chore(ci): bump socket-registry refs to 0371e83f#69
Merged
John-David Dalton (jdalton) merged 2 commits intomainfrom Apr 24, 2026
Merged
chore(ci): bump socket-registry refs to 0371e83f#69John-David Dalton (jdalton) merged 2 commits intomainfrom
John-David Dalton (jdalton) merged 2 commits intomainfrom
Conversation
Picks up the @socketsecurity/lib floor enforcement that landed in socket-registry 24ad6b61 — the install action now fails fast with an actionable message when the consumer's @socketsecurity/lib is below the latest version published to npm. socket-packageurl-js already pins @socketsecurity/lib at 5.24.0 (the floor), so this bump is mechanical — no consumer code changes.
The previous propagation SHA (0371e83f) shipped a guard step whose version_lt function exploded when npm view returned a Socket Firewall banner string instead of a version. f1b40c99 validates npm view output as semver before using it.
John-David Dalton (jdalton)
deleted the
chore/registry-sha-bump-0371e83f
branch
Ari4ka
approved these changes
Apr 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps
SocketDev/socket-registryworkflow/action pins to0371e83f.This is the Layer 3 propagation SHA from socket-registry's recent cascade adding a runtime guard to the install action: it now fails fast with an actionable message when the consumer's
@socketsecurity/libis below the latest version published to npm. Below-floor versions ship a stubbed pacote fetcher that throws insidedownloadPackagewhen the install action provisions ecc-agentshield.socket-packageurl-js already pins
@socketsecurity/libat5.24.0(the current npm latest), so this is a mechanical bump — no consumer code changes. Also catches this repo up from the older13684cd8pin (skipping the intermediate444b6415cascade).Test plan