@coana-tech/cli 14.12.20 → 14.12.22

package/cli.mjs

@@ -191180,12 +191180,18 @@ var GoFixingManager = class {
     await applySeries(Object.entries(fixes), async ([workspacePath, fixesWithId]) => {
       const dependencyTree = fixingInfo.dependencyTrees[workspacePath];
       await applySeries(fixesWithId, async ({ fixId, vulnerabilityFixes }) => {
-        await this.applySecurityFixesForWorkspace(workspacePath, vulnerabilityFixes, dependencyTree);
+        await this.applySecurityFixesForWorkspace(
+          workspacePath,
+          vulnerabilityFixes,
+          Object.fromEntries(
+            Object.entries(dependencyTree.transitiveDependencies).map(([key, value]) => [key, value.version])
+          )
+        );
         signalFixApplied2?.(fixId, this.subprojectPath, workspacePath, vulnerabilityFixes);
       });
     });
   }
-  async applySecurityFixesForWorkspace(workspacePath, fixes, dependencyTree) {
+  async applySecurityFixesForWorkspace(workspacePath, fixes, dependencyNameToVersion) {
     const subprojectPath = resolve(this.rootDir, this.subprojectPath, workspacePath);
     const runGoGetCmd = async (projectPath, oldModule, newModule) => {
       const success = await execAndLogOnFailure(["go", "get", newModule], projectPath);
@@ -191204,14 +191210,171 @@ var GoFixingManager = class {
     for (const fix of fixes) {
       const fixedRelease = `${fix.dependencyName}@v${fix.fixedVersion}`;
       const currentRelease = `${fix.dependencyName}@v${fix.currentVersion}`;
-      const moduleInDepTree = dependencyTree.transitiveDependencies[fix.dependencyName];
-      if (!moduleInDepTree || moduleInDepTree.version !== fix.currentVersion) return;
+      const version3 = dependencyNameToVersion[fix.dependencyName];
+      if (version3 !== fix.currentVersion) return;
       await runGoGetCmd(subprojectPath, currentRelease, fixedRelease);
       await excludeDowngraded(subprojectPath, fix);
     }
   }
 };
 
