From 581c65b4ece83b9be25b2e952594eb9c2a849bf5 Mon Sep 17 00:00:00 2001 From: Test User Date: Fri, 24 Apr 2026 16:06:11 -0400 Subject: [PATCH 1/2] chore(ci): bump socket-registry refs to 0371e83f MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Picks up the @socketsecurity/lib floor enforcement that landed in socket-registry 24ad6b61 — the install action now fails fast with an actionable message when the consumer's @socketsecurity/lib is below the latest version published to npm. socket-lib already pins @socketsecurity/lib-stable at 5.24.0 (the floor), so this bump is mechanical — no consumer code changes. --- .github/workflows/ci.yml | 4 ++-- .github/workflows/provenance.yml | 2 +- .github/workflows/weekly-update.yml | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cd5ac18ee..68240b8f3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,7 +21,7 @@ concurrency: jobs: ci: name: Run CI Pipeline - uses: SocketDev/socket-registry/.github/workflows/ci.yml@444b6415a78a44d50066a0eb7ef219a751224561 # main + uses: SocketDev/socket-registry/.github/workflows/ci.yml@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main with: test-script: 'pnpm exec vitest --config .config/vitest.config.mts run' @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@444b6415a78a44d50066a0eb7ef219a751224561 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main - name: Build project run: pnpm run build diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 684fe5126..7a4ccce42 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -21,7 +21,7 @@ permissions: jobs: publish: - uses: SocketDev/socket-registry/.github/workflows/provenance.yml@444b6415a78a44d50066a0eb7ef219a751224561 # main + uses: SocketDev/socket-registry/.github/workflows/provenance.yml@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main with: debug: ${{ inputs.debug }} package-name: '@socketsecurity/lib' diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml index e966c89e0..d617a2a45 100644 --- a/.github/workflows/weekly-update.yml +++ b/.github/workflows/weekly-update.yml @@ -29,7 +29,7 @@ jobs: outputs: has-updates: ${{ steps.check.outputs.has-updates }} steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@444b6415a78a44d50066a0eb7ef219a751224561 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main - name: Check for npm updates id: check @@ -54,7 +54,7 @@ jobs: contents: write pull-requests: write steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@444b6415a78a44d50066a0eb7ef219a751224561 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main - name: Create update branch id: branch @@ -66,7 +66,7 @@ jobs: git checkout -b "$BRANCH_NAME" echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT - - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@444b6415a78a44d50066a0eb7ef219a751224561 # main + - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main with: gpg-private-key: ${{ secrets.BOT_GPG_PRIVATE_KEY }} @@ -303,7 +303,7 @@ jobs: test-output.log retention-days: 7 - - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@444b6415a78a44d50066a0eb7ef219a751224561 # main + - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main if: always() notify: From ee14dd4353f4ccb994da03e3857e48c406e3c347 Mon Sep 17 00:00:00 2001 From: Test User Date: Fri, 24 Apr 2026 16:15:34 -0400 Subject: [PATCH 2/2] fixup: repin socket-registry to f1b40c99 (npm-banner-validation fix) The previous propagation SHA (0371e83f) shipped a guard step whose version_lt function exploded when npm view returned a Socket Firewall banner string instead of a version. f1b40c99 validates npm view output as semver before using it. --- .github/workflows/ci.yml | 4 ++-- .github/workflows/provenance.yml | 2 +- .github/workflows/weekly-update.yml | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 68240b8f3..577007d0f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,7 +21,7 @@ concurrency: jobs: ci: name: Run CI Pipeline - uses: SocketDev/socket-registry/.github/workflows/ci.yml@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main + uses: SocketDev/socket-registry/.github/workflows/ci.yml@f1b40c99a11f8f2f65a44c9e6c66e53470bd0b90 # main with: test-script: 'pnpm exec vitest --config .config/vitest.config.mts run' @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@f1b40c99a11f8f2f65a44c9e6c66e53470bd0b90 # main - name: Build project run: pnpm run build diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 7a4ccce42..f517b55cf 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -21,7 +21,7 @@ permissions: jobs: publish: - uses: SocketDev/socket-registry/.github/workflows/provenance.yml@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main + uses: SocketDev/socket-registry/.github/workflows/provenance.yml@f1b40c99a11f8f2f65a44c9e6c66e53470bd0b90 # main with: debug: ${{ inputs.debug }} package-name: '@socketsecurity/lib' diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml index d617a2a45..b9c625ef7 100644 --- a/.github/workflows/weekly-update.yml +++ b/.github/workflows/weekly-update.yml @@ -29,7 +29,7 @@ jobs: outputs: has-updates: ${{ steps.check.outputs.has-updates }} steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@f1b40c99a11f8f2f65a44c9e6c66e53470bd0b90 # main - name: Check for npm updates id: check @@ -54,7 +54,7 @@ jobs: contents: write pull-requests: write steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@f1b40c99a11f8f2f65a44c9e6c66e53470bd0b90 # main - name: Create update branch id: branch @@ -66,7 +66,7 @@ jobs: git checkout -b "$BRANCH_NAME" echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT - - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main + - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@f1b40c99a11f8f2f65a44c9e6c66e53470bd0b90 # main with: gpg-private-key: ${{ secrets.BOT_GPG_PRIVATE_KEY }} @@ -303,7 +303,7 @@ jobs: test-output.log retention-days: 7 - - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main + - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@f1b40c99a11f8f2f65a44c9e6c66e53470bd0b90 # main if: always() notify: