socketsecurity 2.2.38__tar.gz → 2.2.43__tar.gz

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: socketsecurity
-Version: 2.2.38
+Version: 2.2.43
 Summary: Socket Security CLI for CI/CD
 Project-URL: Homepage, https://socket.dev
 Author-email: Douglas Coburn <douglas@socket.dev>
@@ -40,7 +40,7 @@ Requires-Dist: packaging
 Requires-Dist: prettytable
 Requires-Dist: python-dotenv
 Requires-Dist: requests
-Requires-Dist: socketdev<4.0.0,>=3.0.19
+Requires-Dist: socketdev<4.0.0,>=3.0.21
 Provides-Extra: dev
 Requires-Dist: hatch; extra == 'dev'
 Requires-Dist: pre-commit; extra == 'dev'
@@ -57,7 +57,7 @@ Description-Content-Type: text/markdown
 
 # Socket Security CLI
 
-The Socket Security CLI was created to enable integrations with other tools like GitHub Actions, GitLab, BitBucket, local use cases and more. The tool will get the head scan for the provided repo from Socket, create a new one, and then report any new alerts detected. If there are new alerts against the Socket security policy it'll exit with a non-Zero exit code.
+The Socket Security CLI was created to enable integrations with other tools like GitHub Actions, GitLab, BitBucket, local use cases and more. The tool will get the head scan for the provided repo from Socket, create a new one, and then report any new alerts detected. If there are new alerts with blocking actions it'll exit with a non-Zero exit code.
 
 ## Quick Start
 
@@ -553,3 +553,34 @@ Implementation targets:
 #### GitLab Integration
 - `GITLAB_TOKEN`: GitLab API token for GitLab integration (supports both Bearer and PRIVATE-TOKEN authentication)
 - `CI_JOB_TOKEN`: GitLab CI job token (automatically provided in GitLab CI environments)
+
+### Manual Development Environment Setup
+
+For manual setup without using the Make targets, follow these steps:
+
+1. **Create a virtual environment:**
+```bash
+python -m venv .venv
+```
+
+2. **Activate the virtual environment:**
+```bash
+source .venv/bin/activate
+```
+
+3. **Sync dependencies with uv:**
+```bash
+uv sync
+```
+
+4. **Install pre-commit:**
+```bash
+uv add --dev pre-commit
+```
+
+5. **Register the pre-commit hook:**
+```bash
+pre-commit install
+```
+
+> **Note**: This manual setup is an alternative to the streamlined Make targets described above. For most development workflows, using `make first-time-setup` or `make first-time-local-setup` is recommended.

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/README.md

@@ -1,6 +1,6 @@
 # Socket Security CLI
 
-The Socket Security CLI was created to enable integrations with other tools like GitHub Actions, GitLab, BitBucket, local use cases and more. The tool will get the head scan for the provided repo from Socket, create a new one, and then report any new alerts detected. If there are new alerts against the Socket security policy it'll exit with a non-Zero exit code.
+The Socket Security CLI was created to enable integrations with other tools like GitHub Actions, GitLab, BitBucket, local use cases and more. The tool will get the head scan for the provided repo from Socket, create a new one, and then report any new alerts detected. If there are new alerts with blocking actions it'll exit with a non-Zero exit code.
 
 ## Quick Start
 
@@ -496,3 +496,34 @@ Implementation targets:
 #### GitLab Integration
 - `GITLAB_TOKEN`: GitLab API token for GitLab integration (supports both Bearer and PRIVATE-TOKEN authentication)
 - `CI_JOB_TOKEN`: GitLab CI job token (automatically provided in GitLab CI environments)
+
+### Manual Development Environment Setup
+
+For manual setup without using the Make targets, follow these steps:
+
+1. **Create a virtual environment:**
+```bash
+python -m venv .venv
+```
+
+2. **Activate the virtual environment:**
+```bash
+source .venv/bin/activate
+```
+
+3. **Sync dependencies with uv:**
+```bash
+uv sync
+```
+
+4. **Install pre-commit:**
+```bash
+uv add --dev pre-commit
+```
+
+5. **Register the pre-commit hook:**
+```bash
+pre-commit install
+```
+
+> **Note**: This manual setup is an alternative to the streamlined Make targets described above. For most development workflows, using `make first-time-setup` or `make first-time-local-setup` is recommended.

