@blamejs/core 0.14.1 → 0.14.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (275) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/_test/crypto-fixtures.js +3 -3
  3. package/lib/a2a-tasks.js +18 -18
  4. package/lib/a2a.js +4 -4
  5. package/lib/acme.js +3 -3
  6. package/lib/agent-idempotency.js +1 -1
  7. package/lib/agent-orchestrator.js +8 -8
  8. package/lib/agent-posture-chain.js +2 -2
  9. package/lib/agent-saga.js +1 -1
  10. package/lib/agent-snapshot.js +1 -1
  11. package/lib/agent-stream.js +1 -1
  12. package/lib/agent-tenant.js +1 -1
  13. package/lib/agent-trace.js +3 -3
  14. package/lib/ai-capability.js +1 -1
  15. package/lib/ai-dp.js +4 -4
  16. package/lib/ai-input.js +3 -3
  17. package/lib/ai-model-manifest.js +7 -7
  18. package/lib/ai-pref.js +3 -3
  19. package/lib/archive-gz.js +2 -2
  20. package/lib/archive-read.js +25 -25
  21. package/lib/archive-tar-read.js +2 -2
  22. package/lib/archive-tar.js +20 -20
  23. package/lib/archive-wrap.js +10 -10
  24. package/lib/argon2-builtin.js +1 -1
  25. package/lib/asn1-der.js +34 -34
  26. package/lib/atomic-file.js +2 -2
  27. package/lib/audit-daily-review.js +3 -3
  28. package/lib/audit-sign.js +5 -5
  29. package/lib/audit-tools.js +1 -1
  30. package/lib/audit.js +2 -2
  31. package/lib/auth/acr-vocabulary.js +2 -2
  32. package/lib/auth/bot-challenge.js +3 -3
  33. package/lib/auth/ciba.js +7 -7
  34. package/lib/auth/dpop.js +3 -3
  35. package/lib/auth/fido-mds3.js +8 -8
  36. package/lib/auth/jwt-external.js +5 -5
  37. package/lib/auth/oauth.js +2 -2
  38. package/lib/auth/oid4vci.js +9 -9
  39. package/lib/auth/oid4vp.js +2 -2
  40. package/lib/auth/openid-federation.js +2 -2
  41. package/lib/auth/passkey.js +3 -3
  42. package/lib/auth/saml.js +23 -23
  43. package/lib/auth/sd-jwt-vc-disclosure.js +1 -1
  44. package/lib/auth/sd-jwt-vc.js +4 -4
  45. package/lib/auth/status-list.js +10 -10
  46. package/lib/auth/step-up.js +1 -1
  47. package/lib/auth-bot-challenge.js +1 -1
  48. package/lib/backup/index.js +7 -7
  49. package/lib/base32.js +8 -8
  50. package/lib/budr.js +2 -2
  51. package/lib/cache-status.js +2 -2
  52. package/lib/calendar.js +23 -23
  53. package/lib/cbor.js +12 -12
  54. package/lib/cdn-cache-control.js +1 -1
  55. package/lib/cert.js +5 -5
  56. package/lib/cloud-events.js +5 -5
  57. package/lib/cms-codec.js +21 -21
  58. package/lib/codepoint-class.js +12 -12
  59. package/lib/compliance-sanctions-fuzzy.js +4 -4
  60. package/lib/compliance-sanctions.js +4 -4
  61. package/lib/compliance.js +29 -29
  62. package/lib/content-credentials.js +36 -36
  63. package/lib/cookies.js +1 -1
  64. package/lib/cose.js +13 -13
  65. package/lib/cra-report.js +1 -1
  66. package/lib/crdt.js +1 -1
  67. package/lib/crypto-field.js +2 -2
  68. package/lib/crypto-xwing.js +7 -7
  69. package/lib/crypto.js +6 -6
  70. package/lib/csp.js +2 -2
  71. package/lib/cwt.js +4 -4
  72. package/lib/dark-patterns.js +2 -2
  73. package/lib/data-act.js +2 -2
  74. package/lib/db-file-lifecycle.js +4 -4
  75. package/lib/db-query.js +1 -1
  76. package/lib/db.js +6 -6
  77. package/lib/dbsc.js +13 -13
  78. package/lib/did.js +17 -17
  79. package/lib/dora.js +4 -4
  80. package/lib/dsr.js +1 -1
  81. package/lib/early-hints.js +2 -2
  82. package/lib/eat.js +4 -4
  83. package/lib/external-db-migrate.js +1 -1
  84. package/lib/external-db.js +1 -1
  85. package/lib/flag-cache.js +1 -1
  86. package/lib/flag-evaluation-context.js +2 -2
  87. package/lib/graphql-federation.js +5 -5
  88. package/lib/guard-agent-registry.js +5 -5
  89. package/lib/guard-archive.js +24 -24
  90. package/lib/guard-cidr.js +33 -33
  91. package/lib/guard-csv.js +1 -1
  92. package/lib/guard-domain.js +10 -10
  93. package/lib/guard-dsn.js +4 -4
  94. package/lib/guard-email.js +19 -19
  95. package/lib/guard-event-bus-payload.js +4 -4
  96. package/lib/guard-event-bus-topic.js +6 -6
  97. package/lib/guard-filename.js +7 -7
  98. package/lib/guard-graphql.js +9 -9
  99. package/lib/guard-html-wcag-tagwalk.js +1 -1
  100. package/lib/guard-html-wcag.js +4 -4
  101. package/lib/guard-html.js +7 -7
  102. package/lib/guard-idempotency-key.js +6 -6
  103. package/lib/guard-image.js +4 -4
  104. package/lib/guard-imap-command.js +17 -17
  105. package/lib/guard-jmap.js +20 -20
  106. package/lib/guard-json.js +12 -12
  107. package/lib/guard-jsonpath.js +3 -3
  108. package/lib/guard-jwt.js +4 -4
  109. package/lib/guard-list-id.js +7 -7
  110. package/lib/guard-list-unsubscribe.js +8 -8
  111. package/lib/guard-mail-compose.js +4 -4
  112. package/lib/guard-mail-move.js +5 -5
  113. package/lib/guard-mail-query.js +3 -3
  114. package/lib/guard-mail-reply.js +3 -3
  115. package/lib/guard-mail-sieve.js +6 -6
  116. package/lib/guard-managesieve-command.js +25 -25
  117. package/lib/guard-markdown.js +31 -31
  118. package/lib/guard-message-id.js +5 -5
  119. package/lib/guard-mime.js +1 -1
  120. package/lib/guard-oauth.js +3 -3
  121. package/lib/guard-pdf.js +6 -6
  122. package/lib/guard-pop3-command.js +11 -11
  123. package/lib/guard-posture-chain.js +5 -5
  124. package/lib/guard-regex.js +10 -10
  125. package/lib/guard-saga-config.js +5 -5
  126. package/lib/guard-smtp-command.js +6 -6
  127. package/lib/guard-snapshot-envelope.js +3 -3
  128. package/lib/guard-stream-args.js +4 -4
  129. package/lib/guard-svg.js +11 -11
  130. package/lib/guard-tenant-id.js +5 -5
  131. package/lib/guard-time.js +15 -15
  132. package/lib/guard-trace-context.js +4 -4
  133. package/lib/guard-uuid.js +11 -11
  134. package/lib/guard-xml.js +12 -12
  135. package/lib/guard-yaml.js +16 -16
  136. package/lib/honeytoken.js +5 -5
  137. package/lib/http-client.js +1 -1
  138. package/lib/http-message-signature.js +2 -2
  139. package/lib/iab-mspa.js +3 -3
  140. package/lib/iab-tcf.js +70 -70
  141. package/lib/inbox.js +4 -4
  142. package/lib/ip-utils.js +15 -15
