Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: SocketDev/socket-python-cli
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.4.4
Choose a base ref
Loading
...
head repository: SocketDev/socket-python-cli
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.4.5
Choose a head ref
Loading
  • 1 commit
  • 6 files changed
  • 1 contributor

Commits on Jun 3, 2026

  1. Harden dependency review checks across PR types (#224)

    * ci: report e2e-* checks on fork and Dependabot PRs
    
    The e2e job is skipped on PRs that can't access repository secrets
    (forks and Dependabot). Because it's skipped via a job-level `if`, its
    matrix never expands, so the required e2e-* check contexts are never
    created and branch protection waits on them indefinitely, blocking merge.
    
    Add an e2e-bypass job whose `if` is the exact negation of the e2e job's
    run condition. It emits the same e2e-* check names with a passing status
    for fork/Dependabot PRs, satisfying branch protection without running the
    real tests. The two jobs are mutually exclusive and exhaustive: every PR
    runs exactly one.
    
    Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
    
    * ci: add dependency-review-gate aggregator check
    
    The Socket Firewall enterprise smoke job is the most meaningful supply-chain
    check for maintainer-added dependencies, but it can't be required directly:
    it's conditional (per-manifest, and free-vs-enterprise per author), so on most
    PRs it's legitimately skipped -- and a required check whose job is skipped sits
    at "Expected -- Waiting for status" forever, blocking merge (the same trap
    that stranded Dependabot PRs on the e2e-* checks).
    
    Add a dependency-review-gate job that always runs and collapses every smoke
    job into one pass/fail signal: it fails iff any job that ran ended in failure
    or was cancelled; success and skipped both pass. This is the single check
    intended to be marked required later -- it satisfies Dependabot/fork PRs (which
    run Firewall-free) and maintainer PRs (Firewall-enterprise) alike, and turns a
    Socket Firewall BLOCK into a merge-blocking failure instead of a non-required
    job nobody is forced to run.
    
    Scaffolding only: the gate is not yet added to branch protection's required
    checks (deferred until it's merged to main and observed reporting).
    
    Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
    
    * chore: bump CLI to 2.4.5 and require socketdev>=3.2.1
    
    Follows the 2.4.4 release (SDK >=3.2.0) by picking up socketdev 3.2.1.
    Regenerates uv.lock to the published 3.2.1 release; no CLI logic changes.
    
    Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
    
    ---------
    
    Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
    lelia authored Jun 3, 2026
    Configuration menu
    Copy the full SHA
    62beff1 View commit details
    Browse the repository at this point in the history
Loading
Morty Proxy This is a proxified and sanitized view of the page, visit original site.