@contrast/agentify 1.28.0 → 1.29.1

package/lib/function-hooks.test.js

@@ -0,0 +1,174 @@
+'use strict';
+
+const { expect } = require('chai');
+const mocks = require('@contrast/test/mocks');
+const functionHooks = require('./function-hooks');
+
+describe('agentify function-hooks', function () {
+  let core;
+
+  beforeEach(function () {
+    core = mocks.core();
+    core.patcher = mocks.patcher();
+    core.logger = mocks.logger();
+    core.depHooks = mocks.depHooks();
+    core.scopes = mocks.scopes();
+    core.rewriter = mocks.rewriter();
+  });
+
+  it('should install function hooks', function () {
+    functionHooks(core);
+    core.functionHooks.install();
+    expect(core.functionHooks.installed).to.be.true;
+  });
+
+  it('should skip if it is already installed', function () {
+    functionHooks(core);
+    core.functionHooks.installed = true;
+    core.functionHooks.install();
+
+    expect(core.logger.debug).not.to.have.been.called;
+  });
+
+  it('should return cached value when the function is already called', function () {
+    const functionA = function sum(a, b) {
+      eval(global.ContrastMethods.eval('2 + 2'));
+      return a + b;
+    };
+
+    const cachedValue = 'cachedValue';
+
+    functionHooks(core);
+
+    core.functionHooks.cache.set(functionA, cachedValue);
+
+    const data = {
+      obj: functionA,
+    };
+
+    let result;
+    core.patcher.patch.callsFake((prototype, method, options) => {
+      result = options.around(() => ({}), data);
+    });
+
+    core.functionHooks.install();
+
+    expect(result).to.equal(cachedValue);
+  });
+
+  it('should call the function itself when the function is not hooked', function () {
+    const functionA = function sum(a, b) {
+      eval(global.ContrastMethods.eval('2 + 2'));
+      return a + b;
+    };
+
+    functionHooks(core);
+
+    const data = {
+      obj: functionA,
+    };
+
+    let result;
+    core.patcher.patch.callsFake((prototype, method, options) => {
+      result = options.around(functionA.toString.bind(functionA), data);
+    });
+
+    const unwriteResult = `function sum(a, b) {
+      eval(2 + 2);
+      return a + b;
+      }`;
+
+    core.rewriter.unwriteSync.callsFake((data) => unwriteResult);
+
+    core.functionHooks.install();
+
+    expect(result).to.equal(unwriteResult);
+    expect(core.functionHooks.cache.get(data.obj)).to.equal(unwriteResult);
+  });
+
+  it('should the call the original function of the hooked function', function () {
+    const functionA = function sum(a, b) {
+      eval(global.ContrastMethods.eval('2 + 2'));
+      return a + b;
+    };
+
+    const functionB = function sum(a, b) {
+      eval(global.ContrastMethods.eval('2 + 2'));
+      return a + b + 2;
+    };
+
+    functionHooks(core);
+
+    const weekMap = core.patcher.hookedFunctions;
+    weekMap.set(functionA, { fn: functionB });
+
+    const data = {
+      obj: functionA,
+    };
+
+    let result;
+    core.patcher.patch.callsFake((prototype, method, options) => {
+      result = options.around(functionA.toString.bind(functionA), data);
+    });
+
+    const unwriteResult = `function sum(a, b) {
+      eval(2 + 2);
+      return a + b + 2;
+      }`;
+
+    core.rewriter.unwriteSync.callsFake((data) => unwriteResult);
+
+
+    core.functionHooks.install();
+
+    expect(result).to.equal(unwriteResult);
+    expect(core.functionHooks.cache.get(data.obj)).to.equal(unwriteResult);
+  });
+
+  it('should log warning message when there is a problem unwriting the code', function () {
+    const err = new Error('Error');
+    const functionA = function sum(a, b) {
+      eval(global.ContrastMethods.eval('2 + 2'));
+      return a + b;
+    };
+
+    functionHooks(core);
+
+    const data = {
+      obj: functionA,
+    };
+
+    core.patcher.patch.callsFake((prototype, method, options) => {
+      options.around(functionA.toString.bind(functionA), data);
+    });
+
+    core.rewriter.unwriteSync.throws(err);
+
+    core.functionHooks.install();
+
+    expect(core.logger.warn).to.have.been.calledWith({ err, code: functionA.toString() }, 'Failed to unwrite function code');
+  });
+
+  it('should call the original toString if the function is not hooked', function () {
+    const functionA = () => 1;
+    functionHooks(core);
+    core.functionHooks.install();
+
+    const resultOfA = functionA.toString();
+
+    expect(resultOfA).to.equal('() => 1');
+  });
+
+  it('should uninstall the hooks', function () {
+    const { toString } = Function.prototype;
+    const functionA = () => 1;
+    functionHooks(core);
+    core.functionHooks.install();
+    core.functionHooks.uninstall();
+
+    const resultOfA = functionA.toString();
+
+    expect(resultOfA).to.equal('() => 1');
+    expect(Function.prototype.toString).to.equal(toString);
+  });
+});

