From 27aae98fa57ab325bba29b5141e15a66127b8d1d Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Mon, 1 Sep 2025 12:59:32 +0200 Subject: [PATCH 1/3] do not pass default branch and repo name to coana CLI --- src/commands/scan/perform-reachability-analysis.mts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/commands/scan/perform-reachability-analysis.mts b/src/commands/scan/perform-reachability-analysis.mts index fe54d9512..acd1bb911 100644 --- a/src/commands/scan/perform-reachability-analysis.mts +++ b/src/commands/scan/perform-reachability-analysis.mts @@ -167,10 +167,12 @@ export async function performReachabilityAnalysis( const env: NodeJS.ProcessEnv = { ...process.env, } - if (repoName) { + // do not pass default repo and branch name to coana to mixing + // buckets (cached configuration) from projects that are likely very different. + if (repoName && repoName !== constants.SOCKET_DEFAULT_REPOSITORY) { env['SOCKET_REPO_NAME'] = repoName } - if (branchName) { + if (branchName && branchName !== constants.SOCKET_DEFAULT_BRANCH) { env['SOCKET_BRANCH_NAME'] = branchName } From 0ef5ba7cc9de34a6cddd868b13cf7f446611b442 Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Mon, 1 Sep 2025 13:49:57 +0200 Subject: [PATCH 2/3] upgrade coana to 14.12.10 --- package-lock.json | 12 ++++++------ package.json | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3274f8514..19b37248e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "socket", - "version": "1.0.104", + "version": "1.0.105", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "socket", - "version": "1.0.104", + "version": "1.0.105", "license": "MIT", "bin": { "socket": "bin/cli.js", @@ -21,7 +21,7 @@ "@babel/preset-typescript": "7.27.1", "@babel/runtime": "7.28.3", "@biomejs/biome": "2.2.2", - "@coana-tech/cli": "14.12.6", + "@coana-tech/cli": "14.12.10", "@cyclonedx/cdxgen": "11.6.0", "@dotenvx/dotenvx": "1.49.0", "@eslint/compat": "1.3.2", @@ -898,9 +898,9 @@ "optional": true }, "node_modules/@coana-tech/cli": { - "version": "14.12.6", - "resolved": "https://registry.npmjs.org/@coana-tech/cli/-/cli-14.12.6.tgz", - "integrity": "sha512-vPxrDbcmqHTSdNlKGL76FvmkXzgJvhcuBTv6uxIBPcGEfUOD2poLDCE0pco4kGEEMfQKUotHXDvG4jyOXAP3xA==", + "version": "14.12.10", + "resolved": "https://registry.npmjs.org/@coana-tech/cli/-/cli-14.12.10.tgz", + "integrity": "sha512-h3JDAQ979bDm1DYftff4x6Mn3AUNDGzPUge1HKnGhe3IDqi++Soo/m0Hz2E4G8id0v1uGnaAHHq4sPotU31vUw==", "dev": true, "bin": { "cli": "cli-wrapper.mjs" diff --git a/package.json b/package.json index 1f864f327..57e15dae9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "socket", - "version": "1.0.104", + "version": "1.0.105", "description": "CLI for Socket.dev", "homepage": "https://github.com/SocketDev/socket-cli", "license": "MIT", @@ -85,7 +85,7 @@ "@babel/preset-typescript": "7.27.1", "@babel/runtime": "7.28.3", "@biomejs/biome": "2.2.2", - "@coana-tech/cli": "14.12.6", + "@coana-tech/cli": "14.12.10", "@cyclonedx/cdxgen": "11.6.0", "@dotenvx/dotenvx": "1.49.0", "@eslint/compat": "1.3.2", From 6baf8b6913619bbee01e45770d2fd85bb2fd764a Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Mon, 1 Sep 2025 13:52:26 +0200 Subject: [PATCH 3/3] fix typo --- src/commands/scan/perform-reachability-analysis.mts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/commands/scan/perform-reachability-analysis.mts b/src/commands/scan/perform-reachability-analysis.mts index acd1bb911..dec27fdb3 100644 --- a/src/commands/scan/perform-reachability-analysis.mts +++ b/src/commands/scan/perform-reachability-analysis.mts @@ -167,7 +167,7 @@ export async function performReachabilityAnalysis( const env: NodeJS.ProcessEnv = { ...process.env, } - // do not pass default repo and branch name to coana to mixing + // do not pass default repo and branch name to coana to avoid mixing // buckets (cached configuration) from projects that are likely very different. if (repoName && repoName !== constants.SOCKET_DEFAULT_REPOSITORY) { env['SOCKET_REPO_NAME'] = repoName