Try again to get multiple prs

Author: jdalton

src/commands/fix/pnpm-fix.ts

@@ -136,40 +136,26 @@ export async function pnpmFix(
     pkgEnvDetails.editablePkgJson.filename!
   ]
 
-  let actualTree = await getActualTree(cwd)
-
   for (const { 0: name, 1: infos } of infoByPkg) {
+    debugLog(`Processing vulnerable package: ${name}`)
     if (getManifestData(NPM, name)) {
       spinner?.info(`Skipping ${name}. Socket Optimize package exists.`)
       continue
     }
-    const oldVersions = arrayUnique(
-      findPackageNodes(actualTree, name)
-        .map(n => n.target?.version ?? n.version)
-        .filter(Boolean)
-    )
-    const packument =
-      oldVersions.length && infos.length
-        ? // eslint-disable-next-line no-await-in-loop
-          await fetchPackagePackument(name)
-        : null
-    if (!packument) {
-      continue
-    }
 
     const fixedSpecs = new Set<string>()
 
     for (const pkgJsonPath of pkgJsonPaths) {
-      // Re-read actualTree to avoid lockfile state issues
+      debugLog(`Checking workspace: ${pkgJsonPath}`)
+
       // eslint-disable-next-line no-await-in-loop
-      actualTree = await getActualTree(cwd)
+      let actualTree = await getActualTree(cwd)
 
-      const pkgPath = path.dirname(pkgJsonPath)
       const isWorkspaceRoot =
         pkgJsonPath === pkgEnvDetails.editablePkgJson.filename
       const workspaceName = isWorkspaceRoot
         ? 'root'
-        : path.relative(rootPath, pkgPath)
+        : path.relative(rootPath, path.dirname(pkgJsonPath))
 
       const editablePkgJson = isWorkspaceRoot
         ? pkgEnvDetails.editablePkgJson
@@ -184,6 +170,20 @@ export async function pnpmFix(
         | Record<string, string>
         | undefined
 
+      const oldVersions = arrayUnique(
+        findPackageNodes(actualTree, name)
+          .map(n => n.target?.version ?? n.version)
+          .filter(Boolean)
+      )
+      const packument =
+        oldVersions.length && infos.length
+          ? // eslint-disable-next-line no-await-in-loop
+            await fetchPackagePackument(name)
+          : null
+      if (!packument) {
+        continue
+      }
+
       for (const oldVersion of oldVersions) {
         const oldSpec = `${name}@${oldVersion}`
         const oldPurl = `pkg:npm/${oldSpec}`
@@ -352,10 +352,13 @@ export async function pnpmFix(
 
           if (errored) {
             editablePkgJson.update(revertData)
+
             // eslint-disable-next-line no-await-in-loop
             await Promise.all([removeNodeModules(cwd), editablePkgJson.save()])
+
             // eslint-disable-next-line no-await-in-loop
             actualTree = await install(pkgEnvDetails, { spinner })
+
             spinner?.failAndStop(
               `Update failed for ${oldSpec} in ${workspaceName}`,
               error
@@ -364,15 +367,16 @@ export async function pnpmFix(
             // eslint-disable-next-line no-await-in-loop
             await Promise.all([
               removeNodeModules(cwd),
-              // Reset to base branch to isolate next PR
               gitCheckoutBaseBranchIfAvailable(baseBranch, cwd)
             ])
+
             // eslint-disable-next-line no-await-in-loop
             actualTree = await install(pkgEnvDetails, { spinner })
           }
         }
       }
     }
   }
+
   spinner?.stop()
 }