@contrast/agent-bundle 5.39.1 → 5.41.0

package/node_modules/@contrast/assess/lib/sampler/common.js

@@ -31,23 +31,22 @@ class RouteAnalysisMonitor {
   }
 
   /**
-   * @param {object} reqData
-   * @param {string} reqData.uriPath
+   * @param {import('@contrast/common').SourceInfo} sourceInfo
+   * @param {string} sourceInfo.normalizedUri
    * @returns {AnalysisInfo}
    */
-  getAnalysisInfo({ method, uriPath }) {
-    const normalizedUrl = this._core.routeCoverage.uriPathToNormalizedUrl(uriPath);
+  getAnalysisInfo({ method, normalizedUri }) {
     const now = Date.now();
 
-    if (normalizedUrl) {
-      const key = `${method}:${normalizedUrl}`;
+    if (normalizedUri) {
+      const key = `${method}:${normalizedUri}`;
       let routeMeta = this._normalCache.get(key);
 
       // not in cache, not paused
       if (!routeMeta) {
         routeMeta = {
           pauseEnd: now + this._ttl,
-          normalizedUrl,
+          normalizedUrl: normalizedUri,
         };
         this._normalCache.set(key, routeMeta);
 
@@ -64,8 +63,6 @@ class RouteAnalysisMonitor {
 
       // was in cache and still paused
       return { paused: true, ...routeMeta };
-    } else {
-      // todo - handle "dynamic" routes
     }
 
     return this._defaultAnalysisInfo;
@@ -105,7 +102,6 @@ class ProbabilisticSampler extends BaseSampler {
 
   getSampleInfo(sourceInfo) {
     const { baseline, base_probability } = this.opts;
-    const { reqData } = sourceInfo.store.assess;
 
     if (this.baseline < baseline) {
       this.baseline++;
@@ -119,7 +115,7 @@ class ProbabilisticSampler extends BaseSampler {
 
     // check route monitoring before sampling
     if (canSample) {
-      const routeInfo = this.routeMonitor?.getAnalysisInfo(reqData);
+      const routeInfo = this.routeMonitor?.getAnalysisInfo(sourceInfo);
 
       if (routeInfo) {
         // don't sample if analysis is paused

package/node_modules/@contrast/assess/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/assess",
-  "version": "1.58.1",
+  "version": "1.59.0",
   "description": "Contrast service providing framework-agnostic Assess support",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,17 +20,18 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.1",
-    "@contrast/config": "1.49.1",
-    "@contrast/core": "1.54.1",
-    "@contrast/dep-hooks": "1.23.1",
+    "@contrast/common": "1.35.0",
+    "@contrast/config": "1.50.0",
+    "@contrast/core": "1.55.0",
+    "@contrast/dep-hooks": "1.24.0",
     "@contrast/distringuish": "^5.1.0",
-    "@contrast/instrumentation": "1.33.1",
-    "@contrast/logger": "1.27.1",
-    "@contrast/patcher": "1.26.1",
-    "@contrast/rewriter": "1.30.1",
-    "@contrast/route-coverage": "1.45.1",
-    "@contrast/scopes": "1.24.1",
+    "@contrast/instrumentation": "1.34.0",
+    "@contrast/logger": "1.28.0",
+    "@contrast/patcher": "1.27.0",
+    "@contrast/rewriter": "1.31.0",
+    "@contrast/route-coverage": "1.46.0",
+    "@contrast/scopes": "1.25.0",
+    "@contrast/sources": "1.1.0",
     "semver": "^7.6.0"
   }
 }

