npm - @coana-tech/cli - Versions diffs - 14.12.101 → 14.12.103 - Mend

@coana-tech/cli 14.12.101 → 14.12.103

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/cli.mjs CHANGED Viewed

@@ -86512,7 +86512,7 @@ var require_lockfile = __commonJS({
               }
               const file = _ref22;
               if (yield exists2(file)) {
-                return readFile36(file);
+                return readFile35(file);
               }
             }
             return null;
@@ -86531,7 +86531,7 @@ var require_lockfile = __commonJS({
         })();
         let readJsonAndFile = exports3.readJsonAndFile = (() => {
           var _ref24 = (0, (_asyncToGenerator2 || _load_asyncToGenerator()).default)(function* (loc) {
-            const file = yield readFile36(loc);
+            const file = yield readFile35(loc);
             try {
               return {
                 object: (0, (_map || _load_map()).default)(JSON.parse(stripBOM2(file))),
@@ -86771,7 +86771,7 @@ var require_lockfile = __commonJS({
           };
         })();
         exports3.copy = copy;
-        exports3.readFile = readFile36;
+        exports3.readFile = readFile35;
         exports3.readFileRaw = readFileRaw;
         exports3.normalizeOS = normalizeOS;
         var _fs;
@@ -86869,7 +86869,7 @@ var require_lockfile = __commonJS({
             });
           });
         }
-        function readFile36(loc) {
+        function readFile35(loc) {
           return _readFile(loc, "utf8").then(normalizeOS);
         }
         function readFileRaw(loc) {
@@ -201554,7 +201554,7 @@ var {
 } = import_index.default;
 // dist/index.js
-import { mkdir as mkdir7, mkdtemp as mkdtemp2, readFile as readFile35, rm as rm2, writeFile as writeFile15 } from "fs/promises";
+import { mkdir as mkdir7, mkdtemp as mkdtemp2, readFile as readFile34, rm as rm2, writeFile as writeFile15 } from "fs/promises";
 import { tmpdir as tmpdir3 } from "os";
 import { dirname as dirname27, join as join30, resolve as resolve44 } from "path";
@@ -213271,7 +213271,6 @@ var GoFixingManager = class {
 // ../fixing-management/src/fixing-management/go/go-socket-upgrade-manager.ts
 import { dirname as dirname7, resolve as resolve7 } from "node:path";
-import { readFile as readFile5 } from "node:fs/promises";
 var import_picomatch = __toESM(require_picomatch4(), 1);
 import assert4 from "node:assert";
@@ -216351,7 +216350,6 @@ replace ${modulePath} ${currentVersion} => ${modulePath} ${newVersion}
   async refreshChecksumFiles(checksumFileToArtifacts, ctxt) {
     await asyncForEach(Object.entries(checksumFileToArtifacts), async ([checksumFile, artifacts]) => {
       const goModDir = dirname7(resolve7(this.rootDir, checksumFile));
-      const oldFileContent = await readFile5(resolve7(this.rootDir, checksumFile), "utf-8").catch(() => "");
       const result = await execNeverFail2(["go", "mod", "tidy"], goModDir);
       if (result.error) {
         ctxt.statusUpdater?.({
@@ -216361,12 +216359,10 @@ replace ${modulePath} ${currentVersion} => ${modulePath} ${newVersion}
           message: `Failed to update checksum file: ${result.error.message ?? "Unknown error"}`
         });
       } else {
-        const finalFileContent = await readFile5(resolve7(this.rootDir, checksumFile), "utf-8").catch(() => "");
         ctxt.statusUpdater?.({
           status: "success",
           file: checksumFile,
           message: "Checksum file updated",
-          patch: createPatch(checksumFile, oldFileContent, finalFileContent, void 0, void 0, { context: 3 }),
           artifacts: i3(artifacts)
         });
       }
@@ -216376,12 +216372,12 @@ replace ${modulePath} ${currentVersion} => ${modulePath} ${newVersion}
 // ../fixing-management/src/fixing-management/maven/gradle-fixing-manager.ts
 import { existsSync as existsSync5 } from "node:fs";
-import { readFile as readFile9 } from "node:fs/promises";
+import { readFile as readFile8 } from "node:fs/promises";
 import { join as join6, resolve as resolve10 } from "node:path";
 // ../fixing-management/src/fixing-management/utils/coana-patch-application.ts
 import { existsSync as existsSync3 } from "node:fs";
-import { readFile as readFile6, writeFile as writeFile3 } from "node:fs/promises";
+import { readFile as readFile5, writeFile as writeFile3 } from "node:fs/promises";
 import { resolve as resolve8 } from "node:path";
 function detectPatchConflicts(rootDir, patchResults) {
   const patchesByFile = /* @__PURE__ */ new Map();
@@ -216514,7 +216510,7 @@ async function applyPatchResults(ecosystem, rootDir, patchResults) {
     if (!existsSync3(filePath)) {
       await writeFile3(filePath, "", "utf-8");
     }
-    let fileContent = await readFile6(filePath, "utf-8");
+    let fileContent = await readFile5(filePath, "utf-8");
     for (const patch of sortedPatches) {
       const start = patch.offset;
       const end2 = patch.offset + (patch.oldText?.length ?? 0);
@@ -216526,7 +216522,7 @@ async function applyPatchResults(ecosystem, rootDir, patchResults) {
 // ../fixing-management/src/fixing-management/maven/gradle-build-file-helper.ts
 var import_good_enough_parser = __toESM(require_cjs(), 1);
-import { readFile as readFile7 } from "node:fs/promises";
+import { readFile as readFile6 } from "node:fs/promises";
 // ../fixing-management/src/fixing-management/maven/utils.ts
 import { existsSync as existsSync4 } from "node:fs";
@@ -216748,7 +216744,7 @@ var treeQuery = import_good_enough_parser.query.tree({
 });
 async function findDependencyDeclsAndCatalogFiles(filePath) {
   const gradleLang = import_good_enough_parser.lang.createLang("groovy");
-  const cursor = gradleLang.parse(await readFile7(filePath, "utf-8"));
+  const cursor = gradleLang.parse(await readFile6(filePath, "utf-8"));
   const ctx = gradleLang.query(cursor, treeQuery, {
     mem: {},
     depDecls: [],
@@ -216784,7 +216780,7 @@ ${getConstraintsBlockString(groupId, artifactId, classifier, version4, indentati
 }
 // ../fixing-management/src/fixing-management/maven/gradle-version-catalog-helper.ts
-import { readFile as readFile8 } from "node:fs/promises";
+import { readFile as readFile7 } from "node:fs/promises";
 // ../utils/src/toml-utils.ts
 var tomlParser = __toESM(require_lib10(), 1);
@@ -217051,7 +217047,7 @@ function parseDependencyObject(valueNode) {
   };
 }
 async function findVersionCatalogDeclarations(filePath) {
-  const catalogData = parseVersionCatalog(await readFile8(filePath, "utf-8"));
+  const catalogData = parseVersionCatalog(await readFile7(filePath, "utf-8"));
   return {
     depDecls: catalogData.dependencies,
     versionDecls: catalogData.versions
@@ -217256,7 +217252,7 @@ var GradleFixingManager = class {
         newText: constraintStr + "\n"
       };
     } else {
-      const fileContent = await readFile9(targetBuildFile, "utf-8");
+      const fileContent = await readFile8(targetBuildFile, "utf-8");
       const indentationSize = getIndentationSize(fileContent);
       const prependNewline = fileContent.split("\n").some((line) => !line.trim());
       const finalConstraintStr = getDependencyConstraintString(
@@ -217443,7 +217439,7 @@ var GradleFixingManager = class {
   async createConstraintsForFile(buildFile, fixes) {
     const { dependenciesBlocks, constraintsBlocks } = await findDependencyDeclsAndCatalogFiles(buildFile);
     const fileType = buildFile.endsWith(".kts") ? "kotlin" : "groovy";
-    const fileContent = existsSync5(buildFile) ? await readFile9(buildFile, "utf-8") : "";
+    const fileContent = existsSync5(buildFile) ? await readFile8(buildFile, "utf-8") : "";
     const indentationSize = getIndentationSize(fileContent);
     const constraintDeclarations = fixes.map(({ dependencyDetails, fixedVersion }) => {
       const [groupId, artifactId] = dependencyDetails.packageName.split(":");
