From ff39f6c250d992341a6abfd77242a910591879ee Mon Sep 17 00:00:00 2001 From: jdalton Date: Tue, 18 Nov 2025 22:18:22 -0800 Subject: [PATCH 1/2] fix(fix): deduplicate affected packages in PR descriptions --- src/commands/fix/git.mts | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/commands/fix/git.mts b/src/commands/fix/git.mts index 5f6adb6fd..66eb9864e 100644 --- a/src/commands/fix/git.mts +++ b/src/commands/fix/git.mts @@ -60,9 +60,13 @@ export function getSocketFixPullRequestBody( if (!details) { return body } - const packages = details.vulnerabilities.nodes.map( - v => `${v.package.name} (${v.package.ecosystem})`, - ) + const packages = [ + ...new Set( + details.vulnerabilities.nodes.map( + v => `${v.package.name} (${v.package.ecosystem})`, + ), + ), + ] return [ body, '', @@ -82,9 +86,13 @@ export function getSocketFixPullRequestBody( const details = ghsaDetails?.get(id) const item = `- [${id}](${GITHUB_ADVISORIES_URL}/${id})` if (details) { - const packages = details.vulnerabilities.nodes.map( - v => `${v.package.name}`, - ) + const packages = [ + ...new Set( + details.vulnerabilities.nodes.map( + v => `${v.package.name} (${v.package.ecosystem})`, + ), + ), + ] return `${item} - ${details.summary} (${joinAnd(packages)})` } return item From f8fff7dcc5a1efecaf7122aa4d101e647fde34f1 Mon Sep 17 00:00:00 2001 From: jdalton Date: Tue, 18 Nov 2025 22:34:02 -0800 Subject: [PATCH 2/2] refactor(fix): DRY out package deduplication with getUniquePackages helper --- src/commands/fix/git.mts | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/src/commands/fix/git.mts b/src/commands/fix/git.mts index 66eb9864e..8af26bef8 100644 --- a/src/commands/fix/git.mts +++ b/src/commands/fix/git.mts @@ -6,6 +6,19 @@ import type { GhsaDetails } from '../../utils/github.mts' const GITHUB_ADVISORIES_URL = 'https://github.com/advisories' +/** + * Extract unique package names with ecosystems from vulnerability details. + */ +function getUniquePackages(details: GhsaDetails): string[] { + return [ + ...new Set( + details.vulnerabilities.nodes.map( + v => `${v.package.name} (${v.package.ecosystem})`, + ), + ), + ] +} + export type SocketFixBranchParser = ( branch: string, ) => SocketFixBranchParseResult | undefined @@ -60,13 +73,7 @@ export function getSocketFixPullRequestBody( if (!details) { return body } - const packages = [ - ...new Set( - details.vulnerabilities.nodes.map( - v => `${v.package.name} (${v.package.ecosystem})`, - ), - ), - ] + const packages = getUniquePackages(details) return [ body, '', @@ -86,13 +93,7 @@ export function getSocketFixPullRequestBody( const details = ghsaDetails?.get(id) const item = `- [${id}](${GITHUB_ADVISORIES_URL}/${id})` if (details) { - const packages = [ - ...new Set( - details.vulnerabilities.nodes.map( - v => `${v.package.name} (${v.package.ecosystem})`, - ), - ), - ] + const packages = getUniquePackages(details) return `${item} - ${details.summary} (${joinAnd(packages)})` } return item