Skip to content

CHANGELOG.md

Latest commit

 

History

History
756 lines (493 loc) · 24.5 KB

CHANGELOG.md

File metadata and controls

756 lines (493 loc) · 24.5 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog.

1.1.55 - 2026-01-09

Changed

  • Updated the Coana CLI to v 14.12.148.

1.1.54 - 2026-01-09

Changed

  • Updated the Coana CLI to v 14.12.143.

1.1.53 - 2026-01-06

Changed

  • The scan_type query argument is now set to 'socket_tier1' when running socket scan create --reach. This change ensures Tier 1 alerts from scans are ingested into the organization-level alerts correctly.

1.1.52 - 2026-01-02

Added

  • Added --silence flag to socket fix to suppress intermediate output and show only the final result.

Changed

  • Updated the Coana CLI to v 14.12.139.

1.1.51 - 2025-12-23

Added

  • Added internal --reach-lazy-mode flag for reachability analysis.

Changed

  • Updated the Coana CLI to v 14.12.138.

1.1.50 - 2025-12-19

Fixed

  • Fixed exit code when blocking alerts are found

1.1.49 - 2025-12-17

Added

  • Added initial telemetry functionality to track CLI usage and help improve the Socket experience.

Fixed

  • Fixed error propagation when npm package finalization failed in socket fix.

Changed

  • Updated the Coana CLI to v 14.12.134.

1.1.48 - 2025-12-16

Changed

  • Updated the Coana CLI to v 14.12.130.

1.1.47 - 2025-12-15

Added

  • Added --debug flag to socket fix to enable verbose logging in the Coana CLI.

Changed

  • Updated the Coana CLI to v 14.12.127.

1.1.46 - 2025-12-12

Changed

  • Updated the Coana CLI to v 14.12.126.

1.1.45 - 2025-12-10

Changed

  • Updated the Coana CLI to v 14.12.122.

Added

  • Added --reach-use-only-pregenerated-sboms to run the Tier 1 reachability based only on pre-computed CDX and SPDX SBOMs (all other manifests are excluded).

1.1.44 - 2025-12-09

Changed

  • Updated the Coana CLI to v 14.12.118.

1.1.43 - 2025-12-08

Added

  • Added --all flag to socket fix for explicitly processing all vulnerabilities in local mode. Cannot be used with --id.

Deprecated

  • Running socket fix in local mode without --all or --id is deprecated. A warning is shown when neither flag is provided. In a future release, one of these flags will be required.

1.1.42 - 2025-12-04

Added

  • Added --ecosystems flag to socket fix.

Changed

  • Updated the Coana CLI to v 14.12.113.
  • Rename --limit flag to --pr-limit for socket fix, but keep old flag as an alias. Note: --pr-limit has no effect in local mode, use --id options instead.
  • Process all vulnerabilities with socket fix when no --id options are provided.

1.1.41 - 2025-12-02

Added

  • Added --reach-version flag to socket scan create and socket scan reach to override the @coana-tech/cli version used for reachability analysis.
  • Added --fix-version flag to socket fix to override the @coana-tech/cli version used for fix analysis.

1.1.40 - 2025-12-02

Fixed

  • Fix a bug where vulnerabilities were not found correctly during socket fix.

Changed

  • Updated the Coana CLI to v 14.12.110.

1.1.39 - 2025-12-01

Added

  • Added the --output <scan-report.json> flag to socket scan reach.

Changed

  • Updated the Coana CLI to v 14.12.107.

1.1.38 - 2025-11-26

Changed

  • Enhanced CVE to GHSA conversion with improved error detection and caching for more reliable vulnerability lookups

1.1.37 - 2025-11-26

Fixed

  • Fix a bug where setting target path could cause incorrect manifest file paths for commands socket scan reach <target>, socket scan create --reach <target>, and socket fix <target>.

1.1.36 - 2025-11-26

Fixed

  • Fix a bug where the reachability analysis would hang on runs with analysis errors.

Changed

  • Updated @coana-tech/cli to 14.12.100

1.1.35 - 2025-11-25

Added

  • Added --reach-debug flag to enable verbose logging in the reachability Coana CLI

Changed

  • Updated @coana-tech/cli to 14.12.100

1.1.34 - 2025-11-21

Fixed

  • The target path is now properly considered when conducting reachability analysis: socket scan reach <target> and socket scan create --reach <target>.
  • Fixed a bug where manifest files <target> were not included in a scan when the target was pointing to a directory.

