@blamejs/blamejs-shop 0.5.5 → 0.5.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/README.md +1 -1
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +1395 -1409
- package/lib/vendor/blamejs/.clusterfuzzlite/Dockerfile +1 -1
- package/lib/vendor/blamejs/.github/dependabot.yml +12 -2
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/ci.yml +34 -29
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +6 -6
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +8 -8
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.gitignore +6 -6
- package/lib/vendor/blamejs/CHANGELOG.md +68 -0
- package/lib/vendor/blamejs/CONTRIBUTING.md +16 -0
- package/lib/vendor/blamejs/README.md +2 -1
- package/lib/vendor/blamejs/ROADMAP.md +51 -0
- package/lib/vendor/blamejs/SECURITY.md +52 -1
- package/lib/vendor/blamejs/api-snapshot.json +22 -2
- package/lib/vendor/blamejs/bench/_helpers.js +2 -0
- package/lib/vendor/blamejs/bench/crypto-hash.bench.js +2 -0
- package/lib/vendor/blamejs/bench/crypto-symmetric.bench.js +2 -0
- package/lib/vendor/blamejs/bench/run.js +2 -0
- package/lib/vendor/blamejs/bench/safe-json.bench.js +2 -0
- package/lib/vendor/blamejs/bin/blamejs.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/Dockerfile +1 -1
- package/lib/vendor/blamejs/examples/wiki/lib/auto-site-entries.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/build-app.js +9 -1
- package/lib/vendor/blamejs/examples/wiki/lib/harvest-cli.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/harvest-env-vars.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/harvest-errors.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/harvest-vendored-deps.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/html-entities.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/nav.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/opts-resolver.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/section.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/migrations/0001-pages-schema.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/package-lock.json +30 -0
- package/lib/vendor/blamejs/examples/wiki/routes/admin.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/routes/integration.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/scripts/backfill-module-metadata.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/seeders/prod/0001-default-pages.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/_index.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/api.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/server.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/site.config.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/snippets/auth/password-hash.example.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/src/editor.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/src/wiki.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/codebase-patterns.test.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/e2e.js +23 -0
- package/lib/vendor/blamejs/examples/wiki/test/find-missing-pages.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/integration.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/validate-cli-snapshot.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/validate-env-snapshot.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/validate-nav-coverage.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/validate-site-coverage.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/test/validate-source-comment-blocks.js +2 -0
- package/lib/vendor/blamejs/examples/wiki/wiki.config.js +2 -0
- package/lib/vendor/blamejs/fuzz/_expected.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-agent-registry.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-csv.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-dsn.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-email.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-envelope.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-event-bus-payload.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-event-bus-topic.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-html.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-idempotency-key.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-imap-command.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-jmap.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-json.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-list-id.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-list-unsubscribe.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-mail-compose.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-mail-move.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-mail-query.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-mail-reply.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-mail-sieve.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-managesieve-command.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-markdown.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-message-id.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-pop3-command.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-posture-chain.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-saga-config.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-smtp-command.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-snapshot-envelope.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-sql.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-stream-args.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-svg.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-tenant-id.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-trace-context.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-xml.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/guard-yaml.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/package-lock.json +1239 -0
- package/lib/vendor/blamejs/fuzz/package.json +10 -0
- package/lib/vendor/blamejs/fuzz/parsers__safe-ini.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/parsers__safe-toml.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/parsers__safe-xml.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/parsers__safe-yaml.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-archive.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-decompress.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-dns.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-ical.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-icap.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-json.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-jsonpath.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-mime.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-mount-info.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-sieve.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-smtp.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-url.fuzz.js +2 -0
- package/lib/vendor/blamejs/fuzz/safe-vcard.fuzz.js +2 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +2 -0
- package/lib/vendor/blamejs/lib/a2a.js +2 -0
- package/lib/vendor/blamejs/lib/acme.js +7 -1
- package/lib/vendor/blamejs/lib/agent-audit.js +2 -0
- package/lib/vendor/blamejs/lib/agent-envelope-mac.js +2 -0
- package/lib/vendor/blamejs/lib/agent-event-bus.js +2 -0
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -0
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +10 -2
- package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -0
- package/lib/vendor/blamejs/lib/agent-saga.js +2 -0
- package/lib/vendor/blamejs/lib/agent-snapshot.js +2 -0
- package/lib/vendor/blamejs/lib/agent-stream.js +2 -0
- package/lib/vendor/blamejs/lib/agent-tenant.js +11 -2
- package/lib/vendor/blamejs/lib/agent-trace.js +2 -0
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -0
- package/lib/vendor/blamejs/lib/ai-aedt-bias-audit.js +2 -0
- package/lib/vendor/blamejs/lib/ai-capability.js +2 -0
- package/lib/vendor/blamejs/lib/ai-content-detect.js +2 -0
- package/lib/vendor/blamejs/lib/ai-disclosure.js +2 -0
- package/lib/vendor/blamejs/lib/ai-dp.js +2 -0
- package/lib/vendor/blamejs/lib/ai-frontier-protocol.js +2 -0
- package/lib/vendor/blamejs/lib/ai-input.js +2 -0
- package/lib/vendor/blamejs/lib/ai-model-manifest.js +2 -0
- package/lib/vendor/blamejs/lib/ai-output.js +2 -0
- package/lib/vendor/blamejs/lib/ai-pref.js +2 -0
- package/lib/vendor/blamejs/lib/ai-prompt.js +2 -0
- package/lib/vendor/blamejs/lib/ai-quota.js +2 -0
- package/lib/vendor/blamejs/lib/api-key.js +2 -0
- package/lib/vendor/blamejs/lib/api-snapshot.js +2 -0
- package/lib/vendor/blamejs/lib/app-shutdown.js +2 -0
- package/lib/vendor/blamejs/lib/app.js +2 -0
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -0
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +2 -0
- package/lib/vendor/blamejs/lib/archive-gz.js +2 -0
- package/lib/vendor/blamejs/lib/archive-read.js +2 -0
- package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -0
- package/lib/vendor/blamejs/lib/archive-tar.js +9 -0
- package/lib/vendor/blamejs/lib/archive-wrap.js +2 -0
- package/lib/vendor/blamejs/lib/archive.js +6 -0
- package/lib/vendor/blamejs/lib/arg-parser.js +2 -0
- package/lib/vendor/blamejs/lib/argon2-builtin.js +2 -0
- package/lib/vendor/blamejs/lib/asn1-der.js +2 -0
- package/lib/vendor/blamejs/lib/asyncapi-bindings.js +2 -0
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -0
- package/lib/vendor/blamejs/lib/asyncapi.js +2 -0
- package/lib/vendor/blamejs/lib/atomic-file.js +2 -0
- package/lib/vendor/blamejs/lib/audit-chain.js +2 -0
- package/lib/vendor/blamejs/lib/audit-daily-review.js +2 -0
- package/lib/vendor/blamejs/lib/audit-emit.js +2 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +2 -0
- package/lib/vendor/blamejs/lib/audit-tools.js +2 -0
- package/lib/vendor/blamejs/lib/audit.js +2 -0
- package/lib/vendor/blamejs/lib/auth/aal.js +2 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +2 -0
- package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -0
- package/lib/vendor/blamejs/lib/auth/ato-kill-switch.js +48 -11
- package/lib/vendor/blamejs/lib/auth/auth-time-tracker.js +2 -0
- package/lib/vendor/blamejs/lib/auth/bot-challenge.js +2 -0
- package/lib/vendor/blamejs/lib/auth/ciba.js +2 -0
- package/lib/vendor/blamejs/lib/auth/dpop.js +2 -0
- package/lib/vendor/blamejs/lib/auth/elevation-grant.js +2 -0
- package/lib/vendor/blamejs/lib/auth/fal.js +2 -0
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +11 -7
- package/lib/vendor/blamejs/lib/auth/jar.js +4 -1
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +16 -3
- package/lib/vendor/blamejs/lib/auth/jwt.js +2 -0
- package/lib/vendor/blamejs/lib/auth/lockout.js +237 -104
- package/lib/vendor/blamejs/lib/auth/oauth.js +98 -17
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +58 -17
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -0
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -0
- package/lib/vendor/blamejs/lib/auth/passkey.js +2 -0
- package/lib/vendor/blamejs/lib/auth/password.js +2 -0
- package/lib/vendor/blamejs/lib/auth/saml.js +68 -7
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +2 -0
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -0
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -0
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +9 -0
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -0
- package/lib/vendor/blamejs/lib/auth/step-up-policy.js +2 -0
- package/lib/vendor/blamejs/lib/auth/step-up.js +2 -0
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +5 -8
- package/lib/vendor/blamejs/lib/auth-header.js +2 -0
- package/lib/vendor/blamejs/lib/backup/bundle.js +2 -0
- package/lib/vendor/blamejs/lib/backup/crypto.js +2 -0
- package/lib/vendor/blamejs/lib/backup/index.js +14 -0
- package/lib/vendor/blamejs/lib/backup/manifest.js +2 -0
- package/lib/vendor/blamejs/lib/base32.js +2 -0
- package/lib/vendor/blamejs/lib/boot-gates.js +2 -0
- package/lib/vendor/blamejs/lib/bounded-map.js +3 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +2 -0
- package/lib/vendor/blamejs/lib/break-glass.js +10 -9
- package/lib/vendor/blamejs/lib/budr.js +2 -0
- package/lib/vendor/blamejs/lib/bundler.js +2 -0
- package/lib/vendor/blamejs/lib/cache-redis.js +2 -0
- package/lib/vendor/blamejs/lib/cache-status.js +2 -0
- package/lib/vendor/blamejs/lib/cache.js +13 -5
- package/lib/vendor/blamejs/lib/calendar.js +2 -0
- package/lib/vendor/blamejs/lib/canonical-json.js +19 -3
- package/lib/vendor/blamejs/lib/cbor.js +2 -0
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +2 -0
- package/lib/vendor/blamejs/lib/cert.js +2 -0
- package/lib/vendor/blamejs/lib/chain-writer.js +2 -0
- package/lib/vendor/blamejs/lib/circuit-breaker.js +2 -0
- package/lib/vendor/blamejs/lib/cli-helpers.js +2 -0
- package/lib/vendor/blamejs/lib/cli.js +57 -20
- package/lib/vendor/blamejs/lib/client-hints.js +2 -0
- package/lib/vendor/blamejs/lib/cloud-events.js +2 -0
- package/lib/vendor/blamejs/lib/cluster-provider-db.js +2 -0
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -0
- package/lib/vendor/blamejs/lib/cluster.js +2 -0
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -0
- package/lib/vendor/blamejs/lib/codepoint-class.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-ai-act-prohibited.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-ai-act-risk.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-ai-act.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-eaa.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-sanctions-aliases.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +2 -0
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -0
- package/lib/vendor/blamejs/lib/compliance.js +2 -0
- package/lib/vendor/blamejs/lib/config-drift.js +2 -0
- package/lib/vendor/blamejs/lib/config.js +2 -0
- package/lib/vendor/blamejs/lib/consent.js +2 -0
- package/lib/vendor/blamejs/lib/constants.js +2 -0
- package/lib/vendor/blamejs/lib/content-credentials.js +2 -0
- package/lib/vendor/blamejs/lib/content-digest.js +2 -0
- package/lib/vendor/blamejs/lib/cookies.js +2 -0
- package/lib/vendor/blamejs/lib/cose.js +2 -0
- package/lib/vendor/blamejs/lib/cra-report.js +2 -0
- package/lib/vendor/blamejs/lib/crdt.js +2 -0
- package/lib/vendor/blamejs/lib/credential-hash.js +2 -0
- package/lib/vendor/blamejs/lib/crypto-field.js +2 -0
- package/lib/vendor/blamejs/lib/crypto-hpke-pq.js +2 -0
- package/lib/vendor/blamejs/lib/crypto-hpke.js +2 -0
- package/lib/vendor/blamejs/lib/crypto-oprf.js +2 -0
- package/lib/vendor/blamejs/lib/crypto-xwing.js +2 -0
- package/lib/vendor/blamejs/lib/crypto.js +2 -0
- package/lib/vendor/blamejs/lib/csp.js +2 -0
- package/lib/vendor/blamejs/lib/csv.js +14 -1
- package/lib/vendor/blamejs/lib/cwt.js +2 -0
- package/lib/vendor/blamejs/lib/daemon.js +2 -0
- package/lib/vendor/blamejs/lib/dark-patterns.js +2 -0
- package/lib/vendor/blamejs/lib/data-act.js +2 -0
- package/lib/vendor/blamejs/lib/db-collection.js +2 -0
- package/lib/vendor/blamejs/lib/db-declare-row-policy.js +2 -0
- package/lib/vendor/blamejs/lib/db-declare-view.js +2 -0
- package/lib/vendor/blamejs/lib/db-file-lifecycle.js +2 -0
- package/lib/vendor/blamejs/lib/db-query.js +2 -0
- package/lib/vendor/blamejs/lib/db-role-context.js +2 -0
- package/lib/vendor/blamejs/lib/db-schema.js +2 -0
- package/lib/vendor/blamejs/lib/db.js +2 -0
- package/lib/vendor/blamejs/lib/dbsc.js +2 -0
- package/lib/vendor/blamejs/lib/ddl-change-control.js +2 -0
- package/lib/vendor/blamejs/lib/deprecate.js +2 -0
- package/lib/vendor/blamejs/lib/dev.js +2 -0
- package/lib/vendor/blamejs/lib/did.js +2 -0
- package/lib/vendor/blamejs/lib/dora.js +2 -0
- package/lib/vendor/blamejs/lib/dr-runbook.js +2 -0
- package/lib/vendor/blamejs/lib/dsa.js +2 -0
- package/lib/vendor/blamejs/lib/dsr.js +2 -0
- package/lib/vendor/blamejs/lib/dual-control.js +11 -15
- package/lib/vendor/blamejs/lib/early-hints.js +2 -0
- package/lib/vendor/blamejs/lib/eat.js +4 -1
- package/lib/vendor/blamejs/lib/error-page.js +2 -0
- package/lib/vendor/blamejs/lib/events.js +2 -0
- package/lib/vendor/blamejs/lib/external-db-migrate.js +2 -0
- package/lib/vendor/blamejs/lib/external-db.js +2 -0
- package/lib/vendor/blamejs/lib/fapi2.js +2 -0
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +2 -0
- package/lib/vendor/blamejs/lib/fdx.js +2 -0
- package/lib/vendor/blamejs/lib/fedcm.js +2 -0
- package/lib/vendor/blamejs/lib/file-type.js +2 -0
- package/lib/vendor/blamejs/lib/file-upload.js +139 -21
- package/lib/vendor/blamejs/lib/flag-cache.js +2 -0
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -0
- package/lib/vendor/blamejs/lib/flag-providers.js +2 -0
