@paklo/core 0.13.0 → 0.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/azure/index.d.mts +35 -36
  2. package/dist/azure/index.mjs +3 -3
  3. package/dist/dependabot/index.d.mts +1 -2
  4. package/dist/dependabot/index.mjs +2 -2
  5. package/dist/{index-BKTxy7XU.d.mts → ghsa-CqXOLQSp.d.mts} +1 -1
  6. package/dist/github/index.d.mts +1 -1
  7. package/dist/github/index.mjs +1 -1
  8. package/dist/{job-CNRfJDsF.mjs → job-Bb9WiMwE.mjs} +5 -3
  9. package/dist/job-Bb9WiMwE.mjs.map +1 -0
  10. package/dist/logger.mjs +41 -2
  11. package/dist/logger.mjs.map +1 -0
  12. package/dist/usage.d.mts +1 -0
  13. package/dist/usage.mjs +1 -1
  14. package/dist/{index-CviS_2Dy.d.mts → utils-BzO7b5Ke.d.mts} +32 -22
  15. package/dist/{dependabot-Epqz07Sy.mjs → utils-CAR7z1qU.mjs} +5 -12
  16. package/dist/utils-CAR7z1qU.mjs.map +1 -0
  17. package/package.json +6 -6
  18. package/dist/dependabot-Epqz07Sy.mjs.map +0 -1
  19. package/dist/job-CNRfJDsF.mjs.map +0 -1
  20. package/dist/logger-BV4N2wBl.mjs +0 -42
  21. package/dist/logger-BV4N2wBl.mjs.map +0 -1
package/dist/{index-CviS_2Dy.d.mts → utils-BzO7b5Ke.d.mts} RENAMED
@@ -1,4 +1,4 @@
1
- import { p as SecurityVulnerability } from "./index-BKTxy7XU.mjs";
1
+ import { p as SecurityVulnerability } from "./ghsa-CqXOLQSp.mjs";
2
2
  import { z } from "zod";
3
3
  import { Hono } from "hono";
4
4
 
@@ -114,10 +114,10 @@ declare const DependabotAllowConditionSchema: z.ZodObject<{
114
114
  'dependency-name': z.ZodOptional<z.ZodString>;
115
115
  'dependency-type': z.ZodOptional<z.ZodEnum<{
116
116
  production: "production";
117
+ all: "all";
117
118
  development: "development";
118
119
  direct: "direct";
119
120
  indirect: "indirect";
120
- all: "all";
121
121
  }>>;
122
122
  'update-type': z.ZodOptional<z.ZodEnum<{
123
123
  all: "all";
@@ -221,6 +221,7 @@ declare const PackageEcosystemSchema: z.ZodEnum<{
221
221
  npm: "npm";
222
222
  "pip-compile": "pip-compile";
223
223
  pipenv: "pipenv";
224
+ "pre-commit": "pre-commit";
224
225
  pnpm: "pnpm";
225
226
  poetry: "poetry";
226
227
  "rust-toolchain": "rust-toolchain";
@@ -267,6 +268,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
267
268
  npm: "npm";
268
269
  "pip-compile": "pip-compile";
269
270
  pipenv: "pipenv";
271
+ "pre-commit": "pre-commit";
270
272
  pnpm: "pnpm";
271
273
  poetry: "poetry";
272
274
  "rust-toolchain": "rust-toolchain";
@@ -279,10 +281,10 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
279
281
  'dependency-name': z.ZodOptional<z.ZodString>;
280
282
  'dependency-type': z.ZodOptional<z.ZodEnum<{
281
283
  production: "production";
284
+ all: "all";
282
285
  development: "development";
283
286
  direct: "direct";
284
287
  indirect: "indirect";
285
- all: "all";
286
288
  }>>;
287
289
  'update-type': z.ZodOptional<z.ZodEnum<{
288
290
  all: "all";
@@ -389,7 +391,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
389
391
  patterns: z.ZodOptional<z.ZodArray<z.ZodString>>;
390
392
  'multi-ecosystem-group': z.ZodOptional<z.ZodString>;
391
393
  }, z.core.$strip>, z.ZodTransform<{
392
- 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
394
+ 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pre-commit" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
393
395
  schedule: {
394
396
  interval: "daily" | "weekly" | "monthly" | "quarterly" | "semiannually" | "yearly" | "cron";
395
397
  day: "sunday" | "monday" | "tuesday" | "wednesday" | "thursday" | "friday" | "saturday";
@@ -402,7 +404,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
402
404
  'exclude-paths'?: string[] | undefined;
403
405
  allow?: {
404
406
  'dependency-name'?: string | undefined;
405
- 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
407
+ 'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
406
408
  'update-type'?: "all" | "security" | undefined;
407
409
  }[] | undefined;
408
410
  assignees?: string[] | undefined;
@@ -447,7 +449,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
447
449
  patterns?: string[] | undefined;
448
450
  'multi-ecosystem-group'?: string | undefined;
449
451
  }, {
450
- 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
452
+ 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pre-commit" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
451
453
  schedule: {
452
454
  interval: "daily" | "weekly" | "monthly" | "quarterly" | "semiannually" | "yearly" | "cron";
453
455
  day: "sunday" | "monday" | "tuesday" | "wednesday" | "thursday" | "friday" | "saturday";
@@ -460,7 +462,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
460
462
  'exclude-paths'?: string[] | undefined;
461
463
  allow?: {
462
464
  'dependency-name'?: string | undefined;
463
- 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
465
+ 'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
464
466
  'update-type'?: "all" | "security" | undefined;
465
467
  }[] | undefined;
466
468
  assignees?: string[] | undefined;
@@ -644,6 +646,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
644
646
  npm: "npm";
645
647
  "pip-compile": "pip-compile";
646
648
  pipenv: "pipenv";
649
+ "pre-commit": "pre-commit";
647
650
  pnpm: "pnpm";
648
651
  poetry: "poetry";
649
652
  "rust-toolchain": "rust-toolchain";
@@ -656,10 +659,10 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
656
659
  'dependency-name': z.ZodOptional<z.ZodString>;
657
660
  'dependency-type': z.ZodOptional<z.ZodEnum<{
658
661
  production: "production";
662
+ all: "all";
659
663
  development: "development";
660
664
  direct: "direct";
661
665
  indirect: "indirect";
662
- all: "all";
663
666
  }>>;
664
667
  'update-type': z.ZodOptional<z.ZodEnum<{
665
668
  all: "all";
@@ -766,7 +769,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
766
769
  patterns: z.ZodOptional<z.ZodArray<z.ZodString>>;
767
770
  'multi-ecosystem-group': z.ZodOptional<z.ZodString>;
768
771
  }, z.core.$strip>, z.ZodTransform<{
769
- 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
772
+ 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pre-commit" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
770
773
  schedule: {
771
774
  interval: "daily" | "weekly" | "monthly" | "quarterly" | "semiannually" | "yearly" | "cron";
772
775
  day: "sunday" | "monday" | "tuesday" | "wednesday" | "thursday" | "friday" | "saturday";
@@ -779,7 +782,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
779
782
  'exclude-paths'?: string[] | undefined;
780
783
  allow?: {
781
784
  'dependency-name'?: string | undefined;
782
- 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
785
+ 'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
783
786
  'update-type'?: "all" | "security" | undefined;
784
787
  }[] | undefined;
785
788
  assignees?: string[] | undefined;
@@ -824,7 +827,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
824
827
  patterns?: string[] | undefined;
825
828
  'multi-ecosystem-group'?: string | undefined;
826
829
  }, {
827
- 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
830
+ 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pre-commit" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
828
831
  schedule: {
829
832
  interval: "daily" | "weekly" | "monthly" | "quarterly" | "semiannually" | "yearly" | "cron";
830
833
