chore(ci): bump socket-registry actions to 444b6415 (scan auto-skip) (#611)

jdalton · web-flow · commit 4c5547746679 · 2026-04-24T16:04:10.000-04:00
* chore(ci): bump socket-registry refs to 444b6415 (scan auto-skip + SOCKET_TOOL_CHECKSUMS_FILE)

* chore(ci): bump @socketsecurity/lib to 5.24.0 + socket-registry to 0371e83f

The bumped socket-registry actions (Layer 1 commit 24ad6b61, surfaced
via Layer 3 propagation SHA 0371e83f) now enforce a runtime floor of
@socketsecurity/lib &gt;= the latest npm-published version. The previous
pin (5.21.0) ships a stubbed pacote fetcher that throws inside
downloadPackage when the install action provisions ecc-agentshield.

Bumps the consumer pin to 5.24.0 (current npm latest) and re-pins
socket-registry refs to the 0371e83f propagation SHA in the same
commit so CI clears both gates simultaneously.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -21,6 +21,6 @@ concurrency:
 jobs:
   ci:
     name: Run CI Pipeline
-    uses: SocketDev/socket-registry/.github/workflows/ci.yml@ebf1b48f962ea4978d63f18d5ac711cab94d597f # main
+    uses: SocketDev/socket-registry/.github/workflows/ci.yml@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main
     with:
       test-script: 'pnpm run test --all --skip-build'
diff --git a/.github/workflows/generate.yml b/.github/workflows/generate.yml
@@ -46,14 +46,14 @@ jobs:
           echo "Sleeping for $delay seconds..."
           sleep $delay
 
-      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@ebf1b48f962ea4978d63f18d5ac711cab94d597f # main
+      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main
 
       - name: Configure push credentials
         env:
           GH_TOKEN: ${{ github.token }}
         run: git remote set-url origin "https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }}.git"
 
-      - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@ebf1b48f962ea4978d63f18d5ac711cab94d597f # main
+      - uses: SocketDev/socket-registry/.github/actions/setup-git-signing@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main
         with:
           gpg-private-key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
 
@@ -145,5 +145,5 @@ jobs:
           > \`\`\`
           EOF
 
-      - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@ebf1b48f962ea4978d63f18d5ac711cab94d597f # main
+      - uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main
         if: always()
diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml
@@ -25,7 +25,7 @@ jobs:
     permissions:
       contents: write # To create GitHub releases
       id-token: write # For npm trusted publishing via OIDC
-    uses: SocketDev/socket-registry/.github/workflows/provenance.yml@ebf1b48f962ea4978d63f18d5ac711cab94d597f # main
+    uses: SocketDev/socket-registry/.github/workflows/provenance.yml@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main
     with:
       debug: ${{ inputs.debug }}
       dist-tag: ${{ inputs.dist-tag }}
diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml
@@ -10,7 +10,7 @@ permissions:
 
 jobs:
   weekly-update:
-    uses: SocketDev/socket-registry/.github/workflows/weekly-update.yml@ebf1b48f962ea4978d63f18d5ac711cab94d597f # main
+    uses: SocketDev/socket-registry/.github/workflows/weekly-update.yml@0371e83fccd7e2e5370b9ee7d0ddc882c9790210 # main
     with:
       test-setup-script: 'pnpm run build'
       test-script: 'pnpm test'
diff --git a/package.json b/package.json
@@ -71,7 +71,7 @@
     "@babel/traverse": "7.26.4",
     "@babel/types": "7.26.3",
     "@oxlint/migrate": "1.52.0",
-    "@socketsecurity/lib": "5.21.0",
+    "@socketsecurity/lib": "5.24.0",
     "@sveltejs/acorn-typescript": "1.0.8",
     "@types/babel__traverse": "7.28.0",
     "@types/node": "24.9.2",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
