@blamejs/blamejs-shop 0.4.101 → 0.4.102
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +55 -51
- package/lib/vendor/blamejs/.gitignore +5 -0
- package/lib/vendor/blamejs/CHANGELOG.md +4 -0
- package/lib/vendor/blamejs/api-snapshot.json +2 -2
- package/lib/vendor/blamejs/lib/sandbox.js +23 -5
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.25.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.15.26.json +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-adverse-decision.test.js +5 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-open-nofollow.test.js +7 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-bucket-ops.test.js +30 -10
- package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-key-encoding.test.js +21 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/bearer-auth.test.js +22 -17
- package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-chunked-malformed.test.js +23 -18
- package/lib/vendor/blamejs/test/layer-0-primitives/breach-deadline.test.js +8 -3
- package/lib/vendor/blamejs/test/layer-0-primitives/ciba-authreqid-binding.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-sanctions.test.js +13 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/cra-report.test.js +5 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/daily-byte-quota.test.js +20 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +8 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.js +34 -15
- package/lib/vendor/blamejs/test/layer-0-primitives/gcs-bucket-ops.test.js +30 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +15 -3
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +41 -18
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +33 -14
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-throttle-transform.test.js +21 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/incident-report.test.js +5 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp.test.js +29 -8
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-imap.test.js +42 -23
- package/lib/vendor/blamejs/test/layer-0-primitives/network-byte-quota.test.js +5 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/network-dns.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-nts-handshake-byte-cap.test.js +20 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/nis2-report.test.js +5 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +22 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/observability-tracing.test.js +8 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/parser-verify-hardening.test.js +21 -16
- package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +5 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-sqs.test.js +31 -11
- package/lib/vendor/blamejs/test/layer-0-primitives/request-id-async-context.test.js +21 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +5 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update-poll-asset-digest.test.js +21 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +29 -10
- package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +51 -33
- package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.js +31 -13
- package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +41 -21
- package/lib/vendor/blamejs/test/layer-0-primitives/testing-request.test.js +25 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-exporter.test.js +30 -6
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool-recycle-race.test.js +10 -6
- package/lib/vendor/blamejs/test/layer-0-primitives/ws-client.test.js +91 -20
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,8 @@ upgrading across more than a few patches at a time.
|
|
|
8
8
|
|
|
9
9
|
## v0.4.x
|
|
10
10
|
|
|
11
|
+
- v0.4.102 (2026-06-25) — **Vendored framework refreshed to 0.15.26.** Updates the vendored blamejs framework to 0.15.26. The substantive upstream change is a worker-thread handle leak fix in the sandbox primitive: b.sandbox.run now awaits the worker's termination before resolving, so repeatedly running sandboxed code in a long-lived process no longer accumulates leaked MessagePort handles that keep the event loop alive and slow graceful shutdown. The follow-up 0.15.26 build is upstream test-harness correctness only and ships a library byte-for-byte identical to 0.15.25. No runtime API changes and no behavior change for this storefront, which does not run untrusted code through the sandbox primitive; no operator action required. **Changed:** *Vendored framework refreshed to 0.15.26* — Refreshes the vendored blamejs framework to 0.15.26. Upstream 0.15.25 fixes a worker-thread MessagePort leak in the sandbox primitive (b.sandbox.run now waits for the worker to terminate before resolving), and 0.15.26 is a test-harness-only build whose shipped library is identical to 0.15.25. There are no runtime API changes; this storefront does not expose the sandbox primitive on any request path, so there is no operator-visible behavior change and no action required.
|
|
12
|
+
|
|
11
13
|
- v0.4.101 (2026-06-25) — **Bulk cart operations now use the same per-line quantity ceiling as a normal add-to-cart, so a large line is no longer un-bulk-addable or silently reduced.** The cart enforces a per-line quantity ceiling on every add-to-cart. The bulk-operations surface (bulk add and reorder) carried its own copy of that ceiling that had drifted ten times lower than the cart's. The mismatch meant a line legitimately built up to the cart's ceiling through normal add-to-cart could not be added to in bulk (the whole bulk batch was rejected), and a reorder of such a line silently clamped its quantity down instead of preserving it. Bulk operations now source the ceiling directly from the cart primitive, so the two always agree: the same quantity that add-to-cart accepts is accepted in bulk, and a reorder no longer quietly reduces a line. No configuration changes. **Fixed:** *Bulk add and reorder share the cart's per-line quantity ceiling* — Bulk cart operations validated and clamped line quantities against their own ceiling, which was ten times lower than the one the cart applies on a normal add-to-cart. As a result a line whose quantity was legitimately built up to the cart's ceiling could not be bulk-added to — the entire batch was refused — and a reorder of that line silently clamped its quantity down rather than keeping it. The bulk surface now reads the ceiling from the cart primitive itself, so bulk add accepts exactly what add-to-cart accepts and a reorder preserves a line's quantity instead of reducing it.
|
|
12
14
|
|
|
13
15
|
- v0.4.100 (2026-06-25) — **A coupon-stacking policy is now enforced at checkout, so two code-gated discounts can no longer combine past a policy that forbids it.** The coupon-stacking policy surface decides which discount codes may combine on one order — whether codes stack at all, a per-order code cap, and codes that are exclusive of everything else. That policy was applied in the admin surface but never on the buy path: checkout summed every code-gated rule a shopper had unlocked, so an operator who authored a policy forbidding combination still had it ignored on the charged price, and a customer could stack two codes the policy said could not combine. Checkout now consults the stacking policy before the discount engine sums anything: when an active policy governs the cart, the presented codes are narrowed to the policy-approved subset (honoring the non-combinable, over-cap, and exclusive-code rules) and only that subset unlocks discounts. Governance is opt-in — with no active policy the presented codes pass through exactly as before, so carts that never used stacking policies are unaffected. Operators who offer multiple combinable codes and want them to keep stacking should define a policy with allow_combine.with_other_codes enabled. **Fixed:** *Code-gated discounts now honor the coupon-stacking policy at checkout* — Checkout resolved automatic discounts by summing every rule a shopper's presented codes unlocked, with no consultation of the coupon-stacking policy — so a policy that forbade combining codes, capped the number of codes per order, or marked a code exclusive was enforced only in the admin surface, never on the price the customer was actually charged. Checkout now evaluates the stacking policy first: when an active policy governs the cart, the presented codes are reduced to the policy-approved subset before any discount is computed, so non-combinable, over-cap, and exclusive-code rules hold on the charged total. When no stacking policy is active the codes are left untouched, so existing carts that don't use stacking policies see no change; to keep multiple codes combining, define a policy with allow_combine.with_other_codes enabled.
|
package/lib/asset-manifest.json
CHANGED
package/lib/vendor/MANIFEST.json
CHANGED
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
"_about": "blamejs.shop vendors a single framework — blamejs — which itself bundles every server-side crypto/identity dependency. The transitive packages blamejs ships are surfaced in its own MANIFEST.json at lib/vendor/blamejs/lib/vendor/MANIFEST.json — Trivy / Grype rely on that nested data for CVE attribution.",
|
|
4
4
|
"packages": {
|
|
5
5
|
"blamejs": {
|
|
6
|
-
"version": "0.15.
|
|
7
|
-
"tag": "v0.15.
|
|
6
|
+
"version": "0.15.26",
|
|
7
|
+
"tag": "v0.15.26",
|
|
8
8
|
"license": "Apache-2.0",
|
|
9
9
|
"author": "blamejs contributors",
|
|
10
10
|
"source": "https://github.com/blamejs/blamejs",
|
|
@@ -846,6 +846,8 @@
|
|
|
846
846
|
"release-notes/v0.15.22.json": "lib/vendor/blamejs/release-notes/v0.15.22.json",
|
|
847
847
|
"release-notes/v0.15.23.json": "lib/vendor/blamejs/release-notes/v0.15.23.json",
|
|
848
848
|
"release-notes/v0.15.24.json": "lib/vendor/blamejs/release-notes/v0.15.24.json",
|
|
849
|
+
"release-notes/v0.15.25.json": "lib/vendor/blamejs/release-notes/v0.15.25.json",
|
|
850
|
+
"release-notes/v0.15.26.json": "lib/vendor/blamejs/release-notes/v0.15.26.json",
|
|
849
851
|
"release-notes/v0.15.3.json": "lib/vendor/blamejs/release-notes/v0.15.3.json",
|
|
850
852
|
"release-notes/v0.15.4.json": "lib/vendor/blamejs/release-notes/v0.15.4.json",
|
|
851
853
|
"release-notes/v0.15.5.json": "lib/vendor/blamejs/release-notes/v0.15.5.json",
|
|
@@ -1549,13 +1551,13 @@
|
|
|
1549
1551
|
".github/workflows/scorecard.yml": "sha256:0395433ffddc1abbac5dad5f8251ddddb6a9ac2c03f65cb2b8d7f84253825004",
|
|
1550
1552
|
".github/workflows/sha-to-tag-verify.yml": "sha256:6ed546bdb518514c79a69aa9afe87c92903a8663afb57d4d07b5e81fbda8b844",
|
|
1551
1553
|
".github/zizmor.yml": "sha256:fe08e66c5763dfb4edf1ea33e715f04e514b1baceb3a242241d8a60793db51d2",
|
|
1552
|
-
".gitignore": "sha256:
|
|
1554
|
+
".gitignore": "sha256:6303d66bf2ffd8e88fca920dd10ddeb87192928898e65f34ddad14156a4c8b69",
|
|
1553
1555
|
".gitleaks.toml": "sha256:e97869021bc744236bd882a2af070eebbbc95d211336c60bf179f6521d6ed96b",
|
|
1554
1556
|
".hadolint.yaml": "sha256:46a4fbc587c8e5998430788339cc3f2be8d1014a0466a0781eb2e51e31c6dd32",
|
|
1555
1557
|
".npmrc": "sha256:66f104e7d07c496d2d0409988225e8c0e4ceb8d247dbcac3be75b2128d20ce66",
|
|
1556
1558
|
".pinact.yaml": "sha256:0213ffda55961dc49b64c0a5dfa3c0567419633b1499d57eaf7c8d842d7da6c7",
|
|
1557
1559
|
"ARCHITECTURE.md": "sha256:9b1c8d2b1b7a41838eb348b0a008e4b4369718fd72bfe2974b37155f7536d35b",
|
|
1558
|
-
"CHANGELOG.md": "sha256:
|
|
1560
|
+
"CHANGELOG.md": "sha256:a7808b6f3dc20b1081799bf24a1aa0510e937982e76726875354e2e28d78165f",
|
|
1559
1561
|
"CODE_OF_CONDUCT.md": "sha256:148a281960fff7c2fe6554dab66da572c72245ddeb00b0d14811558397bff386",
|
|
1560
1562
|
"CONTRIBUTING.md": "sha256:bb4dbdbc8598da31dbce653a8ed322e08ff46560173f2eb67a4d684653948332",
|
|
1561
1563
|
"GOVERNANCE.md": "sha256:906df6afb1f552b27b9acb50f7f96c47b917a2f1021cd4e987dbf4ee0e0a821b",
|
|
@@ -1565,7 +1567,7 @@
|
|
|
1565
1567
|
"NOTICE": "sha256:f487fa47a11aca0f89e2615cdd3c713e9842abf7a30d8d328eeeae1c864aa774",
|
|
1566
1568
|
"README.md": "sha256:3ddcc197b003da0b02db8bdd1aef1e943c94f7eab613c633d6a45bb11d0a80e9",
|
|
1567
1569
|
"SECURITY.md": "sha256:77d8c2bcc04b425a08ef30e51204cebddbd48954b028a259c7a8412dbfeab40a",
|
|
1568
|
-
"api-snapshot.json": "sha256:
|
|
1570
|
+
"api-snapshot.json": "sha256:d9fb755995449f8e89767fff95c2558a412f8b54d2b3bf188b2d126cb253de1b",
|
|
1569
1571
|
"assets/BlameJS_Logo.png": "sha256:3c65699753c771b48ef9ac7f45bb40815ec19a23afcdd0cd30ef4601bbbe293e",
|
|
1570
1572
|
"assets/BlameJS_Logo.svg": "sha256:dda44f3fb1343d5de9db6b1fcdb75fc649c57e7a99a8e8239fcf852e3841e1a8",
|
|
1571
1573
|
"bench/README.md": "sha256:74202f2507fd840bfc1ac6c681975d9273cf36cca6e0f72655f138337304033c",
|
|
@@ -2260,7 +2262,7 @@
|
|
|
2260
2262
|
"lib/safe-url.js": "sha256:36e3d2c72e7adc5c90cce7f80e469cf50451ccadd3791a1e3aa406754a4ce6e1",
|
|
2261
2263
|
"lib/safe-vcard.js": "sha256:be2964d302b9317206fab1740ebbd0acff00258b138810aa6d64ad6cc1797ce5",
|
|
2262
2264
|
"lib/sandbox-worker.js": "sha256:eefe4e76b2a736208f2e2e90347fc1ff2c2018a98e06bca3103aeb6f96298c6b",
|
|
2263
|
-
"lib/sandbox.js": "sha256:
|
|
2265
|
+
"lib/sandbox.js": "sha256:6b3a16b248864f090b172481d008009e47e7a1db7506b552e2ca460bff27ddea",
|
|
2264
2266
|
"lib/scheduler.js": "sha256:1e7ddf15a27776c738dc8112a3ef1c8fcc616f1c6f909ec2d549d3c96cdd9c80",
|
|
2265
2267
|
"lib/scitt.js": "sha256:c094cef31630aed5dc7adbf494701ab0a825c79a4e406277cbc757ce54bfec9f",
|
|
2266
2268
|
"lib/sd-notify.js": "sha256:2ef7395bbdab2ac4eb96083c57d401921c94278545f14427fc88cdd970bdb9eb",
|
|
@@ -2336,7 +2338,7 @@
|
|
|
2336
2338
|
"oss-fuzz/projects/blamejs/README.md": "sha256:ae13b7bb79ed8d69b1b3276e5562807a0349fb6e6b7d11cf1f683aad1eafdb4b",
|
|
2337
2339
|
"oss-fuzz/projects/blamejs/build.sh": "sha256:0ced1cf21782c97be7f8d74faf5e27a308b60b2f858836fb5ca3b8c4e939a8f7",
|
|
2338
2340
|
"oss-fuzz/projects/blamejs/project.yaml": "sha256:59f2cb83aa622325a175b77416fe155be15b70a9c798bd1a78bba05763b1b03d",
|
|
2339
|
-
"package.json": "sha256:
|
|
2341
|
+
"package.json": "sha256:f60598f0d5032b4095c52904551c1cb09a3d4e42113f102f5efb92f0de2aba61",
|
|
2340
2342
|
"release-notes/v0.0.x.json": "sha256:7a49819f30068ee119000cad7010194882bb8bfaa12acbdab4dfc066efb7982f",
|
|
2341
2343
|
"release-notes/v0.1.x.json": "sha256:6742a8c17f947c5cb76f69dead7eea86b942d80621d914b774ba5488e09937e5",
|
|
2342
2344
|
"release-notes/v0.10.x.json": "sha256:fe498045daf88337bd3d987e5964aa42c99a50e1685b6f09e51f698b8687726f",
|
|
@@ -2362,6 +2364,8 @@
|
|
|
2362
2364
|
"release-notes/v0.15.22.json": "sha256:3e794d767699e38d06ac3566117009e104fde8623f64ffd8f7ce682105d25341",
|
|
2363
2365
|
"release-notes/v0.15.23.json": "sha256:bb25738ab9701fb90a287e0b0370fe28f06396481664922450d1178c2a191b19",
|
|
2364
2366
|
"release-notes/v0.15.24.json": "sha256:748b633f90de8f41b4f26f7ab8f3c31baaa0acd3d9ece2b44f0308724c8765a1",
|
|
2367
|
+
"release-notes/v0.15.25.json": "sha256:6f7c4eb0d57068317bfb68f739d93b5926f9723a57a0701c966b0f96eb46ed69",
|
|
2368
|
+
"release-notes/v0.15.26.json": "sha256:a96b1c7409f863b5a920f51a92b653d5f7a0b671e000bb5dfc2e9bf47e4120dc",
|
|
2365
2369
|
"release-notes/v0.15.3.json": "sha256:19a0074c445545468ca3cc411b21ec8bdb27be2669ae1950347cc244f6aa348c",
|
|
2366
2370
|
"release-notes/v0.15.4.json": "sha256:6ac7fa0ef1728c27e71b2050d1b07a810f9b4b1440ccddbf28ad56e2f54d8585",
|
|
2367
2371
|
"release-notes/v0.15.5.json": "sha256:cca1d0edd5d6fc41b512d19d98be224b990dcab41478622c11962f0fcb1bb09a",
|
|
@@ -2490,7 +2494,7 @@
|
|
|
2490
2494
|
"test/layer-0-primitives/agent-stream.test.js": "sha256:b15137740134a5f34954d3454faaac937e62477bac83b472198166946ef13d7c",
|
|
2491
2495
|
"test/layer-0-primitives/agent-tenant.test.js": "sha256:9d9ded67d6382a12cde6ac79a0ba1326ca68f6bff3e227379b1d2033aa45162e",
|
|
2492
2496
|
"test/layer-0-primitives/agent-trace.test.js": "sha256:f5841d26af5cb226bcdeae984e16dae642e913108931f66689ff263020288e08",
|
|
2493
|
-
"test/layer-0-primitives/ai-adverse-decision.test.js": "sha256:
|
|
2497
|
+
"test/layer-0-primitives/ai-adverse-decision.test.js": "sha256:f5856a40abb1a893af4042e13b75d44dc621e94d81cdb15272340f07e4cdf94e",
|
|
2494
2498
|
"test/layer-0-primitives/ai-aedt-bias-audit.test.js": "sha256:8f2f5860483e8d76e8077390275bc21dfeeb8005056f3b7d0ca94c9894e9c915",
|
|
2495
2499
|