package/lib/heap-snapshots.test.js

@@ -0,0 +1,92 @@
+'use strict';
+
+const { expect } = require('chai');
+const path = require('path');
+const proxyquire = require('proxyquire');
+const sinon = require('sinon');
+const { ConfigSource: { ENVIRONMENT_VARIABLE } } = require('@contrast/config');
+const mocks = require('@contrast/test/mocks');
+const { delay } = require('@contrast/test/utils');
+
+
+describe('heap dump', function () {
+  let core,
+    heapSnapshots,
+    fsMock,
+    v8Mock,
+    dirname,
+    delayMs,
+    windowMs,
+    snapshotPath;
+
+  beforeEach(function () {
+    fsMock = {
+      promises: {
+        mkdir: sinon.stub().resolves(''),
+      }
+    };
+    v8Mock = {
+      writeHeapSnapshot: sinon.stub(),
+    };
+    delayMs = windowMs = 100;
+    snapshotPath = 'contrast_heap_dumps';
+    dirname = path.join(process.cwd(), snapshotPath);
+
+    core = {};
+    core.config = mocks.config();
+    core.logger = mocks.logger();
+
+    core.config.setValue('agent.heap_dump.enable', true, ENVIRONMENT_VARIABLE);
+    core.config.setValue('agent.heap_dump.path', snapshotPath, ENVIRONMENT_VARIABLE);
+    core.config.setValue('agent.heap_dump.delay_ms', delayMs, ENVIRONMENT_VARIABLE);
+    core.config.setValue('agent.heap_dump.window_ms', windowMs, ENVIRONMENT_VARIABLE);
+    core.config.setValue('agent.heap_dump.count', 2, ENVIRONMENT_VARIABLE);
+
+    const init = proxyquire('./heap-snapshots', {
+      fs: fsMock,
+      v8: v8Mock,
+    });
+
+    heapSnapshots = init(core);
+  });
+
+  describe('.writeHeapSnapshot()', function () {
+    it('writes snapshots', function () {
+      heapSnapshots.writeHeapSnapshot();
+      expect(core.logger.info).to.have.been.calledWithMatch(
+        'Writing heap snapshot at %s',
+        dirname,
+      );
+      expect(v8Mock.writeHeapSnapshot).to.have.been.calledWithMatch(dirname);
+    });
+  });
+
+  describe('.install()', function () {
+    it('logs when the directory cannot be created', async function () {
+      const err = new Error('ENOENT');
+      fsMock.promises.mkdir.rejects(err);
+      await heapSnapshots.install();
+      expect(core.logger.error).to.have.been.calledOnceWithExactly({
+        err,
+      }, 'Unable to create snapshot directory. No heap snapshots will be taken.');
+      expect(v8Mock.writeHeapSnapshot).not.to.have.been.called;
+    });
+
+
+    it('does not write snapshots if enable is false', function () {
+      core.config.setValue('agent.heap_dumps.enable', false, ENVIRONMENT_VARIABLE);
+      heapSnapshots.install();
+      expect(v8Mock.writeHeapSnapshot).not.to.have.been.called;
+    });
+
+    it('writes snapshots at the correct intervals', async function () {
+      heapSnapshots.install();
+      expect(v8Mock.writeHeapSnapshot).not.to.have.been.called;
+      const pad = 50;
+      await delay(delayMs + windowMs + pad);
+      expect(v8Mock.writeHeapSnapshot).to.have.callCount(1);
+      await delay(windowMs);
+      expect(v8Mock.writeHeapSnapshot).to.have.callCount(2);
+    });
+  });
+});

