@socketsecurity/cli-with-sentry 1.1.59 → 1.1.61
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/cli.js +49 -7
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +4 -4
- package/dist/constants.js.map +1 -1
- package/dist/tsconfig.dts.tsbuildinfo +1 -1
- package/dist/types/commands/fix/coana-fix.d.mts +2 -2
- package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
- package/package.json +3 -3
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
|
6
6
|
|
|
7
|
+
## [1.1.61](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.61) - 2026-01-29
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
- Updated the Coana CLI to v `14.12.174`.
|
|
11
|
+
|
|
12
|
+
## [1.1.60](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.60) - 2026-01-28
|
|
13
|
+
|
|
14
|
+
### Changed
|
|
15
|
+
- Updated the Coana CLI to v `14.12.173`.
|
|
16
|
+
|
|
7
17
|
## [1.1.59](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.59) - 2026-01-19
|
|
8
18
|
|
|
9
19
|
### Changed
|
package/dist/cli.js
CHANGED
|
@@ -3863,7 +3863,8 @@ async function coanaFix(fixConfig) {
|
|
|
3863
3863
|
return {
|
|
3864
3864
|
ok: true,
|
|
3865
3865
|
data: {
|
|
3866
|
-
|
|
3866
|
+
fixedAll: false,
|
|
3867
|
+
ghsaDetails: []
|
|
3867
3868
|
}
|
|
3868
3869
|
};
|
|
3869
3870
|
}
|
|
@@ -3901,8 +3902,8 @@ async function coanaFix(fixConfig) {
|
|
|
3901
3902
|
return {
|
|
3902
3903
|
ok: true,
|
|
3903
3904
|
data: {
|
|
3904
|
-
|
|
3905
|
-
|
|
3905
|
+
fixedAll: true,
|
|
3906
|
+
ghsaDetails: fixesResultJson ? [fixesResultJson] : []
|
|
3906
3907
|
}
|
|
3907
3908
|
};
|
|
3908
3909
|
} finally {
|
|
@@ -3957,7 +3958,8 @@ async function coanaFix(fixConfig) {
|
|
|
3957
3958
|
return {
|
|
3958
3959
|
ok: true,
|
|
3959
3960
|
data: {
|
|
3960
|
-
|
|
3961
|
+
fixedAll: false,
|
|
3962
|
+
ghsaDetails: []
|
|
3961
3963
|
}
|
|
3962
3964
|
};
|
|
3963
3965
|
}
|
|
@@ -3967,6 +3969,7 @@ async function coanaFix(fixConfig) {
|
|
|
3967
3969
|
require$$9.debugFn('notice', `found: ${ghsaDetails.size} GHSA details`);
|
|
3968
3970
|
let count = 0;
|
|
3969
3971
|
let overallFixed = false;
|
|
3972
|
+
const ghsaFixResults = [];
|
|
3970
3973
|
|
|
3971
3974
|
// Process each GHSA ID individually.
|
|
3972
3975
|
ghsaLoop: for (let i = 0, {
|
|
@@ -3975,9 +3978,13 @@ async function coanaFix(fixConfig) {
|
|
|
3975
3978
|
const ghsaId = ids[i];
|
|
3976
3979
|
require$$9.debugFn('notice', `check: ${ghsaId}`);
|
|
3977
3980
|
|
|
3981
|
+
// Create a temporary file for Coana output.
|
|
3982
|
+
const tmpDir = os.tmpdir();
|
|
3983
|
+
const tmpFile = path.join(tmpDir, `socket-fix-${ghsaId}-${Date.now()}.json`);
|
|
3984
|
+
|
|
3978
3985
|
// Apply fix for single GHSA ID.
|
|
3979
3986
|
// eslint-disable-next-line no-await-in-loop
|
|
3980
|
-
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []), ...(debug ? ['--debug'] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
3987
|
+
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(exclude.length ? ['--exclude', ...exclude] : []), ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []), ...(debug ? ['--debug'] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), '--output-file', tmpFile, ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
3981
3988
|
coanaVersion,
|
|
3982
3989
|
cwd,
|
|
3983
3990
|
spinner: silence ? undefined : spinner,
|
|
@@ -3987,6 +3994,13 @@ async function coanaFix(fixConfig) {
|
|
|
3987
3994
|
if (!silence) {
|
|
3988
3995
|
logger.logger.error(`Update failed for ${ghsaId}: ${utils.getErrorCause(fixCResult)}`);
|
|
3989
3996
|
}
|
|
3997
|
+
// Clean up temp file on failure.
