socket 0.14.96 → 0.14.98

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -35,6 +35,7 @@ const arrays = require('@socketsecurity/registry/lib/arrays')
35
35
  const registry = require('@socketsecurity/registry')
36
36
  const npm = require('@socketsecurity/registry/lib/npm')
37
37
  const packages = require('@socketsecurity/registry/lib/packages')
38
+ const packageurlJs = require('@socketregistry/packageurl-js')
38
39
  const spawn = require('@socketsecurity/registry/lib/spawn')
39
40
  const index_cjs = require('@socketregistry/hyrious__bun.lockb/index.cjs')
40
41
  const sorts = require('@socketsecurity/registry/lib/sorts')
@@ -899,7 +900,7 @@ function emitBanner(name) {
899
900
  logger.logger.error(getAsciiHeader(name))
900
901
  }
901
902
  function getAsciiHeader(command) {
902
- const cliVersion = '0.14.96:b940b80:4d1e4dd0:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
903
+ const cliVersion = '0.14.98:34de472:e54f91d7:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
903
904
  const nodeVersion = process$1.version
904
905
  const apiToken = shadowNpmInject.getDefaultToken()
905
906
  const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
@@ -1356,7 +1357,7 @@ async function runCycloneDX(yargvWithYes) {
1356
1357
  await shadowBin(NPX$3, [
1357
1358
  ...yesArgs,
1358
1359
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SYNP_VERSION']".
1359
- `synp@${'^1.9.14'}`,
1360
+ `synp@${'1.9.14'}`,
1360
1361
  '--source-file',
1361
1362
  `./${YARN_LOCK}`
1362
1363
  ])
@@ -1368,7 +1369,7 @@ async function runCycloneDX(yargvWithYes) {
1368
1369
  await shadowBin(NPX$3, [
1369
1370
  ...yesArgs,
1370
1371
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']".
1371
- `@cyclonedx/cdxgen@${'^11.2.3'}`,
1372
+ `@cyclonedx/cdxgen@${'11.2.3'}`,
1372
1373
  ...argvToArray(yargv)
1373
1374
  ])
1374
1375
  if (cleanupPackageLock) {
@@ -3701,6 +3702,26 @@ const cmdDiffScan = {
3701
3702
  }
3702
3703
 
3703
3704
  const { GITHUB_REF_NAME } = constants
3705
+ function formatBranchName(str) {
3706
+ return str.replace(/[-_.]+/g, '-').replace(/[-a-zA-Z0-9]+/g, '') ?? ''
3707
+ }
3708
+ function getPkgNameFromPurlObj(purlObj) {
3709
+ return `${purlObj.namespace ? `${purlObj.namespace}/` : ''}${purlObj.name}`
3710
+ }
3711
+ async function branchExists(branch, cwd = process.cwd()) {
3712
+ try {
3713
+ await spawn.spawn(
3714
+ 'git',
3715
+ ['show-ref', '--verify', '--quiet', `refs/heads/${branch}`],
3716
+ {
3717
+ cwd,
3718
+ stdio: 'ignore'
3719
+ }
3720
+ )
3721
+ return true
3722
+ } catch {}
3723
+ return false
3724
+ }
3704
3725
  async function checkoutBaseBranchIfAvailable(baseBranch, cwd = process.cwd()) {
3705
3726
  try {
3706
3727
  await spawn.spawn('git', ['checkout', baseBranch], {
@@ -3716,6 +3737,29 @@ async function checkoutBaseBranchIfAvailable(baseBranch, cwd = process.cwd()) {
3716
3737
  )
3717
3738
  }
3718
3739
  }
3740
+ async function createAndPushBranchIfNeeded(
3741
+ branch,
3742
+ commitMsg,
3743
+ cwd = process.cwd()
3744
+ ) {
3745
+ if (await branchExists(branch, cwd)) {
3746
+ logger.logger.warn(`Branch "${branch}" already exists. Skipping creation.`)
3747
+ return false
3748
+ }
3749
+ await spawn.spawn('git', ['checkout', '-b', branch], {
3750
+ cwd
3751
+ })
3752
+ await spawn.spawn('git', ['add', 'package.json', 'pnpm-lock.yaml'], {
3753
+ cwd
3754
+ })
3755
+ await spawn.spawn('git', ['commit', '-m', commitMsg], {
3756
+ cwd
3757
+ })
3758
+ await spawn.spawn('git', ['push', '--set-upstream', 'origin', branch], {
3759
+ cwd
3760
+ })
3761
+ return true
3762
+ }
3719
3763
  function getBaseBranch() {
3720
3764
  // Lazily access constants.ENV[GITHUB_REF_NAME].
