@openrewrite/recipes-nodejs 0.36.0-20251211-172625 → 0.36.0-20251212-170419

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/index.d.ts.map +1 -1
  2. package/dist/index.js +2 -0
  3. package/dist/index.js.map +1 -1
  4. package/dist/resources/advisories-npm.csv +5357 -0
  5. package/dist/security/dependency-vulnerability-check.d.ts +63 -0
  6. package/dist/security/dependency-vulnerability-check.d.ts.map +1 -0
  7. package/dist/security/dependency-vulnerability-check.js +639 -0
  8. package/dist/security/dependency-vulnerability-check.js.map +1 -0
  9. package/dist/security/index.d.ts +3 -0
  10. package/dist/security/index.d.ts.map +1 -0
  11. package/dist/security/index.js +19 -0
  12. package/dist/security/index.js.map +1 -0
  13. package/dist/security/vulnerability.d.ts +33 -0
  14. package/dist/security/vulnerability.d.ts.map +1 -0
  15. package/dist/security/vulnerability.js +182 -0
  16. package/dist/security/vulnerability.js.map +1 -0
  17. package/package.json +6 -3
  18. package/src/index.ts +2 -0
  19. package/src/security/dependency-vulnerability-check.ts +934 -0
  20. package/src/security/index.ts +8 -0
  21. package/src/security/vulnerability.ts +265 -0
package/dist/security/dependency-vulnerability-check.js ADDED
@@ -0,0 +1,639 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
19
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
20
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
21
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
22
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
23
+ };
24
+ var __importStar = (this && this.__importStar) || (function () {
25
+ var ownKeys = function(o) {
26
+ ownKeys = Object.getOwnPropertyNames || function (o) {
27
+ var ar = [];
28
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
29
+ return ar;
30
+ };
31
+ return ownKeys(o);
32
+ };
33
+ return function (mod) {
34
+ if (mod && mod.__esModule) return mod;
35
+ var result = {};
36
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
37
+ __setModuleDefault(result, mod);
38
+ return result;
39
+ };
40
+ })();
41
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
42
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
43
+ return new (P || (P = Promise))(function (resolve, reject) {
44
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
45
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
46
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
47
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
48
+ });
49
+ };
50
+ Object.defineProperty(exports, "__esModule", { value: true });
51
+ exports.DependencyVulnerabilityCheck = void 0;
52
+ const rewrite_1 = require("@openrewrite/rewrite");
53
+ const json_1 = require("@openrewrite/rewrite/json");
54
+ const rewrite_2 = require("@openrewrite/rewrite");
55
+ const text_1 = require("@openrewrite/rewrite/text");
56
+ const yaml_1 = require("@openrewrite/rewrite/yaml");
57
+ const javascript_1 = require("@openrewrite/rewrite/javascript");
58
+ const semver = __importStar(require("semver"));
59
+ const path = __importStar(require("path"));
60
+ const vulnerability_1 = require("./vulnerability");
61
+ class VulnerabilityReportRow {
62
+ constructor(sourcePath, cve, packageName, version, fixedVersion, lastAffectedVersion, upgradeable, summary, severity, depth, cwes, isDirect, dependencyPath) {
63
+ this.sourcePath = sourcePath;
64
+ this.cve = cve;
65
+ this.packageName = packageName;
66
+ this.version = version;
67
+ this.fixedVersion = fixedVersion;
68
+ this.lastAffectedVersion = lastAffectedVersion;
69
+ this.upgradeable = upgradeable;
70
+ this.summary = summary;
71
+ this.severity = severity;
72
+ this.depth = depth;
73
+ this.cwes = cwes;
74
+ this.isDirect = isDirect;
75
+ this.dependencyPath = dependencyPath;
76
+ }
77
+ }
78
+ __decorate([
79
+ (0, rewrite_1.Column)({
80
+ displayName: "Source Path",
81
+ description: "Path to the package.json file where the vulnerability was found"
82
+ })
83
+ ], VulnerabilityReportRow.prototype, "sourcePath", void 0);
84
+ __decorate([
85
+ (0, rewrite_1.Column)({
86
+ displayName: "CVE",
87
+ description: "The CVE identifier of the vulnerability"
88
+ })
89
+ ], VulnerabilityReportRow.prototype, "cve", void 0);
90
+ __decorate([
91
+ (0, rewrite_1.Column)({
92
+ displayName: "Package",
93
+ description: "The name of the vulnerable package"
94
+ })
95
+ ], VulnerabilityReportRow.prototype, "packageName", void 0);
96
+ __decorate([
97
+ (0, rewrite_1.Column)({
98
+ displayName: "Version",
99
+ description: "The resolved version of the package"
100
+ })
101
+ ], VulnerabilityReportRow.prototype, "version", void 0);
102
+ __decorate([
103
+ (0, rewrite_1.Column)({
104
+ displayName: "Fixed Version",
105
+ description: "The version that fixes the vulnerability"
106
+ })
107
+ ], VulnerabilityReportRow.prototype, "fixedVersion", void 0);
108
+ __decorate([
109
+ (0, rewrite_1.Column)({
110
+ displayName: "Last Affected",
111
+ description: "The last version affected by the vulnerability"
112
+ })
113
+ ], VulnerabilityReportRow.prototype, "lastAffectedVersion", void 0);
114
+ __decorate([
115
+ (0, rewrite_1.Column)({
116
+ displayName: "Upgradeable",
117
+ description: "Whether the vulnerability can be fixed with a version upgrade within the maximum delta"
118
+ })
119
+ ], VulnerabilityReportRow.prototype, "upgradeable", void 0);
