@coana-tech/cli 14.12.65 → 14.12.67

package/cli.mjs

@@ -22174,15 +22174,15 @@ var require_file = __commonJS({
       _incFile(callback) {
         debug("_incFile", this.filename);
         const ext2 = path2.extname(this._basename);
-        const basename13 = path2.basename(this._basename, ext2);
+        const basename9 = path2.basename(this._basename, ext2);
         const tasks = [];
         if (this.zippedArchive) {
           tasks.push(
             function(cb) {
               const num = this._created > 0 && !this.tailable ? this._created : "";
               this._compressFile(
-                path2.join(this.dirname, `${basename13}${num}${ext2}`),
-                path2.join(this.dirname, `${basename13}${num}${ext2}.gz`),
+                path2.join(this.dirname, `${basename9}${num}${ext2}`),
+                path2.join(this.dirname, `${basename9}${num}${ext2}.gz`),
                 cb
               );
             }.bind(this)
@@ -22192,9 +22192,9 @@ var require_file = __commonJS({
           function(cb) {
             if (!this.tailable) {
               this._created += 1;
-              this._checkMaxFilesIncrementing(ext2, basename13, cb);
+              this._checkMaxFilesIncrementing(ext2, basename9, cb);
             } else {
-              this._checkMaxFilesTailable(ext2, basename13, cb);
+              this._checkMaxFilesTailable(ext2, basename9, cb);
             }
           }.bind(this)
         );
@@ -22208,9 +22208,9 @@ var require_file = __commonJS({
        */
       _getFile() {
         const ext2 = path2.extname(this._basename);
-        const basename13 = path2.basename(this._basename, ext2);
+        const basename9 = path2.basename(this._basename, ext2);
         const isRotation = this.rotationFormat ? this.rotationFormat() : this._created;
-        return !this.tailable && this._created ? `${basename13}${isRotation}${ext2}` : `${basename13}${ext2}`;
+        return !this.tailable && this._created ? `${basename9}${isRotation}${ext2}` : `${basename9}${ext2}`;
       }
       /**
        * Increment the number of files created or checked by this instance.
@@ -22220,14 +22220,14 @@ var require_file = __commonJS({
        * @returns {undefined}
        * @private
        */
-      _checkMaxFilesIncrementing(ext2, basename13, callback) {
+      _checkMaxFilesIncrementing(ext2, basename9, callback) {
         if (!this.maxFiles || this._created < this.maxFiles) {
           return setImmediate(callback);
         }
         const oldest = this._created - this.maxFiles;
         const isOldest = oldest !== 0 ? oldest : "";
         const isZipped = this.zippedArchive ? ".gz" : "";
-        const filePath = `${basename13}${isOldest}${ext2}${isZipped}`;
+        const filePath = `${basename9}${isOldest}${ext2}${isZipped}`;
         const target = path2.join(this.dirname, filePath);
         fs.unlink(target, callback);
       }
@@ -22242,7 +22242,7 @@ var require_file = __commonJS({
        * @returns {undefined}
        * @private
        */
-      _checkMaxFilesTailable(ext2, basename13, callback) {
+      _checkMaxFilesTailable(ext2, basename9, callback) {
         const tasks = [];
         if (!this.maxFiles) {
           return;
@@ -22250,21 +22250,21 @@ var require_file = __commonJS({
         const isZipped = this.zippedArchive ? ".gz" : "";
         for (let x2 = this.maxFiles - 1; x2 > 1; x2--) {
           tasks.push(function(i7, cb) {
-            let fileName3 = `${basename13}${i7 - 1}${ext2}${isZipped}`;
+            let fileName3 = `${basename9}${i7 - 1}${ext2}${isZipped}`;
             const tmppath = path2.join(this.dirname, fileName3);
             fs.exists(tmppath, (exists2) => {
               if (!exists2) {
                 return cb(null);
               }
-              fileName3 = `${basename13}${i7}${ext2}${isZipped}`;
+              fileName3 = `${basename9}${i7}${ext2}${isZipped}`;
               fs.rename(tmppath, path2.join(this.dirname, fileName3), cb);
             });
           }.bind(this, x2));
         }
         asyncSeries(tasks, () => {
           fs.rename(
-            path2.join(this.dirname, `${basename13}${ext2}${isZipped}`),
-            path2.join(this.dirname, `${basename13}1${ext2}${isZipped}`),
+            path2.join(this.dirname, `${basename9}${ext2}${isZipped}`),
+            path2.join(this.dirname, `${basename9}1${ext2}${isZipped}`),
             callback
           );
         });
@@ -25762,8 +25762,8 @@ var require_follow_redirects = __commonJS({
       }
       return parsed;
     }
-    function resolveUrl(relative18, base) {
-      return useNativeURL ? new URL3(relative18, base) : parseUrl(url2.resolve(base, relative18));
+    function resolveUrl(relative20, base) {
+      return useNativeURL ? new URL3(relative20, base) : parseUrl(url2.resolve(base, relative20));
     }
     function validateUrl(input) {
       if (/^\[/.test(input.hostname) && !/^\[[:0-9a-f]+\]$/i.test(input.hostname)) {
@@ -48514,9 +48514,9 @@ var require_picomatch = __commonJS({
     var utils = require_utils2();
     var constants3 = require_constants2();
     var isObject2 = (val2) => val2 && typeof val2 === "object" && !Array.isArray(val2);
-    var picomatch9 = (glob2, options, returnState = false) => {
+    var picomatch11 = (glob2, options, returnState = false) => {
       if (Array.isArray(glob2)) {
-        const fns = glob2.map((input) => picomatch9(input, options, returnState));
+        const fns = glob2.map((input) => picomatch11(input, options, returnState));
         const arrayMatcher = (str) => {
           for (const isMatch4 of fns) {
             const state2 = isMatch4(str);
@@ -48532,16 +48532,16 @@ var require_picomatch = __commonJS({
       }
       const opts = options || {};
       const posix3 = opts.windows;
-      const regex = isState ? picomatch9.compileRe(glob2, options) : picomatch9.makeRe(glob2, options, false, true);
+      const regex = isState ? picomatch11.compileRe(glob2, options) : picomatch11.makeRe(glob2, options, false, true);
       const state = regex.state;
       delete regex.state;
       let isIgnored = () => false;
       if (opts.ignore) {
         const ignoreOpts = { ...options, ignore: null, onMatch: null, onResult: null };
-        isIgnored = picomatch9(opts.ignore, ignoreOpts, returnState);
+        isIgnored = picomatch11(opts.ignore, ignoreOpts, returnState);
       }
       const matcher = (input, returnObject = false) => {
-        const { isMatch: isMatch4, match: match2, output } = picomatch9.test(input, regex, options, { glob: glob2, posix: posix3 });
+        const { isMatch: isMatch4, match: match2, output } = picomatch11.test(input, regex, options, { glob: glob2, posix: posix3 });
         const result = { glob: glob2, state, regex, posix: posix3, input, output, match: match2, isMatch: isMatch4 };
         if (typeof opts.onResult === "function") {
           opts.onResult(result);
@@ -48567,7 +48567,7 @@ var require_picomatch = __commonJS({
       }
       return matcher;
     };
-    picomatch9.test = (input, regex, options, { glob: glob2, posix: posix3 } = {}) => {
+    picomatch11.test = (input, regex, options, { glob: glob2, posix: posix3 } = {}) => {
       if (typeof input !== "string") {
         throw new TypeError("Expected input to be a string");
       }
@@ -48584,24 +48584,24 @@ var require_picomatch = __commonJS({
       }
       if (match2 === false || opts.capture === true) {
         if (opts.matchBase === true || opts.basename === true) {
-          match2 = picomatch9.matchBase(input, regex, options, posix3);
+          match2 = picomatch11.matchBase(input, regex, options, posix3);
         } else {
           match2 = regex.exec(output);
         }
       }
       return { isMatch: Boolean(match2), match: match2, output };
     };
-    picomatch9.matchBase = (input, glob2, options) => {
-      const regex = glob2 instanceof RegExp ? glob2 : picomatch9.makeRe(glob2, options);
+    picomatch11.matchBase = (input, glob2, options) => {
+      const regex = glob2 instanceof RegExp ? glob2 : picomatch11.makeRe(glob2, options);
       return regex.test(utils.basename(input));
     };
-    picomatch9.isMatch = (str, patterns, options) => picomatch9(patterns, options)(str);
-    picomatch9.parse = (pattern, options) => {
-      if (Array.isArray(pattern)) return pattern.map((p3) => picomatch9.parse(p3, options));
+    picomatch11.isMatch = (str, patterns, options) => picomatch11(patterns, options)(str);
+    picomatch11.parse = (pattern, options) => {
+      if (Array.isArray(pattern)) return pattern.map((p3) => picomatch11.parse(p3, options));
       return parse14(pattern, { ...options, fastpaths: false });
     };
-    picomatch9.scan = (input, options) => scan(input, options);
-    picomatch9.compileRe = (state, options, returnOutput = false, returnState = false) => {
+    picomatch11.scan = (input, options) => scan(input, options);
+    picomatch11.compileRe = (state, options, returnOutput = false, returnState = false) => {
       if (returnOutput === true) {
         return state.output;
       }
@@ -48612,13 +48612,13 @@ var require_picomatch = __commonJS({
       if (state && state.negated === true) {
         source = `^(?!${source}).*$`;
       }
-      const regex = picomatch9.toRegex(source, options);
+      const regex = picomatch11.toRegex(source, options);
       if (returnState === true) {
         regex.state = state;
       }
       return regex;
     };
-    picomatch9.makeRe = (input, options = {}, returnOutput = false, returnState = false) => {
+    picomatch11.makeRe = (input, options = {}, returnOutput = false, returnState = false) => {
       if (!input || typeof input !== "string") {
         throw new TypeError("Expected a non-empty string");
       }
@@ -48629,9 +48629,9 @@ var require_picomatch = __commonJS({
       if (!parsed.output) {
         parsed = parse14(input, options);
       }
-      return picomatch9.compileRe(parsed, options, returnOutput, returnState);
+      return picomatch11.compileRe(parsed, options, returnOutput, returnState);
     };
-    picomatch9.toRegex = (source, options) => {
+    picomatch11.toRegex = (source, options) => {
       try {
         const opts = options || {};
         return new RegExp(source, opts.flags || (opts.nocase ? "i" : ""));
@@ -48640,8 +48640,8 @@ var require_picomatch = __commonJS({
         return /$^/;
       }
     };
-    picomatch9.constants = constants3;
-    module2.exports = picomatch9;
+    picomatch11.constants = constants3;
+    module2.exports = picomatch11;
   }
 });
 
@@ -48651,14 +48651,14 @@ var require_picomatch2 = __commonJS({
     "use strict";
     var pico = require_picomatch();
     var utils = require_utils2();
-    function picomatch9(glob2, options, returnState = false) {
+    function picomatch11(glob2, options, returnState = false) {
       if (options && (options.windows === null || options.windows === void 0)) {
         options = { ...options, windows: utils.isWindows() };
       }
       return pico(glob2, options, returnState);
     }
-    Object.assign(picomatch9, pico);
-    module2.exports = picomatch9;
+    Object.assign(picomatch11, pico);
+    module2.exports = picomatch11;
   }
 });
 
@@ -52474,7 +52474,7 @@ var require_cjs2 = __commonJS({
 var require_lib12 = __commonJS({
   "../../node_modules/.pnpm/write-file-atomic@5.0.1/node_modules/write-file-atomic/lib/index.js"(exports2, module2) {
     "use strict";
-    module2.exports = writeFile14;
+    module2.exports = writeFile16;
     module2.exports.sync = writeFileSync4;
     module2.exports._getTmpname = getTmpname;
     module2.exports._cleanupOnExit = cleanupOnExit;
@@ -52599,7 +52599,7 @@ var require_lib12 = __commonJS({
         }
       }
     }
-    async function writeFile14(filename, data2, options, callback) {
+    async function writeFile16(filename, data2, options, callback) {
       if (options instanceof Function) {
         callback = options;
         options = {};
@@ -67565,16 +67565,16 @@ var require_lockfile = __commonJS({
             if (process.platform === "win32") {
               yield fsSymlink(src, dest, "junction");
             } else {
-              let relative18;
+              let relative20;
               try {
-                relative18 = (_path || _load_path()).default.relative((_fs || _load_fs()).default.realpathSync((_path || _load_path()).default.dirname(dest)), (_fs || _load_fs()).default.realpathSync(src));
+                relative20 = (_path || _load_path()).default.relative((_fs || _load_fs()).default.realpathSync((_path || _load_path()).default.dirname(dest)), (_fs || _load_fs()).default.realpathSync(src));
               } catch (err) {
                 if (err.code !== "ENOENT") {
                   throw err;
                 }
-                relative18 = (_path || _load_path()).default.relative((_path || _load_path()).default.dirname(dest), src);
+                relative20 = (_path || _load_path()).default.relative((_path || _load_path()).default.dirname(dest), src);
               }
-              yield fsSymlink(relative18 || ".", dest);
+              yield fsSymlink(relative20 || ".", dest);
             }
           });
           return function symlink2(_x24, _x25) {
@@ -67601,17 +67601,17 @@ var require_lockfile = __commonJS({
                 _ref28 = _i14.value;
               }
               const name = _ref28;
-              const relative18 = relativeDir ? (_path || _load_path()).default.join(relativeDir, name) : name;
+              const relative20 = relativeDir ? (_path || _load_path()).default.join(relativeDir, name) : name;
               const loc = (_path || _load_path()).default.join(dir, name);
               const stat5 = yield lstat2(loc);
               files.push({
-                relative: relative18,
+                relative: relative20,
                 basename: name,
                 absolute: loc,
                 mtime: +stat5.mtime
               });
               if (stat5.isDirectory()) {
-                files = files.concat(yield walk(loc, relative18, ignoreBasenames));
+                files = files.concat(yield walk(loc, relative20, ignoreBasenames));
               }
             }
             return files;
@@ -67656,7 +67656,7 @@ var require_lockfile = __commonJS({
             if (eol !== "\n") {
               data2 = data2.replace(/\n/g, eol);
             }
-            yield writeFile14(path2, data2);
+            yield writeFile16(path2, data2);
           });
           return function writeFilePreservingEol2(_x30, _x31) {
             return _ref31.apply(this, arguments);
@@ -67668,7 +67668,7 @@ var require_lockfile = __commonJS({
             const file = (_path || _load_path()).default.join(dir, filename);
             const fileLink = (_path || _load_path()).default.join(dir, filename + "-link");
             try {
-              yield writeFile14(file, "test");
+              yield writeFile16(file, "test");
               yield link(file, fileLink);
             } catch (err) {
               return false;
@@ -67818,7 +67818,7 @@ var require_lockfile = __commonJS({
         const lockQueue = exports3.lockQueue = new (_blockingQueue || _load_blockingQueue()).default("fs lock");
         const readFileBuffer = exports3.readFileBuffer = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.readFile);
         const open = exports3.open = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.open);
-        const writeFile14 = exports3.writeFile = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.writeFile);
+        const writeFile16 = exports3.writeFile = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.writeFile);
         const readlink2 = exports3.readlink = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.readlink);
         const realpath2 = exports3.realpath = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.realpath);
         const readdir7 = exports3.readdir = (0, (_promise2 || _load_promise2()).promisify)((_fs || _load_fs()).default.readdir);
@@ -104191,9 +104191,9 @@ var require_picomatch3 = __commonJS({
     var utils = require_utils5();
     var constants3 = require_constants6();
     var isObject2 = (val2) => val2 && typeof val2 === "object" && !Array.isArray(val2);
-    var picomatch9 = (glob2, options, returnState = false) => {
+    var picomatch11 = (glob2, options, returnState = false) => {
       if (Array.isArray(glob2)) {
-        const fns = glob2.map((input) => picomatch9(input, options, returnState));
+        const fns = glob2.map((input) => picomatch11(input, options, returnState));
         const arrayMatcher = (str) => {
           for (const isMatch4 of fns) {
             const state2 = isMatch4(str);
@@ -104209,16 +104209,16 @@ var require_picomatch3 = __commonJS({
       }
       const opts = options || {};
       const posix3 = utils.isWindows(options);
-      const regex = isState ? picomatch9.compileRe(glob2, options) : picomatch9.makeRe(glob2, options, false, true);
+      const regex = isState ? picomatch11.compileRe(glob2, options) : picomatch11.makeRe(glob2, options, false, true);
       const state = regex.state;
       delete regex.state;
       let isIgnored = () => false;
       if (opts.ignore) {
         const ignoreOpts = { ...options, ignore: null, onMatch: null, onResult: null };
-        isIgnored = picomatch9(opts.ignore, ignoreOpts, returnState);
+        isIgnored = picomatch11(opts.ignore, ignoreOpts, returnState);
       }
       const matcher = (input, returnObject = false) => {
-        const { isMatch: isMatch4, match: match2, output } = picomatch9.test(input, regex, options, { glob: glob2, posix: posix3 });
+        const { isMatch: isMatch4, match: match2, output } = picomatch11.test(input, regex, options, { glob: glob2, posix: posix3 });
         const result = { glob: glob2, state, regex, posix: posix3, input, output, match: match2, isMatch: isMatch4 };
         if (typeof opts.onResult === "function") {
           opts.onResult(result);
@@ -104244,7 +104244,7 @@ var require_picomatch3 = __commonJS({
       }
       return matcher;
     };
-    picomatch9.test = (input, regex, options, { glob: glob2, posix: posix3 } = {}) => {
+    picomatch11.test = (input, regex, options, { glob: glob2, posix: posix3 } = {}) => {
       if (typeof input !== "string") {
         throw new TypeError("Expected input to be a string");
       }
@@ -104261,24 +104261,24 @@ var require_picomatch3 = __commonJS({
       }
       if (match2 === false || opts.capture === true) {
         if (opts.matchBase === true || opts.basename === true) {
-          match2 = picomatch9.matchBase(input, regex, options, posix3);
+          match2 = picomatch11.matchBase(input, regex, options, posix3);
         } else {
           match2 = regex.exec(output);
         }
       }
       return { isMatch: Boolean(match2), match: match2, output };
     };
-    picomatch9.matchBase = (input, glob2, options, posix3 = utils.isWindows(options)) => {
-      const regex = glob2 instanceof RegExp ? glob2 : picomatch9.makeRe(glob2, options);
+    picomatch11.matchBase = (input, glob2, options, posix3 = utils.isWindows(options)) => {
+      const regex = glob2 instanceof RegExp ? glob2 : picomatch11.makeRe(glob2, options);
       return regex.test(path2.basename(input));
     };
-    picomatch9.isMatch = (str, patterns, options) => picomatch9(patterns, options)(str);
-    picomatch9.parse = (pattern, options) => {
-      if (Array.isArray(pattern)) return pattern.map((p3) => picomatch9.parse(p3, options));
+    picomatch11.isMatch = (str, patterns, options) => picomatch11(patterns, options)(str);
+    picomatch11.parse = (pattern, options) => {
+      if (Array.isArray(pattern)) return pattern.map((p3) => picomatch11.parse(p3, options));
       return parse14(pattern, { ...options, fastpaths: false });
     };
-    picomatch9.scan = (input, options) => scan(input, options);
-    picomatch9.compileRe = (state, options, returnOutput = false, returnState = false) => {
+    picomatch11.scan = (input, options) => scan(input, options);
+    picomatch11.compileRe = (state, options, returnOutput = false, returnState = false) => {
       if (returnOutput === true) {
         return state.output;
       }
@@ -104289,13 +104289,13 @@ var require_picomatch3 = __commonJS({
       if (state && state.negated === true) {
         source = `^(?!${source}).*$`;
       }
-      const regex = picomatch9.toRegex(source, options);
+      const regex = picomatch11.toRegex(source, options);
       if (returnState === true) {
         regex.state = state;
       }
       return regex;
     };
-    picomatch9.makeRe = (input, options = {}, returnOutput = false, returnState = false) => {
+    picomatch11.makeRe = (input, options = {}, returnOutput = false, returnState = false) => {
       if (!input || typeof input !== "string") {
         throw new TypeError("Expected a non-empty string");
       }
@@ -104306,9 +104306,9 @@ var require_picomatch3 = __commonJS({
       if (!parsed.output) {
         parsed = parse14(input, options);
       }
-      return picomatch9.compileRe(parsed, options, returnOutput, returnState);
+      return picomatch11.compileRe(parsed, options, returnOutput, returnState);
     };
-    picomatch9.toRegex = (source, options) => {
+    picomatch11.toRegex = (source, options) => {
       try {
         const opts = options || {};
         return new RegExp(source, opts.flags || (opts.nocase ? "i" : ""));
@@ -104317,8 +104317,8 @@ var require_picomatch3 = __commonJS({
         return /$^/;
       }
     };
-    picomatch9.constants = constants3;
-    module2.exports = picomatch9;
+    picomatch11.constants = constants3;
+    module2.exports = picomatch11;
   }
 });
 