"test/layer-0-primitives/ai-capability.test.js": "sha256:6b44350737106d3b88cedbe4ae1ae47d70418d854c78b3e6897bc8973778a8f2",
|
|
2496
2500
|
"test/layer-0-primitives/ai-content-detect.test.js": "sha256:e1913578882be6872a51a8401b5fea09d10773261943b121c5d8673f74920439",
|
|
@@ -2524,7 +2528,7 @@
|
|
|
2524
2528
|
"test/layer-0-primitives/atomic-file-fd-read-errorfor-bypass.test.js": "sha256:622d809e14d932f0fafdb62f61f1357d6a118fe8076365ccab3077edc47b257b",
|
|
2525
2529
|
"test/layer-0-primitives/atomic-file-fd-read.test.js": "sha256:f94032960507df635acb5676022b13bfe284ba383f2c301f773a74e9876ecb08",
|
|
2526
2530
|
"test/layer-0-primitives/atomic-file-open-append-nofollow.test.js": "sha256:39dc85cd84fba390d13ccb2f9cbe8f0e17bb9f24048550706e1bd456711abb82",
|
|
2527
|
-
"test/layer-0-primitives/atomic-file-open-nofollow.test.js": "sha256:
|
|
2531
|
+
"test/layer-0-primitives/atomic-file-open-nofollow.test.js": "sha256:1441159259359ec3f3a24b8658e6bf26819a41eb6e4799797fc6fd330170f1bc",
|
|
2528
2532
|
"test/layer-0-primitives/atomic-file-rename-retry.test.js": "sha256:4669ec79347c38427d4d2229a884d705c1deddb3a88e2b55376a3420ae0c7f4c",
|
|
2529
2533
|
"test/layer-0-primitives/atomic-file-write-excl.test.js": "sha256:80890106b36b988f77df2f124ae6762e9fba94220a2daf4ace92f8dd6f891190",
|
|
2530
2534
|
"test/layer-0-primitives/atomic-file-write-stream.test.js": "sha256:2276cecd48daa8cd9bdc2f6ec14cc239340f5469b18fbe6bafcdb9aba01f1ac4",
|
|
@@ -2553,8 +2557,8 @@
|
|
|
2553
2557
|
"test/layer-0-primitives/auth-lockout.test.js": "sha256:cf409719531f9a4ae43cdf1cb6cd697702d5b729d05fbcc48aa15e28692402fb",
|
|
2554
2558
|
"test/layer-0-primitives/auth-password-audit.test.js": "sha256:9f7152a245d1ba88418402aa6a7e54f4c217f7707e2962998edb1e26d34e067d",
|
|
2555
2559
|
"test/layer-0-primitives/auth-status-list.test.js": "sha256:3a8e24e3d32028e3690c940459f113271980882672f5615e2cfc05e91ef31c83",
|
|
2556
|
-
"test/layer-0-primitives/azure-blob-bucket-ops.test.js": "sha256:
|
|
2557
|
-
"test/layer-0-primitives/azure-blob-key-encoding.test.js": "sha256:
|
|
2560
|
+
"test/layer-0-primitives/azure-blob-bucket-ops.test.js": "sha256:151f8fb1911b9232038ebb537dd8e51fe3d53e5d56b23f7c9ffc92f76659dacf",
|
|
2561
|
+
"test/layer-0-primitives/azure-blob-key-encoding.test.js": "sha256:7922a2982628f3c6fa075ac395702477101d006aac07fabef703502aed3e2bcb",
|
|
2558
2562
|
"test/layer-0-primitives/backup-bundle-info.test.js": "sha256:cc81d71bc7069171757ca6f72622acbf38fbc7348ce385e270321349e143410b",
|
|
2559
2563
|
"test/layer-0-primitives/backup-clone-bundle.test.js": "sha256:b6f8dd251177e1d5cc7d4b764fa66597140d9060a0226b0a082ded3f864b0e56",
|
|
2560
2564
|
"test/layer-0-primitives/backup-find-bundles.test.js": "sha256:bf34b6a1b92415187a537813d9ca83a0a934999012610f7d403867f2f4a82c98",
|
|
@@ -2569,14 +2573,14 @@
|
|
|
2569
2573
|
"test/layer-0-primitives/backup-verify-bundle.test.js": "sha256:70f51afe534d8926699bc10d951359a699ac4d318161e897653c504dc3da13c3",
|
|
2570
2574
|
"test/layer-0-primitives/backup-worker.test.js": "sha256:6fe1414413b6f2f3185280387e43de969894f8e0b1a4e9240cf1ac3067d73723",
|
|
2571
2575
|
"test/layer-0-primitives/base32.test.js": "sha256:1eeb10fedeb4fc06fbd187a9979c3e9911eabf8ad30102ff31dc4331acaaa9e4",
|
|
2572
|
-
"test/layer-0-primitives/bearer-auth.test.js": "sha256:
|
|
2573
|
-
"test/layer-0-primitives/body-parser-chunked-malformed.test.js": "sha256:
|
|
2576
|
+
"test/layer-0-primitives/bearer-auth.test.js": "sha256:06d496e02c1ae633a29cd645e1e5cedb7afbe43e8c80704f1c0b055819aba558",
|
|
2577
|
+
"test/layer-0-primitives/body-parser-chunked-malformed.test.js": "sha256:6129a3242a7fca39076267abbada19a87c9520321ac32dfa3483ac9d8929f1fd",
|
|
2574
2578
|
"test/layer-0-primitives/body-parser-error-redaction.test.js": "sha256:ea6fa8c2df77cf47d2616bdfd69eb4de27d6e40e7dade99ba663567b4788dccc",
|
|
2575
2579
|
"test/layer-0-primitives/body-parser-smuggling.test.js": "sha256:6b4e076b5d63fe073a01719c45f7ccf2507c5f550c45c0c654526bab3c11b646",
|
|
2576
2580
|
"test/layer-0-primitives/boot-gates.test.js": "sha256:5374aa402ce494f0f14a2bd6cb485acdd04403834cdc16435cad959f5236e09c",
|
|
2577
2581
|
"test/layer-0-primitives/bot-guard.test.js": "sha256:3f5fde2fbd0524daa14abbc3f707f009946337dcff6609deec54a65a619669d5",
|
|
2578
2582
|
"test/layer-0-primitives/bounded-map.test.js": "sha256:ed4f8e744f6b8bd52295feb2dc4dd9cc7a7c67855595d5064ec62f4eda548ce8",
|
|
2579
|
-
"test/layer-0-primitives/breach-deadline.test.js": "sha256:
|
|
2583
|
+
"test/layer-0-primitives/breach-deadline.test.js": "sha256:5927e7bddccd93859d4d0f238cba60d018cd17fe9914e7c603eeb6a58f43f077",
|
|
2580
2584
|
"test/layer-0-primitives/break-glass.test.js": "sha256:b276492840e8ccf2e2d908aa3c2c5e06e59917d900059dbae30ef23974063d74",
|
|
2581
2585
|
"test/layer-0-primitives/budr.test.js": "sha256:4523567996cafcdd78c79b55d98a5a39eaaee5d6efe0720cbc7999e1ed3f5acb",
|
|
2582
2586
|
"test/layer-0-primitives/bundler-engine.test.js": "sha256:bbeae0806067f5e744103f3ecb1a67c32a9026cbfdda91d685e8bb32b44822bc",
|
|
@@ -2589,7 +2593,7 @@
|
|
|
2589
2593
|
"test/layer-0-primitives/cdn-cache-control.test.js": "sha256:25cbc2647ea4df15d24814b33141fe3f13aaa1a019b049eb3e3737228eb9d493",
|
|
2590
2594
|
"test/layer-0-primitives/cert.test.js": "sha256:a96976ab27310bb061fef43d091300541b33d90a070d6e8861a29ab3369965f4",
|
|
2591
2595
|
"test/layer-0-primitives/chain-writer-multichain.test.js": "sha256:0b5b0b46dd93a6c4e562ed2e54248b34ab3d8a2dbe773874817d5fa7d93841f7",
|
|
2592
|
-
"test/layer-0-primitives/ciba-authreqid-binding.test.js": "sha256:
|
|
2596
|
+
"test/layer-0-primitives/ciba-authreqid-binding.test.js": "sha256:9f78470482cd37a03df4bc3024453c891c100869d5fe42f9e2de1ebe96b4ce8c",
|
|
2593
2597
|
"test/layer-0-primitives/clear-site-data.test.js": "sha256:e4d12d03239d4162bdb755648a353e4af2f5c97df79661c90ffeb7b8734f1587",
|
|
2594
2598
|
"test/layer-0-primitives/cli-api-key.test.js": "sha256:42cdf225829fb90018bbe34cd96d5527d45c05093503ed243e59aafeea09677f",
|
|
2595
2599
|
"test/layer-0-primitives/cli-audit-verify-chain.test.js": "sha256:52d18ab08f5a65458ca72c66ef2c4067f84d329153b21bbb1417e2bfe600f071",
|
|
@@ -2609,13 +2613,13 @@
|
|
|
2609
2613
|
"test/layer-0-primitives/cluster-storage.test.js": "sha256:238b3b3db0eba3e6312a863710533178f566347b90e161e564481aa826707647",
|
|
2610
2614
|
"test/layer-0-primitives/cluster-vault-rotation.test.js": "sha256:3514e9e71d6c39e805248f58ad2f41528d091e196c0f3766a032675677161b2d",
|
|
2611
2615
|
"test/layer-0-primitives/cms-codec.test.js": "sha256:7e46078ed82be5b69d22c48f22dba37ea5015371c2a8cf5f94fb1a792fb7bb78",
|
|
2612
|
-
"test/layer-0-primitives/codebase-patterns.test.js": "sha256:
|
|
2616
|
+
"test/layer-0-primitives/codebase-patterns.test.js": "sha256:59c479be996fdec3635bbc75d05f4c8582043fbb026e2e67085f19b6b9412cce",
|
|
2613
2617
|
"test/layer-0-primitives/codepoint-class.test.js": "sha256:19d1b69efa7e0e9f7ef2392ca264167767a5ec5890ee339b2cfd8a7818035d27",
|
|
2614
2618
|
"test/layer-0-primitives/compliance-ai-act.test.js": "sha256:5ee4ad05d12233cb3c5457ef10a727833710bbc1ce1318838f9f9ef5d2cb8d4b",
|
|
2615
2619
|
"test/layer-0-primitives/compliance-cascade.test.js": "sha256:ee02cf14541a837a9d7977c6ea6bf7f9210bed293925d93c976e31f270aebec4",
|
|
2616
2620
|
"test/layer-0-primitives/compliance-eaa.test.js": "sha256:8afb3fa66f3f9452592995e77f5e0644d8c82de2321c551c6f5be6002b2c27a4",
|
|
2617
2621
|
"test/layer-0-primitives/compliance-eu-ai-act-posture.test.js": "sha256:3f45bb76ef390b7cc4396a37153d48f0f9465c5abc59851f0971fcc40c28dcea",
|
|
2618
|
-
"test/layer-0-primitives/compliance-sanctions.test.js": "sha256:
|
|
2622
|
+
"test/layer-0-primitives/compliance-sanctions.test.js": "sha256:e4cb4e7b73cb0834958c1c18c9d3bb70087ee784216a888991dbe41b518b87f0",
|
|
2619
2623
|
"test/layer-0-primitives/compliance.test.js": "sha256:d743b6e2df985daed1df4a7808e7e5bf91207d5909f5bd7d8f882e0c27dcfe1b",
|
|
2620
2624
|
"test/layer-0-primitives/compression-range.test.js": "sha256:8fecdd7aef1d8bb41375b4ee6fce6767bbb7233398bca4a2ca4bc9147316b3fc",
|
|
2621
2625
|
"test/layer-0-primitives/config-drift.test.js": "sha256:c6386ba904744c7a46c10c44ee5c098d94a0c962ff7f77b19df503bccee47093",
|
|
@@ -2625,7 +2629,7 @@
|
|
|
2625
2629
|
