@blamejs/blamejs-shop 0.5.5 → 0.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1405) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/README.md +1 -1
  3. package/lib/asset-manifest.json +1 -1
  4. package/lib/storefront.js +30 -17
  5. package/lib/vendor/MANIFEST.json +1395 -1409
  6. package/lib/vendor/blamejs/.clusterfuzzlite/Dockerfile +1 -1
  7. package/lib/vendor/blamejs/.github/dependabot.yml +12 -2
  8. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +3 -3
  9. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +3 -3
  10. package/lib/vendor/blamejs/.github/workflows/ci.yml +34 -29
  11. package/lib/vendor/blamejs/.github/workflows/codeql.yml +2 -2
  12. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +6 -6
  13. package/lib/vendor/blamejs/.github/workflows/release-container.yml +8 -8
  14. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
  15. package/lib/vendor/blamejs/.gitignore +6 -6
  16. package/lib/vendor/blamejs/CHANGELOG.md +68 -0
  17. package/lib/vendor/blamejs/CONTRIBUTING.md +16 -0
  18. package/lib/vendor/blamejs/README.md +2 -1
  19. package/lib/vendor/blamejs/ROADMAP.md +51 -0
  20. package/lib/vendor/blamejs/SECURITY.md +52 -1
  21. package/lib/vendor/blamejs/api-snapshot.json +22 -2
  22. package/lib/vendor/blamejs/bench/_helpers.js +2 -0
  23. package/lib/vendor/blamejs/bench/crypto-hash.bench.js +2 -0
  24. package/lib/vendor/blamejs/bench/crypto-symmetric.bench.js +2 -0
  25. package/lib/vendor/blamejs/bench/run.js +2 -0
  26. package/lib/vendor/blamejs/bench/safe-json.bench.js +2 -0
  27. package/lib/vendor/blamejs/bin/blamejs.js +2 -0
  28. package/lib/vendor/blamejs/examples/wiki/Dockerfile +1 -1
  29. package/lib/vendor/blamejs/examples/wiki/lib/auto-site-entries.js +2 -0
  30. package/lib/vendor/blamejs/examples/wiki/lib/build-app.js +9 -1
  31. package/lib/vendor/blamejs/examples/wiki/lib/harvest-cli.js +2 -0
  32. package/lib/vendor/blamejs/examples/wiki/lib/harvest-env-vars.js +2 -0
  33. package/lib/vendor/blamejs/examples/wiki/lib/harvest-errors.js +2 -0
  34. package/lib/vendor/blamejs/examples/wiki/lib/harvest-vendored-deps.js +2 -0
  35. package/lib/vendor/blamejs/examples/wiki/lib/html-entities.js +2 -0
  36. package/lib/vendor/blamejs/examples/wiki/lib/nav.js +2 -0
  37. package/lib/vendor/blamejs/examples/wiki/lib/opts-resolver.js +2 -0
  38. package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +2 -0
  39. package/lib/vendor/blamejs/examples/wiki/lib/section.js +2 -0
  40. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +2 -0
  41. package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +2 -0
  42. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +2 -0
  43. package/lib/vendor/blamejs/examples/wiki/migrations/0001-pages-schema.js +2 -0
  44. package/lib/vendor/blamejs/examples/wiki/package-lock.json +30 -0
  45. package/lib/vendor/blamejs/examples/wiki/routes/admin.js +2 -0
  46. package/lib/vendor/blamejs/examples/wiki/routes/integration.js +2 -0
  47. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +2 -0
  48. package/lib/vendor/blamejs/examples/wiki/scripts/backfill-module-metadata.js +2 -0
  49. package/lib/vendor/blamejs/examples/wiki/seeders/prod/0001-default-pages.js +2 -0
  50. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/_index.js +2 -0
  51. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/api.js +2 -0
  52. package/lib/vendor/blamejs/examples/wiki/server.js +2 -0
  53. package/lib/vendor/blamejs/examples/wiki/site.config.js +2 -0
  54. package/lib/vendor/blamejs/examples/wiki/snippets/auth/password-hash.example.js +2 -0
  55. package/lib/vendor/blamejs/examples/wiki/src/editor.js +2 -0
  56. package/lib/vendor/blamejs/examples/wiki/src/wiki.js +2 -0
  57. package/lib/vendor/blamejs/examples/wiki/test/codebase-patterns.test.js +2 -0
  58. package/lib/vendor/blamejs/examples/wiki/test/e2e.js +23 -0
  59. package/lib/vendor/blamejs/examples/wiki/test/find-missing-pages.js +2 -0
  60. package/lib/vendor/blamejs/examples/wiki/test/integration.js +2 -0
  61. package/lib/vendor/blamejs/examples/wiki/test/validate-cli-snapshot.js +2 -0
  62. package/lib/vendor/blamejs/examples/wiki/test/validate-env-snapshot.js +2 -0
  63. package/lib/vendor/blamejs/examples/wiki/test/validate-nav-coverage.js +2 -0
  64. package/lib/vendor/blamejs/examples/wiki/test/validate-site-coverage.js +2 -0
  65. package/lib/vendor/blamejs/examples/wiki/test/validate-source-comment-blocks.js +2 -0
  66. package/lib/vendor/blamejs/examples/wiki/wiki.config.js +2 -0
  67. package/lib/vendor/blamejs/fuzz/_expected.js +2 -0
  68. package/lib/vendor/blamejs/fuzz/guard-agent-registry.fuzz.js +2 -0
  69. package/lib/vendor/blamejs/fuzz/guard-csv.fuzz.js +2 -0
  70. package/lib/vendor/blamejs/fuzz/guard-dsn.fuzz.js +2 -0
  71. package/lib/vendor/blamejs/fuzz/guard-email.fuzz.js +2 -0
  72. package/lib/vendor/blamejs/fuzz/guard-envelope.fuzz.js +2 -0
  73. package/lib/vendor/blamejs/fuzz/guard-event-bus-payload.fuzz.js +2 -0
  74. package/lib/vendor/blamejs/fuzz/guard-event-bus-topic.fuzz.js +2 -0
  75. package/lib/vendor/blamejs/fuzz/guard-html.fuzz.js +2 -0
  76. package/lib/vendor/blamejs/fuzz/guard-idempotency-key.fuzz.js +2 -0
  77. package/lib/vendor/blamejs/fuzz/guard-imap-command.fuzz.js +2 -0
  78. package/lib/vendor/blamejs/fuzz/guard-jmap.fuzz.js +2 -0
  79. package/lib/vendor/blamejs/fuzz/guard-json.fuzz.js +2 -0
  80. package/lib/vendor/blamejs/fuzz/guard-list-id.fuzz.js +2 -0
  81. package/lib/vendor/blamejs/fuzz/guard-list-unsubscribe.fuzz.js +2 -0
  82. package/lib/vendor/blamejs/fuzz/guard-mail-compose.fuzz.js +2 -0
  83. package/lib/vendor/blamejs/fuzz/guard-mail-move.fuzz.js +2 -0
  84. package/lib/vendor/blamejs/fuzz/guard-mail-query.fuzz.js +2 -0
  85. package/lib/vendor/blamejs/fuzz/guard-mail-reply.fuzz.js +2 -0
  86. package/lib/vendor/blamejs/fuzz/guard-mail-sieve.fuzz.js +2 -0
  87. package/lib/vendor/blamejs/fuzz/guard-managesieve-command.fuzz.js +2 -0
  88. package/lib/vendor/blamejs/fuzz/guard-markdown.fuzz.js +2 -0
  89. package/lib/vendor/blamejs/fuzz/guard-message-id.fuzz.js +2 -0
  90. package/lib/vendor/blamejs/fuzz/guard-pop3-command.fuzz.js +2 -0
  91. package/lib/vendor/blamejs/fuzz/guard-posture-chain.fuzz.js +2 -0
  92. package/lib/vendor/blamejs/fuzz/guard-saga-config.fuzz.js +2 -0
  93. package/lib/vendor/blamejs/fuzz/guard-smtp-command.fuzz.js +2 -0
  94. package/lib/vendor/blamejs/fuzz/guard-snapshot-envelope.fuzz.js +2 -0
  95. package/lib/vendor/blamejs/fuzz/guard-sql.fuzz.js +2 -0
  96. package/lib/vendor/blamejs/fuzz/guard-stream-args.fuzz.js +2 -0
  97. package/lib/vendor/blamejs/fuzz/guard-svg.fuzz.js +2 -0
  98. package/lib/vendor/blamejs/fuzz/guard-tenant-id.fuzz.js +2 -0
  99. package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +2 -0
  100. package/lib/vendor/blamejs/fuzz/guard-trace-context.fuzz.js +2 -0
  101. package/lib/vendor/blamejs/fuzz/guard-xml.fuzz.js +2 -0
  102. package/lib/vendor/blamejs/fuzz/guard-yaml.fuzz.js +2 -0
  103. package/lib/vendor/blamejs/fuzz/package-lock.json +1239 -0
  104. package/lib/vendor/blamejs/fuzz/package.json +10 -0
  105. package/lib/vendor/blamejs/fuzz/parsers__safe-ini.fuzz.js +2 -0
  106. package/lib/vendor/blamejs/fuzz/parsers__safe-toml.fuzz.js +2 -0
  107. package/lib/vendor/blamejs/fuzz/parsers__safe-xml.fuzz.js +2 -0
  108. package/lib/vendor/blamejs/fuzz/parsers__safe-yaml.fuzz.js +2 -0
  109. package/lib/vendor/blamejs/fuzz/safe-archive.fuzz.js +2 -0
  110. package/lib/vendor/blamejs/fuzz/safe-decompress.fuzz.js +2 -0
  111. package/lib/vendor/blamejs/fuzz/safe-dns.fuzz.js +2 -0
  112. package/lib/vendor/blamejs/fuzz/safe-ical.fuzz.js +2 -0
  113. package/lib/vendor/blamejs/fuzz/safe-icap.fuzz.js +2 -0
  114. package/lib/vendor/blamejs/fuzz/safe-json.fuzz.js +2 -0
  115. package/lib/vendor/blamejs/fuzz/safe-jsonpath.fuzz.js +2 -0
  116. package/lib/vendor/blamejs/fuzz/safe-mime.fuzz.js +2 -0
  117. package/lib/vendor/blamejs/fuzz/safe-mount-info.fuzz.js +2 -0
  118. package/lib/vendor/blamejs/fuzz/safe-sieve.fuzz.js +2 -0
  119. package/lib/vendor/blamejs/fuzz/safe-smtp.fuzz.js +2 -0
  120. package/lib/vendor/blamejs/fuzz/safe-url.fuzz.js +2 -0
  121. package/lib/vendor/blamejs/fuzz/safe-vcard.fuzz.js +2 -0
  122. package/lib/vendor/blamejs/index.js +2 -0
  123. package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +2 -0
  124. package/lib/vendor/blamejs/lib/a2a-tasks.js +2 -0
  125. package/lib/vendor/blamejs/lib/a2a.js +2 -0
  126. package/lib/vendor/blamejs/lib/acme.js +7 -1
  127. package/lib/vendor/blamejs/lib/agent-audit.js +2 -0
  128. package/lib/vendor/blamejs/lib/agent-envelope-mac.js +2 -0
  129. package/lib/vendor/blamejs/lib/agent-event-bus.js +2 -0
  130. package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -0
  131. package/lib/vendor/blamejs/lib/agent-orchestrator.js +10 -2
  132. package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -0
  133. package/lib/vendor/blamejs/lib/agent-saga.js +2 -0
  134. package/lib/vendor/blamejs/lib/agent-snapshot.js +2 -0
  135. package/lib/vendor/blamejs/lib/agent-stream.js +2 -0
  136. package/lib/vendor/blamejs/lib/agent-tenant.js +11 -2
  137. package/lib/vendor/blamejs/lib/agent-trace.js +2 -0
  138. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -0
  139. package/lib/vendor/blamejs/lib/ai-aedt-bias-audit.js +2 -0
  140. package/lib/vendor/blamejs/lib/ai-capability.js +2 -0
  141. package/lib/vendor/blamejs/lib/ai-content-detect.js +2 -0
  142. package/lib/vendor/blamejs/lib/ai-disclosure.js +2 -0
  143. package/lib/vendor/blamejs/lib/ai-dp.js +2 -0
  144. package/lib/vendor/blamejs/lib/ai-frontier-protocol.js +2 -0
  145. package/lib/vendor/blamejs/lib/ai-input.js +2 -0
  146. package/lib/vendor/blamejs/lib/ai-model-manifest.js +2 -0
  147. package/lib/vendor/blamejs/lib/ai-output.js +2 -0
  148. package/lib/vendor/blamejs/lib/ai-pref.js +2 -0
  149. package/lib/vendor/blamejs/lib/ai-prompt.js +2 -0
  150. package/lib/vendor/blamejs/lib/ai-quota.js +2 -0
  151. package/lib/vendor/blamejs/lib/api-key.js +2 -0
  152. package/lib/vendor/blamejs/lib/api-snapshot.js +2 -0
  153. package/lib/vendor/blamejs/lib/app-shutdown.js +2 -0
  154. package/lib/vendor/blamejs/lib/app.js +2 -0
  155. package/lib/vendor/blamejs/lib/archive-adapters.js +2 -0
  156. package/lib/vendor/blamejs/lib/archive-entry-policy.js +2 -0
  157. package/lib/vendor/blamejs/lib/archive-gz.js +2 -0
  158. package/lib/vendor/blamejs/lib/archive-read.js +2 -0
  159. package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -0
  160. package/lib/vendor/blamejs/lib/archive-tar.js +9 -0
  161. package/lib/vendor/blamejs/lib/archive-wrap.js +2 -0
  162. package/lib/vendor/blamejs/lib/archive.js +6 -0
  163. package/lib/vendor/blamejs/lib/arg-parser.js +2 -0
  164. package/lib/vendor/blamejs/lib/argon2-builtin.js +2 -0
  165. package/lib/vendor/blamejs/lib/asn1-der.js +2 -0
  166. package/lib/vendor/blamejs/lib/asyncapi-bindings.js +2 -0
  167. package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -0
  168. package/lib/vendor/blamejs/lib/asyncapi.js +2 -0
  169. package/lib/vendor/blamejs/lib/atomic-file.js +2 -0
  170. package/lib/vendor/blamejs/lib/audit-chain.js +2 -0
  171. package/lib/vendor/blamejs/lib/audit-daily-review.js +2 -0
  172. package/lib/vendor/blamejs/lib/audit-emit.js +2 -0
  173. package/lib/vendor/blamejs/lib/audit-sign.js +2 -0
  174. package/lib/vendor/blamejs/lib/audit-tools.js +2 -0
  175. package/lib/vendor/blamejs/lib/audit.js +2 -0
  176. package/lib/vendor/blamejs/lib/auth/aal.js +2 -0
  177. package/lib/vendor/blamejs/lib/auth/access-lock.js +2 -0
  178. package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -0
  179. package/lib/vendor/blamejs/lib/auth/ato-kill-switch.js +48 -11
  180. package/lib/vendor/blamejs/lib/auth/auth-time-tracker.js +2 -0
  181. package/lib/vendor/blamejs/lib/auth/bot-challenge.js +2 -0
  182. package/lib/vendor/blamejs/lib/auth/ciba.js +2 -0
  183. package/lib/vendor/blamejs/lib/auth/dpop.js +2 -0
  184. package/lib/vendor/blamejs/lib/auth/elevation-grant.js +2 -0
  185. package/lib/vendor/blamejs/lib/auth/fal.js +2 -0
  186. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +11 -7
  187. package/lib/vendor/blamejs/lib/auth/jar.js +4 -1
  188. package/lib/vendor/blamejs/lib/auth/jwt-external.js +16 -3
  189. package/lib/vendor/blamejs/lib/auth/jwt.js +2 -0
  190. package/lib/vendor/blamejs/lib/auth/lockout.js +237 -104
  191. package/lib/vendor/blamejs/lib/auth/oauth.js +98 -17
  192. package/lib/vendor/blamejs/lib/auth/oid4vci.js +58 -17
  193. package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -0
  194. package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -0
  195. package/lib/vendor/blamejs/lib/auth/passkey.js +2 -0
  196. package/lib/vendor/blamejs/lib/auth/password.js +2 -0
  197. package/lib/vendor/blamejs/lib/auth/saml.js +68 -7
  198. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +2 -0
  199. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -0
  200. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -0
  201. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +9 -0
  202. package/lib/vendor/blamejs/lib/auth/status-list.js +7 -0
  203. package/lib/vendor/blamejs/lib/auth/step-up-policy.js +2 -0
  204. package/lib/vendor/blamejs/lib/auth/step-up.js +2 -0
  205. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +5 -8
  206. package/lib/vendor/blamejs/lib/auth-header.js +2 -0
  207. package/lib/vendor/blamejs/lib/backup/bundle.js +2 -0
  208. package/lib/vendor/blamejs/lib/backup/crypto.js +2 -0
  209. package/lib/vendor/blamejs/lib/backup/index.js +14 -0
  210. package/lib/vendor/blamejs/lib/backup/manifest.js +2 -0
  211. package/lib/vendor/blamejs/lib/base32.js +2 -0
  212. package/lib/vendor/blamejs/lib/boot-gates.js +2 -0
  213. package/lib/vendor/blamejs/lib/bounded-map.js +3 -1
  214. package/lib/vendor/blamejs/lib/breach-deadline.js +2 -0
  215. package/lib/vendor/blamejs/lib/break-glass.js +10 -9
  216. package/lib/vendor/blamejs/lib/budr.js +2 -0
  217. package/lib/vendor/blamejs/lib/bundler.js +2 -0
  218. package/lib/vendor/blamejs/lib/cache-redis.js +2 -0
  219. package/lib/vendor/blamejs/lib/cache-status.js +2 -0
  220. package/lib/vendor/blamejs/lib/cache.js +13 -5
  221. package/lib/vendor/blamejs/lib/calendar.js +2 -0
  222. package/lib/vendor/blamejs/lib/canonical-json.js +19 -3
  223. package/lib/vendor/blamejs/lib/cbor.js +2 -0
  224. package/lib/vendor/blamejs/lib/cdn-cache-control.js +2 -0
  225. package/lib/vendor/blamejs/lib/cert.js +2 -0
  226. package/lib/vendor/blamejs/lib/chain-writer.js +2 -0
  227. package/lib/vendor/blamejs/lib/circuit-breaker.js +2 -0
  228. package/lib/vendor/blamejs/lib/cli-helpers.js +2 -0
  229. package/lib/vendor/blamejs/lib/cli.js +57 -20
  230. package/lib/vendor/blamejs/lib/client-hints.js +2 -0
  231. package/lib/vendor/blamejs/lib/cloud-events.js +2 -0
  232. package/lib/vendor/blamejs/lib/cluster-provider-db.js +2 -0
  233. package/lib/vendor/blamejs/lib/cluster-storage.js +2 -0
  234. package/lib/vendor/blamejs/lib/cluster.js +2 -0
  235. package/lib/vendor/blamejs/lib/cms-codec.js +2 -0
  236. package/lib/vendor/blamejs/lib/codepoint-class.js +2 -0
  237. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +2 -0
  238. package/lib/vendor/blamejs/lib/compliance-ai-act-prohibited.js +2 -0
  239. package/lib/vendor/blamejs/lib/compliance-ai-act-risk.js +2 -0
  240. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -0
  241. package/lib/vendor/blamejs/lib/compliance-ai-act.js +2 -0
  242. package/lib/vendor/blamejs/lib/compliance-eaa.js +2 -0
  243. package/lib/vendor/blamejs/lib/compliance-sanctions-aliases.js +2 -0
  244. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +2 -0
  245. package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +2 -0
  246. package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -0
  247. package/lib/vendor/blamejs/lib/compliance.js +2 -0
  248. package/lib/vendor/blamejs/lib/config-drift.js +2 -0
  249. package/lib/vendor/blamejs/lib/config.js +2 -0
  250. package/lib/vendor/blamejs/lib/consent.js +2 -0
  251. package/lib/vendor/blamejs/lib/constants.js +2 -0
  252. package/lib/vendor/blamejs/lib/content-credentials.js +2 -0
  253. package/lib/vendor/blamejs/lib/content-digest.js +2 -0
  254. package/lib/vendor/blamejs/lib/cookies.js +2 -0
  255. package/lib/vendor/blamejs/lib/cose.js +2 -0
  256. package/lib/vendor/blamejs/lib/cra-report.js +2 -0
  257. package/lib/vendor/blamejs/lib/crdt.js +2 -0
  258. package/lib/vendor/blamejs/lib/credential-hash.js +2 -0
  259. package/lib/vendor/blamejs/lib/crypto-field.js +2 -0
  260. package/lib/vendor/blamejs/lib/crypto-hpke-pq.js +2 -0
  261. package/lib/vendor/blamejs/lib/crypto-hpke.js +2 -0
  262. package/lib/vendor/blamejs/lib/crypto-oprf.js +2 -0
  263. package/lib/vendor/blamejs/lib/crypto-xwing.js +2 -0
  264. package/lib/vendor/blamejs/lib/crypto.js +2 -0
  265. package/lib/vendor/blamejs/lib/csp.js +2 -0
  266. package/lib/vendor/blamejs/lib/csv.js +14 -1
  267. package/lib/vendor/blamejs/lib/cwt.js +2 -0
  268. package/lib/vendor/blamejs/lib/daemon.js +2 -0
  269. package/lib/vendor/blamejs/lib/dark-patterns.js +2 -0
  270. package/lib/vendor/blamejs/lib/data-act.js +2 -0
  271. package/lib/vendor/blamejs/lib/db-collection.js +2 -0