- package/lib/vendor/blamejs/lib/flag-targeting.js +4 -7
- package/lib/vendor/blamejs/lib/flag.js +2 -0
- package/lib/vendor/blamejs/lib/forms.js +11 -0
- package/lib/vendor/blamejs/lib/framework-error.js +2 -0
- package/lib/vendor/blamejs/lib/framework-files.js +2 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +2 -0
- package/lib/vendor/blamejs/lib/framework-sha1-hibp.js +2 -0
- package/lib/vendor/blamejs/lib/fsm.js +2 -0
- package/lib/vendor/blamejs/lib/gate-contract.js +2 -0
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +2 -0
- package/lib/vendor/blamejs/lib/graphql-federation.js +2 -0
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -0
- package/lib/vendor/blamejs/lib/guard-all.js +2 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +2 -0
- package/lib/vendor/blamejs/lib/guard-auth.js +2 -0
- package/lib/vendor/blamejs/lib/guard-cidr.js +2 -0
- package/lib/vendor/blamejs/lib/guard-csv.js +2 -0
- package/lib/vendor/blamejs/lib/guard-domain.js +2 -0
- package/lib/vendor/blamejs/lib/guard-dsn.js +2 -0
- package/lib/vendor/blamejs/lib/guard-email.js +2 -0
- package/lib/vendor/blamejs/lib/guard-envelope.js +2 -0
- package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +2 -0
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -0
- package/lib/vendor/blamejs/lib/guard-filename.js +2 -0
- package/lib/vendor/blamejs/lib/guard-graphql.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html-wcag-aria.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html-wcag-forms.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html-wcag-tables.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +2 -0
- package/lib/vendor/blamejs/lib/guard-html.js +2 -0
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -0
- package/lib/vendor/blamejs/lib/guard-image.js +2 -0
- package/lib/vendor/blamejs/lib/guard-imap-command.js +2 -0
- package/lib/vendor/blamejs/lib/guard-jmap.js +2 -0
- package/lib/vendor/blamejs/lib/guard-json.js +2 -0
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +2 -0
- package/lib/vendor/blamejs/lib/guard-jwt.js +2 -0
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -0
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mail-query.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mail-reply.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +2 -0
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +2 -0
- package/lib/vendor/blamejs/lib/guard-markdown.js +2 -0
- package/lib/vendor/blamejs/lib/guard-message-id.js +2 -0
- package/lib/vendor/blamejs/lib/guard-mime.js +2 -0
- package/lib/vendor/blamejs/lib/guard-oauth.js +14 -1
- package/lib/vendor/blamejs/lib/guard-pdf.js +2 -0
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +2 -0
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -0
- package/lib/vendor/blamejs/lib/guard-regex.js +59 -0
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -0
- package/lib/vendor/blamejs/lib/guard-shell.js +2 -0
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +2 -0
- package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +2 -0
- package/lib/vendor/blamejs/lib/guard-sql.js +2 -0
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -0
- package/lib/vendor/blamejs/lib/guard-svg.js +2 -0
- package/lib/vendor/blamejs/lib/guard-template.js +2 -0
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -0
- package/lib/vendor/blamejs/lib/guard-text.js +2 -0
- package/lib/vendor/blamejs/lib/guard-time.js +2 -0
- package/lib/vendor/blamejs/lib/guard-trace-context.js +2 -0
- package/lib/vendor/blamejs/lib/guard-uuid.js +2 -0
- package/lib/vendor/blamejs/lib/guard-xml.js +2 -0
- package/lib/vendor/blamejs/lib/guard-yaml.js +2 -0
- package/lib/vendor/blamejs/lib/hal.js +2 -0
- package/lib/vendor/blamejs/lib/handlers.js +2 -0
- package/lib/vendor/blamejs/lib/honeytoken.js +2 -0
- package/lib/vendor/blamejs/lib/html-balance.js +2 -0
- package/lib/vendor/blamejs/lib/http-client-cache.js +2 -0
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -0
- package/lib/vendor/blamejs/lib/http-client.js +2 -0
- package/lib/vendor/blamejs/lib/http-message-signature.js +144 -11
- package/lib/vendor/blamejs/lib/http2-teardown.js +2 -0
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +35 -6
- package/lib/vendor/blamejs/lib/i18n.js +2 -0
- package/lib/vendor/blamejs/lib/iab-mspa.js +2 -0
- package/lib/vendor/blamejs/lib/iab-tcf.js +2 -0
- package/lib/vendor/blamejs/lib/importmap-integrity.js +2 -0
- package/lib/vendor/blamejs/lib/inbox.js +2 -0
- package/lib/vendor/blamejs/lib/incident-report.js +2 -0
- package/lib/vendor/blamejs/lib/ip-utils.js +2 -0
- package/lib/vendor/blamejs/lib/jobs.js +2 -0
- package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -0
- package/lib/vendor/blamejs/lib/json-merge-patch.js +2 -0
- package/lib/vendor/blamejs/lib/json-patch.js +2 -0
- package/lib/vendor/blamejs/lib/json-path.js +2 -0
- package/lib/vendor/blamejs/lib/json-pointer.js +2 -0
- package/lib/vendor/blamejs/lib/json-schema.js +13 -1
- package/lib/vendor/blamejs/lib/jsonapi.js +2 -0
- package/lib/vendor/blamejs/lib/jtd.js +2 -0
- package/lib/vendor/blamejs/lib/jwk.js +2 -0
- package/lib/vendor/blamejs/lib/keychain.js +32 -10
- package/lib/vendor/blamejs/lib/lazy-require.js +2 -0
- package/lib/vendor/blamejs/lib/legal-hold.js +2 -0
- package/lib/vendor/blamejs/lib/link-header.js +2 -0
- package/lib/vendor/blamejs/lib/local-db-thin.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-local.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-syslog.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +2 -0
- package/lib/vendor/blamejs/lib/log-stream.js +2 -0
- package/lib/vendor/blamejs/lib/log.js +2 -0
- package/lib/vendor/blamejs/lib/lro.js +2 -0
- package/lib/vendor/blamejs/lib/mail-agent.js +2 -0
- package/lib/vendor/blamejs/lib/mail-arc-reuse-token.js +20 -0
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +32 -14
- package/lib/vendor/blamejs/lib/mail-arf.js +4 -0
- package/lib/vendor/blamejs/lib/mail-auth.js +93 -19
- package/lib/vendor/blamejs/lib/mail-bimi.js +26 -10
- package/lib/vendor/blamejs/lib/mail-bounce.js +23 -6
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +2 -0
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +2 -0
- package/lib/vendor/blamejs/lib/mail-crypto.js +2 -0
- package/lib/vendor/blamejs/lib/mail-dav.js +2 -0
- package/lib/vendor/blamejs/lib/mail-deploy.js +2 -0
- package/lib/vendor/blamejs/lib/mail-dkim.js +44 -5
- package/lib/vendor/blamejs/lib/mail-greylist.js +2 -0
- package/lib/vendor/blamejs/lib/mail-helo.js +16 -0
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -0
- package/lib/vendor/blamejs/lib/mail-mdn.js +17 -0
- package/lib/vendor/blamejs/lib/mail-rbl.js +2 -0
- package/lib/vendor/blamejs/lib/mail-require-tls.js +2 -0
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -0
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +32 -7
- package/lib/vendor/blamejs/lib/mail-server-imap.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +23 -11
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-mx.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-net.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-registry.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-submission.js +2 -0
- package/lib/vendor/blamejs/lib/mail-server-tls.js +2 -0
- package/lib/vendor/blamejs/lib/mail-sieve.js +2 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +2 -0
- package/lib/vendor/blamejs/lib/mail-srs.js +8 -0
- package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -0
- package/lib/vendor/blamejs/lib/mail-store.js +2 -0
- package/lib/vendor/blamejs/lib/mail-unsubscribe.js +2 -0
- package/lib/vendor/blamejs/lib/mail.js +11 -0
- package/lib/vendor/blamejs/lib/markup-escape.js +2 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +2 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +2 -0
- package/lib/vendor/blamejs/lib/mcp.js +4 -2
- package/lib/vendor/blamejs/lib/mdoc.js +2 -0
- package/lib/vendor/blamejs/lib/metrics.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/attach-user.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +10 -1
- package/lib/vendor/blamejs/lib/middleware/clear-site-data.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/compression.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/cookies.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/cors.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/csp-nonce.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/csp-report.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +12 -5
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/db-role-for.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/dpop.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/error-handler.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/flag-context.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/gpc.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/headers.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/health.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +30 -2
- package/lib/vendor/blamejs/lib/middleware/index.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/nel.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/network-allowlist.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/no-cache.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/request-id.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/request-log.js +6 -0
- package/lib/vendor/blamejs/lib/middleware/require-aal.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-auth.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-content-type.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-methods.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-mtls.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/require-step-up.js +42 -1
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/span-http-server.js +12 -0
- package/lib/vendor/blamejs/lib/middleware/speculation-rules.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/sse.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/trace-log-correlation.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/trace-propagate.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +2 -0
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -0
- package/lib/vendor/blamejs/lib/migration-files.js +2 -0
- package/lib/vendor/blamejs/lib/migrations.js +2 -0
- package/lib/vendor/blamejs/lib/mime-parse.js +5 -1
- package/lib/vendor/blamejs/lib/module-loader.js +2 -0
- package/lib/vendor/blamejs/lib/money.js +2 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +2 -0
- package/lib/vendor/blamejs/lib/mtls-engine-default.js +2 -0
- package/lib/vendor/blamejs/lib/network-byte-quota.js +76 -14
- package/lib/vendor/blamejs/lib/network-dane.js +2 -0
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +55 -18
- package/lib/vendor/blamejs/lib/network-dns.js +2 -0
- package/lib/vendor/blamejs/lib/network-dnssec.js +15 -2
- package/lib/vendor/blamejs/lib/network-heartbeat.js +2 -0
- package/lib/vendor/blamejs/lib/network-nts.js +2 -0
- package/lib/vendor/blamejs/lib/network-proxy.js +2 -0
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +6 -1
- package/lib/vendor/blamejs/lib/network-tls.js +99 -5
- package/lib/vendor/blamejs/lib/network-tsig.js +13 -1
- package/lib/vendor/blamejs/lib/network.js +2 -0
- package/lib/vendor/blamejs/lib/nis2-report.js +2 -0
- package/lib/vendor/blamejs/lib/nist-crosswalk.js +2 -0
- package/lib/vendor/blamejs/lib/nonce-store.js +2 -0
- package/lib/vendor/blamejs/lib/notify.js +2 -0
- package/lib/vendor/blamejs/lib/ntp-check.js +2 -0
- package/lib/vendor/blamejs/lib/numeric-bounds.js +2 -0
- package/lib/vendor/blamejs/lib/numeric-checks.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/gcs-bucket-ops.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/gcs.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/http-put.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/http-request.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/index.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/local.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +2 -0
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +4 -2
- package/lib/vendor/blamejs/lib/observability-tracer.js +2 -0
- package/lib/vendor/blamejs/lib/observability.js +2 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +2 -0
- package/lib/vendor/blamejs/lib/openapi-schema-walk.js +2 -0
- package/lib/vendor/blamejs/lib/openapi-security.js +2 -0
- package/lib/vendor/blamejs/lib/openapi-yaml.js +2 -0
- package/lib/vendor/blamejs/lib/openapi.js +2 -0
- package/lib/vendor/blamejs/lib/otel-export.js +2 -0
- package/lib/vendor/blamejs/lib/outbox.js +2 -0
- package/lib/vendor/blamejs/lib/pagination.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/index.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -0
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +2 -0
- package/lib/vendor/blamejs/lib/permissions.js +2 -0
- package/lib/vendor/blamejs/lib/pick.js +2 -0
- package/lib/vendor/blamejs/lib/pipl-cn.js +2 -0
- package/lib/vendor/blamejs/lib/pqc-agent.js +2 -0
- package/lib/vendor/blamejs/lib/pqc-gate.js +2 -0
- package/lib/vendor/blamejs/lib/pqc-software.js +2 -0
- package/lib/vendor/blamejs/lib/privacy-pass.js +2 -0
- package/lib/vendor/blamejs/lib/privacy.js +2 -0
- package/lib/vendor/blamejs/lib/problem-details.js +2 -0
- package/lib/vendor/blamejs/lib/process-spawn.js +2 -0
- package/lib/vendor/blamejs/lib/promise-pool.js +2 -0
- package/lib/vendor/blamejs/lib/protobuf-encoder.js +2 -0
- package/lib/vendor/blamejs/lib/protocol-dispatcher.js +2 -0
- package/lib/vendor/blamejs/lib/public-suffix.js +45 -5
- package/lib/vendor/blamejs/lib/pubsub-cluster.js +2 -0
- package/lib/vendor/blamejs/lib/pubsub-redis.js +2 -0
- package/lib/vendor/blamejs/lib/pubsub.js +2 -0
- package/lib/vendor/blamejs/lib/queue-local.js +28 -11
- package/lib/vendor/blamejs/lib/queue-redis.js +79 -17
- package/lib/vendor/blamejs/lib/queue-sqs.js +2 -0
- package/lib/vendor/blamejs/lib/queue.js +5 -3
- package/lib/vendor/blamejs/lib/redact.js +2 -0
- package/lib/vendor/blamejs/lib/redis-client.js +30 -5
- package/lib/vendor/blamejs/lib/render.js +2 -0
- package/lib/vendor/blamejs/lib/request-helpers.js +11 -0
- package/lib/vendor/blamejs/lib/resource-access-lock.js +2 -0
- package/lib/vendor/blamejs/lib/restore-bundle.js +2 -0
- package/lib/vendor/blamejs/lib/restore-rollback.js +2 -0
- package/lib/vendor/blamejs/lib/restore.js +2 -0
- package/lib/vendor/blamejs/lib/retention.js +2 -0
- package/lib/vendor/blamejs/lib/retry.js +2 -0
- package/lib/vendor/blamejs/lib/rfc3339.js +2 -0
- package/lib/vendor/blamejs/lib/router.js +109 -19
- package/lib/vendor/blamejs/lib/safe-archive.js +2 -0
- package/lib/vendor/blamejs/lib/safe-async.js +44 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +66 -0
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -0
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -0
- package/lib/vendor/blamejs/lib/safe-ical.js +2 -0
- package/lib/vendor/blamejs/lib/safe-icap.js +7 -0
- package/lib/vendor/blamejs/lib/safe-json.js +2 -0
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -0
- package/lib/vendor/blamejs/lib/safe-mime.js +2 -0
- package/lib/vendor/blamejs/lib/safe-mount-info.js +2 -0
- package/lib/vendor/blamejs/lib/safe-path.js +2 -0
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -0
- package/lib/vendor/blamejs/lib/safe-schema.js +2 -0
- package/lib/vendor/blamejs/lib/safe-sieve.js +2 -0
- package/lib/vendor/blamejs/lib/safe-smtp.js +2 -0
- package/lib/vendor/blamejs/lib/safe-sql.js +2 -0
- package/lib/vendor/blamejs/lib/safe-url.js +2 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +2 -0
- package/lib/vendor/blamejs/lib/sandbox-worker.js +2 -0
- package/lib/vendor/blamejs/lib/sandbox.js +2 -0
- package/lib/vendor/blamejs/lib/scheduler.js +2 -0
- package/lib/vendor/blamejs/lib/scitt.js +2 -0
- package/lib/vendor/blamejs/lib/sd-notify.js +2 -0
- package/lib/vendor/blamejs/lib/sec-cyber.js +2 -0
- package/lib/vendor/blamejs/lib/security-assert.js +2 -0
- package/lib/vendor/blamejs/lib/seeders.js +2 -0
- package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +2 -0
- package/lib/vendor/blamejs/lib/self-update.js +104 -56
- package/lib/vendor/blamejs/lib/server-timing.js +2 -0
- package/lib/vendor/blamejs/lib/session-device-binding.js +2 -0
- package/lib/vendor/blamejs/lib/session-stores.js +2 -0
- package/lib/vendor/blamejs/lib/session.js +71 -32
- package/lib/vendor/blamejs/lib/slug.js +2 -0
- package/lib/vendor/blamejs/lib/sql.js +2 -0
- package/lib/vendor/blamejs/lib/sse.js +2 -0
