@blamejs/blamejs-shop 0.5.4 → 0.5.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/README.md +1 -1
- package/lib/asset-manifest.json +1 -1
- package/lib/dunning.js +29 -4
- package/lib/plan-changes.js +288 -66
- package/lib/storefront.js +420 -0
- package/lib/vendor/MANIFEST.json +1395 -1409
- package/lib/vendor/blamejs/.clusterfuzzlite/Dockerfile +1 -1
- package/lib/vendor/blamejs/.github/dependabot.yml +12 -2
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/ci.yml +34 -29
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +6 -6
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +8 -8
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.gitignore +6 -6
- package/lib/vendor/blamejs/CHANGELOG.md +68 -0
- package/lib/vendor/blamejs/CONTRIBUTING.md +16 -0
- package/lib/vendor/blamejs/README.md +2 -1
- package/lib/vendor/blamejs/ROADMAP.md +51 -0
- package/lib/vendor/blamejs/SECURITY.md +52 -1
- package/lib/vendor/blamejs/api-snapshot.json +22 -2
- package/lib/vendor/blamejs/bench/_helpers.js +2 -0
- package/lib/vendor/blamejs/bench/crypto-hash.bench.js +2 -0
- package/lib/vendor/blamejs/bench/crypto-symmetric.bench.js +2 -0
- package/lib/vendor/blamejs/bench/run.js +2 -0
- package/lib/vendor/blamejs/bench/safe-json.bench.js +2 -0
- package/lib/vendor/blamejs/bin/blamejs.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/Dockerfile +1 -1
- package/lib/vendor/blamejs/examples/wiki/lib/auto-site-entries.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/build-app.js +9 -1
- package/lib/vendor/blamejs/examples/wiki/lib/harvest-cli.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/harvest-env-vars.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/harvest-errors.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/harvest-vendored-deps.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/html-entities.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/nav.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/opts-resolver.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/section.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/migrations/0001-pages-schema.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/package-lock.json +30 -0
- package/lib/vendor/blamejs/examples/wiki/routes/admin.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/routes/integration.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/scripts/backfill-module-metadata.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/seeders/prod/0001-default-pages.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/_index.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/api.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/server.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/site.config.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/snippets/auth/password-hash.example.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/src/editor.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/src/wiki.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/codebase-patterns.test.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/e2e.js +23 -0
- package/lib/vendor/blamejs/examples/wiki/test/find-missing-pages.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/integration.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/validate-cli-snapshot.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/validate-env-snapshot.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/validate-nav-coverage.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/validate-site-coverage.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/validate-source-comment-blocks.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/wiki.config.js +2 -0
- package/lib/vendor/blamejs/fuzz/_expected.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-agent-registry.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-csv.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-dsn.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-email.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-envelope.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-event-bus-payload.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-event-bus-topic.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-html.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-idempotency-key.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-imap-command.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-jmap.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-json.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-list-id.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-list-unsubscribe.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-mail-compose.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-mail-move.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-mail-query.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-mail-reply.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-mail-sieve.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-managesieve-command.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-markdown.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-message-id.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-pop3-command.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-posture-chain.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-saga-config.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-smtp-command.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-snapshot-envelope.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-sql.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-stream-args.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-svg.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-tenant-id.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-trace-context.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-xml.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-yaml.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/package-lock.json +1239 -0
- package/lib/vendor/blamejs/fuzz/package.json +10 -0
- package/lib/vendor/blamejs/fuzz/parsers__safe-ini.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/parsers__safe-toml.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/parsers__safe-xml.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/parsers__safe-yaml.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-archive.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-decompress.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-dns.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-ical.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-icap.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-json.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-jsonpath.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-mime.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-mount-info.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-sieve.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-smtp.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-url.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-vcard.fuzz.js +2 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +2 -0
- package/lib/vendor/blamejs/lib/a2a.js +2 -0
- package/lib/vendor/blamejs/lib/acme.js +7 -1
- package/lib/vendor/blamejs/lib/agent-audit.js +2 -0
- package/lib/vendor/blamejs/lib/agent-envelope-mac.js +2 -0
- package/lib/vendor/blamejs/lib/agent-event-bus.js +2 -0
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -0
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +10 -2
- package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -0
- package/lib/vendor/blamejs/lib/agent-saga.js +2 -0
- package/lib/vendor/blamejs/lib/agent-snapshot.js +2 -0
- package/lib/vendor/blamejs/lib/agent-stream.js +2 -0
- package/lib/vendor/blamejs/lib/agent-tenant.js +11 -2
- package/lib/vendor/blamejs/lib/agent-trace.js +2 -0
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -0
- package/lib/vendor/blamejs/lib/ai-aedt-bias-audit.js +2 -0
- package/lib/vendor/blamejs/lib/ai-capability.js +2 -0
- package/lib/vendor/blamejs/lib/ai-content-detect.js +2 -0
- package/lib/vendor/blamejs/lib/ai-disclosure.js +2 -0
- package/lib/vendor/blamejs/lib/ai-dp.js +2 -0
- package/lib/vendor/blamejs/lib/ai-frontier-protocol.js +2 -0
- package/lib/vendor/blamejs/lib/ai-input.js +2 -0
- package/lib/vendor/blamejs/lib/ai-model-manifest.js +2 -0
- package/lib/vendor/blamejs/lib/ai-output.js +2 -0
- package/lib/vendor/blamejs/lib/ai-pref.js +2 -0
- package/lib/vendor/blamejs/lib/ai-prompt.js +2 -0
- package/lib/vendor/blamejs/lib/ai-quota.js +2 -0
- package/lib/vendor/blamejs/lib/api-key.js +2 -0
- package/lib/vendor/blamejs/lib/api-snapshot.js +2 -0
- package/lib/vendor/blamejs/lib/app-shutdown.js +2 -0
- package/lib/vendor/blamejs/lib/app.js +2 -0
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -0
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +2 -0
- package/lib/vendor/blamejs/lib/archive-gz.js +2 -0
- package/lib/vendor/blamejs/lib/archive-read.js +2 -0
- package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -0
- package/lib/vendor/blamejs/lib/archive-tar.js +9 -0
- package/lib/vendor/blamejs/lib/archive-wrap.js +2 -0
- package/lib/vendor/blamejs/lib/archive.js +6 -0
- package/lib/vendor/blamejs/lib/arg-parser.js +2 -0
- package/lib/vendor/blamejs/lib/argon2-builtin.js +2 -0
- package/lib/vendor/blamejs/lib/asn1-der.js +2 -0
- package/lib/vendor/blamejs/lib/asyncapi-bindings.js +2 -0
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -0
- package/lib/vendor/blamejs/lib/asyncapi.js +2 -0
- package/lib/vendor/blamejs/lib/atomic-file.js +2 -0
- package/lib/vendor/blamejs/lib/audit-chain.js +2 -0
- package/lib/vendor/blamejs/lib/audit-daily-review.js +2 -0
- package/lib/vendor/blamejs/lib/audit-emit.js +2 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +2 -0
- package/lib/vendor/blamejs/lib/audit-tools.js +2 -0
- package/lib/vendor/blamejs/lib/audit.js +2 -0
- package/lib/vendor/blamejs/lib/auth/aal.js +2 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +2 -0
- package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -0
- package/lib/vendor/blamejs/lib/auth/ato-kill-switch.js +48 -11
- package/lib/vendor/blamejs/lib/auth/auth-time-tracker.js +2 -0
- package/lib/vendor/blamejs/lib/auth/bot-challenge.js +2 -0
- package/lib/vendor/blamejs/lib/auth/ciba.js +2 -0
- package/lib/vendor/blamejs/lib/auth/dpop.js +2 -0
- package/lib/vendor/blamejs/lib/auth/elevation-grant.js +2 -0
- package/lib/vendor/blamejs/lib/auth/fal.js +2 -0
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +11 -7
- package/lib/vendor/blamejs/lib/auth/jar.js +4 -1
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +16 -3
- package/lib/vendor/blamejs/lib/auth/jwt.js +2 -0
- package/lib/vendor/blamejs/lib/auth/lockout.js +237 -104
- package/lib/vendor/blamejs/lib/auth/oauth.js +98 -17
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +58 -17
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -0
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -0
- package/lib/vendor/blamejs/lib/auth/passkey.js +2 -0
- package/lib/vendor/blamejs/lib/auth/password.js +2 -0
- package/lib/vendor/blamejs/lib/auth/saml.js +68 -7
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +2 -0
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -0
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -0
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +9 -0
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -0
- package/lib/vendor/blamejs/lib/auth/step-up-policy.js +2 -0
- package/lib/vendor/blamejs/lib/auth/step-up.js +2 -0
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +5 -8
- package/lib/vendor/blamejs/lib/auth-header.js +2 -0
- package/lib/vendor/blamejs/lib/backup/bundle.js +2 -0
- package/lib/vendor/blamejs/lib/backup/crypto.js +2 -0
- package/lib/vendor/blamejs/lib/backup/index.js +14 -0
- package/lib/vendor/blamejs/lib/backup/manifest.js +2 -0
- package/lib/vendor/blamejs/lib/base32.js +2 -0
- package/lib/vendor/blamejs/lib/boot-gates.js +2 -0
- package/lib/vendor/blamejs/lib/bounded-map.js +3 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +2 -0
- package/lib/vendor/blamejs/lib/break-glass.js +10 -9
- package/lib/vendor/blamejs/lib/budr.js +2 -0
- package/lib/vendor/blamejs/lib/bundler.js +2 -0
- package/lib/vendor/blamejs/lib/cache-redis.js +2 -0
- package/lib/vendor/blamejs/lib/cache-status.js +2 -0
- package/lib/vendor/blamejs/lib/cache.js +13 -5
- package/lib/vendor/blamejs/lib/calendar.js +2 -0
- package/lib/vendor/blamejs/lib/canonical-json.js +19 -3
- package/lib/vendor/blamejs/lib/cbor.js +2 -0
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +2 -0
- package/lib/vendor/blamejs/lib/cert.js +2 -0
- package/lib/vendor/blamejs/lib/chain-writer.js +2 -0
- package/lib/vendor/blamejs/lib/circuit-breaker.js +2 -0
- package/lib/vendor/blamejs/lib/cli-helpers.js +2 -0
- package/lib/vendor/blamejs/lib/cli.js +57 -20
- package/lib/vendor/blamejs/lib/client-hints.js +2 -0
- package/lib/vendor/blamejs/lib/cloud-events.js +2 -0
- package/lib/vendor/blamejs/lib/cluster-provider-db.js +2 -0
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -0
- package/lib/vendor/blamejs/lib/cluster.js +2 -0
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -0
- package/lib/vendor/blamejs/lib/codepoint-class.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-ai-act-prohibited.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-ai-act-risk.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-ai-act.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-eaa.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-sanctions-aliases.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -0
- package/lib/vendor/blamejs/lib/compliance.js +2 -0
- package/lib/vendor/blamejs/lib/config-drift.js +2 -0
- package/lib/vendor/blamejs/lib/config.js +2 -0
- package/lib/vendor/blamejs/lib/consent.js +2 -0
- package/lib/vendor/blamejs/lib/constants.js +2 -0
- package/lib/vendor/blamejs/lib/content-credentials.js +2 -0
- package/lib/vendor/blamejs/lib/content-digest.js +2 -0
- package/lib/vendor/blamejs/lib/cookies.js +2 -0
- package/lib/vendor/blamejs/lib/cose.js +2 -0
- package/lib/vendor/blamejs/lib/cra-report.js +2 -0
- package/lib/vendor/blamejs/lib/crdt.js +2 -0
- package/lib/vendor/blamejs/lib/credential-hash.js +2 -0
- package/lib/vendor/blamejs/lib/crypto-field.js +2 -0
- package/lib/vendor/blamejs/lib/crypto-hpke-pq.js +2 -0
- package/lib/vendor/blamejs/lib/crypto-hpke.js +2 -0
- package/lib/vendor/blamejs/lib/crypto-oprf.js +2 -0
- package/lib/vendor/blamejs/lib/crypto-xwing.js +2 -0
- package/lib/vendor/blamejs/lib/crypto.js +2 -0
- package/lib/vendor/blamejs/lib/csp.js +2 -0
- package/lib/vendor/blamejs/lib/csv.js +14 -1
- package/lib/vendor/blamejs/lib/cwt.js +2 -0
- package/lib/vendor/blamejs/lib/daemon.js +2 -0
- package/lib/vendor/blamejs/lib/dark-patterns.js +2 -0
- package/lib/vendor/blamejs/lib/data-act.js +2 -0
- package/lib/vendor/blamejs/lib/db-collection.js +2 -0
- package/lib/vendor/blamejs/lib/db-declare-row-policy.js +2 -0
- package/lib/vendor/blamejs/lib/db-declare-view.js +2 -0
- package/lib/vendor/blamejs/lib/db-file-lifecycle.js +2 -0
- package/lib/vendor/blamejs/lib/db-query.js +2 -0
- package/lib/vendor/blamejs/lib/db-role-context.js +2 -0
- package/lib/vendor/blamejs/lib/db-schema.js +2 -0
- package/lib/vendor/blamejs/lib/db.js +2 -0
- package/lib/vendor/blamejs/lib/dbsc.js +2 -0
- package/lib/vendor/blamejs/lib/ddl-change-control.js +2 -0
- package/lib/vendor/blamejs/lib/deprecate.js +2 -0
- package/lib/vendor/blamejs/lib/dev.js +2 -0
- package/lib/vendor/blamejs/lib/did.js +2 -0
- package/lib/vendor/blamejs/lib/dora.js +2 -0
- package/lib/vendor/blamejs/lib/dr-runbook.js +2 -0
- package/lib/vendor/blamejs/lib/dsa.js +2 -0
- package/lib/vendor/blamejs/lib/dsr.js +2 -0
- package/lib/vendor/blamejs/lib/dual-control.js +11 -15
- package/lib/vendor/blamejs/lib/early-hints.js +2 -0
- package/lib/vendor/blamejs/lib/eat.js +4 -1
- package/lib/vendor/blamejs/lib/error-page.js +2 -0
- package/lib/vendor/blamejs/lib/events.js +2 -0
- package/lib/vendor/blamejs/lib/external-db-migrate.js +2 -0
- package/lib/vendor/blamejs/lib/external-db.js +2 -0
- package/lib/vendor/blamejs/lib/fapi2.js +2 -0
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +2 -0
- package/lib/vendor/blamejs/lib/fdx.js +2 -0
- package/lib/vendor/blamejs/lib/fedcm.js +2 -0
- package/lib/vendor/blamejs/lib/file-type.js +2 -0
- package/lib/vendor/blamejs/lib/file-upload.js +139 -21
- package/lib/vendor/blamejs/lib/flag-cache.js +2 -0
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -0
- package/lib/vendor/blamejs/lib/flag-providers.js +2 -0
- package/lib/vendor/blamejs/lib/flag-targeting.js +4 -7
- package/lib/vendor/blamejs/lib/flag.js +2 -0
- package/lib/vendor/blamejs/lib/forms.js +11 -0
- package/lib/vendor/blamejs/lib/framework-error.js +2 -0
- package/lib/vendor/blamejs/lib/framework-files.js +2 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +2 -0
- package/lib/vendor/blamejs/lib/framework-sha1-hibp.js +2 -0
- package/lib/vendor/blamejs/lib/fsm.js +2 -0
- package/lib/vendor/blamejs/lib/gate-contract.js +2 -0
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +2 -0
- package/lib/vendor/blamejs/lib/graphql-federation.js +2 -0
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -0
- package/lib/vendor/blamejs/lib/guard-all.js +2 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +2 -0
- package/lib/vendor/blamejs/lib/guard-auth.js +2 -0
- package/lib/vendor/blamejs/lib/guard-cidr.js +2 -0
- package/lib/vendor/blamejs/lib/guard-csv.js +2 -0
- package/lib/vendor/blamejs/lib/guard-domain.js +2 -0
- package/lib/vendor/blamejs/lib/guard-dsn.js +2 -0
- package/lib/vendor/blamejs/lib/guard-email.js +2 -0
- package/lib/vendor/blamejs/lib/guard-envelope.js +2 -0
- package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +2 -0
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -0
- package/lib/vendor/blamejs/lib/guard-filename.js +2 -0
- package/lib/vendor/blamejs/lib/guard-graphql.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html-wcag-aria.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html-wcag-forms.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html-wcag-tables.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html.js +2 -0
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -0
- package/lib/vendor/blamejs/lib/guard-image.js +2 -0
- package/lib/vendor/blamejs/lib/guard-imap-command.js +2 -0
- package/lib/vendor/blamejs/lib/guard-jmap.js +2 -0
- package/lib/vendor/blamejs/lib/guard-json.js +2 -0
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +2 -0
- package/lib/vendor/blamejs/lib/guard-jwt.js +2 -0
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -0
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mail-query.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mail-reply.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +2 -0
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +2 -0
- package/lib/vendor/blamejs/lib/guard-markdown.js +2 -0