  272. package/lib/vendor/blamejs/lib/db-declare-row-policy.js +2 -0
  273. package/lib/vendor/blamejs/lib/db-declare-view.js +2 -0
  274. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +2 -0
  275. package/lib/vendor/blamejs/lib/db-query.js +2 -0
  276. package/lib/vendor/blamejs/lib/db-role-context.js +2 -0
  277. package/lib/vendor/blamejs/lib/db-schema.js +2 -0
  278. package/lib/vendor/blamejs/lib/db.js +2 -0
  279. package/lib/vendor/blamejs/lib/dbsc.js +2 -0
  280. package/lib/vendor/blamejs/lib/ddl-change-control.js +2 -0
  281. package/lib/vendor/blamejs/lib/deprecate.js +2 -0
  282. package/lib/vendor/blamejs/lib/dev.js +2 -0
  283. package/lib/vendor/blamejs/lib/did.js +2 -0
  284. package/lib/vendor/blamejs/lib/dora.js +2 -0
  285. package/lib/vendor/blamejs/lib/dr-runbook.js +2 -0
  286. package/lib/vendor/blamejs/lib/dsa.js +2 -0
  287. package/lib/vendor/blamejs/lib/dsr.js +2 -0
  288. package/lib/vendor/blamejs/lib/dual-control.js +11 -15
  289. package/lib/vendor/blamejs/lib/early-hints.js +2 -0
  290. package/lib/vendor/blamejs/lib/eat.js +4 -1
  291. package/lib/vendor/blamejs/lib/error-page.js +2 -0
  292. package/lib/vendor/blamejs/lib/events.js +2 -0
  293. package/lib/vendor/blamejs/lib/external-db-migrate.js +2 -0
  294. package/lib/vendor/blamejs/lib/external-db.js +2 -0
  295. package/lib/vendor/blamejs/lib/fapi2.js +2 -0
  296. package/lib/vendor/blamejs/lib/fda-21cfr11.js +2 -0
  297. package/lib/vendor/blamejs/lib/fdx.js +2 -0
  298. package/lib/vendor/blamejs/lib/fedcm.js +2 -0
  299. package/lib/vendor/blamejs/lib/file-type.js +2 -0
  300. package/lib/vendor/blamejs/lib/file-upload.js +139 -21
  301. package/lib/vendor/blamejs/lib/flag-cache.js +2 -0
  302. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -0
  303. package/lib/vendor/blamejs/lib/flag-providers.js +2 -0
  304. package/lib/vendor/blamejs/lib/flag-targeting.js +4 -7
  305. package/lib/vendor/blamejs/lib/flag.js +2 -0
  306. package/lib/vendor/blamejs/lib/forms.js +11 -0
  307. package/lib/vendor/blamejs/lib/framework-error.js +2 -0
  308. package/lib/vendor/blamejs/lib/framework-files.js +2 -0
  309. package/lib/vendor/blamejs/lib/framework-schema.js +2 -0
  310. package/lib/vendor/blamejs/lib/framework-sha1-hibp.js +2 -0
  311. package/lib/vendor/blamejs/lib/fsm.js +2 -0
  312. package/lib/vendor/blamejs/lib/gate-contract.js +2 -0
  313. package/lib/vendor/blamejs/lib/gdpr-ropa.js +2 -0
  314. package/lib/vendor/blamejs/lib/graphql-federation.js +2 -0
  315. package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -0
  316. package/lib/vendor/blamejs/lib/guard-all.js +2 -0
  317. package/lib/vendor/blamejs/lib/guard-archive.js +2 -0
  318. package/lib/vendor/blamejs/lib/guard-auth.js +2 -0
  319. package/lib/vendor/blamejs/lib/guard-cidr.js +2 -0
  320. package/lib/vendor/blamejs/lib/guard-csv.js +2 -0
  321. package/lib/vendor/blamejs/lib/guard-domain.js +2 -0
  322. package/lib/vendor/blamejs/lib/guard-dsn.js +2 -0
  323. package/lib/vendor/blamejs/lib/guard-email.js +2 -0
  324. package/lib/vendor/blamejs/lib/guard-envelope.js +2 -0
  325. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +2 -0
  326. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -0
  327. package/lib/vendor/blamejs/lib/guard-filename.js +2 -0
  328. package/lib/vendor/blamejs/lib/guard-graphql.js +2 -0
  329. package/lib/vendor/blamejs/lib/guard-html-wcag-aria.js +2 -0
  330. package/lib/vendor/blamejs/lib/guard-html-wcag-forms.js +2 -0
  331. package/lib/vendor/blamejs/lib/guard-html-wcag-tables.js +2 -0
  332. package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +2 -0
  333. package/lib/vendor/blamejs/lib/guard-html-wcag.js +2 -0
  334. package/lib/vendor/blamejs/lib/guard-html.js +2 -0
  335. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -0
  336. package/lib/vendor/blamejs/lib/guard-image.js +2 -0
  337. package/lib/vendor/blamejs/lib/guard-imap-command.js +2 -0
  338. package/lib/vendor/blamejs/lib/guard-jmap.js +2 -0
  339. package/lib/vendor/blamejs/lib/guard-json.js +2 -0
  340. package/lib/vendor/blamejs/lib/guard-jsonpath.js +2 -0
  341. package/lib/vendor/blamejs/lib/guard-jwt.js +2 -0
  342. package/lib/vendor/blamejs/lib/guard-list-id.js +2 -0
  343. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -0
  344. package/lib/vendor/blamejs/lib/guard-mail-compose.js +2 -0
  345. package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -0
  346. package/lib/vendor/blamejs/lib/guard-mail-query.js +2 -0
  347. package/lib/vendor/blamejs/lib/guard-mail-reply.js +2 -0
  348. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +2 -0
  349. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +2 -0
  350. package/lib/vendor/blamejs/lib/guard-markdown.js +2 -0
  351. package/lib/vendor/blamejs/lib/guard-message-id.js +2 -0
  352. package/lib/vendor/blamejs/lib/guard-mime.js +2 -0
  353. package/lib/vendor/blamejs/lib/guard-oauth.js +14 -1
  354. package/lib/vendor/blamejs/lib/guard-pdf.js +2 -0
  355. package/lib/vendor/blamejs/lib/guard-pop3-command.js +2 -0
  356. package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -0
  357. package/lib/vendor/blamejs/lib/guard-regex.js +59 -0
  358. package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -0
  359. package/lib/vendor/blamejs/lib/guard-shell.js +2 -0
  360. package/lib/vendor/blamejs/lib/guard-smtp-command.js +2 -0
  361. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +2 -0
  362. package/lib/vendor/blamejs/lib/guard-sql.js +2 -0
  363. package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -0
  364. package/lib/vendor/blamejs/lib/guard-svg.js +2 -0
  365. package/lib/vendor/blamejs/lib/guard-template.js +2 -0
  366. package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -0
  367. package/lib/vendor/blamejs/lib/guard-text.js +2 -0
  368. package/lib/vendor/blamejs/lib/guard-time.js +2 -0
  369. package/lib/vendor/blamejs/lib/guard-trace-context.js +2 -0
  370. package/lib/vendor/blamejs/lib/guard-uuid.js +2 -0
  371. package/lib/vendor/blamejs/lib/guard-xml.js +2 -0
  372. package/lib/vendor/blamejs/lib/guard-yaml.js +2 -0
  373. package/lib/vendor/blamejs/lib/hal.js +2 -0
  374. package/lib/vendor/blamejs/lib/handlers.js +2 -0
  375. package/lib/vendor/blamejs/lib/honeytoken.js +2 -0
  376. package/lib/vendor/blamejs/lib/html-balance.js +2 -0
  377. package/lib/vendor/blamejs/lib/http-client-cache.js +2 -0
  378. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -0
  379. package/lib/vendor/blamejs/lib/http-client.js +2 -0
  380. package/lib/vendor/blamejs/lib/http-message-signature.js +144 -11
  381. package/lib/vendor/blamejs/lib/http2-teardown.js +2 -0
  382. package/lib/vendor/blamejs/lib/i18n-messageformat.js +35 -6
  383. package/lib/vendor/blamejs/lib/i18n.js +2 -0
  384. package/lib/vendor/blamejs/lib/iab-mspa.js +2 -0
  385. package/lib/vendor/blamejs/lib/iab-tcf.js +2 -0
  386. package/lib/vendor/blamejs/lib/importmap-integrity.js +2 -0
  387. package/lib/vendor/blamejs/lib/inbox.js +2 -0
  388. package/lib/vendor/blamejs/lib/incident-report.js +2 -0
  389. package/lib/vendor/blamejs/lib/ip-utils.js +2 -0
  390. package/lib/vendor/blamejs/lib/jobs.js +2 -0
  391. package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -0
  392. package/lib/vendor/blamejs/lib/json-merge-patch.js +2 -0
  393. package/lib/vendor/blamejs/lib/json-patch.js +2 -0
  394. package/lib/vendor/blamejs/lib/json-path.js +2 -0
  395. package/lib/vendor/blamejs/lib/json-pointer.js +2 -0
  396. package/lib/vendor/blamejs/lib/json-schema.js +13 -1
  397. package/lib/vendor/blamejs/lib/jsonapi.js +2 -0
  398. package/lib/vendor/blamejs/lib/jtd.js +2 -0
  399. package/lib/vendor/blamejs/lib/jwk.js +2 -0
  400. package/lib/vendor/blamejs/lib/keychain.js +32 -10
  401. package/lib/vendor/blamejs/lib/lazy-require.js +2 -0
  402. package/lib/vendor/blamejs/lib/legal-hold.js +2 -0
  403. package/lib/vendor/blamejs/lib/link-header.js +2 -0
  404. package/lib/vendor/blamejs/lib/local-db-thin.js +2 -0
  405. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +2 -0
  406. package/lib/vendor/blamejs/lib/log-stream-local.js +2 -0
  407. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +2 -0
  408. package/lib/vendor/blamejs/lib/log-stream-otlp.js +2 -0
  409. package/lib/vendor/blamejs/lib/log-stream-syslog.js +2 -0
  410. package/lib/vendor/blamejs/lib/log-stream-webhook.js +2 -0
  411. package/lib/vendor/blamejs/lib/log-stream.js +2 -0
  412. package/lib/vendor/blamejs/lib/log.js +2 -0
  413. package/lib/vendor/blamejs/lib/lro.js +2 -0
  414. package/lib/vendor/blamejs/lib/mail-agent.js +2 -0
  415. package/lib/vendor/blamejs/lib/mail-arc-reuse-token.js +20 -0
  416. package/lib/vendor/blamejs/lib/mail-arc-sign.js +32 -14
  417. package/lib/vendor/blamejs/lib/mail-arf.js +4 -0
  418. package/lib/vendor/blamejs/lib/mail-auth.js +93 -19
  419. package/lib/vendor/blamejs/lib/mail-bimi.js +26 -10
  420. package/lib/vendor/blamejs/lib/mail-bounce.js +23 -6
  421. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +2 -0
  422. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +2 -0
  423. package/lib/vendor/blamejs/lib/mail-crypto.js +2 -0
  424. package/lib/vendor/blamejs/lib/mail-dav.js +2 -0
  425. package/lib/vendor/blamejs/lib/mail-deploy.js +2 -0
  426. package/lib/vendor/blamejs/lib/mail-dkim.js +44 -5
  427. package/lib/vendor/blamejs/lib/mail-greylist.js +2 -0
  428. package/lib/vendor/blamejs/lib/mail-helo.js +16 -0
  429. package/lib/vendor/blamejs/lib/mail-journal.js +2 -0
  430. package/lib/vendor/blamejs/lib/mail-mdn.js +17 -0
  431. package/lib/vendor/blamejs/lib/mail-rbl.js +2 -0
  432. package/lib/vendor/blamejs/lib/mail-require-tls.js +2 -0
  433. package/lib/vendor/blamejs/lib/mail-scan.js +2 -0
  434. package/lib/vendor/blamejs/lib/mail-send-deliver.js +32 -7
  435. package/lib/vendor/blamejs/lib/mail-server-imap.js +2 -0
  436. package/lib/vendor/blamejs/lib/mail-server-jmap.js +23 -11
  437. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +2 -0
  438. package/lib/vendor/blamejs/lib/mail-server-mx.js +2 -0
  439. package/lib/vendor/blamejs/lib/mail-server-net.js +2 -0
  440. package/lib/vendor/blamejs/lib/mail-server-pop3.js +2 -0
  441. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -0
  442. package/lib/vendor/blamejs/lib/mail-server-registry.js +2 -0
  443. package/lib/vendor/blamejs/lib/mail-server-submission.js +2 -0
  444. package/lib/vendor/blamejs/lib/mail-server-tls.js +2 -0
  445. package/lib/vendor/blamejs/lib/mail-sieve.js +2 -0
  446. package/lib/vendor/blamejs/lib/mail-spam-score.js +2 -0
  447. package/lib/vendor/blamejs/lib/mail-srs.js +8 -0
  448. package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -0
  449. package/lib/vendor/blamejs/lib/mail-store.js +2 -0
  450. package/lib/vendor/blamejs/lib/mail-unsubscribe.js +2 -0
  451. package/lib/vendor/blamejs/lib/mail.js +11 -0
  452. package/lib/vendor/blamejs/lib/markup-escape.js +2 -0
  453. package/lib/vendor/blamejs/lib/markup-tokenizer.js +2 -0
  454. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +2 -0
  455. package/lib/vendor/blamejs/lib/mcp.js +4 -2
  456. package/lib/vendor/blamejs/lib/mdoc.js +2 -0
  457. package/lib/vendor/blamejs/lib/metrics.js +2 -0
  458. package/lib/vendor/blamejs/lib/middleware/age-gate.js +2 -0
  459. package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +2 -0
  460. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +2 -0
  461. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -0
  462. package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -0
  463. package/lib/vendor/blamejs/lib/middleware/attach-user.js +2 -0
  464. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -0
  465. package/lib/vendor/blamejs/lib/middleware/body-parser.js +2 -0
  466. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +2 -0
  467. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +10 -1
  468. package/lib/vendor/blamejs/lib/middleware/clear-site-data.js +2 -0
  469. package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +2 -0
  470. package/lib/vendor/blamejs/lib/middleware/compression.js +2 -0
  471. package/lib/vendor/blamejs/lib/middleware/cookies.js +2 -0
  472. package/lib/vendor/blamejs/lib/middleware/cors.js +7 -0
  473. package/lib/vendor/blamejs/lib/middleware/csp-nonce.js +2 -0
  474. package/lib/vendor/blamejs/lib/middleware/csp-report.js +2 -0
  475. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +12 -5
  476. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +2 -0
  477. package/lib/vendor/blamejs/lib/middleware/db-role-for.js +2 -0
  478. package/lib/vendor/blamejs/lib/middleware/deny-response.js +2 -0
  479. package/lib/vendor/blamejs/lib/middleware/dpop.js +2 -0
  480. package/lib/vendor/blamejs/lib/middleware/error-handler.js +2 -0
  481. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +2 -0
  482. package/lib/vendor/blamejs/lib/middleware/flag-context.js +2 -0
  483. package/lib/vendor/blamejs/lib/middleware/gpc.js +2 -0
  484. package/lib/vendor/blamejs/lib/middleware/headers.js +2 -0
  485. package/lib/vendor/blamejs/lib/middleware/health.js +2 -0
  486. package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +2 -0
  487. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +30 -2
  488. package/lib/vendor/blamejs/lib/middleware/index.js +2 -0
  489. package/lib/vendor/blamejs/lib/middleware/nel.js +2 -0
  490. package/lib/vendor/blamejs/lib/middleware/network-allowlist.js +2 -0
  491. package/lib/vendor/blamejs/lib/middleware/no-cache.js +2 -0
  492. package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -0
  493. package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -0
  494. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +2 -0
  495. package/lib/vendor/blamejs/lib/middleware/request-id.js +2 -0
  496. package/lib/vendor/blamejs/lib/middleware/request-log.js +6 -0
  497. package/lib/vendor/blamejs/lib/middleware/require-aal.js +2 -0
  498. package/lib/vendor/blamejs/lib/middleware/require-auth.js +2 -0
  499. package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -0
  500. package/lib/vendor/blamejs/lib/middleware/require-content-type.js +2 -0
  501. package/lib/vendor/blamejs/lib/middleware/require-methods.js +2 -0
  502. package/lib/vendor/blamejs/lib/middleware/require-mtls.js +2 -0
  503. package/lib/vendor/blamejs/lib/middleware/require-step-up.js +42 -1
  504. package/lib/vendor/blamejs/lib/middleware/scim-server.js +2 -0
  505. package/lib/vendor/blamejs/lib/middleware/security-headers.js +2 -0
  506. package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -0
  507. package/lib/vendor/blamejs/lib/middleware/span-http-server.js +12 -0
  508. package/lib/vendor/blamejs/lib/middleware/speculation-rules.js +2 -0
  509. package/lib/vendor/blamejs/lib/middleware/sse.js +2 -0
  510. package/lib/vendor/blamejs/lib/middleware/trace-log-correlation.js +2 -0
  511. package/lib/vendor/blamejs/lib/middleware/trace-propagate.js +2 -0
  512. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +2 -0
  513. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -0
  514. package/lib/vendor/blamejs/lib/migration-files.js +2 -0
  515. package/lib/vendor/blamejs/lib/migrations.js +2 -0
  516. package/lib/vendor/blamejs/lib/mime-parse.js +5 -1
  517. package/lib/vendor/blamejs/lib/module-loader.js +2 -0
  518. package/lib/vendor/blamejs/lib/money.js +2 -0
  519. package/lib/vendor/blamejs/lib/mtls-ca.js +2 -0
  520. package/lib/vendor/blamejs/lib/mtls-engine-default.js +2 -0
  521. package/lib/vendor/blamejs/lib/network-byte-quota.js +76 -14
  522. package/lib/vendor/blamejs/lib/network-dane.js +2 -0
  523. package/lib/vendor/blamejs/lib/network-dns-resolver.js +55 -18
  524. package/lib/vendor/blamejs/lib/network-dns.js +2 -0
  525. package/lib/vendor/blamejs/lib/network-dnssec.js +15 -2
  526. package/lib/vendor/blamejs/lib/network-heartbeat.js +2 -0
  527. package/lib/vendor/blamejs/lib/network-nts.js +2 -0
  528. package/lib/vendor/blamejs/lib/network-proxy.js +2 -0
  529. package/lib/vendor/blamejs/lib/network-smtp-policy.js +6 -1
  530. package/lib/vendor/blamejs/lib/network-tls.js +99 -5
  531. package/lib/vendor/blamejs/lib/network-tsig.js +13 -1
  532. package/lib/vendor/blamejs/lib/network.js +2 -0
  533. package/lib/vendor/blamejs/lib/nis2-report.js +2 -0
  534. package/lib/vendor/blamejs/lib/nist-crosswalk.js +2 -0
  535. package/lib/vendor/blamejs/lib/nonce-store.js +2 -0
  536. package/lib/vendor/blamejs/lib/notify.js +2 -0
  537. package/lib/vendor/blamejs/lib/ntp-check.js +2 -0
  538. package/lib/vendor/blamejs/lib/numeric-bounds.js +2 -0
  539. package/lib/vendor/blamejs/lib/numeric-checks.js +2 -0
  540. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -0
  541. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +2 -0
  542. package/lib/vendor/blamejs/lib/object-store/gcs-bucket-ops.js +2 -0
  543. package/lib/vendor/blamejs/lib/object-store/gcs.js +2 -0
  544. package/lib/vendor/blamejs/lib/object-store/http-put.js +2 -0
  545. package/lib/vendor/blamejs/lib/object-store/http-request.js +2 -0
  546. package/lib/vendor/blamejs/lib/object-store/index.js +2 -0
  547. package/lib/vendor/blamejs/lib/object-store/local.js +2 -0
  548. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -0
  549. package/lib/vendor/blamejs/lib/object-store/sigv4.js +2 -0
  550. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +4 -2
