socket 1.1.39 → 1.1.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/dist/cli.js +15 -6
- package/dist/cli.js.map +1 -1
- package/dist/constants.js +4 -4
- package/dist/constants.js.map +1 -1
- package/dist/tsconfig.dts.tsbuildinfo +1 -1
- package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
- package/dist/utils.js +100 -100
- package/dist/utils.js.map +1 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
|
6
6
|
|
|
7
|
+
## [1.1.40](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.40) - 2025-12-02
|
|
8
|
+
|
|
9
|
+
### Fixed
|
|
10
|
+
- Fix a bug where vulnerabilities were not found correctly during `socket fix`.
|
|
11
|
+
|
|
12
|
+
### Changed
|
|
13
|
+
- Updated the Coana CLI to v `14.12.110`.
|
|
14
|
+
|
|
7
15
|
## [1.1.39](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.39) - 2025-12-01
|
|
8
16
|
|
|
9
17
|
### Added
|
package/dist/cli.js
CHANGED
|
@@ -3689,7 +3689,7 @@ async function getFixEnv() {
|
|
|
3689
3689
|
* Discovers GHSA IDs by running coana without applying fixes.
|
|
3690
3690
|
* Returns a list of GHSA IDs, optionally limited.
|
|
3691
3691
|
*/
|
|
3692
|
-
async function discoverGhsaIds(orgSlug, tarHash,
|
|
3692
|
+
async function discoverGhsaIds(orgSlug, tarHash, options) {
|
|
3693
3693
|
const {
|
|
3694
3694
|
cwd = process.cwd(),
|
|
3695
3695
|
limit,
|
|
@@ -3698,12 +3698,21 @@ async function discoverGhsaIds(orgSlug, tarHash, fixConfig, options) {
|
|
|
3698
3698
|
__proto__: null,
|
|
3699
3699
|
...options
|
|
3700
3700
|
};
|
|
3701
|
-
const foundCResult = await utils.spawnCoanaDlx(['
|
|
3701
|
+
const foundCResult = await utils.spawnCoanaDlx(['find-vulnerabilities', cwd, '--manifests-tar-hash', tarHash], orgSlug, {
|
|
3702
3702
|
cwd,
|
|
3703
3703
|
spinner
|
|
3704
|
+
}, {
|
|
3705
|
+
stdio: 'pipe'
|
|
3704
3706
|
});
|
|
3705
3707
|
if (foundCResult.ok) {
|
|
3706
|
-
|
|
3708
|
+
// Coana prints ghsaIds as json-formatted string on the final line of the output
|
|
3709
|
+
const foundIds = [];
|
|
3710
|
+
try {
|
|
3711
|
+
const ghsaIdsRaw = foundCResult.data.trim().split('\n').pop();
|
|
3712
|
+
if (ghsaIdsRaw) {
|
|
3713
|
+
foundIds.push(...JSON.parse(ghsaIdsRaw));
|
|
3714
|
+
}
|
|
3715
|
+
} catch {}
|
|
3707
3716
|
return limit !== undefined ? foundIds.slice(0, limit) : foundIds;
|
|
3708
3717
|
}
|
|
3709
3718
|
return [];
|
|
@@ -3781,7 +3790,7 @@ async function coanaFix(fixConfig) {
|
|
|
3781
3790
|
}
|
|
3782
3791
|
let ids;
|
|
3783
3792
|
if (isAll && limit > 0) {
|
|
3784
|
-
ids = await discoverGhsaIds(orgSlug, tarHash,
|
|
3793
|
+
ids = await discoverGhsaIds(orgSlug, tarHash, {
|
|
3785
3794
|
cwd,
|
|
3786
3795
|
limit,
|
|
3787
3796
|
spinner
|
|
@@ -3864,7 +3873,7 @@ async function coanaFix(fixConfig) {
|
|
|
3864
3873
|
const shouldSpawnCoana = adjustedLimit > 0;
|
|
3865
3874
|
let ids;
|
|
3866
3875
|
if (shouldSpawnCoana && isAll) {
|
|
3867
|
-
ids = await discoverGhsaIds(orgSlug, tarHash,
|
|
3876
|
+
ids = await discoverGhsaIds(orgSlug, tarHash, {
|
|
3868
3877
|
cwd,
|
|
3869
3878
|
limit: adjustedLimit,
|
|
3870
3879
|
spinner
|
|
@@ -15439,5 +15448,5 @@ void (async () => {
|
|
|
15439
15448
|
await utils.captureException(e);
|
|
15440
15449
|
}
|
|
15441
15450
|
})();
|
|
15442
|
-
//# debugId=
|
|
15451
|
+
//# debugId=abe9e0d9-90ff-4e73-99b1-648bc5ca3347
|
|
15443
15452
|
//# sourceMappingURL=cli.js.map
|