@@ -104336,7 +104336,7 @@ var require_micromatch = __commonJS({
     "use strict";
     var util5 = __require("util");
     var braces = require_braces();
-    var picomatch9 = require_picomatch4();
+    var picomatch11 = require_picomatch4();
     var utils = require_utils5();
     var isEmptyString = (val2) => val2 === "" || val2 === "./";
     var micromatch4 = (list, patterns, options) => {
@@ -104353,7 +104353,7 @@ var require_micromatch = __commonJS({
         }
       };
       for (let i7 = 0; i7 < patterns.length; i7++) {
-        let isMatch4 = picomatch9(String(patterns[i7]), { ...options, onResult }, true);
+        let isMatch4 = picomatch11(String(patterns[i7]), { ...options, onResult }, true);
         let negated = isMatch4.state.negated || isMatch4.state.negatedExtglob;
         if (negated) negatives++;
         for (let item of list) {
@@ -104381,8 +104381,8 @@ var require_micromatch = __commonJS({
       return matches;
     };
     micromatch4.match = micromatch4;
-    micromatch4.matcher = (pattern, options) => picomatch9(pattern, options);
-    micromatch4.isMatch = (str, patterns, options) => picomatch9(patterns, options)(str);
+    micromatch4.matcher = (pattern, options) => picomatch11(pattern, options);
+    micromatch4.isMatch = (str, patterns, options) => picomatch11(patterns, options)(str);
     micromatch4.any = micromatch4.isMatch;
     micromatch4.not = (list, patterns, options = {}) => {
       patterns = [].concat(patterns).map(String);
@@ -104429,7 +104429,7 @@ var require_micromatch = __commonJS({
     micromatch4.some = (list, patterns, options) => {
       let items = [].concat(list);
       for (let pattern of [].concat(patterns)) {
-        let isMatch4 = picomatch9(String(pattern), options);
+        let isMatch4 = picomatch11(String(pattern), options);
         if (items.some((item) => isMatch4(item))) {
           return true;
         }
@@ -104439,7 +104439,7 @@ var require_micromatch = __commonJS({
     micromatch4.every = (list, patterns, options) => {
       let items = [].concat(list);
       for (let pattern of [].concat(patterns)) {
-        let isMatch4 = picomatch9(String(pattern), options);
+        let isMatch4 = picomatch11(String(pattern), options);
         if (!items.every((item) => isMatch4(item))) {
           return false;
         }
@@ -104450,23 +104450,23 @@ var require_micromatch = __commonJS({
       if (typeof str !== "string") {
         throw new TypeError(`Expected a string: "${util5.inspect(str)}"`);
       }
-      return [].concat(patterns).every((p3) => picomatch9(p3, options)(str));
+      return [].concat(patterns).every((p3) => picomatch11(p3, options)(str));
     };
     micromatch4.capture = (glob2, input, options) => {
       let posix3 = utils.isWindows(options);
-      let regex = picomatch9.makeRe(String(glob2), { ...options, capture: true });
+      let regex = picomatch11.makeRe(String(glob2), { ...options, capture: true });
       let match2 = regex.exec(posix3 ? utils.toPosixSlashes(input) : input);
       if (match2) {
         return match2.slice(1).map((v) => v === void 0 ? "" : v);
       }
     };
-    micromatch4.makeRe = (...args2) => picomatch9.makeRe(...args2);
-    micromatch4.scan = (...args2) => picomatch9.scan(...args2);
+    micromatch4.makeRe = (...args2) => picomatch11.makeRe(...args2);
+    micromatch4.scan = (...args2) => picomatch11.scan(...args2);
     micromatch4.parse = (patterns, options) => {
       let res = [];
       for (let pattern of [].concat(patterns || [])) {
         for (let str of braces(String(pattern), options)) {
-          res.push(picomatch9.parse(str, options));
+          res.push(picomatch11.parse(str, options));
         }
       }
       return res;
@@ -107385,7 +107385,7 @@ var require_parseParams = __commonJS({
 var require_basename = __commonJS({
   "../../node_modules/.pnpm/@fastify+busboy@2.1.1/node_modules/@fastify/busboy/lib/utils/basename.js"(exports2, module2) {
     "use strict";
-    module2.exports = function basename13(path2) {
+    module2.exports = function basename9(path2) {
       if (typeof path2 !== "string") {
         return "";
       }
@@ -107412,7 +107412,7 @@ var require_multipart = __commonJS({
     var Dicer = require_Dicer();
     var parseParams = require_parseParams();
     var decodeText = require_decodeText();
-    var basename13 = require_basename();
+    var basename9 = require_basename();
     var getLimit2 = require_getLimit();
     var RE_BOUNDARY = /^boundary$/i;
     var RE_FIELD = /^form-data$/i;
@@ -107529,7 +107529,7 @@ var require_multipart = __commonJS({
               } else if (RE_FILENAME.test(parsed[i7][0])) {
                 filename = parsed[i7][1];
                 if (!preservePath) {
-                  filename = basename13(filename);
+                  filename = basename9(filename);
                 }
               }
             }
@@ -122915,7 +122915,7 @@ var require_summary = __commonJS({
     exports2.summary = exports2.markdownSummary = exports2.SUMMARY_DOCS_URL = exports2.SUMMARY_ENV_VAR = void 0;
     var os_1 = __require("os");
     var fs_1 = __require("fs");
-    var { access: access5, appendFile, writeFile: writeFile14 } = fs_1.promises;
+    var { access: access5, appendFile, writeFile: writeFile16 } = fs_1.promises;
     exports2.SUMMARY_ENV_VAR = "GITHUB_STEP_SUMMARY";
     exports2.SUMMARY_DOCS_URL = "https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions#adding-a-job-summary";
     var Summary = class {
@@ -122973,7 +122973,7 @@ var require_summary = __commonJS({
         return __awaiter(this, void 0, void 0, function* () {
           const overwrite = !!(options === null || options === void 0 ? void 0 : options.overwrite);
           const filePath = yield this.filePath();
-          const writeFunc = overwrite ? writeFile14 : appendFile;
+          const writeFunc = overwrite ? writeFile16 : appendFile;
           yield writeFunc(filePath, this._buffer, { encoding: "utf8" });
           return this.emptyBuffer();
         });
@@ -126365,8 +126365,8 @@ var require_tmp = __commonJS({
       if (option === "name") {
         if (path2.isAbsolute(name))
           throw new Error(`${option} option must not contain an absolute path, found "${name}".`);
-        let basename13 = path2.basename(name);
-        if (basename13 === ".." || basename13 === "." || basename13 !== name)
+        let basename9 = path2.basename(name);
+        if (basename9 === ".." || basename9 === "." || basename9 !== name)
           throw new Error(`${option} option must not contain a path, found "${name}".`);
       } else {
         if (path2.isAbsolute(name) && !name.startsWith(tmpDir)) {
@@ -152234,7 +152234,7 @@ var require_micromatch2 = __commonJS({
     "use strict";
     var util5 = __require("util");
     var braces = require_braces2();
-    var picomatch9 = require_picomatch4();
+    var picomatch11 = require_picomatch4();
     var utils = require_utils5();
     var isEmptyString = (v) => v === "" || v === "./";
     var hasBraces = (v) => {
@@ -152255,7 +152255,7 @@ var require_micromatch2 = __commonJS({
         }
       };
       for (let i7 = 0; i7 < patterns.length; i7++) {
-        let isMatch4 = picomatch9(String(patterns[i7]), { ...options, onResult }, true);
+        let isMatch4 = picomatch11(String(patterns[i7]), { ...options, onResult }, true);
         let negated = isMatch4.state.negated || isMatch4.state.negatedExtglob;
         if (negated) negatives++;
         for (let item of list) {
@@ -152283,8 +152283,8 @@ var require_micromatch2 = __commonJS({
       return matches;
     };
     micromatch4.match = micromatch4;
-    micromatch4.matcher = (pattern, options) => picomatch9(pattern, options);
-    micromatch4.isMatch = (str, patterns, options) => picomatch9(patterns, options)(str);
+    micromatch4.matcher = (pattern, options) => picomatch11(pattern, options);
+    micromatch4.isMatch = (str, patterns, options) => picomatch11(patterns, options)(str);
     micromatch4.any = micromatch4.isMatch;
     micromatch4.not = (list, patterns, options = {}) => {
       patterns = [].concat(patterns).map(String);
@@ -152331,7 +152331,7 @@ var require_micromatch2 = __commonJS({
     micromatch4.some = (list, patterns, options) => {
       let items = [].concat(list);
       for (let pattern of [].concat(patterns)) {
-        let isMatch4 = picomatch9(String(pattern), options);
+        let isMatch4 = picomatch11(String(pattern), options);
         if (items.some((item) => isMatch4(item))) {
           return true;
         }
@@ -152341,7 +152341,7 @@ var require_micromatch2 = __commonJS({
     micromatch4.every = (list, patterns, options) => {
       let items = [].concat(list);
       for (let pattern of [].concat(patterns)) {
-        let isMatch4 = picomatch9(String(pattern), options);
+        let isMatch4 = picomatch11(String(pattern), options);
         if (!items.every((item) => isMatch4(item))) {
           return false;
         }
@@ -152352,23 +152352,23 @@ var require_micromatch2 = __commonJS({
       if (typeof str !== "string") {
         throw new TypeError(`Expected a string: "${util5.inspect(str)}"`);
       }
-      return [].concat(patterns).every((p3) => picomatch9(p3, options)(str));
+      return [].concat(patterns).every((p3) => picomatch11(p3, options)(str));
     };
     micromatch4.capture = (glob2, input, options) => {
       let posix3 = utils.isWindows(options);
-      let regex = picomatch9.makeRe(String(glob2), { ...options, capture: true });
+      let regex = picomatch11.makeRe(String(glob2), { ...options, capture: true });
       let match2 = regex.exec(posix3 ? utils.toPosixSlashes(input) : input);
       if (match2) {
         return match2.slice(1).map((v) => v === void 0 ? "" : v);
       }
     };
-    micromatch4.makeRe = (...args2) => picomatch9.makeRe(...args2);
-    micromatch4.scan = (...args2) => picomatch9.scan(...args2);
+    micromatch4.makeRe = (...args2) => picomatch11.makeRe(...args2);
+    micromatch4.scan = (...args2) => picomatch11.scan(...args2);
     micromatch4.parse = (patterns, options) => {
       let res = [];
       for (let pattern of [].concat(patterns || [])) {
         for (let str of braces(String(pattern), options)) {
-          res.push(picomatch9.parse(str, options));
+          res.push(picomatch11.parse(str, options));
         }
       }
       return res;
@@ -201114,9 +201114,9 @@ var {
 } = import_index.default;
 
 // dist/index.js
-import { mkdir as mkdir3, mkdtemp as mkdtemp2, readFile as readFile33, rm as rm2, writeFile as writeFile13 } from "fs/promises";
+import { mkdir as mkdir3, mkdtemp as mkdtemp2, readFile as readFile33, rm as rm2, writeFile as writeFile15 } from "fs/promises";
 import { tmpdir as tmpdir2 } from "os";
-import { dirname as dirname19, join as join27, resolve as resolve41 } from "path";
+import { dirname as dirname18, join as join27, resolve as resolve41 } from "path";
 
 // ../../node_modules/.pnpm/remeda@2.14.0/node_modules/remeda/dist/chunk-ANXBDSUI.js
 var s = { done: false, hasNext: false };
@@ -211425,11 +211425,11 @@ var MavenSocketUpgradeManager = class {
     const pomFiles = /* @__PURE__ */ new Set();
     const gradleLockfiles = /* @__PURE__ */ new Set();
     const sbtManifestFiles = /* @__PURE__ */ new Set();
-    const pomMatcher = (0, import_picomatch.default)("{**/,}{*-*.,}pom{.xml,}");
-    const buildOutput = (0, import_picomatch.default)("{**/,}build/**");
-    const targetOutput = (0, import_picomatch.default)("{**/,}target/**");
-    const gradleLockfileMatcher = (0, import_picomatch.default)("{**/,}gradle.lockfile");
-    const sbtMatcher = (0, import_picomatch.default)("{**/,}{*.sbt,*.scala}");
+    const pomMatcher = (0, import_picomatch.default)("{*-*.,}pom{.xml,}", { basename: true });
+    const buildOutput = (0, import_picomatch.default)("build/**");
+    const targetOutput = (0, import_picomatch.default)("target/**");
+    const gradleLockfileMatcher = (0, import_picomatch.default)("gradle.lockfile", { basename: true });
+    const sbtMatcher = (0, import_picomatch.default)(["*.sbt", "*.scala"], { basename: true });
     for (const manifestFile of ctxt.manifestFiles) {
       if (pomMatcher(manifestFile) && !buildOutput(manifestFile) && !targetOutput(manifestFile)) {
         pomFiles.add(resolve13(this.rootDir, manifestFile));
@@ -211778,7 +211778,7 @@ ${indent(1, indentationSize)}`)}
 };
 
 // ../fixing-management/src/fixing-management/npm/npm-socket-upgrade-manager.ts
-import { basename as basename3, dirname as dirname6, relative as relative6, resolve as resolve17 } from "path";
+import { dirname as dirname6, relative as relative6, resolve as resolve17 } from "path";
 
 // ../utils/src/npm-utils.ts
 import { access, constants } from "fs/promises";
@@ -217321,10 +217321,10 @@ var Ignore = class {
   ignored(p3) {
     const fullpath = p3.fullpath();
     const fullpaths = `${fullpath}/`;
-    const relative18 = p3.relative() || ".";
-    const relatives = `${relative18}/`;
+    const relative20 = p3.relative() || ".";
+    const relatives = `${relative20}/`;
     for (const m4 of this.relative) {
-      if (m4.match(relative18) || m4.match(relatives))
+      if (m4.match(relative20) || m4.match(relatives))
         return true;
     }
     for (const m4 of this.absolute) {
@@ -217335,9 +217335,9 @@ var Ignore = class {
   }
   childrenIgnored(p3) {
     const fullpath = p3.fullpath() + "/";
-    const relative18 = (p3.relative() || ".") + "/";
+    const relative20 = (p3.relative() || ".") + "/";
     for (const m4 of this.relativeChildren) {
-      if (m4.match(relative18))
+      if (m4.match(relative20))
         return true;
     }
     for (const m4 of this.absoluteChildren) {
@@ -219821,10 +219821,10 @@ var NpmSocketUpgradeManager = class {
   constructor(rootDir) {
     this.rootDir = rootDir;
   }
-  packageJsonMatcher = (0, import_picomatch2.default)("package.json");
-  packageLockMatcher = (0, import_picomatch2.default)("package-lock.json");
-  pnpmLockMatcher = (0, import_picomatch2.default)("{pnpm-lock.yaml,pnpm-lock.yml}");
-  yarnLockMatcher = (0, import_picomatch2.default)("yarn.lock");
+  packageJsonMatcher = (0, import_picomatch2.default)("package.json", { basename: true });
+  packageLockMatcher = (0, import_picomatch2.default)("package-lock.json", { basename: true });
+  pnpmLockMatcher = (0, import_picomatch2.default)(["pnpm-lock.yaml", "pnpm-lock.yml"], { basename: true });
+  yarnLockMatcher = (0, import_picomatch2.default)("yarn.lock", { basename: true });
   async applySocketArtifactUpgrades(ctxt) {
     const packageJsonToLockfiles = await this.buildPackageJsonToLockfilesMap(ctxt);
     const directPatches = [];
@@ -219834,11 +219834,12 @@ var NpmSocketUpgradeManager = class {
       assert7(artifact.name);
       assert7(artifact.version);
       const directPackageJsons = new Set(
-        artifact.manifestFiles?.filter((mf) => this.packageJsonMatcher(basename3(mf.file))).map((mf) => mf.file) ?? []
+        artifact.manifestFiles?.filter((mf) => this.packageJsonMatcher(mf.file)).map((mf) => mf.file) ?? []
       );
       for (const mf of artifact.manifestFiles ?? []) {
-        const fileName3 = basename3(mf.file);
+        const fileName3 = mf.file;
         if (this.packageJsonMatcher(fileName3)) {
+          if (ctxt.wsFilter && !ctxt.wsFilter(dirname6(fileName3) || ".")) continue;
           const patches = await this.createDirectDependencyPatches(mf, idx, upgradeVersion, ctxt);
           directPatches.push(...patches);
         } else if (this.packageLockMatcher(fileName3) || this.pnpmLockMatcher(fileName3) || this.yarnLockMatcher(fileName3)) {
@@ -219857,13 +219858,14 @@ var NpmSocketUpgradeManager = class {
         const ancestor = ctxt.artifacts.find((a4) => a4.id === ancestorId);
         if (ancestor) {
           for (const mf of ancestor.manifestFiles ?? []) {
-            if (this.packageJsonMatcher(basename3(mf.file)) && !directPackageJsons.has(mf.file)) {
+            if (this.packageJsonMatcher(mf.file) && !directPackageJsons.has(mf.file)) {
               transitivePackageJsons.add(mf.file);
             }
           }
         }
       }
       for (const packageJsonFile of transitivePackageJsons) {
+        if (ctxt.wsFilter && !ctxt.wsFilter(dirname6(packageJsonFile) || ".")) continue;
         const patches = await this.createTransitiveDependencyPatches(packageJsonFile, idx, upgradeVersion, ctxt);
         transitivePatches.push(...patches);
       }
@@ -219893,7 +219895,16 @@ var NpmSocketUpgradeManager = class {
     );
     const lockfileToArtifacts = {};
     for (const { file, artifacts } of appliedTemporaryPatches) {
-      const lockfiles = packageJsonToLockfiles.get(file) ?? [];
+      const lockfiles = packageJsonToLockfiles.get(file);
+      if (!lockfiles) {
+        ctxt.statusUpdater?.({
+          status: "error",
+          file,
+          message: "No lockfile found for package.json",
+          artifacts: i3(artifacts)
+        });
+        continue;
+      }
       for (const lockfile2 of lockfiles) {
         if (!lockfileToArtifacts[lockfile2]) {
           lockfileToArtifacts[lockfile2] = [];
@@ -219908,14 +219919,14 @@ var NpmSocketUpgradeManager = class {
         ctxt.statusUpdater?.({
           status: "success",
           file: relative6(this.rootDir, path2),
-          message: "Restored package.json",
+          message: "File restored",
           artifacts: i3(artifacts)
         });
       } catch (e) {
         ctxt.statusUpdater?.({
           status: "error",
           file: relative6(this.rootDir, path2),
-          message: "Could not restore package.json",
+          message: "Could not restore file",
           artifacts: i3(artifacts)
         });
       }
@@ -220015,15 +220026,15 @@ var NpmSocketUpgradeManager = class {
       const lockfileDir = dirname6(resolve17(this.rootDir, lockfile2));
       const oldFileContent = await readFile14(resolve17(this.rootDir, lockfile2), "utf-8");
       let error;
-      if (this.packageLockMatcher(basename3(lockfile2))) {
+      if (this.packageLockMatcher(lockfile2)) {
         const command = mode === "LOCKFILE_ONLY" ? cmdt`npm install --package-lock-only` : cmdt`npm install -f --ignore-scripts --no-fund --no-audit --no-progress`;
         const result = await execNeverFail(command, lockfileDir);
         error = result.error;
-      } else if (this.pnpmLockMatcher(basename3(lockfile2))) {
+      } else if (this.pnpmLockMatcher(lockfile2)) {
         const command = mode === "LOCKFILE_ONLY" ? cmdt`pnpm install --lockfile-only` : cmdt`pnpm install --ignore-scripts --fix-lockfile --config.confirmModulesPurge=false`;
         const result = await execNeverFail(command, lockfileDir);
         error = result.error;
-      } else if (this.yarnLockMatcher(basename3(lockfile2))) {
+      } else if (this.yarnLockMatcher(lockfile2)) {
         const yarnType = await getYarnType(lockfileDir);
         if (yarnType === "classic") {
           const command = mode === "LOCKFILE_ONLY" ? cmdt`yarn install --mode update-lockfile` : cmdt`yarn install --ignore-scripts --noninteractive`;
@@ -220066,7 +220077,7 @@ var NpmSocketUpgradeManager = class {
           status: "error",
           file: lockfile2,
           artifacts: i3(artifacts),
-          message: `Failed to update lockfile: ${error.message}`
+          message: `Failed to update lockfile: ${error.message ?? "Unknown error"}`
         });
       }
     });
@@ -220078,11 +220089,11 @@ var NpmSocketUpgradeManager = class {
   async buildPackageJsonToLockfilesMap(ctxt) {
     const packageJsonToLockfiles = /* @__PURE__ */ new Map();
     const lockFiles = ctxt.manifestFiles.filter(
-      (file) => this.packageLockMatcher(basename3(file)) || this.pnpmLockMatcher(basename3(file)) || this.yarnLockMatcher(basename3(file))
+      (file) => this.packageLockMatcher(file) || this.pnpmLockMatcher(file) || this.yarnLockMatcher(file)
     );
     for (const lockFile of lockFiles) {
       const lockFileDir = resolve17(this.rootDir, dirname6(lockFile));
-      const isPnpmLockFile = this.pnpmLockMatcher(basename3(lockFile));
+      const isPnpmLockFile = this.pnpmLockMatcher(lockFile);
       const workspaces = isPnpmLockFile ? await getWorkspacePathsFromPnpmLockFile(lockFileDir, true) : await getWorkspacePathsFromPackageJSON(lockFileDir, true);
       for (const workspace of workspaces) {
         const packageJson = relative6(this.rootDir, resolve17(lockFileDir, workspace, "package.json"));
@@ -220375,7 +220386,7 @@ import { readFile as readFile17, writeFile as writeFile6 } from "fs/promises";
 import { resolve as resolve21 } from "path";
 
