBuildProperties = existsSync12(sbtBuildPropertiesPath) ? (await readFile15(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!sbtBuildProperties) return void 0;
   for (const prop2 of sbtBuildProperties) {
     const [key, value] = prop2.split("=");
@@ -209881,7 +209883,7 @@ async function verifyFixes(fixes, otherModulesCommunicator, rootPath) {
   if (pathsForEachFixIdData.length !== new Set(pathsForEachFixIdData).size) {
     throw new Error("Multiple fix IDs found for the same subproject, workspace and ecosystem");
   }
-  const subprojectsNotFound = uniq3(fixes.filter(({ vulnerabilityInstance: v }) => !existsSync12(resolve19(rootPath, v.subprojectPath))).map(({ vulnerabilityInstance: v }) => `${v.subprojectPath}:${v.ecosystem}`));
+  const subprojectsNotFound = uniq3(fixes.filter(({ vulnerabilityInstance: v }) => !existsSync13(resolve19(rootPath, v.subprojectPath))).map(({ vulnerabilityInstance: v }) => `${v.subprojectPath}:${v.ecosystem}`));
   if (subprojectsNotFound.length > 0) {
     throw new Error(`Cannot find the following subprojects: ${subprojectsNotFound.join(", ")}`);
   }
@@ -210805,12 +210807,12 @@ import { readdir as readdir7 } from "fs/promises";
 import { join as join19, relative as relative10, resolve as resolve22 } from "path";
 
 // ../project-management/src/project-management/ecosystem-management/ecosystem-specs.ts
-import { existsSync as existsSync14 } from "fs";
+import { existsSync as existsSync15 } from "fs";
 import { readdir as readdir6, readFile as readFile19 } from "fs/promises";
 import { join as join18, sep as sep4 } from "path";
 
 // ../utils/src/pip-utils.ts
-import { existsSync as existsSync13 } from "fs";
+import { existsSync as existsSync14 } from "fs";
 import { readFile as readFile18 } from "fs/promises";
 import { resolve as resolve21 } from "path";
 import util6 from "util";
@@ -210907,7 +210909,7 @@ function getEcosystemSpecs(ecosystems) {
 }
 function packageManagerIfPackageJSONExistsAndValid(packageManager) {
   return async (projectDir) => {
-    if (!existsSync14(join18(projectDir, "package.json"))) return void 0;
+    if (!existsSync15(join18(projectDir, "package.json"))) return void 0;
     const packageJSONPath = join18(projectDir, "package.json");
     try {
       JSON.parse(await readFile19(packageJSONPath, "utf-8"));
@@ -211379,16 +211381,16 @@ function isVulnChainWithParentsMap(v) {
 var DEFAULT_REPORT_FILENAME_BASE = "coana-report";
 
 // dist/internal/exclude-dirs-from-configuration-files.js
-import { existsSync as existsSync15 } from "fs";
+import { existsSync as existsSync16 } from "fs";
 import { readFile as readFile20 } from "fs/promises";
 import { basename as basename5, resolve as resolve24 } from "path";
 var import_yaml2 = __toESM(require_dist11(), 1);
 async function inferExcludeDirsFromConfigurationFiles(rootWorkingDir) {
   const socketYmlConfigFile = resolve24(rootWorkingDir, "socket.yml");
-  if (existsSync15(socketYmlConfigFile))
+  if (existsSync16(socketYmlConfigFile))
     return inferExcludeDirsFromSocketConfig(socketYmlConfigFile);
   const socketYamlConfigFile = resolve24(rootWorkingDir, "socket.yaml");
-  if (existsSync15(socketYamlConfigFile))
+  if (existsSync16(socketYamlConfigFile))
     return inferExcludeDirsFromSocketConfig(socketYamlConfigFile);
   return void 0;
 }
@@ -224924,7 +224926,7 @@ var { root: root2 } = static_exports;
 
 // ../utils/src/maven-utils.ts
 var import_lodash14 = __toESM(require_lodash(), 1);
-import { existsSync as existsSync16, readdirSync as readdirSync4, statSync as statSync4 } from "fs";
+import { existsSync as existsSync17, readdirSync as readdirSync4, statSync as statSync4 } from "fs";
 import { join as join20 } from "path";
 var { memoize: memoize3 } = import_lodash14.default;
 var memoizedParseShellArgs = memoize3(parseShellArgs);
@@ -226296,7 +226298,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.10.5";
+var version2 = "14.10.6";
 
