@socketsecurity/cli-with-sentry 1.1.42 → 1.1.44

package/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+## [1.1.44](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.43) - 2025-12-09
+
+### Changed
+- Updated the Coana CLI to v `14.12.118`.
+
+## [1.1.43](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.43) - 2025-12-08
+
+### Added
+- Added `--all` flag to `socket fix` for explicitly processing all vulnerabilities in local mode. Cannot be used with `--id`.
+
+### Deprecated
+- Running `socket fix` in local mode without `--all` or `--id` is deprecated. A warning is shown when neither flag is provided. In a future release, one of these flags will be required.
 
 ## [1.1.42](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.42) - 2025-12-04
 

package/dist/cli.js

@@ -3720,6 +3720,7 @@ async function discoverGhsaIds(orgSlug, tarHash, options) {
 }
 async function coanaFix(fixConfig) {
   const {
+    all,
     applyFixes,
     autopilot,
     coanaVersion,
@@ -3775,9 +3776,14 @@ async function coanaFix(fixConfig) {
       data: uploadCResult.data
     };
   }
-  const shouldDiscoverGhsaIds = !ghsas.length;
+  const shouldDiscoverGhsaIds = all || !ghsas.length;
   const shouldOpenPrs = fixEnv.isCi && fixEnv.repoInfo;
   if (!shouldOpenPrs) {
+    // In local mode, if neither --all nor --id is provided, show deprecation warning.
+    if (shouldDiscoverGhsaIds && !all) {
+      logger.logger.warn('Implicit --all is deprecated in local mode and will be removed in a future release. Please use --all explicitly.');
+    }
+
     // Inform user about local mode when fixes will be applied.
     if (applyFixes && ghsas.length) {
       const envCheck = checkCiEnvVars();
@@ -4167,6 +4173,7 @@ async function convertIdsToGhsas(ids) {
   return validGhsas;
 }
 async function handleFix({
+  all,
   applyFixes,
   autopilot,
   coanaVersion,
@@ -4190,6 +4197,7 @@ async function handleFix({
 }) {
   require$$9.debugFn('notice', `Starting fix command for ${orgSlug}`);
   require$$9.debugDir('inspect', {
+    all,
     applyFixes,
     autopilot,
     coanaVersion,
@@ -4210,6 +4218,7 @@ async function handleFix({
     unknownFlags
   });
   await outputFixResult(await coanaFix({
+    all,
     applyFixes,
     autopilot,
     coanaVersion,
@@ -4281,6 +4290,11 @@ const generalFlags$2 = {
     // Hidden to allow custom documenting of the negated `--no-major-updates` variant.
     hidden: true
   },
+  all: {
+    type: 'boolean',
+    default: false,
+    description: 'Process all discovered vulnerabilities in local mode. Cannot be used with --id.'
+  },
   id: {
     type: 'string',
     default: [],
@@ -4288,7 +4302,7 @@ const generalFlags$2 = {
     - ${vendor.terminalLinkExports('GHSA IDs', 'https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids')} (e.g., GHSA-xxxx-xxxx-xxxx)
     - ${vendor.terminalLinkExports('CVE IDs', 'https://cve.mitre.org/cve/identifiers/')} (e.g., CVE-${new Date().getFullYear()}-1234) - automatically converted to GHSA
     - ${vendor.terminalLinkExports('PURLs', 'https://github.com/package-url/purl-spec')} (e.g., pkg:npm/package@1.0.0) - automatically converted to GHSA
-    Can be provided as comma separated values or as multiple flags`,
+    Can be provided as comma separated values or as multiple flags. Cannot be used with --all.`,
     isMultiple: true
   },
   prLimit: {
@@ -4434,6 +4448,7 @@ async function run$K(argv, importMeta, {
     allowUnknownFlags: false
   });
   const {
+    all,
     applyFixes,
     autopilot,
     ecosystems,
@@ -4473,6 +4488,9 @@ async function run$K(argv, importMeta, {
     }
     validatedEcosystems.push(ecosystem);
   }
+
+  // Collect ghsas early to validate --all and --id mutual exclusivity.
+  const ghsas = arrays.arrayUnique([...utils.cmdFlagValueToArray(cli.flags['id']), ...utils.cmdFlagValueToArray(cli.flags['ghsa']), ...utils.cmdFlagValueToArray(cli.flags['purl'])]);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     test: utils.RangeStyles.includes(rangeStyle),
     message: `Expecting range style of ${arrays.joinOr(utils.RangeStyles)}`,
@@ -4482,6 +4500,11 @@ async function run$K(argv, importMeta, {
     test: !json || !markdown,
     message: 'The json and markdown flags cannot be both set, pick one',
     fail: 'omit one'
+  }, {
+    nook: true,
+    test: !all || !ghsas.length,
+    message: 'The --all and --id flags cannot be used together',
+    fail: 'omit one'
   });
   if (!wasValidInput) {
     return;
@@ -4504,10 +4527,10 @@ async function run$K(argv, importMeta, {
   const {
     spinner
   } = constants.default;
-  const ghsas = arrays.arrayUnique([...utils.cmdFlagValueToArray(cli.flags['id']), ...utils.cmdFlagValueToArray(cli.flags['ghsa']), ...utils.cmdFlagValueToArray(cli.flags['purl'])]);
   const includePatterns = utils.cmdFlagValueToArray(include);
   const excludePatterns = utils.cmdFlagValueToArray(exclude);
   await handleFix({
+    all,
     applyFixes,
     autopilot,
     coanaVersion: fixVersion,
@@ -15494,5 +15517,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=5f201233-b128-4a9f-b7eb-542d9cde563b
+//# debugId=ebb27358-0f57-49ac-99e3-bf4b9dd0739e
 //# sourceMappingURL=cli.js.map