@coana-tech/cli 14.11.13 → 14.11.15

package/cli.mjs

@@ -205338,7 +205338,7 @@ var getNpmBin = once(async () => {
   return npmBin;
 });
 async function actuallyRunInstall(specificPackagesArgs = [], dir) {
-  const installationCommand = cmdt2`${await getNpmBin()} install -f --ignore-scripts --no-fund --no-audit ${specificPackagesArgs}`;
+  const installationCommand = cmdt2`${await getNpmBin()} install -f --ignore-scripts --no-fund --no-audit --no-progress ${specificPackagesArgs}`;
   logger.info(`running installation command: ${installationCommand}`);
   return execAndLogOnFailure2(installationCommand, dir);
 }
@@ -205446,6 +205446,8 @@ var NpmFixingManager = class extends NpmEcosystemFixingManager {
     }
   }
   async finalizeFixes() {
+    logger.info(`Adjusting lock file changes by running a npm install command`);
+    await actuallyRunInstall(void 0, resolve9(this.rootDir, this.subprojectPath));
   }
 };
 
@@ -205454,7 +205456,16 @@ import { readFile as readFile12, writeFile as writeFile4 } from "fs/promises";
 import { resolve as resolve10 } from "path";
 var import_yaml = __toESM(require_dist10(), 1);
 var import_lockfile_file2 = __toESM(require_lib25(), 1);
+import { existsSync as existsSync9 } from "fs";
 var PnpmFixingManager = class extends NpmEcosystemFixingManager {
+  pnpmMajorVersion;
+  async getPnpmMajorVersion() {
+    if (!this.pnpmMajorVersion) {
+      const pnpmVersion = await runCommandResolveStdOut(cmdt`pnpm -v`);
+      this.pnpmMajorVersion = parseInt(pnpmVersion.trim().split(".")[0]);
+    }
+    return this.pnpmMajorVersion;
+  }
   async installSpecificPackages(workspacePath, isDev, packagesToInstall) {
     try {
       const isInstallingInRootOfWorkspace = workspacePath === "." && (await getWorkspacePathsFromPnpmLockFile(this.rootDir, false)).length > 1;
@@ -205473,7 +205484,7 @@ var PnpmFixingManager = class extends NpmEcosystemFixingManager {
     }
   }
   async actuallyRunInstall(specificPackagesCmd = [], workspacePath = ".") {
-    const installationCommand = cmdt`pnpm install --ignore-scripts ${specificPackagesCmd}`;
+    const installationCommand = cmdt`pnpm install --ignore-scripts${await this.getPnpmMajorVersion() >= 9 && specificPackagesCmd.length === 0 ? "--no-frozen-lockfile" : ""} --config.confirmModulesPurge=false ${specificPackagesCmd}`;
     logger.info(`running installation command: ${installationCommand}`);
     await exec(installationCommand, resolve10(this.rootDir, this.subprojectPath, workspacePath));
   }
@@ -205556,6 +205567,11 @@ var PnpmFixingManager = class extends NpmEcosystemFixingManager {
           ])
         );
         const pnpmWorkspaceYamlFile = resolve10(this.rootDir, this.subprojectPath, "pnpm-workspace.yaml");
+        if (!existsSync9(pnpmWorkspaceYamlFile)) {
+          throw new Error(
+            `pnpm-workspace.yaml could not be found in ${pnpmWorkspaceYamlFile}. The lockfile indicates that pnpm catalogs are used and they must be updated, which is not possible without a pnpm-workspace.yaml file`
+          );
+        }
         const yamlAST = await readYamlFile(pnpmWorkspaceYamlFile);
         fixCatalogVersions(yamlAST, catalogFixes);
         await writeYamlFile(yamlAST, pnpmWorkspaceYamlFile);
@@ -205567,7 +205583,7 @@ var PnpmFixingManager = class extends NpmEcosystemFixingManager {
     }
   }
   async finalizeFixes() {
-    const cmd = cmdt`pnpm install --ignore-scripts --fix-lockfile`;
+    const cmd = cmdt`pnpm install --ignore-scripts --fix-lockfile --config.confirmModulesPurge=false `;
     logger.info(`Adjusting lock file changes by running '${cmd}'`);
     await exec(cmd, resolve10(this.rootDir, this.subprojectPath));
   }
@@ -205621,7 +205637,7 @@ import { resolve as resolve12 } from "path";
 
