@socketsecurity/cli-with-sentry 1.0.96 → 1.0.98

package/external/@coana-tech/cli/cli.mjs

@@ -6151,7 +6151,7 @@ var require_safe_stable_stringify = __commonJS({
               return circularValue;
             }
             let res = "";
-            let join26 = ",";
+            let join28 = ",";
             const originalIndentation = indentation;
             if (Array.isArray(value)) {
               if (value.length === 0) {
@@ -6165,7 +6165,7 @@ var require_safe_stable_stringify = __commonJS({
                 indentation += spacer;
                 res += `
 ${indentation}`;
-                join26 = `,
+                join28 = `,
 ${indentation}`;
               }
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -6173,13 +6173,13 @@ ${indentation}`;
               for (; i6 < maximumValuesToStringify - 1; i6++) {
                 const tmp2 = stringifyFnReplacer(String(i6), value, stack2, replacer, spacer, indentation);
                 res += tmp2 !== void 0 ? tmp2 : "null";
-                res += join26;
+                res += join28;
               }
               const tmp = stringifyFnReplacer(String(i6), value, stack2, replacer, spacer, indentation);
               res += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res += `${join26}"... ${getItemCount(removedKeys)} not stringified"`;
+                res += `${join28}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               if (spacer !== "") {
                 res += `
@@ -6200,7 +6200,7 @@ ${originalIndentation}`;
             let separator = "";
             if (spacer !== "") {
               indentation += spacer;
-              join26 = `,
+              join28 = `,
 ${indentation}`;
               whitespace2 = " ";
             }
@@ -6214,13 +6214,13 @@ ${indentation}`;
               const tmp = stringifyFnReplacer(key2, value, stack2, replacer, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}:${whitespace2}${tmp}`;
-                separator = join26;
+                separator = join28;
               }
             }
             if (keyLength > maximumBreadth) {
               const removedKeys = keyLength - maximumBreadth;
               res += `${separator}"...":${whitespace2}"${getItemCount(removedKeys)} not stringified"`;
-              separator = join26;
+              separator = join28;
             }
             if (spacer !== "" && separator.length > 1) {
               res = `
@@ -6261,7 +6261,7 @@ ${originalIndentation}`;
             }
             const originalIndentation = indentation;
             let res = "";
-            let join26 = ",";
+            let join28 = ",";
             if (Array.isArray(value)) {
               if (value.length === 0) {
                 return "[]";
@@ -6274,7 +6274,7 @@ ${originalIndentation}`;
                 indentation += spacer;
                 res += `
 ${indentation}`;
-                join26 = `,
+                join28 = `,
 ${indentation}`;
               }
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -6282,13 +6282,13 @@ ${indentation}`;
               for (; i6 < maximumValuesToStringify - 1; i6++) {
                 const tmp2 = stringifyArrayReplacer(String(i6), value[i6], stack2, replacer, spacer, indentation);
                 res += tmp2 !== void 0 ? tmp2 : "null";
-                res += join26;
+                res += join28;
               }
               const tmp = stringifyArrayReplacer(String(i6), value[i6], stack2, replacer, spacer, indentation);
               res += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res += `${join26}"... ${getItemCount(removedKeys)} not stringified"`;
+                res += `${join28}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               if (spacer !== "") {
                 res += `
@@ -6301,7 +6301,7 @@ ${originalIndentation}`;
             let whitespace2 = "";
             if (spacer !== "") {
               indentation += spacer;
-              join26 = `,
+              join28 = `,
 ${indentation}`;
               whitespace2 = " ";
             }
@@ -6310,7 +6310,7 @@ ${indentation}`;
               const tmp = stringifyArrayReplacer(key2, value[key2], stack2, replacer, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}:${whitespace2}${tmp}`;
-                separator = join26;
+                separator = join28;
               }
             }
             if (spacer !== "" && separator.length > 1) {
@@ -6368,20 +6368,20 @@ ${originalIndentation}`;
               indentation += spacer;
               let res2 = `
 ${indentation}`;
-              const join27 = `,
+              const join29 = `,
 ${indentation}`;
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
               let i6 = 0;
               for (; i6 < maximumValuesToStringify - 1; i6++) {
                 const tmp2 = stringifyIndent(String(i6), value[i6], stack2, spacer, indentation);
                 res2 += tmp2 !== void 0 ? tmp2 : "null";
-                res2 += join27;
+                res2 += join29;
               }
               const tmp = stringifyIndent(String(i6), value[i6], stack2, spacer, indentation);
               res2 += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res2 += `${join27}"... ${getItemCount(removedKeys)} not stringified"`;
+                res2 += `${join29}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               res2 += `
 ${originalIndentation}`;
@@ -6397,16 +6397,16 @@ ${originalIndentation}`;
               return '"[Object]"';
             }
             indentation += spacer;
-            const join26 = `,
+            const join28 = `,
 ${indentation}`;
             let res = "";
             let separator = "";
             let maximumPropertiesToStringify = Math.min(keyLength, maximumBreadth);
             if (isTypedArrayWithEntries(value)) {
-              res += stringifyTypedArray(value, join26, maximumBreadth);
+              res += stringifyTypedArray(value, join28, maximumBreadth);
               keys = keys.slice(value.length);
               maximumPropertiesToStringify -= value.length;
-              separator = join26;
+              separator = join28;
             }
             if (deterministic) {
               keys = insertSort(keys);
@@ -6417,13 +6417,13 @@ ${indentation}`;
               const tmp = stringifyIndent(key2, value[key2], stack2, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}: ${tmp}`;
-                separator = join26;
+                separator = join28;
               }
             }
             if (keyLength > maximumBreadth) {
               const removedKeys = keyLength - maximumBreadth;
               res += `${separator}"...": "${getItemCount(removedKeys)} not stringified"`;
-              separator = join26;
+              separator = join28;
             }
             if (separator !== "") {
               res = `
@@ -7990,7 +7990,7 @@ var require_buffer_list = __commonJS({
         }
       }, {
         key: "join",
-        value: function join26(s4) {
+        value: function join28(s4) {
           if (this.length === 0) return "";
           var p3 = this.head;
           var ret = "" + p3.data;
@@ -19073,7 +19073,7 @@ var require_lodash = __commonJS({
           }
           return mapped.length && mapped[0] === arrays[0] ? baseIntersection(mapped, undefined2, comparator) : [];
         });
-        function join26(array, separator) {
+        function join28(array, separator) {
           return array == null ? "" : nativeJoin.call(array, separator);
         }
         function last2(array) {
@@ -20992,7 +20992,7 @@ var require_lodash = __commonJS({
         lodash16.isUndefined = isUndefined2;
         lodash16.isWeakMap = isWeakMap;
         lodash16.isWeakSet = isWeakSet;
-        lodash16.join = join26;
+        lodash16.join = join28;
         lodash16.kebabCase = kebabCase;
         lodash16.last = last2;
         lodash16.lastIndexOf = lastIndexOf;
@@ -29988,7 +29988,7 @@ var require_builder = __commonJS({
       }
     };
     exports2.SeqBuilder = SeqBuilder;
-    function join26(first2, second, ...others) {
+    function join28(first2, second, ...others) {
       const seq = new SeqBuilder(first2, second);
       if (!others.length) {
         return seq;
@@ -29997,7 +29997,7 @@ var require_builder = __commonJS({
         return res.join(query);
       }, seq);
     }
-    exports2.join = join26;
+    exports2.join = join28;
     var SymBuilder = class extends AbstractBuilder {
       constructor(opts) {
         super();
@@ -83615,7 +83615,7 @@ var require_lockfile = __commonJS({
               }
               const file = _ref22;
               if (yield exists2(file)) {
-                return readFile25(file);
+                return readFile26(file);
               }
             }
             return null;
@@ -83634,7 +83634,7 @@ var require_lockfile = __commonJS({
         })();
         let readJsonAndFile = exports3.readJsonAndFile = (() => {
           var _ref24 = (0, (_asyncToGenerator2 || _load_asyncToGenerator()).default)(function* (loc) {
-            const file = yield readFile25(loc);
+            const file = yield readFile26(loc);
             try {
               return {
                 object: (0, (_map || _load_map()).default)(JSON.parse(stripBOM2(file))),
@@ -83874,7 +83874,7 @@ var require_lockfile = __commonJS({
           };
         })();
         exports3.copy = copy;
-        exports3.readFile = readFile25;
+        exports3.readFile = readFile26;
         exports3.readFileRaw = readFileRaw;
         exports3.normalizeOS = normalizeOS;
         var _fs;
@@ -83972,7 +83972,7 @@ var require_lockfile = __commonJS({
             });
           });
         }
-        function readFile25(loc) {
+        function readFile26(loc) {
           return _readFile(loc, "utf8").then(normalizeOS);
         }
         function readFileRaw(loc) {
@@ -190082,7 +190082,7 @@ var {
 } = import_index.default;
 
