socket 0.14.36 → 0.14.38

package/dist/constants.js

@@ -14,7 +14,9 @@ const {
 } = registryConstants;
 const API_V0_URL = 'https://api.socket.dev/v0';
 const BABEL_RUNTIME = '@babel/runtime';
+const BINARY_LOCK_EXT = '.lockb';
 const BUN = 'bun';
+const LOCK_EXT = '.lock';
 const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
 const NPX = 'npx';
 const PNPM = 'pnpm';
@@ -58,10 +60,12 @@ path.join(constants.nmBinPath, 'synp');
 const constants = createConstantsObject({
   API_V0_URL,
   BABEL_RUNTIME,
+  BINARY_LOCK_EXT,
   BUN,
   ENV: undefined,
   // Lazily defined values are initialized as `undefined` to keep their key order.
   DIST_TYPE: undefined,
+  LOCK_EXT,
   NPM_REGISTRY_URL,
   NPX,
   PNPM,

package/dist/module-sync/cli.js

@@ -789,7 +789,9 @@ async function readFileUtf8(filepath, options) {
 }
 
 const {
+  BINARY_LOCK_EXT,
   BUN: BUN$1,
+  LOCK_EXT: LOCK_EXT$1,
   NPM: NPM$2,
   PNPM: PNPM$1,
   VLT: VLT$1,
@@ -819,9 +821,11 @@ async function getAgentVersion(agentExecPath, cwd) {
   } catch {}
   return result;
 }
+
+// The order of LOCKS properties IS significant as it affects iteration order.
 const LOCKS = {
-  'bun.lock': BUN$1,
-  'bun.lockb': BUN$1,
+  [`bun${LOCK_EXT$1}`]: BUN$1,
+  [`bun${BINARY_LOCK_EXT}`]: BUN$1,
   // If both package-lock.json and npm-shrinkwrap.json are present in the root
   // of a project, npm-shrinkwrap.json will take precedence and package-lock.json
   // will be ignored.
@@ -830,9 +834,9 @@ const LOCKS = {
   'package-lock.json': NPM$2,
   'pnpm-lock.yaml': PNPM$1,
   'pnpm-lock.yml': PNPM$1,
-  'yarn.lock': YARN_CLASSIC$1,
+  [`yarn${LOCK_EXT$1}`]: YARN_CLASSIC$1,
   'vlt-lock.json': VLT$1,
-  // Look for a hidden lock file if .npmrc has package-lock=false:
+  // Lastly, look for a hidden lock file which is present if .npmrc has package-lock=false:
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#hidden-lockfiles
   //
   // Unlike the other LOCKS keys this key contains a directory AND filename so
@@ -853,10 +857,10 @@ const readLockFileByAgent = (() => {
   return {
     [BUN$1]: wrapReader(async (lockPath, agentExecPath) => {
       const ext = path.extname(lockPath);
-      if (ext === '.lock') {
+      if (ext === LOCK_EXT$1) {
         return await defaultReader(lockPath);
       }
-      if (ext === '.lockb') {
+      if (ext === BINARY_LOCK_EXT) {
         const lockBuffer = await binaryReader(lockPath);
         if (lockBuffer) {
           try {
@@ -868,6 +872,7 @@ const readLockFileByAgent = (() => {
         // https://bun.sh/guides/install/yarnlock
         return (await spawn(agentExecPath, [lockPath])).stdout.trim();
       }
+      return undefined;
     }),
     [NPM$2]: defaultReader,
     [PNPM$1]: defaultReader,
@@ -982,6 +987,7 @@ async function detect({
 