package/lib/index.test.js

@@ -0,0 +1,169 @@
+'use strict';
+
+const { expect } = require('chai');
+const proxyquire = require('proxyquire');
+const sinon = require('sinon');
+const mocks = require('@contrast/test/mocks');
+
+describe('agentify', function () {
+  const Module = require('module');
+  let agentify, preRunMain, runMain;
+
+  beforeEach(function () {
+    // added because the config validation code verifies that the agent has
+    // the three required settings and throws if not.
+    process.env.CONTRAST__API__API_KEY = 'testing';
+    process.env.CONTRAST__API__SERVICE_KEY = 'testing';
+    process.env.CONTRAST__API__USER_NAME = 'testing';
+
+    agentify = proxyquire('.', {
+      '@contrast/logger': {
+        default(core) {
+          return core.logger = mocks.logger();
+        }
+      },
+      '@contrast/dep-hooks'(core) {
+        return core.depHooks = mocks.depHooks();
+      },
+    })();
+    preRunMain = sinon.stub();
+    runMain = sinon.stub(Module, 'runMain');
+  });
+
+  after(function() {
+    delete process.env.CONTRAST__API__API_KEY;
+    delete process.env.CONTRAST__API__SERVICE_KEY;
+    delete process.env.CONTRAST__API_USER_NAME;
+  });
+
+  it('invoking with callback will initialize and patch runMain', async function () {
+    const core = await agentify(preRunMain, {
+      noValidate: true,
+      installOrder: ['depHooks'],
+    });
+
+    await Module.runMain();
+
+    expect(preRunMain).to.have.been.calledWith(core);
+    expect(runMain).to.have.been.called;
+    expect(core.depHooks.install).to.have.been.called;
+    expect(core.logger.error).not.to.have.been.called;
+  });
+
+  it('will not run install methods when installOrder option is empty array', async function () {
+    const core = await agentify(preRunMain, { installOrder: [] });
+    await Module.runMain();
+
+    expect(core.depHooks.install).not.to.have.been.called;
+    expect(core.logger.error).not.to.have.been.called;
+  });
+
+
+  it('handles errors in plugin initialization functions with logger', async function () {
+    const err = new Error('oof');
+    const agentify = proxyquire('.', {
+      '@contrast/logger': {
+        default(core) {
+          return core.logger = mocks.logger();
+        }
+      },
+      '@contrast/dep-hooks'() {
+        throw err;
+      },
+    })();
+
+    const core = await agentify(preRunMain, {
+      noValidate: true,
+      installOrder: ['depHooks'],
+    });
+
+    await Module.runMain();
+
+    expect(core).not.to.have.property('depHooks');
+    expect(runMain).to.have.been.called;
+    expect(core.logger.error).to.have.been.calledWith({ err });
+  });
+
+
+  it('handles errors in plugin initialization functions without logger', async function () {
+    const consoleErrorStub = sinon.stub(console, 'error');
+    const err = new Error('boop');
+    const agentify = proxyquire('.', {
+      '@contrast/logger': {
+        default() {
+          throw err;
+        }
+      },
+      '@contrast/dep-hooks'(core) {
+        return core.depHooks = mocks.depHooks();
+      },
+    })();
+
+    const core = await agentify(preRunMain, {
+      noValidate: true,
+      installOrder: ['depHooks'],
+    });
+
+    await Module.runMain();
+
+    expect(core).not.to.have.property('depHooks');
+    expect(runMain).to.have.been.called;
+    expect(consoleErrorStub).to.have.been.called;
+  });
+
+  it('handles errors in the preRunMain hook', async function () {
+    const err = new Error('bonk');
+    preRunMain.throws(err);
+    const core = await agentify(preRunMain, {
+      noValidate: true,
+      installOrder: ['depHooks'],
+    });
+
+    await Module.runMain();
+
+    expect(core.depHooks.install).not.to.have.been.called;
+    expect(runMain).to.have.been.called;
+    expect(core.logger.error).to.have.been.calledWith({ err });
+  });
+
+  it('handles "unregistered" services', async function () {
+    const core = await agentify(preRunMain, {
+      noValidate: true,
+      installOrder: ['foo'],
+    });
+
+    // Having non-existent service in list is handled during initialization
+    await Module.runMain();
+
+    expect(core.logger.error).not.to.have.been.called;
+  });
+
+  it('handles the return value of preRunMain', async function () {
+    const install = sinon.stub();
+    preRunMain.returns({ install });
+    const core = await agentify(preRunMain, { installOrder: [] });
+
+    // Having non-existent service in list is handled during initialization
+    await Module.runMain();
+
+    expect(install).to.have.been.called;
+    expect(core.logger.error).not.to.have.been.called;
+  });
+
+  it('handles the return value of preRunMain when erroring', async function () {
+    const err = new Error('err in install');
+    const install = sinon.stub().throws(err);
+    preRunMain.returns({ install });
+    const core = await agentify(preRunMain, { installOrder: [] });
+
+    // Having non-existent service in list is handled during initialization
+    await Module.runMain();
+
+    expect(install).to.have.been.called;
+    expect(core.logger.error).to.have.been.calledWith({ err });
+  });
+
+  it('requires init function arg', async function () {
+    return expect(agentify('not a function')).to.be.rejectedWith('Invalid usage: first argument must be a function');
+  });
+});

