socket 1.0.67 → 1.0.69

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/dist/cli.js +27 -5
  2. package/dist/cli.js.map +1 -1
  3. package/dist/constants.js +17 -13
  4. package/dist/constants.js.map +1 -1
  5. package/dist/types/commands/ci/fetch-default-org-slug.d.mts.map +1 -1
  6. package/dist/types/commands/fix/agent-fix.d.mts.map +1 -1
  7. package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
  8. package/dist/types/constants.d.mts +1 -0
  9. package/dist/types/constants.d.mts.map +1 -1
  10. package/dist/types/utils/git.d.mts.map +1 -1
  11. package/dist/utils.js +44 -17
  12. package/dist/utils.js.map +1 -1
  13. package/dist/vendor.js +5328 -952
  14. package/package.json +1 -1
package/dist/cli.js CHANGED
@@ -3761,7 +3761,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
3761
3761
  debug.debugFn('notice', `miss: CVEs expected, but not found, for ${name}`);
3762
3762
  continue infoEntriesLoop;
3763
3763
  }
3764
- logger.logger.log(`Processing vulns for ${name}`);
3764
+ logger.logger.log(`Processing '${name}'`);
3765
3765
  logger.logger.indent();
3766
3766
  spinner?.indent();
3767
3767
  if (registry.getManifestData(partialPurlObj.type, name)) {
@@ -3777,6 +3777,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
3777
3777
  }
3778
3778
  const availableVersions = Object.keys(packument.versions);
3779
3779
  const prs = getPrsForPurl(fixEnv, infoEntry[0]);
3780
+ const vulnVersions = new Set();
3780
3781
  const warningsForAfter = new Set();
3781
3782
 
3782
3783
  // eslint-disable-next-line no-unused-labels
@@ -3851,6 +3852,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
3851
3852
  });
3852
3853
  const newVersionPackument = newVersion ? packument.versions[newVersion] : undefined;
3853
3854
  if (!(newVersion && newVersionPackument)) {
3855
+ vulnVersions.add(oldVersion);
3854
3856
  warningsForAfter.add(`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`);
3855
3857
  continue infosLoop;
3856
3858
  }
@@ -3918,6 +3920,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
3918
3920
  hasAnnouncedWorkspace = true;
3919
3921
  workspaceLogCallCount = logger.logger.logCallCount;
3920
3922
  }
3923
+ vulnVersions.add(oldVersion);
3921
3924
  const newId = `${name}@${utils.applyRange(refRange, newVersion, rangeStyle)}`;
3922
3925
  spinner?.start();
3923
3926
  spinner?.info(`Installing ${newId} in ${workspace}.`);
@@ -4097,6 +4100,9 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
4097
4100
  for (const warningText of warningsForAfter) {
4098
4101
  logger.logger.warn(warningText);
4099
4102
  }
4103
+ if (!warningsForAfter.size && !vulnVersions.size) {
4104
+ logger.logger.info('No vulnerable versions found.');
4105
+ }
4100
4106
  if (!isLastInfoEntry) {
4101
4107
  logger.logger.logNewline();
4102
4108
  }
@@ -4747,17 +4753,33 @@ async function run$H(argv, importMeta, {
4747
4753
  const orgSlugCResult = await utils.getDefaultOrgSlug();
4748
4754
  if (!orgSlugCResult.ok) {
4749
4755
  process.exitCode = orgSlugCResult.code ?? 1;
4750
- // Always assume json mode.
4751
- // logger.log(serializeResultJson(orgSlugCResult))
4756
+ logger.logger.fail('Unable to resolve a Socket account organization.\nEnsure a Socket API token is specified for the organization using the SOCKET_CLI_API_TOKEN environment variable.');
4752
4757
  return;
4753
4758
  }
4754
4759
  const orgSlug = orgSlugCResult.data;
4760
+ const rawPurls = utils.cmdFlagValueToArray(cli.flags['purl']);
4761
+ const purls = [];
4762
+ for (const purl of rawPurls) {
4763
+ let version;
4764
+ try {
4765
+ version = vendor.packageurlJsExports$1.PackageURL.fromString(purl)?.version;
4766
+ } catch {}
4767
+ if (version) {
4768
+ purls.push(purl);
4769
+ } else {
4770
+ logger.logger.warn(`--purl ${purl} is missing a version and will be ignored.`);
4771
+ }
4772
+ }
4773
+ if (rawPurls.length !== purls.length && !purls.length) {
4774
+ process.exitCode = 1;
4775
+ logger.logger.fail('No valid --purl values provided.');
4776
+ return;
4777
+ }
4755
4778
  const ghsas = utils.cmdFlagValueToArray(cli.flags['ghsa']);
4756
4779
  const limit = (cli.flags['limit'] ? parseInt(String(cli.flags['limit'] || ''), 10) : Infinity) || Infinity;
4757
4780
  const maxSatisfying = Boolean(cli.flags['maxSatisfying']);
4758
4781
  const minSatisfying = Boolean(cli.flags['minSatisfying']) || !maxSatisfying;
4759
4782
  const prCheck = Boolean(cli.flags['prCheck']);
4760
- const purls = utils.cmdFlagValueToArray(cli.flags['purl']);
4761
4783
  const testScript = String(cli.flags['testScript'] || 'test');
4762
4784
  await handleFix({
4763
4785
  autoMerge,
@@ -14523,5 +14545,5 @@ void (async () => {
14523
14545
  await utils.captureException(e);
14524
14546
  }
14525
14547
  })();
14526
- //# debugId=8e302883-9371-47ef-9c9a-742aa1ae2a85
14548
+ //# debugId=515ed3c2-cd4e-41ad-a7f6-57b0b6683173
14527
14549
  //# sourceMappingURL=cli.js.map