@blamejs/blamejs-shop 0.4.56 → 0.4.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (402) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/affiliates.js +35 -4
  3. package/lib/api-keys.js +17 -2
  4. package/lib/asset-manifest.json +1 -1
  5. package/lib/backorder.js +21 -4
  6. package/lib/click-and-collect.js +11 -2
  7. package/lib/credit-limits.js +132 -84
  8. package/lib/vendor/MANIFEST.json +426 -366
  9. package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
  10. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
  11. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
  12. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
  13. package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
  14. package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
  15. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
  16. package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
  17. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  18. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
  19. package/lib/vendor/blamejs/CHANGELOG.md +2 -0
  20. package/lib/vendor/blamejs/api-snapshot.json +1381 -4
  21. package/lib/vendor/blamejs/eslint.config.mjs +1 -0
  22. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
  23. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
  24. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
  25. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
  26. package/lib/vendor/blamejs/index.js +2 -0
  27. package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
  28. package/lib/vendor/blamejs/lib/acme.js +6 -5
  29. package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
  30. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
  31. package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
  32. package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
  33. package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
  34. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
  35. package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
  36. package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
  37. package/lib/vendor/blamejs/lib/ai-input.js +2 -2
  38. package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
  39. package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
  40. package/lib/vendor/blamejs/lib/api-key.js +37 -28
  41. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
  42. package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
  43. package/lib/vendor/blamejs/lib/archive-read.js +5 -17
  44. package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
  45. package/lib/vendor/blamejs/lib/archive.js +2 -10
  46. package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
  47. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
  48. package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
  49. package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
  50. package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
  51. package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
  52. package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
  53. package/lib/vendor/blamejs/lib/audit.js +84 -0
  54. package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
  55. package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
  56. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
  57. package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
  58. package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
  59. package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
  60. package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
  61. package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
  62. package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
  63. package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
  64. package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
  65. package/lib/vendor/blamejs/lib/auth/password.js +7 -1
  66. package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
  67. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
  68. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
  69. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
  70. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
  71. package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
  72. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
  73. package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
  74. package/lib/vendor/blamejs/lib/backup/index.js +14 -47
  75. package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
  76. package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
  77. package/lib/vendor/blamejs/lib/cache.js +7 -18
  78. package/lib/vendor/blamejs/lib/cbor.js +2 -1
  79. package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
  80. package/lib/vendor/blamejs/lib/cert.js +3 -10
  81. package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
  82. package/lib/vendor/blamejs/lib/cli.js +5 -1
  83. package/lib/vendor/blamejs/lib/client-hints.js +7 -9
  84. package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
  85. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
  86. package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
  87. package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
  88. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
  89. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
  90. package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
  91. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
  92. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
  93. package/lib/vendor/blamejs/lib/compliance.js +2 -9
  94. package/lib/vendor/blamejs/lib/config-drift.js +2 -12
  95. package/lib/vendor/blamejs/lib/content-digest.js +10 -8
  96. package/lib/vendor/blamejs/lib/cookies.js +5 -11
  97. package/lib/vendor/blamejs/lib/cose.js +19 -11
  98. package/lib/vendor/blamejs/lib/cra-report.js +1 -11
  99. package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
  100. package/lib/vendor/blamejs/lib/crypto.js +120 -3
  101. package/lib/vendor/blamejs/lib/csp.js +235 -3
  102. package/lib/vendor/blamejs/lib/daemon.js +42 -41
  103. package/lib/vendor/blamejs/lib/data-act.js +19 -9
  104. package/lib/vendor/blamejs/lib/db-query.js +6 -40
  105. package/lib/vendor/blamejs/lib/db.js +34 -12
  106. package/lib/vendor/blamejs/lib/dbsc.js +5 -6
  107. package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
  108. package/lib/vendor/blamejs/lib/deprecate.js +4 -5
  109. package/lib/vendor/blamejs/lib/did.js +6 -2
  110. package/lib/vendor/blamejs/lib/dsr.js +8 -12
  111. package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
  112. package/lib/vendor/blamejs/lib/external-db.js +14 -26
  113. package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
  114. package/lib/vendor/blamejs/lib/fdx.js +22 -18
  115. package/lib/vendor/blamejs/lib/file-upload.js +80 -66
  116. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
  117. package/lib/vendor/blamejs/lib/framework-error.js +12 -0
  118. package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
  119. package/lib/vendor/blamejs/lib/fsm.js +7 -12
  120. package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
  121. package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
  122. package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
  123. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
  124. package/lib/vendor/blamejs/lib/guard-all.js +1 -0
  125. package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
  126. package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
  127. package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
  128. package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
  129. package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
  130. package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
  131. package/lib/vendor/blamejs/lib/guard-email.js +46 -53
  132. package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
  133. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
  134. package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
  135. package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
  136. package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
  137. package/lib/vendor/blamejs/lib/guard-html.js +65 -117
  138. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
  139. package/lib/vendor/blamejs/lib/guard-image.js +280 -77
  140. package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
  141. package/lib/vendor/blamejs/lib/guard-json.js +87 -103
  142. package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
  143. package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
  144. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
  145. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
  146. package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
  147. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
  148. package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
  149. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
  150. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
  151. package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
  152. package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
  153. package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
  154. package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
  155. package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
  156. package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
  157. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
  158. package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
  159. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
  160. package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
  161. package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
  162. package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
  163. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
  164. package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
  165. package/lib/vendor/blamejs/lib/guard-template.js +23 -80
  166. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
  167. package/lib/vendor/blamejs/lib/guard-text.js +592 -0
  168. package/lib/vendor/blamejs/lib/guard-time.js +27 -95
  169. package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
  170. package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
  171. package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
  172. package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
  173. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
  174. package/lib/vendor/blamejs/lib/http-client.js +8 -21
  175. package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
  176. package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
  177. package/lib/vendor/blamejs/lib/i18n.js +83 -26
  178. package/lib/vendor/blamejs/lib/inbox.js +8 -8
  179. package/lib/vendor/blamejs/lib/incident-report.js +3 -21
  180. package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
  181. package/lib/vendor/blamejs/lib/jobs.js +3 -2
  182. package/lib/vendor/blamejs/lib/keychain.js +6 -18
  183. package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
  184. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
  185. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
  186. package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
  187. package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
  188. package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
  189. package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
  190. package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
  191. package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
  192. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
  193. package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
  194. package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
  195. package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
  196. package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
  197. package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
  198. package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
  199. package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