package/node_modules/@contrast/common/lib/constants.d.ts

@@ -1,5 +1,6 @@
 export declare enum Event {
     RESPONSE_FINISH = "response-finish",
+    SERVER_LISTENING = "server-listening",
     ROUTE_COVERAGE_DISCOVERY_FINISHED = "route-coverage-discovery-finished",
     ARCHITECTURE_COMPONENT = "architecture-component",
     ASSESS_DATAFLOW_FINDING = "assess-dataflow-findings",
@@ -188,6 +189,11 @@ export declare enum DataflowTag {
     COOKIE = "COOKIE",
     WEAK_URL_ENCODED = "WEAK_URL_ENCODED"
 }
+export declare enum ServerEnvironment {
+    QA = "QA",
+    PRODUCTION = "PRODUCTION",
+    DEVELOPMENT = "DEVELOPMENT"
+}
 export declare const BLOCKING_MODES: readonly ["block", "block_at_perimeter"];
 export declare const FS_METHODS: readonly [{
     readonly name: "access";

package/node_modules/@contrast/common/lib/constants.js

@@ -14,11 +14,12 @@
  * way not consistent with the End User License Agreement.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.URI_REGEXES = exports.symbols = exports.agentLibIDListTypes = exports.FS_METHODS = exports.BLOCKING_MODES = exports.DataflowTag = exports.ExclusionType = exports.InputType = exports.SessionConfigurationRule = exports.ResponseScanningRule = exports.Rule = exports.ProtectRuleMode = exports.Event = void 0;
+exports.URI_REGEXES = exports.symbols = exports.agentLibIDListTypes = exports.FS_METHODS = exports.BLOCKING_MODES = exports.ServerEnvironment = exports.DataflowTag = exports.ExclusionType = exports.InputType = exports.SessionConfigurationRule = exports.ResponseScanningRule = exports.Rule = exports.ProtectRuleMode = exports.Event = void 0;
 var Event;
 (function (Event) {
     // lifecycle
     Event["RESPONSE_FINISH"] = "response-finish";
+    Event["SERVER_LISTENING"] = "server-listening";
     Event["ROUTE_COVERAGE_DISCOVERY_FINISHED"] = "route-coverage-discovery-finished";
     // reports
     Event["ARCHITECTURE_COMPONENT"] = "architecture-component";
@@ -219,6 +220,12 @@ var DataflowTag;
     DataflowTag["COOKIE"] = "COOKIE";
     DataflowTag["WEAK_URL_ENCODED"] = "WEAK_URL_ENCODED";
 })(DataflowTag || (exports.DataflowTag = DataflowTag = {}));
+var ServerEnvironment;
+(function (ServerEnvironment) {
+    ServerEnvironment["QA"] = "QA";
+    ServerEnvironment["PRODUCTION"] = "PRODUCTION";
+    ServerEnvironment["DEVELOPMENT"] = "DEVELOPMENT";
+})(ServerEnvironment || (exports.ServerEnvironment = ServerEnvironment = {}));
 exports.BLOCKING_MODES = ['block', 'block_at_perimeter'];
 exports.FS_METHODS = [
     { name: 'access', promises: true, sync: true, indices: [0] },

package/node_modules/@contrast/common/lib/types.d.ts

@@ -207,7 +207,6 @@ export declare class Blocker {
     block(mode: string, ruleId: string): void;
 }
 export interface ProtectMessage {
-    reqData: ReqData;
     blocker: Blocker;
     policy: Partial<Record<Rule, ProtectRuleMode>>;
     exclusions: any[];
@@ -226,6 +225,13 @@ export interface SourceInfo {
     port: number;
     protocol: string;
     time: number;
+    method: string;
+    rawHeaders: string[];
+    uriPath: string;
+    queries: string;
+    contentType?: string;
+    ip: string;
+    httpVersion: string;
 }
 /**
  * this is known as RequestStore even though, in the future, instrumentation

package/node_modules/@contrast/common/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/common",
-  "version": "1.34.1",
+  "version": "1.35.0",
   "description": "Shared constants and utilities for all Contrast Agent modules",
   "license": "UNLICENSED",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",

package/node_modules/@contrast/config/lib/common.js

@@ -45,7 +45,7 @@ const {
 } = require('@contrast/common');
 
