Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: SocketDev/socket-python-cli
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.2.71
Choose a base ref
...
head repository: SocketDev/socket-python-cli
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
  • 13 commits
  • 17 files changed
  • 7 contributors

Commits on Feb 5, 2026

  1. e2e tests for full scans

    @mtorp
    mtorp committed Feb 5, 2026
    Configuration menu
    Copy the full SHA
    b0c00be View commit details
    Browse the repository at this point in the history

  2. e2e test for the reachability analysis

    @mtorp
    mtorp committed Feb 5, 2026
    Configuration menu
    Copy the full SHA
    d021137 View commit details
    Browse the repository at this point in the history

  3. add socket.yml to exclude fixtures

    @mtorp
    mtorp committed Feb 5, 2026
    Configuration menu
    Copy the full SHA
    4f2be5c View commit details
    Browse the repository at this point in the history

Commits on Feb 6, 2026

  1. Merge pull request #156 from SocketDev/e2e-test 

    e2e tests for full scans + full scans with reachability
    @mtorp
    mtorp authored Feb 6, 2026
    Configuration menu
    Copy the full SHA
    38c064d View commit details
    Browse the repository at this point in the history

Commits on Feb 25, 2026

  1. Bump cryptography from 46.0.3 to 46.0.5 (#161) 

    Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 46.0.5.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.3...46.0.5)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Feb 25, 2026
    Configuration menu
    Copy the full SHA
    9b586ae View commit details
    Browse the repository at this point in the history

  2. Bump virtualenv from 20.35.4 to 20.36.1 (#150) 

    Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.35.4 to 20.36.1.
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.35.4...20.36.1)

---
updated-dependencies:
- dependency-name: virtualenv
  dependency-version: 20.36.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Douglas <douglas@socket.dev>
    @dependabot @dacoburn
    dependabot[bot] and dacoburn authored Feb 25, 2026
    Configuration menu
    Copy the full SHA
    58ccdef View commit details
    Browse the repository at this point in the history

  3. Bump filelock from 3.20.1 to 3.20.3 (#151) 

    Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.20.1 to 3.20.3.
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.20.1...3.20.3)

---
updated-dependencies:
- dependency-name: filelock
  dependency-version: 3.20.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Douglas <douglas@socket.dev>
    @dependabot @dacoburn
    dependabot[bot] and dacoburn authored Feb 25, 2026
    Configuration menu
    Copy the full SHA
    51d9b7a View commit details
    Browse the repository at this point in the history

  4. Bump urllib3 from 2.6.2 to 2.6.3 (#152) 

    Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.2 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.2...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Douglas <douglas@socket.dev>
    @dependabot @dacoburn
    dependabot[bot] and dacoburn authored Feb 25, 2026
    Configuration menu
    Copy the full SHA
    4a52594 View commit details
    Browse the repository at this point in the history

  5. Bump lodash from 4.17.21 to 4.17.23 in /tests/e2e/fixtures/simple-npm ( 

    …#157)

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Douglas <douglas@socket.dev>
    @dependabot @dacoburn
    dependabot[bot] and dacoburn authored Feb 25, 2026
    Configuration menu
    Copy the full SHA
    2e5472b View commit details
    Browse the repository at this point in the history

  6. Bump express from 4.18.2 to 4.22.0 in /tests/e2e/fixtures/simple-npm (#… 

    …158)

Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.22.0.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.22.0/History.md)
- [Commits](expressjs/express@4.18.2...4.22.0)

---
updated-dependencies:
- dependency-name: express
  dependency-version: 4.22.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Douglas <douglas@socket.dev>
    @dependabot @dacoburn
    dependabot[bot] and dacoburn authored Feb 25, 2026
    Configuration menu
    Copy the full SHA
    4397493 View commit details
    Browse the repository at this point in the history

  7. Bump axios from 1.4.0 to 1.13.5 in /tests/e2e/fixtures/simple-npm (#160) 

    Bumps [axios](https://github.com/axios/axios) from 1.4.0 to 1.13.5.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.4.0...v1.13.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Douglas <douglas@socket.dev>
    @dependabot @dacoburn
    dependabot[bot] and dacoburn authored Feb 25, 2026
    Configuration menu
    Copy the full SHA
    78d66a4 View commit details
    Browse the repository at this point in the history

Commits on Feb 26, 2026

  1. Mucha/gitlab branch protection flag (#163) 

    * added ability to prevent merges based on failed check run

* updated json format for gitlab api call

* fix: use source branch SHA for commit status, log response body

CI_COMMIT_SHA may be synthetic in merged-results pipelines.
Prefer CI_MERGE_REQUEST_SOURCE_BRANCH_SHA when available.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use context instead of name for commit status

GitLab rejects duplicate name field; context allows updates.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add ref and pipeline_id to commit status payload

GitLab uses (sha, name, ref) as unique key. Without ref,
re-runs fail with "name has already been taken".

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: drop pipeline_id from commit status payload

pipeline_id causes 404 when sha/ref don't match the pipeline.
ref alone is sufficient for uniqueness.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* renaming the commit status

* Add enable_merge_pipeline_check() to enforce pipelines-must-succeed via API

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* chore: update uv.lock version to 2.2.73

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Jonathan Mucha <jonathan@mucha.local>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Douglas <douglas@socket.dev>
    @jonathanStrange0 @claude @dacoburn
    4 people authored Feb 26, 2026
    Configuration menu
    Copy the full SHA
    b3fdd33 View commit details
    Browse the repository at this point in the history

  2. Add workspace flag to CLI args (#164) 

    * Add support for --workspace flag

Signed-off-by: lelia <lelia@socket.dev>

* Add tests to cover new workspace CLI args

Signed-off-by: lelia <lelia@socket.dev>

* Update README to document new CLI flag, and differentiate it from existing workspace-name flag

Signed-off-by: lelia <lelia@socket.dev>

* Update refs to use generic project names

Signed-off-by: lelia <lelia@socket.dev>

* Bump CLI version

Signed-off-by: lelia <lelia@socket.dev>

* Pin python and virtualenv versions to unblock builds

Signed-off-by: lelia <lelia@socket.dev>

* Bump published SDK version refs

Signed-off-by: lelia <lelia@socket.dev>

* Tweak helper text for CLI flag

Signed-off-by: lelia <lelia@socket.dev>

* Update CODEOWNERS to reflect proper team structure

Signed-off-by: lelia <lelia@socket.dev>

* Increment version again for release

Signed-off-by: lelia <lelia@socket.dev>

---------

Signed-off-by: lelia <lelia@socket.dev>
    @lelia
    lelia authored Feb 26, 2026
    Configuration menu
    Copy the full SHA
    ceb3572 View commit details
    Browse the repository at this point in the history
Loading