 // ../utils/src/package-utils.ts
 import { parse as parse2, join as join7, resolve as resolve11, normalize as normalize3, dirname as dirname4, basename as basename3, relative as relative4 } from "path";
-import { existsSync as existsSync9, readFileSync as readFileSync2, readdirSync as readdirSync3, statSync as statSync3, writeFileSync as writeFileSync2 } from "fs";
+import { existsSync as existsSync10, readFileSync as readFileSync2, readdirSync as readdirSync3, statSync as statSync3, writeFileSync as writeFileSync2 } from "fs";
 function setFieldInPackageJson(workspaceRoot, field, value) {
   const packageJSONContentObj = getPackageJsonObject2(workspaceRoot);
   if (!packageJSONContentObj) return void 0;
@@ -205638,7 +205654,7 @@ function writePackageJsonContent(workspaceRoot, packageJsonContent) {
 }
 function getPackageJsonContent2(workspaceRoot) {
   const packageJsonPath = getPackageJSONPath2(workspaceRoot);
-  if (existsSync9(packageJsonPath)) return readFileSync2(packageJsonPath, "utf8");
+  if (existsSync10(packageJsonPath)) return readFileSync2(packageJsonPath, "utf8");
   return void 0;
 }
 function getPackageJSONPath2(workspaceRoot) {
@@ -205771,9 +205787,10 @@ var YarnFixingManager = class extends NpmEcosystemFixingManager {
       logger.info(`Failed to install packages: ${installResult.error.message}`);
       logger.info(`stdout`, installResult.stdout);
       logger.info(`stderr`, installResult.stderr);
-      logger.info("yarn version", await runCommandResolveStdOut("yarn -v", installDir));
+      logger.info("yarn version", await this.runYarnCommand(cmdt`yarn -v`, installDir));
       throw new Error(`Failed to install packages: ${installResult.error.message}`);
     }
+    logger.info("Installation completed.");
   }
   async getYarnLockObj(filePath) {
     const fileString = await readFile13(filePath, "utf8");
@@ -205875,7 +205892,7 @@ var YarnFixingManager = class extends NpmEcosystemFixingManager {
 
 // ../fixing-management/src/fixing-management/npm/npm-ecosystem-socket-fixing-manager.ts
 import { dirname as dirname5, join as join8, relative as relative5 } from "path";
-import { existsSync as existsSync10 } from "fs";
+import { existsSync as existsSync11 } from "fs";
 var NpmSocketUpgradeManager = class {
   constructor(rootDir) {
     this.rootDir = rootDir;
@@ -205909,7 +205926,13 @@ var NpmSocketUpgradeManager = class {
           workspaceToSubproject.set(join8(subprojectDir, workspace), subprojectDir);
         }
       }
-      const packageJsonFiles = artifact.manifestFiles?.filter((a4) => a4.file.endsWith("package.json"));
+      const packageJsonFiles = artifact.manifestFiles?.filter((a4) => a4.file.endsWith("package.json")) ?? [];
+      for (const lockFile of lockFiles ?? []) {
+        const correspondingPackageJsonFile = join8(dirname5(lockFile.file), "package.json");
+        if (!packageJsonFiles.some((p3) => p3.file === correspondingPackageJsonFile) && existsSync11(correspondingPackageJsonFile)) {
+          packageJsonFiles.push({ file: correspondingPackageJsonFile });
+        }
+      }
       for (const packageJsonFile of packageJsonFiles ?? []) {
         const packageJsonDir = dirname5(packageJsonFile.file);
         const subprojectDir = workspaceToSubproject.get(packageJsonDir) ?? packageJsonDir;
@@ -205961,13 +205984,14 @@ function getFixingManagerFromPackageManager(packageManager, rootDir, subprojectP
   }
 }
 function getPackageMangerForDirectory(directory) {
-  if (existsSync10(join8(directory, "pnpm-lock.yaml")) || existsSync10(join8(directory, "pnpm-lock.yml"))) {
+  if (existsSync11(join8(directory, "pnpm-lock.yaml")) || existsSync11(join8(directory, "pnpm-lock.yml"))) {
     return "PNPM";
-  } else if (existsSync10(join8(directory, "yarn.lock"))) {
+  } else if (existsSync11(join8(directory, "yarn.lock"))) {
     return "YARN";
-  } else {
+  } else if (existsSync11(join8(directory, "package-lock.json"))) {
     return "NPM";
   }
+  throw new Error("Upgrading packages is currently only supported for NPM projects using a lock file.");
 }
 