 function coerceLowerCase(path) {
-  return function(remoteData) {
+  return function (remoteData) {
     const value = get(remoteData, path);
     if (value && isString(value)) return StringPrototypeToLowerCase.call(value);
   };

package/node_modules/@contrast/config/lib/config.js

@@ -12,13 +12,14 @@
  * engineered, modified, repackaged, sold, redistributed or otherwise used in a
  * way not consistent with the End User License Agreement.
  */
-
+// @ts-check
 'use strict';
 
 const process = require('process');
 const path = require('path');
 const fs = require('fs');
 const os = require('os');
+const merge = require('deepmerge');
 const yaml = require('yaml');
 const { Event, get, set, primordials: { ArrayPrototypeJoin, StringPrototypeToUpperCase, JSONParse } } = require('@contrast/common');
 const options = require('./options');
@@ -42,12 +43,14 @@ const OS_CONFIG_DIR = os.platform() === 'win32'
 const REDACTED_KEYS = ['api.api_key', 'api.service_key', 'api.token'];
 const OVERRIDABLE_SOURCES = [DEFAULT_VALUE, CONTRAST_UI];
 
+// Overwrites the existing array values completely rather than concatenating them.
+const arrayMerge = (target, source, options) => source;
 const isValid = (opt) => opt !== undefined && opt !== null && opt !== '';
 
 module.exports = class Config {
   constructor(core) {
     // internals
-    this._filepath = '';
+    this._filepaths = [];
     this._errors = [];
     this._effectiveMap = new Map();
     this._status = '';
@@ -74,6 +77,7 @@ module.exports = class Config {
       disabled_rules: ''
     };
     this.server = {};
+    this.preinstrument = false;
 
     // initialize
     this._build();
@@ -138,53 +142,65 @@ module.exports = class Config {
   }
 
   /**
-   * Returns the locations to search for configuration files. Being a function
-   * allows us to stub these locations within tests.
+   * Returns the locations to search for configuration files as an array of
+   * arrays where each inner array contains a set of files to be merged in order of precedence.
+   * Being a function allows us to stub these locations within tests.
    */
   _configDirs() {
-    return [
-      process.cwd(),
+    return [[
+      process.cwd()
+    ], [
       path.resolve(OS_CONFIG_DIR, 'node'),
       OS_CONFIG_DIR,
+    ], [
       path.resolve(HOME_CONFIG_DIR, 'node'),
       HOME_CONFIG_DIR,
-    ];
+    ]];
   }
 
   _initFile() {
     let fileConfig = {};
 
-    this._filepath = process.env[CONTRAST_CONFIG_PATH];
-
-    if (!this._filepath) {
-      for (const dir of this._configDirs()) {
-        const currentPath = path.resolve(dir, 'contrast_security.yaml');
-        if (fs.existsSync(currentPath)) {
-          this._filepath = currentPath;
-          break;
+    if (process.env[CONTRAST_CONFIG_PATH]) {
+      // deliberately ignore /dev/null (linux) and \\.\\nul (windows)
+      if (process.env[CONTRAST_CONFIG_PATH] === os.devNull) return fileConfig;
+
+      this._filepaths = [process.env[CONTRAST_CONFIG_PATH]];
+    } else {
+      for (const dirs of this._configDirs()) {
+        for (const dir of dirs) {
+          const currentPath = path.resolve(dir, 'contrast_security.yaml');
+          if (fs.existsSync(currentPath)) {
+            this._filepaths.push(currentPath);
+          }
         }
+        if (this._filepaths.length > 0) break;
       }
     }
 
