npm - @blamejs/core - Versions diffs - 0.14.1 → 0.14.3 - Mend

@blamejs/core 0.14.1 → 0.14.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (275) hide show

package/CHANGELOG.md +4 -0
package/lib/_test/crypto-fixtures.js +3 -3
package/lib/a2a-tasks.js +18 -18
package/lib/a2a.js +4 -4
package/lib/acme.js +3 -3
package/lib/agent-idempotency.js +1 -1
package/lib/agent-orchestrator.js +8 -8
package/lib/agent-posture-chain.js +2 -2
package/lib/agent-saga.js +1 -1
package/lib/agent-snapshot.js +1 -1
package/lib/agent-stream.js +1 -1
package/lib/agent-tenant.js +1 -1
package/lib/agent-trace.js +3 -3
package/lib/ai-capability.js +1 -1
package/lib/ai-dp.js +4 -4
package/lib/ai-input.js +3 -3
package/lib/ai-model-manifest.js +7 -7
package/lib/ai-pref.js +3 -3
package/lib/archive-gz.js +2 -2
package/lib/archive-read.js +25 -25
package/lib/archive-tar-read.js +2 -2
package/lib/archive-tar.js +20 -20
package/lib/archive-wrap.js +10 -10
package/lib/argon2-builtin.js +1 -1
package/lib/asn1-der.js +34 -34
package/lib/atomic-file.js +2 -2
package/lib/audit-daily-review.js +3 -3
package/lib/audit-sign.js +5 -5
package/lib/audit-tools.js +1 -1
package/lib/audit.js +2 -2
package/lib/auth/acr-vocabulary.js +2 -2
package/lib/auth/bot-challenge.js +3 -3
package/lib/auth/ciba.js +7 -7
package/lib/auth/dpop.js +3 -3
package/lib/auth/fido-mds3.js +8 -8
package/lib/auth/jwt-external.js +5 -5
package/lib/auth/oauth.js +2 -2
package/lib/auth/oid4vci.js +9 -9
package/lib/auth/oid4vp.js +2 -2
package/lib/auth/openid-federation.js +2 -2
package/lib/auth/passkey.js +3 -3
package/lib/auth/saml.js +23 -23
package/lib/auth/sd-jwt-vc-disclosure.js +1 -1
package/lib/auth/sd-jwt-vc.js +4 -4
package/lib/auth/status-list.js +10 -10
package/lib/auth/step-up.js +1 -1
package/lib/auth-bot-challenge.js +1 -1
package/lib/backup/index.js +7 -7
package/lib/base32.js +8 -8
package/lib/budr.js +2 -2
package/lib/cache-status.js +2 -2
package/lib/calendar.js +23 -23
package/lib/cbor.js +12 -12
package/lib/cdn-cache-control.js +1 -1
package/lib/cert.js +5 -5
package/lib/cloud-events.js +5 -5
package/lib/cms-codec.js +21 -21
package/lib/codepoint-class.js +12 -12
package/lib/compliance-sanctions-fuzzy.js +4 -4
package/lib/compliance-sanctions.js +4 -4
package/lib/compliance.js +29 -29
package/lib/content-credentials.js +36 -36
package/lib/cookies.js +1 -1
package/lib/cose.js +13 -13
package/lib/cra-report.js +1 -1
package/lib/crdt.js +1 -1
package/lib/crypto-field.js +2 -2
package/lib/crypto-xwing.js +7 -7
package/lib/crypto.js +6 -6
package/lib/csp.js +2 -2
package/lib/cwt.js +4 -4
package/lib/dark-patterns.js +2 -2
package/lib/data-act.js +2 -2
package/lib/db-file-lifecycle.js +4 -4
package/lib/db-query.js +1 -1
package/lib/db.js +6 -6
package/lib/dbsc.js +13 -13
package/lib/did.js +17 -17
package/lib/dora.js +4 -4
package/lib/dsr.js +1 -1
package/lib/early-hints.js +2 -2
package/lib/eat.js +4 -4
package/lib/external-db-migrate.js +1 -1
package/lib/external-db.js +1 -1
package/lib/flag-cache.js +1 -1
package/lib/flag-evaluation-context.js +2 -2
package/lib/graphql-federation.js +5 -5
package/lib/guard-agent-registry.js +5 -5
package/lib/guard-archive.js +24 -24
package/lib/guard-cidr.js +33 -33
package/lib/guard-csv.js +1 -1
package/lib/guard-domain.js +10 -10
package/lib/guard-dsn.js +4 -4
package/lib/guard-email.js +19 -19
package/lib/guard-event-bus-payload.js +4 -4