+// ../fixing-management/src/fixing-management/go/go-socket-upgrade-manager.ts
+import { dirname } from "path";
+
+// ../web-compat-utils/src/purl-utils.ts
+function getPurlType(ecosystem) {
+  switch (ecosystem) {
+    case "NPM":
+      return "npm" /* NPM */;
+    case "MAVEN":
+      return "maven" /* MAVEN */;
+    case "PIP":
+      return "pypi" /* PYPI */;
+    case "NUGET":
+      return "nuget" /* NUGET */;
+    case "GO":
+      return "golang" /* GOLANG */;
+    case "RUST":
+      return "cargo" /* CARGO */;
+    case "RUBYGEMS":
+      return "gem" /* GEM */;
+    default:
+      throw Error(`Unsupported ecosystem: ${ecosystem}`);
+  }
+}
+function getAdvisoryEcosystemFromPurl(purl) {
+  const [purlSceme, rest] = purl.split(":");
+  if (purlSceme !== "pkg") throw Error(`Upsupported purl scheme: ${purlSceme}`);
+  const [purlType] = rest.split("/");
+  return getAdvisoryEcosystemFromPurlType(purlType);
+}
+function getAdvisoryEcosystemFromPurlType(purlType) {
+  switch (purlType) {
+    case "npm" /* NPM */:
+      return "NPM";
+    case "maven" /* MAVEN */:
+      return "MAVEN";
+    case "pypi" /* PYPI */:
+      return "PIP";
+    case "nuget" /* NUGET */:
+      return "NUGET";
+    case "golang" /* GOLANG */:
+      return "GO";
+    case "cargo" /* CARGO */:
+      return "RUST";
+    case "gem" /* GEM */:
+      return "RUBYGEMS";
+    default:
+      throw Error(`Unsupported purl type: ${purlType}`);
+  }
+}
+function getPurlStrings(dependencyTree) {
+  const res = {};
+  for (const [depId, node] of Object.entries(dependencyTree.transitiveDependencies)) {
+    const type = getPurlType(dependencyTree.ecosystem ?? "NPM");
+    const { namespace: namespace2, name } = getNamespaceAndName(dependencyTree.ecosystem, node.packageName);
+    const version3 = node.version;
+    const purl = simplePurl(type, namespace2, name, version3);
+    if (!res[purl]) res[purl] = /* @__PURE__ */ new Set();
+    res[purl].add(depId);
+  }
+  return res;
+}
+function simplePurl(type, namespace2, name, version3) {
+  return `pkg:${type}${namespace2 ? `/${namespace2}` : ""}/${name}${version3 ? `@${version3}` : ""}`;
+}
+function getNamespaceAndName(ecosystem, packageName) {
+  let namespace2 = "";
+  let name = "";
+  switch (ecosystem) {
+    case "NPM":
+      if (packageName.includes("/")) [namespace2, name] = packageName.split("/", 2);
+      else name = packageName;
+      break;
+    case "MAVEN":
+      if (packageName.includes(":")) [namespace2, name] = packageName.split(":", 2);
+      else name = packageName;
+      break;
+    case "PIP":
+      name = packageName;
+      break;
+    default:
+      name = packageName;
+  }
+  return { namespace: namespace2, name };
+}
+function getNameFromNamespaceAndName(purlType, namespace2, name) {
+  if (!name) return "";
+  switch (purlType) {
+    case "npm" /* NPM */:
+      return namespace2 ? `${namespace2}/${name}` : name;
+    case "maven" /* MAVEN */:
+      return namespace2 ? `${namespace2}:${name}` : name;
+    case "pypi" /* PYPI */:
+      return name;
+    case "golang" /* GOLANG */:
+      return namespace2 ? `${namespace2}/${name}` : name;
+    default:
+      return name;
+  }
+}
+
+// ../fixing-management/src/fixing-management/go/go-socket-upgrade-manager.ts
+var GoSocketUpgradeManager = class {
+  constructor(rootDir) {
+    this.rootDir = rootDir;
+  }
+  async applySocketArtifactUpgrades(_manifestFiles, upgrades, artifacts, rangeStyle) {
+    const subprojectsToUpgrade = await this.groupUpgradesBySubproject(upgrades, artifacts);
+    for (const [subprojectDir, upgradesForSubproject] of subprojectsToUpgrade) {
+      const fixingManager = new GoFixingManager(this.rootDir, subprojectDir);
+      await this.applySecurityFixesForSocketArtifacts(fixingManager, artifacts, upgradesForSubproject, rangeStyle);
+    }
+  }
+  async groupUpgradesBySubproject(upgrades, artifacts) {
+    const subprojectToUpgrade = /* @__PURE__ */ new Map();
+    for (const upgrade of upgrades) {
+      const artifact = artifacts[upgrade.idx];
+      const goModFiles = artifact.manifestFiles?.filter((a5) => a5.file.endsWith("go.mod")) ?? [];
+      artifact.toplevelAncestors?.forEach((ancestorId) => {
+        const ancestor = artifacts.find((a5) => a5.id === ancestorId);
+        if (ancestor) {
+          const ancestorGoModFiles = ancestor.manifestFiles?.filter((a5) => a5.file.endsWith("go.mod")) ?? [];
+          goModFiles.push(...ancestorGoModFiles);
+        }
+      });
+      if (goModFiles.length === 0) {
+        throw new Error("Failed to find go.mod file for artifact");
+      }
+      for (const goModFile of goModFiles) {
+        const subprojectDir = dirname(goModFile.file);
+        if (!subprojectToUpgrade.has(subprojectDir)) {
+          subprojectToUpgrade.set(subprojectDir, []);
+        }
+        subprojectToUpgrade.get(subprojectDir).push(upgrade);
+      }
+    }
+    return subprojectToUpgrade;
+  }
+  async applySecurityFixesForSocketArtifacts(fixingManager, artifacts, upgrades, _rangeStyle) {
+    const normalizeVersion = (version3) => version3.startsWith("v") ? version3.slice(1) : version3;
+    const upgradesTransformed = upgrades.map((upgrade) => ({
+      dependencyName: getNameFromNamespaceAndName(
+        "golang" /* GOLANG */,
+        artifacts[upgrade.idx].namespace,
+        artifacts[upgrade.idx].name
+      ),
+      currentVersion: normalizeVersion(artifacts[upgrade.idx].version ?? ""),
+      dependencyIdentifier: "" + upgrade.idx,
+      fixedVersion: normalizeVersion(upgrade.upgradeVersion)
+    }));
+    const dependencies = Object.fromEntries(
+      upgradesTransformed.map((fix) => [fix.dependencyName, fix.currentVersion])
+    );
+    await fixingManager.applySecurityFixesForWorkspace(".", upgradesTransformed, dependencies);
+  }
+};
+
 // ../fixing-management/src/fixing-management/maven/gradle-fixing-manager.ts
 import { existsSync as existsSync3 } from "node:fs";
 import { readFile as readFile5 } from "node:fs/promises";
@@ -193615,7 +193778,7 @@ import { resolve as resolve6 } from "node:path";
 var import_parse_xml2 = __toESM(require_dist(), 1);
 import { readFile as readFile6 } from "node:fs/promises";
 import { existsSync as existsSync4 } from "node:fs";
-import { resolve as resolve5, join as join4, relative as relative2, dirname } from "node:path";
+import { resolve as resolve5, join as join4, relative as relative2, dirname as dirname2 } from "node:path";
 
