chore(workflows): update socket-registry SHA references

jdalton · jdalton · commit 74d75dde2cfc · 2025-11-13T08:31:38.000-08:00
Update socket-registry workflow/action references from 1a96ced to e145a6b.

This includes the latest fixes for:
- pnpm version conflict resolution
- Security hardening (zizmor findings)
- Template injection vulnerabilities
- Credential persistence settings
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,7 +17,7 @@ permissions:
 jobs:
   ci:
     name: Run CI Pipeline
-    uses: SocketDev/socket-registry/.github/workflows/ci.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main
+    uses: SocketDev/socket-registry/.github/workflows/ci.yml@e145a6b355d614054e4df3d49ba5218812f42b3e # main
     with:
       fail-fast: false
       lint-script: 'pnpm run lint --all'
diff --git a/.github/workflows/claude-auto-review.yml b/.github/workflows/claude-auto-review.yml
@@ -12,6 +12,6 @@ permissions:
 
 jobs:
   auto-review:
-    uses: SocketDev/socket-registry/.github/workflows/claude-auto-review.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main
+    uses: SocketDev/socket-registry/.github/workflows/claude-auto-review.yml@e145a6b355d614054e4df3d49ba5218812f42b3e # main
     secrets:
       anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml
@@ -19,6 +19,6 @@ permissions:
 
 jobs:
   claude:
-    uses: SocketDev/socket-registry/.github/workflows/claude.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main
+    uses: SocketDev/socket-registry/.github/workflows/claude.yml@e145a6b355d614054e4df3d49ba5218812f42b3e # main
     secrets:
       anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
diff --git a/.github/workflows/generate.yml b/.github/workflows/generate.yml
@@ -21,13 +21,15 @@ on:
         type: boolean
 
 permissions:
-  contents: write
-  pull-requests: write
+  contents: read
 
 jobs:
   fetch_and_update:
     name: Sync OpenAPI definition
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     outputs:
       has_changes: ${{ steps.check.outputs.has_changes }}
     steps:
@@ -42,9 +44,9 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           autocrlf: false
-          token: ${{ secrets.GITHUB_TOKEN }}
+          persist-credentials: false
 
-      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@1a96ced97aaa85d61543351b90d6f463b983c46c # main
+      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@e145a6b355d614054e4df3d49ba5218812f42b3e # main
 
       - name: Fetch latest OpenAPI definition
         id: fetch
@@ -90,11 +92,16 @@ jobs:
 
       - name: Commit and push changes
         if: steps.check.outputs.has_changes == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           git checkout -b automated/open-api
           git add .
-          git commit -m "fix(openapi): sync with openapi definition"
-          git push origin automated/open-api -fu --no-verify
+          git commit -m "fix(openapi): sync with openapi definition" --no-verify
+
+          # Use gh to push (works with GITHUB_TOKEN in env)
+          gh repo set-default ${{ github.repository }}
+          git push https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }}.git automated/open-api -f
 
       - name: Create Pull Request
         if: steps.check.outputs.has_changes == 'true'
@@ -131,15 +138,18 @@ jobs:
     needs: fetch_and_update
     if: needs.fetch_and_update.outputs.has_changes == 'true'
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     outputs:
       has_changes: ${{ steps.check.outputs.has_changes }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           autocrlf: false
+          persist-credentials: false
           ref: automated/open-api
 
-      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@1a96ced97aaa85d61543351b90d6f463b983c46c # main
+      - uses: SocketDev/socket-registry/.github/actions/setup-and-install@e145a6b355d614054e4df3d49ba5218812f42b3e # main
 
       - name: Build SDK
         run: pnpm run build
diff --git a/.github/workflows/socket-auto-pr.yml b/.github/workflows/socket-auto-pr.yml
@@ -21,7 +21,7 @@ permissions:
 
 jobs:
   socket-auto-pr:
-    uses: SocketDev/socket-registry/.github/workflows/socket-auto-pr.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main
+    uses: SocketDev/socket-registry/.github/workflows/socket-auto-pr.yml@e145a6b355d614054e4df3d49ba5218812f42b3e # main
     with:
       debug: ${{ inputs.debug }}
       autopilot: true
diff --git a/package.json b/package.json
@@ -1,6 +1,7 @@
 {
   "name": "@socketsecurity/sdk",
   "version": "3.1.3",
+  "packageManager": "pnpm@>=10.21.0",
   "license": "MIT",
   "description": "SDK for the Socket API client",
   "author": {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@socketsecurity/sdk",`
`3`	`3`	`"version": "3.1.3",`
	`4`	`+ "packageManager": "pnpm@>=10.21.0",`
`4`	`5`	`"license": "MIT",`
`5`	`6`	`"description": "SDK for the Socket API client",`
`6`	`7`	`"author": {`