@coana-tech/cli 14.12.205 → 14.12.207

package/cli.mjs

@@ -188357,16 +188357,16 @@ var require_timespan = __commonJS({
 // ../../node_modules/.pnpm/jsonwebtoken@9.0.2/node_modules/jsonwebtoken/lib/asymmetricKeyDetailsSupported.js
 var require_asymmetricKeyDetailsSupported = __commonJS({
   "../../node_modules/.pnpm/jsonwebtoken@9.0.2/node_modules/jsonwebtoken/lib/asymmetricKeyDetailsSupported.js"(exports2, module2) {
-    var semver2 = require_semver2();
-    module2.exports = semver2.satisfies(process.version, ">=15.7.0");
+    var semver3 = require_semver2();
+    module2.exports = semver3.satisfies(process.version, ">=15.7.0");
   }
 });
 
 // ../../node_modules/.pnpm/jsonwebtoken@9.0.2/node_modules/jsonwebtoken/lib/rsaPssKeyDetailsSupported.js
 var require_rsaPssKeyDetailsSupported = __commonJS({
   "../../node_modules/.pnpm/jsonwebtoken@9.0.2/node_modules/jsonwebtoken/lib/rsaPssKeyDetailsSupported.js"(exports2, module2) {
-    var semver2 = require_semver2();
-    module2.exports = semver2.satisfies(process.version, ">=16.9.0");
+    var semver3 = require_semver2();
+    module2.exports = semver3.satisfies(process.version, ">=16.9.0");
   }
 });
 
@@ -188426,8 +188426,8 @@ var require_validateAsymmetricKey = __commonJS({
 // ../../node_modules/.pnpm/jsonwebtoken@9.0.2/node_modules/jsonwebtoken/lib/psSupported.js
 var require_psSupported = __commonJS({
   "../../node_modules/.pnpm/jsonwebtoken@9.0.2/node_modules/jsonwebtoken/lib/psSupported.js"(exports2, module2) {
-    var semver2 = require_semver2();
-    module2.exports = semver2.satisfies(process.version, "^6.12.0 || >=8.0.0");
+    var semver3 = require_semver2();
+    module2.exports = semver3.satisfies(process.version, "^6.12.0 || >=8.0.0");
   }
 });
 
@@ -218816,7 +218816,7 @@ ${indent(1, indentationSize)}`)}
 };
 
 // ../fixing-management/src/fixing-management/npm/npm-socket-upgrade-manager.ts
-import { existsSync as existsSync15 } from "fs";
+import { existsSync as existsSync17 } from "fs";
 import { readFile as readFile20 } from "fs/promises";
 import assert10 from "node:assert";
 import { dirname as dirname14, join as join14, relative as relative10, resolve as resolve24 } from "path";
@@ -225113,6 +225113,7 @@ async function getYarnType(projectDir) {
 }
 
 // ../fixing-management/src/fixing-management/npm/npm-fixing-manager.ts
+import { existsSync as existsSync13 } from "fs";
 import { readFile as readFile17, writeFile as writeFile6 } from "fs/promises";
 import { relative as relative6, resolve as resolve20 } from "path";
 
@@ -225174,6 +225175,7 @@ var NpmFixingManager = class extends NpmEcosystemFixingManager {
     }
   }
   async applySecurityFixesSpecificPackageManager(fixes) {
+    await checkForNpmOverrides(resolve20(this.rootDir, this.subprojectPath, "package.json"), fixes);
     const pkgLockLocation = resolve20(this.rootDir, this.subprojectPath, "package-lock.json");
     const packageLockContent = await readFile17(pkgLockLocation, "utf-8");
     const getPackageName = (pkgPath) => {
@@ -225211,13 +225213,39 @@ var NpmFixingManager = class extends NpmEcosystemFixingManager {
     );
   }
 };
+async function checkForNpmOverrides(packageJsonPath, fixes) {
+  if (!existsSync13(packageJsonPath)) return;
+  const content = await readFile17(packageJsonPath, "utf-8");
+  const packageJson = JSON.parse(content);
+  const overrides = packageJson.overrides;
+  if (!overrides) return;
+  for (const fix of fixes) {
+    for (const [key, value2] of Object.entries(overrides)) {
+      if (key === fix.dependencyName && typeof value2 === "string") {
+        throw new Error(
+          `Package "${fix.dependencyName}" is pinned via npm "overrides" in package.json to version "${value2}". Automatic updating of npm overrides is not yet supported. Please manually update the override to version ${fix.fixedVersion} in your package.json "overrides" field.`
+        );
+      }
+      if (typeof value2 === "object" && value2 !== null) {
+        for (const [nestedKey, nestedValue] of Object.entries(value2)) {
+          if (nestedKey === fix.dependencyName && typeof nestedValue === "string") {
+            throw new Error(
+              `Package "${fix.dependencyName}" is pinned via npm "overrides" in package.json (under "overrides.${key}") to version "${nestedValue}". Automatic updating of npm overrides is not yet supported. Please manually update the override to version ${fix.fixedVersion} in your package.json "overrides" field.`
+            );
+          }
+        }
+      }
+    }
+  }
+}
 