 // ../fixing-management/src/fixing-management/npm/rush-fixing-manager.ts
@@ -206329,7 +206353,7 @@ async function applySocketUpgrades(ecosystem, rootDir, upgrades, artifacts) {
 
 // dist/cli-apply-fix.js
 var import_lodash12 = __toESM(require_lodash(), 1);
-import { existsSync as existsSync15 } from "fs";
+import { existsSync as existsSync16 } from "fs";
 
 // ../other-modules-communicator/src/other-modules-communicator.ts
 import { execFileSync } from "child_process";
@@ -206346,7 +206370,7 @@ import { fileURLToPath as fileURLToPath3 } from "node:url";
 // ../utils/dist/file-utils.js
 var import_lodash5 = __toESM(require_lodash(), 1);
 var import_micromatch = __toESM(require_micromatch(), 1);
-import { existsSync as existsSync11 } from "fs";
+import { existsSync as existsSync12 } from "fs";
 import { access as access2, cp, readdir as readdir3, stat as stat2 } from "fs/promises";
 import { basename as basename4, join as join11, relative as relative6, resolve as resolve13 } from "path";
 var { uniq } = import_lodash5.default;
@@ -207076,7 +207100,7 @@ async function detectVariantMaven(projectDir) {
 }
 
 // ../docker-management/src/maven/gradle-version-detector.ts
-import { existsSync as existsSync12 } from "fs";
+import { existsSync as existsSync13 } from "fs";
 import { join as join13 } from "path";
 import { readFile as readFile15 } from "fs/promises";
 async function detectVariantGradle(projectDir) {
@@ -207084,7 +207108,7 @@ async function detectVariantGradle(projectDir) {
 }
 async function detect(projectDir) {
   const gradleWrapperPropertiesPath = join13(projectDir, "gradle", "wrapper", "gradle-wrapper.properties");
-  const gradleWrapperProperties = existsSync12(gradleWrapperPropertiesPath) ? (await readFile15(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const gradleWrapperProperties = existsSync13(gradleWrapperPropertiesPath) ? (await readFile15(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!gradleWrapperProperties) return void 0;
   const distributionUrlRegex = /.*gradle-(\d+(\.\d+(\.\d+)?)?)/;
   for (const prop2 of gradleWrapperProperties) {
@@ -207098,7 +207122,7 @@ async function detect(projectDir) {
 }
 
 // ../docker-management/src/maven/sbt-version-detector.ts
-import { existsSync as existsSync13 } from "fs";
+import { existsSync as existsSync14 } from "fs";
 import { join as join14 } from "path";
 import { readFile as readFile16 } from "fs/promises";
 async function detectVariantSbt(projectDir) {
@@ -207106,7 +207130,7 @@ async function detectVariantSbt(projectDir) {
 }
 async function detect2(projectDir) {
   const sbtBuildPropertiesPath = join14(projectDir, "project", "build.properties");
-  const sbtBuildProperties = existsSync13(sbtBuildPropertiesPath) ? (await readFile16(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const sbtBuildProperties = existsSync14(sbtBuildPropertiesPath) ? (await readFile16(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!sbtBuildProperties) return void 0;
   for (const prop2 of sbtBuildProperties) {
     const [key, value] = prop2.split("=");
@@ -207227,7 +207251,7 @@ import { join as join17, posix as posix2, relative as relative8, sep as sep3 } f
 // ../utils/src/file-utils.ts
 var import_lodash8 = __toESM(require_lodash(), 1);
 var import_micromatch2 = __toESM(require_micromatch(), 1);
-import { existsSync as existsSync14 } from "fs";
+import { existsSync as existsSync15 } from "fs";
 import { access as access3, cp as cp2, readdir as readdir4, stat as stat3 } from "fs/promises";
 import { basename as basename5, join as join15, relative as relative7, resolve as resolve16 } from "path";
 var { uniq: uniq2 } = import_lodash8.default;
@@ -208344,7 +208368,7 @@ async function verifyFixes(fixes, otherModulesCommunicator, rootPath) {
   if (pathsForEachFixIdData.length !== new Set(pathsForEachFixIdData).size) {
     throw new Error("Multiple fix IDs found for the same subproject, workspace and ecosystem");
   }
-  const subprojectsNotFound = uniq3(fixes.filter(({ vulnerabilityInstance: v }) => !existsSync15(resolve19(rootPath, v.subprojectPath))).map(({ vulnerabilityInstance: v }) => `${v.subprojectPath}:${v.ecosystem}`));
+  const subprojectsNotFound = uniq3(fixes.filter(({ vulnerabilityInstance: v }) => !existsSync16(resolve19(rootPath, v.subprojectPath))).map(({ vulnerabilityInstance: v }) => `${v.subprojectPath}:${v.ecosystem}`));
   if (subprojectsNotFound.length > 0) {
     throw new Error(`Cannot find the following subprojects: ${subprojectsNotFound.join(", ")}`);
   }
@@ -209150,12 +209174,12 @@ import { readdir as readdir6 } from "fs/promises";
 import { join as join20, relative as relative9, resolve as resolve22 } from "path";
 
