socket 1.1.108 → 1.1.110
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/dist/cli.js +45 -5
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +3 -3
- package/dist/constants.js.map +1 -1
- package/dist/tsconfig.dts.tsbuildinfo +1 -1
- package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/handle-fix.d.mts +1 -1
- package/dist/types/commands/fix/handle-fix.d.mts.map +1 -1
- package/dist/types/commands/fix/types.d.mts +1 -0
- package/dist/types/commands/fix/types.d.mts.map +1 -1
- package/dist/types/utils/api.d.mts +4 -3
- package/dist/types/utils/api.d.mts.map +1 -1
- package/dist/types/utils/sdk.d.mts.map +1 -1
- package/dist/utils.js +44 -32
- package/dist/utils.js.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -12,6 +12,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
|
|
12
12
|
### Changed
|
|
13
13
|
- **Bazel diagnostics** — `socket manifest bazel --verbose` now emits bounded subprocess traces with argv, cwd, duration, exit status, output sizes, and failure stderr tails to make customer log-only triage safer and faster.
|
|
14
14
|
|
|
15
|
+
## [1.1.110](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.110) - 2026-05-29
|
|
16
|
+
|
|
17
|
+
### Fixed
|
|
18
|
+
- Resolved intermittent ~5-second timeouts affecting manifest uploads for reachability analysis and `socket fix`, along with other long-running API requests. Socket CLI now uses an explicit HTTP agent for all API traffic, so slow uploads and large streaming responses are no longer dropped prematurely.
|
|
19
|
+
|
|
20
|
+
## [1.1.109](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.109) - 2026-05-28
|
|
21
|
+
|
|
22
|
+
### Added
|
|
23
|
+
- **`socket fix --exclude-paths`** — Skip matching paths from the scan entirely: manifests under these paths are not uploaded, and fixes are not applied to workspaces under them. Use this to skip directories the current user cannot read (e.g. a postgres `pgdata` directory inside the repo) so they do not abort manifest collection. The pre-existing `--exclude` flag keeps its previous fix-application-only semantic but is now hidden in `--help` in favor of `--exclude-paths`.
|
|
24
|
+
|
|
15
25
|
## [1.1.108](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.108) - 2026-05-28
|
|
16
26
|
|
|
17
27
|
### Changed
|
package/dist/cli.js
CHANGED
|
@@ -5758,6 +5758,7 @@ async function coanaFix(fixConfig) {
|
|
|
5758
5758
|
disableMajorUpdates,
|
|
5759
5759
|
ecosystems,
|
|
5760
5760
|
exclude,
|
|
5761
|
+
excludePaths,
|
|
5761
5762
|
ghsas,
|
|
5762
5763
|
include,
|
|
5763
5764
|
minimumReleaseAge,
|
|
@@ -5793,7 +5794,20 @@ async function coanaFix(fixConfig) {
|
|
|
5793
5794
|
// Load socket.yml to respect projectIgnorePaths when collecting files.
|
|
5794
5795
|
const socketYmlResult = utils.findSocketYmlSync(cwd);
|
|
5795
5796
|
const socketConfig = socketYmlResult.ok ? socketYmlResult.data?.parsed : undefined;
|
|
5797
|
+
|
|
5798
|
+
// Expand user-supplied `--exclude-paths` patterns into the fast-glob ignore
|
|
5799
|
+
// form so manifest discovery skips them. Without this an unreadable
|
|
5800
|
+
// subdirectory (e.g. a postgres `pgdata` owned by another uid) would crash
|
|
5801
|
+
// `socket fix` before coana is even invoked.
|
|
5802
|
+
const additionalIgnores = excludePaths.length ? excludePaths.flatMap(excludePathToScanIgnores) : undefined;
|
|
5803
|
+
// Forward --exclude-paths to coana's workspace filter too, so a workspace
|
|
5804
|
+
// matching the pattern is also skipped during fix application even when
|
|
5805
|
+
// its manifest somehow made it into the upload (e.g. picked up via a
|
|
5806
|
+
// sibling manifest's references). --exclude stays separate as a hidden
|
|
5807
|
+
// legacy escape hatch for the narrower "fix-application only" semantic.
