From 452f411032d6f0d95f6cda22f4f54de0df5e6278 Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Wed, 20 May 2026 10:40:41 +0200 Subject: [PATCH 1/4] feat(coana): forward SOCKET_CALLER_USER_AGENT to Coana CLI Set SOCKET_CALLER_USER_AGENT on the env passed to @coana-tech/cli in spawnCoanaDlx. Coana >= 15.3.1 appends this to its outbound axios User-Agent so backend traffic identifies the originating Socket CLI alongside the Coana version. Format: socket/ node/ / --- CHANGELOG.md | 3 +++ src/utils/dlx.mts | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d2514e0a2..130804e60 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). - **`socket manifest bazel [beta]`** — Generate Bazel JVM SBOM manifests by running `bazel query` against discovered Maven repos in a Bazel workspace. Closes the inline-Maven-declaration gap that lockfile-only parsing misses for repos like envoy, ray, tensorflow, tink-java, and or-tools. Auto-detects Bzlmod and legacy `WORKSPACE`. - **`socket scan create --auto-manifest`** now covers Bazel workspaces in addition to Gradle/Scala/Kotlin/Conda. Repos with `MODULE.bazel`, `WORKSPACE`, or `WORKSPACE.bazel` are detected automatically and their Maven dependencies extracted as part of the standard scan-create flow. +### Changed +- Forward a `SOCKET_CALLER_USER_AGENT` env var (`socket/ node/ /`) to the Coana CLI on spawn. Coana appends this to its outbound axios `User-Agent` so backend traffic identifies the originating Socket CLI alongside the Coana version. Requires `@coana-tech/cli >= 15.3.1`. + ## [1.1.97](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.97) - 2026-05-18 ### Changed diff --git a/src/utils/dlx.mts b/src/utils/dlx.mts index acb167af6..6feac628d 100644 --- a/src/utils/dlx.mts +++ b/src/utils/dlx.mts @@ -207,6 +207,10 @@ export async function spawnCoanaDlx( const mixinsEnv: Record = { SOCKET_CLI_VERSION: constants.ENV.INLINED_SOCKET_CLI_VERSION, + // Forwarded to the Coana CLI so it can append our product token to its + // outbound axios User-Agent header. Format mirrors Coana's base UA: + // `socket/ node/ /`. + SOCKET_CALLER_USER_AGENT: `socket/${constants.ENV.INLINED_SOCKET_CLI_VERSION} node/${process.version} ${process.platform}/${process.arch}`, } const defaultApiToken = getDefaultApiToken() if (defaultApiToken) { From 165022f93970cf12756d0bebb00198bd2a9376ea Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Wed, 20 May 2026 11:36:04 +0200 Subject: [PATCH 2/4] chore(release): bump version to 1.1.98 Cuts a patch release for the SOCKET_CALLER_USER_AGENT forwarding added in the previous commit. --- CHANGELOG.md | 2 ++ package.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 130804e60..e0ef7264c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). - **`socket manifest bazel [beta]`** — Generate Bazel JVM SBOM manifests by running `bazel query` against discovered Maven repos in a Bazel workspace. Closes the inline-Maven-declaration gap that lockfile-only parsing misses for repos like envoy, ray, tensorflow, tink-java, and or-tools. Auto-detects Bzlmod and legacy `WORKSPACE`. - **`socket scan create --auto-manifest`** now covers Bazel workspaces in addition to Gradle/Scala/Kotlin/Conda. Repos with `MODULE.bazel`, `WORKSPACE`, or `WORKSPACE.bazel` are detected automatically and their Maven dependencies extracted as part of the standard scan-create flow. +## [1.1.98](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.98) - 2026-05-20 + ### Changed - Forward a `SOCKET_CALLER_USER_AGENT` env var (`socket/ node/ /`) to the Coana CLI on spawn. Coana appends this to its outbound axios `User-Agent` so backend traffic identifies the originating Socket CLI alongside the Coana version. Requires `@coana-tech/cli >= 15.3.1`. diff --git a/package.json b/package.json index 9a63add5e..1b2127153 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "socket", - "version": "1.1.97", + "version": "1.1.98", "description": "CLI for Socket.dev", "homepage": "https://github.com/SocketDev/socket-cli", "license": "MIT AND OFL-1.1", From 052ad8a82839fd76eb62902a6a465741b8852b0b Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Wed, 20 May 2026 11:40:56 +0200 Subject: [PATCH 3/4] chore(release): bump version to 1.1.99 1.1.98 was claimed by the brotli upload-compression change merged into v1.x. Carve out a separate 1.1.99 section for the SOCKET_CALLER_USER_AGENT forwarding from this branch. --- CHANGELOG.md | 6 +++++- package.json | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 42f7f56c4..c403265ee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,11 +10,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). - **`socket manifest bazel [beta]`** — Generate Bazel JVM SBOM