 // ../fixing-management/src/fixing-management/npm/pnpm-fixing-manager.ts
+var import_semver3 = __toESM(require_semver2(), 1);
 import { readFile as readFile18, writeFile as writeFile7 } from "fs/promises";
 import { relative as relative7, resolve as resolve21 } from "path";
 var import_yaml = __toESM(require_dist10(), 1);
 var import_lockfile_file2 = __toESM(require_lib25(), 1);
-import { existsSync as existsSync13 } from "fs";
+import { existsSync as existsSync14 } from "fs";
 var PnpmFixingManager = class extends NpmEcosystemFixingManager {
   pnpmMajorVersion;
   async getPnpmMajorVersion() {
@@ -225308,7 +225336,9 @@ var PnpmFixingManager = class extends NpmEcosystemFixingManager {
         );
         lockFileYaml.packages = newPackages;
       }
-      if (lockFileYaml.catalogs) {
+      const hasCatalogFixes = !!lockFileYaml.catalogs;
+      let catalogFixes = {};
+      if (hasCatalogFixes) {
         const getFixCatalog = (catalogName, catalog) => {
           const fixList = [];
           for (const [packageName, catalogVersion] of Object.entries(catalog)) {
@@ -225323,22 +225353,41 @@ var PnpmFixingManager = class extends NpmEcosystemFixingManager {
           }
           return fixList;
         };
-        const catalogFixes = Object.fromEntries(
+        catalogFixes = Object.fromEntries(
           Object.entries(lockFileYaml.catalogs).map(([catalogName, catalog]) => [
             catalogName,
             Object.fromEntries(getFixCatalog(catalogName, catalog))
           ])
         );
-        const pnpmWorkspaceYamlFile = resolve21(this.rootDir, this.subprojectPath, "pnpm-workspace.yaml");
-        if (!existsSync13(pnpmWorkspaceYamlFile)) {
+      }
+      const pnpmWorkspaceYamlFile = resolve21(this.rootDir, this.subprojectPath, "pnpm-workspace.yaml");
+      if (hasCatalogFixes || existsSync14(pnpmWorkspaceYamlFile)) {
+        if (hasCatalogFixes && !existsSync14(pnpmWorkspaceYamlFile)) {
           throw new Error(
             `pnpm-workspace.yaml could not be found in ${pnpmWorkspaceYamlFile}. The lockfile indicates that pnpm catalogs are used and they must be updated, which is not possible without a pnpm-workspace.yaml file`
           );
         }
-        const yamlAST = await readYamlFile(pnpmWorkspaceYamlFile);
-        fixCatalogVersions(yamlAST, catalogFixes);
-        await writeYamlFile(yamlAST, pnpmWorkspaceYamlFile);
+        if (existsSync14(pnpmWorkspaceYamlFile)) {
+          const yamlAST = await readYamlFile(pnpmWorkspaceYamlFile);
+          let modified = false;
+          if (hasCatalogFixes) {
+            fixCatalogVersions(yamlAST, catalogFixes);
+            modified = true;
+          }
+          const overrideResult = fixWorkspaceYamlOverrides(yamlAST, fixes);
+          if (overrideResult.modified) modified = true;
+          if (overrideResult.nestedOverrides.length > 0) {
+            const nested = overrideResult.nestedOverrides[0];
+            throw new Error(
+              `Package "${nested.packageName}" is pinned via a nested pnpm override in pnpm-workspace.yaml (under "overrides"). Automatic updating of nested overrides is not yet supported. Please manually update the override to version ${nested.fixedVersion}.`
+            );
+          }
+          if (modified) {
+            await writeYamlFile(yamlAST, pnpmWorkspaceYamlFile);
+          }
+        }
       }
+      await fixPackageJsonPnpmOverrides(resolve21(this.rootDir, this.subprojectPath, "package.json"), fixes);
       await (0, import_lockfile_file2.writeWantedLockfile)(resolve21(this.rootDir, this.subprojectPath), lockFileYaml);
     } catch (e) {
       if (e.message) throw e;
@@ -225400,14 +225449,156 @@ function updateCatalog(update3, map2) {
     }
   }
 }
+function getOverrideTargetPackageName(key) {
+  const lastSeparatorIndex = key.lastIndexOf(">");
+  return lastSeparatorIndex >= 0 ? key.substring(lastSeparatorIndex + 1) : key;
+}
+function computeOverrideUpdate(overrideValue, fix) {
+  if (overrideValue.startsWith("workspace:") || overrideValue.startsWith("link:") || overrideValue.startsWith("file:") || overrideValue.startsWith("http:") || overrideValue.startsWith("https:") || overrideValue.startsWith("git:") || overrideValue.startsWith("git+")) {
+    return null;
+  }
+  if (overrideValue.startsWith("npm:")) {
+    const afterNpm = overrideValue.substring(4);
+    const atIndex = afterNpm.lastIndexOf("@");
+    if (atIndex === -1) return null;
+    const prefix = "npm:" + afterNpm.substring(0, atIndex + 1);
+    const versionPart = afterNpm.substring(atIndex + 1);
+    const result = computeOverrideVersionUpdate(versionPart, fix);
+    return result !== null ? `${prefix}${result}` : null;
+  }
+  return computeOverrideVersionUpdate(overrideValue, fix);
+}
+function computeOverrideVersionUpdate(versionValue, fix) {
+  if (versionValue === fix.currentVersion) {
+    return fix.fixedVersion;
+  }
+  if (import_semver3.default.validRange(versionValue) && import_semver3.default.valid(fix.currentVersion) && import_semver3.default.valid(fix.fixedVersion)) {