 // ../utils/src/package-utils.ts
-import { parse as parse4, join as join7, resolve as resolve20, normalize as normalize3, dirname as dirname7, basename as basename4, relative as relative7 } from "path";
+import { parse as parse4, join as join7, resolve as resolve20, normalize as normalize3, dirname as dirname7, basename as basename3, relative as relative7 } from "path";
 import { existsSync as existsSync10, readFileSync as readFileSync2, readdirSync as readdirSync3, statSync as statSync2, writeFileSync as writeFileSync2 } from "fs";
 function setFieldInPackageJson(workspaceRoot, field, value2) {
   const packageJSONContentObj = getPackageJsonObject2(workspaceRoot);
@@ -220885,12 +220896,12 @@ var CargoFixingManager = class {
 
 // ../fixing-management/src/fixing-management/nuget/nuget-socket-upgrade-manager.ts
 var import_picomatch3 = __toESM(require_picomatch2(), 1);
-import { basename as basename6, resolve as resolve23 } from "node:path";
+import { resolve as resolve23 } from "node:path";
 
 // ../fixing-management/src/fixing-management/nuget/nuget-project-utils.ts
 var import_parse_xml3 = __toESM(require_dist(), 1);
 import { readFile as readFile19 } from "node:fs/promises";
-import { dirname as dirname8, join as join10, relative as relative8, resolve as resolve22, basename as basename5, extname } from "node:path";
+import { dirname as dirname8, join as join10, relative as relative8, resolve as resolve22, basename as basename4, extname } from "node:path";
 import { existsSync as existsSync11 } from "node:fs";
 function normalizeMSBuildPath(path2) {
   return path2.replace(/\\/g, "/");
@@ -221042,11 +221053,11 @@ function addReservedMSBuildProperties(currentProject, mainProject) {
       normalizeMSBuildPath(dirname8(mainProject.validatedProjectPath)).replace(/^[A-Za-z]:/, "")
     ],
     ["MSBuildProjectExtension", extname(mainProject.validatedProjectPath)],
-    ["MSBuildProjectFile", basename5(mainProject.validatedProjectPath)],
+    ["MSBuildProjectFile", basename4(mainProject.validatedProjectPath)],
     ["MSBuildProjectFullPath", normalizeMSBuildPath(mainProject.validatedProjectPath)],
-    ["MSBuildProjectName", basename5(mainProject.validatedProjectPath, extname(mainProject.validatedProjectPath))],
+    ["MSBuildProjectName", basename4(mainProject.validatedProjectPath, extname(mainProject.validatedProjectPath))],
     // MSBuildThisFile* properties - reference the current project being processed
-    ["MSBuildThisFile", basename5(currentProject.validatedProjectPath)],
+    ["MSBuildThisFile", basename4(currentProject.validatedProjectPath)],
     ["MSBuildThisFileDirectory", normalizeMSBuildPath(dirname8(currentProject.validatedProjectPath)) + "/"],
     [
       "MSBuildThisFileDirectoryNoRoot",
@@ -221056,7 +221067,7 @@ function addReservedMSBuildProperties(currentProject, mainProject) {
     ["MSBuildThisFileFullPath", normalizeMSBuildPath(currentProject.validatedProjectPath)],
     [
       "MSBuildThisFileName",
-      basename5(currentProject.validatedProjectPath, extname(currentProject.validatedProjectPath))
+      basename4(currentProject.validatedProjectPath, extname(currentProject.validatedProjectPath))
     ]
   ];
   for (const [propertyName, propertyValue] of reservedProperties) {
@@ -221302,16 +221313,27 @@ var NuGetSocketUpgradeManager = class {
     this.rootDir = rootDir;
   }
   // Individual matchers for specific handling
-  projectMatcher = (0, import_picomatch3.default)("{*.*proj,*.props,*.targets}");
-  packagesConfigMatcher = (0, import_picomatch3.default)("{packages.config,packages.*.config}");
-  lockFileMatcher = (0, import_picomatch3.default)("packages.lock.json");
+  projectMatcher = (0, import_picomatch3.default)(["*.*proj", "*.props", "*.targets"], { basename: true });
+  packagesConfigMatcher = (0, import_picomatch3.default)(["packages.config", "packages.*.config"], { basename: true });
+  lockFileMatcher = (0, import_picomatch3.default)("packages.lock.json", { basename: true });
   combinedMatcher = (0, import_picomatch3.default)(
-    "{*.sln,*.*proj,*.targets,*.props,*.projitems,*.nuspec,packages.config,packages.*.config,packages.lock.json}"
+    [
+      "*.sln",
+      "*.*proj",
+      "*.targets",
+      "*.props",
+      "*.projitems",
+      "*.nuspec",
+      "packages.config",
+      "packages.*.config",
+      "packages.lock.json"
+    ],
+    { basename: true }
   );
   truthyValues = ["true", "yes", "on"];
   async applySocketArtifactUpgrades(ctxt) {
     const caseInsensitiveManifestFileMap = new TransformMap((key) => key.toLowerCase());
-    for (const file of ctxt.manifestFiles.filter((file2) => this.combinedMatcher(basename6(file2)))) {
+    for (const file of ctxt.manifestFiles.filter((file2) => this.combinedMatcher(file2))) {
       const fullPath = resolve23(this.rootDir, file);
       caseInsensitiveManifestFileMap.set(fullPath, fullPath);
     }
@@ -221372,7 +221394,7 @@ var NuGetSocketUpgradeManager = class {
         )
       );
       for (const manifestFile of manifestFilesForArtifact) {
-        if (this.projectMatcher(basename6(manifestFile))) {
+        if (this.projectMatcher(manifestFile)) {
           const project = await loadNuGetProject(this.rootDir, manifestFile, validateFile);
           if (project) {
             patches.push(...await this.handleProject(project, idx, upgradeVersion, ctxt));
@@ -221384,7 +221406,7 @@ var NuGetSocketUpgradeManager = class {
               message: `Manifest file not valid for updates`
             });
           }
-        } else if (this.packagesConfigMatcher(basename6(manifestFile))) {
+        } else if (this.packagesConfigMatcher(manifestFile)) {
           const packagesConfig = await loadPackagesConfig(this.rootDir, manifestFile, validateFile);
           if (packagesConfig) {
             patches.push(...await this.handlePackagesConfig(packagesConfig, idx, upgradeVersion, ctxt));
@@ -221396,7 +221418,7 @@ var NuGetSocketUpgradeManager = class {
               message: `Manifest file not valid for updates: ${manifestFile}`
             });
           }
-        } else if (this.lockFileMatcher(basename6(manifestFile))) {
+        } else if (this.lockFileMatcher(manifestFile)) {
           ctxt.statusUpdater?.({
             status: "error",
             file: manifestFile,
@@ -221586,7 +221608,7 @@ var NuGetSocketUpgradeManager = class {
     return patches;
   }
   async collectFallbackPatches(manifestFile, oldIdx, newIdx, upgradeVersion, recomputedArtifacts, ctxt, validateFile) {
-    if (this.projectMatcher(basename6(manifestFile))) {
+    if (this.projectMatcher(manifestFile)) {
       const project = await loadNuGetProject(this.rootDir, manifestFile, validateFile);
       if (project) {
         return await this.handleProjectFallback(project, oldIdx, newIdx, upgradeVersion, recomputedArtifacts, ctxt);
@@ -221598,7 +221620,7 @@ var NuGetSocketUpgradeManager = class {
           message: `Manifest file not valid for updates`
         });
       }
-    } else if (this.packagesConfigMatcher(basename6(manifestFile))) {
+    } else if (this.packagesConfigMatcher(manifestFile)) {
       const packagesConfig = await loadPackagesConfig(this.rootDir, manifestFile, validateFile);
       if (packagesConfig) {
         return await this.handlePackagesConfigFallback(
@@ -221609,7 +221631,7 @@ var NuGetSocketUpgradeManager = class {
           recomputedArtifacts,
           ctxt
         );
-      } else if (this.lockFileMatcher(basename6(manifestFile))) {
+      } else if (this.lockFileMatcher(manifestFile)) {
       } else {
         ctxt.statusUpdater?.({
           status: "error",
@@ -221689,15 +221711,16 @@ var NuGetSocketUpgradeManager = class {
 };
 
 // ../fixing-management/src/fixing-management/rust/cargo-socket-upgrade-manager.ts
-import { basename as basename7, dirname as dirname10, resolve as resolve25 } from "node:path";
-var import_picomatch4 = __toESM(require_picomatch2(), 1);
+import { dirname as dirname10, relative as relative9, resolve as resolve25 } from "node:path";
+var import_picomatch5 = __toESM(require_picomatch2(), 1);
 var import_semver3 = __toESM(require_semver2(), 1);
 import assert9 from "node:assert";
-import { readFile as readFile21 } from "node:fs/promises";
+import { readFile as readFile21, writeFile as writeFile8 } from "node:fs/promises";
 
 // ../utils/src/cargo-utils.ts
 import { readFile as readFile20 } from "node:fs/promises";
 import { dirname as dirname9, resolve as resolve24 } from "node:path";
+var import_picomatch4 = __toESM(require_picomatch2(), 1);
 async function getCargoTomlFilesForCargoLockFile(rootDir, cargoLockFile, cargoTomlFiles) {
   const lockDir = dirname9(cargoLockFile);
   const rootTomlFile = cargoTomlFiles.find((file) => dirname9(file) === lockDir);
@@ -221722,11 +221745,10 @@ async function getCargoTomlFilesForCargoLockFile(rootDir, cargoLockFile, cargoTo
   if (memberPatterns.length === 0) {
     return { rootTomlFile };
   }
-  const workspaceMemberDirs = new Set(await glob(memberPatterns, { ignore: excludePatterns, cwd: rootDir }));
-  const memberTomlFiles = cargoTomlFiles.filter((file) => {
-    const relativeDir = dirname9(file);
-    return workspaceMemberDirs.has(relativeDir);
+  const matcher = (0, import_picomatch4.default)(memberPatterns, {
+    ignore: excludePatterns
   });
+  const memberTomlFiles = cargoTomlFiles.filter((file) => matcher(dirname9(file) || "."));
   return { rootTomlFile, memberTomlFiles };
 }
 
