From 2915625ef17fd66c5462b4e259b09e324d7cbeeb Mon Sep 17 00:00:00 2001 From: jdalton Date: Mon, 2 Mar 2026 20:36:46 -0500 Subject: [PATCH 1/2] chore(ci): update workflow SHA references to latest --- .github/workflows/ci.yml | 4 ++-- .github/workflows/claude-auto-review.yml | 2 +- .github/workflows/claude.yml | 2 +- .github/workflows/provenance.yml | 2 +- .github/workflows/socket-auto-pr.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 41a7a2f7e..0553abd90 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ permissions: jobs: ci: name: Run CI Pipeline - uses: SocketDev/socket-registry/.github/workflows/ci.yml@4709a2443e5a036bb0cd94e5d1559f138f05994c # main + uses: SocketDev/socket-registry/.github/workflows/ci.yml@67a3db92603c23c58031586611c7cc852244c87c # main with: test-setup-script: 'pnpm run build' lint-script: 'pnpm run lint --all' @@ -46,7 +46,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@4709a2443e5a036bb0cd94e5d1559f138f05994c # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@67a3db92603c23c58031586611c7cc852244c87c # main with: node-version: '22' diff --git a/.github/workflows/claude-auto-review.yml b/.github/workflows/claude-auto-review.yml index d36547670..f9d2f3b41 100644 --- a/.github/workflows/claude-auto-review.yml +++ b/.github/workflows/claude-auto-review.yml @@ -15,6 +15,6 @@ permissions: jobs: auto-review: - uses: SocketDev/socket-registry/.github/workflows/claude-auto-review.yml@4709a2443e5a036bb0cd94e5d1559f138f05994c # main + uses: SocketDev/socket-registry/.github/workflows/claude-auto-review.yml@67a3db92603c23c58031586611c7cc852244c87c # main secrets: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 2f4ccdf20..0f09768b0 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -22,6 +22,6 @@ permissions: jobs: claude: - uses: SocketDev/socket-registry/.github/workflows/claude.yml@4709a2443e5a036bb0cd94e5d1559f138f05994c # main + uses: SocketDev/socket-registry/.github/workflows/claude.yml@67a3db92603c23c58031586611c7cc852244c87c # main secrets: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 30f1b52ff..2ca1a11f8 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -21,7 +21,7 @@ permissions: jobs: publish: - uses: SocketDev/socket-registry/.github/workflows/provenance.yml@4709a2443e5a036bb0cd94e5d1559f138f05994c # main + uses: SocketDev/socket-registry/.github/workflows/provenance.yml@67a3db92603c23c58031586611c7cc852244c87c # main with: debug: ${{ inputs.debug }} package-name: '@socketsecurity/lib' diff --git a/.github/workflows/socket-auto-pr.yml b/.github/workflows/socket-auto-pr.yml index 10718c02c..837cc657f 100644 --- a/.github/workflows/socket-auto-pr.yml +++ b/.github/workflows/socket-auto-pr.yml @@ -24,7 +24,7 @@ permissions: jobs: socket-auto-pr: - uses: SocketDev/socket-registry/.github/workflows/socket-auto-pr.yml@4709a2443e5a036bb0cd94e5d1559f138f05994c # main + uses: SocketDev/socket-registry/.github/workflows/socket-auto-pr.yml@67a3db92603c23c58031586611c7cc852244c87c # main with: debug: ${{ inputs.debug }} autopilot: true From c6062fc0d3d2af8ffd66229d90758d372d7ab34e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 17:24:09 +0000 Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=A4=96=20Dep=20Updates:=20Bump=20vali?