- package/lib/vendor/blamejs/lib/ssrf-guard.js +9 -1
- package/lib/vendor/blamejs/lib/standard-webhooks.js +2 -0
- package/lib/vendor/blamejs/lib/static.js +54 -20
- package/lib/vendor/blamejs/lib/storage.js +2 -0
- package/lib/vendor/blamejs/lib/stream-throttle.js +2 -0
- package/lib/vendor/blamejs/lib/structured-fields.js +2 -0
- package/lib/vendor/blamejs/lib/subject.js +2 -0
- package/lib/vendor/blamejs/lib/tcpa-10dlc.js +2 -0
- package/lib/vendor/blamejs/lib/template.js +2 -0
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -0
- package/lib/vendor/blamejs/lib/test-harness.js +2 -0
- package/lib/vendor/blamejs/lib/testing.js +2 -0
- package/lib/vendor/blamejs/lib/time.js +2 -0
- package/lib/vendor/blamejs/lib/tls-exporter.js +2 -0
- package/lib/vendor/blamejs/lib/totp.js +2 -0
- package/lib/vendor/blamejs/lib/tracing.js +2 -0
- package/lib/vendor/blamejs/lib/tsa.js +2 -0
- package/lib/vendor/blamejs/lib/uri-template.js +2 -0
- package/lib/vendor/blamejs/lib/uuid.js +2 -0
- package/lib/vendor/blamejs/lib/validate-opts.js +2 -0
- package/lib/vendor/blamejs/lib/vault/index.js +2 -0
- package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +2 -0
- package/lib/vendor/blamejs/lib/vault/passphrase-source.js +2 -0
- package/lib/vendor/blamejs/lib/vault/rotate.js +2 -0
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +2 -0
- package/lib/vendor/blamejs/lib/vault/wrap.js +2 -0
- package/lib/vendor/blamejs/lib/vault-aad.js +2 -0
- package/lib/vendor/blamejs/lib/vc.js +31 -0
- package/lib/vendor/blamejs/lib/vendor/MANIFEST.json +10 -10
- package/lib/vendor/blamejs/lib/vendor/public-suffix-list.dat +2 -4
- package/lib/vendor/blamejs/lib/vendor/public-suffix-list.data.js +745 -745
- package/lib/vendor/blamejs/lib/vendor-data.js +2 -0
- package/lib/vendor/blamejs/lib/vex.js +2 -0
- package/lib/vendor/blamejs/lib/watcher.js +2 -0
- package/lib/vendor/blamejs/lib/web-push-vapid.js +2 -0
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +33 -5
- package/lib/vendor/blamejs/lib/webhook.js +2 -0
- package/lib/vendor/blamejs/lib/websocket-channels.js +2 -0
- package/lib/vendor/blamejs/lib/websocket.js +2 -0
- package/lib/vendor/blamejs/lib/wiki-concepts.js +2 -0
- package/lib/vendor/blamejs/lib/worker-pool.js +2 -0
- package/lib/vendor/blamejs/lib/worm.js +2 -0
- package/lib/vendor/blamejs/lib/ws-client.js +2 -0
- package/lib/vendor/blamejs/lib/x509-chain.js +2 -0
- package/lib/vendor/blamejs/lib/xml-c14n.js +10 -7
- package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/Dockerfile +7 -6
- package/lib/vendor/blamejs/package-lock.json +533 -0
- package/lib/vendor/blamejs/package.json +3 -3
- package/lib/vendor/blamejs/release-notes/v0.15.x.json +2284 -0
- package/lib/vendor/blamejs/release-notes/v0.16.0.json +44 -0
- package/lib/vendor/blamejs/release-notes/v0.16.1.json +36 -0
- package/lib/vendor/blamejs/release-notes/v0.16.2.json +71 -0
- package/lib/vendor/blamejs/scripts/build-vendored-sbom.js +2 -0
- package/lib/vendor/blamejs/scripts/check-actions-currency.js +113 -1
- package/lib/vendor/blamejs/scripts/check-api-snapshot.js +2 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +2 -0
- package/lib/vendor/blamejs/scripts/check-esbuild-pin.js +33 -40
- package/lib/vendor/blamejs/scripts/check-pack-against-gitignore.js +2 -0
- package/lib/vendor/blamejs/scripts/check-services.js +2 -0
- package/lib/vendor/blamejs/scripts/check-vendor-currency.js +2 -0
- package/lib/vendor/blamejs/scripts/consolidate-release-notes.js +2 -0
- package/lib/vendor/blamejs/scripts/gen-migrating.js +2 -0
- package/lib/vendor/blamejs/scripts/generate-changelog-entry.js +2 -0
- package/lib/vendor/blamejs/scripts/generate-release-signing-key.js +2 -0
- package/lib/vendor/blamejs/scripts/generate-ssdf-attestation.js +2 -0
- package/lib/vendor/blamejs/scripts/pin-all.js +215 -0
- package/lib/vendor/blamejs/scripts/refresh-api-snapshot.js +2 -0
- package/lib/vendor/blamejs/scripts/refresh-vendor-manifest.js +2 -0
- package/lib/vendor/blamejs/scripts/release.js +5 -1
- package/lib/vendor/blamejs/scripts/sha3-digest.js +2 -0
- package/lib/vendor/blamejs/scripts/sign-release-artifact.js +2 -0
- package/lib/vendor/blamejs/scripts/test-integration.js +2 -0
- package/lib/vendor/blamejs/scripts/test-wiki-integration.js +2 -0
- package/lib/vendor/blamejs/scripts/validate-source-comment-blocks.js +2 -0
- package/lib/vendor/blamejs/scripts/vendor-data-gen.js +2 -0
- package/lib/vendor/blamejs/scripts/vendor-data-keygen.js +2 -0
- package/lib/vendor/blamejs/test/00-primitives.js +35 -1
- package/lib/vendor/blamejs/test/10-state.js +2 -0
- package/lib/vendor/blamejs/test/20-db.js +2 -0
- package/lib/vendor/blamejs/test/30-chain.js +2 -0
- package/lib/vendor/blamejs/test/40-consumers.js +2 -0
- package/lib/vendor/blamejs/test/50-integration.js +2 -0
- package/lib/vendor/blamejs/test/_helpers.js +2 -0
- package/lib/vendor/blamejs/test/_smoke-worker.js +2 -0
- package/lib/vendor/blamejs/test/fixtures/worker-pool/echo.js +2 -0
- package/lib/vendor/blamejs/test/helpers/_codebase-shingle-worker.js +2 -0
- package/lib/vendor/blamejs/test/helpers/_codebase-shingle.js +2 -0
- package/lib/vendor/blamejs/test/helpers/_shape-match.js +2 -0
- package/lib/vendor/blamejs/test/helpers/check.js +2 -0
- package/lib/vendor/blamejs/test/helpers/cluster.js +2 -0
- package/lib/vendor/blamejs/test/helpers/db.js +2 -0
- package/lib/vendor/blamejs/test/helpers/drivers.js +2 -0
- package/lib/vendor/blamejs/test/helpers/fs-watch.js +2 -0
- package/lib/vendor/blamejs/test/helpers/http.js +2 -0
- package/lib/vendor/blamejs/test/helpers/index.js +2 -0
- package/lib/vendor/blamejs/test/helpers/json-round-trip.js +2 -0
- package/lib/vendor/blamejs/test/helpers/mocks.js +2 -0
- package/lib/vendor/blamejs/test/helpers/otel.js +2 -0
- package/lib/vendor/blamejs/test/helpers/services.js +2 -0
- package/lib/vendor/blamejs/test/helpers/wait.js +2 -0
- package/lib/vendor/blamejs/test/integration/audit-actor-binding-pg.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/audit-stack-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/backup-restore-objectstore.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/cache.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/cluster-provider-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-cluster-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-cluster-pg.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-mysql-privacy.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/data-layer-postgres.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/db-layer-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/db-layer-postgres.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/distributed-scheduler-fencing-pg.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/external-db-postgres.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/federation-auth.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/http-client.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/log-stream-cloudwatch.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/log-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/mail-dkim.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/mail-smtp.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/mtls-ca.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/network-dns.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/ntp-check.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/object-store-azure.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/object-store-gcs.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/object-store-worm-lock.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/pqc-pkcs8-forward-compat.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/pubsub.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/queue-cluster-mysql.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/queue-cluster-pg.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/queue-redis.test.js +115 -0
- package/lib/vendor/blamejs/test/integration/queue-sqs.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/redis-client-tls.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/redis-reconnect-toxiproxy.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/sql-fts5-catalog-sqlite.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/ssrf-guard.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/tls-classical-downgrade-audit.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +15 -0
- package/lib/vendor/blamejs/test/integration/websocket-permessage-deflate.test.js +2 -0
- package/lib/vendor/blamejs/test/integration/ws-client-roundtrip.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/a2a-tasks.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/a2a.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/access-lock.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/acme-coverage.test.js +441 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/acme-failclosed.test.js +131 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/acme.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-idempotency.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-orchestrator.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-posture-chain.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-saga.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-snapshot.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-tenant.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-trace.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-adverse-decision.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-aedt-bias-audit.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-capability.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-content-detect.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-disclosure-apply-all.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-disclosure.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-dp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-frontier-protocol.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-input.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-model-manifest.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-pref.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-prompt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ai-quota.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt-rejection-envelope.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/app-shutdown.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-gz.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-read.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-sniff-envelope.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-tar-hardening.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-tar.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-wrap-passphrase.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-wrap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-zip-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive.test.js +4 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/arg-parser.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/asn1-der.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/asyncapi.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-conflict-path.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-exclusive-temp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read-errorfor-bypass.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-open-append-nofollow.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-open-nofollow.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-rename-retry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-write-excl.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-write-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/attach-user-bearer-scheme.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-chain-corrupted-anchor.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-chain-incremental-verify.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-checkpoint-false-rollback.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-cve-defensive.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-daily-review.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-export-cadf.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-query-self-log.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-segregation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-ml-dsa-65.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-signing-key-rotation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-tools-dual-control.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-tools-return-bytes.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-verifybundle-tamper.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge-verifier.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +9 -6
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jwt-defenses.test.js +56 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-lockout.test.js +121 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-oauth-coverage.test.js +482 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-oauth-failclosed.test.js +257 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-password-audit.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-saml-coverage.test.js +671 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-saml-failclosed.test.js +179 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-status-list.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-bucket-ops.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-key-encoding.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-bundle-info.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-clone-bundle.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-find-bundles.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-index-coverage.test.js +690 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-index-failclosed.test.js +103 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-key-rotation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-manifest-signature.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-residency-posture.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-rewrap-all.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-rewrap-bundle.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-scheduletest-drill.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-verify-all-bundles.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-verify-bundle.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-worker.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/base32.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/bearer-auth.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-chunked-malformed.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-error-redaction.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-smuggling.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/boot-gates.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/breach-deadline.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +46 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/budr.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/bundler-engine.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cache-status.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cache.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/calendar.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json-jcs.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json.test.js +28 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cbor.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cdn-cache-control.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cert.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ciba-authreqid-binding.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/clear-site-data.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-audit-verify-chain.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-backup.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-config-drift.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-coverage.test.js +238 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-erase.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-file-type.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-helpers.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-mtls.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-password.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-restore.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-retention.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-security.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-vault.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/client-hints.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cloud-events.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cluster-storage.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cluster-vault-rotation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cms-codec.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +791 -13