  551. package/lib/vendor/blamejs/lib/observability-tracer.js +2 -0
  552. package/lib/vendor/blamejs/lib/observability.js +2 -0
  553. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +2 -0
  554. package/lib/vendor/blamejs/lib/openapi-schema-walk.js +2 -0
  555. package/lib/vendor/blamejs/lib/openapi-security.js +2 -0
  556. package/lib/vendor/blamejs/lib/openapi-yaml.js +2 -0
  557. package/lib/vendor/blamejs/lib/openapi.js +2 -0
  558. package/lib/vendor/blamejs/lib/otel-export.js +2 -0
  559. package/lib/vendor/blamejs/lib/outbox.js +2 -0
  560. package/lib/vendor/blamejs/lib/pagination.js +2 -0
  561. package/lib/vendor/blamejs/lib/parsers/index.js +2 -0
  562. package/lib/vendor/blamejs/lib/parsers/safe-env.js +2 -0
  563. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +2 -0
  564. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +2 -0
  565. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -0
  566. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +2 -0
  567. package/lib/vendor/blamejs/lib/permissions.js +2 -0
  568. package/lib/vendor/blamejs/lib/pick.js +2 -0
  569. package/lib/vendor/blamejs/lib/pipl-cn.js +2 -0
  570. package/lib/vendor/blamejs/lib/pqc-agent.js +2 -0
  571. package/lib/vendor/blamejs/lib/pqc-gate.js +2 -0
  572. package/lib/vendor/blamejs/lib/pqc-software.js +2 -0
  573. package/lib/vendor/blamejs/lib/privacy-pass.js +2 -0
  574. package/lib/vendor/blamejs/lib/privacy.js +2 -0
  575. package/lib/vendor/blamejs/lib/problem-details.js +2 -0
  576. package/lib/vendor/blamejs/lib/process-spawn.js +2 -0
  577. package/lib/vendor/blamejs/lib/promise-pool.js +2 -0
  578. package/lib/vendor/blamejs/lib/protobuf-encoder.js +2 -0
  579. package/lib/vendor/blamejs/lib/protocol-dispatcher.js +2 -0
  580. package/lib/vendor/blamejs/lib/public-suffix.js +45 -5
  581. package/lib/vendor/blamejs/lib/pubsub-cluster.js +2 -0
  582. package/lib/vendor/blamejs/lib/pubsub-redis.js +2 -0
  583. package/lib/vendor/blamejs/lib/pubsub.js +2 -0
  584. package/lib/vendor/blamejs/lib/queue-local.js +28 -11
  585. package/lib/vendor/blamejs/lib/queue-redis.js +79 -17
  586. package/lib/vendor/blamejs/lib/queue-sqs.js +2 -0
  587. package/lib/vendor/blamejs/lib/queue.js +5 -3
  588. package/lib/vendor/blamejs/lib/redact.js +2 -0
  589. package/lib/vendor/blamejs/lib/redis-client.js +30 -5
  590. package/lib/vendor/blamejs/lib/render.js +2 -0
  591. package/lib/vendor/blamejs/lib/request-helpers.js +11 -0
  592. package/lib/vendor/blamejs/lib/resource-access-lock.js +2 -0
  593. package/lib/vendor/blamejs/lib/restore-bundle.js +2 -0
  594. package/lib/vendor/blamejs/lib/restore-rollback.js +2 -0
  595. package/lib/vendor/blamejs/lib/restore.js +2 -0
  596. package/lib/vendor/blamejs/lib/retention.js +2 -0
  597. package/lib/vendor/blamejs/lib/retry.js +2 -0
  598. package/lib/vendor/blamejs/lib/rfc3339.js +2 -0
  599. package/lib/vendor/blamejs/lib/router.js +109 -19
  600. package/lib/vendor/blamejs/lib/safe-archive.js +2 -0
  601. package/lib/vendor/blamejs/lib/safe-async.js +44 -0
  602. package/lib/vendor/blamejs/lib/safe-buffer.js +66 -0
  603. package/lib/vendor/blamejs/lib/safe-decompress.js +2 -0
  604. package/lib/vendor/blamejs/lib/safe-dns.js +2 -0
  605. package/lib/vendor/blamejs/lib/safe-ical.js +2 -0
  606. package/lib/vendor/blamejs/lib/safe-icap.js +7 -0
  607. package/lib/vendor/blamejs/lib/safe-json.js +2 -0
  608. package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -0
  609. package/lib/vendor/blamejs/lib/safe-mime.js +2 -0
  610. package/lib/vendor/blamejs/lib/safe-mount-info.js +2 -0
  611. package/lib/vendor/blamejs/lib/safe-path.js +2 -0
  612. package/lib/vendor/blamejs/lib/safe-redirect.js +2 -0
  613. package/lib/vendor/blamejs/lib/safe-schema.js +2 -0
  614. package/lib/vendor/blamejs/lib/safe-sieve.js +2 -0
  615. package/lib/vendor/blamejs/lib/safe-smtp.js +2 -0
  616. package/lib/vendor/blamejs/lib/safe-sql.js +2 -0
  617. package/lib/vendor/blamejs/lib/safe-url.js +2 -0
  618. package/lib/vendor/blamejs/lib/safe-vcard.js +2 -0
  619. package/lib/vendor/blamejs/lib/sandbox-worker.js +2 -0
  620. package/lib/vendor/blamejs/lib/sandbox.js +2 -0
  621. package/lib/vendor/blamejs/lib/scheduler.js +2 -0
  622. package/lib/vendor/blamejs/lib/scitt.js +2 -0
  623. package/lib/vendor/blamejs/lib/sd-notify.js +2 -0
  624. package/lib/vendor/blamejs/lib/sec-cyber.js +2 -0
  625. package/lib/vendor/blamejs/lib/security-assert.js +2 -0
  626. package/lib/vendor/blamejs/lib/seeders.js +2 -0
  627. package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +2 -0
  628. package/lib/vendor/blamejs/lib/self-update.js +104 -56
  629. package/lib/vendor/blamejs/lib/server-timing.js +2 -0
  630. package/lib/vendor/blamejs/lib/session-device-binding.js +2 -0
  631. package/lib/vendor/blamejs/lib/session-stores.js +2 -0
  632. package/lib/vendor/blamejs/lib/session.js +71 -32
  633. package/lib/vendor/blamejs/lib/slug.js +2 -0
  634. package/lib/vendor/blamejs/lib/sql.js +2 -0
  635. package/lib/vendor/blamejs/lib/sse.js +2 -0
  636. package/lib/vendor/blamejs/lib/ssrf-guard.js +9 -1
  637. package/lib/vendor/blamejs/lib/standard-webhooks.js +2 -0
  638. package/lib/vendor/blamejs/lib/static.js +54 -20
  639. package/lib/vendor/blamejs/lib/storage.js +2 -0
  640. package/lib/vendor/blamejs/lib/stream-throttle.js +2 -0
  641. package/lib/vendor/blamejs/lib/structured-fields.js +2 -0
  642. package/lib/vendor/blamejs/lib/subject.js +2 -0
  643. package/lib/vendor/blamejs/lib/tcpa-10dlc.js +2 -0
  644. package/lib/vendor/blamejs/lib/template.js +2 -0
  645. package/lib/vendor/blamejs/lib/tenant-quota.js +2 -0
  646. package/lib/vendor/blamejs/lib/test-harness.js +2 -0
  647. package/lib/vendor/blamejs/lib/testing.js +2 -0
  648. package/lib/vendor/blamejs/lib/time.js +2 -0
  649. package/lib/vendor/blamejs/lib/tls-exporter.js +2 -0
  650. package/lib/vendor/blamejs/lib/totp.js +2 -0
  651. package/lib/vendor/blamejs/lib/tracing.js +2 -0
  652. package/lib/vendor/blamejs/lib/tsa.js +2 -0
  653. package/lib/vendor/blamejs/lib/uri-template.js +2 -0
  654. package/lib/vendor/blamejs/lib/uuid.js +2 -0
  655. package/lib/vendor/blamejs/lib/validate-opts.js +2 -0
  656. package/lib/vendor/blamejs/lib/vault/index.js +2 -0
  657. package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +2 -0
  658. package/lib/vendor/blamejs/lib/vault/passphrase-source.js +2 -0
  659. package/lib/vendor/blamejs/lib/vault/rotate.js +2 -0
  660. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +2 -0
  661. package/lib/vendor/blamejs/lib/vault/wrap.js +2 -0
  662. package/lib/vendor/blamejs/lib/vault-aad.js +2 -0
  663. package/lib/vendor/blamejs/lib/vc.js +31 -0
  664. package/lib/vendor/blamejs/lib/vendor/MANIFEST.json +10 -10
  665. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.dat +2 -4
  666. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.data.js +745 -745
  667. package/lib/vendor/blamejs/lib/vendor-data.js +2 -0
  668. package/lib/vendor/blamejs/lib/vex.js +2 -0
  669. package/lib/vendor/blamejs/lib/watcher.js +2 -0
  670. package/lib/vendor/blamejs/lib/web-push-vapid.js +2 -0
  671. package/lib/vendor/blamejs/lib/webhook-dispatcher.js +33 -5
  672. package/lib/vendor/blamejs/lib/webhook.js +2 -0
  673. package/lib/vendor/blamejs/lib/websocket-channels.js +2 -0
  674. package/lib/vendor/blamejs/lib/websocket.js +2 -0
  675. package/lib/vendor/blamejs/lib/wiki-concepts.js +2 -0
  676. package/lib/vendor/blamejs/lib/worker-pool.js +2 -0
  677. package/lib/vendor/blamejs/lib/worm.js +2 -0
  678. package/lib/vendor/blamejs/lib/ws-client.js +2 -0
  679. package/lib/vendor/blamejs/lib/x509-chain.js +2 -0
  680. package/lib/vendor/blamejs/lib/xml-c14n.js +10 -7
  681. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/Dockerfile +7 -6
  682. package/lib/vendor/blamejs/package-lock.json +533 -0
  683. package/lib/vendor/blamejs/package.json +3 -3
  684. package/lib/vendor/blamejs/release-notes/v0.15.x.json +2284 -0
  685. package/lib/vendor/blamejs/release-notes/v0.16.0.json +44 -0
  686. package/lib/vendor/blamejs/release-notes/v0.16.1.json +36 -0
  687. package/lib/vendor/blamejs/release-notes/v0.16.2.json +71 -0
  688. package/lib/vendor/blamejs/scripts/build-vendored-sbom.js +2 -0
  689. package/lib/vendor/blamejs/scripts/check-actions-currency.js +113 -1
  690. package/lib/vendor/blamejs/scripts/check-api-snapshot.js +2 -0
  691. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +2 -0
  692. package/lib/vendor/blamejs/scripts/check-esbuild-pin.js +33 -40
  693. package/lib/vendor/blamejs/scripts/check-pack-against-gitignore.js +2 -0
  694. package/lib/vendor/blamejs/scripts/check-services.js +2 -0
  695. package/lib/vendor/blamejs/scripts/check-vendor-currency.js +2 -0
  696. package/lib/vendor/blamejs/scripts/consolidate-release-notes.js +2 -0
  697. package/lib/vendor/blamejs/scripts/gen-migrating.js +2 -0
  698. package/lib/vendor/blamejs/scripts/generate-changelog-entry.js +2 -0
  699. package/lib/vendor/blamejs/scripts/generate-release-signing-key.js +2 -0
  700. package/lib/vendor/blamejs/scripts/generate-ssdf-attestation.js +2 -0
  701. package/lib/vendor/blamejs/scripts/pin-all.js +215 -0
  702. package/lib/vendor/blamejs/scripts/refresh-api-snapshot.js +2 -0
  703. package/lib/vendor/blamejs/scripts/refresh-vendor-manifest.js +2 -0
  704. package/lib/vendor/blamejs/scripts/release.js +5 -1
  705. package/lib/vendor/blamejs/scripts/sha3-digest.js +2 -0
  706. package/lib/vendor/blamejs/scripts/sign-release-artifact.js +2 -0
  707. package/lib/vendor/blamejs/scripts/test-integration.js +2 -0
  708. package/lib/vendor/blamejs/scripts/test-wiki-integration.js +2 -0
  709. package/lib/vendor/blamejs/scripts/validate-source-comment-blocks.js +2 -0
  710. package/lib/vendor/blamejs/scripts/vendor-data-gen.js +2 -0
  711. package/lib/vendor/blamejs/scripts/vendor-data-keygen.js +2 -0
  712. package/lib/vendor/blamejs/test/00-primitives.js +35 -1
  713. package/lib/vendor/blamejs/test/10-state.js +2 -0
  714. package/lib/vendor/blamejs/test/20-db.js +2 -0
  715. package/lib/vendor/blamejs/test/30-chain.js +2 -0
  716. package/lib/vendor/blamejs/test/40-consumers.js +2 -0
  717. package/lib/vendor/blamejs/test/50-integration.js +2 -0
  718. package/lib/vendor/blamejs/test/_helpers.js +2 -0
  719. package/lib/vendor/blamejs/test/_smoke-worker.js +2 -0
  720. package/lib/vendor/blamejs/test/fixtures/worker-pool/echo.js +2 -0
  721. package/lib/vendor/blamejs/test/helpers/_codebase-shingle-worker.js +2 -0
  722. package/lib/vendor/blamejs/test/helpers/_codebase-shingle.js +2 -0
  723. package/lib/vendor/blamejs/test/helpers/_shape-match.js +2 -0
  724. package/lib/vendor/blamejs/test/helpers/check.js +2 -0
  725. package/lib/vendor/blamejs/test/helpers/cluster.js +2 -0
  726. package/lib/vendor/blamejs/test/helpers/db.js +2 -0
  727. package/lib/vendor/blamejs/test/helpers/drivers.js +2 -0
  728. package/lib/vendor/blamejs/test/helpers/fs-watch.js +2 -0
  729. package/lib/vendor/blamejs/test/helpers/http.js +2 -0
  730. package/lib/vendor/blamejs/test/helpers/index.js +2 -0
  731. package/lib/vendor/blamejs/test/helpers/json-round-trip.js +2 -0
  732. package/lib/vendor/blamejs/test/helpers/mocks.js +2 -0
  733. package/lib/vendor/blamejs/test/helpers/otel.js +2 -0
  734. package/lib/vendor/blamejs/test/helpers/services.js +2 -0
  735. package/lib/vendor/blamejs/test/helpers/wait.js +2 -0
  736. package/lib/vendor/blamejs/test/integration/audit-actor-binding-pg.test.js +2 -0
  737. package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -0
  738. package/lib/vendor/blamejs/test/integration/audit-stack-mysql.test.js +2 -0
  739. package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -0
  740. package/lib/vendor/blamejs/test/integration/backup-restore-objectstore.test.js +2 -0
  741. package/lib/vendor/blamejs/test/integration/cache.test.js +2 -0
  742. package/lib/vendor/blamejs/test/integration/cluster-provider-mysql.test.js +2 -0
  743. package/lib/vendor/blamejs/test/integration/data-layer-cluster-mysql.test.js +2 -0
  744. package/lib/vendor/blamejs/test/integration/data-layer-cluster-pg.test.js +2 -0
  745. package/lib/vendor/blamejs/test/integration/data-layer-mysql-privacy.test.js +2 -0
  746. package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +2 -0
  747. package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +2 -0
  748. package/lib/vendor/blamejs/test/integration/data-layer-postgres.test.js +2 -0
  749. package/lib/vendor/blamejs/test/integration/db-layer-mysql.test.js +2 -0
  750. package/lib/vendor/blamejs/test/integration/db-layer-postgres.test.js +2 -0
  751. package/lib/vendor/blamejs/test/integration/distributed-scheduler-fencing-pg.test.js +2 -0
  752. package/lib/vendor/blamejs/test/integration/external-db-postgres.test.js +2 -0
  753. package/lib/vendor/blamejs/test/integration/federation-auth.test.js +2 -0
  754. package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -0
  755. package/lib/vendor/blamejs/test/integration/http-client.test.js +2 -0
  756. package/lib/vendor/blamejs/test/integration/log-stream-cloudwatch.test.js +2 -0
  757. package/lib/vendor/blamejs/test/integration/log-stream.test.js +2 -0
  758. package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +2 -0
  759. package/lib/vendor/blamejs/test/integration/mail-dkim.test.js +2 -0
  760. package/lib/vendor/blamejs/test/integration/mail-smtp.test.js +2 -0
  761. package/lib/vendor/blamejs/test/integration/mtls-ca.test.js +2 -0
  762. package/lib/vendor/blamejs/test/integration/network-dns.test.js +2 -0
  763. package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +2 -0
  764. package/lib/vendor/blamejs/test/integration/ntp-check.test.js +2 -0
  765. package/lib/vendor/blamejs/test/integration/object-store-azure.test.js +2 -0
  766. package/lib/vendor/blamejs/test/integration/object-store-gcs.test.js +2 -0
  767. package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +2 -0
  768. package/lib/vendor/blamejs/test/integration/object-store-worm-lock.test.js +2 -0
  769. package/lib/vendor/blamejs/test/integration/pqc-pkcs8-forward-compat.test.js +2 -0
  770. package/lib/vendor/blamejs/test/integration/pubsub.test.js +2 -0
  771. package/lib/vendor/blamejs/test/integration/queue-cluster-mysql.test.js +2 -0
  772. package/lib/vendor/blamejs/test/integration/queue-cluster-pg.test.js +2 -0
  773. package/lib/vendor/blamejs/test/integration/queue-redis.test.js +115 -0
  774. package/lib/vendor/blamejs/test/integration/queue-sqs.test.js +2 -0
  775. package/lib/vendor/blamejs/test/integration/redis-client-tls.test.js +2 -0
  776. package/lib/vendor/blamejs/test/integration/redis-reconnect-toxiproxy.test.js +2 -0
  777. package/lib/vendor/blamejs/test/integration/sql-fts5-catalog-sqlite.test.js +2 -0
  778. package/lib/vendor/blamejs/test/integration/ssrf-guard.test.js +2 -0
  779. package/lib/vendor/blamejs/test/integration/tls-classical-downgrade-audit.test.js +2 -0
  780. package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +15 -0
  781. package/lib/vendor/blamejs/test/integration/websocket-permessage-deflate.test.js +2 -0
  782. package/lib/vendor/blamejs/test/integration/ws-client-roundtrip.test.js +2 -0
  783. package/lib/vendor/blamejs/test/layer-0-primitives/a2a-tasks.test.js +2 -0
  784. package/lib/vendor/blamejs/test/layer-0-primitives/a2a.test.js +2 -0
  785. package/lib/vendor/blamejs/test/layer-0-primitives/access-lock.test.js +2 -0
  786. package/lib/vendor/blamejs/test/layer-0-primitives/acme-coverage.test.js +441 -0
  787. package/lib/vendor/blamejs/test/layer-0-primitives/acme-failclosed.test.js +131 -0
  788. package/lib/vendor/blamejs/test/layer-0-primitives/acme.test.js +2 -0
  789. package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +2 -0
  790. package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +2 -0
  791. package/lib/vendor/blamejs/test/layer-0-primitives/agent-idempotency.test.js +0 -0
  792. package/lib/vendor/blamejs/test/layer-0-primitives/agent-orchestrator.test.js +23 -0
  793. package/lib/vendor/blamejs/test/layer-0-primitives/agent-posture-chain.test.js +2 -0
  794. package/lib/vendor/blamejs/test/layer-0-primitives/agent-saga.test.js +2 -0
  795. package/lib/vendor/blamejs/test/layer-0-primitives/agent-snapshot.test.js +2 -0
  796. package/lib/vendor/blamejs/test/layer-0-primitives/agent-stream.test.js +2 -0
  797. package/lib/vendor/blamejs/test/layer-0-primitives/agent-tenant.test.js +22 -0
  798. package/lib/vendor/blamejs/test/layer-0-primitives/agent-trace.test.js +2 -0
  799. package/lib/vendor/blamejs/test/layer-0-primitives/ai-adverse-decision.test.js +2 -0
  800. package/lib/vendor/blamejs/test/layer-0-primitives/ai-aedt-bias-audit.test.js +2 -0
  801. package/lib/vendor/blamejs/test/layer-0-primitives/ai-capability.test.js +2 -0
  802. package/lib/vendor/blamejs/test/layer-0-primitives/ai-content-detect.test.js +2 -0
  803. package/lib/vendor/blamejs/test/layer-0-primitives/ai-disclosure-apply-all.test.js +2 -0
  804. package/lib/vendor/blamejs/test/layer-0-primitives/ai-disclosure.test.js +2 -0
  805. package/lib/vendor/blamejs/test/layer-0-primitives/ai-dp.test.js +2 -0
  806. package/lib/vendor/blamejs/test/layer-0-primitives/ai-frontier-protocol.test.js +2 -0
