@contrast/agent-bundle 5.45.1 → 5.47.0

package/node_modules/@contrast/library-analysis/lib/install/library-reporting/index.js

@@ -32,21 +32,12 @@ const { createLibData, serializeLibrary, getFileCount } = require('../../util.js
  */
 
 /**
- * Formats libraries, and keeps track of nested modules.
- *
- * @param {Record<string, listInstalled.Result | string>} deps collection of dependencies from app root
- * @return {Record<string, FormattedResult>} formatted object
- */
-
-/**
- * @param {Record<string, FormattedResult>} deps
- * @param {Map<string, ReturnType<createLibData>>} libPathHashMap
+ * @param {Map<string, FormattedResult>} deps
+ * @param {Map<string, ReturnType<typeof createLibData>>} libPathHashMap
  * @param {import('@contrast/logger').Logger} logger
  */
 const processDependencies = (deps, libPathHashMap, logger) => {
-
   if (deps?.size) deps.forEach((dep) => {
-
     const { name, version } = dep;
 
     if (!version) {

package/node_modules/@contrast/library-analysis/lib/install/library-reporting/utils.js

@@ -16,6 +16,7 @@
 
 const fs = require('fs');
 const path = require('path');
+const semver = require('semver');
 
 const { primordials: { JSONParse } } = require('@contrast/common');
 
@@ -34,6 +35,7 @@ function parsePackage(filePath, logger) {
   let pkgInfo;
   try {
     pkgInfo = JSONParse(pkg);
+    pkgInfo.version = semver.clean(pkgInfo.version, { loose: true });
   } catch (err) {
     logger.warn({ err }, 'Error parsing package.json for %s', pkgPath);
   }

package/node_modules/@contrast/library-analysis/lib/install/library-usage/index.js

@@ -17,6 +17,7 @@
 const { readFileSync } = require('fs');
 const path = require('path');
 const { fileURLToPath } = require('url');
+const semver = require('semver');
 const { Event, primordials: { JSONParse } } = require('@contrast/common');
 const { setCodeEventListener } = require('@contrast/code-events');
 const { findPackageJsonSync } = require('@contrast/find-package-json');
@@ -53,8 +54,9 @@ module.exports = function init(core) {
     let info = libInfoMap.get(libDir);
     if (!info) {
       const { _shasum, dist, name, version } = JSONParse(readFileSync(manifest, 'utf-8'));
+      const cleanVersion = semver.clean(version ?? '', { loose: true }) ?? undefined; // `null` -> `undefined` for backwards compatibility
       info = {
-        hash: buildLibraryHash({ _shasum, dist, name, version }),
+        hash: buildLibraryHash({ _shasum, dist, name, version: cleanVersion }),
         names: new Set([relativePath]),
       };
       libInfoMap.set(libDir, info);

package/node_modules/@contrast/library-analysis/lib/util.js

@@ -45,9 +45,7 @@ function createLibData(data, tags) {
   };
 }
 
-
 function serializeLibrary(library) {
-
   const date = Date.now();
   return {
     externalDate: date,

package/node_modules/@contrast/library-analysis/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/library-analysis",
-  "version": "1.47.1",
+  "version": "1.49.0",
   "description": "Handles library reporting and library usage analysis",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,10 +21,10 @@
   },
   "dependencies": {
     "@contrast/code-events": "^4.0.2",
-    "@contrast/common": "1.37.0",
-    "@contrast/config": "1.52.1",
+    "@contrast/common": "1.38.0",
+    "@contrast/config": "1.54.0",
     "@contrast/find-package-json": "^1.1.0",
-    "@contrast/logger": "1.30.1",
+    "@contrast/logger": "1.32.0",
     "semver": "^7.6.0"
   }
 }

package/node_modules/@contrast/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/logger",
-  "version": "1.30.1",
+  "version": "1.32.0",
   "description": "Centralized logging for Contrast agent services",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,8 +21,8 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.37.0",
-    "@contrast/config": "1.52.1",
+    "@contrast/common": "1.38.0",
+    "@contrast/config": "1.54.0",
     "pino": "^8.15.0"
   }
 }