 // ../../node_modules/.pnpm/axios@1.9.0/node_modules/axios/lib/helpers/bind.js
 function bind3(fn2, thisArg) {
@@ -230826,9 +230828,7 @@ async function computeFixesAndUpgradePurls(path2, options) {
     logger.info("Run again with --apply-fixes-to GHSA_IDS to fix those vulnerabilities by computing packages to upgrade and apply them");
     return;
   }
-  const vulnerableArtifactIdsForGhsas = options.applyFixesTo.flatMap((ghsa) => [
-    ...vulnerableArtifactIdsPerVulnerability.get(ghsa)?.values() ?? []
-  ]);
+  const vulnerableArtifactIdsForGhsas = options.applyFixesTo.includes("all") ? Array.from(vulnerableArtifactIdsPerVulnerability.values()).flatMap((ids) => Array.from(ids)) : options.applyFixesTo.flatMap((ghsa) => [...vulnerableArtifactIdsPerVulnerability.get(ghsa)?.values() ?? []]);
   const computedFix = await useSocketComputeFixEndpoint(artifacts, vulnerableArtifactIdsForGhsas);
   if (computedFix.type !== "success") {
     throw new Error(`No fix found for the given vulnerabilities`);
@@ -231009,7 +231009,7 @@ upgradePurls.name("upgrade-purls").argument("<path>", "File system path to the f
   await upgradePurl(path2, upgradeSpecs, options);
 }).configureHelp({ sortOptions: true });
 var computeFixesAndUpgradePurlsCmd = new Command();
-computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument("<path>", "File system path to the folder containing the project").option("-a, --apply-fixes-to <ghsas...>", "GHSA IDs to compute fixes for", []).option("--dry-run", "Show what changes would be made without actually making them", false).option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).action(async (path2, options) => {
+computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument("<path>", "File system path to the folder containing the project").option("-a, --apply-fixes-to <ghsas...>", 'GHSA IDs to compute fixes for. Use "all" to compute fixes for all vulnerabilities.', []).option("--dry-run", "Show what changes would be made without actually making them", false).option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).action(async (path2, options) => {
   process.env.DOCKER_IMAGE_TAG ??= version2;
   await computeFixesAndUpgradePurls(path2, options);
 }).configureHelp({ sortOptions: true });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli-with-sentry",
-  "version": "1.0.74",
+  "version": "1.0.75",
   "description": "CLI for Socket.dev, includes Sentry error handling, otherwise identical to the regular `socket` package",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -84,8 +84,8 @@
     "@babel/plugin-transform-runtime": "7.28.0",
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.2",
-    "@biomejs/biome": "2.1.2",
-    "@coana-tech/cli": "14.10.5",
+    "@biomejs/biome": "2.1.3",
+    "@coana-tech/cli": "14.10.6",
     "@cyclonedx/cdxgen": "11.4.4",
     "@dotenvx/dotenvx": "1.48.3",
     "@eslint/compat": "1.3.1",
@@ -113,7 +113,7 @@
     "@socketregistry/packageurl-js": "1.0.8",
     "@socketsecurity/config": "3.0.1",
     "@socketsecurity/registry": "1.0.249",
-    "@socketsecurity/sdk": "1.4.65",
+    "@socketsecurity/sdk": "1.4.67",
     "@types/blessed": "0.1.25",
     "@types/cmd-shim": "5.0.2",
     "@types/js-yaml": "4.0.9",
@@ -127,7 +127,7 @@
     "@types/which": "3.0.4",
     "@types/yargs-parser": "21.0.3",
     "@typescript-eslint/parser": "8.38.0",
-    "@typescript/native-preview": "7.0.0-dev.20250728.1",
+    "@typescript/native-preview": "7.0.0-dev.20250729.2",
     "@vitest/coverage-v8": "3.2.4",
     "blessed": "0.1.81",
     "blessed-contrib": "4.11.0",
@@ -158,7 +158,7 @@
     "npm-package-arg": "13.0.0",
     "npm-run-all2": "8.0.4",
     "open": "10.2.0",
-    "oxlint": "1.8.0",
+    "oxlint": "1.9.0",
     "pony-cause": "2.1.11",
     "registry-auth-token": "5.1.0",
     "registry-url": "7.2.0",
@@ -239,6 +239,6 @@
     "strict": true
   },
   "dependencies": {
-    "@sentry/node": "9.42.1"
+    "@sentry/node": "9.43.0"
   }
 }