@socketsecurity/cli-with-sentry 1.1.23 → 1.1.25

package/dist/cli.js

@@ -3547,11 +3547,14 @@ async function coanaFix(fixConfig) {
     applyFixes,
     autopilot,
     cwd,
+    disableMajorUpdates,
     ghsas,
     glob,
     limit,
+    minimumReleaseAge,
     orgSlug,
     outputFile,
+    showAffectedDirectDependencies,
     spinner
   } = fixConfig;
   const fixEnv = await getFixEnv();
@@ -3616,7 +3619,7 @@ async function coanaFix(fixConfig) {
         }
       };
     }
-    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner,
       stdio: 'inherit'
@@ -3651,7 +3654,7 @@ async function coanaFix(fixConfig) {
   const shouldSpawnCoana = adjustedLimit > 0;
   let ids;
   if (shouldSpawnCoana && isAll) {
-    const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner
     });
@@ -3693,7 +3696,7 @@ async function coanaFix(fixConfig) {
 
     // Apply fix for single GHSA ID.
     // eslint-disable-next-line no-await-in-loop
-    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner,
       stdio: 'inherit'
@@ -3906,15 +3909,18 @@ async function handleFix({
   applyFixes,
   autopilot,
   cwd,
+  disableMajorUpdates,
   ghsas,
   glob,
   limit,
   minSatisfying,
+  minimumReleaseAge,
   orgSlug,
   outputFile,
   outputKind,
   prCheck,
   rangeStyle,
+  showAffectedDirectDependencies,
   spinner,
   unknownFlags
 }) {
@@ -3922,6 +3928,7 @@ async function handleFix({
   require$$9.debugDir('inspect', {
     autopilot,
     cwd,
+    disableMajorUpdates,
     ghsas,
     glob,
     limit,
@@ -3931,18 +3938,22 @@ async function handleFix({
     outputKind,
     prCheck,
     rangeStyle,
+    showAffectedDirectDependencies,
     unknownFlags
   });
   await outputFixResult(await coanaFix({
     autopilot,
     applyFixes,
     cwd,
+    disableMajorUpdates,
     // Convert mixed CVE/GHSA/PURL inputs to GHSA IDs only
     ghsas: await convertIdsToGhsas(ghsas),
     glob,
     limit,
+    minimumReleaseAge,
     orgSlug,
     rangeStyle,
+    showAffectedDirectDependencies,
     spinner,
     unknownFlags,
     outputFile
@@ -3972,6 +3983,13 @@ const generalFlags$2 = {
     // Hidden to allow custom documenting of the negated `--no-apply-fixes` variant.
     hidden: true
   },
+  majorUpdates: {
+    type: 'boolean',
+    default: true,
+    description: 'Allow major version updates. Use --no-major-updates to disable.',
+    // Hidden to allow custom documenting of the negated `--no-major-updates` variant.
+    hidden: true
+  },
   id: {
     type: 'string',
     default: [],
@@ -4001,6 +4019,16 @@ Available styles:
     type: 'string',
     default: '',
     description: 'Path to store upgrades as a JSON file at this path.'
+  },
+  minimumReleaseAge: {
+    type: 'string',
+    default: '',
+    description: 'Set a minimum age requirement for suggested upgrade versions (e.g., 1h, 2d, 3w). A higher age requirement reduces the risk of upgrading to malicious versions. For example, setting the value to 1 week (1w) gives ecosystem maintainers one week to remove potentially malicious versions.'
+  },
+  showAffectedDirectDependencies: {
+    type: 'boolean',
+    default: false,
+    description: 'List the direct dependencies responsible for introducing transitive vulnerabilities and list the updates required to resolve the vulnerabilities'
   }
 };
 const hiddenFlags = {
@@ -4084,6 +4112,12 @@ async function run$K(argv, importMeta, {
       noApplyFixes: {
         ...config.flags['applyFixes'],
         hidden: false
+      },
+      // Explicitly document the negated --no-major-updates variant.
+      noMajorUpdates: {
+        ...config.flags['majorUpdates'],
+        description: 'Do not suggest or apply fixes that require major version updates of direct or transitive dependencies',
+        hidden: false
       }
     })}
 
@@ -4113,17 +4147,21 @@ async function run$K(argv, importMeta, {
     glob,
     json,
     limit,
+    majorUpdates,
     markdown,
     maxSatisfying,
+    minimumReleaseAge,
     outputFile,
     prCheck,
     rangeStyle,
+    showAffectedDirectDependencies,
     // We patched in this feature with `npx custompatch meow` at
     // socket-cli/patches/meow#13.2.0.patch.
     unknownFlags = []
   } = cli.flags;
   const dryRun = !!cli.flags['dryRun'];
   const minSatisfying = cli.flags['minSatisfying'] || !maxSatisfying;
+  const disableMajorUpdates = !majorUpdates;
   const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     test: utils.RangeStyles.includes(rangeStyle),
@@ -4161,14 +4199,17 @@ async function run$K(argv, importMeta, {
     autopilot,
     applyFixes,
     cwd,
+    disableMajorUpdates,
     ghsas,
     glob,
     limit,
+    minimumReleaseAge,
     minSatisfying,
     prCheck,
     orgSlug,
     outputKind,
     rangeStyle,
+    showAffectedDirectDependencies,
     spinner,
     unknownFlags,
     outputFile
@@ -14954,5 +14995,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=7d7feb5c-caaa-4477-9563-76861e408418
+//# debugId=3a127de6-5ee9-48f9-aded-7e7e7e868c6a
 //# sourceMappingURL=cli.js.map