@contrast/agent-bundle 5.40.0 → 5.42.0

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/translations.d.ts

@@ -1,7 +1,7 @@
-import { ProtectMessage } from '@contrast/common';
+import { RequestStore } from '@contrast/common';
 import { AttackModel } from '../../types';
-export declare function handleProtectMessage(protectMsg: ProtectMessage): {
+export declare function handleProtectMessage(store: RequestStore): {
     userAgent: string | null;
     attackModel: AttackModel | null;
-};
+} | null;
 //# sourceMappingURL=translations.d.ts.map

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/translations.js

@@ -166,8 +166,8 @@ const xxeSemanticAnalysisDetailsBuilder = (el) => {
     }, exploitMetadata);
     return exploitMetadata;
 };
-const buildRequestObject = (reqData) => {
-    const searchParams = new URLSearchParams(reqData.queries);
+const buildRequestObject = (sourceInfo) => {
+    const searchParams = new URLSearchParams(sourceInfo.queries);
     const parameters = {};
     for (const [key, value] of searchParams) {
         if (parameters[key]) {
@@ -178,14 +178,14 @@ const buildRequestObject = (reqData) => {
         }
     }
     const headers = {};
-    for (let i = 0; i < reqData.headers.length; i += 2) {
-        headers[reqData.headers[i]] = StringPrototypeSplit.call(reqData.headers[i + 1], /[,;]+/);
+    for (let i = 0; i < sourceInfo.rawHeaders.length; i += 2) {
+        headers[sourceInfo.rawHeaders[i]] = StringPrototypeSplit.call(sourceInfo.rawHeaders[i + 1], /[,;]+/);
     }
     return {
-        version: reqData.httpVersion,
-        method: reqData.method,
-        uri: reqData.uriPath,
-        queryString: reqData.queries,
+        version: sourceInfo.httpVersion,
+        method: sourceInfo.method,
+        uri: sourceInfo.uriPath,
+        queryString: sourceInfo.queries,
         parameters,
         headers,
     };
@@ -247,26 +247,27 @@ const buildProtectionRules = (results, requestPayload, time, isBlockMode, detail
         return;
     return accumulator;
 };
-const buildDefendPayload = (protect) => {
-    const requestPayload = buildRequestObject(protect.reqData);
+const buildDefendPayload = (store) => {
+    const { sourceInfo, protect } = store;
+    const requestPayload = buildRequestObject(store.sourceInfo);
     const time = Date.now();
     let hasAttack = false;
     const defendObject = {
-        source: { ip: protect.reqData.ip },
+        source: { ip: store.sourceInfo.ip },
         protectionRules: {},
     };
-    const sqlInjection = protect.resultsMap[common_1.Rule.SQL_INJECTION];
+    const sqlInjection = store.protect.resultsMap[common_1.Rule.SQL_INJECTION];
     if (sqlInjection) {
-        const isBlockMode = protect.policy[common_1.Rule.SQL_INJECTION] === 'block';
+        const isBlockMode = store.protect.policy[common_1.Rule.SQL_INJECTION] === 'block';
         const protectionRules = buildProtectionRules(sqlInjection, requestPayload, time, isBlockMode, sqlInjectionDetailsBuilder);
         if (protectionRules) {
             defendObject.protectionRules[common_1.Rule.SQL_INJECTION] = protectionRules;
             hasAttack = true;
         }
     }
-    const cmdInjection = protect.resultsMap[common_1.Rule.CMD_INJECTION];
+    const cmdInjection = store.protect.resultsMap[common_1.Rule.CMD_INJECTION];
     if (cmdInjection) {
-        const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION] === 'block';
+        const isBlockMode = store.protect.policy[common_1.Rule.CMD_INJECTION] === 'block';
         const protectionRules = buildProtectionRules(cmdInjection, requestPayload, time, isBlockMode, cmdInjectionDetailsBuilder);
         if (protectionRules) {
             defendObject.protectionRules[common_1.Rule.CMD_INJECTION] = protectionRules;
@@ -442,10 +443,10 @@ const buildDefendPayload = (protect) => {
     }
     const botBlocker = protect.resultsMap[common_1.Rule.BOT_BLOCKER];
     if (botBlocker) {
-        const uaIdx = protect.reqData.headers.indexOf('user-agent');
+        const uaIdx = sourceInfo.rawHeaders.indexOf('user-agent');
         const protectionRules = buildProtectionRules(botBlocker, requestPayload, time, true, (result) => ({
             bot: result?.idsList?.[0],
-            userAgent: protect.reqData.headers[uaIdx + 1],
+            userAgent: sourceInfo.rawHeaders[uaIdx + 1],
         }));
         if (protectionRules) {
             defendObject.protectionRules[common_1.Rule.BOT_BLOCKER] = protectionRules;
@@ -454,16 +455,18 @@ const buildDefendPayload = (protect) => {
     }
     return hasAttack ? defendObject : null;
 };
-function handleProtectMessage(protectMsg) {
+function handleProtectMessage(store) {
+    if (!store.sourceInfo || !store.protect)
+        return null;
     const attackers = {
         userAgent: null,
         attackModel: null,
     };
-    const userAgentIndex = protectMsg.reqData.headers.findIndex((el) => el === 'user-agent');
+    const userAgentIndex = store.sourceInfo.rawHeaders.findIndex((el) => el === 'user-agent');
     attackers.userAgent = userAgentIndex != -1
-        ? protectMsg.reqData.headers[userAgentIndex + 1]
+        ? store.sourceInfo.rawHeaders[userAgentIndex + 1]
         : null;
-    attackers.attackModel = buildDefendPayload(protectMsg);
+    attackers.attackModel = buildDefendPayload(store);
     return attackers;
 }
 exports.handleProtectMessage = handleProtectMessage;