package/node_modules/@contrast/metrics/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/metrics",
-  "version": "1.34.1",
+  "version": "1.36.0",
   "description": "Records and logs route latency",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,10 +21,10 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.37.0",
-    "@contrast/config": "1.52.1",
-    "@contrast/dep-hooks": "1.26.1",
-    "@contrast/logger": "1.30.1",
-    "@contrast/patcher": "1.29.1"
+    "@contrast/common": "1.38.0",
+    "@contrast/config": "1.54.0",
+    "@contrast/dep-hooks": "1.28.0",
+    "@contrast/logger": "1.32.0",
+    "@contrast/patcher": "1.31.0"
   }
 }

package/node_modules/@contrast/patcher/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/patcher",
-  "version": "1.29.1",
+  "version": "1.31.0",
   "description": "Advanced monkey patching--registers hooks to run in and around functions",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,6 +20,6 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/logger": "1.30.1"
+    "@contrast/logger": "1.32.0"
   }
 }

package/node_modules/@contrast/protect/lib/error-handlers/index.js

@@ -28,7 +28,7 @@ module.exports = function(core) {
   require('./install/express')(core);
   require('./install/fastify')(core);
   require('./install/hapi')(core);
-  require('./install/koa2')(core);
+  require('./install/koa')(core);
   require('./install/restify')(core);
 
   errorHandlers.install = function() {

package/node_modules/@contrast/protect/lib/error-handlers/install/{koa2.js → koa.js}

@@ -27,10 +27,10 @@ module.exports = function (core) {
     protect,
   } = core;
 
-  const koa2ErrorHandler = protect.errorHandlers.koa2ErrorHandler = {};
+  const koaErrorHandler = protect.errorHandlers.koaErrorHandler = {};
 
-  koa2ErrorHandler.install = function () {
-    depHooks.resolve({ name: 'koa', version: '>=2.3.0 <3' }, (Koa) => {
+  koaErrorHandler.install = function () {
+    depHooks.resolve({ name: 'koa', version: '>=2.3.0 <4' }, (Koa) => {
       patcher.patch(Koa.prototype, 'handleRequest', {
         name: 'Koa.Application.handleRequest',
         patchType,
@@ -63,5 +63,5 @@ module.exports = function (core) {
     });
   };
 
-  return koa2ErrorHandler;
+  return koaErrorHandler;
 };

package/node_modules/@contrast/protect/lib/index.d.ts

@@ -122,7 +122,7 @@ export interface Protect {
       handler: (err: Error, request: IncomingMessage, reply: ServerResponse) => void,
       install: () => void
     }
-    koa2ErrorHandler: { install: () => void },
+    koaErrorHandler: { install: () => void },
     expressErrorHandler: { install: () => void },
     install: () => void,
   },

package/node_modules/@contrast/protect/lib/input-analysis/handlers.js

@@ -665,7 +665,6 @@ module.exports = Core.makeComponent({
       // Detecting probes
       const rulesMask = sourceContext.policy.getRulesMask();
       if (rulesMask == 0 || !config.protect.probe_analysis.enable) return;
-      const probeReports = [];
       const { resultsMap } = sourceContext;
       const probesRules = [Rule.CMD_INJECTION, Rule.PATH_TRAVERSAL, Rule.SQL_INJECTION, Rule.XXE];
       const probes = {};
@@ -734,7 +733,6 @@ module.exports = Core.makeComponent({
           }) || [];
           alibResult.forEach(result => {
             results.push({ value, ...result });
-            probeReports.push({ value, ...result });
             valueToResultByRuleId[value] = resultByRuleId;
           });
         });
@@ -756,16 +754,7 @@ module.exports = Core.makeComponent({
           probes[key] = probe;
         });
 
