@socketsecurity/cli 0.14.84 → 0.14.86

package/dist/require/cli.js

@@ -912,7 +912,7 @@ function emitBanner(name) {
   logger.logger.error(getAsciiHeader(name))
 }
 function getAsciiHeader(command) {
-  const cliVersion = '0.14.84:15b8c69:1f9b94e1:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
+  const cliVersion = '0.14.86:69093e9:6be0e47e:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
   const nodeVersion = process$1.version
   const apiToken = shadowNpmInject.getDefaultToken()
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
@@ -3942,10 +3942,14 @@ async function npmFix(
           continue
         }
         const oldSpec = `${name}@${oldVersion}`
+        let targetVersion
+        let failed = false
+        let installed = false
+        let saved = false
         if (
           shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)
         ) {
-          const targetVersion = node.package.version
+          targetVersion = node.package.version
           const fixSpec = `${name}@^${targetVersion}`
           const revertData = {
             ...(pkgJson.dependencies
@@ -3965,8 +3969,6 @@ async function npmFix(
               : undefined)
           }
           spinner?.info(`Installing ${fixSpec}`)
-          let saved = false
-          let installed = false
           try {
             shadowNpmInject.updatePackageJsonFromNode(
               editablePkgJson,
@@ -3993,20 +3995,8 @@ async function npmFix(
             }
             spinner?.successAndStop(`Fixed ${name}`)
             spinner?.start()
-            // Lazily access constants.ENV[CI].
-            if (constants.ENV[CI$1]) {
-              // eslint-disable-next-line no-await-in-loop
-              const prResponse = await openGitHubPullRequest(
-                name,
-                targetVersion,
-                cwd
-              )
-              if (autoMerge) {
-                // eslint-disable-next-line no-await-in-loop
-                await enableAutoMerge(prResponse.data)
-              }
-            }
           } catch {
+            failed = true
             spinner?.error(`Reverting ${fixSpec}`)
             if (saved) {
               editablePkgJson.update(revertData)
@@ -4022,8 +4012,35 @@ async function npmFix(
             spinner?.failAndStop(`Failed to fix ${oldSpec}`)
           }
         } else {
+          failed = true
           spinner?.failAndStop(`Could not patch ${oldSpec}`)
         }
+        if (
+          !failed &&
+          // Check targetVersion to make TypeScript happy.
+          targetVersion &&
+          // Lazily access constants.ENV[CI].
+          constants.ENV[CI$1]
+        ) {
+          let prResponse
+          try {
+            // eslint-disable-next-line no-await-in-loop
+            prResponse = await openGitHubPullRequest(name, targetVersion, cwd)
+          } catch (e) {
+            logger.logger.error('Failed to open pull request', e)
+          }
+          if (prResponse && autoMerge) {
+            try {
+              // eslint-disable-next-line no-await-in-loop
+              await enableAutoMerge(prResponse.data)
+            } catch (e) {
+              logger.logger.error(
+                'Failed to enable auto-merge in pull request',
+                e
+              )
+            }
+          }
+        }
       }
     }
   }
@@ -4207,7 +4224,7 @@ function runAgentInstall(pkgEnvDetails, options) {
     ...options
   }
   const skipNodeHardenFlags =
-    pkgEnvDetails.agent === PNPM$a && pkgEnvDetails.agentVersion.major < 11
+    agent === PNPM$a && pkgEnvDetails.agentVersion.major < 11
   return spawn.spawn(agentExecPath, ['install', ...args], {
     spinner,
     stdio: 'inherit',
@@ -4228,8 +4245,15 @@ function runAgentInstall(pkgEnvDetails, options) {
 }
 