  day: "sunday" | "monday" | "tuesday" | "wednesday" | "thursday" | "friday" | "saturday";
@@ -837,7 +840,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
837
840
  'exclude-paths'?: string[] | undefined;
838
841
  allow?: {
839
842
  'dependency-name'?: string | undefined;
840
- 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
843
+ 'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
841
844
  'update-type'?: "all" | "security" | undefined;
842
845
  }[] | undefined;
843
846
  assignees?: string[] | undefined;
@@ -954,7 +957,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
954
957
  }, z.core.$strip>, z.ZodTransform<{
955
958
  version: 2;
956
959
  updates: {
957
- 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
960
+ 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pre-commit" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
958
961
  schedule: {
959
962
  interval: "daily" | "weekly" | "monthly" | "quarterly" | "semiannually" | "yearly" | "cron";
960
963
  day: "sunday" | "monday" | "tuesday" | "wednesday" | "thursday" | "friday" | "saturday";
@@ -967,7 +970,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
967
970
  'exclude-paths'?: string[] | undefined;
968
971
  allow?: {
969
972
  'dependency-name'?: string | undefined;
970
- 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
973
+ 'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
971
974
  'update-type'?: "all" | "security" | undefined;
972
975
  }[] | undefined;
973
976
  assignees?: string[] | undefined;
@@ -1055,7 +1058,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
1055
1058
  }, {
1056
1059
  version: 2;
1057
1060
  updates: {
1058
- 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
1061
+ 'package-ecosystem': "bundler" | "cargo" | "composer" | "conda" | "pub" | "docker" | "elm" | "gradle" | "maven" | "nuget" | "pip" | "swift" | "terraform" | "devcontainers" | "bun" | "uv" | "vcpkg" | "helm" | "julia" | "bazel" | "opentofu" | "docker-compose" | "dotnet-sdk" | "mix" | "gitsubmodule" | "github-actions" | "gomod" | "npm" | "pip-compile" | "pipenv" | "pre-commit" | "pnpm" | "poetry" | "rust-toolchain" | "yarn";
1059
1062
  schedule: {
1060
1063
  interval: "daily" | "weekly" | "monthly" | "quarterly" | "semiannually" | "yearly" | "cron";
1061
1064
  day: "sunday" | "monday" | "tuesday" | "wednesday" | "thursday" | "friday" | "saturday";
@@ -1068,7 +1071,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
1068
1071
  'exclude-paths'?: string[] | undefined;
1069
1072
  allow?: {
1070
1073
  'dependency-name'?: string | undefined;
1071
- 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
1074
+ 'dependency-type'?: "production" | "all" | "development" | "direct" | "indirect" | undefined;
1072
1075
  'update-type'?: "all" | "security" | undefined;
1073
1076
  }[] | undefined;
1074
1077
  assignees?: string[] | undefined;
@@ -1360,6 +1363,7 @@ declare const DependabotPackageManagerSchema: z.ZodEnum<{
1360
1363
  julia: "julia";
1361
1364
  bazel: "bazel";
1362
1365
  opentofu: "opentofu";
1366
+ pre_commit: "pre_commit";
1363
1367
  }>;
1364
1368
  type DependabotPackageManager = z.infer<typeof DependabotPackageManagerSchema>;
1365
1369
  declare const DEPENDABOT_COMMANDS: readonly ["update", "version", "recreate", "graph"];
@@ -1408,6 +1412,7 @@ declare const DependabotJobConfigSchema: z.ZodObject<{
1408
1412
  julia: "julia";
1409
1413
  bazel: "bazel";
1410
1414
  opentofu: "opentofu";
1415
+ pre_commit: "pre_commit";
1411
1416
  }>;
1412
1417
  'allowed-updates': z.ZodArray<z.ZodObject<{
1413
1418
  'dependency-name': z.ZodOptional<z.ZodNullable<z.ZodString>>;
@@ -1545,6 +1550,7 @@ declare const DependabotJobFileSchema: z.ZodObject<{
1545
1550
  julia: "julia";
1546
1551
  bazel: "bazel";
1547
1552
  opentofu: "opentofu";
1553
+ pre_commit: "pre_commit";
1548
1554
  }>;
1549
1555
  'allowed-updates': z.ZodArray<z.ZodObject<{
1550
1556
  'dependency-name': z.ZodOptional<z.ZodNullable<z.ZodString>>;
@@ -1900,9 +1906,9 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
1900
1906
  directory: z.ZodString;
1901
1907
  name: z.ZodString;
1902
1908
  operation: z.ZodEnum<{
1909
+ delete: "delete";
1903
1910
  update: "update";
1904
1911
  create: "create";
1905
- delete: "delete";
1906
1912
  }>;
1907
1913
  support_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
1908
1914
  vendored_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
@@ -1937,9 +1943,9 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
1937
1943
  directory: z.ZodString;
1938
1944
  name: z.ZodString;
1939
1945
  operation: z.ZodEnum<{
1946
+ delete: "delete";
1940
1947
  update: "update";
1941
1948
  create: "create";
1942
- delete: "delete";
1943
1949
  }>;
1944
1950
  support_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
1945
1951
  vendored_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
@@ -2077,6 +2083,7 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
2077
2083
  julia: "julia";
2078
2084
  bazel: "bazel";
2079
2085
  opentofu: "opentofu";
2086
+ pre_commit: "pre_commit";
2080
2087
  }>;
2081
2088
  }, z.core.$strip>>>;
2082
2089
  resolved: z.ZodOptional<z.ZodNullable<z.ZodObject<{
@@ -2182,6 +2189,7 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
2182
2189
  julia: "julia";
2183
2190
  bazel: "bazel";
2184
2191
  opentofu: "opentofu";
2192
+ pre_commit: "pre_commit";
2185
2193
  }>;
2186
2194
  config: z.ZodObject<{
2187
2195
  default_days: z.ZodNumber;
@@ -2298,9 +2306,9 @@ declare const DependabotDependencyFileSchema: z.ZodObject<{
2298
2306
  directory: z.ZodString;
2299
2307
  name: z.ZodString;
2300
2308
  operation: z.ZodEnum<{
2309
+ delete: "delete";
2301
2310
  update: "update";
2302
2311
  create: "create";
2303
- delete: "delete";
2304
2312
  }>;
2305
2313
  support_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
2306
2314
  vendored_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
@@ -2393,6 +2401,7 @@ declare const DependabotDependencySubmissionSchema: z.ZodObject<{
2393
2401
  julia: "julia";
2394
2402
  bazel: "bazel";
2395
2403
  opentofu: "opentofu";
2404
+ pre_commit: "pre_commit";
2396
2405
  }>;
2397
2406
  }, z.core.$strip>>>;
2398
2407
  resolved: z.ZodOptional<z.ZodNullable<z.ZodObject<{
@@ -2473,9 +2482,9 @@ declare const DependabotCreatePullRequestSchema: z.ZodObject<{
2473
2482
  directory: z.ZodString;
2474
2483
  name: z.ZodString;
2475
2484
  operation: z.ZodEnum<{
2485
+ delete: "delete";
2476
2486
  update: "update";
2477
2487
  create: "create";
2478
- delete: "delete";
2479
2488
  }>;
2480
2489
  support_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
2481
2490
  vendored_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
@@ -2509,9 +2518,9 @@ declare const DependabotUpdatePullRequestSchema: z.ZodObject<{
2509
2518
  directory: z.ZodString;
2510
2519
  name: z.ZodString;
2511
2520
  operation: z.ZodEnum<{
2521
+ delete: "delete";
2512
2522
  update: "update";
2513
2523
  create: "create";
2514
- delete: "delete";
2515
2524
  }>;
2516
2525
  support_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
2517
2526
  vendored_file: z.ZodOptional<z.ZodNullable<z.ZodBoolean>>;
@@ -2667,6 +2676,7 @@ declare const DependabotRecordCooldownMetaSchema: z.ZodObject<{
2667
2676
  julia: "julia";
2668
2677