-      Object.values(probes).forEach(probe => {
-        if (!resultsMap[probe.ruleId]) {
-          resultsMap[probe.ruleId] = [];
-        }
-
-        resultsMap[probe.ruleId].push(probe);
-        probeReports.push(probe);
-      });
-
-      for (const result of probeReports) {
+      for (const result of Object.values(probes)) {
         core.protect.reportFinding({ result });
       }
     };

package/node_modules/@contrast/protect/lib/input-analysis/index.js

@@ -30,15 +30,14 @@ module.exports = function(core) {
   require('./install/body-parser')(core);
   require('./install/cookie-parser1')(core);
   require('./install/formidable1')(core);
-  require('./install/koa-body5')(core);
-  require('./install/koa-bodyparser4')(core);
+  require('./install/koa-bodyparsers')(core);
   require('./install/multer1')(core);
   require('./install/qs6')(core);
   require('./install/universal-cookie4')(core);
 
   // framework specific instrumentation
   require('./install/fastify')(core);
-  require('./install/koa2')(core);
+  require('./install/koa')(core);
   require('./install/express')(core);
   require('./install/hapi')(core);
   require('./install/restify')(core);

package/node_modules/@contrast/protect/lib/input-analysis/install/koa-bodyparsers.js

@@ -0,0 +1,92 @@
+/*
+ * Copyright: 2025 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+
+'use strict';
+
+const { patchType } = require('../constants');
+
+module.exports = (core) => {
+  const {
+    depHooks,
+    patcher,
+    protect,
+    protect: { inputAnalysis },
+  } = core;
+
+  function postFn(name) {
+    return function(data) {
+      data.result = patcher.patch(data.result, {
+        name,
+        patchType,
+        pre(data) {
+          const [ctx, origNext] = data.args;
+
+          async function contrastNext(origErr) {
+            const sourceContext = protect.getSourceContext();
+
+
+            if (sourceContext && ctx.request.body && Object.keys(ctx.request.body).length) {
+              sourceContext.parsedBody = ctx.request.body;
+              inputAnalysis.handleParsedBody(sourceContext, ctx.request.body);
+            }
+
+            await origNext(origErr);
+          }
+
+          data.args[1] = contrastNext;
+        }
+      });
+    };
+  }
+
+  function install() {
+    [['koa-body', '>=4 <6'], ['koa-bodyparser', '>=4 <5']].forEach(([name, version]) => {
+      depHooks.resolve({ name, version }, (koaBody) =>
+        patcher.patch(koaBody, {
+          name,
+          patchType,
+          post: postFn(name)
+        })
+      );
+    });
+
+    depHooks.resolve({ name: 'koa-body', version: '>=6 <7' }, (koaBody) =>
+      patcher.patch(koaBody, 'koaBody', {
+        name: 'koaBody',
+        patchType,
+        post: postFn('koa-body')
+      })
+    );
+
+    depHooks.resolve({ name: '@koa/bodyparser', version: '>=5 <7' }, (koaBody) => {
+      const patchedBodyParser = patcher.patch(koaBody.bodyParser, {
+        name: '@koa/bodyparser',
+        patchType,
+        post: postFn('@koa/bodyparser')
+      }
+      );
+      return {
+        default: patchedBodyParser,
+        bodyParser: patchedBodyParser
+      };
+    });
+  }
+
+  const koaBodyparserInstrumentation = inputAnalysis.koaBodyparserInstrumentation = {
+    install
+  };
+
+  return koaBodyparserInstrumentation;
+};

package/node_modules/@contrast/protect/lib/input-analysis/install/{koa2.js → koa.js}

@@ -34,7 +34,7 @@ module.exports = (core) => {
    * registers a depHook for koa module instrumentation
    */
   function install() {
-    depHooks.resolve({ name: 'koa', version: '>=2.3.0 <3' }, (Koa) => {
+    depHooks.resolve({ name: 'koa', version: '>=2.3.0 <4' }, (Koa) => {
       function contrastStartMiddleware(ctx, next) {
         if (ctx.query && Object.keys(ctx.query).length) {
           const sourceContext = protect.getSourceContext();
@@ -65,11 +65,11 @@ module.exports = (core) => {
       });
 