 // ../project-management/src/project-management/ecosystem-management/ecosystem-specs.ts
-import { existsSync as existsSync17 } from "fs";
+import { existsSync as existsSync18 } from "fs";
 import { readdir as readdir5, readFile as readFile20 } from "fs/promises";
 import { join as join19, sep as sep4 } from "path";
 
 // ../utils/src/pip-utils.ts
-import { existsSync as existsSync16 } from "fs";
+import { existsSync as existsSync17 } from "fs";
 import { readFile as readFile19 } from "fs/promises";
 import { resolve as resolve21 } from "path";
 import util4 from "util";
@@ -209252,7 +209276,7 @@ function getEcosystemSpecs(ecosystems) {
 }
 function packageManagerIfPackageJSONExistsAndValid(packageManager) {
   return async (projectDir) => {
-    if (!existsSync17(join19(projectDir, "package.json"))) return void 0;
+    if (!existsSync18(join19(projectDir, "package.json"))) return void 0;
     const packageJSONPath = join19(projectDir, "package.json");
     try {
       JSON.parse(await readFile20(packageJSONPath, "utf-8"));
@@ -209927,16 +209951,16 @@ function isVulnChainWithParentsMap(v) {
 var DEFAULT_REPORT_FILENAME_BASE = "coana-report";
 
 // dist/internal/exclude-dirs-from-configuration-files.js
-import { existsSync as existsSync18 } from "fs";
+import { existsSync as existsSync19 } from "fs";
 import { readFile as readFile21 } from "fs/promises";
 import { basename as basename6, resolve as resolve24 } from "path";
 var import_yaml2 = __toESM(require_dist11(), 1);
 async function inferExcludeDirsFromConfigurationFiles(rootWorkingDir) {
   const socketYmlConfigFile = resolve24(rootWorkingDir, "socket.yml");
-  if (existsSync18(socketYmlConfigFile))
+  if (existsSync19(socketYmlConfigFile))
     return inferExcludeDirsFromSocketConfig(socketYmlConfigFile);
   const socketYamlConfigFile = resolve24(rootWorkingDir, "socket.yaml");
-  if (existsSync18(socketYamlConfigFile))
+  if (existsSync19(socketYamlConfigFile))
     return inferExcludeDirsFromSocketConfig(socketYamlConfigFile);
   return void 0;
 }
@@ -210065,7 +210089,7 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
     case "NPM": {
       const base = basename7(manifestPath);
       const dir = dirname8(manifestPath);
-      return base === "package.json" ? dir === "" ? "." : dir : void 0;
+      return base === "package.json" ? dir || "." : void 0;
     }
     case "MAVEN": {
       return ".";
@@ -210096,6 +210120,11 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
     case "RUST": {
       return dirname8(manifestPath) || ".";
     }
+    case "GO": {
+      const base = basename7(manifestPath);
+      const dir = dirname8(manifestPath);
+      return base === "go.mod" ? dir || "." : void 0;
+    }
     default: {
       return ".";
     }
@@ -224020,7 +224049,7 @@ var { root: root2 } = static_exports;
 