- package/lib/vendor/blamejs/lib/guard-message-id.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mime.js +2 -0
- package/lib/vendor/blamejs/lib/guard-oauth.js +14 -1
- package/lib/vendor/blamejs/lib/guard-pdf.js +2 -0
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +2 -0
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -0
- package/lib/vendor/blamejs/lib/guard-regex.js +59 -0
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -0
- package/lib/vendor/blamejs/lib/guard-shell.js +2 -0
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +2 -0
- package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +2 -0
- package/lib/vendor/blamejs/lib/guard-sql.js +2 -0
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -0
- package/lib/vendor/blamejs/lib/guard-svg.js +2 -0
- package/lib/vendor/blamejs/lib/guard-template.js +2 -0
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -0
- package/lib/vendor/blamejs/lib/guard-text.js +2 -0
- package/lib/vendor/blamejs/lib/guard-time.js +2 -0
- package/lib/vendor/blamejs/lib/guard-trace-context.js +2 -0
- package/lib/vendor/blamejs/lib/guard-uuid.js +2 -0
- package/lib/vendor/blamejs/lib/guard-xml.js +2 -0
- package/lib/vendor/blamejs/lib/guard-yaml.js +2 -0
- package/lib/vendor/blamejs/lib/hal.js +2 -0
- package/lib/vendor/blamejs/lib/handlers.js +2 -0
- package/lib/vendor/blamejs/lib/honeytoken.js +2 -0
- package/lib/vendor/blamejs/lib/html-balance.js +2 -0
- package/lib/vendor/blamejs/lib/http-client-cache.js +2 -0
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -0
- package/lib/vendor/blamejs/lib/http-client.js +2 -0
- package/lib/vendor/blamejs/lib/http-message-signature.js +144 -11
- package/lib/vendor/blamejs/lib/http2-teardown.js +2 -0
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +35 -6
- package/lib/vendor/blamejs/lib/i18n.js +2 -0
- package/lib/vendor/blamejs/lib/iab-mspa.js +2 -0
- package/lib/vendor/blamejs/lib/iab-tcf.js +2 -0
- package/lib/vendor/blamejs/lib/importmap-integrity.js +2 -0
- package/lib/vendor/blamejs/lib/inbox.js +2 -0
- package/lib/vendor/blamejs/lib/incident-report.js +2 -0
- package/lib/vendor/blamejs/lib/ip-utils.js +2 -0
- package/lib/vendor/blamejs/lib/jobs.js +2 -0
- package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -0
- package/lib/vendor/blamejs/lib/json-merge-patch.js +2 -0
- package/lib/vendor/blamejs/lib/json-patch.js +2 -0
- package/lib/vendor/blamejs/lib/json-path.js +2 -0
- package/lib/vendor/blamejs/lib/json-pointer.js +2 -0
- package/lib/vendor/blamejs/lib/json-schema.js +13 -1
- package/lib/vendor/blamejs/lib/jsonapi.js +2 -0
- package/lib/vendor/blamejs/lib/jtd.js +2 -0
- package/lib/vendor/blamejs/lib/jwk.js +2 -0
- package/lib/vendor/blamejs/lib/keychain.js +32 -10
- package/lib/vendor/blamejs/lib/lazy-require.js +2 -0
- package/lib/vendor/blamejs/lib/legal-hold.js +2 -0
- package/lib/vendor/blamejs/lib/link-header.js +2 -0
- package/lib/vendor/blamejs/lib/local-db-thin.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-local.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-syslog.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream.js +2 -0
- package/lib/vendor/blamejs/lib/log.js +2 -0
- package/lib/vendor/blamejs/lib/lro.js +2 -0
- package/lib/vendor/blamejs/lib/mail-agent.js +2 -0
- package/lib/vendor/blamejs/lib/mail-arc-reuse-token.js +20 -0
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +32 -14
- package/lib/vendor/blamejs/lib/mail-arf.js +4 -0
- package/lib/vendor/blamejs/lib/mail-auth.js +93 -19
- package/lib/vendor/blamejs/lib/mail-bimi.js +26 -10
- package/lib/vendor/blamejs/lib/mail-bounce.js +23 -6
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +2 -0
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +2 -0
- package/lib/vendor/blamejs/lib/mail-crypto.js +2 -0
- package/lib/vendor/blamejs/lib/mail-dav.js +2 -0
- package/lib/vendor/blamejs/lib/mail-deploy.js +2 -0
- package/lib/vendor/blamejs/lib/mail-dkim.js +44 -5
- package/lib/vendor/blamejs/lib/mail-greylist.js +2 -0
- package/lib/vendor/blamejs/lib/mail-helo.js +16 -0
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -0
- package/lib/vendor/blamejs/lib/mail-mdn.js +17 -0
- package/lib/vendor/blamejs/lib/mail-rbl.js +2 -0
- package/lib/vendor/blamejs/lib/mail-require-tls.js +2 -0
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -0
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +32 -7
- package/lib/vendor/blamejs/lib/mail-server-imap.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +23 -11
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-mx.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-net.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-registry.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-submission.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-tls.js +2 -0
- package/lib/vendor/blamejs/lib/mail-sieve.js +2 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +2 -0
- package/lib/vendor/blamejs/lib/mail-srs.js +8 -0
- package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -0
- package/lib/vendor/blamejs/lib/mail-store.js +2 -0
- package/lib/vendor/blamejs/lib/mail-unsubscribe.js +2 -0
- package/lib/vendor/blamejs/lib/mail.js +11 -0
- package/lib/vendor/blamejs/lib/markup-escape.js +2 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +2 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +2 -0
- package/lib/vendor/blamejs/lib/mcp.js +4 -2
- package/lib/vendor/blamejs/lib/mdoc.js +2 -0
- package/lib/vendor/blamejs/lib/metrics.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/attach-user.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +10 -1
- package/lib/vendor/blamejs/lib/middleware/clear-site-data.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/compression.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/cookies.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/cors.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/csp-nonce.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/csp-report.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +12 -5
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/db-role-for.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/dpop.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/error-handler.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/flag-context.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/gpc.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/headers.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/health.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +30 -2
- package/lib/vendor/blamejs/lib/middleware/index.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/nel.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/network-allowlist.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/no-cache.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/request-id.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/request-log.js +6 -0
- package/lib/vendor/blamejs/lib/middleware/require-aal.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-auth.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-content-type.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-methods.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-mtls.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-step-up.js +42 -1
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/span-http-server.js +12 -0
- package/lib/vendor/blamejs/lib/middleware/speculation-rules.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/sse.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/trace-log-correlation.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/trace-propagate.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -0
- package/lib/vendor/blamejs/lib/migration-files.js +2 -0
- package/lib/vendor/blamejs/lib/migrations.js +2 -0
- package/lib/vendor/blamejs/lib/mime-parse.js +5 -1
- package/lib/vendor/blamejs/lib/module-loader.js +2 -0
- package/lib/vendor/blamejs/lib/money.js +2 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +2 -0
- package/lib/vendor/blamejs/lib/mtls-engine-default.js +2 -0
- package/lib/vendor/blamejs/lib/network-byte-quota.js +76 -14
- package/lib/vendor/blamejs/lib/network-dane.js +2 -0
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +55 -18
- package/lib/vendor/blamejs/lib/network-dns.js +2 -0
- package/lib/vendor/blamejs/lib/network-dnssec.js +15 -2
- package/lib/vendor/blamejs/lib/network-heartbeat.js +2 -0
- package/lib/vendor/blamejs/lib/network-nts.js +2 -0
- package/lib/vendor/blamejs/lib/network-proxy.js +2 -0
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +6 -1
- package/lib/vendor/blamejs/lib/network-tls.js +99 -5
- package/lib/vendor/blamejs/lib/network-tsig.js +13 -1
- package/lib/vendor/blamejs/lib/network.js +2 -0
- package/lib/vendor/blamejs/lib/nis2-report.js +2 -0
- package/lib/vendor/blamejs/lib/nist-crosswalk.js +2 -0
- package/lib/vendor/blamejs/lib/nonce-store.js +2 -0
- package/lib/vendor/blamejs/lib/notify.js +2 -0
- package/lib/vendor/blamejs/lib/ntp-check.js +2 -0
- package/lib/vendor/blamejs/lib/numeric-bounds.js +2 -0
- package/lib/vendor/blamejs/lib/numeric-checks.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/gcs-bucket-ops.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/gcs.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/http-put.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/http-request.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/index.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/local.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +2 -0
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +4 -2
- package/lib/vendor/blamejs/lib/observability-tracer.js +2 -0
- package/lib/vendor/blamejs/lib/observability.js +2 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +2 -0
- package/lib/vendor/blamejs/lib/openapi-schema-walk.js +2 -0
- package/lib/vendor/blamejs/lib/openapi-security.js +2 -0
- package/lib/vendor/blamejs/lib/openapi-yaml.js +2 -0
- package/lib/vendor/blamejs/lib/openapi.js +2 -0
- package/lib/vendor/blamejs/lib/otel-export.js +2 -0
- package/lib/vendor/blamejs/lib/outbox.js +2 -0
- package/lib/vendor/blamejs/lib/pagination.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/index.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +2 -0
- package/lib/vendor/blamejs/lib/permissions.js +2 -0
- package/lib/vendor/blamejs/lib/pick.js +2 -0
- package/lib/vendor/blamejs/lib/pipl-cn.js +2 -0
- package/lib/vendor/blamejs/lib/pqc-agent.js +2 -0
- package/lib/vendor/blamejs/lib/pqc-gate.js +2 -0
- package/lib/vendor/blamejs/lib/pqc-software.js +2 -0
- package/lib/vendor/blamejs/lib/privacy-pass.js +2 -0
- package/lib/vendor/blamejs/lib/privacy.js +2 -0
- package/lib/vendor/blamejs/lib/problem-details.js +2 -0
- package/lib/vendor/blamejs/lib/process-spawn.js +2 -0
- package/lib/vendor/blamejs/lib/promise-pool.js +2 -0
- package/lib/vendor/blamejs/lib/protobuf-encoder.js +2 -0
- package/lib/vendor/blamejs/lib/protocol-dispatcher.js +2 -0
- package/lib/vendor/blamejs/lib/public-suffix.js +45 -5
- package/lib/vendor/blamejs/lib/pubsub-cluster.js +2 -0
- package/lib/vendor/blamejs/lib/pubsub-redis.js +2 -0
- package/lib/vendor/blamejs/lib/pubsub.js +2 -0
- package/lib/vendor/blamejs/lib/queue-local.js +28 -11
- package/lib/vendor/blamejs/lib/queue-redis.js +79 -17
- package/lib/vendor/blamejs/lib/queue-sqs.js +2 -0
- package/lib/vendor/blamejs/lib/queue.js +5 -3
- package/lib/vendor/blamejs/lib/redact.js +2 -0
- package/lib/vendor/blamejs/lib/redis-client.js +30 -5
- package/lib/vendor/blamejs/lib/render.js +2 -0
- package/lib/vendor/blamejs/lib/request-helpers.js +11 -0
- package/lib/vendor/blamejs/lib/resource-access-lock.js +2 -0
- package/lib/vendor/blamejs/lib/restore-bundle.js +2 -0
- package/lib/vendor/blamejs/lib/restore-rollback.js +2 -0
- package/lib/vendor/blamejs/lib/restore.js +2 -0
- package/lib/vendor/blamejs/lib/retention.js +2 -0
- package/lib/vendor/blamejs/lib/retry.js +2 -0
- package/lib/vendor/blamejs/lib/rfc3339.js +2 -0
- package/lib/vendor/blamejs/lib/router.js +109 -19
- package/lib/vendor/blamejs/lib/safe-archive.js +2 -0
- package/lib/vendor/blamejs/lib/safe-async.js +44 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +66 -0
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -0
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -0
- package/lib/vendor/blamejs/lib/safe-ical.js +2 -0
- package/lib/vendor/blamejs/lib/safe-icap.js +7 -0
- package/lib/vendor/blamejs/lib/safe-json.js +2 -0
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -0
- package/lib/vendor/blamejs/lib/safe-mime.js +2 -0
- package/lib/vendor/blamejs/lib/safe-mount-info.js +2 -0
- package/lib/vendor/blamejs/lib/safe-path.js +2 -0
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -0
- package/lib/vendor/blamejs/lib/safe-schema.js +2 -0
- package/lib/vendor/blamejs/lib/safe-sieve.js +2 -0
- package/lib/vendor/blamejs/lib/safe-smtp.js +2 -0
- package/lib/vendor/blamejs/lib/safe-sql.js +2 -0
- package/lib/vendor/blamejs/lib/safe-url.js +2 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +2 -0
- package/lib/vendor/blamejs/lib/sandbox-worker.js +2 -0
- package/lib/vendor/blamejs/lib/sandbox.js +2 -0
- package/lib/vendor/blamejs/lib/scheduler.js +2 -0
- package/lib/vendor/blamejs/lib/scitt.js +2 -0
- package/lib/vendor/blamejs/lib/sd-notify.js +2 -0
- package/lib/vendor/blamejs/lib/sec-cyber.js +2 -0
- package/lib/vendor/blamejs/lib/security-assert.js +2 -0
- package/lib/vendor/blamejs/lib/seeders.js +2 -0
- package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +2 -0
- package/lib/vendor/blamejs/lib/self-update.js +104 -56
- package/lib/vendor/blamejs/lib/server-timing.js +2 -0
- package/lib/vendor/blamejs/lib/session-device-binding.js +2 -0
- package/lib/vendor/blamejs/lib/session-stores.js +2 -0
- package/lib/vendor/blamejs/lib/session.js +71 -32
- package/lib/vendor/blamejs/lib/slug.js +2 -0
- package/lib/vendor/blamejs/lib/sql.js +2 -0
- package/lib/vendor/blamejs/lib/sse.js +2 -0
- package/lib/vendor/blamejs/lib/ssrf-guard.js +9 -1
- package/lib/vendor/blamejs/lib/standard-webhooks.js +2 -0
- package/lib/vendor/blamejs/lib/static.js +54 -20
- package/lib/vendor/blamejs/lib/storage.js +2 -0
- package/lib/vendor/blamejs/lib/stream-throttle.js +2 -0
- package/lib/vendor/blamejs/lib/structured-fields.js +2 -0
- package/lib/vendor/blamejs/lib/subject.js +2 -0
- package/lib/vendor/blamejs/lib/tcpa-10dlc.js +2 -0
- package/lib/vendor/blamejs/lib/template.js +2 -0
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -0
- package/lib/vendor/blamejs/lib/test-harness.js +2 -0
- package/lib/vendor/blamejs/lib/testing.js +2 -0
- package/lib/vendor/blamejs/lib/time.js +2 -0
- package/lib/vendor/blamejs/lib/tls-exporter.js +2 -0
- package/lib/vendor/blamejs/lib/totp.js +2 -0
- package/lib/vendor/blamejs/lib/tracing.js +2 -0
- package/lib/vendor/blamejs/lib/tsa.js +2 -0
- package/lib/vendor/blamejs/lib/uri-template.js +2 -0
- package/lib/vendor/blamejs/lib/uuid.js +2 -0
- package/lib/vendor/blamejs/lib/validate-opts.js +2 -0
- package/lib/vendor/blamejs/lib/vault/index.js +2 -0
- package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +2 -0
- package/lib/vendor/blamejs/lib/vault/passphrase-source.js +2 -0
- package/lib/vendor/blamejs/lib/vault/rotate.js +2 -0
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +2 -0
- package/lib/vendor/blamejs/lib/vault/wrap.js +2 -0
- package/lib/vendor/blamejs/lib/vault-aad.js +2 -0
- package/lib/vendor/blamejs/lib/vc.js +31 -0
- package/lib/vendor/blamejs/lib/vendor/MANIFEST.json +10 -10
- package/lib/vendor/blamejs/lib/vendor/public-suffix-list.dat +2 -4
- package/lib/vendor/blamejs/lib/vendor/public-suffix-list.data.js +745 -745
- package/lib/vendor/blamejs/lib/vendor-data.js +2 -0
- package/lib/vendor/blamejs/lib/vex.js +2 -0
- package/lib/vendor/blamejs/lib/watcher.js +2 -0
- package/lib/vendor/blamejs/lib/web-push-vapid.js +2 -0
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +33 -5
- package/lib/vendor/blamejs/lib/webhook.js +2 -0
- package/lib/vendor/blamejs/lib/websocket-channels.js +2 -0
- package/lib/vendor/blamejs/lib/websocket.js +2 -0
- package/lib/vendor/blamejs/lib/wiki-concepts.js +2 -0
- package/lib/vendor/blamejs/lib/worker-pool.js +2 -0
- package/lib/vendor/blamejs/lib/worm.js +2 -0
- package/lib/vendor/blamejs/lib/ws-client.js +2 -0
- package/lib/vendor/blamejs/lib/x509-chain.js +2 -0
- package/lib/vendor/blamejs/lib/xml-c14n.js +10 -7
- package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/Dockerfile +7 -6
- package/lib/vendor/blamejs/package-lock.json +533 -0
- package/lib/vendor/blamejs/package.json +3 -3
- package/lib/vendor/blamejs/release-notes/v0.15.x.json +2284 -0
- package/lib/vendor/blamejs/release-notes/v0.16.0.json +44 -0
- package/lib/vendor/blamejs/release-notes/v0.16.1.json +36 -0
- package/lib/vendor/blamejs/release-notes/v0.16.2.json +71 -0
- package/lib/vendor/blamejs/scripts/build-vendored-sbom.js +2 -0
- package/lib/vendor/blamejs/scripts/check-actions-currency.js +113 -1
- package/lib/vendor/blamejs/scripts/check-api-snapshot.js +2 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +2 -0
- package/lib/vendor/blamejs/scripts/check-esbuild-pin.js +33 -40
- package/lib/vendor/blamejs/scripts/check-pack-against-gitignore.js +2 -0
- package/lib/vendor/blamejs/scripts/check-services.js +2 -0
- package/lib/vendor/blamejs/scripts/check-vendor-currency.js +2 -0
- package/lib/vendor/blamejs/scripts/consolidate-release-notes.js +2 -0
- package/lib/vendor/blamejs/scripts/gen-migrating.js +2 -0
- package/lib/vendor/blamejs/scripts/generate-changelog-entry.js +2 -0
- package/lib/vendor/blamejs/scripts/generate-release-signing-key.js +2 -0
- package/lib/vendor/blamejs/scripts/generate-ssdf-attestation.js +2 -0
- package/lib/vendor/blamejs/scripts/pin-all.js +215 -0
- package/lib/vendor/blamejs/scripts/refresh-api-snapshot.js +2 -0
- package/lib/vendor/blamejs/scripts/refresh-vendor-manifest.js +2 -0
- package/lib/vendor/blamejs/scripts/release.js +5 -1
- package/lib/vendor/blamejs/scripts/sha3-digest.js +2 -0
- package/lib/vendor/blamejs/scripts/sign-release-artifact.js +2 -0
- package/lib/vendor/blamejs/scripts/test-integration.js +2 -0
- package/lib/vendor/blamejs/scripts/test-wiki-integration.js +2 -0
- package/lib/vendor/blamejs/scripts/validate-source-comment-blocks.js +2 -0
- package/lib/vendor/blamejs/scripts/vendor-data-gen.js +2 -0
- package/lib/vendor/blamejs/scripts/vendor-data-keygen.js +2 -0
- package/lib/vendor/blamejs/test/00-primitives.js +35 -1
- package/lib/vendor/blamejs/test/10-state.js +2 -0
- package/lib/vendor/blamejs/test/20-db.js +2 -0
- package/lib/vendor/blamejs/test/30-chain.js +2 -0
- package/lib/vendor/blamejs/test/40-consumers.js +2 -0
- package/lib/vendor/blamejs/test/50-integration.js +2 -0
- package/lib/vendor/blamejs/test/_helpers.js +2 -0
- package/lib/vendor/blamejs/test/_smoke-worker.js +2 -0
- package/lib/vendor/blamejs/test/fixtures/worker-pool/echo.js +2 -0
- package/lib/vendor/blamejs/test/helpers/_codebase-shingle-worker.js +2 -0
- package/lib/vendor/blamejs/test/helpers/_codebase-shingle.js +2 -0