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-cascade.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eaa.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eu-ai-act-posture.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-sanctions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compression-range.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/config-drift.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/config.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/consent-purposes.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/content-credentials.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/content-digest.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cors.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cose.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cra-report.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crdt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/credential-hash.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-envelope.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-aad-downgrade.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-derived-hash.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-dual-read-migrate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-per-row-key.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-unseal-rate-cap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-upgrade-dialect.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-files-parallel.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke-pq.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-interop-oracles.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-mlkem768-x25519.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-namespace-hash.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-oprf.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-random-int.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-self-test.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-xwing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-report.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csrf-protect.test.js +40 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csv.test.js +11 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cwt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/daily-byte-quota.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dane.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dark-patterns.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/data-act.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-collection-extensions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-collection.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-column-gate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-init-extensions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-key-aad.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-query-extensions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-query-sealed-field-in.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-raw-residency-gate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-role-for.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-drift.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-reconcile-emittable.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-transaction.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-stream-and-payload-shape.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-vacuum.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ddl-change-control.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/declare-row-policy.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/declare-view.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-default-gate-posture-caps.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/deny-response.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/did.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dns-dnssec-algorithm.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dns-null-mx.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dnssec.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dora.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dpop-alg-kty.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dpop-htu-peergating.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dpop-middleware-replaystore-required.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dr-runbook.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dsa.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dsr-state-rules.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dual-control.test.js +28 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/early-hints.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/eat.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/erase-posture-vacuum.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/events.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/exploit-replay.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-non-atomic-backend.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/external-db-routing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fal.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fapi2.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fda-21cfr11.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fdx.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fedcm-dbsc.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +124 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fetch-metadata.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3-cert-bad-validity.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/file-type.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-content-safety-skip-audit.test.js +66 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-ownership.test.js +214 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/forensic-snapshot.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fsm.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gcs-bucket-ops.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gdpr-ropa.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-agent-registry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-all.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-archive.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-dsn.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-envelope.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-payload.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-topic.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html-wcag.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-idempotency-key.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-jmap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-id.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-unsubscribe.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-compose.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-move.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-query.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-reply.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-sieve.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-message-id.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-oauth-replay-failopen.test.js +57 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-posture-chain.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-saga-config.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-smtp-command.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-snapshot-envelope.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-stream-args.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-tenant-id.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-trace-context.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/hal.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/honeytoken.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/html-balance.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-throttle-transform.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-message-signature.test.js +315 -3
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n-messageformat.test.js +26 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/iab-mspa.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/iab-tcf.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +40 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/importmap-integrity.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/incident-report.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/jose-jwe-experimental.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-api.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-merge-patch.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-patch.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-path.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-round-trip-helper.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/json-schema.test.js +26 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/jtd.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/jwk.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/jwt-external.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/keychain-coverage.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/keychain-failclosed.test.js +185 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/keychain.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/link-header.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/local-db-thin.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-cloudwatch.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp-grpc.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/lro.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-agent.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-coverage.test.js +437 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-dmarc-policy-failclosed.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-failclosed.test.js +144 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +289 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi-cert-validity-unparseable.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-bounce.test.js +61 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-canspam.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp-experimental.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime-bad-validity.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dav.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy-tlsrpt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim-numericdate-failclosed.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +130 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-feedback-id.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-header-injection.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-helo.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-mdn.test.js +29 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-proxy-framing-bounds.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-rbl.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-require-tls.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-scan.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-send-deliver.test.js +113 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-imap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-managesieve.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-pop3.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-rate-limit.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-registry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-submission.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-sieve.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-spam-score.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-srs.test.js +21 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store-fts.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-unsubscribe.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mcp-tool-registry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mcp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mdoc.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/metrics-shadow-registry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/metrics-snapshot.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/middleware-compose-pipeline.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +11 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-paths.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nel.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-allowlist.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-byte-quota.test.js +65 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-lookup-timeout-default.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver-timeout.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver.test.js +28 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-dns.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-heartbeat-passive.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-nts-handshake-byte-cap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-smtp-policy-coverage.test.js +565 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-build-options.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-ct-inclusion.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tsig.test.js +26 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nis2-report.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nist-crosswalk.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/no-cache.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/notify.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/numeric-bounds.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/object-store-range-header.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/object-store-versioned-delete.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability-tracing.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/openapi.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/otlp-attr-redaction.test.js +8 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/outbox-inflight-reaper.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/output-header-hardening.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pagination.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/parser-verify-hardening.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/passkey-real-vectors.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/passkey.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/permissions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pipl-cn.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pqc-software.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/privacy-pass.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/privacy-vendor-review.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/problem-details.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/process-spawn.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/promise-pool.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/protected-resource-metadata.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/proto-shadow-allowlist.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/protobuf-encoder.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/protocol-dispatcher.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/public-suffix.test.js +29 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/pubsub.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-byo-db.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-dlq-extend-lease.test.js +44 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-flow-repeat.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-priority-rate-progress.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/queue-sqs.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-cluster.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-xff-spoofing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +16 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +7 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-id-async-context.