  807. package/lib/vendor/blamejs/test/layer-0-primitives/ai-input.test.js +2 -0
  808. package/lib/vendor/blamejs/test/layer-0-primitives/ai-model-manifest.test.js +2 -0
  809. package/lib/vendor/blamejs/test/layer-0-primitives/ai-output.test.js +2 -0
  810. package/lib/vendor/blamejs/test/layer-0-primitives/ai-pref.test.js +2 -0
  811. package/lib/vendor/blamejs/test/layer-0-primitives/ai-prompt.test.js +2 -0
  812. package/lib/vendor/blamejs/test/layer-0-primitives/ai-quota.test.js +2 -0
  813. package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt-rejection-envelope.test.js +2 -0
  814. package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt.test.js +2 -0
  815. package/lib/vendor/blamejs/test/layer-0-primitives/app-shutdown.test.js +2 -0
  816. package/lib/vendor/blamejs/test/layer-0-primitives/archive-gz.test.js +2 -0
  817. package/lib/vendor/blamejs/test/layer-0-primitives/archive-read.test.js +2 -0
  818. package/lib/vendor/blamejs/test/layer-0-primitives/archive-sniff-envelope.test.js +2 -0
  819. package/lib/vendor/blamejs/test/layer-0-primitives/archive-tar-hardening.test.js +22 -0
  820. package/lib/vendor/blamejs/test/layer-0-primitives/archive-tar.test.js +2 -0
  821. package/lib/vendor/blamejs/test/layer-0-primitives/archive-wrap-passphrase.test.js +2 -0
  822. package/lib/vendor/blamejs/test/layer-0-primitives/archive-wrap.test.js +2 -0
  823. package/lib/vendor/blamejs/test/layer-0-primitives/archive-zip-stream.test.js +2 -0
  824. package/lib/vendor/blamejs/test/layer-0-primitives/archive.test.js +4 -0
  825. package/lib/vendor/blamejs/test/layer-0-primitives/arg-parser.test.js +2 -0
  826. package/lib/vendor/blamejs/test/layer-0-primitives/asn1-der.test.js +2 -0
  827. package/lib/vendor/blamejs/test/layer-0-primitives/asyncapi.test.js +2 -0
  828. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-conflict-path.test.js +2 -0
  829. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-exclusive-temp.test.js +2 -0
  830. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read-errorfor-bypass.test.js +2 -0
  831. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +2 -0
  832. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-open-append-nofollow.test.js +2 -0
  833. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-open-nofollow.test.js +2 -0
  834. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-rename-retry.test.js +2 -0
  835. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-write-excl.test.js +2 -0
  836. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-write-stream.test.js +2 -0
  837. package/lib/vendor/blamejs/test/layer-0-primitives/attach-user-bearer-scheme.test.js +2 -0
  838. package/lib/vendor/blamejs/test/layer-0-primitives/audit-chain-corrupted-anchor.test.js +2 -0
  839. package/lib/vendor/blamejs/test/layer-0-primitives/audit-chain-incremental-verify.test.js +2 -0
  840. package/lib/vendor/blamejs/test/layer-0-primitives/audit-checkpoint-false-rollback.test.js +2 -0
  841. package/lib/vendor/blamejs/test/layer-0-primitives/audit-cve-defensive.test.js +2 -0
  842. package/lib/vendor/blamejs/test/layer-0-primitives/audit-daily-review.test.js +2 -0
  843. package/lib/vendor/blamejs/test/layer-0-primitives/audit-export-cadf.test.js +2 -0
  844. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +2 -0
  845. package/lib/vendor/blamejs/test/layer-0-primitives/audit-query-self-log.test.js +2 -0
  846. package/lib/vendor/blamejs/test/layer-0-primitives/audit-safeemit-redacts-secrets.test.js +2 -0
  847. package/lib/vendor/blamejs/test/layer-0-primitives/audit-segregation.test.js +2 -0
  848. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +2 -0
  849. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-ml-dsa-65.test.js +2 -0
  850. package/lib/vendor/blamejs/test/layer-0-primitives/audit-signing-key-rotation.test.js +2 -0
  851. package/lib/vendor/blamejs/test/layer-0-primitives/audit-tools-dual-control.test.js +2 -0
  852. package/lib/vendor/blamejs/test/layer-0-primitives/audit-tools-return-bytes.test.js +2 -0
  853. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +2 -0
  854. package/lib/vendor/blamejs/test/layer-0-primitives/audit-verifybundle-tamper.test.js +2 -0
  855. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge-verifier.test.js +2 -0
  856. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge.test.js +2 -0
  857. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +9 -6
  858. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jwt-defenses.test.js +56 -0
  859. package/lib/vendor/blamejs/test/layer-0-primitives/auth-lockout.test.js +121 -1
  860. package/lib/vendor/blamejs/test/layer-0-primitives/auth-oauth-coverage.test.js +482 -0
  861. package/lib/vendor/blamejs/test/layer-0-primitives/auth-oauth-failclosed.test.js +257 -0
  862. package/lib/vendor/blamejs/test/layer-0-primitives/auth-password-audit.test.js +2 -0
  863. package/lib/vendor/blamejs/test/layer-0-primitives/auth-saml-coverage.test.js +671 -0
  864. package/lib/vendor/blamejs/test/layer-0-primitives/auth-saml-failclosed.test.js +179 -0
  865. package/lib/vendor/blamejs/test/layer-0-primitives/auth-status-list.test.js +19 -0
  866. package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-bucket-ops.test.js +2 -0
  867. package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-key-encoding.test.js +2 -0
  868. package/lib/vendor/blamejs/test/layer-0-primitives/backup-bundle-info.test.js +2 -0
  869. package/lib/vendor/blamejs/test/layer-0-primitives/backup-clone-bundle.test.js +2 -0
  870. package/lib/vendor/blamejs/test/layer-0-primitives/backup-find-bundles.test.js +2 -0
  871. package/lib/vendor/blamejs/test/layer-0-primitives/backup-index-coverage.test.js +690 -0
  872. package/lib/vendor/blamejs/test/layer-0-primitives/backup-index-failclosed.test.js +103 -0
  873. package/lib/vendor/blamejs/test/layer-0-primitives/backup-key-rotation.test.js +2 -0
  874. package/lib/vendor/blamejs/test/layer-0-primitives/backup-manifest-signature.test.js +2 -0
  875. package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -0
  876. package/lib/vendor/blamejs/test/layer-0-primitives/backup-residency-posture.test.js +2 -0
  877. package/lib/vendor/blamejs/test/layer-0-primitives/backup-rewrap-all.test.js +2 -0
  878. package/lib/vendor/blamejs/test/layer-0-primitives/backup-rewrap-bundle.test.js +2 -0
  879. package/lib/vendor/blamejs/test/layer-0-primitives/backup-scheduletest-drill.test.js +2 -0
  880. package/lib/vendor/blamejs/test/layer-0-primitives/backup-verify-all-bundles.test.js +0 -0
  881. package/lib/vendor/blamejs/test/layer-0-primitives/backup-verify-bundle.test.js +2 -0
  882. package/lib/vendor/blamejs/test/layer-0-primitives/backup-worker.test.js +2 -0
  883. package/lib/vendor/blamejs/test/layer-0-primitives/base32.test.js +2 -0
  884. package/lib/vendor/blamejs/test/layer-0-primitives/bearer-auth.test.js +2 -0
  885. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-chunked-malformed.test.js +2 -0
  886. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-error-redaction.test.js +2 -0
  887. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-smuggling.test.js +2 -0
  888. package/lib/vendor/blamejs/test/layer-0-primitives/boot-gates.test.js +2 -0
  889. package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +12 -0
  890. package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +2 -0
  891. package/lib/vendor/blamejs/test/layer-0-primitives/breach-deadline.test.js +2 -0
  892. package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +46 -0
  893. package/lib/vendor/blamejs/test/layer-0-primitives/budr.test.js +2 -0
  894. package/lib/vendor/blamejs/test/layer-0-primitives/bundler-engine.test.js +2 -0
  895. package/lib/vendor/blamejs/test/layer-0-primitives/cache-status.test.js +2 -0
  896. package/lib/vendor/blamejs/test/layer-0-primitives/cache.test.js +12 -0
  897. package/lib/vendor/blamejs/test/layer-0-primitives/calendar.test.js +2 -0
  898. package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json-jcs.test.js +2 -0
  899. package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json.test.js +28 -0
  900. package/lib/vendor/blamejs/test/layer-0-primitives/cbor.test.js +2 -0
  901. package/lib/vendor/blamejs/test/layer-0-primitives/cdn-cache-control.test.js +2 -0
  902. package/lib/vendor/blamejs/test/layer-0-primitives/cert.test.js +2 -0
  903. package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +2 -0
  904. package/lib/vendor/blamejs/test/layer-0-primitives/ciba-authreqid-binding.test.js +2 -0
  905. package/lib/vendor/blamejs/test/layer-0-primitives/clear-site-data.test.js +2 -0
  906. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +2 -0
  907. package/lib/vendor/blamejs/test/layer-0-primitives/cli-audit-verify-chain.test.js +2 -0
  908. package/lib/vendor/blamejs/test/layer-0-primitives/cli-backup.test.js +2 -0
  909. package/lib/vendor/blamejs/test/layer-0-primitives/cli-config-drift.test.js +2 -0
  910. package/lib/vendor/blamejs/test/layer-0-primitives/cli-coverage.test.js +238 -0
  911. package/lib/vendor/blamejs/test/layer-0-primitives/cli-erase.test.js +2 -0
  912. package/lib/vendor/blamejs/test/layer-0-primitives/cli-file-type.test.js +2 -0
  913. package/lib/vendor/blamejs/test/layer-0-primitives/cli-helpers.test.js +2 -0
  914. package/lib/vendor/blamejs/test/layer-0-primitives/cli-mtls.test.js +2 -0
  915. package/lib/vendor/blamejs/test/layer-0-primitives/cli-password.test.js +2 -0
  916. package/lib/vendor/blamejs/test/layer-0-primitives/cli-restore.test.js +2 -0
  917. package/lib/vendor/blamejs/test/layer-0-primitives/cli-retention.test.js +2 -0
  918. package/lib/vendor/blamejs/test/layer-0-primitives/cli-security.test.js +2 -0
  919. package/lib/vendor/blamejs/test/layer-0-primitives/cli-vault.test.js +2 -0
  920. package/lib/vendor/blamejs/test/layer-0-primitives/client-hints.test.js +2 -0
  921. package/lib/vendor/blamejs/test/layer-0-primitives/cloud-events.test.js +2 -0
  922. package/lib/vendor/blamejs/test/layer-0-primitives/cluster-storage.test.js +2 -0
  923. package/lib/vendor/blamejs/test/layer-0-primitives/cluster-vault-rotation.test.js +2 -0
  924. package/lib/vendor/blamejs/test/layer-0-primitives/cms-codec.test.js +2 -0
  925. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +791 -13
  926. package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +2 -0
  927. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +2 -0
  928. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-cascade.test.js +2 -0
  929. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eaa.test.js +2 -0
  930. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eu-ai-act-posture.test.js +2 -0
  931. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-sanctions.test.js +2 -0
  932. package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +2 -0
  933. package/lib/vendor/blamejs/test/layer-0-primitives/compression-range.test.js +2 -0
  934. package/lib/vendor/blamejs/test/layer-0-primitives/config-drift.test.js +2 -0
  935. package/lib/vendor/blamejs/test/layer-0-primitives/config.test.js +2 -0
  936. package/lib/vendor/blamejs/test/layer-0-primitives/consent-purposes.test.js +2 -0
  937. package/lib/vendor/blamejs/test/layer-0-primitives/content-credentials.test.js +2 -0
  938. package/lib/vendor/blamejs/test/layer-0-primitives/content-digest.test.js +2 -0
  939. package/lib/vendor/blamejs/test/layer-0-primitives/cors.test.js +12 -0
  940. package/lib/vendor/blamejs/test/layer-0-primitives/cose.test.js +2 -0
  941. package/lib/vendor/blamejs/test/layer-0-primitives/cra-report.test.js +2 -0
  942. package/lib/vendor/blamejs/test/layer-0-primitives/crdt.test.js +2 -0
  943. package/lib/vendor/blamejs/test/layer-0-primitives/credential-hash.test.js +2 -0
  944. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +2 -0
  945. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-envelope.test.js +2 -0
  946. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-aad-downgrade.test.js +2 -0
  947. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-derived-hash.test.js +2 -0
  948. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-dual-read-migrate.test.js +2 -0
  949. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-per-row-key.test.js +2 -0
  950. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-unseal-rate-cap.test.js +2 -0
  951. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-upgrade-dialect.test.js +2 -0
  952. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-files-parallel.test.js +2 -0
  953. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -0
  954. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke-pq.test.js +2 -0
  955. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke.test.js +2 -0
  956. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-interop-oracles.test.js +2 -0
  957. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-mlkem768-x25519.test.js +2 -0
  958. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-namespace-hash.test.js +0 -0
  959. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-oprf.test.js +2 -0
  960. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-random-int.test.js +2 -0
  961. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-self-test.test.js +2 -0
  962. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-xwing.test.js +2 -0
  963. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +2 -0
  964. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +2 -0
  965. package/lib/vendor/blamejs/test/layer-0-primitives/csp-report.test.js +2 -0
  966. package/lib/vendor/blamejs/test/layer-0-primitives/csrf-protect.test.js +40 -0
  967. package/lib/vendor/blamejs/test/layer-0-primitives/csv.test.js +11 -0
  968. package/lib/vendor/blamejs/test/layer-0-primitives/cwt.test.js +2 -0
  969. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -0
  970. package/lib/vendor/blamejs/test/layer-0-primitives/daily-byte-quota.test.js +2 -0
  971. package/lib/vendor/blamejs/test/layer-0-primitives/dane.test.js +2 -0
  972. package/lib/vendor/blamejs/test/layer-0-primitives/dark-patterns.test.js +2 -0
  973. package/lib/vendor/blamejs/test/layer-0-primitives/data-act.test.js +2 -0
  974. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection-extensions.test.js +2 -0
  975. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection.test.js +2 -0
  976. package/lib/vendor/blamejs/test/layer-0-primitives/db-column-gate.test.js +2 -0
  977. package/lib/vendor/blamejs/test/layer-0-primitives/db-init-extensions.test.js +2 -0
  978. package/lib/vendor/blamejs/test/layer-0-primitives/db-key-aad.test.js +2 -0
  979. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +2 -0
  980. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-extensions.test.js +2 -0
  981. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-sealed-field-in.test.js +2 -0
  982. package/lib/vendor/blamejs/test/layer-0-primitives/db-raw-residency-gate.test.js +2 -0
  983. package/lib/vendor/blamejs/test/layer-0-primitives/db-role-for.test.js +2 -0
  984. package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-drift.test.js +2 -0
  985. package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-reconcile-emittable.test.js +2 -0
  986. package/lib/vendor/blamejs/test/layer-0-primitives/db-schema-transaction.test.js +2 -0
  987. package/lib/vendor/blamejs/test/layer-0-primitives/db-stream-and-payload-shape.test.js +2 -0
  988. package/lib/vendor/blamejs/test/layer-0-primitives/db-vacuum.test.js +2 -0
  989. package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +2 -0
  990. package/lib/vendor/blamejs/test/layer-0-primitives/ddl-change-control.test.js +2 -0
  991. package/lib/vendor/blamejs/test/layer-0-primitives/declare-row-policy.test.js +2 -0
  992. package/lib/vendor/blamejs/test/layer-0-primitives/declare-view.test.js +2 -0
  993. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-default-gate-posture-caps.test.js +2 -0
  994. package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +2 -0
  995. package/lib/vendor/blamejs/test/layer-0-primitives/deny-response.test.js +2 -0
  996. package/lib/vendor/blamejs/test/layer-0-primitives/did.test.js +2 -0
  997. package/lib/vendor/blamejs/test/layer-0-primitives/dns-dnssec-algorithm.test.js +2 -0
  998. package/lib/vendor/blamejs/test/layer-0-primitives/dns-null-mx.test.js +2 -0
  999. package/lib/vendor/blamejs/test/layer-0-primitives/dnssec.test.js +37 -0
  1000. package/lib/vendor/blamejs/test/layer-0-primitives/dora.test.js +2 -0
  1001. package/lib/vendor/blamejs/test/layer-0-primitives/dpop-alg-kty.test.js +2 -0
  1002. package/lib/vendor/blamejs/test/layer-0-primitives/dpop-htu-peergating.test.js +2 -0
  1003. package/lib/vendor/blamejs/test/layer-0-primitives/dpop-middleware-replaystore-required.test.js +2 -0
  1004. package/lib/vendor/blamejs/test/layer-0-primitives/dr-runbook.test.js +2 -0
  1005. package/lib/vendor/blamejs/test/layer-0-primitives/dsa.test.js +2 -0
  1006. package/lib/vendor/blamejs/test/layer-0-primitives/dsr-state-rules.test.js +2 -0
  1007. package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +2 -0
  1008. package/lib/vendor/blamejs/test/layer-0-primitives/dual-control.test.js +28 -0
  1009. package/lib/vendor/blamejs/test/layer-0-primitives/early-hints.test.js +2 -0
  1010. package/lib/vendor/blamejs/test/layer-0-primitives/eat.test.js +2 -0
