@coana-tech/cli 14.10.5 → 14.10.6

package/cli.mjs

@@ -207551,18 +207551,16 @@ var MavenSocketUpgradeManager = class {
 
 // ../fixing-management/src/fixing-management/npm/npm-ecosystem-socket-fixing-manager.ts
 import { dirname as dirname5, join as join9, relative as relative6 } from "path";
+import { existsSync as existsSync10 } from "fs";
 var NpmSocketUpgradeManager = class {
   constructor(rootDir) {
     this.rootDir = rootDir;
   }
   async applySocketArtifactUpgrades(upgrades, artifacts) {
-    const { subprojectToUpgrade, workspaceToPackageManager } = await this.groupUpgradesBySubprojectAndWorkspace(
-      upgrades,
-      artifacts
-    );
+    const subprojectToUpgrade = await this.groupUpgradesBySubprojectAndWorkspace(upgrades, artifacts);
     for (const [subprojectDir, workspaceToUpgrade] of subprojectToUpgrade) {
       const fixingManager = getFixingManagerFromPackageManager(
-        workspaceToPackageManager.get(workspaceToUpgrade.keys().next().value) ?? "NPM",
+        getPackageMangerForDirectory(subprojectDir),
         this.rootDir,
         subprojectDir
       );
@@ -207572,7 +207570,6 @@ var NpmSocketUpgradeManager = class {
   async groupUpgradesBySubprojectAndWorkspace(upgrades, artifacts) {
     const subprojectToUpgrade = /* @__PURE__ */ new Map();
     const workspaceToSubproject = /* @__PURE__ */ new Map();
-    const workspaceToPackageManager = /* @__PURE__ */ new Map();
     for (const upgrade of upgrades) {
       const artifact = artifacts[upgrade.idx];
       const lockFiles = artifact.manifestFiles?.filter(
@@ -207586,10 +207583,6 @@ var NpmSocketUpgradeManager = class {
         const workspaces = isPnpmLockFile ? await getWorkspacePathsFromPnpmLockFile(subprojectDir, true) : await getWorkspacePathsFromPackageJSON(subprojectDir, true);
         for (const workspace of workspaces) {
           workspaceToSubproject.set(join9(subprojectDir, workspace), subprojectDir);
-          workspaceToPackageManager.set(
-            join9(subprojectDir, workspace),
-            isPnpmLockFile ? "PNPM" : lockFile.file.endsWith("yarn.lock") ? "YARN" : "NPM"
-          );
         }
       }
       const packageJsonFiles = artifact.manifestFiles?.filter((a4) => a4.file.endsWith("package.json"));
@@ -207606,7 +207599,7 @@ var NpmSocketUpgradeManager = class {
         subprojectToUpgrade.get(subprojectDir)?.get(workspacePath)?.push(upgrade);
       }
     }
-    return { subprojectToUpgrade, workspaceToPackageManager };
+    return subprojectToUpgrade;
   }
   async applySecurityFixesForSocketArtifacts(fixingManager, artifacts, workspaceTofixes) {
     for (const [workspacePath, upgrades] of workspaceTofixes.entries()) {
@@ -207643,6 +207636,15 @@ function getFixingManagerFromPackageManager(packageManager, rootDir, subprojectP
     return new YarnFixingManager(rootDir, subprojectPath);
   }
 }
+function getPackageMangerForDirectory(directory) {
+  if (existsSync10(join9(directory, "pnpm-lock.yaml")) || existsSync10(join9(directory, "pnpm-lock.yml"))) {
+    return "PNPM";
+  } else if (existsSync10(join9(directory, "yarn.lock"))) {
+    return "YARN";
+  } else {
+    return "NPM";
+  }
+}
 
 // ../fixing-management/src/main.ts
 var fixingManagerConstructors = {
@@ -207688,7 +207690,7 @@ async function applySocketUpgrades(ecosystem, rootDir, upgrades, artifacts) {
 
 // dist/cli-apply-fix.js
 var import_lodash12 = __toESM(require_lodash(), 1);
-import { existsSync as existsSync12 } from "fs";
+import { existsSync as existsSync13 } from "fs";
 
 // ../other-modules-communicator/src/other-modules-communicator.ts
 import { execFileSync } from "child_process";
@@ -208434,7 +208436,7 @@ async function detectVariantMaven(projectDir) {
 }
 
