Skip to content

Commit 8eb6155

Browse files
jdaltonjdalton
authored
chore: bump @socketregistry/packageurl-js to 1.4.1 (#122)
* chore: bump @socketregistry/packageurl-js to 1.4.0 * chore: bump @socketregistry/packageurl-js to 1.4.1
1 parent 5f7728c commit 8eb6155

3 files changed

Lines changed: 85 additions & 7 deletions

File tree

.claude/skills/updating/reference.md

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
# updating Reference Documentation
2+
3+
## Table of Contents
4+
5+
1. [How the Update Script Works](#how-the-update-script-works)
6+
2. [Files Changed After Update](#files-changed-after-update)
7+
3. [Validation Commands](#validation-commands)
8+
4. [Troubleshooting](#troubleshooting)
9+
10+
---
11+
12+
## How the Update Script Works
13+
14+
`pnpm run update` runs `scripts/update.mjs` which performs:
15+
16+
```bash
17+
# 1. Run taze recursively with write mode
18+
pnpm exec taze -r -w
19+
20+
# 2. Force-update Socket scoped packages (bypasses taze maturity period)
21+
pnpm update @socketsecurity/* @socketregistry/* @socketbin/* --latest -r
22+
23+
# 3. pnpm install runs automatically to reconcile lockfile
24+
```
25+
26+
### Repo Structure
27+
28+
- **Single package** (not a monorepo, no `packages/` directory)
29+
- Dependencies pinned to exact versions in `package.json`
30+
- Uses `pnpm.overrides` and `pnpm.patchedDependencies` for dependency control
31+
- Has a `@socketsecurity/lib-stable` self-referencing alias used by the update script itself
32+
33+
---
34+
35+
## Files Changed After Update
36+
37+
- `package.json` - Dependency version pins
38+
- `pnpm-lock.yaml` - Lock file
39+
40+
---
41+
42+
## Validation Commands
43+
44+
```bash
45+
# Fix lint issues
46+
pnpm run fix --all
47+
48+
# Run all checks (lint + type check)
49+
pnpm run check --all
50+
51+
# Run tests
52+
pnpm test
53+
```
54+
55+
---
56+
57+
## Troubleshooting
58+
59+
### taze Fails to Detect Updates
60+
61+
**Cause:** taze has a maturity period for new releases.
62+
**Solution:** Socket packages are force-updated separately via `pnpm update --latest`.
63+
64+
### Lock File Conflicts
65+
66+
**Solution:**
67+
```bash
68+
rm pnpm-lock.yaml
69+
pnpm install
70+
```
71+
72+
### Self-Reference Alias
73+
74+
The `@socketsecurity/lib-stable` devDependency points to a published version
75+
of this package itself. It must remain on a stable release (used by
76+
`scripts/update.mjs` to avoid circular issues).

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -732,7 +732,7 @@
732732
"@npmcli/package-json": "7.0.0",
733733
"@npmcli/promise-spawn": "8.0.3",
734734
"@socketregistry/is-unicode-supported": "1.0.5",
735-
"@socketregistry/packageurl-js": "1.3.5",
735+
"@socketregistry/packageurl-js": "1.4.1",
736736
"@socketregistry/yocto-spinner": "1.0.25",
737737
"@socketsecurity/lib-stable": "npm:@socketsecurity/lib@5.11.4",
738738
"@types/node": "24.9.2",

pnpm-lock.yaml

Lines changed: 8 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)