  1011. package/lib/vendor/blamejs/test/layer-0-primitives/erase-posture-vacuum.test.js +2 -0
  1012. package/lib/vendor/blamejs/test/layer-0-primitives/events.test.js +2 -0
  1013. package/lib/vendor/blamejs/test/layer-0-primitives/exploit-replay.test.js +2 -0
  1014. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +2 -0
  1015. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +2 -0
  1016. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-non-atomic-backend.test.js +2 -0
  1017. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-routing.test.js +2 -0
  1018. package/lib/vendor/blamejs/test/layer-0-primitives/fal.test.js +2 -0
  1019. package/lib/vendor/blamejs/test/layer-0-primitives/fapi2.test.js +2 -0
  1020. package/lib/vendor/blamejs/test/layer-0-primitives/fda-21cfr11.test.js +2 -0
  1021. package/lib/vendor/blamejs/test/layer-0-primitives/fdx.test.js +2 -0
  1022. package/lib/vendor/blamejs/test/layer-0-primitives/fedcm-dbsc.test.js +2 -0
  1023. package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +124 -0
  1024. package/lib/vendor/blamejs/test/layer-0-primitives/fetch-metadata.test.js +2 -0
  1025. package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3-cert-bad-validity.test.js +2 -0
  1026. package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.js +2 -0
  1027. package/lib/vendor/blamejs/test/layer-0-primitives/file-type.test.js +2 -0
  1028. package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-content-safety-skip-audit.test.js +66 -0
  1029. package/lib/vendor/blamejs/test/layer-0-primitives/file-upload-ownership.test.js +214 -0
  1030. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +2 -0
  1031. package/lib/vendor/blamejs/test/layer-0-primitives/forensic-snapshot.test.js +2 -0
  1032. package/lib/vendor/blamejs/test/layer-0-primitives/fsm.test.js +2 -0
  1033. package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +2 -0
  1034. package/lib/vendor/blamejs/test/layer-0-primitives/gcs-bucket-ops.test.js +2 -0
  1035. package/lib/vendor/blamejs/test/layer-0-primitives/gdpr-ropa.test.js +2 -0
  1036. package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +2 -0
  1037. package/lib/vendor/blamejs/test/layer-0-primitives/guard-agent-registry.test.js +2 -0
  1038. package/lib/vendor/blamejs/test/layer-0-primitives/guard-all.test.js +2 -0
  1039. package/lib/vendor/blamejs/test/layer-0-primitives/guard-archive.test.js +2 -0
  1040. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +2 -0
  1041. package/lib/vendor/blamejs/test/layer-0-primitives/guard-dsn.test.js +2 -0
  1042. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +2 -0
  1043. package/lib/vendor/blamejs/test/layer-0-primitives/guard-envelope.test.js +2 -0
  1044. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-payload.test.js +2 -0
  1045. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-topic.test.js +2 -0
  1046. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +2 -0
  1047. package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +2 -0
  1048. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html-wcag.test.js +2 -0
  1049. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +2 -0
  1050. package/lib/vendor/blamejs/test/layer-0-primitives/guard-idempotency-key.test.js +2 -0
  1051. package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +2 -0
  1052. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  1053. package/lib/vendor/blamejs/test/layer-0-primitives/guard-jmap.test.js +2 -0
  1054. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +2 -0
  1055. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-id.test.js +2 -0
  1056. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-unsubscribe.test.js +2 -0
  1057. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-compose.test.js +2 -0
  1058. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-move.test.js +2 -0
  1059. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-query.test.js +2 -0
  1060. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-reply.test.js +2 -0
  1061. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-sieve.test.js +2 -0
  1062. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +2 -0
  1063. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +2 -0
  1064. package/lib/vendor/blamejs/test/layer-0-primitives/guard-message-id.test.js +0 -0
  1065. package/lib/vendor/blamejs/test/layer-0-primitives/guard-oauth-replay-failopen.test.js +57 -0
  1066. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +2 -0
  1067. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +2 -0
  1068. package/lib/vendor/blamejs/test/layer-0-primitives/guard-posture-chain.test.js +2 -0
  1069. package/lib/vendor/blamejs/test/layer-0-primitives/guard-saga-config.test.js +2 -0
  1070. package/lib/vendor/blamejs/test/layer-0-primitives/guard-smtp-command.test.js +2 -0
  1071. package/lib/vendor/blamejs/test/layer-0-primitives/guard-snapshot-envelope.test.js +2 -0
  1072. package/lib/vendor/blamejs/test/layer-0-primitives/guard-stream-args.test.js +2 -0
  1073. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +2 -0
  1074. package/lib/vendor/blamejs/test/layer-0-primitives/guard-tenant-id.test.js +2 -0
  1075. package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +2 -0
  1076. package/lib/vendor/blamejs/test/layer-0-primitives/guard-trace-context.test.js +2 -0
  1077. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +2 -0
  1078. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +2 -0
  1079. package/lib/vendor/blamejs/test/layer-0-primitives/hal.test.js +2 -0
  1080. package/lib/vendor/blamejs/test/layer-0-primitives/honeytoken.test.js +2 -0
  1081. package/lib/vendor/blamejs/test/layer-0-primitives/html-balance.test.js +2 -0
  1082. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +2 -0
  1083. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +2 -0
  1084. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-throttle-transform.test.js +2 -0
  1085. package/lib/vendor/blamejs/test/layer-0-primitives/http-message-signature.test.js +315 -3
  1086. package/lib/vendor/blamejs/test/layer-0-primitives/i18n-messageformat.test.js +26 -0
  1087. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +2 -0
  1088. package/lib/vendor/blamejs/test/layer-0-primitives/iab-mspa.test.js +2 -0
  1089. package/lib/vendor/blamejs/test/layer-0-primitives/iab-tcf.test.js +2 -0
  1090. package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +40 -0
  1091. package/lib/vendor/blamejs/test/layer-0-primitives/importmap-integrity.test.js +2 -0
  1092. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +2 -0
  1093. package/lib/vendor/blamejs/test/layer-0-primitives/incident-report.test.js +2 -0
  1094. package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +2 -0
  1095. package/lib/vendor/blamejs/test/layer-0-primitives/jose-jwe-experimental.test.js +2 -0
  1096. package/lib/vendor/blamejs/test/layer-0-primitives/json-api.test.js +2 -0
  1097. package/lib/vendor/blamejs/test/layer-0-primitives/json-merge-patch.test.js +2 -0
  1098. package/lib/vendor/blamejs/test/layer-0-primitives/json-patch.test.js +2 -0
  1099. package/lib/vendor/blamejs/test/layer-0-primitives/json-path.test.js +2 -0
  1100. package/lib/vendor/blamejs/test/layer-0-primitives/json-round-trip-helper.test.js +2 -0
  1101. package/lib/vendor/blamejs/test/layer-0-primitives/json-schema.test.js +26 -0
  1102. package/lib/vendor/blamejs/test/layer-0-primitives/jtd.test.js +2 -0
  1103. package/lib/vendor/blamejs/test/layer-0-primitives/jwk.test.js +2 -0
  1104. package/lib/vendor/blamejs/test/layer-0-primitives/jwt-external.test.js +2 -0
  1105. package/lib/vendor/blamejs/test/layer-0-primitives/keychain-coverage.test.js +0 -0
  1106. package/lib/vendor/blamejs/test/layer-0-primitives/keychain-failclosed.test.js +185 -0
  1107. package/lib/vendor/blamejs/test/layer-0-primitives/keychain.test.js +0 -0
  1108. package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +2 -0
  1109. package/lib/vendor/blamejs/test/layer-0-primitives/link-header.test.js +2 -0
  1110. package/lib/vendor/blamejs/test/layer-0-primitives/local-db-thin.test.js +2 -0
  1111. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-cloudwatch.test.js +2 -0
  1112. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp-grpc.test.js +2 -0
  1113. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp.test.js +2 -0
  1114. package/lib/vendor/blamejs/test/layer-0-primitives/lro.test.js +2 -0
  1115. package/lib/vendor/blamejs/test/layer-0-primitives/mail-agent.test.js +2 -0
  1116. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +2 -0
  1117. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-coverage.test.js +437 -0
  1118. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-dmarc-policy-failclosed.test.js +2 -0
  1119. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth-failclosed.test.js +144 -0
  1120. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +289 -0
  1121. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi-cert-validity-unparseable.test.js +2 -0
  1122. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi.test.js +2 -0
  1123. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bounce.test.js +61 -0
  1124. package/lib/vendor/blamejs/test/layer-0-primitives/mail-canspam.test.js +2 -0
  1125. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp-experimental.test.js +2 -0
  1126. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +2 -0
  1127. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime-bad-validity.test.js +2 -0
  1128. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime.test.js +2 -0
  1129. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dav.test.js +2 -0
  1130. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy-tlsrpt.test.js +2 -0
  1131. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy.test.js +2 -0
  1132. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim-numericdate-failclosed.test.js +2 -0
  1133. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +130 -0
  1134. package/lib/vendor/blamejs/test/layer-0-primitives/mail-feedback-id.test.js +2 -0
  1135. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +2 -0
  1136. package/lib/vendor/blamejs/test/layer-0-primitives/mail-header-injection.test.js +2 -0
  1137. package/lib/vendor/blamejs/test/layer-0-primitives/mail-helo.test.js +17 -0
  1138. package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +2 -0
  1139. package/lib/vendor/blamejs/test/layer-0-primitives/mail-mdn.test.js +29 -0
  1140. package/lib/vendor/blamejs/test/layer-0-primitives/mail-proxy-framing-bounds.test.js +2 -0
  1141. package/lib/vendor/blamejs/test/layer-0-primitives/mail-rbl.test.js +2 -0
  1142. package/lib/vendor/blamejs/test/layer-0-primitives/mail-require-tls.test.js +2 -0
  1143. package/lib/vendor/blamejs/test/layer-0-primitives/mail-scan.test.js +2 -0
  1144. package/lib/vendor/blamejs/test/layer-0-primitives/mail-send-deliver.test.js +113 -0
  1145. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-imap.test.js +2 -0
  1146. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +50 -0
  1147. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-managesieve.test.js +2 -0
  1148. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +2 -0
  1149. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-pop3.test.js +2 -0
  1150. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-rate-limit.test.js +2 -0
  1151. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-registry.test.js +2 -0
  1152. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-submission.test.js +2 -0
  1153. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +2 -0
  1154. package/lib/vendor/blamejs/test/layer-0-primitives/mail-sieve.test.js +2 -0
  1155. package/lib/vendor/blamejs/test/layer-0-primitives/mail-spam-score.test.js +2 -0
  1156. package/lib/vendor/blamejs/test/layer-0-primitives/mail-srs.test.js +21 -0
  1157. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store-fts.test.js +2 -0
  1158. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +2 -0
  1159. package/lib/vendor/blamejs/test/layer-0-primitives/mail-unsubscribe.test.js +2 -0
  1160. package/lib/vendor/blamejs/test/layer-0-primitives/mail.test.js +2 -0
  1161. package/lib/vendor/blamejs/test/layer-0-primitives/mcp-tool-registry.test.js +2 -0
  1162. package/lib/vendor/blamejs/test/layer-0-primitives/mcp.test.js +2 -0
  1163. package/lib/vendor/blamejs/test/layer-0-primitives/mdoc.test.js +2 -0
  1164. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-shadow-registry.test.js +2 -0
  1165. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-snapshot.test.js +2 -0
  1166. package/lib/vendor/blamejs/test/layer-0-primitives/middleware-compose-pipeline.test.js +2 -0
  1167. package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +11 -0
  1168. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +2 -0
  1169. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-paths.test.js +2 -0
  1170. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +2 -0
  1171. package/lib/vendor/blamejs/test/layer-0-primitives/nel.test.js +2 -0
  1172. package/lib/vendor/blamejs/test/layer-0-primitives/network-allowlist.test.js +2 -0
  1173. package/lib/vendor/blamejs/test/layer-0-primitives/network-byte-quota.test.js +65 -0
  1174. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-lookup-timeout-default.test.js +2 -0
  1175. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver-timeout.test.js +2 -0
  1176. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver.test.js +28 -0
  1177. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns.test.js +2 -0
  1178. package/lib/vendor/blamejs/test/layer-0-primitives/network-heartbeat-passive.test.js +2 -0
  1179. package/lib/vendor/blamejs/test/layer-0-primitives/network-nts-handshake-byte-cap.test.js +2 -0
  1180. package/lib/vendor/blamejs/test/layer-0-primitives/network-smtp-policy-coverage.test.js +565 -0
  1181. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-build-options.test.js +2 -0
  1182. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-ct-inclusion.test.js +2 -0
  1183. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +2 -0
  1184. package/lib/vendor/blamejs/test/layer-0-primitives/network-tsig.test.js +26 -0
  1185. package/lib/vendor/blamejs/test/layer-0-primitives/network.test.js +2 -0
  1186. package/lib/vendor/blamejs/test/layer-0-primitives/nis2-report.test.js +2 -0
  1187. package/lib/vendor/blamejs/test/layer-0-primitives/nist-crosswalk.test.js +2 -0
  1188. package/lib/vendor/blamejs/test/layer-0-primitives/no-cache.test.js +2 -0
  1189. package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +2 -0
  1190. package/lib/vendor/blamejs/test/layer-0-primitives/notify.test.js +2 -0
  1191. package/lib/vendor/blamejs/test/layer-0-primitives/numeric-bounds.test.js +2 -0
  1192. package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +2 -0
  1193. package/lib/vendor/blamejs/test/layer-0-primitives/object-store-range-header.test.js +2 -0
  1194. package/lib/vendor/blamejs/test/layer-0-primitives/object-store-versioned-delete.test.js +2 -0
  1195. package/lib/vendor/blamejs/test/layer-0-primitives/observability-tracing.test.js +22 -0
  1196. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +2 -0
  1197. package/lib/vendor/blamejs/test/layer-0-primitives/openapi.test.js +2 -0
  1198. package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +2 -0
  1199. package/lib/vendor/blamejs/test/layer-0-primitives/otlp-attr-redaction.test.js +8 -0
  1200. package/lib/vendor/blamejs/test/layer-0-primitives/outbox-inflight-reaper.test.js +2 -0
  1201. package/lib/vendor/blamejs/test/layer-0-primitives/output-header-hardening.test.js +2 -0
  1202. package/lib/vendor/blamejs/test/layer-0-primitives/pagination.test.js +2 -0
  1203. package/lib/vendor/blamejs/test/layer-0-primitives/parser-verify-hardening.test.js +2 -0
  1204. package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +2 -0
  1205. package/lib/vendor/blamejs/test/layer-0-primitives/passkey-real-vectors.test.js +2 -0
  1206. package/lib/vendor/blamejs/test/layer-0-primitives/passkey.test.js +2 -0
  1207. package/lib/vendor/blamejs/test/layer-0-primitives/permissions.test.js +2 -0
  1208. package/lib/vendor/blamejs/test/layer-0-primitives/pipl-cn.test.js +2 -0
  1209. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +2 -0
  1210. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-software.test.js +2 -0
  1211. package/lib/vendor/blamejs/test/layer-0-primitives/privacy-pass.test.js +2 -0
  1212. package/lib/vendor/blamejs/test/layer-0-primitives/privacy-vendor-review.test.js +2 -0
  1213. package/lib/vendor/blamejs/test/layer-0-primitives/problem-details.test.js +2 -0
  1214. package/lib/vendor/blamejs/test/layer-0-primitives/process-spawn.test.js +2 -0
  1215. package/lib/vendor/blamejs/test/layer-0-primitives/promise-pool.test.js +2 -0
  1216. package/lib/vendor/blamejs/test/layer-0-primitives/protected-resource-metadata.test.js +2 -0
  1217. package/lib/vendor/blamejs/test/layer-0-primitives/proto-shadow-allowlist.test.js +2 -0
  1218. package/lib/vendor/blamejs/test/layer-0-primitives/protobuf-encoder.test.js +2 -0
  1219. package/lib/vendor/blamejs/test/layer-0-primitives/protocol-dispatcher.test.js +2 -0
