npm - @paklo/core - Versions diffs - 0.12.1 → 0.14.0 - Mend

@paklo/core 0.12.1 → 0.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/dist/azure/index.d.mts +54 -65
package/dist/azure/index.mjs +74 -68
package/dist/azure/index.mjs.map +1 -1
package/dist/dependabot/index.d.mts +3 -3
package/dist/dependabot/index.mjs +3 -3
package/dist/{index-BfwWezjJ.d.mts → ghsa-CqXOLQSp.d.mts} +1 -2
package/dist/github/index.d.mts +1 -1
package/dist/github/index.mjs +2 -2
package/dist/github/index.mjs.map +1 -1
package/dist/hono.d.mts +0 -1
package/dist/{job-ClEevC5P.mjs → job-Bb9WiMwE.mjs} +19 -12
package/dist/job-Bb9WiMwE.mjs.map +1 -0
package/dist/keygen.d.mts +1 -3
package/dist/logger.d.mts +1 -2
package/dist/logger.mjs +41 -2
package/dist/logger.mjs.map +1 -0
package/dist/usage.d.mts +1 -1
package/dist/usage.mjs +1 -1
package/dist/{dependabot-DAdoJJp4.mjs → utils-BVmUgc0p.mjs} +110 -25
package/dist/utils-BVmUgc0p.mjs.map +1 -0
package/dist/{index-rsiHDQ5U.d.mts → utils-CFTIkIwf.d.mts} +174 -90
package/package.json +9 -9
package/dist/dependabot-DAdoJJp4.mjs.map +0 -1
package/dist/job-ClEevC5P.mjs.map +0 -1
package/dist/logger-3Qfh9NUj.mjs +0 -42
package/dist/logger-3Qfh9NUj.mjs.map +0 -1

package/dist/dependabot/index.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { A as DependabotConfigSchema, B as parseDependabotConfig, C as DependabotSourceSchema, D as CONFIG_FILE_PATHS_GITHUB, E as CONFIG_FILE_PATHS_AZURE, F as DependabotRegistrySchema, G as extractPlaceholder, H as parseUpdates, I as DependabotScheduleSchema, K as makeDirectoryKey, L as DependabotUpdateSchema, M as DependabotGroupSchema, N as DependabotIgnoreConditionSchema, O as DependabotAllowConditionSchema, P as DependabotMultiEcosystemGroupSchema, R as PackageEcosystemSchema, S as DependabotSourceProviderSchema, T as CONFIG_FILE_NAMES, U as validateConfiguration, V as parseRegistries, W as convertPlaceholder, _ as DependabotPersistedPrSchema, a as DependabotCommitOptionsSchema, b as DependabotRequirementSourceSchema, c as DependabotDependencySchema, d as DependabotExperimentsSchema, f as DependabotGroupJobSchema, g as DependabotPackageManagerSchema, h as DependabotJobFileSchema, i as DependabotCommandSchema, j as DependabotCooldownSchema, k as DependabotCommitMessageSchema, l as DependabotExistingGroupPRSchema, m as DependabotJobConfigSchema, n as DEPENDABOT_COMMANDS, o as DependabotConditionSchema, p as DependabotGroupRuleJobSchema, r as DependabotAllowedSchema, s as DependabotCredentialSchema, t as CertificateAuthoritySchema, u as DependabotExistingPRSchema, v as DependabotProxyConfigSchema, w as BETA_ECOSYSTEMS, x as DependabotSecurityAdvisorySchema, y as DependabotRequirementSchema, z as VersioningStrategySchema } from "../job-ClEevC5P.mjs";
-import { A as DependabotJobBuilder, B as DEFAULT_EXPERIMENTS, C as DependabotRecordEcosystemMetaSchema, D as DependabotRecordUpdateJobWarningSchema, E as DependabotRecordUpdateJobUnknownErrorSchema, F as mapIgnoreConditionsFromDependabotConfigToJobConfig, G as DEPENDABOT_DEFAULT_AUTHOR_EMAIL, H as setExperiment, I as mapPackageEcosystemToPackageManager, K as DEPENDABOT_DEFAULT_AUTHOR_NAME, L as mapSecurityAdvisories, M as mapCredentials, N as mapExperiments, O as DependabotUpdateDependencyListSchema, P as mapGroupsFromDependabotConfigToJobConfig, R as mapSourceFromDependabotConfigToJobConfig, S as DependabotRecordCooldownMetaSchema, T as DependabotRecordUpdateJobErrorSchema, U as getBranchNameForUpdate, V as parseExperiments, W as sanitizeRef, _ as DependabotEcosystemVersionManagerSchema, a as getPullRequestDescription, b as DependabotMarkAsProcessedSchema, c as DependabotRequestSchema, d as DependabotClosePullRequestReasonEnum, f as DependabotClosePullRequestSchema, g as DependabotEcosystemMetaSchema, h as DependabotDependencySubmissionSchema, i as getPullRequestDependencies, j as mapAllowedUpdatesFromDependabotConfigToJobConfig, k as DependabotUpdatePullRequestSchema, l as DependabotRequestTypeSchema, m as DependabotDependencyFileSchema, n as getDependencyNames, o as normalizeBranchName, p as DependabotCreatePullRequestSchema, r as getPullRequestCloseReason, s as normalizeFilePath, t as areEqual, u as createApiServerApp, v as DependabotIncrementMetricSchema, w as DependabotRecordEcosystemVersionsSchema, x as DependabotMetricSchema, y as DependabotJobErrorSchema, z as mapVersionStrategyToRequirementsUpdateStrategy } from "../dependabot-DAdoJJp4.mjs";
+import { A as DependabotCommitMessageSchema, B as VersioningStrategySchema, C as DependabotSourceProviderSchema, D as CONFIG_FILE_PATHS_AZURE, E as CONFIG_FILE_NAMES, F as DependabotMultiEcosystemGroupSchema, G as convertPlaceholder, H as parseRegistries, I as DependabotRegistrySchema, K as extractPlaceholder, L as DependabotScheduleSchema, M as DependabotCooldownSchema, N as DependabotGroupSchema, O as CONFIG_FILE_PATHS_GITHUB, P as DependabotIgnoreConditionSchema, R as DependabotUpdateSchema, S as DependabotSecurityAdvisorySchema, T as BETA_ECOSYSTEMS, U as parseUpdates, V as parseDependabotConfig, W as validateConfiguration, _ as DependabotPackageManagerSchema, a as DependabotCommitOptionsSchema, b as DependabotRequirementSchema, c as DependabotDependencySchema, d as DependabotExistingPrSchema, f as DependabotExperimentsSchema, g as DependabotJobFileSchema, h as DependabotJobConfigSchema, i as DependabotCommandSchema, j as DependabotConfigSchema, k as DependabotAllowConditionSchema, l as DependabotExistingGroupPrSchema, m as DependabotGroupRuleJobSchema, n as DEPENDABOT_COMMANDS, o as DependabotConditionSchema, p as DependabotGroupJobSchema, q as makeDirectoryKey, r as DependabotAllowedSchema, s as DependabotCredentialSchema, t as CertificateAuthoritySchema, u as DependabotExistingPrDependencySchema, v as DependabotPersistedPrSchema, w as DependabotSourceSchema, x as DependabotRequirementSourceSchema, y as DependabotProxyConfigSchema, z as PackageEcosystemSchema } from "../job-Bb9WiMwE.mjs";
+import { A as DependabotUpdatePullRequestSchema, B as mapVersionStrategyToRequirementsUpdateStrategy, C as DependabotRecordCooldownMetaSchema, D as DependabotRecordUpdateJobUnknownErrorSchema, E as DependabotRecordUpdateJobErrorSchema, F as mapGroupsFromDependabotConfigToJobConfig, G as sanitizeRef, H as parseExperiments, I as mapIgnoreConditionsFromDependabotConfigToJobConfig, K as DEPENDABOT_DEFAULT_AUTHOR_EMAIL, L as mapPackageEcosystemToPackageManager, M as mapAllowedUpdatesFromDependabotConfigToJobConfig, N as mapCredentials, O as DependabotRecordUpdateJobWarningSchema, P as mapExperiments, R as mapSecurityAdvisories, S as DependabotMetricSchema, T as DependabotRecordEcosystemVersionsSchema, U as setExperiment, V as DEFAULT_EXPERIMENTS, W as getBranchNameForUpdate, _ as DependabotEcosystemMetaSchema, a as getPullRequestDescription, b as DependabotJobErrorSchema, c as shouldSupersede, d as createApiServerApp, f as DependabotClosePullRequestReasonEnum, g as DependabotDependencySubmissionSchema, h as DependabotDependencyFileSchema, i as getPullRequestCloseReason, j as DependabotJobBuilder, k as DependabotUpdateDependencyListSchema, l as DependabotRequestSchema, m as DependabotCreatePullRequestSchema, n as getDependencyNames, o as normalizeBranchName, p as DependabotClosePullRequestSchema, q as DEPENDABOT_DEFAULT_AUTHOR_NAME, r as getPersistedPr, s as normalizeFilePath, t as areEqual, u as DependabotRequestTypeSchema, v as DependabotEcosystemVersionManagerSchema, w as DependabotRecordEcosystemMetaSchema, x as DependabotMarkAsProcessedSchema, y as DependabotIncrementMetricSchema, z as mapSourceFromDependabotConfigToJobConfig } from "../utils-BVmUgc0p.mjs";
-export { BETA_ECOSYSTEMS, CONFIG_FILE_NAMES, CONFIG_FILE_PATHS_AZURE, CONFIG_FILE_PATHS_GITHUB, CertificateAuthoritySchema, DEFAULT_EXPERIMENTS, DEPENDABOT_COMMANDS, DEPENDABOT_DEFAULT_AUTHOR_EMAIL, DEPENDABOT_DEFAULT_AUTHOR_NAME, DependabotAllowConditionSchema, DependabotAllowedSchema, DependabotClosePullRequestReasonEnum, DependabotClosePullRequestSchema, DependabotCommandSchema, DependabotCommitMessageSchema, DependabotCommitOptionsSchema, DependabotConditionSchema, DependabotConfigSchema, DependabotCooldownSchema, DependabotCreatePullRequestSchema, DependabotCredentialSchema, DependabotDependencyFileSchema, DependabotDependencySchema, DependabotDependencySubmissionSchema, DependabotEcosystemMetaSchema, DependabotEcosystemVersionManagerSchema, DependabotExistingGroupPRSchema, DependabotExistingPRSchema, DependabotExperimentsSchema, DependabotGroupJobSchema, DependabotGroupRuleJobSchema, DependabotGroupSchema, DependabotIgnoreConditionSchema, DependabotIncrementMetricSchema, DependabotJobBuilder, DependabotJobConfigSchema, DependabotJobErrorSchema, DependabotJobFileSchema, DependabotMarkAsProcessedSchema, DependabotMetricSchema, DependabotMultiEcosystemGroupSchema, DependabotPackageManagerSchema, DependabotPersistedPrSchema, DependabotProxyConfigSchema, DependabotRecordCooldownMetaSchema, DependabotRecordEcosystemMetaSchema, DependabotRecordEcosystemVersionsSchema, DependabotRecordUpdateJobErrorSchema, DependabotRecordUpdateJobUnknownErrorSchema, DependabotRecordUpdateJobWarningSchema, DependabotRegistrySchema, DependabotRequestSchema, DependabotRequestTypeSchema, DependabotRequirementSchema, DependabotRequirementSourceSchema, DependabotScheduleSchema, DependabotSecurityAdvisorySchema, DependabotSourceProviderSchema, DependabotSourceSchema, DependabotUpdateDependencyListSchema, DependabotUpdatePullRequestSchema, DependabotUpdateSchema, PackageEcosystemSchema, VersioningStrategySchema, areEqual, convertPlaceholder, createApiServerApp, extractPlaceholder, getBranchNameForUpdate, getDependencyNames, getPullRequestCloseReason, getPullRequestDependencies, getPullRequestDescription, makeDirectoryKey, mapAllowedUpdatesFromDependabotConfigToJobConfig, mapCredentials, mapExperiments, mapGroupsFromDependabotConfigToJobConfig, mapIgnoreConditionsFromDependabotConfigToJobConfig, mapPackageEcosystemToPackageManager, mapSecurityAdvisories, mapSourceFromDependabotConfigToJobConfig, mapVersionStrategyToRequirementsUpdateStrategy, normalizeBranchName, normalizeFilePath, parseDependabotConfig, parseExperiments, parseRegistries, parseUpdates, sanitizeRef, setExperiment, validateConfiguration };
+export { BETA_ECOSYSTEMS, CONFIG_FILE_NAMES, CONFIG_FILE_PATHS_AZURE, CONFIG_FILE_PATHS_GITHUB, CertificateAuthoritySchema, DEFAULT_EXPERIMENTS, DEPENDABOT_COMMANDS, DEPENDABOT_DEFAULT_AUTHOR_EMAIL, DEPENDABOT_DEFAULT_AUTHOR_NAME, DependabotAllowConditionSchema, DependabotAllowedSchema, DependabotClosePullRequestReasonEnum, DependabotClosePullRequestSchema, DependabotCommandSchema, DependabotCommitMessageSchema, DependabotCommitOptionsSchema, DependabotConditionSchema, DependabotConfigSchema, DependabotCooldownSchema, DependabotCreatePullRequestSchema, DependabotCredentialSchema, DependabotDependencyFileSchema, DependabotDependencySchema, DependabotDependencySubmissionSchema, DependabotEcosystemMetaSchema, DependabotEcosystemVersionManagerSchema, DependabotExistingGroupPrSchema, DependabotExistingPrDependencySchema, DependabotExistingPrSchema, DependabotExperimentsSchema, DependabotGroupJobSchema, DependabotGroupRuleJobSchema, DependabotGroupSchema, DependabotIgnoreConditionSchema, DependabotIncrementMetricSchema, DependabotJobBuilder, DependabotJobConfigSchema, DependabotJobErrorSchema, DependabotJobFileSchema, DependabotMarkAsProcessedSchema, DependabotMetricSchema, DependabotMultiEcosystemGroupSchema, DependabotPackageManagerSchema, DependabotPersistedPrSchema, DependabotProxyConfigSchema, DependabotRecordCooldownMetaSchema, DependabotRecordEcosystemMetaSchema, DependabotRecordEcosystemVersionsSchema, DependabotRecordUpdateJobErrorSchema, DependabotRecordUpdateJobUnknownErrorSchema, DependabotRecordUpdateJobWarningSchema, DependabotRegistrySchema, DependabotRequestSchema, DependabotRequestTypeSchema, DependabotRequirementSchema, DependabotRequirementSourceSchema, DependabotScheduleSchema, DependabotSecurityAdvisorySchema, DependabotSourceProviderSchema, DependabotSourceSchema, DependabotUpdateDependencyListSchema, DependabotUpdatePullRequestSchema, DependabotUpdateSchema, PackageEcosystemSchema, VersioningStrategySchema, areEqual, convertPlaceholder, createApiServerApp, extractPlaceholder, getBranchNameForUpdate, getDependencyNames, getPersistedPr, getPullRequestCloseReason, getPullRequestDescription, makeDirectoryKey, mapAllowedUpdatesFromDependabotConfigToJobConfig, mapCredentials, mapExperiments, mapGroupsFromDependabotConfigToJobConfig, mapIgnoreConditionsFromDependabotConfigToJobConfig, mapPackageEcosystemToPackageManager, mapSecurityAdvisories, mapSourceFromDependabotConfigToJobConfig, mapVersionStrategyToRequirementsUpdateStrategy, normalizeBranchName, normalizeFilePath, parseDependabotConfig, parseExperiments, parseRegistries, parseUpdates, sanitizeRef, setExperiment, shouldSupersede, validateConfiguration };

package/dist/{index-BfwWezjJ.d.mts → ghsa-CqXOLQSp.d.mts} RENAMED Viewed

@@ -2,7 +2,6 @@ import { z } from "zod";
 import { Octokit } from "octokit";
 //#region src/github/client.d.ts
 /**
  * Creates an authenticated GitHub API client using Octokit.
  *
@@ -166,4 +165,4 @@ declare class GitHubSecurityAdvisoryClient {
 declare function filterVulnerabilities(securityVulnerabilities: SecurityVulnerability[]): SecurityVulnerability[];
 //#endregion
 export { createGitHubClient as _, PackageEcosystemSchema as a, SecurityAdvisoryIdentifierSchema as c, SecurityAdvisorySeverity as d, SecurityAdvisorySeveritySchema as f, getGhsaPackageEcosystemFromDependabotPackageManager as g, filterVulnerabilities as h, PackageEcosystem as i, SecurityAdvisoryIdentifierType as l, SecurityVulnerabilitySchema as m, GitHubSecurityAdvisoryClient as n, PackageSchema as o, SecurityVulnerability as p, Package as r, SecurityAdvisory as s, FirstPatchedVersion as t, SecurityAdvisorySchema as u };
-//# sourceMappingURL=index-BfwWezjJ.d.mts.map
+//# sourceMappingURL=ghsa-CqXOLQSp.d.mts.map

package/dist/github/index.d.mts CHANGED Viewed

@@ -1,2 +1,2 @@
-import { _ as createGitHubClient, a as PackageEcosystemSchema, c as SecurityAdvisoryIdentifierSchema, d as SecurityAdvisorySeverity, f as SecurityAdvisorySeveritySchema, g as getGhsaPackageEcosystemFromDependabotPackageManager, h as filterVulnerabilities, i as PackageEcosystem, l as SecurityAdvisoryIdentifierType, m as SecurityVulnerabilitySchema, n as GitHubSecurityAdvisoryClient, o as PackageSchema, p as SecurityVulnerability, r as Package, s as SecurityAdvisory, t as FirstPatchedVersion, u as SecurityAdvisorySchema } from "../index-BfwWezjJ.mjs";
+import { _ as createGitHubClient, a as PackageEcosystemSchema, c as SecurityAdvisoryIdentifierSchema, d as SecurityAdvisorySeverity, f as SecurityAdvisorySeveritySchema, g as getGhsaPackageEcosystemFromDependabotPackageManager, h as filterVulnerabilities, i as PackageEcosystem, l as SecurityAdvisoryIdentifierType, m as SecurityVulnerabilitySchema, n as GitHubSecurityAdvisoryClient, o as PackageSchema, p as SecurityVulnerability, r as Package, s as SecurityAdvisory, t as FirstPatchedVersion, u as SecurityAdvisorySchema } from "../ghsa-CqXOLQSp.mjs";
 export { FirstPatchedVersion, GitHubSecurityAdvisoryClient, Package, PackageEcosystem, PackageEcosystemSchema, PackageSchema, SecurityAdvisory, SecurityAdvisoryIdentifierSchema, SecurityAdvisoryIdentifierType, SecurityAdvisorySchema, SecurityAdvisorySeverity, SecurityAdvisorySeveritySchema, SecurityVulnerability, SecurityVulnerabilitySchema, createGitHubClient, filterVulnerabilities, getGhsaPackageEcosystemFromDependabotPackageManager };

package/dist/github/index.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { n as logger } from "../logger-3Qfh9NUj.mjs";
+import { logger } from "../logger.mjs";
 import { z } from "zod";
 import { Octokit } from "octokit";
 import * as semver from "semver";
@@ -223,7 +223,7 @@ function filterVulnerabilities(securityVulnerabilities) {
 	return securityVulnerabilities.filter((v) => !v.advisory.withdrawnAt).filter((v) => {
 		const pkg = v.package;
 		if (!pkg || !pkg.version || !v.vulnerableVersionRange) return false;
-		return v.vulnerableVersionRange.split(",").map((v$1) => v$1.trim()).every((r) => pkg.version && semver.satisfies(pkg.version, r));
+		return v.vulnerableVersionRange.split(",").map((v) => v.trim()).every((r) => pkg.version && semver.satisfies(pkg.version, r));
 	});
 }