@@ -221735,96 +221757,139 @@ var CargoSocketUpgradeManager = class {
   constructor(rootDir) {
     this.rootDir = rootDir;
   }
-  cargoTomlMatcher = (0, import_picomatch4.default)("Cargo.toml");
-  cargoLockMatcher = (0, import_picomatch4.default)("Cargo.lock");
+  cargoTomlMatcher = (0, import_picomatch5.default)("Cargo.toml", { basename: true });
+  cargoLockMatcher = (0, import_picomatch5.default)("Cargo.lock", { basename: true });
   async applySocketArtifactUpgrades(ctxt) {
-    const tomlFiles = ctxt.manifestFiles.filter((mf) => this.cargoTomlMatcher(basename7(mf)));
-    const lockFiles = ctxt.manifestFiles.filter((mf) => this.cargoLockMatcher(basename7(mf)));
+    const tomlFiles = ctxt.manifestFiles.filter((mf) => this.cargoTomlMatcher(mf));
     const tomlToLock = /* @__PURE__ */ new Map();
-    await asyncForEach(lockFiles, async (lockFile) => {
-      const rootAndMemberTomlFiles = await getCargoTomlFilesForCargoLockFile(this.rootDir, lockFile, tomlFiles);
-      if (!rootAndMemberTomlFiles) return;
-      const { rootTomlFile, memberTomlFiles } = rootAndMemberTomlFiles;
-      tomlToLock.set(rootTomlFile, lockFile);
-      for (const tomlFile of memberTomlFiles ?? []) {
-        tomlToLock.set(tomlFile, lockFile);
+    await asyncForEach(
+      ctxt.manifestFiles.filter((mf) => this.cargoLockMatcher(mf)),
+      async (lockFile) => {
+        const rootAndMemberTomlFiles = await getCargoTomlFilesForCargoLockFile(this.rootDir, lockFile, tomlFiles);
+        if (!rootAndMemberTomlFiles) return;
+        const { rootTomlFile, memberTomlFiles } = rootAndMemberTomlFiles;
+        tomlToLock.set(rootTomlFile, lockFile);
+        for (const tomlFile of memberTomlFiles ?? []) {
+          tomlToLock.set(tomlFile, lockFile);
+        }
       }
-    });
-    const lockfileToArtifacts = {};
-    const patches = await asyncFlatMap(Array.from(ctxt.upgrades), async ([idx, upgradeVersion]) => {
+    );
+    const directPatches = [];
+    const transitivePatches = [];
+    for (const [idx, upgradeVersion] of ctxt.upgrades) {
       const artifact = ctxt.artifacts[idx];
       assert9(artifact.name);
       assert9(artifact.version);
       const directCargoTomls = new Set(
-        artifact.manifestFiles?.map((ref) => ref.file).filter((manifestFile) => this.cargoTomlMatcher(basename7(manifestFile))) ?? []
-      );
-      const directPatches = await asyncFlatMap(
-        Array.from(ctxt.upgrades),
-        async ([idx2, upgradeVersion2]) => await asyncFlatMap(Array.from(directCargoTomls), async (cargoToml) => {
-          const patches2 = await this.handleCargoToml(
-            cargoToml,
-            idx2,
-            upgradeVersion2,
-            ctxt
-          );
-          const cargoLock = tomlToLock.get(cargoToml);
-          if (cargoLock !== void 0) {
-            (lockfileToArtifacts[cargoLock] ??= []).push(idx2);
-            patches2.push(...await this.handleCargoLock(cargoLock, idx2, upgradeVersion2, ctxt));
-          }
-          return patches2;
-        })
-      );
-      const ancestorCargoTomls = i3(
-        artifact.toplevelAncestors?.flatMap(
-          (ancestorId) => ctxt.artifacts.find((a4) => a4.id === ancestorId)?.manifestFiles?.map((m4) => m4.file).filter((manifestFile) => this.cargoTomlMatcher(basename7(manifestFile))).filter((cargoToml) => !directCargoTomls.has(cargoToml)) ?? []
-        ) ?? []
+        artifact.manifestFiles?.filter((mf) => this.cargoTomlMatcher(mf.file)).map((mf) => mf.file) ?? []
       );
-      const transitivePatches = await asyncFlatMap(ancestorCargoTomls, async (cargoToml) => {
-        const cargoLock = tomlToLock.get(cargoToml);
-        if (cargoLock !== void 0) {
-          (lockfileToArtifacts[cargoLock] ??= []).push(idx);
-          return await this.handleCargoLock(cargoLock, idx, upgradeVersion, ctxt);
+      for (const mf of artifact.manifestFiles ?? []) {
+        const fileName3 = mf.file;
+        if (this.cargoTomlMatcher(fileName3)) {
+          if (ctxt.wsFilter && !ctxt.wsFilter(dirname10(fileName3) || ".")) continue;
+          const patches = await this.createDirectDependencyPatches(mf, idx, upgradeVersion, ctxt);
+          directPatches.push(...patches);
+        } else if (this.cargoLockMatcher(fileName3)) {
+          continue;
         } else {
-          return await this.handleCargoTomlAddDependency(cargoToml, idx, upgradeVersion, ctxt);
+          ctxt.statusUpdater?.({
+            status: "error",
+            file: mf.file,
+            artifacts: [idx],
+            message: "Unhandled manifest file"
+          });
         }
-      });
-      return directPatches.concat(transitivePatches);
-    });
-    await applyPatches("RUST", this.rootDir, patches, ctxt);
-    await asyncForEach(Object.entries(lockfileToArtifacts), async ([file, artifacts]) => {
-      const oldFileContent = await readFile21(resolve25(this.rootDir, file), "utf-8");
-      const { error } = await execNeverFail(cmdt`cargo fetch`, dirname10(resolve25(this.rootDir, file)));
-      const updatedFileContent = await readFile21(resolve25(this.rootDir, file), "utf-8");
-      if (!error) {
+      }
+      const transitiveCargoTomls = /* @__PURE__ */ new Set();
+      for (const ancestorId of artifact.toplevelAncestors ?? []) {
+        const ancestor = ctxt.artifacts.find((a4) => a4.id === ancestorId);
+        if (ancestor) {
+          for (const mf of ancestor.manifestFiles ?? []) {
+            if (this.cargoTomlMatcher(mf.file) && !directCargoTomls.has(mf.file)) {
+              transitiveCargoTomls.add(mf.file);
+            }
+          }
+        }
+      }
+      for (const cargoToml of transitiveCargoTomls) {
+        if (ctxt.wsFilter && !ctxt.wsFilter(dirname10(cargoToml) || ".")) continue;
+        const patches = await this.createTransitiveDependencyPatches(cargoToml, idx, upgradeVersion, ctxt);
+        transitivePatches.push(...patches);
+      }
+    }
+    const restoreMap = /* @__PURE__ */ new Map();
+    for (const { file, artifacts } of directPatches.concat(transitivePatches)) {
+      const path2 = resolve25(this.rootDir, file);
+      if (!restoreMap.has(path2)) {
+        restoreMap.set(path2, {
+          content: await readFile21(path2, "utf-8"),
+          artifacts: []
+        });
+      }
+      const existing = restoreMap.get(path2);
+      for (const idx of artifacts) {
+        if (!existing.artifacts.includes(idx)) {
+          existing.artifacts.push(idx);
+        }
+      }
+    }
+    const appliedTemporaryPatches = await applyPatches(
+      "RUST",
+      this.rootDir,
+      directPatches.concat(transitivePatches),
+      ctxt,
+      "Temporary patch applied"
+    );
+    const lockfileToArtifacts = {};
+    for (const { file, artifacts } of appliedTemporaryPatches) {
+      const lockfile2 = tomlToLock.get(file);
+      if (!lockfile2) {
         ctxt.statusUpdater?.({
-          status: "success",
+          status: "error",
           file,
-          message: "Lockfile updated",
-          patch: createPatch(file, oldFileContent, updatedFileContent, void 0, void 0, { context: 3 }),
-          artifacts
+          message: "No lockfile found for Cargo.toml",
+          artifacts: i3(artifacts)
         });
-      } else {
+        continue;
+      }
+      if (!lockfileToArtifacts[lockfile2]) {
+        lockfileToArtifacts[lockfile2] = [];
+      }
+      lockfileToArtifacts[lockfile2].push(...artifacts);
+    }
+    await this.refreshLockfiles(lockfileToArtifacts, ctxt, "LOCKFILE_ONLY");
+    await asyncForEach(Array.from(restoreMap), async ([path2, { content, artifacts }]) => {
+      try {
+        await writeFile8(path2, content);
+        ctxt.statusUpdater?.({
+          status: "success",
+          file: relative9(this.rootDir, path2),
+          message: "File restored",
+          artifacts: i3(artifacts)
+        });
+      } catch (e) {
         ctxt.statusUpdater?.({
           status: "error",
-          file,
-          artifacts: i3(artifacts),
-          message: `Failed to update lockfile -- error during 'cargo fetch': ${error.message}`
+          file: relative9(this.rootDir, path2),
+          message: "Could not restore file",
+          artifacts: i3(artifacts)
         });
       }
     });
+    await applyPatches("RUST", this.rootDir, directPatches, ctxt);
+    await this.refreshLockfiles(lockfileToArtifacts, ctxt, "FULL_INSTALL");
   }
   /**
    * Handle Cargo.toml file updates for direct dependencies
    */
-  async handleCargoToml(tomlFile, idx, upgradeVersion, ctxt) {
-    const fullPath = resolve25(this.rootDir, tomlFile);
+  async createDirectDependencyPatches(mf, idx, upgradeVersion, ctxt) {
+    const fullPath = resolve25(this.rootDir, mf.file);
     const content = await readFile21(fullPath, "utf-8");
     const toml = parseTOML2(content);
     if (!toml) {
       ctxt.statusUpdater?.({
         status: "error",
-        file: tomlFile,
+        file: mf.file,
         artifacts: [idx],
         message: `Failed to parse TOML file`
       });
@@ -221844,7 +221909,7 @@ var CargoSocketUpgradeManager = class {
           if (key === artifact.name && this.versionMatches(versionStr, artifact.version)) {
             const newVersionString = this.createNewVersionString(versionStr, upgradeVersion, ctxt.rangeStyle);
             patches.push({
-              file: tomlFile,
+              file: mf.file,
               offset: dep[range][0] + 1,
               // Skip opening quote
               length: versionStr.length,
@@ -221862,7 +221927,7 @@ var CargoSocketUpgradeManager = class {
             if (this.versionMatches(currentVersion, artifact.version)) {
               const newVersionString = this.createNewVersionString(currentVersion, upgradeVersion, ctxt.rangeStyle);
               patches.push({
-                file: tomlFile,
+                file: mf.file,
                 offset: versionValue[range][0] + 1,
                 // Skip opening quote
                 length: currentVersion.length,
@@ -221877,77 +221942,7 @@ var CargoSocketUpgradeManager = class {
     if (patches.length === 0) {
       ctxt.statusUpdater?.({
         status: "error",
-        file: tomlFile,
-        artifacts: [idx],
-        message: `Could not find ${artifact.name} version ${artifact.version}`
-      });
-    }
-    return patches;
-  }
-  /**
-   * Handle Cargo.lock file updates for all dependencies
-   */
-  async handleCargoLock(lockFile, idx, upgradeVersion, ctxt) {
-    const patches = [];
-    const fullPath = resolve25(this.rootDir, lockFile);
-    const artifact = ctxt.artifacts[idx];
-    const content = await readFile21(fullPath, "utf-8");
-    const toml = parseTOML2(content);
-    if (!toml) {
-      ctxt.statusUpdater?.({
-        status: "error",
-        file: lockFile,
-        artifacts: [idx],
-        message: `Failed to parse TOML file`
-      });
-      return [];
-    }
-    const packages = toml.package;
-    if (!(packages instanceof TOMLArray)) {
-      ctxt.statusUpdater?.({
-        status: "error",
-        file: lockFile,
-        artifacts: [idx],
-        message: `No package array found in lock file`
-      });
-      return [];
-    }
-    for (const pkg of packages) {
-      if (!(pkg instanceof TOMLTable)) continue;
-      const nameValue = pkg.name;
-      const versionValue = pkg.version;
-      const checksumValue = pkg.checksum;
-      if (!(nameValue instanceof TOMLScalar) || !(versionValue instanceof TOMLScalar)) continue;
-      const name = String(nameValue[value]);
-      const version3 = String(versionValue[value]);
-      if (name === artifact.name && version3 === artifact.version) {
-        patches.push({
-          file: lockFile,
-          offset: versionValue[range][0] + 1,
-          // Skip opening quote
-          length: version3.length,
-          artifacts: [idx],
-          text: upgradeVersion
-        });
-        if (checksumValue instanceof TOMLScalar) {
-          const checksumStart = checksumValue[keyRange][0];
-          const checksumEnd = checksumValue[range][1];
-          const checksumLength = checksumEnd - checksumStart;
-          patches.push({
-            file: lockFile,
-            offset: checksumStart,
-            length: checksumLength,
-            artifacts: [idx],
-            text: ""
-          });
-        }
-        break;
-      }
-    }
-    if (patches.length === 0) {
-      ctxt.statusUpdater?.({
-        status: "error",
-        file: lockFile,
+        file: mf.file,
         artifacts: [idx],
         message: `Could not find ${artifact.name} version ${artifact.version}`
       });
@@ -221976,7 +221971,7 @@ var CargoSocketUpgradeManager = class {
   /**
    * Add a new dependency to a Cargo.toml file
    */
-  async handleCargoTomlAddDependency(tomlFile, idx, upgradeVersion, ctxt) {
+  async createTransitiveDependencyPatches(tomlFile, idx, upgradeVersion, ctxt) {
     const fullPath = resolve25(this.rootDir, tomlFile);
     const content = await readFile21(fullPath, "utf-8");
     const toml = parseTOML2(content);
@@ -222015,13 +222010,49 @@ ${newDependencyLine}`
       }
     ];
   }
+  async refreshLockfiles(lockfileToArtifacts, ctxt, _mode) {
+    await asyncForEach(Object.entries(lockfileToArtifacts), async ([lockfile2, artifacts]) => {
+      const lockfileDir = dirname10(resolve25(this.rootDir, lockfile2));
+      const oldFileContent = await readFile21(resolve25(this.rootDir, lockfile2), "utf-8");
+      let error;
+      if (this.cargoLockMatcher(lockfile2)) {
+        const result = await execNeverFail(["cargo", "fetch"], lockfileDir);
+        error = result.error;
+      } else {
+        ctxt.statusUpdater?.({
+          status: "error",
+          file: lockfile2,
+          artifacts: i3(artifacts),
+          message: "Unknown lockfile type"
+        });
+        return;
+      }
+      if (!error) {
+        const finalFileContent = await readFile21(resolve25(this.rootDir, lockfile2), "utf-8");
+        ctxt.statusUpdater?.({
+          status: "success",
+          file: lockfile2,
+          message: "Lockfile updated",
+          patch: createPatch(lockfile2, oldFileContent, finalFileContent, void 0, void 0, { context: 3 }),
+          artifacts: i3(artifacts)
+        });
+      } else {
+        ctxt.statusUpdater?.({
+          status: "error",
+          file: lockfile2,
+          artifacts: i3(artifacts),
+          message: `Failed to update lockfile: ${error.message ?? "Unknown error"}`
+        });
+      }
+    });
+  }
 };
 
 // ../fixing-management/src/fixing-management/pip/pip-socket-upgrade-manager.ts
-import { dirname as dirname12, resolve as resolve29 } from "node:path";
-var import_picomatch5 = __toESM(require_picomatch2(), 1);
+import { dirname as dirname12, relative as relative11, resolve as resolve29 } from "node:path";
+var import_picomatch7 = __toESM(require_picomatch2(), 1);
 import assert10 from "node:assert";
-import { readFile as readFile24 } from "node:fs/promises";
+import { readFile as readFile24, writeFile as writeFile9 } from "node:fs/promises";
 var import_pip_requirements_js = __toESM(require_dist11(), 1);
 
 // ../utils/src/pip-utils.ts
@@ -222044,7 +222075,7 @@ var import_lodash5 = __toESM(require_lodash(), 1);
 var import_micromatch = __toESM(require_micromatch(), 1);
 import { existsSync as existsSync12 } from "fs";
 import { access as access2, cp, readdir as readdir3, stat as stat2 } from "fs/promises";
-import { basename as basename8, join as join11, relative as relative9, resolve as resolve26 } from "path";
+import { basename as basename5, join as join11, relative as relative10, resolve as resolve26 } from "path";
 var { uniq } = import_lodash5.default;
 var { isMatch } = import_micromatch.default;
 function* parents(dir) {
@@ -222057,7 +222088,7 @@ function* parents(dir) {
 }
 function findParent(dir, predicate, wholePath) {
   for (const parent2 of parents(dir))
-    if (predicate(wholePath ? parent2 : basename8(parent2))) return parent2;
+    if (predicate(wholePath ? parent2 : basename5(parent2))) return parent2;
 }
 async function getFilesRelative(dir, excludeDirs) {
   async function helper(subDir, arrayOfFiles) {
@@ -222098,6 +222129,7 @@ var systemPython = once2(() => {
 var hasPyenv = once2(async () => !(await execNeverFail("which pyenv")).error);
 
 // ../utils/src/pip-utils.ts
+var import_picomatch6 = __toESM(require_picomatch2(), 1);
 async function isSetupPySetuptools(file) {
   const content = await readFile23(file, "utf-8");
   return content.includes("setup(") && (/^\s*from\s+(?:setuptools|distutils\.core)\s+import\s+.*setup/m.test(content) || /^\s*import\s+(?:setuptools|distutils\.core)/m.test(content));
@@ -222126,11 +222158,10 @@ async function getPyprojectTomlFilesForLockFile(rootDir, uvLockfile, pyprojectFi
   if (memberPatterns.length === 0) {
     return { rootTomlFile };
   }
-  const workspaceMemberDirs = new Set(await glob(memberPatterns, { ignore: excludePatterns, cwd: rootDir }));
-  const memberTomlFiles = pyprojectFiles.filter((file) => {
-    const relativeDir = dirname11(file);
-    return workspaceMemberDirs.has(relativeDir);
+  const matcher = (0, import_picomatch6.default)(memberPatterns, {
+    ignore: excludePatterns
   });
+  const memberTomlFiles = pyprojectFiles.filter((file) => matcher(dirname11(file) || "."));
   return { rootTomlFile, memberTomlFiles };
 }
 
@@ -222282,6 +222313,138 @@ function pipVersionSatisfiesConstraints(version3, constraints) {
   });
 }
 