@@ -217550,7 +217546,7 @@ import { resolve as resolve12 } from "node:path";
 // ../utils/src/pom-utils.ts
 var import_parse_xml2 = __toESM(require_dist(), 1);
-import { readFile as readFile10 } from "node:fs/promises";
+import { readFile as readFile9 } from "node:fs/promises";
 import { existsSync as existsSync6 } from "node:fs";
 import { resolve as resolve11, join as join7, relative as relative4, dirname as dirname8 } from "node:path";
@@ -217686,7 +217682,7 @@ async function loadPom(rootDir, pomFile, validateFile, visited = /* @__PURE__ */
   if (!validatedPomFile || !existsSync6(validatedPomFile)) return void 0;
   if (visited.has(validatedPomFile)) return void 0;
   visited.add(validatedPomFile);
-  const sourceText = await readFile10(validatedPomFile, "utf-8");
+  const sourceText = await readFile9(validatedPomFile, "utf-8");
   const xml2 = (0, import_parse_xml2.parseXml)(sourceText, { includeOffsets: true });
   const indentation = inferIndentationFromParsedXml(xml2, sourceText);
   const pom = {
@@ -218857,11 +218853,11 @@ import { dirname as dirname10, resolve as resolve15 } from "node:path";
 import assert7 from "node:assert";
 // ../fixing-management/src/fixing-management/maven/gradle-lockfile-utils.ts
-import { readFile as readFile11 } from "node:fs/promises";
+import { readFile as readFile10 } from "node:fs/promises";
 import { resolve as resolve14 } from "node:path";
 async function loadLockFile(rootDir, lockfilePath) {
   const file = resolve14(rootDir, lockfilePath);
-  return { rootDir, file, sourceText: await readFile11(file, "utf-8") };
+  return { rootDir, file, sourceText: await readFile10(file, "utf-8") };
 }
 // ../fixing-management/src/fixing-management/maven/handlers/gradle-lockfile-upgrade-handler.ts
@@ -218921,13 +218917,13 @@ var GradleLockfileUpgradeHandler = class {
 // ../fixing-management/src/fixing-management/maven/handlers/sbt-upgrade-handler.ts
 import { existsSync as existsSync7 } from "node:fs";
-import { readFile as readFile13 } from "node:fs/promises";
+import { readFile as readFile12 } from "node:fs/promises";
 import { basename as basename4, dirname as dirname11, resolve as resolve16 } from "node:path";
 import assert8 from "node:assert";
 // ../fixing-management/src/fixing-management/maven/sbt-project-utils.ts
 var import_good_enough_parser2 = __toESM(require_cjs(), 1);
-import { readFile as readFile12 } from "node:fs/promises";
+import { readFile as readFile11 } from "node:fs/promises";
 var pathQuery2 = import_good_enough_parser2.query.sym((ctx, { offset, value: value2 }) => {
   return { ...ctx, pathOffset: offset, pathValue: value2 };
 }).many(
@@ -219104,7 +219100,7 @@ var treeQuery2 = import_good_enough_parser2.query.tree({
 });
 async function loadSbtProject(filePath, acc = { mem: {}, moduleIds: [] }) {
   const scalaLang = import_good_enough_parser2.lang.createLang("scala");
-  const cursor = scalaLang.parse(await readFile12(filePath, "utf-8"));
+  const cursor = scalaLang.parse(await readFile11(filePath, "utf-8"));
   return scalaLang.query(cursor, treeQuery2, acc) ?? acc;
 }
 function evaluate2(v) {
@@ -219245,7 +219241,7 @@ ${indent(1, indentationSize)}`)}
 `
       };
     } else {
-      const fileContent = await readFile13(dependencyOverridesFile, "utf-8");
+      const fileContent = await readFile12(dependencyOverridesFile, "utf-8");
       const indentationSize = getIndentationSize(fileContent);
       const prependNewline = fileContent.length > 0 && !fileContent.endsWith("\n\n");
       return {
@@ -219365,7 +219361,7 @@ var MavenSocketUpgradeManager = class {
 // ../fixing-management/src/fixing-management/maven/sbt-fixing-manager.ts
 import { existsSync as existsSync8 } from "node:fs";
-import { readFile as readFile14 } from "node:fs/promises";
+import { readFile as readFile13 } from "node:fs/promises";
 import { join as join8 } from "node:path";
 var SbtFixingManager = class {
   constructor(rootDir, subprojectPath, otherModulesCommunicator) {
@@ -219567,7 +219563,7 @@ var SbtFixingManager = class {
 `
       };
     } else {
-      const fileContent = await readFile14(workspaceBuildSbtPath, "utf-8");
+      const fileContent = await readFile13(workspaceBuildSbtPath, "utf-8");
       const prependNewline = fileContent.split("\n").some((line) => !line.trim());
       return {
         file: workspaceBuildSbtPath,
@@ -219646,7 +219642,7 @@ ${indent(1, indentationSize)}`)}
         newText: overrideText
       };
     } else {
-      const fileContent = await readFile14(workspaceBuildSbtPath, "utf-8");
+      const fileContent = await readFile13(workspaceBuildSbtPath, "utf-8");
       const indentationSize = getIndentationSize(fileContent);
       const prependNewline = fileContent.length > 0 && !fileContent.endsWith("\n\n");
       const overrideText = `dependencyOverrides ++= Seq(
@@ -219665,7 +219661,7 @@ ${indent(1, indentationSize)}`)}
 // ../fixing-management/src/fixing-management/npm/npm-socket-upgrade-manager.ts
 import { existsSync as existsSync12 } from "fs";
-import { readFile as readFile19 } from "fs/promises";
+import { readFile as readFile18 } from "fs/promises";
 import assert10 from "node:assert";
 import { dirname as dirname15, join as join11, relative as relative8, resolve as resolve25 } from "path";
@@ -225511,7 +225507,7 @@ async function getWorkspacePathsFromPnpmLockFile(lockFileDir, useDotWhenNoWorksp
 }
 // ../fixing-management/src/fixing-management/npm/npm-fixing-manager.ts
-import { readFile as readFile15, writeFile as writeFile4 } from "fs/promises";
+import { readFile as readFile14, writeFile as writeFile4 } from "fs/promises";
 import { resolve as resolve20 } from "path";
 // ../fixing-management/src/fixing-management/npm/npm-ecosystem-fixing-manager.ts
@@ -225568,7 +225564,7 @@ var NpmFixingManager = class extends NpmEcosystemFixingManager {
   }
   async applySecurityFixesSpecificPackageManager(fixes) {
     const pkgLockLocation = resolve20(this.rootDir, this.subprojectPath, "package-lock.json");
-    const packageLockContent = await readFile15(pkgLockLocation, "utf-8");
+    const packageLockContent = await readFile14(pkgLockLocation, "utf-8");
     const getPackageName = (pkgPath) => {
       const strings = pkgPath.split("node_modules/");
       return strings[strings.length - 1];
@@ -225597,7 +225593,7 @@ var NpmFixingManager = class extends NpmEcosystemFixingManager {
 };
 // ../fixing-management/src/fixing-management/npm/pnpm-fixing-manager.ts
-import { readFile as readFile16, writeFile as writeFile5 } from "fs/promises";
+import { readFile as readFile15, writeFile as writeFile5 } from "fs/promises";
 import { resolve as resolve21 } from "path";
 var import_yaml = __toESM(require_dist10(), 1);
 var import_lockfile_file2 = __toESM(require_lib25(), 1);
@@ -225741,7 +225737,7 @@ function getVersionNumber(version4) {
   return match2 ? `${match2[1]}` : version4;
 }
 async function readYamlFile(workspaceYamlFile) {
-  const workspaceYamlString = await readFile16(workspaceYamlFile, "utf8");
+  const workspaceYamlString = await readFile15(workspaceYamlFile, "utf8");
   const parser2 = new import_yaml.Parser();
   const [ast] = parser2.parse(workspaceYamlString);
   return ast;
@@ -225778,7 +225774,7 @@ function updateCatalog(update3, map2) {
 }
 // ../fixing-management/src/fixing-management/npm/yarn-fixing-manager.ts
-import { readFile as readFile18, writeFile as writeFile6 } from "fs/promises";
+import { readFile as readFile17, writeFile as writeFile6 } from "fs/promises";
 import { resolve as resolve24 } from "path";
 // ../utils/src/package-utils.ts
@@ -225813,12 +225809,12 @@ var import_yarnlock_parse_raw = __toESM(require_yarnlock_parse_raw(), 1);
 // ../fixing-management/src/fixing-management/npm/yarn-utils.ts
 var lockfile = __toESM(require_lockfile(), 1);