package/dist/github/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.mjs","names":["v"],"sources":["../../src/github/client.ts","../../src/github/ghsa.ts"],"sourcesContent":["import { Octokit } from 'octokit';\n\n/*\n Creates an authenticated GitHub API client using Octokit.\n \n @param token - GitHub personal access token or fine-grained token with appropriate permissions\n * @returns Configured Octokit instance ready for API calls\n /\nexport function createGitHubClient({ token }: { token: string }): Octokit {\n return new Octokit({\n auth: token,\n // could add retry here perhaps?\n });\n}\n","import type { Octokit } from 'octokit';\nimport as semver from 'semver';\nimport { z } from 'zod';\n\nimport { logger } from '@/logger';\nimport { createGitHubClient } from './client';\n\n// we use nullish() because it does optional() and allows the value to be set to null\n\nconst GHSA_SECURITY_VULNERABILITIES_QUERY = `\n query($ecosystem: SecurityAdvisoryEcosystem, $package: String) {\n securityVulnerabilities(first: 100, ecosystem: $ecosystem, package: $package) {\n nodes {\n advisory {\n identifiers {\n type,\n value\n },\n severity,\n summary,\n description,\n references {\n url\n }\n cvssSeverities {\n cvssV3 {\n score\n vectorString\n }\n cvssV4 {\n score\n vectorString\n }\n }\n epss {\n percentage\n percentile\n }\n cwes (first: 100) {\n nodes {\n cweId\n name\n description\n }\n }\n publishedAt\n updatedAt\n withdrawnAt\n permalink\n }\n vulnerableVersionRange\n firstPatchedVersion {\n identifier\n }\n }\n }\n }\n`;\n\nexport const PackageEcosystemSchema = z.enum([\n // https://docs.github.com/en/enterprise-cloud@latest/graphql/reference/enums#securityadvisoryecosystem\n 'COMPOSER',\n 'ERLANG',\n 'GO',\n 'ACTIONS',\n 'MAVEN',\n 'NPM',\n 'NUGET',\n 'PIP',\n 'PUB',\n 'RUBYGEMS',\n 'RUST',\n 'SWIFT',\n]);\nexport type PackageEcosystem = z.infer<typeof PackageEcosystemSchema>;\n\nexport const PackageSchema = z.object({\n name: z.string(),\n version: z.string().nullish(),\n});\nexport type Package = z.infer<typeof PackageSchema>;\n\nexport const SecurityAdvisoryIdentifierSchema = z.enum(['CVE', 'GHSA']);\nexport type SecurityAdvisoryIdentifierType = z.infer<typeof SecurityAdvisoryIdentifierSchema>;\n\nexport const SecurityAdvisorySeveritySchema = z.enum(['LOW', 'MODERATE', 'HIGH', 'CRITICAL']);\nexport type SecurityAdvisorySeverity = z.infer<typeof SecurityAdvisorySeveritySchema>;\n\nconst CweSchema = z.object({\n cweId: z.string(),\n name: z.string(),\n description: z.string(),\n});\n\nconst CvssSchema = z.object({\n score: z.number(),\n vectorString: z.string().nullish(),\n});\ntype Cvss = z.infer<typeof CvssSchema>;\n\nexport const SecurityAdvisorySchema = z.object({\n identifiers: z\n .object({\n type: z.union([SecurityAdvisoryIdentifierSchema, z.string()]),\n value: z.string(),\n })\n .array(),\n severity: SecurityAdvisorySeveritySchema.nullish(),\n summary: z.string(),\n description: z.string().nullish(),\n references: z.object({ url: z.string() }).array().nullish(),\n cvss: CvssSchema.nullish(),\n epss: z\n .object({\n percentage: z.number().nullish(),\n percentile: z.number().nullish(),\n })\n .nullish(),\n cwes: CweSchema.array().nullish(),\n publishedAt: z.string().nullish(),\n updatedAt: z.string().nullish(),\n withdrawnAt: z.string().nullish(),\n permalink: z.string().nullish(),\n});\nexport type SecurityAdvisory = z.infer<typeof SecurityAdvisorySchema>;\n\nconst FirstPatchedVersionSchema = z.object({ identifier: z.string() });\nexport type FirstPatchedVersion = z.infer<typeof FirstPatchedVersionSchema>;\n\nexport const SecurityVulnerabilitySchema = z.object({\n package: PackageSchema,\n advisory: SecurityAdvisorySchema,\n vulnerableVersionRange: z.string(),\n firstPatchedVersion: FirstPatchedVersionSchema.nullish(),\n});\nexport type SecurityVulnerability = z.infer<typeof SecurityVulnerabilitySchema>;\n\nconst CvssSeveritiesSchema = z.object({\n cvssV3: CvssSchema.nullish(),\n cvssV4: CvssSchema.nullish(),\n});\ntype CvssSeverities = z.infer<typeof CvssSeveritiesSchema>;\n\nconst GitHubSecurityVulnerabilitiesResponseSchema = z.object({\n securityVulnerabilities: z.object({\n nodes: z\n .object({\n advisory: SecurityAdvisorySchema.omit({ cvss: true /* incoming is cvssSeverities / }).extend({\n cvssSeverities: CvssSeveritiesSchema,\n cwes: z.object({ nodes: CweSchema.array() }).nullish(),\n }),\n firstPatchedVersion: FirstPatchedVersionSchema.nullish(),\n vulnerableVersionRange: z.string(),\n })\n .array(),\n }),\n});\ntype GitHubSecurityVulnerabilitiesResponse = z.infer<typeof GitHubSecurityVulnerabilitiesResponseSchema>;\n\nexport function getGhsaPackageEcosystemFromDependabotPackageManager(\n dependabotPackageManager: string,\n): PackageEcosystem {\n switch (dependabotPackageManager) {\n case 'composer':\n return 'COMPOSER';\n case 'elm':\n return 'ERLANG';\n case 'github_actions':\n return 'ACTIONS';\n case 'go_modules':\n return 'GO';\n case 'maven':\n return 'MAVEN';\n case 'npm_and_yarn':\n return 'NPM';\n case 'nuget':\n return 'NUGET';\n case 'pip':\n return 'PIP';\n case 'pub':\n return 'PUB';\n case 'bundler':\n return 'RUBYGEMS';\n case 'cargo':\n return 'RUST';\n case 'swift':\n return 'SWIFT';\n default:\n throw new Error(`Unknown dependabot package manager: ${dependabotPackageManager}`);\n }\n}\n\n/\n GitHub Security Advisory client\n /\nexport class GitHubSecurityAdvisoryClient {\n private readonly octokit: Octokit;\n\n /\n @param token GitHub personal access token with access to the GHSA API\n /\n constructor(token: string) {\n this.octokit = createGitHubClient({ token });\n }\n\n /\n Get the list of security vulnerabilities for a given package ecosystem and list of packages\n * @param packageEcosystem\n * @param packages\n /\n public async getSecurityVulnerabilitiesAsync(\n packageEcosystem: PackageEcosystem,\n packages: Package[],\n ): Promise<SecurityVulnerability[]> {\n // GitHub API doesn't support querying multiple package at once, so we need to make a request for each package individually.\n // To speed up the process, we can make the requests in parallel, 100 at a time. We batch the requests to avoid hitting the rate limit too quickly.\n // https://docs.github.com/en/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api\n const securityVulnerabilities = await this.batchGraphQueryAsync<Package, SecurityVulnerability>(\n 100,\n packages,\n async (pkg) => {\n const variables = {\n ecosystem: packageEcosystem,\n package: pkg.name,\n };\n\n function pickCvss(value: CvssSeverities): Cvss \| undefined {\n // Pick the one with a non-zero score\n if (value.cvssV4 && value.cvssV4.score > 0) return value.cvssV4;\n if (value.cvssV3 && value.cvssV3.score > 0) return value.cvssV3;\n }\n\n try {\n const response = await this.octokit.graphql<GitHubSecurityVulnerabilitiesResponse>(\n GHSA_SECURITY_VULNERABILITIES_QUERY,\n variables,\n );\n const parsed = GitHubSecurityVulnerabilitiesResponseSchema.parse(response);\n const vulnerabilities = parsed.securityVulnerabilities.nodes;\n return (\n vulnerabilities\n ?.filter((v) => v.advisory != null)\n ?.map(\n (v) =>\n ({\n ...v,\n package: pkg,\n advisory: {\n ...v.advisory,\n cwes: v.advisory.cwes?.nodes,\n cvss: pickCvss(v.advisory.cvssSeverities),\n },\n }) satisfies SecurityVulnerability,\n ) \|\| []\n );\n } catch (error) {\n logger.warn(`GHSA GraphQL request failed for package ${pkg.name}: ${error}. Continuing with other packages.`);\n return [];\n }\n },\n );\n\n return securityVulnerabilities;\n }\n\n /\n Batch requests in parallel to speed up the process when we are forced to do a N+1 query\n * @param batchSize\n * @param items\n * @param action\n * @returns\n /\n private async batchGraphQueryAsync<T1, T2>(batchSize: number, items: T1[], action: (item: T1) => Promise<T2[]>) {\n const results: T2[] = [];\n for (let i = 0; i < items.length; i += batchSize) {\n const batch = items.slice(i, i + batchSize);\n if (batch?.length) {\n try {\n const batchResults = await Promise.all(batch.map(action));\n if (batchResults?.length) {\n results.push(...batchResults.flat());\n }\n } catch (error) {\n logger.warn(`Request batch [${i}-${i + batchSize}] failed; The data may be incomplete. ${error}`);\n }\n }\n }\n return results;\n }\n}\n\nexport function filterVulnerabilities(securityVulnerabilities: SecurityVulnerability[]): SecurityVulnerability[] {\n // Filter out vulnerabilities that have been withdrawn or that are not relevant the current version of the package\n const affectedVulnerabilities = securityVulnerabilities\n .filter((v) => !v.advisory.withdrawnAt)\n .filter((v) => {\n const pkg = v.package;\n if (!pkg \|\| !pkg.version \|\| !v.vulnerableVersionRange) {\n return false;\n }\n\n /\n The vulnerable version range follows a basic syntax with a few forms:\n * `= 0.2.0` denotes a single vulnerable version\n * `<= 1.0.8` denotes a version range up to and including the specified version\n * `< 0.1.11` denotes a version range up to, but excluding, the specified version\n * `>= 4.3.0, < 4.3.5` denotes a version range with a known minimum and maximum version\n * `>= 0.0.1` denotes a version range with a known minimum, but no known maximum\n */\n const versionRangeRequirements = v.vulnerableVersionRange.split(',').map((v) => v.trim());\n return versionRangeRequirements.every((r) => pkg.version && semver.satisfies(pkg.version, r));\n });\n return affectedVulnerabilities;\n}\n"],"mappings":";;;;;;;;;;;;AAQA,SAAgB,mBAAmB,EAAE,SAAqC;AACxE,QAAO,IAAI,QAAQ,EACjB,MAAM,OAEP,CAAC;;;;;ACHJ,MAAM,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkD5C,MAAa,yBAAyB,EAAE,KAAK;CAE3C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,gBAAgB,EAAE,OAAO;CACpC,MAAM,EAAE,QAAQ;CAChB,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC9B,CAAC;AAGF,MAAa,mCAAmC,EAAE,KAAK,CAAC,OAAO,OAAO,CAAC;AAGvE,MAAa,iCAAiC,EAAE,KAAK;CAAC;CAAO;CAAY;CAAQ;CAAW,CAAC;AAG7F,MAAM,YAAY,EAAE,OAAO;CACzB,OAAO,EAAE,QAAQ;CACjB,MAAM,EAAE,QAAQ;CAChB,aAAa,EAAE,QAAQ;CACxB,CAAC;AAEF,MAAM,aAAa,EAAE,OAAO;CAC1B,OAAO,EAAE,QAAQ;CACjB,cAAc,EAAE,QAAQ,CAAC,SAAS;CACnC,CAAC;AAGF,MAAa,yBAAyB,EAAE,OAAO;CAC7C,aAAa,EACV,OAAO;EACN,MAAM,EAAE,MAAM,CAAC,kCAAkC,EAAE,QAAQ,CAAC,CAAC;EAC7D,OAAO,EAAE,QAAQ;EAClB,CAAC,CACD,OAAO;CACV,UAAU,+BAA+B,SAAS;CAClD,SAAS,EAAE,QAAQ;CACnB,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS;CAC3D,MAAM,WAAW,SAAS;CAC1B,MAAM,EACH,OAAO;EACN,YAAY,EAAE,QAAQ,CAAC,SAAS;EAChC,YAAY,EAAE,QAAQ,CAAC,SAAS;EACjC,CAAC,CACD,SAAS;CACZ,MAAM,UAAU,OAAO,CAAC,SAAS;CACjC,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,WAAW,EAAE,QAAQ,CAAC,SAAS;CAChC,CAAC;AAGF,MAAM,4BAA4B,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;AAGtE,MAAa,8BAA8B,EAAE,OAAO;CAClD,SAAS;CACT,UAAU;CACV,wBAAwB,EAAE,QAAQ;CAClC,qBAAqB,0BAA0B,SAAS;CACzD,CAAC;AAGF,MAAM,uBAAuB,EAAE,OAAO;CACpC,QAAQ,WAAW,SAAS;CAC5B,QAAQ,WAAW,SAAS;CAC7B,CAAC;AAGF,MAAM,8CAA8C,EAAE,OAAO,EAC3D,yBAAyB,EAAE,OAAO,EAChC,OAAO,EACJ,OAAO;CACN,UAAU,uBAAuB,KAAK,EAAE,MAAM,MAAuC,CAAC,CAAC,OAAO;EAC5F,gBAAgB;EAChB,MAAM,EAAE,OAAO,EAAE,OAAO,UAAU,OAAO,EAAE,CAAC,CAAC,SAAS;EACvD,CAAC;CACF,qBAAqB,0BAA0B,SAAS;CACxD,wBAAwB,EAAE,QAAQ;CACnC,CAAC,CACD,OAAO,EACX,CAAC,EACH,CAAC;AAGF,SAAgB,oDACd,0BACkB;AAClB,SAAQ,0BAAR;EACE,KAAK,WACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,iBACH,QAAO;EACT,KAAK,aACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,eACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,UACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,QACE,OAAM,IAAI,MAAM,uCAAuC,2BAA2B;;;;;;AAOxF,IAAa,+BAAb,MAA0C;CACxC,AAAiB;;;;CAKjB,YAAY,OAAe;AACzB,OAAK,UAAU,mBAAmB,EAAE,OAAO,CAAC;;;;;;;CAQ9C,MAAa,gCACX,kBACA,UACkC;AAiDlC,SA7CgC,MAAM,KAAK,qBACzC,KACA,UACA,OAAO,QAAQ;GACb,MAAM,YAAY;IAChB,WAAW;IACX,SAAS,IAAI;IACd;GAED,SAAS,SAAS,OAAyC;AAEzD,QAAI,MAAM,UAAU,MAAM,OAAO,QAAQ,EAAG,QAAO,MAAM;AACzD,QAAI,MAAM,UAAU,MAAM,OAAO,QAAQ,EAAG,QAAO,MAAM;;AAG3D,OAAI;IACF,MAAM,WAAW,MAAM,KAAK,QAAQ,QAClC,qCACA,UACD;AAGD,WAFe,4CAA4C,MAAM,SAAS,CAC3C,wBAAwB,OAGjD,QAAQ,MAAM,EAAE,YAAY,KAAK,EACjC,KACC,OACE;KACC,GAAG;KACH,SAAS;KACT,UAAU;MACR,GAAG,EAAE;MACL,MAAM,EAAE,SAAS,MAAM;MACvB,MAAM,SAAS,EAAE,SAAS,eAAe;MAC1C;KACF,EACJ,IAAI,EAAE;YAEJ,OAAO;AACd,WAAO,KAAK,2CAA2C,IAAI,KAAK,IAAI,MAAM,mCAAmC;AAC7G,WAAO,EAAE;;IAGd;;;;;;;;;CAYH,MAAc,qBAA6B,WAAmB,OAAa,QAAqC;EAC9G,MAAM,UAAgB,EAAE;AACxB,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,WAAW;GAChD,MAAM,QAAQ,MAAM,MAAM,GAAG,IAAI,UAAU;AAC3C,OAAI,OAAO,OACT,KAAI;IACF,MAAM,eAAe,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAO,CAAC;AACzD,QAAI,cAAc,OAChB,SAAQ,KAAK,GAAG,aAAa,MAAM,CAAC;YAE/B,OAAO;AACd,WAAO,KAAK,kBAAkB,EAAE,GAAG,IAAI,UAAU,wCAAwC,QAAQ;;;AAIvG,SAAO;;;AAIX,SAAgB,sBAAsB,yBAA2E;AAqB/G,QAnBgC,wBAC7B,QAAQ,MAAM,CAAC,EAAE,SAAS,YAAY,CACtC,QAAQ,MAAM;EACb,MAAM,MAAM,EAAE;AACd,MAAI,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,EAAE,uBAC7B,QAAO;AAYT,SADiC,EAAE,uBAAuB,MAAM,IAAI,CAAC,KAAK,QAAMA,IAAE,MAAM,CAAC,CACzD,OAAO,MAAM,IAAI,WAAW,OAAO,UAAU,IAAI,SAAS,EAAE,CAAC;GAC7F"}
1	+ {"version":3,"file":"index.mjs","names":[],"sources":["../../src/github/client.ts","../../src/github/ghsa.ts"],"sourcesContent":["import { Octokit } from 'octokit';\n\n/*\n Creates an authenticated GitHub API client using Octokit.\n \n @param token - GitHub personal access token or fine-grained token with appropriate permissions\n * @returns Configured Octokit instance ready for API calls\n /\nexport function createGitHubClient({ token }: { token: string }): Octokit {\n return new Octokit({\n auth: token,\n // could add retry here perhaps?\n });\n}\n","import type { Octokit } from 'octokit';\nimport as semver from 'semver';\nimport { z } from 'zod';\n\nimport { logger } from '@/logger';\nimport { createGitHubClient } from './client';\n\n// we use nullish() because it does optional() and allows the value to be set to null\n\nconst GHSA_SECURITY_VULNERABILITIES_QUERY = `\n query($ecosystem: SecurityAdvisoryEcosystem, $package: String) {\n securityVulnerabilities(first: 100, ecosystem: $ecosystem, package: $package) {\n nodes {\n advisory {\n identifiers {\n type,\n value\n },\n severity,\n summary,\n description,\n references {\n url\n }\n cvssSeverities {\n cvssV3 {\n score\n vectorString\n }\n cvssV4 {\n score\n vectorString\n }\n }\n epss {\n percentage\n percentile\n }\n cwes (first: 100) {\n nodes {\n cweId\n name\n description\n }\n }\n publishedAt\n updatedAt\n withdrawnAt\n permalink\n }\n vulnerableVersionRange\n firstPatchedVersion {\n identifier\n }\n }\n }\n }\n`;\n\nexport const PackageEcosystemSchema = z.enum([\n // https://docs.github.com/en/enterprise-cloud@latest/graphql/reference/enums#securityadvisoryecosystem\n 'COMPOSER',\n 'ERLANG',\n 'GO',\n 'ACTIONS',\n 'MAVEN',\n 'NPM',\n 'NUGET',\n 'PIP',\n 'PUB',\n 'RUBYGEMS',\n 'RUST',\n 'SWIFT',\n]);\nexport type PackageEcosystem = z.infer<typeof PackageEcosystemSchema>;\n\nexport const PackageSchema = z.object({\n name: z.string(),\n version: z.string().nullish(),\n});\nexport type Package = z.infer<typeof PackageSchema>;\n\nexport const SecurityAdvisoryIdentifierSchema = z.enum(['CVE', 'GHSA']);\nexport type SecurityAdvisoryIdentifierType = z.infer<typeof SecurityAdvisoryIdentifierSchema>;\n\nexport const SecurityAdvisorySeveritySchema = z.enum(['LOW', 'MODERATE', 'HIGH', 'CRITICAL']);\nexport type SecurityAdvisorySeverity = z.infer<typeof SecurityAdvisorySeveritySchema>;\n\nconst CweSchema = z.object({\n cweId: z.string(),\n name: z.string(),\n description: z.string(),\n});\n\nconst CvssSchema = z.object({\n score: z.number(),\n vectorString: z.string().nullish(),\n});\ntype Cvss = z.infer<typeof CvssSchema>;\n\nexport const SecurityAdvisorySchema = z.object({\n identifiers: z\n .object({\n type: z.union([SecurityAdvisoryIdentifierSchema, z.string()]),\n value: z.string(),\n })\n .array(),\n severity: SecurityAdvisorySeveritySchema.nullish(),\n summary: z.string(),\n description: z.string().nullish(),\n references: z.object({ url: z.string() }).array().nullish(),\n cvss: CvssSchema.nullish(),\n epss: z\n .object({\n percentage: z.number().nullish(),\n percentile: z.number().nullish(),\n })\n .nullish(),\n cwes: CweSchema.array().nullish(),\n publishedAt: z.string().nullish(),\n updatedAt: z.string().nullish(),\n withdrawnAt: z.string().nullish(),\n permalink: z.string().nullish(),\n});\nexport type SecurityAdvisory = z.infer<typeof SecurityAdvisorySchema>;\n\nconst FirstPatchedVersionSchema = z.object({ identifier: z.string() });\nexport type FirstPatchedVersion = z.infer<typeof FirstPatchedVersionSchema>;\n\nexport const SecurityVulnerabilitySchema = z.object({\n package: PackageSchema,\n advisory: SecurityAdvisorySchema,\n vulnerableVersionRange: z.string(),\n firstPatchedVersion: FirstPatchedVersionSchema.nullish(),\n});\nexport type SecurityVulnerability = z.infer<typeof SecurityVulnerabilitySchema>;\n\nconst CvssSeveritiesSchema = z.object({\n cvssV3: CvssSchema.nullish(),\n cvssV4: CvssSchema.nullish(),\n});\ntype CvssSeverities = z.infer<typeof CvssSeveritiesSchema>;\n\nconst GitHubSecurityVulnerabilitiesResponseSchema = z.object({\n securityVulnerabilities: z.object({\n nodes: z\n .object({\n advisory: SecurityAdvisorySchema.omit({ cvss: true /* incoming is cvssSeverities / }).extend({\n cvssSeverities: CvssSeveritiesSchema,\n cwes: z.object({ nodes: CweSchema.array() }).nullish(),\n }),\n firstPatchedVersion: FirstPatchedVersionSchema.nullish(),\n vulnerableVersionRange: z.string(),\n })\n .array(),\n }),\n});\ntype GitHubSecurityVulnerabilitiesResponse = z.infer<typeof GitHubSecurityVulnerabilitiesResponseSchema>;\n\nexport function getGhsaPackageEcosystemFromDependabotPackageManager(\n dependabotPackageManager: string,\n): PackageEcosystem {\n switch (dependabotPackageManager) {\n case 'composer':\n return 'COMPOSER';\n case 'elm':\n return 'ERLANG';\n case 'github_actions':\n return 'ACTIONS';\n case 'go_modules':\n return 'GO';\n case 'maven':\n return 'MAVEN';\n case 'npm_and_yarn':\n return 'NPM';\n case 'nuget':\n return 'NUGET';\n case 'pip':\n return 'PIP';\n case 'pub':\n return 'PUB';\n case 'bundler':\n return 'RUBYGEMS';\n case 'cargo':\n return 'RUST';\n case 'swift':\n return 'SWIFT';\n default:\n throw new Error(`Unknown dependabot package manager: ${dependabotPackageManager}`);\n }\n}\n\n/\n GitHub Security Advisory client\n /\nexport class GitHubSecurityAdvisoryClient {\n private readonly octokit: Octokit;\n\n /\n @param token GitHub personal access token with access to the GHSA API\n /\n constructor(token: string) {\n this.octokit = createGitHubClient({ token });\n }\n\n /\n Get the list of security vulnerabilities for a given package ecosystem and list of packages\n * @param packageEcosystem\n * @param packages\n /\n public async getSecurityVulnerabilitiesAsync(\n packageEcosystem: PackageEcosystem,\n packages: Package[],\n ): Promise<SecurityVulnerability[]> {\n // GitHub API doesn't support querying multiple package at once, so we need to make a request for each package individually.\n // To speed up the process, we can make the requests in parallel, 100 at a time. We batch the requests to avoid hitting the rate limit too quickly.\n // https://docs.github.com/en/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api\n const securityVulnerabilities = await this.batchGraphQueryAsync<Package, SecurityVulnerability>(\n 100,\n packages,\n async (pkg) => {\n const variables = {\n ecosystem: packageEcosystem,\n package: pkg.name,\n };\n\n function pickCvss(value: CvssSeverities): Cvss \| undefined {\n // Pick the one with a non-zero score\n if (value.cvssV4 && value.cvssV4.score > 0) return value.cvssV4;\n if (value.cvssV3 && value.cvssV3.score > 0) return value.cvssV3;\n }\n\n try {\n const response = await this.octokit.graphql<GitHubSecurityVulnerabilitiesResponse>(\n GHSA_SECURITY_VULNERABILITIES_QUERY,\n variables,\n );\n const parsed = GitHubSecurityVulnerabilitiesResponseSchema.parse(response);\n const vulnerabilities = parsed.securityVulnerabilities.nodes;\n return (\n vulnerabilities\n ?.filter((v) => v.advisory != null)\n ?.map(\n (v) =>\n ({\n ...v,\n package: pkg,\n advisory: {\n ...v.advisory,\n cwes: v.advisory.cwes?.nodes,\n cvss: pickCvss(v.advisory.cvssSeverities),\n },\n }) satisfies SecurityVulnerability,\n ) \|\| []\n );\n } catch (error) {\n logger.warn(`GHSA GraphQL request failed for package ${pkg.name}: ${error}. Continuing with other packages.`);\n return [];\n }\n },\n );\n\n return securityVulnerabilities;\n }\n\n /\n Batch requests in parallel to speed up the process when we are forced to do a N+1 query\n * @param batchSize\n * @param items\n * @param action\n * @returns\n /\n private async batchGraphQueryAsync<T1, T2>(batchSize: number, items: T1[], action: (item: T1) => Promise<T2[]>) {\n const results: T2[] = [];\n for (let i = 0; i < items.length; i += batchSize) {\n const batch = items.slice(i, i + batchSize);\n if (batch?.length) {\n try {\n const batchResults = await Promise.all(batch.map(action));\n if (batchResults?.length) {\n results.push(...batchResults.flat());\n }\n } catch (error) {\n logger.warn(`Request batch [${i}-${i + batchSize}] failed; The data may be incomplete. ${error}`);\n }\n }\n }\n return results;\n }\n}\n\nexport function filterVulnerabilities(securityVulnerabilities: SecurityVulnerability[]): SecurityVulnerability[] {\n // Filter out vulnerabilities that have been withdrawn or that are not relevant the current version of the package\n const affectedVulnerabilities = securityVulnerabilities\n .filter((v) => !v.advisory.withdrawnAt)\n .filter((v) => {\n const pkg = v.package;\n if (!pkg \|\| !pkg.version \|\| !v.vulnerableVersionRange) {\n return false;\n }\n\n /\n The vulnerable version range follows a basic syntax with a few forms:\n * `= 0.2.0` denotes a single vulnerable version\n * `<= 1.0.8` denotes a version range up to and including the specified version\n * `< 0.1.11` denotes a version range up to, but excluding, the specified version\n * `>= 4.3.0, < 4.3.5` denotes a version range with a known minimum and maximum version\n * `>= 0.0.1` denotes a version range with a known minimum, but no known maximum\n */\n const versionRangeRequirements = v.vulnerableVersionRange.split(',').map((v) => v.trim());\n return versionRangeRequirements.every((r) => pkg.version && semver.satisfies(pkg.version, r));\n });\n return affectedVulnerabilities;\n}\n"],"mappings":";;;;;;;;;;;;AAQA,SAAgB,mBAAmB,EAAE,SAAqC;AACxE,QAAO,IAAI,QAAQ,EACjB,MAAM,OAEP,CAAC;;;;;ACHJ,MAAM,sCAAsC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkD5C,MAAa,yBAAyB,EAAE,KAAK;CAE3C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,gBAAgB,EAAE,OAAO;CACpC,MAAM,EAAE,QAAQ;CAChB,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC9B,CAAC;AAGF,MAAa,mCAAmC,EAAE,KAAK,CAAC,OAAO,OAAO,CAAC;AAGvE,MAAa,iCAAiC,EAAE,KAAK;CAAC;CAAO;CAAY;CAAQ;CAAW,CAAC;AAG7F,MAAM,YAAY,EAAE,OAAO;CACzB,OAAO,EAAE,QAAQ;CACjB,MAAM,EAAE,QAAQ;CAChB,aAAa,EAAE,QAAQ;CACxB,CAAC;AAEF,MAAM,aAAa,EAAE,OAAO;CAC1B,OAAO,EAAE,QAAQ;CACjB,cAAc,EAAE,QAAQ,CAAC,SAAS;CACnC,CAAC;AAGF,MAAa,yBAAyB,EAAE,OAAO;CAC7C,aAAa,EACV,OAAO;EACN,MAAM,EAAE,MAAM,CAAC,kCAAkC,EAAE,QAAQ,CAAC,CAAC;EAC7D,OAAO,EAAE,QAAQ;EAClB,CAAC,CACD,OAAO;CACV,UAAU,+BAA+B,SAAS;CAClD,SAAS,EAAE,QAAQ;CACnB,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS;CAC3D,MAAM,WAAW,SAAS;CAC1B,MAAM,EACH,OAAO;EACN,YAAY,EAAE,QAAQ,CAAC,SAAS;EAChC,YAAY,EAAE,QAAQ,CAAC,SAAS;EACjC,CAAC,CACD,SAAS;CACZ,MAAM,UAAU,OAAO,CAAC,SAAS;CACjC,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,WAAW,EAAE,QAAQ,CAAC,SAAS;CAChC,CAAC;AAGF,MAAM,4BAA4B,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;AAGtE,MAAa,8BAA8B,EAAE,OAAO;CAClD,SAAS;CACT,UAAU;CACV,wBAAwB,EAAE,QAAQ;CAClC,qBAAqB,0BAA0B,SAAS;CACzD,CAAC;AAGF,MAAM,uBAAuB,EAAE,OAAO;CACpC,QAAQ,WAAW,SAAS;CAC5B,QAAQ,WAAW,SAAS;CAC7B,CAAC;AAGF,MAAM,8CAA8C,EAAE,OAAO,EAC3D,yBAAyB,EAAE,OAAO,EAChC,OAAO,EACJ,OAAO;CACN,UAAU,uBAAuB,KAAK,EAAE,MAAM,MAAuC,CAAC,CAAC,OAAO;EAC5F,gBAAgB;EAChB,MAAM,EAAE,OAAO,EAAE,OAAO,UAAU,OAAO,EAAE,CAAC,CAAC,SAAS;EACvD,CAAC;CACF,qBAAqB,0BAA0B,SAAS;CACxD,wBAAwB,EAAE,QAAQ;CACnC,CAAC,CACD,OAAO,EACX,CAAC,EACH,CAAC;AAGF,SAAgB,oDACd,0BACkB;AAClB,SAAQ,0BAAR;EACE,KAAK,WACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,iBACH,QAAO;EACT,KAAK,aACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,eACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,UACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,QACE,OAAM,IAAI,MAAM,uCAAuC,2BAA2B;;;;;;AAOxF,IAAa,+BAAb,MAA0C;CACxC,AAAiB;;;;CAKjB,YAAY,OAAe;AACzB,OAAK,UAAU,mBAAmB,EAAE,OAAO,CAAC;;;;;;;CAQ9C,MAAa,gCACX,kBACA,UACkC;AAiDlC,SA7CgC,MAAM,KAAK,qBACzC,KACA,UACA,OAAO,QAAQ;GACb,MAAM,YAAY;IAChB,WAAW;IACX,SAAS,IAAI;IACd;GAED,SAAS,SAAS,OAAyC;AAEzD,QAAI,MAAM,UAAU,MAAM,OAAO,QAAQ,EAAG,QAAO,MAAM;AACzD,QAAI,MAAM,UAAU,MAAM,OAAO,QAAQ,EAAG,QAAO,MAAM;;AAG3D,OAAI;IACF,MAAM,WAAW,MAAM,KAAK,QAAQ,QAClC,qCACA,UACD;AAGD,WAFe,4CAA4C,MAAM,SAAS,CAC3C,wBAAwB,OAGjD,QAAQ,MAAM,EAAE,YAAY,KAAK,EACjC,KACC,OACE;KACC,GAAG;KACH,SAAS;KACT,UAAU;MACR,GAAG,EAAE;MACL,MAAM,EAAE,SAAS,MAAM;MACvB,MAAM,SAAS,EAAE,SAAS,eAAe;MAC1C;KACF,EACJ,IAAI,EAAE;YAEJ,OAAO;AACd,WAAO,KAAK,2CAA2C,IAAI,KAAK,IAAI,MAAM,mCAAmC;AAC7G,WAAO,EAAE;;IAGd;;;;;;;;;CAYH,MAAc,qBAA6B,WAAmB,OAAa,QAAqC;EAC9G,MAAM,UAAgB,EAAE;AACxB,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,WAAW;GAChD,MAAM,QAAQ,MAAM,MAAM,GAAG,IAAI,UAAU;AAC3C,OAAI,OAAO,OACT,KAAI;IACF,MAAM,eAAe,MAAM,QAAQ,IAAI,MAAM,IAAI,OAAO,CAAC;AACzD,QAAI,cAAc,OAChB,SAAQ,KAAK,GAAG,aAAa,MAAM,CAAC;YAE/B,OAAO;AACd,WAAO,KAAK,kBAAkB,EAAE,GAAG,IAAI,UAAU,wCAAwC,QAAQ;;;AAIvG,SAAO;;;AAIX,SAAgB,sBAAsB,yBAA2E;AAqB/G,QAnBgC,wBAC7B,QAAQ,MAAM,CAAC,EAAE,SAAS,YAAY,CACtC,QAAQ,MAAM;EACb,MAAM,MAAM,EAAE;AACd,MAAI,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,EAAE,uBAC7B,QAAO;AAYT,SADiC,EAAE,uBAAuB,MAAM,IAAI,CAAC,KAAK,MAAM,EAAE,MAAM,CAAC,CACzD,OAAO,MAAM,IAAI,WAAW,OAAO,UAAU,IAAI,SAAS,EAAE,CAAC;GAC7F"}