       // Patch `koa-router` and `@koa/router` to handle parsed params
-      [['koa-router', '<14'], ['@koa/router', '<14']].forEach(([router, version]) => {
+      [['koa-router', '>=12 <15'], ['@koa/router', '>=12 <15']].forEach(([router, version]) => {
         depHooks.resolve(
           { name: router, version, file: 'lib/layer.js' },
           (layer) => {
-            layer.prototype = patcher.patch(layer.prototype, 'params', {
+            patcher.patch(layer.prototype, 'params', {
               name: `[${router}].layer.prototype`,
               patchType,
               post({ result }) {
@@ -119,9 +119,9 @@ module.exports = (core) => {
     });
   }
 
-  const koa2Instrumentation = inputAnalysis.koa2Instrumentation = {
+  const koaInstrumentation = inputAnalysis.koaInstrumentation = {
     install
   };
 
-  return koa2Instrumentation;
+  return koaInstrumentation;
 };

package/node_modules/@contrast/protect/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/protect",
-  "version": "1.68.0",
+  "version": "1.70.0",
   "description": "Contrast service providing framework-agnostic Protect support",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,16 +21,16 @@
   },
   "dependencies": {
     "@contrast/agent-lib": "^9.1.0",
-    "@contrast/common": "1.37.0",
-    "@contrast/config": "1.52.1",
-    "@contrast/core": "1.57.1",
-    "@contrast/dep-hooks": "1.26.1",
-    "@contrast/esm-hooks": "2.32.0",
-    "@contrast/instrumentation": "1.36.1",
-    "@contrast/logger": "1.30.1",
-    "@contrast/patcher": "1.29.1",
-    "@contrast/rewriter": "1.34.0",
-    "@contrast/scopes": "1.27.1",
+    "@contrast/common": "1.38.0",
+    "@contrast/config": "1.54.0",
+    "@contrast/core": "1.59.0",
+    "@contrast/dep-hooks": "1.28.0",
+    "@contrast/esm-hooks": "2.34.0",
+    "@contrast/instrumentation": "1.38.0",
+    "@contrast/logger": "1.32.0",
+    "@contrast/patcher": "1.31.0",
+    "@contrast/rewriter": "1.36.0",
+    "@contrast/scopes": "1.29.0",
     "async-hook-domain": "^4.0.1",
     "ipaddr.js": "^2.0.1",
     "on-finished": "^2.4.1",

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/translations.js

@@ -177,17 +177,15 @@ class Translations {
     }
     buildRequestObject(sourceInfo, masker) {
         const searchParams = new URLSearchParams(sourceInfo.queries);
-        const parameters = {};
+        const parameters = Object.create(null);
         for (const [key, value] of searchParams) {
-            const redacted = masker.getMaskedValue(key, value);
-            if (parameters[key]) {
-                parameters[key].push(redacted);
-            }
-            else {
-                parameters[key] = [redacted];
+            if (!parameters[key] || !Array.isArray(parameters[key])) {
+                parameters[key] = [];
             }
+            const redacted = masker.getMaskedValue(key, value);
+            parameters[key].push(redacted);
         }
-        const headers = {};
+        const headers = Object.create(null);
         for (let i = 0; i < sourceInfo.rawHeaders.length; i += 2) {
             const key = sourceInfo.rawHeaders[i];
             const redactedValue = masker.getMaskedValue(key, sourceInfo.rawHeaders[i + 1]);
@@ -202,7 +200,6 @@ class Translations {
             headers,
         };
     }
-    ;
     accumulateUserAgent(set, eventArg) {
         const userAgent = eventArg.store.sourceInfo?.getHeader?.('user-agent');
         if (userAgent)
@@ -302,5 +299,4 @@ class Translations {
     }
 }
 exports.Translations = Translations;
-;
 //# sourceMappingURL=translations.js.map

