npm - socket - Versions diffs - 1.1.23 → 1.1.24 - Mend

socket 1.1.23 → 1.1.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/dist/cli.js +14 -4
package/dist/cli.js.map +1 -1
package/dist/constants.js +3 -3
package/dist/constants.js.map +1 -1
package/dist/tsconfig.dts.tsbuildinfo +1 -1
package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
package/dist/types/commands/fix/handle-fix.d.mts +2 -1
package/dist/types/commands/fix/handle-fix.d.mts.map +1 -1
package/dist/types/commands/fix/types.d.mts +1 -0
package/dist/types/commands/fix/types.d.mts.map +1 -1
package/dist/types/commands/organization/fetch-organization-list.d.mts +1 -1
package/dist/types/commands/organization/fetch-organization-list.d.mts.map +1 -1
package/dist/types/utils/dlx.d.mts +3 -0
package/dist/types/utils/dlx.d.mts.map +1 -1
package/dist/utils.js +27 -3
package/dist/utils.js.map +1 -1
package/package.json +1 -1

package/dist/cli.js CHANGED Viewed

@@ -3550,6 +3550,7 @@ async function coanaFix(fixConfig) {
     ghsas,
     glob,
     limit,
+    minimumReleaseAge,
     orgSlug,
     outputFile,
     spinner
@@ -3616,7 +3617,7 @@ async function coanaFix(fixConfig) {
         }
       };
     }
-    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner,
       stdio: 'inherit'
@@ -3651,7 +3652,7 @@ async function coanaFix(fixConfig) {
   const shouldSpawnCoana = adjustedLimit > 0;
   let ids;
   if (shouldSpawnCoana && isAll) {
-    const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner
     });
@@ -3693,7 +3694,7 @@ async function coanaFix(fixConfig) {
     // Apply fix for single GHSA ID.
     // eslint-disable-next-line no-await-in-loop
-    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner,
       stdio: 'inherit'
@@ -3910,6 +3911,7 @@ async function handleFix({
   glob,
   limit,
   minSatisfying,
+  minimumReleaseAge,
   orgSlug,
   outputFile,
   outputKind,
@@ -3941,6 +3943,7 @@ async function handleFix({
     ghsas: await convertIdsToGhsas(ghsas),
     glob,
     limit,
+    minimumReleaseAge,
     orgSlug,
     rangeStyle,
     spinner,
@@ -4001,6 +4004,11 @@ Available styles:
     type: 'string',
     default: '',
     description: 'Path to store upgrades as a JSON file at this path.'
+  },
+  minimumReleaseAge: {
+    type: 'string',
+    default: '',
+    description: 'Set a minimum age requirement for suggested upgrade versions (e.g., 1h, 2d, 3w). A higher age requirement reduces the risk of upgrading to malicious versions. For example, setting the value to 1 week (1w) gives ecosystem maintainers one week to remove potentially malicious versions.'
   }
 };
 const hiddenFlags = {
@@ -4115,6 +4123,7 @@ async function run$K(argv, importMeta, {
     limit,
     markdown,
     maxSatisfying,
+    minimumReleaseAge,
     outputFile,
     prCheck,
     rangeStyle,
@@ -4164,6 +4173,7 @@ async function run$K(argv, importMeta, {
     ghsas,
     glob,
     limit,
+    minimumReleaseAge,
     minSatisfying,
     prCheck,
     orgSlug,
@@ -14954,5 +14964,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=7d7feb5c-caaa-4477-9563-76861e408418
+//# debugId=a37ba0b8-5e27-487b-ba57-2d9a99bbccae
 //# sourceMappingURL=cli.js.map