PyPI - socketsecurity - Versions diffs - 2.2.55__tar.gz → 2.2.57__tar.gz - Mend

@@ -20,7 +20,8 @@ RUN apk update && apk add --no-cache \
 # Install Go with version control
 RUN if [ "$GO_VERSION" = "system" ]; then \
-        apk add --no-cache go; \
+        apk add --no-cache go && \
+        echo "/usr/lib/go" > /etc/goroot; \
     else \
         cd /tmp && \
         ARCH=$(uname -m) && \
@@ -31,7 +32,8 @@ RUN if [ "$GO_VERSION" = "system" ]; then \
         esac && \
         wget https://golang.org/dl/go${GO_VERSION}.linux-${GOARCH}.tar.gz && \
         tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOARCH}.tar.gz && \
-        rm go${GO_VERSION}.linux-${GOARCH}.tar.gz; \
+        rm go${GO_VERSION}.linux-${GOARCH}.tar.gz && \
+        echo "/usr/local/go" > /etc/goroot; \
     fi
 # Install Java with version control
@@ -64,8 +66,7 @@ RUN npm install @coana-tech/cli socket -g && \
     rustup component add rustfmt clippy
 # Set environment paths
-ENV PATH="/usr/local/go/bin:/root/.cargo/bin:${PATH}"
-ENV GOROOT="/usr/local/go"
+ENV PATH="/usr/local/go/bin:/usr/lib/go/bin:/root/.cargo/bin:${PATH}"
 ENV GOPATH="/go"
 # Install uv

@@ -0,0 +1,9 @@
+# Changelog
+## 2.2.57
+- Fixed Dockerfile to set `GOROOT` to `/usr/lib/go` when using system Go (`GO_VERSION=system`) instead of always using `/usr/local/go`.
+## 2.2.56
+- Removed process timeout from reachability analysis subprocess. Timeouts are now only passed to the Coana CLI via the `--analysis-timeout` flag.

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: socketsecurity
-Version: 2.2.55
+Version: 2.2.57
 Summary: Socket Security CLI for CI/CD
 Project-URL: Homepage, https://socket.dev
 Author-email: Douglas Coburn <douglas@socket.dev>
@@ -584,3 +584,4 @@ pre-commit install
 ```
 > **Note**: This manual setup is an alternative to the streamlined Make targets described above. For most development workflows, using `make first-time-setup` or `make first-time-local-setup` is recommended.

@@ -527,3 +527,4 @@ pre-commit install
 ```
 > **Note**: This manual setup is an alternative to the streamlined Make targets described above. For most development workflows, using `make first-time-setup` or `make first-time-local-setup` is recommended.

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 [project]
 name = "socketsecurity"
-version = "2.2.55"
+version = "2.2.57"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [

@@ -4,6 +4,9 @@
 # docker run socketdev/cli socketcli --params
 # docker run socketdev/cli --cli-params
+# Set GOROOT from the value determined at build time
+export GOROOT=$(cat /etc/goroot)
 # Check if we have any arguments
 if [ $# -eq 0 ]; then
     # No arguments provided, run socketcli with no args (will show help)

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.55'
+__version__ = '2.2.57'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

@@ -220,7 +220,6 @@ class ReachabilityAnalyzer:
                 cwd=target_directory,
                 stdout=sys.stderr,  # Send stdout to stderr so user sees it
                 stderr=sys.stderr,  # Send stderr to stderr
-                timeout=timeout + 60 if timeout else None  # Add buffer to subprocess timeout
             )
             if result.returncode != 0:
@@ -240,9 +239,6 @@ class ReachabilityAnalyzer:
                 "tar_hash_used": tar_hash
             }
-        except subprocess.TimeoutExpired:
-            log.error(f"Reachability analysis timed out after {timeout} seconds")
-            raise Exception(f"Reachability analysis timed out after {timeout} seconds")
         except Exception as e:
             log.error(f"Failed to run reachability analysis: {str(e)}")
             raise Exception(f"Failed to run reachability analysis: {str(e)}")

socketsecurity 2.2.55__tar.gz → 2.2.57__tar.gz