  200. package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
  201. package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
  202. package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
  203. package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
  204. package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
  205. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
  206. package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
  207. package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
  208. package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
  209. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
  210. package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
  211. package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
  212. package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
  213. package/lib/vendor/blamejs/lib/mail-store.js +3 -2
  214. package/lib/vendor/blamejs/lib/mail.js +6 -11
  215. package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
  216. package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
  217. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
  218. package/lib/vendor/blamejs/lib/mcp.js +1 -1
  219. package/lib/vendor/blamejs/lib/mdoc.js +11 -12
  220. package/lib/vendor/blamejs/lib/metrics.js +32 -30
  221. package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
  222. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
  223. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
  224. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
  225. package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
  226. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
  227. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
  228. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
  229. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
  230. package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
  231. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
  232. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
  233. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
  234. package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
  235. package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
  236. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
  237. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
  238. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
  239. package/lib/vendor/blamejs/lib/migrations.js +4 -13
  240. package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
  241. package/lib/vendor/blamejs/lib/module-loader.js +44 -0
  242. package/lib/vendor/blamejs/lib/money.js +105 -0
  243. package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
  244. package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
  245. package/lib/vendor/blamejs/lib/network-dane.js +8 -6
  246. package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
  247. package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
  248. package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
  249. package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
  250. package/lib/vendor/blamejs/lib/network-tls.js +40 -42
  251. package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
  252. package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
  253. package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
  254. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
  255. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
  256. package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
  257. package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
  258. package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
  259. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
  260. package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
  261. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
  262. package/lib/vendor/blamejs/lib/observability.js +95 -0
  263. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
  264. package/lib/vendor/blamejs/lib/otel-export.js +7 -10
  265. package/lib/vendor/blamejs/lib/outbox.js +43 -37
  266. package/lib/vendor/blamejs/lib/pagination.js +11 -15
  267. package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
  268. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
  269. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
  270. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
  271. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
  272. package/lib/vendor/blamejs/lib/pick.js +63 -5
  273. package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
  274. package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
  275. package/lib/vendor/blamejs/lib/problem-details.js +2 -5
  276. package/lib/vendor/blamejs/lib/pubsub.js +4 -8
  277. package/lib/vendor/blamejs/lib/redact.js +2 -1
  278. package/lib/vendor/blamejs/lib/render.js +4 -2
  279. package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
  280. package/lib/vendor/blamejs/lib/restore.js +5 -22
  281. package/lib/vendor/blamejs/lib/retention.js +3 -5
  282. package/lib/vendor/blamejs/lib/safe-async.js +457 -0
  283. package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
  284. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
  285. package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
  286. package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
  287. package/lib/vendor/blamejs/lib/safe-json.js +7 -8
  288. package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
  289. package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
  290. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
  291. package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
  292. package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
  293. package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
  294. package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
  295. package/lib/vendor/blamejs/lib/sandbox.js +3 -2
  296. package/lib/vendor/blamejs/lib/scheduler.js +5 -12
  297. package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
  298. package/lib/vendor/blamejs/lib/seeders.js +4 -11
  299. package/lib/vendor/blamejs/lib/self-update.js +92 -69
  300. package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
  301. package/lib/vendor/blamejs/lib/session.js +194 -6
  302. package/lib/vendor/blamejs/lib/sql.js +225 -78
  303. package/lib/vendor/blamejs/lib/sse.js +6 -10
  304. package/lib/vendor/blamejs/lib/static.js +136 -98
  305. package/lib/vendor/blamejs/lib/storage.js +4 -2
  306. package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
  307. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
  308. package/lib/vendor/blamejs/lib/tsa.js +11 -15
  309. package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
  310. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
  311. package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
  312. package/lib/vendor/blamejs/lib/vc.js +2 -7
  313. package/lib/vendor/blamejs/lib/vex.js +35 -13
  314. package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
  315. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
  316. package/lib/vendor/blamejs/lib/webhook.js +43 -18
  317. package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
  318. package/lib/vendor/blamejs/lib/websocket.js +7 -3
  319. package/lib/vendor/blamejs/lib/worm.js +2 -3
  320. package/lib/vendor/blamejs/lib/ws-client.js +8 -10
  321. package/lib/vendor/blamejs/package.json +1 -1
  322. package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
  323. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
  324. package/lib/vendor/blamejs/test/00-primitives.js +136 -7
  325. package/lib/vendor/blamejs/test/10-state.js +9 -3
  326. package/lib/vendor/blamejs/test/30-chain.js +40 -0
  327. package/lib/vendor/blamejs/test/helpers/check.js +18 -0
  328. package/lib/vendor/blamejs/test/helpers/db.js +4 -0
  329. package/lib/vendor/blamejs/test/helpers/index.js +1 -0
  330. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
  331. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
  332. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
  333. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
  334. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
  335. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
  336. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
  337. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
  338. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
  339. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
  340. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
  341. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
  342. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
  343. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
  344. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
  345. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
  346. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
  347. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
  348. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
  349. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
  350. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
  351. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
  352. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
  353. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
  354. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
  355. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
  356. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
  357. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
  358. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
  359. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
  360. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
  361. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  362. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
  363. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
  364. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
  365. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
  366. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
  367. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
  368. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
  369. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
  370. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
  371. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
  372. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
  373. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
  374. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
  375. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
  376. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
  377. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
  378. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
  379. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
  380. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
  381. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
  382. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
  383. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
  384. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
  385. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
  386. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
  387. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
  388. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
  389. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
  390. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
  391. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
  392. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
  393. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
  394. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
  395. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
  396. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
  397. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
  398. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
  399. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
  400. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
  401. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
  402. package/package.json +1 -1
@@ -80,8 +80,11 @@
80
80
  */
81
81
 
