chore(ci): bump socket-registry action refs to main (3362af95)#601
Closed
John-David Dalton (jdalton) wants to merge 1 commit intomainfrom
Closed
chore(ci): bump socket-registry action refs to main (3362af95)#601John-David Dalton (jdalton) wants to merge 1 commit intomainfrom
John-David Dalton (jdalton) wants to merge 1 commit intomainfrom
Conversation
John-David Dalton (jdalton)
added a commit
that referenced
this pull request
Apr 20, 2026
Cascades the pnpm 11.0.0-rc.0 → 11.0.0-rc.2 bump from socket-registry. Folds PR #601 into this PR.
3 tasks
Contributor
Author
John-David Dalton (jdalton)
added a commit
that referenced
this pull request
Apr 20, 2026
…workspace hooks + lib-stub expansion Squash of the full cascade sync branch: 1. socket-registry action refs bumped to @3362af95fadd1e325cb48e9ad6daff21c112bd72. Cascades the pnpm 11.0.0-rc.0 → 11.0.0-rc.2 bump from socket-registry. 2. .github/workflows/weekly-update.yml reduced to a thin 20-line delegator calling SocketDev/socket-registry/.github/workflows/weekly-update.yml. 3. @socketsecurity/lib bumped 5.18.2 → 5.20.1 (via 5.19.0, 5.19.1). Hook manifest .claude/hooks/check-new-deps/package.json kept in lockstep. Brings the new dlx pin pipeline, pacote shim fix, DlxBinaryOptions.hash, and stdio/prompts restoration. 4. pnpm-workspace.yaml packages glob now includes .claude/hooks/* so taze bumps hook manifests automatically. 5. createLibStubPlugin in .config/esbuild.config.mts also stubs external/del.js + external/cacache.js (eagerly loaded by lib/fs + lib/cacache but unused by the SDK). 6. fix(publish): gate --provenance on GITHUB_ACTIONS so local publish runs don't break. 7. Fixes pre-existing printFooter imports in scripts/build.mts + scripts/check.mts that pulled from lib/stdio/header where printFooter never lived. 5.18.2's loose subpath exports hid the bug; 5.19.x surfaces it. Folds PR #601 (socket-registry 3362af95 bump) into this cascade.
John-David Dalton (jdalton)
added a commit
that referenced
this pull request
Apr 20, 2026
…workspace hooks + lib-stub expansion
Squash of the full cascade sync branch:
1. socket-registry action refs bumped to @3362af95fadd1e325cb48e9ad6daff21c112bd72.
Cascades the pnpm 11.0.0-rc.0 → 11.0.0-rc.2 bump from socket-registry.
2. .github/workflows/weekly-update.yml reduced to a thin 20-line delegator
calling SocketDev/socket-registry/.github/workflows/weekly-update.yml.
3. @socketsecurity/lib bumped 5.18.2 → 5.21.0 (via 5.19.0, 5.19.1, 5.20.0,
5.20.1). Hook manifest .claude/hooks/check-new-deps/package.json kept in
lockstep. Brings:
- `schema/` module (replaces retired `validation/validate-schema`)
- `json/parse` absorbs `validation/json-parser`'s `safeJsonParse`
- `withResolvers()` on `promises` (TC39 Promise.withResolvers)
- spec-compliant `escapeRegExp` (bound to native RegExp.escape on Node 24+)
- O(1) LRU in memoization; wildcard clear() compile-once in cacache
- ENOENT normalized across extractZip/Tar/TarGz
- dlx pin pipeline, pacote shim fix, DlxBinaryOptions.hash, stdio/prompts
restoration
Test update required by #3: `test/unit/promise-queue.test.mts` —
5.21.0's bounded queue rejects the NEWEST submission when full
(preserving committed-to in-flight work), not the oldest. Renamed the
test and updated the scenario to match the new contract.
4. pnpm-workspace.yaml packages glob now includes .claude/hooks/* so taze
bumps hook manifests automatically.