  1220. package/lib/vendor/blamejs/test/layer-0-primitives/public-suffix.test.js +29 -0
  1221. package/lib/vendor/blamejs/test/layer-0-primitives/pubsub.test.js +2 -0
  1222. package/lib/vendor/blamejs/test/layer-0-primitives/queue-byo-db.test.js +2 -0
  1223. package/lib/vendor/blamejs/test/layer-0-primitives/queue-dlq-extend-lease.test.js +44 -0
  1224. package/lib/vendor/blamejs/test/layer-0-primitives/queue-flow-repeat.test.js +2 -0
  1225. package/lib/vendor/blamejs/test/layer-0-primitives/queue-priority-rate-progress.test.js +2 -0
  1226. package/lib/vendor/blamejs/test/layer-0-primitives/queue-sqs.test.js +2 -0
  1227. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-cluster.test.js +2 -0
  1228. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +2 -0
  1229. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +2 -0
  1230. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-xff-spoofing.test.js +2 -0
  1231. package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +2 -0
  1232. package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +16 -0
  1233. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +7 -0
  1234. package/lib/vendor/blamejs/test/layer-0-primitives/request-id-async-context.test.js +2 -0
  1235. package/lib/vendor/blamejs/test/layer-0-primitives/request-log.test.js +3 -0
  1236. package/lib/vendor/blamejs/test/layer-0-primitives/require-auth-cache-control.test.js +2 -0
  1237. package/lib/vendor/blamejs/test/layer-0-primitives/require-mtls.test.js +2 -0
  1238. package/lib/vendor/blamejs/test/layer-0-primitives/resource-access-lock.test.js +2 -0
  1239. package/lib/vendor/blamejs/test/layer-0-primitives/restore-blob-remap.test.js +2 -0
  1240. package/lib/vendor/blamejs/test/layer-0-primitives/retention-dryrun-no-vacuum.test.js +2 -0
  1241. package/lib/vendor/blamejs/test/layer-0-primitives/retention-floor.test.js +2 -0
  1242. package/lib/vendor/blamejs/test/layer-0-primitives/retention-sweep-termination.test.js +2 -0
  1243. package/lib/vendor/blamejs/test/layer-0-primitives/retry.test.js +2 -0
  1244. package/lib/vendor/blamejs/test/layer-0-primitives/router-body-validation.test.js +2 -0
  1245. package/lib/vendor/blamejs/test/layer-0-primitives/router-coverage.test.js +592 -0
  1246. package/lib/vendor/blamejs/test/layer-0-primitives/router-cross-origin-redirect.test.js +0 -0
  1247. package/lib/vendor/blamejs/test/layer-0-primitives/router-failclosed.test.js +0 -0
  1248. package/lib/vendor/blamejs/test/layer-0-primitives/router-tls0rtt.test.js +2 -0
  1249. package/lib/vendor/blamejs/test/layer-0-primitives/router-use-path-scope.test.js +59 -0
  1250. package/lib/vendor/blamejs/test/layer-0-primitives/safe-archive-auto-unwrap.test.js +2 -0
  1251. package/lib/vendor/blamejs/test/layer-0-primitives/safe-archive-inspect-unwrap.test.js +2 -0
  1252. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +41 -0
  1253. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-parallel.test.js +2 -0
  1254. package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +13 -0
  1255. package/lib/vendor/blamejs/test/layer-0-primitives/safe-decompress.test.js +2 -0
  1256. package/lib/vendor/blamejs/test/layer-0-primitives/safe-dns.test.js +2 -0
  1257. package/lib/vendor/blamejs/test/layer-0-primitives/safe-ical.test.js +2 -0
  1258. package/lib/vendor/blamejs/test/layer-0-primitives/safe-icap.test.js +2 -0
  1259. package/lib/vendor/blamejs/test/layer-0-primitives/safe-json-stringify-for-script.test.js +2 -0
  1260. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +2 -0
  1261. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mime.test.js +2 -0
  1262. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mount-info.test.js +2 -0
  1263. package/lib/vendor/blamejs/test/layer-0-primitives/safe-path.test.js +2 -0
  1264. package/lib/vendor/blamejs/test/layer-0-primitives/safe-redirect.test.js +2 -0
  1265. package/lib/vendor/blamejs/test/layer-0-primitives/safe-sieve.test.js +2 -0
  1266. package/lib/vendor/blamejs/test/layer-0-primitives/safe-smtp.test.js +2 -0
  1267. package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-canonicalize.test.js +2 -0
  1268. package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-idn-homograph.test.js +2 -0
  1269. package/lib/vendor/blamejs/test/layer-0-primitives/safe-vcard.test.js +2 -0
  1270. package/lib/vendor/blamejs/test/layer-0-primitives/safe-xml.test.js +2 -0
  1271. package/lib/vendor/blamejs/test/layer-0-primitives/saml-mdq-wrapping.test.js +237 -0
  1272. package/lib/vendor/blamejs/test/layer-0-primitives/saml-slo.test.js +2 -0
  1273. package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notbefore.test.js +2 -0
  1274. package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.js +2 -0
  1275. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +2 -0
  1276. package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-exactly-once.test.js +2 -0
  1277. package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-watchdog-stale-settle.test.js +2 -0
  1278. package/lib/vendor/blamejs/test/layer-0-primitives/scim-server.test.js +2 -0
  1279. package/lib/vendor/blamejs/test/layer-0-primitives/scitt.test.js +2 -0
  1280. package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc-ecdsa-p1363.test.js +2 -0
  1281. package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +2 -0
  1282. package/lib/vendor/blamejs/test/layer-0-primitives/sd-notify.test.js +2 -0
  1283. package/lib/vendor/blamejs/test/layer-0-primitives/sec-cyber.test.js +2 -0
  1284. package/lib/vendor/blamejs/test/layer-0-primitives/security-assert.test.js +2 -0
  1285. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +2 -0
  1286. package/lib/vendor/blamejs/test/layer-0-primitives/security-txt.test.js +2 -0
  1287. package/lib/vendor/blamejs/test/layer-0-primitives/seeders.test.js +2 -0
  1288. package/lib/vendor/blamejs/test/layer-0-primitives/self-update-poll-asset-digest.test.js +2 -0
  1289. package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier-ecdsa-encoding.test.js +9 -1
  1290. package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier.test.js +2 -0
  1291. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +87 -4
  1292. package/lib/vendor/blamejs/test/layer-0-primitives/server-timing.test.js +2 -0
  1293. package/lib/vendor/blamejs/test/layer-0-primitives/session-binding-unreadable-failclosed.test.js +80 -0
  1294. package/lib/vendor/blamejs/test/layer-0-primitives/session-destroy-all-store-backed.test.js +2 -0
  1295. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding-ipv6-canonical-and-no-store.test.js +2 -0
  1296. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +2 -0
  1297. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +2 -0
  1298. package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +2 -0
  1299. package/lib/vendor/blamejs/test/layer-0-primitives/shape-match.test.js +2 -0
  1300. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +2 -0
  1301. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.js +2 -0
  1302. package/lib/vendor/blamejs/test/layer-0-primitives/slug.test.js +2 -0
  1303. package/lib/vendor/blamejs/test/layer-0-primitives/smtp-policy.test.js +5 -1
  1304. package/lib/vendor/blamejs/test/layer-0-primitives/source-comment-blocks.test.js +2 -0
  1305. package/lib/vendor/blamejs/test/layer-0-primitives/speculation-rules.test.js +2 -0
  1306. package/lib/vendor/blamejs/test/layer-0-primitives/sql-coverage.test.js +422 -0
  1307. package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +2 -0
  1308. package/lib/vendor/blamejs/test/layer-0-primitives/sse-backpressure.test.js +2 -0
  1309. package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +2 -0
  1310. package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +23 -1
  1311. package/lib/vendor/blamejs/test/layer-0-primitives/standard-webhooks.test.js +2 -0
  1312. package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +33 -0
  1313. package/lib/vendor/blamejs/test/layer-0-primitives/step-up.test.js +44 -0
  1314. package/lib/vendor/blamejs/test/layer-0-primitives/storage-chunk-scratch.test.js +0 -0
  1315. package/lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js +2 -0
  1316. package/lib/vendor/blamejs/test/layer-0-primitives/stream-throttle.test.js +2 -0
  1317. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields-codec.test.js +2 -0
  1318. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +2 -0
  1319. package/lib/vendor/blamejs/test/layer-0-primitives/tcpa-10dlc.test.js +2 -0
  1320. package/lib/vendor/blamejs/test/layer-0-primitives/template-escape-html.test.js +2 -0
  1321. package/lib/vendor/blamejs/test/layer-0-primitives/tenant-quota.test.js +2 -0
  1322. package/lib/vendor/blamejs/test/layer-0-primitives/test-coverage.test.js +2 -0
  1323. package/lib/vendor/blamejs/test/layer-0-primitives/test-harness.test.js +2 -0
  1324. package/lib/vendor/blamejs/test/layer-0-primitives/testing-request.test.js +2 -0
  1325. package/lib/vendor/blamejs/test/layer-0-primitives/testing.test.js +2 -0
  1326. package/lib/vendor/blamejs/test/layer-0-primitives/time.test.js +2 -0
  1327. package/lib/vendor/blamejs/test/layer-0-primitives/tls-exporter.test.js +2 -0
  1328. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-ct.test.js +2 -0
  1329. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-freshness.test.js +6 -2
  1330. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-verify.test.js +127 -3
  1331. package/lib/vendor/blamejs/test/layer-0-primitives/tls-pinset-drift.test.js +2 -0
  1332. package/lib/vendor/blamejs/test/layer-0-primitives/tls-preferred-groups.test.js +2 -0
  1333. package/lib/vendor/blamejs/test/layer-0-primitives/tracing.test.js +2 -0
  1334. package/lib/vendor/blamejs/test/layer-0-primitives/tsa.test.js +2 -0
  1335. package/lib/vendor/blamejs/test/layer-0-primitives/uri-template.test.js +2 -0
  1336. package/lib/vendor/blamejs/test/layer-0-primitives/uuid.test.js +2 -0
  1337. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-port.test.js +2 -0
  1338. package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +2 -0
  1339. package/lib/vendor/blamejs/test/layer-0-primitives/vault-aad.test.js +2 -0
  1340. package/lib/vendor/blamejs/test/layer-0-primitives/vault-default-store.test.js +2 -0
  1341. package/lib/vendor/blamejs/test/layer-0-primitives/vault-rotate-aad.test.js +2 -0
  1342. package/lib/vendor/blamejs/test/layer-0-primitives/vault-seal-pem-file.test.js +2 -0
  1343. package/lib/vendor/blamejs/test/layer-0-primitives/vc.test.js +25 -0
  1344. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-currency-classify.test.js +2 -0
  1345. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-data.test.js +2 -0
  1346. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-manifest.test.js +2 -0
  1347. package/lib/vendor/blamejs/test/layer-0-primitives/vex.test.js +2 -0
  1348. package/lib/vendor/blamejs/test/layer-0-primitives/watcher.test.js +2 -0
  1349. package/lib/vendor/blamejs/test/layer-0-primitives/web-push-vapid.test.js +2 -0
  1350. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +77 -0
  1351. package/lib/vendor/blamejs/test/layer-0-primitives/webhook-verify-nonce-atomic.test.js +2 -0
  1352. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +2 -0
  1353. package/lib/vendor/blamejs/test/layer-0-primitives/websocket-channels.test.js +2 -0
  1354. package/lib/vendor/blamejs/test/layer-0-primitives/websocket-extension-header.test.js +2 -0
  1355. package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool-recycle-race.test.js +2 -0
  1356. package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool.test.js +2 -0
  1357. package/lib/vendor/blamejs/test/layer-0-primitives/worm.test.js +2 -0
  1358. package/lib/vendor/blamejs/test/layer-0-primitives/ws-client.test.js +2 -0
  1359. package/lib/vendor/blamejs/test/layer-0-primitives/x509-chain-ca-enforcement.test.js +117 -1
  1360. package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +2 -0
  1361. package/lib/vendor/blamejs/test/layer-5-integration/bundler-output.test.js +2 -0
  1362. package/lib/vendor/blamejs/test/layer-5-integration/external-db-residency.test.js +2 -0
  1363. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +2 -0
  1364. package/lib/vendor/blamejs/test/layer-5-integration/security-chaos.test.js +2 -0
  1365. package/lib/vendor/blamejs/test/smoke.js +2 -0
  1366. package/package.json +5 -2
  1367. package/lib/vendor/blamejs/release-notes/v0.15.0.json +0 -77
  1368. package/lib/vendor/blamejs/release-notes/v0.15.1.json +0 -22
  1369. package/lib/vendor/blamejs/release-notes/v0.15.10.json +0 -53
  1370. package/lib/vendor/blamejs/release-notes/v0.15.11.json +0 -52
  1371. package/lib/vendor/blamejs/release-notes/v0.15.12.json +0 -47
  1372. package/lib/vendor/blamejs/release-notes/v0.15.13.json +0 -81
  1373. package/lib/vendor/blamejs/release-notes/v0.15.14.json +0 -122
  1374. package/lib/vendor/blamejs/release-notes/v0.15.15.json +0 -73
  1375. package/lib/vendor/blamejs/release-notes/v0.15.16.json +0 -94
  1376. package/lib/vendor/blamejs/release-notes/v0.15.17.json +0 -52
  1377. package/lib/vendor/blamejs/release-notes/v0.15.18.json +0 -49
  1378. package/lib/vendor/blamejs/release-notes/v0.15.19.json +0 -18
  1379. package/lib/vendor/blamejs/release-notes/v0.15.2.json +0 -22
  1380. package/lib/vendor/blamejs/release-notes/v0.15.20.json +0 -27
  1381. package/lib/vendor/blamejs/release-notes/v0.15.21.json +0 -51
  1382. package/lib/vendor/blamejs/release-notes/v0.15.22.json +0 -18
  1383. package/lib/vendor/blamejs/release-notes/v0.15.23.json +0 -22
  1384. package/lib/vendor/blamejs/release-notes/v0.15.24.json +0 -22
  1385. package/lib/vendor/blamejs/release-notes/v0.15.25.json +0 -18
  1386. package/lib/vendor/blamejs/release-notes/v0.15.26.json +0 -18
  1387. package/lib/vendor/blamejs/release-notes/v0.15.27.json +0 -18
  1388. package/lib/vendor/blamejs/release-notes/v0.15.28.json +0 -18
  1389. package/lib/vendor/blamejs/release-notes/v0.15.29.json +0 -27
  1390. package/lib/vendor/blamejs/release-notes/v0.15.3.json +0 -39
  1391. package/lib/vendor/blamejs/release-notes/v0.15.30.json +0 -18
  1392. package/lib/vendor/blamejs/release-notes/v0.15.31.json +0 -18
  1393. package/lib/vendor/blamejs/release-notes/v0.15.32.json +0 -18
  1394. package/lib/vendor/blamejs/release-notes/v0.15.33.json +0 -18
  1395. package/lib/vendor/blamejs/release-notes/v0.15.34.json +0 -27
  1396. package/lib/vendor/blamejs/release-notes/v0.15.35.json +0 -27
  1397. package/lib/vendor/blamejs/release-notes/v0.15.36.json +0 -18
  1398. package/lib/vendor/blamejs/release-notes/v0.15.37.json +0 -26
  1399. package/lib/vendor/blamejs/release-notes/v0.15.38.json +0 -26
  1400. package/lib/vendor/blamejs/release-notes/v0.15.4.json +0 -39
  1401. package/lib/vendor/blamejs/release-notes/v0.15.5.json +0 -22
  1402. package/lib/vendor/blamejs/release-notes/v0.15.6.json +0 -59
  1403. package/lib/vendor/blamejs/release-notes/v0.15.7.json +0 -43
  1404. package/lib/vendor/blamejs/release-notes/v0.15.8.json +0 -48
  1405. package/lib/vendor/blamejs/release-notes/v0.15.9.json +0 -58
@@ -0,0 +1,44 @@
1
+ {
2
+ "$schema": "../scripts/release-notes-schema.json",
3
+ "version": "0.16.0",
4
+ "date": "2026-07-03",
5
+ "headline": "Raises the minimum Node.js engine to 24.18.0; the status-list verifier now binds the token type against a typ-confusion replay; and CI supply-chain pinning is consolidated behind committed dev/example lockfiles, `npm ci`, and a single aggregating pin tool that closes the OpenSSF Scorecard pinned-dependency gaps",
6
+ "summary": "This minor raises the supported Node.js floor from 24.16.0 to 24.18.0 — operators must run Node 24.18.0 or newer (24.17.0 was a security release; 24.18.0 bundles SQLite 3.53.1 and a backup-path fix, and guarantees the native OpenSSL 3.5 SLH-DSA surface). b.auth.statusList.fromJwt now enforces RFC 8725 §3.11 by binding the JWS header typ to the \"statuslist+jwt\" that toJwt stamps, so a token minted for another purpose can't be replayed as a status list. The build's supply-chain pinning is reworked so OpenSSF Scorecard sees pinned installs everywhere it can: the dev-tool, example, and fuzz manifests now ship committed lockfiles and CI installs them with `npm ci` (Scorecard keys pinning on the `ci` verb, not on an `@version` specifier), the vendored fuzz toolchain and the oss-fuzz base image are pinned, and a new scripts/pin-all.js aggregates every pin — regenerating all lockfiles, pinning the GitHub Action SHAs, and syncing the Docker base-image digests in one `--fix`, with a `--check` gate wired into CI and the release flow so no pin can silently drift. The committed lockfiles are dev/example-only and excluded from the published tarball; the zero-npm-RUNTIME-deps rule is unchanged.",
7
+ "sections": [
8
+ {
9
+ "heading": "Changed",
10
+ "items": [
11
+ {
12
+ "title": "Minimum Node.js engine raised to 24.18.0",
13
+ "body": "engines.node is now >=24.18.0 (was >=24.16.0). Operators must run Node 24.18.0 or newer. 24.17.0 was a security release and 24.18.0 bundles SQLite 3.53.1 plus a backup-keepalive fix; the floor also guarantees the native OpenSSL 3.5 SLH-DSA sign/verify surface. CI, the release container, and the docs are updated to the new floor."