1.1.33 - 2025-11-20

Changed

  • Updated @coana-tech/cli to 14.12.94

Fixed

  • Enhanced error badge visibility with improved text color contrast

1.1.32 - 2025-11-20

Changed

  • Updated @coana-tech/cli to 14.12.90
  • Updated @cyclonedx/cdxgen to 11.11.0

Fixed

  • Resolved --limit flag behavior to correctly restrict vulnerability processing in socket fix local mode
  • Exclude .socket.facts.json files from socket fix manifest uploads

1.1.31 - 2025-11-19

Fixed

  • Enhanced pull request descriptions to remove duplicate package listings for cleaner, more readable output

1.1.30 - 2025-11-18

Changed

  • Enhanced SOCKET_CLI_COANA_LOCAL_PATH to support compiled Coana CLI binaries alongside Node.js script files

Fixed

  • Resolved PR creation workflow to properly recreate pull requests after closing or merging
  • Corrected API token selection to honor SOCKET_CLI_API_TOKEN environment variable in package alert requests

1.1.29 - 2025-11-16

Added

  • Added options --reach-concurrency <number> and --reach-disable-analysis-splitting for socket scan create --reach

1.1.28 - 2025-11-13

Added

  • Backported socket fix with --json improvements

1.1.27 - 2025-11-12

Added

  • Backported --exclude and --include flags for socket fix command from v2

1.1.26 - 2025-11-08

Added

  • Debug logging of API requests/responses

1.1.23 - 2025-09-22

Changed

  • Enhanced --no-apply-fixes flag naming for improved clarity (previously --dont-apply-fixes)
  • Streamlined documentation and help text for better user experience
  • Improved pnpm dlx operations by removing unnecessary --ignore-scripts flag

Fixed

  • Resolved JSON example formatting in usage documentation
  • Enhanced test reliability for cdxgen on Windows platforms
  • Improved error handling in optimize command for pnpm environments

1.1.22 - 2025-09-20

Changed

  • Rename --only-compute flag to --dont-apply-fixes for socket fix, but keep old flag as an alias.

Fixed

  • Resolved interactive prompts in socket optimize when using pnpm
  • Sanitize extracted git repository names to be compatible with the Socket API.

1.1.21 - 2025-09-20

Added

  • New --compact-header flag for streamlined CLI output display

Changed

  • Enhanced package manager interception for improved security scanning
  • Improved detection of temporary package execution environments

Fixed

  • Enhanced error handling in socket optimize with proper exit codes

1.1.20 - 2025-09-19

Added

  • Terminal link support for enhanced command output formatting

Fixed

  • Resolved Windows compatibility issues with package manager execution

1.1.19 - 2025-09-19

Added

  • Enhanced testing capabilities for malware detection features

1.1.18 - 2025-09-18

Fixed

  • Enhanced compatibility with older Node.js versions

1.1.17 - 2025-09-18

Fixed

  • Enhanced Windows compatibility for package manager operations

1.1.16 - 2025-09-16

Fixed

  • Enhanced pnpm wrapper compatibility with dlx commands

1.1.15 - 2025-09-16

Changed

  • Improved socket fix error messages for missing environment variables

Fixed

  • Resolved path handling issue in socket optimize command

1.1.14 - 2025-09-17

Changed

  • Enhanced third-party tool integration

1.1.13 - 2025-09-16

Added

  • New --output-file flag for socket fix to save computed fixes to a JSON file
  • New --only-compute flag for socket fix to compute fixes without applying them

1.1.12 - 2025-09-15

Fixed

  • Enhanced security alert processing for more reliable operations

1.1.11 - 2025-09-12

Fixed

  • Improved multipart upload reliability with Socket SDK update

1.1.10 - 2025-09-11

Changed

  • Enhanced command argument filtering for improved compatibility with npm and cdxgen integrations

1.1.9 - 2025-09-11

Added

  • Enhanced socket fix --id to accept CVE IDs and PURLs in addition to GHSA IDs

Fixed

  • Correct SOCKET_CLI_API_TIMEOUT environment variable lookup

1.1.8 - 2025-09-11

Changed

  • Clearer permission error messages to help resolve access issues

1.1.7 - 2025-09-11

Added

  • Control spinner display with new --no-spinner flag

Fixed

  • Enhanced proxy support for flexible network configurations

1.1.6 - 2025-09-10

Fixed

  • Improved pull request operations with better cache management

1.1.5 - 2025-09-10

Fixed

  • Enhanced reachability analysis spinner for consistent feedback
  • Better working directory control with --cwd flag improvements