 // ../fixing-management/src/fixing-management/utils/xml-utils.ts
 var import_parse_xml = __toESM(require_dist(), 1);
@@ -194103,7 +194266,7 @@ function getParentPomPath(pom) {
   if (!parentElement) return void 0;
   const relativePathElement = parentElement.children.filter((child) => child instanceof import_parse_xml2.XmlElement).find((child) => child.name === "relativePath");
   const relativePath = relativePathElement?.text ?? join4("..", "pom.xml");
-  return relativePath ? resolve5(dirname(pom.validatedPomFile), relativePath) : void 0;
+  return relativePath ? resolve5(dirname2(pom.validatedPomFile), relativePath) : void 0;
 }
 
 // ../fixing-management/src/fixing-management/maven/maven-fixing-manager.ts
@@ -194455,7 +194618,7 @@ var MavenFixingManager = class {
 
 // ../fixing-management/src/fixing-management/maven/maven-socket-upgrade-manager.ts
 var import_picomatch = __toESM(require_picomatch2(), 1);
-import { basename, dirname as dirname2, relative as relative4, resolve as resolve10 } from "node:path";
+import { basename, dirname as dirname3, relative as relative4, resolve as resolve10 } from "node:path";
 
 // ../fixing-management/src/fixing-management/utils/socket-patch-application.ts
 import { existsSync as existsSync5 } from "node:fs";
@@ -194549,102 +194712,6 @@ async function applySocketPatchResults(ecosystem, rootDir, patchResults) {
   }
 }
 