  143. package/lib/jose-jwe-experimental.js +2 -2
  144. package/lib/json-path.js +3 -3
  145. package/lib/json-schema.js +1 -1
  146. package/lib/jsonapi.js +3 -3
  147. package/lib/jtd.js +2 -2
  148. package/lib/link-header.js +1 -1
  149. package/lib/local-db-thin.js +1 -1
  150. package/lib/log.js +1 -1
  151. package/lib/lro.js +4 -4
  152. package/lib/mail-agent.js +1 -1
  153. package/lib/mail-arc-sign.js +6 -6
  154. package/lib/mail-auth.js +43 -43
  155. package/lib/mail-bimi.js +3 -3
  156. package/lib/mail-crypto-pgp.js +31 -31
  157. package/lib/mail-crypto-smime.js +5 -5
  158. package/lib/mail-dav.js +1 -1
  159. package/lib/mail-deploy.js +39 -39
  160. package/lib/mail-dkim.js +11 -11
  161. package/lib/mail-greylist.js +12 -12
  162. package/lib/mail-helo.js +1 -1
  163. package/lib/mail-journal.js +8 -8
  164. package/lib/mail-rbl.js +7 -7
  165. package/lib/mail-scan.js +7 -7
  166. package/lib/mail-send-deliver.js +2 -2
  167. package/lib/mail-server-imap.js +12 -12
  168. package/lib/mail-server-jmap.js +16 -16
  169. package/lib/mail-server-managesieve.js +4 -4
  170. package/lib/mail-server-mx.js +17 -17
  171. package/lib/mail-server-pop3.js +4 -4
  172. package/lib/mail-server-rate-limit.js +2 -2
  173. package/lib/mail-server-submission.js +21 -21
  174. package/lib/mail-sieve.js +2 -2
  175. package/lib/mail-spam-score.js +5 -5
  176. package/lib/mail-srs.js +12 -12
  177. package/lib/mail-store-fts.js +2 -2
  178. package/lib/mail-store.js +8 -8
  179. package/lib/mail-unsubscribe.js +4 -4
  180. package/lib/mail.js +4 -4
  181. package/lib/mcp-tool-registry.js +4 -4
  182. package/lib/mcp.js +9 -9
  183. package/lib/mdoc.js +2 -2
  184. package/lib/metrics.js +8 -8
  185. package/lib/middleware/age-gate.js +1 -1
  186. package/lib/middleware/api-encrypt.js +7 -7
  187. package/lib/middleware/assetlinks.js +2 -2
  188. package/lib/middleware/asyncapi-serve.js +2 -2
  189. package/lib/middleware/bearer-auth.js +5 -5
  190. package/lib/middleware/body-parser.js +5 -5
  191. package/lib/middleware/compose-pipeline.js +15 -15
  192. package/lib/middleware/csp-report.js +4 -4
  193. package/lib/middleware/daily-byte-quota.js +1 -1
  194. package/lib/middleware/dpop.js +1 -1
  195. package/lib/middleware/headers.js +2 -2
  196. package/lib/middleware/host-allowlist.js +1 -1
  197. package/lib/middleware/idempotency-key.js +12 -12
  198. package/lib/middleware/nel.js +1 -1
  199. package/lib/middleware/openapi-serve.js +2 -2
  200. package/lib/middleware/protected-resource-metadata.js +2 -2
  201. package/lib/middleware/require-aal.js +1 -1
  202. package/lib/middleware/require-bound-key.js +2 -2
  203. package/lib/middleware/require-content-type.js +1 -1
  204. package/lib/middleware/require-methods.js +1 -1
  205. package/lib/middleware/require-step-up.js +2 -2
  206. package/lib/middleware/scim-server.js +1 -1
  207. package/lib/middleware/security-txt.js +3 -3
  208. package/lib/middleware/tus-upload.js +12 -12
  209. package/lib/middleware/web-app-manifest.js +2 -2
  210. package/lib/network-byte-quota.js +1 -1
  211. package/lib/network-dns-resolver.js +23 -23
  212. package/lib/network-dns.js +29 -29
  213. package/lib/network-dnssec.js +33 -33
  214. package/lib/network-smtp-policy.js +10 -10
  215. package/lib/network-tls.js +87 -87
  216. package/lib/network-tsig.js +33 -33
  217. package/lib/nis2-report.js +1 -1
  218. package/lib/ntp-check.js +3 -3
  219. package/lib/observability-otlp-exporter.js +17 -17
  220. package/lib/observability-tracer.js +6 -6
  221. package/lib/observability.js +8 -8
  222. package/lib/openapi-yaml.js +1 -1
  223. package/lib/openapi.js +1 -1
  224. package/lib/outbox.js +6 -6
  225. package/lib/pqc-agent.js +4 -4
  226. package/lib/pqc-software.js +1 -1
  227. package/lib/privacy-pass.js +5 -5
  228. package/lib/problem-details.js +5 -5
  229. package/lib/promise-pool.js +1 -1
  230. package/lib/protobuf-encoder.js +1 -1
  231. package/lib/redact.js +2 -2
  232. package/lib/request-helpers.js +1 -1
  233. package/lib/router.js +10 -10
  234. package/lib/safe-async.js +2 -2
  235. package/lib/safe-dns.js +71 -71
  236. package/lib/safe-ical.js +19 -19
  237. package/lib/safe-icap.js +24 -24
  238. package/lib/safe-jsonpath.js +2 -2
  239. package/lib/safe-mime.js +10 -10
  240. package/lib/safe-mount-info.js +3 -3
  241. package/lib/safe-redirect.js +1 -1
  242. package/lib/safe-sieve.js +23 -23
  243. package/lib/safe-smtp.js +1 -1
  244. package/lib/safe-vcard.js +14 -14
  245. package/lib/sandbox.js +5 -5
  246. package/lib/sec-cyber.js +1 -1
  247. package/lib/self-update-standalone-verifier.js +3 -3
  248. package/lib/self-update.js +3 -3
  249. package/lib/server-timing.js +3 -3
  250. package/lib/session-device-binding.js +7 -7
  251. package/lib/session.js +8 -8
  252. package/lib/standard-webhooks.js +4 -4
  253. package/lib/storage.js +2 -2
  254. package/lib/stream-throttle.js +1 -1
  255. package/lib/structured-fields.js +15 -15
  256. package/lib/subject.js +1 -1
  257. package/lib/tcpa-10dlc.js +1 -1
  258. package/lib/tenant-quota.js +3 -3
  259. package/lib/test-harness.js +1 -1
  260. package/lib/tracing.js +1 -1
  261. package/lib/tsa.js +5 -5
  262. package/lib/uri-template.js +5 -5
  263. package/lib/vault/index.js +2 -2
  264. package/lib/vault/seal-pem-file.js +4 -4
  265. package/lib/vc.js +2 -2
  266. package/lib/vendor-data.js +1 -1
  267. package/lib/watcher.js +4 -4
  268. package/lib/web-push-vapid.js +21 -21
  269. package/lib/webhook.js +2 -2
  270. package/lib/websocket.js +3 -3
  271. package/lib/worker-pool.js +3 -3
  272. package/lib/ws-client.js +24 -24
  273. package/lib/xml-c14n.js +2 -2
  274. package/package.json +1 -1
  275. package/sbom.cdx.json +6 -6
package/lib/iab-tcf.js CHANGED
@@ -100,14 +100,14 @@ var { defineClass } = require("./framework-error");
100
100
  var IabTcfError = defineClass("IabTcfError", { alwaysPermanent: true });
101
101
 
