@coana-tech/cli 14.12.1 → 14.12.2

package/cli.mjs

@@ -210278,7 +210278,7 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
         return workspaceDir;
       }
       if (base.endsWith(".txt")) {
-        const isWithinProperProject = properPythonProjects.some((properProjectDir) => workspaceDir.startsWith(properProjectDir) && workspaceDir.replace(properProjectDir, "").split(sep5).length <= REQUIREMENTS_FILES_SEARCH_DEPTH2);
+        const isWithinProperProject = properPythonProjects.some((properProjectDir) => (workspaceDir === "." || workspaceDir.startsWith(properProjectDir)) && workspaceDir.replace(properProjectDir, "").split(sep5).length <= REQUIREMENTS_FILES_SEARCH_DEPTH2);
         if (isWithinProperProject) {
           return void 0;
         }
@@ -225583,7 +225583,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.12.1";
+var version2 = "14.12.2";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -226268,6 +226268,7 @@ async function getGitDataToMetadataIfAvailable(rootWorkingDirectory) {
 // dist/cli-upgrade-purl.js
 import { join as join25, relative as relative12 } from "node:path";
 var import_packageurl_js2 = __toESM(require_packageurl_js(), 1);
+var ECOSYSTEMS_WITH_SOCKET_UPGRADES = ["NPM", "MAVEN"];
 async function upgradePurl(path2, upgrades, options, logFile, cliFixRunId) {
   logger.initWinstonLogger(options.debug);
   logger.silent = options.silent;
@@ -226281,8 +226282,20 @@ async function upgradePurl(path2, upgrades, options, logFile, cliFixRunId) {
     logger.info(`Upgrading purls for ${path2}: 
 ${upgrades.map((upgrade) => `	${upgrade.purl} -> ${upgrade.upgradeVersion}`).join("\n")}`);
     if (options.manifestsTarHash) {
+      const { supportedUpgrades, unsupportedUpgrades } = upgrades.reduce((acc, upgrade) => {
+        const ecosystem = getAdvisoryEcosystemFromPurl(upgrade.purl);
+        const target = ECOSYSTEMS_WITH_SOCKET_UPGRADES.includes(ecosystem) ? "supportedUpgrades" : "unsupportedUpgrades";
+        acc[target].push(upgrade);
+        return acc;
+      }, { supportedUpgrades: [], unsupportedUpgrades: [] });
+      if (unsupportedUpgrades.length > 0) {
+        logger.warn(`The following upgrades are not supported due to missing support for upgrading their ecosystem: ${unsupportedUpgrades.map((upgrade) => `	${upgrade.purl} -> ${upgrade.upgradeVersion}`).join("\n")}`);
+      }
+      if (supportedUpgrades.length === 0) {
+        return "fixed-none";
+      }
       try {
-        const purlToUpgradeVersion = new Map(upgrades.map((upgrade) => [upgrade.purl, upgrade.upgradeVersion]));
+        const purlToUpgradeVersion = new Map(supportedUpgrades.map((upgrade) => [upgrade.purl, upgrade.upgradeVersion]));
         const { artifacts } = await fetchArtifactsFromSocket(path2, options.manifestsTarHash);
         const ecosystemToSocketArtifactUpgrades = {};
         artifacts.forEach((artifact, idx) => {
@@ -226302,16 +226315,12 @@ ${upgrades.map((upgrade) => `	${upgrade.purl} -> ${upgrade.upgradeVersion}`).joi
           });
         });
         for (const [ecosystem, upgrades2] of Object.entries(ecosystemToSocketArtifactUpgrades)) {
-          if (["NPM", "MAVEN"].includes(ecosystem)) {
-            await applySocketUpgrades(ecosystem, path2, upgrades2, artifacts);
-          } else {
-            logger.warn(`Unsupported ecosystem ${ecosystem} for socket upgrades`);
-          }
+          await applySocketUpgrades(ecosystem, path2, upgrades2, artifacts);
         }
         if (upgradePurlRunId) {
           await getSocketAPI().finalizeUpgradePurlRun(upgradePurlRunId, "success");
         }
-        return;
+        return unsupportedUpgrades.length === 0 ? "fixed-all" : "fixed-some";
       } catch (error) {
         if (upgradePurlRunId) {
           await getSocketAPI().finalizeUpgradePurlRun(
@@ -226433,16 +226442,16 @@ async function computeFixesAndUpgradePurls(path2, options, logFile) {
     return;
   }
   try {
-    await upgradePurl(path2, combinedFixes.map((fix) => ({ purl: fix.purl, upgradeVersion: fix.fixedVersion })), {
+    const applyFixesStatus = await upgradePurl(path2, combinedFixes.map((fix) => ({ purl: fix.purl, upgradeVersion: fix.fixedVersion })), {
       debug: options.debug,
       silent: options.silent,
       runWithoutDocker: options.runWithoutDocker,
       manifestsTarHash: options.manifestsTarHash,
       concurrency: "1",
       globPattern: options.globPattern
-    }, autofixRunId);
+    }, autofixRunId) ?? "fixed-all";
     if (autofixRunId) {
-      await getSocketAPI().finalizeAutofixRun(autofixRunId, ghsasFailedToFix.length === 0 ? "fixed-all" : ghsasFailedToFix.length === Object.keys(ghsaToVulnerableArtifactIdsToApply).length ? "fixed-none" : "fixed-some");
+      await getSocketAPI().finalizeAutofixRun(autofixRunId, ghsasFailedToFix.length === 0 && applyFixesStatus === "fixed-all" ? "fixed-all" : ghsasFailedToFix.length === Object.keys(ghsaToVulnerableArtifactIdsToApply).length || applyFixesStatus === "fixed-none" ? "fixed-none" : "fixed-some");
     }
   } catch (error) {
     if (autofixRunId) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.1",
+  "version": "14.12.2",
   "description": "Coana CLI",
   "type": "module",
   "bin": {