manifests by running `bazel query` against discovered Maven repos in a Bazel workspace. Closes the inline-Maven-declaration gap that lockfile-only parsing misses for repos like envoy, ray, tensorflow, tink-java, and or-tools. Auto-detects Bzlmod and legacy `WORKSPACE`. - **`socket scan create --auto-manifest`** now covers Bazel workspaces in addition to Gradle/Scala/Kotlin/Conda. Repos with `MODULE.bazel`, `WORKSPACE`, or `WORKSPACE.bazel` are detected automatically and their Maven dependencies extracted as part of the standard scan-create flow. +## [1.1.99](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.99) - 2026-05-20 + +### Changed +- Forward a `SOCKET_CALLER_USER_AGENT` env var (`socket/ node/ /`) to the Coana CLI on spawn. Coana appends this to its outbound axios `User-Agent` so backend traffic identifies the originating Socket CLI alongside the Coana version. Requires `@coana-tech/cli >= 15.3.1`. + ## [1.1.98](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.98) - 2026-05-20 ### Changed - `socket scan create --reach` now uploads the reachability facts file as brotli on the wire, shrinking mono-repo upload sizes by roughly 85% with no change to the on-disk or stored format. Faster scan submissions on slow connections. -- Forward a `SOCKET_CALLER_USER_AGENT` env var (`socket/ node/ /`) to the Coana CLI on spawn. Coana appends this to its outbound axios `User-Agent` so backend traffic identifies the originating Socket CLI alongside the Coana version. Requires `@coana-tech/cli >= 15.3.1`. ## [1.1.97](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.97) - 2026-05-18 diff --git a/package.json b/package.json index 1b2127153..940f71fbb 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "socket", - "version": "1.1.98", + "version": "1.1.99", "description": "CLI for Socket.dev", "homepage": "https://github.com/SocketDev/socket-cli", "license": "MIT AND OFL-1.1", From 822473fbd2909792b5a834f477781f25cd79da08 Mon Sep 17 00:00:00 2001 From: Martin Torp Date: Wed, 20 May 2026 11:43:27 +0200 Subject: [PATCH 4/4] upgrading coana to version 15.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Required for the SOCKET_CALLER_USER_AGENT forwarding added in this branch — Coana 15.3.1 is the version that reads the env var and appends it to its outbound axios User-Agent. --- CHANGELOG.md | 3 ++- package.json | 2 +- pnpm-lock.yaml | 10 +++++----- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c403265ee..2db542341 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,7 +13,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). ## [1.1.99](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.99) - 2026-05-20 ### Changed -- Forward a `SOCKET_CALLER_USER_AGENT` env var (`socket/ node/ /`) to the Coana CLI on spawn. Coana appends this to its outbound axios `User-Agent` so backend traffic identifies the originating Socket CLI alongside the Coana version. Requires `@coana-tech/cli >= 15.3.1`. +- Updated the Coana CLI to v `15.3.1`. +- Forward a `SOCKET_CALLER_USER_AGENT` env var (`socket/ node/ /`) to the Coana CLI on spawn. Coana appends this to its outbound axios `User-Agent` so backend traffic identifies the originating Socket CLI alongside the Coana version. ## [1.1.98](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.98) - 2026-05-20 diff --git a/package.json b/package.json index 940f71fbb..9094d265c 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "@babel/preset-typescript": "7.27.1", "@babel/runtime": "7.28.4", "@biomejs/biome": "2.2.4", - "@coana-tech/cli": "15.3.0", + "@coana-tech/cli": "15.3.1", "@cyclonedx/cdxgen": "12.1.2", "@dotenvx/dotenvx": "1.49.0", "@eslint/compat": "1.3.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index eb5f99c15..2a3362da3 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -128,8 +128,8 @@ importers: specifier: 2.2.4 version: 2.2.4 '@coana-tech/cli': - specifier: 15.3.0 - version: 15.3.0 + specifier: 15.3.1 + version: 15.3.1 '@cyclonedx/cdxgen': specifier: 12.1.2 version: 12.1.2 @@ -749,8 +749,8 @@ packages: resolution: {integrity: sha512-hAs5PPKPCQ3/Nha+1fo4A4/gL85fIfxZwHPehsjCJ+BhQH2/yw6/xReuaPA/RfNQr6iz1PcD7BZcE3ctyyl3EA==} cpu: [x64] - '@coana-tech/cli@15.3.0': - resolution: {integrity: sha512-AgwIOsZ2TeLMGKhD1GXZqfmRPEX1Ups9l8kYPIfbJ7XvqUCT//NoyE2KUBs/jP20CFcbu1x8+at6CbqAix7rcw==} + '@coana-tech/cli@15.3.1': + resolution: {integrity: sha512-57aRuG3pei2SzvPR8YN7nhCvxIK4H6hXvp7lWLJ2UJHmE1u4s+/KOUap6FGSm3hOXBX59IcAEw0Ps4EZ0DYkmA==} hasBin: true '@colors/colors@1.5.0': @@ -5385,7 +5385,7 @@ snapshots: '@cdxgen/cdxgen-plugins-bin@2.0.2': optional: true - '@coana-tech/cli@15.3.0': {} + '@coana-tech/cli@15.3.1': {} '@colors/colors@1.5.0': optional: true