  bazel: "bazel";
2669
2678
  opentofu: "opentofu";
2679
+ pre_commit: "pre_commit";
2670
2680
  }>;
2671
2681
  config: z.ZodObject<{
2672
2682
  default_days: z.ZodNumber;
@@ -2785,4 +2795,4 @@ declare function getPullRequestDescription({
2785
2795
  declare function shouldSupersede(oldPr: DependabotPersistedPr, newPr: DependabotPersistedPr): boolean;
2786
2796
  //#endregion
2787
2797
  export { createApiServerApp as $, DependabotProxyConfig as $t, DependabotMetricSchema as A, DependabotMultiEcosystemGroup as An, DependabotCredentialSchema as At, DependabotRecordUpdateJobUnknownErrorSchema as B, PackageEcosystemSchema as Bn, DependabotExperimentsSchema as Bt, DependabotIncrementMetric as C, DependabotConfigSchema as Cn, DependabotCommand as Ct, DependabotMarkAsProcessed as D, DependabotGroupSchema as Dn, DependabotCondition as Dt, DependabotJobErrorSchema as E, DependabotGroup as En, DependabotCommitOptionsSchema as Et, DependabotRecordEcosystemVersions as F, DependabotSchedule as Fn, DependabotExistingPr as Ft, DependabotUpdatePullRequest as G, parseUpdates as Gn, DependabotJobConfig as Gt, DependabotRecordUpdateJobWarningSchema as H, VersioningStrategySchema as Hn, DependabotGroupJobSchema as Ht, DependabotRecordEcosystemVersionsSchema as I, DependabotScheduleSchema as In, DependabotExistingPrDependency as It, DependabotRequest as J, convertPlaceholder as Jn, DependabotJobFileSchema as Jt, DependabotUpdatePullRequestSchema as K, validateConfiguration as Kn, DependabotJobConfigSchema as Kt, DependabotRecordUpdateJobError as L, DependabotUpdate as Ln, DependabotExistingPrDependencySchema as Lt, DependabotRecordCooldownMetaSchema as M, DependabotPullRequestBranchName as Mn, DependabotDependencySchema as Mt, DependabotRecordEcosystemMeta as N, DependabotRegistry as Nn, DependabotExistingGroupPr as Nt, DependabotMarkAsProcessedSchema as O, DependabotIgnoreCondition as On, DependabotConditionSchema as Ot, DependabotRecordEcosystemMetaSchema as P, DependabotRegistrySchema as Pn, DependabotExistingGroupPrSchema as Pt, DependabotTokenType as Q, GitAuthor as Qn, DependabotPersistedPrSchema as Qt, DependabotRecordUpdateJobErrorSchema as R, DependabotUpdateSchema as Rn, DependabotExistingPrSchema as Rt, DependabotEcosystemVersionManagerSchema as S, DependabotConfig as Sn, DependabotAllowedSchema as St, DependabotJobError as T, DependabotCooldownSchema as Tn, DependabotCommitOptions as Tt, DependabotUpdateDependencyList as U, parseDependabotConfig as Un, DependabotGroupRuleJob as Ut, DependabotRecordUpdateJobWarning as V, VersioningStrategy as Vn, DependabotGroupJob as Vt, DependabotUpdateDependencyListSchema as W, parseRegistries as Wn, DependabotGroupRuleJobSchema as Wt, DependabotRequestType as X, DEPENDABOT_DEFAULT_AUTHOR_EMAIL as Xn, DependabotPackageManagerSchema as Xt, DependabotRequestSchema as Y, extractPlaceholder as Yn, DependabotPackageManager as Yt, DependabotRequestTypeSchema as Z, DEPENDABOT_DEFAULT_AUTHOR_NAME as Zn, DependabotPersistedPr as Zt, DependabotDependencySubmission as _, CONFIG_FILE_PATHS_GITHUB as _n, sanitizeRef as _t, getPullRequestDescription as a, DependabotSecurityAdvisory as an, mapExperiments as at, DependabotEcosystemMetaSchema as b, DependabotCommitMessage as bn, DEPENDABOT_COMMANDS as bt, shouldSupersede as c, DependabotSourceProvider as cn, mapPackageEcosystemToPackageManager as ct, DependabotClosePullRequestReasonEnum as d, FetchedFiles as dn, mapVersionStrategyToRequirementsUpdateStrategy as dt, DependabotProxyConfigSchema as en, DependabotJobBuilder as et, DependabotClosePullRequestSchema as f, FileFetcherInput as fn, DEFAULT_EXPERIMENTS as ft, DependabotDependencyFileSchema as g, CONFIG_FILE_PATHS_AZURE as gn, getBranchNameForUpdate as gt, DependabotDependencyFile as h, CONFIG_FILE_NAMES as hn, makeDirectoryKey as ht, getPullRequestCloseReason as i, DependabotRequirementSourceSchema as in, mapCredentials as it, DependabotRecordCooldownMeta as j, DependabotMultiEcosystemGroupSchema as jn, DependabotDependency as jt, DependabotMetric as k, DependabotIgnoreConditionSchema as kn, DependabotCredential as kt, DependabotClosePullRequest as l, DependabotSourceProviderSchema as ln, mapSecurityAdvisories as lt, DependabotCreatePullRequestSchema as m, BETA_ECOSYSTEMS as mn, setExperiment as mt, getDependencyNames as n, DependabotRequirementSchema as nn, DependabotSourceInfo as nt, normalizeBranchName as o, DependabotSecurityAdvisorySchema as on, mapGroupsFromDependabotConfigToJobConfig as ot, DependabotCreatePullRequest as p, FileUpdaterInput as pn, parseExperiments as pt, CreateApiServerAppOptions as q, VariableFinderFn as qn, DependabotJobFile as qt, getPersistedPr as r, DependabotRequirementSource as rn, mapAllowedUpdatesFromDependabotConfigToJobConfig as rt, normalizeFilePath as s, DependabotSource as sn, mapIgnoreConditionsFromDependabotConfigToJobConfig as st, areEqual as t, DependabotRequirement as tn, DependabotJobBuilderOutput as tt, DependabotClosePullRequestReason as u, DependabotSourceSchema as un, mapSourceFromDependabotConfigToJobConfig as ut, DependabotDependencySubmissionSchema as v, DependabotAllowCondition as vn, CertificateAuthority as vt, DependabotIncrementMetricSchema as w, DependabotCooldown as wn, DependabotCommandSchema as wt, DependabotEcosystemVersionManager as x, DependabotCommitMessageSchema as xn, DependabotAllowed as xt, DependabotEcosystemMeta as y, DependabotAllowConditionSchema as yn, CertificateAuthoritySchema as yt, DependabotRecordUpdateJobUnknownError as z, PackageEcosystem as zn, DependabotExperiments as zt };
2788
- //# sourceMappingURL=index-CviS_2Dy.d.mts.map
2798
+ //# sourceMappingURL=utils-BzO7b5Ke.d.mts.map
package/dist/{dependabot-Epqz07Sy.mjs → utils-CAR7z1qU.mjs} RENAMED
@@ -1,5 +1,5 @@
1
- import { n as logger } from "./logger-BV4N2wBl.mjs";
2
- import { _ as DependabotPackageManagerSchema, c as DependabotDependencySchema } from "./job-CNRfJDsF.mjs";
1
+ import { logger } from "./logger.mjs";
2
+ import { _ as DependabotPackageManagerSchema, c as DependabotDependencySchema } from "./job-Bb9WiMwE.mjs";
3
3
  import { z } from "zod";
4
4
  import * as crypto from "node:crypto";
5
5
  import { zValidator } from "@hono/zod-validator";
@@ -39,21 +39,13 @@ const DEFAULT_EXPERIMENTS = {
39
39
  "enable-corepack-for-npm-and-yarn": true,
40
40
  "enable-private-registry-for-corepack": true,
41
41
  "enable-shared-helpers-command-timeout": true,
42
- "enable-dependabot-setting-up-cronjob": true,
43
- "enable-engine-version-detection": true,
44
42
  "avoid-duplicate-updates-package-json": true,
45
43
  "allow-refresh-for-existing-pr-dependencies": true,
46
44
  "allow-refresh-group-with-all-dependencies": true,
47
45
  "enable-enhanced-error-details-for-updater": true,
48
46
  "gradle-lockfile-updater": true,
49
- "gradle-wrapper-updater": true,
50
47
  "enable-exclude-paths-subdirectory-manifest-files": true,
51
- "group-membership-enforcement": true,
52
- "deprecate-close-command": true,
53
- "deprecate-reopen-command": true,
54
- "deprecate-merge-command": true,
55
- "deprecate-cancel-merge-command": true,
56
- "deprecate-squash-merge-command": true
48
+ "group-membership-enforcement": true
57
49
  };
58
50
  /**
59
51
  * Parses a comma-separated list of key=value pairs representing experiments.