3721
3765
  return (
@@ -3725,8 +3769,28 @@ function getBaseBranch() {
3725
3769
  'main'
3726
3770
  )
3727
3771
  }
3728
- function getSocketBranchName(name, version) {
3729
- return `socket-fix-${name}-${version.replace(/\./g, '-')}`
3772
+ function getSocketBranchName(purl, toVersion) {
3773
+ const purlObj = packageurlJs.PackageURL.fromString(purl)
3774
+ const namespace = formatBranchName(purlObj.namespace ?? '')
3775
+ const name = formatBranchName(purlObj.name)
3776
+ const version = formatBranchName(toVersion)
3777
+ const fullName = `${namespace ? `${namespace}-` : ''}${name}`
3778
+ return `socket-fix-${fullName}-${version}`
3779
+ }
3780
+ function getSocketPullRequestTitle(purl, toVersion) {
3781
+ const purlObj = packageurlJs.PackageURL.fromString(purl)
3782
+ const pkgName = getPkgNameFromPurlObj(purlObj)
3783
+ return `Bump ${pkgName} from ${purlObj.version} to ${toVersion}`
3784
+ }
3785
+ function getSocketPullRequestBody(purl, toVersion) {
3786
+ const purlObj = packageurlJs.PackageURL.fromString(purl)
3787
+ const pkgName = getPkgNameFromPurlObj(purlObj)
3788
+ return `Bumps [${pkgName}](https://socket.dev/${purlObj.type}/package/${pkgName}) from ${purlObj.version} to ${toVersion}.`
3789
+ }
3790
+ function getSocketCommitMessage(purl, toVersion) {
3791
+ const purlObj = packageurlJs.PackageURL.fromString(purl)
3792
+ const pkgName = getPkgNameFromPurlObj(purlObj)
3793
+ return `socket: Bump ${pkgName} from ${purlObj.version} to ${toVersion}`
3730
3794
  }
3731
3795
 
3732
3796
  const { GITHUB_ACTIONS, GITHUB_REPOSITORY, SOCKET_SECURITY_GITHUB_PAT } =
@@ -3741,6 +3805,18 @@ function getOctokit() {
3741
3805
  }
3742
3806
  return _octokit
3743
3807
  }
3808
+ let _octokitGraphql
3809
+ function getOctokitGraphql() {
3810
+ if (!_octokitGraphql) {
3811
+ _octokitGraphql = vendor.graphql2.defaults({
3812
+ headers: {
3813
+ // Lazily access constants.ENV[SOCKET_SECURITY_GITHUB_PAT].
