From 348ab1a920f9019bbbba51762f9ca3d75b7680e3 Mon Sep 17 00:00:00 2001 From: jdalton Date: Tue, 11 Nov 2025 00:57:40 -0800 Subject: [PATCH 1/2] chore(workflows): update socket-registry SHA references MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update socket-registry workflow/action references from 1a96ced to e145a6b. This includes the latest fixes for: - pnpm version conflict resolution - Security hardening (zizmor findings) - Template injection vulnerabilities - Credential persistence settings 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .github/workflows/claude-auto-review.yml | 2 +- .github/workflows/claude.yml | 2 +- .github/workflows/provenance.yml | 2 +- .github/workflows/socket-auto-pr.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/claude-auto-review.yml b/.github/workflows/claude-auto-review.yml index 3f89b574..7e1ef9f8 100644 --- a/.github/workflows/claude-auto-review.yml +++ b/.github/workflows/claude-auto-review.yml @@ -15,6 +15,6 @@ permissions: jobs: auto-review: - uses: SocketDev/socket-registry/.github/workflows/claude-auto-review.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main + uses: SocketDev/socket-registry/.github/workflows/claude-auto-review.yml@e145a6b355d614054e4df3d49ba5218812f42b3e # main secrets: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 02cf4cc0..4407e169 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -22,6 +22,6 @@ permissions: jobs: claude: - uses: SocketDev/socket-registry/.github/workflows/claude.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main + uses: SocketDev/socket-registry/.github/workflows/claude.yml@e145a6b355d614054e4df3d49ba5218812f42b3e # main secrets: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 644bbf86..1343f6e7 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -21,7 +21,7 @@ permissions: jobs: publish: - uses: SocketDev/socket-registry/.github/workflows/provenance.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main + uses: SocketDev/socket-registry/.github/workflows/provenance.yml@e145a6b355d614054e4df3d49ba5218812f42b3e # main with: debug: ${{ inputs.debug }} package-name: '@socketregistry/lib' diff --git a/.github/workflows/socket-auto-pr.yml b/.github/workflows/socket-auto-pr.yml index 19665818..bf5df126 100644 --- a/.github/workflows/socket-auto-pr.yml +++ b/.github/workflows/socket-auto-pr.yml @@ -24,7 +24,7 @@ permissions: jobs: socket-auto-pr: - uses: SocketDev/socket-registry/.github/workflows/socket-auto-pr.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main + uses: SocketDev/socket-registry/.github/workflows/socket-auto-pr.yml@e145a6b355d614054e4df3d49ba5218812f42b3e # main with: debug: ${{ inputs.debug }} autopilot: true From 180bada4c8dfef24f0c66327bacf28265a317ac1 Mon Sep 17 00:00:00 2001 From: jdalton Date: Tue, 11 Nov 2025 01:01:30 -0800 Subject: [PATCH 2/2] fix(package): add packageManager field for pnpm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add `packageManager` field to package.json to specify pnpm version. This is required by pnpm-action-setup when using socket-registry actions that don't specify the pnpm version explicitly. See: https://pnpm.io/package_json#packagemanager 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index 892a6173..2f529664 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,7 @@ { "name": "@socketsecurity/lib", "version": "3.3.1", + "packageManager": "pnpm@>=10.21.0", "license": "MIT", "description": "Core utilities and infrastructure for Socket.dev security tools", "keywords": [