 const {
   BUN,
+  LOCK_EXT,
   NPM: NPM$1,
   PNPM,
   UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE,
@@ -1069,7 +1075,12 @@ const lockIncludesByAgent = (() => {
   }
   return {
     [BUN](lockSrc, name, lockBasename) {
-      return (lockBasename === '.lock' ? npmLockIncludes : yarnLockIncludes)(lockSrc, name);
+      // This is a bit counterintuitive. When lockBasename ends with a .lockb
+      // we treat it as a yarn.lock. When lockBasename ends with a .lock we
+      // treat it as a package-lock.json. The bun.lock format is not identical
+      // package-lock.json, however it close enough for npmLockIncludes to work.
+      const lockScanner = lockBasename?.endsWith(LOCK_EXT) ? npmLockIncludes : yarnLockIncludes;
+      return lockScanner(lockSrc, name);
     },
     [NPM$1]: npmLockIncludes,
     [PNPM](lockSrc, name) {
@@ -1442,6 +1453,10 @@ async function addOverrides({
   const thingToScan = isLockScanned ? lockSrc : await lsByAgent[agent](agentExecPath, pkgPath, {
     npmExecPath
   });
+  // The AgentDepsIncludesFn and AgentLockIncludesFn types overlap in their
+  // first two parameters. AgentLockIncludesFn accepts an optional third
+  // parameter which AgentDepsIncludesFn will ignore so we cast thingScanner
+  // as an AgentLockIncludesFn type.
   const thingScanner = isLockScanned ? lockIncludesByAgent[agent] : depsIncludesByAgent[agent];
   const depEntries = getDependencyEntries(pkgJson);
   const overridesDataObjects = [];
@@ -3721,7 +3736,7 @@ const dependencies = {
   }) {
     const name = parentName + ' dependencies';
     const input = setupCommand$3(name, dependencies.description, argv, importMeta);
-    if (input) {
+    {
       await searchDeps(input);
     }
   }
@@ -4290,7 +4305,7 @@ const threatFeed = {
   }) {
     const name = `${parentName} threat-feed`;
     const input = setupCommand(name, threatFeed.description, argv, importMeta);
-    if (input) {
+    {
       const apiKey = sdk.getDefaultKey();
       if (!apiKey) {
         throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');

package/dist/module-sync/constants.d.ts

@@ -3,11 +3,13 @@ type RegistryEnv = typeof registryConstants.ENV;
 type Constants = {
     readonly API_V0_URL: 'https://api.socket.dev/v0';
     readonly BABEL_RUNTIME: '@babel/runtime';
+    readonly BINARY_LOCK_EXT: '.lockb';
     readonly BUN: 'bun';
     readonly ENV: RegistryEnv & {
         UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
     };
     readonly DIST_TYPE: 'module-sync' | 'require';
+    readonly LOCK_EXT: '.lock';
     readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
     readonly NPX: 'npx';
     readonly PNPM: 'pnpm';

package/dist/module-sync/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAEtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,4CAA4C,EAAE,OAAO,CAAA;KACtD,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,4CAA4C,EAAE,8CAA8C,CAAA;IACrG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAsE5B,QAAA,MAAM,SAAS,WA0Cd,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAEtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,4CAA4C,EAAE,OAAO,CAAA;KACtD,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,4CAA4C,EAAE,8CAA8C,CAAA;IACrG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAwE5B,QAAA,MAAM,SAAS,WA4Cd,CAAA"}

package/dist/module-sync/npm-injection.js

@@ -30,7 +30,7 @@ var sdk = require('./sdk.js');
 var constants = require('./constants.js');
 var pathResolve = require('./path-resolve.js');
 
-var version = "0.14.36";
+var version = "0.14.38";
 