3814
+ authorization: `token ${constants.ENV[SOCKET_SECURITY_GITHUB_PAT]}`
3815
+ }
3816
+ })
3817
+ }
3818
+ return _octokitGraphql
3819
+ }
3744
3820
  async function doesPullRequestExistForBranch(owner, repo, branch) {
3745
3821
  const octokit = getOctokit()
3746
3822
  const { data: prs } = await octokit.pulls.list({
@@ -3751,11 +3827,10 @@ async function doesPullRequestExistForBranch(owner, repo, branch) {
3751
3827
  })
3752
3828
  return prs.length > 0
3753
3829
  }
3754
- async function enableAutoMerge(prResponseData) {
3755
- const octokit = getOctokit()
3756
- const { node_id: prId, number: prNumber } = prResponseData
3830
+ async function enableAutoMerge({ node_id: prId, number: prNumber }) {
3831
+ const octokitGraphql = getOctokitGraphql()
3757
3832
  try {
3758
- await octokit.graphql(
3833
+ await octokitGraphql(
3759
3834
  `
3760
3835
  mutation EnableAutoMerge($pullRequestId: ID!) {
3761
3836
  enablePullRequestAutoMerge(input: {
@@ -3776,16 +3851,23 @@ async function enableAutoMerge(prResponseData) {
3776
3851
  }
3777
3852
  )
3778
3853
  logger.logger.info(`Auto-merge enabled for PR #${prNumber}`)
3854
+ return true
3779
3855
  } catch (e) {
3780
- logger.logger.error(`Failed to enable auto-merge for PR #${prNumber}:`, e)
3856
+ let message = `Failed to enable auto-merge for PR #${prNumber}`
3857
+ if (e instanceof vendor.GraphqlResponseError && e.errors) {
3858
+ const details = e.errors.map(({ message }) => ` - ${message}`).join('\n')
3859
+ message += `:\n${details}`
3860
+ }
3861
+ logger.logger.error(message)
3862
+ return false
3781
3863
  }
3782
3864
  }
3783
- function getGitHubRepoInfo() {
3865
+ function getGitHubEnvRepoInfo() {
3784
3866
  // Lazily access constants.ENV[GITHUB_REPOSITORY].
3785
3867
  const ownerSlashRepo = constants.ENV[GITHUB_REPOSITORY]
3786
3868
  const slashIndex = ownerSlashRepo.indexOf('/')
3787
3869
  if (slashIndex === -1) {
3788
- throw new Error('GITHUB_REPOSITORY environment variable not set')
3870
+ throw new Error('Missing GITHUB_REPOSITORY environment variable')
3789
3871
  }
3790
3872
  return {
3791
3873
  owner: ownerSlashRepo.slice(0, slashIndex),
@@ -3797,8 +3879,8 @@ async function openGitHubPullRequest(
3797
3879
  repo,
3798
3880
  baseBranch,
3799
3881
  branch,
3800
- name,
3801
- version,
3882
+ purl,
3883
+ toVersion,
3802
3884
  cwd = process.cwd()
3803
3885
  ) {
3804
3886
  // Lazily access constants.ENV[GITHUB_ACTIONS].
@@ -3813,19 +3895,34 @@ async function openGitHubPullRequest(
3813
3895
  cwd
3814
3896
  })
3815
3897
  const octokit = getOctokit()
3816
- return await octokit.pulls.create({
3817
- owner,
3818
- repo,
3819
- title: `chore: upgrade ${name} to ${version}`,
3820
- head: branch,
3821
- base: baseBranch,
3822
- body: `[socket] Upgrade \`${name}\` to ${version}`
3823
- })
3824
- } else {
3825
- throw new Error(
3826
- 'Unsupported CI platform or missing GITHUB_ACTIONS environment variable'
3827
- )
3898
+ try {
3899
+ return await octokit.pulls.create({
3900
+ owner,
3901
+ repo,
3902
+ title: getSocketPullRequestTitle(purl, toVersion),
3903
+ head: branch,