package/dist/hono.d.mts CHANGED Viewed

@@ -1,7 +1,6 @@
 import { Hono } from "hono";
 //#region src/hono.d.ts
 /**
  * Converts a Hono app instance to a Next.js API route handler
  *

package/dist/{job-ClEevC5P.mjs → job-Bb9WiMwE.mjs} RENAMED Viewed

@@ -216,6 +216,7 @@ const PackageEcosystemSchema = z.enum([
 	"pip",
 	"pip-compile",
 	"pipenv",
+	"pre-commit",
 	"pnpm",
 	"poetry",
 	"pub",
@@ -273,7 +274,7 @@ const DependabotMultiEcosystemGroupSchema = z.object({
 	"commit-message": DependabotCommitMessageSchema.optional(),
 	"pull-request-branch-name": DependabotPullRequestBranchNameSchema.optional()
 });
-const BETA_ECOSYSTEMS = [];
+const BETA_ECOSYSTEMS = ["pre-commit"];
 /**
 * Represents the dependabot.yaml configuration file options.
 * See: https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-dependabotyml
@@ -412,15 +413,19 @@ const DependabotSourceSchema = z.object({
 	hostname: z.string().nullish(),
 	"api-endpoint": z.string().nullish()
 });
-const DependabotExistingPRSchema = z.object({
+const DependabotExistingPrDependencySchema = z.object({
 	"dependency-name": z.string(),
 	"dependency-version": z.string().nullish(),
 	directory: z.string().nullish(),
 	removed: z.boolean().nullish()
 });
-const DependabotExistingGroupPRSchema = z.object({
+const DependabotExistingPrSchema = z.object({
+	"pr-number": z.number(),
+	dependencies: DependabotExistingPrDependencySchema.array()
+});
+const DependabotExistingGroupPrSchema = DependabotExistingPrSchema.extend({
 	"dependency-group-name": z.string(),
-	dependencies: DependabotExistingPRSchema.array()
+	dependencies: DependabotExistingPrDependencySchema.array()
 });
 const DependabotAllowedSchema = z.object({
 	"dependency-name": z.string().nullish(),
@@ -505,12 +510,14 @@ const DependabotPackageManagerSchema = z.enum([
 	"helm",
 	"julia",
 	"bazel",
-	"opentofu"
+	"opentofu",
+	"pre_commit"
 ]);
 const DEPENDABOT_COMMANDS = [
-	"graph",
+	"update",
 	"version",
-	"recreate"
+	"recreate",
+	"graph"
 ];
 const DependabotCommandSchema = z.enum(DEPENDABOT_COMMANDS);
 const DependabotJobConfigSchema = z.object({
@@ -522,8 +529,8 @@ const DependabotJobConfigSchema = z.object({
 	"dependency-groups": DependabotGroupJobSchema.array().nullish(),
 	dependencies: z.string().array().nullable(),
 	"dependency-group-to-refresh": z.string().nullish(),
-	"existing-pull-requests": DependabotExistingPRSchema.array().array(),
-	"existing-group-pull-requests": DependabotExistingGroupPRSchema.array(),
+	"existing-pull-requests": DependabotExistingPrSchema.array(),
+	"existing-group-pull-requests": DependabotExistingGroupPrSchema.array(),
 	experiments: DependabotExperimentsSchema,
 	"ignore-conditions": DependabotConditionSchema.array(),
 	"lockfile-only": z.boolean(),
@@ -546,8 +553,8 @@ const DependabotJobConfigSchema = z.object({
 	"exclude-paths": z.string().array().optional()
 });
 const DependabotJobFileSchema = z.object({ job: DependabotJobConfigSchema });
-const DependabotPersistedPrSchema = DependabotExistingPRSchema.array().or(DependabotExistingGroupPRSchema);
+const DependabotPersistedPrSchema = DependabotExistingGroupPrSchema.omit({ "pr-number": true }).extend({ "dependency-group-name": z.string().nullish() });
 //#endregion
-export { DependabotConfigSchema as A, parseDependabotConfig as B, DependabotSourceSchema as C, CONFIG_FILE_PATHS_GITHUB as D, CONFIG_FILE_PATHS_AZURE as E, DependabotRegistrySchema as F, extractPlaceholder as G, parseUpdates as H, DependabotScheduleSchema as I, makeDirectoryKey as K, DependabotUpdateSchema as L, DependabotGroupSchema as M, DependabotIgnoreConditionSchema as N, DependabotAllowConditionSchema as O, DependabotMultiEcosystemGroupSchema as P, PackageEcosystemSchema as R, DependabotSourceProviderSchema as S, CONFIG_FILE_NAMES as T, validateConfiguration as U, parseRegistries as V, convertPlaceholder as W, DependabotPersistedPrSchema as _, DependabotCommitOptionsSchema as a, DependabotRequirementSourceSchema as b, DependabotDependencySchema as c, DependabotExperimentsSchema as d, DependabotGroupJobSchema as f, DependabotPackageManagerSchema as g, DependabotJobFileSchema as h, DependabotCommandSchema as i, DependabotCooldownSchema as j, DependabotCommitMessageSchema as k, DependabotExistingGroupPRSchema as l, DependabotJobConfigSchema as m, DEPENDABOT_COMMANDS as n, DependabotConditionSchema as o, DependabotGroupRuleJobSchema as p, DependabotAllowedSchema as r, DependabotCredentialSchema as s, CertificateAuthoritySchema as t, DependabotExistingPRSchema as u, DependabotProxyConfigSchema as v, BETA_ECOSYSTEMS as w, DependabotSecurityAdvisorySchema as x, DependabotRequirementSchema as y, VersioningStrategySchema as z };
-//# sourceMappingURL=job-ClEevC5P.mjs.map
+export { DependabotCommitMessageSchema as A, VersioningStrategySchema as B, DependabotSourceProviderSchema as C, CONFIG_FILE_PATHS_AZURE as D, CONFIG_FILE_NAMES as E, DependabotMultiEcosystemGroupSchema as F, convertPlaceholder as G, parseRegistries as H, DependabotRegistrySchema as I, extractPlaceholder as K, DependabotScheduleSchema as L, DependabotCooldownSchema as M, DependabotGroupSchema as N, CONFIG_FILE_PATHS_GITHUB as O, DependabotIgnoreConditionSchema as P, DependabotUpdateSchema as R, DependabotSecurityAdvisorySchema as S, BETA_ECOSYSTEMS as T, parseUpdates as U, parseDependabotConfig as V, validateConfiguration as W, DependabotPackageManagerSchema as _, DependabotCommitOptionsSchema as a, DependabotRequirementSchema as b, DependabotDependencySchema as c, DependabotExistingPrSchema as d, DependabotExperimentsSchema as f, DependabotJobFileSchema as g, DependabotJobConfigSchema as h, DependabotCommandSchema as i, DependabotConfigSchema as j, DependabotAllowConditionSchema as k, DependabotExistingGroupPrSchema as l, DependabotGroupRuleJobSchema as m, DEPENDABOT_COMMANDS as n, DependabotConditionSchema as o, DependabotGroupJobSchema as p, makeDirectoryKey as q, DependabotAllowedSchema as r, DependabotCredentialSchema as s, CertificateAuthoritySchema as t, DependabotExistingPrDependencySchema as u, DependabotPersistedPrSchema as v, DependabotSourceSchema as w, DependabotRequirementSourceSchema as x, DependabotProxyConfigSchema as y, PackageEcosystemSchema as z };
+//# sourceMappingURL=job-Bb9WiMwE.mjs.map