 // dist/index.js
-import { readFile as readFile24 } from "fs/promises";
+import { readFile as readFile25 } from "fs/promises";
 
 // ../../node_modules/.pnpm/remeda@2.21.2/node_modules/remeda/dist/chunk-ANXBDSUI.js
 var s = { done: false, hasNext: false };
@@ -190515,6 +190515,7 @@ function utilFormatter() {
 }
 
 // ../web-compat-utils/src/logger-singleton.ts
+import { readFile } from "fs/promises";
 var CLILogger = class {
   logger = console;
   writeStream;
@@ -190594,6 +190595,16 @@ var CLILogger = class {
       });
     });
   }
+  async getLogContent(logFilePath) {
+    await this.finish();
+    let logContent;
+    try {
+      logContent = await readFile(logFilePath, "utf-8");
+    } catch (e) {
+      console.error("Error reading log file", e);
+    }
+    return logContent;
+  }
   set silent(silent) {
     if (!(this.logger instanceof import_winston.Logger)) throw new Error("Cannot set silent mode on console logger");
     this.logger.silent = silent;
@@ -191130,12 +191141,12 @@ var GoFixingManager = class {
 
 // ../fixing-management/src/fixing-management/maven/gradle-fixing-manager.ts
 import { existsSync as existsSync3 } from "node:fs";
-import { readFile as readFile4 } from "node:fs/promises";
+import { readFile as readFile5 } from "node:fs/promises";
 import { join as join2, resolve as resolve3 } from "node:path";
 
 // ../fixing-management/src/fixing-management/maven/patch-application.ts
 import { existsSync } from "node:fs";
-import { readFile, writeFile } from "node:fs/promises";
+import { readFile as readFile2, writeFile } from "node:fs/promises";
 
 // ../utils/src/version-comparison/version-satisfies.ts
 var import_semver2 = __toESM(require_semver2(), 1);
@@ -192376,7 +192387,7 @@ async function applyPatchResults(patchResults, ecosystem) {
     if (!existsSync(filePath)) {
       await writeFile(filePath, "", "utf-8");
     }
-    let fileContent = await readFile(filePath, "utf-8");
+    let fileContent = await readFile2(filePath, "utf-8");
     for (const patch of sortedPatches) {
       const [start, end2] = patch.range;
       fileContent = fileContent.substring(0, start) + patch.replacementText + fileContent.substring(end2);
@@ -192387,7 +192398,7 @@ async function applyPatchResults(patchResults, ecosystem) {
 
 // ../fixing-management/src/fixing-management/maven/gradle-build-file-helper.ts
 var import_good_enough_parser = __toESM(require_cjs(), 1);
-import { readFile as readFile2 } from "node:fs/promises";
+import { readFile as readFile3 } from "node:fs/promises";
 
 // ../fixing-management/src/fixing-management/maven/utils.ts
 import { existsSync as existsSync2 } from "fs";
@@ -192633,7 +192644,7 @@ async function findDependencyDeclsAndCatalogFiles(filePath) {
     };
   }
   if (!buildFileCache[filePath]) {
-    const fileContent = await readFile2(filePath, "utf-8");
+    const fileContent = await readFile3(filePath, "utf-8");
     buildFileCache[filePath] = helper(fileContent);
   }
   return buildFileCache[filePath];
@@ -192660,7 +192671,7 @@ ${getConstraintsBlockString(groupId, artifactId, classifier, version3, indentati
 
 // ../fixing-management/src/fixing-management/maven/gradle-version-catalog-helper.ts
 var import_toml_eslint_parser = __toESM(require_lib10(), 1);
-import { readFile as readFile3 } from "node:fs/promises";
+import { readFile as readFile4 } from "node:fs/promises";
 var versionCatalogCache = {};
 function clearVersionCatalogCache() {
   Object.keys(versionCatalogCache).forEach((key) => {
@@ -192783,7 +192794,7 @@ async function findVersionCatalogDeclarations(filePath) {
     };
   }
   if (!versionCatalogCache[filePath]) {
-    const fileContent = await readFile3(filePath, "utf-8");
+    const fileContent = await readFile4(filePath, "utf-8");
     versionCatalogCache[filePath] = helper(fileContent);
   }
   return versionCatalogCache[filePath];
@@ -192995,7 +193006,7 @@ var GradleFixingManager = class {
         replacementText: constraintStr + "\n"
       };
     } else {
-      const fileContent = await readFile4(targetBuildFile, "utf-8");
+      const fileContent = await readFile5(targetBuildFile, "utf-8");
       const indentationSize = getIndentationSize(fileContent);
       const prependNewline = fileContent.split("\n").some((line) => !line.trim());
       const finalConstraintStr = getDependencyConstraintString(
@@ -193183,7 +193194,7 @@ var GradleFixingManager = class {
   async createConstraintsForFile(buildFile, fixes) {
     const { dependenciesBlocks, constraintsBlocks } = await findDependencyDeclsAndCatalogFiles(buildFile);
     const fileType = buildFile.endsWith(".kts") ? "kotlin" : "groovy";
-    const fileContent = existsSync3(buildFile) ? await readFile4(buildFile, "utf-8") : "";
+    const fileContent = existsSync3(buildFile) ? await readFile5(buildFile, "utf-8") : "";
     const indentationSize = getIndentationSize(fileContent);
     const constraintDeclarations = fixes.map(({ dependencyDetails, fixedVersion }) => {
       const [groupId, artifactId] = dependencyDetails.packageName.split(":");
@@ -193290,7 +193301,7 @@ import { resolve as resolve5 } from "path";
 
 // ../fixing-management/src/fixing-management/maven/pom-utils.ts
 var import_parse_xml = __toESM(require_dist(), 1);
-import { readFile as readFile5 } from "node:fs/promises";
+import { readFile as readFile6 } from "node:fs/promises";
 import { existsSync as existsSync4, statSync } from "node:fs";
 import { resolve as resolve4, dirname } from "node:path";
 var evaluatedCache = {};
@@ -193326,7 +193337,7 @@ async function loadAndEvaluatePomWithCache(pomPath) {
   return evaluatedCache[pomPath];
 }
 async function buildEffectivePom(pomPath) {
-  const pomData = await readFile5(pomPath, "utf-8");
+  const pomData = await readFile6(pomPath, "utf-8");
   const pomXml = (0, import_parse_xml.parseXml)(pomData, { includeOffsets: true });
   const indentation = inferIndentationFromParsedXml(pomXml, pomData);
   const parentPomPath = getParentPomPath(pomPath, pomXml);
@@ -193936,7 +193947,7 @@ import { basename, join as join4, resolve as resolve6 } from "path";
 
 // ../fixing-management/src/fixing-management/maven/socket-patch-application.ts
 import { existsSync as existsSync5 } from "node:fs";
-import { readFile as readFile6, writeFile as writeFile2 } from "node:fs/promises";
+import { readFile as readFile7, writeFile as writeFile2 } from "node:fs/promises";
 function detectSocketPatchConflicts(patchResults) {
   const patchesByFile = /* @__PURE__ */ new Map();
   for (const patchResult of patchResults) {
@@ -194034,7 +194045,7 @@ async function applySocketPatchResults(ecosystem, patchResults) {
     if (!existsSync5(filePath)) {
       await writeFile2(filePath, "", "utf-8");
     }
-    let fileContent = await readFile6(filePath, "utf-8");
+    let fileContent = await readFile7(filePath, "utf-8");
     for (const patch of sortedPatches) {
       const [start, end2] = patch.range;
       fileContent = fileContent.substring(0, start) + patch.replacementText + fileContent.substring(end2);
@@ -194170,7 +194181,7 @@ import assert2 from "assert";
 import { existsSync as existsSync6 } from "fs";
 
 // ../fixing-management/src/fixing-management/maven/gradle-lockfile-utils.ts
-import { readFile as readFile7 } from "fs/promises";
+import { readFile as readFile8 } from "fs/promises";
 var lockfileCache = {};
 function clearLockfileCache() {
   Object.keys(lockfileCache).forEach((key) => {
@@ -194179,7 +194190,7 @@ function clearLockfileCache() {
 }
 async function loadLockfileWithCache(lockfilePath) {
   if (!lockfileCache[lockfilePath]) {
-    lockfileCache[lockfilePath] = await readFile7(lockfilePath, "utf-8");
+    lockfileCache[lockfilePath] = await readFile8(lockfilePath, "utf-8");
   }
   return lockfileCache[lockfilePath];
 }
@@ -197484,7 +197495,7 @@ var {
 
 // ../utils/src/dashboard-api/socket-api.ts
 var import_form_data2 = __toESM(require_form_data2(), 1);
-import { readFile as readFile8 } from "fs/promises";
+import { readFile as readFile9 } from "fs/promises";
 import { join as join3 } from "path";
 