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/routes-observed.js

@@ -32,6 +32,10 @@ class RoutesObserved extends v1_endpoint_1.default {
              * Language specific signature of the controller method.
              */
             signature: route.signature,
+            /**
+             * The type of route that is being reported.
+             */
+            type: route.type,
             /**
              * The HTTP verb of this request. The HTTP verb of this request. If one
              * is not detected, omit this field. TeamServer will treat this as if

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/index.d.ts

@@ -7,7 +7,7 @@ export type AbstractFinding = {
     properties?: any;
     ruleId: string;
     time: number;
-    routes?: any[];
+    routes?: any[] | readonly never[];
 };
 export type SourceFindingsAccum = {
     findings: AbstractFinding[];

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/index.js

@@ -99,7 +99,7 @@ class Traces extends ng_endpoint_1.default {
                 time: Date.now(),
             });
         });
-        this.reporter.subscribeWithLock(common_1.Event.ASSESS_SESSION_CONFIGURATION_FINDING, (msg) => {
+        this.reporter.subscribeWithLock(common_1.Event.ASSESS_CONFIGURATION_FINDING, (msg) => {
             const accum = this.getFindingsAccum(msg);
             if (!accum)
                 return;

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/translations.d.ts

@@ -6,7 +6,7 @@ export declare function getEventHash(traceData: any): number | undefined;
 export declare function getTraceEvent(event: any, eventDetail?: string): TraceEvent;
 export declare function getCryptoEvent(finding: any): any;
 export declare function topologicalSort(sinkEvent: any): any[];
-export declare function getRoutes(route: any, prod?: boolean): {
+export declare function getRoutes(route: any, prod?: boolean): readonly never[] | {
     count: number;
     observations: {
         url: any;

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/translations.js

@@ -117,10 +117,12 @@ function getTraceEvent(event, eventDetail = 'FULL') {
     const { stack } = event;
     if (!event.history) {
         const context = event.context || `req.${event.inputType}.${event.pathName}`;
+        const isWebSocket = event.inputType == common_1.InputType.WEBSOCKET;
+        const { args } = event;
         base = {
-            args: [{
+            args: args ? args : [{
                     tracked: false,
-                    value: (0, common_1.encodeString)(StringPrototypeSubstr.call(context, context.indexOf('.') + 1)),
+                    value: StringPrototypeSubstr.call(context, context.indexOf('.') + 1),
                 }],
             // always build source event `context` field no matter what `eventDetail` value is.
             // the cost is minimal in sources instrumentation and the way the UI builds out method call without it is funky
@@ -129,12 +131,14 @@ function getTraceEvent(event, eventDetail = 'FULL') {
             fieldName: event.fieldName,
             object: {
                 tracked: false,
-                value: (0, common_1.encodeString)(event.object?.value || 'http.IncomingMessage'),
+                value: isWebSocket ?
+                    (event.object?.value || 'Socket') :
+                    (event.object?.value || 'http.IncomingMessage'),
             },
             source: 'P',
             ret: {
                 tracked: true,
-                value: (0, common_1.encodeString)(String(event.result.value)),
+                value: String(event.result.value),
             },
             target: 'R',
             type: types_1.EventType.PROPAGATION
@@ -144,16 +148,16 @@ function getTraceEvent(event, eventDetail = 'FULL') {
         base = {
             args: event.args.map(({ tracked, value }) => ({
                 tracked,
-                value: (0, common_1.encodeString)(String(value)),
+                value: String(value),
             })),
             eventSources: [],
             object: {
                 tracked: event.object.tracked,
-                value: (0, common_1.encodeString)(String(event.object.value)),
+                value: String(event.object.value),
             },
             ret: {
                 tracked: event.result.tracked,
-                value: (0, common_1.encodeString)(String(event.result?.value || '')),
+                value: String(event.result?.value || ''),
             },
             source: event.source,
             target: event.target,
@@ -164,6 +168,15 @@ function getTraceEvent(event, eventDetail = 'FULL') {
             base.context = event.context;
         }
     }
+    // encode call context values
+    base.object.value = (0, common_1.encodeString)(base.object.value);
+    base.ret.value = (0, common_1.encodeString)(base.ret.value);
+    // TS appears to handle WEBSOCKET args differently
+    if (event.inputType !== common_1.InputType.WEBSOCKET) {
+        for (const arg of base.args) {
+            arg.value = (0, common_1.encodeString)(arg.value);
+        }
+    }
     return {
         ...base,
         action,
@@ -230,7 +243,7 @@ function sorter(a, b) {
     return lengthFactor + timeFactor;
 }
 function getRoutes(route, prod) {
-    return [{
+    return !route ? common_1.empties.ARRAY : [{
             count: 1,
             observations: [{
                     url: prod ? route.normalizedUrl : route.url,
@@ -292,7 +305,7 @@ function getRequest(store, prod) {
         protocol: store.sourceInfo?.protocol,
         queryString,
         uri,
-        standardNormalizedUri: route?.normalizedUrl,
+        standardNormalizedUri: route?.normalizedUri ?? store.sourceInfo?.normalizedUri,
         version: httpVersion,
     };
     if (prod) {