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-log.test.js +3 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/require-auth-cache-control.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/require-mtls.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/resource-access-lock.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/restore-blob-remap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retention-dryrun-no-vacuum.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retention-floor.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retention-sweep-termination.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retry.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-body-validation.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-coverage.test.js +592 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-cross-origin-redirect.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-failclosed.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-tls0rtt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-use-path-scope.test.js +59 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-archive-auto-unwrap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-archive-inspect-unwrap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +41 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-parallel.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +13 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-decompress.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-dns.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-ical.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-icap.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-json-stringify-for-script.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-mime.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-mount-info.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-path.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-redirect.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-sieve.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-smtp.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-canonicalize.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-idn-homograph.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-vcard.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-xml.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-mdq-wrapping.test.js +237 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-slo.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notbefore.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-exactly-once.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-watchdog-stale-settle.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/scim-server.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/scitt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc-ecdsa-p1363.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-notify.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sec-cyber.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-assert.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-txt.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/seeders.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update-poll-asset-digest.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier-ecdsa-encoding.test.js +9 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +87 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/server-timing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-binding-unreadable-failclosed.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-destroy-all-store-backed.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding-ipv6-canonical-and-no-store.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/shape-match.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/slug.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/smtp-policy.test.js +5 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/source-comment-blocks.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/speculation-rules.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql-coverage.test.js +422 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse-backpressure.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +23 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/standard-webhooks.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +33 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/step-up.test.js +44 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/storage-chunk-scratch.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/stream-throttle.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields-codec.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tcpa-10dlc.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/template-escape-html.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tenant-quota.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/test-coverage.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/test-harness.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/testing-request.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/testing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/time.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-exporter.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-ct.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-freshness.test.js +6 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-verify.test.js +127 -3
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-pinset-drift.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tls-preferred-groups.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tracing.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tsa.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/uri-template.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/uuid.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-port.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vault-aad.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vault-default-store.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vault-rotate-aad.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vault-seal-pem-file.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vc.test.js +25 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vendor-currency-classify.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vendor-data.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vendor-manifest.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vex.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/watcher.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/web-push-vapid.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-verify-nonce-atomic.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/websocket-channels.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/websocket-extension-header.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool-recycle-race.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/worm.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ws-client.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/x509-chain-ca-enforcement.test.js +117 -1
- package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-5-integration/bundler-output.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-5-integration/external-db-residency.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +2 -0
- package/lib/vendor/blamejs/test/layer-5-integration/security-chaos.test.js +2 -0
- package/lib/vendor/blamejs/test/smoke.js +2 -0
- package/package.json +5 -2
- package/lib/vendor/blamejs/release-notes/v0.15.0.json +0 -77
- package/lib/vendor/blamejs/release-notes/v0.15.1.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.15.10.json +0 -53
- package/lib/vendor/blamejs/release-notes/v0.15.11.json +0 -52
- package/lib/vendor/blamejs/release-notes/v0.15.12.json +0 -47
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +0 -81
- package/lib/vendor/blamejs/release-notes/v0.15.14.json +0 -122
- package/lib/vendor/blamejs/release-notes/v0.15.15.json +0 -73
- package/lib/vendor/blamejs/release-notes/v0.15.16.json +0 -94
- package/lib/vendor/blamejs/release-notes/v0.15.17.json +0 -52
- package/lib/vendor/blamejs/release-notes/v0.15.18.json +0 -49
- package/lib/vendor/blamejs/release-notes/v0.15.19.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.2.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.15.20.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.15.21.json +0 -51
- package/lib/vendor/blamejs/release-notes/v0.15.22.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.23.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.15.24.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.15.25.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.26.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.27.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.28.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.29.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.15.3.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.15.30.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.31.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.32.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.33.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.34.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.15.35.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.15.36.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.15.37.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.15.38.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.15.4.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.15.5.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.15.6.json +0 -59
- package/lib/vendor/blamejs/release-notes/v0.15.7.json +0 -43
- package/lib/vendor/blamejs/release-notes/v0.15.8.json +0 -48
- package/lib/vendor/blamejs/release-notes/v0.15.9.json +0 -58
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright (c) blamejs contributors
|
|
1
3
|
"use strict";
|
|
2
4
|
/**
|
|
3
5
|
* b.auth.lockout — per-key failed-attempt tracking with exponential
|
|
@@ -90,6 +92,11 @@ var observability = lazyRequire(function () { return require("../observability")
|
|
|
90
92
|
|
|
91
93
|
var _err = LockoutError.factory;
|
|
92
94
|
|
|
95
|
+
// Default duration for an operator-forced lock() (ATO kill-switch / incident
|
|
96
|
+
// response) when neither untilMs nor durationMs is supplied — long enough to
|
|
97
|
+
// require an explicit admin unlock() during an active incident.
|
|
98
|
+
var DEFAULT_ADMIN_LOCK_MS = C.TIME.hours(24);
|
|
99
|
+
|
|
93
100
|
var DEFAULTS = Object.freeze({
|
|
94
101
|
maxAttempts: 5,
|
|
95
102
|
windowMs: C.TIME.minutes(15),
|
|
@@ -161,10 +168,11 @@ function create(opts) {
|
|
|
161
168
|
|
|
162
169
|
if (!opts.cache || typeof opts.cache !== "object" ||
|
|
163
170
|
typeof opts.cache.get !== "function" ||
|
|
164
|
-
typeof opts.cache.
|
|
165
|
-
typeof opts.cache.
|
|
171
|
+
typeof opts.cache.del !== "function" ||
|
|
172
|
+
typeof opts.cache.update !== "function") {
|
|
166
173
|
throw _err("BAD_OPT", "auth.lockout.create: opts.cache must be a b.cache " +
|
|
167
|
-
"instance (or shape with get/
|
|
174
|
+
"instance (or shape with get/del/update — the failure counter needs " +
|
|
175
|
+
"an atomic update). Pass b.cache.create({...}).");
|
|
168
176
|
}
|
|
169
177
|
_requireString("namespace", opts.namespace);
|
|
170
178
|
|
|
@@ -172,7 +180,11 @@ function create(opts) {
|
|
|
172
180
|
_requirePositiveInt("maxAttempts", maxAttempts);
|
|
173
181
|
|
|
174
182
|
var windowMs = opts.windowMs !== undefined ? opts.windowMs : DEFAULTS.windowMs;
|
|
175
|
-
|
|
183
|
+
// windowMs must be POSITIVE: a 0 window makes every failure "decay" on the
|
|
184
|
+
// next request (the `now - lastFailureAt > windowMs` reset fires for any
|
|
185
|
+
// elapsed time) so the counter never reaches maxAttempts, AND the cache TTL
|
|
186
|
+
// of 0 makes the state non-persistent — together silently disabling lockout.
|
|
187
|
+
_requirePositiveInt("windowMs", windowMs);
|
|
176
188
|
|
|
177
189
|
var lockoutDurations = opts.lockoutDurations !== undefined
|
|
178
190
|
? opts.lockoutDurations : DEFAULTS.lockoutDurations;
|
|
@@ -232,13 +244,6 @@ function create(opts) {
|
|
|
232
244
|
}
|
|
233
245
|
}
|
|
234
246
|
|
|
235
|
-
async function _writeState(key, state, ttlMs) {
|
|
236
|
-
try {
|
|
237
|
-
await cache.set(_scopedKey(key), state, { ttlMs: ttlMs });
|
|
238
|
-
} catch (_e) {
|
|
239
|
-
_signalCacheError("set");
|
|
240
|
-
}
|
|
241
|
-
}
|
|
242
247
|
|
|
243
248
|
async function _deleteState(key) {
|
|
244
249
|
try {
|
|
@@ -248,6 +253,49 @@ function create(opts) {
|
|
|
248
253
|
}
|
|
249
254
|
}
|
|
250
255
|
|
|
256
|
+
// Atomically clear the lockout state under a compare-and-set, so a clear
|
|
257
|
+
// (recordSuccess / unlock) cannot race a concurrent recordFailure that just
|
|
258
|
+
// engaged a lock — a read-then-del would erase that fresh lock. onState is
|
|
259
|
+
// invoked with the pre-clear state inside the CAS mutator (it may re-run on a
|
|
260
|
+
// retry; the last invocation reflects the committed state) to capture audit
|
|
261
|
+
// detail. On a backend that can't do an atomic update at runtime it falls
|
|
262
|
+
// back to read-then-del (a lost clear leaves a lock in place — fail-safe).
|
|
263
|
+
// preserveIf(state) → true to KEEP the state (abort the clear) rather than
|
|
264
|
+
// delete it. recordSuccess passes a predicate that preserves an active forced
|
|
265
|
+
// (admin / ATO kill-switch) lock, so a successful login by someone who still
|
|
266
|
+
// holds the compromised password cannot clear it — only an explicit unlock()
|
|
267
|
+
// releases a forced lock.
|
|
268
|
+
async function _atomicClear(key, onState, preserveIf) {
|
|
269
|
+
try {
|
|
270
|
+
await cache.update(_scopedKey(key), function (state) {
|
|
271
|
+
state = state || null;
|
|
272
|
+
onState(state);
|
|
273
|
+
if (!state) return { abort: true };
|
|
274
|
+
if (preserveIf && preserveIf(state)) return { abort: true };
|
|
275
|
+
return { delete: true };
|
|
276
|
+
}, { ttlMs: windowMs });
|
|
277
|
+
} catch (e) {
|
|
278
|
+
if (e && e.code === "UNSUPPORTED") {
|
|
279
|
+
var st = await _readState(key);
|
|
280
|
+
onState(st);
|
|
281
|
+
if (st && !(preserveIf && preserveIf(st))) await _deleteState(key);
|
|
282
|
+
return;
|
|
283
|
+
}
|
|
284
|
+
_signalCacheError("update");
|
|
285
|
+
// Best-effort fallback so a transient cache error doesn't leave the
|
|
286
|
+
// counter un-cleared on the happy path.
|
|
287
|
+
var st2 = await _readState(key);
|
|
288
|
+
onState(st2);
|
|
289
|
+
if (st2 && !(preserveIf && preserveIf(st2))) await _deleteState(key);
|
|
290
|
+
}
|
|
291
|
+
}
|
|
292
|
+
|
|
293
|
+
// An active forced/admin lock (set by lock()) must survive recordSuccess.
|
|
294
|
+
function _isActiveForcedLock(state) {
|
|
295
|
+
return !!(state && state.forced === true &&
|
|
296
|
+
typeof state.lockedUntil === "number" && state.lockedUntil > clock());
|
|
297
|
+
}
|
|
298
|
+
|
|
251
299
|
function _verdictFromState(state, now) {
|
|
252
300
|
if (!state) return { locked: false, attempts: 0 };
|
|
253
301
|
if (state.lockedUntil && state.lockedUntil > now) {
|
|
@@ -262,126 +310,143 @@ function create(opts) {
|
|
|
262
310
|
|
|
263
311
|
// ---- Public surface ----
|
|
264
312
|
|
|
265
|
-
//
|
|
266
|
-
//
|
|
267
|
-
//
|
|
268
|
-
//
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
_recordChains.set(key, tail);
|
|
276
|
-
tail.then(function () { if (_recordChains.get(key) === tail) _recordChains.delete(key); });
|
|
277
|
-
return run;
|
|
278
|
-
}
|
|
279
|
-
|
|
280
|
-
async function _doRecordFailure(key, callOpts) {
|
|
313
|
+
// The failure counter is a read-modify-write on a shared cache. A plain
|
|
314
|
+
// get -> increment -> set is not atomic, so concurrent recordFailure calls
|
|
315
|
+
// across nodes lose increments and a brute-force attacker spread across nodes
|
|
316
|
+
// stays under the lockout threshold. cache.update runs the whole decision
|
|
317
|
+
// under a compare-and-set (with retry on the cluster backend), so every
|
|
318
|
+
// failure is counted. The mutator is PURE (it may re-run on a CAS retry): it
|
|
319
|
+
// computes the next state, records the outcome for the post-commit audit /
|
|
320
|
+
// observability emits below, and captures any error it raises so a
|
|
321
|
+
// configuration fault surfaces instead of being read as a cache failure.