 var import_parsers = __toESM(require_lib27(), 1);
-import { readFile as readFile17 } from "fs/promises";
+import { readFile as readFile16 } from "fs/promises";
 import { resolve as resolve23 } from "path";
 async function getYarnType(projectDir) {
   const yarnLockLocation = resolve23(projectDir, "yarn.lock");
   try {
-    const content = await readFile17(yarnLockLocation, "utf8");
+    const content = await readFile16(yarnLockLocation, "utf8");
     if (!content || content.length === 0) {
       return void 0;
     }
@@ -225916,7 +225912,7 @@ var YarnFixingManager = class extends NpmEcosystemFixingManager {
     logger.debug("Installation completed.");
   }
   async getYarnLockObj(filePath) {
-    const fileString = await readFile18(filePath, "utf8");
+    const fileString = await readFile17(filePath, "utf8");
     const yarnType = await this.getYarnType();
     return yarnType === "classic" ? (0, import_yarnlock_parse_raw.parseYarnLockRawV1)(fileString) : (0, import_yarnlock_parse_raw.parseYarnLockRawV2)(fileString);
   }
@@ -226110,15 +226106,12 @@ var NpmSocketUpgradeManager = class {
     }));
     const lockfileName = this.getLockfileName(subprojectDir);
     const lockfilePath = join11(subprojectDir, lockfileName);
-    const oldLockfileContent = await readFile19(resolve25(this.rootDir, lockfilePath), "utf-8");
     try {
       await fixingManager.applySecurityFixesSpecificPackageManager(upgradesTransformed);
-      const newLockfileContent = await readFile19(resolve25(this.rootDir, lockfilePath), "utf-8");
       ctxt.statusUpdater?.({
         status: "success",
         file: lockfilePath,
         message: "Lockfile updated with dependency upgrades",
-        patch: createPatch(lockfilePath, oldLockfileContent, newLockfileContent, void 0, void 0, { context: 3 }),
         artifacts: i3(allUpgrades.map((u8) => u8.idx))
       });
     } catch (e) {
@@ -226152,22 +226145,12 @@ var NpmSocketUpgradeManager = class {
         await applyPatches("NPM", this.rootDir, directPatches, ctxt);
       }
     }
-    const lockfileContentBeforeFinalize = await readFile19(resolve25(this.rootDir, lockfilePath), "utf-8");
     try {
       await fixingManager.finalizeFixes();
-      const lockfileContentAfterFinalize = await readFile19(resolve25(this.rootDir, lockfilePath), "utf-8");
       ctxt.statusUpdater?.({
         status: "success",
         file: lockfilePath,
         message: "Lockfile finalized",
-        patch: createPatch(
-          lockfilePath,
-          lockfileContentBeforeFinalize,
-          lockfileContentAfterFinalize,
-          void 0,
-          void 0,
-          { context: 3 }
-        ),
         artifacts: i3(allUpgrades.map((u8) => u8.idx))
       });
     } catch (e) {
@@ -226215,7 +226198,7 @@ var NpmSocketUpgradeManager = class {
     assert10(artifact.name);
     assert10(artifact.version);
     const patches = [];
-    const packageJsonContent = await readFile19(resolve25(this.rootDir, mf.file), "utf-8");
+    const packageJsonContent = await readFile18(resolve25(this.rootDir, mf.file), "utf-8");
     if (mf?.start !== void 0 && mf?.end !== void 0) {
       const originalVersionString = packageJsonContent.substring(mf.start, mf.end);
       let newVersionString;
@@ -226269,7 +226252,7 @@ var RushFixingManager = class {
 };
 // ../fixing-management/src/fixing-management/nuget/nuget-fixing-manager.ts
-import { readFile as readFile20, writeFile as writeFile7 } from "fs/promises";
+import { readFile as readFile19, writeFile as writeFile7 } from "fs/promises";
 import { join as join12 } from "path";
 // ../utils/src/nuget-utils.ts
@@ -226372,14 +226355,14 @@ var NugetFixingManager = class {
         if (projectFiles.length !== 1)
           throw new Error("Applying fixes to workspaces with more than 1 project file currently not supported");
         const projectFilePath = join12(this.getAbsWsPath(wsPath), projectFiles[0]);
-        const initialProjectFile = await readFile20(projectFilePath, "utf-8");
+        const initialProjectFile = await readFile19(projectFilePath, "utf-8");
         const initialLockFile = await this.restoreWorkspaceAndParseLockFile(wsPath);
         await applySeries(fixesWithId, async ({ fixId, vulnerabilityFixes }) => {
           await this.applySecurityFixesForWorkspace(wsPath, projectFilePath, vulnerabilityFixes, dependencyTree);
           signalFixApplied2?.(fixId, this.subprojectPath, wsPath, vulnerabilityFixes);
         });
-        const finalProjectFile = await readFile20(projectFilePath, "utf-8");
-        const finalLockFile = JSON.parse(await readFile20(this.getLockFilePath(wsPath), "utf-8"));
+        const finalProjectFile = await readFile19(projectFilePath, "utf-8");
+        const finalLockFile = JSON.parse(await readFile19(this.getLockFilePath(wsPath), "utf-8"));
         await writeFile7(projectFilePath, initialProjectFile);
         await writeFile7(this.getLockFilePath(wsPath), JSON.stringify(initialLockFile, null, 2));
         return { projectFile: finalProjectFile, lockFile: finalLockFile };
@@ -226411,7 +226394,7 @@ var NugetFixingManager = class {
     }
   }
   async applySecurityFixesForWorkspace(wsPath, projectFilePath, vulnFixes, dependencyTree) {
-    const initialProjectFile = await readFile20(projectFilePath, "utf-8");
+    const initialProjectFile = await readFile19(projectFilePath, "utf-8");
     const initialLockFile = await this.restoreWorkspaceAndParseLockFile(wsPath);
     const typeCache = new Cache();
     const requestedCache = new Cache();
@@ -226501,7 +226484,7 @@ var NugetFixingManager = class {
   async restoreWorkspaceAndParseLockFile(wsPath) {
     const succeeded = await execAndLogOnFailure2("dotnet restore --use-lock-file", this.getAbsWsPath(wsPath));
     if (!succeeded) throw new Error(`Error applying fix - could not restore project ${this.subprojectPath}/${wsPath}`);
-    return JSON.parse(await readFile20(this.getLockFilePath(wsPath), "utf-8"));
+    return JSON.parse(await readFile19(this.getLockFilePath(wsPath), "utf-8"));
   }
   getLockFilePath(wsPath, lockFileName = "packages.lock.json") {
     return join12(this.getAbsWsPath(wsPath), lockFileName);
@@ -226579,7 +226562,7 @@ import { dirname as dirname17, resolve as resolve27 } from "node:path";
 // ../utils/src/nuget-project-utils.ts
 var import_parse_xml3 = __toESM(require_dist(), 1);
-import { readFile as readFile21 } from "node:fs/promises";
+import { readFile as readFile20 } from "node:fs/promises";
 import { dirname as dirname16, join as join14, relative as relative9, resolve as resolve26, basename as basename7, extname } from "node:path";
 import { existsSync as existsSync13 } from "node:fs";
@@ -228137,7 +228120,7 @@ async function loadNuGetProjectOrTarget(rootDir, projectFile, mainProject, visit
   if (!validatedProjectPath || !existsSync13(validatedProjectPath)) return void 0;
   if (visited.has(validatedProjectPath)) return void 0;
   visited.set(validatedProjectPath);
-  const sourceText = await readFile21(validatedProjectPath, "utf-8");
+  const sourceText = await readFile20(validatedProjectPath, "utf-8");
   const xml2 = (0, import_parse_xml3.parseXml)(sourceText, { includeOffsets: true });
   const indentation = inferIndentationFromParsedXml2(xml2, sourceText);
   const currentProject = {
@@ -228210,7 +228193,7 @@ async function loadNuGetProjectOrTarget(rootDir, projectFile, mainProject, visit
 async function loadPackagesConfig(rootDir, file, validateFile) {
   const validatedConfigPath = validateFile(resolve26(rootDir, file));
   if (!validatedConfigPath || !existsSync13(validatedConfigPath)) return void 0;
-  const sourceText = await readFile21(validatedConfigPath, "utf-8");
+  const sourceText = await readFile20(validatedConfigPath, "utf-8");
   const configXml = (0, import_parse_xml3.parseXml)(sourceText, { includeOffsets: true });
