@blamejs/blamejs-shop 0.3.5 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (353) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/lib/asset-manifest.json +1 -1
  3. package/lib/vendor/MANIFEST.json +3 -3
  4. package/lib/vendor/blamejs/CHANGELOG.md +14 -0
  5. package/lib/vendor/blamejs/api-snapshot.json +2 -2
  6. package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +3 -3
  7. package/lib/vendor/blamejs/lib/a2a-tasks.js +24 -24
  8. package/lib/vendor/blamejs/lib/a2a.js +4 -4
  9. package/lib/vendor/blamejs/lib/acme.js +3 -3
  10. package/lib/vendor/blamejs/lib/agent-idempotency.js +1 -1
  11. package/lib/vendor/blamejs/lib/agent-orchestrator.js +8 -8
  12. package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -2
  13. package/lib/vendor/blamejs/lib/agent-saga.js +1 -1
  14. package/lib/vendor/blamejs/lib/agent-snapshot.js +1 -1
  15. package/lib/vendor/blamejs/lib/agent-stream.js +1 -1
  16. package/lib/vendor/blamejs/lib/agent-tenant.js +1 -1
  17. package/lib/vendor/blamejs/lib/agent-trace.js +3 -3
  18. package/lib/vendor/blamejs/lib/ai-capability.js +1 -1
  19. package/lib/vendor/blamejs/lib/ai-dp.js +4 -4
  20. package/lib/vendor/blamejs/lib/ai-input.js +4 -4
  21. package/lib/vendor/blamejs/lib/ai-model-manifest.js +7 -7
  22. package/lib/vendor/blamejs/lib/ai-pref.js +3 -3
  23. package/lib/vendor/blamejs/lib/archive-gz.js +2 -2
  24. package/lib/vendor/blamejs/lib/archive-read.js +25 -25
  25. package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -2
  26. package/lib/vendor/blamejs/lib/archive-tar.js +20 -20
  27. package/lib/vendor/blamejs/lib/archive-wrap.js +10 -10
  28. package/lib/vendor/blamejs/lib/argon2-builtin.js +1 -1
  29. package/lib/vendor/blamejs/lib/asn1-der.js +45 -34
  30. package/lib/vendor/blamejs/lib/atomic-file.js +2 -2
  31. package/lib/vendor/blamejs/lib/audit-daily-review.js +3 -3
  32. package/lib/vendor/blamejs/lib/audit-sign.js +5 -5
  33. package/lib/vendor/blamejs/lib/audit-tools.js +1 -1
  34. package/lib/vendor/blamejs/lib/audit.js +2 -2
  35. package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -2
  36. package/lib/vendor/blamejs/lib/auth/bot-challenge.js +3 -3
  37. package/lib/vendor/blamejs/lib/auth/ciba.js +7 -7
  38. package/lib/vendor/blamejs/lib/auth/dpop.js +3 -3
  39. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +8 -8
  40. package/lib/vendor/blamejs/lib/auth/jar.js +11 -0
  41. package/lib/vendor/blamejs/lib/auth/jwt-external.js +5 -5
  42. package/lib/vendor/blamejs/lib/auth/oauth.js +7 -9
  43. package/lib/vendor/blamejs/lib/auth/oid4vci.js +10 -10
  44. package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -2
  45. package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -2
  46. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  47. package/lib/vendor/blamejs/lib/auth/saml.js +31 -43
  48. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +1 -1
  49. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +5 -5
  50. package/lib/vendor/blamejs/lib/auth/status-list.js +10 -10
  51. package/lib/vendor/blamejs/lib/auth/step-up.js +1 -1
  52. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +1 -1
  53. package/lib/vendor/blamejs/lib/backup/index.js +7 -7
  54. package/lib/vendor/blamejs/lib/base32.js +8 -8
  55. package/lib/vendor/blamejs/lib/budr.js +2 -2
  56. package/lib/vendor/blamejs/lib/cache-status.js +2 -2
  57. package/lib/vendor/blamejs/lib/calendar.js +29 -29
  58. package/lib/vendor/blamejs/lib/cbor.js +12 -12
  59. package/lib/vendor/blamejs/lib/cdn-cache-control.js +1 -1
  60. package/lib/vendor/blamejs/lib/cert.js +5 -5
  61. package/lib/vendor/blamejs/lib/cloud-events.js +5 -5
  62. package/lib/vendor/blamejs/lib/cms-codec.js +21 -21
  63. package/lib/vendor/blamejs/lib/codepoint-class.js +12 -12
  64. package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +4 -4
  65. package/lib/vendor/blamejs/lib/compliance-sanctions.js +4 -4
  66. package/lib/vendor/blamejs/lib/compliance.js +29 -29
  67. package/lib/vendor/blamejs/lib/content-credentials.js +38 -38
  68. package/lib/vendor/blamejs/lib/cookies.js +1 -1
  69. package/lib/vendor/blamejs/lib/cose.js +13 -13
  70. package/lib/vendor/blamejs/lib/cra-report.js +1 -1
  71. package/lib/vendor/blamejs/lib/crdt.js +1 -1
  72. package/lib/vendor/blamejs/lib/crypto-field.js +2 -2
  73. package/lib/vendor/blamejs/lib/crypto-xwing.js +7 -7
  74. package/lib/vendor/blamejs/lib/crypto.js +6 -6
  75. package/lib/vendor/blamejs/lib/csp.js +2 -2
  76. package/lib/vendor/blamejs/lib/cwt.js +4 -4
  77. package/lib/vendor/blamejs/lib/dark-patterns.js +2 -2
  78. package/lib/vendor/blamejs/lib/data-act.js +2 -2
  79. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +4 -4
  80. package/lib/vendor/blamejs/lib/db-query.js +1 -1
  81. package/lib/vendor/blamejs/lib/db.js +6 -6
  82. package/lib/vendor/blamejs/lib/dbsc.js +13 -13
  83. package/lib/vendor/blamejs/lib/did.js +17 -17
  84. package/lib/vendor/blamejs/lib/dora.js +4 -4
  85. package/lib/vendor/blamejs/lib/dsr.js +1 -1
  86. package/lib/vendor/blamejs/lib/early-hints.js +2 -2
  87. package/lib/vendor/blamejs/lib/eat.js +4 -4
  88. package/lib/vendor/blamejs/lib/external-db-migrate.js +1 -1
  89. package/lib/vendor/blamejs/lib/external-db.js +1 -1
  90. package/lib/vendor/blamejs/lib/flag-cache.js +1 -1
  91. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -2
  92. package/lib/vendor/blamejs/lib/graphql-federation.js +13 -6
  93. package/lib/vendor/blamejs/lib/guard-agent-registry.js +5 -5
  94. package/lib/vendor/blamejs/lib/guard-archive.js +24 -24
  95. package/lib/vendor/blamejs/lib/guard-cidr.js +34 -34
  96. package/lib/vendor/blamejs/lib/guard-csv.js +1 -1
  97. package/lib/vendor/blamejs/lib/guard-domain.js +10 -10
  98. package/lib/vendor/blamejs/lib/guard-dsn.js +4 -4
  99. package/lib/vendor/blamejs/lib/guard-email.js +19 -19
  100. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +4 -4
  101. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +6 -6
  102. package/lib/vendor/blamejs/lib/guard-filename.js +7 -7
  103. package/lib/vendor/blamejs/lib/guard-graphql.js +9 -9
  104. package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +1 -1
  105. package/lib/vendor/blamejs/lib/guard-html-wcag.js +4 -4
  106. package/lib/vendor/blamejs/lib/guard-html.js +7 -7
  107. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +6 -6
  108. package/lib/vendor/blamejs/lib/guard-image.js +4 -4
  109. package/lib/vendor/blamejs/lib/guard-imap-command.js +17 -17
  110. package/lib/vendor/blamejs/lib/guard-jmap.js +20 -20
  111. package/lib/vendor/blamejs/lib/guard-json.js +12 -12
  112. package/lib/vendor/blamejs/lib/guard-jsonpath.js +3 -3
  113. package/lib/vendor/blamejs/lib/guard-jwt.js +4 -4
  114. package/lib/vendor/blamejs/lib/guard-list-id.js +7 -7
  115. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +8 -8
  116. package/lib/vendor/blamejs/lib/guard-mail-compose.js +4 -4
  117. package/lib/vendor/blamejs/lib/guard-mail-move.js +5 -5
  118. package/lib/vendor/blamejs/lib/guard-mail-query.js +3 -3
  119. package/lib/vendor/blamejs/lib/guard-mail-reply.js +3 -3
  120. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -6
  121. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +25 -25
  122. package/lib/vendor/blamejs/lib/guard-markdown.js +31 -31
  123. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -5
  124. package/lib/vendor/blamejs/lib/guard-mime.js +1 -1
  125. package/lib/vendor/blamejs/lib/guard-oauth.js +3 -3
  126. package/lib/vendor/blamejs/lib/guard-pdf.js +6 -6
  127. package/lib/vendor/blamejs/lib/guard-pop3-command.js +11 -11
  128. package/lib/vendor/blamejs/lib/guard-posture-chain.js +5 -5