+    if (import_semver3.default.satisfies(fix.currentVersion, versionValue)) {
+      if (!import_semver3.default.satisfies(fix.fixedVersion, versionValue)) {
+        return fix.fixedVersion;
+      }
+      logger.info(
+        `Override for ${fix.dependencyName} uses range "${versionValue}" which already allows the fixed version ${fix.fixedVersion} \u2014 no update needed`
+      );
+    }
+  }
+  return null;
+}
+function fixWorkspaceYamlOverrides(yamlAST, fixes) {
+  let modified = false;
+  const nestedOverrides = [];
+  import_yaml.CST.visit(yamlAST, (item, _path2) => {
+    if (import_yaml.CST.isCollection(item.value) && item.value.type === "block-map") {
+      if (import_yaml.CST.isScalar(item.key)) {
+        const key = import_yaml.CST.resolveAsScalar(item.key).value;
+        if (key === "overrides") {
+          if (updateOverridesMap(item.value, fixes, nestedOverrides)) {
+            modified = true;
+          }
+        }
+      }
+    }
+  });
+  return { modified, nestedOverrides };
+}
+function updateOverridesMap(map2, fixes, nestedOverrides) {
+  const fixesByName = /* @__PURE__ */ new Map();
+  for (const fix of fixes) {
+    const existing = fixesByName.get(fix.dependencyName) ?? [];
+    existing.push(fix);
+    fixesByName.set(fix.dependencyName, existing);
+  }
+  let wasModified = false;
+  for (const overrideEntry of map2.items) {
+    if (!overrideEntry.key || !overrideEntry.value) continue;
+    if (import_yaml.CST.isCollection(overrideEntry.value)) {
+      const overrideKey2 = import_yaml.CST.resolveAsScalar(overrideEntry.key)?.value;
+      if (overrideKey2) {
+        const target = getOverrideTargetPackageName(String(overrideKey2));
+        const matchingFixes2 = fixesByName.get(target);
+        if (matchingFixes2) {
+          for (const fix of matchingFixes2) {
+            nestedOverrides.push({ packageName: fix.dependencyName, fixedVersion: fix.fixedVersion });
+          }
+        }
+      }
+      continue;
+    }
+    if (!import_yaml.CST.isScalar(overrideEntry.value)) continue;
+    const overrideKey = import_yaml.CST.resolveAsScalar(overrideEntry.key)?.value;
+    const overrideValue = import_yaml.CST.resolveAsScalar(overrideEntry.value)?.value;
+    if (!overrideKey || !overrideValue) continue;
+    const targetPackageName = getOverrideTargetPackageName(String(overrideKey));
+    const matchingFixes = fixesByName.get(targetPackageName);
+    if (!matchingFixes) continue;
+    for (const fix of matchingFixes) {
+      const newValue = computeOverrideUpdate(String(overrideValue), fix);
+      if (newValue !== null) {
+        logger.info(
+          `Applying fix to ${fix.dependencyName} (${fix.dependencyIdentifier}) defined in pnpm-workspace.yaml overrides`
+        );
+        import_yaml.CST.setScalarValue(overrideEntry.value, newValue);
+        wasModified = true;
+      }
+    }
+  }
+  return wasModified;
+}
+async function fixPackageJsonPnpmOverrides(packageJsonPath, fixes) {
+  if (!existsSync14(packageJsonPath)) return;
+  const content = await readFile18(packageJsonPath, "utf-8");
+  const packageJson = JSON.parse(content);
+  const overrides = packageJson.pnpm?.overrides;
+  if (!overrides) return;
+  const fixesByName = /* @__PURE__ */ new Map();
+  for (const fix of fixes) {
+    const existing = fixesByName.get(fix.dependencyName) ?? [];
+    existing.push(fix);
+    fixesByName.set(fix.dependencyName, existing);
+  }
+  let modified = false;
+  for (const [key, value2] of Object.entries(overrides)) {
+    if (typeof value2 === "object" && value2 !== null) {
+      for (const [nestedKey, nestedValue] of Object.entries(value2)) {
+        const nestedTarget = getOverrideTargetPackageName(nestedKey);
+        const matchingFixes2 = fixesByName.get(nestedTarget);
+        if (matchingFixes2 && typeof nestedValue === "string") {
+          const fix = matchingFixes2[0];
+          throw new Error(
+            `Package "${fix.dependencyName}" is pinned via a nested pnpm override in package.json (under "pnpm.overrides.${key}"). Automatic updating of nested overrides is not yet supported. Please manually update the override to version ${fix.fixedVersion}.`
+          );
+        }
+      }
+      continue;
+    }
+    if (typeof value2 !== "string") continue;
+    const targetPackageName = getOverrideTargetPackageName(key);
+    const matchingFixes = fixesByName.get(targetPackageName);
+    if (!matchingFixes) continue;
+    for (const fix of matchingFixes) {
+      const newValue = computeOverrideUpdate(value2, fix);
+      if (newValue !== null) {
+        logger.info(
+          `Applying fix to ${fix.dependencyName} (${fix.dependencyIdentifier}) defined in package.json pnpm.overrides`
+        );
+        overrides[key] = newValue;
+        modified = true;
+      }
+    }
+  }
+  if (modified) {
+    await writeFile7(packageJsonPath, JSON.stringify(packageJson, null, 2) + "\n");
+  }
+}
 
