chore(ci): bump socket-registry refs to f1b40c99 (npm-banner-validation fix)#615
Merged
John-David Dalton (jdalton) merged 1 commit intomainfrom Apr 24, 2026
Merged
Conversation
…on fix) The previous propagation SHA (0371e83f, merged via #611) shipped a guard step whose version_lt function exploded when npm view returned a Socket Firewall banner string instead of a version. f1b40c99 validates npm view output as semver before using it, falling back to the hardcoded floor (5.24.0) when the response isn't plain semver.
Bill Li (billxinli)
approved these changes
Apr 24, 2026
John-David Dalton (jdalton)
deleted the
chore/registry-sha-bump-f1b40c99
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps
SocketDev/socket-registryworkflow/action pins tof1b40c99.Fixes a regression introduced by the previous propagation SHA (
0371e83f, merged via #611). That commit added a runtime guard that callsnpm view @socketsecurity/lib versionto compute the floor; when the response was a Socket Firewall banner instead of a version string, the comparison function exploded with[: <banner>: integer expression expected.f1b40c99validatesnpm viewoutput against a plain-semver regex before using it, falling back to the hardcoded floor (5.24.0) when the response isn't semver. Same defensive check applied to the consumer's installed version.socket-sdk-js already pins
@socketsecurity/libat5.24.0from #611 — this bump is mechanical, no consumer code changes.Test plan