 const NEWLINE_CHAR_CODE = 10; /*'\n'*/
 

package/dist/require/cli.js

@@ -785,7 +785,9 @@ async function readFileUtf8(filepath, options) {
 }
 
 const {
+  BINARY_LOCK_EXT,
   BUN: BUN$1,
+  LOCK_EXT: LOCK_EXT$1,
   NPM: NPM$2,
   PNPM: PNPM$1,
   VLT: VLT$1,
@@ -815,9 +817,11 @@ async function getAgentVersion(agentExecPath, cwd) {
   } catch {}
   return result;
 }
+
+// The order of LOCKS properties IS significant as it affects iteration order.
 const LOCKS = {
-  'bun.lock': BUN$1,
-  'bun.lockb': BUN$1,
+  [`bun${LOCK_EXT$1}`]: BUN$1,
+  [`bun${BINARY_LOCK_EXT}`]: BUN$1,
   // If both package-lock.json and npm-shrinkwrap.json are present in the root
   // of a project, npm-shrinkwrap.json will take precedence and package-lock.json
   // will be ignored.
@@ -826,9 +830,9 @@ const LOCKS = {
   'package-lock.json': NPM$2,
   'pnpm-lock.yaml': PNPM$1,
   'pnpm-lock.yml': PNPM$1,
-  'yarn.lock': YARN_CLASSIC$1,
+  [`yarn${LOCK_EXT$1}`]: YARN_CLASSIC$1,
   'vlt-lock.json': VLT$1,
-  // Look for a hidden lock file if .npmrc has package-lock=false:
+  // Lastly, look for a hidden lock file which is present if .npmrc has package-lock=false:
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#hidden-lockfiles
   //
   // Unlike the other LOCKS keys this key contains a directory AND filename so
@@ -849,10 +853,10 @@ const readLockFileByAgent = (() => {
   return {
     [BUN$1]: wrapReader(async (lockPath, agentExecPath) => {
       const ext = path.extname(lockPath);
-      if (ext === '.lock') {
+      if (ext === LOCK_EXT$1) {
         return await defaultReader(lockPath);
       }
-      if (ext === '.lockb') {
+      if (ext === BINARY_LOCK_EXT) {
         const lockBuffer = await binaryReader(lockPath);
         if (lockBuffer) {
           try {
@@ -864,6 +868,7 @@ const readLockFileByAgent = (() => {
         // https://bun.sh/guides/install/yarnlock
         return (await spawn(agentExecPath, [lockPath])).stdout.trim();
       }
+      return undefined;
     }),
     [NPM$2]: defaultReader,
     [PNPM$1]: defaultReader,
@@ -978,6 +983,7 @@ async function detect({
 
 const {
   BUN,
+  LOCK_EXT,
   NPM: NPM$1,
   PNPM,
   UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE,
@@ -1065,7 +1071,12 @@ const lockIncludesByAgent = (() => {
   }
   return {
     [BUN](lockSrc, name, lockBasename) {
-      return (lockBasename === '.lock' ? npmLockIncludes : yarnLockIncludes)(lockSrc, name);
+      // This is a bit counterintuitive. When lockBasename ends with a .lockb
+      // we treat it as a yarn.lock. When lockBasename ends with a .lock we
+      // treat it as a package-lock.json. The bun.lock format is not identical
+      // package-lock.json, however it close enough for npmLockIncludes to work.
+      const lockScanner = lockBasename?.endsWith(LOCK_EXT) ? npmLockIncludes : yarnLockIncludes;
+      return lockScanner(lockSrc, name);
     },
     [NPM$1]: npmLockIncludes,
     [PNPM](lockSrc, name) {
@@ -1438,6 +1449,10 @@ async function addOverrides({
   const thingToScan = isLockScanned ? lockSrc : await lsByAgent[agent](agentExecPath, pkgPath, {
     npmExecPath
   });
+  // The AgentDepsIncludesFn and AgentLockIncludesFn types overlap in their
+  // first two parameters. AgentLockIncludesFn accepts an optional third
+  // parameter which AgentDepsIncludesFn will ignore so we cast thingScanner
+  // as an AgentLockIncludesFn type.
   const thingScanner = isLockScanned ? lockIncludesByAgent[agent] : depsIncludesByAgent[agent];
   const depEntries = getDependencyEntries(pkgJson);
   const overridesDataObjects = [];
@@ -3717,7 +3732,7 @@ const dependencies = {
   }) {
     const name = parentName + ' dependencies';
     const input = setupCommand$3(name, dependencies.description, argv, importMeta);
-    if (input) {
+    {
       await searchDeps(input);
     }
   }
@@ -4286,7 +4301,7 @@ const threatFeed = {
   }) {
     const name = `${parentName} threat-feed`;
     const input = setupCommand(name, threatFeed.description, argv, importMeta);
-    if (input) {
+    {
       const apiKey = sdk.getDefaultKey();
       if (!apiKey) {
         throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');

package/dist/require/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAEtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,4CAA4C,EAAE,OAAO,CAAA;KACtD,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,4CAA4C,EAAE,8CAA8C,CAAA;IACrG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAsE5B,QAAA,MAAM,SAAS,WA0Cd,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAEtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,4CAA4C,EAAE,OAAO,CAAA;KACtD,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,4CAA4C,EAAE,8CAA8C,CAAA;IACrG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAwE5B,QAAA,MAAM,SAAS,WA4Cd,CAAA"}

package/dist/require/npm-injection.js

@@ -30,7 +30,7 @@ var sdk = require('./sdk.js');
 var constants = require('./constants.js');
 var pathResolve = require('./path-resolve.js');
 