120
+ __decorate([
121
+ (0, rewrite_1.Column)({
122
+ displayName: "Summary",
123
+ description: "Brief description of the vulnerability"
124
+ })
125
+ ], VulnerabilityReportRow.prototype, "summary", void 0);
126
+ __decorate([
127
+ (0, rewrite_1.Column)({
128
+ displayName: "Severity",
129
+ description: "Severity level of the vulnerability"
130
+ })
131
+ ], VulnerabilityReportRow.prototype, "severity", void 0);
132
+ __decorate([
133
+ (0, rewrite_1.Column)({
134
+ displayName: "Depth",
135
+ description: "Depth in the dependency tree (0 = direct, 1+ = transitive)"
136
+ })
137
+ ], VulnerabilityReportRow.prototype, "depth", void 0);
138
+ __decorate([
139
+ (0, rewrite_1.Column)({
140
+ displayName: "CWEs",
141
+ description: "CWE identifiers associated with this vulnerability"
142
+ })
143
+ ], VulnerabilityReportRow.prototype, "cwes", void 0);
144
+ __decorate([
145
+ (0, rewrite_1.Column)({
146
+ displayName: "Is Direct",
147
+ description: "Whether this is a direct dependency"
148
+ })
149
+ ], VulnerabilityReportRow.prototype, "isDirect", void 0);
150
+ __decorate([
151
+ (0, rewrite_1.Column)({
152
+ displayName: "Dependency Path",
153
+ description: "Path showing how the vulnerable dependency is brought in (e.g., 'dependencies > lodash@4.0.0 > vulnerable-pkg@1.0.0')"
154
+ })
155
+ ], VulnerabilityReportRow.prototype, "dependencyPath", void 0);
156
+ class DependencyVulnerabilityCheck extends rewrite_1.ScanningRecipe {
157
+ constructor() {
158
+ super(...arguments);
159
+ this.name = "org.openrewrite.node.dependency-vulnerability-check";
160
+ this.displayName = "Find and fix vulnerable npm dependencies";
161
+ this.description = "This software composition analysis (SCA) tool detects and upgrades dependencies with publicly " +
162
+ "disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and " +
163
+ "upgrades to newer versions with fixes. This recipe by default only upgrades to the latest **patch** version. " +
164
+ "If a minor or major upgrade is required to reach the fixed version, this can be controlled using the `maximumUpgradeDelta` option. " +
165
+ "Vulnerability information comes from the GitHub Security Advisory Database.";
166
+ this.vulnerabilityReport = new rewrite_1.DataTable("org.openrewrite.nodejs.table.VulnerabilityReport", "Vulnerability Report", "Lists all vulnerabilities found in project dependencies.", VulnerabilityReportRow);
167
+ }
168
+ initialValue(_ctx) {
169
+ return Object.assign(Object.assign({}, (0, javascript_1.createDependencyRecipeAccumulator)()), { db: vulnerability_1.VulnerabilityDatabase.load(), vulnerableByProject: new Map(), fixesByProject: new Map() });
170
+ }
171
+ getMinimumSeverity() {
172
+ return this.minimumSeverity ? (0, vulnerability_1.parseSeverity)(this.minimumSeverity) : vulnerability_1.Severity.LOW;
173
+ }
174
+ getMaximumUpgradeDelta() {
175
+ return this.maximumUpgradeDelta || 'patch';
176
+ }
177
+ isReportOnly() {
178
+ return this.getMaximumUpgradeDelta() === 'none';
179
+ }
180
+ matchesCvePattern(vulnerability) {
181
+ if (!this.cvePattern) {
182
+ return true;
183
+ }
184
+ try {
185
+ const regex = new RegExp(this.cvePattern);
186
+ return regex.test(vulnerability.cve);
187
+ }
188
+ catch (_a) {
189
+ return true;
190
+ }
191
+ }
192
+ isVersionAffected(version, vulnerability) {
193
+ try {
194
+ const v = semver.parse(version);
195
+ if (!v)
196
+ return false;
197
+ if (vulnerability.introducedVersion && vulnerability.introducedVersion !== '0') {
198
+ const introduced = semver.parse(vulnerability.introducedVersion);
199
+ if (introduced && semver.lt(v, introduced)) {
200
+ return false;
201
+ }
202
+ }
203
+ if (vulnerability.fixedVersion) {
204
+ const fixed = semver.parse(vulnerability.fixedVersion);
205
+ if (fixed && semver.gte(v, fixed)) {
206
+ return false;
207
+ }
208
+ return true;
209
+ }
210
+ if (vulnerability.lastAffectedVersion) {
211
+ const lastAffected = semver.parse(vulnerability.lastAffectedVersion);
212
+ if (lastAffected && semver.gt(v, lastAffected)) {
213
+ return false;
214
+ }
215
+ return true;
216
+ }
217
+ return true;
218
+ }
219
+ catch (_a) {
220
+ return false;
221
+ }
222
+ }
223
+ isUpgradeableWithinDelta(currentVersion, vulnerability) {
224
+ if (this.isReportOnly()) {
225
+ return false;
226
+ }
227
+ try {
228
+ const current = semver.parse(currentVersion);
229
+ if (!current)
230
+ return false;
231
+ const delta = this.getMaximumUpgradeDelta();
232
+ if (vulnerability.fixedVersion) {
233
+ const fixed = semver.parse(vulnerability.fixedVersion);
234
+ if (!fixed)
235
+ return false;
236
+ switch (delta) {
237
+ case 'patch':
238
+ return current.major === fixed.major && current.minor === fixed.minor;
239
+ case 'minor':
240
+ return current.major === fixed.major;
241
+ case 'major':
242
+ return true;
243
+ case 'none':
244
+ return false;
245
+ }
246
+ }
247
+ if (vulnerability.lastAffectedVersion) {
248
+ const lastAffected = semver.parse(vulnerability.lastAffectedVersion);
249
+ if (!lastAffected)
250
+ return false;
251
+ switch (delta) {
252
+ case 'patch':
253
+ return current.major === lastAffected.major &&
254
+ current.minor === lastAffected.minor;
255
+ case 'minor':
256
+ return current.major === lastAffected.major;
257
+ case 'major':
258
+ return true;
259
+ case 'none':
260
+ return false;
261
+ }
262
+ }
263