82
82
  var C = require("./constants");
83
+ var codepointClass = require("./codepoint-class");
84
+ var structuredFields = require("./structured-fields");
83
85
  var { defineClass } = require("./framework-error");
84
86
  var gateContract = require("./gate-contract");
87
+ var pick = require("./pick");
85
88
 
86
89
  var SafeIcalError = defineClass("SafeIcalError", { alwaysPermanent: true });
87
90
 
@@ -369,13 +372,11 @@ function _parseContentLine(line) {
369
372
 
370
373
  // Refuse NUL, C0 control bytes (other than TAB), and DEL in the
371
374
  // value. Header-injection / log-poisoning defense.
372
- for (var k = 0; k < value.length; k++) {
373
- var cc = value.charCodeAt(k);
374
- if ((cc < 0x20 && cc !== 0x09) || cc === 0x7F) { // C0 + DEL refusal
375
- throw new SafeIcalError("safe-ical/control-char-in-value",
376
- "safeIcal.parse: control char 0x" + cc.toString(16) +
377
- " in property value (header-injection defense)");
378
- }
375
+ var ctrlAt = codepointClass.firstControlCharOffset(value); // NUL / C0 (except TAB) / DEL refusal
376
+ if (ctrlAt !== -1) {
377
+ throw new SafeIcalError("safe-ical/control-char-in-value",
378
+ "safeIcal.parse: control char 0x" + value.charCodeAt(ctrlAt).toString(16) +
379
+ " in property value (header-injection defense)");
379
380
  }
380
381
 
381
382
  // Split params off the property name.
@@ -391,7 +392,7 @@ function _parseContentLine(line) {
391
392
  }
392
393
  var pname = seg.slice(0, eq).toUpperCase();
393
394
  var pvalue = seg.slice(eq + 1);
394
- if (pname === "__proto__" || pname === "constructor" || pname === "prototype") continue;
395
+ if (pick.isPoisonedKey(pname)) continue;
395
396
  if (params[pname]) {
396
397
  params[pname].push(_stripDoubleQuotes(pvalue));
397
398
  } else {
@@ -412,26 +413,11 @@ function _findUnquotedColon(line) {
412
413
  }
413
414
 
414
415
  function _splitUnquoted(s, sep) {
415
- var out = [];
416
- var inQ = false;
417
- var start = 0;
418
- for (var i = 0; i < s.length; i++) {
419
- var c = s.charAt(i);
420
- if (c === '"') { inQ = !inQ; continue; }
421
- if (c === sep && !inQ) {
422
- out.push(s.slice(start, i));
423
- start = i + 1;
424
- }
425
- }
426
- out.push(s.slice(start));
427
- return out;
416
+ return structuredFields.splitUnquoted(s, sep);
428
417
  }
429
418
 
430
419
  function _stripDoubleQuotes(s) {
431
- if (s.length >= 2 && s.charAt(0) === '"' && s.charAt(s.length - 1) === '"') {
432
- return s.slice(1, -1);
433
- }
434
- return s;
420
+ return structuredFields.stripDoubleQuotes(s);
435
421
  }
436
422
 
437
423
  // ---- Component parser (RFC 5545 §3.6) ----
@@ -504,7 +490,7 @@ function _parseComponent(lines, startIdx, ctx, depth) {
504
490
  "safeIcal.parse: property count in " + compName +
505
491
  " exceeds maxPropertiesPerComponent=" + ctx.caps.maxPropertiesPerComponent);
506
492
  }
507
- if (pn === "__proto__" || pn === "constructor" || pn === "prototype") {
493
+ if (pick.isPoisonedKey(pn)) {
508
494
  i += 1;
509
495
  continue;
510
496
  }
@@ -37,6 +37,7 @@
37
37
  // ---- Error class ----
38
38
 
39
39
  var C = require("./constants");
40
+ var pick = require("./pick");
40
41
  var safeBuffer = require("./safe-buffer");
41
42
  var safeUrl = require("./safe-url");
42
43
  var time = require("./time");
@@ -93,8 +94,6 @@ var DEFAULT_MAX_DEPTH = 100;
93
94
  var DEFAULT_MAX_KEYS = 10_000;
94
95
  var ABSOLUTE_MAX_KEYS = 1_000_000;
95
96
 
96
- var POISONED_KEYS = new Set(["__proto__", "constructor", "prototype"]);
97
-
98
97
  // ---- parse ----
99
98
 
100
99
  /**
@@ -242,7 +241,7 @@ function parseOrDefault(input, fallback, opts) {
242
241
  }
243
242
 
244
243
  function _stripProtoKeys(key, value) {
245
- if (POISONED_KEYS.has(key)) return undefined;
244
+ if (pick.isPoisonedKey(key)) return undefined;
246
245
  return value;
247
246
  }
248
247
 
@@ -256,7 +255,7 @@ function _walkAndCheck(value, depth, maxDepth, allowProto, maxKeys) {
256
255
  return;
257
256
  }
258
257
  if (!allowProto) {
259
- POISONED_KEYS.forEach(function (k) {
258
+ pick.POISONED_KEYS.forEach(function (k) {
260
259
  if (Object.prototype.hasOwnProperty.call(value, k)) delete value[k];
261
260
  });
262
261
  }
@@ -338,7 +337,7 @@ function stringify(value, opts) {
338
337
  }
339
338
 
340
339
  function replacer(key, val) {
341
- if (!allowProto && POISONED_KEYS.has(key)) return undefined;
340
+ if (!allowProto && pick.isPoisonedKey(key)) return undefined;
342
341
  return val;
343
342
  }
344
343
 