package/lib/guard-event-bus-topic.js +6 -6
package/lib/guard-filename.js +7 -7
package/lib/guard-graphql.js +9 -9
package/lib/guard-html-wcag-tagwalk.js +1 -1
package/lib/guard-html-wcag.js +4 -4
package/lib/guard-html.js +7 -7
package/lib/guard-idempotency-key.js +6 -6
package/lib/guard-image.js +4 -4
package/lib/guard-imap-command.js +17 -17
package/lib/guard-jmap.js +20 -20
package/lib/guard-json.js +12 -12
package/lib/guard-jsonpath.js +3 -3
package/lib/guard-jwt.js +4 -4
package/lib/guard-list-id.js +7 -7
package/lib/guard-list-unsubscribe.js +8 -8
package/lib/guard-mail-compose.js +4 -4
package/lib/guard-mail-move.js +5 -5
package/lib/guard-mail-query.js +3 -3
package/lib/guard-mail-reply.js +3 -3
package/lib/guard-mail-sieve.js +6 -6
package/lib/guard-managesieve-command.js +25 -25
package/lib/guard-markdown.js +31 -31
package/lib/guard-message-id.js +5 -5
package/lib/guard-mime.js +1 -1
package/lib/guard-oauth.js +3 -3
package/lib/guard-pdf.js +6 -6
package/lib/guard-pop3-command.js +11 -11
package/lib/guard-posture-chain.js +5 -5
package/lib/guard-regex.js +10 -10
package/lib/guard-saga-config.js +5 -5
package/lib/guard-smtp-command.js +6 -6
package/lib/guard-snapshot-envelope.js +3 -3
package/lib/guard-stream-args.js +4 -4
package/lib/guard-svg.js +11 -11
package/lib/guard-tenant-id.js +5 -5
package/lib/guard-time.js +15 -15
package/lib/guard-trace-context.js +4 -4
package/lib/guard-uuid.js +11 -11
package/lib/guard-xml.js +12 -12
package/lib/guard-yaml.js +16 -16
package/lib/honeytoken.js +5 -5
package/lib/http-client.js +1 -1
package/lib/http-message-signature.js +2 -2
package/lib/iab-mspa.js +3 -3
package/lib/iab-tcf.js +70 -70
package/lib/inbox.js +4 -4
package/lib/ip-utils.js +15 -15
package/lib/jose-jwe-experimental.js +2 -2
package/lib/json-path.js +3 -3
package/lib/json-schema.js +1 -1
package/lib/jsonapi.js +3 -3
package/lib/jtd.js +2 -2
package/lib/link-header.js +1 -1
package/lib/local-db-thin.js +1 -1
package/lib/log.js +1 -1
package/lib/lro.js +4 -4
package/lib/mail-agent.js +1 -1
package/lib/mail-arc-sign.js +6 -6
package/lib/mail-auth.js +43 -43
package/lib/mail-bimi.js +3 -3
package/lib/mail-crypto-pgp.js +31 -31
package/lib/mail-crypto-smime.js +5 -5
package/lib/mail-dav.js +1 -1
package/lib/mail-deploy.js +39 -39
package/lib/mail-dkim.js +11 -11
package/lib/mail-greylist.js +12 -12
package/lib/mail-helo.js +1 -1
package/lib/mail-journal.js +8 -8
package/lib/mail-rbl.js +7 -7
package/lib/mail-scan.js +7 -7
package/lib/mail-send-deliver.js +2 -2
package/lib/mail-server-imap.js +12 -12
package/lib/mail-server-jmap.js +16 -16
package/lib/mail-server-managesieve.js +4 -4
package/lib/mail-server-mx.js +17 -17
package/lib/mail-server-pop3.js +4 -4
package/lib/mail-server-rate-limit.js +2 -2
package/lib/mail-server-submission.js +21 -21
package/lib/mail-sieve.js +2 -2
package/lib/mail-spam-score.js +5 -5
package/lib/mail-srs.js +12 -12
package/lib/mail-store-fts.js +2 -2
package/lib/mail-store.js +8 -8
package/lib/mail-unsubscribe.js +4 -4
package/lib/mail.js +4 -4
package/lib/mcp-tool-registry.js +4 -4
package/lib/mcp.js +9 -9
package/lib/mdoc.js +2 -2
package/lib/metrics.js +8 -8
package/lib/middleware/age-gate.js +1 -1
package/lib/middleware/api-encrypt.js +7 -7
package/lib/middleware/assetlinks.js +2 -2
package/lib/middleware/asyncapi-serve.js +2 -2
package/lib/middleware/bearer-auth.js +5 -5