+ return false;
264
+ }
265
+ catch (_a) {
266
+ return false;
267
+ }
268
+ }
269
+ getUpgradeVersion(vulnerability) {
270
+ if (vulnerability.fixedVersion) {
271
+ return vulnerability.fixedVersion;
272
+ }
273
+ return undefined;
274
+ }
275
+ renderPath(scope, path) {
276
+ const parts = [];
277
+ if (scope) {
278
+ parts.push(scope);
279
+ }
280
+ for (const seg of path) {
281
+ parts.push(`${seg.name}@${seg.version}`);
282
+ }
283
+ return parts.join(' > ');
284
+ }
285
+ findVulnerabilities(resolved, db, depth, isDirect, scope, path, visited, results) {
286
+ const key = `${resolved.name}@${resolved.version}`;
287
+ if (visited.has(key))
288
+ return;
289
+ visited.add(key);
290
+ const currentPath = [...path, { name: resolved.name, version: resolved.version }];
291
+ const vulns = db.getVulnerabilities(resolved.name);
292
+ for (const vuln of vulns) {
293
+ if ((0, vulnerability_1.severityOrdinal)(vuln.severity) < (0, vulnerability_1.severityOrdinal)(this.getMinimumSeverity())) {
294
+ continue;
295
+ }
296
+ if (!this.matchesCvePattern(vuln)) {
297
+ continue;
298
+ }
299
+ if (this.isVersionAffected(resolved.version, vuln)) {
300
+ results.push({
301
+ resolved,
302
+ vulnerability: vuln,
303
+ depth,
304
+ isDirect,
305
+ scope,
306
+ path: currentPath
307
+ });
308
+ }
309
+ }
310
+ if (this.overrideTransitive) {
311
+ const transitives = [
312
+ ...(resolved.dependencies || []),
313
+ ...(resolved.devDependencies || []),
314
+ ...(resolved.peerDependencies || []),
315
+ ...(resolved.optionalDependencies || [])
316
+ ];
317
+ for (const dep of transitives) {
318
+ if (dep.resolved) {
319
+ this.findVulnerabilities(dep.resolved, db, depth + 1, false, scope, currentPath, visited, results);
320
+ }
321
+ }
322
+ }
323
+ }
324
+ computeFixes(vulnerabilities) {
325
+ if (this.isReportOnly()) {
326
+ return [];
327
+ }
328
+ const byPackage = new Map();
329
+ for (const vuln of vulnerabilities) {
330
+ const existing = byPackage.get(vuln.resolved.name) || [];
331
+ existing.push(vuln);
332
+ byPackage.set(vuln.resolved.name, existing);
333
+ }
334
+ const fixes = [];
335
+ for (const [packageName, vulns] of byPackage) {
336
+ let highestFixVersion;
337
+ const cves = [];
338
+ let isTransitive = true;
339
+ let scope;
340
+ for (const vuln of vulns) {
341
+ if (!this.isUpgradeableWithinDelta(vuln.resolved.version, vuln.vulnerability)) {
342
+ continue;
343
+ }
344
+ const fixVersion = this.getUpgradeVersion(vuln.vulnerability);
345
+ if (fixVersion) {
346
+ if (!highestFixVersion || semver.gt(fixVersion, highestFixVersion)) {
347
+ highestFixVersion = fixVersion;
348
+ }
349
+ }
350
+ cves.push(vuln.vulnerability.cve);
351
+ if (vuln.isDirect) {
352
+ isTransitive = false;
353
+ scope = vuln.scope;
354
+ }
355
+ }
356
+ if (highestFixVersion && cves.length > 0) {
357
+ fixes.push({
358
+ packageName,
359
+ newVersion: highestFixVersion,
360
+ isTransitive,
361
+ cves,
362
+ scope
363
+ });
364
+ }
365
+ }
366
+ return fixes;
367
+ }
368
+ scanner(acc) {
369
+ return __awaiter(this, void 0, void 0, function* () {
370
+ const recipe = this;
371
+ return new class extends json_1.JsonVisitor {
372
+ visitDocument(doc, _ctx) {
373
+ return __awaiter(this, void 0, void 0, function* () {
374
+ var _a;
375
+ if (!doc.sourcePath.endsWith('package.json')) {
376
+ return doc;
377
+ }
378
+ const marker = (0, javascript_1.findNodeResolutionResult)(doc);
379
+ if (!marker) {
380
+ return doc;
381
+ }
382
+ const vulnerabilities = [];
383
+ const visited = new Set();
384
+ const scopesToCheck = recipe.scope
385
+ ? [recipe.scope]
386
+ : ['dependencies', 'devDependencies', 'peerDependencies', 'optionalDependencies'];
387
+ for (const scope of scopesToCheck) {
388
+ const deps = marker[scope] || [];
389
+ for (const dep of deps) {
390
+ if (dep.resolved) {
391
+ recipe.findVulnerabilities(dep.resolved, acc.db, 0, true, scope, [], visited, vulnerabilities);
392
+ }
393
+ }
394
+ }
395
+ if (vulnerabilities.length > 0) {
396
+ acc.vulnerableByProject.set(doc.sourcePath, vulnerabilities);
397
+ const fixes = recipe.computeFixes(vulnerabilities);
398
+ if (fixes.length > 0) {
399
+ acc.fixesByProject.set(doc.sourcePath, fixes);
400
+ const projectDir = path.dirname(path.resolve(doc.sourcePath));
401
+ const pm = (_a = marker.packageManager) !== null && _a !== void 0 ? _a : "Npm";
402
+ acc.projectsToUpdate.set(doc.sourcePath, {
403
+ projectDir,
404
+ packageJsonPath: doc.sourcePath,
405
+ originalPackageJson: yield this.printDocument(doc),
406
+ packageManager: pm
407
+ });
408
+ }
409
+ }
410
+ return doc;
411
+ });
412
+ }
413
+ printDocument(doc) {
414
+ return __awaiter(this, void 0, void 0, function* () {
415
+ return rewrite_2.TreePrinters.print(doc);
416
+ });
417
+ }
418
+ };
419
+ });
420
+ }
421
+ getRecipeList() {
422
+ return __awaiter(this, void 0, void 0, function* () {
423
+ return [];
424
+ });
425
+ }
426
+ editorWithData(acc) {
427
+ return __awaiter(this, void 0, void 0, function* () {
428
+ const recipe = this;
429
+ const YAML_LOCK_FILES = ['pnpm-lock.yaml', 'yarn.lock'];
430
+ return new class extends rewrite_1.TreeVisitor {
431
+ accept(tree, ctx) {
432
+ return __awaiter(this, void 0, void 0, function* () {
433
+ if ((0, json_1.isJson)(tree) && tree.kind === json_1.Json.Kind.Document) {
434
+ return this.handleJsonDocument(tree, ctx);
435