@@ -373,7 +372,7 @@ function _cleanCycles(value, replacement, allowProto) {
373
372
  out = {};
374
373
  for (var k in v) {
375
374
  if (!Object.prototype.hasOwnProperty.call(v, k)) continue;
376
- if (!allowProto && POISONED_KEYS.has(k)) continue;
375
+ if (!allowProto && pick.isPoisonedKey(k)) continue;
377
376
  out[k] = walk(v[k]);
378
377
  }
379
378
  }
@@ -432,7 +431,7 @@ function canonical(value) {
432
431
  if (typeof v === "string") return JSON.stringify(v);
433
432
  if (Array.isArray(v)) return "[" + v.map(ser).join(",") + "]";
434
433
  if (typeof v === "object") {
435
- var keys = Object.keys(v).filter(function (k) { return !POISONED_KEYS.has(k); }).sort();
434
+ var keys = Object.keys(v).filter(function (k) { return !pick.isPoisonedKey(k); }).sort();
436
435
  var pairs = keys.map(function (k) { return JSON.stringify(k) + ":" + ser(v[k]); });
437
436
  return "{" + pairs.join(",") + "}";
438
437
  }
@@ -942,5 +941,5 @@ module.exports = {
942
941
  ABSOLUTE_MAX_BYTES: ABSOLUTE_MAX_BYTES,
943
942
  ABSOLUTE_MAX_DEPTH: ABSOLUTE_MAX_DEPTH,
944
943
  ABSOLUTE_MAX_KEYS: ABSOLUTE_MAX_KEYS,
945
- POISONED_KEYS: Array.from(POISONED_KEYS),
944
+ POISONED_KEYS: pick.POISONED_KEYS.slice(),
946
945
  };
@@ -38,6 +38,7 @@
38
38
 
39
39
  var codepointClass = require("./codepoint-class");
40
40
  var C = require("./constants");
41
+ var safeBuffer = require("./safe-buffer");
41
42
  var { defineClass, FrameworkError } = require("./framework-error");
42
43
 
43
44
  // SafeJsonPathError — alwaysPermanent because every code path is a
@@ -86,7 +87,7 @@ function _hasControlOrNul(value) {
86
87
  // legitimate use in a JSON pointer / key / path expression.
87
88
  for (var i = 0; i < value.length; i++) {
88
89
  var c = value.charCodeAt(i);
89
- if (c === 0 || (c < 32 && c !== 9) || c === 127) return true; // ASCII control-byte range
90
+ if (codepointClass.isForbiddenControlChar(c)) return true; // ASCII control-byte range
90
91
  }
91
92
  if (codepointClass.BIDI_RE.test(value)) return true; // allow:regex-no-length-cap — callers cap length via MAX_KEY_BYTES / MAX_EXPRESSION_BYTES
92
93
  if (codepointClass.ZERO_WIDTH_RE.test(value)) return true; // allow:regex-no-length-cap — callers cap length via MAX_KEY_BYTES / MAX_EXPRESSION_BYTES
@@ -108,9 +109,9 @@ function validateKey(key, opts) {
108
109
  "validateKey: key must be non-empty");
109
110
  }
110
111
  var maxBytes = opts.maxBytes || MAX_KEY_BYTES;
111
- if (key.length > maxBytes) {
112
+ if (safeBuffer.byteLengthOf(key) > maxBytes) {
112
113
  throw _err("safe-jsonpath/key-too-long",
113
- "validateKey: key exceeds " + maxBytes + " bytes (got " + key.length + ")");
114
+ "validateKey: key exceeds " + maxBytes + " bytes (got " + safeBuffer.byteLengthOf(key) + ")");
114
115
  }
115
116
  if (_hasControlOrNul(key)) {
116
117
  throw _err("safe-jsonpath/key-control-char",
@@ -167,9 +168,9 @@ function validateExpression(expr, opts) {
167
168
  "validateExpression: expr must be non-empty");
168
169
  }
169
170
  var maxBytes = opts.maxBytes || MAX_EXPRESSION_BYTES;
170
- if (expr.length > maxBytes) {
171
+ if (safeBuffer.byteLengthOf(expr) > maxBytes) {
171
172
  throw _err("safe-jsonpath/expression-too-long",
172
- "validateExpression: expr exceeds " + maxBytes + " bytes (got " + expr.length + ")");
173
+ "validateExpression: expr exceeds " + maxBytes + " bytes (got " + safeBuffer.byteLengthOf(expr) + ")");
173
174
  }
174
175
  if (_hasControlOrNul(expr)) {
175
176
  throw _err("safe-jsonpath/expression-control-char",
@@ -45,7 +45,12 @@
45
45
  */
46
46
 
47
47
  var C = require("./constants");
48
+ var safeBuffer = require("./safe-buffer");
49
+ var numericBounds = require("./numeric-bounds");
50
+ var codepointClass = require("./codepoint-class");
51
+ var structuredFields = require("./structured-fields");
48
52
  var { defineClass } = require("./framework-error");
53
+ var pick = require("./pick");
49
54
 
50
55
  var SafeMimeError = defineClass("SafeMimeError", { alwaysPermanent: true });
51
56
 
@@ -147,7 +152,7 @@ function parse(bytes, opts) {
147
152
  var encodings = _normalizeStringSet(opts.transferEncodingAllowlist || DEFAULT_TRANSFER_ENCODINGS);
148
153
 
149
154
  var buf = _toBuffer(bytes);
150
- if (buf.length > maxMessageBytes) {
155
+ if (safeBuffer.byteLengthOf(buf) > maxMessageBytes) {
151
156
  throw new SafeMimeError("safe-mime/oversize-message",
152
157
  "safeMime.parse: message size " + buf.length + " exceeds maxMessageBytes " + maxMessageBytes);
153
158
  }
@@ -398,7 +403,7 @@ function _parsePart(buf, ctx, depth) {
398
403
  };
399
404
  }
400
405
 