package/dist/job-Bb9WiMwE.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"job-Bb9WiMwE.mjs","names":[],"sources":["../src/dependabot/directory-key.ts","../src/dependabot/placeholder.ts","../src/dependabot/config.ts","../src/dependabot/job.ts"],"sourcesContent":["/**\n * Options for creating a directory key that supports both naming conventions:\n * - `ecosystem` (standard format)\n * - `package-ecosystem` (alternative format for compatibility)\n *\n * Either a single `directory` or multiple `directories` can be specified.\n */\ntype MakeDirectoryKeyOptions =\n | {\n /** The package ecosystem (e.g., 'npm', 'pip', 'bundler') */\n ecosystem: string;\n /** Single directory path (optional if directories is provided) */\n directory?: string | null;\n /** Multiple directory paths (optional if directory is provided) */\n directories?: string[];\n }\n | {\n /** The package ecosystem using alternative naming convention */\n 'package-ecosystem': string;\n /** Single directory path (optional if directories is provided) */\n directory?: string | null;\n /** Multiple directory paths (optional if directory is provided) */\n directories?: string[];\n };\n\n/**\n * Creates a unique directory key by combining the ecosystem and directory information.\n *\n * The key format is: `{ecosystem}::{directory_info}`\n * - For single directory: `npm::/src/frontend`\n * - For multiple directories: `npm::/src/frontend,/src/backend`\n *\n * @param options - Configuration object containing ecosystem and directory information\n * @returns A unique string key in the format `{ecosystem}::{directories}`\n *\n * @example\n * ```typescript\n * // Single directory\n * const key1 = makeDirectoryKey({ ecosystem: 'npm', directory: '/src' });\n * // Returns: \"npm::/src\"\n *\n * // Multiple directories\n * const key2 = makeDirectoryKey({\n * ecosystem: 'pip',\n * directories: ['/backend', '/scripts']\n * });\n * // Returns: \"pip::/backend,/scripts\"\n *\n * // Using alternative naming convention\n * const key3 = makeDirectoryKey({\n * 'package-ecosystem': 'bundler',\n * directory: '/app'\n * });\n * // Returns: \"bundler::/app\"\n * ```\n */\nexport function makeDirectoryKey(options: MakeDirectoryKeyOptions): string {\n // Extract ecosystem name from either naming convention\n const ecosystem = 'ecosystem' in options ? options.ecosystem : options['package-ecosystem'];\n\n // Use single directory if provided, otherwise join multiple directories with comma\n const directoryPart = options.directory ?? options.directories!.join(',');\n\n return `${ecosystem}::${directoryPart}`;\n}\n","export type VariableFinderFn = (name: string) => string | undefined | Promise<string | undefined>;\n\nasync function convertPlaceholder({\n input,\n variableFinder,\n}: {\n input?: string;\n variableFinder: VariableFinderFn;\n}): Promise<string | undefined> {\n if (!input) return undefined;\n\n const matches: RegExpExecArray[] = extractPlaceholder(input);\n let result = input;\n for (const match of matches) {\n const placeholder = match[0];\n const name = match[1]!;\n const value = (await variableFinder(name)) ?? placeholder;\n result = result.replace(placeholder, value);\n }\n return result;\n}\n\nfunction extractPlaceholder(input: string) {\n const matches: RegExpExecArray[] = [];\n const regexp: RegExp = /\\$\\{\\{\\s{0,10}([a-zA-Z_][a-zA-Z0-9._-]{0,99})\\s{0,10}\\}\\}/;\n\n let searchInput = input;\n let offset = 0;\n\n while (searchInput.length > 0) {\n const match = searchInput.match(regexp);\n if (!match || match.index === undefined) break;\n\n // Adjust match index to account for previous slices\n const adjustedMatch = Object.assign([...match], {\n index: match.index + offset,\n input: input,\n groups: match.groups,\n }) as RegExpExecArray;\n\n matches.push(adjustedMatch);\n\n // Move past this match\n const nextStart = match.index + match[0].length;\n offset += nextStart;\n searchInput = searchInput.slice(nextStart);\n }\n\n return matches;\n}\n\nexport { convertPlaceholder, extractPlaceholder };\n","import * as yaml from 'js-yaml';\nimport { z } from 'zod';\n\nimport { makeDirectoryKey } from './directory-key';\nimport { convertPlaceholder, type VariableFinderFn } from './placeholder';\n\nexport const DependabotRegistrySchema = z\n .object({\n type: z.enum([\n // order matches\n // https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#supported-private-registries\n\n 'cargo-registry',\n 'composer-repository',\n 'docker-registry',\n 'git',\n 'goproxy-server',\n 'helm-registry',\n 'hex-organization',\n 'hex-repository',\n 'maven-repository',\n 'npm-registry',\n 'nuget-feed',\n 'pub-repository',\n 'python-index',\n 'rubygems-server',\n 'terraform-registry',\n ]),\n url: z.string().optional(),\n username: z.string().optional(),\n password: z.string().optional(),\n key: z.string().optional(),\n token: z.string().optional(),\n 'replaces-base': z.boolean().optional(),\n host: z.string().optional(), // for terraform and composer only\n registry: z.string().optional(), // for npm only\n organization: z.string().optional(), // for hex-organization only\n repo: z.string().optional(), // for hex-repository only\n 'public-key-fingerprint': z.string().optional(), // for hex-repository only\n 'index-url': z.string().optional(), // for python-index only\n 'auth-key': z.string().optional(), // used by composer-repository, docker-registry, etc\n 'tenant-id': z.string().optional(), // can only be for azure related stuff, not sure\n 'client-id': z.string().optional(), // can only be for azure related stuff, not sure\n })\n // change underscore to dash in the registry key/type\n .transform((value) => ({ ...value, type: value.type.replace('-', '_') }));\nexport type DependabotRegistry = z.infer<typeof DependabotRegistrySchema>;\n\nexport const DependabotGroupSchema = z.object({\n // Define an identifier for the group to use in branch names and pull request titles.\n // This must start and end with a letter, and can contain letters, pipes |, underscores _, or hyphens -.\n IDENTIFIER: z\n .string()\n .check(\n z.regex(/^[a-zA-Z][a-zA-Z0-9|_-]*[a-zA-Z]$/, {\n message:\n 'Group identifier must start and end with a letter, and can contain letters, pipes |, underscores _, or hyphens -.',\n }),\n )\n .optional(),\n 'applies-to': z.enum(['version-updates', 'security-updates']).optional(),\n 'dependency-type': z.enum(['development', 'production']).optional(),\n patterns: z.string().array().optional(),\n 'exclude-patterns': z.string().array().optional(),\n 'update-types': z.enum(['major', 'minor', 'patch']).array().optional(),\n});\nexport type DependabotGroup = z.infer<typeof DependabotGroupSchema>;\n\nexport const DependabotAllowConditionSchema = z.object({\n 'dependency-name': z.string().optional(),\n 'dependency-type': z.enum(['direct', 'indirect', 'all', 'production', 'development']).optional(),\n 'update-type': z.enum(['all', 'security']).optional(),\n});\nexport type DependabotAllowCondition = z.infer<typeof DependabotAllowConditionSchema>;\n\nexport const DependabotIgnoreConditionSchema = z\n .object({\n 'dependency-name': z.string().optional(),\n versions: z.string().array().or(z.string()).optional(),\n 'update-types': z\n .enum(['version-update:semver-major', 'version-update:semver-minor', 'version-update:semver-patch'])\n .array()\n .optional(),\n })\n .and(z.record(z.string(), z.any()));\nexport type DependabotIgnoreCondition = z.infer<typeof DependabotIgnoreConditionSchema>;\n\nexport const DependabotScheduleSchema = z\n .object({\n interval: z.enum(['daily', 'weekly', 'monthly', 'quarterly', 'semiannually', 'yearly', 'cron']),\n\n day: z\n .enum(['sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday'])\n .optional()\n .default('monday'),\n\n time: z\n .string()\n .default('02:00')\n .check(z.regex(/^(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$/, { message: 'Time must be in HH:MM format' }))\n .optional(),\n\n timezone: z\n .string()\n .optional()\n .default('Etc/UTC')\n .refine(\n (value) => {\n try {\n // If tz is not a valid IANA name, this throws a RangeError\n Intl.DateTimeFormat(undefined, { timeZone: value });\n return true;\n } catch {\n return false;\n }\n },\n { message: 'Invalid IANA time zone' },\n ),\n cronjob: z\n .string()\n .check(z.regex(/^\\S+ \\S+ \\S+ \\S+ \\S+$/, { message: 'Cronjob must be in standard cron format' }))\n .optional(),\n })\n .transform((value, { addIssue }) => {\n // if interval is 'cron', cronjob must be specified\n if (value.interval === 'cron' && !value.cronjob) {\n addIssue(\"The 'cronjob' field must be specified when the interval is set to 'cron'.\");\n }\n\n return value;\n });\nexport type DependabotSchedule = z.infer<typeof DependabotScheduleSchema>;\n\nexport const DependabotCommitMessageSchema = z.object({\n prefix: z.string().optional(),\n 'prefix-development': z.string().optional(),\n include: z.string().optional(),\n});\nexport type DependabotCommitMessage = z.infer<typeof DependabotCommitMessageSchema>;\n\nexport const DependabotCooldownSchema = z.object({\n 'default-days': z.number().optional(),\n 'semver-major-days': z.number().optional(),\n 'semver-minor-days': z.number().optional(),\n 'semver-patch-days': z.number().optional(),\n include: z.string().array().optional(),\n exclude: z.string().array().optional(),\n});\nexport type DependabotCooldown = z.infer<typeof DependabotCooldownSchema>;\n\nconst DependabotPullRequestBranchNameSchema = z.object({\n separator: z.string().optional(),\n});\nexport type DependabotPullRequestBranchName = z.infer<typeof DependabotPullRequestBranchNameSchema>;\n\nexport const PackageEcosystemSchema = z.enum([\n // order matches\n // https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem-\n\n 'bazel',\n 'bun',\n 'bundler',\n 'cargo',\n 'composer',\n 'conda',\n 'devcontainers',\n 'docker',\n 'docker-compose',\n 'dotnet-sdk',\n 'helm',\n 'mix',\n 'elm',\n 'gitsubmodule',\n 'github-actions',\n 'gomod',\n 'gradle',\n 'julia',\n 'maven',\n 'npm',\n 'nuget',\n 'opentofu',\n 'pip',\n 'pip-compile', // alias mapped to 'pip'\n 'pipenv', // alias mapped to 'pip'\n 'pre-commit',\n 'pnpm', // alias mapped to 'npm'\n 'poetry', // alias mapped to 'pip'\n 'pub',\n 'rust-toolchain',\n 'swift',\n 'terraform',\n 'uv',\n 'vcpkg',\n 'yarn', // alias mapped to 'npm'\n]);\nexport type PackageEcosystem = z.infer<typeof PackageEcosystemSchema>;\n\nexport const VersioningStrategySchema = z.enum(['auto', 'increase', 'increase-if-necessary', 'lockfile-only', 'widen']);\nexport type VersioningStrategy = z.infer<typeof VersioningStrategySchema>;\n\nexport const DependabotUpdateSchema = z\n .object({\n 'package-ecosystem': PackageEcosystemSchema,\n directory: z.string().optional(),\n directories: z.string().array().optional(),\n 'exclude-paths': z.string().array().optional(),\n allow: DependabotAllowConditionSchema.array().optional(),\n assignees: z.string().array().optional(),\n 'commit-message': DependabotCommitMessageSchema.optional(),\n cooldown: DependabotCooldownSchema.optional(),\n groups: z.record(z.string(), DependabotGroupSchema).optional(),\n ignore: DependabotIgnoreConditionSchema.array().optional(),\n 'insecure-external-code-execution': z.enum(['allow', 'deny']).optional(),\n labels: z.string().array().optional(),\n milestone: z.coerce.string().optional(),\n 'open-pull-requests-limit': z.number().check(z.int(), z.gte(0)).optional(),\n 'pull-request-branch-name': DependabotPullRequestBranchNameSchema.optional(),\n 'rebase-strategy': z.string().optional(),\n registries: z.string().array().optional(),\n schedule: DependabotScheduleSchema,\n 'target-branch': z.string().optional(),\n vendor: z.boolean().optional(),\n 'versioning-strategy': VersioningStrategySchema.optional(),\n patterns: z.string().array().optional(),\n 'multi-ecosystem-group': z.string().optional(),\n })\n .transform((value, { addIssue }) => {\n // either 'directory' or 'directories' must be specified\n if (!value.directory && (!value.directories || value.directories.length === 0)) {\n addIssue(\"Either 'directory' or 'directories' must be specified in the dependency update configuration.\");\n }\n\n // validate that 'directory' does not contain glob patterns\n if (value.directory && /[*?[\\]{}]/.test(value.directory)) {\n addIssue(\"The 'directory' field must not include glob pattern.\");\n }\n\n value['open-pull-requests-limit'] ??= 5; // default to 5 if not specified\n\n // The patterns key is required when using multi-ecosystem-group.\n // You can specify dependency patterns to include only certain dependencies in the group,\n // or use [\"*\"] to include all dependencies.\n if (value['multi-ecosystem-group'] && (!value.patterns || value.patterns.length === 0)) {\n addIssue(\n \"The 'patterns' field must be specified and contain at least one pattern when using 'multi-ecosystem-group'.\",\n );\n }\n\n return value;\n });\nexport type DependabotUpdate = z.infer<typeof DependabotUpdateSchema>;\n\nexport const DependabotMultiEcosystemGroupSchema = z.object({\n schedule: DependabotScheduleSchema,\n labels: z.string().array().optional(), // behaviour: additive\n milestone: z.coerce.string().optional(), // behaviour: group-only\n assignees: z.string().array().optional(), // behaviour: additive\n 'target-branch': z.string().optional(), // behaviour: group-only\n 'commit-message': DependabotCommitMessageSchema.optional(), // behaviour: group-only\n 'pull-request-branch-name': DependabotPullRequestBranchNameSchema.optional(), // behaviour: group-only\n});\nexport type DependabotMultiEcosystemGroup = z.infer<typeof DependabotMultiEcosystemGroupSchema>;\n\n/* Ecosystems that are currently in beta */\nexport const BETA_ECOSYSTEMS: PackageEcosystem[] = ['pre-commit'];\n\n/**\n * Represents the dependabot.yaml configuration file options.\n * See: https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-dependabotyml\n */\nexport const DependabotConfigSchema = z\n .object({\n /**\n * Mandatory. configuration file version.\n **/\n version: z.number().refine((v) => v === 2, { message: 'Only version 2 of dependabot is supported' }),\n\n /**\n * Optional. Configure groups of ecosystems to update together in a single pull request.\n */\n 'multi-ecosystem-groups': z.record(z.string(), DependabotMultiEcosystemGroupSchema).optional(),\n\n /**\n * Mandatory. Configure how Dependabot updates the versions or project dependencies.\n * Each entry configures the update settings for a particular package manager.\n */\n updates: DependabotUpdateSchema.array().check(\n z.minLength(1, { message: 'At least one update configuration is required' }),\n ),\n\n /**\n * Optional.\n * Specify authentication details to access private package registries.\n */\n registries: z.record(z.string(), DependabotRegistrySchema).optional(),\n\n /**\n * Optional. Enables updates for ecosystems that are not yet generally available.