+ }
436
+ if ((0, yaml_1.isYaml)(tree) && (0, yaml_1.isDocuments)(tree)) {
437
+ const basename = path.basename(tree.sourcePath);
438
+ if (YAML_LOCK_FILES.includes(basename)) {
439
+ return this.handleYamlLockFile(tree, ctx);
440
+ }
441
+ }
442
+ if ((0, text_1.isPlainText)(tree)) {
443
+ const basename = path.basename(tree.sourcePath);
444
+ if (basename === 'yarn.lock') {
445
+ return this.handlePlainTextLockFile(tree, ctx);
446
+ }
447
+ }
448
+ return tree;
449
+ });
450
+ }
451
+ handleJsonDocument(doc, ctx) {
452
+ return __awaiter(this, void 0, void 0, function* () {
453
+ const sourcePath = doc.sourcePath;
454
+ if (sourcePath.endsWith('package.json')) {
455
+ return this.handlePackageJson(doc, ctx);
456
+ }
457
+ const updatedLockContent = (0, javascript_1.getUpdatedLockFileContent)(sourcePath, acc);
458
+ if (updatedLockContent) {
459
+ return yield new json_1.JsonParser({}).parseOne({
460
+ text: updatedLockContent,
461
+ sourcePath: doc.sourcePath
462
+ });
463
+ }
464
+ return doc;
465
+ });
466
+ }
467
+ handleYamlLockFile(docs, _ctx) {
468
+ return __awaiter(this, void 0, void 0, function* () {
469
+ const sourcePath = docs.sourcePath;
470
+ const updatedLockContent = (0, javascript_1.getUpdatedLockFileContent)(sourcePath, acc);
471
+ if (updatedLockContent) {
472
+ return yield new yaml_1.YamlParser({}).parseOne({
473
+ text: updatedLockContent,
474
+ sourcePath: docs.sourcePath
475
+ });
476
+ }
477
+ return docs;
478
+ });
479
+ }
480
+ handlePlainTextLockFile(text, _ctx) {
481
+ return __awaiter(this, void 0, void 0, function* () {
482
+ const sourcePath = text.sourcePath;
483
+ const updatedLockContent = (0, javascript_1.getUpdatedLockFileContent)(sourcePath, acc);
484
+ if (updatedLockContent) {
485
+ const parsed = yield new text_1.PlainTextParser({}).parseOne({
486
+ text: updatedLockContent,
487
+ sourcePath: text.sourcePath
488
+ });
489
+ return parsed;
490
+ }
491
+ return text;
492
+ });
493
+ }
494
+ handlePackageJson(doc, ctx) {
495
+ return __awaiter(this, void 0, void 0, function* () {
496
+ const vulnerabilities = acc.vulnerableByProject.get(doc.sourcePath);
497
+ if (!vulnerabilities || vulnerabilities.length === 0) {
498
+ return doc;
499
+ }
500
+ for (const vuln of vulnerabilities) {
501
+ const upgradeable = recipe.isUpgradeableWithinDelta(vuln.resolved.version, vuln.vulnerability);
502
+ recipe.vulnerabilityReport.insertRow(ctx, new VulnerabilityReportRow(doc.sourcePath, vuln.vulnerability.cve, vuln.resolved.name, vuln.resolved.version, vuln.vulnerability.fixedVersion || '', vuln.vulnerability.lastAffectedVersion || '', upgradeable, vuln.vulnerability.summary, vuln.vulnerability.severity, vuln.depth, vuln.vulnerability.cwes, vuln.isDirect, recipe.renderPath(vuln.scope, vuln.path)));
503
+ }
504
+ if (recipe.isReportOnly()) {
505
+ return doc;
506
+ }
507
+ const fixes = acc.fixesByProject.get(doc.sourcePath);
508
+ const updateInfo = acc.projectsToUpdate.get(doc.sourcePath);
509
+ if (!fixes || fixes.length === 0 || !updateInfo) {
510
+ return doc;
511
+ }
512
+ const failureMessage = yield (0, javascript_1.runInstallIfNeeded)(doc.sourcePath, acc, () => recipe.runPackageManagerInstall(acc, updateInfo, fixes));
513
+ if (failureMessage) {
514
+ return (0, rewrite_1.markupWarn)(doc, `Failed to fix vulnerabilities in ${doc.sourcePath}`, failureMessage);
515
+ }
516
+ let result = doc;
517
+ for (const fix of fixes) {
518
+ if (!fix.isTransitive && fix.scope) {
519
+ const visitor = new UpdateVersionVisitor(fix.packageName, fix.newVersion, fix.scope);
520
+ result = (yield visitor.visit(result, undefined));
521
+ }
522
+ }
523
+ return (0, javascript_1.updateNodeResolutionMarker)(result, updateInfo, acc);
524
+ });
525
+ }
526
+ };
527
+ });
528
+ }
529
+ runPackageManagerInstall(acc, updateInfo, fixes) {
530
+ return __awaiter(this, void 0, void 0, function* () {
531
+ const modifiedPackageJson = this.createModifiedPackageJson(updateInfo.originalPackageJson, fixes);
532
+ const result = yield (0, javascript_1.runInstallInTempDir)(updateInfo.projectDir, updateInfo.packageManager, modifiedPackageJson);
533
+ (0, javascript_1.storeInstallResult)(result, acc, updateInfo, modifiedPackageJson);
534
+ });
535
+ }
536
+ createModifiedPackageJson(originalContent, fixes) {
537
+ const packageJson = JSON.parse(originalContent);
538
+ for (const fix of fixes) {
539
+ if (!fix.isTransitive && fix.scope) {
540
+ if (packageJson[fix.scope] && packageJson[fix.scope][fix.packageName]) {
541
+ packageJson[fix.scope][fix.packageName] = fix.newVersion;
542
+ }
543
+ }
544
+ }
545
+ return JSON.stringify(packageJson, null, 2);
546
+ }
547
+ }
548
+ exports.DependencyVulnerabilityCheck = DependencyVulnerabilityCheck;
549
+ __decorate([
550
+ (0, rewrite_1.Option)({
551
+ displayName: "Scope",
552
+ description: "Match dependencies with the specified scope. Default includes all scopes. " +
553
+ "Use 'dependencies' for production dependencies, 'devDependencies' for development only, etc.",
554
+ required: false,
555
+ example: "dependencies",
556
+ valid: ["dependencies", "devDependencies", "peerDependencies", "optionalDependencies"]
557
+ })
558
+ ], DependencyVulnerabilityCheck.prototype, "scope", void 0);
559
+ __decorate([
560
+ (0, rewrite_1.Option)({
561
+ displayName: "Override transitives",
562