  129. package/lib/vendor/blamejs/lib/guard-regex.js +10 -10
  130. package/lib/vendor/blamejs/lib/guard-saga-config.js +5 -5
  131. package/lib/vendor/blamejs/lib/guard-smtp-command.js +6 -6
  132. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +3 -3
  133. package/lib/vendor/blamejs/lib/guard-stream-args.js +4 -4
  134. package/lib/vendor/blamejs/lib/guard-svg.js +11 -11
  135. package/lib/vendor/blamejs/lib/guard-tenant-id.js +5 -5
  136. package/lib/vendor/blamejs/lib/guard-time.js +15 -15
  137. package/lib/vendor/blamejs/lib/guard-trace-context.js +4 -4
  138. package/lib/vendor/blamejs/lib/guard-uuid.js +11 -11
  139. package/lib/vendor/blamejs/lib/guard-xml.js +12 -12
  140. package/lib/vendor/blamejs/lib/guard-yaml.js +16 -16
  141. package/lib/vendor/blamejs/lib/honeytoken.js +5 -5
  142. package/lib/vendor/blamejs/lib/http-client-cache.js +18 -1
  143. package/lib/vendor/blamejs/lib/http-client.js +13 -10
  144. package/lib/vendor/blamejs/lib/http-message-signature.js +2 -2
  145. package/lib/vendor/blamejs/lib/iab-mspa.js +3 -3
  146. package/lib/vendor/blamejs/lib/iab-tcf.js +70 -70
  147. package/lib/vendor/blamejs/lib/inbox.js +4 -4
  148. package/lib/vendor/blamejs/lib/ip-utils.js +15 -15
  149. package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -2
  150. package/lib/vendor/blamejs/lib/json-path.js +3 -3
  151. package/lib/vendor/blamejs/lib/json-schema.js +1 -1
  152. package/lib/vendor/blamejs/lib/jsonapi.js +3 -3
  153. package/lib/vendor/blamejs/lib/jtd.js +2 -2
  154. package/lib/vendor/blamejs/lib/link-header.js +1 -1
  155. package/lib/vendor/blamejs/lib/local-db-thin.js +1 -1
  156. package/lib/vendor/blamejs/lib/log.js +8 -3
  157. package/lib/vendor/blamejs/lib/lro.js +4 -4
  158. package/lib/vendor/blamejs/lib/mail-agent.js +1 -1
  159. package/lib/vendor/blamejs/lib/mail-arc-sign.js +6 -6
  160. package/lib/vendor/blamejs/lib/mail-auth.js +44 -44
  161. package/lib/vendor/blamejs/lib/mail-bimi.js +3 -3
  162. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +53 -45
  163. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +6 -6
  164. package/lib/vendor/blamejs/lib/mail-dav.js +1 -1
  165. package/lib/vendor/blamejs/lib/mail-deploy.js +40 -40
  166. package/lib/vendor/blamejs/lib/mail-dkim.js +12 -12
  167. package/lib/vendor/blamejs/lib/mail-greylist.js +12 -12
  168. package/lib/vendor/blamejs/lib/mail-helo.js +1 -1
  169. package/lib/vendor/blamejs/lib/mail-journal.js +8 -8
  170. package/lib/vendor/blamejs/lib/mail-rbl.js +7 -7
  171. package/lib/vendor/blamejs/lib/mail-scan.js +7 -7
  172. package/lib/vendor/blamejs/lib/mail-send-deliver.js +2 -2
  173. package/lib/vendor/blamejs/lib/mail-server-imap.js +12 -12
  174. package/lib/vendor/blamejs/lib/mail-server-jmap.js +18 -20
  175. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +4 -4
  176. package/lib/vendor/blamejs/lib/mail-server-mx.js +17 -17
  177. package/lib/vendor/blamejs/lib/mail-server-pop3.js +4 -4
  178. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -2
  179. package/lib/vendor/blamejs/lib/mail-server-submission.js +21 -21
  180. package/lib/vendor/blamejs/lib/mail-sieve.js +2 -2
  181. package/lib/vendor/blamejs/lib/mail-spam-score.js +5 -5
  182. package/lib/vendor/blamejs/lib/mail-srs.js +12 -12
  183. package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -2
  184. package/lib/vendor/blamejs/lib/mail-store.js +8 -8
  185. package/lib/vendor/blamejs/lib/mail-unsubscribe.js +4 -4
  186. package/lib/vendor/blamejs/lib/mail.js +4 -4
  187. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +4 -4
  188. package/lib/vendor/blamejs/lib/mcp.js +15 -15
  189. package/lib/vendor/blamejs/lib/mdoc.js +2 -2
  190. package/lib/vendor/blamejs/lib/metrics.js +8 -8
  191. package/lib/vendor/blamejs/lib/middleware/age-gate.js +15 -3
  192. package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +11 -4
  193. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +7 -7
  194. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -2
  195. package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -2
  196. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +5 -5
  197. package/lib/vendor/blamejs/lib/middleware/body-parser.js +5 -5
  198. package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +16 -16
  199. package/lib/vendor/blamejs/lib/middleware/csp-report.js +4 -4
  200. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +1 -1
  201. package/lib/vendor/blamejs/lib/middleware/dpop.js +1 -1
  202. package/lib/vendor/blamejs/lib/middleware/headers.js +2 -2
  203. package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +1 -1
  204. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +12 -12
  205. package/lib/vendor/blamejs/lib/middleware/nel.js +1 -1
  206. package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -2
  207. package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -2
  208. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +14 -5
  209. package/lib/vendor/blamejs/lib/middleware/require-aal.js +1 -1
  210. package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -2
  211. package/lib/vendor/blamejs/lib/middleware/require-content-type.js +1 -1
  212. package/lib/vendor/blamejs/lib/middleware/require-methods.js +1 -1
  213. package/lib/vendor/blamejs/lib/middleware/require-step-up.js +2 -2
  214. package/lib/vendor/blamejs/lib/middleware/scim-server.js +1 -1
  215. package/lib/vendor/blamejs/lib/middleware/security-txt.js +3 -3
  216. package/lib/vendor/blamejs/lib/middleware/sse.js +14 -8
  217. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -12
  218. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -2
  219. package/lib/vendor/blamejs/lib/network-byte-quota.js +1 -1
  220. package/lib/vendor/blamejs/lib/network-dns-resolver.js +23 -23
  221. package/lib/vendor/blamejs/lib/network-dns.js +29 -29
  222. package/lib/vendor/blamejs/lib/network-dnssec.js +33 -33
  223. package/lib/vendor/blamejs/lib/network-smtp-policy.js +10 -10
  224. package/lib/vendor/blamejs/lib/network-tls.js +100 -98
  225. package/lib/vendor/blamejs/lib/network-tsig.js +33 -33
  226. package/lib/vendor/blamejs/lib/nis2-report.js +1 -1
  227. package/lib/vendor/blamejs/lib/ntp-check.js +3 -3
  228. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +17 -17
  229. package/lib/vendor/blamejs/lib/observability-tracer.js +6 -6
  230. package/lib/vendor/blamejs/lib/observability.js +8 -8
  231. package/lib/vendor/blamejs/lib/openapi-yaml.js +1 -1
  232. package/lib/vendor/blamejs/lib/openapi.js +1 -1
  233. package/lib/vendor/blamejs/lib/outbox.js +6 -6
  234. package/lib/vendor/blamejs/lib/pqc-agent.js +4 -4
  235. package/lib/vendor/blamejs/lib/pqc-software.js +1 -1
  236. package/lib/vendor/blamejs/lib/privacy-pass.js +5 -5
  237. package/lib/vendor/blamejs/lib/problem-details.js +5 -5
  238. package/lib/vendor/blamejs/lib/promise-pool.js +1 -1
  239. package/lib/vendor/blamejs/lib/protobuf-encoder.js +9 -1
  240. package/lib/vendor/blamejs/lib/queue.js +4 -2
  241. package/lib/vendor/blamejs/lib/redact.js +2 -2
  242. package/lib/vendor/blamejs/lib/request-helpers.js +1 -1
  243. package/lib/vendor/blamejs/lib/router.js +10 -10
  244. package/lib/vendor/blamejs/lib/safe-async.js +2 -2
  245. package/lib/vendor/blamejs/lib/safe-decompress.js +1 -1
  246. package/lib/vendor/blamejs/lib/safe-dns.js +71 -71
  247. package/lib/vendor/blamejs/lib/safe-ical.js +19 -19
  248. package/lib/vendor/blamejs/lib/safe-icap.js +24 -24
  249. package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -2
  250. package/lib/vendor/blamejs/lib/safe-mime.js +10 -10
  251. package/lib/vendor/blamejs/lib/safe-mount-info.js +3 -3