\n * https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#enable-beta-ecosystems-\n */\n 'enable-beta-ecosystems': z.boolean().optional(),\n })\n .transform((value, { addIssue }) => {\n // If you attempt to set group-only keys at the ecosystem level (in updates entries),\n // Dependabot will throw a configuration error and fail to process your dependabot.yml file.\n // These keys must only be specified in the multi-ecosystem-groups section.\n // https://docs.github.com/en/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates#group-only-keys\n const groupOnlyKeys = ['milestone', 'target-branch', 'commit-message', 'pull-request-branch-name'] as const;\n if (value['multi-ecosystem-groups']) {\n for (const update of value.updates) {\n for (const key of groupOnlyKeys) {\n if (key in update) {\n addIssue(\n `The '${key}' field must not be specified in the 'updates' section when using 'multi-ecosystem-groups'. It is a group-only field.`,\n );\n }\n }\n }\n }\n\n // ensure there is no update with the same package-ecosystem and directory/directories combination\n const seen = new Set<string>();\n for (const update of value.updates) {\n const key = makeDirectoryKey(update);\n if (seen.has(key)) {\n addIssue(\n `Duplicate update configuration found for '${update['package-ecosystem']}' and directory: '${update.directory ?? update.directories?.join(',')}'`,\n );\n }\n seen.add(key);\n }\n\n // ensure that the ecosystems in beta are only used when 'enable-beta-ecosystems' is true\n if (!value['enable-beta-ecosystems']) {\n for (const update of value.updates) {\n if (BETA_ECOSYSTEMS.includes(update['package-ecosystem'])) {\n addIssue(\n `The package ecosystem '${update['package-ecosystem']}' is currently in beta. To use it, set 'enable-beta-ecosystems' to true in the dependabot configuration.`,\n );\n }\n }\n }\n\n return value;\n });\n\nexport type DependabotConfig = z.infer<typeof DependabotConfigSchema>;\n\nexport function parseUpdates(config: DependabotConfig, configPath: string): DependabotUpdate[] {\n const updates: DependabotUpdate[] = [];\n\n // Parse the value of each of the updates obtained from the file\n for (const update of config.updates) {\n // populate the 'ignore' conditions 'source' and 'updated-at' properties, if missing\n // NOTE: 'source' and 'updated-at' are not documented in the dependabot.yml config docs, but are defined in the dependabot-core and dependabot-cli models.\n // Currently they don't appear to add much value to the update process, but are populated here for completeness.\n if (update.ignore) {\n for (const condition of update.ignore) {\n condition.source ??= configPath;\n // we don't know the last updated time, so we use the current time\n condition['updated-at'] ??= new Date().toISOString();\n }\n }\n\n updates.push(update);\n }\n return updates;\n}\n\nexport async function parseRegistries(\n config: DependabotConfig,\n variableFinder: VariableFinderFn,\n): Promise<Record<string, DependabotRegistry>> {\n // Parse the value of each of the registries obtained from the config\n const registries: Record<string, DependabotRegistry> = {};\n for (const [key, registry] of Object.entries(config.registries || {})) {\n const updated = { ...registry };\n const { type } = updated;\n\n // handle special fields for 'hex-organization' types\n if (type === 'hex_organization' && !updated.organization) {\n throw new Error(`The value 'organization' in dependency registry config '${type}' is missing`);\n }\n\n // handle special fields for 'hex-repository' types\n if (type === 'hex_repository' && !updated.repo) {\n throw new Error(`The value 'repo' in dependency registry config '${key}' is missing`);\n }\n\n // parse username, password, key, and token while replacing tokens where necessary\n updated.username = await convertPlaceholder({ input: updated.username, variableFinder: variableFinder });\n updated.password = await convertPlaceholder({ input: updated.password, variableFinder: variableFinder });\n updated.key = await convertPlaceholder({ input: updated.key, variableFinder: variableFinder });\n updated.token = await convertPlaceholder({ input: updated.token, variableFinder: variableFinder });\n\n // TODO: include sources for this logic, otherwise it looks like magic.\n // Initially, this was based on reading through the dependabot-core logic\n // but much has since changed.\n\n // parse the url\n const url = updated.url;\n if (!url && type !== 'hex_organization') {\n throw new Error(`The value 'url' in dependency registry config '${key}' is missing`);\n }\n if (url) {\n /*\n * Some credentials do not use the 'url' property in the Ruby updater.\n * The 'host' and 'registry' properties are derived from the given URL.\n * The 'registry' property is derived from the 'url' by stripping off the scheme.\n * The 'host' property is derived from the hostname of the 'url'.\n *\n * 'npm_registry' and 'docker_registry' use 'registry' only.\n * 'terraform_registry' uses 'host' only.\n * 'composer_repository' uses both 'url' and 'host'.\n * 'python_index' uses 'index-url' instead of 'url'.\n */\n\n if (URL.canParse(url)) {\n const parsedUrl = new URL(url);\n\n const addRegistry = type === 'docker_registry' || type === 'npm_registry';\n if (addRegistry) updated.registry = url.replace('https://', '').replace('http://', '');\n\n const addHost = type === 'composer_repository' || type === 'terraform_registry';\n if (addHost) updated.host = parsedUrl.hostname;\n }\n\n if (type === 'python_index') updated['index-url'] = url;\n\n const removeUrl =\n type === 'docker_registry' ||\n type === 'npm_registry' ||\n type === 'terraform_registry' ||\n type === 'python_index';\n if (removeUrl) delete updated.url; // remove the url if not needed\n }\n\n // add to list\n registries[key] = updated;\n }\n return registries;\n}\n\nexport function validateConfiguration(updates: DependabotUpdate[], registries: Record<string, DependabotRegistry>) {\n const configured = Object.keys(registries);\n const referenced: string[] = [];\n for (const u of updates) referenced.push(...(u.registries ?? []));\n\n // ensure there are no configured registries that have not been referenced\n const missingConfiguration = referenced.filter((el) => !configured.includes(el));\n if (missingConfiguration.length > 0) {\n throw new Error(\n `Referenced registries: '${missingConfiguration.join(',')}' have not been configured in the root of dependabot.yml`,\n );\n }\n\n // ensure there are no registries referenced but not configured\n const missingReferences = configured.filter((el) => !referenced.includes(el));\n if (missingReferences.length > 0) {\n throw new Error(`Registries: '${missingReferences.join(',')}' have not been referenced by any update`);\n }\n}\n\n/** Possible paths to the dependabot config file for GitHub. */\nexport const CONFIG_FILE_NAMES = ['dependabot.yaml', 'dependabot.yml'];\nexport const CONFIG_FILE_PATHS_GITHUB = CONFIG_FILE_NAMES.map((name) => `.github/${name}`);\n/** Possible paths to the dependabot config file for Azure. */\nexport const CONFIG_FILE_PATHS_AZURE = [\n ...CONFIG_FILE_NAMES.map((name) => `.azuredevops/${name}`),\n ...CONFIG_FILE_PATHS_GITHUB,\n];\n\n/**\n * Parse the contents of a dependabot config YAML file\n * @returns {DependabotConfig} config - the dependabot configuration\n */\nexport async function parseDependabotConfig({\n configContents,\n configPath,\n variableFinder,\n}: {\n configContents: string;\n configPath: string;\n variableFinder: VariableFinderFn;\n}): Promise<DependabotConfig> {\n // Load the config\n const loadedConfig = yaml.load(configContents);\n if (loadedConfig === null || typeof loadedConfig !== 'object') {\n throw new Error('Invalid dependabot config object');\n }\n\n // Parse the config\n const config = await DependabotConfigSchema.parseAsync(loadedConfig);\n const updates = parseUpdates(config, configPath);\n const registries = await parseRegistries(config, variableFinder);\n validateConfiguration(updates, registries);\n\n return { ...config, updates, registries };\n}\n","import { z } from 'zod';\nimport { DependabotCooldownSchema } from './config';\n\n// we use nullish() because it does optional() and allows the value to be set to null\n\nexport const DependabotCredentialSchema = z.record(z.string(), z.any());\nexport type DependabotCredential = z.infer<typeof DependabotCredentialSchema>;\n\nexport const CertificateAuthoritySchema = z.object({\n cert: z.string(),\n key: z.string(),\n});\nexport type CertificateAuthority = z.infer<typeof CertificateAuthoritySchema>;\n\nexport const DependabotProxyConfigSchema = z.object({\n all_credentials: DependabotCredentialSchema.array(),\n ca: CertificateAuthoritySchema,\n});\nexport type DependabotProxyConfig = z.infer<typeof DependabotProxyConfigSchema>;\n\nexport const DependabotSourceProviderSchema = z.enum(['azure', 'bitbucket', 'gitlab']);\nexport type DependabotSourceProvider = z.infer<typeof DependabotSourceProviderSchema>;\n\nexport const DependabotSourceSchema = z.object({\n provider: DependabotSourceProviderSchema,\n repo: z.string(),\n directory: z.string().nullish(),\n directories: z.string().array().nullish(),\n branch: z.string().nullish(),\n commit: z.string().nullish(),\n hostname: z.string().nullish(), // Must be provided if api-endpoint is\n 'api-endpoint': z.string().nullish(), // Must be provided if hostname is\n});\nexport type DependabotSource = z.infer<typeof DependabotSourceSchema>;\n\nexport const DependabotExistingPrDependencySchema = z.object({\n 'dependency-name': z.string(),\n 'dependency-version': z.string().nullish(),\n directory: z.string().nullish(),\n removed: z.boolean().nullish(),\n});\nexport type DependabotExistingPrDependency = z.infer<typeof DependabotExistingPrDependencySchema>;\n\nexport const DependabotExistingPrSchema = z.object({\n 'pr-number': z.number(),\n dependencies: DependabotExistingPrDependencySchema.array(),\n});\nexport type DependabotExistingPr = z.infer<typeof DependabotExistingPrSchema>;\n\nexport const DependabotExistingGroupPrSchema = DependabotExistingPrSchema.extend({\n 'dependency-group-name': z.string(),\n dependencies: DependabotExistingPrDependencySchema.array(),\n});\nexport type DependabotExistingGroupPr = z.infer<typeof DependabotExistingGroupPrSchema>;\n\nexport const DependabotAllowedSchema = z.object({\n 'dependency-name': z.string().nullish(),\n 'dependency-type': z.string().nullish(),\n 'update-type': z.enum(['all', 'security']).optional(),\n});\nexport type DependabotAllowed = z.infer<typeof DependabotAllowedSchema>;\n\nexport const DependabotGroupRuleJobSchema = z.object({\n patterns: z.string().array().nullish(),\n 'exclude-patterns': z.string().array().nullish(),\n 'dependency-type': z.string().nullish(),\n 'update-types': z.string().array().nullish(),\n});\nexport type DependabotGroupRuleJob = z.infer<typeof DependabotGroupRuleJobSchema>;\n\nexport const DependabotGroupJobSchema = z.object({\n name: z.string(),\n 'applies-to': z.string().nullish(),\n rules: DependabotGroupRuleJobSchema,\n});\nexport type DependabotGroupJob = z.infer<typeof DependabotGroupJobSchema>;\n\nexport const DependabotConditionSchema = z.object({\n 'dependency-name': z.string(),\n source: z.string().nullish(),\n 'update-types': z.string().array().nullish(),\n 'updated-at': z.coerce.string().nullish(),\n 'version-requirement': z.string().nullish(),\n});\nexport type DependabotCondition = z.infer<typeof DependabotConditionSchema>;\n\nexport const DependabotSecurityAdvisorySchema = z.object({\n 'dependency-name': z.string(),\n 'affected-versions': z.string().array(),\n 'patched-versions': z.string().array().nullish(), // may not be patched as of yet\n 'unaffected-versions': z.string().array(),\n});\nexport type DependabotSecurityAdvisory = z.infer<typeof DependabotSecurityAdvisorySchema>;\n\nexport const DependabotRequirementSourceSchema = z.record(z.string(), z.any());\nexport type DependabotRequirementSource = z.infer<typeof DependabotRequirementSourceSchema>;\n\nexport const DependabotRequirementSchema = z.object({\n file: z.string().nullish(), // e.g. 'requirements.txt' or '/Root.csproj'\n groups: z.string().array().nullish(), // e.g. ['dependencies']\n metadata: z.record(z.string(), z.any()).nullish(),\n requirement: z.string().nullish(), // e.g. '==3.2.0' or '8.1.0'\n source: DependabotRequirementSourceSchema.nullish(),\n version: z.string().nullish(),\n 'previous-version': z.string().nullish(),\n});\nexport type DependabotRequirement = z.infer<typeof DependabotRequirementSchema>;\n\nexport const DependabotDependencySchema = z.object({\n name: z.string(), // e.g. 