+ description: "When enabled, transitive dependencies with vulnerabilities will have their versions overridden " +
563
+ "using npm overrides, yarn resolutions, or pnpm overrides. " +
564
+ "By default only direct dependencies have their version numbers upgraded.",
565
+ required: false,
566
+ example: "true"
567
+ })
568
+ ], DependencyVulnerabilityCheck.prototype, "overrideTransitive", void 0);
569
+ __decorate([
570
+ (0, rewrite_1.Option)({
571
+ displayName: "Maximum upgrade delta",
572
+ description: "The maximum difference to allow when upgrading a dependency version. " +
573
+ "Use 'none' to only report vulnerabilities without making any changes. " +
574
+ "Patch version upgrades are the default and safest option. " +
575
+ "Minor version upgrades can introduce new features but typically no breaking changes. " +
576
+ "Major version upgrades may require code changes.",
577
+ required: false,
578
+ example: "patch",
579
+ valid: ["none", "patch", "minor", "major"]
580
+ })
581
+ ], DependencyVulnerabilityCheck.prototype, "maximumUpgradeDelta", void 0);
582
+ __decorate([
583
+ (0, rewrite_1.Option)({
584
+ displayName: "Minimum severity",
585
+ description: "Only fix vulnerabilities with a severity level equal to or higher than the specified minimum. " +
586
+ "Vulnerabilities are classified as LOW, MODERATE, HIGH, or CRITICAL based on their potential impact. " +
587
+ "Default is LOW, which includes all severity levels.",
588
+ required: false,
589
+ example: "MODERATE",
590
+ valid: ["LOW", "MODERATE", "HIGH", "CRITICAL"]
591
+ })
592
+ ], DependencyVulnerabilityCheck.prototype, "minimumSeverity", void 0);
593
+ __decorate([
594
+ (0, rewrite_1.Option)({
595
+ displayName: "CVE pattern",
596
+ description: "Only fix vulnerabilities matching this regular expression pattern. " +
597
+ "This allows filtering to specific CVEs or CVE ranges. " +
598
+ "For example, 'CVE-2023-.*' will only check for CVEs from 2023. " +
599
+ "If not specified, all CVEs will be checked.",
600
+ required: false,
601
+ example: "CVE-2023-.*"
602
+ })
603
+ ], DependencyVulnerabilityCheck.prototype, "cvePattern", void 0);
604
+ class UpdateVersionVisitor extends json_1.JsonVisitor {
605
+ constructor(packageName, newVersion, targetScope) {
606
+ super();
607
+ this.inTargetScope = false;
608
+ this.packageName = packageName;
609
+ this.newVersion = newVersion;
610
+ this.targetScope = targetScope;
611
+ }
612
+ visitMember(member, p) {
613
+ const _super = Object.create(null, {
614
+ visitMember: { get: () => super.visitMember }
615
+ });
616
+ return __awaiter(this, void 0, void 0, function* () {
617
+ const keyName = (0, json_1.getMemberKeyName)(member);
618
+ if (keyName === this.targetScope) {
619
+ this.inTargetScope = true;
620
+ const result = yield _super.visitMember.call(this, member, p);
621
+ this.inTargetScope = false;
622
+ return result;
623
+ }
624
+ if (this.inTargetScope && keyName === this.packageName) {
625
+ return this.updateVersion(member);
626
+ }
627
+ return _super.visitMember.call(this, member, p);
628
+ });
629
+ }
630
+ updateVersion(member) {
631
+ const value = member.value;
632
+ if (!(0, json_1.isLiteral)(value)) {
633
+ return member;
634
+ }
635
+ const newLiteral = Object.assign(Object.assign({}, value), { source: `"${this.newVersion}"`, value: this.newVersion });
636
+ return Object.assign(Object.assign({}, member), { value: newLiteral });
637
+ }
638
+ }
639
+ //# sourceMappingURL=dependency-vulnerability-check.js.map
package/dist/security/dependency-vulnerability-check.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dependency-vulnerability-check.js","sourceRoot":"","sources":["../../src/security/dependency-vulnerability-check.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,kDAAwI;AACxI,oDAA6G;AAC7G,kDAAkD;AAClD,oDAAkF;AAClF,oDAAgF;AAChF,gEAYyC;AACzC,+CAAiC;AACjC,2CAA6B;AAC7B,mDAA+G;AAW/G,MAAM,sBAAsB;IA+ExB,YACI,UAAkB,EAClB,GAAW,EACX,WAAmB,EACnB,OAAe,EACf,YAAoB,EACpB,mBAA2B,EAC3B,WAAoB,EACpB,OAAe,EACf,QAAgB,EAChB,KAAa,EACb,IAAY,EACZ,QAAiB,EACjB,cAAsB;QAEtB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;QAC/C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACzC,CAAC;CACJ;AAvGG;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,aAAa;QAC1B,WAAW,EAAE,iEAAiE;KACjF,CAAC;0DACkB;AAMpB;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,KAAK;QAClB,WAAW,EAAE,yCAAyC;KACzD,CAAC;mDACW;AAMb;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,SAAS;QACtB,WAAW,EAAE,oCAAoC;KACpD,CAAC;2DACmB;AAMrB;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,SAAS;QACtB,WAAW,EAAE,qCAAqC;KACrD,CAAC;uDACe;AAMjB;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,eAAe;QAC5B,WAAW,EAAE,0CAA0C;KAC1D,CAAC;4DACoB;AAMtB;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,eAAe;QAC5B,WAAW,EAAE,gDAAgD;KAChE,CAAC;mEAC2B;AAM7B;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,aAAa;QAC1B,WAAW,EAAE,wFAAwF;KACxG,CAAC;2DACoB;AAMtB;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,SAAS;QACtB,WAAW,EAAE,wCAAwC;KACxD,CAAC;uDACe;AAMjB;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,UAAU;QACvB,WAAW,EAAE,qCAAqC;KACrD,CAAC;wDACgB;AAMlB;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,OAAO;QACpB,WAAW,EAAE,4DAA4D;KAC5E,CAAC;qDACa;AAMf;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,MAAM;QACnB,WAAW,EAAE,oDAAoD;KACpE,CAAC;oDACY;AAMd;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