  252. package/lib/vendor/blamejs/lib/safe-redirect.js +1 -1
  253. package/lib/vendor/blamejs/lib/safe-sieve.js +23 -23
  254. package/lib/vendor/blamejs/lib/safe-smtp.js +1 -1
  255. package/lib/vendor/blamejs/lib/safe-url.js +1 -1
  256. package/lib/vendor/blamejs/lib/safe-vcard.js +14 -14
  257. package/lib/vendor/blamejs/lib/sandbox.js +5 -5
  258. package/lib/vendor/blamejs/lib/sec-cyber.js +1 -1
  259. package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +3 -3
  260. package/lib/vendor/blamejs/lib/self-update.js +3 -3
  261. package/lib/vendor/blamejs/lib/server-timing.js +3 -3
  262. package/lib/vendor/blamejs/lib/session-device-binding.js +7 -7
  263. package/lib/vendor/blamejs/lib/session.js +8 -8
  264. package/lib/vendor/blamejs/lib/sse.js +12 -5
  265. package/lib/vendor/blamejs/lib/standard-webhooks.js +4 -4
  266. package/lib/vendor/blamejs/lib/storage.js +2 -2
  267. package/lib/vendor/blamejs/lib/stream-throttle.js +3 -3
  268. package/lib/vendor/blamejs/lib/structured-fields.js +15 -15
  269. package/lib/vendor/blamejs/lib/subject.js +1 -1
  270. package/lib/vendor/blamejs/lib/tcpa-10dlc.js +1 -1
  271. package/lib/vendor/blamejs/lib/tenant-quota.js +3 -3
  272. package/lib/vendor/blamejs/lib/test-harness.js +1 -1
  273. package/lib/vendor/blamejs/lib/tracing.js +1 -1
  274. package/lib/vendor/blamejs/lib/tsa.js +5 -5
  275. package/lib/vendor/blamejs/lib/uri-template.js +5 -5
  276. package/lib/vendor/blamejs/lib/vault/index.js +2 -2
  277. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +4 -4
  278. package/lib/vendor/blamejs/lib/vc.js +2 -2
  279. package/lib/vendor/blamejs/lib/vendor-data.js +1 -1
  280. package/lib/vendor/blamejs/lib/watcher.js +4 -4
  281. package/lib/vendor/blamejs/lib/web-push-vapid.js +21 -21
  282. package/lib/vendor/blamejs/lib/webhook.js +2 -2
  283. package/lib/vendor/blamejs/lib/websocket.js +5 -5
  284. package/lib/vendor/blamejs/lib/worker-pool.js +3 -3
  285. package/lib/vendor/blamejs/lib/ws-client.js +24 -24
  286. package/lib/vendor/blamejs/lib/xml-c14n.js +2 -2
  287. package/lib/vendor/blamejs/package.json +1 -1
  288. package/lib/vendor/blamejs/release-notes/v0.13.x.json +1248 -0
  289. package/lib/vendor/blamejs/release-notes/v0.14.0.json +43 -0
  290. package/lib/vendor/blamejs/release-notes/v0.14.1.json +60 -0
  291. package/lib/vendor/blamejs/release-notes/v0.14.2.json +18 -0
  292. package/lib/vendor/blamejs/release-notes/v0.14.3.json +18 -0
  293. package/lib/vendor/blamejs/release-notes/v0.14.4.json +18 -0
  294. package/lib/vendor/blamejs/release-notes/v0.14.5.json +18 -0
  295. package/lib/vendor/blamejs/test/00-primitives.js +15 -0
  296. package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +22 -0
  297. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +29 -0
  298. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +105 -9
  299. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +15 -0
  300. package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +10 -0
  301. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +12 -0
  302. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +7 -0
  303. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +11 -5
  304. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +34 -0
  305. package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +12 -0
  306. package/package.json +1 -1
  307. package/lib/vendor/blamejs/release-notes/v0.13.0.json +0 -22
  308. package/lib/vendor/blamejs/release-notes/v0.13.1.json +0 -18
  309. package/lib/vendor/blamejs/release-notes/v0.13.10.json +0 -44
  310. package/lib/vendor/blamejs/release-notes/v0.13.11.json +0 -27
  311. package/lib/vendor/blamejs/release-notes/v0.13.12.json +0 -36
  312. package/lib/vendor/blamejs/release-notes/v0.13.13.json +0 -18
  313. package/lib/vendor/blamejs/release-notes/v0.13.14.json +0 -22
  314. package/lib/vendor/blamejs/release-notes/v0.13.15.json +0 -27
  315. package/lib/vendor/blamejs/release-notes/v0.13.16.json +0 -27
  316. package/lib/vendor/blamejs/release-notes/v0.13.17.json +0 -27
  317. package/lib/vendor/blamejs/release-notes/v0.13.18.json +0 -18
  318. package/lib/vendor/blamejs/release-notes/v0.13.19.json +0 -27
  319. package/lib/vendor/blamejs/release-notes/v0.13.2.json +0 -27
  320. package/lib/vendor/blamejs/release-notes/v0.13.20.json +0 -22
  321. package/lib/vendor/blamejs/release-notes/v0.13.21.json +0 -18
  322. package/lib/vendor/blamejs/release-notes/v0.13.22.json +0 -18
  323. package/lib/vendor/blamejs/release-notes/v0.13.23.json +0 -42
  324. package/lib/vendor/blamejs/release-notes/v0.13.24.json +0 -26
  325. package/lib/vendor/blamejs/release-notes/v0.13.25.json +0 -39
  326. package/lib/vendor/blamejs/release-notes/v0.13.26.json +0 -31
  327. package/lib/vendor/blamejs/release-notes/v0.13.27.json +0 -34
  328. package/lib/vendor/blamejs/release-notes/v0.13.28.json +0 -30
  329. package/lib/vendor/blamejs/release-notes/v0.13.29.json +0 -30
  330. package/lib/vendor/blamejs/release-notes/v0.13.3.json +0 -18
  331. package/lib/vendor/blamejs/release-notes/v0.13.30.json +0 -30
  332. package/lib/vendor/blamejs/release-notes/v0.13.31.json +0 -26
  333. package/lib/vendor/blamejs/release-notes/v0.13.32.json +0 -34
  334. package/lib/vendor/blamejs/release-notes/v0.13.33.json +0 -26
  335. package/lib/vendor/blamejs/release-notes/v0.13.34.json +0 -48
  336. package/lib/vendor/blamejs/release-notes/v0.13.35.json +0 -35
  337. package/lib/vendor/blamejs/release-notes/v0.13.36.json +0 -27
  338. package/lib/vendor/blamejs/release-notes/v0.13.37.json +0 -18
  339. package/lib/vendor/blamejs/release-notes/v0.13.38.json +0 -27
  340. package/lib/vendor/blamejs/release-notes/v0.13.39.json +0 -27
  341. package/lib/vendor/blamejs/release-notes/v0.13.4.json +0 -23
  342. package/lib/vendor/blamejs/release-notes/v0.13.40.json +0 -22
  343. package/lib/vendor/blamejs/release-notes/v0.13.41.json +0 -27
  344. package/lib/vendor/blamejs/release-notes/v0.13.42.json +0 -18
  345. package/lib/vendor/blamejs/release-notes/v0.13.43.json +0 -39
  346. package/lib/vendor/blamejs/release-notes/v0.13.44.json +0 -31
  347. package/lib/vendor/blamejs/release-notes/v0.13.45.json +0 -31
  348. package/lib/vendor/blamejs/release-notes/v0.13.46.json +0 -35
  349. package/lib/vendor/blamejs/release-notes/v0.13.5.json +0 -18
  350. package/lib/vendor/blamejs/release-notes/v0.13.6.json +0 -18
  351. package/lib/vendor/blamejs/release-notes/v0.13.7.json +0 -27
  352. package/lib/vendor/blamejs/release-notes/v0.13.8.json +0 -27
  353. package/lib/vendor/blamejs/release-notes/v0.13.9.json +0 -27
@@ -64,7 +64,7 @@ function generateVapidKeypair() {
64
64
  var pubKeyObj = nodeCrypto.createPublicKey(kp.publicKey);
65
65
  var jwk = pubKeyObj.export({ format: "jwk" });
66
66
  var raw = Buffer.concat([
67
- Buffer.from([0x04]), // allow:raw-byte-literal — uncompressed point prefix per SEC1 §2.3.3
67
+ Buffer.from([0x04]), // uncompressed point prefix per SEC1 §2.3.3
68
68
  Buffer.from(jwk.x, "base64url"),
69
69
  Buffer.from(jwk.y, "base64url"),
70
70
  ]);
@@ -153,31 +153,31 @@ function buildVapidAuthHeader(opts) {
153
153
  // node:crypto produces DER-encoded ECDSA signature; JWT ES256
154
154
  // requires the raw 64-byte r||s shape. Convert.
155
155
  var derSig = nodeCrypto.sign("sha256", Buffer.from(signingInput, "utf8"), keyObj);
156
- var rawSig = _ecdsaDerToRaw(derSig, 32); // allow:raw-byte-literal — 32-byte P-256 component
156
+ var rawSig = _ecdsaDerToRaw(derSig, 32); // 32-byte P-256 component
157
157
  var token = signingInput + "." + bCrypto.toBase64Url(rawSig);
158
158
  return "vapid t=" + token + ", k=" + opts.publicKeyB64Url;
159
159
  }
160
160
 