14
+ },
15
+ {
16
+ "title": "Supply-chain pinning consolidated behind committed lockfiles + `npm ci` + one aggregating pin tool",
17
+ "body": "The root dev-tool (esbuild, postject), examples/wiki, and fuzz (jazzer.js) manifests now ship committed package-lock.json files, and CI installs them with `npm ci` instead of `npm install pkg@version` — OpenSSF Scorecard's Pinned-Dependencies check treats only the `npm ci` verb as pinned, so this is what actually clears those alerts (an exact `@version` specifier does not). The vendored fuzz toolchain is pinned to an exact jazzer version and the oss-fuzz base image is digest-pinned (mirroring the Dependabot-tracked .clusterfuzzlite digest). A new scripts/pin-all.js aggregates every pinning segment — it regenerates all committed lockfiles, pins the GitHub Action SHAs (via check-actions-currency), and syncs the Docker base-image digests in one `--fix`; a `--check` mode runs in CI and scripts/release.js so a stale lockfile or drifted digest fails closed. The committed lockfiles are dev/example-only, excluded from the published tarball's files allowlist; the zero-npm-RUNTIME-deps rule is unchanged."
18
+ }
19
+ ]
20
+ },
21
+ {
22
+ "heading": "Security",
23
+ "items": [
24
+ {
25
+ "title": "Status-list verification binds the token type (RFC 8725 §3.11 typ-confusion)",
26
+ "body": "b.auth.statusList.fromJwt now passes expectedTyp \"statuslist+jwt\" to the JWT verifier, matching the typ that b.auth.statusList.toJwt stamps and every sibling verifier enforces. A token minted for another purpose — even one that happens to carry a status_list.lst claim — is now refused on the type binding before the claim is read, closing the typ-confusion class where such a token could be replayed as a status list."
27
+ }
28
+ ]
29
+ },
30
+ {
31
+ "heading": "Added",
32
+ "items": [
33
+ {
34
+ "title": "scripts/pin-all.js — aggregated supply-chain pin tool",
35
+ "body": "One command re-pins every supply-chain segment: `--fix` regenerates the committed lockfiles (root / examples/wiki / fuzz), pins the GitHub Action SHAs, and syncs the Docker base-image digests; `--check` (wired into CI and the release flow) verifies the lockfile and digest segments — including each lockfile's package version — are in sync and fails closed on drift. Contributor tooling — it does not ship in the tarball."
36
+ },
37
+ {
38
+ "title": "Project-governance and assurance documentation; OpenSSF Best Practices silver badge",
39
+ "body": "Adds a ROADMAP.md (documented direction plus an explicit out-of-scope list), a Developer Certificate of Origin policy in CONTRIBUTING.md (contributions carry a Signed-off-by; releases sign off through the release tooling), and an explicit security assurance case in SECURITY.md (a top security claim decomposed into evidence-backed sub-claims, with a residual-risk statement). The project earned the OpenSSF Best Practices silver badge, linked from the README."
40
+ }
41
+ ]
42
+ }
43
+ ]
44
+ }
@@ -0,0 +1,36 @@
1
+ {
2
+ "$schema": "../scripts/release-notes-schema.json",
3
+ "version": "0.16.1",
4
+ "date": "2026-07-03",
5
+ "headline": "Every source file now carries an SPDX license + copyright header; the wiki example emits its full HSTS when it runs behind a TLS-terminating reverse proxy; and a good-first-issue on-ramp lands for new contributors",
6
+ "summary": "This patch stamps a per-file `SPDX-License-Identifier: Apache-2.0` and a copyright line onto every first-party source file, so the license of any single file is unambiguous when it is read, audited, or vendored in isolation. The project stays Apache-2.0 — this is a clarity change, not a license change, and vendored third-party files under lib/vendor/ keep their own upstream headers. The wiki example now passes its trusted-proxy CIDRs to the securityHeaders middleware: a deployment behind a TLS-terminating reverse proxy (Caddy or nginx) that forwards `X-Forwarded-Proto: https` now emits the framework's strong HSTS (two-year max-age, includeSubDomains, preload) instead of suppressing it on the plain-HTTP hop from the proxy — the wiki e2e asserts both the proxied-https and the direct-http cases. CONTRIBUTING gains a good-first-issue on-ramp so new contributors have a clear, small first step.",
7
+ "sections": [
8
+ {
9
+ "heading": "Security",
10
+ "items": [
11
+ {
12
+ "title": "Wiki example emits its full HSTS behind a TLS-terminating reverse proxy",
13
+ "body": "The wiki example app now hands its trusted-proxy CIDRs to `securityHeaders`, so behind Caddy or nginx forwarding `X-Forwarded-Proto: https` it emits `Strict-Transport-Security: max-age=63072000; includeSubDomains; preload` rather than dropping HSTS on the internal HTTP hop from the proxy. Operators modelling their own app on the example inherit the fix by declaring their proxy CIDRs via `WIKI_ADMIN_TRUSTED_PROXIES` (the production compose already defaults to the private ranges). The framework's `securityHeaders` primitive is unchanged; this closes a wiring gap in the example."
14
+ }
15
+ ]
16
+ },
17
+ {
18
+ "heading": "Added",
19
+ "items": [
20
+ {
21
+ "title": "Per-file SPDX license and copyright headers",
22
+ "body": "Every first-party source file now begins with `// SPDX-License-Identifier: Apache-2.0` and a copyright line, so the license and holder of any individual file are explicit when it is read or extracted on its own. No license change — the project remains Apache-2.0. Vendored files under `lib/vendor/` are untouched and retain their upstream license headers."
23
+ }
24
+ ]
25
+ },
26
+ {
27
+ "heading": "Changed",
28
+ "items": [
29
+ {
30
+ "title": "Good-first-issue on-ramp for new contributors",
31
+ "body": "CONTRIBUTING now points new contributors at issues labelled `good first issue` — small, self-contained tasks (a doc or wiki-example fix, a test for an uncovered branch) that are the easiest first step into the codebase."
32
+ }
33
+ ]
34
+ }
35
+ ]
36
+ }
@@ -0,0 +1,71 @@
1
+ {
2
+ "$schema": "../scripts/release-notes-schema.json",
3
+ "version": "0.16.2",
4
+ "date": "2026-07-03",
5
+ "headline": "Security hardening across the mail, OAuth/SAML, ACME, keychain and router primitives — six fail-open / injection / bypass fixes and seven correctness fixes — alongside a large expansion of the automated test suite",
6
+ "summary": "This patch closes a batch of security and correctness defects surfaced while substantially expanding the test suite across the framework's mail-authentication, federated-identity, ACME, keychain, backup, CLI and router primitives. The security fixes: SPF evaluation no longer throws (and thus can no longer be laundered into a temperror that a permissive inbound policy accepts) on a malformed `ip4:` CIDR mask; the Authentication-Results builder now refuses CR/LF/NUL in the `version` field, closing the last header-injection gap left by the earlier mail-header sweep; `res.redirect` now rejects a horizontal TAB (which user agents strip before URL parsing, turning `/\\t/evil.example` into a protocol-relative redirect to an attacker origin); the OAuth refresh-token one-time-use replay gate now treats any truthy `seen()` result as seen (a Redis `1` / SQL `COUNT` no longer slips a stolen refresh token past a `=== true` compare) — with the same normalization applied to its sibling replay checks; SAML Single-Logout over HTTP-POST/SOAP now fails closed (throws) when a verification key is supplied without its algorithm, matching the redirect binding instead of silently skipping signature verification; and the OAuth authorization-URL / PAR builders now refuse operator `extraParams` that collide with framework-managed parameters (`redirect_uri`, `state`, `code_challenge`, …). The correctness fixes: concurrent keychain file-store writes are serialized under the existing file lock (no more lost bindings); TLS-RPT submission reads the real `statusCode` (successful reports are no longer misreported as failures); ACME account key-rollover stops double-encoding its inner JWS payload (rollover was always rejected by the CA); the response-schema validator now also validates JSON bodies sent via `res.end`; keychain `remove` validates a relative fallback path like `store`/`retrieve`; `bundleAdapterStorage` honors the ambient compliance posture like `create`; and a refused `dev --ignore` pattern now returns exit code 2 instead of rejecting the CLI promise.",
7
+ "sections": [
8
+ {
9
+ "heading": "Security",
10
+ "items": [
11
+ {
12
+ "title": "SPF `ip4:` with a malformed CIDR mask fails closed instead of throwing (fail-open)",
13
+ "body": "`_ipv4InCidr` lacked the finite-mask guard its IPv6 sibling has, so an `ip4:` mechanism with a non-numeric prefix (e.g. `ip4:192.0.2.0/`) reached `BigInt(32 - NaN)` and threw an uncaught `RangeError` out of `b.mail.spf.verify` / `b.mail.inbound.verify`. Upstream mail handling catches that throw as a temperror, and an inbound policy configured to accept on temperror would then admit a sender that should have been evaluated. SPF now returns a `permerror` result for a malformed mask, honoring the primitive's documented never-throw-on-message-content contract."
14
+ },
15
+ {
16
+ "title": "Authentication-Results builder refuses CR/LF/NUL in the `version` field (header injection)",
17
+ "body": "`b.mail.authResults.emit` validated the `authserv-id` against control characters but not the operator-supplied `version`, which is interpolated onto the `Authentication-Results:` header line — the last field left unguarded by the earlier mail-header CRLF sweep. A `version` containing CRLF could smuggle an arbitrary header. It is now refused with a typed error, like every other field on that line."
18
+ },
19
+ {
20
+ "title": "`res.redirect` rejects horizontal TAB (open-redirect / same-origin bypass)",
21
+ "body": "The redirect target's control-character guard rejected CR/LF/NUL but not TAB (0x09). Node permits a TAB in a header value, but the WHATWG URL parser strips ASCII TAB/LF/CR from a URL before resolving it, so a `Location: /\\t/evil.example` collapses to the protocol-relative `//evil.example` and navigates to the attacker origin — bypassing the same-origin/allowlist heuristic. TAB is now rejected alongside CR/LF/NUL."
22
+ },
23
+ {
24
+ "title": "OAuth refresh-token replay gate treats any truthy `seen()` result as seen (fail-open)",
25
+ "body": "The legacy `seen(refreshToken)` replay gate compared the callback's return with `=== true`, but the documented contract is that it returns a truthy value when the token was presented before. A store returning a truthy non-`true` value — a Redis `EXISTS`/`SISMEMBER` `1`, a SQL `COUNT` — slipped a replayed (stolen) refresh token past the one-time-use gate. Any truthy result now counts as seen; the same normalization was applied to the sibling replay checks in the module."
26
+ },
27
+ {
28
+ "title": "SAML Single-Logout over HTTP-POST/SOAP fails closed on a key without its algorithm",
29
+ "body": "The POST and SOAP SLO parsers gated signature verification with an OR condition and the verify helper early-returned when the algorithm was absent, so supplying a verification key without `idpVerifyAlg` silently accepted a forged, unsigned LogoutRequest — while the HTTP-Redirect binding failed closed. All four SLO parse paths now route through one config check that throws when a key is supplied without its algorithm."
30
+ },
31
+ {
32
+ "title": "OAuth authorization-URL / PAR builders refuse `extraParams` that collide with managed parameters",
33
+ "body": "`authorizationUrl` and `pushAuthorizationRequest` merged operator `extraParams` with `URLSearchParams.set`, which replaces — so an `extraParams` entry for `redirect_uri`, `state`, or `code_challenge` overwrote the framework-generated value while the call still returned the framework's `state`/PKCE verifier, diverging the returned session seed from the emitted URL. Reserved parameter keys in `extraParams` are now refused with a typed error at both builders."
34
+ }
35
+ ]
36
+ },
37
+ {
38
+ "heading": "Fixed",
39
+ "items": [
40
+ {
41
+ "title": "Concurrent keychain file-store writes no longer drop bindings",
42
+ "body": "`store` and the file-remove path performed an unlocked read-modify-write of the fallback file, so two concurrent stores could each read the pre-update document and the later write would clobber the earlier binding. Both read-modify-write sequences are now serialized under the file's existing lock."
43
+ },
44
+ {
45
+ "title": "TLS-RPT submission reads the response `statusCode`",
46
+ "body": "`tlsRpt.submit` read `status` from the HTTP client response, but the client resolves `statusCode`, so a successful (2xx) report POST was reported as `{ ok: false, error: 'HTTP undefined' }`. It now reads `statusCode`, so delivered reports are distinguished from rejected ones."
47
+ },
48
+ {
49
+ "title": "ACME account key-rollover no longer double-encodes its inner JWS payload",
50
+ "body": "`accountKeyRollover` passed an already-stringified payload to a signer that stringifies internally, so the inner keyChange JWS payload encoded a JSON string instead of the JSON object and every rollover was rejected by the CA (RFC 8555 §7.3.5). The payload is now passed once."
51
+ },
52
+ {
53
+ "title": "Response-schema validator also validates `res.end` JSON bodies",
54
+ "body": "The response validator wrapped only `res.json`, so a handler shipping an invalid body via `res.end(JSON.stringify(...))` escaped validation despite the documented contract. JSON-shaped `res.end` bodies are now validated on the same path."
55
+ },
56
+ {
57
+ "title": "keychain `remove` validates a relative fallback path like `store`/`retrieve`",
58
+ "body": "`remove` checked file existence before validating the fallback path, so a relative path silently no-op'd instead of throwing the config error that `store`/`retrieve` raise. It now validates first, consistent with the other file-fallback paths."