1.1.4 - 2025-09-09

Added

  • Track release changes with CHANGELOG.md
  • Enhanced development workflow with contributor guidance
  • Control scan output detail with --report-level flag

1.1.1 - 2025-09-04

Changed

  • Faster command completion with improved tab functionality
  • Smoother user experience with better loading indicators

Removed

  • Removed legacy --test and --test-script flags from socket fix
  • Continued cleanup of legacy socket fix code

1.1.0 - 2025-09-03

Added

  • See package versions directly in socket npm security reports

Changed

  • Clearer feedback for repeat socket npm installations
  • More reliable handling of scan timeouts
  • Streamlined repeat installs by hiding redundant audit info

Fixed

  • More reliable file system operations
  • Better configuration value handling

Removed

  • Cleaned up legacy socket fix code

1.0.111 - 2025-09-03

Added

  • Reimplemented --range-style flag for socket fix

Fixed

  • Enhanced CI/CD compatibility for reachability analysis and fixes

1.0.110 - 2025-09-03

Changed

  • Enhanced reachability analysis and socket fix for better output handling

1.0.109 - 2025-09-03

Changed

  • Improved build environment handling for better compatibility

1.0.108 - 2025-09-03

Changed

  • Cleaner output from wrapped commands for focused results

1.0.107 - 2025-09-02

Fixed

  • Restored build stability for reliable deployments

1.0.106 - 2025-09-02

Added

  • Control reachability analysis caching with new --reach-skip-cache flag

1.0.104 - 2025-08-29

Fixed

  • Enhanced security advisory resolution for accurate vulnerability tracking

1.0.103 - 2025-08-29

Fixed

  • Improved GitHub Security Advisory processing

1.0.102 - 2025-08-29

Fixed

  • Enhanced command flag processing for better reliability

1.0.100 - 2025-08-29

Added

  • Richer debugging output for security advisory analysis

1.0.96 - 2025-08-27

Changed

  • Streamlined organization selection for reachability analysis

1.0.89 - 2025-08-15

Added

  • Comprehensive manifest scanning with socket scan create --reach

1.0.85 - 2025-08-01

Added

  • Flexible npm path configuration via SOCKET_CLI_NPM_PATH environment variable

1.0.82 - 2025-07-30

Added

  • Memory optimization controls with --max-old-space-size and --max-semi-space-size flags

1.0.80 - 2025-07-29

Changed

  • Enhanced file discovery feedback in socket scan create

1.0.73 - 2025-07-14

Added

  • Automatic detection of .socket.facts.json configuration files

1.0.69 - 2025-07-10

Added

  • Skip pull request checks with new --no-pr-check flag for socket fix

1.0.10 - 2025-06-28

Changed

  • Enhanced performance and reliability across all commands

1.0.9 - 2025-06-28

Changed

  • Improved stability and command execution speed

1.0.8 - 2025-06-27

Changed

  • Faster command processing with optimized internals

1.0.7 - 2025-06-25

Changed

  • Enhanced reliability through improved code quality

1.0.6 - 2025-06-25

Changed

  • Smoother user experience with targeted improvements

1.0.5 - 2025-06-25

Changed

  • Faster command execution with performance enhancements

1.0.4 - 2025-06-25

Changed

  • More stable operations with targeted fixes

1.0.3 - 2025-06-25

Added

  • Load npm config as part of socket fix

1.0.2 - 2025-06-25

Added

  • Added spinner to reachability scan

1.0.1 - 2025-06-24

Added

  • Package manager version logging to info
  • Organization persistence when selecting orgs

Changed

  • Made socket fix command reuse implementations for better efficiency
  • Normalized options passed to socket fix
  • Improved banner spacing logic
  • Enhanced default org feedback and call-to-action

1.0.0 - 2025-06-13

Added

  • Official v1.0.0 release
  • Added socket org deps alias command

Changed

  • Moved dependencies command to a subcommand of organization
  • Improved UX for threat-feed and audit-logs
  • Removed Node 18 deprecation warnings
  • Removed v1 preparation flags

0.15.64 - 2025-06-13

Fixed

  • Improved socket fix error handling when server rejects request

Changed

  • Final pre-v1.0.0 stability improvements

0.15.63 - 2025-06-12

Added

  • Enhanced debugging capabilities

0.15.62 - 2025-06-12

Fixed

  • Avoided double installing during socket fix operations

0.15.61 - 2025-06-11

Fixed

  • Memory management for socket fix with packument cache clearing

0.15.60 - 2025-06-10

Changed

  • Widened Node.js test matrix
  • Removed Node 18 support due to native-ts compatibility