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/index.d.ts

@@ -2,21 +2,22 @@ import { AxiosInstance } from 'axios';
 import { RequestStore } from '@contrast/common';
 import BaseReporter, { Core } from '../../../base';
 import NgEndpoint from '../ng-endpoint';
-export declare enum States {
-    INCOMPLETE = "INCOMPLETE",
-    COMPLETE = "COMPLETE"
-}
-export type Accum = {
-    messages: any[];
-    request?: any;
+export type AbstractFinding = {
+    events?: any[];
+    properties?: any;
+    ruleId: string;
+    time: number;
     routes?: any[];
-    state: States;
+};
+export type SourceFindingsAccum = {
+    findings: AbstractFinding[];
+    request?: any;
     store: RequestStore;
     timestamp: number;
 };
 export default class Traces extends NgEndpoint {
     hashSet: Set<any>;
-    accumMap: Map<RequestStore, Accum>;
+    findingsAccum: Map<RequestStore, SourceFindingsAccum>;
     reporter: BaseReporter;
     inProd: boolean;
     eventDetail: string;
@@ -26,8 +27,7 @@ export default class Traces extends NgEndpoint {
     initMessageListeners(): void;
     initIntervals(): void;
     getStore(msg: any): RequestStore | null;
-    getAccum(store: RequestStore): Accum;
-    initiateCompletenessCondition(accum: Accum): void;
+    getFindingsAccum(msg: any): SourceFindingsAccum | null;
     put(): Promise<void>;
     filter(): Promise<null | any[]>;
 }