59
+ },
60
+ {
61
+ "title": "`bundleAdapterStorage` honors the ambient compliance posture",
62
+ "body": "`bundleAdapterStorage` only refused an unencrypted strategy when an explicit posture was passed, unlike `create`, which reads the ambient `b.compliance` posture and refuses `encrypt:false` under HIPAA. `bundleAdapterStorage` now falls back to the ambient posture, closing the asymmetry."
63
+ },
64
+ {
65
+ "title": "`dev --ignore` pattern refusal returns exit code 2",
66
+ "body": "A `dev --ignore` pattern that exceeded the length cap or was refused by the regex guard threw out of the CLI promise instead of writing to stderr and returning exit code 2 like every other CLI validation failure. It now returns the standard non-zero exit."
67
+ }
68
+ ]
69
+ }
70
+ ]
71
+ }
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  // Build a CycloneDX 1.6 SBOM covering lib/vendor/* bundles.
3
5
  //
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * GitHub-Actions-currency gate — the sibling of
@@ -14,6 +16,14 @@
14
16
  * node scripts/check-actions-currency.js
15
17
  * node scripts/check-actions-currency.js --json // structured output
16
18
  * node scripts/check-actions-currency.js --warn // exit 0, print only
19
+ * node scripts/check-actions-currency.js --fix // rewrite stale pins
20
+ * // to the latest SHA +
21
+ * // version comment,
22
+ * // then exit 0
23
+ *
24
+ * `--fix` applies the same latest-release SHA the gate already resolves —
25
+ * every `owner/repo[/subpath]@<sha> # vX.Y.Z` reference to a stale action
26
+ * is rewritten in place. Re-run without `--fix` (or let CI) to verify.
17
27
  *
18
28
  * Run in CI: the workflow passes GITHUB_TOKEN in the environment so the
19
29
  * GitHub API gives the authenticated 5000/hour budget instead of the
@@ -34,6 +44,7 @@ var WORKFLOWS_DIR = path.join(__dirname, "..", ".github", "workflows");
34
44
 
35
45
  var WARN_ONLY = process.argv.indexOf("--warn") !== -1;
36
46
  var JSON_OUT = process.argv.indexOf("--json") !== -1;
47
+ var DO_FIX = process.argv.indexOf("--fix") !== -1;
37
48
  var TIMEOUT_MS = 10000;
38
49
 
39
50
  // Per-action overrides. Keyed by "owner/repo".
@@ -79,6 +90,46 @@ async function _resolveSha(ownerRepo, ref) {
79
90
  return c.sha;
80
91
  }
81
92
 
93
+ // Fetch the supply-chain review material for a bump: the commit range
94
+ // between the pinned SHA and the new SHA (what actually changed), plus the
95
+ // release notes for the new tag. A human reviews this before trusting the
96
+ // pin — a compromised release surfaces here as an unexpected commit or an
97
+ // author/change that doesn't match the version bump.
98
+ async function _releaseChangelog(ownerRepo, oldSha, newTag, newSha) {
99
+ var out = {
100
+ compareUrl: "https://github.com/" + ownerRepo + "/compare/" + oldSha + "..." + newSha,
101
+ commits: [], files: [], body: "", compareError: null,
102
+ };
103
+ try {
104
+ var cmp = await _githubGet("/repos/" + ownerRepo + "/compare/" + oldSha + "..." + newSha);
105
+ if (cmp && cmp.html_url) out.compareUrl = cmp.html_url;
106
+ if (cmp && Array.isArray(cmp.commits)) {
107
+ out.commits = cmp.commits.map(function (c) {
108
+ var msg = ((c.commit && c.commit.message) || "").split("\n")[0];
109
+ var who = (c.author && c.author.login) || (c.commit && c.commit.author && c.commit.author.name) || "?";
110
+ return (c.sha || "").slice(0, 10) + " " + who + " " + msg;
111
+ });
112
+ }
113
+ if (cmp && Array.isArray(cmp.files)) {
114
+ // The actual code change per file. GitHub omits `.patch` for files
115
+ // above its diff-size limit (large minified dist bundles) — those are
116
+ // flagged so a reviewer knows to inspect them via the compare URL.
117
+ out.files = cmp.files.map(function (f) {
118
+ return {
119
+ name: f.filename, status: f.status,
120
+ add: f.additions, del: f.deletions,
121
+ patch: typeof f.patch === "string" ? f.patch : null,
122
+ };
123
+ });
124
+ }
125
+ } catch (e) { out.compareError = (e && e.message) || String(e); }
126
+ try {
127
+ var rel = await _githubGet("/repos/" + ownerRepo + "/releases/tags/" + encodeURIComponent(newTag));
128
+ if (rel && typeof rel.body === "string") out.body = rel.body;
129
+ } catch (_e) { /* action ships tags without a GitHub Release body */ }
130
+ return out;
131
+ }
132
+
82
133
  async function _latestVersion(ownerRepo) {
83
134
  // Prefer the published "latest" release tag; fall back to the
84
135
  // highest semver tag for actions that ship tags without GitHub
@@ -144,8 +195,9 @@ function _collectPinnedActions() {
144
195
  if (!m) continue;
145
196
  var ownerRepo = m[1];
146
197
  var subpath = m[2] || "";
198
+ var sha = m[3];
147
199
  var version = m[4];
148
- if (!out[ownerRepo]) out[ownerRepo] = { version: version, refs: [] };
200
+ if (!out[ownerRepo]) out[ownerRepo] = { version: version, sha: sha, refs: [] };
149
201
  out[ownerRepo].refs.push({ file: rel, line: L + 1, subpath: subpath });
150
202
  // If the same repo is pinned at two different versions across
151
203
  // files, record the lowest so a partial bump still flags.
@@ -176,6 +228,7 @@ async function _checkOne(ownerRepo, entry) {
176
228
  return {
177
229
  action: ownerRepo,
178
230
  pinned: entry.version,
231
+ oldSha: entry.sha,
179
232
  latest: info.tag,
180
233
  latestSha: info.sha,
181
234
  status: status,
@@ -232,6 +285,65 @@ async function main() {
232
285
  var stale = results.filter(function (r) { return r.status === "stale"; });
233
286
  var errored = results.filter(function (r) { return r.status === "api-error"; });
234
287
 
288
+ if (DO_FIX) {
289
+ var byFile = {};
290
+ var fixable = stale.filter(function (r) { return r.latestSha && r.latest; });
291
+ for (var fx = 0; fx < fixable.length; fx++) {
292
+ var fr = fixable[fx];
293
+ var tag = /^v/.test(fr.latest) ? fr.latest : "v" + fr.latest;
294
+ // Supply-chain review material — printed BEFORE applying so the change
295
+ // between the pinned SHA and the new SHA (the actual commits + authors)
296
+ // and the release notes can be validated. A compromised release shows
297
+ // up here as an unexpected commit / author / change.
298
+ var cl = await _releaseChangelog(fr.action, fr.oldSha, tag, fr.latestSha);
299
+ process.stdout.write("\n=== " + fr.action + " " + fr.pinned + " -> " + fr.latest + " ===\n");
300
+ process.stdout.write(" old sha: " + fr.oldSha + "\n new sha: " + fr.latestSha + "\n");
301
+ process.stdout.write(" compare: " + cl.compareUrl + "\n");
302
+ if (cl.commits.length) {
303
+ process.stdout.write(" commits between the two SHAs (" + cl.commits.length + ") [sha author subject]:\n");
304
+ for (var ci = 0; ci < cl.commits.length; ci++) process.stdout.write(" " + cl.commits[ci] + "\n");
305
+ } else if (cl.compareError) {
306
+ process.stdout.write(" commits: (compare unavailable: " + cl.compareError + ")\n");
307
+ }
308
+ if (cl.files.length) {
309
+ process.stdout.write(" changed files (" + cl.files.length + "):\n");
310
+ for (var sfi = 0; sfi < cl.files.length; sfi++) {
311
+ var sf = cl.files[sfi];
312
+ process.stdout.write(" [" + sf.status + " +" + sf.add + "/-" + sf.del + "] " + sf.name + "\n");
313
+ }
314
+ process.stdout.write(" code diff (per file, capped at 200 lines):\n");
315
+ for (var dfi = 0; dfi < cl.files.length; dfi++) {
316
+ var df = cl.files[dfi];
317
+ process.stdout.write(" ----- " + df.name + " -----\n");
318
+ if (df.patch === null) {
319
+ process.stdout.write(" (patch omitted by GitHub — file too large / binary; inspect via the compare URL above)\n");
320
+ } else {
321
+ var dl = df.patch.split("\n");
322
+ for (var dk = 0; dk < Math.min(dl.length, 200); dk++) process.stdout.write(" " + dl[dk] + "\n");
323
+ if (dl.length > 200) process.stdout.write(" ... (" + (dl.length - 200) + " more diff line(s) — see compare URL)\n");
324
+ }
325
+ }
326
+ }
327
+ if (cl.body) {
328
+ process.stdout.write(" release notes for " + tag + ":\n");
329
+ var bl = cl.body.split("\n");
330
+ for (var bi = 0; bi < Math.min(bl.length, 40); bi++) process.stdout.write(" " + bl[bi] + "\n");
331
+ if (bl.length > 40) process.stdout.write(" ... (" + (bl.length - 40) + " more line(s))\n");
332
+ }
333
+ var esc = fr.action.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
334
+ var re2 = new RegExp("(" + esc + "(?:/[^@\\s]+)?@)[0-9a-f]{40}(\\s*#\\s*)v?\\d+(?:\\.\\d+){0,2}", "g");
335
+ for (var rj = 0; rj < (fr.refs || []).length; rj++) {
336
+ var abs = path.join(__dirname, "..", fr.refs[rj].file);
337
+ if (!(abs in byFile)) byFile[abs] = fs.readFileSync(abs, "utf8");
338
+ byFile[abs] = byFile[abs].replace(re2, "$1" + fr.latestSha + "$2" + tag);
339
+ }
340
+ }
341
+ Object.keys(byFile).forEach(function (abs) { fs.writeFileSync(abs, byFile[abs]); });
342
+ process.stdout.write("\n[actions-currency] --fix: rewrote " + fixable.length + " stale action(s) across " +
343
+ Object.keys(byFile).length + " workflow file(s). REVIEW the changelogs above for supply-chain integrity before committing; re-run without --fix to verify.\n");
344
+ process.exit(0);
345
+ }
346
+
235
347
  if (WARN_ONLY) {
236
348
  if (stale.length || errored.length) {
237
349
  process.stdout.write("[actions-currency] --warn: " + stale.length + " stale, " +
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * scripts/check-api-snapshot.js
@@ -1,4 +1,6 @@
1
1
  #!/usr/bin/env node
2
+ // SPDX-License-Identifier: Apache-2.0
3
+ // Copyright (c) blamejs contributors
2
4
  "use strict";
3
5
  /**
4
6
  * Pre-push static gate — exercise the awk-extract that
@@ -1,4 +1,6 @@
1
1
  #!/usr/bin/env node
2
+ // SPDX-License-Identifier: Apache-2.0
3
+ // Copyright (c) blamejs contributors
2
4
  "use strict";
3
5
 
4
6
  // Enforces that the SEA-build tool versions installed across the build artifacts
@@ -27,18 +29,15 @@ var ROOT = path.resolve(__dirname, "..");
27
29
  var PIN_PATH = path.join(__dirname, "esbuild-binary-pin.json");
28
30
  var HEX64_RE = /^[0-9a-f]{64}$/;
29
31
 
30
- // Workflows whose SEA-build step installs the pinned tool versions. Each MUST
31
- // carry an exact `<tool>@<version>` spec for every required tool: an install
32
- // line that drops the version (e.g. `npm install esbuild postject`) would let CI
32
+ // The SEA-build workflows install the pinned tool versions with `npm ci`, so the
33
+ // committed root package-lock.json is the version pin CI resolves against. This
34
+ // check asserts the lockfile pins each required tool at exactly the package.json
35
+ // devDependencies version — a lockfile that drifts (or is absent) would let CI
33
36
  // resolve an unreviewed esbuild and silently fall back to the binary-hash smoke
34
- // gate's skip path, so a missing pinned spec is itself a violation (fail-closed).
35
- // If the SEA build legitimately moves out of one of these, update this list in
36
- // the same change.
37
- var WORKFLOWS = [
38
- ".github/workflows/ci.yml",
39
- ".github/workflows/npm-publish.yml",
40
- ];
41
- var REQUIRED_TOOLS = ["esbuild", "postject"];
37
+ // gate's skip path, so a drift/absence is a violation (fail-closed). Scorecard
38
+ // flags any `npm install pkg@ver` as unpinned (it keys on the `npm ci` verb, not
39
+ // the specifier), which is why the workflows use `npm ci` + this lockfile pin.
40
+ var LOCKFILE = "package-lock.json";
42
41
 
43
42
  // Returns { ok: boolean, violations: [{ file, line, content }] }. Never throws on
44
43
  // expected-missing inputs — a missing file is reported as a violation so the
@@ -82,41 +81,35 @@ function checkEsbuildPin() {
82
81
  }
83
82
  }
84
83
 
85
- // Every scoped workflow installs the exact package.json versions — and MUST
86
- // pin each required tool with a `<tool>@<version>` spec (a missing spec means
87
- // an unpinned, unreviewed install slips through).
84
+ // The committed root lockfile pins the exact package.json versions that
85
+ // `npm ci` installs in the SEA-build workflows assert it agrees.
88
86
  var expectedFor = { esbuild: esbuildVer, postject: postjectVer };
89
- WORKFLOWS.forEach(function (rel) {
90
- var src;
91
- try { src = fs.readFileSync(path.join(ROOT, rel), "utf8"); }
92
- catch (e) { push(rel, "unreadable: " + (e && e.message)); return; }
93
- REQUIRED_TOOLS.forEach(function (tool) {
94
- var expected = expectedFor[tool];
95
- if (!expected) return; // already reported as a missing package.json devDep above
96
- checkSpec(bad, rel, src, tool, expected);
97
- });
98
- });
87
+ checkLockfile(bad, expectedFor);
99
88
 
100
89
  return { ok: bad.length === 0, violations: bad };
101
90
  }
102
91
 
103
- function checkSpec(bad, rel, src, tool, expected) {
104
- var re = new RegExp(tool + "@([0-9][\\w.-]*)", "g");
105
- var m;
106
- var found = [];
107
- while ((m = re.exec(src)) !== null) { found.push(m[1]); }
108
- if (found.length === 0) {
109
- bad.push({ file: rel, line: 0,
110
- content: rel + " has no pinned " + tool + "@<version> spec — the SEA-build install must pin " +
111
- tool + "@" + expected + " (an unpinned install resolves an unreviewed version and the " +
112
- "binary-hash smoke gate falls back to its skip path)" });
92
+ function checkLockfile(bad, expectedFor) {
93
+ var lock;
94
+ try { lock = JSON.parse(fs.readFileSync(path.join(ROOT, LOCKFILE), "utf8")); }
95
+ catch (e) {
96
+ bad.push({ file: LOCKFILE, line: 0,
97
+ content: LOCKFILE + " unreadable (" + (e && e.message) + ") — commit the root lockfile so `npm ci` " +
98
+ "pins the reviewed SEA-build tool versions; without it Scorecard flags the install and the " +
99
+ "binary-hash smoke gate falls back to its skip path" });
113
100
  return;
114
101
  }
115
- found.forEach(function (ver) {
116
- if (ver !== expected) {
117
- bad.push({ file: rel, line: 0,
118
- content: rel + " installs " + tool + "@" + ver + " but package.json devDependencies pins " +
119
- tool + "@" + expected + " — bump the pin (and re-review the esbuild binary hash) or fix the workflow" });
102
+ var pkgs = lock.packages || {};
103
+ Object.keys(expectedFor).forEach(function (tool) {
104
+ var expected = expectedFor[tool];
105
+ if (!expected) return; // already reported as a missing package.json devDep above
106
+ var node = pkgs["node_modules/" + tool];
107
+ var got = node && node.version;
108
+ if (got !== expected) {
109
+ bad.push({ file: LOCKFILE, line: 0,
110
+ content: LOCKFILE + " pins " + tool + "@" + (got || "<absent>") + " but package.json devDependencies pins " +
111
+ tool + "@" + expected + " — regenerate the lockfile (`npm install --package-lock-only`) and re-review " +
112
+ "the esbuild binary hash so `npm ci` installs the reviewed version" });
120
113
  }
121
114
  });
122
115
  }
@@ -130,5 +123,5 @@ if (require.main === module) {
130
123
  process.exit(1);
131
124
  }
132
125
  console.log("[check-esbuild-pin] OK — esbuild/postject pinned consistently across package.json + " +
133
- WORKFLOWS.length + " workflow(s); reviewed per-platform hashes present.");
126
+ LOCKFILE + " (npm ci); reviewed per-platform hashes present.");
134
127
  }
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  // prepack guard — fail the publish if any packed path is gitignored
3
5
  // (repo + global). `--ignore-scripts` on the inner pack call avoids
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * scripts/check-services.js
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Vendor-currency gate.
@@ -1,4 +1,6 @@
1
1
  #!/usr/bin/env node
2
+ // SPDX-License-Identifier: Apache-2.0
3
+ // Copyright (c) blamejs contributors
2
4
  "use strict";
3
5
  /**
4
6
  * Roll up per-patch `release-notes/v<X>.<Y>.<Z>.json` files for any
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  // scripts/gen-migrating.js — generate MIGRATING.md from deprecate() calls
3
5
  // across lib/. Walks the tree, finds every `deprecate.warn|wrap|alias`
@@ -1,4 +1,6 @@
1
1
  #!/usr/bin/env node
2
+ // SPDX-License-Identifier: Apache-2.0
3
+ // Copyright (c) blamejs contributors
2
4
  "use strict";
3
5
  /**
4
6
  * Generate the CHANGELOG.md section for a release from a structured
@@ -1,4 +1,6 @@
1
1
  #!/usr/bin/env node
2
+ // SPDX-License-Identifier: Apache-2.0
3
+ // Copyright (c) blamejs contributors
2
4
  "use strict";
3
5
  /**
4
6
  * One-time setup: generate the ML-DSA-65 release-signing keypair
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  // Emit a NIST SP 800-218 (SSDF) / OMB M-22-18 producer self-attestation
3
5
  // as a machine-readable JSON artifact, attached to each GitHub release.