-    const { _filepath } = this;
-
-    // deliberately ignore /dev/null (linux) and \\.\\nul (windows)
-    if (_filepath && _filepath !== os.devNull) {
+    for (const filepath of this._filepaths) {
       let fileContents;
 
       try {
-        fileContents = fs.readFileSync(_filepath, 'utf-8');
+        fileContents = fs.readFileSync(filepath, 'utf-8');
       } catch (e) {
-        const err = new Error(`Unable to read Contrast configuration file: '${_filepath}'`);
+        const err = new Error(`Unable to read Contrast configuration file: '${filepath}'`);
         err.cause = e;
         this._errors.push(err);
       }
 
       if (fileContents) {
         try {
-          fileConfig = yaml.parse(fileContents, { prettyErrors: true });
+          const yamlConfig = yaml.parse(fileContents, { prettyErrors: true });
+
+          if (yamlConfig.root) {
+            this._filepaths = [filepath];
+            return yamlConfig;
+          } else {
+            fileConfig = merge(yamlConfig, fileConfig, { arrayMerge });
+          }
         } catch (e) {
-          const err = new Error(`Contrast configuration file is malformed: '${_filepath}'`);
+          const err = new Error(`Contrast configuration file is malformed: '${filepath}'`);
           this._errors.push(err);
           err.cause = e;
         }
@@ -229,7 +245,11 @@ module.exports = class Config {
     }
 
     // this is not a common config value
-    this.setValue('preinstrument', !!process.env.CONTRAST_PREINSTRUMENT, ConfigSource.ENVIRONMENT_VARIABLE);
+    this.setValue(
+      'preinstrument',
+      !!process.env.CONTRAST_PREINSTRUMENT,
+      process.env.CONTRAST_PREINSTRUMENT ? ConfigSource.ENVIRONMENT_VARIABLE : ConfigSource.DEFAULT_VALUE,
+    );
   }
 
   _redact(name, value) {
@@ -247,7 +267,7 @@ module.exports = class Config {
     }
   }
 
-  getReport({ redact = true }) {
+  getReport({ redact = true, stringify = true } = {}) {
     const report = {
       report_create: new Date(),
       config: {
@@ -257,10 +277,12 @@ module.exports = class Config {
     const effective_config = [], environment_variable = [], contrast_ui = [];
 
     Array.from(this._effectiveMap.values()).forEach((v) => {
-      let { value, name, canonical_name, source } = v;
+      let { value } = v;
       if (value === null) return;
+
+      const { name, canonical_name, source } = v;
       if (redact) value = this._redact(name, value);
-      value = String(value);
+      if (stringify) value = String(value);
 
       effective_config.push({ value, name, canonical_name, source });
 

package/node_modules/@contrast/config/lib/index.d.ts

@@ -52,7 +52,7 @@ export interface ConfigOption<T> {
 }
 
 export interface Config {
-  _filepath: string;
+  _filepaths: string[];
   _effectiveMap: Map<string, EffectiveEntry<any>>;
   _errors: Error[];
   _status: string,
@@ -63,6 +63,7 @@ export interface Config {
     args?: any[];
   }[];
 
+  preinstrument: boolean,
 
   api: {
     /** Default: `true` */
@@ -319,7 +320,7 @@ export interface Config {
   };
   getEffectiveSource(cannonicalName: string): string;
   getEffectiveValue<T = any>(cannonicalName: string): T;
-  getReport({ redact: boolean }): any;
+  getReport(opts?: { redact?: boolean, stringify?: boolean }): any;
   setValue<T = any>(name: string, value: T, source: string): void;
 }
 

package/node_modules/@contrast/config/lib/options.js

@@ -194,25 +194,25 @@ const options = [
   },
   {
     name: 'api.certificate.ca_file',
-    description: 'Set the absolute or relative path to a CA for communication with the Contrast UI using a self-signed certificate.',
+    desc: 'Set the absolute or relative path to a CA for communication with the Contrast UI using a self-signed certificate.',
     arg: '<path>',
     fn: toAbsolutePath,
   },
   {
     name: 'api.certificate.cert_file',
-    description: 'Set the absolute or relative path to the Certificate PEM file for communication with the Contrast UI.',
+    desc: 'Set the absolute or relative path to the Certificate PEM file for communication with the Contrast UI.',
     arg: '<path>',
     fn: toAbsolutePath,
   },
   {
     name: 'api.certificate.key_file',
-    description: 'Set the absolute or relative path to the Key PEM file for communication with the Contrast UI.',
+    desc: 'Set the absolute or relative path to the Key PEM file for communication with the Contrast UI.',
     arg: '<path>',
     fn: toAbsolutePath,
   },
   {
     name: 'api.certificate.ignore_cert_errors',
-    description: 'When set to `true`, the agent ignores certificate verification errors when the agent communicates with the Contrast UI.',
+    desc: 'When set to `true`, the agent ignores certificate verification errors when the agent communicates with the Contrast UI.',
     arg: '[true]',
     default: false,
   },