161
161
  function _ecdsaDerToRaw(der, componentLen) {
162
162
  // ECDSA-Sig-Value DER = SEQUENCE { r INTEGER, s INTEGER }.
163
- if (der[0] !== 0x30) { // allow:raw-byte-literal — ASN.1 SEQUENCE tag
163
+ if (der[0] !== 0x30) { // ASN.1 SEQUENCE tag
164
164
  throw new WebPushError("web-push/bad-sig",
165
165
  "ECDSA signature is not a DER SEQUENCE");
166
166
  }
167
167
  var off = 2;
168
- if (der[1] & 0x80) off = 2 + (der[1] & 0x7f); // allow:raw-byte-literal — long-form length byte
169
- if (der[off] !== 0x02) throw new WebPushError("web-push/bad-sig", "missing r INTEGER"); // allow:raw-byte-literal — ASN.1 INTEGER tag
168
+ if (der[1] & 0x80) off = 2 + (der[1] & 0x7f); // long-form length byte
169
+ if (der[off] !== 0x02) throw new WebPushError("web-push/bad-sig", "missing r INTEGER"); // ASN.1 INTEGER tag
170
170
  var rLen = der[off + 1];
171
171
  var rStart = off + 2;
172
172
  var r = der.slice(rStart, rStart + rLen);
173
173
  off = rStart + rLen;
174
- if (der[off] !== 0x02) throw new WebPushError("web-push/bad-sig", "missing s INTEGER"); // allow:raw-byte-literal — ASN.1 INTEGER tag
174
+ if (der[off] !== 0x02) throw new WebPushError("web-push/bad-sig", "missing s INTEGER"); // ASN.1 INTEGER tag
175
175
  var sLen = der[off + 1];
176
176
  var sStart = off + 2;
177
177
  var s = der.slice(sStart, sStart + sLen);
178
178
  // Trim leading zero pad (DER requires it when high bit set; JWT raw doesn't).
179
- if (r.length > componentLen && r[0] === 0x00) r = r.slice(1); // allow:raw-byte-literal — DER sign-bit pad
180
- if (s.length > componentLen && s[0] === 0x00) s = s.slice(1); // allow:raw-byte-literal — DER sign-bit pad
179
+ if (r.length > componentLen && r[0] === 0x00) r = r.slice(1); // DER sign-bit pad
180
+ if (s.length > componentLen && s[0] === 0x00) s = s.slice(1); // DER sign-bit pad
181
181
  var out = Buffer.alloc(componentLen * 2);
182
182
  r.copy(out, componentLen - r.length);
183
183
  s.copy(out, componentLen * 2 - s.length);
@@ -245,12 +245,12 @@ function encrypt(opts) {
245
245
  }
246
246
  // Decode the subscription's p256dh + auth.
247
247
  var recipientPubRaw = Buffer.from(opts.subscription.keys.p256dh, "base64url");
248
- if (recipientPubRaw.length !== 65 || recipientPubRaw[0] !== 0x04) { // allow:raw-byte-literal — uncompressed P-256 point shape per SEC1 §2.3.3
248
+ if (recipientPubRaw.length !== 65 || recipientPubRaw[0] !== 0x04) { // uncompressed P-256 point shape per SEC1 §2.3.3
249
249
  throw new WebPushError("web-push/bad-p256dh",
250
250
  "encrypt: p256dh must be a 65-byte uncompressed P-256 point");
251
251
  }
252
252
  var authSecret = Buffer.from(opts.subscription.keys.auth, "base64url");
253
- if (authSecret.length !== 16) { // allow:raw-byte-literal — RFC 8291 §3.2 auth_secret length
253
+ if (authSecret.length !== 16) { // RFC 8291 §3.2 auth_secret length
254
254
  throw new WebPushError("web-push/bad-auth",
255
255
  "encrypt: auth must be a 16-byte secret (got " + authSecret.length + ")");
256
256
  }
@@ -259,7 +259,7 @@ function encrypt(opts) {
259
259
  ephemeral.generateKeys();
260
260
  var ephemeralPubRaw = ephemeral.getPublicKey(); // uncompressed 65 bytes
261
261
  // ECDH shared secret.
262
- var sharedSecret = ephemeral.computeSecret(recipientPubRaw); // allow:raw-byte-literal — ECDH shared secret (32 bytes per P-256)
262
+ var sharedSecret = ephemeral.computeSecret(recipientPubRaw); // ECDH shared secret (32 bytes per P-256)
263
263
  // RFC 8291 §3.4 two-stage HKDF:
264
264
  // PRK_key = HKDF-Extract(salt=auth_secret, IKM=ECDH_shared)
265
265
  // key_info = "WebPush: info\x00" || ua_public || as_public
@@ -276,23 +276,23 @@ function encrypt(opts) {
276
276
  recipientPubRaw,
277
277
  ephemeralPubRaw,
278
278
  ]);
279
- var ikm = _hkdf(authSecret, sharedSecret, keyInfo, 32); // allow:raw-byte-literal — 256-bit IKM
280
- var salt = nodeCrypto.randomBytes(16); // allow:raw-byte-literal — RFC 8188 §2.2 16-byte salt
281
- var cek = _hkdf(salt, ikm, Buffer.from("Content-Encoding: aes128gcm\x00", "utf8"), 16); // allow:raw-byte-literal — 128-bit AEAD key
282
- var nonce = _hkdf(salt, ikm, Buffer.from("Content-Encoding: nonce\x00", "utf8"), 12); // allow:raw-byte-literal — 96-bit AEAD nonce
279
+ var ikm = _hkdf(authSecret, sharedSecret, keyInfo, 32); // 256-bit IKM
280
+ var salt = nodeCrypto.randomBytes(16); // RFC 8188 §2.2 16-byte salt
281
+ var cek = _hkdf(salt, ikm, Buffer.from("Content-Encoding: aes128gcm\x00", "utf8"), 16); // 128-bit AEAD key
282
+ var nonce = _hkdf(salt, ikm, Buffer.from("Content-Encoding: nonce\x00", "utf8"), 12); // 96-bit AEAD nonce
283
283
  // RFC 8188 §2 padding: plaintext || 0x02 (delimiter for single-record).
284
284
  // RFC 8291 mandates single-record (record_size > plaintext+padding+tag).
285
- var padded = Buffer.concat([plaintext, Buffer.from([0x02])]); // allow:raw-byte-literal — RFC 8188 single-record delimiter
285
+ var padded = Buffer.concat([plaintext, Buffer.from([0x02])]); // RFC 8188 single-record delimiter
286
286
  var cipher = nodeCrypto.createCipheriv("aes-128-gcm", cek, nonce);
287
287
  var ct = Buffer.concat([cipher.update(padded), cipher.final()]);
288
288
  var tag = cipher.getAuthTag();
289
289
  // RFC 8188 §2.1 header: salt(16) || rs(4 big-endian) || idlen(1) || keyid
290
290
  // For RFC 8291 the keyid is the as_public (ephemeral pubkey, 65 bytes).
291
- var rs = padded.length + 16; // allow:raw-byte-literal — record size = plaintext + tag length
292
- var header = Buffer.alloc(16 + 4 + 1); // allow:raw-byte-literal — salt + rs + idlen layout
291
+ var rs = padded.length + 16; // record size = plaintext + tag length
292
+ var header = Buffer.alloc(16 + 4 + 1); // salt + rs + idlen layout
293
293
  salt.copy(header, 0);
294
- header.writeUInt32BE(rs, 16); // allow:raw-byte-literal — salt offset
295
- header[20] = ephemeralPubRaw.length; // allow:raw-byte-literal — rs offset
294
+ header.writeUInt32BE(rs, 16); // salt offset
295
+ header[20] = ephemeralPubRaw.length; // rs offset
296
296
  var body = Buffer.concat([header, ephemeralPubRaw, ct, tag]);
297
297
  var ttlSec = opts.ttlSec || (28 * 24 * 3600); // allow:raw-time-literal — RFC 8030 §5.2 default
298
298
  return {
@@ -309,7 +309,7 @@ function _hkdf(salt, ikm, info, length) {
309
309
  // RFC 5869 HKDF-Extract + Expand using SHA-256 (per RFC 8291 / 8188).
310
310
  var prk = nodeCrypto.createHmac("sha256", salt).update(ikm).digest();
311
311
  // Expand with one-byte counter (length <= 32 always in this use).
312
- var t = Buffer.concat([info, Buffer.from([0x01])]); // allow:raw-byte-literal — HKDF counter start
312
+ var t = Buffer.concat([info, Buffer.from([0x01])]); // HKDF counter start
313
313
  var out = nodeCrypto.createHmac("sha256", prk).update(t).digest();
314
314
  return out.slice(0, length);
315
315
  }
@@ -751,7 +751,7 @@ function _writeError(res, status, code, message) {
751
751
  // b.crypto.timingSafeEqual — never `===`.
752
752
 