package/node_modules/@contrast/reporter/lib/reporters/file.js

@@ -35,7 +35,7 @@ class FileReporter extends base_1.default {
             common_1.Event.ASSESS_DATAFLOW_FINDING,
             common_1.Event.ASSESS_DATAFLOW_SAFE_POSITIVE,
             common_1.Event.ASSESS_RESPONSE_SCANNING_FINDING,
-            common_1.Event.ASSESS_SESSION_CONFIGURATION_FINDING,
+            common_1.Event.ASSESS_CONFIGURATION_FINDING,
             common_1.Event.ASSESS_CRYPTO_ANALYSIS_FINDING,
             common_1.Event.LIBRARY_USAGE,
             common_1.Event.LIBRARY,

package/node_modules/@contrast/reporter/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/reporter",
-  "version": "1.55.1",
+  "version": "1.57.0",
   "description": "Subscribes to agent messages and reports them",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,12 +21,12 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.37.0",
-    "@contrast/config": "1.52.1",
-    "@contrast/core": "1.57.1",
-    "@contrast/logger": "1.30.1",
+    "@contrast/common": "1.38.0",
+    "@contrast/config": "1.54.0",
+    "@contrast/core": "1.59.0",
+    "@contrast/logger": "1.32.0",
     "@contrast/perf": "1.4.0",
-    "@contrast/scopes": "1.27.1",
+    "@contrast/scopes": "1.29.0",
     "axios": "^1.12.2",
     "crc-32": "^1.2.2",
     "safe-stable-stringify": "^2.4.1",

package/node_modules/@contrast/rewriter/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/rewriter",
-  "version": "1.34.0",
+  "version": "1.36.0",
   "description": "A transpilation tool mainly used for instrumentation",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,10 +21,10 @@
   },
   "dependencies": {
     "@contrast/agent-swc-plugin": "3.2.0",
-    "@contrast/common": "1.37.0",
-    "@contrast/config": "1.52.1",
-    "@contrast/core": "1.57.1",
-    "@contrast/logger": "1.30.1",
+    "@contrast/common": "1.38.0",
+    "@contrast/config": "1.54.0",
+    "@contrast/core": "1.59.0",
+    "@contrast/logger": "1.32.0",
     "@swc/core": "1.13.3"
   }
 }

package/node_modules/@contrast/route-coverage/lib/index.d.ts

@@ -23,13 +23,11 @@ import { Scopes } from '@contrast/scopes';
 export { RouteInfo };
 
 export interface RouteCoverage extends Installable {
-  _normalizedUrlMapper: any;
   discover(info: RouteInfo): void;
   discoveryFinished(): void;
   queue(info: RouteInfo): void;
   queuingFinished(): void;
   observe(info: RouteInfo): void;
-  uriPathToNormalizedUrl(uriPath: string): string;
 }
 
 export interface Core {