|
|
3998
|
+
try {
|
|
3999
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4000
|
+
await fs$1.promises.unlink(tmpFile);
|
|
4001
|
+
} catch {
|
|
4002
|
+
// Ignore cleanup errors.
|
|
4003
|
+
}
|
|
3990
4004
|
continue ghsaLoop;
|
|
3991
4005
|
}
|
|
3992
4006
|
|
|
@@ -3996,6 +4010,13 @@ async function coanaFix(fixConfig) {
|
|
|
3996
4010
|
const modifiedFiles = unstagedCResult.ok ? unstagedCResult.data.filter(relPath => scanBaseNames.has(path.basename(relPath))) : [];
|
|
3997
4011
|
if (!modifiedFiles.length) {
|
|
3998
4012
|
require$$9.debugFn('notice', `skip: no changes for ${ghsaId}`);
|
|
4013
|
+
// Clean up temp file before continuing.
|
|
4014
|
+
try {
|
|
4015
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4016
|
+
await fs$1.promises.unlink(tmpFile);
|
|
4017
|
+
} catch {
|
|
4018
|
+
// Ignore cleanup errors.
|
|
4019
|
+
}
|
|
3999
4020
|
continue ghsaLoop;
|
|
4000
4021
|
}
|
|
4001
4022
|
overallFixed = true;
|
|
@@ -4081,6 +4102,18 @@ async function coanaFix(fixConfig) {
|
|
|
4081
4102
|
data
|
|
4082
4103
|
} = prResult.pr;
|
|
4083
4104
|
const prRef = `PR #${data.number}`;
|
|
4105
|
+
|
|
4106
|
+
// Read the fix result JSON and merge with PR data.
|
|
4107
|
+
const fixResultJson = fs$2.readJsonSync(tmpFile, {
|
|
4108
|
+
throws: false
|
|
4109
|
+
});
|
|
4110
|
+
if (fixResultJson && typeof fixResultJson === 'object') {
|
|
4111
|
+
ghsaFixResults.push({
|
|
4112
|
+
...fixResultJson,
|
|
4113
|
+
pullRequestLink: data.html_url,
|
|
4114
|
+
pullRequestNumber: data.number
|
|
4115
|
+
});
|
|
4116
|
+
}
|
|
4084
4117
|
if (!silence) {
|
|
4085
4118
|
logger.logger.success(`Opened ${prRef} for ${ghsaId}.`);
|
|
4086
4119
|
}
|
|
@@ -4162,6 +4195,14 @@ async function coanaFix(fixConfig) {
|
|
|
4162
4195
|
await utils.gitResetAndClean(fixEnv.baseBranch, cwd);
|
|
4163
4196
|
// eslint-disable-next-line no-await-in-loop
|
|
4164
4197
|
await utils.gitCheckoutBranch(fixEnv.baseBranch, cwd);
|
|
4198
|
+
} finally {
|
|
4199
|
+
// Clean up temp file.
|
|
4200
|
+
try {
|
|
4201
|
+
// eslint-disable-next-line no-await-in-loop
|
|
4202
|
+
await fs$1.promises.unlink(tmpFile);
|
|
4203
|
+
} catch {
|
|
4204
|
+
// Ignore cleanup errors.
|
|
4205
|
+
}
|
|
4165
4206
|
}
|
|
4166
4207
|
count += 1;
|
|
4167
4208
|
require$$9.debugFn('notice', `increment: count ${count}/${Math.min(adjustedPrLimit, ids.length)}`);
|
|
@@ -4175,7 +4216,8 @@ async function coanaFix(fixConfig) {
|
|
|
4175
4216
|
return {
|
|
4176
4217
|
ok: true,
|
|
4177
4218
|
data: {
|
|
4178
|
-
|
|
4219
|
+
fixedAll: overallFixed,
|
|
4220
|
+
ghsaDetails: ghsaFixResults
|
|
4179
4221
|
}
|
|
4180
4222
|
};
|
|
4181
4223
|
}
|
|
@@ -15355,5 +15397,5 @@ process.on('unhandledRejection', async (reason, promise) => {
|
|
|
15355
15397
|
// eslint-disable-next-line n/no-process-exit
|
|
15356
15398
|
process.exit(1);
|
|
15357
15399
|
});
|
|
15358
|
-
//# debugId=
|
|
15400
|
+
//# debugId=cd9a03d7-376e-442c-bd72-438395900ecb
|
|
15359
15401
|
//# sourceMappingURL=cli.js.map
|