"test/layer-0-primitives/content-digest.test.js": "sha256:0f14ec0e04ba0ae462fedcffb2c092eba55d1b036d975f88906b8eef2271c66a",
|
|
2626
2630
|
"test/layer-0-primitives/cors.test.js": "sha256:99f90e19470a45ab1ce733450e3ceb010175a76d5c414889e0393245829c0860",
|
|
2627
2631
|
"test/layer-0-primitives/cose.test.js": "sha256:70940306703c96d6a9c7f77f35625257b3f578c98a0650af6761cd21916dff97",
|
|
2628
|
-
"test/layer-0-primitives/cra-report.test.js": "sha256:
|
|
2632
|
+
"test/layer-0-primitives/cra-report.test.js": "sha256:c1bf76b9063d25149a6fe265e222965711a55ba6e527bc8defcd01d8b0a42f63",
|
|
2629
2633
|
"test/layer-0-primitives/crdt.test.js": "sha256:b9259d8ba12e5e8feb2f982c8357ec7b0254f0f5276754af7e807c427bbe49b0",
|
|
2630
2634
|
"test/layer-0-primitives/credential-hash.test.js": "sha256:cab340489726da55b986f7d92f1e0784da45917387179524e6ce914b125669f8",
|
|
2631
2635
|
"test/layer-0-primitives/crypto-base64url.test.js": "sha256:2e3168b1f16ad4d85209312c6f1c742df1369b6fc96515034dba847391ff30a8",
|
|
@@ -2654,7 +2658,7 @@
|
|
|
2654
2658
|
"test/layer-0-primitives/csv.test.js": "sha256:6a9ed5a3fc6fd315261ad0bf7788047de5323fe09c36bb52d6e599a761b18085",
|
|
2655
2659
|
"test/layer-0-primitives/cwt.test.js": "sha256:1e642b69cbd6a5b33b7755df3a17d5cecfb96e071560e4b384437ce05ab25e4d",
|
|
2656
2660
|
"test/layer-0-primitives/daemon.test.js": "sha256:a118c7a6d738115ea4590ef1d639e4c06f139732bcaf8545d649452dfdb3979e",
|
|
2657
|
-
"test/layer-0-primitives/daily-byte-quota.test.js": "sha256:
|
|
2661
|
+
"test/layer-0-primitives/daily-byte-quota.test.js": "sha256:c4683ef74d205ba8ebabf3c9f0ce60d0e86824cf0c8a0f23c1e6b8c5b5b70f23",
|
|
2658
2662
|
"test/layer-0-primitives/dane.test.js": "sha256:59d01acff1a81f0d691ecb28920f5c22e30ef416bf84a52c853c1a00e64cf783",
|
|
2659
2663
|
"test/layer-0-primitives/dark-patterns.test.js": "sha256:ed42e18923529538af882a0daee52fda31b877680d5c4806eecbc71baf1e7278",
|
|
2660
2664
|
"test/layer-0-primitives/data-act.test.js": "sha256:07610838be7c2529b9e903771610dcb23f6ccf9027a4df21b195863aed30e84c",
|
|
@@ -2691,7 +2695,7 @@
|
|
|
2691
2695
|
"test/layer-0-primitives/dr-runbook.test.js": "sha256:9665caaa90f356d0237e0e6c6889c56a3467b20c7eaf78d2e2afa51c4b3af2cb",
|
|
2692
2696
|
"test/layer-0-primitives/dsa.test.js": "sha256:2cdbdd29b9c58d738920bb4f82f73492eab56e7d7f8111f1cdb14838de3a3ab3",
|
|
2693
2697
|
"test/layer-0-primitives/dsr-state-rules.test.js": "sha256:0ddc7fd6d5d3f8817d8f4aad7bb66c6bf6e64eafe61fdedaafa8f60957d20bd0",
|
|
2694
|
-
"test/layer-0-primitives/dsr.test.js": "sha256:
|
|
2698
|
+
"test/layer-0-primitives/dsr.test.js": "sha256:e930c1cd058ac8de7280fd7e9a27373bf5d971ebe4e9133726c8f615811cd7c0",
|
|
2695
2699
|
"test/layer-0-primitives/dual-control.test.js": "sha256:2d9255f96bddbb45d75182ef826a355536e40caeb5864483c56eaf5ba3c7e0ac",
|
|
2696
2700
|
"test/layer-0-primitives/early-hints.test.js": "sha256:9827c66c7558ebeb39a448ec69129517a517d440865ac5341afcbc7c1047e085",
|
|
2697
2701
|
"test/layer-0-primitives/eat.test.js": "sha256:6f0b0180f659b008a6a86f9af4f8674e2ddb98d00408e10d52d03291bda96f6e",
|
|
@@ -2710,20 +2714,20 @@
|
|
|
2710
2714
|
"test/layer-0-primitives/federation-vc-suite.test.js": "sha256:8d76e5800e5625db3eef4a37e3fafa3cb258c3d830f2ee90a4a051f87f050341",
|
|
2711
2715
|
"test/layer-0-primitives/fetch-metadata.test.js": "sha256:9b99953d3f1556b05597e30f65ba32d77f65a5a336e4de32fbbd2dfcec054b16",
|
|
2712
2716
|
"test/layer-0-primitives/fido-mds3-cert-bad-validity.test.js": "sha256:8c553ff60d8c8f6bea27bd54552401ff097c57c44a7eb2f498ec9519dc4c593c",
|
|
2713
|
-
"test/layer-0-primitives/fido-mds3.test.js": "sha256:
|
|
2717
|
+
"test/layer-0-primitives/fido-mds3.test.js": "sha256:91893e57258f91386ea3baedf8727dac08b5c75725a74b74ecdfbc5d99bb4adc",
|
|
2714
2718
|
"test/layer-0-primitives/file-type.test.js": "sha256:ba6bb725857cbf7b165f4391e3aa126c9fc4286c5afb92d1964ff1d0dfd2b57c",
|
|
2715
2719
|
"test/layer-0-primitives/file-upload-content-safety-skip-audit.test.js": "sha256:ad13f7f84a33899b4f4e66b74c896f606e070bfe5df769b0acd109cfb7ab38c7",
|
|
2716
2720
|
"test/layer-0-primitives/flag.test.js": "sha256:8b58826342b8c28d90e11e4cfe1a7e266c2296615a90558221cad12e9f6ecb4e",
|
|
2717
2721
|
"test/layer-0-primitives/forensic-snapshot.test.js": "sha256:629a8af1ccd0396e2b30f8e46d76fe19eab9f33c156c0db78e3e76649e21030c",
|
|
2718
2722
|
"test/layer-0-primitives/fsm.test.js": "sha256:7037831083426478ed4efd7d1c17d4b96c3609816a41819b5c9da71d2b6187e8",
|
|
2719
2723
|
"test/layer-0-primitives/gate-contract-content-gate.test.js": "sha256:d9f8b94231efb0e02a94b7934bf58a3f8e343829ce11346b7302e69e13efd551",
|
|
2720
|
-
"test/layer-0-primitives/gcs-bucket-ops.test.js": "sha256:
|
|
2724
|
+
"test/layer-0-primitives/gcs-bucket-ops.test.js": "sha256:c1a0982190506dba72430c16972a296abc2de865786cc72c63c971edf450502c",
|
|
2721
2725
|
"test/layer-0-primitives/gdpr-ropa.test.js": "sha256:ebed2f001ddc79e42a9cd0ee5319536662dcb4c601b3eb65077161ab81e243a4",
|
|
2722
2726
|
"test/layer-0-primitives/graphql-federation.test.js": "sha256:c920cdc6f8740733b712d139d11da08c4fa5c8add3b0749fa74c6fbce04965cf",
|
|
2723
2727
|
"test/layer-0-primitives/guard-agent-registry.test.js": "sha256:d432339273cde552cde8101ac1b32df44c36e7dd9381a328669f63884ac9016b",
|
|
2724
2728
|
"test/layer-0-primitives/guard-all.test.js": "sha256:fdd9a746ecfa6e29f0e5f727fbd66c5ab2e29a263ef0d8c2c1d62fc430cdd59f",
|
|
2725
2729
|
"test/layer-0-primitives/guard-archive.test.js": "sha256:f8c6be677cc69e5b782bb27e4891bcb18fc91d6890ce694ca06cc63c4d374b16",
|
|
2726
|
-
"test/layer-0-primitives/guard-csv.test.js": "sha256:
|
|
2730
|
+
"test/layer-0-primitives/guard-csv.test.js": "sha256:b4433bd26351a3042ff7f683aa5b7357d567b7cad480b290cefa802b7e8f9a7a",
|
|
2727
2731
|
"test/layer-0-primitives/guard-dsn.test.js": "sha256:879a5ef02cd49ea5fc696d248b521b0667a8f656bc9b04938ca4a8cc28dc3d07",
|
|
2728
2732
|
"test/layer-0-primitives/guard-email.test.js": "sha256:9912e6e76abd07d2c65a2c37e0236cd8ae3e82f89035282507ad906b37255a64",
|
|
2729
2733
|
"test/layer-0-primitives/guard-envelope.test.js": "sha256:17e67045992d981b7eac36760b2eca1d5ac8b35a0a94f389da7cff2466e3a848",
|
|
@@ -2764,9 +2768,9 @@
|
|
|
2764
2768
|
"test/layer-0-primitives/hal.test.js": "sha256:d161f3b264fea1c25e94a0a1911a00b81b1f521a9c3fbf2ea6d42a6ff98bbf85",
|
|
2765
2769
|
"test/layer-0-primitives/honeytoken.test.js": "sha256:1c08e06b5d3de067e06df9a2c67f13b2bd7bcf4a6aabbb00ca916fa6d1c8990d",
|
|
2766
2770
|
"test/layer-0-primitives/html-balance.test.js": "sha256:edc4c833f7b80020244a658a955035f6c43c1ff85bc9b91f507cfc2b6c911c97",
|
|
2767
|
-
"test/layer-0-primitives/http-client-cache.test.js": "sha256:
|
|
2768
|
-
"test/layer-0-primitives/http-client-stream.test.js": "sha256:
|
|
2769
|
-
"test/layer-0-primitives/http-client-throttle-transform.test.js": "sha256:
|
|
2771
|
+
"test/layer-0-primitives/http-client-cache.test.js": "sha256:4a55831400d24c736f4564ef5c4ff55febe9c9e54365a4092dd04622c34e0670",
|
|
2772
|
+
"test/layer-0-primitives/http-client-stream.test.js": "sha256:9f472d6598e836d59c779d3cdaad711bd52ab7d4cd0c02304e83706690f245a4",
|
|
2773
|
+
"test/layer-0-primitives/http-client-throttle-transform.test.js": "sha256:2315db2352846287b92514e9efd2ac7dd2528a91ee4060f6f5d15c6bbc684878",
|
|
2770
2774
|
"test/layer-0-primitives/http-message-signature.test.js": "sha256:7326f6266f4594813a2e07ca92d590c3b44325e77791213b2508b45826139e72",
|
|
2771
2775
|
"test/layer-0-primitives/i18n-messageformat.test.js": "sha256:bdb8f3f47d07e3a6cbd6d8cbba97e6eda68ef56cad9d6655baca5bc0f8a64a39",
|
|
2772
2776
|
"test/layer-0-primitives/i18n.test.js": "sha256:d96d7e1aec02f404777ed727eaa389330108cd72a1d225f4dc9bc38527a4ab60",
|
|
@@ -2775,7 +2779,7 @@
|
|
|
2775
2779
|
"test/layer-0-primitives/idempotency-key.test.js": "sha256:0214b68cbb3f50a0c7cbc7fcb92b1edf86a714dd6040c3a1a2be34b31eb9c631",
|
|
2776
2780
|
"test/layer-0-primitives/importmap-integrity.test.js": "sha256:babd21e2356c7d1d7916ae89fc228105290bf8c99371f0cde68512a62bea45dd",
|
|
2777
2781
|
"test/layer-0-primitives/inbox.test.js": "sha256:d0865782d10cb9a72bbf39223c5499d5b1ec50967173e2dfe3cd1bf88b279d8c",
|
|
2778
|
-
"test/layer-0-primitives/incident-report.test.js": "sha256:
