Skip to content

upgrade coana to v14.12.107 #955

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jdalton merged 3 commits into from
Dec 1, 2025
Merged

upgrade coana to v14.12.107 #955

jdalton merged 3 commits into from
Dec 1, 2025

Conversation

@mtorp
Copy link
Contributor

@mtorp mtorp commented Dec 1, 2025
edited by cursor bot
Loading

  • Add the --output <scan-report.json> flag to socket scan reach.
  • Update the Coana CLI to v 14.12.107.

Note

Adds --output/-o to socket scan reach to write reports to a custom .json path (plumbed through execution and logging), and updates Coana CLI to v14.12.107 with version bump.

  • CLI: socket scan reach
    • New flag: --output <path>.json (alias -o) to write reachability report to a custom JSON file; validates extension is .json.
    • Help/Docs: Updated help text and examples to describe the new flag and default behavior.
    • Plumbing: Propagates outputPath through cmd-scan-reach.mtshandle-scan-reach.mtsperform-reachability-analysis.mtsoutput-scan-reach.mts.
      • Coana args now use the specified path for --output-dir and --socket-mode.
      • Success message now reports the actual output path.
    • Tests: Add cases for --output/-o acceptance and failures (non-.json/uppercase extension); snapshots updated for help/examples.
  • Dependencies/Version
    • Bump @coana-tech/cli to 14.12.107 and update lockfile.
    • Update package version to 1.1.39 and CHANGELOG.

Written by Cursor Bugbot for commit 10de5ce. Configure here.

@mtorp mtorp requested a review from jdalton December 1, 2025 12:47
@socket-security
Copy link

socket-security bot commented Dec 1, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​@​coana-tech/​cli@​14.12.101 ⏵ 14.12.10789 +110080 +196100

View full report

@socket-security-staging
Copy link

socket-security-staging bot commented Dec 1, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​@​coana-tech/​cli@​14.12.101 ⏵ 14.12.10789 +110080 +196100

View full report

cursor[bot]
cursor bot reviewed Dec 1, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment @cursor review or bugbot run to trigger another review on this PR

src/commands/scan/perform-reachability-analysis.mts
path.dirname(outputFilePath),
'--socket-mode',
constants.DOT_SOCKET_DOT_FACTS_JSON,
outputFilePath,
Copy link

@cursor cursor bot Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Coana socket-mode argument receives full path instead of filename

The --socket-mode Coana argument now receives outputFilePath (which can be a full path like ./reports/analysis.json) instead of just a filename. The original code pattern passed a filename to --socket-mode and a directory to --output-dir. When a user specifies --output ./reports/analysis.json, the code passes --output-dir ./reports and --socket-mode ./reports/analysis.json. If Coana combines these (placing the --socket-mode value inside --output-dir), the output could be written to an incorrect nested path. The --socket-mode value likely needs to be path.basename(outputFilePath) to maintain the expected behavior.

Fix in Cursor Fix in Web

Copy link
Contributor

@jdalton jdalton Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

☝️ @mtorp Needs double checking

Copy link
Contributor Author

@mtorp mtorp Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The --ouput-dir is actually not even used when --socket-mode is set so this comment can be ignored. I'll get the --output-dir removed completely, but I have to update the Coana CLI first. Currently it complains if you don't provide it with an output directory.

@jdalton jdalton merged commit 97aa955 into v1.x Dec 1, 2025
7 checks passed
@jdalton jdalton deleted the backport-output-flag branch December 1, 2025 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@jdalton jdalton jdalton approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mtorp @jdalton