 // ../fixing-management/src/fixing-management/npm/yarn-fixing-manager.ts
+import { existsSync as existsSync16 } from "fs";
 import { readFile as readFile19, writeFile as writeFile8 } from "fs/promises";
 import { relative as relative9, resolve as resolve23 } from "path";
 
 // ../utils/src/package-utils.ts
 import { parse as parse7, join as join13, resolve as resolve22, normalize as normalize3, dirname as dirname13, basename as basename6, relative as relative8 } from "path";
-import { existsSync as existsSync14, readFileSync as readFileSync3, readdirSync as readdirSync3, statSync as statSync4, writeFileSync as writeFileSync2 } from "fs";
+import { existsSync as existsSync15, readFileSync as readFileSync3, readdirSync as readdirSync3, statSync as statSync4, writeFileSync as writeFileSync2 } from "fs";
 function setFieldInPackageJson(workspaceRoot, field, value2) {
   const packageJSONContentObj = getPackageJsonObject2(workspaceRoot);
   if (!packageJSONContentObj) return void 0;
@@ -225424,7 +225615,7 @@ function writePackageJsonContent(workspaceRoot, packageJsonContent) {
 }
 function getPackageJsonContent2(workspaceRoot) {
   const packageJsonPath = getPackageJSONPath2(workspaceRoot);
-  if (existsSync14(packageJsonPath)) return readFileSync3(packageJsonPath, "utf8");
+  if (existsSync15(packageJsonPath)) return readFileSync3(packageJsonPath, "utf8");
   return void 0;
 }
 function getPackageJSONPath2(workspaceRoot) {
@@ -225591,6 +225782,7 @@ var YarnFixingManager = class extends NpmEcosystemFixingManager {
     await this.writeYarnObj(yarnLock, yarnLockLocation);
   }
   async applySecurityFixesSpecificPackageManager(fixes) {
+    await checkForYarnResolutions(resolve23(this.rootDir, this.subprojectPath, "package.json"), fixes);
     const yarnLockLocation = resolve23(this.rootDir, this.subprojectPath, "yarn.lock");
     const yarnType = await this.getYarnType();
     try {
@@ -225630,6 +225822,24 @@ var YarnFixingManager = class extends NpmEcosystemFixingManager {
     }
   }
 };
+async function checkForYarnResolutions(packageJsonPath, fixes) {
+  if (!existsSync16(packageJsonPath)) return;
+  const content = await readFile19(packageJsonPath, "utf-8");
+  const packageJson = JSON.parse(content);
+  const resolutions = packageJson.resolutions;
+  if (!resolutions) return;
+  for (const fix of fixes) {
+    for (const [key, value2] of Object.entries(resolutions)) {
+      const parts = key.split("/");
+      const targetPackage = parts[parts.length - 1];
+      if (targetPackage === fix.dependencyName && typeof value2 === "string") {
+        throw new Error(
+          `Package "${fix.dependencyName}" is pinned via yarn "resolutions" in package.json to version "${value2}". Automatic updating of yarn resolutions is not yet supported. Please manually update the resolution to version ${fix.fixedVersion} in your package.json "resolutions" field.`
+        );
+      }
+    }
+  }
+}
 
 // ../fixing-management/src/fixing-management/npm/npm-socket-upgrade-manager.ts
 import { basename as basename7 } from "node:path";
@@ -225802,11 +226012,11 @@ var NpmSocketUpgradeManager = class {
   }
   getPackageManagerForDirectory(directory) {
     const fullPath = resolve24(this.rootDir, directory);
-    if (existsSync15(join14(fullPath, "pnpm-lock.yaml")) || existsSync15(join14(fullPath, "pnpm-lock.yml"))) {
+    if (existsSync17(join14(fullPath, "pnpm-lock.yaml")) || existsSync17(join14(fullPath, "pnpm-lock.yml"))) {
       return "PNPM";
-    } else if (existsSync15(join14(fullPath, "yarn.lock"))) {
+    } else if (existsSync17(join14(fullPath, "yarn.lock"))) {
       return "YARN";
-    } else if (existsSync15(join14(fullPath, "package-lock.json"))) {
+    } else if (existsSync17(join14(fullPath, "package-lock.json"))) {
       return "NPM";
     }
     throw new Error(
@@ -225815,10 +226025,10 @@ var NpmSocketUpgradeManager = class {
   }
   getLockfileName(directory) {
     const fullPath = resolve24(this.rootDir, directory);
-    if (existsSync15(join14(fullPath, "pnpm-lock.yaml"))) return "pnpm-lock.yaml";
-    if (existsSync15(join14(fullPath, "pnpm-lock.yml"))) return "pnpm-lock.yml";
-    if (existsSync15(join14(fullPath, "yarn.lock"))) return "yarn.lock";
-    if (existsSync15(join14(fullPath, "package-lock.json"))) return "package-lock.json";
+    if (existsSync17(join14(fullPath, "pnpm-lock.yaml"))) return "pnpm-lock.yaml";
+    if (existsSync17(join14(fullPath, "pnpm-lock.yml"))) return "pnpm-lock.yml";
+    if (existsSync17(join14(fullPath, "yarn.lock"))) return "yarn.lock";
+    if (existsSync17(join14(fullPath, "package-lock.json"))) return "package-lock.json";
     throw new Error(`No lockfile found in ${fullPath}`);
   }
   async createDirectDependencyPatches(mf, idx, upgradeVersion, ctxt) {
@@ -226203,10 +226413,10 @@ import { dirname as dirname16, relative as relative12, resolve as resolve26 } fr
 var import_parse_xml3 = __toESM(require_dist(), 1);
 import { readFile as readFile22 } from "node:fs/promises";
 import { dirname as dirname15, join as join17, relative as relative11, resolve as resolve25, basename as basename8, extname } from "node:path";
-import { existsSync as existsSync16 } from "node:fs";
+import { existsSync as existsSync18 } from "node:fs";
 