|
|
5808
|
+
const coanaExcludePatterns = [...exclude, ...excludePaths];
|
|
5796
5809
|
const scanFilepaths = await utils.getPackageFilesForScan(['.'], supportedFiles, {
|
|
5810
|
+
additionalIgnores,
|
|
5797
5811
|
config: socketConfig,
|
|
5798
5812
|
cwd
|
|
5799
5813
|
});
|
|
@@ -5877,7 +5891,7 @@ async function coanaFix(fixConfig) {
|
|
|
5877
5891
|
const tmpDir = os.tmpdir();
|
|
5878
5892
|
const tmpFile = path.join(tmpDir, `socket-fix-${Date.now()}.json`);
|
|
5879
5893
|
try {
|
|
5880
|
-
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...ids, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(
|
|
5894
|
+
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...ids, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(coanaExcludePatterns.length ? ['--exclude', ...coanaExcludePatterns] : []), ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []), ...(packageManagers.length ? ['--package-managers', ...packageManagers] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), '--output-file', tmpFile, ...(debug ? ['--debug'] : []), ...(disableExternalToolChecks ? ['--disable-external-tool-checks'] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
5881
5895
|
coanaVersion,
|
|
5882
5896
|
cwd,
|
|
5883
5897
|
spinner: silence ? undefined : spinner,
|
|
@@ -5989,7 +6003,7 @@ async function coanaFix(fixConfig) {
|
|
|
5989
6003
|
|
|
5990
6004
|
// Apply fix for single GHSA ID.
|
|
5991
6005
|
// eslint-disable-next-line no-await-in-loop
|
|
5992
|
-
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(
|
|
6006
|
+
const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(include.length ? ['--include', ...include] : []), ...(coanaExcludePatterns.length ? ['--exclude', ...coanaExcludePatterns] : []), ...(ecosystems.length ? ['--purl-types', ...ecosystems] : []), ...(packageManagers.length ? ['--package-managers', ...packageManagers] : []), ...(debug ? ['--debug'] : []), ...(disableExternalToolChecks ? ['--disable-external-tool-checks'] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), '--output-file', tmpFile, ...fixConfig.unknownFlags], fixConfig.orgSlug, {
|
|
5993
6007
|
coanaVersion,
|
|
5994
6008
|
cwd,
|
|
5995
6009
|
spinner: silence ? undefined : spinner,
|
|
@@ -6330,6 +6344,7 @@ async function handleFix({
|
|
|
6330
6344
|
disableMajorUpdates,
|
|
6331
6345
|
ecosystems,
|
|
6332
6346
|
exclude,
|
|
6347
|
+
excludePaths,
|
|
6333
6348
|
ghsas,
|
|
6334
6349
|
include,
|
|
6335
6350
|
minSatisfying,
|
|
@@ -6358,6 +6373,7 @@ async function handleFix({
|
|
|
6358
6373
|
disableMajorUpdates,
|
|
6359
6374
|
ecosystems,
|
|
6360
6375
|
exclude,
|
|
6376
|
+
excludePaths,
|
|
6361
6377
|
ghsas,
|
|
6362
6378
|
include,
|
|
6363
6379
|
minSatisfying,
|
|
@@ -6383,6 +6399,7 @@ async function handleFix({
|
|
|
6383
6399
|
disableMajorUpdates,
|
|
6384
6400
|
ecosystems,
|
|
6385
6401
|
exclude,
|
|
6402
|
+
excludePaths,
|
|
6386
6403
|
// Convert mixed CVE/GHSA/PURL inputs to GHSA IDs only.
|
|
6387
6404
|
ghsas: await convertIdsToGhsas(ghsas, {
|
|
6388
6405
|
silence
|
|
@@ -6435,6 +6452,17 @@ const generalFlags$2 = {
|
|
|
6435
6452
|
default: [],
|
|
6436
6453
|
description: 'Exclude workspaces matching these glob patterns. Can be provided as comma separated values or as multiple flags',
|
|
6437
6454
|
isMultiple: true,
|
|
6455
|
+
// Hidden in favor of --exclude-paths, which covers both manifest
|
|
6456
|
+
// discovery and workspace filtering. --exclude is preserved for
|
|
6457
|
+
// backwards compatibility with the narrower (fix-application only)
|
|
6458
|
+
// semantic.