package/lib/middleware/body-parser.js +5 -5
package/lib/middleware/compose-pipeline.js +15 -15
package/lib/middleware/csp-report.js +4 -4
package/lib/middleware/daily-byte-quota.js +1 -1
package/lib/middleware/dpop.js +1 -1
package/lib/middleware/headers.js +2 -2
package/lib/middleware/host-allowlist.js +1 -1
package/lib/middleware/idempotency-key.js +12 -12
package/lib/middleware/nel.js +1 -1
package/lib/middleware/openapi-serve.js +2 -2
package/lib/middleware/protected-resource-metadata.js +2 -2
package/lib/middleware/require-aal.js +1 -1
package/lib/middleware/require-bound-key.js +2 -2
package/lib/middleware/require-content-type.js +1 -1
package/lib/middleware/require-methods.js +1 -1
package/lib/middleware/require-step-up.js +2 -2
package/lib/middleware/scim-server.js +1 -1
package/lib/middleware/security-txt.js +3 -3
package/lib/middleware/tus-upload.js +12 -12
package/lib/middleware/web-app-manifest.js +2 -2
package/lib/network-byte-quota.js +1 -1
package/lib/network-dns-resolver.js +23 -23
package/lib/network-dns.js +29 -29
package/lib/network-dnssec.js +33 -33
package/lib/network-smtp-policy.js +10 -10
package/lib/network-tls.js +87 -87
package/lib/network-tsig.js +33 -33
package/lib/nis2-report.js +1 -1
package/lib/ntp-check.js +3 -3
package/lib/observability-otlp-exporter.js +17 -17
package/lib/observability-tracer.js +6 -6
package/lib/observability.js +8 -8
package/lib/openapi-yaml.js +1 -1
package/lib/openapi.js +1 -1
package/lib/outbox.js +6 -6
package/lib/pqc-agent.js +4 -4
package/lib/pqc-software.js +1 -1
package/lib/privacy-pass.js +5 -5
package/lib/problem-details.js +5 -5
package/lib/promise-pool.js +1 -1
package/lib/protobuf-encoder.js +1 -1
package/lib/redact.js +2 -2
package/lib/request-helpers.js +1 -1
package/lib/router.js +10 -10
package/lib/safe-async.js +2 -2
package/lib/safe-dns.js +71 -71
package/lib/safe-ical.js +19 -19
package/lib/safe-icap.js +24 -24
package/lib/safe-jsonpath.js +2 -2
package/lib/safe-mime.js +10 -10
package/lib/safe-mount-info.js +3 -3
package/lib/safe-redirect.js +1 -1
package/lib/safe-sieve.js +23 -23
package/lib/safe-smtp.js +1 -1
package/lib/safe-vcard.js +14 -14
package/lib/sandbox.js +5 -5
package/lib/sec-cyber.js +1 -1
package/lib/self-update-standalone-verifier.js +3 -3
package/lib/self-update.js +3 -3
package/lib/server-timing.js +3 -3
package/lib/session-device-binding.js +7 -7
package/lib/session.js +8 -8
package/lib/standard-webhooks.js +4 -4
package/lib/storage.js +2 -2
package/lib/stream-throttle.js +1 -1
package/lib/structured-fields.js +15 -15
package/lib/subject.js +1 -1
package/lib/tcpa-10dlc.js +1 -1
package/lib/tenant-quota.js +3 -3
package/lib/test-harness.js +1 -1
package/lib/tracing.js +1 -1
package/lib/tsa.js +5 -5
package/lib/uri-template.js +5 -5
package/lib/vault/index.js +2 -2
package/lib/vault/seal-pem-file.js +4 -4
package/lib/vc.js +2 -2
package/lib/vendor-data.js +1 -1
package/lib/watcher.js +4 -4
package/lib/web-push-vapid.js +21 -21
package/lib/webhook.js +2 -2
package/lib/websocket.js +3 -3
package/lib/worker-pool.js +3 -3
package/lib/ws-client.js +24 -24
package/lib/xml-c14n.js +2 -2
package/package.json +1 -1
package/sbom.cdx.json +6 -6

package/lib/websocket.js CHANGED Viewed

@@ -189,7 +189,7 @@ var CLOSE_GRACE_MS            = C.TIME.seconds(2);
 // IANA-registered. 4000..4999 are private-use. Anything else is
 // invalid.