 // ../utils/dist/version-comparison/version-satisfies.js
-var import_semver3 = __toESM(require_semver2(), 1);
+var import_semver4 = __toESM(require_semver2(), 1);
 
 // ../utils/dist/version-comparison/maven/comparable-version.js
 var IntItem2 = class _IntItem {
@@ -227602,10 +227812,10 @@ function versionSatisfiesSpecifier2(ecosystem, version4, specifier) {
 }
 var ecosystemMap2 = {
   NPM: {
-    sortVersions: import_semver3.sort,
+    sortVersions: import_semver4.sort,
     isPrerelease: semverIsPrerelease2,
     versionSatisfiesSpecifier: semverSatisfiesSpecifier2,
-    versionSatisfiesRelation: import_semver3.cmp,
+    versionSatisfiesRelation: import_semver4.cmp,
     versionSatisfiesRange: semverSatisfiesRange2
   },
   MAVEN: {
@@ -227628,17 +227838,17 @@ var ecosystemMap2 = {
     versionSatisfiesRange: versionSatisfiesWithVersionComparisonFunction2(pipCompareVersions2)
   },
   GO: {
-    sortVersions: import_semver3.sort,
+    sortVersions: import_semver4.sort,
     isPrerelease: semverIsPrerelease2,
     versionSatisfiesSpecifier: semverSatisfiesSpecifier2,
-    versionSatisfiesRelation: import_semver3.cmp,
+    versionSatisfiesRelation: import_semver4.cmp,
     versionSatisfiesRange: semverSatisfiesRange2
   },
   RUST: {
-    sortVersions: import_semver3.sort,
+    sortVersions: import_semver4.sort,
     isPrerelease: semverIsPrerelease2,
     versionSatisfiesSpecifier: (version4, specifier) => specifier.split(",").map((part) => part.trim()).every((trimmed) => semverSatisfiesSpecifier2(version4, /^\d/.test(trimmed) ? `^${trimmed}` : trimmed)),
-    versionSatisfiesRelation: import_semver3.cmp,
+    versionSatisfiesRelation: import_semver4.cmp,
     versionSatisfiesRange: semverSatisfiesRange2
   },
   NUGET: {
@@ -227682,16 +227892,16 @@ function buildUnsupportedEcosystem2(ecosystem) {
   };
 }
 function semverSatisfiesSpecifier2(version4, specifier) {
-  return (0, import_semver3.satisfies)(version4, specifier);
+  return (0, import_semver4.satisfies)(version4, specifier);
 }
 function semverSatisfiesRange2(version4, range2) {
-  if ((0, import_semver3.satisfies)(version4, range2))
+  if ((0, import_semver4.satisfies)(version4, range2))
     return true;
-  const versionWithoutPrerelease = (0, import_semver3.coerce)(version4)?.version;
-  return versionWithoutPrerelease ? (0, import_semver3.satisfies)(versionWithoutPrerelease, range2) : false;
+  const versionWithoutPrerelease = (0, import_semver4.coerce)(version4)?.version;
+  return versionWithoutPrerelease ? (0, import_semver4.satisfies)(versionWithoutPrerelease, range2) : false;
 }
 function semverIsPrerelease2(version4) {
-  return (0, import_semver3.coerce)(version4)?.version !== version4;
+  return (0, import_semver4.coerce)(version4)?.version !== version4;
 }
 var operators2 = {
   lt: "<",
@@ -227756,7 +227966,7 @@ async function loadNuGetProject(rootDir, projectFile, validateFile) {
 }
 async function loadNuGetProjectOrTarget(rootDir, projectFile, mainProject, visited, validateFile) {
   const validatedProjectPath = validateFile ? validateFile(resolve25(rootDir, projectFile)) : resolve25(rootDir, projectFile);
-  if (!validatedProjectPath || !existsSync16(validatedProjectPath)) return void 0;
+  if (!validatedProjectPath || !existsSync18(validatedProjectPath)) return void 0;
   if (visited.has(validatedProjectPath)) return void 0;
   visited.set(validatedProjectPath);
   const sourceText = await readFile22(validatedProjectPath, "utf-8");
@@ -227831,7 +228041,7 @@ async function loadNuGetProjectOrTarget(rootDir, projectFile, mainProject, visit
 }
 async function loadPackagesConfig(rootDir, file, validateFile) {
   const validatedConfigPath = validateFile(resolve25(rootDir, file));
-  if (!validatedConfigPath || !existsSync16(validatedConfigPath)) return void 0;
+  if (!validatedConfigPath || !existsSync18(validatedConfigPath)) return void 0;
   const sourceText = await readFile22(validatedConfigPath, "utf-8");
   const configXml = (0, import_parse_xml3.parseXml)(sourceText, { includeOffsets: true });
   const packages = extractPackagesFromXml(configXml, sourceText);
@@ -227961,7 +228171,7 @@ async function handleImportElement(currentProject, importElement, mainProject, v
   if (!importPath) return;
   const resolvedPath = resolve25(dirname15(currentProject.validatedProjectPath), normalizeMSBuildPath(importPath));
   const validatedPath = validateFile ? validateFile(resolvedPath) : resolvedPath;
-  if (!validatedPath || !existsSync16(validatedPath)) return;
+  if (!validatedPath || !existsSync18(validatedPath)) return;
   const importedProject = await loadNuGetProjectOrTarget(
     currentProject.rootDir,
     resolvedPath,
@@ -228654,7 +228864,7 @@ var NuGetSocketUpgradeManager = class {
 // ../fixing-management/src/fixing-management/rust/cargo-socket-upgrade-manager.ts
 import { dirname as dirname18, relative as relative13, resolve as resolve28 } from "node:path";
 var import_picomatch6 = __toESM(require_picomatch2(), 1);
-var import_semver4 = __toESM(require_semver2(), 1);
+var import_semver5 = __toESM(require_semver2(), 1);
 import assert12 from "node:assert";
 import { readFile as readFile24, writeFile as writeFile10 } from "node:fs/promises";
 