- package/lib/vendor/blamejs/test/helpers/_shape-match.js +2 -0
- package/lib/vendor/blamejs/test/helpers/check.js +2 -0
- package/lib/vendor/blamejs/test/helpers/cluster.js +2 -0
- package/lib/vendor/blamejs/test/helpers/db.js +2 -0
- package/lib/vendor/blamejs/test/helpers/drivers.js +2 -0
- package/lib/vendor/blamejs/test/helpers/fs-watch.js +2 -0
- package/lib/vendor/blamejs/test/helpers/http.js +2 -0
- package/lib/vendor/blamejs/test/helpers/index.js +2 -0
- package/lib/vendor/blamejs/test/helpers/json-round-trip.js +2 -0
- package/lib/vendor/blamejs/test/helpers/mocks.js +2 -0
- package/lib/vendor/blamejs/test/helpers/otel.js +2 -0
- package/lib/vendor/blamejs/test/helpers/services.js +2 -0
- package/lib/vendor/blamejs/test/helpers/wait.js +2 -0
- package/lib/vendor/blamejs/test/integration/audit-actor-binding-pg.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/audit-stack-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/backup-restore-objectstore.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/cache.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/cluster-provider-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-cluster-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-cluster-pg.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-mysql-privacy.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-postgres.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/db-layer-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/db-layer-postgres.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/distributed-scheduler-fencing-pg.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/external-db-postgres.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/federation-auth.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/http-client.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/log-stream-cloudwatch.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/log-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/mail-dkim.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/mail-smtp.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/mtls-ca.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/network-dns.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/ntp-check.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/object-store-azure.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/object-store-gcs.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/object-store-worm-lock.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/pqc-pkcs8-forward-compat.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/pubsub.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/queue-cluster-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/queue-cluster-pg.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/queue-redis.test.js +115 -0
- package/lib/vendor/blamejs/test/integration/queue-sqs.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/redis-client-tls.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/redis-reconnect-toxiproxy.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/sql-fts5-catalog-sqlite.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/ssrf-guard.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/tls-classical-downgrade-audit.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +15 -0
- package/lib/vendor/blamejs/test/integration/websocket-permessage-deflate.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/ws-client-roundtrip.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/a2a-tasks.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/a2a.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/access-lock.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/acme-coverage.test.js +441 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/acme-failclosed.test.js +131 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/acme.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-idempotency.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-orchestrator.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-posture-chain.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-saga.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-snapshot.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-tenant.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-trace.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-adverse-decision.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-aedt-bias-audit.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-capability.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-content-detect.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-disclosure-apply-all.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-disclosure.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-dp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-frontier-protocol.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-input.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-model-manifest.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-pref.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-prompt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-quota.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt-rejection-envelope.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/app-shutdown.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-gz.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-read.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-sniff-envelope.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-tar-hardening.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-tar.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-wrap-passphrase.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-wrap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-zip-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive.test.js +4 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/arg-parser.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/asn1-der.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/asyncapi.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-conflict-path.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-exclusive-temp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read-errorfor-bypass.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-open-append-nofollow.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-open-nofollow.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-rename-retry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-write-excl.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-write-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/attach-user-bearer-scheme.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-chain-corrupted-anchor.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-chain-incremental-verify.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-checkpoint-false-rollback.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-cve-defensive.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-daily-review.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-export-cadf.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-query-self-log.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-segregation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-ml-dsa-65.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-signing-key-rotation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-tools-dual-control.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-tools-return-bytes.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-verifybundle-tamper.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge-verifier.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +9 -6
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jwt-defenses.test.js +56 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-lockout.test.js +121 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-oauth-coverage.test.js +482 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-oauth-failclosed.test.js +257 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-password-audit.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-saml-coverage.test.js +671 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-saml-failclosed.test.js +179 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-status-list.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-bucket-ops.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-key-encoding.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-bundle-info.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-clone-bundle.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-find-bundles.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-index-coverage.test.js +690 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-index-failclosed.test.js +103 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-key-rotation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-manifest-signature.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-residency-posture.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-rewrap-all.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-rewrap-bundle.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-scheduletest-drill.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-verify-all-bundles.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-verify-bundle.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-worker.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/base32.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/bearer-auth.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-chunked-malformed.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-error-redaction.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-smuggling.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/boot-gates.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/breach-deadline.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +46 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/budr.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/bundler-engine.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cache-status.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cache.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/calendar.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json-jcs.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json.test.js +28 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cbor.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cdn-cache-control.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cert.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ciba-authreqid-binding.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/clear-site-data.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-audit-verify-chain.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-backup.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-config-drift.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-coverage.test.js +238 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-erase.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-file-type.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-helpers.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-mtls.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-password.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-restore.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-retention.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-security.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-vault.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/client-hints.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cloud-events.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cluster-storage.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cluster-vault-rotation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cms-codec.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +791 -13
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-cascade.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eaa.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eu-ai-act-posture.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-sanctions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compression-range.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/config-drift.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/config.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/consent-purposes.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/content-credentials.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/content-digest.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cors.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cose.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cra-report.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crdt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/credential-hash.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-envelope.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-aad-downgrade.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-derived-hash.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-dual-read-migrate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-per-row-key.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-unseal-rate-cap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-upgrade-dialect.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-files-parallel.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke-pq.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-interop-oracles.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-mlkem768-x25519.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-namespace-hash.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-oprf.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-random-int.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-self-test.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-xwing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-report.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csrf-protect.test.js +40 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csv.test.js +11 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cwt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/daily-byte-quota.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dane.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dark-patterns.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/data-act.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-collection-extensions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-collection.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-column-gate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-init-extensions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-key-aad.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-query-extensions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-query-sealed-field-in.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-raw-residency-gate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-role-for.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-drift.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-reconcile-emittable.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-transaction.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-stream-and-payload-shape.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-vacuum.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ddl-change-control.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/declare-row-policy.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/declare-view.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-default-gate-posture-caps.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/deny-response.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/did.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dns-dnssec-algorithm.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dns-null-mx.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dnssec.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dora.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dpop-alg-kty.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dpop-htu-peergating.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dpop-middleware-replaystore-required.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dr-runbook.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dsa.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dsr-state-rules.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dual-control.test.js +28 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/early-hints.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/eat.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/erase-posture-vacuum.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/events.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/exploit-replay.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-non-atomic-backend.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-routing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fal.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fapi2.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fda-21cfr11.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fdx.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fedcm-dbsc.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +124 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fetch-metadata.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3-cert-bad-validity.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/file-type.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-content-safety-skip-audit.test.js +66 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-ownership.test.js +214 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/forensic-snapshot.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fsm.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gcs-bucket-ops.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gdpr-ropa.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-agent-registry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-all.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-archive.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-dsn.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-envelope.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-payload.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-topic.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html-wcag.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-idempotency-key.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-jmap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-id.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-unsubscribe.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-compose.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-move.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-query.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-reply.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-sieve.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-message-id.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-oauth-replay-failopen.test.js +57 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-posture-chain.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-saga-config.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-smtp-command.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-snapshot-envelope.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-stream-args.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-tenant-id.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-trace-context.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/hal.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/honeytoken.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/html-balance.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-throttle-transform.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-message-signature.test.js +315 -3