-// ../web-compat-utils/src/purl-utils.ts
-function getPurlType(ecosystem) {
-  switch (ecosystem) {
-    case "NPM":
-      return "npm" /* NPM */;
-    case "MAVEN":
-      return "maven" /* MAVEN */;
-    case "PIP":
-      return "pypi" /* PYPI */;
-    case "NUGET":
-      return "nuget" /* NUGET */;
-    case "GO":
-      return "golang" /* GOLANG */;
-    case "RUST":
-      return "cargo" /* CARGO */;
-    case "RUBYGEMS":
-      return "gem" /* GEM */;
-    default:
-      throw Error(`Unsupported ecosystem: ${ecosystem}`);
-  }
-}
-function getAdvisoryEcosystemFromPurl(purl) {
-  const [purlSceme, rest] = purl.split(":");
-  if (purlSceme !== "pkg") throw Error(`Upsupported purl scheme: ${purlSceme}`);
-  const [purlType] = rest.split("/");
-  return getAdvisoryEcosystemFromPurlType(purlType);
-}
-function getAdvisoryEcosystemFromPurlType(purlType) {
-  switch (purlType) {
-    case "npm" /* NPM */:
-      return "NPM";
-    case "maven" /* MAVEN */:
-      return "MAVEN";
-    case "pypi" /* PYPI */:
-      return "PIP";
-    case "nuget" /* NUGET */:
-      return "NUGET";
-    case "golang" /* GOLANG */:
-      return "GO";
-    case "cargo" /* CARGO */:
-      return "RUST";
-    case "gem" /* GEM */:
-      return "RUBYGEMS";
-    default:
-      throw Error(`Unsupported purl type: ${purlType}`);
-  }
-}
-function getPurlStrings(dependencyTree) {
-  const res = {};
-  for (const [depId, node] of Object.entries(dependencyTree.transitiveDependencies)) {
-    const type = getPurlType(dependencyTree.ecosystem ?? "NPM");
-    const { namespace: namespace2, name } = getNamespaceAndName(dependencyTree.ecosystem, node.packageName);
-    const version3 = node.version;
-    const purl = simplePurl(type, namespace2, name, version3);
-    if (!res[purl]) res[purl] = /* @__PURE__ */ new Set();
-    res[purl].add(depId);
-  }
-  return res;
-}
-function simplePurl(type, namespace2, name, version3) {
-  return `pkg:${type}${namespace2 ? `/${namespace2}` : ""}/${name}${version3 ? `@${version3}` : ""}`;
-}
-function getNamespaceAndName(ecosystem, packageName) {
-  let namespace2 = "";
-  let name = "";
-  switch (ecosystem) {
-    case "NPM":
-      if (packageName.includes("/")) [namespace2, name] = packageName.split("/", 2);
-      else name = packageName;
-      break;
-    case "MAVEN":
-      if (packageName.includes(":")) [namespace2, name] = packageName.split(":", 2);
-      else name = packageName;
-      break;
-    case "PIP":
-      name = packageName;
-      break;
-    default:
-      name = packageName;
-  }
-  return { namespace: namespace2, name };
-}
-function getNameFromNamespaceAndName(purlType, namespace2, name) {
-  if (!name) return "";
-  switch (purlType) {
-    case "npm" /* NPM */:
-      return namespace2 ? `${namespace2}/${name}` : name;
-    case "maven" /* MAVEN */:
-      return namespace2 ? `${namespace2}:${name}` : name;
-    case "pypi" /* PYPI */:
-      return name;
-    default:
-      return name;
-  }
-}
-
 // ../fixing-management/src/fixing-management/utils/socket-required-upgrade-helper.ts
 function collectRequiredSocketUpgradesByIndex(ecosystem, upgrades, originalArtifacts, recomputedArtifacts) {
   const requiredUpgrades = [];
@@ -198408,13 +198475,14 @@ async function getLatestBucketsSocket(subprojectPath, workspacePath) {
     return void 0;
   }
 }
-async function useSocketComputeFixEndpoint(autofixRunId, artifacts, vulnerableArtifactIdsForGhsas) {
+async function useSocketComputeFixEndpoint(autofixRunId, artifacts, vulnerableArtifactIdsForGhsas, config3) {
   try {
     const url2 = getSocketApiUrl("fixes/compute-fixes");
     const data2 = {
       autofixRunId,
       artifacts,
-      vulnerableArtifactIndexes: vulnerableArtifactIdsForGhsas
+      vulnerableArtifactIndexes: vulnerableArtifactIdsForGhsas,
+      config: config3
     };
     return (await axios2.post(url2, data2, { headers: getAuthHeaders() })).data;
   } catch (error) {
@@ -198567,8 +198635,8 @@ var MavenSocketUpgradeManager = class {
     const manifestFileSet = /* @__PURE__ */ new Set();
     for (const manifestFile of manifestFiles) {
       let shouldAdd = true;
-      let curr = dirname2(manifestFile);
-      while (shouldAdd && curr !== dirname2(curr)) {
+      let curr = dirname3(manifestFile);
+      while (shouldAdd && curr !== dirname3(curr)) {
         const dirName3 = basename(curr);
         if (dirName3 === "target" || dirName3 === "build") {
           shouldAdd = false;
@@ -198577,7 +198645,7 @@ var MavenSocketUpgradeManager = class {
             `Skipping manifest file ${manifestFile} - appears to be generated by ${buildSystem} (found in ${dirName3}/)`
           );
         }
-        curr = dirname2(curr);
+        curr = dirname3(curr);
       }
       if (shouldAdd) manifestFileSet.add(resolve10(this.rootDir, manifestFile));
     }
@@ -205797,7 +205865,7 @@ glob.glob = glob;
 // ../utils/src/npm-utils.ts
 var import_lodash4 = __toESM(require_lodash(), 1);
 var import_lockfile_file = __toESM(require_lib25(), 1);
-import { dirname as dirname4, relative as relative6, resolve as resolve12, sep as sep2 } from "path";
+import { dirname as dirname5, relative as relative6, resolve as resolve12, sep as sep2 } from "path";
 