753
753
  var STRIPE_HMAC_ALG = "hmac-sha256-stripe";
754
- var STRIPE_SIG_MAX_HEX = 256; // allow:raw-byte-literal — hex-char anti-DoS cap, not bytes
754
+ var STRIPE_SIG_MAX_HEX = 256; // hex-char anti-DoS cap, not bytes
755
755
  var STRIPE_DEFAULT_TOLERANCE_MS = C.TIME.minutes(5); // RFC 3161-ish 5 minute window default
756
756
  var STRIPE_MIN_TOLERANCE_MS = C.TIME.seconds(30); // refuse below 30s
757
757
 
@@ -764,7 +764,7 @@ function _parseStripeSignatureHeader(header) {
764
764
  throw new WebhookError("webhook/bad-stripe-header",
765
765
  "verify: Stripe-Signature header must be a non-empty string");
766
766
  }
767
- if (header.length > 4096) { // allow:raw-byte-literal — anti-DoS header cap
767
+ if (header.length > 4096) { // anti-DoS header cap
768
768
  throw new WebhookError("webhook/bad-stripe-header",
769
769
  "verify: Stripe-Signature header exceeds 4096 bytes");
770
770
  }
@@ -189,9 +189,9 @@ var CLOSE_GRACE_MS = C.TIME.seconds(2);
189
189
  // IANA-registered. 4000..4999 are private-use. Anything else is
190
190
  // invalid.
191
191
  function _isValidCloseCode(code) {
192
- if (code === 1004 || code === 1005 || code === 1006 || code === 1015) return false; // allow:raw-byte-literal — RFC 6455 §7.4.2 reserved codes
193
- if (code >= 1000 && code <= 1011) return true; // allow:raw-byte-literal — RFC 6455 §7.4.2 spec range / allow:raw-time-literal — code is a numeric, not seconds
194
- if (code >= 3000 && code <= 4999) return true; // allow:raw-byte-literal — RFC 6455 §7.4.2 IANA / private range / allow:raw-time-literal — code is a numeric, not seconds
192
+ if (code === 1004 || code === 1005 || code === 1006 || code === 1015) return false; // RFC 6455 §7.4.2 reserved codes
193
+ if (code >= 1000 && code <= 1011) return true; // allow:raw-time-literal — code is a numeric, not seconds
194
+ if (code >= 3000 && code <= 4999) return true; // allow:raw-time-literal — code is a numeric, not seconds
195
195
  return false;
196
196
  }
197
197
 