 // ../utils/src/maven-utils.ts
 var import_lodash14 = __toESM(require_lodash(), 1);
-import { existsSync as existsSync19, readdirSync as readdirSync4, statSync as statSync4 } from "fs";
+import { existsSync as existsSync20, readdirSync as readdirSync4, statSync as statSync4 } from "fs";
 import { join as join21 } from "path";
 var { memoize: memoize3 } = import_lodash14.default;
 var memoizedParseShellArgs = memoize3(parseShellArgs);
@@ -225392,7 +225421,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.11.13";
+var version2 = "14.11.15";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -225572,7 +225601,7 @@ var CliCore = class {
         otherModulesCommunicator,
         this.rootWorkingDirectory,
         ecosystem,
-        ["NPM", "PIP"].includes(ecosystem) && isEcosystemToAnalyze
+        ["NPM", "PIP", "GO"].includes(ecosystem) && isEcosystemToAnalyze
       )).flat());
       this.sendProgress("RUN_ON_SUBPROJECT", false, this.rootWorkingDirectory);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.11.13",
+  "version": "14.11.15",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -9234,7 +9234,7 @@ var require_pipeline = __commonJS({
       if (typeof streams[streams.length - 1] !== "function") return noop4;
       return streams.pop();
     }
-    function pipeline() {
+    function pipeline2() {
       for (var _len = arguments.length, streams = new Array(_len), _key = 0; _key < _len; _key++) {
         streams[_key] = arguments[_key];
       }
@@ -9257,7 +9257,7 @@ var require_pipeline = __commonJS({
       });
       return streams.reduce(pipe);
     }
-    module.exports = pipeline;
+    module.exports = pipeline2;
   }
 });
 
@@ -11444,7 +11444,7 @@ var require_file = __commonJS({
     var fs12 = __require("fs");
     var path9 = __require("path");
     var asyncSeries = require_series();
-    var zlib2 = __require("zlib");
+    var zlib3 = __require("zlib");
     var { MESSAGE } = require_triple_beam();
     var { Stream: Stream2, PassThrough } = require_readable();
     var TransportStream = require_winston_transport();
@@ -12013,7 +12013,7 @@ var require_file = __commonJS({
           if (err) {
             return callback();
           }
-          var gzip = zlib2.createGzip();
+          var gzip = zlib3.createGzip();
           var inp = fs12.createReadStream(src);
           var out = fs12.createWriteStream(dest);
           out.on("finish", () => {
@@ -43748,7 +43748,7 @@ var require_client = __commonJS({
     var assert9 = __require("assert");
     var net = __require("net");
     var http2 = __require("http");
-    var { pipeline } = __require("stream");
+    var { pipeline: pipeline2 } = __require("stream");
     var util6 = require_util2();
     var timers = require_timers();
     var Request2 = require_request();
@@ -45166,7 +45166,7 @@ upgrade: ${upgrade}\r
         let onPipeData = function(chunk2) {
           request.onBodySent(chunk2);
         };
-        const pipe = pipeline(
+        const pipe = pipeline2(
           body,
           h2stream,
           (err) => {
@@ -46926,7 +46926,7 @@ var require_api_pipeline = __commonJS({
         util6.destroy(ret, err);
       }
     };
-    function pipeline(opts, handler) {
+    function pipeline2(opts, handler) {
       try {
         const pipelineHandler = new PipelineHandler(opts, handler);
         this.dispatch({ ...opts, body: pipelineHandler.req }, pipelineHandler);
@@ -46935,7 +46935,7 @@ var require_api_pipeline = __commonJS({
         return new PassThrough().destroy(err);
       }
     }
-    module.exports = pipeline;
+    module.exports = pipeline2;
   }
 });
 