102
102
  // TCF v2.3 spec values.
103
- var TCF_V23_CORE_VERSION = 4; // allow:raw-byte-literal — TCF spec version, not bytes
104
- var TCF_V23_POLICY_VERSION = 4; // allow:raw-byte-literal — TCF policy version, not bytes
103
+ var TCF_V23_CORE_VERSION = 4; // TCF spec version, not bytes
104
+ var TCF_V23_POLICY_VERSION = 4; // TCF policy version, not bytes
105
105
  // SEGMENT_TYPE_CORE = 0 documented but not declared as a const — the
106
106
  // core segment is identified positionally (segment[0]) not by the
107
107
  // 3-bit type prefix the secondary segments use.
108
- var SEGMENT_TYPE_DISCLOSED_VENDORS = 1; // allow:raw-byte-literal — TCF segment-type marker, not bytes
109
- var SEGMENT_TYPE_ALLOWED_VENDORS = 2; // allow:raw-byte-literal — TCF segment-type marker, not bytes
110
- var SEGMENT_TYPE_PUBLISHER_TC = 3; // allow:raw-byte-literal — TCF segment-type marker, not bytes
108
+ var SEGMENT_TYPE_DISCLOSED_VENDORS = 1; // TCF segment-type marker, not bytes
109
+ var SEGMENT_TYPE_ALLOWED_VENDORS = 2; // TCF segment-type marker, not bytes
110
+ var SEGMENT_TYPE_PUBLISHER_TC = 3; // TCF segment-type marker, not bytes
111
111
  var MAX_TC_STRING_BYTES = 64 * 1024; // allow:raw-byte-literal — request-payload cap
112
112
 