 // ../docker-management/src/maven/gradle-version-detector.ts
-import { existsSync as existsSync10 } from "fs";
+import { existsSync as existsSync11 } from "fs";
 import { join as join12 } from "path";
 import { readFile as readFile14 } from "fs/promises";
 async function detectVariantGradle(projectDir) {
@@ -208442,7 +208444,7 @@ async function detectVariantGradle(projectDir) {
 }
 async function detect(projectDir) {
   const gradleWrapperPropertiesPath = join12(projectDir, "gradle", "wrapper", "gradle-wrapper.properties");
-  const gradleWrapperProperties = existsSync10(gradleWrapperPropertiesPath) ? (await readFile14(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const gradleWrapperProperties = existsSync11(gradleWrapperPropertiesPath) ? (await readFile14(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!gradleWrapperProperties) return void 0;
   const distributionUrlRegex = /.*gradle-(\d+(\.\d+(\.\d+)?)?)/;
   for (const prop2 of gradleWrapperProperties) {
@@ -208456,7 +208458,7 @@ async function detect(projectDir) {
 }
 
 // ../docker-management/src/maven/sbt-version-detector.ts
-import { existsSync as existsSync11 } from "fs";
+import { existsSync as existsSync12 } from "fs";
 import { join as join13 } from "path";
 import { readFile as readFile15 } from "fs/promises";
 async function detectVariantSbt(projectDir) {
@@ -208464,7 +208466,7 @@ async function detectVariantSbt(projectDir) {
 }
 async function detect2(projectDir) {
   const sbtBuildPropertiesPath = join13(projectDir, "project", "build.properties");
-  const sbtBuildProperties = existsSync11(sbtBuildPropertiesPath) ? (await readFile15(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const sbtBuildProperties = existsSync12(sbtBuildPropertiesPath) ? (await readFile15(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!sbtBuildProperties) return void 0;
   for (const prop2 of sbtBuildProperties) {
     const [key, value] = prop2.split("=");
@@ -209881,7 +209883,7 @@ async function verifyFixes(fixes, otherModulesCommunicator, rootPath) {
   if (pathsForEachFixIdData.length !== new Set(pathsForEachFixIdData).size) {
     throw new Error("Multiple fix IDs found for the same subproject, workspace and ecosystem");
   }
-  const subprojectsNotFound = uniq3(fixes.filter(({ vulnerabilityInstance: v }) => !existsSync12(resolve19(rootPath, v.subprojectPath))).map(({ vulnerabilityInstance: v }) => `${v.subprojectPath}:${v.ecosystem}`));
+  const subprojectsNotFound = uniq3(fixes.filter(({ vulnerabilityInstance: v }) => !existsSync13(resolve19(rootPath, v.subprojectPath))).map(({ vulnerabilityInstance: v }) => `${v.subprojectPath}:${v.ecosystem}`));
   if (subprojectsNotFound.length > 0) {
     throw new Error(`Cannot find the following subprojects: ${subprojectsNotFound.join(", ")}`);
   }
@@ -210805,12 +210807,12 @@ import { readdir as readdir7 } from "fs/promises";
 import { join as join19, relative as relative10, resolve as resolve22 } from "path";
 
 // ../project-management/src/project-management/ecosystem-management/ecosystem-specs.ts
-import { existsSync as existsSync14 } from "fs";
+import { existsSync as existsSync15 } from "fs";
 import { readdir as readdir6, readFile as readFile19 } from "fs/promises";
 import { join as join18, sep as sep4 } from "path";
 
 // ../utils/src/pip-utils.ts
-import { existsSync as existsSync13 } from "fs";
+import { existsSync as existsSync14 } from "fs";
 import { readFile as readFile18 } from "fs/promises";
 import { resolve as resolve21 } from "path";
 import util6 from "util";
@@ -210907,7 +210909,7 @@ function getEcosystemSpecs(ecosystems) {
 }
 function packageManagerIfPackageJSONExistsAndValid(packageManager) {
   return async (projectDir) => {
-    if (!existsSync14(join18(projectDir, "package.json"))) return void 0;
+    if (!existsSync15(join18(projectDir, "package.json"))) return void 0;
     const packageJSONPath = join18(projectDir, "package.json");
     try {
       JSON.parse(await readFile19(packageJSONPath, "utf-8"));
@@ -211379,16 +211381,16 @@ function isVulnChainWithParentsMap(v) {
 var DEFAULT_REPORT_FILENAME_BASE = "coana-report";
 