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.38"
+version = "2.2.43"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
@@ -16,7 +16,7 @@ dependencies = [
     'GitPython',
     'packaging',
     'python-dotenv',
-    'socketdev>=3.0.19,<4.0.0',
+    'socketdev>=3.0.21,<4.0.0',
     "bs4>=0.0.2",
 ]
 readme = "README.md"
@@ -160,3 +160,8 @@ docstring-code-line-length = "dynamic"
 
 [tool.hatch.build.targets.wheel]
 include = ["socketsecurity", "LICENSE"]
+
+[dependency-groups]
+dev = [
+    "pre-commit>=4.3.0",
+]

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/socketsecurity/__init__.py

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.38'
+__version__ = '2.2.43'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/socketsecurity/core/__init__.py

@@ -10,13 +10,15 @@ from dataclasses import asdict
 from glob import glob
 from io import BytesIO
 from pathlib import PurePath
-from typing import BinaryIO, Dict, List, Tuple, Set, Union
+from typing import BinaryIO, Dict, List, Tuple, Set, Union, TYPE_CHECKING, Optional
+
+if TYPE_CHECKING:
+    from socketsecurity.config import CliConfig
 from socketdev import socketdev
 from socketdev.exceptions import APIFailure
 from socketdev.fullscans import FullScanParams, SocketArtifact
 from socketdev.org import Organization
 from socketdev.repos import RepositoryInfo
-from socketdev.settings import SecurityPolicyRule
 import copy
 from socketsecurity import __version__, USER_AGENT
 from socketsecurity.core.classes import (
@@ -59,11 +61,13 @@ class Core:
 
     config: SocketConfig
     sdk: socketdev
+    cli_config: Optional['CliConfig']
 
-    def __init__(self, config: SocketConfig, sdk: socketdev) -> None:
+    def __init__(self, config: SocketConfig, sdk: socketdev, cli_config: Optional['CliConfig'] = None) -> None:
         """Initialize Core with configuration and SDK instance."""
         self.config = config
         self.sdk = sdk
+        self.cli_config = cli_config
         self.set_org_vars()
 
     def set_org_vars(self) -> None:
@@ -77,8 +81,6 @@ class Core:
         self.config.full_scan_path = f"{base_path}/full-scans"
         self.config.repository_path = f"{base_path}/repos"
 
-        self.config.security_policy = self.get_security_policy()
-
     def get_org_id_slug(self) -> Tuple[str, str]:
         """Gets the Org ID and Org Slug for the API Token."""
         response = self.sdk.org.get(use_types=True)
@@ -107,16 +109,7 @@ class Core:
         """Converts artifacts dictionary to a list."""
         return list(artifacts_dict.values())
 
-    def get_security_policy(self) -> Dict[str, SecurityPolicyRule]:
-        """Gets the organization's security policy."""
-        response = self.sdk.settings.get(self.config.org_slug, use_types=True)
-
-        if not response.success:
-            log.error(f"Failed to get security policy: {response.status}")
-            log.error(response.message)
-            raise Exception(f"Failed to get security policy: {response.status}, message: {response.message}")
 
-        return response.securityPolicyRules
 
     def create_sbom_output(self, diff: Diff) -> dict:
         """Creates CycloneDX output for a given diff."""
@@ -453,7 +446,61 @@ class Core:
         log.debug(f"Created temporary empty file for baseline scan: {temp_path}")
         return [temp_path]
 