401
- if (bodyBytes.length > ctx.maxBodyBytes) {
406
+ if (safeBuffer.byteLengthOf(bodyBytes) > ctx.maxBodyBytes) {
402
407
  throw new SafeMimeError("safe-mime/oversize-body",
403
408
  "safeMime.parse: body " + bodyBytes.length + " bytes exceeds maxBodyBytes=" + ctx.maxBodyBytes);
404
409
  }
@@ -413,7 +418,7 @@ function _parsePart(buf, ctx, depth) {
413
418
  "safeMime.parse: charset '" + charset + "' not in allowlist; refused");
414
419
  }
415
420
  var decodedBody = _decodeBody(bodyBytes, encoding);
416
- if (decodedBody.length > ctx.maxBodyBytes) {
421
+ if (safeBuffer.byteLengthOf(decodedBody) > ctx.maxBodyBytes) {
417
422
  throw new SafeMimeError("safe-mime/oversize-body",
418
423
  "safeMime.parse: decoded body " + decodedBody.length +
419
424
  " bytes exceeds maxBodyBytes=" + ctx.maxBodyBytes);
@@ -458,13 +463,13 @@ function _parseHeaders(buf, ctx) {
458
463
  var headerMap = Object.create(null);
459
464
  for (var i = 0; i < lines.length; i += 1) {
460
465
  var line = lines[i];
461
- var colon = line.indexOf(":");
462
- if (colon < 0) {
466
+ var khv = structuredFields.parseKeyValuePiece(line, ":");
467
+ if (khv.value === null) {
463
468
  throw new SafeMimeError("safe-mime/malformed-headers",
464
469
  "safeMime.parse: header line missing colon: " + _previewBytes(line));
465
470
  }
466
- var name = line.slice(0, colon).toLowerCase().trim();
467
- var value = line.slice(colon + 1).trim();
471
+ var name = khv.key;
472
+ var value = khv.value.trim();
468
473
  // Refuse NUL, CR, LF, and other C0 control chars in header values.
469
474
  // Tab (0x09) is allowed (header folding). C1 control range
470
475
  // (0x80-0x9F) NOT refused — legitimate non-ASCII via EAI/RFC 2047
@@ -473,17 +478,15 @@ function _parseHeaders(buf, ctx) {
473
478
  // string prefix) rather than the UTF-16 code-unit index, so the
474
479
  // operator audit log lines up with the wire-level byte stream
475
480
  // they're inspecting.
476
- for (var hci = 0; hci < value.length; hci += 1) {
477
- var hcc = value.charCodeAt(hci);
478
- if ((hcc < 0x20 && hcc !== 0x09) || hcc === 0x7F) { // C0 control char + DEL refusal
479
- var byteOffset = Buffer.byteLength(value.slice(0, hci), "utf8");
480
- throw new SafeMimeError("safe-mime/control-char-in-header",
481
- "safeMime.parse: header '" + name + "' contains control char 0x" +
482
- hcc.toString(16) + " at byte offset " + byteOffset); // toString radix 16 hex, not bytes
483
- }
481
+ var hci = codepointClass.firstControlCharOffset(value); // C0 control char (except TAB) + DEL refusal
482
+ if (hci !== -1) {
483
+ var byteOffset = Buffer.byteLength(value.slice(0, hci), "utf8");
484
+ throw new SafeMimeError("safe-mime/control-char-in-header",
485
+ "safeMime.parse: header '" + name + "' contains control char 0x" +
486
+ value.charCodeAt(hci).toString(16) + " at byte offset " + byteOffset); // toString radix 16 hex, not bytes
484
487
  }
485
488
  value = _decodeRfc2047Words(value);
486
- if (name === "__proto__" || name === "constructor" || name === "prototype") continue;
489
+ if (pick.isPoisonedKey(name)) continue;
487
490
  if (!headerMap[name]) headerMap[name] = [];
488
491
  headerMap[name].push(value);
489
492
  }
@@ -525,19 +528,14 @@ function _parseContentType(value) {
525
528
  var parts = String(value).split(";");
526
529
  var type = parts[0].toLowerCase().trim();
527
530
  var params = Object.create(null);
528
- for (var i = 1; i < parts.length; i += 1) {
529
- var p = parts[i].trim();
530
- if (p.length === 0) continue;
531
- var eq = p.indexOf("=");
532
- if (eq < 0) continue;
533
- var k = p.slice(0, eq).toLowerCase().trim();
534
- var v = p.slice(eq + 1).trim();
531
+ var kvps = structuredFields.parseKeyValuePieces(parts, 1);
532
+ structuredFields.forEachKeyValue(kvps, function (k, v) {
535
533
  if (v.length >= 2 && v.charAt(0) === '"' && v.charAt(v.length - 1) === '"') {
536
534
  v = v.slice(1, -1).replace(/\\(.)/g, "$1");
537
535
  }
538
- if (k === "__proto__" || k === "constructor" || k === "prototype") continue;
536
+ if (pick.isPoisonedKey(k)) return;
539
537
  params[k] = v;
540
- }
538
+ });
541
539
  return { type: type, params: params };
542
540
  }
543
541
 
@@ -779,10 +777,8 @@ function _toBuffer(input) {
779
777
 
780
778
  function _intOpt(opts, key, fallback) {
781
779
  if (opts[key] === undefined || opts[key] === null) return fallback;
782
- if (typeof opts[key] !== "number" || !isFinite(opts[key]) || opts[key] <= 0 || Math.floor(opts[key]) !== opts[key]) {
783
- throw new SafeMimeError("safe-mime/bad-opt",
784
- "safeMime.parse: opts." + key + " must be a positive finite integer (got " + opts[key] + ")");
785
- }
780
+ numericBounds.requirePositiveFiniteInt(opts[key],
781
+ "safeMime.parse: opts." + key, SafeMimeError, "safe-mime/bad-opt");
786
782
  return opts[key];
787
783
  }
788
784
 
@@ -40,15 +40,12 @@
40
40
 
41
41
  var safeUrl = require("./safe-url");
42
42
  var validateOpts = require("./validate-opts");
43
+ var codepointClass = require("./codepoint-class");
43
44
 
44
45
  var DEFAULT_FALLBACK = "/";
45
46
 
46
47
  function _hasControlChar(s) {
47
- for (var i = 0; i < s.length; i += 1) {
48
- var c = s.charCodeAt(i);
49
- if (c < 0x20 || c === 0x7f) return true; // ASCII control range thresholds
50
- }
51
- return false;
48
+ return codepointClass.firstControlCharOffset(s, { forbidTab: true }) !== -1;
52
49
  }
53
50
 