3904
+ base: baseBranch,
3905
+ body: getSocketPullRequestBody(purl, toVersion)
3906
+ })
3907
+ } catch (e) {
3908
+ let message = `Failed to open pull request`
3909
+ if (e instanceof vendor.RequestError) {
3910
+ const restErrors = e.response?.data?.['errors']
3911
+ if (Array.isArray(restErrors)) {
3912
+ const details = restErrors
3913
+ .map(
3914
+ restErr =>
3915
+ `- ${restErr.message ?? `${restErr.resource}.${restErr.field} (${restErr.code})`}`
3916
+ )
3917
+ .join('\n')
3918
+ message += `:\n${details}`
3919
+ }
3920
+ }
3921
+ logger.logger.error(message)
3922
+ return null
3923
+ }
3828
3924
  }
3925
+ throw new Error('Missing GITHUB_ACTIONS environment variable')
3829
3926
  }
3830
3927
 
3831
3928
  const { CI: CI$1, NPM: NPM$f } = constants
@@ -3891,7 +3988,9 @@ async function npmFix(
3891
3988
  for (const spec of specs) {
3892
3989
  const lastAtSignIndex = spec.lastIndexOf('@')
3893
3990
  const name = spec.slice(0, lastAtSignIndex)
3894
- const oldVersion = spec.slice(lastAtSignIndex + 1)
3991
+ const fromVersion = spec.slice(lastAtSignIndex + 1)
3992
+ const fromSpec = `${name}@${fromVersion}`
3993
+ const fromPurl = `pkg:npm/${fromSpec}`
3895
3994
  for (const {
3896
3995
  firstPatchedVersionIdentifier,
3897
3996
  vulnerableVersionRange
@@ -3903,20 +4002,39 @@ async function npmFix(
3903
4002
  const node = shadowNpmInject.findPackageNode(
3904
4003
  arb.idealTree,
3905
4004
  name,
3906
- oldVersion
4005
+ fromVersion
3907
4006
  )
3908
4007
  if (!node) {
3909
4008
  continue
3910
4009
  }
3911
- const oldSpec = `${name}@${oldVersion}`
3912
4010
  if (
3913
4011
  !shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)
3914
4012
  ) {
3915
- spinner?.failAndStop(`Could not patch ${oldSpec}`)
4013
+ spinner?.failAndStop(`Could not patch ${fromSpec}`)
3916
4014
  return
3917
4015
  }
3918
- const targetVersion = node.package.version
3919
- const fixSpec = `${name}@^${targetVersion}`
4016
+ const toVersion = node.package.version
4017
+ const toVersionRange = shadowNpmInject.applyRange(
4018
+ fromVersion,
4019
+ toVersion,
4020
+ rangeStyle
4021
+ )
4022
+ const toSpec = `${name}@${toVersionRange}`
4023
+ let branch
4024
+ let owner
4025
+ let repo
4026
+ let shouldOpenPr = false
4027
+ // Lazily access constants.ENV[CI].
4028
+ if (constants.ENV[CI$1]) {
4029
+ ;({ owner, repo } = getGitHubEnvRepoInfo())
4030
+ branch = getSocketBranchName(name, toVersion)
4031
+ // eslint-disable-next-line no-await-in-loop
4032
+ shouldOpenPr = !(await doesPullRequestExistForBranch(
4033
+ owner,
4034
+ repo,
4035
+ branch
4036
+ ))
4037
+ }
3920
4038
  const revertData = {
3921
4039
  ...(editablePkgJson.content.dependencies
3922
4040
  ? {
@@ -3935,10 +4053,8 @@ async function npmFix(
3935
4053
  }
3936
4054
  : undefined)
3937
4055
  }
3938
- spinner?.info(`Installing ${fixSpec}`)
3939
- const { owner, repo } = getGitHubRepoInfo()
4056
+ spinner?.info(`Installing ${toSpec}`)
3940
4057
  const baseBranch = getBaseBranch()
3941
- const branch = getSocketBranchName(name, targetVersion)
3942
4058
 
3943
4059
  // eslint-disable-next-line no-await-in-loop
