chore: cascade bump — socket-registry refs + @socketsecurity/lib 5.19.1 + register .claude/hooks/*

[John-David Dalton (jdalton)]

Summary

Multi-repo cascade sync:

1. socket-registry refs (SHA pin bump)

SocketDev/socket-registry/.github/...@<SHA> refs in .github/workflows/ → @d54c36d0bed05ffffbe8b14e7663927eaa19d5df.

2. weekly-update delegation

.github/workflows/weekly-update.yml reduced to a thin delegator calling SocketDev/socket-registry/.github/workflows/weekly-update.yml@d54c36d0.

3. @socketsecurity/lib 5.19.1 bump

pnpm-workspace.yaml catalog entry @socketsecurity/lib bumped from 5.18.2 → 5.19.1. Hook manifests .claude/hooks/check-new-deps/package.json + .claude/hooks/setup-security-tools/package.json also bumped.

lib 5.19.x brings:

• New dlx pin pipeline (dlx/integrity, dlx/arborist, dlx/lockfile) with generatePackagePin() + default 7-day minimum-release-age
• pacote shim exposes tarball/manifest/packument (fixes latent runtime crash in fetchPackageManifest/fetchPackagePackument)
• DlxBinaryOptions.hash? / DlxPackageOptions.hash? / DlxPackageOptions.lockfile? options
• ~1.1 MB smaller dist/external/ via stub coverage of sigstore/tuf/arborist internals + zod v4 locales + debug/browser
• 5.19.1 restores stdio/{prompts,progress,clear} + vendored @inquirer/* shims that 5.19.0 accidentally removed — unblocks socket-cli's 12+ stdio/prompts importers

4. Register .claude/hooks/* as workspace packages

pnpm-workspace.yaml packages: glob now includes .claude/hooks/*. Taze (run via pnpm run update) now sees and bumps the hook manifests automatically, so they stay in lockstep with the catalog without manual sed.

Cascade

• Direct push (main): socket-lib (5.19.1 release), socket-btm, sdxgen, socket-tui, socketui, socket-registry, socket-packageurl-js
• PR: socket-cli (this PR), socket-sdk-js (Bump @octokit/rest from 21.1.1 to 22.0.0 #596)

Test plan

• CI green
• No stale registry refs: grep -rn "SocketDev/socket-registry" .github/ | grep "@" | grep -v d54c36d0 returns nothing
• grep @socketsecurity/lib pnpm-workspace.yaml .claude/hooks/**/package.json shows 5.19.1
• cli build succeeds — stdio/prompts resolves against lib 5.19.1
• pnpm run update now traverses .claude/hooks/* package.jsons too

[John-David Dalton (jdalton)]

Cursor (@cursor) review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.}

[John-David Dalton (jdalton)]

Cursor (@cursor) review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.}

[John-David Dalton (jdalton)]

Cursor (@cursor) review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.}

[John-David Dalton (jdalton)]

Cursor (@cursor) review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.}

[John-David Dalton (jdalton)]

Cursor (@cursor) review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.}

[John-David Dalton (jdalton)]

Cursor (@cursor) review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 0cb3a6c. Configure here.}