@@ -228918,7 +229128,7 @@ var CargoSocketUpgradeManager = class {
    * This handles Cargo's implicit caret behavior and uses semver for proper version range matching
    */
   versionMatches(tomlVersion, resolvedVersion) {
-    return import_semver4.default.satisfies(resolvedVersion, /^\d/.test(tomlVersion) ? `^${tomlVersion}` : tomlVersion);
+    return import_semver5.default.satisfies(resolvedVersion, /^\d/.test(tomlVersion) ? `^${tomlVersion}` : tomlVersion);
   }
   /**
    * Add a new dependency to a Cargo.toml file
@@ -229365,14 +229575,14 @@ function createPep508VersionPatches(file, idx, requirement, oldVersion, upgradeV
 }
 
 // ../utils/src/pip-utils.ts
-import { existsSync as existsSync17 } from "node:fs";
+import { existsSync as existsSync19 } from "node:fs";
 import { readFile as readFile26 } from "node:fs/promises";
 import { dirname as dirname19, resolve as resolve30 } from "node:path";
 import util4 from "node:util";
 
 // ../utils/src/python-versions-manager.ts
 var import_lodash6 = __toESM(require_lodash(), 1);
-var import_semver5 = __toESM(require_semver2(), 1);
+var import_semver6 = __toESM(require_semver2(), 1);
 import { execFileSync } from "child_process";
 import { constants as constants3 } from "fs";
 import { access as access3, readFile as readFile25 } from "fs/promises";
@@ -230216,7 +230426,7 @@ import assert14 from "node:assert";
 var import_good_enough_parser4 = __toESM(require_cjs(), 1);
 init_ruby_lang();
 import { resolve as resolve32, dirname as dirname21, relative as relative14 } from "node:path";
-import { existsSync as existsSync18, readFileSync as readFileSync4, readdirSync as readdirSync4 } from "node:fs";
+import { existsSync as existsSync20, readFileSync as readFileSync4, readdirSync as readdirSync4 } from "node:fs";
 init_gemspec_utils();
 var booleanQuery2 = import_good_enough_parser4.query.alt(
   import_good_enough_parser4.query.sym(/^true|false$/, (ctx, { value: value2, offset }) => {
@@ -230331,7 +230541,7 @@ var evalGemfileQuery = import_good_enough_parser4.query.sym("eval_gemfile").join
   if (pathEvaluated === void 0) return ctx;
   const rootDir = ctx.gemfile.rootDir;
   const file = relative14(rootDir, resolve32(rootDir, dirname21(ctx.gemfile.file), pathEvaluated));
-  if (!existsSync18(resolve32(rootDir, file))) return ctx;
+  if (!existsSync20(resolve32(rootDir, file))) return ctx;
   const sourceText = readFileSync4(resolve32(rootDir, file), "utf-8");
   const parser2 = import_good_enough_parser4.lang.createLang(lang3);
   const cursor = parser2.parse(sourceText);
@@ -230406,7 +230616,7 @@ var gemspecQuery = import_good_enough_parser4.query.sym("gemspec").opt(
     ctx.currentGem = void 0;
   }
   const searchDir = gemspecPath ? resolve32(rootDir, gemfileDir, gemspecPath) : resolve32(rootDir, gemfileDir);
-  if (!existsSync18(searchDir)) return ctx;
+  if (!existsSync20(searchDir)) return ctx;
   let gemspecFiles = [];
   try {
     const entries = readdirSync4(searchDir);
@@ -231130,7 +231340,7 @@ async function applySocketUpgrades(ecosystem, rootDir, ctxt) {
 