-    def create_full_scan(self, files: List[str], params: FullScanParams, base_paths: List[str] = None) -> FullScan:
+    def finalize_tier1_scan(self, full_scan_id: str, facts_file_path: str) -> bool:
+        """
+        Finalize a tier 1 reachability scan by associating it with a full scan.
+
+        This function reads the tier1ReachabilityScanId from the facts file and
+        calls the SDK to link it with the specified full scan.
+
+        Linking the tier 1 scan to the full scan helps the Socket team debug potential issues.
+
+        Args:
+            full_scan_id: The ID of the full scan to associate with the tier 1 scan
+            facts_file_path: Path to the .socket.facts.json file containing the tier1ReachabilityScanId
+
+        Returns:
+            True if successful, False otherwise
+        """
+        log.debug(f"Finalizing tier 1 scan for full scan {full_scan_id}")
+
+        # Read the tier1ReachabilityScanId from the facts file
+        try:
+            if not os.path.exists(facts_file_path):
+                log.debug(f"Facts file not found: {facts_file_path}")
+                return False
+
+            with open(facts_file_path, 'r') as f:
+                facts = json.load(f)
+
+            tier1_scan_id = facts.get('tier1ReachabilityScanId')
+            if not tier1_scan_id:
+                log.debug(f"No tier1ReachabilityScanId found in {facts_file_path}")
+                return False
+
+            tier1_scan_id = tier1_scan_id.strip()
+            log.debug(f"Found tier1ReachabilityScanId: {tier1_scan_id}")
+
+        except (json.JSONDecodeError, IOError) as e:
+            log.debug(f"Failed to read tier1ReachabilityScanId from {facts_file_path}: {e}")
+            return False
+
+        # Call the SDK to finalize the tier 1 scan
+        try:
+            success = self.sdk.fullscans.finalize_tier1(
+                full_scan_id=full_scan_id,
+                tier1_reachability_scan_id=tier1_scan_id,
+            )
+
+            if success:
+                log.debug(f"Successfully finalized tier 1 scan {tier1_scan_id} for full scan {full_scan_id}")
+            return success
+
+        except Exception as e:
+            log.debug(f"Unable to finalize tier 1 scan: {e}")
+            return False
+
+    def create_full_scan(self, files: List[str], params: FullScanParams, base_paths: Optional[List[str]] = None) -> FullScan:
         """
         Creates a new full scan via the Socket API.
 
@@ -478,6 +525,19 @@ class Core:
         total_time = create_full_end - create_full_start
         log.debug(f"New Full Scan created in {total_time:.2f} seconds")
 
+        # Finalize tier1 scan if reachability analysis was enabled
+        if self.cli_config and self.cli_config.reach:
+            facts_file_path = self.cli_config.reach_output_file or ".socket.facts.json"
+            log.debug(f"Reachability analysis enabled, finalizing tier1 scan for full scan {full_scan.id}")
+            try:
+                success = self.finalize_tier1_scan(full_scan.id, facts_file_path)
+                if success:
+                    log.debug(f"Successfully finalized tier1 scan for full scan {full_scan.id}")
+                else:
+                    log.debug(f"Failed to finalize tier1 scan for full scan {full_scan.id}")
+            except Exception as e:
+                log.warning(f"Error finalizing tier1 scan for full scan {full_scan.id}: {e}")
+
         return full_scan
 
     def create_full_scan_with_report_url(
@@ -485,9 +545,9 @@ class Core:
             paths: List[str],
             params: FullScanParams,
             no_change: bool = False,
-            save_files_list_path: str = None,
-            save_manifest_tar_path: str = None,
-            base_paths: List[str] = None
+            save_files_list_path: Optional[str] = None,
+            save_manifest_tar_path: Optional[str] = None,
+            base_paths: Optional[List[str]] = None
     ) -> Diff:
         """Create a new full scan and return with html_report_url.
 
@@ -881,9 +941,9 @@ class Core:
             paths: List[str],
             params: FullScanParams,
             no_change: bool = False,
-            save_files_list_path: str = None,
-            save_manifest_tar_path: str = None,
-            base_paths: List[str] = None
+            save_files_list_path: Optional[str] = None,
+            save_manifest_tar_path: Optional[str] = None,
+            base_paths: Optional[List[str]] = None
     ) -> Diff:
         """Create a new diff using the Socket SDK.
 