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/index.js

@@ -40,26 +40,19 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.States = void 0;
 const common_1 = require("@contrast/common");
 const ng_endpoint_1 = __importDefault(require("../ng-endpoint"));
 const tx = __importStar(require("./translations"));
 const { StringPrototypeSplit } = common_1.primordials;
-var States;
-(function (States) {
-    States["INCOMPLETE"] = "INCOMPLETE";
-    States["COMPLETE"] = "COMPLETE";
-})(States || (exports.States = States = {}));
-// wait this long after request finishes before reporting in case findings occur in async activity
-const REPORT_WAIT_MS = 3000;
-const PROD = 'PRODUCTION';
+const FINDING_QUEUE_FLUSH_INTERVAL_MS = 2000;
+const DEDUPE_HASH_RESET_INTERVAL = 3000;
 class Traces extends ng_endpoint_1.default {
     constructor(core, uiReporter) {
         super(core, { ...uiReporter, url: '/api/ng/traces' });
         this.hashSet = new Set();
-        this.accumMap = new Map();
+        this.findingsAccum = new Map();
         this.reporter = uiReporter;
-        this.inProd = this.core.config.getEffectiveValue('server.environment') === PROD;
+        this.inProd = this.core.config.getEffectiveValue('server.environment') === common_1.ServerEnvironment.PRODUCTION;
         this.eventDetail = this.core.config.getEffectiveValue('assess.probabilistic_sampling.event_detail');
         this.initMessageListeners();
         this.initIntervals();
@@ -67,80 +60,76 @@ class Traces extends ng_endpoint_1.default {
     initMessageListeners() {
         this.reporter.subscribeWithLock(common_1.Event.SERVER_SETTINGS_UPDATE, (msg) => {
             // reset based on effective value
-            this.inProd = this.core.config.getEffectiveValue('server.environment') === PROD;
+            this.inProd = this.core.config.getEffectiveValue('server.environment') === common_1.ServerEnvironment.PRODUCTION;
         });
         this.reporter.subscribeWithLock(common_1.Event.ASSESS_DATAFLOW_FINDING, (msg) => {
-            const { ruleId, sinkEvent } = msg;
-            const store = this.getStore(msg);
-            if (!store)
+            const accum = this.getFindingsAccum(msg);
+            if (!accum)
                 return;
-            this.getAccum(store).messages.push({
+            const { store: { route } } = accum;
+            const { ruleId, sinkEvent } = msg;
+            accum.findings.push({
                 events: tx.getTraceEvents(sinkEvent, this.inProd, this.eventDetail),
                 properties: sinkEvent.properties,
+                routes: route ? tx.getRoutes(route, this.inProd) : undefined,
                 ruleId: ruleId === common_1.Rule.NOSQL_INJECTION_MONGO ? common_1.Rule.NOSQL_INJECTION : ruleId,
                 time: Date.now(),
             });
         });
         this.reporter.subscribeWithLock(common_1.Event.ASSESS_RESPONSE_SCANNING_FINDING, (msg) => {
-            const { ruleId, vulnerabilityMetadata } = msg;
-            const store = this.getStore(msg);
-            if (!store)
+            const accum = this.getFindingsAccum(msg);
+            if (!accum)
                 return;
-            this.getAccum(store).messages.push({
+            const { store: { route } } = accum;
+            const { ruleId, vulnerabilityMetadata } = msg;
+            accum.findings.push({
                 properties: vulnerabilityMetadata,
+                routes: route ? tx.getRoutes(route, this.inProd) : undefined,
                 ruleId,
                 time: Date.now(),
             });
         });
         this.reporter.subscribeWithLock(common_1.Event.ASSESS_SESSION_CONFIGURATION_FINDING, (msg) => {
-            const { ruleId, sinkEvent, properties } = msg;
-            const store = this.getStore(msg);
-            if (!store)
+            const accum = this.getFindingsAccum(msg);
+            if (!accum)
                 return;
-            this.getAccum(store).messages.push({
+            const { store: { route } } = accum;
+            const { ruleId, sinkEvent, properties } = msg;
+            accum.findings.push({
                 events: tx.getTraceEvents(sinkEvent, this.inProd, this.eventDetail),
                 properties,
+                routes: route ? tx.getRoutes(route, this.inProd) : undefined,
                 ruleId,
                 time: Date.now(),
             });
         });
         this.reporter.subscribeWithLock(common_1.Event.ASSESS_CRYPTO_ANALYSIS_FINDING, (msg) => {
-            const { ruleId, finding } = msg;
-            const store = this.getStore(msg);
-            if (!store)
+            const accum = this.getFindingsAccum(msg);
+            if (!accum)
                 return;
-            this.getAccum(store).messages.push({
+            const { store: { route } } = accum;
+            const { ruleId, finding } = msg;
+            accum.findings.push({
                 events: [tx.getCryptoEvent(finding)],
+                routes: route ? tx.getRoutes(route, this.inProd) : undefined,
                 ruleId,
                 time: Date.now(),
             });
         });
-        this.reporter.subscribeWithLock(common_1.Event.RESPONSE_FINISH, (store) => {
-            const { route, assess } = store;
-            // this event is emitted by agentify and is feature agnostic,
-            // so we need to check if the current request has assess enabled.
-            if (!assess?.policy)
-                return;
-            const accum = this.getAccum(store);