 function _isValidCloseCode(code) {
-  if (code === 1004 || code === 1005 || code === 1006 || code === 1015) return false;        // allow:raw-byte-literal — RFC 6455 §7.4.2 reserved codes
+  if (code === 1004 || code === 1005 || code === 1006 || code === 1015) return false;        // RFC 6455 §7.4.2 reserved codes
   if (code >= 1000 && code <= 1011) return true;                                              // allow:raw-byte-literal — RFC 6455 §7.4.2 spec range / allow:raw-time-literal — code is a numeric, not seconds
   if (code >= 3000 && code <= 4999) return true;                                              // allow:raw-byte-literal — RFC 6455 §7.4.2 IANA / private range / allow:raw-time-literal — code is a numeric, not seconds
   return false;
@@ -1322,7 +1322,7 @@ function handleUpgrade(req, socket, head, opts) {
   // breaking the upgrade in a way that's hard to diagnose; the format
   // check at the top of handleUpgrade catches it loudly. Empty /
   // undefined falls through to the RFC default in computeAcceptKey.
-  var GUID_MAX_LENGTH = C.BYTES.bytes(64); // allow:raw-byte-literal — UUID is 36 chars; 64 is a tolerant upper bound for the regex engine.
+  var GUID_MAX_LENGTH = C.BYTES.bytes(64); // UUID is 36 chars; 64 is a tolerant upper bound for the regex engine.
   if (opts.handshakeGuid !== undefined && opts.handshakeGuid !== null) {
     // Length cap before the regex test — UUIDs are exactly 36 chars so
     // a > GUID_MAX_LENGTH input never matches the format and shouldn't
@@ -1341,7 +1341,7 @@ function handleUpgrade(req, socket, head, opts) {
   // consumer would expect for a malformed request.
