release: v1.1.98

jfblaa · jfblaa · commit 62d6dc4e3839 · 2026-05-22T19:53:59.000+02:00
- Bump Coana CLI to 15.3.8 (package.json + pnpm-lock.yaml).
- CHANGELOG entry for the new `socket manifest gradle --facts` /
  `socket manifest kotlin --facts` mode shipping alongside the
  previously-unreleased Bazel work, plus the Coana bump.
- Drop now-redundant `.toLowerCase()` from the .socket.facts.json
  basename check in handle-create-new-scan.mts (per PR review
  Finding 5 — we control every producer of this filename).
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,9 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ## [Unreleased]
 
+## [1.1.98](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.98) - 2026-05-22
+
 ### Added
 - **`socket manifest bazel [beta]`** — Generate Bazel JVM SBOM manifests by running `bazel query` against discovered Maven repos in a Bazel workspace. Closes the inline-Maven-declaration gap that lockfile-only parsing misses for repos like envoy, ray, tensorflow, tink-java, and or-tools. Auto-detects Bzlmod and legacy `WORKSPACE`.
 - **`socket scan create --auto-manifest`** now covers Bazel workspaces in addition to Gradle/Scala/Kotlin/Conda. Repos with `MODULE.bazel`, `WORKSPACE`, or `WORKSPACE.bazel` are detected automatically and their Maven dependencies extracted as part of the standard scan-create flow.
+- **`socket manifest gradle --facts [beta]`** (and its `socket manifest kotlin --facts` alias) — Emit a `.socket.facts.json` dependency graph from a Gradle build, consumable by `socket scan create --reach` as pregenerated SBOM input for Tier 1 reachability. Toggle also exposed via the `socket manifest setup` wizard for use with `--auto-manifest`.
+
+### Changed
+- Updated the Coana CLI to v `15.3.8`.
 
 ## [1.1.97](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.97) - 2026-05-18
 
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.97",
+  "version": "1.1.98",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",
@@ -97,7 +97,7 @@
     "@babel/preset-typescript": "7.27.1",
     "@babel/runtime": "7.28.4",
     "@biomejs/biome": "2.2.4",
-    "@coana-tech/cli": "15.3.0",
+    "@coana-tech/cli": "15.3.8",
     "@cyclonedx/cdxgen": "12.1.2",
     "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/commands/scan/handle-create-new-scan.mts b/src/commands/scan/handle-create-new-scan.mts
@@ -258,8 +258,7 @@ export async function handleCreateNewScan({
     // Ensure the .socket.facts.json isn't duplicated in case it happened
     // to be in the scan folder before the analysis was run.
     const filteredPackagePaths = packagePaths.filter(
-      p =>
-        path.basename(p).toLowerCase() !== constants.DOT_SOCKET_DOT_FACTS_JSON,
+      p => path.basename(p) !== constants.DOT_SOCKET_DOT_FACTS_JSON,
     )
 
     // When using pregenerated SBOMs only, filter to CDX/SPDX files.

Original file line number	Diff line number	Diff line change
`@@ -258,8 +258,7 @@ export async function handleCreateNewScan({`
`258`	`258`	`// Ensure the .socket.facts.json isn't duplicated in case it happened`
`259`	`259`	`// to be in the scan folder before the analysis was run.`
`260`	`260`	`const filteredPackagePaths = packagePaths.filter(`
`261`		`- p =>`
`262`		`- path.basename(p).toLowerCase() !== constants.DOT_SOCKET_DOT_FACTS_JSON,`
	`261`	`+ p => path.basename(p) !== constants.DOT_SOCKET_DOT_FACTS_JSON,`
`263`	`262`	`)`
`264`	`263`
`265`	`264`	`// When using pregenerated SBOMs only, filter to CDX/SPDX files.`