3944
4060
  await checkoutBaseBranchIfAvailable(baseBranch, cwd)
@@ -3949,7 +4065,7 @@ async function npmFix(
3949
4065
  editablePkgJson,
3950
4066
  arb.idealTree,
3951
4067
  node,
3952
- targetVersion,
4068
+ toVersion,
3953
4069
  rangeStyle
3954
4070
  )
3955
4071
  // eslint-disable-next-line no-await-in-loop
@@ -3962,7 +4078,7 @@ async function npmFix(
3962
4078
  })
3963
4079
  installed = true
3964
4080
  if (test) {
3965
- spinner?.info(`Testing ${fixSpec}`)
4081
+ spinner?.info(`Testing ${toSpec}`)
3966
4082
  // eslint-disable-next-line no-await-in-loop
3967
4083
  await npm.runScript(testScript, [], {
3968
4084
  spinner,
@@ -3972,7 +4088,7 @@ async function npmFix(
3972
4088
  spinner?.successAndStop(`Fixed ${name}`)
3973
4089
  spinner?.start()
3974
4090
  } catch {
3975
- spinner?.error(`Reverting ${fixSpec}`)
4091
+ spinner?.error(`Reverting ${toSpec}`)
3976
4092
  if (saved) {
3977
4093
  editablePkgJson.update(revertData)
3978
4094
  // eslint-disable-next-line no-await-in-loop
@@ -3984,40 +4100,29 @@ async function npmFix(
3984
4100
  cwd
3985
4101
  })
3986
4102
  }
3987
- spinner?.failAndStop(`Failed to fix ${oldSpec}`)
4103
+ spinner?.failAndStop(`Failed to fix ${fromSpec}`)
3988
4104
  return
3989
4105
  }
3990
- if (
3991
- // Lazily access constants.ENV[CI].
3992
- constants.ENV[CI$1] &&
4106
+ if (shouldOpenPr) {
3993
4107
  // eslint-disable-next-line no-await-in-loop
3994
- !(await doesPullRequestExistForBranch(owner, repo, branch))
3995
- ) {
3996
- let prResponse
3997
- try {
3998
- // eslint-disable-next-line no-await-in-loop
3999
- prResponse = await openGitHubPullRequest(
4000
- owner,
4001
- repo,
4002
- baseBranch,
4003
- branch,
4004
- name,
4005
- targetVersion,
4006
- cwd
4007
- )
4008
- } catch (e) {
4009
- logger.logger.error('Failed to open pull request', e)
4010
- }
4108
+ await createAndPushBranchIfNeeded(
4109
+ branch,
4110
+ getSocketCommitMessage(fromPurl, toVersion),
4111
+ cwd
4112
+ )
4113
+ // eslint-disable-next-line no-await-in-loop
4114
+ const prResponse = await openGitHubPullRequest(
4115
+ owner,
4116
+ repo,
4117
+ baseBranch,
4118
+ branch,
4119
+ fromPurl,
4120
+ toVersion,
4121
+ cwd
4122
+ )
4011
4123
  if (prResponse && autoMerge) {
4012
- try {
4013
- // eslint-disable-next-line no-await-in-loop
4014
- await enableAutoMerge(prResponse.data)
4015
- } catch (e) {
4016
- logger.logger.error(
4017
- 'Failed to enable auto-merge in pull request',
4018
- e
4019
- )
4020
- }
4124
+ // eslint-disable-next-line no-await-in-loop
4125
+ await enableAutoMerge(prResponse.data)
4021
4126
  }
4022
4127
  }
4023
4128
  }
@@ -4292,7 +4397,9 @@ async function pnpmFix(
4292
4397
  for (const spec of specs) {
4293
4398
  const lastAtSignIndex = spec.lastIndexOf('@')
4294
4399
  const name = spec.slice(0, lastAtSignIndex)
4295
- const oldVersion = spec.slice(lastAtSignIndex + 1)
4400
+ const fromVersion = spec.slice(lastAtSignIndex + 1)
4401
+ const fromSpec = `${name}@${fromVersion}`
4402
+ const fromPurl = `pkg:npm/${fromSpec}`
4296
4403
  for (const {
4297
4404
  firstPatchedVersionIdentifier,