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n-messageformat.test.js +26 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/iab-mspa.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/iab-tcf.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +40 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/importmap-integrity.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/incident-report.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/jose-jwe-experimental.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-api.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-merge-patch.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-patch.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-path.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-round-trip-helper.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-schema.test.js +26 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/jtd.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/jwk.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/jwt-external.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/keychain-coverage.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/keychain-failclosed.test.js +185 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/keychain.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/link-header.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/local-db-thin.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-cloudwatch.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp-grpc.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/lro.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-agent.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-coverage.test.js +437 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-dmarc-policy-failclosed.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-failclosed.test.js +144 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +289 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi-cert-validity-unparseable.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-bounce.test.js +61 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-canspam.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp-experimental.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime-bad-validity.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dav.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy-tlsrpt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim-numericdate-failclosed.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +130 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-feedback-id.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-header-injection.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-helo.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-mdn.test.js +29 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-proxy-framing-bounds.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-rbl.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-require-tls.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-scan.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-send-deliver.test.js +113 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-imap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-managesieve.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-pop3.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-rate-limit.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-registry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-submission.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-sieve.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-spam-score.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-srs.test.js +21 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store-fts.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-unsubscribe.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mcp-tool-registry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mcp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mdoc.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/metrics-shadow-registry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/metrics-snapshot.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/middleware-compose-pipeline.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +11 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-paths.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nel.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-allowlist.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-byte-quota.test.js +65 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-lookup-timeout-default.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver-timeout.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver.test.js +28 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-dns.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-heartbeat-passive.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-nts-handshake-byte-cap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-smtp-policy-coverage.test.js +565 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-build-options.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-ct-inclusion.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tsig.test.js +26 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nis2-report.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nist-crosswalk.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/no-cache.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/notify.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/numeric-bounds.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/object-store-range-header.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/object-store-versioned-delete.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability-tracing.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/openapi.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/otlp-attr-redaction.test.js +8 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/outbox-inflight-reaper.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/output-header-hardening.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pagination.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/parser-verify-hardening.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/passkey-real-vectors.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/passkey.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/permissions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pipl-cn.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pqc-software.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/privacy-pass.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/privacy-vendor-review.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/problem-details.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/process-spawn.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/promise-pool.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/protected-resource-metadata.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/proto-shadow-allowlist.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/protobuf-encoder.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/protocol-dispatcher.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/public-suffix.test.js +29 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pubsub.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-byo-db.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-dlq-extend-lease.test.js +44 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-flow-repeat.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-priority-rate-progress.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-sqs.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-cluster.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-xff-spoofing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +16 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +7 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-id-async-context.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-log.test.js +3 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/require-auth-cache-control.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/require-mtls.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/resource-access-lock.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/restore-blob-remap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retention-dryrun-no-vacuum.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retention-floor.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retention-sweep-termination.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-body-validation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-coverage.test.js +592 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-cross-origin-redirect.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-failclosed.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-tls0rtt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-use-path-scope.test.js +59 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-archive-auto-unwrap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-archive-inspect-unwrap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +41 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-parallel.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +13 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-decompress.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-dns.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-ical.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-icap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-json-stringify-for-script.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-mime.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-mount-info.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-path.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-redirect.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-sieve.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-smtp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-canonicalize.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-idn-homograph.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-vcard.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-xml.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-mdq-wrapping.test.js +237 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-slo.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notbefore.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-exactly-once.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-watchdog-stale-settle.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/scim-server.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/scitt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc-ecdsa-p1363.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-notify.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sec-cyber.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-assert.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-txt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/seeders.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update-poll-asset-digest.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier-ecdsa-encoding.test.js +9 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +87 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/server-timing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-binding-unreadable-failclosed.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-destroy-all-store-backed.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding-ipv6-canonical-and-no-store.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/shape-match.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/slug.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/smtp-policy.test.js +5 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/source-comment-blocks.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/speculation-rules.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql-coverage.test.js +422 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse-backpressure.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +23 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/standard-webhooks.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +33 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/step-up.test.js +44 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/storage-chunk-scratch.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/stream-throttle.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields-codec.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tcpa-10dlc.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/template-escape-html.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tenant-quota.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/test-coverage.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/test-harness.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/testing-request.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/testing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/time.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-exporter.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-ct.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-freshness.test.js +6 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-verify.test.js +127 -3
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-pinset-drift.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-preferred-groups.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tracing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tsa.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/uri-template.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/uuid.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-port.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vault-aad.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vault-default-store.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vault-rotate-aad.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vault-seal-pem-file.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vc.test.js +25 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vendor-currency-classify.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vendor-data.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vendor-manifest.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vex.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/watcher.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/web-push-vapid.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-verify-nonce-atomic.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/websocket-channels.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/websocket-extension-header.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool-recycle-race.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/worm.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ws-client.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/x509-chain-ca-enforcement.test.js +117 -1
- package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-5-integration/bundler-output.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-5-integration/external-db-residency.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-5-integration/security-chaos.test.js +2 -0
- package/lib/vendor/blamejs/test/smoke.js +2 -0
- package/package.json +5 -2
- package/lib/vendor/blamejs/release-notes/v0.15.0.json +0 -77
- package/lib/vendor/blamejs/release-notes/v0.15.1.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.15.10.json +0 -53
- package/lib/vendor/blamejs/release-notes/v0.15.11.json +0 -52
- package/lib/vendor/blamejs/release-notes/v0.15.12.json +0 -47
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +0 -81
- package/lib/vendor/blamejs/release-notes/v0.15.14.json +0 -122
- package/lib/vendor/blamejs/release-notes/v0.15.15.json +0 -73
- package/lib/vendor/blamejs/release-notes/v0.15.16.json +0 -94
- package/lib/vendor/blamejs/release-notes/v0.15.17.json +0 -52
- package/lib/vendor/blamejs/release-notes/v0.15.18.json +0 -49
- package/lib/vendor/blamejs/release-notes/v0.15.19.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.2.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.15.20.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.15.21.json +0 -51
- package/lib/vendor/blamejs/release-notes/v0.15.22.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.23.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.15.24.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.15.25.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.26.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.27.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.28.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.29.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.15.3.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.15.30.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.31.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.32.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.33.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.34.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.15.35.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.15.36.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.37.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.15.38.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.15.4.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.15.5.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.15.6.json +0 -59
- package/lib/vendor/blamejs/release-notes/v0.15.7.json +0 -43
- package/lib/vendor/blamejs/release-notes/v0.15.8.json +0 -48
- package/lib/vendor/blamejs/release-notes/v0.15.9.json +0 -58
|
@@ -0,0 +1,671 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright (c) blamejs contributors
|
|
3
|
+
"use strict";
|
|
4
|
+
/**
|
|
5
|
+
* b.auth.saml.sp — branch-coverage sweep for the SAML 2.0 SP primitive.
