socket 1.1.111 → 1.1.113

package/dist/types/utils/glob.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"glob.d.mts","sourceRoot":"","sources":["../../../src/utils/glob.mts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AACvD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAA;AACjE,OAAO,KAAK,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAA;AAuHvD,mEAAmE;AACnE,kEAAkE;AAClE,qEAAqE;AACrE,uEAAuE;AACvE,uEAAqE;AACrE,4CAA4C;AAC5C,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAQ1D;AAuBD,wBAAgB,0BAA0B,CACxC,SAAS,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EACvC,cAAc,EAAE,sBAAsB,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC,GACxE,MAAM,EAAE,CAKV;AAED,wBAAgB,0BAA0B,CACxC,cAAc,EAAE,sBAAsB,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC,GACxE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAI/B;AAED,wBAAgB,wBAAwB,CACtC,cAAc,EAAE,sBAAsB,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC,GACxE,MAAM,EAAE,CASV;AAED,KAAK,wBAAwB,GAAG,WAAW,GAAG;IAC5C,uEAAuE;IACvE,uEAAuE;IACvE,wEAAwE;IACxE,2EAA2E;IAC3E,4EAA4E;IAC5E,oEAAoE;IACpE,iBAAiB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAA;IACjD,sDAAsD;IACtD,iEAAiE;IACjE,wEAAwE;IACxE,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,GAAG,SAAS,CAAA;IACpD,YAAY,CAAC,EAAE,SAAS,GAAG,SAAS,CAAA;CACrC,CAAA;AAED,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EACtC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,MAAM,EAAE,CAAC,CAuGnB;AAED,wBAAsB,aAAa,CACjC,KAAK,EAAE,KAAK,EACZ,GAAG,SAAgB,GAClB,OAAO,CAAC,MAAM,EAAE,CAAC,CAUnB;AAED,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,sBAAsB,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC,WAI1E;AAED,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EACnC,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,GACvB,MAAM,EAAE,CAgBV"}
+{"version":3,"file":"glob.d.mts","sourceRoot":"","sources":["../../../src/utils/glob.mts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AACvD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAA;AACjE,OAAO,KAAK,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAA;AAMvD,eAAO,MAAM,YAAY,gIAcf,CAAA;AAmGV,mEAAmE;AACnE,kEAAkE;AAClE,qEAAqE;AACrE,uEAAuE;AACvE,uEAAqE;AACrE,4CAA4C;AAC5C,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAQ1D;AAuBD,wBAAgB,0BAA0B,CACxC,SAAS,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EACvC,cAAc,EAAE,sBAAsB,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC,GACxE,MAAM,EAAE,CAKV;AAED,wBAAgB,0BAA0B,CACxC,cAAc,EAAE,sBAAsB,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC,GACxE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAI/B;AAED,wBAAgB,wBAAwB,CACtC,cAAc,EAAE,sBAAsB,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC,GACxE,MAAM,EAAE,CASV;AAED,KAAK,wBAAwB,GAAG,WAAW,GAAG;IAC5C,uEAAuE;IACvE,uEAAuE;IACvE,wEAAwE;IACxE,2EAA2E;IAC3E,4EAA4E;IAC5E,oEAAoE;IACpE,iBAAiB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAA;IACjD,sDAAsD;IACtD,iEAAiE;IACjE,wEAAwE;IACxE,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,GAAG,SAAS,CAAA;IACpD,YAAY,CAAC,EAAE,SAAS,GAAG,SAAS,CAAA;CACrC,CAAA;AAED,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EACtC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,MAAM,EAAE,CAAC,CAgInB;AAED,wBAAsB,aAAa,CACjC,KAAK,EAAE,KAAK,EACZ,GAAG,SAAgB,GAClB,OAAO,CAAC,MAAM,EAAE,CAAC,CAUnB;AAED,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,sBAAsB,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC,WAI1E;AAED,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,EACnC,GAAG,CAAC,EAAE,MAAM,GAAG,SAAS,GACvB,MAAM,EAAE,CAgBV"}