113
113
  // base64url decode (no padding) → Buffer.
@@ -124,7 +124,7 @@ function _b64urlDecode(s) {
124
124
  // Bit-level reader over a Buffer.
125
125
  function _bitReader(buf) {
126
126
  var bitOffset = 0;
127
- var totalBits = buf.length * 8; // allow:raw-byte-literal — bits per byte
127
+ var totalBits = buf.length * 8; // bits per byte
128
128
  function read(n) {
129
129
  if (bitOffset + n > totalBits) {
130
130
  throw IabTcfError.factory("iab-tcf/bad-length",
@@ -137,7 +137,7 @@ function _bitReader(buf) {
137
137
  var v = 0;
138
138
  for (var i = 0; i < n; i += 1) {
139
139
  var byteIdx = (bitOffset + i) >> 3;
140
- var bitIdx = 7 - ((bitOffset + i) & 7); // allow:raw-byte-literal — high-bit-first ordering
140
+ var bitIdx = 7 - ((bitOffset + i) & 7); // high-bit-first ordering
141
141
  v = (v * 2) + ((buf[byteIdx] >> bitIdx) & 1);
142
142
  }
143
143
  bitOffset += n;
@@ -159,25 +159,25 @@ function _bitReader(buf) {
159
159
 
160
160
  function _parseCore(buf) {
161
161
  var r = _bitReader(buf);
162
- var version = r.read(6); // allow:raw-byte-literal — TCF spec field width, not bytes
163
- var createdRaw = r.read(36); // allow:raw-byte-literal — TCF spec field width
164
- var lastUpdatedRaw = r.read(36); // allow:raw-byte-literal — TCF spec field width
165
- var cmpId = r.read(12); // allow:raw-byte-literal — TCF spec field width
166
- var cmpVersion = r.read(12); // allow:raw-byte-literal — TCF spec field width
167
- var consentScreen = r.read(6); // allow:raw-byte-literal — TCF spec field width
162
+ var version = r.read(6); // TCF spec field width, not bytes
163
+ var createdRaw = r.read(36); // TCF spec field width
164
+ var lastUpdatedRaw = r.read(36); // TCF spec field width
165
+ var cmpId = r.read(12); // TCF spec field width
166
+ var cmpVersion = r.read(12); // TCF spec field width
167
+ var consentScreen = r.read(6); // TCF spec field width
168
168
  // ConsentLanguage (12 bits = 2 chars × 6 bits, ASCII A-Z mapped 0-25)
169
- var lang0 = r.read(6); // allow:raw-byte-literal — TCF spec field width
170
- var lang1 = r.read(6); // allow:raw-byte-literal — TCF spec field width
171
- var consentLanguage = String.fromCharCode(0x41 + lang0) + String.fromCharCode(0x41 + lang1); // allow:raw-byte-literal — ASCII 'A' offset
172
- var vendorListVersion = r.read(12); // allow:raw-byte-literal — TCF spec field width
173
- var policyVersion = r.read(6); // allow:raw-byte-literal — TCF spec field width
169
+ var lang0 = r.read(6); // TCF spec field width
170
+ var lang1 = r.read(6); // TCF spec field width
171
+ var consentLanguage = String.fromCharCode(0x41 + lang0) + String.fromCharCode(0x41 + lang1); // ASCII 'A' offset
172
+ var vendorListVersion = r.read(12); // TCF spec field width
173
+ var policyVersion = r.read(6); // TCF spec field width
174
174
  var isServiceSpecific = r.read(1) === 1;
175
175
  var useNonStandardStacks = r.read(1) === 1;
176
- var specialFeatureOptins = r.readBitField(12); // allow:raw-byte-literal — TCF spec field width
177
- var purposesConsent = r.readBitField(24); // allow:raw-byte-literal — TCF spec field width
178
- var purposesLI = r.readBitField(24); // allow:raw-byte-literal — TCF spec field width
176
+ var specialFeatureOptins = r.readBitField(12); // TCF spec field width
177
+ var purposesConsent = r.readBitField(24); // TCF spec field width
178
+ var purposesLI = r.readBitField(24); // TCF spec field width
179
179
  var purposeOneTreatment = r.read(1) === 1;
180
- var publisherCC = String.fromCharCode(0x41 + r.read(6)) + String.fromCharCode(0x41 + r.read(6)); // allow:raw-byte-literal — TCF spec field width
180
+ var publisherCC = String.fromCharCode(0x41 + r.read(6)) + String.fromCharCode(0x41 + r.read(6)); // TCF spec field width
181
181
  // MaxVendorIdConsent + ranged fields skipped for compactness — the
182
182
  // framework's defensive parse only extracts the top-level shape +
183
183
  // the vendorConsents/LIs bitmaps when present.
@@ -215,17 +215,17 @@ function _parseCore(buf) {
215
215
  // restrictions", which would let a malformed string validate.
216
216
  function _parsePublisherRestrictions(r) {
217
217
  var out = [];
218
- var num = r.read(12); // allow:raw-byte-literal — TCF spec field width
218
+ var num = r.read(12); // TCF spec field width
219
219
  for (var i = 0; i < num; i += 1) {
220
- var purposeId = r.read(6); // allow:raw-byte-literal — TCF spec field width
220
+ var purposeId = r.read(6); // TCF spec field width
221
221
  var restrictionType = r.read(2);
222
- var numEntries = r.read(12); // allow:raw-byte-literal — TCF spec field width
222
+ var numEntries = r.read(12); // TCF spec field width
223
223
  var vendorIds = [];
224
224
  for (var e = 0; e < numEntries; e += 1) {
225
225
  var isRange = r.read(1) === 1;
226
- var startVendorId = r.read(16); // allow:raw-byte-literal — TCF spec field width
226
+ var startVendorId = r.read(16); // TCF spec field width
227
227
  if (isRange) {
228
- var endVendorId = r.read(16); // allow:raw-byte-literal — TCF spec field width
228
+ var endVendorId = r.read(16); // TCF spec field width
229
229
  for (var v = startVendorId; v <= endVendorId; v += 1) vendorIds.push(v);
230
230
  } else {
231
231
  vendorIds.push(startVendorId);
@@ -240,10 +240,10 @@ function _parsePublisherRestrictions(r) {
240
240
  // then a custom-purpose count and its two bit-fields.
241
241
  function _parsePublisherTC(buf) {
242
242
  var r = _bitReader(buf);
243
- r.read(3); // allow:raw-byte-literal — segment-type prefix
244
- var pubPurposesConsent = r.readBitField(24); // allow:raw-byte-literal — TCF spec field width
245
- var pubPurposesLI = r.readBitField(24); // allow:raw-byte-literal — TCF spec field width
246
- var numCustomPurposes = r.read(6); // allow:raw-byte-literal — TCF spec field width
243
+ r.read(3); // segment-type prefix
244
+ var pubPurposesConsent = r.readBitField(24); // TCF spec field width
245
+ var pubPurposesLI = r.readBitField(24); // TCF spec field width
246
+ var numCustomPurposes = r.read(6); // TCF spec field width
247
247
  var customConsent = r.readBitField(numCustomPurposes);
248
248
  var customLI = r.readBitField(numCustomPurposes);
249
249
  return {
@@ -259,16 +259,16 @@ function _parsePublisherTC(buf) {
259
259
  // Vendor section: MaxVendorId (16 bits) + IsRangeEncoding (1 bit) +
260
260
  // either bitmap (MaxVendorId bits) or RangeEntries.
261
261
  function _parseVendorSection(r) {
262
- var maxVendorId = r.read(16); // allow:raw-byte-literal — TCF spec field width
262
+ var maxVendorId = r.read(16); // TCF spec field width
263
263
  var isRangeEncoding = r.read(1) === 1;
264
264
  var ids = new Set();
265
265
  if (isRangeEncoding) {
266
- var numEntries = r.read(12); // allow:raw-byte-literal — TCF spec field width
266
+ var numEntries = r.read(12); // TCF spec field width
267
267
  for (var i = 0; i < numEntries; i += 1) {
268
268
  var isRange = r.read(1) === 1;
269
- var startVendorId = r.read(16); // allow:raw-byte-literal — TCF spec field width
269
+ var startVendorId = r.read(16); // TCF spec field width
270
270
  if (isRange) {
271
- var endVendorId = r.read(16); // allow:raw-byte-literal — TCF spec field width
271
+ var endVendorId = r.read(16); // TCF spec field width
272
272
  for (var v = startVendorId; v <= endVendorId; v += 1) ids.add(v);
273
273
  } else {
274
274
  ids.add(startVendorId);
@@ -286,7 +286,7 @@ function _parseVendorSection(r) {
286
286
  // SegmentType (3 bits) + MaxVendorId + IsRangeEncoding + section.
287
287
  function _parseSecondaryVendorSegment(buf, expectedType) {
288
288
  var r = _bitReader(buf);
289
- var segType = r.read(3); // allow:raw-byte-literal — TCF spec field width
289
+ var segType = r.read(3); // TCF spec field width
290
290
  if (segType !== expectedType) {
291
291
  throw IabTcfError.factory("iab-tcf/bad-segment-type",
292
292
  "iabTcf: expected segment type " + expectedType + ", got " + segType);
@@ -347,7 +347,7 @@ function parseString(tcString) {
347
347
  continue;
348
348
  }
349
349
  if (segBuf.length === 0) continue;
350
- var segType = (segBuf[0] >> 5) & 0x07; // allow:raw-byte-literal — TCF segment-type lives in top 3 bits
350
+ var segType = (segBuf[0] >> 5) & 0x07; // TCF segment-type lives in top 3 bits
351
351
  try {
352
352
  if (segType === SEGMENT_TYPE_DISCLOSED_VENDORS) {
353
353
  disclosedVendors = { present: true, vendorIds: _parseSecondaryVendorSegment(segBuf, SEGMENT_TYPE_DISCLOSED_VENDORS).ids };
@@ -567,18 +567,18 @@ function _bitWriter() {
567
567
  function writeVendorSection(ids) {
568
568
  var clean = _idArray(ids);
569
569
  var maxVendorId = clean.length ? clean[clean.length - 1] : 0;
570
- writeInt(maxVendorId, 16); // allow:raw-byte-literal — TCF spec field width
570
+ writeInt(maxVendorId, 16); // TCF spec field width
571
571
  if (maxVendorId === 0) { writeBool(false); return; }
572
572
  var runs = _idRuns(clean);
573
- var rangeBits = 1 + 12; // allow:raw-byte-literal — TCF spec field width
574
- runs.forEach(function (run) { rangeBits += 1 + 16 + (run[0] === run[1] ? 0 : 16); }); // allow:raw-byte-literal — TCF spec field width
573
+ var rangeBits = 1 + 12; // TCF spec field width
574
+ runs.forEach(function (run) { rangeBits += 1 + 16 + (run[0] === run[1] ? 0 : 16); }); // TCF spec field width
575
575
  var bitfieldBits = 1 + maxVendorId;
576
576
  if (rangeBits < bitfieldBits) {
577
577
  writeBool(true);
578
- writeInt(runs.length, 12); // allow:raw-byte-literal — TCF spec field width
578
+ writeInt(runs.length, 12); // TCF spec field width
579
579
  runs.forEach(function (run) {
580
- if (run[0] === run[1]) { writeBool(false); writeInt(run[0], 16); } // allow:raw-byte-literal — TCF spec field width
581
- else { writeBool(true); writeInt(run[0], 16); writeInt(run[1], 16); } // allow:raw-byte-literal — TCF spec field width
580
+ if (run[0] === run[1]) { writeBool(false); writeInt(run[0], 16); } // TCF spec field width
581
+ else { writeBool(true); writeInt(run[0], 16); writeInt(run[1], 16); } // TCF spec field width
582
582
  });
583
583
  } else {
584
584
  writeBool(false);
@@ -586,10 +586,10 @@ function _bitWriter() {
586
586
  }
587
587
  }
588
588
  function toBuffer() {
589
- var padded = bits + "0".repeat((8 - (bits.length % 8)) % 8); // allow:raw-byte-literal — pad to whole bytes
590
- var byteLen = padded.length / 8; // allow:raw-byte-literal — bits per byte
589
+ var padded = bits + "0".repeat((8 - (bits.length % 8)) % 8); // pad to whole bytes
590
+ var byteLen = padded.length / 8; // bits per byte
591
591
  var out = Buffer.alloc(byteLen);
592
- for (var i = 0; i < byteLen; i += 1) out[i] = parseInt(padded.slice(i * 8, i * 8 + 8), 2); // allow:raw-byte-literal — bits per byte
592
+ for (var i = 0; i < byteLen; i += 1) out[i] = parseInt(padded.slice(i * 8, i * 8 + 8), 2); // bits per byte
593
593
  return out;
594
594
  }
595
595
  return { writeInt: writeInt, writeBool: writeBool, writeBitField: writeBitField, writeVendorSection: writeVendorSection, toBuffer: toBuffer };
@@ -603,23 +603,23 @@ function _writeLetters(w, s, label) {
603
603
  var str = String(s).toUpperCase();
604
604
  if (str.length !== 2) throw IabTcfError.factory("iab-tcf/bad-value", "iabTcf.encode: " + label + " must be a 2-letter code, got '" + s + "'");
605
605
  for (var i = 0; i < 2; i += 1) {
606
- var v = str.charCodeAt(i) - 0x41; // allow:raw-byte-literal — ASCII 'A' offset
606
+ var v = str.charCodeAt(i) - 0x41; // ASCII 'A' offset
607
607
  if (v < 0 || v > 25) throw IabTcfError.factory("iab-tcf/bad-value", "iabTcf.encode: '" + str.charAt(i) + "' is not an A-Z letter");
608
- w.writeInt(v, 6); // allow:raw-byte-literal — TCF spec field width
608
+ w.writeInt(v, 6); // TCF spec field width
609
609
  }
610
610
  }
611
611
 