@@ -1322,7 +1322,7 @@ function handleUpgrade(req, socket, head, opts) {
1322
1322
  // breaking the upgrade in a way that's hard to diagnose; the format
1323
1323
  // check at the top of handleUpgrade catches it loudly. Empty /
1324
1324
  // undefined falls through to the RFC default in computeAcceptKey.
1325
- var GUID_MAX_LENGTH = C.BYTES.bytes(64); // allow:raw-byte-literal — UUID is 36 chars; 64 is a tolerant upper bound for the regex engine.
1325
+ var GUID_MAX_LENGTH = C.BYTES.bytes(64); // UUID is 36 chars; 64 is a tolerant upper bound for the regex engine.
1326
1326
  if (opts.handshakeGuid !== undefined && opts.handshakeGuid !== null) {
1327
1327
  // Length cap before the regex test — UUIDs are exactly 36 chars so
1328
1328
  // a > GUID_MAX_LENGTH input never matches the format and shouldn't
@@ -1341,7 +1341,7 @@ function handleUpgrade(req, socket, head, opts) {
1341
1341
  // consumer would expect for a malformed request.
1342
1342
  var v = validateUpgradeRequest(req, opts);
1343
1343
  if (!v.ok) {
1344
- _refuseUpgrade(socket, v.status || 400, v.reason); // allow:raw-byte-literal — HTTP 400 fallback
1344
+ _refuseUpgrade(socket, v.status || 400, v.reason); // HTTP 400 fallback
1345
1345
  return null;
1346
1346
  }
1347
1347
 
