Skip to content

add --all flag for socket fix and make it incompatible with --id #967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jdalton merged 1 commit into from
Dec 8, 2025
Merged

add --all flag for socket fix and make it incompatible with --id #967

jdalton merged 1 commit into from
Dec 8, 2025

Conversation

@jfblaa
Copy link
Contributor

@jfblaa jfblaa commented Dec 8, 2025
edited by jdalton
Loading

implicitly use --all if no --id but warn that this is deprecated in local mode

Note

Adds --all to socket fix (cannot be combined with --id), warns in local mode when neither is provided, and threads the flag through CLI, logic, types, and tests.

  • socket fix CLI
    • Add --all flag to process all discovered vulnerabilities in local mode; update help text.
    • Enforce mutual exclusivity between --all and --id with input validation.
    • In local mode, continue discovering when no --id, but log deprecation warning if --all not provided.
  • Implementation
    • Thread all through cmd-fix.mtshandle-fix.mtscoana-fix.mts and types.mts.
    • Update discovery logic to use all || !ghsas.length.
  • Tests
    • Add integration tests for --all acceptance, incompatibility with --id, and use with --ecosystems.
  • Release
    • Bump version to 1.1.43 and update CHANGELOG.md.

Written by Cursor Bugbot for commit 5494efb. Configure here.

@jfblaa
add --all flag for socket fix and make it incompatible with --id
5494efb 
implicitly use `--all` if no `--id` but warn that this is deprecated in local mode
@jfblaa jfblaa requested review from barslev, jdalton and mtorp December 8, 2025 08:53
@jdalton jdalton merged commit da83fa1 into v1.x Dec 8, 2025
8 checks passed
@jdalton jdalton deleted the jfblaa/rea-327-add-explicit-all-for-socket-fix-local-mode branch December 8, 2025 12:04
jdalton added a commit that referenced this pull request Dec 9, 2025
@jdalton
feat(fix): add --all flag to process all vulnerabilities
0cc03a9 
Ported from v1.x commit da83fa1 (#967)

- Add --all flag to process all discovered vulnerabilities in local mode
- Make --all incompatible with --id (mutually exclusive)
- Add deprecation warning when neither --all nor --id provided in local mode
- Update shouldDiscoverGhsaIds logic to check all || !ghsas.length
- Pass all flag through cmd-fix -> handle-fix -> coana-fix
- Update test fixtures to include all parameter

Based on PR #967
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdalton jdalton jdalton approved these changes

@barslev barslev Awaiting requested review from barslev

@mtorp mtorp Awaiting requested review from mtorp

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jfblaa @jdalton