|
|
6
|
+
*
|
|
7
|
+
* The existing SAML suites cover the SubjectConfirmation NotBefore /
|
|
8
|
+
* NotOnOrAfter fail-closed windows, the SLO HTTP-Redirect signing round-trip,
|
|
9
|
+
* and the MDQ signature-wrapping defense. This file closes the remaining
|
|
10
|
+
* unit-testable branches driven through the shipped consumer path
|
|
11
|
+
* (b.auth.saml.sp.create + the returned SP methods, b.auth.saml.fetchMdq):
|
|
12
|
+
*
|
|
13
|
+
* - create() config-time validation (missing required fields, unknown opt,
|
|
14
|
+
* bad clockSkew) — each throws through the AuthError codes it advertises;
|
|
15
|
+
* - buildAuthnRequest / metadata XML-attribute escaping (RFC 3741) so a
|
|
16
|
+
* hostile ACS / entityId / nameIdFormat cannot break out of its context;
|
|
17
|
+
* - verifyResponse pre-signature structural refusals: non-string / non-XML
|
|
18
|
+
* input, wrong root, non-Success Status, the XSW duplicate-element shapes
|
|
19
|
+
* (Status / StatusCode / Assertion / EncryptedAssertion), the unsigned
|
|
20
|
+
* refusal, and EncryptedAssertion-without-SP-key;
|
|
21
|
+
* - verifyResponse signed-path refusals that fire only after XMLDSig
|
|
22
|
+
* verification succeeds (wrong Issuer, audience-confusion, expired
|
|
23
|
+
* Conditions, the duplicate-Subject XSW), plus the happy path returning
|
|
24
|
+
* nameId / sessionIndex / attributes;
|
|
25
|
+
* - the SLO redirect + HTTP-POST + SOAP build/parse validation surface.
|
|
26
|
+
*
|
|
27
|
+
* Signed fixtures mint a self-signed RSA IdP cert and compute the digest +
|
|
28
|
+
* SignatureValue through the framework's own b.xmlC14n so verifyResponse's
|
|
29
|
+
* recomputation matches exactly — there is no test bypass of the signature
|
|
30
|
+
* check (a wrong-key negative control proves the signature gate is live).
|
|
31
|
+
*/
|
|
32
|
+
|
|
33
|
+
var helpers = require("../helpers");
|
|
34
|
+
var check = helpers.check;
|
|
35
|
+
var b = helpers.b;
|
|
36
|
+
var nodeCrypto = require("node:crypto");
|
|
37
|
+
var c14n = require("../../lib/xml-c14n");
|
|
38
|
+
var pq = require("../../lib/pqc-software");
|
|
39
|
+
|
|
40
|
+
var DS = "http://www.w3.org/2000/09/xmldsig#";
|
|
41
|
+
var EXC = "http://www.w3.org/2001/10/xml-exc-c14n#";
|
|
42
|
+
|
|
43
|
+
var IDP_ENTITY_ID = "https://idp.example";
|
|
44
|
+
var SP_ENTITY_ID = "https://sp.example";
|
|
45
|
+
var ACS_URL = "https://sp.example/saml/acs";
|
|
46
|
+
var IDP_SSO_URL = "https://idp.example/sso";
|
|
47
|
+
var IDP_SLO_URL = "https://idp.example/slo";
|
|
48
|
+
var FAKE_CERT = "-----BEGIN CERTIFICATE-----\nx\n-----END CERTIFICATE-----";
|
|
49
|
+
|
|
50
|
+
var BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
|
|
51
|
+
var SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success";
|
|
52
|
+
|
|
53
|
+
function iso(ms) { return new Date(Date.now() + ms).toISOString(); }
|
|
54
|
+
function b64(xml) { return Buffer.from(xml, "utf8").toString("base64"); }
|
|
55
|
+
|
|
56
|
+
// Mint a self-signed RSA cert via the vendored @peculiar/x509 bundle — the
|
|
57
|
+
// same shape the SubjectConfirmation / MDQ suites use. verifyResponse parses
|
|
58
|
+
// idpCertPem with nodeCrypto.createPublicKey and verifies an rsa-sha256 PKCS1
|
|
59
|
+
// signature, so a real RSA keypair is required.
|
|
60
|
+
async function _mintRsaCert(cn) {
|
|
61
|
+
var pki = require("../../lib/vendor/pki.cjs");
|
|
62
|
+
var x509 = pki.x509;
|
|
63
|
+
var keys = await nodeCrypto.webcrypto.subtle.generateKey(
|
|
64
|
+
{ name: "RSASSA-PKCS1-v1_5", modulusLength: 2048, // allow:raw-byte-literal — RFC 8301 §3.1 RSA bit floor
|
|
65
|
+
publicExponent: new Uint8Array([1, 0, 1]), hash: "SHA-256" },
|
|
66
|
+
true, ["sign", "verify"]);
|
|
67
|
+
var now = new Date();
|
|
68
|
+
var cert = await x509.X509CertificateGenerator.createSelfSigned({
|
|
69
|
+
serialNumber: "01",
|
|
70
|
+
name: "CN=" + cn,
|
|
71
|
+
notBefore: now,
|
|
72
|
+
notAfter: new Date(now.getTime() + 365 * 24 * 3600 * 1000), // allow:raw-time-literal — 1y fixture validity
|
|
73
|
+
signingAlgorithm: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
|
|
74
|
+
keys: keys,
|
|
75
|
+
});
|
|
76
|
+
var pkcs8 = await nodeCrypto.webcrypto.subtle.exportKey("pkcs8", keys.privateKey);
|
|
77
|
+
var keyPem = "-----BEGIN PRIVATE KEY-----\n" +
|
|
78
|
+
Buffer.from(pkcs8).toString("base64").match(/.{1,64}/g).join("\n") +
|
|
79
|
+
"\n-----END PRIVATE KEY-----\n";
|
|
80
|
+
return { certPem: cert.toString("pem"), keyPem: keyPem };
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
// An SP with a placeholder cert — for branches that throw BEFORE any real
|
|
84
|
+
// signature verification (all the input-validation / XSW-structural refusals),
|
|
85
|
+
// where idpCertPem is stored but never parsed.
|
|
86
|
+
function _fakeSp(extra) {
|
|
87
|
+
var opts = {
|
|
88
|
+
entityId: SP_ENTITY_ID,
|
|
89
|
+
assertionConsumerServiceUrl: ACS_URL,
|
|
90
|
+
idpEntityId: IDP_ENTITY_ID,
|
|
91
|
+
idpSsoUrl: IDP_SSO_URL,
|
|
92
|
+
idpSloUrl: IDP_SLO_URL,
|
|
93
|
+
idpCertPem: FAKE_CERT,
|
|
94
|
+
};
|
|
95
|
+
if (extra) { for (var k in extra) { opts[k] = extra[k]; } }
|
|
96
|
+
return b.auth.saml.sp.create(opts);
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
// An SP whose trust anchor is a minted RSA cert — for the signed-path branches.
|
|
100
|
+
function _realSp(idp, extra) {
|
|
101
|
+
var opts = {
|
|
102
|
+
entityId: SP_ENTITY_ID,
|
|
103
|
+
assertionConsumerServiceUrl: ACS_URL,
|
|
104
|
+
idpEntityId: IDP_ENTITY_ID,
|
|
105
|
+
idpSsoUrl: IDP_SSO_URL,
|
|
106
|
+
idpCertPem: idp.certPem,
|
|
107
|
+
};
|
|
108
|
+
if (extra) { for (var k in extra) { opts[k] = extra[k]; } }
|
|
109
|
+
return b.auth.saml.sp.create(opts);
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
function _codeOf(fn) {
|
|
113
|
+
try { fn(); return "NO-THROW"; }
|
|
114
|
+
catch (e) { return e.code || e.message; }
|
|
115
|
+
}
|
|
116
|
+
function _verifyCode(sp, xmlB64, vopts) {
|
|
117
|
+
return _codeOf(function () { sp.verifyResponse(xmlB64, vopts || {}); });
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
// Build a SAML Response with an Assertion-level enveloped XMLDSig signature.
|
|
121
|
+
// The Assertion's Signature child is stripped before the digest (the
|
|
122
|
+
// enveloped-signature transform); both the digest and the SignedInfo are
|
|
123
|
+
// canonicalized through b.xmlC14n so the verifier's recomputation matches.
|
|
124
|
+
// `o` overrides: issuer, subjectXml, conditions, audience, attrStmt, scd.
|
|
125
|
+
function _buildSignedResponse(idp, o) {
|
|
126
|
+
o = o || {};
|
|
127
|
+
var assertionId = "_assertion-" + o.tag;
|
|
128
|
+
var responseId = "_response-" + o.tag;
|
|
129
|
+
var issueInstant = iso(0);
|
|
130
|
+
|
|
131
|
+
var issuer = o.issuer !== undefined ? o.issuer : IDP_ENTITY_ID;
|
|
132
|
+
var issuerXml = issuer === null ? "" : "<saml:Issuer>" + issuer + "</saml:Issuer>";
|
|
133
|
+
|
|
134
|
+
var scd = o.scd !== undefined ? o.scd :
|
|
135
|
+
"<saml:SubjectConfirmationData NotOnOrAfter=\"" + iso(5 * 60 * 1000) + "\"" + // allow:raw-time-literal — 5m otherwise-valid window
|
|
136
|
+
" Recipient=\"" + ACS_URL + "\"" +
|
|
137
|
+
(o.inResponseTo ? " InResponseTo=\"" + o.inResponseTo + "\"" : "") + "/>";
|
|
138
|
+
var subjectXml = o.subjectXml !== undefined ? o.subjectXml :
|
|
139
|
+
"<saml:Subject>" +
|
|
140
|
+
"<saml:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">" +
|
|
141
|
+
(o.nameId || "alice@example.com") + "</saml:NameID>" +
|
|
142
|
+
"<saml:SubjectConfirmation Method=\"" + BEARER + "\">" + scd +
|
|
143
|
+
"</saml:SubjectConfirmation></saml:Subject>";
|
|
144
|
+
|
|
145
|
+
var conditions = o.conditions !== undefined ? o.conditions :
|
|
146
|
+
"<saml:Conditions NotBefore=\"" + iso(-5 * 60 * 1000) + // allow:raw-time-literal — 5m skew window
|
|
147
|
+
"\" NotOnOrAfter=\"" + iso(5 * 60 * 1000) + "\">" + // allow:raw-time-literal — 5m skew window
|
|
148
|
+
"<saml:AudienceRestriction><saml:Audience>" + (o.audience || SP_ENTITY_ID) +
|
|
149
|
+
"</saml:Audience></saml:AudienceRestriction></saml:Conditions>";
|
|
150
|
+
|
|
151
|
+
var authnStmt = "<saml:AuthnStatement SessionIndex=\"_sess-1\" AuthnInstant=\"" + issueInstant +
|
|
152
|
+
"\"><saml:AuthnContext><saml:AuthnContextClassRef>" +
|
|
153
|
+
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" +
|
|
154
|
+
"</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement>";
|
|
155
|
+
var attrStmt = o.attrStmt || "";
|
|
156
|
+
|
|
157
|
+
var open = "<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" " +
|
|
158
|
+
"ID=\"" + assertionId + "\" Version=\"2.0\" IssueInstant=\"" + issueInstant + "\">";
|
|
159
|
+
var close = "</saml:Assertion>";
|
|
160
|
+
var inner = issuerXml + "SIGNATURE_PLACEHOLDER" + subjectXml + conditions + authnStmt + attrStmt;
|
|
161
|
+
|
|
162
|
+
var noSig = open + inner.replace("SIGNATURE_PLACEHOLDER", "") + close;
|
|
163
|
+
var digest = nodeCrypto.createHash("sha256").update(c14n.canonicalize(noSig)).digest("base64");
|
|
164
|
+
|
|
165
|
+
var signedInfo =
|
|
166
|
+
"<ds:SignedInfo xmlns:ds=\"" + DS + "\">" +
|
|
167
|
+
"<ds:CanonicalizationMethod Algorithm=\"" + EXC + "\"></ds:CanonicalizationMethod>" +
|
|
168
|
+
"<ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"></ds:SignatureMethod>" +
|
|
169
|
+
"<ds:Reference URI=\"#" + assertionId + "\">" +
|
|
170
|
+
"<ds:Transforms>" +
|
|
171
|
+
"<ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"></ds:Transform>" +
|
|
172
|
+
"<ds:Transform Algorithm=\"" + EXC + "\"></ds:Transform>" +
|
|
173
|
+
"</ds:Transforms>" +
|
|
174
|
+
"<ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"></ds:DigestMethod>" +
|
|
175
|
+
"<ds:DigestValue>" + digest + "</ds:DigestValue>" +
|
|
176
|
+
"</ds:Reference></ds:SignedInfo>";
|
|
177
|
+
var priv = nodeCrypto.createPrivateKey({ key: idp.keyPem, format: "pem" });
|
|
178
|
+
var sigValue = nodeCrypto.sign("sha256", c14n.canonicalize(signedInfo),
|
|
179
|
+
{ key: priv, padding: nodeCrypto.constants.RSA_PKCS1_PADDING }).toString("base64");
|
|
180
|
+
var signatureXml = "<ds:Signature xmlns:ds=\"" + DS + "\">" + signedInfo +
|
|
181
|
+
"<ds:SignatureValue>" + sigValue + "</ds:SignatureValue></ds:Signature>";
|
|
182
|
+
|
|
183
|
+
var assertionFull = open + inner.replace("SIGNATURE_PLACEHOLDER", signatureXml) + close;
|
|
184
|
+
var response =
|
|
185
|
+
"<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " +
|
|
186
|
+
"xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" " +
|
|
187
|
+
"ID=\"" + responseId + "\" Version=\"2.0\" IssueInstant=\"" + issueInstant + "\" " +
|
|
188
|
+
"Destination=\"" + ACS_URL + "\">" +
|
|
189
|
+
"<saml:Issuer>" + IDP_ENTITY_ID + "</saml:Issuer>" +
|
|
190
|
+
"<samlp:Status><samlp:StatusCode Value=\"" + SUCCESS + "\"/></samlp:Status>" +
|
|
191
|
+
assertionFull + "</samlp:Response>";
|
|
192
|
+
return b64(response);
|
|
193
|
+
}
|
|
194
|
+
|
|
195
|
+
// A bare (unsigned) Response envelope for the pre-signature structural cases.