 // dist/cli-apply-fix.js
 var import_lodash13 = __toESM(require_lodash(), 1);
-import { existsSync as existsSync22 } from "fs";
+import { existsSync as existsSync24 } from "fs";
 
 // ../other-modules-communicator/src/other-modules-communicator.ts
 import { execFileSync as execFileSync2 } from "child_process";
@@ -231147,7 +231357,7 @@ import { fileURLToPath as fileURLToPath3 } from "node:url";
 // ../utils/dist/file-utils.js
 var import_lodash7 = __toESM(require_lodash(), 1);
 var import_micromatch2 = __toESM(require_micromatch(), 1);
-import { existsSync as existsSync19 } from "fs";
+import { existsSync as existsSync21 } from "fs";
 import { access as access4, cp as cp3, readdir as readdir4, stat as stat4 } from "fs/promises";
 import { basename as basename9, join as join20, relative as relative16, resolve as resolve34 } from "path";
 var { uniq: uniq2 } = import_lodash7.default;
@@ -231587,7 +231797,7 @@ async function detectVariantMaven(projectDir) {
 }
 
 // ../docker-management/src/maven/gradle-version-detector.ts
-import { existsSync as existsSync20 } from "fs";
+import { existsSync as existsSync22 } from "fs";
 import { join as join23 } from "path";
 import { readFile as readFile30 } from "fs/promises";
 async function detectVariantGradle(projectDir) {
@@ -231595,7 +231805,7 @@ async function detectVariantGradle(projectDir) {
 }
 async function detect(projectDir) {
   const gradleWrapperPropertiesPath = join23(projectDir, "gradle", "wrapper", "gradle-wrapper.properties");
-  const gradleWrapperProperties = existsSync20(gradleWrapperPropertiesPath) ? (await readFile30(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const gradleWrapperProperties = existsSync22(gradleWrapperPropertiesPath) ? (await readFile30(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!gradleWrapperProperties) return void 0;
   const distributionUrlRegex = /.*gradle-(\d+(\.\d+(\.\d+)?)?)/;
   for (const prop2 of gradleWrapperProperties) {
@@ -231609,7 +231819,7 @@ async function detect(projectDir) {
 }
 
 // ../docker-management/src/maven/sbt-version-detector.ts
-import { existsSync as existsSync21 } from "fs";
+import { existsSync as existsSync23 } from "fs";
 import { join as join24 } from "path";
 import { readFile as readFile31 } from "fs/promises";
 async function detectVariantSbt(projectDir) {
@@ -231617,7 +231827,7 @@ async function detectVariantSbt(projectDir) {
 }
 async function detect2(projectDir) {
   const sbtBuildPropertiesPath = join24(projectDir, "project", "build.properties");
-  const sbtBuildProperties = existsSync21(sbtBuildPropertiesPath) ? (await readFile31(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const sbtBuildProperties = existsSync23(sbtBuildPropertiesPath) ? (await readFile31(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!sbtBuildProperties) return void 0;
   for (const prop2 of sbtBuildProperties) {
     const [key, value2] = prop2.split("=");
@@ -232864,7 +233074,7 @@ async function verifyFixes(fixes, otherModulesCommunicator, rootPath) {
   if (pathsForEachFixIdData.length !== new Set(pathsForEachFixIdData).size) {
     throw new Error("Multiple fix IDs found for the same subproject, workspace and ecosystem");
   }
-  const subprojectsNotFound = uniq3(fixes.filter(({ vulnerabilityInstance: v }) => !existsSync22(resolve37(rootPath, v.subprojectPath))).map(({ vulnerabilityInstance: v }) => `${v.subprojectPath}:${v.ecosystem}`));
+  const subprojectsNotFound = uniq3(fixes.filter(({ vulnerabilityInstance: v }) => !existsSync24(resolve37(rootPath, v.subprojectPath))).map(({ vulnerabilityInstance: v }) => `${v.subprojectPath}:${v.ecosystem}`));
   if (subprojectsNotFound.length > 0) {
     throw new Error(`Cannot find the following subprojects: ${subprojectsNotFound.join(", ")}`);
   }
@@ -233296,7 +233506,7 @@ function getVulnReachability(c3) {
 }
 
 // ../web-compat-utils/src/report-utils.ts
-var import_semver6 = __toESM(require_semver2(), 1);
+var import_semver7 = __toESM(require_semver2(), 1);
 function generateUrlToRepoSourceLocation(sourceLocation, repoUrl, commit, subprojectWorkspacePath) {
   if (!repoUrl || !commit || !subprojectWorkspacePath) return void 0;
   const isGithub = repoUrl.toLowerCase().includes("github");
@@ -233690,7 +233900,7 @@ import { readdir as readdir6 } from "fs/promises";
 import { join as join29, relative as relative19, resolve as resolve38 } from "path";
 