@@ -77,9 +77,9 @@ var { WorkerPoolError } = require("./framework-error");
77
77
  var audit = lazyRequire(function () { return require("./audit"); });
78
78
 
79
79
  var MIN_SIZE = 1;
80
- var MAX_SIZE = 256; // allow:raw-byte-literal — sanity ceiling on worker count, not bytes
81
- var DEFAULT_MAX_QUEUE_DEPTH = 1024; // allow:raw-byte-literal — task-queue depth, not bytes
82
- var MAX_QUEUE_DEPTH_CAP = 1048576; // allow:raw-byte-literal — task-queue depth ceiling, not bytes
80
+ var MAX_SIZE = 256; // sanity ceiling on worker count, not bytes
81
+ var DEFAULT_MAX_QUEUE_DEPTH = 1024; // task-queue depth, not bytes
82
+ var MAX_QUEUE_DEPTH_CAP = 1048576; // task-queue depth ceiling, not bytes
83
83
  var DEFAULT_TASK_TIMEOUT_MS = C.TIME.minutes(5);
84
84
  var MAX_TASK_TIMEOUT_MS = C.TIME.hours(1);
85
85
 
@@ -76,16 +76,16 @@ var DEFAULT_RECONNECT_BASE_MS = C.TIME.seconds(1) / 2;
76
76
  var DEFAULT_RECONNECT_MAX_MS = C.TIME.seconds(30);
77
77
  var DEFAULT_RECONNECT_MAX_ATTEMPTS = 10;
78
78
 
79
- var OPCODE_CONT = 0x00; // allow:raw-byte-literal — RFC 6455 opcode
80
- var OPCODE_TEXT = 0x01; // allow:raw-byte-literal — RFC 6455 opcode
81
- var OPCODE_BINARY = 0x02; // allow:raw-byte-literal — RFC 6455 opcode
82
- var OPCODE_CLOSE = 0x08; // allow:raw-byte-literal — RFC 6455 opcode
83
- var OPCODE_PING = 0x09; // allow:raw-byte-literal — RFC 6455 opcode
84
- var OPCODE_PONG = 0x0A; // allow:raw-byte-literal — RFC 6455 opcode
79
+ var OPCODE_CONT = 0x00; // RFC 6455 opcode
80
+ var OPCODE_TEXT = 0x01; // RFC 6455 opcode
81
+ var OPCODE_BINARY = 0x02; // RFC 6455 opcode
82
+ var OPCODE_CLOSE = 0x08; // RFC 6455 opcode
83
+ var OPCODE_PING = 0x09; // RFC 6455 opcode
84
+ var OPCODE_PONG = 0x0A; // RFC 6455 opcode
85
85
 
86
- var CLOSE_NORMAL = 1000; // allow:raw-byte-literal — RFC 6455 close code
87
- var CLOSE_GOING_AWAY = 1001; // allow:raw-byte-literal — RFC 6455 close code
88
- var CLOSE_ABNORMAL = 1006; // allow:raw-byte-literal — RFC 6455 close code (synthetic — never on wire)
86
+ var CLOSE_NORMAL = 1000; // RFC 6455 close code
87
+ var CLOSE_GOING_AWAY = 1001; // RFC 6455 close code
88
+ var CLOSE_ABNORMAL = 1006; // RFC 6455 close code (synthetic — never on wire)
89
89
 
90
90
  // Permanent vs transient error classifier — used by reconnect logic
91
91
  // so client doesn't hammer the server on credentials / handshake
@@ -360,7 +360,7 @@ class WsClient extends EventEmitter {
360
360
 
361
361
  var parsed = dialParsed;
362
362
  var port = parsed.port ? parseInt(parsed.port, 10) :
363
- (parsed.protocol === "wss:" ? 443 : 80); // allow:raw-byte-literal — TLS / HTTP default port
363
+ (parsed.protocol === "wss:" ? 443 : 80); // TLS / HTTP default port
364
364
  var host = parsed.hostname;
365
365
 
366
366
  function _onError(err) { self._handleSocketError(err); }
@@ -443,7 +443,7 @@ class WsClient extends EventEmitter {
443
443
  "Upgrade: websocket",
444
444
  "Connection: Upgrade",
445
445
  "Sec-WebSocket-Key: " + key,
446
- "Sec-WebSocket-Version: 13", // allow:raw-byte-literal — RFC 6455 §1.9
446
+ "Sec-WebSocket-Version: 13", // RFC 6455 §1.9
447
447
  ];
448
448
  if (opts.origin) {
449
449
  if (safeBuffer.hasCrlf(opts.origin)) {
@@ -510,7 +510,7 @@ class WsClient extends EventEmitter {
510
510
  return;
511
511
  }
512
512
  var status = parseInt(match[1], 10);
513
- if (status !== 101) { // allow:raw-byte-literal — HTTP 101
513
+ if (status !== 101) { // HTTP 101
514
514
  // Body bytes after the header section are the server's
515
515
  // explanation. Surface them on the error so callers can branch
516
516
  // on the status code and inspect the body without re-parsing
@@ -560,7 +560,7 @@ class WsClient extends EventEmitter {
560
560
  this._negotiatedSubprotocol = negotiatedSubprotocol;
561
561
 