 // ../utils/dist/command-utils.js
 import assert4 from "assert";
@@ -206030,7 +206098,7 @@ function argt2(statics, ...values) {
 }
 
 // ../utils/dist/package-utils.js
-import { parse, join as join7, resolve as resolve11, normalize as normalize2, dirname as dirname3, basename as basename2, relative as relative5 } from "path";
+import { parse, join as join7, resolve as resolve11, normalize as normalize2, dirname as dirname4, basename as basename2, relative as relative5 } from "path";
 import { existsSync as existsSync7, readFileSync, readdirSync as readdirSync2, statSync, writeFileSync } from "fs";
 function getPackageJsonObject(workspaceRoot) {
   const packageJSONContent = getPackageJsonContent(workspaceRoot);
@@ -206098,7 +206166,7 @@ async function getWorkspacePathsFromPackageJSON(projectFolder, useDotWhenNoWorks
   const workspacePaths = [];
   await asyncForEach(workspaceGlobPatternsArray, async (workspace) => {
     workspacePaths.push(
-      ...(await glob(resolve12(projectFolder, workspace, "package.json"))).map((path2) => relative6(projectFolder, dirname4(path2))).filter((path2) => !path2.includes(`${sep2}node_modules${sep2}`))
+      ...(await glob(resolve12(projectFolder, workspace, "package.json"))).map((path2) => relative6(projectFolder, dirname5(path2))).filter((path2) => !path2.includes(`${sep2}node_modules${sep2}`))
     );
   });
   return workspacePaths;
@@ -206378,7 +206446,7 @@ import { readFile as readFile14, writeFile as writeFile5 } from "fs/promises";
 import { resolve as resolve16 } from "path";
 
 // ../utils/src/package-utils.ts
-import { parse as parse2, join as join8, resolve as resolve15, normalize as normalize3, dirname as dirname5, basename as basename3, relative as relative7 } from "path";
+import { parse as parse2, join as join8, resolve as resolve15, normalize as normalize3, dirname as dirname6, basename as basename3, relative as relative7 } from "path";
 import { existsSync as existsSync9, readFileSync as readFileSync2, readdirSync as readdirSync3, statSync as statSync2, writeFileSync as writeFileSync2 } from "fs";
 function setFieldInPackageJson(workspaceRoot, field, value) {
   const packageJSONContentObj = getPackageJsonObject2(workspaceRoot);
@@ -206633,7 +206701,7 @@ var YarnFixingManager = class extends NpmEcosystemFixingManager {
 };
 