package/lib/rewrite-hooks.test.js

@@ -0,0 +1,139 @@
+// @ts-check
+'use strict';
+
+const { expect } = require('chai');
+const { readFileSync } = require('fs');
+const Module = require('module');
+const sinon = require('sinon');
+const mocks = require('@contrast/test/mocks');
+
+const testFilePath = require.resolve('../test/resources/file');
+const deadzonedFilePath = require.resolve('../test/node_modules/bcryptjs/dist/bcrypt.js');
+const testFileContent = readFileSync(testFilePath).toString();
+
+describe('agentify rewrite-hooks', function () {
+  let core, complileSpy, rewriteHooks;
+
+  beforeEach(function () {
+    core = mocks.core();
+    core.logger = mocks.logger();
+    core.config = mocks.config();
+    core.rewriter = mocks.rewriter();
+
+    complileSpy = sinon.spy(Module.prototype, '_compile');
+
+    rewriteHooks = require('./rewrite-hooks')(core);
+  });
+
+  afterEach(function () {
+    delete require.cache[testFilePath];
+    rewriteHooks.uninstall();
+  });
+
+  it('rewrites code when the cache returns no results expected', function () {
+    core.rewriter.cache.readSync.returns(undefined);
+    rewriteHooks.install();
+
+    require(testFilePath);
+    expect(core.rewriter.rewriteSync).to.have.been.calledWith(testFileContent, {
+      filename: testFilePath,
+      isModule: false,
+      inject: true,
+      wrap: true,
+    });
+    expect(core.logger.warn).not.to.have.been.called;
+    expect(complileSpy).to.have.been.calledWith(
+      core.rewriter.rewriteSync.getCall(0).returnValue.code,
+      testFilePath,
+    );
+  });
+
+  it('does not not rewrite code when rewrite.enable is false', function () {
+    core.config.agent.node.rewrite.enable = false;
+    rewriteHooks.install();
+
+    require(testFilePath);
+    expect(core.rewriter.rewriteSync).not.to.have.been.called;
+  });
+
+  it('does not not rewrite code when the cache returns results', function () {
+    rewriteHooks.install();
+
+    require(testFilePath);
+    expect(core.rewriter.rewriteSync).not.to.have.been.called;
+    expect(complileSpy).to.have.been.calledWith(
+      core.rewriter.cache.readSync.getCall(0).returnValue,
+      testFilePath,
+    );
+  });
+
+  it('logs a debug message when a file is rewrite-deadzoned', function() {
+    rewriteHooks.install();
+
+    require(deadzonedFilePath);
+
+    expect(core.logger.debug).calledWith(
+      'Skipping rewrite-deadzoned file %s',
+      deadzonedFilePath
+    );
+  });
+
+  it('logs a warning if the rewritten module does not compile', function () {
+    core.rewriter.cache.readSync.returns(undefined);
+    core.rewriter.rewriteSync.callsFake((content) => ({
+      code: content.replace('const variable', 'const variable const a'),
+    }));
+
+    rewriteHooks.install();
+
+    require(testFilePath);
+    expect(core.rewriter.rewriteSync).to.have.been.calledWith(testFileContent, {
+      filename: testFilePath,
+      isModule: false,
+      inject: true,
+      wrap: true,
+    });
+    expect(core.logger.warn).to.have.been.calledWith(
+      {
+        err: sinon.match({
+          message: 'Missing initializer in const declaration',
+        }),
+      },
+      'Failed to compile rewritten code for %s, compiling original code.',
+      testFilePath,
+    );
+    expect(complileSpy).to.have.been.calledWith(
+      testFileContent,
+      testFilePath,
+    );
+  });
+
+  it('throws an error if the original file fails to compile', function () {
+    core.rewriter.cache.readSync.returns(undefined);
+    const testFilePath = require.resolve('../test/resources/file-bad');
+    const testFileContent = readFileSync(testFilePath).toString();
+
+    rewriteHooks.install();
+
+    expect(() => require(testFilePath)).to.throw('Unexpected identifier');
+    expect(core.rewriter.rewriteSync).to.have.been.calledWith(testFileContent, {
+      filename: testFilePath,
+      isModule: false,
+      inject: true,
+      wrap: true,
+    });
+    expect(core.logger.warn).to.have.been.calledWith(
+      {
+        err: sinon.match({
+          message: sinon.match('Unexpected identifier'),
+        }),
+      },
+      'Failed to compile rewritten code for %s, compiling original code.',
+      testFilePath,
+    );
+    expect(complileSpy).to.have.been.calledWith(
+      testFileContent,
+      testFilePath,
+    );
+  });
+});