   const packages = extractPackagesFromXml(configXml, sourceText);
   return {
@@ -229031,17 +229014,17 @@ import { dirname as dirname19, relative as relative10, resolve as resolve29 } fr
 var import_picomatch5 = __toESM(require_picomatch4(), 1);
 var import_semver4 = __toESM(require_semver2(), 1);
 import assert12 from "node:assert";
-import { readFile as readFile23, writeFile as writeFile8 } from "node:fs/promises";
+import { readFile as readFile22, writeFile as writeFile8 } from "node:fs/promises";
 // ../utils/src/cargo-utils.ts
-import { readFile as readFile22 } from "node:fs/promises";
+import { readFile as readFile21 } from "node:fs/promises";
 import { dirname as dirname18, resolve as resolve28 } from "node:path";
 var import_picomatch4 = __toESM(require_picomatch4(), 1);
 async function getCargoTomlFilesForCargoLockFile(rootDir, cargoLockFile, cargoTomlFiles) {
   const lockDir = dirname18(cargoLockFile);
   const rootTomlFile = cargoTomlFiles.find((file) => dirname18(file) === lockDir);
   if (!rootTomlFile) return void 0;
-  const rootTomlContent = await readFile22(resolve28(rootDir, rootTomlFile), "utf-8");
+  const rootTomlContent = await readFile21(resolve28(rootDir, rootTomlFile), "utf-8");
   const toml = parseTOML2(rootTomlContent);
   if (!toml) return void 0;
   const memberPatterns = [];
@@ -229138,7 +229121,7 @@ var CargoSocketUpgradeManager = class {
       const path9 = resolve29(this.rootDir, file);
       if (!restoreMap.has(path9)) {
         restoreMap.set(path9, {
-          content: await readFile23(path9, "utf-8"),
+          content: await readFile22(path9, "utf-8"),
           artifacts: []
         });
       }
@@ -229200,7 +229183,7 @@ var CargoSocketUpgradeManager = class {
    */
   async createDirectDependencyPatches(mf, idx, upgradeVersion, ctxt) {
     const fullPath = resolve29(this.rootDir, mf.file);
-    const content = await readFile23(fullPath, "utf-8");
+    const content = await readFile22(fullPath, "utf-8");
     const toml = parseTOML2(content);
     if (!toml) {
       ctxt.statusUpdater?.({
@@ -229289,7 +229272,7 @@ var CargoSocketUpgradeManager = class {
    */
   async createTransitiveDependencyPatches(tomlFile, idx, upgradeVersion, ctxt) {
     const fullPath = resolve29(this.rootDir, tomlFile);
-    const content = await readFile23(fullPath, "utf-8");
+    const content = await readFile22(fullPath, "utf-8");
     const toml = parseTOML2(content);
     if (!toml) {
       ctxt.statusUpdater?.({
@@ -229329,7 +229312,6 @@ ${newDependencyLine}`
   async refreshLockfiles(lockfileToArtifacts, ctxt, _mode2) {
     await asyncForEach(Object.entries(lockfileToArtifacts), async ([lockfile2, artifacts]) => {
       const lockfileDir = dirname19(resolve29(this.rootDir, lockfile2));
-      const oldFileContent = await readFile23(resolve29(this.rootDir, lockfile2), "utf-8");
       let result;
       if (this.cargoLockMatcher(lockfile2)) {
         result = await execNeverFail2(["cargo", "fetch"], lockfileDir);
@@ -229343,12 +229325,10 @@ ${newDependencyLine}`
         return;
       }
       if (!result.error) {
-        const finalFileContent = await readFile23(resolve29(this.rootDir, lockfile2), "utf-8");
         ctxt.statusUpdater?.({
           status: "success",
           file: lockfile2,
           message: "Lockfile updated",
-          patch: createPatch(lockfile2, oldFileContent, finalFileContent, void 0, void 0, { context: 3 }),
           artifacts: i3(artifacts)
         });
       } else {
@@ -229369,12 +229349,12 @@ ${newDependencyLine}`
 import { dirname as dirname21, relative as relative11, resolve as resolve32 } from "node:path";
 var import_picomatch7 = __toESM(require_picomatch4(), 1);
 import assert13 from "node:assert";
-import { readFile as readFile26, writeFile as writeFile9 } from "node:fs/promises";
+import { readFile as readFile25, writeFile as writeFile9 } from "node:fs/promises";
 var import_pip_requirements_js = __toESM(require_dist11(), 1);
 // ../utils/src/pip-utils.ts
 import { existsSync as existsSync14 } from "node:fs";
-import { readFile as readFile25 } from "node:fs/promises";
+import { readFile as readFile24 } from "node:fs/promises";
 import { dirname as dirname20, resolve as resolve31 } from "node:path";
 import util4 from "node:util";
@@ -229383,7 +229363,7 @@ var import_lodash6 = __toESM(require_lodash(), 1);
 var import_semver5 = __toESM(require_semver2(), 1);
 import { execFileSync } from "child_process";
 import { constants as constants3 } from "fs";
-import { access as access3, readFile as readFile24 } from "fs/promises";
+import { access as access3, readFile as readFile23 } from "fs/promises";
 import { join as join15, resolve as resolve30 } from "path";
 import util3 from "util";
 var { once: once2 } = import_lodash6.default;
@@ -229403,14 +229383,14 @@ var hasPyenv = once2(async () => !(await execNeverFail2("which pyenv")).error);
 // ../utils/src/pip-utils.ts
 var import_picomatch6 = __toESM(require_picomatch4(), 1);
 async function isSetupPySetuptools(file) {
-  const content = await readFile25(file, "utf-8");
+  const content = await readFile24(file, "utf-8");
   return content.includes("setup(") && (/^\s*from\s+(?:setuptools|distutils\.core)\s+import\s+.*setup/m.test(content) || /^\s*import\s+(?:setuptools|distutils\.core)/m.test(content));
 }
 async function getPyprojectTomlFilesForLockFile(rootDir, uvLockfile, pyprojectFiles) {
   const lockDir = dirname20(uvLockfile);
   const rootTomlFile = pyprojectFiles.find((file) => dirname20(file) === lockDir);
   if (!rootTomlFile) return void 0;
-  const rootTomlContent = await readFile25(resolve31(rootDir, rootTomlFile), "utf-8");
+  const rootTomlContent = await readFile24(resolve31(rootDir, rootTomlFile), "utf-8");
   const toml = parseTOML2(rootTomlContent);
   if (!toml) return void 0;
   const memberPatterns = [];
@@ -229843,7 +229823,7 @@ var PipSocketUpgradeManager = class {
       const path9 = resolve32(this.rootDir, file);
       if (!restoreMap.has(path9)) {
         restoreMap.set(path9, {
-          content: await readFile26(path9, "utf-8"),
+          content: await readFile25(path9, "utf-8"),
           artifacts: []
         });
       }
@@ -229920,7 +229900,7 @@ var PipSocketUpgradeManager = class {
     const refStart = ref.start;
     const refEnd = ref.end;
     try {
-      const content = await readFile26(fullPath, "utf-8");
+      const content = await readFile25(fullPath, "utf-8");
       const requirements = (0, import_pip_requirements_js.parsePipRequirementsFileLoosely)(content, { includeLocations: true });
       const foundRequirement = requirements.filter((req) => req.data.type === "ProjectName").find((req) => refStart <= req.location.startIdx && req.location.endIdx <= refEnd);
       if (foundRequirement) {
@@ -229953,7 +229933,7 @@ var PipSocketUpgradeManager = class {
     assert13(artifact.version);
     const patches = [];
     try {
-      const content = await readFile26(fullPath, "utf-8");
+      const content = await readFile25(fullPath, "utf-8");
       const newText = `${artifact.name}==${upgradeVersion}`;
       patches.push({
         file: requirementsFile,
@@ -229979,7 +229959,7 @@ ${newText}
    */
   async createPyprojectTomlDirectDependencyPatches(tomlFile, idx, upgradeVersion, ctxt) {
     const fullPath = resolve32(this.rootDir, tomlFile);
-    const content = await readFile26(fullPath, "utf-8");
+    const content = await readFile25(fullPath, "utf-8");
     const toml = parseTOML2(content);
     if (!toml) {
       ctxt.statusUpdater?.({
@@ -230098,7 +230078,7 @@ ${newText}
     assert13(artifact.version);
     const patches = [];
     try {
-      const content = await readFile26(resolve32(this.rootDir, pyprojectToml), "utf-8");