 // ../web-compat-utils/src/ghsa.ts
@@ -197905,10 +197916,11 @@ async function getLatestBucketsSocket(subprojectPath, workspacePath) {
     return void 0;
   }
 }
-async function useSocketComputeFixEndpoint(artifacts, vulnerableArtifactIdsForGhsas) {
+async function useSocketComputeFixEndpoint(autofixRunId, artifacts, vulnerableArtifactIdsForGhsas) {
   try {
     const url2 = getSocketApiUrl("fixes/compute-fixes");
     const data2 = {
+      autofixRunId,
       artifacts,
       vulnerableArtifactIndexes: vulnerableArtifactIdsForGhsas
     };
@@ -197947,7 +197959,7 @@ async function fetchArtifactsFromManifestsTarHash(manifestsTarHash) {
 async function computeSocketFactArtifacts(rootDir, relativeManifestFilePaths) {
   const formData = new import_form_data2.default();
   for (const relativeManifestFilePath of relativeManifestFilePaths) {
-    const manifestContent = await readFile8(join3(rootDir, relativeManifestFilePath), "utf-8");
+    const manifestContent = await readFile9(join3(rootDir, relativeManifestFilePath), "utf-8");
     const manifestContentAsJson = JSON.stringify(manifestContent);
     formData.append(relativeManifestFilePath, manifestContentAsJson, {
       filename: relativeManifestFilePath,
@@ -197974,6 +197986,62 @@ async function computeSocketFactArtifacts(rootDir, relativeManifestFilePaths) {
     return void 0;
   }
 }
+async function registerAutofixOrUpgradePurlRun(manifestsTarHash, repositoryName, options, cliCommand) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-autofix-or-upgrade-cli-run`);
+    const data2 = {
+      manifestsTarHash,
+      repositoryName,
+      options,
+      cliCommand
+    };
+    const response = await axios2.post(url2, data2, { headers: getAuthHeaders() });
+    return response.data.id;
+  } catch (error) {
+    handleError(error, "Error registering autofix or upgrade purl run", false);
+  }
+}
+async function finalizeAutofixRun(autofixRunId, status, stackTrace, logFileContent) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/finalize-autofix-run`);
+    const data2 = {
+      autofixRunId,
+      status,
+      stackTrace,
+      logFileContent
+    };
+    await axios2.post(url2, data2, { headers: getAuthHeaders() });
+  } catch (error) {
+    handleError(error, "Error finalizing autofix run", false);
+  }
+}
+async function registerUpgradePurlRun(autofixRunId, upgradeSpecs) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/register-upgrade-purl-run`);
+    const data2 = {
+      cliRunId: autofixRunId,
+      upgradeSpecs
+    };
+    const response = await axios2.post(url2, data2, { headers: getAuthHeaders() });
+    return response.data.id;
+  } catch (error) {
+    handleError(error, "Error registering upgrade purl run", false);
+  }
+}
+async function finalizeUpgradePurlRun(upgradePurlRunId, status, stackTrace, logFileContent) {
+  try {
+    const url2 = getSocketApiUrl(`orgs/${process.env.SOCKET_ORG_SLUG}/fixes/finalize-upgrade-purl-run`);
+    const data2 = {
+      upgradePurlRunId,
+      status,
+      stackTrace,
+      logFileContent
+    };
+    await axios2.post(url2, data2, { headers: getAuthHeaders() });
+  } catch (error) {
+    handleError(error, "Error finalizing upgrade purl run", false);
+  }
+}
 function getSocketAPI() {
   return {
     createSocketTier1Scan,
@@ -197981,7 +198049,11 @@ function getSocketAPI() {
     registerSubprojectsSocket,
     registerCLIProgressSocket,
     registerAnalysisMetadataSocket,
-    getLatestBucketsSocket
+    getLatestBucketsSocket,
+    registerAutofixOrUpgradePurlRun,
+    finalizeAutofixRun,
+    registerUpgradePurlRun,
+    finalizeUpgradePurlRun
   };
 }
 
@@ -198269,12 +198341,12 @@ var MavenSocketUpgradeManager = class {
 
 // ../fixing-management/src/fixing-management/maven/sbt-fixing-manager.ts
 import { existsSync as existsSync7 } from "node:fs";
-import { readFile as readFile10 } from "node:fs/promises";
+import { readFile as readFile11 } from "node:fs/promises";
 import { join as join5 } from "node:path";
 
 // ../fixing-management/src/fixing-management/maven/sbt-fixing-helper.ts
 var import_good_enough_parser2 = __toESM(require_cjs(), 1);
-import { readFile as readFile9 } from "node:fs/promises";
+import { readFile as readFile10 } from "node:fs/promises";
 var sbtFileCache = {};
 function clearSbtFileCache() {
   Object.keys(sbtFileCache).forEach((key) => {
@@ -198395,7 +198467,7 @@ async function findModuleIds(filePath) {
     return ctx?.moduleIds ?? [];
   }
   if (!sbtFileCache[filePath]) {
-    const fileContent = await readFile9(filePath, "utf-8");
+    const fileContent = await readFile10(filePath, "utf-8");
     sbtFileCache[filePath] = helper(fileContent);
   }
   return sbtFileCache[filePath];
@@ -198612,7 +198684,7 @@ var SbtFixingManager = class {
 `
       };
     } else {
-      const fileContent = await readFile10(workspaceBuildSbtPath, "utf-8");
+      const fileContent = await readFile11(workspaceBuildSbtPath, "utf-8");
       const prependNewline = fileContent.split("\n").some((line) => !line.trim());
       return {
         manifestFilePath: workspaceBuildSbtPath,
@@ -198691,7 +198763,7 @@ ${indent(1, indentationSize)}`)}
         replacementText: overrideText
       };
     } else {
-      const fileContent = await readFile10(workspaceBuildSbtPath, "utf-8");
+      const fileContent = await readFile11(workspaceBuildSbtPath, "utf-8");
       const indentationSize = getIndentationSize(fileContent);
       const prependNewline = fileContent.length > 0 && !fileContent.endsWith("\n\n");
       const overrideText = `dependencyOverrides ++= Seq(
@@ -198709,7 +198781,7 @@ ${indent(1, indentationSize)}`)}
 };
 
 // ../fixing-management/src/fixing-management/npm/npm-fixing-manager.ts
-import { readFile as readFile11, writeFile as writeFile3 } from "fs/promises";
+import { readFile as readFile12, writeFile as writeFile3 } from "fs/promises";
 import { resolve as resolve9 } from "path";
 
 // ../utils/src/npm-utils.ts
@@ -205459,7 +205531,7 @@ var NpmFixingManager = class extends NpmEcosystemFixingManager {
   }
   async applySecurityFixesSpecificPackageManager(fixes) {
     const pkgLockLocation = resolve9(this.rootDir, this.subprojectPath, "package-lock.json");
-    const packageLockContent = await readFile11(pkgLockLocation, "utf-8");
+    const packageLockContent = await readFile12(pkgLockLocation, "utf-8");
     const getPackageName = (pkgPath) => {
       const strings = pkgPath.split("node_modules/");
       return strings[strings.length - 1];
@@ -205488,7 +205560,7 @@ var NpmFixingManager = class extends NpmEcosystemFixingManager {
 };
 
 // ../fixing-management/src/fixing-management/npm/pnpm-fixing-manager.ts
-import { readFile as readFile12, writeFile as writeFile4 } from "fs/promises";
+import { readFile as readFile13, writeFile as writeFile4 } from "fs/promises";
 import { resolve as resolve10 } from "path";
 var import_yaml = __toESM(require_dist10(), 1);
 var import_lockfile_file2 = __toESM(require_lib25(), 1);
@@ -205630,7 +205702,7 @@ function getVersionNumber(version3) {
   return match2 ? `${match2[1]}` : version3;
 }
 async function readYamlFile(workspaceYamlFile) {
-  const workspaceYamlString = await readFile12(workspaceYamlFile, "utf8");
+  const workspaceYamlString = await readFile13(workspaceYamlFile, "utf8");
   const parser = new import_yaml.Parser();
   const [ast] = parser.parse(workspaceYamlString);
   return ast;
@@ -205668,7 +205740,7 @@ function updateCatalog(update2, map2) {
 
 // ../fixing-management/src/fixing-management/npm/yarn-fixing-manager.ts
 import { readFileSync as readFileSync3 } from "fs";
-import { readFile as readFile13, writeFile as writeFile5 } from "fs/promises";
+import { readFile as readFile14, writeFile as writeFile5 } from "fs/promises";
 import { resolve as resolve12 } from "path";
 