54
51
  function resolve(rawTarget, opts) {
@@ -98,6 +98,8 @@
98
98
 
99
99
  var C = require("./constants");
100
100
  var safeJson = require("./safe-json");
101
+ var pick = require("./pick");
102
+ var ipUtils = require("./ip-utils");
101
103
  var { defineClass } = require("./framework-error");
102
104
 
103
105
  // Maximum URL length per RFC 7230 §3.1.1 guidance — also reused as the
@@ -154,7 +156,6 @@ var SafeSchemaError = defineClass("SafeSchemaError", { alwaysPermanent: true });
154
156
  // Object.prototype by submitting a JSON body with __proto__ /
155
157
  // constructor / prototype keys, even if the operator schema is
156
158
  // .passthrough().
157
- var POISONED_KEYS = new Set(["__proto__", "constructor", "prototype"]);
158
159
 
159
160
  // Pragmatic regexes — RFC-correct is impractical without exploding the
160
161
  // regex (especially email). Operators wanting deeper validation chain
@@ -169,7 +170,7 @@ var UUID_RE = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0
169
170
  var DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
170
171
  // ISO-8601 datetime with timezone (Z or ±HH:MM); fractional seconds optional.
171
172
  var DATETIME_RE = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})$/;
172
- var IPV4_RE = /^(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)$/;
173
+ var IPV4_RE = ipUtils.IPV4_RE; // canonical strict dotted-quad — single source in lib/ip-utils.js
173
174
  // CUID v1 / v2: 25-char base36, starts with 'c'. Common in TypeScript ecosystems.
174
175
  var CUID_RE = /^c[a-z0-9]{24}$/;
175
176
  // ULID: Crockford-base32, 26 chars, time-sortable.
@@ -1012,7 +1013,7 @@ function object(shape) {
1012
1013
  // such a key) gets a refusal at construction time.
1013
1014
  var allOwnKeys = Object.getOwnPropertyNames(shape);
1014
1015
  for (var ai = 0; ai < allOwnKeys.length; ai++) {
1015
- if (POISONED_KEYS.has(allOwnKeys[ai])) {
1016
+ if (pick.isPoisonedKey(allOwnKeys[ai])) {
1016
1017
  throw new SafeSchemaError("safe-schema/poisoned-shape-key",
1017
1018
  "object shape: key '" + allOwnKeys[ai] + "' is forbidden (prototype-pollution defense)");
1018
1019
  }
@@ -1054,7 +1055,7 @@ function _objectWithMode(shape, keys, mode) {
1054
1055
  // Prototype-pollution defense — refuse __proto__/constructor/
1055
1056
  // prototype regardless of mode. .passthrough() never propagates
1056
1057
  // these because they are always rejected as input.
1057
- if (POISONED_KEYS.has(ik)) {
1058
+ if (pick.isPoisonedKey(ik)) {
1058
1059
  issues.push({
1059
1060
  path: path.concat([ik]),
1060
1061
  code: "object/poisoned-key",
@@ -1449,7 +1450,7 @@ function record(a, b) {
1449
1450
  for (var i = 0; i < keys.length; i++) {
1450
1451
  var k = keys[i];
1451
1452
  // Prototype-pollution defense — same shape as object() schema.
1452
- if (POISONED_KEYS.has(k)) {
1453
+ if (pick.isPoisonedKey(k)) {
1453
1454
  issues.push({
1454
1455
  path: path.concat([k]),
1455
1456
  code: "record/poisoned-key",
@@ -1533,7 +1534,7 @@ function discriminatedUnion(discriminator, options) {
1533
1534
  throw new SafeSchemaError("safe-schema/bad-discriminator",
1534
1535
  "discriminatedUnion: discriminator must be a non-empty string key name");
1535
1536
  }
1536
- if (POISONED_KEYS.has(discriminator)) {
1537
+ if (pick.isPoisonedKey(discriminator)) {
1537
1538
  throw new SafeSchemaError("safe-schema/poisoned-discriminator",
1538
1539
  "discriminatedUnion: discriminator key '" + discriminator + "' is forbidden");
1539
1540
  }
@@ -429,6 +429,69 @@ function countPlaceholders(sql) {
429
429
  return count;
430
430
  }
431
431
 
432
+ /**
433
+ * @primitive b.safeSql.toPositional
434
+ * @signature b.safeSql.toPositional(sql, dialect)
435
+ * @since 0.15.13
436
+ * @status stable
437
+ * @related b.safeSql.countPlaceholders, b.sql
438
+ *
439
+ * Rewrite bound `?` placeholders to Postgres `$N` positional form,
440
+ * skipping any `?` inside a string literal (`'...'` / `"..."` /
441
+ * `` `...` ``, doubled-quote escape aware) or a line / block comment. For
442
+ * any non-Postgres dialect the SQL is returned unchanged (`?` is already
443
+ * the wire form). This is the same quote- and comment-aware scan as
444
+ * `countPlaceholders`, extended to emit the rewritten string and to skip
445
+ * MySQL backtick-quoted identifiers; the query builder and the cluster
446
+ * store both compose it so the rewrite lives in one place.
447
+ *
448
+ * @example
449
+ * var b = require("blamejs");
450
+ * b.safeSql.toPositional("a = ? AND b = ?", "postgres");
451
+ * // → "a = $1 AND b = $2"
452
+ *
453
+ * b.safeSql.toPositional("note = 'is ? literal' AND id = ?", "postgres");
454
+ * // → "note = 'is ? literal' AND id = $1"
455
+ */
456
+ function toPositional(sql, dialect) {
457
+ if (dialect !== "postgres") return sql;
458
+ var out = "";
459
+ var n = 0;
460
+ var i = 0;
461
+ var len = sql.length;
462
+ while (i < len) {
463
+ var c = sql.charAt(i);
464
+ var nx = i + 1 < len ? sql.charAt(i + 1) : "";
465
+ if (c === "'" || c === '"' || c === "`") {
466
+ out += c;
467
+ i += 1;
468
+ while (i < len) {
469
+ var q = sql.charAt(i);
470
+ if (q === c) {
471
+ if (sql.charAt(i + 1) === c) { out += c + c; i += 2; continue; }
472
+ out += c; i += 1; break;
473
+ }
474
+ out += q; i += 1;
475
+ }
476
+ continue;
477
+ }
478
+ if (c === "-" && nx === "-") {
479
+ while (i < len && sql.charAt(i) !== "\n") { out += sql.charAt(i); i += 1; }
480
+ continue;
481
+ }
482
+ if (c === "/" && nx === "*") {
483
+ out += "/*"; i += 2;
484
+ while (i < len && !(sql.charAt(i) === "*" && sql.charAt(i + 1) === "/")) { out += sql.charAt(i); i += 1; }
485
+ if (i < len) { out += "*/"; i += 2; }
486
+ continue;
487
+ }
488
+ if (c === "?") { n += 1; out += "$" + n; i += 1; continue; }
489
+ out += c;
490
+ i += 1;
491
+ }
492
+ return out;
493
+ }
494
+
432
495
  /**
433
496
  * @primitive b.safeSql.DEFAULT_IDENTIFIER_RE
434
497
  * @signature b.safeSql.DEFAULT_IDENTIFIER_RE
@@ -557,7 +620,69 @@ function assertSingleStatement(sql, opts) {
557
620
  return sql;
558
621
  }
559
622
 