612
612
  function _encodePublisherTC(pub) {
613
613
  var w = _bitWriter();
614
- w.writeInt(SEGMENT_TYPE_PUBLISHER_TC, 3); // allow:raw-byte-literal — segment-type prefix
615
- w.writeBitField(pub.pubPurposesConsent || [], 24); // allow:raw-byte-literal — TCF spec field width
616
- w.writeBitField(pub.pubPurposesLITransparency || [], 24); // allow:raw-byte-literal — TCF spec field width
614
+ w.writeInt(SEGMENT_TYPE_PUBLISHER_TC, 3); // segment-type prefix
615
+ w.writeBitField(pub.pubPurposesConsent || [], 24); // TCF spec field width
616
+ w.writeBitField(pub.pubPurposesLITransparency || [], 24); // TCF spec field width
617
617
  var custom = _idArray(pub.customPurposesConsent || []);
618
618
  var customLI = _idArray(pub.customPurposesLITransparency || []);
619
619
  var n = pub.numCustomPurposes != null
620
620
  ? pub.numCustomPurposes
621
621
  : Math.max(custom.length ? custom[custom.length - 1] : 0, customLI.length ? customLI[customLI.length - 1] : 0);
622
- w.writeInt(n, 6); // allow:raw-byte-literal — TCF spec field width
622
+ w.writeInt(n, 6); // TCF spec field width
623
623
  w.writeBitField(custom, n);
624
624
  w.writeBitField(customLI, n);
625
625
  return _b64urlEncode(w.toBuffer());
@@ -654,47 +654,47 @@ function encode(obj) {
654
654
  }
655
655
  var c = obj.core;
656
656
  var w = _bitWriter();
657
- w.writeInt(c.version != null ? c.version : TCF_V23_CORE_VERSION, 6); // allow:raw-byte-literal — TCF spec field width
658
- w.writeInt(_decisec(c.createdAt), 36); // allow:raw-byte-literal — TCF spec field width
659
- w.writeInt(_decisec(c.lastUpdatedAt != null ? c.lastUpdatedAt : c.createdAt), 36); // allow:raw-byte-literal — TCF spec field width
660
- w.writeInt(c.cmpId || 0, 12); // allow:raw-byte-literal — TCF spec field width
661
- w.writeInt(c.cmpVersion || 0, 12); // allow:raw-byte-literal — TCF spec field width
662
- w.writeInt(c.consentScreen || 0, 6); // allow:raw-byte-literal — TCF spec field width
657
+ w.writeInt(c.version != null ? c.version : TCF_V23_CORE_VERSION, 6); // TCF spec field width
658
+ w.writeInt(_decisec(c.createdAt), 36); // TCF spec field width
659
+ w.writeInt(_decisec(c.lastUpdatedAt != null ? c.lastUpdatedAt : c.createdAt), 36); // TCF spec field width
660
+ w.writeInt(c.cmpId || 0, 12); // TCF spec field width
661
+ w.writeInt(c.cmpVersion || 0, 12); // TCF spec field width
662
+ w.writeInt(c.consentScreen || 0, 6); // TCF spec field width
663
663
  _writeLetters(w, c.consentLanguage || "EN", "consentLanguage");
664
- w.writeInt(c.vendorListVersion || 0, 12); // allow:raw-byte-literal — TCF spec field width
665
- w.writeInt(c.policyVersion != null ? c.policyVersion : TCF_V23_POLICY_VERSION, 6); // allow:raw-byte-literal — TCF spec field width
664
+ w.writeInt(c.vendorListVersion || 0, 12); // TCF spec field width
665
+ w.writeInt(c.policyVersion != null ? c.policyVersion : TCF_V23_POLICY_VERSION, 6); // TCF spec field width
666
666
  w.writeBool(c.isServiceSpecific !== false);
667
667
  w.writeBool(c.useNonStandardStacks === true);
668
- w.writeBitField(c.specialFeatureOptins || [], 12); // allow:raw-byte-literal — TCF spec field width
669
- w.writeBitField(c.purposesConsent || [], 24); // allow:raw-byte-literal — TCF spec field width
670
- w.writeBitField(c.purposesLI || [], 24); // allow:raw-byte-literal — TCF spec field width
668
+ w.writeBitField(c.specialFeatureOptins || [], 12); // TCF spec field width
669
+ w.writeBitField(c.purposesConsent || [], 24); // TCF spec field width
670
+ w.writeBitField(c.purposesLI || [], 24); // TCF spec field width
671
671
  w.writeBool(c.purposeOneTreatment === true);
672
672
  _writeLetters(w, c.publisherCC || "AA", "publisherCC");
673
673
  w.writeVendorSection(c.vendorConsents || []);
674
674
  w.writeVendorSection(c.vendorLIs || []);
675
675
  var restrictions = c.publisherRestrictions || [];
676
- w.writeInt(restrictions.length, 12); // allow:raw-byte-literal — TCF spec field width
676
+ w.writeInt(restrictions.length, 12); // TCF spec field width
677
677
  restrictions.forEach(function (pr) {
678
- w.writeInt(pr.purposeId, 6); // allow:raw-byte-literal — TCF spec field width
678
+ w.writeInt(pr.purposeId, 6); // TCF spec field width
679
679
  w.writeInt(typeof pr.restrictionType === "number" ? pr.restrictionType : 0, 2);
680
680
  var runs = _idRuns(_idArray(pr.vendorIds || []));
681
- w.writeInt(runs.length, 12); // allow:raw-byte-literal — TCF spec field width
681
+ w.writeInt(runs.length, 12); // TCF spec field width
682
682
  runs.forEach(function (run) {
683
- if (run[0] === run[1]) { w.writeBool(false); w.writeInt(run[0], 16); } // allow:raw-byte-literal — TCF spec field width
684
- else { w.writeBool(true); w.writeInt(run[0], 16); w.writeInt(run[1], 16); } // allow:raw-byte-literal — TCF spec field width
683
+ if (run[0] === run[1]) { w.writeBool(false); w.writeInt(run[0], 16); } // TCF spec field width
684
+ else { w.writeBool(true); w.writeInt(run[0], 16); w.writeInt(run[1], 16); } // TCF spec field width
685
685
  });
686
686
  });
687
687
  var segs = [_b64urlEncode(w.toBuffer())];
688
688
 
