chore(ci): bump socket-registry action refs to main (3362af95)#1242
Closed
John-David Dalton (jdalton) wants to merge 1 commit intomainfrom
Closed
chore(ci): bump socket-registry action refs to main (3362af95)#1242John-David Dalton (jdalton) wants to merge 1 commit intomainfrom
John-David Dalton (jdalton) wants to merge 1 commit intomainfrom
Conversation
Bill Li (billxinli)
approved these changes
Apr 20, 2026
John-David Dalton (jdalton)
added a commit
that referenced
this pull request
Apr 20, 2026
Cascades the pnpm 11.0.0-rc.0 → 11.0.0-rc.2 bump from socket-registry. Absorbs #1242 — all SocketDev/socket-registry action/workflow pins now match the current propagation SHA per socket-registry's _local-not-for-reuse-*.yml files.
Contributor
Author
John-David Dalton (jdalton)
added a commit
that referenced
this pull request
Apr 21, 2026
….0 + register .claude/hooks/* (#1237) * chore(ci): bump socket-registry refs to d54c36d0 + delegate weekly-update Update all SocketDev/socket-registry action/workflow SHA pins in .github/workflows/ to d54c36d0bed05ffffbe8b14e7663927eaa19d5df (the current propagation SHA per socket-registry's _local-not-for-reuse-*.yml pins). Also: .github/workflows/weekly-update.yml is now a thin delegator to SocketDev/socket-registry/.github/workflows/weekly-update.yml — the shared Layer 3 reusable that invokes the /updating skill umbrella via Claude Code. Drops ~340 lines of inline update logic; same behavior. * chore: bump @socketsecurity/lib to 5.19.1 * chore: bump @socketsecurity/lib to 5.19.1 in check-new-deps+setup-security-tools hooks * chore: register .claude/hooks/* as workspace packages * chore(deps): bump @socketsecurity/lib to 5.20.1 in catalog * chore(hooks): sync .claude/hooks packages to lib 5.20.1 * chore(deps): bump @socketsecurity/lib to 5.21.0 Catalog bump from 5.20.1 to 5.21.0 plus the caller-side migrations needed for the new API surface: - pnpm-workspace.yaml catalog: 5.20.1 → 5.21.0 - packageManager + engines.pnpm: 11.0.0-rc.0 → 11.0.0-rc.2 to match the rest of the fleet Migrations for 5.21.0 changes: 1. `printFooter` moved out of `@socketsecurity/lib/stdio/header` — it was a latent wrong-path import that lib's loose subpath exports hid on 5.18.2. Now imported from `@socketsecurity/lib/stdio/footer` in scripts/check.mts and scripts/type.mts. 2. `StdioOptions` strictening via `SpawnExtra = Record<string, unknown>` — `spawnExtra?.['stdio']` is `unknown`, not assignable to `StdioOptions`. Cast to `StdioOptions | undefined` at the 9 call sites in utils/dlx/spawn.mts and utils/coana/spawn.mts. Also switched `||` → `??` so an empty-string stdio (not a real value, but TypeScript-possible) doesn't silently fall through. 3. `IpcHandshake` / `IpcMessage` types removed from `@socketsecurity/lib/ipc`. The cli validator re-derives these shapes structurally anyway — define them locally in utils/validation/ipc.mts alongside the validators. 4. `sendBootstrapHandshake`'s parameter requires a non-optional `send` method, but `ChildProcess.send` is optional. Add a runtime typeof-guard with a clear TypeError before the call (we always spawn with an IPC channel; the guard just narrows for the type system). Lint + typecheck clean. Pre-existing check-new-deps hook test failures on main are unrelated to this bump. * chore(ipc): sort locally-defined Ipc interface properties alphabetically * refactor(spawn-node): use assertion function instead of structural cast TypeScript can't narrow a parent object from a typeof-check on one of its properties, which forced `spawnResult.process as { send: ... }` downstream of the existing runtime guard. Extract the guard into a small `assertHasSend` assertion function so the call site narrows cleanly and the structural cast is gone. * chore(ci): bump socket-registry refs to 3362af95 Cascades the pnpm 11.0.0-rc.0 → 11.0.0-rc.2 bump from socket-registry. Absorbs #1242 — all SocketDev/socket-registry action/workflow pins now match the current propagation SHA per socket-registry's _local-not-for-reuse-*.yml files. * chore(ci): bump socket-registry workflow refs to 594526f * fix(ci): allow @pnpm/exe preinstall for pnpm rc.3 bootstrap * chore(ci): bump socket-registry refs to main (6e347cee) Picks up pinned sfw download fix (checksum vs version drift). * chore(ci): bump socket-registry refs to main (46132ceb) Picks up SFW_CUSTOM_REGISTRIES bypass list export. * chore(ci): bump socket-registry refs to main (a5923566) Picks up SOCKET_API_KEY secret-ref swap (GitHub secret renamed to SOCKET_API_TOKEN).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SocketDev/socket-registry/.github/...pins to the new propagation SHA3362af95fadd1e325cb48e9ad6daff21c112bd72Test plan
Note
Low Risk
Low risk config-only change, but CI and release workflows may behave differently if the updated
setup-and-install/git-signing actions change Node/pnpm setup or signing behavior.Overview
Updates GitHub Actions pins to a new
SocketDev/socket-registrycommit (3362af95…) acrossci.yml,provenance.yml, andweekly-update.yml.This bumps the reusable
setup-and-installand git-signing cleanup/setup action refs used by lint/typecheck/tests, publishing, and the weekly dependency update workflow.Reviewed by Cursor Bugbot for commit dfe517d. Configure here.