@@ -1130,6 +1190,7 @@ class Core:
         )
         return purl
 
+
     @staticmethod
     def get_source_data(package: Package, packages: dict) -> list:
         """
@@ -1244,8 +1305,9 @@ class Core:
                 url=package.url
             )
 
-            if alert.type in self.config.security_policy:
-                action = self.config.security_policy[alert.type]['action']
+            # Use action from API (from security policy, label policy, triage, etc.)
+            if 'action' in alert_item and alert_item['action']:
+                action = alert_item['action']
                 setattr(issue_alert, action, True)
 
             if issue_alert.key not in alerts_collection:

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/socketsecurity/core/messages.py

@@ -416,7 +416,7 @@ class Messages:
 > **❗️ Caution**  
 > **Review the following alerts detected in dependencies.**  
 >  
-> According to your organization's Security Policy, you **must** resolve all **"Block"** alerts before proceeding. It's recommended to resolve **"Warn"** alerts too.  
+> According to your organization's policies, you **must** resolve all **"Block"** alerts before proceeding. It's recommended to resolve **"Warn"** alerts too.  
 > Learn more about [Socket for GitHub](https://socket.dev?utm_medium=gh).
 
 <!-- start-socket-updated-alerts-table -->
@@ -622,7 +622,7 @@ class Messages:
     @staticmethod
     def create_security_alert_table(diff: Diff, md: MdUtils) -> tuple[MdUtils, list, dict]:
         """
-        Creates the detected issues table based on the Security Policy
+        Creates the detected issues table based on alert actions from the API
         :param diff: Diff - Diff report with the detected issues
         :param md: MdUtils - Main markdown variable
         :return:
@@ -794,7 +794,7 @@ class Messages:
     @staticmethod
     def create_console_security_alert_table(diff: Diff) -> PrettyTable:
         """
-        Creates the detected issues table based on the Security Policy
+        Creates the detected issues table based on alert actions from the API
         :param diff: Diff - Diff report with the detected issues
         :return:
         """

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/socketsecurity/core/socket_config.py

@@ -25,7 +25,6 @@ class SocketConfig:
     org_slug: Optional[str] = None
     full_scan_path: Optional[str] = None
     repository_path: Optional[str] = None
-    security_policy: Dict = None
     repo_visibility: Optional[str] = 'private'
     all_issues: Optional['AllIssues'] = None
     excluded_dirs: Set[str] = field(default_factory=lambda: default_exclude_dirs)
@@ -42,10 +41,6 @@ class SocketConfig:
 
         self._validate_api_url(self.api_url)
 
-        # Initialize empty dict for security policy if None
-        if self.security_policy is None:
-            self.security_policy = {}
-
         # Initialize AllIssues if None
         if self.all_issues is None:
             self.all_issues = AllIssues()
@@ -70,6 +65,3 @@ class SocketConfig:
         self.full_scan_path = f"{base_path}/full-scans"
         self.repository_path = f"{base_path}/repos"
 
-    def update_security_policy(self, policy: Dict) -> None:
-        """Update security policy"""
-        self.security_policy = policy

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/socketsecurity/socketcli.py

@@ -1,4 +1,5 @@
 import json
+import os
 import sys
 import traceback
 import shutil
@@ -81,7 +82,7 @@ def main_code():
     client = CliClient(socket_config)
     sdk.api.api_url = socket_config.api_url
     log.debug("loaded client")
-    core = Core(socket_config, sdk)
+    core = Core(socket_config, sdk, config)
     log.debug("loaded core")
     
     # Check for required dependencies if reachability analysis is enabled
@@ -207,7 +208,6 @@ def main_code():
     base_paths = [config.target_path]  # Always use target_path as the single base path
     
     if config.sub_paths:
-        import os
         for sub_path in config.sub_paths:
             full_scan_path = os.path.join(config.target_path, sub_path)
             log.debug(f"Using sub-path for scanning: {full_scan_path}")
@@ -299,7 +299,6 @@ def main_code():
                 
                 # If only-facts-file mode, mark the facts file for submission
                 if config.only_facts_file:
-                    import os
                     facts_file_to_submit = os.path.abspath(output_path)
                     log.info(f"Only-facts-file mode: will submit only {facts_file_to_submit}")
                 
@@ -355,9 +354,6 @@ def main_code():
     # If using sub_paths, we need to check if manifest files exist in the scan paths
     if config.sub_paths and not files_explicitly_specified:
         # Override file checking to look in the scan paths instead
-        import os
-        from pathlib import Path
-        
         # Get manifest files from all scan paths
         try:
             all_scan_files = []
@@ -569,7 +565,7 @@ def main_code():
             )
             output_handler.handle_output(diff)
 