   var v = validateUpgradeRequest(req, opts);
   if (!v.ok) {
-    _refuseUpgrade(socket, v.status || 400, v.reason);          // allow:raw-byte-literal — HTTP 400 fallback
+    _refuseUpgrade(socket, v.status || 400, v.reason);          // HTTP 400 fallback
     return null;
   }

package/lib/worker-pool.js CHANGED Viewed

@@ -77,9 +77,9 @@ var { WorkerPoolError } = require("./framework-error");
 var audit = lazyRequire(function () { return require("./audit"); });
 var MIN_SIZE = 1;
-var MAX_SIZE = 256;                                                              // allow:raw-byte-literal — sanity ceiling on worker count, not bytes
-var DEFAULT_MAX_QUEUE_DEPTH = 1024;                                              // allow:raw-byte-literal — task-queue depth, not bytes
-var MAX_QUEUE_DEPTH_CAP = 1048576;                                               // allow:raw-byte-literal — task-queue depth ceiling, not bytes
+var MAX_SIZE = 256;                                                              // sanity ceiling on worker count, not bytes
+var DEFAULT_MAX_QUEUE_DEPTH = 1024;                                              // task-queue depth, not bytes
+var MAX_QUEUE_DEPTH_CAP = 1048576;                                               // task-queue depth ceiling, not bytes
 var DEFAULT_TASK_TIMEOUT_MS = C.TIME.minutes(5);
 var MAX_TASK_TIMEOUT_MS = C.TIME.hours(1);

package/lib/ws-client.js CHANGED Viewed

@@ -76,16 +76,16 @@ var DEFAULT_RECONNECT_BASE_MS    = C.TIME.seconds(1) / 2;
 var DEFAULT_RECONNECT_MAX_MS     = C.TIME.seconds(30);
 var DEFAULT_RECONNECT_MAX_ATTEMPTS = 10;
-var OPCODE_CONT   = 0x00;                                // allow:raw-byte-literal — RFC 6455 opcode
-var OPCODE_TEXT   = 0x01;                                // allow:raw-byte-literal — RFC 6455 opcode
-var OPCODE_BINARY = 0x02;                                // allow:raw-byte-literal — RFC 6455 opcode
-var OPCODE_CLOSE  = 0x08;                                // allow:raw-byte-literal — RFC 6455 opcode
-var OPCODE_PING   = 0x09;                                // allow:raw-byte-literal — RFC 6455 opcode
-var OPCODE_PONG   = 0x0A;                                // allow:raw-byte-literal — RFC 6455 opcode
+var OPCODE_CONT   = 0x00;                                // RFC 6455 opcode
+var OPCODE_TEXT   = 0x01;                                // RFC 6455 opcode
+var OPCODE_BINARY = 0x02;                                // RFC 6455 opcode
+var OPCODE_CLOSE  = 0x08;                                // RFC 6455 opcode
+var OPCODE_PING   = 0x09;                                // RFC 6455 opcode
+var OPCODE_PONG   = 0x0A;                                // RFC 6455 opcode
-var CLOSE_NORMAL          = 1000;                        // allow:raw-byte-literal — RFC 6455 close code
-var CLOSE_GOING_AWAY      = 1001;                        // allow:raw-byte-literal — RFC 6455 close code
-var CLOSE_ABNORMAL        = 1006;                        // allow:raw-byte-literal — RFC 6455 close code (synthetic — never on wire)
+var CLOSE_NORMAL          = 1000;                        // RFC 6455 close code
+var CLOSE_GOING_AWAY      = 1001;                        // RFC 6455 close code
+var CLOSE_ABNORMAL        = 1006;                        // RFC 6455 close code (synthetic — never on wire)
 // Permanent vs transient error classifier — used by reconnect logic
 // so client doesn't hammer the server on credentials / handshake
@@ -360,7 +360,7 @@ class WsClient extends EventEmitter {
     var parsed = dialParsed;
     var port = parsed.port ? parseInt(parsed.port, 10) :
-               (parsed.protocol === "wss:" ? 443 : 80);                                  // allow:raw-byte-literal — TLS / HTTP default port
+               (parsed.protocol === "wss:" ? 443 : 80);                                  // TLS / HTTP default port
     var host = parsed.hostname;
     function _onError(err) { self._handleSocketError(err); }
@@ -443,7 +443,7 @@ class WsClient extends EventEmitter {
       "Upgrade: websocket",
       "Connection: Upgrade",
       "Sec-WebSocket-Key: " + key,
-      "Sec-WebSocket-Version: 13",                                                       // allow:raw-byte-literal — RFC 6455 §1.9
+      "Sec-WebSocket-Version: 13",                                                       // RFC 6455 §1.9
     ];
     if (opts.origin) {
       if (safeBuffer.hasCrlf(opts.origin)) {
@@ -510,7 +510,7 @@ class WsClient extends EventEmitter {
       return;
     }
     var status = parseInt(match[1], 10);