|
|
322
|
+
async function recordFailure(key, callOpts) {
|
|
281
323
|
_requireKey(key);
|
|
282
324
|
callOpts = callOpts || {};
|
|
283
325
|
var now = clock();
|
|
284
|
-
var
|
|
326
|
+
var outcome = null;
|
|
327
|
+
var mutatorErr = null;
|
|
328
|
+
try {
|
|
329
|
+
await cache.update(_scopedKey(key), function (state) {
|
|
330
|
+
try {
|
|
331
|
+
state = state || null;
|
|
332
|
+
// Currently locked: the lockout itself counts — don't accumulate during
|
|
333
|
+
// the cooldown. Abort (no write); the verdict comes from the read state.
|
|
334
|
+
if (state && state.lockedUntil && state.lockedUntil > now) {
|
|
335
|
+
outcome = { kind: "during-lock", attempts: state.attempts || 0,
|
|
336
|
+
lockNumber: state.lockNumber || 0, lockedUntil: state.lockedUntil };
|
|
337
|
+
return { abort: true };
|
|
338
|
+
}
|
|
339
|
+
// Window decay: failures older than windowMs reset the counter.
|
|
340
|
+
// Lock-number persists so an attacker who sleeps off a lockout doesn't
|
|
341
|
+
// get a fresh ladder rung.
|
|
342
|
+
if (state && state.lastFailureAt && (now - state.lastFailureAt) > windowMs) {
|
|
343
|
+
state = { attempts: 0, lockNumber: state.lockNumber || 0,
|
|
344
|
+
firstFailureAt: null, lastFailureAt: null, lockedUntil: null };
|
|
345
|
+
}
|
|
346
|
+
var attempts = (state && state.attempts) || 0;
|
|
347
|
+
var lockNumber = (state && state.lockNumber) || 0;
|
|
348
|
+
attempts += 1;
|
|
349
|
+
var lockedUntil = null, newLock = false;
|
|
350
|
+
if (attempts >= maxAttempts) {
|
|
351
|
+
lockNumber += 1;
|
|
352
|
+
lockedUntil = now + _resolveDuration(lockoutDurations, lockNumber);
|
|
353
|
+
newLock = true;
|
|
354
|
+
attempts = 0; // counter resets — the lockout window IS the punishment
|
|
355
|
+
}
|
|
356
|
+
var newState = {
|
|
357
|
+
attempts: attempts,
|
|
358
|
+
lockNumber: lockNumber,
|
|
359
|
+
firstFailureAt: (state && state.firstFailureAt) || now,
|
|
360
|
+
lastFailureAt: now,
|
|
361
|
+
lockedUntil: lockedUntil,
|
|
362
|
+
};
|
|
363
|
+
outcome = { kind: "recorded", attempts: attempts, lockNumber: lockNumber,
|
|
364
|
+
lockedUntil: lockedUntil, newLock: newLock };
|
|
365
|
+
// Keep the state only as long as it is meaningful: a non-locked counter
|
|
366
|
+
// expires after the decay window (so check()/attempts() read clean once
|
|
367
|
+
// it has elapsed), and a lock persists until lockedUntil plus a window
|
|
368
|
+
// so the lockNumber survives the cooldown — for the operator's actual
|
|
369
|
+
// configured duration, however long. A DURATION (the cache resolves it
|
|
370
|
+
// against its own clock) so an injectable lockout clock never desyncs
|
|
371
|
+
// the cache's expiry.
|
|
372
|
+
return { value: newState, ttlMs: lockedUntil ? (lockedUntil - now + windowMs) : windowMs };
|
|
373
|
+
} catch (me) {
|
|
374
|
+
mutatorErr = me;
|
|
375
|
+
throw me;
|
|
376
|
+
}
|
|
377
|
+
}, { ttlMs: windowMs });
|
|
378
|
+
} catch (e) {
|
|
379
|
+
// A configuration fault raised by the mutator (e.g. a lockoutDurations
|
|
380
|
+
// function returning an invalid value) must surface — not be swallowed as
|
|
381
|
+
// a backend failure and silently disable the lockout.
|
|
382
|
+
if (mutatorErr) throw mutatorErr;
|
|
383
|
+
// A backend that can't actually commit an atomic update (a get/set-only
|
|
384
|
+
// backend throws UNSUPPORTED at call time) must surface LOUD — failing
|
|
385
|
+
// open here would silently disable lockout. Any other cache error keeps
|
|
386
|
+
// the documented fail-OPEN posture (allow the attempt, signal it).
|
|
387
|
+
if (e && e.code === "UNSUPPORTED") {
|
|
388
|
+
throw _err("CACHE_NO_ATOMIC_UPDATE",
|
|
389
|
+
"auth.lockout: the cache backend does not support atomic update() — the " +
|
|
390
|
+
"failure counter cannot be enforced across nodes on a get/set-only backend; " +
|
|
391
|
+
"use a cache whose backend implements update (the memory or cluster backend).");
|
|
392
|
+
}
|
|
393
|
+
_signalCacheError("update");
|
|
394
|
+
return { locked: false, attempts: 0 };
|
|
395
|
+
}
|
|
285
396
|
|
|
286
|
-
|
|
287
|
-
// additional attempts during the cooldown. The caller saw locked=true
|
|
288
|
-
// from check() OR from a prior failure; this branch handles a caller
|
|
289
|
-
// that calls recordFailure() on a locked account anyway (e.g. they
|
|
290
|
-
// skipped check()).
|
|
291
|
-
if (state && state.lockedUntil && state.lockedUntil > now) {
|
|
397
|
+
if (outcome.kind === "during-lock") {
|
|
292
398
|
_emitObs("auth.lockout.failure_during_lock", { namespace: namespace });
|
|
293
399
|
if (auditFailures) {
|
|
294
400
|
_emitAudit("auth.lockout.failure", key, "denied",
|
|
295
|
-
{ duringLock: true, attempts:
|
|
296
|
-
|
|
297
|
-
lockedUntil: state.lockedUntil,
|
|
298
|
-
reason: callOpts.reason || null },
|
|
401
|
+
{ duringLock: true, attempts: outcome.attempts, lockNumber: outcome.lockNumber,
|
|
402
|
+
lockedUntil: outcome.lockedUntil, reason: callOpts.reason || null },
|
|
299
403
|
callOpts.req);
|
|
300
404
|
}
|
|
301
|
-
return {
|
|
302
|
-
locked: true,
|
|
303
|
-
attempts: state.attempts || 0,
|
|
304
|
-
lockedUntil: state.lockedUntil,
|
|
305
|
-
};
|
|
306
|
-
}
|
|
307
|
-
|
|
308
|
-
// Window decay: failures older than windowMs reset the counter.
|
|
309
|
-
// Lock-number persists across decay windows so an attacker who
|
|
310
|
-
// sleeps off a lockout doesn't get a fresh ladder rung.
|
|
311
|
-
if (state && state.lastFailureAt && (now - state.lastFailureAt) > windowMs) {
|
|
312
|
-
state = {
|
|
313
|
-
attempts: 0,
|
|
314
|
-
lockNumber: state.lockNumber || 0,
|
|
315
|
-
firstFailureAt: null,
|
|
316
|
-
lastFailureAt: null,
|
|
317
|
-
lockedUntil: null,
|
|
318
|
-
};
|
|
319
|
-
}
|
|
320
|
-
|
|
321
|
-
var attempts = (state && state.attempts) || 0;
|
|
322
|
-
var lockNumber = (state && state.lockNumber) || 0;
|
|
323
|
-
attempts += 1;
|
|
324
|
-
|
|
325
|
-
var lockedUntil = null;
|
|
326
|
-
var newLock = false;
|
|
327
|
-
if (attempts >= maxAttempts) {
|
|
328
|
-
lockNumber += 1;
|
|
329
|
-
var dur = _resolveDuration(lockoutDurations, lockNumber);
|
|
330
|
-
lockedUntil = now + dur;
|
|
331
|
-
newLock = true;
|
|
332
|
-
attempts = 0; // counter resets — the lockout window IS the punishment
|
|
405
|
+
return { locked: true, attempts: outcome.attempts, lockedUntil: outcome.lockedUntil };
|
|
333
406
|
}
|
|
334
407
|
|
|
335
|
-
var newState = {
|
|
336
|
-
attempts: attempts,
|
|
337
|
-
lockNumber: lockNumber,
|
|
338
|
-
firstFailureAt: (state && state.firstFailureAt) || now,
|
|
339
|
-
lastFailureAt: now,
|
|
340
|
-
lockedUntil: lockedUntil,
|
|
341
|
-
};
|
|
342
|
-
|
|
343
|
-
// TTL: keep the state alive long enough that a follower-up failure
|
|
344
|
-
// after the window/lockout expires still finds the lockNumber. The
|
|
345
|
-
// longer of (windowMs after last failure) or (lockedUntil + windowMs).
|
|
346
|
-
var ttlMs = lockedUntil ? (lockedUntil - now + windowMs) : windowMs;
|
|
347
|
-
await _writeState(key, newState, ttlMs);
|
|
348
|
-
|
|
349
408
|
_emitObs("auth.lockout.failure", { namespace: namespace });
|
|
350
409
|
if (auditFailures) {
|
|
351
410
|
_emitAudit("auth.lockout.failure", key, "failure",
|
|
352
|
-
{ attempts:
|
|
411
|
+
{ attempts: outcome.attempts, lockNumber: outcome.lockNumber,
|
|
353
412
|
reason: callOpts.reason || null },
|
|
354
413
|
callOpts.req);
|
|
355
414
|
}
|
|
356
415
|
|
|
357
|
-
if (newLock) {
|
|
416
|
+
if (outcome.newLock) {
|
|
358
417
|
_emitObs("auth.lockout.engaged", {
|
|
359
418
|
namespace: namespace,
|
|
360
|
-
lockNumber: String(lockNumber),
|
|
419
|
+
lockNumber: String(outcome.lockNumber),
|
|
361
420
|
});
|
|
362
421
|
if (auditEngaged) {
|
|
363
422
|
_emitAudit("auth.lockout.engaged", key, "denied",
|
|
364
|
-
{ lockNumber: lockNumber, lockedUntil: lockedUntil,
|
|
365
|
-
durationMs: lockedUntil - now,
|
|
423
|
+
{ lockNumber: outcome.lockNumber, lockedUntil: outcome.lockedUntil,
|
|
424
|
+
durationMs: outcome.lockedUntil - now,
|
|
366
425
|
reason: callOpts.reason || null },
|
|
367
426
|
callOpts.req);
|
|
368
427
|
}
|
|
369
|
-
return { locked: true, attempts: 0, lockedUntil: lockedUntil };
|
|
428
|
+
return { locked: true, attempts: 0, lockedUntil: outcome.lockedUntil };
|
|
370
429
|
}
|
|
371
430
|
|
|
372
|
-
return { locked: false, attempts: attempts };
|
|
431
|
+
return { locked: false, attempts: outcome.attempts };
|
|
373
432
|
}
|
|
374
433
|
|
|
375
434
|
async function recordSuccess(key, callOpts) {
|
|
376
435
|
_requireKey(key);
|
|
377
436
|
callOpts = callOpts || {};
|
|
378
|
-
var
|
|
379
|
-
var
|
|
380
|
-
|
|
437
|
+
var hadCounter = false;
|
|
438
|
+
var clearedAttempts = 0;
|
|
439
|
+
// Preserve an active forced (admin / ATO) lock: a successful credential
|
|
440
|
+
// verification must not release a kill-switch lock — the password may still
|
|
441
|
+
// be the compromised one. A forced lock yields only to unlock().