 const { CI, NPM: NPM$c, OVERRIDES: OVERRIDES$2, PNPM: PNPM$9 } = constants
+async function getActualTree(cwd = process.cwd()) {
+  const arb = new shadowNpmInject.SafeArborist({
+    path: cwd,
+    ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
+  })
+  return await arb.loadActual()
+}
 async function install(pkgEnvDetails, options) {
-  const { spinner } = {
+  const { cwd, spinner } = {
     __proto__: null,
     ...options
   }
@@ -4238,6 +4262,7 @@ async function install(pkgEnvDetails, options) {
     spinner,
     stdio: debug.isDebug() ? 'inherit' : 'ignore'
   })
+  return await getActualTree(cwd)
 }
 async function pnpmFix(
   pkgEnvDetails,
@@ -4267,11 +4292,7 @@ async function pnpmFix(
     editable: true
   })
   const { content: pkgJson } = editablePkgJson
-  const arb = new shadowNpmInject.SafeArborist({
-    path: cwd,
-    ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
-  })
-  await arb.loadActual()
+  let actualTree = await getActualTree(cwd)
   for (const { 0: name, 1: infos } of infoByPkg) {
     if (registry.getManifestData(NPM$c, name)) {
       spinner?.info(`Skipping ${name}. Socket Optimize package exists.`)
@@ -4279,7 +4300,7 @@ async function pnpmFix(
     }
     const specs = arrays.arrayUnique(
       shadowNpmInject
-        .findPackageNodes(arb.actualTree, name)
+        .findPackageNodes(actualTree, name)
         .map(n => `${n.name}@${n.version}`)
     )
     const packument =
@@ -4299,7 +4320,7 @@ async function pnpmFix(
         vulnerableVersionRange
       } of infos) {
         const node = shadowNpmInject.findPackageNode(
-          arb.actualTree,
+          actualTree,
           name,
           oldVersion
         )
@@ -4316,6 +4337,9 @@ async function pnpmFix(
         const targetPackument = targetVersion
           ? packument.versions[targetVersion]
           : undefined
+        let failed = false
+        let installed = false
+        let saved = false
         if (targetVersion && targetPackument) {
           const oldPnpm = pkgJson[PNPM$9]
           const pnpmKeyCount = oldPnpm ? Object.keys(oldPnpm).length : 0
@@ -4365,13 +4389,11 @@ async function pnpmFix(
               : undefined)
           }
           spinner?.info(`Installing ${fixSpec}`)
-          let saved = false
-          let installed = false
           try {
             editablePkgJson.update(updateData)
             shadowNpmInject.updatePackageJsonFromNode(
               editablePkgJson,
-              arb.actualTree,
+              actualTree,
               node,
               rangeStyle
             )
@@ -4380,7 +4402,7 @@ async function pnpmFix(
             saved = true
 
             // eslint-disable-next-line no-await-in-loop
-            await install(pkgEnvDetails, {
+            actualTree = await install(pkgEnvDetails, {
               spinner
             })
             installed = true
@@ -4394,21 +4416,8 @@ async function pnpmFix(
             }
             spinner?.successAndStop(`Fixed ${name}`)
             spinner?.start()
-
-            // Lazily access constants.ENV[CI].
-            if (constants.ENV[CI]) {
-              // eslint-disable-next-line no-await-in-loop
-              const prResponse = await openGitHubPullRequest(
-                name,
-                targetVersion,
-                cwd
-              )
-              if (autoMerge) {
-                // eslint-disable-next-line no-await-in-loop
-                await enableAutoMerge(prResponse.data)
-              }
-            }
           } catch (e) {
+            failed = true
             spinner?.error(`Reverting ${fixSpec}`, e)
             if (saved) {
               editablePkgJson.update(revertData)
@@ -4417,18 +4426,42 @@ async function pnpmFix(
             }
             if (installed) {
               // eslint-disable-next-line no-await-in-loop
-              await install(pkgEnvDetails, {
+              actualTree = await install(pkgEnvDetails, {
                 spinner
               })
-              arb.actualTree = null
-              // eslint-disable-next-line no-await-in-loop
-              await arb.loadActual()
             }
             spinner?.failAndStop(`Failed to fix ${oldSpec}`)
           }
         } else {
+          failed = true
           spinner?.failAndStop(`Could not patch ${oldSpec}`)
         }
+        if (
+          !failed &&
+          // Check targetVersion to make TypeScript happy.
+          targetVersion &&
+          // Lazily access constants.ENV[CI].
+          constants.ENV[CI]
+        ) {
+          let prResponse
+          try {
+            // eslint-disable-next-line no-await-in-loop
+            prResponse = await openGitHubPullRequest(name, targetVersion, cwd)
+          } catch (e) {
+            logger.logger.error('Failed to open pull request', e)
+          }
+          if (prResponse && autoMerge) {
+            try {
+              // eslint-disable-next-line no-await-in-loop
+              await enableAutoMerge(prResponse.data)
+            } catch (e) {
+              logger.logger.error(
+                'Failed to enable auto-merge in pull request',
+                e
+              )
+            }
+          }
+        }
       }
     }
   }
@@ -11304,7 +11337,7 @@ void (async () => {
   await vendor.updater({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: '0.14.84',
+    version: '0.14.86',
     ttl: 86_400_000 /* 24 hours in milliseconds */
   })
   try {
@@ -11372,5 +11405,5 @@ void (async () => {
     await shadowNpmInject.captureException(e)
   }
 })()
-//# debugId=42e1277a-9cf1-4b82-8e9e-c6c083a2dab
+//# debugId=358951ff-4438-4565-a758-09112312f1b8
 //# sourceMappingURL=cli.js.map