-    if (status !== 101) {                                                                 // allow:raw-byte-literal — HTTP 101
+    if (status !== 101) {                                                                 // HTTP 101
       // Body bytes after the header section are the server's
       // explanation. Surface them on the error so callers can branch
       // on the status code and inspect the body without re-parsing
@@ -560,7 +560,7 @@ class WsClient extends EventEmitter {
     this._negotiatedSubprotocol = negotiatedSubprotocol;
     this._negotiatedDeflate = false;
-    this._negotiatedWindowBits = 15;                                                      // allow:raw-byte-literal — RFC 7692 default windowBits
+    this._negotiatedWindowBits = 15;                                                      // RFC 7692 default windowBits
     if (this._opts.permessageDeflate &&
         (headers["sec-websocket-extensions"] || "").indexOf("permessage-deflate") !== -1) {
       this._negotiatedDeflate = true;
@@ -572,7 +572,7 @@ class WsClient extends EventEmitter {
       var smwbMatch = extLine.match(/server_max_window_bits\s*=\s*"?(\d+)"?/);             // allow:regex-no-length-cap — bounded by header line + RFC 7692 §7.1
       if (smwbMatch) {
         var smwb = parseInt(smwbMatch[1], 10);
-        if (smwb < 8 || smwb > 15) {                                                      // allow:raw-byte-literal — RFC 7692 windowBits range
+        if (smwb < 8 || smwb > 15) {                                                      // RFC 7692 windowBits range
           this._handleSocketError(new WsClientError("ws-client/deflate-error",
             "server_max_window_bits=" + smwb + " is outside RFC 7692 range [8, 15]"));
           return;
@@ -635,7 +635,7 @@ class WsClient extends EventEmitter {
                     frame.opcode === OPCODE_PONG ||
                     frame.opcode === OPCODE_CLOSE;
     if (isControl) {
-      if (frame.payload.length > 125) {                                                   // allow:raw-byte-literal — RFC 6455 §5.5 control-frame cap
+      if (frame.payload.length > 125) {                                                   // RFC 6455 §5.5 control-frame cap
         this._handleSocketError(new WsClientError("ws-client/control-too-big",
           "control-frame payload exceeds 125 bytes (RFC 6455 §5.5)"));
         return;
@@ -665,7 +665,7 @@ class WsClient extends EventEmitter {
       var code = CLOSE_NORMAL, reason = "";
       if (frame.payload.length >= 2) {
         code = frame.payload.readUInt16BE(0);
-        var reasonBytes = frame.payload.subarray(2);                                      // allow:raw-byte-literal — RFC 6455 close-frame layout
+        var reasonBytes = frame.payload.subarray(2);                                      // RFC 6455 close-frame layout
         try {
           reason = new TextDecoder("utf-8", { fatal: true }).decode(reasonBytes);
         } catch (_e) {
@@ -711,7 +711,7 @@ class WsClient extends EventEmitter {
       if (this._negotiatedDeflate && firstFrameRsv1) {
         try {
           var zlib = require("node:zlib");                                                     // allow:inline-require — zlib only on deflate-negotiated path
-          var compressed = Buffer.concat([fullPayload, Buffer.from([0x00, 0x00, 0xff, 0xff])]); // allow:raw-byte-literal — RFC 7692 §7.2.2 deflate trailer
+          var compressed = Buffer.concat([fullPayload, Buffer.from([0x00, 0x00, 0xff, 0xff])]); // RFC 7692 §7.2.2 deflate trailer
           // Decompression-bomb defense: zlib.inflateRawSync's
           // `maxOutputLength` aborts the inflate the moment the
           // output would exceed maxMessageBytes — never decode GBs
@@ -828,26 +828,26 @@ class WsClient extends EventEmitter {
     // mid-codepoint — to be RFC-safe we truncate at code-point
     // boundaries.
     var rb = Buffer.from(reason, "utf8");
-    if (rb.length > 123) {                                                                // allow:raw-byte-literal — RFC 6455 §5.5 (125 - 2)
+    if (rb.length > 123) {                                                                // RFC 6455 §5.5 (125 - 2)
       // Truncate at last complete codepoint within 123 bytes. Use a
       // fatal TextDecoder to validate; back off one byte at a time
       // until the slice decodes cleanly. Bounded by [123 - 3, 123]
       // since a single UTF-8 codepoint is at most 4 bytes.