|
|
442
|
+
await _atomicClear(key, function (state) {
|
|
443
|
+
hadCounter = !!(state && (state.attempts > 0 || state.lockedUntil));
|
|
444
|
+
clearedAttempts = (state && state.attempts) || 0;
|
|
445
|
+
}, _isActiveForcedLock);
|
|
381
446
|
_emitObs("auth.lockout.success", { namespace: namespace });
|
|
382
447
|
if (auditSuccess) {
|
|
383
448
|
_emitAudit("auth.lockout.success", key, "success",
|
|
384
|
-
{ attemptsCleared:
|
|
449
|
+
{ attemptsCleared: clearedAttempts,
|
|
385
450
|
hadCounter: hadCounter },
|
|
386
451
|
callOpts.req);
|
|
387
452
|
}
|
|
@@ -396,26 +461,93 @@ function create(opts) {
|
|
|
396
461
|
async function unlock(key, callOpts) {
|
|
397
462
|
_requireKey(key);
|
|
398
463
|
callOpts = callOpts || {};
|
|
399
|
-
var state = await _readState(key);
|
|
400
464
|
var now = clock();
|
|
401
|
-
var hadLock =
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
465
|
+
var hadLock = false;
|
|
466
|
+
var prior = { attempts: 0, lockedUntil: null, lockNumber: 0 };
|
|
467
|
+
await _atomicClear(key, function (state) {
|
|
468
|
+
hadLock = !!(state && (
|
|
469
|
+
(state.lockedUntil && state.lockedUntil > now) ||
|
|
470
|
+
(state.attempts || 0) > 0
|
|
471
|
+
));
|
|
472
|
+
prior = {
|
|
473
|
+
attempts: (state && state.attempts) || 0,
|
|
474
|
+
lockedUntil: (state && state.lockedUntil) || null,
|
|
475
|
+
lockNumber: (state && state.lockNumber) || 0,
|
|
476
|
+
};
|
|
477
|
+
});
|
|
406
478
|
_emitObs("auth.lockout.unlock", { namespace: namespace });
|
|
407
479
|
if (auditUnlock) {
|
|
408
480
|
_emitAudit("auth.lockout.unlock", key, "success",
|
|
409
481
|
{ hadLock: hadLock,
|
|
410
|
-
priorAttempts:
|
|
411
|
-
priorLockedUntil:
|
|
412
|
-
priorLockNumber:
|
|
482
|
+
priorAttempts: prior.attempts,
|
|
483
|
+
priorLockedUntil: prior.lockedUntil,
|
|
484
|
+
priorLockNumber: prior.lockNumber,
|
|
413
485
|
reason: callOpts.reason || null },
|
|
414
486
|
callOpts.req);
|
|
415
487
|
}
|
|
416
488
|
return hadLock;
|
|
417
489
|
}
|
|
418
490
|
|
|
491
|
+
// Force an account into lockout immediately — the operator action behind an
|
|
492
|
+
// ATO kill-switch / incident response, independent of the failure counter.
|
|
493
|
+
// Sets lockedUntil to `untilMs` (absolute) or now+`durationMs`, defaulting to
|
|
494
|
+
// a long admin lock; bumps lockNumber so a subsequent failure ladders from
|
|
495
|
+
// here. Uses the same compare-and-set as recordFailure (atomic, retried). An
|
|
496
|
+
// admin lock that cannot be committed THROWS (the caller — e.g. the kill-
|
|
497
|
+
// switch — must know it did not lock), rather than the hot-path fail-open.
|
|
498
|
+
async function lock(key, callOpts) {
|
|
499
|
+
_requireKey(key);
|
|
500
|
+
callOpts = callOpts || {};
|
|
501
|
+
var now = clock();
|
|
502
|
+
var lockedUntil;
|
|
503
|
+
if (typeof callOpts.untilMs === "number" && isFinite(callOpts.untilMs)) {
|
|
504
|
+
lockedUntil = callOpts.untilMs;
|
|
505
|
+
} else if (typeof callOpts.durationMs === "number" && isFinite(callOpts.durationMs) && callOpts.durationMs > 0) {
|
|
506
|
+
lockedUntil = now + callOpts.durationMs;
|
|
507
|
+
} else {
|
|
508
|
+
lockedUntil = now + DEFAULT_ADMIN_LOCK_MS;
|
|
509
|
+
}
|
|
510
|
+
if (lockedUntil <= now) {
|
|
511
|
+
throw _err("BAD_OPT", "lock: resolved lockedUntil is not in the future " +
|
|
512
|
+
"(untilMs/durationMs) — use unlock() to clear a lock");
|
|
513
|
+
}
|
|
514
|
+
var ttl = lockedUntil - now + windowMs;
|
|
515
|
+
var lockNumber = 0;
|
|
516
|
+
try {
|
|
517
|
+
await cache.update(_scopedKey(key), function (state) {
|
|
518
|
+
lockNumber = ((state && state.lockNumber) || 0) + 1;
|
|
519
|
+
return {
|
|
520
|
+
value: {
|
|
521
|
+
attempts: 0,
|
|
522
|
+
lockNumber: lockNumber,
|
|
523
|
+
firstFailureAt: (state && state.firstFailureAt) || now,
|
|
524
|
+
lastFailureAt: now,
|
|
525
|
+
lockedUntil: lockedUntil,
|
|
526
|
+
// Marks this as an operator-forced lock so recordSuccess won't clear
|
|
527
|
+
// it — it is released only by an explicit unlock().
|
|
528
|
+
forced: true,
|
|
529
|
+
},
|
|
530
|
+
ttlMs: ttl,
|
|
531
|
+
};
|
|
532
|
+
}, { ttlMs: ttl });
|
|
533
|
+
} catch (e) {
|
|
534
|
+
if (e && e.code === "UNSUPPORTED") {
|
|
535
|
+
throw _err("CACHE_NO_ATOMIC_UPDATE",
|
|
536
|
+
"auth.lockout: the cache backend does not support atomic update() — " +
|
|
537
|
+
"lock() cannot enforce the lockout across nodes on a get/set-only backend.");
|
|
538
|
+
}
|
|
539
|
+
throw e;
|
|
540
|
+
}
|
|
541
|
+
_emitObs("auth.lockout.engaged", { namespace: namespace, lockNumber: String(lockNumber) });
|
|
542
|
+
if (auditEngaged) {
|
|
543
|
+
_emitAudit("auth.lockout.engaged", key, "denied",
|
|
544
|
+
{ lockNumber: lockNumber, lockedUntil: lockedUntil, durationMs: lockedUntil - now,
|
|
545
|
+
forced: true, reason: callOpts.reason || null },
|
|
546
|
+
callOpts.req);
|
|
547
|
+
}
|
|
548
|
+
return { locked: true, lockedUntil: lockedUntil, lockNumber: lockNumber };
|
|
549
|
+
}
|
|
550
|
+
|
|
419
551
|
async function attempts(key) {
|
|
420
552
|
_requireKey(key);
|
|
421
553
|
var state = await _readState(key);
|
|
@@ -432,6 +564,7 @@ function create(opts) {
|
|
|
432
564
|
recordFailure: recordFailure,
|
|
433
565
|
recordSuccess: recordSuccess,
|
|
434
566
|
check: check,
|
|
567
|
+
lock: lock,
|
|
435
568
|
unlock: unlock,
|
|
436
569
|
attempts: attempts,
|
|
437
570
|
close: close,
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright (c) blamejs contributors
|
|
1
3
|
"use strict";
|
|
2
4
|
/**
|
|
3
5
|
* oauth — OAuth 2 / OIDC client.
|
|
@@ -107,6 +109,7 @@
|
|
|
107
109
|
var nodeCrypto = require("node:crypto");
|
|
108
110
|
var cache = require("../cache");
|
|
109
111
|
var C = require("../constants");
|
|
112
|
+
var numericBounds = require("../numeric-bounds");
|
|
110
113
|
var safeAsync = require("../safe-async");
|
|
111
114
|
var bCrypto = require("../crypto");
|
|
112
115
|
var { generateBytes, timingSafeEqual: cryptoTimingSafeEqual } = bCrypto;
|
|
@@ -886,6 +889,11 @@ async function verifyClientAttestation(attestationJwt, popJwt, vopts) {
|
|
|
886
889
|
"client-attestation: missing 'cnf.jwk' confirmation key (RFC 7800)");
|
|
887
890
|
}
|
|
888
891
|
var nowSec = Math.floor(Date.now() / C.TIME.seconds(1));
|
|
892
|
+
// A present skew/maxAge must be a non-negative finite integer; a bare typeof
|
|
893
|
+
// check lets Infinity/NaN through, and `exp + Infinity < now` (or NaN) is
|
|
894
|
+
// always false — disabling the attestation/PoP expiry gates.
|
|
895
|
+
numericBounds.requireNonNegativeFiniteIntIfPresent(vopts.clockSkewSec,
|
|
896
|
+
"verifyClientAttestation: opts.clockSkewSec", OAuthError, "auth-oauth/bad-clock-skew");
|
|
889
897
|
var skewSec = typeof vopts.clockSkewSec === "number" ? vopts.clockSkewSec : (C.TIME.minutes(1) / C.TIME.seconds(1));
|
|
890
898
|
if (typeof ap.exp !== "number" || ap.exp + skewSec < nowSec) {
|
|
891
899
|
throw new OAuthError("auth-oauth/attestation-expired",
|
|
@@ -918,6 +926,8 @@ async function verifyClientAttestation(attestationJwt, popJwt, vopts) {
|
|
|
918
926
|
if (typeof pp.iat !== "number") {
|
|
919
927
|
throw new OAuthError("auth-oauth/attestation-pop-no-iat", "client-attestation-pop: missing 'iat'");
|
|
920
928
|
}
|
|
929
|
+
numericBounds.requireNonNegativeFiniteIntIfPresent(vopts.maxPopAgeSec,
|
|
930
|
+
"verifyClientAttestation: opts.maxPopAgeSec", OAuthError, "auth-oauth/bad-pop-max-age");
|
|
921
931
|
var maxAge = typeof vopts.maxPopAgeSec === "number" ? vopts.maxPopAgeSec : DEFAULT_POP_MAX_AGE_SEC;
|
|
922
932
|
if (pp.iat - skewSec > nowSec) {
|
|
923
933
|
throw new OAuthError("auth-oauth/attestation-pop-iat-future", "client-attestation-pop: iat in the future");
|
|
@@ -951,7 +961,11 @@ async function verifyClientAttestation(attestationJwt, popJwt, vopts) {
|
|
|
951
961
|
throw new OAuthError("auth-oauth/attestation-pop-seen-callback-failed",
|
|
952
962
|
"client-attestation-pop: seenJti() callback threw: " + ((e && e.message) || String(e)));
|
|
953
963
|
}
|
|
954
|
-
|
|
964
|
+
// Fail closed on ANY non-truthy result. The contract is "returns truthy
|
|
965
|
+
// when UNSEEN"; an operator store fronting Redis EXISTS / SISMEMBER or a
|
|
966
|
+
// SQL COUNT returns 0 (falsy, not `false`) on a replay, so an
|
|
967
|
+
// `=== false` comparison would miss it and accept the replayed PoP.
|
|
968
|
+
if (!unseen) {
|
|
955
969
|
throw new OAuthError("auth-oauth/attestation-pop-replay",
|
|
956
970
|
"client-attestation-pop: jti already seen (replay refused, draft §12.1)");
|
|
957
971
|
}
|
|
@@ -972,6 +986,47 @@ function _constantTimeStrEq(a, b) {
|
|
|
972
986
|
return cryptoTimingSafeEqual(a, b);
|
|
973
987
|
}
|
|
974
988
|
|
|
989
|
+
// Framework-managed authorization-request parameters. Operator-supplied
|
|
990
|
+
// extraParams may not carry any of these — the builder generates them and
|
|
991
|
+
// RETURNS the security-critical ones (state, PKCE verifier/challenge) to the
|
|
992
|
+
// caller, so an extraParams override would silently diverge the returned
|
|
993
|
+
// values from what the URL/PAR body actually carries (a broken CSRF / PKCE
|
|
994
|
+
// binding). Covers redirect target, client identity, requested response,
|
|
995
|
+
// scope, state, nonce, PKCE challenge, response mode, RAR details, and the
|
|
996
|
+
// JAR request container.