623
+ /**
624
+ * @primitive b.safeSql.assertNoRawStringLiteral
625
+ * @signature b.safeSql.assertNoRawStringLiteral(sql, where, makeError?)
626
+ * @since 0.15.13
627
+ * @status stable
628
+ * @related b.safeSql.assertSingleStatement, b.safeSql.countPlaceholders, b.sql
629
+ *
630
+ * The one quote/comment-aware scan that refuses a `'...'` STRING LITERAL in
631
+ * raw SQL — the injection backstop for the b.sql builder's raw fragments and
632
+ * the external-db raw-query path, which must bind every value with a `?`
633
+ * placeholder rather than splice a literal. Walks the SQL skipping `"..."`
634
+ * quoted identifiers (doubled-quote escapes handled), `-- line` comments, and
635
+ * slash-star block comments; on the first top-level `'` it throws the caller's
636
+ * error (`makeError(where)` returns the Error to throw). Both b.sql and the
637
+ * external-db raw gate route through this single scan so a fix to the scanner
638
+ * cannot drift between them.
639
+ *
640
+ * @example
641
+ * b.safeSql.assertNoRawStringLiteral("WHERE id = ?", "where"); // ok (no literal)
642
+ * try { b.safeSql.assertNoRawStringLiteral("WHERE name = 'x'", "where"); }
643
+ * catch (e) { e.code; } // → "sql/raw-literal"
644
+ */
645
+ function assertNoRawStringLiteral(sql, where, makeError) {
646
+ var mkErr = typeof makeError === "function" ? makeError : function (w) {
647
+ return new SafeSqlError(w + ": raw SQL must not contain a string literal ('...') — bind every " +
648
+ "value with a ? placeholder, or pass { allowLiterals: true } when the literal " +
649
+ "is static and operator-controlled.", "sql/raw-literal");
650
+ };
651
+ var i = 0;
652
+ var len = sql.length;
653
+ while (i < len) {
654
+ var ch = sql.charAt(i);
655
+ var next = i + 1 < len ? sql.charAt(i + 1) : "";
656
+ if (ch === '"') {
657
+ i += 1;
658
+ while (i < len) {
659
+ if (sql.charAt(i) === '"') {
660
+ if (sql.charAt(i + 1) === '"') { i += 2; continue; }
661
+ i += 1; break;
662
+ }
663
+ i += 1;
664
+ }
665
+ continue;
666
+ }
667
+ if (ch === "-" && next === "-") {
668
+ while (i < len && sql.charAt(i) !== "\n") i += 1;
669
+ continue;
670
+ }
671
+ if (ch === "/" && next === "*") {
672
+ i += 2;
673
+ while (i < len && !(sql.charAt(i) === "*" && sql.charAt(i + 1) === "/")) i += 1;
674
+ i += 2;
675
+ continue;
676
+ }
677
+ if (ch === "'") {
678
+ throw mkErr(where);
679
+ }
680
+ i += 1;
681
+ }
682
+ }
683
+
560
684
  module.exports = {
685
+ assertNoRawStringLiteral: assertNoRawStringLiteral,
561
686
  validateIdentifier: validateIdentifier,
562
687
  assertSingleStatement: assertSingleStatement,
563
688
  quoteIdentifier: quoteIdentifier,
@@ -565,6 +690,7 @@ module.exports = {
565
690
  quoteList: quoteList,
566
691
  assertOneOf: assertOneOf,
567
692
  countPlaceholders: countPlaceholders,
693
+ toPositional: toPositional,
568
694
  SafeSqlError: SafeSqlError,
569
695
  // Exposed so consumers can compose their own validators
570
696
  DEFAULT_IDENTIFIER_RE: DEFAULT_IDENTIFIER_RE,
@@ -62,8 +62,11 @@
62
62
  */
63
63
 
64
64
  var C = require("./constants");
65
+ var codepointClass = require("./codepoint-class");
66
+ var structuredFields = require("./structured-fields");
65
67
  var { defineClass } = require("./framework-error");
66
68
  var gateContract = require("./gate-contract");
69
+ var pick = require("./pick");
67
70
 
68
71
  var SafeVcardError = defineClass("SafeVcardError", { alwaysPermanent: true });
69
72
 
@@ -280,13 +283,11 @@ function _parseContentLine(line) {
280
283
  var head = line.slice(0, colonIdx);
281
284
  var value = line.slice(colonIdx + 1);
282
285
 