 // ../project-management/src/project-management/ecosystem-management/ecosystem-specs.ts
-import { existsSync as existsSync23 } from "fs";
+import { existsSync as existsSync25 } from "fs";
 import { readdir as readdir5, readFile as readFile33 } from "fs/promises";
 import { join as join28, sep as sep4 } from "path";
 var specs = {
@@ -233767,7 +233977,7 @@ function getEcosystemSpecs(ecosystems) {
 }
 function packageManagerIfPackageJSONExistsAndValid(packageManager) {
   return async (projectDir) => {
-    if (!existsSync23(join28(projectDir, "package.json"))) return void 0;
+    if (!existsSync25(join28(projectDir, "package.json"))) return void 0;
     const packageJSONPath = join28(projectDir, "package.json");
     try {
       JSON.parse(await readFile33(packageJSONPath, "utf-8"));
@@ -234662,7 +234872,7 @@ function prettyApplyFixesTo(applyFixesToOption) {
 
 // dist/cli-core.js
 import assert16 from "node:assert";
-import { existsSync as existsSync28, writeFileSync as writeFileSync3 } from "fs";
+import { existsSync as existsSync30, writeFileSync as writeFileSync3 } from "fs";
 import { mkdir as mkdir6, writeFile as writeFile15 } from "fs/promises";
 var import_lodash15 = __toESM(require_lodash(), 1);
 import os2 from "os";
@@ -234915,7 +235125,7 @@ var BatchedHttpLogStreamer = class {
 // ../utils/src/logging/socket-log-server.ts
 import { createServer } from "net";
 import { once as once8 } from "events";
-import { createWriteStream as createWriteStream6, existsSync as existsSync24 } from "fs";
+import { createWriteStream as createWriteStream6, existsSync as existsSync26 } from "fs";
 import { unlink as unlink3 } from "fs/promises";
 var SocketLogServer = class {
   server;
@@ -234936,7 +235146,7 @@ var SocketLogServer = class {
     this.server = createServer((socket) => this.handleConnection(socket));
   }
   async start() {
-    if (existsSync24(this.socketPath)) {
+    if (existsSync26(this.socketPath)) {
       await unlink3(this.socketPath);
     }
     this.server.listen(this.socketPath);
@@ -235058,7 +235268,7 @@ var SocketLogServer = class {
     return new Promise((resolve45, reject) => {
       this.server.close((serverError) => {
         this.writeStream.end(() => {
-          if (existsSync24(this.socketPath)) {
+          if (existsSync26(this.socketPath)) {
             unlink3(this.socketPath).then(() => {
               if (serverError) reject(serverError);
               else resolve45();
@@ -235403,16 +235613,16 @@ Alternatively, you can reduce the --memory-limit option to require fewer mapping
 var DEFAULT_REPORT_FILENAME_BASE = "coana-report";
 
 // dist/internal/exclude-dirs-from-configuration-files.js
-import { existsSync as existsSync25 } from "fs";
+import { existsSync as existsSync27 } from "fs";
 import { readFile as readFile35 } from "fs/promises";
 import { basename as basename11, resolve as resolve41 } from "path";
 var import_yaml2 = __toESM(require_dist11(), 1);
 async function inferExcludeDirsFromConfigurationFiles(rootWorkingDir) {
   const socketYmlConfigFile = resolve41(rootWorkingDir, "socket.yml");
-  if (existsSync25(socketYmlConfigFile))
+  if (existsSync27(socketYmlConfigFile))
     return inferExcludeDirsFromSocketConfig(socketYmlConfigFile);
   const socketYamlConfigFile = resolve41(rootWorkingDir, "socket.yaml");
-  if (existsSync25(socketYamlConfigFile))
+  if (existsSync27(socketYamlConfigFile))
     return inferExcludeDirsFromSocketConfig(socketYamlConfigFile);
   return void 0;
 }
@@ -250136,11 +250346,11 @@ var { root: root2 } = static_exports;
 
 // ../utils/src/maven-utils.ts
 var import_lodash14 = __toESM(require_lodash(), 1);
-import { existsSync as existsSync27, readdirSync as readdirSync5, statSync as statSync5 } from "fs";
+import { existsSync as existsSync29, readdirSync as readdirSync5, statSync as statSync5 } from "fs";
 import { join as join33 } from "path";
 
 // ../utils/src/download-utils.ts
-import { existsSync as existsSync26 } from "fs";
+import { existsSync as existsSync28 } from "fs";
 import { writeFile as writeFile14 } from "fs/promises";
 
 // ../utils/src/maven-utils.ts
@@ -251508,7 +251718,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.205";
+var version3 = "14.12.207";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;
@@ -252080,7 +252290,7 @@ Subproject: ${subproject}`);
     const concurrency = Number(this.options.concurrency);
     const shouldIncludeWorkspaceInLogs = concurrency > 1;
     let npmProjectDirPool;
-    const nodeModulesExists = existsSync28(resolve42(subprojectPath, "node_modules"));
+    const nodeModulesExists = existsSync30(resolve42(subprojectPath, "node_modules"));
     if (ecosystem === "NPM" && concurrency > 1 && !nodeModulesExists) {
       const numCopies = Math.min(concurrency, workspaces.length) - 1;
       if (numCopies > 0) {