-var version = "0.14.36";
+var version = "0.14.38";
 
 const NEWLINE_CHAR_CODE = 10; /*'\n'*/
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "0.14.36",
+  "version": "0.14.38",
   "description": "CLI tool for Socket.dev",
   "homepage": "http://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -14,9 +14,9 @@
     "url": "https://socket.dev"
   },
   "bin": {
-    "socket": "./bin/cli.js",
-    "socket-npm": "./bin/npm-cli.js",
-    "socket-npx": "./bin/npx-cli.js"
+    "socket": "bin/cli.js",
+    "socket-npm": "bin/npm-cli.js",
+    "socket-npx": "bin/npx-cli.js"
   },
   "exports": {
     "./bin/cli.js": {
@@ -58,10 +58,10 @@
     "@apideck/better-ajv-errors": "^0.3.6",
     "@cyclonedx/cdxgen": "^11.0.7",
     "@npmcli/promise-spawn": "^8.0.2",
-    "@socketregistry/hyrious__bun.lockb": "1.0.6",
+    "@socketregistry/hyrious__bun.lockb": "1.0.7",
     "@socketregistry/yocto-spinner": "^1.0.2",
     "@socketsecurity/config": "^2.1.3",
-    "@socketsecurity/registry": "^1.0.56",
+    "@socketsecurity/registry": "^1.0.57",
     "@socketsecurity/sdk": "^1.3.0",
     "blessed": "^0.1.81",
     "blessed-contrib": "^4.11.0",
@@ -70,12 +70,18 @@
     "cmd-shim": "^7.0.0",
     "has-flag": "^4.0.0",
     "hpagent": "^1.2.0",
-    "ignore": "^6.0.2",
+    "ignore": "^7.0.0",
+    "is-interactive": "^2.0.0",
+    "is-unicode-supported": "^2.1.0",
+    "meow": "^13.2.0",
     "micromatch": "^4.0.8",
     "npm-package-arg": "^12.0.1",
+    "open": "^10.1.0",
     "pony-cause": "^2.1.11",
     "semver": "^7.6.3",
     "synp": "^1.9.14",
+    "terminal-link": "^3.0.0",
+    "tiny-updater": "^3.5.2",
     "tinyglobby": "^0.2.10",
     "which": "^5.0.0",
     "yaml": "^2.6.1",
@@ -112,37 +118,31 @@
     "@types/update-notifier": "^6.0.8",
     "@types/which": "^3.0.4",
     "@types/yargs-parser": "^21.0.3",
-    "@typescript-eslint/eslint-plugin": "^8.18.1",
-    "@typescript-eslint/parser": "^8.18.1",
+    "@typescript-eslint/eslint-plugin": "^8.18.2",
+    "@typescript-eslint/parser": "^8.18.2",
     "c8": "^10.1.3",
     "custompatch": "^1.0.28",
     "eslint": "^9.17.0",
-    "eslint-import-resolver-oxc": "^0.6.0",
+    "eslint-import-resolver-oxc": "^0.7.0",
     "eslint-plugin-depend": "^0.12.0",
     "eslint-plugin-import-x": "^4.6.1",
-    "eslint-plugin-n": "^17.15.0",
+    "eslint-plugin-n": "^17.15.1",
     "eslint-plugin-sort-destructure-keys": "^2.0.0",
     "eslint-plugin-unicorn": "^56.0.1",
     "husky": "^9.1.7",
-    "is-interactive": "^2.0.0",
-    "is-unicode-supported": "^2.1.0",
     "knip": "^5.41.1",
     "magic-string": "^0.30.17",
-    "meow": "^13.2.0",
     "mock-fs": "^5.4.1",
     "nock": "^13.5.6",
     "npm-run-all2": "^7.0.2",
-    "open": "^10.1.0",
     "oxlint": "0.15.3",
     "prettier": "3.4.2",
     "read-package-up": "^11.0.0",
-    "rollup": "4.28.1",
+    "rollup": "4.29.1",
     "rollup-plugin-ts": "^3.4.5",
-    "terminal-link": "^3.0.0",
-    "tiny-updater": "^3.5.2",
     "type-coverage": "^2.29.7",
     "typescript": "5.4.5",
-    "typescript-eslint": "^8.18.1",
+    "typescript-eslint": "^8.18.2",
     "unplugin-purge-polyfills": "^0.0.7"
   },
   "overrides": {