+// ../fixing-management/src/fixing-management/pip/pip-patch-utils.ts
+function createPep508VersionPatches(file, idx, requirement, upgradeVersion, rangeStyle, baseOffset = 0) {
+  const patches = [];
+  if (rangeStyle === "pin") {
+    if (requirement.data.versionSpec?.length) {
+      const firstSpec = requirement.data.versionSpec[0];
+      patches.push({
+        file,
+        offset: baseOffset + firstSpec.data.operator.location.startIdx,
+        length: firstSpec.data.operator.location.endIdx - firstSpec.data.operator.location.startIdx,
+        artifacts: [idx],
+        text: "=="
+      });
+      if (firstSpec.data.version) {
+        patches.push({
+          file,
+          offset: baseOffset + firstSpec.data.version.location.startIdx,
+          length: firstSpec.data.version.location.endIdx - firstSpec.data.version.location.startIdx,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+      }
+      for (let i7 = 1; i7 < requirement.data.versionSpec.length; i7++) {
+        const currentSpec = requirement.data.versionSpec[i7];
+        const previousSpec = requirement.data.versionSpec[i7 - 1];
+        patches.push({
+          file,
+          offset: baseOffset + previousSpec.location.endIdx,
+          length: currentSpec.location.endIdx - previousSpec.location.endIdx,
+          artifacts: [idx],
+          text: ""
+        });
+      }
+    } else {
+      patches.push({
+        file,
+        offset: baseOffset + requirement.location.endIdx,
+        artifacts: [idx],
+        text: `==${upgradeVersion}`
+      });
+    }
+  } else if (requirement.data.versionSpec?.length) {
+    let isLowerBounded = false;
+    for (let i7 = 0; i7 < requirement.data.versionSpec.length; i7++) {
+      const spec = requirement.data.versionSpec[i7];
+      const operator = spec.data.operator.data;
+      if (!spec.data.version) continue;
+      if (operator === ">") {
+        patches.push({
+          file,
+          offset: baseOffset + spec.data.operator.location.startIdx,
+          length: spec.data.operator.location.endIdx - spec.data.operator.location.startIdx,
+          artifacts: [idx],
+          text: ">="
+        });
+        patches.push({
+          file,
+          offset: baseOffset + spec.data.version.location.startIdx,
+          length: spec.data.version.location.endIdx - spec.data.version.location.startIdx,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+        isLowerBounded = true;
+      } else if (operator === "<" && pipCompareVersions(spec.data.version.data, upgradeVersion) <= 0) {
+        patches.push({
+          file,
+          offset: baseOffset + spec.data.operator.location.startIdx,
+          length: spec.data.operator.location.endIdx - spec.data.operator.location.startIdx,
+          artifacts: [idx],
+          text: "<="
+        });
+        patches.push({
+          file,
+          offset: baseOffset + spec.data.version.location.startIdx,
+          length: spec.data.version.location.endIdx - spec.data.version.location.startIdx,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+      } else if (operator === "<=" && pipCompareVersions(spec.data.version.data, upgradeVersion) < 0) {
+        patches.push({
+          file,
+          offset: baseOffset + spec.data.version.location.startIdx,
+          length: spec.data.version.location.endIdx - spec.data.version.location.startIdx,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+      } else if (operator === "!=" && pipCompareVersions(spec.data.version.data, upgradeVersion) === 0) {
+        patches.push({
+          file,
+          offset: baseOffset + spec.data.operator.location.startIdx,
+          length: spec.data.operator.location.endIdx - spec.data.operator.location.startIdx,
+          artifacts: [idx],
+          text: "=="
+        });
+        patches.push({
+          file,
+          offset: baseOffset + spec.data.version.location.startIdx,
+          length: spec.data.version.location.endIdx - spec.data.version.location.startIdx,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+        isLowerBounded = true;
+      } else if (["==", "===", "~=", ">="].includes(operator)) {
+        patches.push({
+          file,
+          offset: baseOffset + spec.data.version.location.startIdx,
+          length: spec.data.version.location.endIdx - spec.data.version.location.startIdx,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+        isLowerBounded = true;
+      }
+    }
+    if (!isLowerBounded) {
+      patches.push({
+        file,
+        offset: baseOffset + requirement.data.name.location.endIdx,
+        artifacts: [idx],
+        text: `>=${upgradeVersion},`
+      });
+    }
+  } else {
+    patches.push({
+      file,
+      offset: baseOffset + requirement.data.name.location.endIdx,
+      artifacts: [idx],
+      text: `==${upgradeVersion}`
+    });
+  }
+  return patches;
+}
+
 // ../fixing-management/src/fixing-management/pip/pip-socket-upgrade-manager.ts
 var PipSocketUpgradeManager = class {
   constructor(rootDir) {
@@ -222289,26 +222452,48 @@ var PipSocketUpgradeManager = class {
   }
   // glob pattern taken from depscan/workspaces/pipeline/src/glob-patterns.ts
   // Note, depscan glob pattern router uses recursive matching, we instead do optional prefix `(**/)?`
-  requirementsTxtMatcher = (0, import_picomatch5.default)(
-    "{**/,}{requirements{[-_.]frozen,{[-_]*,}}.txt,{**/,}requirements/*.txt}"
+  requirementsTxtMatcher = (0, import_picomatch7.default)(
+    "{requirements{[-_.]frozen,{[-_]*,}}.txt,{**/,}requirements/*.txt}",
+    { basename: true }
   );
-  pyprojectTomlMatcher = (0, import_picomatch5.default)("{**/,}pyproject.toml");
-  uvLockMatcher = (0, import_picomatch5.default)("{**/,}uv.lock");
+  pyprojectTomlMatcher = (0, import_picomatch7.default)("pyproject.toml", { basename: true });
+  uvLockMatcher = (0, import_picomatch7.default)("uv.lock", { basename: true });
   async applySocketArtifactUpgrades(ctxt) {
     const pyprojectTomlfiles = ctxt.manifestFiles.filter((f6) => this.pyprojectTomlMatcher(f6));
-    const lockfileToArtifacts = {};
-    const patches = await asyncFlatMap(Array.from(ctxt.upgrades), async ([idx, upgradeVersion]) => {
+    const tomlToLock = /* @__PURE__ */ new Map();
+    await asyncForEach(
+      ctxt.manifestFiles.filter((mf) => this.uvLockMatcher(mf)),
+      async (lockFile) => {
+        const rootAndMemberTomlFiles = await getPyprojectTomlFilesForLockFile(
+          this.rootDir,
+          lockFile,
+          pyprojectTomlfiles
+        );
+        if (!rootAndMemberTomlFiles) return;
+        const { rootTomlFile, memberTomlFiles } = rootAndMemberTomlFiles;
+        tomlToLock.set(rootTomlFile, lockFile);
+        for (const tomlFile of memberTomlFiles ?? []) {
+          tomlToLock.set(tomlFile, lockFile);
+        }
+      }
+    );
+    const requirementsTxtPatches = [];
+    const directUvTomlPatches = [];
+    const transitiveUvTomlPatches = [];
+    for (const [idx, upgradeVersion] of ctxt.upgrades) {
       const artifact = ctxt.artifacts[idx];
       assert10(artifact.name);
       assert10(artifact.version);
+      const directRequirementsTxts = new Set(
+        artifact.manifestFiles?.filter((mf) => this.requirementsTxtMatcher(mf.file)).map((mf) => mf.file) ?? []
+      );
       const canonicalPackageName = canonicalizePyPIName(artifact.name);
-      const directManifestFiles = /* @__PURE__ */ new Set();
-      const directPatches = await asyncFlatMap(artifact.manifestFiles ?? [], async (mf) => {
-        directManifestFiles.add(mf.file);
+      for (const mf of artifact.manifestFiles ?? []) {
         if (this.requirementsTxtMatcher(mf.file)) {
-          return await this.handleRequirementsDirect(mf, idx, upgradeVersion, ctxt);
+          if (ctxt.wsFilter && !ctxt.wsFilter(dirname12(mf.file) || ".")) continue;
+          const patches = await this.createRequirementsTxtDirectDependencyPatches(mf, idx, upgradeVersion, ctxt);
+          requirementsTxtPatches.push(...patches);
         } else if (this.uvLockMatcher(mf.file)) {
-          (lockfileToArtifacts[mf.file] ??= []).push(idx);
           const rootAndMemberTomlFiles = await getPyprojectTomlFilesForLockFile(
             this.rootDir,
             mf.file,
@@ -222321,7 +222506,7 @@ var PipSocketUpgradeManager = class {
               artifacts: [idx],
               message: "Could not find pyproject.toml files for lock file"
             });
-            return [];
+            continue;
           }
           const { rootTomlFile, memberTomlFiles } = rootAndMemberTomlFiles;
           const tomlToDeps = await getDependenciesMapFromUvLock(
@@ -222334,22 +222519,27 @@ var PipSocketUpgradeManager = class {
               status: "error",
               file: mf.file,
               artifacts: [idx],
-              message: "Could not construct dependencies map file"
+              message: "Could not compute pyproject.toml files for dependency"
             });
-            return [];
+            continue;
           }
-          const patches2 = [];
           for (const [tomlFile, { direct, transitive }] of tomlToDeps) {
+            if (ctxt.wsFilter && !ctxt.wsFilter(dirname12(tomlFile) || ".")) continue;
             if (direct.has(canonicalPackageName)) {
-              patches2.push(...await this.handlePyprojectToml(tomlFile, idx, upgradeVersion, ctxt));
+              directUvTomlPatches.push(
+                ...await this.createPyprojectTomlDirectDependencyPatches(tomlFile, idx, upgradeVersion, ctxt)
+              );
             }
             if (transitive.has(canonicalPackageName)) {
-              patches2.push(
-                ...await this.handlePyprojectTomlUvDependencyOverride(rootTomlFile, idx, upgradeVersion, ctxt)
+              transitiveUvTomlPatches.push(
+                ...await this.createOverrideDependencyAddPatches(rootTomlFile, idx, upgradeVersion, ctxt)
               );
             }
+            directUvTomlPatches.push(
+              ...await this.createOverrideDependencyUpdatePatches(rootTomlFile, idx, upgradeVersion, ctxt)
+            );
           }
-          return patches2;
+          continue;
         } else {
           ctxt.statusUpdater?.({
             status: "error",
@@ -222357,64 +222547,90 @@ var PipSocketUpgradeManager = class {
             artifacts: [idx],
             message: "Unhandled manifest file"
           });
-          return [];
         }
-      });
-      const ancestorManifestFiles = i3(
-        artifact.toplevelAncestors?.flatMap(
-          (ancestorId) => ctxt.artifacts.find((a4) => a4.id === ancestorId)?.manifestFiles?.map((m4) => m4.file).filter((f6) => !directManifestFiles.has(f6)) ?? []
-        ) ?? []
-      );
-      const transitivePatches = await asyncFlatMap(ancestorManifestFiles, async (f6) => {
-        if (this.requirementsTxtMatcher(f6)) {
-          return await this.handleRequirementsTransitive(f6, idx, upgradeVersion, ctxt);
-        } else if (this.uvLockMatcher(f6)) {
-          ctxt.statusUpdater?.({
-            status: "error",
-            file: f6,
-            artifacts: [idx],
-            message: "Unexpected top-level ancestor for uv.lock dependency"
-          });
-          return [];
-        } else {
-          ctxt.statusUpdater?.({
-            status: "error",
-            file: f6,
-            artifacts: [idx],
-            message: "Unhandled manifest file"
-          });
-          return [];
+      }
+      const transitiveRequirementsTxts = /* @__PURE__ */ new Set();
+      for (const ancestorId of artifact.toplevelAncestors ?? []) {
+        const ancestor = ctxt.artifacts.find((a4) => a4.id === ancestorId);
+        if (ancestor) {
+          for (const mf of ancestor.manifestFiles ?? []) {
+            if (this.requirementsTxtMatcher(mf.file) && !directRequirementsTxts.has(mf.file)) {
+              transitiveRequirementsTxts.add(mf.file);
+            }
+          }
         }
-      });
-      return directPatches.concat(transitivePatches);
-    });
-    await applyPatches("PIP", this.rootDir, patches, ctxt);
-    await asyncForEach(Object.entries(lockfileToArtifacts), async ([file, artifacts]) => {
-      const oldFileContent = await readFile24(resolve29(this.rootDir, file), "utf-8");
-      const { error } = await execNeverFail(cmdt`uv lock`, dirname12(resolve29(this.rootDir, file)));
-      const updatedFileContent = await readFile24(resolve29(this.rootDir, file), "utf-8");
-      if (!error) {
+      }
+      for (const requirementsTxt of transitiveRequirementsTxts) {
+        if (ctxt.wsFilter && !ctxt.wsFilter(dirname12(requirementsTxt) || ".")) continue;
+        const patches = await this.createRequirementsTxtTransitivePatches(requirementsTxt, idx, upgradeVersion, ctxt);
+        requirementsTxtPatches.push(...patches);
+      }
+    }
+    const restoreMap = /* @__PURE__ */ new Map();
+    for (const { file, artifacts } of directUvTomlPatches.concat(transitiveUvTomlPatches)) {
+      const path2 = resolve29(this.rootDir, file);
+      if (!restoreMap.has(path2)) {
+        restoreMap.set(path2, {
+          content: await readFile24(path2, "utf-8"),
+          artifacts: []
+        });
+      }
+      const existing = restoreMap.get(path2);
+      for (const idx of artifacts) {
+        if (!existing.artifacts.includes(idx)) {
+          existing.artifacts.push(idx);
+        }
+      }
+    }
+    const appliedTemporaryPatches = await applyPatches(
+      "PIP",
+      this.rootDir,
+      directUvTomlPatches.concat(transitiveUvTomlPatches),
+      ctxt
+    );
+    const lockfileToArtifacts = {};
+    for (const { file, artifacts } of appliedTemporaryPatches) {
+      const lockfile2 = tomlToLock.get(file);
+      if (!lockfile2) {
         ctxt.statusUpdater?.({
-          status: "success",
+          status: "error",
           file,
-          message: "Lockfile updated",
-          patch: createPatch(file, oldFileContent, updatedFileContent, void 0, void 0, { context: 3 }),
+          message: "No lockfile found for pyproject.toml",
           artifacts: i3(artifacts)
         });
-      } else {
+        continue;
+      }
+      if (!lockfileToArtifacts[lockfile2]) {
+        lockfileToArtifacts[lockfile2] = [];
+      }
+      lockfileToArtifacts[lockfile2].push(...artifacts);
+    }
+    await this.refreshLockfiles(lockfileToArtifacts, ctxt, "LOCKFILE_ONLY");
+    await asyncForEach(Array.from(restoreMap), async ([path2, { content, artifacts }]) => {
+      try {
+        await writeFile9(path2, content);
+        ctxt.statusUpdater?.({
+          status: "success",
+          file: relative11(this.rootDir, path2),
+          message: "File restored",
+          artifacts: i3(artifacts)
+        });
+      } catch (e) {
         ctxt.statusUpdater?.({
           status: "error",
-          file,
-          artifacts: i3(artifacts),
-          message: `Failed to update lockfile -- error during 'uv lock': ${error.message}`
+          file: relative11(this.rootDir, path2),
+          message: "Could not restore file",
+          artifacts: i3(artifacts)
         });
       }
     });
+    await applyPatches("RUST", this.rootDir, requirementsTxtPatches.concat(directUvTomlPatches), ctxt);
+    await this.refreshLockfiles(lockfileToArtifacts, ctxt, "FULL_INSTALL");
   }
   /**
    * Handle requirements.txt file updates
    */
-  async handleRequirementsDirect(ref, idx, upgradeVersion, ctxt) {
+  async createRequirementsTxtDirectDependencyPatches(ref, idx, upgradeVersion, ctxt) {
     const fullPath = resolve29(this.rootDir, ref.file);
     const artifact = ctxt.artifacts[idx];
     assert10(artifact.name);
@@ -222436,91 +222652,13 @@ var PipSocketUpgradeManager = class {
       const requirements = (0, import_pip_requirements_js.parsePipRequirementsFileLoosely)(content, { includeLocations: true });
       const foundRequirement = requirements.filter((req) => req.data.type === "ProjectName").find((req) => refStart <= req.location.startIdx && req.location.endIdx <= refEnd);
       if (foundRequirement) {
-        if (ctxt.rangeStyle === "pin") {
-          if (foundRequirement.data.versionSpec?.length) {
-            const firstSpec = foundRequirement.data.versionSpec[0];
-            const lastSpec = foundRequirement.data.versionSpec[foundRequirement.data.versionSpec.length - 1];
-            const operatorToVersionWhitespace = getWhitespace(
-              content,
-              firstSpec.data.operator.location.endIdx,
-              firstSpec.data.version.location.startIdx
-            );
-            patches.push({
-              file: ref.file,
-              offset: firstSpec.data.operator.location.startIdx,
-              length: lastSpec.location.endIdx - firstSpec.data.operator.location.startIdx,
-              artifacts: [idx],
-              text: `==${operatorToVersionWhitespace}${upgradeVersion}`
-            });
-          } else {
-            patches.push({
-              file: ref.file,
-              offset: foundRequirement.location.endIdx,
-              artifacts: [idx],
-              text: `==${upgradeVersion}`
-            });
-          }
-        } else if (foundRequirement.data.versionSpec?.length) {
-          for (const spec of foundRequirement.data.versionSpec) {
-            const operator = spec.data.operator.data;
-            const specVersion = spec.data.version.data;
-            const whitespace2 = getWhitespace(
-              content,
-              spec.data.operator.location.endIdx,
-              spec.data.version.location.startIdx
-            );
-            const patch = operator === ">" ? {
-              text: `>=${whitespace2}${upgradeVersion}`,
-              offset: spec.data.operator.location.startIdx,
-              length: spec.data.version.location.endIdx - spec.data.operator.location.startIdx
-            } : operator === "<" ? {
-              text: `<=${whitespace2}${upgradeVersion}`,
-              offset: spec.data.operator.location.startIdx,
-              length: spec.data.version.location.endIdx - spec.data.operator.location.startIdx
-            } : operator === "!=" && pipCompareVersions(specVersion, upgradeVersion) === 0 ? {
-              text: "",
-              offset: spec.data.operator.location.startIdx,
-              length: spec.data.version.location.endIdx - spec.data.operator.location.startIdx
-            } : operator === "!=" ? void 0 : {
-              text: upgradeVersion,
-              offset: spec.data.version.location.startIdx,
-              length: spec.data.version.location.endIdx - spec.data.version.location.startIdx
-            };
-            if (patch) {
-              patches.push({ ...patch, file: ref.file, artifacts: [idx] });
-            }
-          }
-          const isLowerBounded = foundRequirement.data.versionSpec.some(
-            (spec) => ["~=", "==", "===", ">", ">="].includes(spec.data.operator.data)
-          );
-          if (!isLowerBounded) {
-            const firstSpec = foundRequirement.data.versionSpec[0];
-            const commaSpacing = foundRequirement.data.versionSpec.length > 1 ? getWhitespace(
-              content,
-              foundRequirement.data.versionSpec[0].location.endIdx + 1,
-              foundRequirement.data.versionSpec[1].data.operator.location.startIdx
-            ) : "";
-            patches.push({
-              file: ref.file,
-              offset: firstSpec.data.operator.location.startIdx,
-              artifacts: [idx],
-              text: `>=${upgradeVersion},${commaSpacing}`
-            });
-          }
-        } else {
-          patches.push({
-            file: ref.file,
-            offset: foundRequirement.data.name.location.endIdx,
-            artifacts: [idx],
-            text: `==${upgradeVersion}`
-          });
-        }
+        patches.push(...createPep508VersionPatches(ref.file, idx, foundRequirement, upgradeVersion, ctxt.rangeStyle));
       } else {
         ctxt.statusUpdater?.({
           status: "error",
           file: ref.file,
           artifacts: [idx],
-          message: `Dependency declaration not found: ${JSON.stringify(artifact)}`
+          message: `Dependency declaration not found}`
         });
       }
     } catch (e) {
@@ -222528,7 +222666,7 @@ var PipSocketUpgradeManager = class {
         status: "error",
         file: ref.file,
         artifacts: [idx],
-        message: `Error parsing requirements file: ${e.message}`
+        message: `Error parsing requirements file: ${e.message ?? "Unknown error"}`
       });
     }
     return patches;
@@ -222536,7 +222674,7 @@ var PipSocketUpgradeManager = class {
   /**
    * Handle requirements.txt file updates
    */
-  async handleRequirementsTransitive(requirementsFile, idx, upgradeVersion, ctxt) {
+  async createRequirementsTxtTransitivePatches(requirementsFile, idx, upgradeVersion, ctxt) {
     const fullPath = resolve29(this.rootDir, requirementsFile);
     const artifact = ctxt.artifacts[idx];
     assert10(artifact.name);
@@ -222559,7 +222697,7 @@ ${newText}
         status: "error",
         file: requirementsFile,
         artifacts: [idx],
-        message: `Error parsing requirements file: ${e.message}`
+        message: `Error parsing requirements file: ${e.message ?? "Unknown error"}`
       });
     }
     return patches;
@@ -222567,7 +222705,7 @@ ${newText}
   /**
    * Handle pyproject.toml file updates for direct dependencies
    */
-  async handlePyprojectToml(tomlFile, idx, upgradeVersion, ctxt) {
+  async createPyprojectTomlDirectDependencyPatches(tomlFile, idx, upgradeVersion, ctxt) {
     const fullPath = resolve29(this.rootDir, tomlFile);
     const content = await readFile24(fullPath, "utf-8");
     const toml = parseTOML2(content);
@@ -222594,10 +222732,10 @@ ${newText}
           if (parsed && parsed.data.type === "ProjectName") {
             if (canonicalizePyPIName(parsed.data.name.data) === canonicalizePyPIName(artifact.name) && satisfiestVersionSpecs(artifact.version, parsed.data.versionSpec)) {
               patches.push(
-                ...this.createPep508VersionPatches(
+                ...createPep508VersionPatches(
                   tomlFile,
                   idx,
-                  depSpec,
+                  parsed,
                   upgradeVersion,
                   ctxt.rangeStyle,
                   element[range][0] + 1
@@ -222621,10 +222759,10 @@ ${newText}
               if (parsed && parsed.data.type === "ProjectName") {
                 if (canonicalizePyPIName(parsed.data.name.data) === canonicalizePyPIName(artifact.name) && satisfiestVersionSpecs(artifact.version, parsed.data.versionSpec)) {
                   patches.push(
-                    ...this.createPep508VersionPatches(
+                    ...createPep508VersionPatches(
                       tomlFile,
                       idx,
-                      depSpec,
+                      parsed,
                       upgradeVersion,
                       ctxt.rangeStyle,
                       element[range][0] + 1
@@ -222650,10 +222788,10 @@ ${newText}
               if (parsed && parsed.data.type === "ProjectName") {
                 if (canonicalizePyPIName(parsed.data.name.data) === canonicalizePyPIName(artifact.name) && satisfiestVersionSpecs(artifact.version, parsed.data.versionSpec)) {
                   patches.push(
-                    ...this.createPep508VersionPatches(
+                    ...createPep508VersionPatches(
                       tomlFile,
                       idx,
-                      depSpec,
+                      parsed,
                       upgradeVersion,
                       ctxt.rangeStyle,
                       element[range][0] + 1
@@ -222677,7 +222815,12 @@ ${newText}
     }
     return patches;
   }
-  async handlePyprojectTomlUvDependencyOverride(pyprojectToml, idx, upgradeVersion, ctxt) {
+  /**
+   * Update existing tool.uv.override-dependencies entries in pyproject.toml
+   * Only returns patches for existing entries - does not create new ones
+   * These patches should be kept (re-applied after restoration)
+   */
+  async createOverrideDependencyUpdatePatches(pyprojectToml, idx, upgradeVersion, ctxt) {
     const artifact = ctxt.artifacts[idx];
     assert10(artifact.name);
     assert10(artifact.version);
@@ -222694,24 +222837,22 @@ ${newText}
         });
         return patches;
       }
-      const toolUv = getNestedValue(toml, "tool.uv");
-      const overrideDeps = toolUv instanceof TOMLTable ? toolUv["override-dependencies"] : void 0;
+      const overrideDeps = getNestedValue(toml, "tool.uv.override-dependencies");
       if (overrideDeps instanceof TOMLArray) {
-        for (let i7 = 0; i7 < overrideDeps.length; i7++) {
-          const element = overrideDeps[i7];
-          if (element instanceof TOMLScalar && typeof element[value] === "string") {
-            const overrideSpec = element[value];
+        for (const overrideDep of overrideDeps) {
+          if (overrideDep instanceof TOMLScalar && typeof overrideDep[value] === "string") {
+            const overrideSpec = overrideDep[value];
             const parsed = (0, import_pip_requirements_js.parsePipRequirementsLineLoosely)(overrideSpec, { includeLocations: true });
             if (parsed && parsed.data.type === "ProjectName") {
               if (canonicalizePyPIName(parsed.data.name.data) === canonicalizePyPIName(artifact.name) && satisfiestVersionSpecs(artifact.version, parsed.data.versionSpec)) {
                 patches.push(
-                  ...this.createPep508VersionPatches(
+                  ...createPep508VersionPatches(
                     pyprojectToml,
                     idx,
-                    overrideSpec,
+                    parsed,
                     upgradeVersion,
                     ctxt.rangeStyle,
-                    element[range][0] + 1
+                    overrideDep[range][0] + 1
                     // Skip opening quote
                   )
                 );
@@ -222719,7 +222860,53 @@ ${newText}
             }
           }
         }
-        if (patches.length) return patches;
+      }
+    } catch (e) {
+      ctxt.statusUpdater?.({
+        status: "error",
+        file: pyprojectToml,
+        artifacts: [idx],
+        message: `Error updating uv override-dependency: ${e.message ?? "Unknown error"}`
+      });
+    }
+    return patches;
+  }
+  /**
+   * Add new tool.uv.override-dependencies entries in pyproject.toml
+   * Only creates new entries - does not update existing ones
+   * These patches are temporary and should be rolled back after lockfile update
+   */
+  async createOverrideDependencyAddPatches(pyprojectToml, idx, upgradeVersion, ctxt) {
+    const artifact = ctxt.artifacts[idx];
+    assert10(artifact.name);
+    assert10(artifact.version);
+    const patches = [];
+    try {
+      const content = await readFile24(resolve29(this.rootDir, pyprojectToml), "utf-8");
+      const toml = parseTOML2(content);
+      if (!toml) {
+        ctxt.statusUpdater?.({
+          status: "error",
+          file: pyprojectToml,
+          artifacts: [idx],
+          message: "Failed to parse TOML file"
+        });
+        return patches;
+      }
+      const toolUv = getNestedValue(toml, "tool.uv");
+      const overrideDeps = getNestedValue(toml, "tool.uv.override-dependencies");
+      if (overrideDeps instanceof TOMLArray) {
+        for (const overrideDep of overrideDeps) {
+          if (overrideDep instanceof TOMLScalar && typeof overrideDep[value] === "string") {
+            const overrideSpec = overrideDep[value];
+            const parsed = (0, import_pip_requirements_js.parsePipRequirementsLineLoosely)(overrideSpec, { includeLocations: true });
+            if (parsed && parsed.data.type === "ProjectName") {
+              if (canonicalizePyPIName(parsed.data.name.data) === canonicalizePyPIName(artifact.name)) {
+                return patches;
+              }
+            }
+          }
+        }
         const lastElement = overrideDeps[overrideDeps.length - 1];
         const insertPosition = lastElement ? lastElement[range][1] : overrideDeps[range][0] + 1;
         patches.push({
@@ -222728,13 +222915,12 @@ ${newText}
           artifacts: [idx],
           text: overrideDeps.length > 0 ? `,
 ${" ".repeat(4)}"${artifact.name}==${upgradeVersion}"` : `
-${" ".repeat(4)}'"${artifact.name}==${upgradeVersion}"`
+${" ".repeat(4)}"${artifact.name}==${upgradeVersion}"`
         });
       } else if (toolUv instanceof TOMLTable) {
-        const insertPosition = toolUv[range][1];
         patches.push({
           file: pyprojectToml,
-          offset: insertPosition,
+          offset: toolUv[range][1],
           artifacts: [idx],
           text: `
 override-dependencies = [
@@ -222742,16 +222928,15 @@ ${" ".repeat(4)}"${artifact.name}==${upgradeVersion}",
 ]`
         });
       } else {
-        const insertPosition = toml[range][1];
         patches.push({
           file: pyprojectToml,
-          offset: insertPosition,
+          offset: toml[range][1],
           artifacts: [idx],
           text: `
 