-            if (route) {
-                accum.routes = tx.getRoutes(route, this.inProd);
-            }
-            if (store?.assess?.reqData) {
-                accum.request = tx.getRequest(store, this.inProd);
-            }
-            this.initiateCompletenessCondition(accum);
-        });
         this.reporter.subscribeWithLock(common_1.Event.UNINSTALL, () => {
             // should we log that we're dropping this data?
             this.hashSet.clear();
-            this.accumMap.clear();
+            this.findingsAccum.clear();
         });
     }
     initIntervals() {
+        this.reporter.setInterval(() => {
+            this.put();
+        }, FINDING_QUEUE_FLUSH_INTERVAL_MS);
         this.reporter.setInterval(() => {
             // this will take a little bit of pressure off of TS /preflight if we can dedupe
             this.hashSet.clear();
-        }, 3000);
+        }, DEDUPE_HASH_RESET_INTERVAL);
     }
     getStore(msg) {
         const store = this.core.scopes.sources.getStore();
@@ -151,23 +140,27 @@ class Traces extends ng_endpoint_1.default {
         }, 'skipping traces accumulation - no source info during event handling');
         return null;
     }
-    getAccum(store) {
-        let meta = this.accumMap.get(store);
-        if (!meta) {
-            meta = {
-                messages: [],
-                state: States.INCOMPLETE,
+    getFindingsAccum(msg) {
+        const store = this.getStore(msg);
+        if (!store?.assess?.policy)
+            return null;
+        let accum = this.findingsAccum.get(store);
+        if (!accum) {
+            accum = {
+                findings: [],
+                request: null,
                 store,
-                timestamp: Date.now(),
+                timestamp: Date.now()
             };
-            this.accumMap.set(store, meta);
+            this.findingsAccum.set(store, accum);
         }
-        return meta;
-    }
-    initiateCompletenessCondition(accum) {
-        setTimeout(() => {
-            accum.state = States.COMPLETE;
-        }, REPORT_WAIT_MS).unref();
+        if (accum.request) {
+            // todo: make sure standardNormalizedUri value is up-to-date given latest store data
+        }
+        else {
+            accum.request = tx.getRequest(store, this.inProd);
+        }
+        return accum;
     }
     async put() {
         const filtered = await this.filter();
@@ -201,36 +194,33 @@ class Traces extends ng_endpoint_1.default {
         }
     }
     async filter() {
-        const complete = [];
-        for (const accum of this.accumMap.values()) {
-            if (accum.state === States.COMPLETE) {
-                this.accumMap.delete(accum.store);
-                // flatten
-                accum.messages.forEach(({ ruleId, events, properties, time }) => {
-                    const traceData = {
-                        ruleId,
-                        properties,
-                        events,
-                        routes: accum.routes,
-                        request: accum.request,
-                        time
-                    };
-                    const hash = tx.getEventHash(traceData);
-                    if (!this.hashSet.has(hash)) {
-                        this.hashSet.add(hash);
-                        complete.push({ ...traceData, hash });
-                    }
-                });
-            }
+        const findingsToFilter = [];
+        for (const accum of this.findingsAccum.values()) {
+            accum.findings.forEach(({ events, properties, routes, ruleId, time }) => {
+                const traceData = {
+                    ruleId,
+                    properties,
+                    events,
+                    routes,
+                    request: accum.request,
+                    time
+                };
+                const hash = tx.getEventHash(traceData);
+                if (!this.hashSet.has(hash)) {
+                    this.hashSet.add(hash);
+                    findingsToFilter.push({ ...traceData, hash });
+                }
+            });
         }
-        if (!complete.length)
+        this.findingsAccum.clear();
+        if (!findingsToFilter.length)
             return null;
         try {
             const res = await this.client({
                 method: 'put',
                 url: 'api/ng/preflight',
                 data: {
-                    messages: complete.map((traceData, i) => {
+                    messages: findingsToFilter.map((traceData, i) => {
                         const { ruleId, routes, hash } = traceData;
                         return {
                             appLanguage: 'Node',
@@ -246,14 +236,14 @@ class Traces extends ng_endpoint_1.default {
                     tags: this.core.config.assess.tags || '',
                 }
             });
-            const itemsToReport = [];
+            const findingsToReport = [];
             // eslint-disable-next-line @typescript-eslint/ban-ts-comment
             // @ts-ignore
             for (const idx of StringPrototypeSplit.call(res.data, ',')) {
-                const item = complete[Number(idx)];
-                item && itemsToReport.push(item);
+                const item = findingsToFilter[Number(idx)];
+                item && findingsToReport.push(item);
             }
-            return itemsToReport;
+            return findingsToReport;
         }
         catch (err) {
             this.core.logger.error({ err }, 'failed put request to preflight');