-        # Handle license generation
+    # Handle license generation
     if not should_skip_scan and diff.id != "NO_DIFF_RAN" and diff.id != "NO_SCAN_RAN" and config.generate_license:
         all_packages = {}
         for purl in diff.packages:

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/tests/core/conftest.py

@@ -10,7 +10,6 @@ from socketdev.fullscans import (
     StreamDiffResponse,
 )
 from socketdev.repos import GetRepoResponse
-from socketdev.settings import OrgSecurityPolicyResponse
 
 
 @pytest.fixture
@@ -88,14 +87,7 @@ def stream_diff_response(data_dir, load_json):
     })
 
 
-@pytest.fixture
-def security_policy(data_dir, load_json):
-    json_data = load_json(data_dir / "settings" / "security-policy.json")
-    return OrgSecurityPolicyResponse.from_dict({
-        "success": json_data["success"],
-        "status": json_data["status"],
-        "securityPolicyRules": json_data["securityPolicyRules"]
-    })
+
 
 
 @pytest.fixture
@@ -146,13 +138,11 @@ def mock_sdk_with_responses(
     new_scan_metadata,
     new_scan_stream,
     stream_diff_response,
-    security_policy,
     create_full_scan_response,
 ):
     sdk = mock_socket_sdk.return_value
 
     # Simple returns
-    sdk.settings.get.return_value = security_policy
     sdk.fullscans.post.return_value = create_full_scan_response
 
     # Argument-based returns

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/tests/core/test_package_and_alerts.py

@@ -33,11 +33,10 @@ class TestPackageAndAlerts:
             }
         })
         
-        # Set up settings.get() to return empty security policy
+        # Set up settings.get() to return empty response
         mock.settings = Mock()
         settings_response = Mock()
         settings_response.success = True
-        settings_response.security_policy = {}
         mock.settings.get = Mock(return_value=settings_response)
         
         return mock
@@ -48,7 +47,6 @@ class TestPackageAndAlerts:
             api_key="test-key",
             allow_unverified_ssl=False
         )
-        config.security_policy = {}  # Initialize with empty dict
         return config
     
     @pytest.fixture
@@ -135,34 +133,7 @@ class TestPackageAndAlerts:
         assert alert.type == "networkAccess"
         assert alert.severity == "high"
 
-    def test_add_package_alerts_with_security_policy(self, core):
-        """Test alerts are properly tagged based on security policy"""
-        # Mock security policy in config
-        core.config.security_policy = {
-            "networkAccess": {"action": "error"}
-        }
-        
-        package = Package(
-            id="pkg:npm/test@1.0.0",
-            name="test",
-            version="1.0.0",
-            type="npm",
-            alerts=[{
-                "type": "networkAccess",
-                "key": "test-alert",
-                "severity": "high"
-            }],
-            topLevelAncestors=[]
-        )
-        
-        alerts_collection = {}
-        packages = {package.id: package}
-        
-        result = core.add_package_alerts_to_collection(package, alerts_collection, packages)
-        
-        assert len(result) == 1
-        alert = result["test-alert"][0]
-        assert alert.error is True
+
 
     def test_get_capabilities_for_added_packages(self, core):
         """Test capability extraction from package alerts"""

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/tests/unit/test_config.py

@@ -7,13 +7,12 @@ def test_config_default_values():
 
     assert config.api_key == "test_key"
     assert config.api_url == "https://api.socket.dev/v0"
-    assert config.timeout == 30
+    assert config.timeout == 1200
     assert config.allow_unverified_ssl is False
     assert config.org_id is None
     assert config.org_slug is None
     assert config.full_scan_path is None
     assert config.repository_path is None
-    assert config.security_policy == {}
 
 def test_config_custom_values():
     """Test that config accepts custom values"""
@@ -67,14 +66,4 @@ def test_config_update_org_details():
     assert config.full_scan_path == "orgs/test-org/full-scans"
     assert config.repository_path == "orgs/test-org/repos"
 