+      const content = await readFile25(resolve32(this.rootDir, pyprojectToml), "utf-8");
       const toml = parseTOML2(content);
       if (!toml) {
         ctxt.statusUpdater?.({
@@ -230154,7 +230134,7 @@ ${newText}
     assert13(artifact.version);
     const patches = [];
     try {
-      const content = await readFile26(resolve32(this.rootDir, pyprojectToml), "utf-8");
+      const content = await readFile25(resolve32(this.rootDir, pyprojectToml), "utf-8");
       const toml = parseTOML2(content);
       if (!toml) {
         ctxt.statusUpdater?.({
@@ -230225,7 +230205,6 @@ ${" ".repeat(4)}"${artifact.name}==${upgradeVersion}",
   async refreshLockfiles(lockfileToArtifacts, ctxt, _mode2) {
     await asyncForEach(Object.entries(lockfileToArtifacts), async ([lockfile2, artifacts]) => {
       const lockfileDir = dirname21(resolve32(this.rootDir, lockfile2));
-      const oldFileContent = await readFile26(resolve32(this.rootDir, lockfile2), "utf-8");
       let result;
       if (this.uvLockMatcher(lockfile2)) {
         result = await execNeverFail2(["uv", "lock"], lockfileDir);
@@ -230239,12 +230218,10 @@ ${" ".repeat(4)}"${artifact.name}==${upgradeVersion}",
         return;
       }
       if (!result.error) {
-        const finalFileContent = await readFile26(resolve32(this.rootDir, lockfile2), "utf-8");
         ctxt.statusUpdater?.({
           status: "success",
           file: lockfile2,
           message: "Lockfile updated",
-          patch: createPatch(lockfile2, oldFileContent, finalFileContent, void 0, void 0, { context: 3 }),
           artifacts: i3(artifacts)
         });
       } else {
@@ -230265,7 +230242,7 @@ function canonicalizePyPIName(name2) {
 }
 async function getDependenciesMapFromUvLock(rootDir, lockFile, pyprojectTomlFilesForLockFile) {
   const result = /* @__PURE__ */ new Map();
-  const lockToml = parseTOML2(await readFile26(resolve32(rootDir, lockFile), "utf-8"));
+  const lockToml = parseTOML2(await readFile25(resolve32(rootDir, lockFile), "utf-8"));
   if (!lockToml) return result;
   const children2 = /* @__PURE__ */ new Map();
   const packages = lockToml.package;
@@ -230289,7 +230266,7 @@ async function getDependenciesMapFromUvLock(rootDir, lockFile, pyprojectTomlFile
   }
   const tomlFileToName = new Map(
     await asyncFilterMap(pyprojectTomlFilesForLockFile, async (tomlFile) => {
-      const toml = parseTOML2(await readFile26(resolve32(rootDir, tomlFile), "utf-8"));
+      const toml = parseTOML2(await readFile25(resolve32(rootDir, tomlFile), "utf-8"));
       return toml && toml.project instanceof TOMLTable && toml.project.name instanceof TOMLScalar && typeof toml.project.name[value] === "string" ? [tomlFile, toml.project.name[value]] : void 0;
     })
   );
@@ -230679,7 +230656,7 @@ function parseGemfileLock(content) {
 }
 // ../fixing-management/src/fixing-management/rubygems/rubygems-socket-upgrade-manager.ts
-import { readFile as readFile27, writeFile as writeFile10 } from "node:fs/promises";
+import { readFile as readFile26, writeFile as writeFile10 } from "node:fs/promises";
 // ../fixing-management/src/fixing-management/rubygems/rubygems-patch-utils.ts
 function createRubygemVersionPatches(gem, idx, upgradeVersion, rangeStyle, statusUpdater) {
@@ -230892,7 +230869,7 @@ var RubygemsSocketUpgradeManager = class {
       for (const mf of artifact.manifestFiles ?? []) {
         if (this.gemfileLockMatcher(mf.file)) {
           if (ctxt.wsFilter && !ctxt.wsFilter(dirname23(mf.file) || ".")) continue;
-          const lockfileContent = await readFile27(resolve34(this.rootDir, mf.file), "utf-8");
+          const lockfileContent = await readFile26(resolve34(this.rootDir, mf.file), "utf-8");
           const gemfileLock = parseGemfileLock(lockfileContent);
           const pathGems = [];
           for (const [pathGemName, deps] of gemfileLock.pathDependencies) {
@@ -230943,7 +230920,7 @@ var RubygemsSocketUpgradeManager = class {
       const path9 = resolve34(this.rootDir, file);
       if (!restoreMap.has(path9)) {
         restoreMap.set(path9, {
-          content: await readFile27(path9, "utf-8"),
+          content: await readFile26(path9, "utf-8"),
           artifacts: []
         });
       }
@@ -230965,15 +230942,12 @@ var RubygemsSocketUpgradeManager = class {
       if (lockfile2 !== void 0) (lockfileToArtifacts[lockfile2] ??= []).push(...artifacts);
     }
     await asyncForEach(Object.entries(lockfileToArtifacts), async ([file, artifacts]) => {
-      const oldFileContent = await readFile27(resolve34(this.rootDir, file), "utf-8");
       const result = await execNeverFail2("bundle lock", dirname23(resolve34(this.rootDir, file)));
-      const updatedFileContent = await readFile27(resolve34(this.rootDir, file), "utf-8");
       if (!result.error) {
         ctxt.statusUpdater?.({
           status: "success",
           file,
           message: "Lockfile updated",
-          patch: createPatch(file, oldFileContent, updatedFileContent, void 0, void 0, { context: 3 }),
           artifacts: i3(artifacts)
         });
       } else {
@@ -231007,15 +230981,12 @@ var RubygemsSocketUpgradeManager = class {
     });
     await applyPatches("RUBYGEMS", this.rootDir, directPatches, ctxt);
     await asyncForEach(Object.entries(lockfileToArtifacts), async ([file, artifacts]) => {
-      const oldFileContent = await readFile27(resolve34(this.rootDir, file), "utf-8");
       const result = await execNeverFail2(cmdt`bundler lock`, dirname23(resolve34(this.rootDir, file)));
-      const updatedFileContent = await readFile27(resolve34(this.rootDir, file), "utf-8");
       if (!result.error) {
         ctxt.statusUpdater?.({
           status: "success",
           file,
           message: "Lockfile updated",
-          patch: createPatch(file, oldFileContent, updatedFileContent, void 0, void 0, { context: 3 }),
           artifacts
         });
       } else {
@@ -231041,7 +231012,7 @@ var RubygemsSocketUpgradeManager = class {
     const gemfilePatches = [];
     const artifact = ctxt.artifacts[idx];
     try {
-      const gemfileContent = await readFile27(resolve34(this.rootDir, gemfilePath), "utf-8");
+      const gemfileContent = await readFile26(resolve34(this.rootDir, gemfilePath), "utf-8");
       const gemfile = parseGemfile(this.rootDir, gemfilePath, gemfileContent);
       const gemspecFiles = /* @__PURE__ */ new Set();
       for (const gem of gemfile.gems) {
@@ -231062,7 +231033,7 @@ var RubygemsSocketUpgradeManager = class {
       let foundInGemspec = false;
       for (const gemspecFile of gemspecFiles) {
         try {
-          const gemspecContent = await readFile27(resolve34(this.rootDir, gemspecFile), "utf-8");
+          const gemspecContent = await readFile26(resolve34(this.rootDir, gemspecFile), "utf-8");
           const { parseGemspec: parseGemspec2 } = await Promise.resolve().then(() => (init_gemspec_utils(), gemspec_utils_exports));
           const gemspec = parseGemspec2(this.rootDir, gemspecFile, gemspecContent);
           for (const gem of gemspec.dependencies) {
@@ -231127,7 +231098,7 @@ var RubygemsSocketUpgradeManager = class {
     const [version4] = artifact.version.split("-");
     const patches = [];
     try {
-      const sourceText = await readFile27(resolve34(this.rootDir, file), "utf-8");
+      const sourceText = await readFile26(resolve34(this.rootDir, file), "utf-8");
       const gemfile = parseGemfile(this.rootDir, file, sourceText);
       for (const gem of gemfile.gems) {
         if (evaluate4(gem.name) !== packageName) continue;
@@ -231170,7 +231141,7 @@ var RubygemsSocketUpgradeManager = class {
    */
   async createAddGemPatch(file, idx, updateVersion, ctxt) {
     const artifact = ctxt.artifacts[idx];
-    const content = await readFile27(resolve34(this.rootDir, file), "utf-8");