 // ../utils/src/package-utils.ts
@@ -205829,7 +205901,7 @@ var YarnFixingManager = class extends NpmEcosystemFixingManager {
     logger.info("Installation completed.");
   }
   async getYarnLockObj(filePath) {
-    const fileString = await readFile13(filePath, "utf8");
+    const fileString = await readFile14(filePath, "utf8");
     return this.yarnType === "classic" ? (0, import_yarnlock_parse_raw.parseYarnLockRawV1)(fileString) : (0, import_yarnlock_parse_raw.parseYarnLockRawV2)(fileString);
   }
   async writeYarnObj(yarnObj, filepath) {
@@ -206038,7 +206110,7 @@ var RushFixingManager = class {
 };
 
 // ../fixing-management/src/fixing-management/nuget/nuget-fixing-manager.ts
-import { readFile as readFile14, writeFile as writeFile6 } from "fs/promises";
+import { readFile as readFile15, writeFile as writeFile6 } from "fs/promises";
 import { join as join9 } from "path";
 
 // ../utils/src/nuget-utils.ts
@@ -206141,14 +206213,14 @@ var NugetFixingManager = class {
         if (projectFiles.length !== 1)
           throw new Error("Applying fixes to workspaces with more than 1 project file currently not supported");
         const projectFilePath = join9(this.getAbsWsPath(wsPath), projectFiles[0]);
-        const initialProjectFile = await readFile14(projectFilePath, "utf-8");
+        const initialProjectFile = await readFile15(projectFilePath, "utf-8");
         const initialLockFile = await this.restoreWorkspaceAndParseLockFile(wsPath);
         await applySeries(fixesWithId, async ({ fixId, vulnerabilityFixes }) => {
           await this.applySecurityFixesForWorkspace(wsPath, projectFilePath, vulnerabilityFixes, dependencyTree);
           signalFixApplied2?.(fixId, this.subprojectPath, wsPath, vulnerabilityFixes);
         });
-        const finalProjectFile = await readFile14(projectFilePath, "utf-8");
-        const finalLockFile = JSON.parse(await readFile14(this.getLockFilePath(wsPath), "utf-8"));
+        const finalProjectFile = await readFile15(projectFilePath, "utf-8");
+        const finalLockFile = JSON.parse(await readFile15(this.getLockFilePath(wsPath), "utf-8"));
         await writeFile6(projectFilePath, initialProjectFile);
         await writeFile6(this.getLockFilePath(wsPath), JSON.stringify(initialLockFile, null, 2));
         return { projectFile: finalProjectFile, lockFile: finalLockFile };
@@ -206180,7 +206252,7 @@ var NugetFixingManager = class {
     }
   }
   async applySecurityFixesForWorkspace(wsPath, projectFilePath, vulnFixes, dependencyTree) {
-    const initialProjectFile = await readFile14(projectFilePath, "utf-8");
+    const initialProjectFile = await readFile15(projectFilePath, "utf-8");
     const initialLockFile = await this.restoreWorkspaceAndParseLockFile(wsPath);
     const typeCache = new Cache();
     const requestedCache = new Cache();
@@ -206270,7 +206342,7 @@ var NugetFixingManager = class {
   async restoreWorkspaceAndParseLockFile(wsPath) {
     const succeeded = await execAndLogOnFailure("dotnet restore --use-lock-file", this.getAbsWsPath(wsPath));
     if (!succeeded) throw new Error(`Error applying fix - could not restore project ${this.subprojectPath}/${wsPath}`);
-    return JSON.parse(await readFile14(this.getLockFilePath(wsPath), "utf-8"));
+    return JSON.parse(await readFile15(this.getLockFilePath(wsPath), "utf-8"));
   }
   getLockFilePath(wsPath, lockFileName = "packages.lock.json") {
     return join9(this.getAbsWsPath(wsPath), lockFileName);
@@ -207027,6 +207099,7 @@ function utilFormatter2() {
 }
 
 // ../web-compat-utils/dist/logger-singleton.js
+import { readFile as readFile16 } from "fs/promises";
 var CLILogger2 = class {
   logger = console;
   writeStream;
@@ -207102,6 +207175,16 @@ var CLILogger2 = class {
       });
     });
   }
+  async getLogContent(logFilePath) {
+    await this.finish();
+    let logContent;
+    try {
+      logContent = await readFile16(logFilePath, "utf-8");
+    } catch (e) {
+      console.error("Error reading log file", e);
+    }
+    return logContent;
+  }
   set silent(silent) {
     if (!(this.logger instanceof import_winston2.Logger))
       throw new Error("Cannot set silent mode on console logger");
@@ -207141,13 +207224,13 @@ async function detectVariantMaven(projectDir) {
 // ../docker-management/src/maven/gradle-version-detector.ts
 import { existsSync as existsSync13 } from "fs";
 import { join as join14 } from "path";
-import { readFile as readFile15 } from "fs/promises";
+import { readFile as readFile17 } from "fs/promises";
 async function detectVariantGradle(projectDir) {
   return sanitizeJvmVariant("GRADLE", projectDir, await detect(projectDir));
 }
 async function detect(projectDir) {
   const gradleWrapperPropertiesPath = join14(projectDir, "gradle", "wrapper", "gradle-wrapper.properties");
-  const gradleWrapperProperties = existsSync13(gradleWrapperPropertiesPath) ? (await readFile15(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const gradleWrapperProperties = existsSync13(gradleWrapperPropertiesPath) ? (await readFile17(gradleWrapperPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!gradleWrapperProperties) return void 0;
   const distributionUrlRegex = /.*gradle-(\d+(\.\d+(\.\d+)?)?)/;
   for (const prop2 of gradleWrapperProperties) {
@@ -207163,13 +207246,13 @@ async function detect(projectDir) {
 // ../docker-management/src/maven/sbt-version-detector.ts
 import { existsSync as existsSync14 } from "fs";
 import { join as join15 } from "path";
-import { readFile as readFile16 } from "fs/promises";
+import { readFile as readFile18 } from "fs/promises";
 async function detectVariantSbt(projectDir) {
   return sanitizeJvmVariant("SBT", projectDir, await detect2(projectDir));
 }
 async function detect2(projectDir) {
   const sbtBuildPropertiesPath = join15(projectDir, "project", "build.properties");
-  const sbtBuildProperties = existsSync14(sbtBuildPropertiesPath) ? (await readFile16(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
+  const sbtBuildProperties = existsSync14(sbtBuildPropertiesPath) ? (await readFile18(sbtBuildPropertiesPath, "utf-8")).split("\n").map((line) => line.trim()).filter((line) => !line.startsWith("#")).filter((line) => line) : void 0;
   if (!sbtBuildProperties) return void 0;
   for (const prop2 of sbtBuildProperties) {
     const [key, value] = prop2.split("=");
@@ -207283,7 +207366,7 @@ async function findReachabilityAnalyzersDockerImage(ecosystem) {
 // ../other-modules-communicator/src/other-modules-communicator.ts
 var import_lodash11 = __toESM(require_lodash(), 1);
 import { rmSync } from "fs";
-import { mkdir, readFile as readFile17, writeFile as writeFile7 } from "fs/promises";
+import { mkdir, readFile as readFile19, writeFile as writeFile7 } from "fs/promises";
 import { platform } from "os";
 import { join as join19, posix as posix2, relative as relative8, sep as sep3 } from "path";
 
@@ -207342,6 +207425,18 @@ async function createTmpDirectory(prefix) {
     throw err;
   }
 }
+async function withTmpDirectory(prefix, fn2, deleteTmpDir = true) {
+  const tmpDir = await createTmpDirectory(prefix);
+  try {
+    return await fn2(tmpDir);
+  } finally {
+    if (deleteTmpDir) {
+      await rm(tmpDir, { recursive: true, force: true });
+    } else {
+      console.log("Not deleting tmp dir", tmpDir);
+    }
+  }
+}
 
 // ../../node_modules/.pnpm/uuid@9.0.1/node_modules/uuid/dist/esm-node/rng.js
 import crypto2 from "crypto";
@@ -207721,7 +207816,7 @@ var OtherModulesCommunicator = class {
         COANA_API_KEY: this.apiKey.type === "present" ? this.apiKey.value : ""
       }
     );
-    return JSON.parse(await readFile17(outputFilePathThisProcess, "utf-8")).result;
+    return JSON.parse(await readFile19(outputFilePathThisProcess, "utf-8")).result;
   }
   async runReachabilityAnalyzerCommand(commandName, ecosystem, subprojectPath, workspacePath, args2, env) {
     const tmpDir = await this.getTmpDirForSubproject(subprojectPath);
@@ -207782,7 +207877,7 @@ var OtherModulesCommunicator = class {
       [...args2, "-o", outputFilePathOtherProcess],
       env
     );
-    return JSON.parse(await readFile17(outputFilePathThisProcess, "utf-8")).result;
+    return JSON.parse(await readFile19(outputFilePathThisProcess, "utf-8")).result;
   }
   async runInDocker(ecosystem, image, entryPoint, commandName, args2, subprojectPath, tmpDir, env = process.env) {
     if (!await pullDockerImage(image)) return false;
@@ -209240,12 +209335,12 @@ import { join as join22, relative as relative9, resolve as resolve20 } from "pat
 
