Skip to content

chore: cherry pick fixes for rc#6975

Open
octavian-snyk wants to merge 11 commits into
release-candidatefrom
chore/cherry-pick-fixes-for-rc-2
Open

chore: cherry pick fixes for rc#6975
octavian-snyk wants to merge 11 commits into
release-candidatefrom
chore/cherry-pick-fixes-for-rc-2

Conversation

@octavian-snyk

Copy link
Copy Markdown
Contributor

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Commit messages
    are release-note ready, emphasizing
    what was changed, not how.
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)
  • Includes product update to be announced in the next stable release notes

What does this PR do?

Where should the reviewer start?

How should this be manually tested?

What's the product update that needs to be communicated to CLI users?

@octavian-snyk octavian-snyk requested a review from a team as a code owner July 8, 2026 09:06
@snyk-io

snyk-io Bot commented Jul 8, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
Warnings
⚠️

Please make changes to snyk help text in Gitbook. Changes will be automatically synchronised to Snyk CLI as a scheduled PR.
For more information, see: help/README.md.

⚠️ There are multiple commits on your branch, please squash them locally before merging!

Generated by 🚫 dangerJS against 3ae62df

@snyk-pr-review-bot

This comment has been minimized.

@snyk-pr-review-bot

This comment has been minimized.

@octavian-snyk octavian-snyk force-pushed the chore/cherry-pick-fixes-for-rc-2 branch from 542103c to 6c17a06 Compare July 8, 2026 11:37
@snyk-pr-review-bot

This comment has been minimized.

@CatalinSnyk CatalinSnyk force-pushed the chore/cherry-pick-fixes-for-rc-2 branch from 6c17a06 to 4954a65 Compare July 8, 2026 12:21
@snyk-pr-review-bot

This comment has been minimized.

@CatalinSnyk CatalinSnyk force-pushed the chore/cherry-pick-fixes-for-rc-2 branch from 4954a65 to 1e3cfdb Compare July 8, 2026 12:32
@snyk-pr-review-bot

This comment has been minimized.

@snyk-pr-review-bot

Copy link
Copy Markdown

PR Reviewer Guide 🔍

🧪 PR contains tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Broken NPM Authentication 🔴 [critical]

The upload_npm function no longer authenticates the NPM session. The previous npm config set command using HAMMERHEAD_NPM_TOKEN was removed, but it was not replaced with any logic to use the new NPM_ID_TOKEN. Furthermore, npm publish does not automatically recognize NPM_ID_TOKEN. This will result in 401 Unauthorized errors during the NPM publishing phase of the release pipeline.

if [ "${DRY_RUN}" == true ]; then
  echo "DRY RUN: uploading to npm..."
  npm publish --dry-run ${npm_tag_arg} ./binary-releases/snyk-fix.tgz
  npm publish --dry-run ${npm_tag_arg} ./binary-releases/snyk-protect.tgz
  npm publish --dry-run ${npm_tag_arg} ./binary-releases/snyk.tgz
else
  echo "Uploading to npm..."
  npm publish ${npm_tag_arg} ./binary-releases/snyk-fix.tgz
  npm publish ${npm_tag_arg} ./binary-releases/snyk-protect.tgz
  npm publish ${npm_tag_arg} ./binary-releases/snyk.tgz
fi
Style Violation 🟡 [minor]

The new test file uses CommonJS require() syntax to load fs, os, and path. The project's style guide defined in AGENTS.md explicitly requires the use of ES6 import/export for all .ts files to maintain consistency during tooling unification.

const fs = require('fs');
const os = require('os');
const path = require('path');
📚 Repository Context Analyzed

This review considered 38 relevant code sections from 13 files (average relevance: 0.92)

🤖 Repository instructions applied (from AGENTS.md)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

8 participants