chore: cascade bump — socket-registry refs + @socketsecurity/lib 5.21.0 + register .claude/hooks/*#1237
chore: cascade bump — socket-registry refs + @socketsecurity/lib 5.21.0 + register .claude/hooks/*#1237John-David Dalton (jdalton) wants to merge 10 commits intomainfrom
Conversation
|
Cursor (@cursor) review |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.
…date Update all SocketDev/socket-registry action/workflow SHA pins in .github/workflows/ to d54c36d0bed05ffffbe8b14e7663927eaa19d5df (the current propagation SHA per socket-registry's _local-not-for-reuse-*.yml pins). Also: .github/workflows/weekly-update.yml is now a thin delegator to SocketDev/socket-registry/.github/workflows/weekly-update.yml — the shared Layer 3 reusable that invokes the /updating skill umbrella via Claude Code. Drops ~340 lines of inline update logic; same behavior.
John-David Dalton (jdalton)
force-pushed
the
chore/ci-cascade-main-34fef52b
branch
from
0cb3a6c to
781478b
Compare
John-David Dalton (jdalton)
changed the title
John-David Dalton (jdalton)
changed the title
Catalog bump from 5.20.1 to 5.21.0 plus the caller-side migrations needed for the new API surface: - pnpm-workspace.yaml catalog: 5.20.1 → 5.21.0 - packageManager + engines.pnpm: 11.0.0-rc.0 → 11.0.0-rc.2 to match the rest of the fleet Migrations for 5.21.0 changes: 1. `printFooter` moved out of `@socketsecurity/lib/stdio/header` — it was a latent wrong-path import that lib's loose subpath exports hid on 5.18.2. Now imported from `@socketsecurity/lib/stdio/footer` in scripts/check.mts and scripts/type.mts. 2. `StdioOptions` strictening via `SpawnExtra = Record<string, unknown>` — `spawnExtra?.['stdio']` is `unknown`, not assignable to `StdioOptions`. Cast to `StdioOptions | undefined` at the 9 call sites in utils/dlx/spawn.mts and utils/coana/spawn.mts. Also switched `||` → `??` so an empty-string stdio (not a real value, but TypeScript-possible) doesn't silently fall through. 3. `IpcHandshake` / `IpcMessage` types removed from `@socketsecurity/lib/ipc`. The cli validator re-derives these shapes structurally anyway — define them locally in utils/validation/ipc.mts alongside the validators. 4. `sendBootstrapHandshake`'s parameter requires a non-optional `send` method, but `ChildProcess.send` is optional. Add a runtime typeof-guard with a clear TypeError before the call (we always spawn with an IPC channel; the guard just narrows for the type system). Lint + typecheck clean. Pre-existing check-new-deps hook test failures on main are unrelated to this bump.
John-David Dalton (jdalton)
force-pushed
the
chore/ci-cascade-main-34fef52b
branch
from
c0b52a4 to
3387322
Compare
John-David Dalton (jdalton)
changed the title
TypeScript can't narrow a parent object from a typeof-check on one of
its properties, which forced `spawnResult.process as { send: ... }`
downstream of the existing runtime guard. Extract the guard into a
small `assertHasSend` assertion function so the call site narrows
cleanly and the structural cast is gone.
Cascades the pnpm 11.0.0-rc.0 → 11.0.0-rc.2 bump from socket-registry. Absorbs #1242 — all SocketDev/socket-registry action/workflow pins now match the current propagation SHA per socket-registry's _local-not-for-reuse-*.yml files.
2 participants
Cascade bump on top of 5.20.1 and the socket-registry action-ref sync.
What's in this cascade
@3362af95fadd1e325cb48e9ad6daff21c112bd72. Cascades the pnpm11.0.0-rc.0→11.0.0-rc.2bump..github/workflows/weekly-update.ymldelegates toSocketDev/socket-registry/.github/workflows/weekly-update.yml.@socketsecurity/libbumped5.19.1→5.21.0(via5.20.0,5.20.1). Both the root catalog and the.claude/hooks/*workspace-registered packages (check-new-deps,setup-security-tools) are kept in lockstep.packageManager+engines.pnpmbumped11.0.0-rc.0→11.0.0-rc.2to match the rest of the fleet.5.21.0 API migrations needed in this repo
printFootermoved out of@socketsecurity/lib/stdio/header(latent wrong-path import that lib's loose subpath exports hid on 5.18.2). Now imported from@socketsecurity/lib/stdio/footerinscripts/check.mtsandscripts/type.mts.StdioOptionstightening viaSpawnExtra = Record<string, unknown>—spawnExtra?.['stdio']isunknown, not assignable toStdioOptions. Cast toStdioOptions | undefinedat the 10 call sites acrossutils/dlx/spawn.mtsandutils/coana/spawn.mts. Switched||→??at the same sites.IpcHandshake/IpcMessagetypes removed from@socketsecurity/lib/ipc(they were@unused Reserved for futureexports; cli was the only consumer and re-derives these shapes in its validators anyway). Define them locally inutils/validation/ipc.mts.sendBootstrapHandshake'ssendparameter is non-optional butChildProcess.sendis optional. Added atypeofruntime guard with a clearTypeErrorat the call site (the IPC channel is always requested viaensureIpcInStdio, so the guard just narrows for the type system).Caller-visible 5.21.0 changes that do NOT affect this repo
@socketsecurity/lib/validation/*→ moved toschema/*/json/parse— no consumers here.memoizeDebouncedremoved — no consumers here.getRepoUrlDetailsscp-style rejection — no consumers here.escapeRegExpoutput shape change (\xHHencoding) — no string-comparing consumers here.Test plan
pnpm install(on pnpm 11.0.0-rc.2)pnpm run check— lint, typecheck, and validators passpromise-queue,dlx/spawn,validation/ipc(see diff)check-new-depshook test failures on main are unrelated to this bump.