562
562
  this._negotiatedDeflate = false;
563
- this._negotiatedWindowBits = 15; // allow:raw-byte-literal — RFC 7692 default windowBits
563
+ this._negotiatedWindowBits = 15; // RFC 7692 default windowBits
564
564
  if (this._opts.permessageDeflate &&
565
565
  (headers["sec-websocket-extensions"] || "").indexOf("permessage-deflate") !== -1) {
566
566
  this._negotiatedDeflate = true;
@@ -572,7 +572,7 @@ class WsClient extends EventEmitter {
572
572
  var smwbMatch = extLine.match(/server_max_window_bits\s*=\s*"?(\d+)"?/); // allow:regex-no-length-cap — bounded by header line + RFC 7692 §7.1
573
573
  if (smwbMatch) {
574
574
  var smwb = parseInt(smwbMatch[1], 10);
575
- if (smwb < 8 || smwb > 15) { // allow:raw-byte-literal — RFC 7692 windowBits range
575
+ if (smwb < 8 || smwb > 15) { // RFC 7692 windowBits range
576
576
  this._handleSocketError(new WsClientError("ws-client/deflate-error",
577
577
  "server_max_window_bits=" + smwb + " is outside RFC 7692 range [8, 15]"));
578
578
  return;
@@ -635,7 +635,7 @@ class WsClient extends EventEmitter {
635
635
  frame.opcode === OPCODE_PONG ||
636
636
  frame.opcode === OPCODE_CLOSE;
637
637
  if (isControl) {
638
- if (frame.payload.length > 125) { // allow:raw-byte-literal — RFC 6455 §5.5 control-frame cap
638
+ if (frame.payload.length > 125) { // RFC 6455 §5.5 control-frame cap
639
639
  this._handleSocketError(new WsClientError("ws-client/control-too-big",
640
640
  "control-frame payload exceeds 125 bytes (RFC 6455 §5.5)"));
641
641
  return;
@@ -665,7 +665,7 @@ class WsClient extends EventEmitter {
665
665
  var code = CLOSE_NORMAL, reason = "";
666
666
  if (frame.payload.length >= 2) {
667
667
  code = frame.payload.readUInt16BE(0);
668
- var reasonBytes = frame.payload.subarray(2); // allow:raw-byte-literal — RFC 6455 close-frame layout
668
+ var reasonBytes = frame.payload.subarray(2); // RFC 6455 close-frame layout
669
669
  try {
670
670
  reason = new TextDecoder("utf-8", { fatal: true }).decode(reasonBytes);
671
671
  } catch (_e) {
@@ -711,7 +711,7 @@ class WsClient extends EventEmitter {
711
711
  if (this._negotiatedDeflate && firstFrameRsv1) {
712
712
  try {
713
713
  var zlib = require("node:zlib"); // allow:inline-require — zlib only on deflate-negotiated path
714
- var compressed = Buffer.concat([fullPayload, Buffer.from([0x00, 0x00, 0xff, 0xff])]); // allow:raw-byte-literal — RFC 7692 §7.2.2 deflate trailer
714
+ var compressed = Buffer.concat([fullPayload, Buffer.from([0x00, 0x00, 0xff, 0xff])]); // RFC 7692 §7.2.2 deflate trailer
715
715
  // Decompression-bomb defense: zlib.inflateRawSync's
716
716
  // `maxOutputLength` aborts the inflate the moment the
717
717
  // output would exceed maxMessageBytes — never decode GBs
@@ -828,26 +828,26 @@ class WsClient extends EventEmitter {
828
828
  // mid-codepoint — to be RFC-safe we truncate at code-point
829
829
  // boundaries.
830
830
  var rb = Buffer.from(reason, "utf8");
831
- if (rb.length > 123) { // allow:raw-byte-literal — RFC 6455 §5.5 (125 - 2)
831
+ if (rb.length > 123) { // RFC 6455 §5.5 (125 - 2)
832
832
  // Truncate at last complete codepoint within 123 bytes. Use a
833
833
  // fatal TextDecoder to validate; back off one byte at a time
834
834
  // until the slice decodes cleanly. Bounded by [123 - 3, 123]
835
835
  // since a single UTF-8 codepoint is at most 4 bytes.
836
836
  var fatal = new TextDecoder("utf-8", { fatal: true });
837
- var truncated = rb.subarray(0, 123); // allow:raw-byte-literal — RFC 6455 §5.5
838
- for (var bi = 0; bi < 4; bi += 1) { // allow:raw-byte-literal — max UTF-8 codepoint width
837
+ var truncated = rb.subarray(0, 123); // RFC 6455 §5.5
838
+ for (var bi = 0; bi < 4; bi += 1) { // max UTF-8 codepoint width
839
839
  try { fatal.decode(truncated); break; }
840
840
  catch (_e) { truncated = truncated.subarray(0, truncated.length - 1); }
841
841
  }
842
842
  rb = truncated;
843
843
  }
844
- var payload = Buffer.alloc(2 + rb.length); // allow:raw-byte-literal — RFC 6455 close-frame layout
844
+ var payload = Buffer.alloc(2 + rb.length); // RFC 6455 close-frame layout
845
845
  payload.writeUInt16BE(code, 0);
846
- rb.copy(payload, 2); // allow:raw-byte-literal — RFC 6455 close-frame layout
846
+ rb.copy(payload, 2); // RFC 6455 close-frame layout
847
847
  this._readyState = "closing";
848
848
  this._sendFrame(OPCODE_CLOSE, payload, { fin: true });
849
849
  var self = this;
850
- setTimeout(function () { self._teardown(code, reason, false); }, 1000).unref(); // allow:raw-byte-literal — graceful close grace window
850
+ setTimeout(function () { self._teardown(code, reason, false); }, 1000).unref(); // graceful close grace window
851
851
  }
852
852
 
853
853
  _teardown(code, reason, willReconnect) {
@@ -921,7 +921,7 @@ class WsClient extends EventEmitter {
921
921
  _scheduleReconnect() {
922
922
  var rOpts = this._opts.reconnectOpts;
923
923
  this._reconnectAttempt += 1;
924
- var attempt = Math.min(this._reconnectAttempt, 30); // allow:raw-byte-literal — clamp 2^attempt overflow
924
+ var attempt = Math.min(this._reconnectAttempt, 30); // clamp 2^attempt overflow
925
925
  var ceiling = Math.min(rOpts.maxMs, rOpts.baseMs * Math.pow(2, attempt - 1));
926
926
  var delay = Math.floor(Math.random() * ceiling); // allow:math-random-noncrypto — backoff jitter, not security
927
927
  var self = this;
@@ -62,7 +62,7 @@ var XmlC14nError = defineClass("XmlC14nError", { alwaysPermanent: true });
62
62
  function _xmlErr(code, message) { return new XmlC14nError(code, message); }
63
63
 
64
64
  var MAX_INPUT_BYTES = 8 * 1024 * 1024; // allow:raw-byte-literal — XML doc cap (8 MiB)
65
- var MAX_DEPTH = 200; // allow:raw-byte-literal — element nesting depth ceiling
65
+ var MAX_DEPTH = 200; // element nesting depth ceiling
66
66
 
67
67
  /**
68
68
  * @primitive b.xmlC14n.parse
@@ -172,7 +172,7 @@ function parse(xml) {
172
172
  if (name.charAt(0) === "#") {
173
173
  var code;
174
174
  if (name.charAt(1) === "x" || name.charAt(1) === "X") {
175
- code = parseInt(name.slice(2), 16); // allow:raw-byte-literal — hex radix
175
+ code = parseInt(name.slice(2), 16); // hex radix
176
176
  } else {
177
177
  code = parseInt(name.slice(1), 10);
178
178
  }
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@blamejs/core",
3
- "version": "0.13.46",
3
+ "version": "0.14.5",
4
4
  "description": "The Node framework that owns its stack.",
5
5
  "license": "Apache-2.0",
6
6
  "author": "blamejs contributors",