689
689
  if (obj.disclosedVendors != null) {
690
690
  var dw = _bitWriter();
691
- dw.writeInt(SEGMENT_TYPE_DISCLOSED_VENDORS, 3); // allow:raw-byte-literal — segment-type prefix
691
+ dw.writeInt(SEGMENT_TYPE_DISCLOSED_VENDORS, 3); // segment-type prefix
692
692
  dw.writeVendorSection(obj.disclosedVendors);
693
693
  segs.push(_b64urlEncode(dw.toBuffer()));
694
694
  }
695
695
  if (obj.allowedVendors != null) {
696
696
  var aw = _bitWriter();
697
- aw.writeInt(SEGMENT_TYPE_ALLOWED_VENDORS, 3); // allow:raw-byte-literal — segment-type prefix
697
+ aw.writeInt(SEGMENT_TYPE_ALLOWED_VENDORS, 3); // segment-type prefix
698
698
  aw.writeVendorSection(obj.allowedVendors);
699
699
  segs.push(_b64urlEncode(aw.toBuffer()));
700
700
  }
package/lib/inbox.js CHANGED
@@ -151,14 +151,14 @@ function create(opts) {
151
151
  var qTable = safeSql.quoteIdentifier(tableRaw, "sqlite");
152
152
  var qIndex = safeSql.quoteIdentifier(tableRaw + "_received_at_idx", "sqlite");
153
153
  var retentionDays = (typeof opts.retentionDays === "number" && opts.retentionDays > 0) // allow:numeric-opt-Infinity
154
- ? opts.retentionDays : 30; // allow:raw-byte-literal — default retention days
154
+ ? opts.retentionDays : 30; // default retention days
155
155
  var auditOn = opts.audit !== false;
156
156
  var maxPayloadBytes = (typeof opts.maxPayloadBytes === "number" && opts.maxPayloadBytes > 0) // allow:numeric-opt-Infinity
157
157
  ? opts.maxPayloadBytes : C.BYTES.kib(64);
158
158
  var messageIdMaxLen = (typeof opts.messageIdMaxLen === "number" && opts.messageIdMaxLen > 0) // allow:numeric-opt-Infinity
159
- ? opts.messageIdMaxLen : 256; // allow:raw-byte-literal — message-id length cap
159
+ ? opts.messageIdMaxLen : 256; // message-id length cap
160
160
  var sourceMaxLen = (typeof opts.sourceMaxLen === "number" && opts.sourceMaxLen > 0) // allow:numeric-opt-Infinity
161
- ? opts.sourceMaxLen : 256; // allow:raw-byte-literal — source length cap
161
+ ? opts.sourceMaxLen : 256; // source length cap
162
162
 
163
163
  function _emitAudit(action, outcome, metadata) {
164
164
  if (!auditOn) return;
@@ -203,7 +203,7 @@ function create(opts) {
203
203
  function _rejectControlChars(value, label, field) {
204
204
  for (var i = 0; i < value.length; i += 1) {
205
205
  var code = value.charCodeAt(i);
206
- if (code === 0 || (code < 32 && code !== 9) || code === 127) { // allow:raw-byte-literal — ASCII control codepoints (NUL + C0 + DEL); allow tab
206
+ if (code === 0 || (code < 32 && code !== 9) || code === 127) { // ASCII control codepoints (NUL + C0 + DEL); allow tab
207
207
  throw new InboxError("inbox/bad-receive",
208
208
  label + ": " + field + " contains control character at index " + i +
209
209
  " (codepoint " + code + ")");
package/lib/ip-utils.js CHANGED
@@ -29,34 +29,34 @@ function expandIpv6Hex(ip) {
29
29
  var dual = ip.match(/^(.*?):(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/); // allow:regex-no-length-cap — dotted-quad has fixed shape; LHS bounded by IPv6 group cap below
30
30
  if (dual) {
31
31
  var v4 = dual[2].split(".").map(Number);
32
- if (v4.some(function (o) { return !(o >= 0 && o <= 255); })) return null; // allow:raw-byte-literal — IPv4 octet range
33
- var hi = (v4[0] << 8) | v4[1]; // allow:raw-byte-literal — 16-bit group pack
34
- var lo = (v4[2] << 8) | v4[3]; // allow:raw-byte-literal — 16-bit group pack
32
+ if (v4.some(function (o) { return !(o >= 0 && o <= 255); })) return null; // IPv4 octet range
33
+ var hi = (v4[0] << 8) | v4[1]; // 16-bit group pack
34
+ var lo = (v4[2] << 8) | v4[3]; // 16-bit group pack
35
35
  ip = dual[1] + ":" + hi.toString(16) + ":" + lo.toString(16);
36
36
  }
37
37
  var dblColon = ip.split("::");
38
38
  if (dblColon.length > 2) return null;
39
39
  var leftGroups = dblColon[0] === "" ? [] : dblColon[0].split(":");
40
40
  var rightGroups = dblColon.length === 2 ? (dblColon[1] === "" ? [] : dblColon[1].split(":")) : [];
41
- if (dblColon.length === 1 && leftGroups.length !== 8) return null; // allow:raw-byte-literal — RFC 4291 IPv6 group count
42
- var fillCount = 8 - leftGroups.length - rightGroups.length; // allow:raw-byte-literal — RFC 4291 IPv6 group count
41
+ if (dblColon.length === 1 && leftGroups.length !== 8) return null; // RFC 4291 IPv6 group count
42
+ var fillCount = 8 - leftGroups.length - rightGroups.length; // RFC 4291 IPv6 group count
43
43
  if (fillCount < 0) return null;
44
44
  var fill = [];
45
45
  for (var f = 0; f < fillCount; f += 1) fill.push("0");
46
46
  var groups = leftGroups.concat(fill).concat(rightGroups);
47
- if (groups.length !== 8) return null; // allow:raw-byte-literal — RFC 4291 IPv6 group count
47
+ if (groups.length !== 8) return null; // RFC 4291 IPv6 group count
48
48
  var hex = "";
49
- for (var i = 0; i < 8; i += 1) { // allow:raw-byte-literal — RFC 4291 IPv6 group count
49
+ for (var i = 0; i < 8; i += 1) { // RFC 4291 IPv6 group count
50
50
  var g = groups[i];
51
- if (g.length === 0 || g.length > 4) return null; // allow:raw-byte-literal — RFC 4291 IPv6 hex-group max length
51
+ if (g.length === 0 || g.length > 4) return null; // RFC 4291 IPv6 hex-group max length
52
52
  for (var hc = 0; hc < g.length; hc += 1) {
53
53
  var cp = g.charCodeAt(hc);
54
- var isDigit = cp >= 0x30 && cp <= 0x39; // allow:raw-byte-literal — ASCII '0'..'9'
55
- var isLowerHex = cp >= 0x61 && cp <= 0x66; // allow:raw-byte-literal — ASCII 'a'..'f'
56
- var isUpperHex = cp >= 0x41 && cp <= 0x46; // allow:raw-byte-literal — ASCII 'A'..'F'
54
+ var isDigit = cp >= 0x30 && cp <= 0x39; // ASCII '0'..'9'
55
+ var isLowerHex = cp >= 0x61 && cp <= 0x66; // ASCII 'a'..'f'
56
+ var isUpperHex = cp >= 0x41 && cp <= 0x46; // ASCII 'A'..'F'
57
57
  if (!isDigit && !isLowerHex && !isUpperHex) return null;
58
58
  }
59
- hex += g.toLowerCase().padStart(4, "0"); // allow:raw-byte-literal — 4 hex chars per IPv6 group
59
+ hex += g.toLowerCase().padStart(4, "0"); // 4 hex chars per IPv6 group
60
60
  }
61
61
  return hex;
62
62
  }
@@ -72,9 +72,9 @@ function expandIpv6Hex(ip) {
72
72
  function expandIpv6Groups(ip) {
73
73
  var hex = expandIpv6Hex(ip);
74
74
  if (hex === null) return null;
75
- var groups = new Array(8); // allow:raw-byte-literal — RFC 4291 IPv6 group count
76
- for (var i = 0; i < 8; i += 1) { // allow:raw-byte-literal — RFC 4291 IPv6 group count
77
- groups[i] = parseInt(hex.slice(i * 4, i * 4 + 4), 16); // allow:raw-byte-literal — 4 hex chars per IPv6 group
75
+ var groups = new Array(8); // RFC 4291 IPv6 group count
76
+ for (var i = 0; i < 8; i += 1) { // RFC 4291 IPv6 group count
77
+ groups[i] = parseInt(hex.slice(i * 4, i * 4 + 4), 16); // 4 hex chars per IPv6 group
78
78
  }
79
79
  return groups;
80
80
  }
package/lib/jose-jwe-experimental.js CHANGED
@@ -151,7 +151,7 @@ function decrypt(compact, recipientPrivateKeyPem, opts) {
151
151
  "decrypt: recipientPrivateKeyPem must be a non-empty PEM string");
152
152
  }
153
153
  var parts = compact.split(".");
154
- if (parts.length !== 5) { // allow:raw-byte-literal — JWE compact serialization is 5 dot-separated segments (RFC 7516 §3.1)
154
+ if (parts.length !== 5) { // JWE compact serialization is 5 dot-separated segments (RFC 7516 §3.1)
155
155
  throw new JoseJweExperimentalError("jose-jwe-exp/bad-format",
156
156
  "decrypt: JWE compact serialization MUST have 5 segments (RFC 7516 §3.1), got " + parts.length);
157
157
  }
@@ -168,7 +168,7 @@ function decrypt(compact, recipientPrivateKeyPem, opts) {
168
168
  throw new JoseJweExperimentalError("jose-jwe-exp/bad-header",
169
169
  "decrypt: protected header is not valid base64url");
170
170
  }
171
- if (headerBytes.length > 4096) { // allow:raw-byte-literal — JWE header byte cap, not bytes-as-storage
171
+ if (headerBytes.length > 4096) { // JWE header byte cap, not bytes-as-storage
172
172
  throw new JoseJweExperimentalError("jose-jwe-exp/header-too-large",
173
173
  "decrypt: protected header exceeds 4 KiB cap");
174
174
  }
package/lib/json-path.js CHANGED
@@ -34,7 +34,7 @@ var { defineClass } = require("./framework-error");
34
34
 