 [tool.uv]
 override-dependencies = [
-' '.repeat(4)"${artifact.name}==${upgradeVersion}",
+${" ".repeat(4)}"${artifact.name}==${upgradeVersion}",
 ]`
         });
       }
@@ -222760,97 +222945,48 @@ override-dependencies = [
         status: "error",
         file: pyprojectToml,
         artifacts: [idx],
-        message: `Error adding uv override-dependency: ${e.message}`
+        message: `Error adding uv override-dependency: ${e.message ?? "Unknown error"}`
       });
     }
     return patches;
   }
-  /**
-   * Create patches for updating PEP 508 dependency specifications
-   * Reuses the logic from handleRequirementsDirect for consistency
-   */
-  createPep508VersionPatches(file, idx, depSpec, upgradeVersion, rangeStyle, baseOffset) {
-    const parsed = (0, import_pip_requirements_js.parsePipRequirementsLineLoosely)(depSpec, { includeLocations: true });
-    if (!parsed || parsed.data.type !== "ProjectName") return [];
-    const patches = [];
-    if (rangeStyle === "pin") {
-      if (parsed.data.versionSpec?.length) {
-        const firstSpec = parsed.data.versionSpec[0];
-        const lastSpec = parsed.data.versionSpec[parsed.data.versionSpec.length - 1];
-        const whitespace2 = firstSpec.data.version ? getWhitespace(depSpec, firstSpec.data.operator.location.endIdx, firstSpec.data.version.location.startIdx) : "";
-        patches.push({
-          file,
-          offset: baseOffset + firstSpec.data.operator.location.startIdx,
-          length: lastSpec.location.endIdx - firstSpec.data.operator.location.startIdx,
-          artifacts: [idx],
-          text: `==${whitespace2}${upgradeVersion}`
-        });
+  async refreshLockfiles(lockfileToArtifacts, ctxt, _mode) {
+    await asyncForEach(Object.entries(lockfileToArtifacts), async ([lockfile2, artifacts]) => {
+      const lockfileDir = dirname12(resolve29(this.rootDir, lockfile2));
+      const oldFileContent = await readFile24(resolve29(this.rootDir, lockfile2), "utf-8");
+      let error;
+      if (this.uvLockMatcher(lockfile2)) {
+        const result = await execNeverFail(["uv", "lock"], lockfileDir);
+        error = result.error;
       } else {
-        patches.push({
-          file,
-          offset: baseOffset + parsed.location.endIdx,
-          artifacts: [idx],
-          text: `==${upgradeVersion}`
+        ctxt.statusUpdater?.({
+          status: "error",
+          file: lockfile2,
+          artifacts: i3(artifacts),
+          message: "Unknown lockfile type"
         });
+        return;
       }
-    } else if (parsed.data.versionSpec?.length) {
-      for (const spec of parsed.data.versionSpec) {
-        const operator = spec.data.operator.data;
-        const specVersion = spec.data.version?.data;
-        const whitespace2 = spec.data.version ? getWhitespace(depSpec, spec.data.operator.location.endIdx, spec.data.version.location.startIdx) : "";
-        const patch = operator === ">" ? {
-          text: `>=${whitespace2}${upgradeVersion}`,
-          offset: baseOffset + spec.data.operator.location.startIdx,
-          length: (spec.data.version?.location.endIdx ?? spec.data.operator.location.endIdx) - spec.data.operator.location.startIdx
-        } : operator === "<" ? {
-          text: `<=${whitespace2}${upgradeVersion}`,
-          offset: baseOffset + spec.data.operator.location.startIdx,
-          length: (spec.data.version?.location.endIdx ?? spec.data.operator.location.endIdx) - spec.data.operator.location.startIdx
-        } : operator === "!=" && (specVersion ? pipCompareVersions(specVersion, upgradeVersion) === 0 : true) ? {
-          text: "",
-          offset: baseOffset + spec.data.operator.location.startIdx,
-          length: (spec.data.version?.location.endIdx ?? spec.data.operator.location.endIdx) - spec.data.operator.location.startIdx
-        } : operator === "!=" ? void 0 : {
-          text: upgradeVersion,
-          offset: baseOffset + (spec.data.version?.location.startIdx ?? spec.data.operator.location.endIdx),
-          length: spec.data.version ? spec.data.version.location.endIdx - spec.data.version.location.startIdx : void 0
-        };
-        if (patch) {
-          patches.push({ ...patch, file, artifacts: [idx] });
-        }
-      }
-      const isLowerBounded = parsed.data.versionSpec.some(
-        (spec) => ["~=", "==", "===", ">", ">="].includes(spec.data.operator.data)
-      );
-      if (!isLowerBounded) {
-        const firstSpec = parsed.data.versionSpec[0];
-        const commaSpacing = parsed.data.versionSpec.length > 1 ? getWhitespace(
-          depSpec,
-          parsed.data.versionSpec[0].location.endIdx + 1,
-          parsed.data.versionSpec[1].data.operator.location.startIdx
-        ) : "";
-        patches.push({
-          file,
-          offset: firstSpec.data.operator.location.startIdx,
-          artifacts: [idx],
-          text: `>=${upgradeVersion},${commaSpacing}`
+      if (!error) {
+        const finalFileContent = await readFile24(resolve29(this.rootDir, lockfile2), "utf-8");
+        ctxt.statusUpdater?.({
+          status: "success",
+          file: lockfile2,
+          message: "Lockfile updated",
+          patch: createPatch(lockfile2, oldFileContent, finalFileContent, void 0, void 0, { context: 3 }),
+          artifacts: i3(artifacts)
+        });
+      } else {
+        ctxt.statusUpdater?.({
+          status: "error",
+          file: lockfile2,
+          artifacts: i3(artifacts),
+          message: `Failed to update lockfile: ${error.message ?? "Unknown error"}`
         });
       }
-    } else {
-      patches.push({
-        file,
-        offset: parsed.data.name.location.endIdx,
-        artifacts: [idx],
-        text: `==${upgradeVersion}`
-      });
-    }
-    return patches;
+    });
   }
 };
-function getWhitespace(content, startIdx, endIdx) {
-  const substring = content.substring(startIdx, endIdx);
-  return substring.replace(/#.*$/gm, (match2) => " ".repeat(match2.length));
-}
 function canonicalizePyPIName(name) {
   return (name ?? "").trim().toLowerCase().replaceAll(/[-_.]+/gi, "-");
 }
@@ -222911,8 +223047,8 @@ function satisfiestVersionSpecs(version3, versionSpec) {
 }
 
 // ../fixing-management/src/fixing-management/rubygems/rubygems-socket-upgrade-manager.ts
-import { basename as basename9, dirname as dirname14, relative as relative11, resolve as resolve31 } from "node:path";
-var import_picomatch6 = __toESM(require_picomatch2(), 1);
+import { dirname as dirname14, relative as relative13, resolve as resolve31 } from "node:path";
+var import_picomatch8 = __toESM(require_picomatch2(), 1);
 import assert11 from "node:assert";
 
 // ../fixing-management/src/fixing-management/rubygems/gemfile-utils.ts
@@ -223025,7 +223161,7 @@ var parser = {
 var lang3 = { lexer, parser };
 
 // ../fixing-management/src/fixing-management/rubygems/gemfile-utils.ts
-import { resolve as resolve30, dirname as dirname13, relative as relative10 } from "node:path";
+import { resolve as resolve30, dirname as dirname13, relative as relative12 } from "node:path";
 import { existsSync as existsSync14, readFileSync as readFileSync3 } from "node:fs";
 var booleanQuery = import_good_enough_parser3.query.alt(
   import_good_enough_parser3.query.sym(/^true|false$/, (ctx, { value: value2, offset }) => {
@@ -223133,13 +223269,13 @@ var evalGemfileQuery = import_good_enough_parser3.query.sym("eval_gemfile").join
   ctx.exprEndOffset = void 0;
   if (ctx.depth > 50) {
     logger.warn(
-      `Recursion limit hit while evaluating gemfile: ${relative10(ctx.gemfile.rootDir, resolve30(ctx.gemfile.rootDir, ctx.gemfile.file))}`
+      `Recursion limit hit while evaluating gemfile: ${relative12(ctx.gemfile.rootDir, resolve30(ctx.gemfile.rootDir, ctx.gemfile.file))}`
     );
     return ctx;
   }
   if (pathEvaluated === void 0) return ctx;
   const rootDir = ctx.gemfile.rootDir;
-  const file = relative10(rootDir, resolve30(rootDir, dirname13(ctx.gemfile.file), pathEvaluated));
+  const file = relative12(rootDir, resolve30(rootDir, dirname13(ctx.gemfile.file), pathEvaluated));
   if (!existsSync14(resolve30(rootDir, file))) return ctx;
   const sourceText = readFileSync3(resolve30(rootDir, file), "utf-8");
   const parser2 = import_good_enough_parser3.lang.createLang(lang3);
@@ -223275,12 +223411,209 @@ function parseGemfileLock(content) {
 }
 
 // ../fixing-management/src/fixing-management/rubygems/rubygems-socket-upgrade-manager.ts
-import { readFile as readFile25, writeFile as writeFile8 } from "node:fs/promises";
+import { readFile as readFile25, writeFile as writeFile10 } from "node:fs/promises";
+
+// ../fixing-management/src/fixing-management/rubygems/rubygems-patch-utils.ts
+function createRubygemVersionPatches(gem, idx, upgradeVersion, rangeStyle, statusUpdater) {
+  const patches = [];
+  if (rangeStyle === "pin") {
+    let seenVersionSpec = false;
+    gem.specs.forEach((spec, i7) => {
+      if (spec.type !== "version") return;
+      const evaluated = evaluate4(spec.value);
+      if (!seenVersionSpec) {
+        seenVersionSpec = true;
+        const parsed = parseRubyGemsConstraint(evaluated);
+        if (parsed.operator) {
+          const operatorLoc = findInValue(spec.value, parsed.operator);
+          if (!operatorLoc) {
+            statusUpdater?.({
+              status: "error",
+              file: gem.gemfile.file,
+              artifacts: [idx],
+              message: `Could not find source position of operator`
+            });
+            return;
+          }
+          patches.push({
+            file: operatorLoc.gemfile.file,
+            offset: operatorLoc.offset,
+            length: operatorLoc.text.length,
+            artifacts: [idx],
+            text: "="
+          });
+        }
+        const versionLoc = findInValue(spec.value, parsed.version);
+        if (!versionLoc) {
+          statusUpdater?.({
+            status: "error",
+            file: gem.gemfile.file,
+            artifacts: [idx],
+            message: `Could not find source position of version`
+          });
+          return;
+        }
+        patches.push({
+          file: versionLoc.gemfile.file,
+          offset: versionLoc.offset,
+          length: versionLoc.text.length,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+      } else if (i7 > 0) {
+        patches.push({
+          file: gem.gemfile.file,
+          offset: spec.preceedingCommaOffset,
+          length: (gem.specs[i7 + 1]?.preceedingCommaOffset !== void 0 ? gem.specs[i7 + 1].preceedingCommaOffset : spec.endOfSpecOffset) - spec.preceedingCommaOffset,
+          artifacts: [idx],
+          text: ""
+        });
+      }
+    });
+    if (!seenVersionSpec) {
+      patches.push({
+        file: gem.gemfile.file,
+        offset: gem.endOfNameOffset,
+        artifacts: [idx],
+        text: `, "${upgradeVersion}"`
+      });
+    }
+  } else {
+    let seenVersionSpec = false;
+    let hasLowerBound = false;
+    gem.specs.forEach((spec) => {
+      if (spec.type !== "version") return;
+      seenVersionSpec = true;
+      const evaluated = evaluate4(spec.value);
+      const parsed = parseRubyGemsConstraint(evaluated);
+      const operatorStr = parsed.operator;
+      if (!operatorStr) {
+        hasLowerBound = true;
+        const versionLoc2 = findInValue(spec.value, parsed.version);
+        if (versionLoc2) {
+          patches.push({
+            file: versionLoc2.gemfile.file,
+            offset: versionLoc2.offset,
+            length: versionLoc2.text.length,
+            artifacts: [idx],
+            text: upgradeVersion
+          });
+        }
+        return;
+      }
+      const operatorLoc = findInValue(spec.value, operatorStr);
+      if (!operatorLoc) {
+        statusUpdater?.({
+          status: "error",
+          file: gem.gemfile.file,
+          artifacts: [idx],
+          message: `Could not find source position of operator '${operatorStr}'`
+        });
+        return;
+      }
+      const versionLoc = findInValue(spec.value, parsed.version);
+      if (!versionLoc) {
+        statusUpdater?.({
+          status: "error",
+          file: gem.gemfile.file,
+          artifacts: [idx],
+          message: `Could not find source position of version '${parsed.version}'`
+        });
+        return;
+      }
+      if (operatorStr === ">") {
+        hasLowerBound = true;
+        patches.push({
+          file: operatorLoc.gemfile.file,
+          offset: operatorLoc.offset,
+          length: operatorLoc.text.length,
+          artifacts: [idx],
+          text: ">="
+        });
+        patches.push({
+          file: versionLoc.gemfile.file,
+          offset: versionLoc.offset,
+          length: versionLoc.text.length,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+      } else if (operatorStr === "<" && rubygemsCompareVersions(parsed.version, upgradeVersion) <= 0) {
+        patches.push({
+          file: operatorLoc.gemfile.file,
+          offset: operatorLoc.offset,
+          length: operatorLoc.text.length,
+          artifacts: [idx],
+          text: "<="
+        });
+        patches.push({
+          file: versionLoc.gemfile.file,
+          offset: versionLoc.offset,
+          length: versionLoc.text.length,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+      } else if (operatorStr === "<=" && rubygemsCompareVersions(parsed.version, upgradeVersion) < 0) {
+        patches.push({
+          file: versionLoc.gemfile.file,
+          offset: versionLoc.offset,
+          length: versionLoc.text.length,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+      } else if (operatorStr === "!=" && rubygemsCompareVersions(parsed.version, upgradeVersion) === 0) {
+        hasLowerBound = true;
+        patches.push({
+          file: operatorLoc.gemfile.file,
+          offset: operatorLoc.offset,
+          length: operatorLoc.text.length,
+          artifacts: [idx],
+          text: "="
+        });
+        patches.push({
+          file: versionLoc.gemfile.file,
+          offset: versionLoc.offset,
+          length: versionLoc.text.length,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+      } else if ([">=", "=", "~>"].includes(operatorStr)) {
+        hasLowerBound = true;
+        patches.push({
+          file: versionLoc.gemfile.file,
+          offset: versionLoc.offset,
+          length: versionLoc.text.length,
+          artifacts: [idx],
+          text: upgradeVersion
+        });
+      }
+    });
+    if (!seenVersionSpec) {
+      patches.push({
+        file: gem.gemfile.file,
+        offset: gem.endOfNameOffset,
+        artifacts: [idx],
+        text: `, "${upgradeVersion}"`
+      });
+      hasLowerBound = true;
+    }
+    if (!hasLowerBound) {
+      patches.push({
+        file: gem.gemfile.file,
+        offset: gem.endOfNameOffset,
+        artifacts: [idx],
+        text: `, ">= ${upgradeVersion}"`
+      });
+    }
+  }
+  return patches;
+}
+
+// ../fixing-management/src/fixing-management/rubygems/rubygems-socket-upgrade-manager.ts
 var RubygemsSocketUpgradeManager = class {
   constructor(rootDir) {
     this.rootDir = rootDir;
   }
-  gemfileLockMatcher = (0, import_picomatch6.default)("Gemfile.lock");
+  gemfileLockMatcher = (0, import_picomatch8.default)("Gemfile.lock", { basename: true });
   async applySocketArtifactUpgrades(ctxt) {
     const directPatches = [];
     const transitivePatches = [];
@@ -223289,7 +223622,8 @@ var RubygemsSocketUpgradeManager = class {
       const artifact = ctxt.artifacts[idx];
       assert11(artifact.name);
       for (const mf of artifact.manifestFiles ?? []) {
-        if (this.gemfileLockMatcher(basename9(mf.file))) {
+        if (this.gemfileLockMatcher(mf.file)) {
+          if (ctxt.wsFilter && !ctxt.wsFilter(dirname14(mf.file) || ".")) continue;
           const lockfileContent = await readFile25(resolve31(this.rootDir, mf.file), "utf-8");
           const gemfileLock = parseGemfileLock(lockfileContent);
           if (!gemfileLock.gems.has(artifact.name)) {
@@ -223301,7 +223635,7 @@ var RubygemsSocketUpgradeManager = class {
             });
             continue;
           }
-          const gemfileName = relative11(this.rootDir, resolve31(this.rootDir, (dirname14(mf.file), "Gemfile")));
+          const gemfileName = relative13(this.rootDir, resolve31(this.rootDir, dirname14(mf.file), "Gemfile"));
           gemfileToLockfile.set(resolve31(this.rootDir, gemfileName), resolve31(this.rootDir, mf.file));
           if (gemfileLock.directDependencies.has(artifact.name)) {
             directPatches.push(...await this.handleGemfile(gemfileName, idx, upgradeVersion, ctxt));
@@ -223367,18 +223701,18 @@ var RubygemsSocketUpgradeManager = class {
     });
     await asyncForEach(Array.from(restoreMap), async ([path2, { content, artifacts }]) => {
       try {
-        await writeFile8(path2, content);
+        await writeFile10(path2, content);
         ctxt.statusUpdater?.({
           status: "success",
-          file: relative11(this.rootDir, path2),
-          message: "Restored Gemfile",
+          file: relative13(this.rootDir, path2),
+          message: "File restored",
           artifacts: i3(artifacts)
         });
       } catch (e) {
         ctxt.statusUpdater?.({
           status: "error",
-          file: relative11(this.rootDir, path2),
-          message: "Could not restore Gemfile",
+          file: relative13(this.rootDir, path2),
+          message: "Could not restore file",
           artifacts: i3(artifacts)
         });
       }
@@ -223434,7 +223768,7 @@ var RubygemsSocketUpgradeManager = class {
         }
         const evaluatedSpecs = evaluatedSpecOpts.filter((spec) => spec !== void 0);
         if (rubygemsVersionSatisfiesConstraints(version3, evaluatedSpecs)) {
-          patches.push(...this.createRubygemVersionPatches(gem, idx, upgradeVersion, ctxt));
+          patches.push(...createRubygemVersionPatches(gem, idx, upgradeVersion, ctxt.rangeStyle, ctxt.statusUpdater));
         }
       }
       if (patches.length === 0) {
@@ -223455,172 +223789,6 @@ var RubygemsSocketUpgradeManager = class {
     }
     return patches;
   }
-  createRubygemVersionPatches(gem, idx, upgradeVersion, ctxt) {
-    const patches = [];
-    if (ctxt.rangeStyle === "pin") {
-      let seenVersionSpec = false;
-      gem.specs.forEach((spec, i7) => {
-        if (spec.type !== "version") return;
-        const evaluated = evaluate4(spec.value);
-        if (!seenVersionSpec) {
-          seenVersionSpec = true;
-          const parsed = parseRubyGemsConstraint(evaluated);
-          if (parsed.operator) {
-            const operatorLoc = findInValue(spec.value, parsed.operator);
-            if (!operatorLoc) {
-              ctxt.statusUpdater?.({
-                status: "error",
-                file: gem.gemfile.file,
-                artifacts: [idx],
-                message: `Could not find source position of operator`
-              });
-              return;
-            }
-            patches.push({
-              file: operatorLoc.gemfile.file,
-              offset: operatorLoc.offset,
-              length: operatorLoc.text.length,
-              artifacts: [idx],
-              text: "="
-            });
-          }
-          const versionLoc = findInValue(spec.value, parsed.version);
-          if (!versionLoc) {
-            ctxt.statusUpdater?.({
-              status: "error",
-              file: gem.gemfile.file,
-              artifacts: [idx],
-              message: `Could not find source position of version`
-            });
-            return;
-          }
-          patches.push({
-            file: versionLoc.gemfile.file,
-            offset: versionLoc.offset,
-            length: versionLoc.text.length,
-            artifacts: [idx],
-            text: upgradeVersion
-          });
-        } else if (i7 > 0) {
-          patches.push({
-            file: gem.gemfile.file,
-            offset: spec.preceedingCommaOffset,
-            length: (gem.specs[i7 + 1]?.preceedingCommaOffset !== void 0 ? gem.specs[i7 + 1].preceedingCommaOffset : spec.endOfSpecOffset) - spec.preceedingCommaOffset,
-            artifacts: [idx],
-            text: ""
-          });
-        }
-      });
-      if (!seenVersionSpec) {
-        patches.push({
-          file: gem.gemfile.file,
-          offset: gem.endOfNameOffset,
-          artifacts: [idx],
-          text: `, "${upgradeVersion}"`
-        });
-      }
-    } else {
-      let seenVersionSpec = false;
-      let hasLowerBound = false;
-      gem.specs.forEach((spec, i7) => {
-        if (spec.type !== "version") return;
-        seenVersionSpec = true;
-        const evaluated = evaluate4(spec.value);
-        const parsed = parseRubyGemsConstraint(evaluated);
-        const operatorStr = parsed.operator;
-        if (operatorStr) {
-          const operatorLoc = findInValue(spec.value, operatorStr);
-          if (!operatorLoc) {
-            ctxt.statusUpdater?.({
-              status: "error",
-              file: gem.gemfile.file,
-              artifacts: [idx],
-              message: `Could not find source position of operator '${operatorStr}'`
-            });
-            return;
-          }
-          switch (operatorStr) {
-            case ">": {
-              hasLowerBound = true;
-              patches.push({
-                file: operatorLoc.gemfile.file,
-                offset: operatorLoc.offset,
-                length: operatorLoc.text.length,
-                artifacts: [idx],
-                text: ">="
-              });
-              break;
-            }
-            case "<": {
-              if (rubygemsCompareVersions(upgradeVersion, parsed.version) >= 0) {
-                patches.push({
-                  file: operatorLoc.gemfile.file,
-                  offset: operatorLoc.offset,
-                  length: operatorLoc.text.length,
-                  artifacts: [idx],
-                  text: "<="
-                });
-              }
-              break;
-            }
-            case "!=": {
-              if (rubygemsCompareVersions(upgradeVersion, parsed.version) === 0) {
-                patches.push({
-                  file: gem.gemfile.file,
-                  offset: spec.preceedingCommaOffset,
-                  length: (gem.specs[i7 + 1]?.preceedingCommaOffset !== void 0 ? gem.specs[i7 + 1].preceedingCommaOffset : spec.endOfSpecOffset) - spec.preceedingCommaOffset,
-                  artifacts: [idx],
-                  text: ""
-                });
-              }
-              return;
-            }
-            default: {
-              hasLowerBound = true;
-              break;
-            }
-          }
-        } else {
-          hasLowerBound = true;
-        }
-        const versionLoc = findInValue(spec.value, parsed.version);
-        if (!versionLoc) {
-          ctxt.statusUpdater?.({
-            status: "error",
-            file: gem.gemfile.file,
-            artifacts: [idx],
-            message: `Could not find source position of version '${parsed.version}'`
-          });
-          return;
-        }
-        patches.push({
-          file: versionLoc.gemfile.file,
-          offset: versionLoc.offset,
-          length: versionLoc.text.length,
-          artifacts: [idx],
-          text: upgradeVersion
-        });
-      });
-      if (!seenVersionSpec) {
-        patches.push({
-          file: gem.gemfile.file,
-          offset: gem.endOfNameOffset,
-          artifacts: [idx],
-          text: `, "${upgradeVersion}"`
-        });
-        hasLowerBound = true;
-      }
-      if (!hasLowerBound) {
-        patches.push({
-          file: gem.gemfile.file,
-          offset: gem.endOfNameOffset,
-          artifacts: [idx],
-          text: `, >= "${upgradeVersion}"`
-        });
-      }
-    }
-    return patches;
-  }
   /**
    * Create a patch to add a gem dependency at the bottom of a Gemfile
    */
@@ -223710,7 +223878,7 @@ var import_lodash7 = __toESM(require_lodash(), 1);
 var import_micromatch2 = __toESM(require_micromatch(), 1);
 import { existsSync as existsSync15 } from "fs";
 import { access as access4, cp as cp2, readdir as readdir4, stat as stat3 } from "fs/promises";
-import { basename as basename10, join as join13, relative as relative12, resolve as resolve32 } from "path";
+import { basename as basename6, join as join13, relative as relative14, resolve as resolve32 } from "path";
 var { uniq: uniq2 } = import_lodash7.default;
 var { isMatch: isMatch2 } = import_micromatch2.default;
 function* parents2(dir) {
@@ -223723,7 +223891,7 @@ function* parents2(dir) {
 }
 function findParent2(dir, predicate, wholePath) {
   for (const parent2 of parents2(dir))
-    if (predicate(wholePath ? parent2 : basename10(parent2)))
+    if (predicate(wholePath ? parent2 : basename6(parent2)))
       return parent2;
 }
 