@@ -221,6 +213,7 @@ function mapPackageEcosystemToPackageManager(ecosystem) {
221
213
  case "gomod": return "go_modules";
222
214
  case "mix": return "hex";
223
215
  case "npm": return "npm_and_yarn";
216
+ case "pre-commit": return "pre_commit";
224
217
  case "pipenv": return "pip";
225
218
  case "pip-compile": return "pip";
226
219
  case "poetry": return "pip";
@@ -781,4 +774,4 @@ function shouldSupersede(oldPr, newPr) {
781
774
 
782
775
  //#endregion
783
776
  export { DependabotUpdatePullRequestSchema as A, mapVersionStrategyToRequirementsUpdateStrategy as B, DependabotRecordCooldownMetaSchema as C, DependabotRecordUpdateJobUnknownErrorSchema as D, DependabotRecordUpdateJobErrorSchema as E, mapGroupsFromDependabotConfigToJobConfig as F, sanitizeRef as G, parseExperiments as H, mapIgnoreConditionsFromDependabotConfigToJobConfig as I, DEPENDABOT_DEFAULT_AUTHOR_EMAIL as K, mapPackageEcosystemToPackageManager as L, mapAllowedUpdatesFromDependabotConfigToJobConfig as M, mapCredentials as N, DependabotRecordUpdateJobWarningSchema as O, mapExperiments as P, mapSecurityAdvisories as R, DependabotMetricSchema as S, DependabotRecordEcosystemVersionsSchema as T, setExperiment as U, DEFAULT_EXPERIMENTS as V, getBranchNameForUpdate as W, DependabotEcosystemMetaSchema as _, getPullRequestDescription as a, DependabotJobErrorSchema as b, shouldSupersede as c, createApiServerApp as d, DependabotClosePullRequestReasonEnum as f, DependabotDependencySubmissionSchema as g, DependabotDependencyFileSchema as h, getPullRequestCloseReason as i, DependabotJobBuilder as j, DependabotUpdateDependencyListSchema as k, DependabotRequestSchema as l, DependabotCreatePullRequestSchema as m, getDependencyNames as n, normalizeBranchName as o, DependabotClosePullRequestSchema as p, DEPENDABOT_DEFAULT_AUTHOR_NAME as q, getPersistedPr as r, normalizeFilePath as s, areEqual as t, DependabotRequestTypeSchema as u, DependabotEcosystemVersionManagerSchema as v, DependabotRecordEcosystemMetaSchema as w, DependabotMarkAsProcessedSchema as x, DependabotIncrementMetricSchema as y, mapSourceFromDependabotConfigToJobConfig as z };
784
- //# sourceMappingURL=dependabot-Epqz07Sy.mjs.map
777
+ //# sourceMappingURL=utils-CAR7z1qU.mjs.map
package/dist/utils-CAR7z1qU.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"utils-CAR7z1qU.mjs","names":[],"sources":["../src/dependabot/author.ts","../src/dependabot/branch-name.ts","../src/dependabot/experiments.ts","../src/dependabot/job-builder.ts","../src/dependabot/update.ts","../src/dependabot/server.ts","../src/dependabot/utils.ts"],"sourcesContent":["export type GitAuthor = {\n name: string;\n email: string;\n};\n\nexport const DEPENDABOT_DEFAULT_AUTHOR_EMAIL = 'noreply@github.com';\nexport const DEPENDABOT_DEFAULT_AUTHOR_NAME = 'dependabot[bot]';\n","import * as crypto from 'node:crypto';\nimport type { PackageEcosystem } from './config';\nimport type { DependabotExistingPrDependency } from './job';\n\n// TODO: figure out how to handle IDENTIFIER field (in a group) in branch naming\n// Docs: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups--\n// -> An identifier for a group is used in branch names and pull request titles.\n\nexport function getBranchNameForUpdate({\n packageEcosystem,\n targetBranchName,\n directory,\n dependencyGroupName,\n dependencies,\n separator = '/',\n}: {\n packageEcosystem: PackageEcosystem;\n targetBranchName?: string;\n directory?: string;\n dependencyGroupName?: string | null;\n dependencies: DependabotExistingPrDependency[];\n separator?: string;\n}): string {\n // Based on dependabot-core implementation:\n // https://github.com/dependabot/dependabot-core/blob/main/common/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb\n // https://github.com/dependabot/dependabot-core/blob/main/common/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb\n let branchName: string;\n const branchNameMightBeTooLong = dependencyGroupName || dependencies.length > 1;\n if (branchNameMightBeTooLong) {\n // Group/multi dependency update\n // e.g. dependabot/nuget/main/microsoft-3b49c54d9e\n const dependencyDigest = crypto\n .createHash('md5')\n .update(dependencies.map((d) => `${d['dependency-name']}-${d['dependency-version']}`).join(','))\n .digest('hex')\n .substring(0, 10);\n branchName = `${dependencyGroupName || 'multi'}-${dependencyDigest}`;\n } else {\n // Single dependency update\n // e.g. dependabot/nuget/main/Microsoft.Extensions.Logging-1.0.0\n const dependencyNames = dependencies\n .map((d) => d['dependency-name'])\n .join('-and-')\n .replace(/[:[]]/g, '-') // Replace `:` and `[]` with `-`\n .replace(/@/g, ''); // Remove `@`\n const versionSuffix = dependencies[0]?.removed ? 'removed' : dependencies[0]?.['dependency-version'];\n branchName = `${dependencyNames}-${versionSuffix}`;\n }\n\n return sanitizeRef(\n [\n 'dependabot',\n packageEcosystem,\n targetBranchName,\n // normalize directory to remove leading/trailing slashes and replace remaining ones with the separator\n directory\n ? directory\n .split('/')\n .filter((part) => part.length > 0)\n .join(separator)\n : undefined,\n branchName,\n ],\n separator,\n );\n}\n\nexport function sanitizeRef(refParts: (string | undefined)[], separator: string): string {\n // Based on dependabot-core implementation:\n // https://github.com/dependabot/dependabot-core/blob/fc31ae64f492dc977cfe6773ab13fb6373aabec4/common/lib/dependabot/pull_request_creator/branch_namer/base.rb#L99\n\n // This isn't a complete implementation of git's ref validation, but it\n // covers most cases that crop up. Its list of allowed characters is a\n // bit stricter than git's, but that's for cosmetic reasons.\n return (\n refParts\n // Join the parts with the separator, ignore empty parts\n .filter((p) => p && p.trim().length > 0)\n .join(separator)\n // Remove forbidden characters (those not already replaced elsewhere)\n .replace(/[^A-Za-z0-9/\\-_.(){}]/g, '')\n // Slashes can't be followed by periods\n .replace(/\\/\\./g, '/dot-')\n // Squeeze out consecutive periods and slashes\n .replace(/\\.+/g, '.')\n .replace(/\\/+/g, '/')\n // Trailing periods are forbidden\n .replace(/\\.$/, '')\n );\n}\n","import type { DependabotExperiments } from './job';\n\n// The default experiments known to be used by the GitHub Dependabot service.\n// This changes often, update as needed by extracting them from a Dependabot GitHub Action run.\n// e.g. https://github.com/mburumaxwell/paklo/actions/workflows/dependabot/dependabot-updates\nexport const DEFAULT_EXPERIMENTS: DependabotExperiments = {\n 'record-ecosystem-versions': true,\n 'record-update-job-unknown-error': true,\n 'proxy-cached': true,\n 'enable-record-ecosystem-meta': true,\n 'enable-corepack-for-npm-and-yarn': true,\n 'enable-private-registry-for-corepack': true,\n 'enable-shared-helpers-command-timeout': true,\n 'avoid-duplicate-updates-package-json': true,\n 'allow-refresh-for-existing-pr-dependencies': true,\n 'allow-refresh-group-with-all-dependencies': true,\n 'enable-enhanced-error-details-for-updater': true,\n 'gradle-lockfile-updater': true,\n 'enable-exclude-paths-subdirectory-manifest-files': true,\n 'group-membership-enforcement': true,\n};\n\n/**\n * Parses a comma-separated list of key=value pairs representing experiments.\n * @param raw A comma-separated list of key=value pairs representing experiments.\n * @returns A map of experiment names to their values.\n */\nexport function parseExperiments(raw?: string): DependabotExperiments | undefined {\n return raw\n ?.split(',')\n .filter((entry) => entry.trim() !== '') // <-- filter out empty entries\n .reduce((acc, cur) => {\n const [key, value] = cur.split('=', 2);\n acc[key!] = value || true;\n return acc;\n }, {} as DependabotExperiments);\n}\n\n/**\n * Set experiment in the given experiments map.\n * If the experiments map is undefined, a new map will be created.\n * @param experiments The experiments map to set the experiment in.\n * @param name The name of the experiment to set.\n * @param value The value of the experiment to set. Defaults to true.\n * @returns The updated experiments map.\n */\nexport function setExperiment(\n experiments: DependabotExperiments | undefined,\n name: string,\n value: boolean | string = true,\n): DependabotExperiments {\n return {\n ...