35
35
  var JsonPathError = defineClass("JsonPathError", { alwaysPermanent: true });
36
36
 
37
- var MAX_DESCEND_NODES = 1000000; // allow:raw-byte-literal — DoS ceiling on nodes visited by a descendant walk
37
+ var MAX_DESCEND_NODES = 1000000; // DoS ceiling on nodes visited by a descendant walk
38
38
 
39
39
  // ---------------------------------------------------------------------------
40
40
  // Parser — recursive descent over the RFC 9535 ABNF.
@@ -179,12 +179,12 @@ _Parser.prototype.parseStringLiteral = function () {
179
179
  else if (e === "u") {
180
180
  var hex = this.s.substr(this.i, 4);
181
181
  if (!/^[0-9a-fA-F]{4}$/.test(hex)) this.err("invalid \\u escape");
182
- var cp = parseInt(hex, 16); this.i += 4; // allow:raw-byte-literal — base-16 radix for \uXXXX
182
+ var cp = parseInt(hex, 16); this.i += 4; // base-16 radix for \uXXXX
183
183
  // Surrogate pair handling.
184
184
  if (cp >= 0xD800 && cp <= 0xDBFF && this.s.substr(this.i, 2) === "\\u") {
185
185
  var hex2 = this.s.substr(this.i + 2, 4);
186
186
  if (/^[0-9a-fA-F]{4}$/.test(hex2)) {
187
- var lo = parseInt(hex2, 16); // allow:raw-byte-literal — base-16 radix for \uXXXX low surrogate
187
+ var lo = parseInt(hex2, 16); // base-16 radix for \uXXXX low surrogate
188
188
  if (lo >= 0xDC00 && lo <= 0xDFFF) { out += String.fromCharCode(cp, lo); this.i += 6; continue; }
189
189
  }
190
190
  this.err("invalid surrogate pair");
package/lib/json-schema.js CHANGED
@@ -54,7 +54,7 @@ var { defineClass } = require("./framework-error");
54
54
  var JsonSchemaError = defineClass("JsonSchemaError", { alwaysPermanent: true });
55
55
 
56
56
  var DIALECT_2020_12 = "https://json-schema.org/draft/2020-12/schema";
57
- var MAX_REF_DEPTH = 10000; // allow:raw-byte-literal — recursion-depth cap (count, not a byte size)
57
+ var MAX_REF_DEPTH = 10000; // recursion-depth cap (count, not a byte size)
58
58
  var DEFAULT_MAX_ERRORS = 100; // error-collection cap
59
59
 
60
60
  function _typeOf(v) {
package/lib/jsonapi.js CHANGED
@@ -210,12 +210,12 @@ function parseQuery(queryString, opts) {
210
210
  return { field: s, asc: asc };
211
211
  });
212
212
  } else if (rawKey.indexOf("fields[") === 0 && rawKey.charAt(rawKey.length - 1) === "]") {
213
- var type = rawKey.slice(7, -1); // allow:raw-byte-literal — `fields[` length
213
+ var type = rawKey.slice(7, -1); // `fields[` length
214
214
  out.fields[type] = rawVal.split(",").map(function (s) { return s.trim(); }).filter(Boolean);
215
215
  } else if (rawKey.indexOf("filter[") === 0 && rawKey.charAt(rawKey.length - 1) === "]") {
216
- out.filter[rawKey.slice(7, -1)] = rawVal; // allow:raw-byte-literal — `filter[` length
216
+ out.filter[rawKey.slice(7, -1)] = rawVal; // `filter[` length
217
217
  } else if (rawKey.indexOf("page[") === 0 && rawKey.charAt(rawKey.length - 1) === "]") {
218
- out.page[rawKey.slice(5, -1)] = rawVal; // allow:raw-byte-literal — `page[` length
218
+ out.page[rawKey.slice(5, -1)] = rawVal; // `page[` length
219
219
  }
220
220
  }
221
221
  return out;
package/lib/jtd.js CHANGED
@@ -40,8 +40,8 @@ var TYPES = {
40
40
  int8: 1, uint8: 1, int16: 1, uint16: 1, int32: 1, uint32: 1,
41
41
  };
42
42
  var INT_RANGES = {
43
- int8: [-128, 127], uint8: [0, 255], int16: [-32768, 32767], // allow:raw-byte-literal — RFC 8927 integer type bounds
44
- uint16: [0, 65535], int32: [-2147483648, 2147483647], uint32: [0, 4294967295], // allow:raw-byte-literal — RFC 8927 integer type bounds
43
+ int8: [-128, 127], uint8: [0, 255], int16: [-32768, 32767], // RFC 8927 integer type bounds
44
+ uint16: [0, 65535], int32: [-2147483648, 2147483647], uint32: [0, 4294967295], // RFC 8927 integer type bounds
45
45
  };
46
46
  var FORM_KEYWORDS = ["ref", "type", "enum", "elements", "properties", "optionalProperties", "values", "discriminator"];
47
47
  var SHARED_KEYWORDS = { definitions: 1, nullable: 1, metadata: 1 };
package/lib/link-header.js CHANGED
@@ -32,7 +32,7 @@ var { defineClass } = require("./framework-error");
32
32
 
33
33
  var LinkHeaderError = defineClass("LinkHeaderError", { alwaysPermanent: true });
34
34
 
35
- var MAX_HEADER_BYTES = 16384; // allow:raw-byte-literal — defensive cap on a parsed Link header
35
+ var MAX_HEADER_BYTES = 16384; // defensive cap on a parsed Link header
36
36
 
37
37
  // Split a Link header on the commas that separate links — those OUTSIDE
38
38
  // a <uri-reference> and outside a quoted-string. structuredFields'
package/lib/local-db-thin.js CHANGED
@@ -65,7 +65,7 @@ var audit = lazyRequire(function () { return require("./audit"); });
65
65
  // LRU prepared-statement cache cap — same magnitude as lib/db.js's full
66
66
  // variant. Daemons issuing more than this many distinct SQL strings
67
67
  // likely have a string-concat bug rather than a legitimate need.
68
- var PREPARE_CACHE_MAX = 256; // allow:raw-byte-literal — distinct-statement cache cap
68
+ var PREPARE_CACHE_MAX = 256; // distinct-statement cache cap
69
69
 