,WAAW;QACxB,WAAW,EAAE,qCAAqC;KACrD,CAAC;wDACiB;AAMnB;IAJC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,iBAAiB;QAC9B,WAAW,EAAE,uHAAuH;KACvI,CAAC;8DACsB;AAmH5B,MAAa,4BAA6B,SAAQ,wBAA2B;IAA7E;;QACa,SAAI,GAAG,qDAAqD,CAAC;QAC7D,gBAAW,GAAG,0CAA0C,CAAC;QACzD,gBAAW,GAAG,gGAAgG;YACnH,gGAAgG;YAChG,+GAA+G;YAC/G,qIAAqI;YACrI,6EAA6E,CAAC;QAEjE,wBAAmB,GAAG,IAAI,mBAAS,CAChD,kDAAkD,EAClD,sBAAsB,EACtB,0DAA0D,EAC1D,sBAAsB,CACzB,CAAC;IAwnBN,CAAC;IA/jBG,YAAY,CAAC,IAAsB;QAC/B,uCAEO,IAAA,8CAAiC,GAAqB,KAEzD,EAAE,EAAE,qCAAqB,CAAC,IAAI,EAAE,EAChC,mBAAmB,EAAE,IAAI,GAAG,EAAE,EAC9B,cAAc,EAAE,IAAI,GAAG,EAAE,IAC3B;IACN,CAAC;IAEO,kBAAkB;QACtB,OAAO,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,IAAA,6BAAa,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,wBAAQ,CAAC,GAAG,CAAC;IACrF,CAAC;IAEO,sBAAsB;QAC1B,OAAO,IAAI,CAAC,mBAAmB,IAAI,OAAO,CAAC;IAC/C,CAAC;IAEO,YAAY;QAChB,OAAO,IAAI,CAAC,sBAAsB,EAAE,KAAK,MAAM,CAAC;IACpD,CAAC;IAKO,iBAAiB,CAAC,aAA4B;QAClD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,IAAI,CAAC;YACD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QACzC,CAAC;QAAC,WAAM,CAAC;YACL,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAKO,iBAAiB,CAAC,OAAe,EAAE,aAA4B;QACnE,IAAI,CAAC;YACD,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAChC,IAAI,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YAGrB,IAAI,aAAa,CAAC,iBAAiB,IAAI,aAAa,CAAC,iBAAiB,KAAK,GAAG,EAAE,CAAC;gBAC7E,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,iBAAiB,CAAC,CAAC;gBACjE,IAAI,UAAU,IAAI,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC;oBACzC,OAAO,KAAK,CAAC;gBACjB,CAAC;YACL,CAAC;YAGD,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACvD,IAAI,KAAK,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,CAAC;oBAChC,OAAO,KAAK,CAAC;gBACjB,CAAC;gBACD,OAAO,IAAI,CAAC;YAChB,CAAC;YAGD,IAAI,aAAa,CAAC,mBAAmB,EAAE,CAAC;gBACpC,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;gBACrE,IAAI,YAAY,IAAI,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC;oBAC7C,OAAO,KAAK,CAAC;gBACjB,CAAC;gBACD,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,OAAO,IAAI,CAAC;QAChB,CAAC;QAAC,WAAM,CAAC;YACL,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IAKO,wBAAwB,CAAC,cAAsB,EAAE,aAA4B;QACjF,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAC7C,IAAI,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YAE3B,MAAM,KAAK,GAAG,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAG5C,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACvD,IAAI,CAAC,KAAK;oBAAE,OAAO,KAAK,CAAC;gBAEzB,QAAQ,KAAK,EAAE,CAAC;oBACZ,KAAK,OAAO;wBACR,OAAO,OAAO,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,CAAC;oBAC1E,KAAK,OAAO;wBACR,OAAO,OAAO,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,CAAC;oBACzC,KAAK,OAAO;wBACR,OAAO,IAAI,CAAC;oBAChB,KAAK,MAAM;wBACP,OAAO,KAAK,CAAC;gBACrB,CAAC;YACL,CAAC;YAID,IAAI,aAAa,CAAC,mBAAmB,EAAE,CAAC;gBACpC,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;gBACrE,IAAI,CAAC,YAAY;oBAAE,OAAO,KAAK,CAAC;gBAEhC,QAAQ,KAAK,EAAE,CAAC;oBACZ,KAAK,OAAO;wBACR,OAAO,OAAO,CAAC,KAAK,KAAK,YAAY,CAAC,KAAK;4BACpC,OAAO,CAAC,KAAK,KAAK,YAAY,CAAC,KAAK,CAAC;oBAChD,KAAK,OAAO;wBACR,OAAO,OAAO,CAAC,KAAK,KAAK,YAAY,CAAC,KAAK,CAAC;oBAChD,KAAK,OAAO;wBACR,OAAO,IAAI,CAAC;oBAChB,KAAK,MAAM;wBACP,OAAO,KAAK,CAAC;gBACrB,CAAC;YACL,CAAC;YAED,OAAO,KAAK,CAAC;QACjB,CAAC;QAAC,WAAM,CAAC;YACL,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IAKO,iBAAiB,CAAC,aAA4B;QAClD,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC;YAC7B,OAAO,aAAa,CAAC,YAAY,CAAC;QACtC,CAAC;QAID,OAAO,SAAS,CAAC;IACrB,CAAC;IAMO,UAAU,CAAC,KAAkC,EAAE,IAAmB;QACtE,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,KAAK,EAAE,CAAC;YACR,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACrB,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAKO,mBAAmB,CACvB,QAA4B,EAC5B,EAAyB,EACzB,KAAa,EACb,QAAiB,EACjB,KAAkC,EAClC,IAAmB,EACnB,OAAoB,EACpB,OAA+B;QAE/B,MAAM,GAAG,GAAG,GAAG,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACnD,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO;QAC7B,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAGjB,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QAGlF,MAAM,KAAK,GAAG,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YAEvB,IAAI,IAAA,+BAAe,EAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,IAAA,+BAAe,EAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC,EAAE,CAAC;gBAC9E,SAAS;YACb,CAAC;YAGD,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,SAAS;YACb,CAAC;YAGD,IAAI,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;gBACjD,OAAO,CAAC,IAAI,CAAC;oBACT,QAAQ;oBACR,aAAa,EAAE,IAAI;oBACnB,KAAK;oBACL,QAAQ;oBACR,KAAK;oBACL,IAAI,EAAE,WAAW;iBACpB,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAGD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC1B,MAAM,WAAW,GAAG;gBAChB,GAAG,CAAC,QAAQ,CAAC,YAAY,IAAI,EAAE,CAAC;gBAChC,GAAG,CAAC,QAAQ,CAAC,eAAe,IAAI,EAAE,CAAC;gBACnC,GAAG,CAAC,QAAQ,CAAC,gBAAgB,IAAI,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,CAAC,oBAAoB,IAAI,EAAE,CAAC;aAC3C,CAAC;YAEF,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;gBAC5B,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACf,IAAI,CAAC,mBAAmB,CACpB,GAAG,CAAC,QAAQ,EACZ,EAAE,EACF,KAAK,GAAG,CAAC,EACT,KAAK,EACL,KAAK,EACL,WAAW,EACX,OAAO,EACP,OAAO,CACV,CAAC;gBACN,CAAC;YACL,CAAC;QACL,CAAC;IACL,CAAC;IAMO,YAAY,CAAC,eAAuC;QACxD,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACtB,OAAO,EAAE,CAAC