package/lib/rewrite-is-deadzoned.js

@@ -59,6 +59,7 @@ const DEADZONED_PATHS = [
   'moment-timezone',
   'node-forge',
   'node-webpack',
+  'pem',
   'react',
   'react-dom',
   'react-dom/server',

package/lib/sources.test.js

@@ -0,0 +1,121 @@
+'use strict';
+
+const EventEmitter = require('events');
+const { expect } = require('chai');
+const { initProtectFixture } = require('@contrast/test/fixtures');
+
+describe('agentify sources', function () {
+  [
+    {
+      name: 'http',
+      expected: {
+        port: 8080,
+        protocol: 'http',
+        serverType: 'http',
+      },
+    },
+    {
+      name: 'https',
+      expected: {
+        port: 8080,
+        protocol: 'https',
+        serverType: 'https',
+      },
+    },
+    {
+      name: 'spdy',
+      expected: {
+        port: 8080,
+        protocol: 'https',
+        serverType: 'spdy',
+      },
+    },
+    {
+      name: 'http2',
+      method: 'createServer',
+      expected: {
+        port: 8080,
+        protocol: 'https',
+        serverType: 'spdy',
+      },
+    },
+    {
+      name: 'http2',
+      method: 'createSecureServer',
+      expected: {
+        port: 8080,
+        protocol: 'https',
+        serverType: 'spdy',
+      },
+    }
+  ].forEach(({ name, method, expected }) => {
+    describe(`${name} sources using ${method || 'Server'}()`, function () {
+      let core, api, ServerMock, reqMock, resMock;
+
+      beforeEach(function () {
+        ({ core } = initProtectFixture());
+        ServerMock = function ServerMock() {
+          this.e = new EventEmitter();
+        };
+        ServerMock.prototype.emit = function (...args) {
+          this.e.emit(...args);
+        };
+        ServerMock.prototype.on = function (...args) {
+          this.e.on(...args);
+        };
+        api = {
+          Server: ServerMock,
+          createServer() {
+            return new ServerMock();
+          },
+          createSecureServer() {
+            return new ServerMock();
+          }
+        };
+        reqMock = {
+          socket: {
+            address() {
+              return { port: 8080 };
+            }
+          },
+          method: 'GET',
+          url: 'http://localhost',
+        };
+        resMock = new EventEmitter();
+
+        core.depHooks.resolve.withArgs({ name: 'http' }).yields(api);
+        require('./sources')(core).install();
+      });
+
+      it('"request" events run in scope with correct sourceInfo', function () {
+        const server = method ? api[method]() : new ServerMock();
+        let store;
+
+        server.on('request', function () {
+          store = core.scopes.sources.getStore();
+        });
+
+        server.emit('request', reqMock, resMock);
+
+        expect(store.sourceInfo).to.deep.include({
+          port: 8080,
+          protocol: 'http',
+          serverType: 'http',
+        });
+        expect(resMock._events.finish).to.be.a('function');
+      });
+
+      it('non-"request" events do not run in scope', function () {
+        const server = method ? api[method]() : new ServerMock();
+        let store;
+
+        server.on('foo', function () {
+          store = core.scopes.sources.getStore();
+        });
+
+        server.emit('foo', reqMock, resMock);
+        expect(store).to.be.undefined;
+      });
+    });
+  });
+});