@@ -49832,7 +49832,7 @@ var require_fetch = __commonJS({
     } = require_response();
     var { Headers } = require_headers();
     var { Request: Request2, makeRequest } = require_request2();
-    var zlib2 = __require("zlib");
+    var zlib3 = __require("zlib");
     var {
       bytesMatch,
       makePolicyContainer,
@@ -49876,7 +49876,7 @@ var require_fetch = __commonJS({
     } = require_constants3();
     var { kHeadersList } = require_symbols();
     var EE3 = __require("events");
-    var { Readable: Readable2, pipeline } = __require("stream");
+    var { Readable: Readable2, pipeline: pipeline2 } = __require("stream");
     var { addAbortListener, isErrored, isReadable: isReadable2, nodeMajor, nodeMinor } = require_util2();
     var { dataURLProcessor, serializeAMimeType } = require_dataURL();
     var { TransformStream } = __require("stream/web");
@@ -50773,18 +50773,18 @@ var require_fetch = __commonJS({
               if (request.method !== "HEAD" && request.method !== "CONNECT" && !nullBodyStatus.includes(status) && !willFollow) {
                 for (const coding of codings) {
                   if (coding === "x-gzip" || coding === "gzip") {
-                    decoders.push(zlib2.createGunzip({
+                    decoders.push(zlib3.createGunzip({
                       // Be less strict when decoding compressed responses, since sometimes
                       // servers send slightly invalid responses that are still accepted
                       // by common browsers.
                       // Always using Z_SYNC_FLUSH is what cURL does.
-                      flush: zlib2.constants.Z_SYNC_FLUSH,
-                      finishFlush: zlib2.constants.Z_SYNC_FLUSH
+                      flush: zlib3.constants.Z_SYNC_FLUSH,
+                      finishFlush: zlib3.constants.Z_SYNC_FLUSH
                     }));
                   } else if (coding === "deflate") {
-                    decoders.push(zlib2.createInflate());
+                    decoders.push(zlib3.createInflate());
                   } else if (coding === "br") {
-                    decoders.push(zlib2.createBrotliDecompress());
+                    decoders.push(zlib3.createBrotliDecompress());
                   } else {
                     decoders.length = 0;
                     break;
@@ -50795,7 +50795,7 @@ var require_fetch = __commonJS({
                 status,
                 statusText,
                 headersList: headers[kHeadersList],
-                body: decoders.length ? pipeline(this.body, ...decoders, () => {
+                body: decoders.length ? pipeline2(this.body, ...decoders, () => {
                 }) : this.body.on("error", () => {
                 })
               });
@@ -59413,7 +59413,7 @@ var require_upload_gzip = __commonJS({
     Object.defineProperty(exports, "__esModule", { value: true });
     exports.createGZipFileInBuffer = exports.createGZipFileOnDisk = void 0;
     var fs12 = __importStar(__require("fs"));
-    var zlib2 = __importStar(__require("zlib"));
+    var zlib3 = __importStar(__require("zlib"));
     var util_1 = __require("util");
     var stat3 = (0, util_1.promisify)(fs12.stat);
     var gzipExemptFileExtensions = [
@@ -59449,7 +59449,7 @@ var require_upload_gzip = __commonJS({
         }
         return new Promise((resolve17, reject) => {
           const inputStream = fs12.createReadStream(originalFilePath);
-          const gzip = zlib2.createGzip();
+          const gzip = zlib3.createGzip();
           const outputStream = fs12.createWriteStream(tempFilePath);
           inputStream.pipe(gzip).pipe(outputStream);
           outputStream.on("finish", () => __awaiter(this, void 0, void 0, function* () {
@@ -59469,7 +59469,7 @@ var require_upload_gzip = __commonJS({
         return new Promise((resolve17) => __awaiter(this, void 0, void 0, function* () {
           var _a2, e_1, _b, _c;
           const inputStream = fs12.createReadStream(originalFilePath);
-          const gzip = zlib2.createGzip();
+          const gzip = zlib3.createGzip();
           inputStream.pipe(gzip);
           const chunks = [];
           try {
@@ -60071,7 +60071,7 @@ var require_download_http_client = __commonJS({
     exports.DownloadHttpClient = void 0;
     var fs12 = __importStar(__require("fs"));
     var core = __importStar(require_core());
-    var zlib2 = __importStar(__require("zlib"));
+    var zlib3 = __importStar(__require("zlib"));
     var utils_1 = require_utils3();
     var url_1 = __require("url");
     var status_reporter_1 = require_status_reporter();
@@ -60249,7 +60249,7 @@ var require_download_http_client = __commonJS({
         return __awaiter(this, void 0, void 0, function* () {
           yield new Promise((resolve17, reject) => {
             if (isGzip) {
-              const gunzip = zlib2.createGunzip();