|
|
196
|
+
var P_NS = "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " +
|
|
197
|
+
"xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"";
|
|
198
|
+
var STATUS_OK = "<samlp:Status><samlp:StatusCode Value=\"" + SUCCESS + "\"/></samlp:Status>";
|
|
199
|
+
function _response(inner) { return "<samlp:Response " + P_NS + " ID=\"_r\">" + inner + "</samlp:Response>"; }
|
|
200
|
+
|
|
201
|
+
// ---------------------------------------------------------------------------
|
|
202
|
+
// create() config-time validation
|
|
203
|
+
// ---------------------------------------------------------------------------
|
|
204
|
+
|
|
205
|
+
function testCreateRequiredFields() {
|
|
206
|
+
var base = {
|
|
207
|
+
entityId: SP_ENTITY_ID, assertionConsumerServiceUrl: ACS_URL,
|
|
208
|
+
idpEntityId: IDP_ENTITY_ID, idpSsoUrl: IDP_SSO_URL, idpCertPem: FAKE_CERT,
|
|
209
|
+
};
|
|
210
|
+
function omit(k) { var c = Object.assign({}, base); delete c[k]; return _codeOf(function () { b.auth.saml.sp.create(c); }); }
|
|
211
|
+
check("create: missing entityId → no-entity-id", omit("entityId") === "auth-saml/no-entity-id");
|
|
212
|
+
check("create: missing ACS → no-acs", omit("assertionConsumerServiceUrl") === "auth-saml/no-acs");
|
|
213
|
+
check("create: missing idpEntityId → no-idp-entity-id", omit("idpEntityId") === "auth-saml/no-idp-entity-id");
|
|
214
|
+
check("create: missing idpSsoUrl → no-idp-sso", omit("idpSsoUrl") === "auth-saml/no-idp-sso");
|
|
215
|
+
check("create: missing idpCertPem → no-idp-cert", omit("idpCertPem") === "auth-saml/no-idp-cert");
|
|
216
|
+
}
|
|
217
|
+
|
|
218
|
+
function testCreateRejectsBadOpts() {
|
|
219
|
+
var base = {
|
|
220
|
+
entityId: SP_ENTITY_ID, assertionConsumerServiceUrl: ACS_URL,
|
|
221
|
+
idpEntityId: IDP_ENTITY_ID, idpSsoUrl: IDP_SSO_URL, idpCertPem: FAKE_CERT,
|
|
222
|
+
};
|
|
223
|
+
function withOpt(o) { return _codeOf(function () { b.auth.saml.sp.create(Object.assign({}, base, o)); }); }
|
|
224
|
+
|
|
225
|
+
var unknown = null;
|
|
226
|
+
try { b.auth.saml.sp.create(Object.assign({}, base, { bogusKey: 1 })); }
|
|
227
|
+
catch (e) { unknown = e; }
|
|
228
|
+
check("create: unknown opt is refused", unknown !== null && unknown.code === "BAD_OPT");
|
|
229
|
+
check("create: unknown-opt message names the key", unknown && /bogusKey/.test(unknown.message));
|
|
230
|
+
|
|
231
|
+
// clockSkewSec must be a finite, non-negative number — a negative, Infinity,
|
|
232
|
+
// or string value is refused at config time (an Infinity that slipped
|
|
233
|
+
// through would disable the freshness windows downstream).
|
|
234
|
+
check("create: negative clockSkewSec refused", withOpt({ clockSkewSec: -1 }) === "BAD_OPT");
|
|
235
|
+
check("create: Infinity clockSkewSec refused", withOpt({ clockSkewSec: Infinity }) === "BAD_OPT");
|
|
236
|
+
check("create: string clockSkewSec refused", withOpt({ clockSkewSec: "60" }) === "BAD_OPT");
|
|
237
|
+
|
|
238
|
+
check("create: non-object opts refused", _codeOf(function () { b.auth.saml.sp.create("nope"); }) === "BAD_OPT");
|
|
239
|
+
check("create: null opts refused", _codeOf(function () { b.auth.saml.sp.create(null); }) === "BAD_OPT");
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
// ---------------------------------------------------------------------------
|
|
243
|
+
// buildAuthnRequest — shape + RFC 3741 XML escaping + redirect assembly
|
|
244
|
+
// ---------------------------------------------------------------------------
|
|
245
|
+
|
|
246
|
+
function testAuthnRequestShapeAndRelayState() {
|
|
247
|
+
var sp = _fakeSp();
|
|
248
|
+
var ar = sp.buildAuthnRequest({ relayState: "/dash&x=1" });
|
|
249
|
+
check("authn: id is an underscore-prefixed token", typeof ar.id === "string" && ar.id.charAt(0) === "_");
|
|
250
|
+
check("authn: redirectUrl starts at the IdP SSO URL", ar.redirectUrl.indexOf(IDP_SSO_URL) === 0);
|
|
251
|
+
check("authn: redirectUrl carries SAMLRequest param", ar.redirectUrl.indexOf("SAMLRequest=") !== -1);
|
|
252
|
+
check("authn: RelayState is URL-encoded",
|
|
253
|
+
ar.redirectUrl.indexOf("RelayState=" + encodeURIComponent("/dash&x=1")) !== -1);
|
|
254
|
+
check("authn: raw is a samlp:AuthnRequest", ar.raw.indexOf("<samlp:AuthnRequest") === 0);
|
|
255
|
+
}
|
|
256
|
+
|
|
257
|
+
function testAuthnRequestNameIdPolicy() {
|
|
258
|
+
var without = _fakeSp().buildAuthnRequest().raw;
|
|
259
|
+
check("authn: no NameIDPolicy when nameIdFormat unset", without.indexOf("NameIDPolicy") === -1);
|
|
260
|
+
var withFmt = _fakeSp({ nameIdFormat: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" })
|
|
261
|
+
.buildAuthnRequest().raw;
|
|
262
|
+
check("authn: NameIDPolicy present when nameIdFormat set", withFmt.indexOf("<samlp:NameIDPolicy") !== -1);
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
function testAuthnRequestQuerySeparator() {
|
|
266
|
+
// When the IdP SSO URL already carries a query, the SAMLRequest param is
|
|
267
|
+
// appended with & (not a second ?), so the redirect stays a valid URL.
|
|
268
|
+
var sp = _fakeSp({ idpSsoUrl: IDP_SSO_URL + "?foo=1" });
|
|
269
|
+
var url = sp.buildAuthnRequest().redirectUrl;
|
|
270
|
+
check("authn: pre-existing query gets &SAMLRequest", url.indexOf("?foo=1&SAMLRequest=") !== -1);
|
|
271
|
+
}
|
|
272
|
+
|
|
273
|
+
function testAuthnRequestAttributeEscaping() {
|
|
274
|
+
// A hostile ACS carrying a quote + angle brackets must be escaped inside the
|
|
275
|
+
// AssertionConsumerServiceURL attribute — it cannot break out of the
|
|
276
|
+
// attribute and inject unsigned markup (RFC 3741 §1.3.2).
|
|
277
|
+
var sp = _fakeSp({
|
|
278
|
+
entityId: "https://sp.example/e<vil",
|
|
279
|
+
assertionConsumerServiceUrl: "https://sp.example/acs\"><evil>&",
|
|
280
|
+
});
|
|
281
|
+
var raw = sp.buildAuthnRequest().raw;
|
|
282
|
+
check("authn: hostile ACS cannot break out of the attribute", raw.indexOf("\"><evil>") === -1);
|
|
283
|
+
check("authn: quote in ACS is escaped to "", raw.indexOf(""") !== -1);
|
|
284
|
+
check("authn: '<' in entityId Issuer text is escaped",
|
|
285
|
+
raw.indexOf("e<vil") !== -1 && raw.indexOf("e<vil") === -1);
|
|
286
|
+
}
|
|
287
|
+
|
|
288
|
+
// ---------------------------------------------------------------------------
|
|
289
|
+
// metadata()
|
|
290
|
+
// ---------------------------------------------------------------------------
|
|
291
|
+
|
|
292
|
+
function testMetadata() {
|
|
293
|
+
var sp = _fakeSp();
|
|
294
|
+
var meta = sp.metadata();
|
|
295
|
+
check("metadata: is an EntityDescriptor", meta.indexOf("<md:EntityDescriptor") !== -1);
|
|
296
|
+
check("metadata: carries the SP entityID", meta.indexOf("entityID=\"" + SP_ENTITY_ID + "\"") !== -1);
|
|
297
|
+
check("metadata: advertises the ACS location", meta.indexOf(ACS_URL) !== -1);
|
|
298
|
+
check("metadata: WantAssertionsSigned is true", meta.indexOf("WantAssertionsSigned=\"true\"") !== -1);
|
|
299
|
+
check("metadata: no SingleLogoutService when unconfigured", meta.indexOf("SingleLogoutService") === -1);
|
|
300
|
+
}
|
|
301
|
+
|
|
302
|
+
function testMetadataSlo() {
|
|
303
|
+
var configured = _fakeSp({ singleLogoutServiceUrl: "https://sp.example/slo" }).metadata();
|
|
304
|
+
check("metadata: SLO service emitted when configured on create",
|
|
305
|
+
configured.indexOf("SingleLogoutService") !== -1 && configured.indexOf("https://sp.example/slo") !== -1);
|
|
306
|
+
var override = _fakeSp().metadata({ singleLogoutServiceUrl: "https://sp.example/slo2" });
|
|
307
|
+
check("metadata: metaOpts singleLogoutServiceUrl override honored",
|
|
308
|
+
override.indexOf("https://sp.example/slo2") !== -1);
|
|
309
|
+
// Hostile SLO URL is attribute-escaped.