 // ../fixing-management/src/fixing-management/npm/npm-ecosystem-socket-fixing-manager.ts
-import { dirname as dirname6, join as join9, relative as relative8 } from "path";
+import { dirname as dirname7, join as join9, relative as relative8 } from "path";
 import { existsSync as existsSync10 } from "fs";
 import { readFile as readFile15, writeFile as writeFile6 } from "fs/promises";
 function applyUpgradesToPackageJson(packageJsonContent, upgrades, rangeStyle) {
@@ -206703,7 +206771,7 @@ var NpmSocketUpgradeManager = class {
         )
       );
       for (const lockFile of lockFiles ?? []) {
-        const subprojectDir = dirname6(lockFile.file);
+        const subprojectDir = dirname7(lockFile.file);
         const isPnpmLockFile = lockFile.file.endsWith("pnpm-lock.yaml") || lockFile.file.endsWith("pnpm-lock.yml");
         const workspaces = isPnpmLockFile ? await getWorkspacePathsFromPnpmLockFile(subprojectDir, true) : await getWorkspacePathsFromPackageJSON(subprojectDir, true);
         for (const workspace of workspaces) {
@@ -206712,13 +206780,13 @@ var NpmSocketUpgradeManager = class {
       }
       const packageJsonFiles = artifact.manifestFiles?.filter((a5) => a5.file.endsWith("package.json")) ?? [];
       for (const lockFile of lockFiles ?? []) {
-        const correspondingPackageJsonFile = join9(dirname6(lockFile.file), "package.json");
+        const correspondingPackageJsonFile = join9(dirname7(lockFile.file), "package.json");
         if (!packageJsonFiles.some((p3) => p3.file === correspondingPackageJsonFile) && existsSync10(correspondingPackageJsonFile)) {
           packageJsonFiles.push({ file: correspondingPackageJsonFile });
         }
       }
       for (const packageJsonFile of packageJsonFiles ?? []) {
-        const packageJsonDir = dirname6(packageJsonFile.file);
+        const packageJsonDir = dirname7(packageJsonFile.file);
         const subprojectDir = workspaceToSubproject.get(packageJsonDir) ?? packageJsonDir;
         if (!subprojectToUpgrade.has(subprojectDir)) {
           subprojectToUpgrade.set(subprojectDir, /* @__PURE__ */ new Map());
@@ -207104,7 +207172,7 @@ import { basename as basename4, relative as relative10, resolve as resolve18 } f
 // ../fixing-management/src/fixing-management/nuget/nuget-project-utils.ts
 var import_parse_xml3 = __toESM(require_dist(), 1);
 import { readFile as readFile17 } from "node:fs/promises";
-import { dirname as dirname7, join as join12, relative as relative9, resolve as resolve17 } from "node:path";
+import { dirname as dirname8, join as join12, relative as relative9, resolve as resolve17 } from "node:path";
 import { existsSync as existsSync11 } from "node:fs";
 function normalizeMSBuildPath(path2) {
   return path2.replace(/\\/g, "/");
@@ -207196,8 +207264,8 @@ function extractPackagesFromXml(xmlDoc, fileContent) {
 }
 async function findDirectoryBuildPropsProjects(project, validateFile) {
   const projectsReverse = [];
-  let currentDir = dirname7(project.validatedProjectPath);
-  while (currentDir.startsWith(project.rootDir) && currentDir !== dirname7(currentDir)) {
+  let currentDir = dirname8(project.validatedProjectPath);
+  while (currentDir.startsWith(project.rootDir) && currentDir !== dirname8(currentDir)) {
     const unvalidatedPath = join12(currentDir, "Directory.Build.props");
     const validatedPath = validateFile(unvalidatedPath);
     if (validatedPath && validatedPath !== project.validatedProjectPath) {
@@ -207211,19 +207279,19 @@ async function findDirectoryBuildPropsProjects(project, validateFile) {
         projectsReverse.push(directoryBuildPropsProject);
       }
     }
-    currentDir = dirname7(currentDir);
+    currentDir = dirname8(currentDir);
   }
   return projectsReverse.reverse();
 }
 async function findDirectoryPackagesPropsProjects(project, validateFile) {
-  let currentDir = dirname7(project.validatedProjectPath);
-  while (currentDir.startsWith(project.rootDir) && currentDir !== dirname7(currentDir)) {
+  let currentDir = dirname8(project.validatedProjectPath);
+  while (currentDir.startsWith(project.rootDir) && currentDir !== dirname8(currentDir)) {
     const unvalidatedPath = join12(currentDir, "Directory.Packages.props");
     const validatedPath = validateFile(unvalidatedPath);
     if (validatedPath) {
       return validatedPath !== project.validatedProjectPath ? await loadNuGetProject(project.rootDir, unvalidatedPath, validateFile, project.visited) : void 0;
     }
-    currentDir = dirname7(currentDir);
+    currentDir = dirname8(currentDir);
   }
   return void 0;
 }
@@ -207249,7 +207317,7 @@ async function handleImportElement(project, importElement, validateFile) {
   if (!projectValue) return;
   const importPath = evaluate2(projectValue.text, project);
   if (!importPath) return;
-  const resolvedPath = resolve17(dirname7(project.validatedProjectPath), normalizeMSBuildPath(importPath));
+  const resolvedPath = resolve17(dirname8(project.validatedProjectPath), normalizeMSBuildPath(importPath));
   const validatedPath = validateFile(resolvedPath);
   if (!validatedPath || !existsSync11(validatedPath)) return;
   const importedProject = await loadNuGetProject(project.rootDir, resolvedPath, validateFile, project.visited);
@@ -207990,6 +208058,7 @@ var fixingManagerConstructors = {
   }
 };
 var socketUpgradeManagerConstructors = {
+  GO: GoSocketUpgradeManager,
   MAVEN: MavenSocketUpgradeManager,
   NPM: NpmSocketUpgradeManager,
   NUGET: NuGetSocketUpgradeManager
@@ -208027,7 +208096,7 @@ import { resolve as resolve20 } from "path";
 