@@ -224601,9 +224769,9 @@ async function findReachabilityAnalyzersDockerImage(ecosystem) {
 // ../other-modules-communicator/src/other-modules-communicator.ts
 var import_lodash12 = __toESM(require_lodash(), 1);
 import { rmSync } from "fs";
-import { mkdir, readFile as readFile29, writeFile as writeFile9 } from "fs/promises";
+import { mkdir, readFile as readFile29, writeFile as writeFile11 } from "fs/promises";
 import { platform } from "os";
-import { join as join20, posix as posix2, relative as relative13, sep as sep3 } from "path";
+import { join as join20, posix as posix2, relative as relative15, sep as sep3 } from "path";
 
 // ../utils/src/tmp-file.ts
 import { rm, mkdtemp } from "fs/promises";
@@ -224921,7 +225089,7 @@ var OtherModulesCommunicator = class {
     }
     if (cmd === "getWorkspacePathsMultipleSubprojects")
       return `${_cmdStr()}: (${packageManagerName}) ${abbreviateList(subprojects, 10)}`;
-    return `${_cmdStr()}: (${packageManagerName}) ${relative13(this.rootWorkingDir, subprojectPath) || "."}`;
+    return `${_cmdStr()}: (${packageManagerName}) ${relative15(this.rootWorkingDir, subprojectPath) || "."}`;
   }
   getSpinnerTextForReachabilityAnalyzerCommand(cmd, ecosystem, subprojectPath, workspacePath) {
     function _cmdStr() {
@@ -224934,10 +225102,10 @@ var OtherModulesCommunicator = class {
           return "Running reachability analysis on package registry package";
       }
     }
-    return `${_cmdStr()}: (${ecosystem}) ${relative13(this.rootWorkingDir, join20(subprojectPath, workspacePath)) || "."}`;
+    return `${_cmdStr()}: (${ecosystem}) ${relative15(this.rootWorkingDir, join20(subprojectPath, workspacePath)) || "."}`;
   }
   getProjectPath(subprojectPath) {
-    return this.options.runWithoutDocker ? subprojectPath : posix2.resolve("/project", relative13(this.rootWorkingDir, subprojectPath).replaceAll(sep3, posix2.sep));
+    return this.options.runWithoutDocker ? subprojectPath : posix2.resolve("/project", relative15(this.rootWorkingDir, subprojectPath).replaceAll(sep3, posix2.sep));
   }
   // options shared between package-management and reachability-analyzers
   commonOptions = once7(
@@ -225077,7 +225245,7 @@ var OtherModulesCommunicator = class {
       "getWorkspacePathsMultipleSubprojects",
       packageManagerName,
       this.rootWorkingDir,
-      subprojectPaths.map((subprojectPath) => relative13(this.rootWorkingDir, subprojectPath) || ".")
+      subprojectPaths.map((subprojectPath) => relative15(this.rootWorkingDir, subprojectPath) || ".")
     );
   }
   async getProvidedArgsForSubproject(subprojectPath, providedOptions) {
@@ -225087,7 +225255,7 @@ var OtherModulesCommunicator = class {
         const providerFileName = "provider.json";
         const providerFileThisProcess = join20(tmpDir, providerFileName);
         const providerFileOtherProcess = this.options.runWithoutDocker ? providerFileThisProcess : posix2.join(TMP_DIR_IN_DOCKER, providerFileName);
-        await writeFile9(providerFileThisProcess, JSON.stringify(providedOptions.provider));
+        await writeFile11(providerFileThisProcess, JSON.stringify(providedOptions.provider));
         return ["--provider", providerFileOtherProcess];
       } else {
         return ["--as-provider"];
@@ -225131,7 +225299,7 @@ var OtherModulesCommunicator = class {
     const inputFileName = `${v4_default()}-runReachabilityAnalysis-input.json`;
     const inputFileThisProcess = join20(tmpDir, inputFileName);
     const inputFileOtherProcess = this.options.runWithoutDocker ? inputFileThisProcess : posix2.join(TMP_DIR_IN_DOCKER, inputFileName);
-    await writeFile9(
+    await writeFile11(
       inputFileThisProcess,
       JSON.stringify({
         workspaceData,
@@ -225207,7 +225375,7 @@ function abbreviateList(items, maxItems) {
 import { resolve as resolve35 } from "path";
 
 // ../utils/src/dashboard-api/coana-api.ts
-import { writeFile as writeFile10 } from "fs/promises";
+import { writeFile as writeFile12 } from "fs/promises";
 var import_artifact = __toESM(require_artifact_client2(), 1);
 var coanaAPI = process.env.PUBLIC_API_URL ?? "https://app.coana.tech/api/v1";
 var axiosClient2 = getAxiosClient();
@@ -225337,7 +225505,7 @@ async function sendToDashboard(report, writeReportToFile, reportId, apiKey) {
   try {
     if (writeReportToFile) {
       logger.info("Writing report to dashboard-report.json");
-      await writeFile10("dashboard-report.json", JSON.stringify(report, null, 2));
+      await writeFile12("dashboard-report.json", JSON.stringify(report, null, 2));
       if (process.env.GITHUB_ACTIONS === "true") {
         logger.info("uploading dashboard-report.json as an artifact");
         (0, import_artifact.create)().uploadArtifact("dashboard-report", ["dashboard-report.json"], process.cwd());
@@ -226410,15 +226578,15 @@ function getVulnerabilitiesFromReport(report) {
 var import_packageurl_js = __toESM(require_packageurl_js(), 1);
 
 // dist/cli-upgrade-purl.js
-import { dirname as dirname17, join as join23, relative as relative16, resolve as resolve38 } from "node:path";
+import { join as join23, relative as relative18, resolve as resolve38 } from "node:path";
 
 // ../project-management/src/project-management/project-manager.ts
-import { relative as relative15, resolve as resolve37 } from "path";
+import { relative as relative17, resolve as resolve37 } from "path";
 
 // ../project-management/src/project-management/ecosystem-management/ecosystem-manager.ts
 var import_micromatch3 = __toESM(require_micromatch2(), 1);
 import { readdir as readdir6 } from "fs/promises";
-import { join as join22, relative as relative14, resolve as resolve36 } from "path";
+import { join as join22, relative as relative16, resolve as resolve36 } from "path";
 
 // ../project-management/src/project-management/ecosystem-management/ecosystem-specs.ts
 import { existsSync as existsSync19 } from "fs";
@@ -226556,7 +226724,7 @@ var EcosystemManager = class _EcosystemManager {
           const resolvedProjectDir = resolve36(mainProjectDir, relativeProjectDir);
           if (config3.includeDirs.length > 0)
             workspacePaths = workspacePaths.filter(
-              (workspacePath) => isMatch3(relative14(mainProjectDir, join22(resolvedProjectDir, workspacePath)), config3.includeDirs)
+              (workspacePath) => isMatch3(relative16(mainProjectDir, join22(resolvedProjectDir, workspacePath)), config3.includeDirs)
             );
           workspacePaths.filter((workspacePath) => workspacePath !== ".").forEach((workspacePath) => projectDirsAlreadyCovered.push(resolve36(resolvedProjectDir, workspacePath)));
           if (workspacePaths.length > 0)
@@ -226597,7 +226765,7 @@ var EcosystemManager = class _EcosystemManager {
         return typeof packageManagerNameProvider === "function" ? await packageManagerNameProvider(projectDir) : packageManagerNameProvider;
       } catch (e) {
         if (e instanceof InvalidProjectFileError) {
-          const projectDirRelative = relative14(mainProjectDir, projectDir) || ".";
+          const projectDirRelative = relative16(mainProjectDir, projectDir) || ".";
           logger.error(
             `Invalid ${e.fileName} file in ${projectDirRelative}. If the project is intentionally invalid, and you want Coana to skip it in the scan, then add "--exclude-dirs ${projectDirRelative}" to the Coana command.`
           );
@@ -226689,7 +226857,7 @@ function shouldIgnoreDir(dir) {
   return dirsToIgnore.includes(dir);
 }
 function shouldIgnoreDueToExcludeDirsOrChangedFiles({ mainProjectDir, excludeDirs, changedFiles }, fullPath) {
-  const relativeToProjectDir = relative14(mainProjectDir, fullPath) || ".";
+  const relativeToProjectDir = relative16(mainProjectDir, fullPath) || ".";
   return !!(isMatch3(relativeToProjectDir, excludeDirs) || changedFiles && !changedFiles.some((changedFile) => changedFile.startsWith(relativeToProjectDir)));
 }
 
@@ -226737,7 +226905,7 @@ var ProjectManager = class _ProjectManager {
       if (subprojects.length === 0) return void 0;
       return `  ${ecosystem}:
 ${subprojects.map(
-        ({ subprojectPath, workspacePaths }) => `    ${relative15(this.projectDir, subprojectPath) || ". (Root)"}${workspacePaths.length > 1 || workspacePaths[0] !== "." ? ` (${workspacePaths.length} ${ecosystem === "MAVEN" ? "modules" : "workspaces"})` : ""}`
+        ({ subprojectPath, workspacePaths }) => `    ${relative17(this.projectDir, subprojectPath) || ". (Root)"}${workspacePaths.length > 1 || workspacePaths[0] !== "." ? ` (${workspacePaths.length} ${ecosystem === "MAVEN" ? "modules" : "workspaces"})` : ""}`
       ).join("\n")}`;
     }).filter((line) => line).join("\n");
     const detailsString = Object.entries(this.ecosystemToEcosystemManager).map(([ecosystem, manager]) => {
@@ -226745,7 +226913,7 @@ ${subprojects.map(
       if (subprojects.length === 0) return void 0;
       const subprojectsString = subprojects.map(({ subprojectPath, workspacePaths, packageManagerName }) => {
         if (workspacePaths.length === 1 && workspacePaths[0] === ".") return void 0;
-        return `    ${relative15(this.projectDir, subprojectPath) || ". (Root)"}
+        return `    ${relative17(this.projectDir, subprojectPath) || ". (Root)"}
 ${workspacePaths.map((ws) => `      ${ws === "." ? ". (Root)" : ws} - ${packageManagerName}`).join("\n")}`;
       }).filter((line) => line).join("\n");
       if (!subprojectsString) return void 0;
@@ -226840,7 +227008,7 @@ function assertDefined(value2) {
 }
 
