socket 0.14.134 → 0.14.136

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/cli.js +12 -43
  2. package/dist/cli.js.map +1 -1
  3. package/dist/shadow-bin.js +1 -52
  4. package/dist/shadow-bin.js.map +1 -1
  5. package/dist/shadow-npm-inject.js +8 -46
  6. package/dist/shadow-npm-inject.js.map +1 -1
  7. package/dist/vendor.js +9 -5
  8. package/dist/vendor.js.map +1 -1
  9. package/package.json +6 -6
package/dist/cli.js CHANGED
@@ -28,41 +28,6 @@ const spawn = require('@socketsecurity/registry/lib/spawn')
28
28
  const sorts = require('@socketsecurity/registry/lib/sorts')
29
29
  const registryConstants = require('@socketsecurity/registry/lib/constants')
30
30
  const promises = require('@socketsecurity/registry/lib/promises')
31
- require('node:os')
32
- require('node:buffer')
33
- require('node:util')
34
- require('node:path')
35
- require('node:fs')
36
- require('node:tty')
37
- require('node:https')
38
- require('node:http')
39
- require('node:url')
40
- require('node:process')
41
- require('node:events')
42
- require('node:http')
43
- require('node:https')
44
- require('node:readline')
45
- require('@socketsecurity/registry/lib/constants/abort-signal')
46
- require('node:fs/promises')
47
- require('node:child_process')
48
- require('node:os')
49
- require('node:tty')
50
- require('node:crypto')
51
- require('node:constants')
52
- require('node:stream')
53
- require('node:assert')
54
- require('node:stream')
55
- require('node:string_decoder')
56
- require('node:path/win32')
57
- require('node:module')
58
- require('node:events')
59
- require('node:buffer')
60
- require('node:string_decoder')
61
- require('node:child_process')
62
- require('@socketsecurity/registry/lib/fs')
63
- require('node:timers/promises')
64
- require('node:module')
65
- require('@socketsecurity/registry/lib/env')
66
31
 
67
32
  function failMsgWithBadge(badge, msg) {
68
33
  return `${vendor.yoctocolorsCjsExports.bgRed(vendor.yoctocolorsCjsExports.bold(vendor.yoctocolorsCjsExports.white(` ${badge}: `)))} ${vendor.yoctocolorsCjsExports.bold(msg)}`
@@ -938,7 +903,7 @@ function emitBanner(name) {
938
903
  logger.logger.error(getAsciiHeader(name))
939
904
  }
940
905
  function getAsciiHeader(command) {
941
- const cliVersion = '0.14.134:c664da6:42d10399:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
906
+ const cliVersion = '0.14.136:113c579:c704dd58:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
942
907
  const nodeVersion = process$1.version
943
908
  const apiToken = shadowNpmInject.getDefaultToken()
944
909
  const defaultOrg = shadowNpmInject.getConfigValue('defaultOrg')
@@ -1409,7 +1374,7 @@ async function runCycloneDX(yargvWithYes) {
1409
1374
  await shadowBin(NPX$3, [
1410
1375
  ...yesArgs,
1411
1376
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']".
1412
- `@cyclonedx/cdxgen@${'11.2.4'}`,
1377
+ `@cyclonedx/cdxgen@${'11.2.5'}`,
1413
1378
  ...argvToArray(yargv)
1414
1379
  ])
1415
1380
  if (cleanupPackageLock) {
@@ -4087,7 +4052,7 @@ async function npmFix(
4087
4052
  continue
4088
4053
  }
4089
4054
  if (!infos.length) {
4090
- debug.debugLog(`No vulnerability info found for ${name}`)
4055
+ debug.debugLog(`No vuln info found for ${name}`)
4091
4056
  continue
4092
4057
  }
4093
4058
  // eslint-disable-next-line no-await-in-loop
@@ -4151,7 +4116,9 @@ async function npmFix(
4151
4116
  ? packument.versions[newVersion]
4152
4117
  : undefined
4153
4118
  if (!(newVersion && newVersionPackument)) {
4154
- spinner?.fail(`No update found for ${oldSpec}.`)
4119
+ debug.debugLog(
4120
+ `No suitable update. ${oldSpec} needs >=${firstPatchedVersionIdentifier}, skipping`
4121
+ )
4155
4122
  continue
4156
4123
  }
4157
4124
  const newVersionRange = shadowNpmInject.applyRange(
@@ -4498,7 +4465,7 @@ async function pnpmFix(
4498
4465
  continue
4499
4466
  }
4500
4467
  if (!infos.length) {
4501
- debug.debugLog(`No vulnerability info found for ${name}`)
4468
+ debug.debugLog(`No vuln info found for ${name}`)
4502
4469
  continue
4503
4470
  }
4504
4471
  // eslint-disable-next-line no-await-in-loop
@@ -4565,7 +4532,9 @@ async function pnpmFix(
4565
4532
  ? packument.versions[newVersion]
4566
4533
  : undefined
4567
4534
  if (!(newVersion && newVersionPackument)) {
4568
- spinner?.fail(`No update found for ${oldSpec}.`)
4535
+ debug.debugLog(
4536
+ `No suitable update. ${oldSpec} needs >=${firstPatchedVersionIdentifier}, skipping`
4537
+ )
4569
4538
  continue
4570
4539
  }
4571
4540
  const overrideKey = `${name}@${vulnerableVersionRange}`
@@ -12283,7 +12252,7 @@ void (async () => {
12283
12252
  await vendor.updater({
12284
12253
  name: SOCKET_CLI_BIN_NAME,
12285
12254
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
12286
- version: '0.14.134',
12255
+ version: '0.14.136',
12287
12256
  ttl: 86_400_000 /* 24 hours in milliseconds */
12288
12257
  })
12289
12258
  try {
@@ -12351,5 +12320,5 @@ void (async () => {
12351
12320
  await shadowNpmInject.captureException(e)
12352
12321
  }
12353
12322
  })()
12354
- //# debugId=9316eeea-6bd5-477a-92e3-f9fde7d20f1d
12323
+ //# debugId=d1f3e62c-0da3-4358-9b93-795691773bd8
12355
12324
  //# sourceMappingURL=cli.js.map