+    const content = await readFile26(resolve34(this.rootDir, file), "utf-8");
     const trimmedLength = content.trimEnd().length;
     const needsNewline = trimmedLength > 0 && !content[trimmedLength - 1].match(/\n/);
     return {
@@ -231434,7 +231405,7 @@ function flattenDockerSpec({
 var import_winston2 = __toESM(require_winston(), 1);
 import { Console as Console2 } from "console";
 import { createWriteStream as createWriteStream3 } from "fs";
-import { readFile as readFile28 } from "fs/promises";
+import { readFile as readFile27 } from "fs/promises";
 // ../web-compat-utils/dist/util-formatter.js
 import { format as format3 } from "util";
@@ -231590,7 +231561,7 @@ var CLILogger2 = class {
     await this.finish();
     let logContent;
     try {
-      logContent = await readFile28(logFilePath, "utf-8");
+      logContent = await readFile27(logFilePath, "utf-8");
     } catch (e) {
       console.error("Error reading log file", e);
     }
@@ -231635,13 +231606,13 @@ async function detectVariantMaven(projectDir) {
 // ../docker-management/src/maven/gradle-version-detector.ts
 import { existsSync as existsSync17 } from "fs";
 import { join as join19 } from "path";
-import { readFile as readFile29 } from "fs/promises";
+import { readFile as readFile28 } from "fs/promises";
 async function detectVariantGradle(projectDir) {
   return sanitizeJvmVariant("GRADLE", projectDir, await detect(projectDir));
 }
 async function detect(projectDir) {
   const gradleWrapperPropertiesPath = join19(projectDir, "gradle", "wrapper", "gradle-wrapper.properties");
-  const gradleWrapperProperties = existsSync17(gradleWrapperPropertiesPath) ? (await readFile29(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const gradleWrapperProperties = existsSync17(gradleWrapperPropertiesPath) ? (await readFile28(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!gradleWrapperProperties) return void 0;
   const distributionUrlRegex = /.*gradle-(\d+(\.\d+(\.\d+)?)?)/;
   for (const prop2 of gradleWrapperProperties) {
@@ -231657,13 +231628,13 @@ async function detect(projectDir) {
 // ../docker-management/src/maven/sbt-version-detector.ts
 import { existsSync as existsSync18 } from "fs";
 import { join as join20 } from "path";
-import { readFile as readFile30 } from "fs/promises";
+import { readFile as readFile29 } from "fs/promises";
 async function detectVariantSbt(projectDir) {
   return sanitizeJvmVariant("SBT", projectDir, await detect2(projectDir));
 }
 async function detect2(projectDir) {
   const sbtBuildPropertiesPath = join20(projectDir, "project", "build.properties");
-  const sbtBuildProperties = existsSync18(sbtBuildPropertiesPath) ? (await readFile30(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const sbtBuildProperties = existsSync18(sbtBuildPropertiesPath) ? (await readFile29(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!sbtBuildProperties) return void 0;
   for (const prop2 of sbtBuildProperties) {
     const [key, value2] = prop2.split("=");
@@ -231777,7 +231748,7 @@ async function findReachabilityAnalyzersDockerImage(ecosystem) {
 // ../other-modules-communicator/src/other-modules-communicator.ts
 var import_lodash12 = __toESM(require_lodash(), 1);
 import { rmSync } from "fs";
-import { mkdir as mkdir5, readFile as readFile31, writeFile as writeFile11 } from "fs/promises";
+import { mkdir as mkdir5, readFile as readFile30, writeFile as writeFile11 } from "fs/promises";
 import assert15 from "node:assert";
 import { platform as platform6 } from "os";
 import { join as join23, posix as posix2, relative as relative15, sep as sep3 } from "path";
@@ -232221,7 +232192,7 @@ var OtherModulesCommunicator = class {
         COANA_API_KEY: this.apiKey.type === "present" ? this.apiKey.value : ""
       }
     );
-    return JSON.parse(await readFile31(outputFilePathThisProcess, "utf-8")).result;
+    return JSON.parse(await readFile30(outputFilePathThisProcess, "utf-8")).result;
   }
   async runReachabilityAnalyzerCommand(commandName, ecosystem, subprojectPath, workspacePath, args2, env) {
     const tmpDir = await this.getTmpDirForSubproject(subprojectPath);
@@ -232290,7 +232261,7 @@ var OtherModulesCommunicator = class {
       [...args2, "-o", outputFilePathOtherProcess],
       env
     );
-    return JSON.parse(await readFile31(outputFilePathThisProcess, "utf-8")).result;
+    return JSON.parse(await readFile30(outputFilePathThisProcess, "utf-8")).result;
   }
   async runInDocker(ecosystem, image, entryPoint, commandName, args2, subprojectPath, tmpDir, env = process.env) {
     if (!await pullDockerImage(image)) return false;
@@ -233661,7 +233632,7 @@ import { join as join25, relative as relative16, resolve as resolve39 } from "pa
 // ../project-management/src/project-management/ecosystem-management/ecosystem-specs.ts
 import { existsSync as existsSync20 } from "fs";
-import { readdir as readdir5, readFile as readFile32 } from "fs/promises";
+import { readdir as readdir5, readFile as readFile31 } from "fs/promises";
 import { join as join24, sep as sep4 } from "path";
 var specs = {
   NPM: [
@@ -233740,7 +233711,7 @@ function packageManagerIfPackageJSONExistsAndValid(packageManager) {
     if (!existsSync20(join24(projectDir, "package.json"))) return void 0;
     const packageJSONPath = join24(projectDir, "package.json");
     try {
-      JSON.parse(await readFile32(packageJSONPath, "utf-8"));
+      JSON.parse(await readFile31(packageJSONPath, "utf-8"));
       return packageManager;
     } catch (e) {
       throw new InvalidProjectFileError(projectDir, "package.json");
@@ -235419,7 +235390,7 @@ var DEFAULT_REPORT_FILENAME_BASE = "coana-report";
 // dist/internal/exclude-dirs-from-configuration-files.js
 import { existsSync as existsSync22 } from "fs";
-import { readFile as readFile33 } from "fs/promises";
+import { readFile as readFile32 } from "fs/promises";
 import { basename as basename10, resolve as resolve42 } from "path";
 var import_yaml2 = __toESM(require_dist12(), 1);
 async function inferExcludeDirsFromConfigurationFiles(rootWorkingDir) {
@@ -235433,7 +235404,7 @@ async function inferExcludeDirsFromConfigurationFiles(rootWorkingDir) {
 }
 async function inferExcludeDirsFromSocketConfig(socketConfigFile) {
   try {
-    const config3 = (0, import_yaml2.parse)(await readFile33(socketConfigFile, "utf8"));
+    const config3 = (0, import_yaml2.parse)(await readFile32(socketConfigFile, "utf8"));
     const version4 = config3.version;
     const ignorePaths = config3[version4 === 1 ? "ignore" : "projectIgnorePaths"];
     if (!ignorePaths)
@@ -235733,7 +235704,7 @@ function toSocketFactsSocketDependencyTree(artifacts, vulnerabilities, tier1Reac
 }
 // dist/internal/vulnerability-scanning.js
-import { readFile as readFile34 } from "fs/promises";
+import { readFile as readFile33 } from "fs/promises";
 // ../security-auditor/security-auditor-builder/src/mongo-connection.ts
 var import_mongodb = __toESM(require_lib31(), 1);
@@ -250602,7 +250573,7 @@ async function scanForVulnerabilities(dependencyTree, offlineVulnerabilityScanne
 }
 async function offlineScan(dependencyTree, offlineVulnerabilityScannerDBPath) {
   logger.info("using offline vulnerability scanner db");
-  const offlineVulnerabilityScannerDB = JSON.parse(await readFile34(offlineVulnerabilityScannerDBPath, "utf-8"));
+  const offlineVulnerabilityScannerDB = JSON.parse(await readFile33(offlineVulnerabilityScannerDBPath, "utf-8"));
   const { ecosystemToUrlToVulnerabilityDetails, vulnerabilityDatabase } = offlineVulnerabilityScannerDB;
   const coanaSupportedVulnerabilitiesLoader = CoanaSupportedVulnerabilitiesLoader.create(ecosystemToUrlToVulnerabilityDetails);
   const vulnerabilityAccessPathLoader = CoanaSupportedVulnerabilitiesLoader.create(ecosystemToUrlToVulnerabilityDetails);