(experiments || {}),\n // always add the experiment, even if the value is false or an empty string\n // this allows explicit disabling of experiments\n [name]: value,\n };\n}\n","import type { SecurityVulnerability } from '@/github';\nimport type {\n DependabotAllowCondition,\n DependabotConfig,\n DependabotGroup,\n DependabotIgnoreCondition,\n DependabotRegistry,\n DependabotUpdate,\n PackageEcosystem,\n VersioningStrategy,\n} from './config';\nimport { setExperiment } from './experiments';\nimport type {\n DependabotAllowed,\n DependabotCommand,\n DependabotCondition,\n DependabotCredential,\n DependabotExistingGroupPr,\n DependabotExistingPr,\n DependabotExperiments,\n DependabotGroupJob,\n DependabotJobConfig,\n DependabotPackageManager,\n DependabotSecurityAdvisory,\n DependabotSource,\n DependabotSourceProvider,\n} from './job';\n\nexport type DependabotSourceInfo = {\n provider: DependabotSourceProvider;\n hostname: string;\n 'api-endpoint': string;\n 'repository-slug': string;\n};\n\nexport type DependabotJobBuilderOutput = {\n job: DependabotJobConfig;\n credentials: DependabotCredential[];\n};\n\n/**\n * Class for building dependabot job objects\n */\nexport class DependabotJobBuilder {\n private readonly config: DependabotConfig;\n private readonly update: DependabotUpdate;\n private readonly experiments: DependabotExperiments;\n private readonly debug: boolean;\n\n private readonly packageManager: DependabotPackageManager;\n private readonly source: DependabotSource;\n private readonly credentials: DependabotCredential[];\n\n constructor({\n source,\n config,\n update,\n systemAccessUser,\n systemAccessToken,\n githubToken,\n experiments,\n debug,\n }: {\n source: DependabotSourceInfo;\n config: DependabotConfig;\n update: DependabotUpdate;\n experiments: DependabotExperiments;\n systemAccessUser?: string;\n systemAccessToken?: string;\n githubToken?: string;\n /** Determines if verbose log messages are logged */\n debug: boolean;\n }) {\n this.config = config;\n this.update = update;\n this.debug = debug;\n\n this.experiments = setExperiment(experiments, 'enable_beta_ecosystems', config['enable-beta-ecosystems']);\n\n this.packageManager = mapPackageEcosystemToPackageManager(update['package-ecosystem']);\n this.source = mapSourceFromDependabotConfigToJobConfig(source, update);\n this.credentials = mapCredentials({\n sourceHostname: source.hostname,\n systemAccessUser,\n systemAccessToken,\n githubToken,\n registries: config.registries,\n });\n }\n\n /**\n * Create a dependabot update job that updates nothing, but will discover the dependency list for a package ecosystem\n */\n public forDependenciesList({ id }: { id: string }): DependabotJobBuilderOutput {\n return {\n job: {\n id: id,\n command: 'update',\n 'package-manager': this.packageManager,\n 'updating-a-pull-request': false,\n dependencies: null,\n 'allowed-updates': [{ 'dependency-type': 'direct', 'update-type': 'all' }],\n 'ignore-conditions': [{ 'dependency-name': '*' }],\n 'security-updates-only': false,\n 'security-advisories': [],\n source: this.source,\n 'update-subdependencies': false,\n 'existing-pull-requests': [],\n 'existing-group-pull-requests': [],\n experiments: mapExperiments(this.experiments),\n 'requirements-update-strategy': null,\n 'lockfile-only': false,\n 'commit-message-options': {\n prefix: null,\n 'prefix-development': null,\n 'include-scope': null,\n },\n 'vendor-dependencies': false,\n 'repo-private': true,\n debug: this.debug,\n },\n credentials: this.credentials,\n };\n }\n\n /**\n * Create a dependabot update job that updates all dependencies for a package ecosystem\n */\n public forUpdate({\n id,\n command,\n dependencyNamesToUpdate,\n existingPullRequests,\n pullRequestToUpdate,\n securityVulnerabilities,\n }: {\n id: string;\n command: DependabotCommand;\n dependencyNamesToUpdate?: string[];\n existingPullRequests: (DependabotExistingPr | DependabotExistingGroupPr)[];\n pullRequestToUpdate?: DependabotExistingPr | DependabotExistingGroupPr;\n securityVulnerabilities?: SecurityVulnerability[];\n }): DependabotJobBuilderOutput {\n const securityOnlyUpdate = this.update['open-pull-requests-limit'] === 0;\n\n let updatingPullRequest: boolean;\n let updateDependencyGroupName: string | null = null;\n let updateDependencyNames: string[] | null;\n let vulnerabilities: SecurityVulnerability[] | undefined;\n\n if (pullRequestToUpdate) {\n updatingPullRequest = true;\n updateDependencyGroupName =\n 'dependency-group-name' in pullRequestToUpdate ? pullRequestToUpdate['dependency-group-name'] : null;\n updateDependencyNames = pullRequestToUpdate.dependencies.map((d) => d['dependency-name']);\n vulnerabilities = securityVulnerabilities?.filter((v) => updateDependencyNames?.includes(v.package.name));\n } else {\n updatingPullRequest = false;\n const names = dependencyNamesToUpdate?.length ? dependencyNamesToUpdate : null;\n updateDependencyNames =\n securityOnlyUpdate && names\n ? names?.filter((d) => securityVulnerabilities?.find((v) => v.package.name === d))\n : names;\n vulnerabilities = securityVulnerabilities;\n }\n\n // for graph commands the directories must have a value\n const source = { ...this.source }; // clone\n if (command === 'graph' && !source.directories) {\n source.directories = [this.update.directory!];\n source.directory = undefined;\n }\n\n return {\n job: {\n id: id,\n command: command,\n 'package-manager': this.packageManager,\n 'updating-a-pull-request': updatingPullRequest || false,\n 'dependency-group-to-refresh': updateDependencyGroupName,\n 'dependency-groups': mapGroupsFromDependabotConfigToJobConfig(this.update.groups),\n dependencies: updateDependencyNames,\n 'allowed-updates': mapAllowedUpdatesFromDependabotConfigToJobConfig(this.update.allow, securityOnlyUpdate),\n 'ignore-conditions': mapIgnoreConditionsFromDependabotConfigToJobConfig(this.update.ignore),\n 'security-updates-only': securityOnlyUpdate,\n 'security-advisories': mapSecurityAdvisories(vulnerabilities),\n source,\n 'update-subdependencies': false,\n 'existing-pull-requests': existingPullRequests.filter((pr) => !('dependency-group-name' in pr)),\n 'existing-group-pull-requests': existingPullRequests.filter((pr) => 'dependency-group-name' in pr),\n 'commit-message-options': {\n prefix: this.update['commit-message']?.prefix ?? null,\n 'prefix-development': this.update['commit-message']?.['prefix-development'] ?? null,\n 'include-scope':\n this.update['commit-message']?.include?.toLocaleLowerCase()?.trim() === 'scope' ? true : null,\n },\n cooldown: this.update.cooldown,\n experiments: mapExperiments(this.experiments),\n 'reject-external-code':\n this.update['insecure-external-code-execution']?.toLocaleLowerCase()?.trim() === 'allow',\n 'requirements-update-strategy': mapVersionStrategyToRequirementsUpdateStrategy(\n this.update['versioning-strategy'],\n ),\n 'lockfile-only': this.update['versioning-strategy'] === 'lockfile-only',\n 'vendor-dependencies': this.update.vendor ?? false,\n 'repo-private': true,\n debug: this.debug,\n 'proxy-log-response-body-on-auth-failure': true,\n 'max-updater-run-time': 2700,\n 'enable-beta-ecosystems': this.config['enable-beta-ecosystems'] || false,\n // Updates across ecosystems is still in development\n // See https://github.com/dependabot/dependabot-core/issues/8126\n // https://github.com/dependabot/dependabot-core/pull/12339\n // It needs to merged in the core repo first before we support it\n // However, to match current job configs and to prevent surprises, we disable it\n 'multi-ecosystem-update': false,\n 'exclude-paths': this.update['exclude-paths'],\n },\n credentials: this.credentials,\n };\n }\n}\n\nexport function mapPackageEcosystemToPackageManager(ecosystem: PackageEcosystem): DependabotPackageManager {\n // Map the dependabot config \"package ecosystem\" to the equivalent dependabot-core/cli \"package manager\".\n // Config values: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem-\n // Core/CLI values: https://github.com/dependabot/dependabot-core/blob/main/common/lib/dependabot/config/file.rb#L60-L81\n switch (ecosystem) {\n case 'docker-compose':\n return 'docker_compose';\n case 'dotnet-sdk':\n return 'dotnet_sdk';\n case 'github-actions':\n return 'github_actions';\n case 'gitsubmodule':\n return 'submodules';\n case 'gomod':\n return 'go_modules';\n case 'mix':\n return 'hex';\n case 'npm':\n return 'npm_and_yarn';\n case 'pre-commit':\n return 'pre_commit';\n // Additional aliases, sometimes used for convenience\n case 'pipenv':\n return 'pip';\n case 'pip-compile':\n return 'pip';\n case 'poetry':\n return 'pip';\n case 'pnpm':\n return 'npm_and_yarn';\n case 'rust-toolchain':\n return 'rust_toolchain';\n case 'yarn':\n return 'npm_and_yarn';\n default:\n return ecosystem;\n }\n}\n\nexport function mapSourceFromDependabotConfigToJobConfig(\n source: DependabotSourceInfo,\n update: DependabotUpdate,\n): DependabotSource {\n return {\n provider: source.provider,\n 'api-endpoint': source['api-endpoint'],\n hostname: source.hostname,\n repo: source['repository-slug'],\n branch: update['target-branch'],\n commit: null, // use latest commit of target branch\n directory: update.directory,\n directories: update.directories,\n };\n}\n\nexport function mapVersionStrategyToRequirementsUpdateStrategy(strategy?: VersioningStrategy): string | null {\n if (!strategy) return null;\n switch (strategy) {\n case 'auto':\n return null;\n case 'increase':\n return 'bump_versions';\n case 'increase-if-necessary':\n return 'bump_versions_if_necessary';\n case 'lockfile-only':\n return 'lockfile_only';\n case 'widen':\n return 'widen_ranges';\n default:\n throw new Error(`Invalid dependabot.yaml versioning strategy option '${strategy}'`);\n }\n}\n\nexport function mapGroupsFromDependabotConfigToJobConfig(\n dependencyGroups?: Record<string, DependabotGroup | null>,\n): DependabotGroupJob[] {\n if (!dependencyGroups || !Object.keys(dependencyGroups).length) return [];\n return Object.keys(dependencyGroups)\n .filter((name) => dependencyGroups[name])\n .map((name) => {\n const group = dependencyGroups[name]!;\n return {\n name: name,\n 'applies-to': group['applies-to'],\n rules: {\n patterns: group.patterns?.length ? group.patterns : ['*'],\n 'exclude-patterns': group['exclude-patterns'],\n 'dependency-type': group['dependency-type'],\n 'update-types': group['update-types'],\n },\n } satisfies DependabotGroupJob;\n });\n}\n\nexport function mapAllowedUpdatesFromDependabotConfigToJobConfig(\n allowedUpdates?: DependabotAllowCondition[],\n securityOnlyUpdate?: boolean,\n): DependabotAllowed[] {\n // If no allow conditions are specified, update direct dependencies by default; This is what GitHub does.\n // NOTE: 'update-type' appears to be a deprecated config, but still appears in the dependabot-core model and GitHub Dependabot job logs.\n // See: https://github.com/dependabot/dependabot-core/blob/b3a0c1f86c20729494097ebc695067099f5b4ada/updater/lib/dependabot/job.rb#L253C1-L257C78\n if (!allowedUpdates) {\n return [\n {\n 'dependency-type': 'direct',\n 'update-type': securityOnlyUpdate ? 'security' : 'all',\n },\n ];\n }\n return allowedUpdates.map((allow) => {\n return {\n 'dependency-name': allow['dependency-name'],\n 'dependency-type': allow['dependency-type'],\n 'update-type': allow['update-type'],\n };\n });\n}\n\nexport function mapIgnoreConditionsFromDependabotConfigToJobConfig(\n ignoreConditions?: DependabotIgnoreCondition[],\n): DependabotCondition[] {\n if (!ignoreConditions) return [];\n return ignoreConditions.map((ignore) => {\n return {\n source: ignore.source,\n 'updated-at': ignore['updated-at'],\n 'dependency-name': ignore['dependency-name'] ?? '*',\n 'update-types': ignore['update-types'],\n\n // The dependabot.yml config docs are not very clear about acceptable values; after scanning dependabot-core and dependabot-cli,\n // this could either be a single version string (e.g. '>1.0.0'), or multiple version strings separated by commas (e.g. '>1.0.0, <2.0.0')\n 'version-requirement': Array.isArray(ignore.versions) ? (<string[]>ignore.versions)?.join(', ') : ignore.versions,\n } satisfies DependabotCondition;\n });\n}\n\nexport function mapExperiments(experiments?: DependabotExperiments): DependabotExperiments {\n experiments ??= {};\n return Object.keys(experiments).reduce((acc, key) => {\n // Experiment values are known to be either 'true', 'false', or a string value.\n // If the value is 'true' or 'false', convert it to a boolean type so that dependabot-core handles it correctly.\n const value = experiments[key];\n if (typeof value === 'string' && value?.toLocaleLowerCase() === 'true') {\n acc[key] = true;\n } else if (typeof value === 'string' && value?.toLocaleLowerCase() === 'false') {\n acc[key] = false;\n } else {\n if (typeof value === 'string' || typeof value === 'boolean') acc[key] = value;\n }\n return acc;\n }, {} as DependabotExperiments);\n}\n\nexport function mapSecurityAdvisories(securityVulnerabilities?: SecurityVulnerability[]): DependabotSecurityAdvisory[] {\n if (!securityVulnerabilities) return [];\n\n // A single security advisory can cause a vulnerability in multiple versions of a package.\n // We need to map each unique security advisory to a list of affected-versions and patched-versions.\n const vulnerabilitiesGroupedByPackageNameAndAdvisoryId = new Map<string, SecurityVulnerability[]>();\n for (const vuln of securityVulnerabilities) {\n const key = `${vuln.package.name}/${vuln.advisory.identifiers.map((i) => `${i.type}:${i.value}`).join('/')}`;\n if (!vulnerabilitiesGroupedByPackageNameAndAdvisoryId.has(key)) {\n vulnerabilitiesGroupedByPackageNameAndAdvisoryId.set(key, []);\n }\n vulnerabilitiesGroupedByPackageNameAndAdvisoryId.get(key)!.push(vuln);\n }\n return Array.from(vulnerabilitiesGroupedByPackageNameAndAdvisoryId.values()).map((vulns) => {\n return {\n 'dependency-name': vulns[0]!.package.name,\n 'affected-versions': vulns.map((v) => v.vulnerableVersionRange).filter((v) => v && v.length > 0),\n 'patched-versions': vulns\n .map((v) => v.firstPatchedVersion?.identifier)\n .filter((v) => v && v.length > 0)\n .map((v) => v!),\n 'unaffected-versions': [],\n } satisfies DependabotSecurityAdvisory;\n });\n}\n\nexport function mapCredentials({\n sourceHostname,\n systemAccessUser,\n systemAccessToken,\n githubToken,\n registries,\n}: {\n sourceHostname: string;\n systemAccessUser?: string;\n systemAccessToken?: string;\n githubToken?: string;\n registries?: Record<string, DependabotRegistry>;\n}): DependabotCredential[] {\n const credentials = [];\n\n // Required to authenticate with the git repository when cloning the source code\n if (systemAccessToken) {\n credentials.push({\n type: 'git_source',\n host: sourceHostname,\n username: (systemAccessUser ?? '').trim()?.length > 0 ? systemAccessUser : 'x-access-token',\n password: systemAccessToken,\n });\n }\n\n // Required to avoid rate-limiting errors when generating pull request descriptions (e.g. fetching release notes, commit messages, etc)\n if (githubToken) {\n credentials.push({\n type: 'git_source',\n host: 'github.com',\n username: 'x-access-token',\n password: githubToken,\n });\n }\n if (registries) {\n // Required to authenticate with private package feeds when finding the latest version of dependencies.\n // The registries have already been worked on (see parseRegistries) so there is no need to do anything else.\n credentials.push(...Object.values(registries));\n }\n\n return credentials;\n}\n","import { z } from 'zod';\nimport { DependabotDependencySchema, DependabotPackageManagerSchema } from './job';\n\n// we use nullish() because it does optional() and allows the value to be set to null\n\nexport const DependabotDependencyFileSchema = z.object({\n // https://github.com/dependabot/dependabot-core/blob/5e2711f9913cc387acb7cb0d29d51fb52d235ef2/common/lib/dependabot/dependency_file.rb#L14-L15\n content: z.string().nullish(),\n content_encoding: z\n .enum([\n 'utf-8',\n 'base64',\n // for some reason, some files (e.g. txt in gomod) are marked as empty string encoding\n '',\n ])\n .nullish(),\n deleted: z.boolean().nullish(),\n directory: z.string(),\n name: z.string(),\n operation: z.enum(['update', 'create', 'delete']),\n support_file: z.boolean().nullish(),\n vendored_file: z.boolean().nullish(),\n symlink_target: z.string().nullish(),\n type: z.string().nullish(),\n mode: z\n .enum({\n executable: '100755',\n file: '100644',\n directory: '040000',\n submodule: '160000',\n symlink: '120000',\n })\n .or(z.string())\n .nullish(),\n});\nexport type DependabotDependencyFile = z.infer<typeof DependabotDependencyFileSchema>;\n\nexport const DependabotUpdateDependencyListSchema = z.object({\n dependencies: DependabotDependencySchema.array(),\n dependency_files: z.string().array().nullish(),\n});\nexport type DependabotUpdateDependencyList = z.infer<typeof DependabotUpdateDependencyListSchema>;\n\nexport const DependabotDependencySubmissionSchema = z.object({\n version: z.number(),\n sha: z.string(),\n ref: z.string(),\n job: z.object({\n correlator: z.string(),\n id: z.string(),\n }),\n detector: z.object({\n name: z.string(),\n version: z.string(),\n url: z.string(),\n }),\n manifests: z.object({\n name: z.string().nullish(),\n file: z.object({ source_location: z.string() }).nullish(),\n metadata: z.object({ ecosystem: DependabotPackageManagerSchema }).nullish(),\n resolved: z\n .object({\n package_url: z.string(),\n relationship: z.enum(['direct', 'indirect']),\n scope: z.enum(['runtime', 'development']),\n dependencies: DependabotDependencySchema.array(),\n })\n .nullish(),\n }),\n metadata: z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotDependencySubmission = z.infer<typeof DependabotDependencySubmissionSchema>;\n\nexport const DependabotCreatePullRequestSchema = z.object({\n 'base-commit-sha': z.string(),\n dependencies: DependabotDependencySchema.array(),\n 'updated-dependency-files': DependabotDependencyFileSchema.array(),\n 'pr-title': z.string(),\n 'pr-body': z.string().nullish(),\n 'commit-message': z.string(),\n 'dependency-group': z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotCreatePullRequest = z.infer<typeof DependabotCreatePullRequestSchema>;\n\nexport const DependabotUpdatePullRequestSchema = z.object({\n 'base-commit-sha': z.string(),\n 'dependency-names': z.string().array(),\n 'updated-dependency-files': DependabotDependencyFileSchema.array(),\n 'pr-title': z.string().nullish(), // this is usually excluded when working with dependabot-cli and an empty string if the API\n 'pr-body': z.string().nullish(), // this is usually excluded when working with dependabot-cli and an empty string if the API\n 'commit-message': z.string().nullish(), // this is usually excluded when working with dependabot-cli and an empty string if the API\n 'dependency-group': z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotUpdatePullRequest = z.infer<typeof DependabotUpdatePullRequestSchema>;\n\nexport const DependabotClosePullRequestReasonEnum = z.enum([\n 'dependencies_changed',\n 'dependency_group_empty',\n 'dependency_removed',\n 'up_to_date',\n 'update_no_longer_possible',\n]);\nexport type DependabotClosePullRequestReason = z.infer<typeof DependabotClosePullRequestReasonEnum>;\nexport const DependabotClosePullRequestSchema = z.object({\n 'dependency-names': z.string().array(),\n reason: DependabotClosePullRequestReasonEnum.nullish(),\n});\nexport type DependabotClosePullRequest = z.infer<typeof DependabotClosePullRequestSchema>;\n\nexport const DependabotMarkAsProcessedSchema = z.object({\n 'base-commit-sha': z.string().nullish(),\n});\nexport type DependabotMarkAsProcessed = z.infer<typeof DependabotMarkAsProcessedSchema>;\n\nexport const DependabotJobErrorSchema = z.object({\n 'error-type': z.string(),\n 'error-details': z.record(z.string(), z.any()).nullish(),\n unknown: z.boolean().nullish(), // own property to differentiate between known and unknown errors\n});\nexport type DependabotJobError = z.infer<typeof DependabotJobErrorSchema>;\n\nexport const DependabotRecordUpdateJobErrorSchema = DependabotJobErrorSchema.extend({});\nexport type DependabotRecordUpdateJobError = z.infer<typeof DependabotRecordUpdateJobErrorSchema>;\n\nexport const DependabotRecordUpdateJobWarningSchema = z.object({\n 'warn-type': z.string(),\n 'warn-title': z.string(),\n 'warn-description': z.string(),\n});\nexport type DependabotRecordUpdateJobWarning = z.infer<typeof DependabotRecordUpdateJobWarningSchema>;\n\nexport const DependabotRecordUpdateJobUnknownErrorSchema = DependabotJobErrorSchema.extend({});\nexport type DependabotRecordUpdateJobUnknownError = z.infer<typeof DependabotRecordUpdateJobUnknownErrorSchema>;\n\nexport const DependabotRecordEcosystemVersionsSchema = z.object({\n ecosystem_versions: z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotRecordEcosystemVersions = z.infer<typeof DependabotRecordEcosystemVersionsSchema>;\n\nexport const DependabotEcosystemVersionManagerSchema = z.object({\n name: z.string(),\n version: z.string(),\n raw_version: z.string(),\n requirement: z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotEcosystemVersionManager = z.infer<typeof DependabotEcosystemVersionManagerSchema>;\n\nexport const DependabotEcosystemMetaSchema = z.object({\n name: z.string(),\n package_manager: DependabotEcosystemVersionManagerSchema.nullish(),\n language: DependabotEcosystemVersionManagerSchema.nullish(),\n version: DependabotEcosystemVersionManagerSchema.nullish(),\n});\nexport type DependabotEcosystemMeta = z.infer<typeof DependabotEcosystemMetaSchema>;\n\nexport const DependabotRecordEcosystemMetaSchema = z.object({\n ecosystem: DependabotEcosystemMetaSchema,\n});\nexport type DependabotRecordEcosystemMeta = z.infer<typeof DependabotRecordEcosystemMetaSchema>;\n\nexport const DependabotRecordCooldownMetaSchema = z.object({\n cooldown: z.object({\n ecosystem_name: DependabotPackageManagerSchema,\n config: z.object({\n default_days: z.number(),\n semver_major_days: z.number(),\n semver_minor_days: z.number(),\n semver_patch_days: z.number(),\n }),\n }),\n});\nexport type DependabotRecordCooldownMeta = z.infer<typeof DependabotRecordCooldownMetaSchema>;\n\nexport const DependabotIncrementMetricSchema = z.object({\n metric: z.string(),\n tags: z.record(z.string(), z.any()).nullish(),\n});\nexport type DependabotIncrementMetric = z.infer<typeof DependabotIncrementMetricSchema>;\n\nexport const DependabotMetricSchema = z.object({\n metric: z.string(),\n type: z.enum(['increment', 'gauge', 'distribution', 'histogram']),\n value: z.number().nullish(),\n values: z.number().array().nullish(),\n tags: z.record(z.string(), z.string()).nullish(),\n});\nexport type DependabotMetric = z.infer<typeof DependabotMetricSchema>;\n","import { zValidator } from '@hono/zod-validator';\nimport { Hono } from 'hono';\nimport { type ZodType, z } from 'zod';\nimport { logger } from '@/logger';\nimport type { DependabotCredential, DependabotJobConfig } from './job';\nimport {\n DependabotClosePullRequestSchema,\n DependabotCreatePullRequestSchema,\n DependabotDependencySubmissionSchema,\n DependabotIncrementMetricSchema,\n DependabotMarkAsProcessedSchema,\n DependabotMetricSchema,\n DependabotRecordCooldownMetaSchema,\n DependabotRecordEcosystemMetaSchema,\n DependabotRecordEcosystemVersionsSchema,\n DependabotRecordUpdateJobErrorSchema,\n DependabotRecordUpdateJobUnknownErrorSchema,\n DependabotRecordUpdateJobWarningSchema,\n DependabotUpdateDependencyListSchema,\n DependabotUpdatePullRequestSchema,\n} from './update';\n\nexport const DependabotRequestTypeSchema = z.enum([\n 'create_pull_request',\n 'update_pull_request',\n 'close_pull_request',\n 'record_update_job_error',\n 'record_update_job_warning',\n 'record_update_job_unknown_error',\n 'mark_as_processed',\n 'update_dependency_list',\n 'create_dependency_submission',\n 'record_ecosystem_versions',\n 'increment_metric',\n 'record_ecosystem_meta',\n 'record_cooldown_meta',\n 'record_metrics', // from the runner\n]);\nexport type DependabotRequestType = z.infer<typeof DependabotRequestTypeSchema>;\n\nexport const DependabotRequestSchema = z.discriminatedUnion('type', [\n z.object({ type: z.literal('create_pull_request'), data: DependabotCreatePullRequestSchema }),\n z.object({ type: z.literal('update_pull_request'), data: DependabotUpdatePullRequestSchema }),\n z.object({ type: z.literal('close_pull_request'), data: DependabotClosePullRequestSchema }),\n z.object({ type: z.literal('record_update_job_error'), data: DependabotRecordUpdateJobErrorSchema }),\n z.object({ type: z.literal('record_update_job_warning'), data: DependabotRecordUpdateJobWarningSchema }),\n z.object({ type: z.literal('record_update_job_unknown_error'), data: DependabotRecordUpdateJobUnknownErrorSchema }),\n z.object({ type: z.literal('mark_as_processed'), data: DependabotMarkAsProcessedSchema }),\n z.object({ type: z.literal('update_dependency_list'), data: DependabotUpdateDependencyListSchema }),\n z.object({ type: z.literal('create_dependency_submission'), data: DependabotDependencySubmissionSchema }),\n z.object({ type: z.literal('record_ecosystem_versions'), data: DependabotRecordEcosystemVersionsSchema }),\n z.object({ type: z.literal('record_ecosystem_meta'), data: DependabotRecordEcosystemMetaSchema.array() }),\n z.object({ type: z.literal('record_cooldown_meta'), data: DependabotRecordCooldownMetaSchema.array() }),\n z.object({ type: z.literal('increment_metric'), data: DependabotIncrementMetricSchema }),\n z.object({ type: z.literal('record_metrics'), data: DependabotMetricSchema.array() }), // from the runner\n]);\nexport type DependabotRequest = z.infer<typeof DependabotRequestSchema>;\n\nexport type DependabotTokenType = 'job' | 'credentials';\n\n/**\n * Function type for authenticating requests.\n * @param type - The type of authentication ('job' or 'credentials').\n * @param id - The ID of the dependabot job.\n * @param value - The authentication value (e.g., API key).\n * @returns A promise that resolves to a boolean indicating whether the authentication was successful.\n */\ntype AuthenticatorFunc = (type: DependabotTokenType, id: string, value: string) => Promise<boolean>;\n\n/**\n * Handler function for processing dependabot requests.\n * @param id - The ID of the dependabot job.\n * @param request - The dependabot request to handle.\n * @returns A promise that resolves to the result of handling the request.\n */\ntype HandlerFunc = (id: string, request: DependabotRequest) => Promise<boolean>;\n\n/**\n * Function for inspecting raw dependabot requests.\n * @param id - The ID of the dependabot job.\n * @param type - The type of dependabot request.\n * @param raw - The raw JSON data of the request.\n * @returns A promise that resolves when the operation is complete.\n */\ntype InspectRequestFunc = (id: string, type: DependabotRequestType, raw: unknown) => Promise<void>;\n\n/**\n * Function for getting a dependabot job config by ID.