+              const gunzip = zlib3.createGunzip();
               response.message.on("error", (error) => {
                 core.info(`An error occurred while attempting to read the response stream`);
                 gunzip.close();
@@ -66504,14 +66504,14 @@ var require_headers2 = __commonJS({
 var require_deflater = __commonJS({
   "../../node_modules/.pnpm/adm-zip@0.5.16/node_modules/adm-zip/methods/deflater.js"(exports, module) {
     module.exports = function(inbuf) {
-      var zlib2 = __require("zlib");
+      var zlib3 = __require("zlib");
       var opts = { chunkSize: (parseInt(inbuf.length / 1024) + 1) * 1024 };
       return {
         deflate: function() {
-          return zlib2.deflateRawSync(inbuf, opts);
+          return zlib3.deflateRawSync(inbuf, opts);
         },
         deflateAsync: function(callback) {
-          var tmp = zlib2.createDeflateRaw(opts), parts = [], total = 0;
+          var tmp = zlib3.createDeflateRaw(opts), parts = [], total = 0;
           tmp.on("data", function(data2) {
             parts.push(data2);
             total += data2.length;
@@ -66538,14 +66538,14 @@ var require_inflater = __commonJS({
   "../../node_modules/.pnpm/adm-zip@0.5.16/node_modules/adm-zip/methods/inflater.js"(exports, module) {
     var version3 = +(process.versions ? process.versions.node : "").split(".")[0] || 0;
     module.exports = function(inbuf, expectedLength) {
-      var zlib2 = __require("zlib");
+      var zlib3 = __require("zlib");
       const option = version3 >= 15 && expectedLength > 0 ? { maxOutputLength: expectedLength } : {};
       return {
         inflate: function() {
-          return zlib2.inflateRawSync(inbuf, option);
+          return zlib3.inflateRawSync(inbuf, option);
         },
         inflateAsync: function(callback) {
-          var tmp = zlib2.createInflateRaw(option), parts = [], total = 0;
+          var tmp = zlib3.createInflateRaw(option), parts = [], total = 0;
           tmp.on("data", function(data2) {
             parts.push(data2);
             total += data2.length;
@@ -94983,9 +94983,11 @@ function transformSourceLocations(fileMappings, detectedOccurrences) {
 // dist/whole-program-code-aware-vulnerability-scanner/go/go-code-aware-vulnerability-scanner.js
 var import_lodash11 = __toESM(require_lodash(), 1);
 import assert4 from "assert";
-import { existsSync as existsSync9 } from "fs";
+import { existsSync as existsSync9, createReadStream, createWriteStream as createWriteStream2 } from "fs";
 import { readFile as readFile7, rm as rm4, cp as cp4 } from "fs/promises";
+import zlib2 from "zlib";
 import { join as join13, resolve as resolve10, sep } from "path";
+import { pipeline } from "stream/promises";
 var { uniq: uniq5 } = import_lodash11.default;
 var GoCodeAwareVulnerabilityScanner = class {
   projectDir;
@@ -94995,6 +94997,11 @@ var GoCodeAwareVulnerabilityScanner = class {
     this.projectDir = projectDir;
     this.options = options;
   }
+  get compressedGoanaBinaryName() {
+    const { platform: platform6, arch } = process;
+    const rarch = arch === "arm" ? "arm64" : arch === "x64" ? "amd64" : arch;
+    return `goana-${platform6}-${rarch}.gz`;
+  }
   async runAnalysis(vulns, heuristic, _analyzesAllVulns) {
     logger.info("Started instantiating Go code-aware analysis");
     if (!existsSync9(join13(this.projectDir, "go.mod")))
@@ -95004,14 +95011,19 @@ var GoCodeAwareVulnerabilityScanner = class {
     const vulnsOutputFile = join13(tmpDir, "vulns.json");
     const diagnosticsOutputFile = join13(tmpDir, "diagnostics.json");
     try {
+      const binaryName = this.compressedGoanaBinaryName;
+      const binaryPath = join13(COANA_REPOS_PATH(), "goana/bin", binaryName);
+      if (!await exists(binaryPath))
+        throw new Error(`goana binary '${binaryName}' not found`);
+      await pipeline(createReadStream(binaryPath), zlib2.createGunzip(), createWriteStream2(join13(tmpDir, "goana"), { mode: 493 }));
       const vulnAccPaths = uniq5(vulns.flatMap((v) => v.vulnerabilityAccessPaths));
-      const { error, stderr } = await execNeverFail(cmdt`${COANA_REPOS_PATH()}/goana/goana
+      const { error, stderr } = await execNeverFail(cmdt`${join13(tmpDir, "goana")}
           -output-vulnerabilities ${vulnsOutputFile}
           -output-diagnostics ${diagnosticsOutputFile}
           -topk=4 ${heuristic.includeTests && "-tests"}
           ${this.projectDir} ${vulnAccPaths}`, void 0, {
         timeout: timeoutInSeconds ? timeoutInSeconds * 1e3 : void 0,
-        env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${memoryLimitInMB}MB` } : void 0
+        env: memoryLimitInMB ? { ...process.env, GOMEMLIMIT: `${memoryLimitInMB}MiB` } : void 0
       });
       if (error) {
         logger.error("Error running Go code-aware analysis", error);