'django' or 'GraphQL.Server.Ui.Voyager'\n 'previous-requirements': DependabotRequirementSchema.array().nullish(),\n 'previous-version': z.string().nullish(),\n version: z.string().nullish(), // e.g. '5.0.1' or '8.1.0'\n requirements: DependabotRequirementSchema.array().nullish(),\n removed: z.boolean().nullish(),\n directory: z.string().nullish(),\n});\nexport type DependabotDependency = z.infer<typeof DependabotDependencySchema>;\n\nexport const DependabotCommitOptionsSchema = z.object({\n prefix: z.string().nullish(),\n 'prefix-development': z.string().nullish(),\n 'include-scope': z.boolean().nullish(),\n});\nexport type DependabotCommitOptions = z.infer<typeof DependabotCommitOptionsSchema>;\n\nexport const DependabotExperimentsSchema = z.record(z.string(), z.union([z.string(), z.boolean()]));\nexport type DependabotExperiments = z.infer<typeof DependabotExperimentsSchema>;\n\nexport const DependabotPackageManagerSchema = z.enum([\n 'bundler',\n 'cargo',\n 'composer',\n 'conda',\n 'pub',\n 'docker',\n 'elm',\n 'github_actions', // ecosystem(s): 'github-actions'\n 'submodules', // ecosystem(s): 'gitsubmodule'\n 'go_modules', // ecosystem(s): 'gomod'\n 'gradle',\n 'maven',\n 'hex', // ecosystem(s): 'mix'\n 'nuget',\n 'npm_and_yarn', // ecosystem(s): 'npm', 'pnpm', 'yarn'\n 'pip', // ecosystem(s): 'pipenv', 'pip-compile', 'poetry'\n 'rust_toolchain', // ecosystem(s): 'rust-toolchain'\n 'swift',\n 'terraform',\n 'devcontainers',\n 'dotnet_sdk', // ecosystem(s): 'dotnet-sdk'\n 'bun',\n 'docker_compose', // // ecosystem(s): 'docker-compose',\n 'uv',\n 'vcpkg',\n 'helm',\n 'julia',\n 'bazel',\n 'opentofu',\n 'pre_commit',\n]);\nexport type DependabotPackageManager = z.infer<typeof DependabotPackageManagerSchema>;\n\nexport const DEPENDABOT_COMMANDS = [\n 'update',\n 'version',\n 'recreate',\n // 'security',\n 'graph',\n] as const;\nexport const DependabotCommandSchema = z.enum(DEPENDABOT_COMMANDS);\nexport type DependabotCommand = z.infer<typeof DependabotCommandSchema>;\n\n// See: https://github.com/dependabot/cli/blob/main/internal/model/job.go\n// https://github.com/dependabot/dependabot-core/blob/main/updater/lib/dependabot/job.rb\nexport const DependabotJobConfigSchema = z.object({\n id: z.string(),\n command: DependabotCommandSchema.optional(),\n 'package-manager': DependabotPackageManagerSchema,\n 'allowed-updates': DependabotAllowedSchema.array(),\n debug: z.boolean().nullable(),\n 'dependency-groups': DependabotGroupJobSchema.array().nullish(),\n dependencies: z.string().array().nullable(),\n 'dependency-group-to-refresh': z.string().nullish(),\n 'existing-pull-requests': DependabotExistingPrSchema.array(),\n 'existing-group-pull-requests': DependabotExistingGroupPrSchema.array(),\n experiments: DependabotExperimentsSchema,\n 'ignore-conditions': DependabotConditionSchema.array(),\n 'lockfile-only': z.boolean(),\n 'requirements-update-strategy': z.string().nullable(),\n 'security-advisories': DependabotSecurityAdvisorySchema.array(),\n 'security-updates-only': z.boolean(),\n source: DependabotSourceSchema,\n 'update-subdependencies': z.boolean(),\n 'updating-a-pull-request': z.boolean(),\n 'vendor-dependencies': z.boolean(),\n 'reject-external-code': z.boolean().nullish(),\n 'repo-private': z.boolean(),\n 'commit-message-options': DependabotCommitOptionsSchema,\n 'credentials-metadata': DependabotCredentialSchema.array().nullish(),\n 'max-updater-run-time': z.int().nullish(),\n cooldown: DependabotCooldownSchema.nullish(),\n 'proxy-log-response-body-on-auth-failure': z.boolean().nullish(),\n 'enable-beta-ecosystems': z.boolean().nullish(),\n 'multi-ecosystem-update': z.boolean().nullish(),\n 'exclude-paths': z.string().array().optional(),\n});\nexport type DependabotJobConfig = z.infer<typeof DependabotJobConfigSchema>;\n\nexport const DependabotJobFileSchema = z.object({\n job: DependabotJobConfigSchema,\n});\nexport type DependabotJobFile = z.infer<typeof DependabotJobFileSchema>;\n\n// Code below is borrowed and adapted from dependabot-action\n\n// biome-ignore-start lint/suspicious/noExplicitAny: generic\nexport type FetchedFiles = {\n base_commit_sha: string;\n dependency_files: any[];\n base64_dependency_files: any[];\n};\n// biome-ignore-end lint/suspicious/noExplicitAny: generic\n\nexport type FileFetcherInput = {\n job: DependabotJobConfig;\n};\n\nexport type FileUpdaterInput = FetchedFiles & {\n job: DependabotJobConfig;\n};\n\nexport const DependabotPersistedPrSchema = DependabotExistingGroupPrSchema.omit({ 'pr-number': true }).extend({\n 'dependency-group-name': z.string().nullish(),\n});\nexport type DependabotPersistedPr = z.infer<typeof DependabotPersistedPrSchema>;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwDA,SAAgB,iBAAiB,SAA0C;AAOzE,QAAO,GALW,eAAe,UAAU,QAAQ,YAAY,QAAQ,qBAKnD,IAFE,QAAQ,aAAa,QAAQ,YAAa,KAAK,IAAI;;;;;AC3D3E,eAAe,mBAAmB,EAChC,OACA,kBAI8B;AAC9B,KAAI,CAAC,MAAO,QAAO;CAEnB,MAAM,UAA6B,mBAAmB,MAAM;CAC5D,IAAI,SAAS;AACb,MAAK,MAAM,SAAS,SAAS;EAC3B,MAAM,cAAc,MAAM;EAC1B,MAAM,OAAO,MAAM;EACnB,MAAM,QAAS,MAAM,eAAe,KAAK,IAAK;AAC9C,WAAS,OAAO,QAAQ,aAAa,MAAM;;AAE7C,QAAO;;AAGT,SAAS,mBAAmB,OAAe;CACzC,MAAM,UAA6B,EAAE;CACrC,MAAM,SAAiB;CAEvB,IAAI,cAAc;CAClB,IAAI,SAAS;AAEb,QAAO,YAAY,SAAS,GAAG;EAC7B,MAAM,QAAQ,YAAY,MAAM,OAAO;AACvC,MAAI,CAAC,SAAS,MAAM,UAAU,OAAW;EAGzC,MAAM,gBAAgB,OAAO,OAAO,CAAC,GAAG,MAAM,EAAE;GAC9C,OAAO,MAAM,QAAQ;GACd;GACP,QAAQ,MAAM;GACf,CAAC;AAEF,UAAQ,KAAK,cAAc;EAG3B,MAAM,YAAY,MAAM,QAAQ,MAAM,GAAG;AACzC,YAAU;AACV,gBAAc,YAAY,MAAM,UAAU;;AAG5C,QAAO;;;;;AC1CT,MAAa,2BAA2B,EACrC,OAAO;CACN,MAAM,EAAE,KAAK;EAIX;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD,CAAC;CACF,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,OAAO,EAAE,QAAQ,CAAC,UAAU;CAC5B,iBAAiB,EAAE,SAAS,CAAC,UAAU;CACvC,MAAM,EAAE,QAAQ,CAAC,UAAU;CAC3B,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,cAAc,EAAE,QAAQ,CAAC,UAAU;CACnC,MAAM,EAAE,QAAQ,CAAC,UAAU;CAC3B,0BAA0B,EAAE,QAAQ,CAAC,UAAU;CAC/C,aAAa,EAAE,QAAQ,CAAC,UAAU;CAClC,YAAY,EAAE,QAAQ,CAAC,UAAU;CACjC,aAAa,EAAE,QAAQ,CAAC,UAAU;CAClC,aAAa,EAAE,QAAQ,CAAC,UAAU;CACnC,CAAC,CAED,WAAW,WAAW;CAAE,GAAG;CAAO,MAAM,MAAM,KAAK,QAAQ,KAAK,IAAI;CAAE,EAAE;AAG3E,MAAa,wBAAwB,EAAE,OAAO;CAG5C,YAAY,EACT,QAAQ,CACR,MACC,EAAE,MAAM,qCAAqC,EAC3C,SACE,qHACH,CAAC,CACH,CACA,UAAU;CACb,cAAc,EAAE,KAAK,CAAC,mBAAmB,mBAAmB,CAAC,CAAC,UAAU;CACxE,mBAAmB,EAAE,KAAK,CAAC,eAAe,aAAa,CAAC,CAAC,UAAU;CACnE,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACvC,oBAAoB,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACjD,gBAAgB,EAAE,KAAK;EAAC;EAAS;EAAS;EAAQ,CAAC,CAAC,OAAO,CAAC,UAAU;CACvE,CAAC;AAGF,MAAa,iCAAiC,EAAE,OAAO;CACrD,mBAAmB,EAAE,QAAQ,CAAC,UAAU;CACxC,mBAAmB,EAAE,KAAK;EAAC;EAAU;EAAY;EAAO;EAAc;EAAc,CAAC,CAAC,UAAU;CAChG,eAAe,EAAE,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC,UAAU;CACtD,CAAC;AAGF,MAAa,kCAAkC,EAC5C,OAAO;CACN,mBAAmB,EAAE,QAAQ,CAAC,UAAU;CACxC,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,UAAU;CACtD,gBAAgB,EACb,KAAK;EAAC;EAA+B;EAA+B;EAA8B,CAAC,CACnG,OAAO,CACP,UAAU;CACd,CAAC,CACD,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC;AAGrC,MAAa,2BAA2B,EACrC,OAAO;CACN,UAAU,EAAE,KAAK;EAAC;EAAS;EAAU;EAAW;EAAa;EAAgB;EAAU;EAAO,CAAC;CAE/F,KAAK,EACF,KAAK;EAAC;EAAU;EAAU;EAAW;EAAa;EAAY;EAAU;EAAW,CAAC,CACpF,UAAU,CACV,QAAQ,SAAS;CAEpB,MAAM,EACH,QAAQ,CACR,QAAQ,QAAQ,CAChB,MAAM,EAAE,MAAM,uCAAuC,EAAE,SAAS,gCAAgC,CAAC,CAAC,CAClG,UAAU;CAEb,UAAU,EACP,QAAQ,CACR,UAAU,CACV,QAAQ,UAAU,CAClB,QACE,UAAU;AACT,MAAI;AAEF,QAAK,eAAe,QAAW,EAAE,UAAU,OAAO,CAAC;AACnD,UAAO;UACD;AACN,UAAO;;IAGX,EAAE,SAAS,0BAA0B,CACtC;CACH,SAAS,EACN,QAAQ,CACR,MAAM,EAAE,MAAM,yBAAyB,EAAE,SAAS,2CAA2C,CAAC,CAAC,CAC/F,UAAU;CACd,CAAC,CACD,WAAW,OAAO,EAAE,eAAe;AAElC,KAAI,MAAM,aAAa,UAAU,CAAC,MAAM,QACtC,UAAS,4EAA4E;AAGvF,QAAO;EACP;AAGJ,MAAa,gCAAgC,EAAE,OAAO;CACpD,QAAQ,EAAE,QAAQ,CAAC,UAAU;CAC7B,sBAAsB,EAAE,QAAQ,CAAC,UAAU;CAC3C,SAAS,EAAE,QAAQ,CAAC,UAAU;CAC/B,CAAC;AAGF,MAAa,2BAA2B,EAAE,OAAO;CAC/C,gBAAgB,EAAE,QAAQ,CAAC,UAAU;CACrC,qBAAqB,EAAE,QAAQ,CAAC,UAAU;CAC1C,qBAAqB,EAAE,QAAQ,CAAC,UAAU;CAC1C,qBAAqB,EAAE,QAAQ,CAAC,UAAU;CAC1C,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACtC,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACvC,CAAC;AAGF,MAAM,wCAAwC,EAAE,OAAO,EACrD,WAAW,EAAE,QAAQ,CAAC,UAAU,EACjC,CAAC;AAGF,MAAa,yBAAyB,EAAE,KAAK;CAI3C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,2BAA2B,EAAE,KAAK;CAAC;CAAQ;CAAY;CAAyB;CAAiB;CAAQ,CAAC;AAGvH,MAAa,yBAAyB,EACnC,OAAO;CACN,qBAAqB;CACrB,WAAW,EAAE,QAAQ,CAAC,UAAU;CAChC,aAAa,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC1C,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC9C,OAAO,+BAA+B,OAAO,CAAC,UAAU;CACxD,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACxC,kBAAkB,8BAA8B,UAAU;CAC1D,UAAU,yBAAyB,UAAU;CAC7C,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,sBAAsB,CAAC,UAAU;CAC9D,QAAQ,gCAAgC,OAAO,CAAC,UAAU;CAC1D,oCAAoC,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,CAAC,UAAU;CACxE,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACrC,WAAW,EAAE,OAAO,QAAQ,CAAC,UAAU;CACvC,4BAA4B,EAAE,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU;CAC1E,4BAA4B,sCAAsC,UAAU;CAC5E,mBAAmB,EAAE,QAAQ,CAAC,UAAU;CACxC,YAAY,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACzC,UAAU;CACV,iBAAiB,EAAE,QAAQ,CAAC,UAAU;CACtC,QAAQ,EAAE,SAAS,CAAC,UAAU;CAC9B,uBAAuB,yBAAyB,UAAU;CAC1D,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACvC,yBAAyB,EAAE,QAAQ,CAAC,UAAU;CAC/C,CAAC,CACD,WAAW,OAAO,EAAE,eAAe;AAElC,KAAI,CAAC,MAAM,cAAc,CAAC,MAAM,eAAe,MAAM,YAAY,WAAW,GAC1E,UAAS,gGAAgG;AAI3G,KAAI,MAAM,aAAa,YAAY,KAAK,MAAM,UAAU,CACtD,UAAS,uDAAuD;AAGlE,OAAM,gCAAgC;AAKtC,KAAI,MAAM,6BAA6B,CAAC,MAAM,YAAY,MAAM,SAAS,WAAW,GAClF,UACE,8GACD;AAGH,QAAO;EACP;AAGJ,MAAa,sCAAsC,EAAE,OAAO;CAC1D,UAAU;CACV,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACrC,WAAW,EAAE,OAAO,QAAQ,CAAC,UAAU;CACvC,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACxC,iBAAiB,EAAE,QAAQ,CAAC,UAAU;CACtC,kBAAkB,8BAA8B,UAAU;CAC1D,4BAA4B,sCAAsC,UAAU;CAC7E,CAAC;AAIF,MAAa,kBAAsC,CAAC,aAAa;;;;;AAMjE,MAAa,yBAAyB,EACnC,OAAO;CAIN,SAAS,EAAE,QAAQ,CAAC,QAAQ,MAAM,MAAM,GAAG,EAAE,SAAS,6CAA6C,CAAC;CAKpG,0BAA0B,EAAE,OAAO,EAAE,QAAQ,EAAE,oCAAoC,CAAC,UAAU;CAM9F,SAAS,uBAAuB,OAAO,CAAC,MACtC,EAAE,UAAU,GAAG,EAAE,SAAS,iDAAiD,CAAC,CAC7E;CAMD,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,yBAAyB,CAAC,UAAU;CAMrE,0BAA0B,EAAE,SAAS,CAAC,UAAU;CACjD,CAAC,CACD,WAAW,OAAO,EAAE,eAAe;CAKlC,MAAM,gBAAgB;EAAC;EAAa;EAAiB;EAAkB;EAA2B;AAClG,KAAI,MAAM,2BACR;OAAK,MAAM,UAAU,MAAM,QACzB,MAAK,MAAM,OAAO,cAChB,KAAI,OAAO,OACT,UACE,QAAQ,IAAI,uHACb;;CAOT,MAAM,uBAAO,IAAI,KAAa;AAC9B,MAAK,MAAM,UAAU,MAAM,SAAS;EAClC,MAAM,MAAM,iBAAiB,OAAO;AACpC,MAAI,KAAK,IAAI,IAAI,CACf,UACE,6CAA6C,OAAO,qBAAqB,oBAAoB,OAAO,aAAa,OAAO,aAAa,KAAK,IAAI,CAAC,GAChJ;AAEH,OAAK,IAAI,IAAI;;AAIf,KAAI,CAAC,MAAM,2BACT;OAAK,MAAM,UAAU,MAAM,QACzB,KAAI,gBAAgB,SAAS,OAAO,qBAAqB,CACvD,UACE,0BAA0B,OAAO,qBAAqB,0GACvD;;AAKP,QAAO;EACP;AAIJ,SAAgB,aAAa,QAA0B,YAAwC;CAC7F,MAAM,UAA8B,EAAE;AAGtC,MAAK,MAAM,UAAU,OAAO,SAAS;AAInC,MAAI,OAAO,OACT,MAAK,MAAM,aAAa,OAAO,QAAQ;AACrC,aAAU,WAAW;AAErB,aAAU,mCAAkB,IAAI,MAAM,EAAC,aAAa;;AAIxD,UAAQ,KAAK,OAAO;;AAEtB,QAAO;;AAGT,eAAsB,gBACpB,QACA,gBAC6C;CAE7C,MAAM,aAAiD,EAAE;AACzD,MAAK,MAAM,CAAC,KAAK,aAAa,OAAO,QAAQ,OAAO,cAAc,EAAE,CAAC,EAAE;EACrE,MAAM,UAAU,EAAE,GAAG,UAAU;EAC/B,MAAM,EAAE,SAAS;AAGjB,MAAI,SAAS,sBAAsB,CAAC,QAAQ,aAC1C,OAAM,IAAI,MAAM,2DAA2D,KAAK,cAAc;AAIhG,MAAI,SAAS,oBAAoB,CAAC,QAAQ,KACxC,OAAM,IAAI,MAAM,mDAAmD,IAAI,cAAc;AAIvF,UAAQ,WAAW,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAA0B;GAAgB,CAAC;AACxG,UAAQ,WAAW,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAA0B;GAAgB,CAAC;AACxG,UAAQ,MAAM,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAAqB;GAAgB,CAAC;AAC9F,UAAQ,QAAQ,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAAuB;GAAgB,CAAC;EAOlG,MAAM,MAAM,QAAQ;AACpB,MAAI,CAAC,OAAO,SAAS,mBACnB,OAAM,IAAI,MAAM,kDAAkD,IAAI,cAAc;AAEtF,MAAI,KAAK;AAaP,OAAI,IAAI,SAAS,IAAI,EAAE;IACrB,MAAM,YAAY,IAAI,IAAI,IAAI;AAG9B,QADoB,SAAS,qBAAqB,SAAS,eAC1C,SAAQ,WAAW,IAAI,QAAQ,YAAY,GAAG,CAAC,QAAQ,WAAW,GAAG;AAGtF,QADgB,SAAS,yBAAyB,SAAS,qBAC9C,SAAQ,OAAO,UAAU;;AAGxC,OAAI,SAAS,eAAgB,SAAQ,eAAe;AAOpD,OAJE,SAAS,qBACT,SAAS,kBACT,SAAS,wBACT,SAAS,eACI,QAAO,QAAQ;;AAIhC,aAAW,OAAO;;AAEpB,QAAO;;AAGT,SAAgB,sBAAsB,SAA6B,YAAgD;CACjH,MAAM,aAAa,OAAO,KAAK,WAAW;CAC1C,MAAM,aAAuB,EAAE;AAC/B,MAAK,MAAM,KAAK,QAAS,YAAW,KAAK,GAAI,EAAE,cAAc,EAAE,CAAE;CAGjE,MAAM,uBAAuB,WAAW,QAAQ,OAAO,CAAC,WAAW,SAAS,GAAG,CAAC;AAChF,KAAI,qBAAqB,SAAS,EAChC,OAAM,IAAI,MACR,2BAA2B,qBAAqB,KAAK,IAAI,CAAC,0DAC3D;CAIH,MAAM,oBAAoB,WAAW,QAAQ,OAAO,CAAC,WAAW,SAAS,GAAG,CAAC;AAC7E,KAAI,kBAAkB,SAAS,EAC7B,OAAM,IAAI,MAAM,gBAAgB,kBAAkB,KAAK,IAAI,CAAC,0CAA0C;;;AAK1G,MAAa,oBAAoB,CAAC,mBAAmB,iBAAiB;AACtE,MAAa,2BAA2B,kBAAkB,KAAK,SAAS,WAAW,OAAO;;AAE1F,MAAa,0BAA0B,CACrC,GAAG,kBAAkB,KAAK,SAAS,gBAAgB,OAAO,EAC1D,GAAG,yBACJ;;;;;AAMD,eAAsB,sBAAsB,EAC1C,gBACA,YACA,kBAK4B;CAE5B,MAAM,eAAe,KAAK,KAAK,eAAe;AAC9C,KAAI,iBAAiB,QAAQ,OAAO,iBAAiB,SACnD,OAAM,IAAI,MAAM,mCAAmC;CAIrD,MAAM,SAAS,MAAM,uBAAuB,WAAW,aAAa;CACpE,MAAM,UAAU,aAAa,QAAQ,WAAW;CAChD,MAAM,aAAa,MAAM,gBAAgB,QAAQ,eAAe;AAChE,uBAAsB,SAAS,WAAW;AAE1C,QAAO;EAAE,GAAG;EAAQ;EAAS;EAAY;;;;;AC5e3C,MAAa,6BAA6B,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC;AAGvE,MAAa,6BAA6B,EAAE,OAAO;CACjD,MAAM,EAAE,QAAQ;CAChB,KAAK,EAAE,QAAQ;CAChB,CAAC;AAGF,MAAa,8BAA8B,EAAE,OAAO;CAClD,iBAAiB,2BAA2B,OAAO;CACnD,IAAI;CACL,CAAC;AAGF,MAAa,iCAAiC,EAAE,KAAK;CAAC;CAAS;CAAa;CAAS,CAAC;AAGtF,MAAa,yBAAyB,EAAE,OAAO;CAC7C,UAAU;CACV,MAAM,EAAE,QAAQ;CAChB,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,aAAa,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACzC,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,UAAU,EAAE,QAAQ,CAAC,SAAS;CAC9B,gBAAgB,EAAE,QAAQ,CAAC,SAAS;CACrC,CAAC;AAGF,MAAa,uCAAuC,EAAE,OAAO;CAC3D,mBAAmB,EAAE,QAAQ;CAC7B,sBAAsB,EAAE,QAAQ,CAAC,SAAS;CAC1C,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,SAAS,EAAE,SAAS,CAAC,SAAS;CAC/B,CAAC;AAGF,MAAa,6BAA6B,EAAE,OAAO;CACjD,aAAa,EAAE,QAAQ;CACvB,cAAc,qCAAqC,OAAO;CAC3D,CAAC;AAGF,MAAa,kCAAkC,2BAA2B,OAAO;CAC/E,yBAAyB,EAAE,QAAQ;CACnC,cAAc,qCAAqC,OAAO;CAC3D,CAAC;AAGF,MAAa,0BAA0B,EAAE,OAAO;CAC9C,mBAAmB,EAAE,QAAQ,CAAC,SAAS;CACvC,mBAAmB,EAAE,QAAQ,CAAC,SAAS;CACvC,eAAe,EAAE,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC,UAAU;CACtD,CAAC;AAGF,MAAa,+BAA+B,EAAE,OAAO;CACnD,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACtC,oBAAoB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAChD,mBAAmB,EAAE,QAAQ,CAAC,SAAS;CACvC,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAC7C,CAAC;AAGF,MAAa,2BAA2B,EAAE,OAAO;CAC/C,MAAM,EAAE,QAAQ;CAChB,cAAc,EAAE,QAAQ,CAAC,SAAS;CAClC,OAAO;CACR,CAAC;AAGF,MAAa,4BAA4B,EAAE,OAAO;CAChD,mBAAmB,EAAE,QAAQ;CAC7B,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAC5C,cAAc,EAAE,OAAO,QAAQ,CAAC,SAAS;CACzC,uBAAuB,EAAE,QAAQ,CAAC,SAAS;CAC5C,CAAC;AAGF,MAAa,mCAAmC,EAAE,OAAO;CACvD,mBAAmB,EAAE,QAAQ;CAC7B,qBAAqB,EAAE,QAAQ,CAAC,OAAO;CACvC,oBAAoB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAChD,uBAAuB,EAAE,QAAQ,CAAC,OAAO;CAC1C,CAAC;AAGF,MAAa,oCAAoC,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC;AAG9E,MAAa,8BAA8B,EAAE,OAAO;CAClD,MAAM,EAAE,QAAQ,CAAC,SAAS;CAC1B,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACpC,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CACjD,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,QAAQ,kCAAkC,SAAS;CACnD,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC7B,oBAAoB,EAAE,QAAQ,CAAC,SAAS;CACzC,CAAC;AAGF,MAAa,6BAA6B,EAAE,OAAO;CACjD,MAAM,EAAE,QAAQ;CAChB,yBAAyB,4BAA4B,OAAO,CAAC,SAAS;CACtE,oBAAoB,EAAE,QAAQ,CAAC,SAAS;CACxC,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC7B,cAAc,4BAA4B,OAAO,CAAC,SAAS;CAC3D,SAAS,EAAE,SAAS,CAAC,SAAS;CAC9B,WAAW,EAAE,QAAQ,CAAC,SAAS;CAChC,CAAC;AAGF,MAAa,gCAAgC,EAAE,OAAO;CACpD,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,sBAAsB,EAAE,QAAQ,CAAC,SAAS;CAC1C,iBAAiB,EAAE,SAAS,CAAC,SAAS;CACvC,CAAC;AAGF,MAAa,8BAA8B,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC;AAGnG,MAAa,iCAAiC,EAAE,KAAK;CACnD;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,sBAAsB;CACjC;CACA;CACA;CAEA;CACD;AACD,MAAa,0BAA0B,EAAE,KAAK,oBAAoB;AAKlE,MAAa,4BAA4B,EAAE,OAAO;CAChD,IAAI,EAAE,QAAQ;CACd,SAAS,wBAAwB,UAAU;CAC3C,mBAAmB;CACnB,mBAAmB,wBAAwB,OAAO;CAClD,OAAO,EAAE,SAAS,CAAC,UAAU;CAC7B,qBAAqB,yBAAyB,OAAO,CAAC,SAAS;CAC/D,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC3C,+BAA+B,EAAE,QAAQ,CAAC,SAAS;CACnD,0BAA0B,2BAA2B,OAAO;CAC5D,gCAAgC,gCAAgC,OAAO;CACvE,aAAa;CACb,qBAAqB,0BAA0B,OAAO;CACtD,iBAAiB,EAAE,SAAS;CAC5B,gCAAgC,EAAE,QAAQ,CAAC,UAAU;CACrD,uBAAuB,iCAAiC,OAAO;CAC/D,yBAAyB,EAAE,SAAS;CACpC,QAAQ;CACR,0BAA0B,EAAE,SAAS;CACrC,2BAA2B,EAAE,SAAS;CACtC,uBAAuB,EAAE,SAAS;CAClC,wBAAwB,EAAE,SAAS,CAAC,SAAS;CAC7C,gBAAgB,EAAE,SAAS;CAC3B,0BAA0B;CAC1B,wBAAwB,2BAA2B,OAAO,CAAC,SAAS;CACpE,wBAAwB,EAAE,KAAK,CAAC,SAAS;CACzC,UAAU,yBAAyB,SAAS;CAC5C,2CAA2C,EAAE,SAAS,CAAC,SAAS;CAChE,0BAA0B,EAAE,SAAS,CAAC,SAAS;CAC/C,0BAA0B,EAAE,SAAS,CAAC,SAAS;CAC/C,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC/C,CAAC;AAGF,MAAa,0BAA0B,EAAE,OAAO,EAC9C,KAAK,2BACN,CAAC;AAqBF,MAAa,8BAA8B,gCAAgC,KAAK,EAAE,aAAa,MAAM,CAAC,CAAC,OAAO,EAC5G,yBAAyB,EAAE,QAAQ,CAAC,SAAS,EAC9C,CAAC"}