|
|
6459
|
+
hidden: true
|
|
6460
|
+
},
|
|
6461
|
+
excludePaths: {
|
|
6462
|
+
type: 'string',
|
|
6463
|
+
default: [],
|
|
6464
|
+
description: 'Skip matching paths from the scan entirely: manifests under these paths are not uploaded, and fixes are not applied to workspaces under them. Patterns are anchored micromatch globs matched relative to the target directory (CWD); `data/postgres/pgdata` matches that exact path, `**/pgdata` matches at any depth. Use this to skip directories the current user cannot read so they do not abort manifest collection. Negation patterns (`!path`) are not supported. Accepts a comma-separated value or multiple flags.',
|
|
6465
|
+
isMultiple: true,
|
|
6438
6466
|
hidden: false
|
|
6439
6467
|
},
|
|
6440
6468
|
include: {
|
|
@@ -6638,6 +6666,7 @@ async function run$L(argv, importMeta, {
|
|
|
6638
6666
|
disableExternalToolChecks,
|
|
6639
6667
|
ecosystems,
|
|
6640
6668
|
exclude,
|
|
6669
|
+
excludePaths,
|
|
6641
6670
|
fixVersion,
|
|
6642
6671
|
include,
|
|
6643
6672
|
json,
|
|
@@ -6732,6 +6761,18 @@ async function run$L(argv, importMeta, {
|
|
|
6732
6761
|
process.exitCode = 1;
|
|
6733
6762
|
return;
|
|
6734
6763
|
}
|
|
6764
|
+
const includePatterns = utils.cmdFlagValueToArray(include);
|
|
6765
|
+
const excludePatterns = utils.cmdFlagValueToArray(exclude);
|
|
6766
|
+
const excludePathsPatterns = utils.cmdFlagValueToArray(excludePaths);
|
|
6767
|
+
// Validate before the network round-trip so a bad pattern doesn't waste
|
|
6768
|
+
// an org-slug API call.
|
|
6769
|
+
try {
|
|
6770
|
+
assertValidExcludePaths(excludePathsPatterns);
|
|
6771
|
+
} catch (e) {
|
|
6772
|
+
logger.logger.fail(e.message);
|
|
6773
|
+
process.exitCode = 1;
|
|
6774
|
+
return;
|
|
6775
|
+
}
|
|
6735
6776
|
if (dryRun) {
|
|
6736
6777
|
logger.logger.log(constants.default.DRY_RUN_NOT_SAVING);
|
|
6737
6778
|
return;
|
|
@@ -6746,8 +6787,6 @@ async function run$L(argv, importMeta, {
|
|
|
6746
6787
|
const {
|
|
6747
6788
|
spinner
|
|
6748
6789
|
} = constants.default;
|
|
6749
|
-
const includePatterns = utils.cmdFlagValueToArray(include);
|
|
6750
|
-
const excludePatterns = utils.cmdFlagValueToArray(exclude);
|
|
6751
6790
|
await handleFix({
|
|
6752
6791
|
all,
|
|
6753
6792
|
applyFixes,
|
|
@@ -6759,6 +6798,7 @@ async function run$L(argv, importMeta, {
|
|
|
6759
6798
|
disableMajorUpdates,
|
|
6760
6799
|
ecosystems: validatedEcosystems,
|
|
6761
6800
|
exclude: excludePatterns,
|
|
6801
|
+
excludePaths: excludePathsPatterns,
|
|
6762
6802
|
ghsas,
|
|
6763
6803
|
include: includePatterns,
|
|
6764
6804
|
minimumReleaseAge,
|
|
@@ -19027,5 +19067,5 @@ process.on('unhandledRejection', async (reason, promise) => {
|
|
|
19027
19067
|
// eslint-disable-next-line n/no-process-exit
|
|
19028
19068
|
process.exit(1);
|
|
19029
19069
|
});
|
|
19030
|
-
//# debugId=
|
|
19070
|
+
//# debugId=52e1770b-8fec-41b9-83a1-5c52a6251b6c
|
|
19031
19071
|
//# sourceMappingURL=cli.js.map
|