 // ../project-management/src/project-management/ecosystem-management/ecosystem-specs.ts
 import { existsSync as existsSync18 } from "fs";
-import { readdir as readdir5, readFile as readFile20 } from "fs/promises";
+import { readdir as readdir5, readFile as readFile22 } from "fs/promises";
 import { join as join21, sep as sep4 } from "path";
 
 // ../utils/src/pip-utils.ts
 import { existsSync as existsSync17 } from "fs";
-import { readFile as readFile19 } from "fs/promises";
+import { readFile as readFile21 } from "fs/promises";
 import { resolve as resolve19 } from "path";
 import util4 from "util";
 
@@ -209254,7 +209349,7 @@ var import_lodash13 = __toESM(require_lodash(), 1);
 var import_semver4 = __toESM(require_semver2(), 1);
 import { execFileSync as execFileSync2 } from "child_process";
 import { constants as constants2 } from "fs";
-import { access as access4, readFile as readFile18 } from "fs/promises";
+import { access as access4, readFile as readFile20 } from "fs/promises";
 import { join as join20, resolve as resolve18 } from "path";
 import util3 from "util";
 var { once: once7 } = import_lodash13.default;
@@ -209262,7 +209357,7 @@ var systemPython = once7(() => execFileSync2("which", ["python"], { encoding: "u
 
 // ../utils/src/pip-utils.ts
 async function isSetupPySetuptools(file) {
-  const content = await readFile19(file, "utf-8");
+  const content = await readFile21(file, "utf-8");
   return content.includes("setup(") && (/^\s*from\s+(?:setuptools|distutils\.core)\s+import\s+.*setup/m.test(content) || /^\s*import\s+(?:setuptools|distutils\.core)/m.test(content));
 }
 
@@ -209344,7 +209439,7 @@ function packageManagerIfPackageJSONExistsAndValid(packageManager) {
     if (!existsSync18(join21(projectDir, "package.json"))) return void 0;
     const packageJSONPath = join21(projectDir, "package.json");
     try {
-      JSON.parse(await readFile20(packageJSONPath, "utf-8"));
+      JSON.parse(await readFile22(packageJSONPath, "utf-8"));
       return packageManager;
     } catch (e) {
       throw new InvalidProjectFileError(projectDir, "package.json");
@@ -209605,7 +209700,7 @@ ${detailsString}` : ""}`;
 
 // dist/cli-core.js
 import { writeFileSync as writeFileSync3 } from "fs";
-import { mkdir as mkdir2, readFile as readFile23, writeFile as writeFile9 } from "fs/promises";
+import { mkdir as mkdir2, writeFile as writeFile9 } from "fs/promises";
 
 // ../../node_modules/.pnpm/kleur@4.1.5/node_modules/kleur/index.mjs
 var FORCE_COLOR;
@@ -209710,7 +209805,7 @@ var kleur_default = $;
 // dist/cli-core.js
 var import_lodash15 = __toESM(require_lodash(), 1);
 import os from "os";
-import { join as join24, relative as relative11, resolve as resolve23 } from "path";
+import { join as join25, relative as relative11, resolve as resolve23 } from "path";
 
 // ../utils/src/dashboard-api/shared-api.ts
 var DashboardAPI = class {
@@ -210030,7 +210125,7 @@ var DEFAULT_REPORT_FILENAME_BASE = "coana-report";
 
 // dist/internal/exclude-dirs-from-configuration-files.js
 import { existsSync as existsSync19 } from "fs";
-import { readFile as readFile21 } from "fs/promises";
+import { readFile as readFile23 } from "fs/promises";
 import { basename as basename6, resolve as resolve22 } from "path";
 var import_yaml2 = __toESM(require_dist11(), 1);
 async function inferExcludeDirsFromConfigurationFiles(rootWorkingDir) {
@@ -210044,7 +210139,7 @@ async function inferExcludeDirsFromConfigurationFiles(rootWorkingDir) {
 }
 async function inferExcludeDirsFromSocketConfig(socketConfigFile) {
   try {
-    const config3 = (0, import_yaml2.parse)(await readFile21(socketConfigFile, "utf8"));
+    const config3 = (0, import_yaml2.parse)(await readFile23(socketConfigFile, "utf8"));
     const version3 = config3.version;
     const ignorePaths = config3[version3 === 1 ? "ignore" : "projectIgnorePaths"];
     if (!ignorePaths)
@@ -210158,9 +210253,9 @@ function transformToVulnChainNode(dependencyTree) {
 }
 
 // dist/internal/socket-mode-helpers-socket-dependency-trees.js
-var import_picomatch2 = __toESM(require_picomatch2(), 1);
-import { basename as basename7, dirname as dirname8, sep as sep5 } from "path";
 var import_packageurl_js = __toESM(require_packageurl_js(), 1);
+var import_picomatch2 = __toESM(require_picomatch2(), 1);
+import { basename as basename7, dirname as dirname8, join as join23, sep as sep5 } from "path";
 var REQUIREMENTS_FILES_SEARCH_DEPTH2 = 3;
 function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonProjects) {
   switch (ecosystem) {
@@ -210183,7 +210278,7 @@ function inferWorkspaceFromManifestPath(ecosystem, manifestPath, properPythonPro
         return workspaceDir;
       }
       if (base.endsWith(".txt")) {
-        const isWithinProperProject = properPythonProjects.some((properProjectDir) => workspaceDir.startsWith(properProjectDir) && workspaceDir.replace(properProjectDir, "").split(sep5).length <= REQUIREMENTS_FILES_SEARCH_DEPTH2);
+        const isWithinProperProject = properPythonProjects.some((properProjectDir) => (workspaceDir === "." || workspaceDir.startsWith(properProjectDir)) && workspaceDir.replace(properProjectDir, "").split(sep5).length <= REQUIREMENTS_FILES_SEARCH_DEPTH2);
         if (isWithinProperProject) {
           return void 0;
         }
@@ -210273,10 +210368,9 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
     for (const file of allFiles) {
       const base = basename7(file);
       const workspaceDir = dirname8(file) || ".";
-      if (base === "pyproject.toml" || base === "setup.py" && await isSetupPySetuptools(file)) {
-        const normalizedDir = workspaceDir === "." ? "." : workspaceDir;
-        if (!properPythonProjects.includes(normalizedDir)) {
-          properPythonProjects.push(normalizedDir);
+      if (base === "pyproject.toml" || base === "setup.py" && await isSetupPySetuptools(join23(rootWorkingDirectory, file))) {
+        if (!properPythonProjects.includes(workspaceDir)) {
+          properPythonProjects.push(workspaceDir);
         }
       }
     }
@@ -210288,14 +210382,23 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
       const ecosystem = getAdvisoryEcosystemFromPurlType(artifact.type);
       if (!ecosystem)
         continue;
-      const manifestFiles = artifact.manifestFiles?.map((ref) => ref.file) ?? [];
-      const allAncestorIds = getAllToplevelAncestors(artifactMap, artifact.id);
-      allAncestorIds.forEach((ancestorId) => {
-        const ancestor = artifactMap.get(ancestorId);
-        if (ancestor?.manifestFiles) {
-          manifestFiles.push(...ancestor.manifestFiles.map((ref) => ref.file));
+      const manifestFiles = [];
+      switch (ecosystem) {
+        case "MAVEN": {
+          manifestFiles.push(...(await getFilesRelative(rootWorkingDirectory)).filter((file) => (0, import_picomatch2.default)("{{*-*.,}pom{.xml,},gradle.lockfile}")(basename7(file))));
+          break;
         }
-      });
+        case "NUGET": {
+          manifestFiles.push(...(await getFilesRelative(rootWorkingDirectory)).filter((file) => (0, import_picomatch2.default)("{*.csproj,packages.lock.json}")(basename7(file))));
+          break;
+        }
+        default: {
+          artifact.manifestFiles?.forEach((ref) => manifestFiles.push(ref.file));
+          const allAncestorIds = getAllToplevelAncestors(artifactMap, artifact.id);
+          allAncestorIds.forEach((ancestorId) => artifactMap.get(ancestorId)?.manifestFiles?.forEach((ref) => manifestFiles.push(ref.file)));
+          break;
+        }
+      }
       let manifestAndWorkspace = manifestFiles.map((manifestFile) => [
         manifestFile,
         inferWorkspaceFromManifestPath(ecosystem, manifestFile, properPythonProjects)
@@ -210323,33 +210426,14 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
         }
         const workspaceData = ecosystemToWorkspaceToAnalysisData[ecosystem][workspace];
         if (workspaceData.type === "socket") {
-          switch (ecosystem) {
-            case "MAVEN": {
-              if (!workspaceData.data.manifestFiles.length) {
-                const allFiles2 = await getFilesRelative(rootWorkingDirectory);
-                const manifestFiles2 = allFiles2.filter((file) => (0, import_picomatch2.default)("{{*-*.,}pom{.xml,},gradle.lockfile}")(basename7(file)));
-                workspaceData.data.manifestFiles.push(...manifestFiles2);
-              }
-              break;
-            }
-            case "NUGET": {
-              if (!workspaceData.data.manifestFiles.length) {
-                const allFiles2 = await getFilesRelative(rootWorkingDirectory);
-                const manifestFiles2 = allFiles2.filter((file) => (0, import_picomatch2.default)("{*.csproj,packages.lock.json}")(basename7(file)));
-                workspaceData.data.manifestFiles.push(...manifestFiles2);
-              }
-              break;
-            }
-            default: {
-              if (!workspaceData.data.manifestFiles.includes(manifestFile)) {
-                workspaceData.data.manifestFiles.push(manifestFile);
-              }
-              break;
-            }
+          if (!workspaceData.data.manifestFiles.includes(manifestFile)) {
+            workspaceData.data.manifestFiles.push(manifestFile);
           }
           workspaceData.data.artifacts.push(artifact);
         }
-        if (artifact.vulnerabilities && artifact.vulnerabilities.length > 0) {
+      }
+      if (artifact.vulnerabilities && artifact.vulnerabilities.length > 0) {
+        for (const workspace of i5(manifestAndWorkspace.map(([, workspace2]) => workspace2))) {
           for (const vuln of artifact.vulnerabilities) {
             const vulnerability = {
               url: vuln.ghsaId,
@@ -210358,7 +210442,7 @@ async function fetchArtifactsFromSocket(rootWorkingDirectory, manifestsTarHash)
               name: artifact.name ?? "",
               dependency: artifact.name ?? "",
               vulnChainDetails: computeVulnChainDetails2(artifacts, artifact.id),
-              vulnerabilityAccessPaths: vuln.reachabilityData?.pattern ?? null,
+              vulnerabilityAccessPaths: vuln.reachabilityData?.undeterminableReachability ? vuln.reachabilityData.publicComment ?? "" : vuln.reachabilityData?.pattern ?? null,
               ecosystem,
               artifactId: artifact.id
             };
@@ -210612,7 +210696,7 @@ function toSocketFactsSocketDependencyTree(artifacts, vulnerabilities, tier1Reac
 }
 