0.15.59 - 2025-06-09

Changed

  • Reduced Node version restrictions on CLI

0.15.57 - 2025-06-06

Added

  • Added socket threat-feed search flags

0.15.56 - 2025-05-07

Added

  • socket manifest setup for project configuration
  • Enhanced debugging output and error handling

0.15.0 - 2025-05-07

Added

  • Enhanced socket threat-feed with new API endpoints
  • socket.json configuration support
  • Improved socket fix error handling

Fixed

  • Avoid double installing with socket fix
  • CI/CD improvements reducing GitHub Action dependencies for socket fix

0.14.155 - 2025-05-07

Added

  • SOCKET_CLI_API_BASE_URL for base URL configuration
  • DISABLE_GITHUB_CACHE environment variable
  • cdxgen lifecycle logging and documentation hyperlinks

Fixed

  • Set exitCode=1 when login steps fail
  • Fixed Socket package URLs
  • Band-aid fix for socket analytics
  • Improved handling of non-SDK API calls

Changed

  • Enhanced JSON-safe API handling
  • Updated cdxgen flags and configuration

0.14.0 - 2024-10-10

Added

  • socket optimize to apply Socket registry overrides
  • Suggestion flows to socket scan create
  • JSON/markdown output support for socket repos list
  • Enhanced organization command with --json and --markdown flags
  • SOCKET_CLI_NO_API_TOKEN environment variable support
  • Improved test snapshot updating

Fixed

  • Spinner management in report flow and after API errors
  • API error handling for non-SDK calls
  • Package URL corrections

Changed

  • Added Node permissions for shadow-bin

0.13.0 - 2024-09-06

Added

  • socket threat-feed for security threat information

0.12.0 - 2024-08-30

Added

  • Diff Scan command for comparing scan results
  • Analytics enhancements and data visualization
  • Feature to save analytics data to local files

0.11.0 - 2024-08-05

Added

  • Organization listing capability

0.10.0 - 2024-07-17

Added

  • Analytics command with graphical data visualization
  • Interactive charts and graphs

0.9.0 - 2023-12-01

Added

  • Automatic latest version fetching for socket info
  • Package scoring integration
  • Human-readable issue rendering with clickable links
  • Enhanced package analysis with scores

Changed

  • Smart defaults for package version resolution
  • Improved issue visualization and reporting

0.8.0 - 2023-08-10

Added

  • Configuration-based warnings from settings
  • Enhanced socket npm installation safety checks

Changed

  • Dropped Node 14 support (EOL April 2023)
  • Added Node 16 manual testing due to c8 segfault issues

0.7.1 - 2023-06-13

Added

  • Python report creation capabilities
  • CLI login/logout functionality

Fixed

  • Lockfile handling to ensure saves on socket npm install
  • Report creation issues
  • Python uploads via CLI

Changed

  • Switched to base64 encoding for certain operations

0.6.0 - 2023-04-11

Added

  • Enhanced update notifier for npm wrapper
  • TTY IPC to mitigate sub-shell prompts

0.5.0 - 2023-03-16

Added

  • npm/npx wrapper commands (socket npm, socket npx)
  • npm provenance and publish action support

Changed

  • Reusable consistent flags across commands

0.4.0 - 2023-01-20

Added

  • Persistent authentication - CLI remembers API key for full duration
  • Comprehensive TypeScript integration and type checks
  • Enhanced development tooling and dependencies

0.3.0 - 2022-12-13

Added

  • Support for globbed input and ignores for package scanning
  • --strict and --all flags to commands
  • Configuration support using @socketsecurity/config

Changed

  • Improved error handling and messaging
  • Stricter TypeScript configuration

Fixed

  • Improved tests

0.2.1 - 2022-11-23

Added

  • Update notifier to inform users of new CLI versions

0.2.0 - 2022-11-23

Added

  • New socket report view for viewing existing reports
  • --view flag to report create for immediate viewing
  • Enhanced report creation and viewing capabilities

Changed

  • Synced up report create command with report view functionality
  • Synced up info command with report view
  • Improved examples in --help output

Fixed

  • Updated documentation and README with new features

0.1.2 - 2022-11-17

Added

  • Node 19 testing support

Changed

  • Improved documentation

0.1.1 - 2022-11-07

Changed

  • Extended README documentation

Fixed

  • Removed accidental debug code

0.1.0 - 2022-11-07

Added

  • Initial Socket CLI release
  • socket info for package security information
  • socket report create for generating security reports
  • Basic CLI infrastructure and configuration