|
|
2782
|
+
"test/layer-0-primitives/incident-report.test.js": "sha256:57bc8d037e6a3f84fcefe0a95205e5ac0f83c6dbb8b1f935c3c5184d2456c857",
|
|
2779
2783
|
"test/layer-0-primitives/ip-utils.test.js": "sha256:0ca865e21be6a8815a5c0dd772497b3e0ab4cedd67e7dbabf9518c82af789132",
|
|
2780
2784
|
"test/layer-0-primitives/jose-jwe-experimental.test.js": "sha256:fabd155817296fbac7cea4ccaaf5e1740471fe97b431fe46e13e6a30d13784ef",
|
|
2781
2785
|
"test/layer-0-primitives/json-api.test.js": "sha256:6b15309702e1309c6141a84988e784b5a88a228ee99a7e6cbb92fdae756b4192",
|
|
@@ -2793,7 +2797,7 @@
|
|
|
2793
2797
|
"test/layer-0-primitives/local-db-thin.test.js": "sha256:eaa7ede3b6f9a0f5e75561eef94bdbf8f5b145c3d440d9749a5a1ec11a349f8d",
|
|
2794
2798
|
"test/layer-0-primitives/log-stream-cloudwatch.test.js": "sha256:0e82ddc62b373471c81480051f9d4508f6c5a1f2939f0e06ebd1c0089d3407fd",
|
|
2795
2799
|
"test/layer-0-primitives/log-stream-otlp-grpc.test.js": "sha256:141837124af91e726f0d89270534e17b323991106f1ccca18e7b2b86c8834429",
|
|
2796
|
-
"test/layer-0-primitives/log-stream-otlp.test.js": "sha256:
|
|
2800
|
+
"test/layer-0-primitives/log-stream-otlp.test.js": "sha256:8a2cef85b2a3b373a05a147f82cb9fafbf12b094f576505fca44c44ce1d82f77",
|
|
2797
2801
|
"test/layer-0-primitives/lro.test.js": "sha256:134407dc88a84450d69e15c23ff9d47617466f23a436b3d61339e6836e0c42ce",
|
|
2798
2802
|
"test/layer-0-primitives/mail-agent.test.js": "sha256:51725784bab6849cb02f1e94e0ba97c2b8e7e101780a26ae7ec19f9d894640ef",
|
|
2799
2803
|
"test/layer-0-primitives/mail-arf.test.js": "sha256:2279aebee547903a8c1415c9fc1c9c194757b3917e869bfddb43dd0375e68a93",
|
|
@@ -2823,7 +2827,7 @@
|
|
|
2823
2827
|
"test/layer-0-primitives/mail-require-tls.test.js": "sha256:ffb888e81770c02e69f99ba54808802d53e5880a6fbe82349a914aaae20b016c",
|
|
2824
2828
|
"test/layer-0-primitives/mail-scan.test.js": "sha256:060758532a2b75e53b28b3b99542c5ea9b0a149986501a0e32cd1f660a7a569f",
|
|
2825
2829
|
"test/layer-0-primitives/mail-send-deliver.test.js": "sha256:7c36d357031aac94631c1fe93e4e25c2d986144d5eda8dd94fff033beb55a829",
|
|
2826
|
-
"test/layer-0-primitives/mail-server-imap.test.js": "sha256:
|
|
2830
|
+
"test/layer-0-primitives/mail-server-imap.test.js": "sha256:47c58a514de4b4a1756dbf5bdc4738f5643f5bdd873ae7ac48c985946160bc6e",
|
|
2827
2831
|
"test/layer-0-primitives/mail-server-jmap.test.js": "sha256:0a2d39004044ee41915f8857efddafec42234116bb4d0a0544aceec95cea25fd",
|
|
2828
2832
|
"test/layer-0-primitives/mail-server-managesieve.test.js": "sha256:4c7cddc4670c33b8174b61c4333a2958d5169c6a4c12d9c80e4822864697860b",
|
|
2829
2833
|
"test/layer-0-primitives/mail-server-mx.test.js": "sha256:0ddb39f1349d35ec5cca75e9ebf43c0fe9afa91388da31333c3340fc69b42eac",
|
|
@@ -2851,28 +2855,28 @@
|
|
|
2851
2855
|
"test/layer-0-primitives/mtls-ca-revocation.test.js": "sha256:27e3e909cd2fc0b6dfb8276a2a182c3bf948dccc65f601c670204a324d792e36",
|
|
2852
2856
|
"test/layer-0-primitives/nel.test.js": "sha256:1b074316a1172d23da880ee6c9fa99b5548ae28322ea43a7f91adbdb260375ca",
|
|
2853
2857
|
"test/layer-0-primitives/network-allowlist.test.js": "sha256:bfd447e56b6f19ee2cf1ed4ca7b34e03ecd6de89df46093e9dc89d93beeaf976",
|
|
2854
|
-
"test/layer-0-primitives/network-byte-quota.test.js": "sha256:
|
|
2858
|
+
"test/layer-0-primitives/network-byte-quota.test.js": "sha256:6354051f50c25388ee5d759bf6e36f4efc06b8bf5cce12d75cb15ec59b32dbe7",
|
|
2855
2859
|
"test/layer-0-primitives/network-dns-lookup-timeout-default.test.js": "sha256:6251b8d093f6402a13d08afea2d7164fccdb8d2edbbbe63915b88b4e2bcba47b",
|
|
2856
2860
|
"test/layer-0-primitives/network-dns-resolver-timeout.test.js": "sha256:9ba8ca49b8095ec4780959134520ac869c80ca9b9664b5beadce2d135037777d",
|
|
2857
2861
|
"test/layer-0-primitives/network-dns-resolver.test.js": "sha256:8966ba1b24c9ceb5754a3ef21a6d6e61a6cade983367bece1034110b7928fc1c",
|
|
2858
|
-
"test/layer-0-primitives/network-dns.test.js": "sha256:
|
|
2862
|
+
"test/layer-0-primitives/network-dns.test.js": "sha256:c300d176f391ce3a12b8d8dd4ddd68f0d5f16b3b837b80066406c6e698a9433d",
|
|
2859
2863
|
"test/layer-0-primitives/network-heartbeat-passive.test.js": "sha256:4dae1d9f61c85489d1a91a6f4a242198d0bee89fdbacff9efba143e78e882ad0",
|
|
2860
|
-
"test/layer-0-primitives/network-nts-handshake-byte-cap.test.js": "sha256:
|
|
2864
|
+
"test/layer-0-primitives/network-nts-handshake-byte-cap.test.js": "sha256:b20b7a6e218613282d7d817d7a675f9ee81ba07af1ed5c089283e62736e2c515",
|
|
2861
2865
|
"test/layer-0-primitives/network-tls-build-options.test.js": "sha256:0380ef886acc0a3bb0f7bc032c11991891fe9f19648e9f8d38829c7ea16b61b0",
|
|
2862
2866
|
"test/layer-0-primitives/network-tls-ct-inclusion.test.js": "sha256:951b5eeded5762f667c534c0433e4b5f4b0a6a48c7c66a88492c0d4cebd21636",
|
|
2863
2867
|
"test/layer-0-primitives/network-tls.test.js": "sha256:75605314bf5093ab040c46cdc17327cd609145c4b0b7a17fbbaa9679b94a3b46",
|
|
2864
2868
|
"test/layer-0-primitives/network-tsig.test.js": "sha256:8845cb8f23876e6c68436491a412bbbd2c5415af23438c5ab2613358b3a4168f",
|
|
2865
2869
|
"test/layer-0-primitives/network.test.js": "sha256:5424adaab9c3fe6e1b96e21eef90e51c5cf4c7fa8e96132306399d95cdfacdf1",
|
|
2866
|
-
"test/layer-0-primitives/nis2-report.test.js": "sha256:
|
|
2870
|
+
"test/layer-0-primitives/nis2-report.test.js": "sha256:4ee2d6a5c6e05c317c34a4f7eef91a0c91079d227b8b69c65e1d58e4444613e0",
|
|
2867
2871
|
"test/layer-0-primitives/nist-crosswalk.test.js": "sha256:ea8741fec9831d57a907d33ad08822ccdb71942c20482affbef8a68f3d82b1a7",
|
|
2868
2872
|
"test/layer-0-primitives/no-cache.test.js": "sha256:b80e5ae1ad53cbf552423c3b16653c6d011d773f2056fa156e4436fc4f014e9b",
|
|
2869
2873
|
"test/layer-0-primitives/nonce-store-release.test.js": "sha256:65b7c7027a29b6ac398f0b7d00b52c4e143e65c3ba73208c681758366a549645",
|
|
2870
2874
|
"test/layer-0-primitives/notify.test.js": "sha256:8a7cf548e567cdcf0e6cc6d731c5e2e6fcc364e8838ef411999c324234da3917",
|
|
2871
2875
|
"test/layer-0-primitives/numeric-bounds.test.js": "sha256:4935cb433e72b15dff77cebef4c580128695c38ae619de6f7b9dd10868cdbbb7",
|
|
2872
|
-
"test/layer-0-primitives/oauth-callback.test.js": "sha256:
|
|
2876
|
+
"test/layer-0-primitives/oauth-callback.test.js": "sha256:da198bd79a978818546184cf0f81056a1594da3096b8d8a01a20bba54c160101",
|
|
2873
2877
|
"test/layer-0-primitives/object-store-range-header.test.js": "sha256:ddacc510976700ba9dfeefce2f40c5ee9ce8510eb1cd0b9a8128b296acf22b06",
|
|
2874
2878
|
"test/layer-0-primitives/object-store-versioned-delete.test.js": "sha256:755a6b0914dc2f51f3d2d3a57ae3c5e013ee071e2edcfc717b7ee153c2ddc061",
|
|
2875
|
-
"test/layer-0-primitives/observability-tracing.test.js": "sha256:
|
|
2879
|
+
"test/layer-0-primitives/observability-tracing.test.js": "sha256:1af4f6129660b998fd03f871f1cae9dd109c0c9ccef564c6230026b88867133d",
|
|
2876
2880
|
"test/layer-0-primitives/observability.test.js": "sha256:29e0e41b05a358b53053dd696e48dd17827d903e6eb59dad08a183ac932376a5",
|
|
2877
2881
|
"test/layer-0-primitives/openapi.test.js": "sha256:2e552cbb27b70ac28688632364defc9d063b3b26ff45788012e656bce8ba31e3",
|
|
2878
2882
|
"test/layer-0-primitives/otel-export.test.js": "sha256:78c0103b69f04270b35f1d4f14471c4aa085bdad0b55667e2f182f94c2a3f7b6",
|
|
@@ -2880,8 +2884,8 @@
|
|
|
2880
2884
|
"test/layer-0-primitives/outbox-inflight-reaper.test.js": "sha256:b4d65c14c7d8aa7712424f2a685fd7bc44b306650c14e3ff5047b2f021ac81f4",
|
|
2881
2885
|
"test/layer-0-primitives/output-header-hardening.test.js": "sha256:4792ef56abc48e96833bdaf0019c5a61b21789cf62062fd74c48f3a969bf2db3",
|
|
2882
2886
|
"test/layer-0-primitives/pagination.test.js": "sha256:432bbead37b57079f91429c2f3998aed28eb947086f8b0b8ebbd111fa3abdb07",
|
|
2883
|
-
"test/layer-0-primitives/parser-verify-hardening.test.js": "sha256:
|
|
2884
|
-
"test/layer-0-primitives/parsers-standalone.test.js": "sha256:
|
|
2887
|
+
"test/layer-0-primitives/parser-verify-hardening.test.js": "sha256:0ba9704d8902399d79af24a5eb846ab222f2a33a42a0cb8fb9043da15869d370",
|
|
2888
|
+
"test/layer-0-primitives/parsers-standalone.test.js": "sha256:ffb8c8959e14b08279a43c5cf93e896685f7fe378735a5ab836563b0f80f2d88",
|
|
2885
2889
|
"test/layer-0-primitives/passkey-real-vectors.test.js": "sha256:c8d986440e9c6d7ca78f8b03054d077f7b11af8326b6319aaaa569fb9cebf0bd",
|
|
2886
2890
|
"test/layer-0-primitives/passkey.test.js": "sha256:ae7b213deb42dc8412d496eab91071b4f65518ca0d37e24f17ecb31c095dc7fe",
|
|
2887
2891
|
"test/layer-0-primitives/permissions.test.js": "sha256:b8cc87f2e5b2bc39c784d3cf372620eaa37037e33c43c16addc4ad000c802ba2",
|
|
@@ -2903,7 +2907,7 @@
|
|
|
2903
2907
|
"test/layer-0-primitives/queue-dlq-extend-lease.test.js": "sha256:437081c4bb7104e202ce7a36f09ea141b8bfef4df780b9c2877be63c717ac9a1",
|
|
2904
2908
|
"test/layer-0-primitives/queue-flow-repeat.test.js": "sha256:3b423ccb286e5a70e0f5c6a93c15db909753041fb2f6e6378a44342331757f78",
|
|
2905
2909
|
"test/layer-0-primitives/queue-priority-rate-progress.test.js": "sha256:c87fea0add1545f2ba39209445346bff9c81916ad1d3bc7c02d73348fb938d80",
|
|
2906
|
-
"test/layer-0-primitives/queue-sqs.test.js": "sha256:
|
|
2910
|
+
"test/layer-0-primitives/queue-sqs.test.js": "sha256:fd5a7ce3eaf7ee7e554223eabee6de796eb667b69d42d910a9a062e6b1e7c536",
|
|
2907
2911
|
"test/layer-0-primitives/rate-limit-cluster.test.js": "sha256:732f28a7737c6696c02f554b5b7e5d4328a3eacb84ab1491b8b058c2ba603ee7",
|
|
2908
2912
|
"test/layer-0-primitives/rate-limit-memory-getorinsert.test.js": "sha256:6e113f7643f0de46975f5ca37d87cc16f7bf97c2c4513fd8f09b09c224e4622f",
|
|
2909
2913
|
"test/layer-0-primitives/rate-limit-registry.test.js": "sha256:bb8a7081398aadfd8e8ecf8665863a2b28136b9dddf438022bfd5de0b2f05956",
|
|
@@ -2911,7 +2915,7 @@
|
|
|
2911
2915
|
"test/layer-0-primitives/redact-dlp.test.js": "sha256:42b80cd22185ce81e8caf71243e6f6bc2f3185a091ebe5fbb776bfab7bab37c3",
|
|
2912
2916
|
"test/layer-0-primitives/redis-client.test.js": "sha256:bb1f192c78311b7f3fededcf90a3e5bc3492fc31c001f64c642dd3eb9b631dd4",
|
|
2913
2917
|
"test/layer-0-primitives/request-helpers.test.js": "sha256:0c4a5f689c3553e22835152d58c127239dbd8bfe2cc538b5a540f9d359b06bc8",
|
|
2914
|
-
"test/layer-0-primitives/request-id-async-context.test.js": "sha256:
|
|
2918
|
+
"test/layer-0-primitives/request-id-async-context.test.js": "sha256:3aad8f145e7ca37c7220767779050ffaa5da2b2bb2cb7e4b65d3652d554b0322",
|
|
2915
2919
|
"test/layer-0-primitives/request-log.test.js": "sha256:31479f63311b31a74aa7f636b7f9ef04c2f6bcb152b8b8c465a40d08461cc03f",
|
|
2916
2920
|
"test/layer-0-primitives/require-auth-cache-control.test.js": "sha256:36b9d77791285e2b2606a5d2f8f8c8536a46e7ec1f4f2c5e54ee1b17a3dece3d",
|
|
2917
2921
|
"test/layer-0-primitives/require-mtls.test.js": "sha256:ba041e00d098090b4ffa578bb8b3f01927043842a5057069502dc69ade2dc23d",
|
|
@@ -2949,23 +2953,23 @@
|
|
|
2949
2953
|
"test/layer-0-primitives/saml-slo.test.js": "sha256:b8b3a5e71ad28a0a3e9b69bca9f570410bc8b8eab6a7fdfd186fdf12cd90854f",
|
|
2950
2954
|
"test/layer-0-primitives/saml-subjectconfirmation-notbefore.test.js": "sha256:2deac25891a4eb2c5d1073d99c352a01322e6fab6497616209ec6a15cc1fbf71",
|
|
2951
2955
|
"test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.js": "sha256:1396afcc34135ab025880ac74738f3eb1984f5725dcf2e676e6a2f1bd7f852c2",
|
|
2952
|
-
"test/layer-0-primitives/sandbox.test.js": "sha256:
|
|
2956
|
+
"test/layer-0-primitives/sandbox.test.js": "sha256:8a76ab55fcaf5831654f6dec004603f8d538c45852f7c0f72f698282b12c87d1",
|
|
2953
2957
|
"test/layer-0-primitives/scheduler-exactly-once.test.js": "sha256:f269740eba98d12f05f6fa50c7aa4f6ac49a5a69e1dff23898257405a51089fa",
|
|
2954
2958
|
"test/layer-0-primitives/scheduler-watchdog-stale-settle.test.js": "sha256:7ee8fc92151f36fcfefb7506e5c274599b6f6df8b83639bbe73738b1f263bb43",
|
|
2955
2959
|
"test/layer-0-primitives/scim-server.test.js": "sha256:2df544430e780f677491b71e08ac77f88fabaecf0c23d838fb3081d3deb84315",
|
|
2956
2960
|
"test/layer-0-primitives/scitt.test.js": "sha256:a3030351ec0092516c5eaea4824dae8f466f239133d6a189875d38faf236a232",
|
|
2957
2961
|
"test/layer-0-primitives/sd-jwt-vc-ecdsa-p1363.test.js": "sha256:d26d4a066458fe37634abf58bf41a66ef913172e5cb601f64751a2c2a03fd8fb",
|
|
2958
|
-
"test/layer-0-primitives/sd-jwt-vc.test.js": "sha256:
|
|
2962
|
+
"test/layer-0-primitives/sd-jwt-vc.test.js": "sha256:e05816f2050adb0e8b24addec608d3e791f6d140fc7742436d30fa418a9c7e32",
|
|
2959
2963
|
"test/layer-0-primitives/sd-notify.test.js": "sha256:39b3af9befe9f9241e328bee85d2dab3aff9c15747aa43fc6e6d68d404f4abaa",
|
|
2960
2964
|
"test/layer-0-primitives/sec-cyber.test.js": "sha256:9082c067fa9a8f55592675bbb911dc44bb10ad12bf4c6db6a2f0d95b2fa0538f",
|
|
2961
2965
|
"test/layer-0-primitives/security-assert.test.js": "sha256:d4ea3b6b187ee095edc33f433a6ba08e21ecc92d62c801344cc89d643d3e96f7",
|
|
2962
2966
|
"test/layer-0-primitives/security-headers.test.js": "sha256:555c05dc947ecb652cce7ee8ebf55a0550a4d0b70d031e8f4941c29edbf35dcd",
|
|
2963
2967
|
"test/layer-0-primitives/security-txt.test.js": "sha256:d06a84b0e10b64c1df2f4d0ca423ad7f1a5fddf21f74f2ddf394a3dab04e8b85",
|
|
2964
2968
|
"test/layer-0-primitives/seeders.test.js": "sha256:b481f73ee88cc703501fafd075865d5be0b58f98080e63984e7f3db762e5fe8e",
|
|
2965
|
-
"test/layer-0-primitives/self-update-poll-asset-digest.test.js": "sha256:
|
|
2969
|
+
"test/layer-0-primitives/self-update-poll-asset-digest.test.js": "sha256:d0f8aabfc0fe8e6643b766718d08750300a33aad7b57e8bd133e2e225d65fe7c",
|
|
2966
2970
|
"test/layer-0-primitives/self-update-standalone-verifier-ecdsa-encoding.test.js": "sha256:10856013eabb3fbc4c6924bdd98a4e1e32200320e79b8dbb5d4dc41cabca9ed9",
|
|
2967
2971
|
"test/layer-0-primitives/self-update-standalone-verifier.test.js": "sha256:01a603efc2ad576fd2a958bc6fb0bf9738c628b9f73ca706089fb2ddfb4b8796",
|
|
2968
|
-
"test/layer-0-primitives/self-update.test.js": "sha256:
|
|
2972
|
+
"test/layer-0-primitives/self-update.test.js": "sha256:ce7af699ef94925b1cb531d043a56da76db1a0414009ff35410aa8da2126cefc",
|
|
2969
2973
|
"test/layer-0-primitives/server-timing.test.js": "sha256:03fbad2878a8d629c0abf59c175d6de7b113e49b3eaffbdcd950b03920e54693",
|
|
2970
2974
|
"test/layer-0-primitives/session-destroy-all-store-backed.test.js": "sha256:a00e2a0a0508e59cef00813884ecdb3cf124b385d8bab9222040441c23112416",
|
|
2971
2975
|
"test/layer-0-primitives/session-device-binding-ipv6-canonical-and-no-store.test.js": "sha256:00444e12ce114b9e6103f06279387ba453fdab32b0216e0f437f6c93dda7a606",
|
|
@@ -2973,8 +2977,8 @@
|
|
|
2973
2977
|
"test/layer-0-primitives/session-extensions.test.js": "sha256:42a43a2e82ee4fb1c576cc6dc2ebfcf531e3cbd05bbb5486a402de0bf1b8d141",
|
|
2974
2978
|
"test/layer-0-primitives/session-valid-from.test.js": "sha256:587bb6aa587d1fbaf84387bd17d0a46fbf0b97ceafc9d2a1416a0e7751e98ab0",
|
|
2975
2979
|
"test/layer-0-primitives/shape-match.test.js": "sha256:ce63e3be16ff7055fe0a24ffd314e6878a8d2145043a2e2bbc3821f3d9d48b7d",
|
|
2976
|
-
"test/layer-0-primitives/sigv4-bucket-ops.test.js": "sha256:
|
|
2977
|
-
"test/layer-0-primitives/sigv4-multipart-sse.test.js": "sha256:
|
|
2980
|
+
"test/layer-0-primitives/sigv4-bucket-ops.test.js": "sha256:18d38b4504ee7aaf2d2243c673005a8260c57ea4b5396e5c2ecd67845ac449d9",
|
|
2981
|
+
"test/layer-0-primitives/sigv4-multipart-sse.test.js": "sha256:964c4a854e258103f8a11e9140368e825155b4934fc8bf130802fb1e133e2b29",
|
|
2978
2982
|
"test/layer-0-primitives/slug.test.js": "sha256:15590eb5da4a54144e5c68756119d4c453bb1cd871c67c7d7732250b650928da",
|
|
2979
2983
|
"test/layer-0-primitives/smtp-policy.test.js": "sha256:184fee03f15e5b607ded9ae034143c00561030830cdf7b96a70b3fcc2cb8d419",
|
|
2980
2984
|
"test/layer-0-primitives/source-comment-blocks.test.js": "sha256:83f8fdfc46fd384515932d120e00f76cd5fa041cb6f52e706c43cd5c56592309",
|
|
@@ -2984,7 +2988,7 @@
|
|
|
2984
2988
|
"test/layer-0-primitives/sse.test.js": "sha256:ca58bd0149a2b62b7b08aa5003d81edcb9cc14e38cbc5fade1e6a2639a84cfe0",
|
|
2985
2989
|
"test/layer-0-primitives/ssrf-guard.test.js": "sha256:323f48e6ad057ea9977f6b798619ee8f7c74fa2d404a496086a9f61eb2cbd75b",
|
|
2986
2990
|
"test/layer-0-primitives/standard-webhooks.test.js": "sha256:a8ef0b8546c992e0eec88e7c8974e8153e4a53a305907e44aa1ebbb29bba8039",
|
|
2987
|
-
"test/layer-0-primitives/static.test.js": "sha256:
|
|
2991
|
+
"test/layer-0-primitives/static.test.js": "sha256:06073d994db32d7c0c6e0ab25cb42252f5a425c3d3444c65c46d3b300cc74d25",
|
|
2988
2992
|
"test/layer-0-primitives/step-up.test.js": "sha256:74631692a30f6508451cefcc6de5efc6705231f429ffb9c56d8a5a86d9b99610",
|
|
2989
2993
|
"test/layer-0-primitives/storage-chunk-scratch.test.js": "sha256:bdfbba7ba9a619a2ab9a69b539c31f1e53569185135733debd14778d6791b4b8",
|
|
2990
2994
|
"test/layer-0-primitives/storage-presigned-url.test.js": "sha256:1429eedcee420858d5305681137b54b75c2affbab9d58b888854192a2592b0ee",
|
|
@@ -2996,10 +3000,10 @@
|
|
|
2996
3000
|
"test/layer-0-primitives/tenant-quota.test.js": "sha256:4784e7c038f23be6191528261efdd39dc79b5b0459a927d0024cf5180cb6c8c5",
|
|
2997
3001
|
"test/layer-0-primitives/test-coverage.test.js": "sha256:175757e902e5867fa2d5d536606bff24e93689b44e769e41359aafbc98690528",
|
|
2998
3002
|
"test/layer-0-primitives/test-harness.test.js": "sha256:df37bf327dbce52a504541ea5e87be952751310165c1befb852263c48378d9fb",
|
|
2999
|
-
"test/layer-0-primitives/testing-request.test.js": "sha256:
|
|
3003
|
+
"test/layer-0-primitives/testing-request.test.js": "sha256:4890fbb45a854e1bd635879344f7376d1ec9eb532c33a09bbdb9a1354a830005",
|
|
3000
3004
|
"test/layer-0-primitives/testing.test.js": "sha256:d7c42ee7d8cf4b801d5356ddbf1030ffcf88df9adcac85ab9b8ba9458a09dfd2",
|
|
3001
3005
|
"test/layer-0-primitives/time.test.js": "sha256:59f6dcd5753b9bb97508044c30cfca948c4707dd8d107dab5eab53f0dcd91e84",
|
|
3002
|
-
"test/layer-0-primitives/tls-exporter.test.js": "sha256:
|
|
3006
|
+
"test/layer-0-primitives/tls-exporter.test.js": "sha256:3224b12f18619fa805e933c8eef18356e42f8554d75d7c4e23ebd8b5b993ca6b",
|
|
3003
3007
|
"test/layer-0-primitives/tls-ocsp-ct.test.js": "sha256:7c98ddde33095683a3be527fee9e868501ca99eac74cc40fe1c56ca6018f1660",
|
|
3004
3008
|
"test/layer-0-primitives/tls-ocsp-freshness.test.js": "sha256:0d979ecdbc7d9c62bcb32e0f2594fa5425bed4a25ef3793915ad0890398fabf7",
|
|
3005
3009
|
"test/layer-0-primitives/tls-ocsp-verify.test.js": "sha256:f726bb9387c570cee945a2b927070899bc7ae933ec09ba481c3aa5f0d11d2ba6",
|
|
@@ -3024,13 +3028,13 @@
|
|
|
3024
3028
|
"test/layer-0-primitives/web-push-vapid.test.js": "sha256:4634dcf1c3fdae300b291d20473285a9d9fe2f49f9c54e4e3a2e149768d3fe32",
|
|
3025
3029
|
"test/layer-0-primitives/webhook-dispatcher.test.js": "sha256:080b999087102eccaa73e070b3f08ec2ab1fecd3a38d25cdcd2937241c9d9689",
|
|
3026
3030
|
"test/layer-0-primitives/webhook-verify-nonce-atomic.test.js": "sha256:42441d6d923d2ba9f83da932e1e4715f2e519735c816e6396f1390e87ff378f6",
|
|
3027
|
-
"test/layer-0-primitives/webhook.test.js": "sha256:
|
|
3031
|
+
"test/layer-0-primitives/webhook.test.js": "sha256:242bdf15f35f6c32c5c9d1a0abff248ebb9af994cd176e6376f954e178c50bfb",
|
|
3028
3032
|
"test/layer-0-primitives/websocket-channels.test.js": "sha256:8e1249fd11c4ae1253c8b76cc8638c9cdce2081046d6b80a9a6db0cd71d2716c",
|
|
3029
3033
|
"test/layer-0-primitives/websocket-extension-header.test.js": "sha256:8f3a29eeb269c7393342e4e7966c330413964cd251b76d5cdefd6455aa8883be",
|
|
3030
|
-
"test/layer-0-primitives/worker-pool-recycle-race.test.js": "sha256:
|
|
3034
|
+
"test/layer-0-primitives/worker-pool-recycle-race.test.js": "sha256:0e9f12256864334bf49de0b0d62b9d4f9cfeb34e9fe598f9299b811dc4ac4719",
|
|
3031
3035
|
"test/layer-0-primitives/worker-pool.test.js": "sha256:0a3698d862346f64f98eb1c954694ad6a6b4cedbfc569a1f4d93233b7bfa733a",
|
|
3032
3036
|
"test/layer-0-primitives/worm.test.js": "sha256:0908cfbf7228de39ab68796505c29071d3117571b8a6c07cef7d1fa27d0380b8",
|
|
3033
|
-
"test/layer-0-primitives/ws-client.test.js": "sha256:
|
|
3037
|
+
"test/layer-0-primitives/ws-client.test.js": "sha256:e604a0ac206825ec307624ae6df59a644c2dde2c51b965a3b51fce05990cfbde",
|
|
3034
3038
|
"test/layer-0-primitives/x509-chain-ca-enforcement.test.js": "sha256:8d68ffe4f8655af99682927524ae5a6c5336f32a57eb7c5c78fef5f2d1b2e6e3",
|
|
3035
3039
|
"test/layer-1-state/api-key.test.js": "sha256:48d641b673a181746adf80dfa995f0ca29187af17aa4735590557fda4350dcb8",
|
|
3036
3040
|
"test/layer-5-integration/bundler-output.test.js": "sha256:023f0504a5ae60fb39d347d05e8fe7e9d8fee685eb1bb89dd40406cf01691d22",
|
|
@@ -87,6 +87,11 @@ examples/*/package-lock.json
|
|
|
87
87
|
# package-lock.json that appears at the root is from a transient
|
|
88
88
|
# `npm install` and shouldn't be tracked.
|
|
89
89
|
/package-lock.json
|
|
90
|
+
# Root-level runtime state — a test (or local run) that points b.db / the
|
|
91
|
+
# cluster at a relative default writes its sealed vault key + encrypted
|
|
92
|
+
# SQLite DB here. It is per-instance state, never repo content; the *.key /
|
|
93
|
+
# *.pem rules above miss it because the files end in .enc / .sealed.
|
|
94
|
+
/sqlite/
|
|
90
95
|
# Bundler output — content-hashed at boot from src/. Only the source
|
|
91
96
|
# (src/*.js) is tracked; the hashed artifacts are reproducible.
|
|
92
97
|
examples/*/public/dist/
|
|
@@ -8,6 +8,10 @@ upgrading across more than a few patches at a time.
|
|
|
8
8
|
|
|
9
9
|
## v0.15.x
|
|
10
10
|
|
|
11
|
+
- v0.15.26 (2026-06-25) — **Internal test-harness correctness only — the published library is byte-for-byte identical to 0.15.25.** The smoke runner requires each test module and awaits its exported run(). Several tests were instead written as a top-level (async function () {...})() IIFE that runs detached at require-time, so the runner measured and reported the test's result before the IIFE's post-await assertions executed — those checks silently never ran (one parser test exercised 4 of its 26 assertions, and a failure after the first await would have gone unseen as a false pass). Those tests are converted to the exported-run form so the runner awaits their full assertion set, and a codebase-patterns detector now refuses a top-level async IIFE in a test file so the pattern cannot return. No shipped framework code changed; this release is byte-for-byte identical to 0.15.25 for operators. **Fixed:** *Detached-IIFE tests now run their full assertion set under the smoke runner* — A test written as a top-level (async function () {...})() IIFE runs detached when the runner requires it: the runner only awaits an exported run(), so it reported the file's result before the IIFE's awaited assertions executed, and every check after the first await silently did not count (one parsers test ran 4 of 26). Such tests are rewritten to define async function run(), export it, and invoke it under if (require.main === module), so the runner awaits the complete set; a detector refuses a re-introduced top-level async IIFE in a test file. This is test-harness correctness only — no shipped framework behavior changed.
|
|
12
|
+
|
|
13
|
+
- v0.15.25 (2026-06-25) — **`b.sandbox.run` no longer leaks the worker thread's MessagePort — it now waits for the worker to terminate before resolving.** b.sandbox.run spawned a worker thread to execute untrusted code and called worker.terminate() on both the result and timeout paths, but it settled the caller's promise BEFORE the asynchronous terminate() completed — leaving the worker's MessagePort alive past the resolve. In a long-lived process that runs sandboxed code repeatedly, each call leaked a MessagePort handle, keeping the event loop populated and slowing graceful shutdown. The call now awaits worker.terminate() before settling, so the handle is released when the promise resolves. Behaviour and return values are unchanged. **Fixed:** *b.sandbox.run releases the worker MessagePort before resolving* — b.sandbox.run resolved (or rejected) the caller's promise as soon as the worker reported a result or the timeout fired, while worker.terminate() — which is asynchronous — was still in flight, so the worker thread's MessagePort outlived the call and lingered as an open handle. Repeated sandbox runs in a long-lived process accumulated leaked MessagePorts that kept the event loop alive and delayed shutdown. The result and timeout paths now defer settling until worker.terminate() resolves; the error and exit paths already imply the worker is gone. The return value, audit events, and timeout semantics are unchanged.
|
|
14
|
+
|
|
11
15
|
- v0.15.24 (2026-06-25) — **Supply-chain hardening for the build: the example wiki container's base images are digest-pinned (and tracked for patches by Dependabot), and the SEA-build esbuild binary pin is centralized and release-enforced so a version bump can't silently lose its reviewed hash.** A build supply-chain hardening release; no runtime API changes. The example wiki container's Chainguard base images are now pinned by digest (tag@sha256) for reproducible builds and provenance, with Dependabot's docker updater bumping the digests so they keep tracking Chainguard's continuous CVE rebuilds; the published multi-arch image is unaffected because the release workflow still resolves the rolling tag to a fresh digest at build time, so the scanned image equals the published image and the committed digest never reaches the image-scan gate. The esbuild native-binary supply-chain pin — the reviewed per-platform SHA-256 the bundler smoke gate checks the on-disk compiler against — is centralized in one file and enforced both at release time and in the pattern gate by a single shared verifier: the version package.json and the CI/publish workflows install must carry a complete reviewed-hash entry, so bumping esbuild without re-reviewing and re-pinning the binary now fails closed instead of silently degrading the verification to a skip. **Security:** *Wiki container base images are digest-pinned and patch-tracked* — examples/wiki/Dockerfile now pins its Chainguard base images by digest (cgr.dev/chainguard/node:<tag>@sha256:...) for reproducible local builds and supply-chain provenance, and Dependabot's docker updater bumps those digests so they keep tracking Chainguard's continuously-rebuilt CVE fixes instead of freezing. The published multi-arch image is unchanged: the release workflow still resolves the rolling tag to a fresh digest at build time and passes it as a build-arg, so the scanned image equals the published image and always carries current patches — the committed digest never reaches the image-scan gate. · *esbuild SEA-build binary pin is centralized and fails closed on an un-reviewed bump* — The reviewed per-platform SHA-256 hashes that the bundler smoke gate verifies the esbuild native compiler against are now a single source of truth (scripts/esbuild-binary-pin.json), checked by one shared verifier that runs both at release time and in the pattern gate. It enforces that the esbuild version package.json declares and the CI/publish workflows install carries a complete reviewed-hash entry for every required platform. Previously a bump to a version with no reviewed hash made the smoke gate note-and-skip the binary verification; that omission now fails the release, so the binary pin can no longer be silently lost. The hashes remain captured by hand on each bump (diff the published tarballs, sha256 the binary) — the verifier checks the pin is present, it never derives it.
|
|
12
16
|
|
|
13
17
|
- v0.15.23 (2026-06-24) — **`b.wsClient` error objects now carry a usable terminal-vs-transient signal (and the client's auto-reconnect, previously dead, works again), and `b.safePath` resolves cross-platform containment with the target platform's path semantics — fixing both a false refusal of in-base paths and a backslash-traversal escape when validating for Windows on a POSIX host.** Two correctness fixes. b.wsClient marked every WsClientError permanent, so a consumer driving its own reconnect loop could not tell a terminal handshake failure (a bad URL, a 4xx rejection, an accept-mismatch, a protocol-violation frame) from a transient one (a 5xx handshake rejection, a pong/handshake timeout, a dropped socket) and had to re-derive the taxonomy from error codes. err.permanent now reflects the actual transience of each error, the single bad-status code is split by the carried HTTP status (4xx terminal, 5xx transient) with the status exposed as err.statusCode, and — because the client's own auto-reconnect keyed off the same always-true flag — auto-reconnect was silently disabled for every transient failure and now fires correctly. Separately, b.safePath.resolve / resolveOrNull / validate performed its lexical containment with the runtime path module while the per-segment naming walk used opts.platform. The two disagreeing broke cross-platform validation both ways: every legitimate in-base path was refused with safe-path/escapes-base when opts.platform differed from the host, and — more seriously — a POSIX host validating opts.platform: "windows" accepted a backslash traversal (ok\..\..\outside), because the runtime resolver treats \ as an ordinary filename character and never collapsed the .. segments, so the path escaped the base once a Windows consumer read the backslashes. The lexical resolve and containment boundary now use the target platform's path module (node:path.win32 / node:path.posix), matching the segment walk, so in-base paths resolve and cross-platform traversals are refused under any opts.platform override; the realpath check, which touches the live filesystem, keeps its runtime resolve. **Fixed:** *b.wsClient: WsClientError carries a real terminal/transient signal, and auto-reconnect works again* — WsClientError was declared always-permanent, so err.permanent was true for every error — a consumer's reconnect loop could not distinguish a terminal handshake failure (bad URL, bad subprotocol, malformed handshake header, accept-mismatch, bad upgrade, bad status line, a 4xx rejection, an oversized/protocol-violation frame) from a transient one (a 5xx handshake rejection, a pong- or handshake-timeout, a dropped socket) and had to maintain its own error-code list tracking the framework's taxonomy. err.permanent now reflects each error's actual transience, derived from its code (a new/unknown code defaults to terminal, so it fails closed rather than redialing a hopeless target forever); the single ws-client/bad-status code is split by the response status (4xx terminal, 5xx transient) and the status is exposed as err.statusCode (the existing err.status alias is preserved). The same always-permanent flag also drove the client's built-in auto-reconnect, which therefore never retried any framework-surfaced transient failure (a 5xx handshake or a keepalive timeout); reconnect now fires for transient failures and still skips terminal ones. · *b.safePath: cross-platform containment resolves with the target platform's path semantics* — b.safePath.resolve / resolveOrNull / validate performed its lexical containment (resolve rel under base, then bound the result with a separator slice) using the runtime path module, while the per-segment naming walk used opts.platform. When the two disagreed, validation broke both ways. Benign direction: a Linux service validating server-origin names against the stricter Windows ruleset (the recommended cross-platform pattern) had every legitimate in-base path refused with safe-path/escapes-base, because the runtime-separated resolved path could never match a Windows-separator boundary. Security direction: a POSIX host validating opts.platform: "windows" accepted a backslash traversal such as ok\..\..\outside — the segment walk splits on \ for Windows, but the runtime resolver on POSIX treats \ as an ordinary filename character and never collapsed the .. segments, so the path passed containment and resolved to <base>/ok\..\..\outside, which escapes the base once a Windows consumer interprets the backslashes. The lexical resolve and the containment boundary now use the target platform's path module (node:path.win32 when validating for Windows, node:path.posix otherwise), matching the segment walk, so in-base paths resolve correctly and a genuine traversal is refused under any opts.platform override. The realpath check, which resolves symlinks on the live filesystem, keeps a separate runtime resolve because a foreign-platform path cannot be symlink-resolved on the host. opts.platform continues to gate the per-segment naming rules (reserved names, trailing dot/space, NTFS ADS colon).
|
|
@@ -266,23 +266,41 @@ function run(opts) {
|
|
|
266
266
|
return;
|
|
267
267
|
}
|
|
268
268
|
|
|
269
|
+
// Terminate the worker and only settle the caller's promise once the
|
|
270
|
+
// termination resolves. worker.terminate() is asynchronous: settling
|
|
271
|
+
// before it completes leaves the worker thread's MessagePort alive past
|
|
272
|
+
// the resolve, keeping the event loop open (a leaked handle that delays
|
|
273
|
+
// a shut-down on a slow runner). Awaiting terminate() releases it.
|
|
274
|
+
function _terminateThen(finish) {
|
|
275
|
+
var done = false;
|
|
276
|
+
function _once() { if (done) return; done = true; finish(); }
|
|
277
|
+
var p;
|
|
278
|
+
try { p = worker.terminate(); } catch (_e) { p = null; }
|
|
279
|
+
if (p && typeof p.then === "function") { p.then(_once, _once); }
|
|
280
|
+
else { _once(); }
|
|
281
|
+
}
|
|
282
|
+
|
|
269
283
|
var timer = setTimeout(function () {
|
|
270
284
|
if (settled) return;
|
|
271
285
|
settled = true;
|
|
272
|
-
try { worker.terminate(); } catch (_e) { /* terminate best-effort */ }
|
|
273
286
|
var elapsed = Date.now() - startedAt;
|
|
274
287
|
_emitAudit("sandbox.run.refused", "failure", {
|
|
275
288
|
reason: "sandbox/timeout", runtimeMs: elapsed, peakBytes: 0, sourceBytes: sourceBytes,
|
|
276
289
|
});
|
|
277
|
-
|
|
278
|
-
|
|
290
|
+
_terminateThen(function () {
|
|
291
|
+
reject(new SandboxError("sandbox/timeout",
|
|
292
|
+
"sandbox.run: worker exceeded timeoutMs=" + timeoutMs + " (elapsed " + elapsed + "ms)"));
|
|
293
|
+
});
|
|
279
294
|
}, timeoutMs);
|
|
280
295
|
|
|
281
296
|
worker.on("message", function (msg) {
|
|
282
297
|
if (settled) return;
|
|
283
298
|
settled = true;
|
|
284
299
|
clearTimeout(timer);
|
|
285
|
-
|
|
300
|
+
_terminateThen(function () { _handleMessage(msg); });
|
|
301
|
+
});
|
|
302
|
+
|
|
303
|
+
function _handleMessage(msg) {
|
|
286
304
|
if (!msg || typeof msg !== "object") {
|
|
287
305
|
_emitAudit("sandbox.run.refused", "failure", {
|
|
288
306
|
reason: "sandbox/bad-worker-message", runtimeMs: Date.now() - startedAt, peakBytes: 0, sourceBytes: sourceBytes,
|
|
@@ -312,7 +330,7 @@ function run(opts) {
|
|
|
312
330
|
});
|
|
313
331
|
return reject(new SandboxError(msg.code || "sandbox/runtime-error",
|
|
314
332
|
msg.message || "sandbox.run: worker reported a refusal"));
|
|
315
|
-
}
|
|
333
|
+
}
|
|
316
334
|
|
|
317
335
|
worker.on("error", function (err) {
|
|
318
336
|
if (settled) return;
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "../scripts/release-notes-schema.json",
|
|
3
|
+
"version": "0.15.25",
|
|
4
|
+
"date": "2026-06-25",
|
|
5
|
+
"headline": "`b.sandbox.run` no longer leaks the worker thread's MessagePort — it now waits for the worker to terminate before resolving",
|
|
6
|
+
"summary": "b.sandbox.run spawned a worker thread to execute untrusted code and called worker.terminate() on both the result and timeout paths, but it settled the caller's promise BEFORE the asynchronous terminate() completed — leaving the worker's MessagePort alive past the resolve. In a long-lived process that runs sandboxed code repeatedly, each call leaked a MessagePort handle, keeping the event loop populated and slowing graceful shutdown. The call now awaits worker.terminate() before settling, so the handle is released when the promise resolves. Behaviour and return values are unchanged.",
|
|
7
|
+
"sections": [
|
|
8
|
+
{
|
|
9
|
+
"heading": "Fixed",
|
|
10
|
+
"items": [
|
|
11
|
+
{
|
|
12
|
+
"title": "b.sandbox.run releases the worker MessagePort before resolving",
|
|
13
|
+
"body": "b.sandbox.run resolved (or rejected) the caller's promise as soon as the worker reported a result or the timeout fired, while worker.terminate() — which is asynchronous — was still in flight, so the worker thread's MessagePort outlived the call and lingered as an open handle. Repeated sandbox runs in a long-lived process accumulated leaked MessagePorts that kept the event loop alive and delayed shutdown. The result and timeout paths now defer settling until worker.terminate() resolves; the error and exit paths already imply the worker is gone. The return value, audit events, and timeout semantics are unchanged."
|
|
14
|
+
}
|
|
15
|
+
]
|
|
16
|
+
}
|
|
17
|
+
]
|
|
18
|
+
}
|