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/translations.d.ts

@@ -1,4 +1,3 @@
-import { RequestStore } from '@contrast/common';
 import { Signature, TraceEvent } from './types';
 export declare function getTaintRanges(tags: Record<string, number[]>): Record<string, string>[];
 export declare function getEventAction(event: any): string;
@@ -16,7 +15,7 @@ export declare function getRoutes(route: any, prod?: boolean): {
     signature: any;
 }[];
 export declare function maskSensitiveRequestData(req: any): any;
-export declare function getRequest(store: RequestStore, prod?: boolean): any;
+export declare function getRequest(store: any, prod?: boolean): any;
 export declare function maskSensitiveTraceData(event: any): any;
 export declare function getTraceEvents(sinkEvent: any, prod: boolean, eventDetail: string): TraceEvent[];
 //# sourceMappingURL=translations.d.ts.map

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/translations.js

@@ -272,10 +272,16 @@ function maskSensitiveRequestData(req) {
 }
 exports.maskSensitiveRequestData = maskSensitiveRequestData;
 function getRequest(store, prod) {
-    const { assess: { reqData: { method, headers: reqHeaders, httpVersion, queries: queryString, uriPath: uri, } }, route, } = store;
+    const { 
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     // @ts-ignore
-    const headers = Object.entries(reqHeaders).reduce((acc, [key, val]) => Object.assign(acc, { [key]: StringPrototypeSplit.call(val, ';') }), {});
+    sourceInfo: { method, rawHeaders, httpVersion, queries: queryString, uriPath: uri, }, route, } = store;
+    const headers = {};
+    for (let idx = 0; idx < rawHeaders.length - 1; idx += 2) {
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        headers[rawHeaders[idx]] = StringPrototypeSplit.call(rawHeaders[idx + 1], ';');
+    }
     const request = {
         body: undefined,
         headers,

package/node_modules/@contrast/reporter/lib/reporters/security-logger/index.d.ts

@@ -27,8 +27,8 @@ export default class SecurityLogger extends BaseReporter {
     private buildMetadata;
     private handleProtectResult;
     install(): Promise<void>;
-    handleAssessEvent(msg: RequestStore): void;
-    handleProtectEvent(msg: RequestStore): void;
+    handleAssessEvent(store: RequestStore): void;
+    handleProtectEvent(store: RequestStore): void;
 }
 export {};
 //# sourceMappingURL=index.d.ts.map

package/node_modules/@contrast/reporter/lib/reporters/security-logger/index.js

@@ -98,8 +98,8 @@ class SecurityLogger extends base_1.default {
             });
         });
         if (core.config.protect.enable) {
-            this.subscribeWithLock(common_1.Event.PROTECT, (msg) => {
-                this.handleProtectEvent(msg);
+            this.subscribeWithLock(common_1.Event.PROTECT, (store) => {
+                this.handleProtectEvent(store);
             });
         }
     }
@@ -142,25 +142,27 @@ class SecurityLogger extends base_1.default {
             });
         }
     }
-    buildMetadata(reqData, outcome) {
+    buildMetadata(sourceInfo, outcome) {
         return {
-            src: reqData.ip,
+            src: sourceInfo.ip,
             spt: '-', // do we have port data?
-            requestMethod: reqData.method,
-            request: reqData.uriPath,
+            requestMethod: sourceInfo.method,
+            request: sourceInfo.uriPath,
             app: this.appInfo.name,
             outcome,
         };
     }
-    handleProtectResult(protect, rule, result) {
-        const mode = protect.policy[rule] || common_1.ProtectRuleMode.OFF;
+    handleProtectResult(store, rule, result) {
+        if (!store?.protect && !store?.sourceInfo)
+            return;
+        const mode = store.protect?.policy[rule] || common_1.ProtectRuleMode.OFF;
         if (mode === common_1.ProtectRuleMode.OFF)
             return;
         if (rule === common_1.Rule.BOT_BLOCKER) {
             const level = this.loggerConfig.syslog.severity_blocked;
             this.log(level, {
                 bbi: 'Contrast Bot Blocker',
-                ...this.buildMetadata(protect.reqData, 'success'),
+                ...this.buildMetadata(store.sourceInfo, 'success'),
             }, messages.botBlocker(result));
             return;
         }
@@ -193,25 +195,25 @@ class SecurityLogger extends base_1.default {
         }
         this.log(level, {
             pri: result.mappedId,
-            ...this.buildMetadata(protect.reqData, outcome),
+            ...this.buildMetadata(store.sourceInfo, outcome),
         }, message(result));
     }
     async install() { }
     /* c8 ignore next 3 */
-    handleAssessEvent(msg) {
+    handleAssessEvent(store) {
         // Assess NYI
     }
-    handleProtectEvent(msg) {
-        if (!msg.protect)
+    handleProtectEvent(store) {
+        if (!store.protect || !store.sourceInfo)
             return;
-        const { protect } = msg;
+        const { protect, sourceInfo } = store;
         const virtualPatchResults = protect.resultsMap[common_1.Rule.VIRTUAL_PATCH];
         if (virtualPatchResults) {
             virtualPatchResults.forEach((result) => {
                 const level = this.loggerConfig.syslog.severity_blocked;
                 this.log(level, {
                     vpi: result.uuid,
-                    ...this.buildMetadata(protect.reqData, 'success'),
+                    ...this.buildMetadata(sourceInfo, 'success'),
                 }, messages.virtualPatch(result));
             });
         }
@@ -221,24 +223,24 @@ class SecurityLogger extends base_1.default {
                 const level = this.loggerConfig.syslog.severity_blocked;
                 this.log(level, {
                     bli: result.uuid,
-                    ...this.buildMetadata(protect.reqData, 'success'),
-                }, messages.ipDenyList(protect.reqData.ip, result));
+                    ...this.buildMetadata(sourceInfo, 'success'),
+                }, messages.ipDenyList(sourceInfo.ip, result));
             });
         }
         const { commonResultsMap, hardeningResultsMap, semanticResultsMap } = (0, common_1.groupResultsMap)(protect.resultsMap);
         Object.entries(commonResultsMap).forEach(([rule, results]) => {
             results.forEach((result) => {
-                this.handleProtectResult(protect, rule, result);
+                this.handleProtectResult(store, rule, result);
             });
         });
         Object.entries(hardeningResultsMap).forEach(([rule, results]) => {
             results.forEach((result) => {
-                this.handleProtectResult(protect, rule, result);
+                this.handleProtectResult(store, rule, result);
             });
         });
         Object.entries(semanticResultsMap).forEach(([rule, results]) => {
             results.forEach((result) => {
-                this.handleProtectResult(protect, rule, result);
+                this.handleProtectResult(store, rule, result);
             });
         });
     }