@@ -250620,7 +250591,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 // dist/version.js
-var version3 = "14.12.101";
+var version3 = "14.12.103";
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -251510,7 +251481,7 @@ async function initializeComputeFixesAndUpgradePurls(path9, options) {
 var compareReportsCommand = new Command();
 compareReportsCommand.name("compare-reports").argument("<baselineReportPath>", "Path to the baseline report").argument("<newReportPath>", "Path to the new report").option("--api-key <key>", "Set the Coana dashboard API key.").option("-d, --debug", "Enable debug logging", false).option("--no-pr-comment", "Disable pull request comments (only relevant when run from a PR)", true).option("--no-block", "Do not fail with a non-zero exit code when new reachable vulnerabilities are detected", true).option("--ignore-undeterminable-reachability", "Ignore vulnerabilities with undeterminable reachability", false).action(async (baselineReportPath, newReportPath, options) => {
   async function readReport(reportPath) {
-    return JSON.parse(await readFile35(reportPath, "utf-8"));
+    return JSON.parse(await readFile34(reportPath, "utf-8"));
   }
   const baselineReport = await readReport(baselineReportPath);
   const newReport = await readReport(newReportPath);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.101",
+  "version": "14.12.103",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/repos/coana-tech/class-graph-analysis/dist/bundle/class-graph-analysis-cli.mjs CHANGED Viewed

@@ -7353,7 +7353,9 @@ var ClassfileSourceResolver = class {
       file,
       name: className,
       displayName: className,
-      nodeType: "class"
+      nodeType: "class",
+      isEntryPoint: appOrDep === "app"
+      // class nodes are entry points
     };
     const nodeIdx = graph.addNode(node);
     if (nodeIdx !== void 0) {
@@ -7994,14 +7996,14 @@ var ClassGraphRunner = class {
       this.options.externalResolutionManager?.resolveDefinitions(this.graph)
     ]);
     const allNodes = this.graph.getNodes();
-    const appIndices = allNodes.map((node, idx) => node.appOrDep === "app" ? idx : void 0).filter((idx) => idx !== void 0);
+    const entryPointIndices = allNodes.map((node, idx) => node.appOrDep === "app" && node.isEntryPoint ? idx : void 0).filter((idx) => idx !== void 0);
     const visited = /* @__PURE__ */ new Set();
     await Promise.all([
-      this.options.internalResolutionManager?.resolveEdges(this.graph, appIndices, appIndices.filter((idx) => !this.options.isExternalNode?.(allNodes[idx])), visited, "DIRECT_DEPENDENCIES"),
-      this.options.externalResolutionManager?.resolveEdges(this.graph, appIndices, appIndices.filter((idx) => this.options.isExternalNode?.(allNodes[idx])), visited, "DIRECT_DEPENDENCIES")
+      this.options.internalResolutionManager?.resolveEdges(this.graph, entryPointIndices, entryPointIndices.filter((idx) => !this.options.isExternalNode?.(allNodes[idx])), visited, "DIRECT_DEPENDENCIES"),
+      this.options.externalResolutionManager?.resolveEdges(this.graph, entryPointIndices, entryPointIndices.filter((idx) => this.options.isExternalNode?.(allNodes[idx])), visited, "DIRECT_DEPENDENCIES")
     ]);
     const reachablePackageIds = /* @__PURE__ */ new Set();
-    for (const idx of findReachableNodes(this.graph, appIndices)) {
+    for (const idx of findReachableNodes(this.graph, entryPointIndices)) {
       reachablePackageIds.add(allNodes[idx].packageId);
     }
     return Array.from(reachablePackageIds);
@@ -8046,18 +8048,18 @@ var ClassGraphRunner = class {
       this.options.externalResolutionManager?.resolveDefinitions(this.graph)
     ]);
     const allNodes = this.graph.getNodes();
-    const appIndices = allNodes.map((node, idx) => node.appOrDep === "app" ? idx : void 0).filter((idx) => idx !== void 0);
+    const entryPointIndices = allNodes.map((node, idx) => node.appOrDep === "app" && node.isEntryPoint ? idx : void 0).filter((idx) => idx !== void 0);
     const visited = /* @__PURE__ */ new Set();
-    const internalWorklist = appIndices.filter((idx) => !this.options.isExternalNode?.(allNodes[idx]));
-    const externalWorklist = this.options.externalResolutionManager ? appIndices.filter((idx) => this.options.isExternalNode?.(allNodes[idx])) : [];
+    const internalWorklist = entryPointIndices.filter((idx) => !this.options.isExternalNode?.(allNodes[idx]));
+    const externalWorklist = this.options.externalResolutionManager ? entryPointIndices.filter((idx) => this.options.isExternalNode?.(allNodes[idx])) : [];
     while (internalWorklist.length !== 0 || externalWorklist.length !== 0) {
       await Promise.all([
-        this.options.internalResolutionManager?.resolveEdges(this.graph, appIndices, internalWorklist, visited, "FULL_GRAPH"),
-        this.options.externalResolutionManager?.resolveEdges(this.graph, appIndices, externalWorklist, visited, "FULL_GRAPH")
+        this.options.internalResolutionManager?.resolveEdges(this.graph, entryPointIndices, internalWorklist, visited, "FULL_GRAPH"),
+        this.options.externalResolutionManager?.resolveEdges(this.graph, entryPointIndices, externalWorklist, visited, "FULL_GRAPH")
       ]);
       internalWorklist.length = 0;
       externalWorklist.length = 0;
-      const allReachableNodes = findReachableNodes(this.graph, appIndices);
+      const allReachableNodes = findReachableNodes(this.graph, entryPointIndices);
       for (const reachableIdx of allReachableNodes) {
         if (!visited.has(reachableIdx)) {
           const node = allNodes[reachableIdx];
@@ -8080,9 +8082,9 @@ var ClassGraphRunner = class {
       }
       vulnerableClassToIndices.get(node.displayName).push(idx);
     });
-    const vulnerablePaths = this.computeVulnerablePaths(this.graph, appIndices, allNodes, vulnerableClassToIndices);
+    const vulnerablePaths = this.computeVulnerablePaths(this.graph, entryPointIndices, allNodes, vulnerableClassToIndices);
     const reachablePackageIds = /* @__PURE__ */ new Set();
-    for (const idx of findReachableNodes(this.graph, appIndices)) {
+    for (const idx of findReachableNodes(this.graph, entryPointIndices)) {
       reachablePackageIds.add(allNodes[idx].packageId);
     }
     const analysisDiagnostics = {
@@ -8356,7 +8358,9 @@ var JavaSourceResolver = class {
       file,
       name: fullyQualifiedName,
       displayName: fullyQualifiedName,
-      nodeType: "class"
+      nodeType: "class",
+      isEntryPoint: appOrDep === "app"
+      // class nodes are entry points
     };
     const nodeIndex = graph.addNode(node);
     if (nodeIndex !== void 0) {
@@ -8937,7 +8941,9 @@ var KotlinSourceResolver = class {
       file,
       name: fullyQualifiedName,
       displayName: fullyQualifiedName,
-      nodeType: "class"
+      nodeType: "class",
+      isEntryPoint: appOrDep === "app"
+      // class nodes are entry points
     };
     const nodeIndex = graph.addNode(node);
     if (nodeIndex !== void 0) {
@@ -9339,7 +9345,9 @@ var PropertiesSourceResolver = class {
             file,
             name: key,
             displayName: `${key} (property)`,
-            nodeType: "property"
+            nodeType: "property",
+            isEntryPoint: false
+            // property nodes are not entry points
           };
           const idx = graph.addNode(node);
           if (idx !== void 0) {
@@ -9424,7 +9432,9 @@ var ScalaSourceResolver = class {
       file,
       name: fullyQualifiedName,
       displayName: fullyQualifiedName,
-      nodeType: "class"
+      nodeType: "class",
+      isEntryPoint: appOrDep === "app"
+      // class nodes are entry points
     };
     const nodeIndex = graph.addNode(node);
     if (nodeIndex !== void 0) {
@@ -10063,7 +10073,9 @@ var ServiceSourceResolver = class {
         file,