package/node_modules/@contrast/config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/config",
-  "version": "1.49.1",
+  "version": "1.50.0",
   "description": "An API for discovering Contrast agent configuration data",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,8 +20,9 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.1",
-    "@contrast/core": "1.54.1",
+    "@contrast/common": "1.35.0",
+    "@contrast/core": "1.55.0",
+    "deepmerge": "^4.3.1",
     "yaml": "^2.2.2"
   }
 }

package/node_modules/@contrast/core/lib/sensitive-data-masking/protect-listener.js

@@ -27,8 +27,8 @@ module.exports = function (core) {
     sensitiveDataMasking: { policy, getRedactedText, traverseAndMask },
   } = core;
 
-  messages.on(Event.PROTECT, (msg) => {
-    if (!msg.protect || !policy.keywordSets.length) {
+  messages.on(Event.PROTECT, (store) => {
+    if (!store.protect || !policy.keywordSets.length || !store.sourceInfo) {
       return;
     }
 
@@ -36,33 +36,33 @@ module.exports = function (core) {
 
     const unmasked = policy.maskAttackVector ? new Set() : undefined;
     if (policy.maskHttpBody) {
-      msg.protect.parsedBody = `${CONTRAST_REDACTED}-body`;
+      store.protect.parsedBody = `${CONTRAST_REDACTED}-body`;
     } else {
-      traverseAndMask(msg.protect?.parsedBody, unmasked);
+      traverseAndMask(store.protect?.parsedBody, unmasked);
     }
 
-    traverseAndMask(msg.protect?.parsedCookies, unmasked);
-    traverseAndMask(msg.protect?.parsedQuery, unmasked);
+    traverseAndMask(store.protect?.parsedCookies, unmasked);
+    traverseAndMask(store.protect?.parsedQuery, unmasked);
 
     // Do parsed URL path params and urlPath together
-    const params = msg.protect?.parsedParams;
+    const params = store.protect?.parsedParams;
     if (params) {
       for (const [key, value] of Object.entries(params)) {
         const redactedText = getRedactedText(key);
         if (redactedText) {
           const encoded = encodeURIComponent(value);
-          msg.protect.reqData.uriPath = StringPrototypeReplace.call(
-            msg.protect.reqData.uriPath,
+          store.sourceInfo.uriPath = StringPrototypeReplace.call(
+            store.sourceInfo.uriPath,
             encoded,
             redactedText
           );
-          msg.protect.parsedParams[key] = redactedText;
+          store.protect.parsedParams[key] = redactedText;
         }
       }
     }
 
     // raw headers
-    const headers = msg.protect?.reqData.headers;
+    const headers = store.sourceInfo.rawHeaders;
     for (let i = 0; i <= headers.length - 2; i += 2) {
       const key = headers[i];
 