 // dist/internal/vulnerability-scanning.js
-import { readFile as readFile22 } from "fs/promises";
+import { readFile as readFile24 } from "fs/promises";
 
 // ../security-auditor/security-auditor-builder/src/mongo-connection.ts
 var import_mongodb = __toESM(require_lib30(), 1);
@@ -224128,7 +224212,7 @@ var { root: root2 } = static_exports;
 // ../utils/src/maven-utils.ts
 var import_lodash14 = __toESM(require_lodash(), 1);
 import { existsSync as existsSync20, readdirSync as readdirSync4, statSync as statSync4 } from "fs";
-import { join as join23 } from "path";
+import { join as join24 } from "path";
 var { memoize: memoize3 } = import_lodash14.default;
 var memoizedParseShellArgs = memoize3(parseShellArgs);
 var MAVEN_PUBLIC_REPOSITORIES = [
@@ -225481,7 +225565,7 @@ async function scanForVulnerabilities(dependencyTree, offlineVulnerabilityScanne
 }
 async function offlineScan(dependencyTree, offlineVulnerabilityScannerDBPath) {
   logger.info("using offline vulnerability scanner db");
-  const offlineVulnerabilityScannerDB = JSON.parse(await readFile22(offlineVulnerabilityScannerDBPath, "utf-8"));
+  const offlineVulnerabilityScannerDB = JSON.parse(await readFile24(offlineVulnerabilityScannerDBPath, "utf-8"));
   const { ecosystemToUrlToVulnerabilityDetails, vulnerabilityDatabase } = offlineVulnerabilityScannerDB;
   const coanaSupportedVulnerabilitiesLoader = CoanaSupportedVulnerabilitiesLoader.create(ecosystemToUrlToVulnerabilityDetails);
   const vulnerabilityAccessPathLoader = CoanaSupportedVulnerabilitiesLoader.create(ecosystemToUrlToVulnerabilityDetails);
@@ -225499,7 +225583,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version2 = "14.11.18";
+var version2 = "14.12.3";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pick } = import_lodash15.default;
@@ -225601,7 +225685,7 @@ var CliCore = class {
     }
   }
   async main() {
-    this.coanaLogPath = join24(await createTmpDirectory("coana-cli-"), "coana-log.txt");
+    this.coanaLogPath = join25(await createTmpDirectory("coana-cli-"), "coana-log.txt");
     logger.initWinstonLogger(this.options.debug, this.coanaLogPath);
     logger.silent = this.options.silent;
     try {
@@ -225688,24 +225772,12 @@ var CliCore = class {
     await writeFile9(outputFile, JSON.stringify(socketReport, null, 2));
     logger.info(kleur_default.green(`Socket report written to: ${outputFile}`));
   }
-  async getLogContent() {
-    await logger.finish();
-    let logContent;
-    try {
-      logContent = await readFile23(this.coanaLogPath, "utf-8");
-    } catch (e) {
-      this.spinner.suspend(() => {
-        console.error("Error reading log file", e);
-      });
-    }
-    return logContent;
-  }
   async shareErrorLogWithBackend(e, shouldLogSharing) {
-    await this.dashboardAPI.sendErrorReport(this.apiKey, e.stack ?? e.message ?? "Unknown stack trace", shouldLogSharing, this.reportId, this.options.repoUrl, this.options.projectName, await this.getLogContent());
+    await this.dashboardAPI.sendErrorReport(this.apiKey, e.stack ?? e.message ?? "Unknown stack trace", shouldLogSharing, this.reportId, this.options.repoUrl, this.options.projectName, await logger.getLogContent(this.coanaLogPath));
   }
   async shareLogWithDashboard() {
     if (this.reportId)
-      await sendLogToDashboard(await this.getLogContent(), this.reportId, this.apiKey);
+      await sendLogToDashboard(await logger.getLogContent(this.coanaLogPath), this.reportId, this.apiKey);
   }
   async outputAndShareReport(report, subPjToWsPathToDirectDependencies) {
     const outputDir = this.options.outputDir;
@@ -226194,43 +226266,73 @@ async function getGitDataToMetadataIfAvailable(rootWorkingDirectory) {
 }
 