         name: serviceInterface,
         displayName: `${serviceInterface} (service)`,
-        nodeType: "service"
+        nodeType: "service",
+        isEntryPoint: appOrDep === "app"
+        // service nodes are entry points
       };
       graph.addNode(node);
     }
@@ -10113,7 +10125,9 @@ var SpringFactoriesSourceResolver = class {
         file,
         name: interfaceName,
         displayName: `${interfaceName} (spring-factory)`,
-        nodeType: "spring-factory"
+        nodeType: "spring-factory",
+        isEntryPoint: appOrDep === "app"
+        // spring-factory nodes are entry points
       };
       graph.addNode(node);
     }
@@ -10217,7 +10231,9 @@ var PropertiesXmlSourceResolver = class {
             file,
             name: key,
             displayName: `${key} (property)`,
-            nodeType: "property"
+            nodeType: "property",
+            isEntryPoint: false
+            // property nodes are not entry points
           };
           nodes.push(node);
         }
@@ -10277,7 +10293,9 @@ var SpringBeansXmlSourceResolver = class {
           name: beanId,
           // Can be referenced via ApplicationContext.getBean("beanId")
           displayName: `${beanId} (bean)`,
-          nodeType: "bean"
+          nodeType: "bean",
+          isEntryPoint: appOrDep === "app"
+          // bean nodes are entry points
         };
         nodes.push(node);
       }
@@ -10300,7 +10318,9 @@ var SpringBeansXmlSourceResolver = class {
             file,
             name: nestedBeanId,
             displayName: `${nestedBeanId} (bean)`,
-            nodeType: "bean"
+            nodeType: "bean",
+            isEntryPoint: appOrDep === "app"
+            // bean nodes are entry points
           };
           nodes.push(node);
         }
@@ -10458,7 +10478,9 @@ var StrutsXmlSourceResolver = class {
             name: actionId,
             // Can be referenced via Struts action mapping
             displayName: `${actionId} (struts)`,
-            nodeType: "struts-action"
+            nodeType: "struts-action",
+            isEntryPoint: false
+            // struts-action nodes are not entry points
           };
           nodes.push(node);
         }
@@ -10522,7 +10544,9 @@ var StrutsConfigXmlSourceResolver = class {
             name: formBeanName,
             // Can be referenced in action mappings
             displayName: `${formBeanName} (struts)`,
-            nodeType: "struts-form-bean"
+            nodeType: "struts-form-bean",
+            isEntryPoint: false
+            // struts-form-bean nodes are not entry points
           };
           nodes.push(node);
         }
@@ -10544,7 +10568,9 @@ var StrutsConfigXmlSourceResolver = class {
             name: actionPath,
             // Can be referenced via URL paths
             displayName: `${actionPath} (struts)`,
-            nodeType: "struts-action-path"
+            nodeType: "struts-action-path",
+            isEntryPoint: false
+            // struts-action-path nodes are not entry points
           };
           nodes.push(node);
         }
@@ -10642,7 +10668,9 @@ var WebXmlSourceResolver = class {
       name: fragmentName,
       // For web-fragment: fragment name (can be referenced in absolute-ordering); for web-app: undefined
       displayName: fragmentName ? `${fragmentName} (${nodeType})` : nodeType,
-      nodeType
+      nodeType,
+      isEntryPoint: appOrDep === "app"
+      // web-app and web-fragment nodes are entry points
     };
     nodes.push(fileLevelNode);
     this.processServletNames(rootElement, packageId, appOrDep, dir, file, nodes);
@@ -10666,7 +10694,9 @@ var WebXmlSourceResolver = class {
           name: servletName,
           // Can be referenced reflectively in servlet mappings
           displayName: `${servletName} (web.xml servlet)`,
-          nodeType: "servlet"
+          nodeType: "servlet",
+          isEntryPoint: false
+          // servlet nodes are not entry points
         };
         nodes.push(node);
       }
@@ -10688,7 +10718,9 @@ var WebXmlSourceResolver = class {
           name: filterName,
           // Can be referenced reflectively in filter mappings
           displayName: filterName,
-          nodeType: "filter"
+          nodeType: "filter",
+          isEntryPoint: false
+          // filter nodes are not entry points
         };
         nodes.push(node);
       }
@@ -10710,7 +10742,9 @@ var WebXmlSourceResolver = class {
           name: urlPattern,
           // URL patterns can be referenced in mappings
           displayName: `${urlPattern} (web.xml url-pattern)`,
-          nodeType: "url-pattern"
+          nodeType: "url-pattern",
+          isEntryPoint: false
+          // url-pattern nodes are not entry points
         };
         nodes.push(node);
       }
@@ -10730,7 +10764,9 @@ var WebXmlSourceResolver = class {
           name: urlPattern,
           // URL patterns can be referenced in mappings
           displayName: `${urlPattern} (web.xml url-pattern)`,
-          nodeType: "url-pattern"
+          nodeType: "url-pattern",
+          isEntryPoint: false
+          // url-pattern nodes are not entry points
         };
         nodes.push(node);
       }
@@ -10962,7 +10998,9 @@ var PersistenceXmlSourceResolver = class {
           name: unitName,
           // Can be referenced via Persistence.createEntityManagerFactory("name")
           displayName: `${unitName} (persistence)`,
-          nodeType: "persistence-unit"
+          nodeType: "persistence-unit",
+          isEntryPoint: false
+          // persistence-unit nodes are not entry points
         };
         nodes.push(node);
       }
@@ -11382,14 +11420,6 @@ var JvmResolutionContextProvider = class {
               springFactoryMap.set(factoryInterfaceName, []);
             }
             springFactoryMap.get(factoryInterfaceName).push(idx);
-            if (!sourceClassMap.has(factoryInterfaceName)) {
-              sourceClassMap.set(factoryInterfaceName, []);
-            }
-            sourceClassMap.get(factoryInterfaceName).push(idx);
-            if (!bytecodeClassMap.has(factoryInterfaceName)) {
-              bytecodeClassMap.set(factoryInterfaceName, []);
-            }
-            bytecodeClassMap.get(factoryInterfaceName).push(idx);
           }
           break;
         }
@@ -18170,9 +18200,6 @@ async function createJvmResolverCallbacks(resources) {
     if (isServiceFile(file)) {
       return serviceSourceResolver;
     }
-    if (isSpringFactoriesFile(file)) {
-      return springFactoriesSourceResolver;
-    }
   };
   return { sourceCallback, bytecodeCallback };
 }
@@ -27367,7 +27394,9 @@ var CSharpSourceResolver = class {
       dir,
       file,
       name: fullyQualifiedName,
-      displayName: fullyQualifiedName
+      displayName: fullyQualifiedName,
+      isEntryPoint: appOrDep === "app"
+      // All app-level classes are entry points
     };
     const nodeIndex = graph.addNode(node);
     if (nodeIndex !== void 0) {
@@ -28393,7 +28422,9 @@ var RustSourceResolver = class {
       displayName: fullyQualifiedName,
       crate: additionalProps.crate,
       fileModule: additionalProps.fileModule,
-      aliasFor: additionalProps.aliasFor
+      aliasFor: additionalProps.aliasFor,
+      isEntryPoint: appOrDep === "app"
+      // All app-level items are entry points
     };
     const idx = graph.addNode(node);
     if (idx !== void 0) {

package/repos/coana-tech/goana/bin/goana-darwin-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-darwin-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-amd64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/goana/bin/goana-linux-arm64.gz CHANGED Viewed

Binary file

package/repos/coana-tech/javap-service/javap-service.jar CHANGED Viewed

Binary file