4298
4405
  vulnerableVersionRange
@@ -4300,23 +4407,22 @@ async function pnpmFix(
4300
4407
  const node = shadowNpmInject.findPackageNode(
4301
4408
  actualTree,
4302
4409
  name,
4303
- oldVersion
4410
+ fromVersion
4304
4411
  )
4305
4412
  if (!node) {
4306
4413
  continue
4307
4414
  }
4308
- const oldSpec = `${name}@${oldVersion}`
4309
4415
  const availableVersions = Object.keys(packument.versions)
4310
- const targetVersion = shadowNpmInject.findBestPatchVersion(
4416
+ const toVersion = shadowNpmInject.findBestPatchVersion(
4311
4417
  node,
4312
4418
  availableVersions,
4313
4419
  vulnerableVersionRange
4314
4420
  )
4315
- const targetPackument = targetVersion
4316
- ? packument.versions[targetVersion]
4421
+ const targetPackument = toVersion
4422
+ ? packument.versions[toVersion]
4317
4423
  : undefined
4318
- if (!(targetVersion && targetPackument)) {
4319
- spinner?.failAndStop(`Could not patch ${oldSpec}`)
4424
+ if (!(toVersion && targetPackument)) {
4425
+ spinner?.failAndStop(`Could not patch ${fromSpec}`)
4320
4426
  return
4321
4427
  }
4322
4428
  const oldPnpm = editablePkgJson.content[PNPM$9]
@@ -4325,18 +4431,33 @@ async function pnpmFix(
4325
4431
  const oldOverridesCount = oldOverrides
4326
4432
  ? Object.keys(oldOverrides).length
4327
4433
  : 0
4328
- const overrideKey = `${node.name}@${vulnerableVersionRange}`
4329
- const overrideRange = shadowNpmInject.applyRange(
4330
- oldOverrides?.[overrideKey] ?? targetVersion,
4331
- targetVersion,
4434
+ const overrideKey = `${name}@${vulnerableVersionRange}`
4435
+ const toVersionRange = shadowNpmInject.applyRange(
4436
+ oldOverrides?.[overrideKey] ?? fromVersion,
4437
+ toVersion,
4332
4438
  rangeStyle
4333
4439
  )
4334
- const fixSpec = `${name}@${overrideRange}`
4440
+ const toSpec = `${name}@${toVersionRange}`
4441
+ let branch
4442
+ let owner
4443
+ let repo
4444
+ let shouldOpenPr = false
4445
+ // Lazily access constants.ENV[CI].
4446
+ if (constants.ENV[CI]) {
4447
+ ;({ owner, repo } = getGitHubEnvRepoInfo())
4448
+ branch = getSocketBranchName(name, toVersion)
4449
+ // eslint-disable-next-line no-await-in-loop
4450
+ shouldOpenPr = !(await doesPullRequestExistForBranch(
4451
+ owner,
4452
+ repo,
4453
+ branch
4454
+ ))
4455
+ }
4335
4456
  const updateData = {
4336
4457
  [PNPM$9]: {
4337
4458
  ...oldPnpm,
4338
4459
  [OVERRIDES$2]: {
4339
- [overrideKey]: overrideRange,
4460
+ [overrideKey]: toVersionRange,
4340
4461
  ...oldOverrides
4341
4462
  }
4342
4463
  }
@@ -4371,10 +4492,8 @@ async function pnpmFix(
4371
4492
  }
4372
4493
  : undefined)
4373
4494
  }
4374
- spinner?.info(`Installing ${fixSpec}`)
4375
- const { owner, repo } = getGitHubRepoInfo()
4495
+ spinner?.info(`Installing ${toSpec}`)
4376
4496
  const baseBranch = getBaseBranch()
4377
- const branch = getSocketBranchName(name, targetVersion)
4378
4497
 
4379
4498
  // eslint-disable-next-line no-await-in-loop
4380
4499
  await checkoutBaseBranchIfAvailable(baseBranch, cwd)
@@ -4386,7 +4505,7 @@ async function pnpmFix(
4386
4505
  editablePkgJson,
4387
4506
  actualTree,