|
|
997
|
+
var RESERVED_AUTHZ_PARAMS = {
|
|
998
|
+
"response_type": 1,
|
|
999
|
+
"client_id": 1,
|
|
1000
|
+
"redirect_uri": 1,
|
|
1001
|
+
"scope": 1,
|
|
1002
|
+
"state": 1,
|
|
1003
|
+
"nonce": 1,
|
|
1004
|
+
"code_challenge": 1,
|
|
1005
|
+
"code_challenge_method": 1,
|
|
1006
|
+
"response_mode": 1,
|
|
1007
|
+
"authorization_details": 1,
|
|
1008
|
+
"request": 1,
|
|
1009
|
+
"request_uri": 1,
|
|
1010
|
+
};
|
|
1011
|
+
|
|
1012
|
+
// Refuse operator-supplied extraParams keys that collide with a framework-
|
|
1013
|
+
// managed parameter. extraParams is operator-controlled, so a collision is a
|
|
1014
|
+
// config-time bug (a library merge / copy-paste) — refuse it loudly rather
|
|
1015
|
+
// than let it shadow a value the framework generated and returned. Fail
|
|
1016
|
+
// closed; shared by authorizationUrl, pushAuthorizationRequest, and
|
|
1017
|
+
// endSessionUrl so every URL/PAR builder guards the same way.
|
|
1018
|
+
function _assertNoReservedExtraParams(extraParams, reserved, errCode, ctx) {
|
|
1019
|
+
if (!extraParams || typeof extraParams !== "object") return;
|
|
1020
|
+
var ek = Object.keys(extraParams);
|
|
1021
|
+
for (var i = 0; i < ek.length; i++) {
|
|
1022
|
+
if (Object.prototype.hasOwnProperty.call(reserved, ek[i])) {
|
|
1023
|
+
throw new OAuthError(errCode,
|
|
1024
|
+
ctx + ": extraParams key '" + ek[i] + "' collides with a " +
|
|
1025
|
+
"framework-managed parameter — pass it through the named option instead");
|
|
1026
|
+
}
|
|
1027
|
+
}
|
|
1028
|
+
}
|
|
1029
|
+
|
|
975
1030
|
// ---- core ----
|
|
976
1031
|
|
|
977
1032
|
function create(opts) {
|
|
@@ -992,6 +1047,12 @@ function create(opts) {
|
|
|
992
1047
|
"requires PKCE for all clients. Remove the opt or upgrade the IdP.");
|
|
993
1048
|
}
|
|
994
1049
|
var pkce = true;
|
|
1050
|
+
// A present clockSkewMs must be a non-negative finite integer; Infinity/NaN
|
|
1051
|
+
// would disable verifyIdToken's exp gate (`exp + Infinity < now` is always
|
|
1052
|
+
// false → an expired ID token verifies). Reject a malformed skew at config
|
|
1053
|
+
// time so the operator catches it.
|
|
1054
|
+
numericBounds.requireNonNegativeFiniteIntIfPresent(opts.clockSkewMs,
|
|
1055
|
+
"oauth.create: opts.clockSkewMs", OAuthError, "auth-oauth/bad-clock-skew");
|
|
995
1056
|
var clockSkewMs = typeof opts.clockSkewMs === "number" ? opts.clockSkewMs : DEFAULT_CLOCK_SKEW_MS;
|
|
996
1057
|
var discoveryCacheMs = typeof opts.discoveryCacheMs === "number"
|
|
997
1058
|
? opts.discoveryCacheMs : DEFAULT_DISCOVERY_CACHE_MS;
|
|
@@ -1245,7 +1306,14 @@ function create(opts) {
|
|
|
1245
1306
|
params.set("authorization_details", JSON.stringify(requestedAuthzDetails));
|
|
1246
1307
|
}
|
|
1247
1308
|
// Operator-supplied additional params (audience, resource, etc.).
|
|
1309
|
+
// Refuse keys that collide with a framework-managed parameter so an
|
|
1310
|
+
// operator typo / library-merge can't shadow the redirect_uri / state /
|
|
1311
|
+
// code_challenge the builder generated and returned — which would
|
|
1312
|
+
// silently diverge the returned {state, verifier} from the URL and
|
|
1313
|
+
// break the CSRF / PKCE binding.
|
|
1248
1314
|
if (uopts.extraParams && typeof uopts.extraParams === "object") {
|
|
1315
|
+
_assertNoReservedExtraParams(uopts.extraParams, RESERVED_AUTHZ_PARAMS,
|
|
1316
|
+
"auth-oauth/reserved-extra-param", "authorizationUrl");
|
|
1249
1317
|
var ek = Object.keys(uopts.extraParams);
|
|
1250
1318
|
for (var i = 0; i < ek.length; i++) params.set(ek[i], String(uopts.extraParams[ek[i]]));
|
|
1251
1319
|
}
|
|
@@ -1357,23 +1425,30 @@ function create(opts) {
|
|
|
1357
1425
|
throw new OAuthError("auth-oauth/seen-callback-failed",
|
|
1358
1426
|
"refreshAccessToken: checkAndInsert() callback threw: " + ((e && e.message) || String(e)));
|
|
1359
1427
|
}
|
|
1360
|
-
// Spec contract:
|
|
1361
|
-
// inserted
|
|
1362
|
-
// broke every first refresh attempt for operators reusing an
|
|
1363
|
-
// existing b.nonceStore-style backend.
|
|
1364
|
-
|
|
1428
|
+
// Spec contract: a TRUTHY result → first sighting (the value was
|
|
1429
|
+
// inserted, OK); a FALSY result → replay. v0.9.3 had this inverted,
|
|
1430
|
+
// which broke every first refresh attempt for operators reusing an
|
|
1431
|
+
// existing b.nonceStore-style backend. Test truthiness, not an
|
|
1432
|
+
// `=== false` literal: a store fronting Redis SETNX / SQL INSERT
|
|
1433
|
+
// returns 0 (falsy, not `false`) when the row already existed, so
|
|
1434
|
+
// an exact-literal compare would miss the replay and fail OPEN.
|
|
1435
|
+
alreadySeen = !inserted;
|
|
1365
1436
|
} else if (typeof ropts.seen === "function") {
|
|
1366
1437
|
// Legacy non-atomic path. Documented as a check-then-act race;
|
|
1367
1438
|
// operators sharing a single-writer store (Redis SETNX, DB
|
|
1368
1439
|
// INSERT ON CONFLICT) MUST migrate to checkAndInsert. Stays
|
|
1369
1440
|
// here for backwards-compat with existing operator code.
|
|
1441
|
+
// Legacy contract: truthy → the token was presented before (replay).
|
|
1442
|
+
// The value is used by truthiness at the gate below, so a store
|
|
1443
|
+
// returning 1 from Redis EXISTS / a SQL COUNT is honored as "seen"
|
|
1444
|
+
// instead of being missed by an `=== true` literal compare.
|
|
1370
1445
|
try { alreadySeen = await ropts.seen(refreshToken); }
|
|
1371
1446
|
catch (e) {
|
|
1372
1447
|
throw new OAuthError("auth-oauth/seen-callback-failed",
|
|
1373
1448
|
"refreshAccessToken: seen() callback threw: " + ((e && e.message) || String(e)));
|
|
1374
1449
|
}
|
|
1375
1450
|
}
|
|
1376
|
-
if (alreadySeen
|
|
1451
|
+
if (alreadySeen) {
|
|
1377
1452
|
throw new OAuthError("auth-oauth/refresh-token-replay",
|
|
1378
1453
|
"refreshAccessToken: refresh token has been presented before — refused " +
|
|
1379
1454
|
"(OAuth 2.1 §6.1 / RFC 9700 §4.13 one-time-use defense). The operator MUST " +
|
|
@@ -1996,15 +2071,10 @@ function create(opts) {
|
|
|
1996
2071
|
"ui_locales": 1,
|
|
1997
2072
|
"client_id": 1,
|
|
1998
2073
|
};
|
|
2074
|
+
_assertNoReservedExtraParams(uopts.extraParams, RESERVED_END_SESSION_PARAMS,
|
|
2075
|
+
"auth-oauth/end-session-reserved-extra-param", "endSessionUrl");
|
|
1999
2076
|
var ek = Object.keys(uopts.extraParams);
|
|
2000
|
-
for (var i = 0; i < ek.length; i++)
|
|
2001
|
-
if (RESERVED_END_SESSION_PARAMS[ek[i]]) {
|
|
2002
|
-
throw new OAuthError("auth-oauth/end-session-reserved-extra-param",
|
|
2003
|
-
"endSessionUrl: extraParams key '" + ek[i] + "' collides with a first-class " +
|
|
2004
|
-
"RP-Init Logout parameter — pass it through the named field instead");
|
|
2005
|
-
}
|
|
2006
|
-
params.set(ek[i], String(uopts.extraParams[ek[i]]));
|
|
2007
|
-
}
|
|
2077
|
+
for (var i = 0; i < ek.length; i++) params.set(ek[i], String(uopts.extraParams[ek[i]]));
|
|
2008
2078
|
}
|
|
2009
2079
|
var qs = params.toString();
|
|
2010
2080
|
if (qs.length === 0) return endpoint;
|
|
@@ -2092,6 +2162,11 @@ function create(opts) {
|
|
|
2092
2162
|
: JSON.stringify(requestedAuthzDetails); // form param — JSON string
|
|
2093
2163
|
}
|
|
2094
2164
|
if (uopts.extraParams && typeof uopts.extraParams === "object") {
|
|
2165
|
+
// Same reserved-key guard as authorizationUrl — a PAR request pushes
|
|
2166
|
+
// the identical security-critical parameter set, so extraParams may
|
|
2167
|
+
// not shadow redirect_uri / state / code_challenge here either.
|
|
2168
|
+
_assertNoReservedExtraParams(uopts.extraParams, RESERVED_AUTHZ_PARAMS,
|
|
2169
|
+
"auth-oauth/reserved-extra-param", "pushAuthorizationRequest");
|
|
2095
2170
|
var ek = Object.keys(uopts.extraParams);
|
|
2096
2171
|
for (var i = 0; i < ek.length; i++) authzParams[ek[i]] = String(uopts.extraParams[ek[i]]);
|
|
2097
2172
|
}
|
|
@@ -2338,7 +2413,10 @@ function create(opts) {
|
|
|
2338
2413
|
"verifyBackchannelLogoutToken: atomicReplayStore.checkAndInsert threw: " +
|
|
2339
2414
|
((e && e.message) || String(e)));
|
|
2340
2415
|
}
|
|
2341
|
-
|
|
2416
|
+
// Fail closed on ANY non-truthy result. A store fronting SETNX / an
|
|
2417
|
+
// ON-CONFLICT INSERT returns 0 (falsy, not `false`) on a duplicate,
|
|
2418
|
+
// so an `=== false` compare would miss the replay.
|
|
2419
|
+
if (!inserted) {
|
|
2342
2420
|
throw new OAuthError("auth-oauth/logout-token-replay",
|
|
2343
2421
|
"verifyBackchannelLogoutToken: jti '" + claims.jti +
|
|
2344
2422
|
"' already seen — replay refused (atomic)");
|
|
@@ -2354,7 +2432,10 @@ function create(opts) {
|
|
|
2354
2432
|
throw new OAuthError("auth-oauth/seen-callback-failed",
|
|
2355
2433
|
"verifyBackchannelLogoutToken: seen() callback threw: " + ((e && e.message) || String(e)));
|
|
2356
2434
|
}
|
|
2357
|
-
|
|
2435
|
+
// Fail closed on ANY non-truthy result — `seen()` returns truthy the
|
|
2436
|
+
// first time it sees the (jti, iss) pair; a store returning 0 for a
|
|
2437
|
+
// duplicate must still refuse, which an `=== false` compare would miss.
|
|
2438
|
+
if (!first) {
|
|
2358
2439
|
throw new OAuthError("auth-oauth/logout-token-replay",
|
|
2359
2440
|
"verifyBackchannelLogoutToken: jti already seen — replay refused");
|
|
2360
2441
|
}
|