 // dist/cli-upgrade-purl.js
-import { join as join25, relative as relative12 } from "node:path";
+import { join as join26, relative as relative12 } from "node:path";
 var import_packageurl_js2 = __toESM(require_packageurl_js(), 1);
-async function upgradePurl(path2, upgrades, options) {
+var ECOSYSTEMS_WITH_SOCKET_UPGRADES = ["NPM", "MAVEN"];
+async function upgradePurl(path2, upgrades, options, logFile, cliFixRunId) {
   logger.initWinstonLogger(options.debug);
   logger.silent = options.silent;
+  let cliRunId = cliFixRunId;
+  if (!cliRunId && options.manifestsTarHash) {
+    cliRunId = await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, path2, options, "upgrade-purls");
+  }
+  const upgradePurlRunId = cliRunId && await getSocketAPI().registerUpgradePurlRun(cliRunId, upgrades);
   Spinner.instance({ text: "Running Coana Upgrade Purl CLI", isSilent: options.silent }).start();
   try {
     logger.info(`Upgrading purls for ${path2}: 
 ${upgrades.map((upgrade) => `	${upgrade.purl} -> ${upgrade.upgradeVersion}`).join("\n")}`);
     if (options.manifestsTarHash) {
-      const purlToUpgradeVersion = new Map(upgrades.map((upgrade) => [upgrade.purl, upgrade.upgradeVersion]));
-      const { artifacts } = await fetchArtifactsFromSocket(path2, options.manifestsTarHash);
-      const ecosystemToSocketArtifactUpgrades = {};
-      artifacts.forEach((artifact, idx) => {
-        if (!artifact.name)
-          return;
-        const purl = new import_packageurl_js2.PackageURL(artifact.type, artifact.namespace, artifact.name, artifact.version, artifact.qualifiers).toString();
-        const upgradeVersion = purlToUpgradeVersion.get(purl);
-        if (!upgradeVersion)
-          return;
-        const ecosystem = getAdvisoryEcosystemFromPurlType(artifact.type);
-        if (!ecosystem)
-          return;
-        ecosystemToSocketArtifactUpgrades[ecosystem] ??= [];
-        ecosystemToSocketArtifactUpgrades[ecosystem].push({
-          idx,
-          upgradeVersion
+      const { supportedUpgrades, unsupportedUpgrades } = upgrades.reduce((acc, upgrade) => {
+        const ecosystem = getAdvisoryEcosystemFromPurl(upgrade.purl);
+        const target = ECOSYSTEMS_WITH_SOCKET_UPGRADES.includes(ecosystem) ? "supportedUpgrades" : "unsupportedUpgrades";
+        acc[target].push(upgrade);
+        return acc;
+      }, { supportedUpgrades: [], unsupportedUpgrades: [] });
+      if (unsupportedUpgrades.length > 0) {
+        logger.warn(`The following upgrades are not supported due to missing support for upgrading their ecosystem: ${unsupportedUpgrades.map((upgrade) => `	${upgrade.purl} -> ${upgrade.upgradeVersion}`).join("\n")}`);
+      }
+      if (supportedUpgrades.length === 0) {
+        return "fixed-none";
+      }
+      try {
+        const purlToUpgradeVersion = new Map(supportedUpgrades.map((upgrade) => [upgrade.purl, upgrade.upgradeVersion]));
+        const { artifacts } = await fetchArtifactsFromSocket(path2, options.manifestsTarHash);
+        const ecosystemToSocketArtifactUpgrades = {};
+        artifacts.forEach((artifact, idx) => {
+          if (!artifact.name)
+            return;
+          const purl = new import_packageurl_js2.PackageURL(artifact.type, artifact.namespace, artifact.name, artifact.version, artifact.qualifiers).toString();
+          const upgradeVersion = purlToUpgradeVersion.get(purl);
+          if (!upgradeVersion)
+            return;
+          const ecosystem = getAdvisoryEcosystemFromPurlType(artifact.type);
+          if (!ecosystem)
+            return;
+          ecosystemToSocketArtifactUpgrades[ecosystem] ??= [];
+          ecosystemToSocketArtifactUpgrades[ecosystem].push({
+            idx,
+            upgradeVersion
+          });
         });
-      });
-      for (const [ecosystem, upgrades2] of Object.entries(ecosystemToSocketArtifactUpgrades)) {
-        if (["NPM", "MAVEN"].includes(ecosystem)) {
+        for (const [ecosystem, upgrades2] of Object.entries(ecosystemToSocketArtifactUpgrades)) {
           await applySocketUpgrades(ecosystem, path2, upgrades2, artifacts);
-        } else {
-          logger.warn(`Unsupported ecosystem ${ecosystem} for socket upgrades`);
         }
+        if (upgradePurlRunId) {
+          await getSocketAPI().finalizeUpgradePurlRun(upgradePurlRunId, "success");
+        }
+        return unsupportedUpgrades.length === 0 ? "fixed-all" : "fixed-some";
+      } catch (error) {
+        if (upgradePurlRunId) {
+          await getSocketAPI().finalizeUpgradePurlRun(
+            upgradePurlRunId,
+            "error",
+            !cliFixRunId ? error.stack : void 0,
+            // do not send stack trace and logContent for computeFixes runs, as that will be handled by that command.
+            !cliFixRunId && logFile ? await logger.getLogContent(logFile) : void 0
+          );
+        }
+        throw error;
       }
-      return;
     }
     const otherModulesCommunicator = new OtherModulesCommunicator(path2, options, {
       type: "missing"
@@ -226245,7 +226347,7 @@ ${upgrades.map((upgrade) => `	${upgrade.purl} -> ${upgrade.upgradeVersion}`).joi
     const subprojectPromiseQueue = new PromiseQueue(Number(options.concurrency));
     supportedSubprojects.forEach((subproject) => {
       subprojectPromiseQueue.enqueueTask(async () => {
-        const workspacePathsMatchingGlob = subproject.workspacePaths.filter((wsPath) => minimatch(join25(subproject.subprojectPath, wsPath), options.globPattern ?? "**"));
+        const workspacePathsMatchingGlob = subproject.workspacePaths.filter((wsPath) => minimatch(join26(subproject.subprojectPath, wsPath), options.globPattern ?? "**"));
         if (workspacePathsMatchingGlob.length === 0)
           return;
         logger.info(`Found workspaces for subproject ${subproject.subprojectPath}${options.globPattern ? `matching glob ${options.globPattern}` : ""}:
@@ -226274,7 +226376,7 @@ ${workspacePathsMatchingGlob.map((wsPath) => `	${wsPath}`).join("\n")}`);
           });
           if (vulnerabilityFixes.length === 0)
             return;
-          logger.info(`Found ${vulnerabilityFixes.length} ${vulnerabilityFixes.length === 1 ? "dependency" : "dependencies"} matching upgrade specs for ${join25(subproject.subprojectPath, wsPath)}`);
+          logger.info(`Found ${vulnerabilityFixes.length} ${vulnerabilityFixes.length === 1 ? "dependency" : "dependencies"} matching upgrade specs for ${join26(subproject.subprojectPath, wsPath)}`);
           workspaceToFixes[wsPath] = [
             {
               fixId: "dummy",
@@ -226295,13 +226397,14 @@ ${workspacePathsMatchingGlob.map((wsPath) => `	${wsPath}`).join("\n")}`);
   }
 }
 var signalFixApplied = (_fixId, subprojectPath, workspacePath, vulnerabilityFixes) => {
-  logger.info(`Successfully upgraded purls for: ${join25(subprojectPath, workspacePath)}`);
+  logger.info(`Successfully upgraded purls for: ${join26(subprojectPath, workspacePath)}`);
   logger.info(`Upgraded: 
 ${vulnerabilityFixes.map((fix) => `	${fix.dependencyName} from ${fix.currentVersion} to ${fix.fixedVersion}`).join("\n")}`);
 };
 
 // dist/cli-compute-fixes-and-upgrade-purls.js
-async function computeFixesAndUpgradePurls(path2, options) {
+async function computeFixesAndUpgradePurls(path2, options, logFile) {
+  const autofixRunId = options.manifestsTarHash && await getSocketAPI().registerAutofixOrUpgradePurlRun(options.manifestsTarHash, path2, options, "autofix");
   const { artifacts, ghsaToVulnerableArtifactIds } = await computeInputForComputingFixes(path2, options);
   if (Object.keys(ghsaToVulnerableArtifactIds).length === 0) {
     logger.info("No vulnerabilities to compute fixes for");
@@ -226313,7 +226416,7 @@ async function computeFixesAndUpgradePurls(path2, options) {
     return;
   }
   const ghsaToVulnerableArtifactIdsToApply = options.applyFixesTo.includes("all") ? ghsaToVulnerableArtifactIds : Object.fromEntries(Object.entries(ghsaToVulnerableArtifactIds).filter(([ghsa]) => options.applyFixesTo.includes(ghsa)));
-  const computedFix = await useSocketComputeFixEndpoint(artifacts, ghsaToVulnerableArtifactIdsToApply);
+  const computedFix = await useSocketComputeFixEndpoint(autofixRunId, artifacts, ghsaToVulnerableArtifactIdsToApply);
   if (computedFix.type !== "success") {
     throw new Error(`No fix found for the given vulnerabilities`);
   }
@@ -226339,15 +226442,21 @@ async function computeFixesAndUpgradePurls(path2, options) {
     return;
   }
   try {
-    await upgradePurl(path2, combinedFixes.map((fix) => ({ purl: fix.purl, upgradeVersion: fix.fixedVersion })), {
+    const applyFixesStatus = await upgradePurl(path2, combinedFixes.map((fix) => ({ purl: fix.purl, upgradeVersion: fix.fixedVersion })), {
       debug: options.debug,
       silent: options.silent,
       runWithoutDocker: options.runWithoutDocker,
       manifestsTarHash: options.manifestsTarHash,
       concurrency: "1",
       globPattern: options.globPattern
-    });
+    }, autofixRunId) ?? "fixed-all";
+    if (autofixRunId) {
+      await getSocketAPI().finalizeAutofixRun(autofixRunId, ghsasFailedToFix.length === 0 && applyFixesStatus === "fixed-all" ? "fixed-all" : ghsasFailedToFix.length === Object.keys(ghsaToVulnerableArtifactIdsToApply).length || applyFixesStatus === "fixed-none" ? "fixed-none" : "fixed-some");
+    }
   } catch (error) {
+    if (autofixRunId) {
+      await getSocketAPI().finalizeAutofixRun(autofixRunId, "error", error.stack, await logger.getLogContent(logFile));
+    }
     logger.error("Error applying fixes:", error);
     throw error;
   }
@@ -226445,6 +226554,7 @@ function computeSBOMTaskArtifacts(dependencyTrees) {
 }
 