5. createLibStubPlugin in .config/esbuild.config.mts also stubs external/del.js
+ external/cacache.js (eagerly loaded by lib/fs + lib/cacache but unused
by the SDK).
6. fix(publish): gate --provenance on GITHUB_ACTIONS so local publish runs
don't break.
7. Fixes pre-existing printFooter imports in scripts/build.mts +
scripts/check.mts that pulled from lib/stdio/header where printFooter
never lived. 5.18.2's loose subpath exports hid the bug; 5.19.x surfaces it.
Folds PR #601 (socket-registry 3362af95 bump) into this cascade.
John-David Dalton (jdalton)
added a commit
that referenced
this pull request
Apr 21, 2026
…workspace hooks + lib-stub expansion (#596) * chore: cascade — socket-registry refs + @socketsecurity/lib 5.21.0 + workspace hooks + lib-stub expansion Squash of the full cascade sync branch: 1. socket-registry action refs bumped to @3362af95fadd1e325cb48e9ad6daff21c112bd72. Cascades the pnpm 11.0.0-rc.0 → 11.0.0-rc.2 bump from socket-registry. 2. .github/workflows/weekly-update.yml reduced to a thin 20-line delegator calling SocketDev/socket-registry/.github/workflows/weekly-update.yml. 3. @socketsecurity/lib bumped 5.18.2 → 5.21.0 (via 5.19.0, 5.19.1, 5.20.0, 5.20.1). Hook manifest .claude/hooks/check-new-deps/package.json kept in lockstep. Brings: - `schema/` module (replaces retired `validation/validate-schema`) - `json/parse` absorbs `validation/json-parser`'s `safeJsonParse` - `withResolvers()` on `promises` (TC39 Promise.withResolvers) - spec-compliant `escapeRegExp` (bound to native RegExp.escape on Node 24+) - O(1) LRU in memoization; wildcard clear() compile-once in cacache - ENOENT normalized across extractZip/Tar/TarGz - dlx pin pipeline, pacote shim fix, DlxBinaryOptions.hash, stdio/prompts restoration Test update required by #3: `test/unit/promise-queue.test.mts` — 5.21.0's bounded queue rejects the NEWEST submission when full (preserving committed-to in-flight work), not the oldest. Renamed the test and updated the scenario to match the new contract. 4. pnpm-workspace.yaml packages glob now includes .claude/hooks/* so taze bumps hook manifests automatically. 5. createLibStubPlugin in .config/esbuild.config.mts also stubs external/del.js + external/cacache.js (eagerly loaded by lib/fs + lib/cacache but unused by the SDK). 6. fix(publish): gate --provenance on GITHUB_ACTIONS so local publish runs don't break. 7. Fixes pre-existing printFooter imports in scripts/build.mts + scripts/check.mts that pulled from lib/stdio/header where printFooter never lived. 5.18.2's loose subpath exports hid the bug; 5.19.x surfaces it. Folds PR #601 (socket-registry 3362af95 bump) into this cascade. * chore(ci): bump socket-registry workflow refs to 594526f * fix(ci): allow @pnpm/exe preinstall for pnpm rc.3 bootstrap * chore(ci): bump socket-registry refs to main (6e347cee) Picks up pinned sfw download fix (checksum vs version drift). * chore(ci): bump socket-registry refs to main (46132ceb) Picks up SFW_CUSTOM_REGISTRIES bypass list export. * chore(ci): bump socket-registry refs to main (a5923566) and swap secret ref * chore(provenance): drop publish-without-sfw + bump socket-registry to d638c11f Upstream socket-registry removed the publish-without-sfw escape hatch (the shim disable/restore dance is no longer needed post-bypass).
John-David Dalton (jdalton)
deleted the
chore/bump-socket-registry-3362af95
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SocketDev/socket-registry/.github/...pins to the new propagation SHA3362af95fadd1e325cb48e9ad6daff21c112bd72Test plan