package/node_modules/@contrast/reporter/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/reporter",
-  "version": "1.51.2",
+  "version": "1.53.0",
   "description": "Subscribes to agent messages and reports them",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,13 +21,13 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.2",
-    "@contrast/config": "1.49.2",
-    "@contrast/core": "1.54.2",
-    "@contrast/logger": "1.27.2",
+    "@contrast/common": "1.35.0",
+    "@contrast/config": "1.50.0",
+    "@contrast/core": "1.55.0",
+    "@contrast/logger": "1.28.0",
     "@contrast/perf": "1.3.1",
-    "@contrast/scopes": "1.24.2",
-    "axios": "^1.7.4",
+    "@contrast/scopes": "1.25.0",
+    "axios": "^1.11.0",
     "crc-32": "^1.2.2",
     "safe-stable-stringify": "^2.4.1",
     "sonic-boom": "^3.2.0"

package/node_modules/@contrast/rewriter/lib/index.js

@@ -200,9 +200,9 @@ module.exports = function init(core) {
     parseSync('');
   } catch (cause) {
     // @ts-expect-error TS hates errors.
-    throw cause.message === 'Bindings not found.'
+    throw cause.message === 'Failed to load native binding'
       ? new Error(
-        `Contrast cannot detect the correct precompiled dependencies for the current environment: ${platform()}-${arch()}. This typically occurs when deploying an installation from one environment to a different execution environment.`,
+        `Contrast cannot detect the correct precompiled dependencies for the current environment: ${platform()}-${arch()}. This typically occurs when deploying an installation from one environment to a different execution environment or when the \`--omit=optional\` or \`--no-optional\` flags are provided to \`npm install\`.`,
         // @ts-expect-error `cause` requires ts to target es2022 or above, which corresponds to Node 17+, despite being added to Node in 16.9.
         { cause },
       )

package/node_modules/@contrast/rewriter/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/rewriter",
-  "version": "1.30.2",
+  "version": "1.31.0",
   "description": "A transpilation tool mainly used for instrumentation",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,11 +20,11 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/agent-swc-plugin": "3.0.0",
-    "@contrast/common": "1.34.2",
-    "@contrast/config": "1.49.2",
-    "@contrast/core": "1.54.2",
-    "@contrast/logger": "1.27.2",
+    "@contrast/agent-swc-plugin": "3.1.0",
+    "@contrast/common": "1.35.0",
+    "@contrast/config": "1.50.0",
+    "@contrast/core": "1.55.0",
+    "@contrast/logger": "1.28.0",
     "@swc/core": "1.11.24"
   }
 }