       var fatal = new TextDecoder("utf-8", { fatal: true });
-      var truncated = rb.subarray(0, 123);                                                // allow:raw-byte-literal — RFC 6455 §5.5
-      for (var bi = 0; bi < 4; bi += 1) {                                                 // allow:raw-byte-literal — max UTF-8 codepoint width
+      var truncated = rb.subarray(0, 123);                                                // RFC 6455 §5.5
+      for (var bi = 0; bi < 4; bi += 1) {                                                 // max UTF-8 codepoint width
         try { fatal.decode(truncated); break; }
         catch (_e) { truncated = truncated.subarray(0, truncated.length - 1); }
       }
       rb = truncated;
     }
-    var payload = Buffer.alloc(2 + rb.length);                                            // allow:raw-byte-literal — RFC 6455 close-frame layout
+    var payload = Buffer.alloc(2 + rb.length);                                            // RFC 6455 close-frame layout
     payload.writeUInt16BE(code, 0);
-    rb.copy(payload, 2);                                                                  // allow:raw-byte-literal — RFC 6455 close-frame layout
+    rb.copy(payload, 2);                                                                  // RFC 6455 close-frame layout
     this._readyState = "closing";
     this._sendFrame(OPCODE_CLOSE, payload, { fin: true });
     var self = this;
-    setTimeout(function () { self._teardown(code, reason, false); }, 1000).unref();       // allow:raw-byte-literal — graceful close grace window
+    setTimeout(function () { self._teardown(code, reason, false); }, 1000).unref();       // graceful close grace window
   }
   _teardown(code, reason, willReconnect) {
@@ -921,7 +921,7 @@ class WsClient extends EventEmitter {
   _scheduleReconnect() {
     var rOpts = this._opts.reconnectOpts;
     this._reconnectAttempt += 1;
-    var attempt = Math.min(this._reconnectAttempt, 30);                                   // allow:raw-byte-literal — clamp 2^attempt overflow
+    var attempt = Math.min(this._reconnectAttempt, 30);                                   // clamp 2^attempt overflow
     var ceiling = Math.min(rOpts.maxMs, rOpts.baseMs * Math.pow(2, attempt - 1));
     var delay   = Math.floor(Math.random() * ceiling);                                    // allow:math-random-noncrypto — backoff jitter, not security
     var self = this;

package/lib/xml-c14n.js CHANGED Viewed

@@ -62,7 +62,7 @@ var XmlC14nError = defineClass("XmlC14nError", { alwaysPermanent: true });
 function _xmlErr(code, message) { return new XmlC14nError(code, message); }
 var MAX_INPUT_BYTES = 8 * 1024 * 1024;                                                          // allow:raw-byte-literal — XML doc cap (8 MiB)
-var MAX_DEPTH       = 200;                                                                      // allow:raw-byte-literal — element nesting depth ceiling
+var MAX_DEPTH       = 200;                                                                      // element nesting depth ceiling
 /**
  * @primitive b.xmlC14n.parse
@@ -172,7 +172,7 @@ function parse(xml) {
           if (name.charAt(0) === "#") {
             var code;
             if (name.charAt(1) === "x" || name.charAt(1) === "X") {
-              code = parseInt(name.slice(2), 16);                                              // allow:raw-byte-literal — hex radix
+              code = parseInt(name.slice(2), 16);                                              // hex radix
             } else {
               code = parseInt(name.slice(1), 10);
             }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.14.1",
+  "version": "0.14.3",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json CHANGED Viewed

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:5ae2d0f7-e30f-4d02-90d0-975129430c5f",
+  "serialNumber": "urn:uuid:bfe58661-57c7-4e95-87a0-d0a82ae37a6b",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-30T05:49:41.774Z",
+    "timestamp": "2026-05-30T08:21:39.433Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.14.1",
+      "bom-ref": "@blamejs/core@0.14.3",
       "type": "application",
       "name": "blamejs",
-      "version": "0.14.1",
+      "version": "0.14.3",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.14.1",
+      "purl": "pkg:npm/%40blamejs/core@0.14.3",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.14.1",
+      "ref": "@blamejs/core@0.14.3",
       "dependsOn": []
     }
   ]