;QACd,CAAC;QAGD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkC,CAAC;QAC5D,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACzD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpB,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,KAAK,GAAuB,EAAE,CAAC;QAErC,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,SAAS,EAAE,CAAC;YAE3C,IAAI,iBAAqC,CAAC;YAC1C,MAAM,IAAI,GAAa,EAAE,CAAC;YAC1B,IAAI,YAAY,GAAG,IAAI,CAAC;YACxB,IAAI,KAAkC,CAAC;YAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBAEvB,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;oBAC5E,SAAS;gBACb,CAAC;gBAED,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAC9D,IAAI,UAAU,EAAE,CAAC;oBACb,IAAI,CAAC,iBAAiB,IAAI,MAAM,CAAC,EAAE,CAAC,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;wBACjE,iBAAiB,GAAG,UAAU,CAAC;oBACnC,CAAC;gBACL,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;gBAElC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAChB,YAAY,GAAG,KAAK,CAAC;oBACrB,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBACvB,CAAC;YACL,CAAC;YAED,IAAI,iBAAiB,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvC,KAAK,CAAC,IAAI,CAAC;oBACP,WAAW;oBACX,UAAU,EAAE,iBAAiB;oBAC7B,YAAY;oBACZ,IAAI;oBACJ,KAAK;iBACR,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAEK,OAAO,CAAC,GAAgB;;YAC1B,MAAM,MAAM,GAAG,IAAI,CAAC;YAEpB,OAAO,IAAI,KAAM,SAAQ,kBAA6B;gBAClC,aAAa,CAAC,GAAkB,EAAE,IAAsB;;;wBAEpE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;4BAC3C,OAAO,GAAG,CAAC;wBACf,CAAC;wBAED,MAAM,MAAM,GAAG,IAAA,qCAAwB,EAAC,GAAG,CAAC,CAAC;wBAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;4BACV,OAAO,GAAG,CAAC;wBACf,CAAC;wBAED,MAAM,eAAe,GAA2B,EAAE,CAAC;wBACnD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;wBAGlC,MAAM,aAAa,GAAsB,MAAM,CAAC,KAAK;4BACjD,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;4BAChB,CAAC,CAAC,CAAC,cAAc,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;wBAEtF,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;4BAChC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BACjC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gCACrB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oCACf,MAAM,CAAC,mBAAmB,CACtB,GAAG,CAAC,QAAQ,EACZ,GAAG,CAAC,EAAE,EACN,CAAC,EACD,IAAI,EACJ,KAAK,EACL,EAAE,EACF,OAAO,EACP,eAAe,CAClB,CAAC;gCACN,CAAC;4BACL,CAAC;wBACL,CAAC;wBAED,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BAC7B,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;4BAG7D,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;4BACnD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gCACnB,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;gCAG9C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;gCAC9D,MAAM,EAAE,GAAG,MAAA,MAAM,CAAC,cAAc,wCAAsB,CAAC;gCAEvD,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE;oCACrC,UAAU;oCACV,eAAe,EAAE,GAAG,CAAC,UAAU;oCAC/B,mBAAmB,EAAE,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC;oCAClD,cAAc,EAAE,EAAE;iCACrB,CAAC,CAAC;4BACP,CAAC;wBACL,CAAC;wBAED,OAAO,GAAG,CAAC;oBACf,CAAC;iBAAA;gBAEa,aAAa,CAAC,GAAkB;;wBAC1C,OAAO,sBAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACnC,CAAC;iBAAA;aACJ,CAAC;QACN,CAAC;KAAA;IAKK,aAAa;;YAGf,OAAO,EAAE,CAAC;QACd,CAAC;KAAA;IAEK,cAAc,CAAC,GAAgB;;YACjC,MAAM,MAAM,GAAG,IAAI,CAAC;YAGpB,MAAM,eAAe,GAAG,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;YAGxD,OAAO,IAAI,KAAM,SAAQ,qBAAmC;gBACxC,MAAM,CAAC,IAAU,EAAE,GAAqB;;wBAEpD,IAAI,IAAA,aAAM,EAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,WAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;4BACnD,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAqB,EAAE,GAAG,CAAC,CAAC;wBAC/D,CAAC;wBAGD,IAAI,IAAA,aAAM,EAAC,IAAI,CAAC,IAAI,IAAA,kBAAW,EAAC,IAAI,CAAC,EAAE,CAAC;4BACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;4BAChD,IAAI,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gCACrC,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;4BAC9C,CAAC;wBACL,CAAC;wBAGD,IAAI,IAAA,kBAAW,EAAC,IAAI,CAAC,EAAE,CAAC;4BACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;4BAChD,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;gCAC3B,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAiB,EAAE,GAAG,CAAC,CAAC;4BAChE,CAAC;wBACL,CAAC;wBAED,OAAO,IAAI,CAAC;oBAChB,CAAC;iBAAA;gBAEa,kBAAkB,CAAC,GAAkB,EAAE,GAAqB;;wBACtE,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;wBAGlC,IAAI,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;4BACtC,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;wBAC5C,CAAC;wBAGD,MAAM,kBAAkB,GAAG,IAAA,sCAAyB,EAAC,UAAU,EAAE,GAAG,CAAC,CAAC;wBACtE,IAAI,kBAAkB,EAAE,CAAC;4BACrB,OAAO,MAAM,IAAI,iBAAU,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC;gCACrC,IAAI,EAAE,kBAAkB;gCACxB,UAAU,EAAE,GAAG,CAAC,UAAU;6BAC7B,CAAkB,CAAC;wBACxB,CAAC;wBAED,OAAO,GAAG,CAAC;oBACf,CAAC;iBAAA;gBAEa,kBAAkB,CAAC,IAAoB,EAAE,IAAsB;;wBACzE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;wBAGnC,MAAM,kBAAkB,GAAG,IAAA,sCAAyB,EAAC,UAAU,EAAE,GAAG,CAAC,CAAC;wBACtE,IAAI,kBAAkB,EAAE,CAAC;4BACrB,OAAO,MAAM,IAAI,iBAAU,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC;gCACrC,IAAI,EAAE,kBAAkB;gCACxB,UAAU,EAAE,IAAI,CAAC,UAAU;6BAC9B,CAAmB,CAAC;wBACzB,CAAC;wBAED,OAAO,IAAI,CAAC;oBAChB,CAAC;iBAAA;gBAEa,uBAAuB,CAAC,IAAe,EAAE,IAAsB;;wBACzE,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;wBAGnC,MAAM,kBAAkB,GAAG,IAAA,sCAAyB,EAAC,UAAU,EAAE,GAAG,CAAC,CAAC;wBACtE,IAAI,kBAAkB,EAAE,CAAC;4BAErB,MAAM,MAAM,GAAG,MAAM,IAAI,sBAAe,