package/dist/utils.js

@@ -4493,18 +4493,36 @@ async function globWithGitIgnore(patterns, options) {
     ...options
   };
   const ignores = new Set(IGNORED_DIR_PATTERNS);
+
+  // CLI-supplied `additionalIgnores` are already anchored minimatch — they
+  // must not pass through the `ignore` package (whose gitignore "match
+  // anywhere" semantics would re-interpret a bare `tests` to match
+  // `subdir/tests/foo.json`). Keep them in fast-glob's ignore list across
+  // both paths; only gitignore-translated entries go into the `ig` matcher.
+  const cliMinimatchIgnores = additionalIgnores ?? [];
   const projectIgnorePaths = socketConfig?.projectIgnorePaths;
-  if (Array.isArray(projectIgnorePaths)) {
-    const ignorePatterns = ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd);
-    for (const pattern of ignorePatterns) {
-      ignores.add(pattern);
-    }
-  }
+  const projectIgnoreGlobs = Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd) : [];
+  for (const pattern of projectIgnoreGlobs) {
+    ignores.add(pattern);
+  }
+
+  // The .gitignore discovery walk has to honor the same directory exclusions
+  // as the package walk below. Otherwise an unreadable subtree (e.g. a
+  // postgres `pgdata` dir owned by another uid, or a Docker volume mount) makes
+  // fast-glob throw `EACCES: permission denied, scandir` *here* — before
+  // --exclude-paths (`cliMinimatchIgnores`) or projectIgnorePaths are ever
+  // applied to the main walk, which is why excluding the path did not help.
+  // `suppressErrors` is the backstop: a directory the user simply cannot read
+  // cannot contain manifests they could scan anyway, so skip it instead of
+  // aborting the whole `socket fix` / `socket scan` run. Negated patterns are
+  // dropped — for a discovery walk they could only re-include a subtree (never
+  // prevent a crash), and fast-glob treats `!` ignore entries inconsistently.
   const gitIgnoreStream = vendor.outExports.globStream(['**/.gitignore'], {
     absolute: true,
     cwd,
     dot: true,
-    ignore: DEFAULT_IGNORE_FOR_GIT_IGNORE
+    ignore: [...DEFAULT_IGNORE_FOR_GIT_IGNORE, ...projectIgnoreGlobs, ...cliMinimatchIgnores].filter(p => p.charCodeAt(0) !== 33 /*'!'*/).map(stripTrailingSlash),
+    suppressErrors: true
   });
   for await (const ignorePatterns of streams.transform(gitIgnoreStream, async filepath => ignoreFileToGlobPatterns((await fs$1.safeReadFile(filepath)) ?? '', filepath, cwd), {
     concurrency: 8
@@ -4520,20 +4538,20 @@ async function globWithGitIgnore(patterns, options) {
       break;
     }
   }
-
-  // CLI-supplied `additionalIgnores` are already anchored minimatch — they
-  // must not pass through the `ignore` package (whose gitignore "match
-  // anywhere" semantics would re-interpret a bare `tests` to match
-  // `subdir/tests/foo.json`). Keep them in fast-glob's ignore list across
-  // both paths; only gitignore-translated entries go into the `ig` matcher.
-  const cliMinimatchIgnores = additionalIgnores ?? [];
   const globOptions = {
     __proto__: null,
     absolute: true,
     cwd,
     dot: true,
     ignore: hasNegatedPattern ? [...globs.defaultIgnore, ...cliMinimatchIgnores] : [...ignores, ...cliMinimatchIgnores].map(stripTrailingSlash),
-    ...additionalOptions
+    ...additionalOptions,
+    // Skip directories the running user cannot read rather than aborting the
+    // whole walk on the first `EACCES` (see the .gitignore discovery walk
+    // above for the full rationale). Pinned after `...additionalOptions` so a
+    // caller's options bag cannot accidentally flip it back to `false` and
+    // re-introduce the crash — `suppressErrors` is a safety invariant here, not
+    // a tunable.
+    suppressErrors: true
   };
 
   // When no filter is provided and no negated patterns exist, use the fast path.
@@ -8127,6 +8145,7 @@ function safeNpmSpecToPurl(pkgSpec) {
 exports.ALL_PACKAGE_MANAGERS = ALL_PACKAGE_MANAGERS;
 exports.AuthError = AuthError;
 exports.COMPLETION_CMD_PREFIX = COMPLETION_CMD_PREFIX;
+exports.IGNORED_DIRS = IGNORED_DIRS;
 exports.InputError = InputError;
 exports.RangeStyles = RangeStyles;
 exports.apiFetch = apiFetch;
@@ -8261,5 +8280,5 @@ exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.webLink = webLink;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=8907eca2-6921-4ecf-8a5f-ba72849ca53a
+//# debugId=3b36bb48-c24b-4b38-abfd-00291354493e
 //# sourceMappingURL=utils.js.map