package/dist/keygen.d.mts CHANGED Viewed

@@ -1,8 +1,6 @@
 //#region src/keygen.d.ts
 type KeygenGenerateOptions = {
-  /** Length in bytes (default: 32) */
-  length?: number;
-  /** Encoding format (default: 'base62') */
+  /** Length in bytes (default: 32) */length?: number; /** Encoding format (default: 'base62') */
   encoding?: 'base64' | 'base64url' | 'base62' | 'hex';
 };
 declare class Keygen {

package/dist/logger.d.mts CHANGED Viewed

@@ -11,8 +11,7 @@ type LoggerCreateOptions = {
    * Whether to include time stamps in log entries
    * @default false
    */
-  timestamp?: boolean;
-  /** Options for pretty printing */
+  timestamp?: boolean; /** Options for pretty printing */
   pretty?: {
     /**
      * Whether to enable pretty printing

package/dist/logger.mjs CHANGED Viewed

@@ -1,3 +1,42 @@
-import { n as logger, t as create } from "./logger-3Qfh9NUj.mjs";
+import pino from "pino";
+import pretty from "pino-pretty";
-export { create, logger };
+//#region src/logger.ts
+/**
+* Creates a new logger with the given options.
+* @param options - Logger creation options
+* @returns A logger instance
+*/
+function create(options = {}) {
+	const { level, timestamp = false, pretty: { enable: prettyEnable = true, colorize: prettyColorize = true, includeLevel: prettyIncludeLevel = false } = {}, streams = [] } = options;
+	const prettyStream = prettyEnable ? pretty({
+		colorize: prettyColorize,
+		ignore: "pid,hostname",
+		customPrettifiers: prettyIncludeLevel ? {} : { level: () => "" },
+		customColors: {
+			trace: "grey",
+			debug: "grey",
+			info: "white",
+			warn: "yellow",
+			error: "red",
+			fatal: "magenta"
+		}
+	}) : void 0;
+	const resolvedLevel = level || process.env.LOG_LEVEL || (process.env.NODE_ENV === "production" ? "warn" : "debug");
+	return pino({
+		level: resolvedLevel,
+		timestamp
+	}, pino.multistream([...prettyStream ? [{
+		level: resolvedLevel,
+		stream: prettyStream
+	}] : [], ...streams.map((stream) => ({
+		level: resolvedLevel,
+		stream
+	}))]));
+}
+/** Default logger instance */
+const logger = create();
+//#endregion
+export { create, logger };
+//# sourceMappingURL=logger.mjs.map

package/dist/logger.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"logger.mjs","names":[],"sources":["../src/logger.ts"],"sourcesContent":["import pino, { type DestinationStream, type Level } from 'pino';\nimport pretty from 'pino-pretty';\n\nexport type LoggerCreateOptions = {\n /**\n * Log level\n * Only set this if you must override the default log level logic from env variables\n */\n level?: Level;\n\n /**\n * Whether to include time stamps in log entries\n * @default false\n */\n timestamp?: boolean;\n\n /** Options for pretty printing */\n pretty?: {\n /**\n * Whether to enable pretty printing\n * @default true\n */\n enable?: boolean;\n\n /**\n * Whether to colorize the pretty printed output\n * @default true\n */\n colorize?: boolean;\n\n /**\n * Whether to include the log level in pretty printed output\n * @default false\n */\n includeLevel?: boolean;\n };\n\n /**\n * Additional streams, if any, to write logs to.\n * This is in addition to any pretty printing stream configured.\n * Useful for adding things like OpenTelemetry streams.\n */\n streams?: DestinationStream[];\n};\n\n/**\n * Creates a new logger with the given options.\n * @param options - Logger creation options\n * @returns A logger instance\n */\nexport function create(options: LoggerCreateOptions = {}) {\n const {\n level,\n timestamp = false,\n pretty: {\n // options for pretty printing\n enable: prettyEnable = true,\n colorize: prettyColorize = true,\n includeLevel: prettyIncludeLevel = false,\n } = {},\n streams = [],\n } = options;\n\n // configure pretty printing stream, if enabled\n const prettyStream = prettyEnable\n ? pretty({\n colorize: prettyColorize,\n ignore: 'pid,hostname',\n customPrettifiers: prettyIncludeLevel ? {} : { level: () => '' },\n // these colors only apply to the log level which we may be hiding above\n // support for custom colors in the message itself is not yet supported\n // https://github.com/pinojs/pino-pretty/issues/430\n // https://github.com/pinojs/pino-pretty/issues/524\n // https://github.com/pinojs/pino-pretty/pull/611\n customColors: {\n trace: 'grey',\n debug: 'grey',\n info: 'white',\n warn: 'yellow',\n error: 'red',\n fatal: 'magenta',\n } satisfies Record<Level, string>,\n })\n : undefined;\n\n // create and return the logger\n const resolvedLevel = level || process.env.LOG_LEVEL || (process.env.NODE_ENV === 'production' ? 'warn' : 'debug');\n return pino(\n { level: resolvedLevel, timestamp },\n pino.multistream([\n // add streams conditionally\n // without setting the level on each stream, some logs seem to be skipped\n ...(prettyStream ? [{ level: resolvedLevel, stream: prettyStream }] : []),\n ...streams.map((stream) => ({ level: resolvedLevel, stream })),\n ]),\n );\n}\n\n/** Default logger instance */\nexport const logger = create();\n"],"mappings":";;;;;;;;;AAkDA,SAAgB,OAAO,UAA+B,EAAE,EAAE;CACxD,MAAM,EACJ,OACA,YAAY,OACZ,QAAQ,EAEN,QAAQ,eAAe,MACvB,UAAU,iBAAiB,MAC3B,cAAc,qBAAqB,UACjC,EAAE,EACN,UAAU,EAAE,KACV;CAGJ,MAAM,eAAe,eACjB,OAAO;EACL,UAAU;EACV,QAAQ;EACR,mBAAmB,qBAAqB,EAAE,GAAG,EAAE,aAAa,IAAI;EAMhE,cAAc;GACZ,OAAO;GACP,OAAO;GACP,MAAM;GACN,MAAM;GACN,OAAO;GACP,OAAO;GACR;EACF,CAAC,GACF;CAGJ,MAAM,gBAAgB,SAAS,QAAQ,IAAI,cAAc,QAAQ,IAAI,aAAa,eAAe,SAAS;AAC1G,QAAO,KACL;EAAE,OAAO;EAAe;EAAW,EACnC,KAAK,YAAY,CAGf,GAAI,eAAe,CAAC;EAAE,OAAO;EAAe,QAAQ;EAAc,CAAC,GAAG,EAAE,EACxE,GAAG,QAAQ,KAAK,YAAY;EAAE,OAAO;EAAe;EAAQ,EAAE,CAC/D,CAAC,CACH;;;AAIH,MAAa,SAAS,QAAQ"}

package/dist/usage.d.mts CHANGED Viewed

@@ -1,7 +1,6 @@
 import { z } from "zod";
 //#region src/usage.d.ts
 /**
  * @example
  * ```json
@@ -78,6 +77,7 @@ declare const UsageTelemetryRequestDataSchema: z.ZodObject<{
     julia: "julia";
     bazel: "bazel";
     opentofu: "opentofu";
+    pre_commit: "pre_commit";
   }>;
   id: z.ZodString;
   started: z.ZodCoercedDate<unknown>;

package/dist/usage.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { S as DependabotSourceProviderSchema, g as DependabotPackageManagerSchema } from "./job-ClEevC5P.mjs";
+import { C as DependabotSourceProviderSchema, _ as DependabotPackageManagerSchema } from "./job-Bb9WiMwE.mjs";
 import { z } from "zod";
 //#region src/usage.ts