-def test_config_update_security_policy():
-    """Test updating security policy"""
-    config = SocketConfig(api_key="test_key")
-
-    test_policy = {
-        "rule1": {"action": "block"},
-        "rule2": {"action": "warn"}
-    }
 
-    config.security_policy = test_policy
-    assert config.security_policy == test_policy

{socketsecurity-2.2.38 → socketsecurity-2.2.43}/uv.lock

@@ -1052,28 +1052,26 @@ wheels = [
 
 [[package]]
 name = "socketdev"
-version = "3.0.17"
+version = "3.0.21"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "requests" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/47/60/54b56ac179a9c89b2c9f2ab7eb5ba81220de64d11d52cf19249113ff364d/socketdev-3.0.17.tar.gz", hash = "sha256:a4446a84856c637c312d809d5b8deb25dd20ca38ae7d00a4c8104ea5b890c0af", size = 134013, upload-time = "2025-11-07T22:38:34.354Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/33/fb/4669dcd763144f7ebba824562b58648be08f93474ce12fbe3e21836e622f/socketdev-3.0.21.tar.gz", hash = "sha256:c5fe8bdba8c2c114e3bfff9f5f3a4224eca5c85f86a68f68dda8a2d3fea26815", size = 134528, upload-time = "2025-11-27T17:27:09.608Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/98/56/34ab0e33b5345ca7ada68cd0a9e9d4adcde16051192eb10f8e2c3e0deaa1/socketdev-3.0.17-py3-none-any.whl", hash = "sha256:0986ee0694d5ce879cadb8e06fcfb75a4ca2dfb6f415414593825701593cf991", size = 59317, upload-time = "2025-11-07T22:38:32.704Z" },
+    { url = "https://files.pythonhosted.org/packages/e3/40/2974cca90077b861206e8f402571047ac074f6233c524eb88e8ee9323ecc/socketdev-3.0.21-py3-none-any.whl", hash = "sha256:39a85991445a4a37b0a3bc05138d5799cefc3185b77177fdb1e0d9a2ed81fd08", size = 59698, upload-time = "2025-11-27T17:27:07.696Z" },
 ]
 
 [[package]]
 name = "socketsecurity"
-version = "2.2.26"
+version = "2.2.41"
 source = { editable = "." }
 dependencies = [
     { name = "bs4" },
     { name = "gitpython" },
-    { name = "hatch" },
     { name = "mdutils" },
     { name = "packaging" },
-    { name = "pluggy" },
     { name = "prettytable" },
     { name = "python-dotenv" },
     { name = "requests" },
@@ -1096,15 +1094,18 @@ test = [
     { name = "pytest-watch" },
 ]
 
+[package.dev-dependencies]
+dev = [
+    { name = "pre-commit" },
+]
+
 [package.metadata]
 requires-dist = [
     { name = "bs4", specifier = ">=0.0.2" },
     { name = "gitpython" },
-    { name = "hatch", specifier = ">=1.14.1" },
     { name = "hatch", marker = "extra == 'dev'" },
     { name = "mdutils" },
     { name = "packaging" },
-    { name = "pluggy", specifier = ">=1.6.0" },
     { name = "pre-commit", marker = "extra == 'dev'" },
     { name = "prettytable" },
     { name = "pytest", marker = "extra == 'test'", specifier = ">=7.4.0" },
@@ -1115,12 +1116,15 @@ requires-dist = [
     { name = "python-dotenv" },
     { name = "requests" },
     { name = "ruff", marker = "extra == 'dev'", specifier = ">=0.3.0" },
-    { name = "socketdev", specifier = ">=3.0.17,<4.0.0" },
+    { name = "socketdev", specifier = ">=3.0.21,<4.0.0" },
     { name = "twine", marker = "extra == 'dev'" },
     { name = "uv", marker = "extra == 'dev'", specifier = ">=0.1.0" },
 ]
 provides-extras = ["test", "dev"]
 
+[package.metadata.requires-dev]
+dev = [{ name = "pre-commit", specifier = ">=4.3.0" }]
+
 [[package]]
 name = "soupsieve"
 version = "2.8"