|
|
310
|
+
var hostile = _fakeSp().metadata({ singleLogoutServiceUrl: "https://sp.example/x\"><evil>" });
|
|
311
|
+
check("metadata: hostile SLO URL cannot break out of the attribute",
|
|
312
|
+
hostile.indexOf("\"><evil>") === -1 && hostile.indexOf(""") !== -1);
|
|
313
|
+
}
|
|
314
|
+
|
|
315
|
+
// ---------------------------------------------------------------------------
|
|
316
|
+
// verifyResponse — pre-signature input validation + XSW structural refusals
|
|
317
|
+
// ---------------------------------------------------------------------------
|
|
318
|
+
|
|
319
|
+
function testVerifyResponseInputValidation() {
|
|
320
|
+
var sp = _fakeSp();
|
|
321
|
+
check("verify: non-string SAMLResponse → no-response",
|
|
322
|
+
_verifyCode(sp, 12345) === "auth-saml/no-response");
|
|
323
|
+
check("verify: empty SAMLResponse → no-response",
|
|
324
|
+
_verifyCode(sp, "") === "auth-saml/no-response");
|
|
325
|
+
check("verify: base64 that decodes to non-XML → bad-response-decode",
|
|
326
|
+
_verifyCode(sp, b64("no-angle-brackets-here")) === "auth-saml/bad-response-decode");
|
|
327
|
+
check("verify: wrong root element → wrong-root",
|
|
328
|
+
_verifyCode(sp, b64("<samlp:Foo " + P_NS + "/>")) === "auth-saml/wrong-root");
|
|
329
|
+
}
|
|
330
|
+
|
|
331
|
+
function testVerifyResponseStatus() {
|
|
332
|
+
var sp = _fakeSp();
|
|
333
|
+
var reqStatus = "<samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Requester\"/></samlp:Status>";
|
|
334
|
+
check("verify: non-Success Status → bad-status",
|
|
335
|
+
_verifyCode(sp, b64(_response(reqStatus))) === "auth-saml/bad-status");
|
|
336
|
+
check("verify: absent Status → bad-status",
|
|
337
|
+
_verifyCode(sp, b64(_response(""))) === "auth-saml/bad-status");
|
|
338
|
+
}
|
|
339
|
+
|
|
340
|
+
function testVerifyResponseXswStructural() {
|
|
341
|
+
var sp = _fakeSp();
|
|
342
|
+
check("verify: duplicate <Status> → duplicate-status (XSW)",
|
|
343
|
+
_verifyCode(sp, b64(_response(STATUS_OK + STATUS_OK))) === "auth-saml/duplicate-status");
|
|
344
|
+
check("verify: duplicate <StatusCode> → duplicate-status-code (XSW)",
|
|
345
|
+
_verifyCode(sp, b64(_response(
|
|
346
|
+
"<samlp:Status><samlp:StatusCode Value=\"" + SUCCESS + "\"/><samlp:StatusCode Value=\"x\"/></samlp:Status>"
|
|
347
|
+
))) === "auth-saml/duplicate-status-code");
|
|
348
|
+
check("verify: duplicate <Assertion> → duplicate-assertion (XSW)",
|
|
349
|
+
_verifyCode(sp, b64(_response(STATUS_OK + "<saml:Assertion ID=\"_a1\"/><saml:Assertion ID=\"_a2\"/>")))
|
|
350
|
+
=== "auth-saml/duplicate-assertion");
|
|
351
|
+
check("verify: duplicate <EncryptedAssertion> → duplicate-encrypted-assertion (XSW)",
|
|
352
|
+
_verifyCode(sp, b64(_response(STATUS_OK + "<saml:EncryptedAssertion/><saml:EncryptedAssertion/>")))
|
|
353
|
+
=== "auth-saml/duplicate-encrypted-assertion");
|
|
354
|
+
}
|
|
355
|
+
|
|
356
|
+
function testVerifyResponseNoAssertionAndUnsigned() {
|
|
357
|
+
var sp = _fakeSp();
|
|
358
|
+
check("verify: Success but no Assertion → no-assertion",
|
|
359
|
+
_verifyCode(sp, b64(_response(STATUS_OK))) === "auth-saml/no-assertion");
|
|
360
|
+
check("verify: single Assertion with no Signature → unsigned",
|
|
361
|
+
_verifyCode(sp, b64(_response(STATUS_OK +
|
|
362
|
+
"<saml:Assertion ID=\"_a1\"><saml:Issuer>" + IDP_ENTITY_ID + "</saml:Issuer></saml:Assertion>")))
|
|
363
|
+
=== "auth-saml/unsigned");
|
|
364
|
+
}
|
|
365
|
+
|
|
366
|
+
function testVerifyResponseEncryptedWithoutKey() {
|
|
367
|
+
var sp = _fakeSp();
|
|
368
|
+
check("verify: EncryptedAssertion without spPrivateKeyPem → encrypted-no-sp-key",
|
|
369
|
+
_verifyCode(sp, b64(_response(STATUS_OK +
|
|
370
|
+
"<saml:EncryptedAssertion><xenc:EncryptedData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"/></saml:EncryptedAssertion>")))
|
|
371
|
+
=== "auth-saml/encrypted-no-sp-key");
|
|
372
|
+
}
|
|
373
|
+
|
|
374
|
+
// ---------------------------------------------------------------------------
|
|
375
|
+
// verifyResponse — signed-path branches (fire only after XMLDSig verify)
|
|
376
|
+
// ---------------------------------------------------------------------------
|
|
377
|
+
|
|
378
|
+
async function testVerifyResponseHappyPath() {
|
|
379
|
+
var idp = await _mintRsaCert("idp.example");
|
|
380
|
+
var sp = _realSp(idp);
|
|
381
|
+
var attrStmt =
|
|
382
|
+
"<saml:AttributeStatement>" +
|
|
383
|
+
"<saml:Attribute Name=\"email\"><saml:AttributeValue>alice@example.com</saml:AttributeValue></saml:Attribute>" +
|
|
384
|
+
"<saml:Attribute Name=\"roles\">" +
|
|
385
|
+
"<saml:AttributeValue>admin</saml:AttributeValue><saml:AttributeValue>ops</saml:AttributeValue></saml:Attribute>" +
|
|
386
|
+
"</saml:AttributeStatement>";
|
|
387
|
+
var info = sp.verifyResponse(_buildSignedResponse(idp, { tag: "happy", attrStmt: attrStmt }));
|
|
388
|
+
check("verify happy: nameId returned", info.nameId === "alice@example.com");
|
|
389
|
+
check("verify happy: nameIdFormat returned",
|
|
390
|
+
info.nameIdFormat === "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
|
|
391
|
+
check("verify happy: sessionIndex from AuthnStatement", info.sessionIndex === "_sess-1");
|
|
392
|
+
check("verify happy: issuer echoed", info.issuer === IDP_ENTITY_ID);
|
|
393
|
+
check("verify happy: single-valued attribute is a scalar", info.attributes.email === "alice@example.com");
|
|
394
|
+
check("verify happy: multi-valued attribute is an array",
|
|
395
|
+
Array.isArray(info.attributes.roles) && info.attributes.roles.join(",") === "admin,ops");
|
|
396
|
+
check("verify happy: audience defaults to entityId", info.audience === SP_ENTITY_ID);
|
|
397
|
+
}
|
|
398
|
+
|
|
399
|
+
async function testVerifyResponseInResponseTo() {
|
|
400
|
+
var idp = await _mintRsaCert("idp.example");
|
|
401
|
+
var sp = _realSp(idp);
|
|
402
|
+
var rt = "_req-abc";
|
|
403
|
+
var okB64 = _buildSignedResponse(idp, { tag: "irt-ok", inResponseTo: rt });
|
|
404
|
+
var info = sp.verifyResponse(okB64, { expectedInResponseTo: rt });
|
|
405
|
+
check("verify: matching InResponseTo is captured", info.inResponseTo === rt);
|
|
406
|
+
var mismatchCode = _verifyCode(sp,
|
|
407
|
+
_buildSignedResponse(idp, { tag: "irt-bad", inResponseTo: "_other" }),
|
|
408
|
+
{ expectedInResponseTo: rt });
|
|
409
|
+
check("verify: InResponseTo mismatch → bad-in-response-to (replay defense)",
|
|
410
|
+
mismatchCode === "auth-saml/bad-in-response-to");
|
|
411
|
+
}
|
|
412
|
+
|
|
413
|
+
async function testVerifyResponseWrongIssuer() {
|
|
414
|
+
var idp = await _mintRsaCert("idp.example");
|
|
415
|
+
var sp = _realSp(idp);
|
|
416
|
+
check("verify: Issuer != configured idpEntityId → wrong-issuer",
|
|
417
|
+
_verifyCode(sp, _buildSignedResponse(idp, { tag: "wi", issuer: "https://evil.example" }))
|
|
418
|
+
=== "auth-saml/wrong-issuer");
|
|
419
|
+
}
|
|
420
|
+
|
|
421
|
+
async function testVerifyResponseAudience() {
|
|
422
|
+
var idp = await _mintRsaCert("idp.example");
|
|
423
|
+
var sp = _realSp(idp);
|
|
424
|
+
var noRestriction = "<saml:Conditions NotBefore=\"" + iso(-5 * 60 * 1000) + // allow:raw-time-literal — 5m skew window
|
|
425
|
+
"\" NotOnOrAfter=\"" + iso(5 * 60 * 1000) + "\"></saml:Conditions>"; // allow:raw-time-literal — 5m skew window
|
|
426
|
+
check("verify: no AudienceRestriction → no-audience-restriction (audience-confusion defense)",
|
|
427
|
+
_verifyCode(sp, _buildSignedResponse(idp, { tag: "na", conditions: noRestriction }))
|
|
428
|
+
=== "auth-saml/no-audience-restriction");
|
|
429
|
+
check("verify: AudienceRestriction for a different SP → wrong-audience",
|
|
430
|
+
_verifyCode(sp, _buildSignedResponse(idp, { tag: "wa", audience: "https://other.example" }))
|
|
431
|
+
=== "auth-saml/wrong-audience");
|
|
432
|
+
|
|
433
|
+
// requireAudienceRestriction:false opts out of the binding requirement.
|
|
434
|
+
var info = sp.verifyResponse(
|
|
435
|
+
_buildSignedResponse(idp, { tag: "opt", conditions: noRestriction }),
|
|
436
|
+
{ requireAudienceRestriction: false });
|
|
437
|
+
check("verify: requireAudienceRestriction:false accepts a missing binding", info.nameId === "alice@example.com");
|
|
438
|
+
}
|
|
439
|
+
|
|
440
|
+
async function testVerifyResponseConditionsExpired() {
|
|
441
|
+
var idp = await _mintRsaCert("idp.example");
|
|
442
|
+
var sp = _realSp(idp);
|
|
443
|
+
var expired = "<saml:Conditions NotOnOrAfter=\"" + iso(-60 * 60 * 1000) + "\">" + // allow:raw-time-literal — 1h in the past
|
|
444
|
+
"<saml:AudienceRestriction><saml:Audience>" + SP_ENTITY_ID +
|
|
445
|
+
"</saml:Audience></saml:AudienceRestriction></saml:Conditions>";
|
|
446
|
+
check("verify: expired Conditions/NotOnOrAfter → conditions-expired",
|
|
447
|
+
_verifyCode(sp, _buildSignedResponse(idp, { tag: "ce", conditions: expired }))
|
|
448
|
+
=== "auth-saml/conditions-expired");
|
|
449
|
+
var future = "<saml:Conditions NotBefore=\"" + iso(60 * 60 * 1000) + "\">" + // allow:raw-time-literal — 1h in the future
|
|
450
|
+
"<saml:AudienceRestriction><saml:Audience>" + SP_ENTITY_ID +
|
|
451
|
+
"</saml:Audience></saml:AudienceRestriction></saml:Conditions>";
|
|
452
|
+
check("verify: future Conditions/NotBefore → conditions-not-yet-valid",
|
|
453
|
+
_verifyCode(sp, _buildSignedResponse(idp, { tag: "cf", conditions: future }))
|
|
454
|
+
=== "auth-saml/conditions-not-yet-valid");
|
|
455
|
+
}
|
|
456
|
+
|
|
457
|
+
async function testVerifyResponseDuplicateSubjectXsw() {
|
|
458
|
+
var idp = await _mintRsaCert("idp.example");
|
|
459
|
+
var sp = _realSp(idp);
|
|
460
|
+
var twoSubjects =
|
|
461
|
+
"<saml:Subject>" +
|
|
462
|
+
"<saml:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">alice@example.com</saml:NameID>" +
|
|
463
|
+
"<saml:SubjectConfirmation Method=\"" + BEARER + "\">" +
|
|
464
|
+
"<saml:SubjectConfirmationData NotOnOrAfter=\"" + iso(5 * 60 * 1000) + // allow:raw-time-literal — 5m window
|
|
465
|
+
"\" Recipient=\"" + ACS_URL + "\"/></saml:SubjectConfirmation></saml:Subject>" +
|
|
466
|
+
"<saml:Subject><saml:NameID>attacker@evil.example</saml:NameID></saml:Subject>";
|
|
467
|
+
check("verify: duplicate <Subject> in a signed Assertion → duplicate-subject (XSW)",
|
|
468
|
+
_verifyCode(sp, _buildSignedResponse(idp, { tag: "ds", subjectXml: twoSubjects }))
|
|
469
|
+
=== "auth-saml/duplicate-subject");
|
|
470
|
+
}
|
|
471
|
+
|
|
472
|
+
async function testVerifyResponseTamperedDigest() {
|
|
473
|
+
// A validly-signed assertion whose signed bytes are then mutated must be
|
|
474
|
+
// refused: the recomputed digest no longer matches the signed DigestValue.
|
|
475
|
+
var idp = await _mintRsaCert("idp.example");
|
|
476
|
+
var sp = _realSp(idp);
|
|
477
|
+
var goodB64 = _buildSignedResponse(idp, { tag: "tamper", nameId: "alice@example.com" });
|
|
478
|
+
var xml = Buffer.from(goodB64, "base64").toString("utf8").replace("alice@example.com", "mallory@evil.example");
|
|
479
|
+
var code = _verifyCode(sp, b64(xml));
|
|
480
|
+
check("verify: tampering signed content → digest-mismatch",
|
|
481
|
+
code === "auth-saml/digest-mismatch");
|
|
482
|
+
}
|
|
483
|
+
|
|
484
|
+
// ---------------------------------------------------------------------------
|
|
485
|
+
// SLO — HTTP-Redirect build/parse validation
|
|
486
|
+
// ---------------------------------------------------------------------------
|
|
487
|
+
|
|
488
|
+
function testLogoutRequestValidation() {
|
|
489
|
+
var sp = _fakeSp();
|
|
490
|
+
check("buildLogoutRequest: missing nameId → no-nameid",
|
|
491
|
+
_codeOf(function () { sp.buildLogoutRequest({ sessionIndex: "_s" }); }) === "auth-saml/no-nameid");
|
|
492
|
+
check("buildLogoutRequest: non-object opts → bad-opts",
|
|
493
|
+
_codeOf(function () { sp.buildLogoutRequest("nope"); }) === "auth-saml/bad-opts");
|
|
494
|
+
var unknownCode = _codeOf(function () { sp.buildLogoutRequest({ nameId: "a", bogus: 1 }); });
|
|
495
|
+
check("buildLogoutRequest: unknown opt is refused", /unknown option/.test(unknownCode));
|
|
496
|
+
}
|
|
497
|
+
|
|
498
|
+
function testLogoutResponseValidation() {
|
|
499
|
+
var sp = _fakeSp();
|
|
500
|
+
check("buildLogoutResponse: missing inResponseTo → no-in-response-to",
|
|
501
|
+
_codeOf(function () { sp.buildLogoutResponse({ destination: IDP_SLO_URL }); }) === "auth-saml/no-in-response-to");
|
|
502
|
+
check("buildLogoutResponse: missing destination → no-destination",
|
|
503
|
+
_codeOf(function () { sp.buildLogoutResponse({ inResponseTo: "_x" }); }) === "auth-saml/no-destination");
|
|
504
|
+
}
|
|
505
|
+
|
|
506
|
+
function testParseLogoutRequestValidation() {
|
|
507
|
+
var sp = _fakeSp();
|
|
508
|
+
check("parseLogoutRequest: non-string input → no-saml-request",
|
|
509
|
+
_codeOf(function () { sp.parseLogoutRequest(123); }) === "auth-saml/no-saml-request");
|
|
510
|
+
check("parseLogoutRequest: undeflatable base64 → bad-saml-request",
|
|
511
|
+
_codeOf(function () { sp.parseLogoutRequest(b64("this is not deflate-raw data")); }) === "auth-saml/bad-saml-request");
|
|
512
|
+
}
|
|
513
|
+
|
|
514
|
+
function testLogoutResponseRoundTrip() {
|
|
515
|
+
var sp = _fakeSp();
|
|
516
|
+
// buildLogoutResponse produces the redirect; extract + parse the SAMLResponse.
