From 7c3199115e0967c0015500b776432cba79fcfcf7 Mon Sep 17 00:00:00 2001
From: lelia <2418071+lelia@users.noreply.github.com>
Date: Wed, 8 Apr 2026 17:10:47 -0400
Subject: [PATCH 1/5] Backfill changelog for v2.2.74+ releases

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
---
 CHANGELOG.md | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 683e0ad..441189c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,44 @@
 # Changelog
 
+## [Unreleased]
+
+- Migrated license enrichment PURL lookup to the org-scoped endpoint (`POST /v0/orgs/{slug}/purl`) from the deprecated global endpoint (`POST /v0/purl`).
+
+## 2.2.80
+
+- Hardened GitHub Actions workflows.
+- Fixed broken links on PyPI page.
+
+## 2.2.79
+
+- Updated minimum required Python version.
+- Tweaked CI checks.
+
+## 2.2.78
+
+- Fixed reachability filtering.
+- Added config file support.
+
+## 2.2.77
+
+- Fixed `has_manifest_files` failing to match root-level manifest files.
+
+## 2.2.76
+
+- Added SARIF file output support.
+- Improved reachability filtering.
+
+## 2.2.75
+
+- Fixed `workspace` flag regression by updating SDK dependency.
+
+## 2.2.74
+
+- Added `--workspace` flag to CLI args.
+- Added GitLab branch protection flag.
+- Added e2e tests for full scans and full scans with reachability.
+- Bumped dependencies: `cryptography`, `virtualenv`, `filelock`, `urllib3`.
+
 ## 2.2.71
 
 - Added `strace` to the Docker image for debugging purposes.

From f4f0a99724970ef4a5b5eac12e013d83b21d410c Mon Sep 17 00:00:00 2001
From: lelia <2418071+lelia@users.noreply.github.com>
Date: Wed, 8 Apr 2026 17:12:15 -0400
Subject: [PATCH 2/5] Migrate license enrichment to org-scoped endpoint

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
---
 .gitignore                                 |  2 ++
 socketsecurity/core/__init__.py            |  1 +
 tests/core/test_package_and_alerts.py      | 39 +++++++++++++++++++++-
 tests/e2e/fixtures/simple-npm/package.json |  2 +-
 4 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index e01bafe..990cbcc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,6 +24,8 @@ test.py
 *.cpython-312.pyc`
 file_generator.py
 .coverage
+.coverage.*
+htmlcov/
 .env.local
 Pipfile
 test/
diff --git a/socketsecurity/core/__init__.py b/socketsecurity/core/__init__.py
index edd2814..154caf9 100644
--- a/socketsecurity/core/__init__.py
+++ b/socketsecurity/core/__init__.py
@@ -835,6 +835,7 @@ def get_license_text_via_purl(self, packages: dict[str, Package], batch_size: in
             results = self.sdk.purl.post(
                 license=True,
                 components=batch_components,
+                org_slug=self.config.org_slug,
                 licenseattrib=True,
                 licensedetails=True
             )
diff --git a/tests/core/test_package_and_alerts.py b/tests/core/test_package_and_alerts.py
index 09a8455..f616479 100644
--- a/tests/core/test_package_and_alerts.py
+++ b/tests/core/test_package_and_alerts.py
@@ -228,4 +228,41 @@ def test_get_new_alerts_with_readded(self):
         
         # With ignore_readded=False
         new_alerts = Core.get_new_alerts(added_alerts, removed_alerts, ignore_readded=False)
-        assert len(new_alerts) == 1 
+        assert len(new_alerts) == 1
+
+    def test_get_license_text_via_purl_uses_org_scoped_endpoint(self, core, mock_sdk):
+        """Test license enrichment calls the org-scoped PURL SDK method."""
+        core.sdk.purl = Mock()
+        core.sdk.purl.post.return_value = [
+            {
+                "type": "npm",
+                "name": "lodash",
+                "version": "4.18.1",
+                "licenseAttrib": [{"name": "MIT"}],
+                "licenseDetails": [{"license": "MIT"}],
+            }
+        ]
+
+        packages = {
+            "npm/lodash@4.18.1": Package(
+                id="pkg:npm/lodash@4.18.1",
+                type="npm",
+                name="lodash",
+                version="4.18.1",
+                score={},
+                alerts=[],
+                topLevelAncestors=[],
+            )
+        }
+
+        result = core.get_license_text_via_purl(packages)
+
+        core.sdk.purl.post.assert_called_once_with(
+            license=True,
+            components=[{"purl": "pkg:/npm/lodash@4.18.1"}],
+            org_slug="test-org",
+            licenseattrib=True,
+            licensedetails=True,
+        )
+        assert result["npm/lodash@4.18.1"].licenseAttrib == [{"name": "MIT"}]
+        assert result["npm/lodash@4.18.1"].licenseDetails == [{"license": "MIT"}]
diff --git a/tests/e2e/fixtures/simple-npm/package.json b/tests/e2e/fixtures/simple-npm/package.json
index cf70416..3dd5fa9 100644
--- a/tests/e2e/fixtures/simple-npm/package.json
+++ b/tests/e2e/fixtures/simple-npm/package.json
@@ -4,7 +4,7 @@
   "description": "Test fixture for reachability analysis",
   "main": "index.js",
   "dependencies": {
-    "lodash": "4.17.23",
+    "lodash": "4.18.1",
     "express": "4.22.0",
     "axios": "1.13.5"
   },

From 641e427d9a974cc60779fbe710047947beea6f79 Mon Sep 17 00:00:00 2001
From: lelia <2418071+lelia@users.noreply.github.com>
Date: Wed, 8 Apr 2026 17:21:32 -0400
Subject: [PATCH 3/5] Fix github project homepage on PyPI

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index d401856..2a44c06 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -57,7 +57,7 @@ socketcli = "socketsecurity.socketcli:cli"
 socketclidev = "socketsecurity.socketcli:cli"
 
 [project.urls]
-Homepage = "https://socket.dev"
+Homepage = "https://github.com/SocketDev/socket-python-cli"
 
 [tool.coverage.run]
 source = ["socketsecurity"]

From 2cc4bdded0ff8796ee4c1bcb8aca7e7914058a06 Mon Sep 17 00:00:00 2001
From: lelia <2418071+lelia@users.noreply.github.com>
Date: Wed, 8 Apr 2026 17:22:18 -0400
Subject: [PATCH 4/5] Bump version for release

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
---
 pyproject.toml             | 2 +-
 socketsecurity/__init__.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 2a44c06..3529ff4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.78"
+version = "2.2.79"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py
index 987c20b..e56db94 100644
--- a/socketsecurity/__init__.py
+++ b/socketsecurity/__init__.py
@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.78'
+__version__ = '2.2.79'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

From b0af1ae20117b5fcf6afc3e61d7e46bb3edf0852 Mon Sep 17 00:00:00 2001
From: lelia <2418071+lelia@users.noreply.github.com>
Date: Wed, 8 Apr 2026 17:27:54 -0400
Subject: [PATCH 5/5] Properly bump version

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
---
 pyproject.toml             | 2 +-
 socketsecurity/__init__.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 67ba827..3a6e9c7 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.80"
+version = "2.2.81"
 requires-python = ">= 3.11"
 license = {"file" = "LICENSE"}
 dependencies = [
diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py
index 92eb029..d4a1870 100644
--- a/socketsecurity/__init__.py
+++ b/socketsecurity/__init__.py
@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.80'
+__version__ = '2.2.81'
 USER_AGENT = f'SocketPythonCLI/{__version__}'