socket 1.1.24 → 1.1.25

package/dist/cli.js

@@ -3547,12 +3547,14 @@ async function coanaFix(fixConfig) {
     applyFixes,
     autopilot,
     cwd,
+    disableMajorUpdates,
     ghsas,
     glob,
     limit,
     minimumReleaseAge,
     orgSlug,
     outputFile,
+    showAffectedDirectDependencies,
     spinner
   } = fixConfig;
   const fixEnv = await getFixEnv();
@@ -3617,7 +3619,7 @@ async function coanaFix(fixConfig) {
         }
       };
     }
-    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(!applyFixes ? [constants.FLAG_DRY_RUN] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner,
       stdio: 'inherit'
@@ -3652,7 +3654,7 @@ async function coanaFix(fixConfig) {
   const shouldSpawnCoana = adjustedLimit > 0;
   let ids;
   if (shouldSpawnCoana && isAll) {
-    const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner
     });
@@ -3694,7 +3696,7 @@ async function coanaFix(fixConfig) {
 
     // Apply fix for single GHSA ID.
     // eslint-disable-next-line no-await-in-loop
-    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(minimumReleaseAge ? ['--minimum-release-age', minimumReleaseAge] : []), ...(glob ? ['--glob', glob] : []), ...(disableMajorUpdates ? ['--disable-major-updates'] : []), ...(showAffectedDirectDependencies ? ['--show-affected-direct-dependencies'] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner,
       stdio: 'inherit'
@@ -3907,6 +3909,7 @@ async function handleFix({
   applyFixes,
   autopilot,
   cwd,
+  disableMajorUpdates,
   ghsas,
   glob,
   limit,
@@ -3917,6 +3920,7 @@ async function handleFix({
   outputKind,
   prCheck,
   rangeStyle,
+  showAffectedDirectDependencies,
   spinner,
   unknownFlags
 }) {
@@ -3924,6 +3928,7 @@ async function handleFix({
   require$$9.debugDir('inspect', {
     autopilot,
     cwd,
+    disableMajorUpdates,
     ghsas,
     glob,
     limit,
@@ -3933,12 +3938,14 @@ async function handleFix({
     outputKind,
     prCheck,
     rangeStyle,
+    showAffectedDirectDependencies,
     unknownFlags
   });
   await outputFixResult(await coanaFix({
     autopilot,
     applyFixes,
     cwd,
+    disableMajorUpdates,
     // Convert mixed CVE/GHSA/PURL inputs to GHSA IDs only
     ghsas: await convertIdsToGhsas(ghsas),
     glob,
@@ -3946,6 +3953,7 @@ async function handleFix({
     minimumReleaseAge,
     orgSlug,
     rangeStyle,
+    showAffectedDirectDependencies,
     spinner,
     unknownFlags,
     outputFile
@@ -3975,6 +3983,13 @@ const generalFlags$2 = {
     // Hidden to allow custom documenting of the negated `--no-apply-fixes` variant.
     hidden: true
   },
+  majorUpdates: {
+    type: 'boolean',
+    default: true,
+    description: 'Allow major version updates. Use --no-major-updates to disable.',
+    // Hidden to allow custom documenting of the negated `--no-major-updates` variant.
+    hidden: true
+  },
   id: {
     type: 'string',
     default: [],
@@ -4009,6 +4024,11 @@ Available styles:
     type: 'string',
     default: '',
     description: 'Set a minimum age requirement for suggested upgrade versions (e.g., 1h, 2d, 3w). A higher age requirement reduces the risk of upgrading to malicious versions. For example, setting the value to 1 week (1w) gives ecosystem maintainers one week to remove potentially malicious versions.'
+  },
+  showAffectedDirectDependencies: {
+    type: 'boolean',
+    default: false,
+    description: 'List the direct dependencies responsible for introducing transitive vulnerabilities and list the updates required to resolve the vulnerabilities'
   }
 };
 const hiddenFlags = {
@@ -4092,6 +4112,12 @@ async function run$K(argv, importMeta, {
       noApplyFixes: {
         ...config.flags['applyFixes'],
         hidden: false
+      },
+      // Explicitly document the negated --no-major-updates variant.
+      noMajorUpdates: {
+        ...config.flags['majorUpdates'],
+        description: 'Do not suggest or apply fixes that require major version updates of direct or transitive dependencies',
+        hidden: false
       }
     })}
 
@@ -4121,18 +4147,21 @@ async function run$K(argv, importMeta, {
     glob,
     json,
     limit,
+    majorUpdates,
     markdown,
     maxSatisfying,
     minimumReleaseAge,
     outputFile,
     prCheck,
     rangeStyle,
+    showAffectedDirectDependencies,
     // We patched in this feature with `npx custompatch meow` at
     // socket-cli/patches/meow#13.2.0.patch.
     unknownFlags = []
   } = cli.flags;
   const dryRun = !!cli.flags['dryRun'];
   const minSatisfying = cli.flags['minSatisfying'] || !maxSatisfying;
+  const disableMajorUpdates = !majorUpdates;
   const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     test: utils.RangeStyles.includes(rangeStyle),
@@ -4170,6 +4199,7 @@ async function run$K(argv, importMeta, {
     autopilot,
     applyFixes,
     cwd,
+    disableMajorUpdates,
     ghsas,
     glob,
     limit,
@@ -4179,6 +4209,7 @@ async function run$K(argv, importMeta, {
     orgSlug,
     outputKind,
     rangeStyle,
+    showAffectedDirectDependencies,
     spinner,
     unknownFlags,
     outputFile
@@ -14964,5 +14995,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=a37ba0b8-5e27-487b-ba57-2d9a99bbccae
+//# debugId=3a127de6-5ee9-48f9-aded-7e7e7e868c6a
 //# sourceMappingURL=cli.js.map