 // dist/internal/exclude-dirs-from-configuration-files.js
-import { existsSync as existsSync15 } from "fs";
+import { existsSync as existsSync16 } from "fs";
 import { readFile as readFile20 } from "fs/promises";
 import { basename as basename5, resolve as resolve24 } from "path";
 var import_yaml2 = __toESM(require_dist11(), 1);
 async function inferExcludeDirsFromConfigurationFiles(rootWorkingDir) {
   const socketYmlConfigFile = resolve24(rootWorkingDir, "socket.yml");
-  if (existsSync15(socketYmlConfigFile))
+  if (existsSync16(socketYmlConfigFile))
     return inferExcludeDirsFromSocketConfig(socketYmlConfigFile);
   const socketYamlConfigFile = resolve24(rootWorkingDir, "socket.yaml");
-  if (existsSync15(socketYamlConfigFile))
+  if (existsSync16(socketYamlConfigFile))
     return inferExcludeDirsFromSocketConfig(socketYamlConfigFile);
   return void 0;
 }
@@ -224924,7 +224926,7 @@ var { root: root2 } = static_exports;
 
 // ../utils/src/maven-utils.ts
 var import_lodash14 = __toESM(require_lodash(), 1);
-import { existsSync as existsSync16, readdirSync as readdirSync4, statSync as statSync4 } from "fs";
+import { existsSync as existsSync17, readdirSync as readdirSync4, statSync as statSync4 } from "fs";
 import { join as join20 } from "path";
 var { memoize: memoize3 } = import_lodash14.default;
 var memoizedParseShellArgs = memoize3(parseShellArgs);
@@ -226296,7 +226298,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.10.5";
+var version2 = "14.10.6";
 
 // ../../node_modules/.pnpm/axios@1.9.0/node_modules/axios/lib/helpers/bind.js
 function bind3(fn2, thisArg) {
@@ -230826,9 +230828,7 @@ async function computeFixesAndUpgradePurls(path2, options) {
     logger.info("Run again with --apply-fixes-to GHSA_IDS to fix those vulnerabilities by computing packages to upgrade and apply them");
     return;
   }
-  const vulnerableArtifactIdsForGhsas = options.applyFixesTo.flatMap((ghsa) => [
-    ...vulnerableArtifactIdsPerVulnerability.get(ghsa)?.values() ?? []
-  ]);
+  const vulnerableArtifactIdsForGhsas = options.applyFixesTo.includes("all") ? Array.from(vulnerableArtifactIdsPerVulnerability.values()).flatMap((ids) => Array.from(ids)) : options.applyFixesTo.flatMap((ghsa) => [...vulnerableArtifactIdsPerVulnerability.get(ghsa)?.values() ?? []]);
   const computedFix = await useSocketComputeFixEndpoint(artifacts, vulnerableArtifactIdsForGhsas);
   if (computedFix.type !== "success") {
     throw new Error(`No fix found for the given vulnerabilities`);
@@ -231009,7 +231009,7 @@ upgradePurls.name("upgrade-purls").argument("<path>", "File system path to the f
   await upgradePurl(path2, upgradeSpecs, options);
 }).configureHelp({ sortOptions: true });
 var computeFixesAndUpgradePurlsCmd = new Command();
-computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument("<path>", "File system path to the folder containing the project").option("-a, --apply-fixes-to <ghsas...>", "GHSA IDs to compute fixes for", []).option("--dry-run", "Show what changes would be made without actually making them", false).option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).action(async (path2, options) => {
+computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument("<path>", "File system path to the folder containing the project").option("-a, --apply-fixes-to <ghsas...>", 'GHSA IDs to compute fixes for. Use "all" to compute fixes for all vulnerabilities.', []).option("--dry-run", "Show what changes would be made without actually making them", false).option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).action(async (path2, options) => {
   process.env.DOCKER_IMAGE_TAG ??= version2;
   await computeFixesAndUpgradePurls(path2, options);
 }).configureHelp({ sortOptions: true });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.10.5",
+  "version": "14.10.6",
   "description": "Coana CLI",
   "type": "module",
   "bin": {