@@ -73,20 +73,20 @@ module.exports = function (core) {
     }
 
     // raw queries
-    if (msg.protect?.reqData?.queries) {
-      const searchParams = new URLSearchParams(msg.protect.reqData.queries);
+    if (store.sourceInfo?.queries) {
+      const searchParams = new URLSearchParams(store.sourceInfo.queries);
       for (const [key] of searchParams) {
         const redactedText = getRedactedText(key);
         if (redactedText) {
           searchParams.set(key, redactedText);
         }
       }
-      msg.protect.reqData.queries = searchParams.toString();
+      store.sourceInfo.queries = searchParams.toString();
     }
 
     if (policy.maskAttackVector) {
       // attack values
-      const inputAnalysis = Object.entries(msg.protect?.resultsMap);
+      const inputAnalysis = Object.entries(store.protect?.resultsMap);
       for (const [, results] of inputAnalysis) {
         for (const result of results) {
           const redactedText = getRedactedText(result.key);

package/node_modules/@contrast/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/core",
-  "version": "1.54.1",
+  "version": "1.55.0",
   "description": "Preconfigured Contrast agent core services and models",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -19,15 +19,15 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.1",
-    "@contrast/config": "1.49.1",
+    "@contrast/common": "1.35.0",
+    "@contrast/config": "1.50.0",
     "@contrast/find-package-json": "^1.1.0",
     "@contrast/fn-inspect": "^4.3.0",
-    "@contrast/logger": "1.27.1",
-    "@contrast/patcher": "1.26.1",
+    "@contrast/logger": "1.28.0",
+    "@contrast/patcher": "1.27.0",
     "@contrast/perf": "1.3.1",
     "@tsxper/crc32": "^2.1.3",
-    "axios": "^1.7.4",
+    "axios": "^1.11.0",
     "semver": "^7.6.0"
   }
 }

package/node_modules/@contrast/deadzones/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/deadzones",
-  "version": "1.26.1",
+  "version": "1.27.0",
   "description": "Configures Contrast agent services and instrumentation within an application",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,9 +20,9 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.1",
-    "@contrast/dep-hooks": "1.23.1",
-    "@contrast/patcher": "1.26.1",
-    "@contrast/scopes": "1.24.1"
+    "@contrast/common": "1.35.0",
+    "@contrast/dep-hooks": "1.24.0",
+    "@contrast/patcher": "1.27.0",
+    "@contrast/scopes": "1.25.0"
   }
 }

package/node_modules/@contrast/dep-hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/dep-hooks",
-  "version": "1.23.1",
+  "version": "1.24.0",
   "description": "Post hooks for Module.prototype.require",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,9 +21,9 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.1",
+    "@contrast/common": "1.35.0",
     "@contrast/find-package-json": "^1.1.0",
-    "@contrast/logger": "1.27.1",
+    "@contrast/logger": "1.28.0",
     "semver": "^7.6.3"
   }
 }

package/node_modules/@contrast/esm-hooks/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/esm-hooks",
-  "version": "2.28.1",
+  "version": "2.29.0",
   "type": "module",
   "description": "Support for loading and instrumenting ECMAScript modules",
   "license": "SEE LICENSE IN LICENSE",
@@ -22,11 +22,11 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.1",
-    "@contrast/config": "1.49.1",
-    "@contrast/core": "1.54.1",
+    "@contrast/common": "1.35.0",
+    "@contrast/config": "1.50.0",
+    "@contrast/core": "1.55.0",
     "@contrast/find-package-json": "^1.1.0",
-    "@contrast/logger": "1.27.1",
-    "@contrast/rewriter": "1.30.1"
+    "@contrast/logger": "1.28.0",
+    "@contrast/rewriter": "1.31.0"
   }
 }

package/node_modules/@contrast/instrumentation/lib/index.js

@@ -31,5 +31,4 @@ module.exports = function(core) {
       installers[moduleName](opts);
     },
   };
-
 };

package/node_modules/@contrast/instrumentation/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/instrumentation",
-  "version": "1.33.1",
+  "version": "1.34.0",
   "description": "Shared hooks and patches between Protect and Assess components",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,9 +20,9 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.1",
-    "@contrast/dep-hooks": "1.23.1",
-    "@contrast/logger": "1.27.1",
-    "@contrast/patcher": "1.26.1"
+    "@contrast/common": "1.35.0",
+    "@contrast/dep-hooks": "1.24.0",
+    "@contrast/logger": "1.28.0",
+    "@contrast/patcher": "1.27.0"
   }
 }