 // ../utils/dist/constants.js
 var import_lodash6 = __toESM(require_lodash(), 1);
-import { dirname as dirname8, join as join14 } from "node:path";
+import { dirname as dirname9, join as join14 } from "node:path";
 import { fileURLToPath as fileURLToPath3 } from "node:url";
 
 // ../utils/dist/file-utils.js
@@ -208055,7 +208124,7 @@ function findParent(dir, predicate, wholePath) {
 // ../utils/dist/constants.js
 var { once: once2 } = import_lodash6.default;
 var fileName = fileURLToPath3(import.meta.url);
-var dirName = dirname8(fileName);
+var dirName = dirname9(fileName);
 var COANA_ROOT = once2(() => {
   const coanaRoot = process.env.COANA_ROOT ?? findParent(dirName, (d3) => ["coana-package-manager", "coana"].includes(d3));
   if (!coanaRoot) {
@@ -209179,11 +209248,11 @@ import { resolve as resolve22 } from "path";
 
 // ../utils/src/constants.ts
 var import_lodash9 = __toESM(require_lodash(), 1);
-import { dirname as dirname9, join as join19 } from "node:path";
+import { dirname as dirname10, join as join19 } from "node:path";
 import { fileURLToPath as fileURLToPath4 } from "node:url";
 var { once: once4 } = import_lodash9.default;
 var fileName2 = fileURLToPath4(import.meta.url);
-var dirName2 = dirname9(fileName2);
+var dirName2 = dirname10(fileName2);
 var COANA_ROOT2 = once4(() => {
   const coanaRoot = process.env.COANA_ROOT ?? findParent2(dirName2, (d3) => ["coana-package-manager", "coana"].includes(d3));
   if (!coanaRoot) {
@@ -211799,13 +211868,13 @@ function transformToVulnChainNode(dependencyTree) {
 // dist/internal/socket-mode-helpers-socket-dependency-trees.js
 var import_packageurl_js = __toESM(require_packageurl_js(), 1);
 var import_picomatch3 = __toESM(require_picomatch2(), 1);
-import { basename as basename8, dirname as dirname10, join as join24, sep as sep5 } from "path";
+import { basename as basename8, dirname as dirname11, join as join24, sep as sep5 } from "path";
 var REQUIREMENTS_FILES_SEARCH_DEPTH2 = 3;
 function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonProjects) {
   switch (ecosystem) {
     case "NPM": {
       const base = basename8(manifestPath);
-      const dir = dirname10(manifestPath);
+      const dir = dirname11(manifestPath);
       return base === "package.json" ? dir || "." : void 0;
     }
     case "MAVEN": {
@@ -211813,7 +211882,7 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
     }
     case "PIP": {
       const base = basename8(manifestPath);
-      const dir = dirname10(manifestPath);
+      const dir = dirname11(manifestPath);
       const workspaceDir = dir === "" ? "." : dir;
       if (properPythonProjects.includes(workspaceDir)) {
         return workspaceDir;
@@ -211835,11 +211904,11 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
       return ".";
     }
     case "RUST": {
-      return dirname10(manifestPath) || ".";
+      return dirname11(manifestPath) || ".";
     }
     case "GO": {
       const base = basename8(manifestPath);
-      const dir = dirname10(manifestPath);
+      const dir = dirname11(manifestPath);
       return base === "go.mod" ? dir || "." : void 0;
     }
     default: {
@@ -211852,7 +211921,7 @@ function inferProjectFromManifestPath(ecosystem, manifestPath) {
     case "NPM": {
       const filename = basename8(manifestPath);
       if (["package-lock.json", "pnpm-lock.yaml", "pnpm-lock.yml", "yarn.lock"].includes(filename)) {
-        return dirname10(manifestPath) || ".";
+        return dirname11(manifestPath) || ".";
       }
       return void 0;
     }
@@ -211917,7 +211986,7 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash,
     const allFiles = await getFilesRelative(rootWorkingDirectory, venvExcludes);
     for (const file of allFiles) {
       const base = basename8(file);