283
- for (var k = 0; k < value.length; k++) {
284
- var cc = value.charCodeAt(k);
285
- if ((cc < 0x20 && cc !== 0x09) || cc === 0x7F) { // C0 + DEL refusal
286
- throw new SafeVcardError("safe-vcard/control-char-in-value",
287
- "safeVcard.parse: control char 0x" + cc.toString(16) +
288
- " in property value (header-injection defense)");
289
- }
286
+ var ctrlAt = codepointClass.firstControlCharOffset(value); // C0 (except TAB) + DEL refusal
287
+ if (ctrlAt !== -1) {
288
+ throw new SafeVcardError("safe-vcard/control-char-in-value",
289
+ "safeVcard.parse: control char 0x" + value.charCodeAt(ctrlAt).toString(16) +
290
+ " in property value (header-injection defense)");
290
291
  }
291
292
 
292
293
  // RFC 6350 §3.3 — property name may be prefixed by an optional
@@ -310,7 +311,7 @@ function _parseContentLine(line) {
310
311
  }
311
312
  var pname = seg.slice(0, eq).toUpperCase();
312
313
  var pvalue = seg.slice(eq + 1);
313
- if (pname === "__proto__" || pname === "constructor" || pname === "prototype") continue;
314
+ if (pick.isPoisonedKey(pname)) continue;
314
315
  if (params[pname]) {
315
316
  params[pname].push(_stripDoubleQuotes(pvalue));
316
317
  } else {
@@ -331,26 +332,11 @@ function _findUnquotedColon(line) {
331
332
  }
332
333
 
333
334
  function _splitUnquoted(s, sep) {
334
- var out = [];
335
- var inQ = false;
336
- var start = 0;
337
- for (var i = 0; i < s.length; i++) {
338
- var c = s.charAt(i);
339
- if (c === '"') { inQ = !inQ; continue; }
340
- if (c === sep && !inQ) {
341
- out.push(s.slice(start, i));
342
- start = i + 1;
343
- }
344
- }
345
- out.push(s.slice(start));
346
- return out;
335
+ return structuredFields.splitUnquoted(s, sep);
347
336
  }
348
337
 
349
338
  function _stripDoubleQuotes(s) {
350
- if (s.length >= 2 && s.charAt(0) === '"' && s.charAt(s.length - 1) === '"') {
351
- return s.slice(1, -1);
352
- }
353
- return s;
339
+ return structuredFields.stripDoubleQuotes(s);
354
340
  }
355
341
 
356
342
  function _parseVcard(lines, startIdx, caps, extraProps) {
@@ -399,7 +385,7 @@ function _parseVcard(lines, startIdx, caps, extraProps) {
399
385
  "safeVcard.parse: property count exceeds maxPropertiesPerCard=" +
400
386
  caps.maxPropertiesPerCard);
401
387
  }
402
- if (pn === "__proto__" || pn === "constructor" || pn === "prototype") {
388
+ if (pick.isPoisonedKey(pn)) {
403
389
  i += 1;
404
390
  continue;
405
391
  }
@@ -40,6 +40,13 @@ var workerThreads = require("node:worker_threads");
40
40
  var allowed = Array.isArray(data.allowedGlobals) ? data.allowedGlobals : [];
41
41
  var maxResultBytes = (typeof data.maxResultBytes === "number") ? data.maxResultBytes : null;
42
42
 
43
+ // Capture the real UTF-8 byte counter BEFORE the global strip below deletes
44
+ // `Buffer`. The result cap is a BYTE budget — measuring the serialized
45
+ // result with `String.length` (UTF-16 code units) under-enforces it on
46
+ // multibyte output. A detached `Buffer.byteLength` keeps working after
47
+ // `delete globalThis.Buffer`.
48
+ var byteLength = Buffer.byteLength;
49
+
43
50
  var ALWAYS_AVAILABLE = [
44
51
  "Object", "Array", "String", "Number", "Boolean", "Symbol",
45
52
  "Promise", "Error", "TypeError", "RangeError", "RegExp",
@@ -113,10 +120,10 @@ var workerThreads = require("node:worker_threads");
113
120
  });
114
121
  return;
115
122
  }
116
- if (maxResultBytes !== null && serialized && serialized.length > maxResultBytes) {
123
+ if (maxResultBytes !== null && serialized && byteLength(serialized, "utf8") > maxResultBytes) {
117
124
  workerThreads.parentPort.postMessage({
118
125
  ok: false, code: "sandbox/oversized-result",
119
- message: "sandbox result exceeded maxResultBytes (" + serialized.length + " > " + maxResultBytes + ")",
126
+ message: "sandbox result exceeded maxResultBytes (" + byteLength(serialized, "utf8") + " > " + maxResultBytes + ")",
120
127
  runtimeMs: runtimeMs, peakBytes: peakBytes,
121
128
  });
122
129
  return;
@@ -82,6 +82,7 @@ var nodePath = require("node:path");
82
82
  var lazyRequire = require("./lazy-require");
83
83
  var validateOpts = require("./validate-opts");
84
84
  var numericBounds = require("./numeric-bounds");
85
+ var safeBuffer = require("./safe-buffer");
85
86
  var C = require("./constants");
86
87
  var { SandboxError } = require("./framework-error");
87
88
 
@@ -201,9 +202,9 @@ function run(opts) {
201
202
  return Promise.reject(new SandboxError("sandbox/bad-input",
202
203
  "sandbox.run: opts.input is not JSON-serializable: " + (eSer && eSer.message)));
203
204
  }
204
- if (inputJson !== null && inputJson.length > maxBytes) {
205
+ if (inputJson !== null && safeBuffer.byteLengthOf(inputJson) > maxBytes) {
205
206
  return Promise.reject(new SandboxError("sandbox/input-too-large",
206
- "sandbox.run: opts.input serialized to " + inputJson.length + " bytes (>" + maxBytes + ")"));
207
+ "sandbox.run: opts.input serialized to " + safeBuffer.byteLengthOf(inputJson) + " bytes (>" + maxBytes + ")"));
207
208
  }
208
209
 
209
210
  var workerThreads;