socket 1.1.111 → 1.1.113

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/CHANGELOG.md +9 -1
  2. package/dist/cli.js +1600 -926
  3. package/dist/cli.js.map +1 -1
  4. package/dist/constants.js +4 -4
  5. package/dist/constants.js.map +1 -1
  6. package/dist/tsconfig.dts.tsbuildinfo +1 -1
  7. package/dist/types/commands/manifest/bazel/bazel-cquery.d.mts +70 -0
  8. package/dist/types/commands/manifest/bazel/bazel-cquery.d.mts.map +1 -0
  9. package/dist/types/commands/manifest/bazel/bazel-pypi-discovery.d.mts +14 -1
  10. package/dist/types/commands/manifest/bazel/bazel-pypi-discovery.d.mts.map +1 -1
  11. package/dist/types/commands/manifest/bazel/bazel-query-runner.d.mts +58 -14
  12. package/dist/types/commands/manifest/bazel/bazel-query-runner.d.mts.map +1 -1
  13. package/dist/types/commands/manifest/bazel/bazel-repo-discovery.d.mts +43 -30
  14. package/dist/types/commands/manifest/bazel/bazel-repo-discovery.d.mts.map +1 -1
  15. package/dist/types/commands/manifest/bazel/bazel-workspace-walk.d.mts +18 -0
  16. package/dist/types/commands/manifest/bazel/bazel-workspace-walk.d.mts.map +1 -0
  17. package/dist/types/commands/manifest/bazel/cmd-manifest-bazel.d.mts +12 -10
  18. package/dist/types/commands/manifest/bazel/cmd-manifest-bazel.d.mts.map +1 -1
  19. package/dist/types/commands/manifest/bazel/extract_bazel_to_maven.d.mts +70 -8
  20. package/dist/types/commands/manifest/bazel/extract_bazel_to_maven.d.mts.map +1 -1
  21. package/dist/types/commands/manifest/generate_auto_manifest.d.mts.map +1 -1
  22. package/dist/types/commands/scan/finalize-tier1-scan.d.mts +6 -4
  23. package/dist/types/commands/scan/finalize-tier1-scan.d.mts.map +1 -1
  24. package/dist/types/commands/scan/handle-create-new-scan.d.mts.map +1 -1
  25. package/dist/types/commands/scan/handle-scan-reach.d.mts.map +1 -1
  26. package/dist/types/commands/scan/output-scan-reach.d.mts +2 -1
  27. package/dist/types/commands/scan/output-scan-reach.d.mts.map +1 -1
  28. package/dist/types/commands/scan/perform-reachability-analysis.d.mts.map +1 -1
  29. package/dist/types/utils/glob.d.mts +1 -0
  30. package/dist/types/utils/glob.d.mts.map +1 -1
  31. package/dist/utils.js +35 -16
  32. package/dist/utils.js.map +1 -1
  33. package/package.json +2 -2
  34. package/requirements.json +1 -1
  35. package/dist/types/commands/manifest/bazel/bazel-build-parser.d.mts +0 -34
  36. package/dist/types/commands/manifest/bazel/bazel-build-parser.d.mts.map +0 -1
package/CHANGELOG.md CHANGED
@@ -4,13 +4,21 @@ All notable changes to this project will be documented in this file.
4
4
 
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
6
6
 
7
- ## [Unreleased]
7
+ ## [1.1.113](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.113) - 2026-06-03
8
+
9
+ ### Added
8
10
  - **`socket manifest bazel [beta]`** — Generate Bazel JVM SBOM manifests by running `bazel query` against discovered Maven repos in a Bazel workspace. Closes the inline-Maven-declaration gap that lockfile-only parsing misses for repos like envoy, ray, tensorflow, tink-java, and or-tools. Auto-detects Bzlmod and legacy `WORKSPACE`.
9
11
  - **`socket scan create --auto-manifest`** now covers Bazel workspaces in addition to Gradle/Scala/Kotlin/Conda. Repos with `MODULE.bazel`, `WORKSPACE`, or `WORKSPACE.bazel` are detected automatically and their Maven dependencies extracted as part of the standard scan-create flow.
10
12
  - **Bazel PyPI extraction** — `socket manifest bazel --ecosystem pypi` now generates `requirements.txt` for Python Bazel workspaces. Discovers custom `rules_python` pip hub names with Bazel command output first, queries `py_library` / `py_binary` / `py_test` dependencies, resolves canonical pinned versions from `requirements_lock.txt`, and emits PEP 503-normalized `name==version` lines. Supports both Bzlmod (`pip.parse`) and legacy `WORKSPACE` (`pip_parse` / `pip_install`) configurations. PyPI remains explicit opt-in for `socket scan create --auto-manifest` until real-world no-lockfile recovery is validated.
11
13
 
12
14
  ### Changed
13
15
  - **Bazel diagnostics** — `socket manifest bazel --verbose` now emits bounded subprocess traces with argv, cwd, duration, exit status, output sizes, and failure stderr tails to make customer log-only triage safer and faster.
16
+ - Updated the Coana CLI to v `15.3.20`.
17
+
18
+ ## [1.1.112](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.112) - 2026-05-29
19
+
20
+ ### Fixed
21
+ - `socket fix` and `socket scan create` no longer abort with `EACCES: permission denied, scandir` when the project contains a directory the running user cannot read (for example a postgres `pgdata` data directory owned by another uid, or a Docker volume mount). Manifest discovery walks a project for `.gitignore` files before applying any path exclusions; that walk now honors `--exclude-paths` and `socket.yml` `projectIgnorePaths`, and skips unreadable directories rather than crashing. This makes `--exclude-paths` effective for unreadable directories — previously the crash happened before the exclusion was ever applied.
14
22
 
15
23
  ## [1.1.111](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.111) - 2026-05-29
16
24