package/lib/validators.test.js

@@ -0,0 +1,78 @@
+'use strict';
+
+const assert = require('node:assert');
+const sinon = require('sinon');
+const mocks = require('@contrast/test/mocks');
+const { IntentionalError } = require('@contrast/common');
+
+const originalArgv = process.argv;
+const originalConsoleWarn = console.warn;
+const originalConsoleError = console.error;
+
+describe('reporter validators: config', function() {
+  let getEffectiveValue;
+  let logger;
+  let tcore;
+  let validators;
+
+  beforeEach(function() {
+    // change this to test different scenarios
+    getEffectiveValue = function() {
+      return false;
+    };
+    logger = mocks.logger();
+    tcore = {
+      config: {
+        enable: true,
+        getEffectiveValue: (prop) => getEffectiveValue(prop)
+      },
+      logger,
+    };
+    validators = require('@contrast/agentify/lib/validators.js');
+
+    process.argv = originalArgv.slice();
+    console.warn = sinon.stub();
+    console.error = sinon.stub();
+  });
+
+  after(function() {
+    console.warn = originalConsoleWarn;
+    console.error = originalConsoleError;
+  });
+
+  it('throws IntentionalError (info) when config enable: false', async function() {
+    tcore.config.enable = false;
+
+    assert.throws(() => validators.config(tcore), (e) => {
+      assert(logger.warn.notCalled);
+      assert(e instanceof IntentionalError);
+      assert.match(e.message, /Contrast agent disabled by configuration/);
+      return true;
+    });
+  });
+
+  ['-c', '--configFile'].forEach(function(tflag) {
+    ['Contrast_Security.yml', 'contrast-security.yaml', 'app.cfg'].forEach(function(farg) {
+      const shouldWarn = farg !== 'app.cfg';
+      const msg = shouldWarn ? `logs ${tflag} ${farg}` : `does not log ${tflag} ${farg}`;
+
+      it(`${msg} before an Error is thrown`, async function() {
+        tcore.config.enable = false;
+        process.argv.push(tflag, farg);
+
+        assert.throws(() => validators.config(tcore), (e) => {
+          if (shouldWarn) {
+            assert(logger.warn.calledOnceWith(`Command line config flag is not supported: ${tflag} ${farg}`));
+          } else {
+            assert(logger.warn.notCalled);
+          }
+
+          assert(e instanceof Error);
+          assert.match(e.message, /Contrast agent disabled by configuration/);
+          return true;
+        });
+      });
+    });
+  });
+});
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agentify",
-  "version": "1.28.0",
+  "version": "1.29.1",
   "description": "Configures Contrast agent services and instrumentation within an application",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -17,19 +17,19 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.22.0",
-    "@contrast/config": "1.29.0",
-    "@contrast/core": "1.33.0",
-    "@contrast/deadzones": "1.3.0",
+    "@contrast/common": "1.23.0",
+    "@contrast/config": "1.30.1",
+    "@contrast/core": "1.34.1",
+    "@contrast/deadzones": "1.4.0",
     "@contrast/dep-hooks": "1.3.3",
-    "@contrast/esm-hooks": "2.7.0",
+    "@contrast/esm-hooks": "2.8.1",
     "@contrast/find-package-json": "^1.1.0",
-    "@contrast/instrumentation": "1.11.0",
+    "@contrast/instrumentation": "1.12.0",
     "@contrast/logger": "1.8.4",
-    "@contrast/metrics": "1.9.0",
+    "@contrast/metrics": "1.10.0",
     "@contrast/patcher": "1.7.4",
-    "@contrast/reporter": "1.28.0",
-    "@contrast/rewriter": "1.9.0",
+    "@contrast/reporter": "1.29.1",
+    "@contrast/rewriter": "1.10.1",
     "@contrast/scopes": "1.4.1",
     "semver": "^7.6.0"
   }