70
70
  var ALLOWED_RECOVERY = ["refuse", "rename-and-recreate"];
71
71
 
package/lib/log.js CHANGED
@@ -554,7 +554,7 @@ var _BIDI_CONTROL_RE = /[؜‎‏‪‫‬‭‮⁦⁧⁨⁩]/g;
554
554
  function _escapeBidiControls(s) {
555
555
  if (typeof s !== "string" || s.length === 0) return s;
556
556
  return s.replace(_BIDI_CONTROL_RE, function (ch) {
557
- var code = ch.charCodeAt(0).toString(16); // allow:raw-byte-literal — Unicode hex radix
557
+ var code = ch.charCodeAt(0).toString(16); // Unicode hex radix
558
558
  while (code.length < 4) code = "0" + code;
559
559
  return "\\u" + code;
560
560
  });
package/lib/lro.js CHANGED
@@ -71,9 +71,9 @@ function create(opts) {
71
71
  var prefix = opts.namePrefix || "operations/";
72
72
  numericBounds.requirePositiveFiniteIntIfPresent(opts.maxConcurrent, "maxConcurrent",
73
73
  LroError, "lro/bad-max-concurrent");
74
- var maxConcurrent = typeof opts.maxConcurrent === "number" ? opts.maxConcurrent : 1024; // allow:raw-byte-literal — default in-flight cap
74
+ var maxConcurrent = typeof opts.maxConcurrent === "number" ? opts.maxConcurrent : 1024; // default in-flight cap
75
75
 
76
- function _newName() { return prefix + bCrypto.generateToken(32); } // allow:raw-byte-literal — 32-char name token
76
+ function _newName() { return prefix + bCrypto.generateToken(32); } // 32-char name token
77
77
 
78
78
  function submit(submitOpts) {
79
79
  submitOpts = validateOpts.requireObject(submitOpts, "lro.submit",
@@ -126,7 +126,7 @@ function create(opts) {
126
126
  stored.done = true;
127
127
  // AIP-151 error: { code, message, details? } shape.
128
128
  var msg = (err && err.message) || String(err);
129
- stored.error = { code: 13, message: msg }; // allow:raw-byte-literal — google.rpc.Code.INTERNAL = 13
129
+ stored.error = { code: 13, message: msg }; // google.rpc.Code.INTERNAL = 13
130
130
  if (err && err.code) stored.error.errorCode = err.code;
131
131
  stored.completedAt = new Date().toISOString();
132
132
  });
@@ -175,7 +175,7 @@ function create(opts) {
175
175
  }
176
176
  // Mark cancelled per AIP-151 — error.code 1 = CANCELLED.
177
177
  op.done = true;
178
- op.error = { code: 1, message: "operation cancelled" }; // allow:raw-byte-literal — google.rpc.Code.CANCELLED = 1
178
+ op.error = { code: 1, message: "operation cancelled" }; // google.rpc.Code.CANCELLED = 1
179
179
  op.completedAt = new Date().toISOString();
180
180
  return _stripPrivate(op);
181
181
  }
package/lib/mail-agent.js CHANGED
@@ -89,7 +89,7 @@ var MailAgentError = defineClass("MailAgentError", { alwaysPermanent: true });
89
89
 
90
90
  var DEFAULT_QUEUE_TOPIC = "mail.agent.tasks";
91
91
  var DEFAULT_TASK_TIMEOUT_MS = C.TIME.seconds(30);
92
- var DEFAULT_QUEUE_DEPTH_CAP = 1024; // allow:raw-byte-literal — queue depth, not bytes
92
+ var DEFAULT_QUEUE_DEPTH_CAP = 1024; // queue depth, not bytes
93
93
 
94
94
  // Methods that route to worker / queue dispatch under "auto" mode. The
95
95
  // rest are fast-path single-row ops that stay local even under "auto".
package/lib/mail-arc-sign.js CHANGED
@@ -103,8 +103,8 @@ function _parseHeaderBlock(headerBlock) {
103
103
  }
104
104
 
105
105
  function _canonRelaxedHeader(name, value) {
106
- var unfolded = String(value).replace(/\r?\n[ \t]+/g, " "); // allow:duplicate-regex allow:raw-byte-literal — DKIM/ARC RFC 6376 §3.4.2 unfolding
107
- var trimmed = unfolded.replace(/[ \t]+/g, " ").replace(/^[ \t]+|[ \t]+$/g, ""); // allow:duplicate-regex allow:raw-byte-literal — DKIM/ARC RFC 6376 §3.4.2 WSP collapse
106
+ var unfolded = String(value).replace(/\r?\n[ \t]+/g, " "); // allow:duplicate-regex — DKIM/ARC RFC 6376 §3.4.2 unfolding
107
+ var trimmed = unfolded.replace(/[ \t]+/g, " ").replace(/^[ \t]+|[ \t]+$/g, ""); // allow:duplicate-regex — DKIM/ARC RFC 6376 §3.4.2 WSP collapse
108
108
  return name.toLowerCase() + ":" + trimmed + "\r\n";
109
109
  }
110
110
 
@@ -133,7 +133,7 @@ function _bodyHashB64(body, algorithm) {
133
133
  // extractor needs the same ceiling so a message arriving with a
134
134
  // hostile chain (51+ instances) doesn't expand the per-hop walk to
135
135
  // unbounded work before the signer's own validation catches up.
136
- var ARC_MAX_HOPS_FOR_EXTRACT = 50; // allow:raw-byte-literal — RFC 8617 §5 chain bound
136
+ var ARC_MAX_HOPS_FOR_EXTRACT = 50; // RFC 8617 §5 chain bound
137
137
 
138
138
  function _arcExtractPriorHops(parsedHeaders) {
139
139
  // Walk parsedHeaders; for each ARC-Authentication-Results /
@@ -182,7 +182,7 @@ function sign(opts) {
182
182
  validateOpts.requireNonEmptyString(opts.rfc822, "sign: rfc822",
183
183
  MailAuthError, "arc-sign/bad-input");
184
184
  if (typeof opts.instance !== "number" || !isFinite(opts.instance) ||
185
- opts.instance < 1 || opts.instance > 50 || // allow:raw-byte-literal — RFC 8617 §5 chain bound
185
+ opts.instance < 1 || opts.instance > 50 || // RFC 8617 §5 chain bound
186
186
  Math.floor(opts.instance) !== opts.instance) {
187
187
  throw new MailAuthError("arc-sign/bad-instance",
188
188
  "sign: instance must be an integer in [1, 50] — got " + JSON.stringify(opts.instance));
@@ -211,7 +211,7 @@ function sign(opts) {
211
211
  throw new MailAuthError("arc-sign/cv-rule",
212
212
  "sign: i=1 requires cv=none (per RFC 8617 §5.1.1)");
213
213
  }
214
- if (opts.instance >= 2 && opts.cv === "none") { // allow:raw-byte-literal — RFC 8617 chain rule
214
+ if (opts.instance >= 2 && opts.cv === "none") { // RFC 8617 chain rule
215
215
  throw new MailAuthError("arc-sign/cv-rule",
216
216
  "sign: i>=2 disallows cv=none — must be cv=pass or cv=fail (per RFC 8617 §5.1.1)");
217
217
  }
@@ -247,7 +247,7 @@ function sign(opts) {
247
247
  }
248
248
  }
249
249
  var timestamp = (typeof opts.timestamp === "number" && opts.timestamp > 0) // allow:numeric-opt-Infinity
250
- ? Math.floor(opts.timestamp) : Math.floor(Date.now() / 1000); // allow:raw-byte-literal — Unix epoch seconds divisor
250
+ ? Math.floor(opts.timestamp) : Math.floor(Date.now() / 1000); // Unix epoch seconds divisor
251
251
  var auditOn = opts.audit !== false;
252
252
 
253
253
  var keyObject;