Skip to content

chore: cascade bump — socket-registry refs + @socketsecurity/lib 5.19.1 + register .claude/hooks/*#1237

Open
John-David Dalton (jdalton) wants to merge 4 commits intomainfrom
chore/ci-cascade-main-34fef52b
Open

chore: cascade bump — socket-registry refs + @socketsecurity/lib 5.19.1 + register .claude/hooks/*#1237
John-David Dalton (jdalton) wants to merge 4 commits intomainfrom
chore/ci-cascade-main-34fef52b

Conversation

@jdalton
Copy link
Copy Markdown
Contributor

@jdalton John-David Dalton (jdalton) commented Apr 18, 2026

Summary

Multi-repo cascade sync:

1. socket-registry refs (SHA pin bump)

SocketDev/socket-registry/.github/...@<SHA> refs in .github/workflows/@d54c36d0bed05ffffbe8b14e7663927eaa19d5df.

2. weekly-update delegation

.github/workflows/weekly-update.yml reduced to a thin delegator calling SocketDev/socket-registry/.github/workflows/weekly-update.yml@d54c36d0.

3. @socketsecurity/lib 5.19.1 bump

pnpm-workspace.yaml catalog entry @socketsecurity/lib bumped from 5.18.25.19.1. Hook manifests .claude/hooks/check-new-deps/package.json + .claude/hooks/setup-security-tools/package.json also bumped.

lib 5.19.x brings:

  • New dlx pin pipeline (dlx/integrity, dlx/arborist, dlx/lockfile) with generatePackagePin() + default 7-day minimum-release-age
  • pacote shim exposes tarball/manifest/packument (fixes latent runtime crash in fetchPackageManifest/fetchPackagePackument)
  • DlxBinaryOptions.hash? / DlxPackageOptions.hash? / DlxPackageOptions.lockfile? options
  • ~1.1 MB smaller dist/external/ via stub coverage of sigstore/tuf/arborist internals + zod v4 locales + debug/browser
  • 5.19.1 restores stdio/{prompts,progress,clear} + vendored @inquirer/* shims that 5.19.0 accidentally removed — unblocks socket-cli's 12+ stdio/prompts importers

4. Register .claude/hooks/* as workspace packages

pnpm-workspace.yaml packages: glob now includes .claude/hooks/*. Taze (run via pnpm run update) now sees and bumps the hook manifests automatically, so they stay in lockstep with the catalog without manual sed.

Cascade

Test plan

  • CI green
  • No stale registry refs: grep -rn "SocketDev/socket-registry" .github/ | grep "@" | grep -v d54c36d0 returns nothing
  • grep @socketsecurity/lib pnpm-workspace.yaml .claude/hooks/**/package.json shows 5.19.1
  • cli build succeeds — stdio/prompts resolves against lib 5.19.1
  • pnpm run update now traverses .claude/hooks/* package.jsons too

@jdalton
Copy link
Copy Markdown
Contributor Author

Cursor (@cursor) review

Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.

@jdalton
Copy link
Copy Markdown
Contributor Author

Cursor (@cursor) review

Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.

@jdalton
Copy link
Copy Markdown
Contributor Author

Cursor (@cursor) review

Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.

@jdalton
Copy link
Copy Markdown
Contributor Author

Cursor (@cursor) review

Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.

@jdalton
Copy link
Copy Markdown
Contributor Author

Cursor (@cursor) review

Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.

@jdalton
Copy link
Copy Markdown
Contributor Author

Cursor (@cursor) review

Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.

…date

Update all SocketDev/socket-registry action/workflow SHA pins in
.github/workflows/ to d54c36d0bed05ffffbe8b14e7663927eaa19d5df (the
current propagation SHA per socket-registry's _local-not-for-reuse-*.yml
pins).

Also: .github/workflows/weekly-update.yml is now a thin delegator to
SocketDev/socket-registry/.github/workflows/weekly-update.yml — the
shared Layer 3 reusable that invokes the /updating skill umbrella via
Claude Code. Drops ~340 lines of inline update logic; same behavior.
@jdalton John-David Dalton (jdalton) force-pushed the chore/ci-cascade-main-34fef52b branch from 0cb3a6c to 781478b Compare April 19, 2026 03:46
@jdalton John-David Dalton (jdalton) changed the title chore(ci): bump socket-registry action refs to main (34fef52b) chore(ci): bump socket-registry refs to d54c36d0 + delegate weekly-update Apr 19, 2026
@jdalton John-David Dalton (jdalton) changed the title chore(ci): bump socket-registry refs to d54c36d0 + delegate weekly-update chore: cascade bump — socket-registry refs + @socketsecurity/lib 5.19.1 + register .claude/hooks/* Apr 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant