@blamejs/blamejs-shop 0.4.55 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/admin.js +385 -2
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/lib/winback-campaigns.js +202 -42
- package/package.json +1 -1
|
@@ -69,7 +69,6 @@ var codepointClass = require("./codepoint-class");
|
|
|
69
69
|
var lazyRequire = require("./lazy-require");
|
|
70
70
|
var gateContract = require("./gate-contract");
|
|
71
71
|
var C = require("./constants");
|
|
72
|
-
var numericBounds = require("./numeric-bounds");
|
|
73
72
|
var safeYamlLazy = lazyRequire(function () { return require("./parsers/safe-yaml"); });
|
|
74
73
|
var { GuardYamlError } = require("./framework-error");
|
|
75
74
|
|
|
@@ -120,10 +119,7 @@ var PROFILES = Object.freeze({
|
|
|
120
119
|
leadingZeroPolicy: "reject",
|
|
121
120
|
duplicateKeyPolicy: "reject",
|
|
122
121
|
mergeKeyPolicy: "reject",
|
|
123
|
-
|
|
124
|
-
controlPolicy: "reject",
|
|
125
|
-
nullBytePolicy: "reject",
|
|
126
|
-
zeroWidthPolicy: "reject",
|
|
122
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
127
123
|
safeCoreTagsAllowed: false,
|
|
128
124
|
maxBytes: C.BYTES.mib(2),
|
|
129
125
|
maxDepth: 8, // recursion depth, not byte size
|
|
@@ -177,37 +173,13 @@ var PROFILES = Object.freeze({
|
|
|
177
173
|
},
|
|
178
174
|
});
|
|
179
175
|
|
|
180
|
-
var DEFAULTS =
|
|
181
|
-
|
|
182
|
-
maxRuntimeMs: C.TIME.seconds(10),
|
|
183
|
-
}));
|
|
184
|
-
|
|
185
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
186
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
187
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
188
|
-
}),
|
|
189
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
190
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
191
|
-
}),
|
|
192
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
193
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
194
|
-
}),
|
|
195
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
196
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
197
|
-
}),
|
|
176
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES, {
|
|
177
|
+
maxRuntimeMs: C.TIME.seconds(10),
|
|
198
178
|
});
|
|
199
179
|
|
|
200
|
-
|
|
180
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
|
|
201
181
|
|
|
202
|
-
|
|
203
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
204
|
-
profiles: PROFILES,
|
|
205
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
206
|
-
defaults: DEFAULTS,
|
|
207
|
-
errorClass: GuardYamlError,
|
|
208
|
-
errCodePrefix: "yaml",
|
|
209
|
-
});
|
|
210
|
-
}
|
|
182
|
+
// ---- Helpers ----
|
|
211
183
|
|
|
212
184
|
function _isDangerousTag(tag) {
|
|
213
185
|
for (var i = 0; i < DANGEROUS_TAG_PREFIXES.length; i += 1) {
|
|
@@ -237,16 +209,9 @@ function _scanTags(text) {
|
|
|
237
209
|
}
|
|
238
210
|
|
|
239
211
|
function _detectIssues(input, opts) {
|
|
240
|
-
var
|
|
241
|
-
if (
|
|
242
|
-
|
|
243
|
-
snippet: "input is not a string" }];
|
|
244
|
-
}
|
|
245
|
-
if (input.length > opts.maxBytes) {
|
|
246
|
-
return [{ kind: "too-large", severity: "high", ruleId: "yaml.too-large",
|
|
247
|
-
snippet: "input " + input.length +
|
|
248
|
-
" bytes exceeds maxBytes " + opts.maxBytes }];
|
|
249
|
-
}
|
|
212
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "yaml", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
|
|
213
|
+
if (pre.done) return pre.issues;
|
|
214
|
+
var issues = pre.issues;
|
|
250
215
|
|
|
251
216
|
// 1. Tag-injection scan.
|
|
252
217
|
var tagHits = _scanTags(input);
|
|
@@ -496,21 +461,12 @@ function _detectDuplicateKeysYaml(text) {
|
|
|
496
461
|
* rv.ok; // → false
|
|
497
462
|
* rv.issues.some(function (i) { return i.kind === "dangerous-tag"; }); // → true
|
|
498
463
|
*/
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
if (typeof input !== "string") {
|
|
506
|
-
return {
|
|
507
|
-
ok: false,
|
|
508
|
-
issues: [{ kind: "bad-input", severity: "high",
|
|
509
|
-
snippet: "input is not a string" }],
|
|
510
|
-
};
|
|
511
|
-
}
|
|
512
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
513
|
-
}
|
|
464
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
465
|
+
// (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
|
|
466
|
+
// input, resolveOpts(opts)))`, with the positive-finite-int opt caps declared
|
|
467
|
+
// via `intOpts`. A non-string input refuses through `_detectIssues`'s own
|
|
468
|
+
// bad-input branch, so the result shape is unchanged. The @primitive block
|
|
469
|
+
// above documents the resulting public ABI.
|
|
514
470
|
|
|
515
471
|
/**
|
|
516
472
|
* @primitive b.guardYaml.parse
|
|
@@ -548,7 +504,13 @@ function validate(input, opts) {
|
|
|
548
504
|
* safe.age; // → 30
|
|
549
505
|
*/
|
|
550
506
|
function parse(input, opts) {
|
|
551
|
-
opts =
|
|
507
|
+
opts = gateContract.resolveProfileAndPosture(opts, {
|
|
508
|
+
profiles: PROFILES,
|
|
509
|
+
compliancePostures: COMPLIANCE_POSTURES,
|
|
510
|
+
defaults: DEFAULTS,
|
|
511
|
+
errorClass: GuardYamlError,
|
|
512
|
+
errCodePrefix: "yaml",
|
|
513
|
+
});
|
|
552
514
|
if (typeof input !== "string") {
|
|
553
515
|
throw _err("yaml.bad-input", "parse requires string input");
|
|
554
516
|
}
|
|
@@ -605,7 +567,9 @@ module.exports = gateContract.defineGuard({
|
|
|
605
567
|
mimeTypes: ["application/yaml", "application/x-yaml", "text/yaml", "text/x-yaml"],
|
|
606
568
|
extensions: [".yml", ".yaml"],
|
|
607
569
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
608
|
-
|
|
570
|
+
detect: _detectIssues,
|
|
571
|
+
intOpts: ["maxBytes", "maxDepth", "maxAnchors", "maxAliasDepth",
|
|
572
|
+
"maxDocuments", "maxNodes", "maxScalarLength"],
|
|
609
573
|
extra: {
|
|
610
574
|
parse: parse,
|
|
611
575
|
DANGEROUS_TAG_PREFIXES: DANGEROUS_TAG_PREFIXES,
|
|
@@ -47,6 +47,7 @@ var canonicalJson = require("./canonical-json");
|
|
|
47
47
|
var safeUrl = require("./safe-url");
|
|
48
48
|
var structuredFields = require("./structured-fields");
|
|
49
49
|
var validateOpts = require("./validate-opts");
|
|
50
|
+
var numericBounds = require("./numeric-bounds");
|
|
50
51
|
var { HttpClientError } = require("./framework-error");
|
|
51
52
|
|
|
52
53
|
// ---- Tunables ----------------------------------------------------------
|
|
@@ -393,18 +394,10 @@ function memoryStore(opts) {
|
|
|
393
394
|
if (typeof opts !== "object") {
|
|
394
395
|
throw _hcErr("httpclient/cache-bad-opts", "memoryStore: opts must be an object");
|
|
395
396
|
}
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
"memoryStore: maxBytes must be a positive integer");
|
|
401
|
-
}
|
|
402
|
-
if (opts.maxEntries !== undefined &&
|
|
403
|
-
(typeof opts.maxEntries !== "number" || !isFinite(opts.maxEntries) ||
|
|
404
|
-
opts.maxEntries <= 0 || Math.floor(opts.maxEntries) !== opts.maxEntries)) {
|
|
405
|
-
throw _hcErr("httpclient/cache-bad-opts",
|
|
406
|
-
"memoryStore: maxEntries must be a positive integer");
|
|
407
|
-
}
|
|
397
|
+
numericBounds.requirePositiveFiniteIntIfPresent(opts.maxBytes,
|
|
398
|
+
"memoryStore: maxBytes", HttpClientError, "httpclient/cache-bad-opts", { permanent: true });
|
|
399
|
+
numericBounds.requirePositiveFiniteIntIfPresent(opts.maxEntries,
|
|
400
|
+
"memoryStore: maxEntries", HttpClientError, "httpclient/cache-bad-opts", { permanent: true });
|
|
408
401
|
if (opts.evictionPolicy !== undefined && opts.evictionPolicy !== "lru") {
|
|
409
402
|
throw _hcErr("httpclient/cache-bad-opts",
|
|
410
403
|
"memoryStore: evictionPolicy must be 'lru' (got " + JSON.stringify(opts.evictionPolicy) + ")");
|
|
@@ -170,10 +170,8 @@ function create(opts) {
|
|
|
170
170
|
}
|
|
171
171
|
var vault = opts.vault || null;
|
|
172
172
|
if (persist === "vault") {
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
"cookieJar.create: persist: 'vault' requires opts.vault with seal/unseal (pass b.vault)");
|
|
176
|
-
}
|
|
173
|
+
validateOpts.requireMethods(vault, ["seal", "unseal"],
|
|
174
|
+
"cookieJar.create: persist: 'vault' opts.vault (pass b.vault)", CookieJarError, "BAD_OPT");
|
|
177
175
|
}
|
|
178
176
|
var filePath = null;
|
|
179
177
|
if (persist === "file") {
|
|
@@ -53,6 +53,7 @@ var safeBuffer = require("./safe-buffer");
|
|
|
53
53
|
var safeUrl = require("./safe-url");
|
|
54
54
|
var ssrfGuard = require("./ssrf-guard");
|
|
55
55
|
var networkProxy = require("./network-proxy");
|
|
56
|
+
var numericBounds = require("./numeric-bounds");
|
|
56
57
|
var validateOpts = require("./validate-opts");
|
|
57
58
|
var { FrameworkError, HttpClientError } = require("./framework-error");
|
|
58
59
|
|
|
@@ -165,15 +166,9 @@ function configurePool(opts) {
|
|
|
165
166
|
"'. Allowed: " + allowed.join(", "));
|
|
166
167
|
}
|
|
167
168
|
}
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
" must be a positive integer, got " + JSON.stringify(value));
|
|
172
|
-
}
|
|
173
|
-
}
|
|
174
|
-
if (opts.maxSockets !== undefined) _requirePositiveInt("maxSockets", opts.maxSockets);
|
|
175
|
-
if (opts.maxFreeSockets !== undefined) _requirePositiveInt("maxFreeSockets", opts.maxFreeSockets);
|
|
176
|
-
if (opts.keepAliveMsecs !== undefined) _requirePositiveInt("keepAliveMsecs", opts.keepAliveMsecs);
|
|
169
|
+
numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
|
|
170
|
+
["maxSockets", "maxFreeSockets", "keepAliveMsecs"], "httpClient.configurePool",
|
|
171
|
+
HttpClientError, "httpclient/bad-opts", { permanent: true });
|
|
177
172
|
if (opts.keepAlive !== undefined && typeof opts.keepAlive !== "boolean") {
|
|
178
173
|
throw new Error("httpClient.configurePool: keepAlive must be a boolean");
|
|
179
174
|
}
|
|
@@ -1825,12 +1820,8 @@ function _validateDownloadOpts(opts) {
|
|
|
1825
1820
|
}
|
|
1826
1821
|
validateOpts.optionalPositiveFinite(opts.timeoutMs, "downloadStream: timeoutMs",
|
|
1827
1822
|
HttpClientError, "httpclient/bad-opts");
|
|
1828
|
-
|
|
1829
|
-
|
|
1830
|
-
Math.floor(opts.maxBytes) !== opts.maxBytes)) {
|
|
1831
|
-
throw _hcErr("httpclient/bad-opts",
|
|
1832
|
-
"downloadStream: maxBytes must be a positive finite integer");
|
|
1833
|
-
}
|
|
1823
|
+
numericBounds.requirePositiveFiniteIntIfPresent(opts.maxBytes,
|
|
1824
|
+
"downloadStream: maxBytes", HttpClientError, "httpclient/bad-opts", { permanent: true });
|
|
1834
1825
|
}
|
|
1835
1826
|
|
|
1836
1827
|
function _emitAudit(opts, action, outcome, metadata) {
|
|
@@ -2050,12 +2041,8 @@ function _validateUploadOpts(opts) {
|
|
|
2050
2041
|
}
|
|
2051
2042
|
validateOpts.optionalPositiveFinite(opts.timeoutMs, "uploadMultipartStream: timeoutMs",
|
|
2052
2043
|
HttpClientError, "httpclient/bad-opts");
|
|
2053
|
-
|
|
2054
|
-
|
|
2055
|
-
Math.floor(opts.maxBytes) !== opts.maxBytes)) {
|
|
2056
|
-
throw _hcErr("httpclient/bad-opts",
|
|
2057
|
-
"uploadMultipartStream: maxBytes must be a positive finite integer");
|
|
2058
|
-
}
|
|
2044
|
+
numericBounds.requirePositiveFiniteIntIfPresent(opts.maxBytes,
|
|
2045
|
+
"uploadMultipartStream: maxBytes", HttpClientError, "httpclient/bad-opts", { permanent: true });
|
|
2059
2046
|
}
|
|
2060
2047
|
|
|
2061
2048
|
/**
|
|
@@ -542,8 +542,9 @@ function verify(msg, opts) {
|
|
|
542
542
|
var member = digestMembers[di].trim();
|
|
543
543
|
var deq = member.indexOf("=");
|
|
544
544
|
if (deq < 1) continue;
|
|
545
|
-
|
|
546
|
-
|
|
545
|
+
var dkv = structuredFields.parseKeyValuePiece(member);
|
|
546
|
+
if (dkv.key !== "sha3-512") continue;
|
|
547
|
+
var memberCanonical = "sha3-512=" + dkv.value.trim();
|
|
547
548
|
// crypto.timingSafeEqual is the length-tolerant constant-time wrapper
|
|
548
549
|
// (returns false for unequal lengths without leaking via a length branch).
|
|
549
550
|
if (bCrypto.timingSafeEqual(memberCanonical, expectedDigest)) { matchedDigest = true; break; }
|
|
@@ -45,6 +45,7 @@
|
|
|
45
45
|
* shaped JSON entries continue to work unchanged.
|
|
46
46
|
*/
|
|
47
47
|
var lazyRequire = require("./lazy-require");
|
|
48
|
+
var boundedMap = require("./bounded-map");
|
|
48
49
|
var { defineClass } = require("./framework-error");
|
|
49
50
|
|
|
50
51
|
var I18nMessageFormatError = defineClass("I18nMessageFormatError",
|
|
@@ -314,12 +315,9 @@ function _skipWs(state) {
|
|
|
314
315
|
var _pluralRulesCache = new Map();
|
|
315
316
|
function _pluralRules(locale, type) {
|
|
316
317
|
var key = locale + "\x1f" + type;
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
_pluralRulesCache.set(key, pr);
|
|
321
|
-
}
|
|
322
|
-
return pr;
|
|
318
|
+
return boundedMap.getOrInsert(_pluralRulesCache, key, function () {
|
|
319
|
+
return new Intl.PluralRules(locale, { type: type });
|
|
320
|
+
});
|
|
323
321
|
}
|
|
324
322
|
|
|
325
323
|
function format(template, vars, locale) {
|
|
@@ -382,7 +380,7 @@ function looksLikeMessageFormat(template) {
|
|
|
382
380
|
if (typeof template !== "string") return false;
|
|
383
381
|
// Cheap structural check — full-syntax detection comes from parse()
|
|
384
382
|
// throwing if it isn't valid MessageFormat.
|
|
385
|
-
return /\{[^}]+,\s*(plural|select|selectordinal)\b/.test(template);
|
|
383
|
+
return /\{[^{}]+,\s*(plural|select|selectordinal)\b/.test(template);
|
|
386
384
|
}
|
|
387
385
|
|
|
388
386
|
module.exports = {
|
|
@@ -64,7 +64,7 @@ var requestHelpers = require("./request-helpers");
|
|
|
64
64
|
var safeJson = require("./safe-json");
|
|
65
65
|
var validateOpts = require("./validate-opts");
|
|
66
66
|
var { I18nError } = require("./framework-error");
|
|
67
|
-
var { boundedMap } = require("./bounded-map");
|
|
67
|
+
var { boundedMap, getOrInsert } = require("./bounded-map");
|
|
68
68
|
|
|
69
69
|
// Per-instance formatter caches are keyed on (locale, JSON.stringify
|
|
70
70
|
// formatOpts). A fixed `locales` set bounds the locale axis, but operators
|
|
@@ -133,6 +133,80 @@ function _validateLocaleArray(name, value) {
|
|
|
133
133
|
}
|
|
134
134
|
}
|
|
135
135
|
|
|
136
|
+
// Pure resolution-chain builder — the subtag-strip walk shared by the
|
|
137
|
+
// instance lookup and the public localeChain primitive. Start at the requested
|
|
138
|
+
// locale and strip subtag suffixes right-to-left ("pt-BR" -> "pt"); subtag
|
|
139
|
+
// stripping always applies (same language, less specific). Cross-locale
|
|
140
|
+
// fallback (to fallbackLocale, then defaultLocale) fires only when
|
|
141
|
+
// fallbackLocale is non-null — fallbackLocale: null is strict "this locale or
|
|
142
|
+
// miss". No duplicate baseline.
|
|
143
|
+
function _buildLocaleChain(locale, fallbackLocale, defaultLocale) {
|
|
144
|
+
var chain = [];
|
|
145
|
+
var current = locale;
|
|
146
|
+
while (current && chain.indexOf(current) === -1) {
|
|
147
|
+
chain.push(current);
|
|
148
|
+
var dash = current.lastIndexOf("-");
|
|
149
|
+
if (dash === -1) break;
|
|
150
|
+
current = current.slice(0, dash);
|
|
151
|
+
}
|
|
152
|
+
if (fallbackLocale === null) return chain;
|
|
153
|
+
if (chain.indexOf(fallbackLocale) === -1) chain.push(fallbackLocale);
|
|
154
|
+
if (chain.indexOf(defaultLocale) === -1) chain.push(defaultLocale);
|
|
155
|
+
return chain;
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
/**
|
|
159
|
+
* @primitive b.i18n.localeChain
|
|
160
|
+
* @signature b.i18n.localeChain(locale, opts)
|
|
161
|
+
* @since 0.15.13
|
|
162
|
+
* @status stable
|
|
163
|
+
* @related b.i18n.create
|
|
164
|
+
*
|
|
165
|
+
* Resolve a requested BCP 47 locale to its ordered fallback chain — the same
|
|
166
|
+
* subtag-strip logic the file-backed `t()` lookup uses, surfaced as a pure,
|
|
167
|
+
* instance-independent function so a data-backed consumer (translations in a
|
|
168
|
+
* database row, a CMS page, a CDN-cached asset) can drive its own per-`(resource,
|
|
169
|
+
* locale, field)` lookups on the framework's BCP 47 fallback instead of
|
|
170
|
+
* re-deriving subtag stripping by hand.
|
|
171
|
+
*
|
|
172
|
+
* Pure: no file loading, no message lookup. The chain is the requested locale,
|
|
173
|
+
* then each subtag-stripped parent ("fr-CA" -> "fr"), then `fallbackLocale`,
|
|
174
|
+
* then `defaultLocale`, de-duplicated. `fallbackLocale: null` gives strict
|
|
175
|
+
* "this locale or its parents only" (no cross-locale jump).
|
|
176
|
+
*
|
|
177
|
+
* @opts
|
|
178
|
+
* defaultLocale: string, // BCP 47; required; the final baseline
|
|
179
|
+
* fallbackLocale: string | null, // null = strict; omitted = defaultLocale
|
|
180
|
+
* locales: string[], // optional configured set; when given, defaultLocale + fallbackLocale must be members
|
|
181
|
+
*
|
|
182
|
+
* @example
|
|
183
|
+
* b.i18n.localeChain("fr-CA", { defaultLocale: "en", fallbackLocale: "en" });
|
|
184
|
+
* // → ["fr-CA", "fr", "en"]
|
|
185
|
+
* b.i18n.localeChain("zh-Hant-TW", { defaultLocale: "en", fallbackLocale: null });
|
|
186
|
+
* // → ["zh-Hant-TW", "zh-Hant", "zh"] (strict — no jump to en)
|
|
187
|
+
*/
|
|
188
|
+
function localeChain(locale, opts) {
|
|
189
|
+
opts = opts || {};
|
|
190
|
+
_validateLocale("i18n.localeChain: locale", locale);
|
|
191
|
+
_validateLocale("i18n.localeChain: defaultLocale", opts.defaultLocale);
|
|
192
|
+
var defaultLocale = opts.defaultLocale;
|
|
193
|
+
var fallbackLocale = (opts.fallbackLocale === null) ? null
|
|
194
|
+
: ((opts.fallbackLocale === undefined) ? defaultLocale : opts.fallbackLocale);
|
|
195
|
+
if (fallbackLocale !== null) _validateLocale("i18n.localeChain: fallbackLocale", fallbackLocale);
|
|
196
|
+
if (opts.locales !== undefined) {
|
|
197
|
+
_validateLocaleArray("i18n.localeChain: locales", opts.locales);
|
|
198
|
+
if (opts.locales.indexOf(defaultLocale) === -1) {
|
|
199
|
+
throw _err("BAD_OPT", "i18n.localeChain: defaultLocale '" + defaultLocale +
|
|
200
|
+
"' must be one of the configured locales");
|
|
201
|
+
}
|
|
202
|
+
if (fallbackLocale !== null && opts.locales.indexOf(fallbackLocale) === -1) {
|
|
203
|
+
throw _err("BAD_OPT", "i18n.localeChain: fallbackLocale '" + fallbackLocale +
|
|
204
|
+
"' must be one of the configured locales");
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
return _buildLocaleChain(locale, fallbackLocale, defaultLocale);
|
|
208
|
+
}
|
|
209
|
+
|
|
136
210
|
function _validateInterpolation(value) {
|
|
137
211
|
if (value === undefined) return DEFAULTS.interpolation;
|
|
138
212
|
if (typeof value !== "object" || value === null) {
|
|
@@ -366,13 +440,11 @@ function _makeFormatterCache(make, kind, emitObs) {
|
|
|
366
440
|
return function getFormatter(locale, formatOpts) {
|
|
367
441
|
var optsKey = formatOpts ? JSON.stringify(formatOpts) : "";
|
|
368
442
|
var cacheKey = locale + "\x1f" + optsKey;
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
f = make(locale, formatOpts);
|
|
372
|
-
cache.set(cacheKey, f);
|
|
443
|
+
return getOrInsert(cache, cacheKey, function () {
|
|
444
|
+
var f = make(locale, formatOpts);
|
|
373
445
|
emitObs("i18n.format.created", { kind: kind, locale: locale });
|
|
374
|
-
|
|
375
|
-
|
|
446
|
+
return f;
|
|
447
|
+
});
|
|
376
448
|
};
|
|
377
449
|
}
|
|
378
450
|
|
|
@@ -572,25 +644,9 @@ function create(opts) {
|
|
|
572
644
|
}
|
|
573
645
|
|
|
574
646
|
function _localeChain(locale) {
|
|
575
|
-
//
|
|
576
|
-
//
|
|
577
|
-
|
|
578
|
-
// cross-locale jump. Cross-locale fallback (to fallbackLocale, then
|
|
579
|
-
// defaultLocale) only fires when fallbackLocale is non-null —
|
|
580
|
-
// operators who set fallbackLocale: null get strict "this locale or
|
|
581
|
-
// miss" semantics.
|
|
582
|
-
var chain = [];
|
|
583
|
-
var current = locale;
|
|
584
|
-
while (current && chain.indexOf(current) === -1) {
|
|
585
|
-
chain.push(current);
|
|
586
|
-
var dash = current.lastIndexOf("-");
|
|
587
|
-
if (dash === -1) break;
|
|
588
|
-
current = current.slice(0, dash);
|
|
589
|
-
}
|
|
590
|
-
if (fallbackLocale === null) return chain;
|
|
591
|
-
if (chain.indexOf(fallbackLocale) === -1) chain.push(fallbackLocale);
|
|
592
|
-
if (chain.indexOf(defaultLocale) === -1) chain.push(defaultLocale);
|
|
593
|
-
return chain;
|
|
647
|
+
// Delegates to the module-level pure builder; fallbackLocale /
|
|
648
|
+
// defaultLocale are this instance's resolved config.
|
|
649
|
+
return _buildLocaleChain(locale, fallbackLocale, defaultLocale);
|
|
594
650
|
}
|
|
595
651
|
|
|
596
652
|
function _lookupRaw(key, locale) {
|
|
@@ -932,6 +988,7 @@ var messageFormat = require("./i18n-messageformat");
|
|
|
932
988
|
|
|
933
989
|
module.exports = {
|
|
934
990
|
create: create,
|
|
991
|
+
localeChain: localeChain,
|
|
935
992
|
messageFormat: messageFormat,
|
|
936
993
|
I18nError: I18nError,
|
|
937
994
|
DEFAULTS: DEFAULTS,
|
|
@@ -43,9 +43,11 @@
|
|
|
43
43
|
*/
|
|
44
44
|
|
|
45
45
|
var C = require("./constants");
|
|
46
|
+
var codepointClass = require("./codepoint-class");
|
|
46
47
|
var lazyRequire = require("./lazy-require");
|
|
47
48
|
var safeJson = require("./safe-json");
|
|
48
49
|
var safeSql = require("./safe-sql");
|
|
50
|
+
var safeBuffer = require("./safe-buffer");
|
|
49
51
|
var sql = require("./sql");
|
|
50
52
|
var validateOpts = require("./validate-opts");
|
|
51
53
|
var { defineClass } = require("./framework-error");
|
|
@@ -204,13 +206,11 @@ function create(opts) {
|
|
|
204
206
|
}
|
|
205
207
|
|
|
206
208
|
function _rejectControlChars(value, label, field) {
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
" (codepoint " + code + ")");
|
|
213
|
-
}
|
|
209
|
+
var _off = codepointClass.firstControlCharOffset(value); // allow tab (RFC 5322 folding WS)
|
|
210
|
+
if (_off !== -1) {
|
|
211
|
+
throw new InboxError("inbox/bad-receive",
|
|
212
|
+
label + ": " + field + " contains control character at index " + _off +
|
|
213
|
+
" (codepoint " + value.charCodeAt(_off) + ")");
|
|
214
214
|
}
|
|
215
215
|
}
|
|
216
216
|
|
|
@@ -223,7 +223,7 @@ function create(opts) {
|
|
|
223
223
|
var metaJson = null;
|
|
224
224
|
if (receiveOpts.metadata != null) {
|
|
225
225
|
var serialized = safeJson.stringify(receiveOpts.metadata);
|
|
226
|
-
if (serialized
|
|
226
|
+
if (safeBuffer.byteLengthOf(serialized) > maxPayloadBytes) {
|
|
227
227
|
throw new InboxError("inbox/bad-receive",
|
|
228
228
|
"recordReceive: metadata serialized exceeds maxPayloadBytes (" +
|
|
229
229
|
maxPayloadBytes + " bytes)");
|
|
@@ -138,7 +138,6 @@ function create(opts) {
|
|
|
138
138
|
"audit", "persist", "onStage", "deadlines", "now",
|
|
139
139
|
], "incident.report");
|
|
140
140
|
|
|
141
|
-
var auditOn = opts.audit !== false;
|
|
142
141
|
var persist = typeof opts.persist === "function" ? opts.persist : null;
|
|
143
142
|
var onStage = typeof opts.onStage === "function" ? opts.onStage : null;
|
|
144
143
|
var deadlinesOverride = opts.deadlines || null;
|
|
@@ -150,20 +149,8 @@ function create(opts) {
|
|
|
150
149
|
var incidents = new Map();
|
|
151
150
|
var seq = 0;
|
|
152
151
|
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
try {
|
|
156
|
-
audit().safeEmit({
|
|
157
|
-
action: "incident.report." + action,
|
|
158
|
-
outcome: outcome,
|
|
159
|
-
metadata: metadata || {},
|
|
160
|
-
});
|
|
161
|
-
} catch (_e) { /* drop-silent */ }
|
|
162
|
-
}
|
|
163
|
-
function _emitMetric(verb, n, labels) {
|
|
164
|
-
try { observability().safeEvent("incident.report." + verb, n || 1, labels || {}); }
|
|
165
|
-
catch (_e) { /* drop-silent */ }
|
|
166
|
-
}
|
|
152
|
+
var _emitAudit = audit().namespaced("incident.report", opts.audit);
|
|
153
|
+
var _emitMetric = observability().namespaced("incident.report");
|
|
167
154
|
|
|
168
155
|
function _genIncidentId(regime, detectedAt) {
|
|
169
156
|
seq += 1;
|
|
@@ -339,12 +326,7 @@ function createDeadlineClock(opts) {
|
|
|
339
326
|
var tracked = new Map(); // incidentId -> { detectedAt, dueBy, regime, acked, fired }
|
|
340
327
|
var timer = null;
|
|
341
328
|
|
|
342
|
-
|
|
343
|
-
if (!auditOn) return;
|
|
344
|
-
try {
|
|
345
|
-
audit().safeEmit({ action: "incident.report.clock." + action, outcome: outcome, metadata: metadata || {} });
|
|
346
|
-
} catch (_e) { /* drop-silent — by design */ }
|
|
347
|
-
}
|
|
329
|
+
var _emit = audit().namespaced("incident.report.clock", auditOn);
|
|
348
330
|
function _notify(payload) {
|
|
349
331
|
if (!notify) return;
|
|
350
332
|
try {
|
|
@@ -82,9 +82,9 @@ function expandIpv6Groups(ip) {
|
|
|
82
82
|
// Loose IPv4 textual-form check — for primitives that need to
|
|
83
83
|
// classify a string as "looks like dotted-quad IPv4" but don't need
|
|
84
84
|
// the strict per-octet bound check (callers that DO need octet
|
|
85
|
-
// bounds use
|
|
86
|
-
// `lib/mail
|
|
87
|
-
//
|
|
85
|
+
// bounds use `isIPv4` below). Shared so `lib/mail.js`,
|
|
86
|
+
// `lib/mail-helo.js`, and `lib/redis-client.js` don't drift on the
|
|
87
|
+
// same shape.
|
|
88
88
|
//
|
|
89
89
|
// isIPv4Shape("1.2.3.4") → true
|
|
90
90
|
// isIPv4Shape("999.0.0.0") → true (shape only; octets unbounded)
|
|
@@ -95,8 +95,51 @@ function isIPv4Shape(s) {
|
|
|
95
95
|
return typeof s === "string" && IPV4_SHAPE_RE.test(s);
|
|
96
96
|
}
|
|
97
97
|
|
|
98
|
+
// Strict RFC 791 dotted-quad IPv4: four 0-255 octets separated by `.`.
|
|
99
|
+
// The single source for textual IPv4 validation across the framework
|
|
100
|
+
// — `b.mail.greylist` / `b.mail.rbl` CIDR fingerprinting, `b.mail.helo`
|
|
101
|
+
// RFC 5321 §4.1.3 address-literals, `b.guardDomain` IPv4-as-domain
|
|
102
|
+
// detection, and `b.safeSchema` `.ip()`. Hand-rolling the per-octet
|
|
103
|
+
// alternation had drifted into several spellings; this is canonical.
|
|
104
|
+
//
|
|
105
|
+
// isIPv4("203.0.113.42") → true
|
|
106
|
+
// isIPv4("256.0.0.1") → false (octet > 255)
|
|
107
|
+
// isIPv4("1.2.3") → false (three octets)
|
|
108
|
+
var IPV4_RE = /^(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}$/; // allow:regex-no-length-cap — anchored + per-octet repeat-cap
|
|
109
|
+
function isIPv4(s) {
|
|
110
|
+
return typeof s === "string" && IPV4_RE.test(s);
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
// RFC 5321 §4.1.3 IPv4 address-literal `[1.2.3.4]`. Capture group 1 is
|
|
114
|
+
// the inner dotted-quad; `b.mail.helo` matches a claimed literal
|
|
115
|
+
// against the connection IP. Same per-octet bound as `IPV4_RE`.
|
|
116
|
+
var IPV4_ADDR_LITERAL_RE = /^\[((?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})\]$/; // allow:regex-no-length-cap — anchored + per-octet repeat-cap
|
|
117
|
+
|
|
118
|
+
// Loose IPv6 textual pre-filter: hex digits + colons only, bounded to
|
|
119
|
+
// the RFC 4291 §2.2 max no-IPv4-tail textual length (8 groups × 4 hex
|
|
120
|
+
// + 7 colons = 39). A cheap fail-fast before the full `expandIpv6Hex`
|
|
121
|
+
// parse — NOT a complete validator; callers follow with
|
|
122
|
+
// `expandIpv6Hex`. A hex-colon string longer than 39 chars is never a
|
|
123
|
+
// valid IPv6 textual form, so the bound only rejects garbage.
|
|
124
|
+
//
|
|
125
|
+
// looksLikeIPv6Hex("2001:db8::1") → true
|
|
126
|
+
// looksLikeIPv6Hex("::1") → true
|
|
127
|
+
// looksLikeIPv6Hex("::ffff:1.2.3.4")→ false (dotted tail — use expandIpv6Hex)
|
|
128
|
+
// looksLikeIPv6Hex("nothex") → false
|
|
129
|
+
var IPV6_TEXT_MAX_LEN = 39; // RFC 4291 §2.2 max no-IPv4-tail textual length
|
|
130
|
+
var IPV6_HEX_RE = /^[0-9a-fA-F:]+$/; // allow:regex-no-length-cap — length-bounded by IPV6_TEXT_MAX_LEN in looksLikeIPv6Hex
|
|
131
|
+
function looksLikeIPv6Hex(s) {
|
|
132
|
+
return typeof s === "string" && s.length <= IPV6_TEXT_MAX_LEN && IPV6_HEX_RE.test(s);
|
|
133
|
+
}
|
|
134
|
+
|
|
98
135
|
module.exports = {
|
|
99
|
-
expandIpv6Hex:
|
|
100
|
-
expandIpv6Groups:
|
|
101
|
-
isIPv4Shape:
|
|
136
|
+
expandIpv6Hex: expandIpv6Hex,
|
|
137
|
+
expandIpv6Groups: expandIpv6Groups,
|
|
138
|
+
isIPv4Shape: isIPv4Shape,
|
|
139
|
+
isIPv4: isIPv4,
|
|
140
|
+
IPV4_RE: IPV4_RE,
|
|
141
|
+
IPV4_ADDR_LITERAL_RE: IPV4_ADDR_LITERAL_RE,
|
|
142
|
+
looksLikeIPv6Hex: looksLikeIPv6Hex,
|
|
143
|
+
IPV6_HEX_RE: IPV6_HEX_RE,
|
|
144
|
+
IPV6_TEXT_MAX_LEN: IPV6_TEXT_MAX_LEN,
|
|
102
145
|
};
|
|
@@ -77,6 +77,7 @@ var { boot } = require("./log");
|
|
|
77
77
|
var queue = require("./queue");
|
|
78
78
|
var validateOpts = require("./validate-opts");
|
|
79
79
|
var { JobsError } = require("./framework-error");
|
|
80
|
+
var boundedMap = require("./bounded-map");
|
|
80
81
|
|
|
81
82
|
var log = boot("jobs");
|
|
82
83
|
|
|
@@ -102,10 +103,10 @@ function create(opts) {
|
|
|
102
103
|
if (typeof handler !== "function") {
|
|
103
104
|
throw _err("INVALID_HANDLER", "jobs.define: handler must be a function", true);
|
|
104
105
|
}
|
|
105
|
-
|
|
106
|
+
boundedMap.requireAbsent(registry, name, function () {
|
|
106
107
|
throw _err("DUPLICATE_NAME",
|
|
107
108
|
"jobs.define: '" + name + "' is already defined", true);
|
|
108
|
-
}
|
|
109
|
+
});
|
|
109
110
|
if (started) {
|
|
110
111
|
// Defining after start would mean the new handler doesn't run
|
|
111
112
|
// until the next start cycle. Reject loudly so operators don't
|
|
@@ -242,24 +242,12 @@ async function _writeFile(fallbackFile, doc, passphrase) {
|
|
|
242
242
|
// Drain a stream into a Buffer, honoring an upper byte cap so a
|
|
243
243
|
// runaway tool can't OOM the framework.
|
|
244
244
|
function _drain(stream, capBytes) {
|
|
245
|
-
return
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
sizeMessage: "native tool output exceeded " + capBytes + " bytes",
|
|
252
|
-
});
|
|
253
|
-
stream.on("data", function (chunk) {
|
|
254
|
-
try {
|
|
255
|
-
collector.push(chunk);
|
|
256
|
-
} catch (e) {
|
|
257
|
-
try { stream.destroy(); } catch (_e) { /* destroy best-effort */ }
|
|
258
|
-
reject(e);
|
|
259
|
-
}
|
|
260
|
-
});
|
|
261
|
-
stream.on("end", function () { resolve(collector.result()); });
|
|
262
|
-
stream.on("error", function (e) { reject(e); });
|
|
245
|
+
if (!stream) return Promise.resolve(Buffer.alloc(0));
|
|
246
|
+
return safeBuffer.collectStream(stream, {
|
|
247
|
+
maxBytes: capBytes,
|
|
248
|
+
errorClass: KeychainError,
|
|
249
|
+
sizeCode: "keychain/native-output-too-large",
|
|
250
|
+
sizeMessage: "native tool output exceeded " + capBytes + " bytes",
|
|
263
251
|
});
|
|
264
252
|
}
|
|
265
253
|
|