 // dist/index.js
+import { join as join27 } from "path";
 var program2 = new Command();
 var run2 = new Command();
 run2.name("run").argument("<path>", "File system path to folder containing the project").option("-o, --output-dir <path>", "Write json report to <path>/coana-report.json").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).option("-p, --print-report", "Print the report to the console", false).option("--offline-database <path>", "Path to a coana-offline-db.json file for running the CLI without internet connectivity", void 0).option("-t, --timeout <timeout>", "Set API <timeout> in milliseconds to Coana backend.", "300000").option("-a, --analysis-timeout <timeout>", "Set <timeout> in seconds for each reachability analysis run").option("--memory-limit <memoryInMB>", "Set memory limit for analysis to <memoryInMB> megabytes of memory.", "8192").option("-c, --concurrency <concurrency>", "Set the maximum number of concurrent reachability analysis runs. It's recommended to choose a concurrency level that ensures that each analysis run has at least the --memory-limit amount of memory available.", "1").option("--api-key <key>", "Set the Coana dashboard API key. By setting you also enable the dashboard integration.").addOption(new Option("--write-report-to-file", "Write the report dashboard-compatible report to dashboard-report.json. This report may help the Coana team debug issues with the report insertion mechanism.").default(false).hideHelp()).option("--project-name <repoName>", "Set the name of the repository. Used for dashboard integration.").option("--repo-url <repoUrl>", "Set the URL of the repository. Used for dashboard integration.").option("--include-dirs <relativeDirs...>", "globs for directories to include from the detection of subprojects (space-separated)(use relative paths from the project root). Notice, projects that are not included may still be scanned if they are referenced from included projects.").option("--exclude-dirs <relativeDirs...>", "globs for directories to exclude from the detection of subprojects (space-separated)(use relative paths from the project root). Notice, excluded projects may still be scanned if they are referenced from non-excluded projects.").option("--disable-analysis-splitting", "Limits Coana to at most 1 reachability analysis run per workspace").option("--print-analysis-log-file", "Store log output from the JavaScript/TypeScript reachability analysis in the file js-analysis.log file in the root of each workspace", false).option("--entry-points <entryPoints...>", "List of files to analyze for root workspace. The reachability analysis automatically analyzes all files used by the entry points. If not provided, all JavaScript and TypeScript files are considered entry points. For non-root workspaces, all JavaScript and TypeScript files are analyzed as well.").option("--include-projects-with-no-reachability-support", "Also runs Coana on projects where we support traditional SCA, but does not yet support reachability analysis.", false).option("--ecosystems <ecosystems...>", "List of ecosystems to analyze (space-separated). Currently NPM, PIP, MAVEN, NUGET and GO are supported. Default is all supported ecosystems.").addOption(new Option("--purl-types <purlTypes...>", "List of PURL types to analyze (space-separated). Currently npm, pypi, maven, nuget, golang and cargo are supported. Default is all supported purl types.").hideHelp()).option("--changed-files <files...>", "List of files that have changed. If provided, Coana only analyzes workspaces and modules that contain changed files.").option("--disable-report-submission", "Disable the submission of the report to the Coana dashboard. Used by the pipeline blocking feature.", false).option("--disable-analytics-sharing", "Disable analytics sharing.", false).option("--provider-project <path>", "File system path to folder containing the provider project (Only supported for Maven, Gradle, and SBT)").option("--provider-workspaces <dirs...>", "List of workspaces that build the provided runtime environment (Only supported for Maven, Gradle, and SBT)", (paths) => paths.split(" ")).option("--lightweight-reachability", "Runs Coana in lightweight mode. This increases analysis speed but also raises the risk of Coana misclassifying the reachability of certain complex vulnerabilities. Recommended only for use with Coana Guardrail mode.", false).addOption(new Option("--run-without-docker", "Run package managers and reachability analyzers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--run-env <env>", "Specifies the environment in which the CLI is run. So far only MANAGED_SCAN and UNKNOWN are supported.").default("UNKNOWN").choices(["UNKNOWN", "MANAGED_SCAN"]).hideHelp()).addOption(new Option("--guardrail-mode", "Run Coana in guardrail mode. This mode is used to prevent new reachable vulnerabilities from being introduced into the codebase. Usually run as a CI check when pushing new commits to a pull request.")).option("--ignore-failing-workspaces", "Continue processing when a workspace fails instead of exiting. Failed workspaces will be logged at termination.", false).addOption(new Option("--socket-mode <output-file>", "Run Coana in socket mode and write report to <output-file>").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).configureHelp({ sortOptions: true }).action(async (path2, options) => {
@@ -226461,26 +226571,34 @@ applyFixes.name("apply-fixes").argument("<path>", "File system path to the folde
 var upgradePurls = new Command();
 upgradePurls.name("upgrade-purls").argument("<path>", "File system path to the folder containing the project").argument("<specs...>", "Package upgrade specifications in the format 'purl -> newVersion' (e.g., 'pkg:maven/io.micrometer/micrometer-core@1.10.9 -> 1.15.0')").option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-c, --concurrency <concurrency>", "Set the maximum number of concurrent reachability analysis runs. It's recommended to choose a concurrency level that ensures that each analysis run has at least the --memory-limit amount of memory available.", "1").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--socket-mode", "Use Socket for computing dependency trees").default(process.env.SOCKET_MODE === "true").hideHelp()).version(version2).action(async (path2, specs2, options) => {
   process.env.DOCKER_IMAGE_TAG ??= version2;
-  const upgradeSpecs = specs2.map((spec) => {
-    const [purl, upgradeVersion] = spec.split("->").map((s4) => s4.trim());
-    if (!upgradeVersion)
-      throw Error("Upgrade version not specified");
-    return {
-      purl,
-      upgradeVersion
-    };
+  await withTmpDirectory("upgrade-purls", async (tmpDir) => {
+    const logFile = join27(tmpDir, "upgrade-purls.log");
+    logger.initWinstonLogger(options.debug, logFile);
+    const upgradeSpecs = specs2.map((spec) => {
+      const [purl, upgradeVersion] = spec.split("->").map((s4) => s4.trim());
+      if (!upgradeVersion)
+        throw Error("Upgrade version not specified");
+      return {
+        purl,
+        upgradeVersion
+      };
+    });
+    await upgradePurl(path2, upgradeSpecs, options, logFile);
   });
-  await upgradePurl(path2, upgradeSpecs, options);
 }).configureHelp({ sortOptions: true });
 var computeFixesAndUpgradePurlsCmd = new Command();
 computeFixesAndUpgradePurlsCmd.name("compute-fixes-and-upgrade-purls").argument("<path>", "File system path to the folder containing the project").option("-a, --apply-fixes-to <ghsas...>", 'GHSA IDs to compute fixes for. Use "all" to compute fixes for all vulnerabilities.', []).option("--dry-run", "Show what changes would be made without actually making them", false).option("-g, --glob <pattern>", "Glob pattern to filter workspaces by absolute file path").option("-d, --debug", "Enable debug logging", false).option("-s, --silent", "Silence all debug/warning output", false).addOption(new Option("--run-without-docker", "Run package managers without using docker").default(process.env.RUN_WITHOUT_DOCKER === "true").hideHelp()).addOption(new Option("--manifests-tar-hash <hash>", "Hash of the tarball containing all manifest files already uploaded to Socket. If provided, Socket will be used for computing dependency trees.").hideHelp()).version(version2).action(async (path2, options) => {
   process.env.DOCKER_IMAGE_TAG ??= version2;
-  await computeFixesAndUpgradePurls(path2, options);
+  await withTmpDirectory("compute-fixes-and-upgrade-purls", async (tmpDir) => {
+    const logFile = join27(tmpDir, "compute-fixes-and-upgrade-purls.log");
+    logger.initWinstonLogger(options.debug, logFile);
+    await computeFixesAndUpgradePurls(path2, options, logFile);
+  });
 }).configureHelp({ sortOptions: true });
 var compareReportsCommand = new Command();
 compareReportsCommand.name("compare-reports").argument("<baselineReportPath>", "Path to the baseline report").argument("<newReportPath>", "Path to the new report").option("--api-key <key>", "Set the Coana dashboard API key.").option("-d, --debug", "Enable debug logging", false).option("--no-pr-comment", "Disable pull request comments (only relevant when run from a PR)", true).option("--no-block", "Do not fail with a non-zero exit code when new reachable vulnerabilities are detected", true).option("--ignore-undeterminable-reachability", "Ignore vulnerabilities with undeterminable reachability", false).action(async (baselineReportPath, newReportPath, options) => {
   async function readReport(reportPath) {
-    return JSON.parse(await readFile24(reportPath, "utf-8"));
+    return JSON.parse(await readFile25(reportPath, "utf-8"));
   }
   const baselineReport = await readReport(baselineReportPath);
   const newReport = await readReport(newReportPath);