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC;gCAClD,IAAI,EAAE,kBAAkB;gCACxB,UAAU,EAAE,IAAI,CAAC,UAAU;6BAC9B,CAAC,CAAC;4BACH,OAAO,MAAmB,CAAC;wBAC/B,CAAC;wBAED,OAAO,IAAI,CAAC;oBAChB,CAAC;iBAAA;gBAEa,iBAAiB,CAAC,GAAkB,EAAE,GAAqB;;wBACrE,MAAM,eAAe,GAAG,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;wBACpE,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;4BACnD,OAAO,GAAG,CAAC;wBACf,CAAC;wBAGD,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;4BACjC,MAAM,WAAW,GAAG,MAAM,CAAC,wBAAwB,CAC/C,IAAI,CAAC,QAAQ,CAAC,OAAO,EACrB,IAAI,CAAC,aAAa,CACrB,CAAC;4BAEF,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,sBAAsB,CAChE,GAAG,CAAC,UAAU,EACd,IAAI,CAAC,aAAa,CAAC,GAAG,EACtB,IAAI,CAAC,QAAQ,CAAC,IAAI,EAClB,IAAI,CAAC,QAAQ,CAAC,OAAO,EACrB,IAAI,CAAC,aAAa,CAAC,YAAY,IAAI,EAAE,EACrC,IAAI,CAAC,aAAa,CAAC,mBAAmB,IAAI,EAAE,EAC5C,WAAW,EACX,IAAI,CAAC,aAAa,CAAC,OAAO,EAC1B,IAAI,CAAC,aAAa,CAAC,QAAQ,EAC3B,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,aAAa,CAAC,IAAI,EACvB,IAAI,CAAC,QAAQ,EACb,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAC3C,CAAC,CAAC;wBACP,CAAC;wBAGD,IAAI,MAAM,CAAC,YAAY,EAAE,EAAE,CAAC;4BACxB,OAAO,GAAG,CAAC;wBACf,CAAC;wBAED,MAAM,KAAK,GAAG,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;wBACrD,MAAM,UAAU,GAAG,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;wBAC5D,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;4BAC9C,OAAO,GAAG,CAAC;wBACf,CAAC;wBAGD,MAAM,cAAc,GAAG,MAAM,IAAA,+BAAkB,EAAC,GAAG,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,EAAE,CACtE,MAAM,CAAC,wBAAwB,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,CAAC,CAC1D,CAAC;wBACF,IAAI,cAAc,EAAE,CAAC;4BACjB,OAAO,IAAA,oBAAU,EACb,GAAG,EACH,oCAAoC,GAAG,CAAC,UAAU,EAAE,EACpD,cAAc,CACjB,CAAC;wBACN,CAAC;wBAGD,IAAI,MAAM,GAAkB,GAAG,CAAC;wBAChC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;4BACtB,IAAI,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gCACjC,MAAM,OAAO,GAAG,IAAI,oBAAoB,CACpC,GAAG,CAAC,WAAW,EACf,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,KAAK,CACZ,CAAC;gCACF,MAAM,IAAG,MAAM,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAkB,CAAA,CAAC;4BACrE,CAAC;wBACL,CAAC;wBAGD,OAAO,IAAA,uCAA0B,EAAC,MAAM,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;oBAC/D,CAAC;iBAAA;aACJ,CAAC;QACN,CAAC;KAAA;IAMa,wBAAwB,CAClC,GAAgB,EAChB,UAA6B,EAC7B,KAAyB;;YAGzB,MAAM,mBAAmB,GAAG,IAAI,CAAC,yBAAyB,CACtD,UAAU,CAAC,mBAAmB,EAC9B,KAAK,CACR,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,IAAA,gCAAmB,EACpC,UAAU,CAAC,UAAU,EACrB,UAAU,CAAC,cAAc,EACzB,mBAAmB,CACtB,CAAC;YAEF,IAAA,+BAAkB,EAAC,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,mBAAmB,CAAC,CAAC;QACrE,CAAC;KAAA;IAKO,yBAAyB,CAC7B,eAAuB,EACvB,KAAyB;QAEzB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAEhD,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;YACtB,IAAI,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBACjC,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;oBACpE,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC;gBAC7D,CAAC;YACL,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAChD,CAAC;CACJ;AAtoBD,oEAsoBC;AA9mBG;IARC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,OAAO;QACpB,WAAW,EAAE,4EAA4E;YACrF,8FAA8F;QAClG,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE,CAAC,cAAc,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,sBAAsB,CAAC;KACzF,CAAC;2DACsB;AAUxB;IARC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,sBAAsB;QACnC,WAAW,EAAE,iGAAiG;YAC1G,4DAA4D;YAC5D,0EAA0E;QAC9E,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,MAAM;KAClB,CAAC;wEAC2B;AAa7B;IAXC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,uEAAuE;YAChF,wEAAwE;YACxE,4DAA4D;YAC5D,uFAAuF;YACvF,kDAAkD;QACtD,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,OAAO;QAChB,KAAK,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC;KAC7C,CAAC;yEACiC;AAWnC;IATC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,kBAAkB;QAC/B,WAAW,EAAE,gGAAgG;YACzG,sGAAsG;YACtG,qDAAqD;QACzD,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,CAAC;KACjD,CAAC;qEACuB;AAWzB;IATC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,aAAa;QAC1B,WAAW,EAAE,qEAAqE;YAC9E,wDAAwD;YACxD,iEAAiE;YACjE,6CAA6C;QACjD,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,aAAa;KACzB,CAAC;gEACkB;AAskBxB,MAAM,oBAAqB,SAAQ,kBAAiB;IAMhD,YAAY,WAAmB,EAAE,UAAkB,EAAE,WAA4B;QAC7E,KAAK,EAAE,CAAC;QAHJ,kBAAa,GAAG,KAAK,CAAC;QAI1B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACnC,CAAC;IAEe,WAAW,CAAC,MAAmB,EAAE,CAAO;;;;;YAEpD,MAAM,OAAO,GAAG,IAAA,uBAAgB,EAAC,MAAM,CAAC,CAAC;YAEzC,IAAI,OAAO,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;gBAE/B,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;gBAC1B,MAAM,MAAM,GAAG,MAAM,OAAM,WAAW,YAAC,MAAM,EAAE,CAAC,CAAC,CAAC;gBAClD,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;gBAC3B,OAAO,MAAM,CAAC;YAClB,CAAC;YAGD,IAAI,IAAI,CAAC,aAAa,IAAI,OAAO,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;gBAErD,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACtC,CAAC;YAED,OAAO,OAAM,WAAW,YAAC,MAAM,EAAE,CAAC,EAAE;QACxC,CAAC;KAAA;IAEO,aAAa,CAAC,MAAmB;QACrC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAE3B,IAAI,CAAC,IAAA,gBAAS,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,OAAO,MAAM,CAAC;QAClB,CAAC;QAGD,MAAM,UAAU,mCACT,KAAK,KACR,MAAM,EAAE,IAAI,IAAI,CAAC,UAAU,GAAG,EAC9B,KAAK,EAAE,IAAI,CAAC,UAAU,GACzB,CAAC;QAEF,uCACO,MAAM,KACT,KAAK,EAAE,UAAU,IACnB;IACN,CAAC;CACJ"}