= =?UTF-8?q?date-npm-package-name=20from=206.0.2=20to=207.0.2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [validate-npm-package-name](https://github.com/npm/validate-npm-package-name) from 6.0.2 to 7.0.2. - [Release notes](https://github.com/npm/validate-npm-package-name/releases) - [Changelog](https://github.com/npm/validate-npm-package-name/blob/main/CHANGELOG.md) - [Commits](https://github.com/npm/validate-npm-package-name/compare/v6.0.2...v7.0.2) --- updated-dependencies: - dependency-name: validate-npm-package-name dependency-version: 7.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- pnpm-lock.yaml | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 105d3cbf4..5d685d099 100644 --- a/package.json +++ b/package.json @@ -776,7 +776,7 @@ "type-coverage": "2.29.7", "typescript": "5.9.2", "typescript-eslint": "8.44.1", - "validate-npm-package-name": "6.0.2", + "validate-npm-package-name": "7.0.2", "vite-tsconfig-paths": "5.1.4", "vitest": "4.0.3", "which": "5.0.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index e05c43b7c..4008926f1 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -243,8 +243,8 @@ importers: specifier: 8.44.1 version: 8.44.1(eslint@9.35.0(jiti@2.6.1)(supports-color@10.0.0))(supports-color@10.0.0)(typescript@5.9.2) validate-npm-package-name: - specifier: 6.0.2 - version: 6.0.2 + specifier: 7.0.2 + version: 7.0.2 vite-tsconfig-paths: specifier: 5.1.4 version: 5.1.4(supports-color@10.0.0)(typescript@5.9.2)(vite@7.1.12(@types/node@24.9.2)(jiti@2.6.1)(yaml@2.8.1)) @@ -2018,11 +2018,13 @@ packages: glob@10.4.5: resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==} + deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me hasBin: true glob@11.0.3: resolution: {integrity: sha512-2Nim7dha1KVkaiF4q6Dj+ngPPMdfvLJEOpZk/jKiUAkqKebpGAWQXAq9z1xu9HKu5lWfqw/FASuccEjyznjPaA==} engines: {node: 20 || >=22} + deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me hasBin: true globals@14.0.0: @@ -2992,18 +2994,22 @@ packages: tar@6.2.1: resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} engines: {node: '>=10'} + deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me tar@7.5.1: resolution: {integrity: sha512-nlGpxf+hv0v7GkWBK2V9spgactGOp0qvfWRxUMjqHyzrt3SgwE48DIv/FhqPHJYLHpgW1opq3nERbz5Anq7n1g==} engines: {node: '>=18'} + deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me tar@7.5.2: resolution: {integrity: sha512-7NyxrTE4Anh8km8iEy7o0QYPs+0JKBTj5ZaqHg6B39erLg0qYXN3BijtShwbsNSvQ+LN75+KV+C4QR/f6Gwnpg==} engines: {node: '>=18'} + deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me tar@7.5.7: resolution: {integrity: sha512-fov56fJiRuThVFXD6o6/Q354S7pnWMJIVlDBYijsTNx6jKSE4pvrDTs6lUnmGvNyfJwFQQwWy3owKz1ucIhveQ==} engines: {node: '>=18'} + deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me taze@19.9.2: resolution: {integrity: sha512-If8bq7lSckIMPfXV+C9jjEfdsQnRryh/foKfpX/ah6zI0TrQfUGWSGCaaD32Bqy5/KGRmLZie3EwMSr3Au21XQ==} @@ -3173,6 +3179,10 @@ packages: resolution: {integrity: sha512-IUoow1YUtvoBBC06dXs8bR8B9vuA3aJfmQNKMoaPG/OFsPmoQvw8xh+6Ye25Gx9DQhoEom3Pcu9MKHerm/NpUQ==} engines: {node: ^18.17.0 || >=20.5.0} + validate-npm-package-name@7.0.2: + resolution: {integrity: sha512-hVDIBwsRruT73PbK7uP5ebUt+ezEtCmzZz3F59BSr2F6OVFnJ/6h8liuvdLrQ88Xmnk6/+xGGuq+pG9WwTuy3A==} + engines: {node: ^20.17.0 || >=22.9.0} + vite-tsconfig-paths@5.1.4: resolution: {integrity: sha512-cYj0LRuLV2c2sMqhqhGpaO3LretdtMn/BVX4cPLanIZuwwrkVl+lK84E/miEXkCHWXuq65rhNN4rXsBcOB3S4w==} peerDependencies: @@ -6406,6 +6416,8 @@ snapshots: validate-npm-package-name@6.0.2: {} + validate-npm-package-name@7.0.2: {} + vite-tsconfig-paths@5.1.4(supports-color@10.0.0)(typescript@5.9.2)(vite@7.1.12(@types/node@24.9.2)(jiti@2.6.1)(yaml@2.8.1)): dependencies: debug: 4.4.3(supports-color@10.0.0)