|
|
517
|
+
var built = sp.buildLogoutResponse({ inResponseTo: "_orig-1", destination: IDP_SLO_URL });
|
|
518
|
+
var samlResp = decodeURIComponent(built.redirectUrl.split("?")[1].split("&")[0].slice("SAMLResponse=".length));
|
|
519
|
+
var parsed = sp.parseLogoutResponse(samlResp, { expectedInResponseTo: "_orig-1" });
|
|
520
|
+
check("parseLogoutResponse: default status → success true", parsed.success === true);
|
|
521
|
+
check("parseLogoutResponse: InResponseTo round-trips", parsed.inResponseTo === "_orig-1");
|
|
522
|
+
check("parseLogoutResponse: issuer is the SP entityId", parsed.issuer === SP_ENTITY_ID);
|
|
523
|
+
|
|
524
|
+
check("parseLogoutResponse: non-string input → no-saml-response",
|
|
525
|
+
_codeOf(function () { sp.parseLogoutResponse(null); }) === "auth-saml/no-saml-response");
|
|
526
|
+
check("parseLogoutResponse: expectedInResponseTo mismatch → inresponseto-mismatch",
|
|
527
|
+
_codeOf(function () { sp.parseLogoutResponse(samlResp, { expectedInResponseTo: "_different" }); })
|
|
528
|
+
=== "auth-saml/inresponseto-mismatch");
|
|
529
|
+
|
|
530
|
+
// A non-Success statusCode surfaces success=false.
|
|
531
|
+
var failBuilt = sp.buildLogoutResponse({
|
|
532
|
+
inResponseTo: "_orig-2", destination: IDP_SLO_URL,
|
|
533
|
+
statusCode: "urn:oasis:names:tc:SAML:2.0:status:Requester",
|
|
534
|
+
});
|
|
535
|
+
var failResp = decodeURIComponent(failBuilt.redirectUrl.split("?")[1].split("&")[0].slice("SAMLResponse=".length));
|
|
536
|
+
check("parseLogoutResponse: non-Success statusCode → success false",
|
|
537
|
+
sp.parseLogoutResponse(failResp).success === false);
|
|
538
|
+
}
|
|
539
|
+
|
|
540
|
+
// ---------------------------------------------------------------------------
|
|
541
|
+
// SLO — HTTP-POST + SOAP bindings (embedded XMLDSig)
|
|
542
|
+
// ---------------------------------------------------------------------------
|
|
543
|
+
|
|
544
|
+
function testLogoutRequestPostRoundTrip() {
|
|
545
|
+
var sp = _fakeSp();
|
|
546
|
+
var kp = pq.ml_dsa_65.keygen();
|
|
547
|
+
var post = sp.buildLogoutRequestPost({
|
|
548
|
+
nameId: "alice@idp", sessionIndex: "_s-9", signingKey: kp.secretKey, signingAlg: "ml-dsa-65",
|
|
549
|
+
});
|
|
550
|
+
check("buildLogoutRequestPost: action is the IdP SLO URL", post.action === IDP_SLO_URL);
|
|
551
|
+
check("buildLogoutRequestPost: formHtml auto-submits SAMLRequest",
|
|
552
|
+
post.formHtml.indexOf("name=\"SAMLRequest\"") !== -1 && post.formHtml.indexOf("document.forms[0].submit()") !== -1);
|
|
553
|
+
var parsed = sp.parseLogoutRequestPost(post.samlRequest, {
|
|
554
|
+
idpVerifyKey: kp.publicKey, idpVerifyAlg: "ml-dsa-65",
|
|
555
|
+
});
|
|
556
|
+
check("POST SLO round-trip: nameId recovered", parsed.nameId === "alice@idp");
|
|
557
|
+
check("POST SLO round-trip: sessionIndex recovered", parsed.sessionIndex === "_s-9");
|
|
558
|
+
check("POST SLO round-trip: id recovered", parsed.id === post.id);
|
|
559
|
+
|
|
560
|
+
// Negative control — a different verify key refuses (the embedded XMLDSig
|
|
561
|
+
// gate is live), proving the round-trip pass above is a real verification.
|
|
562
|
+
check("POST SLO: wrong verify key → bad-signature",
|
|
563
|
+
_codeOf(function () {
|
|
564
|
+
sp.parseLogoutRequestPost(post.samlRequest, {
|
|
565
|
+
idpVerifyKey: pq.ml_dsa_65.keygen().publicKey, idpVerifyAlg: "ml-dsa-65",
|
|
566
|
+
});
|
|
567
|
+
}) === "auth-saml/bad-signature");
|
|
568
|
+
}
|
|
569
|
+
|
|
570
|
+
function testParseLogoutRequestPostValidation() {
|
|
571
|
+
var sp = _fakeSp();
|
|
572
|
+
check("parseLogoutRequestPost: non-string input → bad-input",
|
|
573
|
+
_codeOf(function () { sp.parseLogoutRequestPost(42); }) === "auth-saml/bad-input");
|
|
574
|
+
check("parseLogoutRequestPost: wrong root element → wrong-root",
|
|
575
|
+
_codeOf(function () { sp.parseLogoutRequestPost(b64("<samlp:Foo " + P_NS + "/>")); }) === "auth-saml/wrong-root");
|
|
576
|
+
}
|
|
577
|
+
|
|
578
|
+
function testLogoutRequestSoapShape() {
|
|
579
|
+
var sp = _fakeSp();
|
|
580
|
+
var soap = sp.buildLogoutRequestSoap({ nameId: "a@idp" });
|
|
581
|
+
check("buildLogoutRequestSoap: action is the IdP SLO URL", soap.action === IDP_SLO_URL);
|
|
582
|
+
check("buildLogoutRequestSoap: body is a SOAP envelope wrapping the LogoutRequest",
|
|
583
|
+
soap.body.indexOf("soapenv:Envelope") !== -1 &&
|
|
584
|
+
soap.body.indexOf("soapenv:Body") !== -1 &&
|
|
585
|
+
soap.body.indexOf("<samlp:LogoutRequest") !== -1);
|
|
586
|
+
}
|
|
587
|
+
|
|
588
|
+
function testParseLogoutResponseSoap() {
|
|
589
|
+
var sp = _fakeSp();
|
|
590
|
+
// Build a LogoutResponse XML (via buildLogoutResponse.raw) and wrap it in a
|
|
591
|
+
// SOAP envelope, then drive the public parse path.
|
|
592
|
+
var lr = sp.buildLogoutResponse({ inResponseTo: "_orig-soap", destination: IDP_SLO_URL });
|
|
593
|
+
var envelope = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
|
|
594
|
+
"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
|
|
595
|
+
"<soapenv:Body>" + lr.raw + "</soapenv:Body></soapenv:Envelope>";
|
|
596
|
+
var parsed = sp.parseLogoutResponseSoap(envelope);
|
|
597
|
+
check("parseLogoutResponseSoap: unwraps Body + reports success", parsed.success === true);
|
|
598
|
+
check("parseLogoutResponseSoap: InResponseTo recovered", parsed.inResponseTo === "_orig-soap");
|
|
599
|
+
|
|
600
|
+
check("parseLogoutResponseSoap: non-string input → bad-input",
|
|
601
|
+
_codeOf(function () { sp.parseLogoutResponseSoap(0); }) === "auth-saml/bad-input");
|
|
602
|
+
check("parseLogoutResponseSoap: non-Envelope root → bad-soap",
|
|
603
|
+
_codeOf(function () { sp.parseLogoutResponseSoap("<foo/>"); }) === "auth-saml/bad-soap");
|
|
604
|
+
check("parseLogoutResponseSoap: empty Body → bad-soap",
|
|
605
|
+
_codeOf(function () {
|
|
606
|
+
sp.parseLogoutResponseSoap("<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
|
|
607
|
+
"<soapenv:Body></soapenv:Body></soapenv:Envelope>");
|
|
608
|
+
}) === "auth-saml/bad-soap");
|
|
609
|
+
}
|
|
610
|
+
|
|
611
|
+
// ---------------------------------------------------------------------------
|
|
612
|
+
// fetchMdq — synchronous input validation (throws before any network I/O)
|
|
613
|
+
// ---------------------------------------------------------------------------
|
|
614
|
+
|
|
615
|
+
async function testFetchMdqInputValidation() {
|
|
616
|
+
async function mdqCode(o) {
|
|
617
|
+
try { await b.auth.saml.fetchMdq(o); return "NO-THROW"; }
|
|
618
|
+
catch (e) { return e.code || e.message; }
|
|
619
|
+
}
|
|
620
|
+
check("fetchMdq: non-object opts refused", (await mdqCode(null)) === "BAD_OPT");
|
|
621
|
+
check("fetchMdq: missing baseUrl → no-mdq-base", (await mdqCode({ entityId: IDP_ENTITY_ID })) === "auth-saml/no-mdq-base");
|
|
622
|
+
check("fetchMdq: missing entityId → no-mdq-entity", (await mdqCode({ baseUrl: "https://mdq.example" })) === "auth-saml/no-mdq-entity");
|
|
623
|
+
}
|
|
624
|
+
|
|
625
|
+
async function run() {
|
|
626
|
+
// create()
|
|
627
|
+
testCreateRequiredFields();
|
|
628
|
+
testCreateRejectsBadOpts();
|
|
629
|
+
// buildAuthnRequest
|
|
630
|
+
testAuthnRequestShapeAndRelayState();
|
|
631
|
+
testAuthnRequestNameIdPolicy();
|
|
632
|
+
testAuthnRequestQuerySeparator();
|
|
633
|
+
testAuthnRequestAttributeEscaping();
|
|
634
|
+
// metadata
|
|
635
|
+
testMetadata();
|
|
636
|
+
testMetadataSlo();
|
|
637
|
+
// verifyResponse — pre-signature
|
|
638
|
+
testVerifyResponseInputValidation();
|
|
639
|
+
testVerifyResponseStatus();
|
|
640
|
+
testVerifyResponseXswStructural();
|
|
641
|
+
testVerifyResponseNoAssertionAndUnsigned();
|
|
642
|
+
testVerifyResponseEncryptedWithoutKey();
|
|
643
|
+
// verifyResponse — signed path
|
|
644
|
+
await testVerifyResponseHappyPath();
|
|
645
|
+
await testVerifyResponseInResponseTo();
|
|
646
|
+
await testVerifyResponseWrongIssuer();
|
|
647
|
+
await testVerifyResponseAudience();
|
|
648
|
+
await testVerifyResponseConditionsExpired();
|
|
649
|
+
await testVerifyResponseDuplicateSubjectXsw();
|
|
650
|
+
await testVerifyResponseTamperedDigest();
|
|
651
|
+
// SLO redirect
|
|
652
|
+
testLogoutRequestValidation();
|
|
653
|
+
testLogoutResponseValidation();
|
|
654
|
+
testParseLogoutRequestValidation();
|
|
655
|
+
testLogoutResponseRoundTrip();
|
|
656
|
+
// SLO POST / SOAP
|
|
657
|
+
testLogoutRequestPostRoundTrip();
|
|
658
|
+
testParseLogoutRequestPostValidation();
|
|
659
|
+
testLogoutRequestSoapShape();
|
|
660
|
+
testParseLogoutResponseSoap();
|
|
661
|
+
// fetchMdq
|
|
662
|
+
await testFetchMdqInputValidation();
|
|
663
|
+
}
|
|
664
|
+
|
|
665
|
+
if (require.main === module) {
|
|
666
|
+
run().then(function () {
|
|
667
|
+
console.log("OK — " + helpers.getChecks() + " checks passed");
|
|
668
|
+
process.exit(0);
|
|
669
|
+
}).catch(function (e) { console.error(e && e.stack || e); process.exit(1); });
|
|
670
|
+
}
|
|
671
|
+
module.exports = { run: run };
|