-      const workspaceDir = dirname10(file) || ".";
+      const workspaceDir = dirname11(file) || ".";
       if (base === "pyproject.toml" || base === "setup.py" && await isSetupPySetuptools(join24(rootWorkingDirectory, file))) {
         if (!properPythonProjects.includes(workspaceDir)) {
           properPythonProjects.push(workspaceDir);
@@ -227145,7 +227214,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.12.20";
+var version2 = "14.12.22";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -227831,7 +227900,7 @@ async function getGitDataToMetadataIfAvailable(rootWorkingDirectory) {
 // dist/cli-upgrade-purl.js
 import { join as join27, relative as relative17 } from "node:path";
 var import_packageurl_js2 = __toESM(require_packageurl_js(), 1);
-var ECOSYSTEMS_WITH_SOCKET_UPGRADES = ["NPM", "MAVEN", "NUGET"];
+var ECOSYSTEMS_WITH_SOCKET_UPGRADES = ["NPM", "MAVEN", "NUGET", "GO"];
 async function upgradePurl(path2, upgrades, options, logFile, cliFixRunId) {
   if (options.rangeStyle && options.rangeStyle !== "pin") {
     throw new Error('Range style must be "pin"');
@@ -227989,7 +228058,9 @@ async function computeFixesAndUpgradePurls(path2, options, logFile) {
     return;
   }
   const ghsaToVulnerableArtifactIdsToApply = options.applyFixesTo.includes("all") ? ghsaToVulnerableArtifactIds : Object.fromEntries(Object.entries(ghsaToVulnerableArtifactIds).filter(([ghsa]) => options.applyFixesTo.includes(ghsa)));
-  const computedFix = await useSocketComputeFixEndpoint(autofixRunId, artifacts, ghsaToVulnerableArtifactIdsToApply);
+  const computedFix = await useSocketComputeFixEndpoint(autofixRunId, artifacts, ghsaToVulnerableArtifactIdsToApply, {
+    noMajorUpdates: options.disableMajorUpdates
+  });
   if (computedFix.type !== "success") {
     throw new Error(`No fix found for the given vulnerabilities`);
   }
@@ -228163,7 +228234,7 @@ upgradePurls.name("upgrade-purls").argument("<path>", "File system path to the f
   });
 }).configureHelp({ sortOptions: true });
 var computeFixesAndUpgradePurlsCmd = new Command();
-computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument("<path>", "File system path to the folder containing the project").option("-a, --apply-fixes-to <ghsas...>", 'GHSA IDs to compute fixes for. Use "all" to compute fixes for all vulnerabilities.', []).option("--dry-run", "Show what changes would be made without actually making them", false).option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--range-style <style>", 'Range style to use for the output. Currently only "pin" is supported and it only works for npm.').addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).action(async (path2, options) => {
+computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument("<path>", "File system path to the folder containing the project").option("-a, --apply-fixes-to <ghsas...>", 'GHSA IDs to compute fixes for. Use "all" to compute fixes for all vulnerabilities.', []).option("--dry-run", "Show what changes would be made without actually making them", false).option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("--range-style <style>", 'Range style to use for the output. Currently only "pin" is supported and it only works for npm.').option("--disable-major-updates", "Do not suggest major updates. If only major update are available, the fix will not be applied.", false).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).action(async (path2, options) => {
   process.env.DOCKER_IMAGE_TAG ??= version2;
   if (options.rangeStyle && options.rangeStyle === "preserve") {
     options.rangeStyle = void 0;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.20",
+  "version": "14.12.22",
   "description": "Coana CLI",
   "type": "module",
   "bin": {