 // dist/cli-upgrade-purl.js
-var import_picomatch7 = __toESM(require_picomatch2(), 1);
+var import_picomatch9 = __toESM(require_picomatch2(), 1);
 var ECOSYSTEMS_WITH_SOCKET_UPGRADES = ["NPM", "MAVEN", "NUGET", "GO", "RUST", "PIP", "RUBYGEMS"];
 async function upgradePurl(rootDir, upgrades, artifacts, options, logFile, cliFixRunId) {
   if (options.rangeStyle && options.rangeStyle !== "pin") {
@@ -226885,16 +227053,6 @@ ${Array.from(upgrades).map(([idx, upgradeVersion]) => `	${prettyPrintPurlUpgrade
           }
           ecosystemToSocketArtifactUpgrades.get(ecosystem).set(idx, upgradeVersion);
         }
-        const includeMatchers2 = options.include?.map((s6) => (0, import_picomatch7.default)(s6 || "."));
-        const excludeMatchers2 = options.exclude?.map((s6) => (0, import_picomatch7.default)(s6 || "."));
-        for (const artifact of artifacts.filter((a4) => a4.type === "npm" /* NPM */)) {
-          artifact.manifestFiles = artifact.manifestFiles?.filter((mf) => {
-            const dir = dirname17(mf.file) || ".";
-            const shouldInclude = !includeMatchers2 || includeMatchers2.some((matcher) => matcher(dir));
-            const shouldExclude = excludeMatchers2?.some((matcher) => matcher(dir)) ?? false;
-            return shouldInclude && !shouldExclude;
-          });
-        }
         let anyErrors = false;
         for (const [ecosystem, upgrades2] of ecosystemToSocketArtifactUpgrades) {
           if (options.rangeStyle && !["NPM", "MAVEN", "NUGET", "RUST", "PIP", "RUBYGEMS"].includes(ecosystem)) {
@@ -226908,7 +227066,7 @@ ${Array.from(upgrades).map(([idx, upgradeVersion]) => `	${prettyPrintPurlUpgrade
               warn: "\u26A0\uFE0F",
               error: "\u274C"
             };
-            logger.info(`${statusIcons[update2.status]} ${update2.message} \u2500 ${relative16(rootDir, resolve38(rootDir, update2.file))}`);
+            logger.info(`${statusIcons[update2.status]} ${update2.message} \u2500 ${relative18(rootDir, resolve38(rootDir, update2.file))}`);
             update2.artifacts.forEach((idx, i7) => {
               logger.info(`${" ".repeat(3)}${i7 === update2.artifacts.length - 1 ? "\u2514\u2500" : "\u251C\u2500"} ${prettyPrintSocketFactArtifactUpgrade(artifacts[idx], upgrades2.get(idx))}`);
             });
@@ -226925,6 +227083,10 @@ ${Array.from(upgrades).map(([idx, upgradeVersion]) => `	${prettyPrintPurlUpgrade
             upgrades: upgrades2,
             artifacts,
             rangeStyle: options.rangeStyle,
+            // Note! picomatch
+            wsFilter: (0, import_picomatch9.default)(options.include?.map((s6) => s6 || ".") ?? [".", "**"], {
+              ignore: options.exclude?.map((s6) => s6 || ".")
+            }),
             statusUpdater
           };
           await applySocketUpgrades(ecosystem, rootDir, ctxt);
@@ -226957,17 +227119,13 @@ ${Array.from(upgrades).map(([idx, upgradeVersion]) => `	${prettyPrintPurlUpgrade
     if (supportedSubprojects.length === 0) {
       throw new Error(`No supported projects found in ${rootDir}.`);
     }
-    const includeMatchers = options.include?.map((s6) => (0, import_picomatch7.default)(s6 || "."));
-    const excludeMatchers = options.exclude?.map((s6) => (0, import_picomatch7.default)(s6 || "."));
+    const wsFilter = (0, import_picomatch9.default)(options.include?.map((s6) => s6 || ".") ?? [".", "**"], {
+      ignore: options.exclude?.map((s6) => s6 || ".")
+    });
     const subprojectPromiseQueue = new PromiseQueue(Number(options.concurrency));
     supportedSubprojects.forEach((subproject) => {
       subprojectPromiseQueue.enqueueTask(async () => {
-        const workspacePathsMatchingGlob = subproject.workspacePaths.filter((wsPath) => {
-          const relPath = relative16(rootDir, resolve38(rootDir, subproject.subprojectPath, wsPath)) || ".";
-          const shouldInclude = !includeMatchers || includeMatchers.some((matcher) => matcher(relPath));
-          const shouldExclude = excludeMatchers?.some((matcher) => matcher(relPath)) ?? false;
-          return shouldInclude && !shouldExclude;
-        });
+        const workspacePathsMatchingGlob = subproject.workspacePaths.filter((wsPath) => wsFilter(relative18(rootDir, resolve38(rootDir, subproject.subprojectPath, wsPath)) || "."));
         if (workspacePathsMatchingGlob.length === 0)
           return;
         const filterDescription = options.include !== void 0 || options.exclude !== void 0 ? `matching filters ${options.include ? `include: [${options.include.join(", ")}]` : ""}${options.include && options.exclude ? " " : ""}${options.exclude ? `exclude: [${options.exclude.join(", ")}]` : ""}` : "";
@@ -227009,7 +227167,7 @@ ${workspacePathsMatchingGlob.map((wsPath) => `	${wsPath}`).join("\n")}`);
           logger.info(`No dependencies matching upgrade specs found for subproject ${subproject.subprojectPath}`);
           return;
         }
-        await applySecurityFixes(subproject.packageManagerName, rootDir, relative16(rootDir, subproject.subprojectPath) || ".", otherModulesCommunicator, workspaceToFixes, fixingData, signalFixApplied);
+        await applySecurityFixes(subproject.packageManagerName, rootDir, relative18(rootDir, subproject.subprojectPath) || ".", otherModulesCommunicator, workspaceToFixes, fixingData, signalFixApplied);
       });
     });
     await subprojectPromiseQueue.onIdle();
@@ -227024,22 +227182,22 @@ ${vulnerabilityFixes.map((fix) => `	${fix.dependencyName} from ${fix.currentVers
 };
 
 // dist/internal/socket-mode-helpers-socket-dependency-trees.js
-var import_picomatch8 = __toESM(require_picomatch2(), 1);
-import { basename as basename11, dirname as dirname18, join as join24, sep as sep5 } from "path";
+var import_picomatch10 = __toESM(require_picomatch2(), 1);
+import { basename as basename7, dirname as dirname17, join as join24, sep as sep5 } from "path";
 var REQUIREMENTS_FILES_SEARCH_DEPTH2 = 3;
 function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonProjects) {
   switch (ecosystem) {
     case "NPM": {
-      const base = basename11(manifestPath);
-      const dir = dirname18(manifestPath);
+      const base = basename7(manifestPath);
+      const dir = dirname17(manifestPath);
       return base === "package.json" ? dir || "." : void 0;
     }
     case "MAVEN": {
       return ".";
     }
     case "PIP": {
-      const base = basename11(manifestPath);
-      const dir = dirname18(manifestPath);
+      const base = basename7(manifestPath);
+      const dir = dirname17(manifestPath);
       const workspaceDir = dir === "" ? "." : dir;
       if (properPythonProjects.includes(workspaceDir)) {
         return workspaceDir;
@@ -227062,15 +227220,15 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
       return ".";
     }
     case "RUST": {
-      return dirname18(manifestPath) || ".";
+      return dirname17(manifestPath) || ".";
     }
     case "GO": {
-      const base = basename11(manifestPath);
-      const dir = dirname18(manifestPath);
+      const base = basename7(manifestPath);
+      const dir = dirname17(manifestPath);
       return base === "go.mod" ? dir || "." : void 0;
     }
     case "RUBYGEMS": {
-      return dirname18(manifestPath) || ".";
+      return dirname17(manifestPath) || ".";
     }
     default: {
       return ".";
@@ -227080,9 +227238,9 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
 function inferProjectFromManifestPath(ecosystem, manifestPath) {
   switch (ecosystem) {
     case "NPM": {
-      const filename = basename11(manifestPath);
+      const filename = basename7(manifestPath);
       if (["package-lock.json", "pnpm-lock.yaml", "pnpm-lock.yml", "yarn.lock"].includes(filename)) {
-        return dirname18(manifestPath) || ".";
+        return dirname17(manifestPath) || ".";
       }
       return void 0;
     }
@@ -227147,8 +227305,8 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash,
     ];
     const allFiles = await getFilesRelative(rootWorkingDirectory, venvExcludes);
     for (const file of allFiles) {
-      const base = basename11(file);
-      const workspaceDir = dirname18(file) || ".";
+      const base = basename7(file);
+      const workspaceDir = dirname17(file) || ".";
       if (base === "pyproject.toml" || base === "setup.py" && await isSetupPySetuptools(join24(rootWorkingDirectory, file))) {
         if (!properPythonProjects.includes(workspaceDir)) {
           properPythonProjects.push(workspaceDir);
@@ -227172,11 +227330,11 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash,
       const manifestFiles = [];
       switch (ecosystem) {
         case "MAVEN": {
-          manifestFiles.push(...(await getFilesRelative(rootWorkingDirectory)).filter((file) => (0, import_picomatch8.default)("{{*-*.,}pom{.xml,},gradle.lockfile}")(basename11(file))));
+          manifestFiles.push(...(await getFilesRelative(rootWorkingDirectory)).filter((file) => (0, import_picomatch10.default)("{{*-*.,}pom{.xml,},gradle.lockfile}")(basename7(file))));
           break;
         }
         case "NUGET": {
-          manifestFiles.push(...(await getFilesRelative(rootWorkingDirectory)).filter((file) => (0, import_picomatch8.default)("{*.csproj,packages.lock.json}")(basename11(file))));
+          manifestFiles.push(...(await getFilesRelative(rootWorkingDirectory)).filter((file) => (0, import_picomatch10.default)("{*.csproj,packages.lock.json}")(basename7(file))));
           break;
         }
         case "PIP": {
@@ -227495,7 +227653,7 @@ function prettyApplyFixesTo(applyFixesToOption) {
 
 // dist/cli-core.js
 import { writeFileSync as writeFileSync3 } from "fs";
-import { mkdir as mkdir2, writeFile as writeFile12 } from "fs/promises";
+import { mkdir as mkdir2, writeFile as writeFile14 } from "fs/promises";
 
 // ../../node_modules/.pnpm/kleur@4.1.5/node_modules/kleur/index.mjs
 var FORCE_COLOR;
@@ -227600,7 +227758,7 @@ var kleur_default = $;
 // dist/cli-core.js
 var import_lodash15 = __toESM(require_lodash(), 1);
 import os from "os";
-import { join as join26, relative as relative17, resolve as resolve40 } from "path";
+import { join as join26, relative as relative19, resolve as resolve40 } from "path";
 
 // ../utils/src/dashboard-api/shared-api.ts
 var DashboardAPI = class {
@@ -227946,7 +228104,7 @@ var DEFAULT_REPORT_FILENAME_BASE = "coana-report";
 // dist/internal/exclude-dirs-from-configuration-files.js
 import { existsSync as existsSync20 } from "fs";
 import { readFile as readFile31 } from "fs/promises";
-import { basename as basename12, resolve as resolve39 } from "path";
+import { basename as basename8, resolve as resolve39 } from "path";
 var import_yaml2 = __toESM(require_dist12(), 1);
 async function inferExcludeDirsFromConfigurationFiles(rootWorkingDir) {
   const socketYmlConfigFile = resolve39(rootWorkingDir, "socket.yml");
@@ -227966,7 +228124,7 @@ async function inferExcludeDirsFromSocketConfig(socketConfigFile) {
       return void 0;
     if (ignorePaths.some((ignorePath) => ignorePath.includes("!")))
       return void 0;
-    logger.info(`Inferring paths to exclude based on Socket config file: ${basename12(socketConfigFile)}`);
+    logger.info(`Inferring paths to exclude based on Socket config file: ${basename8(socketConfigFile)}`);
     return config3.projectIgnorePaths;
   } catch (e) {
     return void 0;
@@ -229902,10 +230060,10 @@ function compareDocumentPosition(nodeA, nodeB) {
 function uniqueSort(nodes) {
   nodes = nodes.filter((node, i7, arr) => !arr.includes(node, i7 + 1));
   nodes.sort((a4, b) => {
-    const relative18 = compareDocumentPosition(a4, b);
-    if (relative18 & DocumentPosition.PRECEDING) {
+    const relative20 = compareDocumentPosition(a4, b);
+    if (relative20 & DocumentPosition.PRECEDING) {
       return -1;
-    } else if (relative18 & DocumentPosition.FOLLOWING) {
+    } else if (relative20 & DocumentPosition.FOLLOWING) {
       return 1;
     }
     return 0;
@@ -241768,7 +241926,7 @@ import { join as join25 } from "path";
 
 // ../utils/src/download-utils.ts
 import { existsSync as existsSync21 } from "fs";
-import { writeFile as writeFile11 } from "fs/promises";
+import { writeFile as writeFile13 } from "fs/promises";
 
 // ../utils/src/maven-utils.ts
 var { memoize: memoize3 } = import_lodash14.default;
@@ -243135,7 +243293,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.12.65";
+var version2 = "14.12.67";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -243329,8 +243487,7 @@ var CliCore = class {
         otherModulesCommunicator,
         this.rootWorkingDirectory,
         ecosystem,
-        // TODO: Add RUBYGEMS to the list when we support it.
-        ["NPM", "PIP", "GO", "MAVEN", "NUGET", "RUST"].includes(ecosystem) && isEcosystemToAnalyze,
+        ["NPM", "PIP", "GO", "MAVEN", "NUGET", "RUST", "RUBYGEMS"].includes(ecosystem) && isEcosystemToAnalyze,
         (workspaceName, workspaceNumber, totalWorkspacesForCurrentEcosystem) => {
           currentOverallWorkspace++;
           logger.info(bold(`Analyzing ecosystem ${ecosystem} for project ${workspaceName} (${workspaceNumber}/${totalWorkspacesForCurrentEcosystem}) - Overall progress: Project ${currentOverallWorkspace}/${totalWorkspaces}, ecosystem ${ecosystemIndex + 1}/${totalEcosystems}`));
@@ -243341,7 +243498,7 @@ var CliCore = class {
     await this.shareLogIfAnalysisError(vulnsWithResults);
     const socketReport = toSocketFactsSocketDependencyTree(artifacts, vulnsWithResults, this.reportId);
     const outputFile = resolve40(this.options.socketMode);
-    await writeFile12(outputFile, JSON.stringify(socketReport, null, 2));
+    await writeFile14(outputFile, JSON.stringify(socketReport, null, 2));
     logger.info(kleur_default.green(`Socket report written to: ${outputFile}`));
   }
   async shareLogIfAnalysisError(vulns) {
@@ -243369,7 +243526,7 @@ var CliCore = class {
       }
       const socketReport = toSocketFacts(report, this.reportDependencyTrees, subPjToWsPathToDirectDependencies);
       const outputFile = resolve40(this.options.socketMode);
-      await writeFile12(outputFile, JSON.stringify(socketReport, null, 2));
+      await writeFile14(outputFile, JSON.stringify(socketReport, null, 2));
       logger.info(kleur_default.green(`Socket report written to: ${outputFile}`));
       return;
     }
@@ -243408,7 +243565,7 @@ var CliCore = class {
     const { reachabilitySupport, traditionalScaSupport, noSupport } = manager.getSubprojectsWithWorkspacePaths();
     await this.dashboardAPI.registerSubprojects([...reachabilitySupport, ...traditionalScaSupport, ...noSupport].map((sp) => ({
       ...sp,
-      subprojectPath: relative17(this.rootWorkingDirectory, sp.subprojectPath) || "."
+      subprojectPath: relative19(this.rootWorkingDirectory, sp.subprojectPath) || "."
     })), this.reportId, this.apiKey);
     for (const unsupported of noSupport)
       logger.warn(unsupported.unsupportedMsg);
@@ -243437,7 +243594,7 @@ var CliCore = class {
           await this.spinner.succeed();
         } catch (error) {
           if (this.options.ignoreFailingWorkspaces) {
-            const relativeSubprojectPath = relative17(this.rootWorkingDirectory, subprojectAndWsPath.subprojectPath) || ".";
+            const relativeSubprojectPath = relative19(this.rootWorkingDirectory, subprojectAndWsPath.subprojectPath) || ".";
             this.failedSubprojects.push({
               subproject: relativeSubprojectPath,
               error: error.message || "Unknown error"
@@ -243496,7 +243653,7 @@ Subproject: ${subproject}`);
   }
   async updateSpinnerTextOnNewSubproject(subprojectAndWsPath, numberSubprojects, index2) {
     this.spinner.start();
-    const relativeSubprojectPath = relative17(this.rootWorkingDirectory, subprojectAndWsPath.subprojectPath) || ".";
+    const relativeSubprojectPath = relative19(this.rootWorkingDirectory, subprojectAndWsPath.subprojectPath) || ".";
     await this.spinner.setText(numberSubprojects > 1 ? `Processing subproject ${relativeSubprojectPath} (${index2 + 1}/${numberSubprojects})${+this.options.concurrency > 1 ? `. May process up to ${+this.options.concurrency - 1} other workspaces in parallel` : ""}` : `Processing ${relativeSubprojectPath}`);
   }
   async initialize() {
@@ -243574,7 +243731,7 @@ Subproject: ${subproject}`);
         return workspaceToAugmentedVulnerabilities[workspacePath] !== void 0;
       }).map((workspacePath) => {
         return {
-          subprojectPath: relative17(this.rootWorkingDirectory, subprojectPath) || ".",
+          subprojectPath: relative19(this.rootWorkingDirectory, subprojectPath) || ".",
           workspacePath,
           directDependencies: projectInfo[workspacePath].dataForAnalysis.directDependenciesMap ?? {},
           vulnerabilities: workspaceToAugmentedVulnerabilities[workspacePath],
@@ -243704,7 +243861,7 @@ Subproject: ${subproject}`);
   async sendProgress(type, isStartEvent, subprojectPath, workspacePath) {
     await this.dashboardAPI.registerCLIProgress({
       type,
-      ...subprojectPath ? { subprojectPath: relative17(this.rootWorkingDirectory, subprojectPath) || "." } : {},
+      ...subprojectPath ? { subprojectPath: relative19(this.rootWorkingDirectory, subprojectPath) || "." } : {},
       ...workspacePath ? { workspacePath } : {}
     }, isStartEvent, this.reportId, this.apiKey);
   }
@@ -243760,7 +243917,7 @@ Subproject: ${subproject}`);
       dependencyTree: workspaceToPlainDependencyTree[workspacePath],
       ecosystem: workspaceToPlainDependencyTree[workspacePath].ecosystem ?? "NPM",
       workspacePath,
-      subprojectPath: relative17(rootWorkingDirectory, subprojectPath) || "."
+      subprojectPath: relative19(rootWorkingDirectory, subprojectPath) || "."
     }));
     if (this.options.socketMode) {
       this.reportDependencyTrees = workspacePaths.map((workspacePath) => ({
@@ -243768,7 +243925,7 @@ Subproject: ${subproject}`);
         dependencyTree: projectInfo[workspacePath].dataForAnalysis.data.dependencyTree,
         ecosystem: projectInfo[workspacePath].dataForAnalysis.data.dependencyTree.ecosystem ?? "NPM",
         workspacePath,
-        subprojectPath: relative17(rootWorkingDirectory, subprojectPath) || "."
+        subprojectPath: relative19(rootWorkingDirectory, subprojectPath) || "."
       }));
     }
     if (this.shareWithDashboard)
@@ -243784,7 +243941,7 @@ Subproject: ${subproject}`);
       } catch (e) {
         logger.error(`Scanning for vulnerabilities failed for subproject ${subprojectPath} in workspace ${workspacePath}`);
         if (this.options.ignoreFailingWorkspaces) {
-          const relativeSubprojectPath = relative17(this.rootWorkingDirectory, subprojectPath) || ".";
+          const relativeSubprojectPath = relative19(this.rootWorkingDirectory, subprojectPath) || ".";
           this.failedWorkspaces.push({
             subproject: relativeSubprojectPath,
             workspace: workspacePath,
@@ -243803,7 +243960,7 @@ Subproject: ${subproject}`);
   }
 };
 function getRelativeSubprojectPath(subprojectPath, projectDir) {
-  return relative17(projectDir, subprojectPath) || ".";
+  return relative19(projectDir, subprojectPath) || ".";
 }
 function getDependencyType(vulnChainDetails, codeAwareScanResults, directDependencies, reachability) {
   if (reachability === "UNREACHABLE" || reachability === "UNKNOWN") {
@@ -243885,8 +244042,8 @@ computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument(
     const output = await computeFixesAndUpgradePurls(path2, optionsToUse, logFile);
     if (options.outputFile) {
       const outputFile = resolve41(options.outputFile);
-      await mkdir3(dirname19(outputFile), { recursive: true });
-      await writeFile13(outputFile, JSON.stringify(output, null, 2));
+      await mkdir3(dirname18(outputFile), { recursive: true });
+      await writeFile15(outputFile, JSON.stringify(output, null, 2));
       logger.info(`Result written to: ${outputFile}`);
     }
     await rm2(tmpDir, { recursive: true, force: true });