@coana-tech/cli 14.12.5 → 14.12.7

package/cli.mjs

@@ -197989,12 +197989,14 @@ async function computeSocketFactArtifacts(rootDir, relativeManifestFilePaths) {
     return void 0;
   }
 }
-async function registerAutofixOrUpgradePurlRun(manifestsTarHash, repositoryName, options, cliCommand) {
+async function registerAutofixOrUpgradePurlRun(manifestsTarHash, options, cliCommand) {
   try {
     const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-autofix-or-upgrade-cli-run`);
     const data2 = {
       manifestsTarHash,
-      repositoryName,
+      // disabling rule to also catch case where process.env.SOCKET_REPO_NAME is the empty string.
+      // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+      repositoryName: process.env.SOCKET_REPO_NAME || "unknown-repo",
       options,
       cliCommand
     };
@@ -210347,6 +210349,12 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
   try {
     const { artifacts } = await fetchArtifactsFromManifestsTarHash(manifestsTarHash);
     const properPythonProjects = [];
+    const pipArtifactToRepresentativeManifest = {};
+    for (const artifact of artifacts) {
+      if (artifact.type === "pypi" && artifact.manifestFiles) {
+        pipArtifactToRepresentativeManifest[simplePurl(artifact.type, artifact.namespace ?? "", artifact.name, artifact.version ?? "")] = artifact;
+      }
+    }
     const venvExcludes = [
       "venv",
       ".venv",
@@ -210398,6 +210406,13 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
           manifestFiles.push(...(await getFilesRelative(rootWorkingDirectory)).filter((file) => (0, import_picomatch2.default)("{*.csproj,packages.lock.json}")(basename7(file))));
           break;
         }
+        case "PIP": {
+          const sPurl = simplePurl(artifact.type, artifact.namespace ?? "", artifact.name, artifact.version ?? "");
+          if (pipArtifactToRepresentativeManifest[sPurl]) {
+            manifestFiles.push(...(pipArtifactToRepresentativeManifest[sPurl].manifestFiles ?? []).map((ref) => ref.file));
+          }
+          break;
+        }
         default: {
           artifact.manifestFiles?.forEach((ref) => manifestFiles.push(ref.file));
           const allAncestorIds = getAllToplevelAncestors(artifactMap, artifact.id);
@@ -225589,7 +225604,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.12.5";
+var version2 = "14.12.7";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -226280,7 +226295,7 @@ async function upgradePurl(path2, upgrades, options, logFile, cliFixRunId) {
   logger.silent = options.silent;
   let cliRunId = cliFixRunId;
   if (!cliRunId && options.manifestsTarHash) {
-    cliRunId = await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, path2, options, "upgrade-purls");
+    cliRunId = await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, options, "upgrade-purls");
   }
   const upgradePurlRunId = cliRunId && await getSocketAPI().registerUpgradePurlRun(cliRunId, upgrades);
   Spinner.instance({ text: "Running Coana Upgrade Purl CLI", isSilent: options.silent }).start();
@@ -226410,7 +226425,7 @@ ${vulnerabilityFixes.map((fix) => `	${fix.dependencyName} from ${fix.currentVers
 
 // dist/cli-compute-fixes-and-upgrade-purls.js
 async function computeFixesAndUpgradePurls(path2, options, logFile) {
-  const autofixRunId = options.manifestsTarHash && await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, path2, options, "autofix");
+  const autofixRunId = options.manifestsTarHash && await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, options, "autofix");
   const { artifacts, ghsaToVulnerableArtifactIds } = await computeInputForComputingFixes(path2, options);
   if (Object.keys(ghsaToVulnerableArtifactIds).length === 0) {
     logger.info("No vulnerabilities to compute fixes for");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.5",
+  "version": "14.12.7",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -73399,12 +73399,14 @@ async function getLatestBucketsSocket(subprojectPath, workspacePath) {
     return void 0;
   }
 }
-async function registerAutofixOrUpgradePurlRun(manifestsTarHash, repositoryName, options, cliCommand) {
+async function registerAutofixOrUpgradePurlRun(manifestsTarHash, options, cliCommand) {
   try {
     const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-autofix-or-upgrade-cli-run`);
     const data2 = {
       manifestsTarHash,
-      repositoryName,
+      // disabling rule to also catch case where process.env.SOCKET_REPO_NAME is the empty string.
+      // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+      repositoryName: process.env.SOCKET_REPO_NAME || "unknown-repo",
       options,
       cliCommand
     };