4388
4507
  node,
4389
- targetVersion,
4508
+ toVersion,
4390
4509
  rangeStyle
4391
4510
  )
4392
4511
  // eslint-disable-next-line no-await-in-loop
@@ -4399,7 +4518,7 @@ async function pnpmFix(
4399
4518
  })
4400
4519
  installed = true
4401
4520
  if (test) {
4402
- spinner?.info(`Testing ${fixSpec}`)
4521
+ spinner?.info(`Testing ${toSpec}`)
4403
4522
  // eslint-disable-next-line no-await-in-loop
4404
4523
  await npm.runScript(testScript, [], {
4405
4524
  spinner,
@@ -4409,7 +4528,7 @@ async function pnpmFix(
4409
4528
  spinner?.successAndStop(`Fixed ${name}`)
4410
4529
  spinner?.start()
4411
4530
  } catch (e) {
4412
- spinner?.error(`Reverting ${fixSpec}`, e)
4531
+ spinner?.error(`Reverting ${toSpec}`, e)
4413
4532
  if (saved) {
4414
4533
  editablePkgJson.update(revertData)
4415
4534
  // eslint-disable-next-line no-await-in-loop
@@ -4421,40 +4540,29 @@ async function pnpmFix(
4421
4540
  spinner
4422
4541
  })
4423
4542
  }
4424
- spinner?.failAndStop(`Failed to fix ${oldSpec}`)
4543
+ spinner?.failAndStop(`Failed to fix ${fromSpec}`)
4425
4544
  return
4426
4545
  }
4427
- if (
4428
- // Lazily access constants.ENV[CI].
4429
- constants.ENV[CI] &&
4546
+ if (shouldOpenPr) {
4430
4547
  // eslint-disable-next-line no-await-in-loop
4431
- !(await doesPullRequestExistForBranch(owner, repo, branch))
4432
- ) {
4433
- let prResponse
4434
- try {
4435
- // eslint-disable-next-line no-await-in-loop
4436
- prResponse = await openGitHubPullRequest(
4437
- owner,
4438
- repo,
4439
- baseBranch,
4440
- branch,
4441
- name,
4442
- targetVersion,
4443
- cwd
4444
- )
4445
- } catch (e) {
4446
- logger.logger.error('Failed to open pull request', e)
4447
- }
4548
+ await createAndPushBranchIfNeeded(
4549
+ branch,
4550
+ getSocketCommitMessage(fromPurl, toVersion),
4551
+ cwd
4552
+ )
4553
+ // eslint-disable-next-line no-await-in-loop
4554
+ const prResponse = await openGitHubPullRequest(
4555
+ owner,
4556
+ repo,
4557
+ baseBranch,
4558
+ branch,
4559
+ fromPurl,
4560
+ toVersion,
4561
+ cwd
4562
+ )
4448
4563
  if (prResponse && autoMerge) {
4449
- try {
4450
- // eslint-disable-next-line no-await-in-loop
4451
- await enableAutoMerge(prResponse.data)
4452
- } catch (e) {
4453
- logger.logger.error(
4454
- 'Failed to enable auto-merge in pull request',
4455
- e
4456
- )
4457
- }
4564
+ // eslint-disable-next-line no-await-in-loop
4565
+ await enableAutoMerge(prResponse.data)
4458
4566
  }
4459
4567
  }
4460
4568
  }
@@ -11376,7 +11484,7 @@ void (async () => {
11376
11484
  await vendor.updater({
11377
11485
  name: SOCKET_CLI_BIN_NAME,
11378
11486
  // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
11379
- version: '0.14.96',
11487
+ version: '0.14.98',
11380
11488
  ttl: 86_400_000 /* 24 hours in milliseconds */
11381
11489
  })
11382
11490
  try {
@@ -11444,5 +11552,5 @@ void (async () => {
11444
11552
  await shadowNpmInject.captureException(e)
11445
11553
  }
11446
11554
  })()
11447
- //# debugId=c17c1611-cf3e-4a35-ac26-b683d683981a
11555
+ //# debugId=1769a14b-3357-49bc-b674-3e9970c2763e
11448
11556
  //# sourceMappingURL=cli.js.map