\n * @param id - The ID of the dependabot job.\n * @returns A promise that resolves to the dependabot job config, or undefined if not found.\n */\ntype GetJobFunc = (id: string) => Promise<DependabotJobConfig | undefined>;\n\n/**\n * Function for getting dependabot credentials by job ID.\n * @param id - The ID of the dependabot job.\n * @returns A promise that resolves to an array of dependabot credentials, or undefined if not found.\n */\ntype GetCredentialsFunc = (id: string) => Promise<DependabotCredential[] | undefined>;\n\nexport type CreateApiServerAppOptions = {\n /**\n * Base path for the endpoints.\n * @default `/api/update_jobs`\n */\n basePath?: string;\n\n /** Handler function for authenticating requests. */\n authenticate: AuthenticatorFunc;\n\n /** Function for getting a dependabot job by ID. */\n getJob: GetJobFunc;\n\n /** Function for getting dependabot credentials by job ID. */\n getCredentials: GetCredentialsFunc;\n\n /**\n * Optional function for inspecting raw dependabot requests.\n * Should only be used for troubleshooting.\n * */\n inspect?: InspectRequestFunc;\n\n /** Handler function for processing the operations. */\n handle: HandlerFunc;\n};\n\n/**\n * Creates an API server application for handling dependabot update jobs.\n * The endpoints in the server application have paths in the format: `/api/update_jobs/:id/{operation}`,\n * where `:id` is the job ID and `{operation}` is one of the defined operations e.g. `create_pull_request`.\n *\n * You should set the job endpoint URL in the job container to\n * `http://<host>:<port>/api/update_jobs/:id` where `<host>` and `<port>` are the host and port\n *\n * These endpoints are protected using the provided API key.\n * @param params - The parameters for creating the API server application.\n * @returns The created API server application.\n */\nexport function createApiServerApp({\n basePath = `/api/update_jobs`,\n authenticate,\n getJob,\n getCredentials,\n inspect,\n handle,\n}: CreateApiServerAppOptions): Hono {\n // Setup app with base path and middleware\n const app = new Hono().basePath(basePath);\n\n // Handle endpoints:\n // - POST request to /create_pull_request\n // - POST request to /update_pull_request\n // - POST request to /close_pull_request\n // - POST request to /record_update_job_error\n // - POST request to /record_update_job_warning\n // - POST request to /record_update_job_unknown_error\n // - PATCH request to /mark_as_processed\n // - POST request to /update_dependency_list\n // - POST request to /create_dependency_submission\n // - POST request to /record_ecosystem_versions\n // - POST request to /record_ecosystem_meta\n // - POST request to /increment_metric\n\n function operation<T extends ZodType>(type: DependabotRequestType, schema: T, method?: string) {\n app.on(\n method || 'post',\n `/:id/${type}`,\n zValidator('param', z.object({ id: z.string() })),\n async (context, next) => {\n /**\n * Do not authenticate in scenarios where the server is not using HTTPS because the\n * dependabot proxy will not send the job token over HTTP, yet trying to get HTTPS to work\n * with localhost (self-signed certs) against docker (host.docker.internal) is complicated.\n */\n const url = new URL(context.req.url);\n const isHTTPS = url.protocol === 'https:';\n const { id } = context.req.valid('param');\n if (isHTTPS) {\n const value = context.req.header('Authorization');\n if (!value) return context.body(null, 401);\n const valid = await authenticate('job', id, value);\n if (!valid) return context.body(null, 403);\n } else {\n logger.trace(`Skipping authentication because it is not secure ${context.req.url}`);\n }\n\n // if inspection is provided, call it with the raw request data\n if (inspect) {\n await inspect(id, type, await context.req.json());\n }\n\n await next();\n },\n zValidator('json', z.object({ data: schema })),\n async (context) => {\n const { id } = context.req.valid('param');\n const { data } = context.req.valid('json') as { data: z.infer<typeof schema> };\n // biome-ignore lint/suspicious/noExplicitAny: generic\n const success: boolean = await handle(id, { type, data: data as any });\n return context.body(null, success ? 204 : 400);\n },\n );\n }\n\n operation('create_pull_request', DependabotCreatePullRequestSchema);\n operation('update_pull_request', DependabotUpdatePullRequestSchema);\n operation('close_pull_request', DependabotClosePullRequestSchema);\n operation('record_update_job_error', DependabotRecordUpdateJobErrorSchema);\n operation('record_update_job_warning', DependabotRecordUpdateJobWarningSchema);\n operation('record_update_job_unknown_error', DependabotRecordUpdateJobUnknownErrorSchema);\n operation('mark_as_processed', DependabotMarkAsProcessedSchema, 'patch');\n operation('update_dependency_list', DependabotUpdateDependencyListSchema);\n operation('create_dependency_submission', DependabotDependencySubmissionSchema);\n operation('record_ecosystem_versions', DependabotRecordEcosystemVersionsSchema);\n operation('record_ecosystem_meta', DependabotRecordEcosystemMetaSchema.array());\n operation('record_cooldown_meta', DependabotRecordCooldownMetaSchema.array());\n operation('increment_metric', DependabotIncrementMetricSchema);\n operation('record_metrics', DependabotMetricSchema.array()); // from the runner\n\n // Handle endpoints:\n // - GET request to /details\n // - GET request to /credentials\n app.on(\n 'get',\n '/:id/details',\n zValidator('param', z.object({ id: z.string() })),\n async (context, next) => {\n const { id } = context.req.valid('param');\n const value = context.req.header('Authorization');\n if (!value) return context.body(null, 401);\n const valid = await authenticate('job', id, value);\n if (!valid) return context.body(null, 403);\n await next();\n },\n async (context) => {\n const { id } = context.req.valid('param');\n const job = await getJob(id);\n if (!job) return context.body(null, 204);\n return context.json(job);\n },\n );\n app.on(\n 'get',\n '/:id/credentials',\n zValidator('param', z.object({ id: z.string() })),\n async (context, next) => {\n const { id } = context.req.valid('param');\n const value = context.req.header('Authorization');\n if (!value) return context.body(null, 401);\n const valid = await authenticate('credentials', id, value);\n if (!valid) return context.body(null, 403);\n await next();\n },\n async (context) => {\n const { id } = context.req.valid('param');\n const credentials = await getCredentials(id);\n if (!credentials) return context.body(null, 204);\n return context.json(credentials);\n },\n );\n\n return app;\n}\n","import type { DependabotDependency, DependabotPersistedPr } from './job';\nimport type { DependabotClosePullRequest, DependabotCreatePullRequest } from './update';\n\nexport function normalizeFilePath(path: string): string {\n // Convert backslashes to forward slashes, convert './' => '/' and ensure the path starts with a forward slash if it doesn't already, this is how DevOps paths are formatted\n return path\n ?.replace(/\\\\/g, '/')\n ?.replace(/^\\.\\//, '/')\n ?.replace(/^([^/])/, '/$1');\n}\n\nexport function normalizeBranchName(branch: string): string;\nexport function normalizeBranchName(branch?: string): string | undefined;\nexport function normalizeBranchName(branch?: string): string | undefined {\n // Strip the 'refs/heads/' prefix from the branch name, if present\n return branch?.replace(/^refs\\/heads\\//i, '');\n}\n\nexport function getDependencyNames(pr: DependabotPersistedPr): string[] {\n return pr.dependencies.map((dep) => dep['dependency-name']?.toString());\n}\n\nexport function areEqual(a: string[], b: string[]): boolean {\n if (a.length !== b.length) return false;\n return a.every((name) => b.includes(name));\n}\n\nexport function getPullRequestCloseReason(data: DependabotClosePullRequest): string | undefined {\n // The first dependency is the \"lead\" dependency in a multi-dependency update\n const leadDependencyName = data['dependency-names'][0];\n let reason: string | undefined;\n switch (data.reason) {\n case 'dependencies_changed':\n reason = `Looks like the dependencies have changed`;\n break;\n case 'dependency_group_empty':\n reason = `Looks like the dependencies in this group are now empty`;\n break;\n case 'dependency_removed':\n reason = `Looks like ${leadDependencyName} is no longer a dependency`;\n break;\n case 'up_to_date':\n reason = `Looks like ${leadDependencyName} is up-to-date now`;\n break;\n case 'update_no_longer_possible':\n reason = `Looks like ${leadDependencyName} can no longer be updated`;\n break;\n }\n if (reason && reason.length > 0) {\n reason += ', so this is no longer needed.';\n }\n return reason;\n}\n\nexport function getPersistedPr(data: DependabotCreatePullRequest): DependabotPersistedPr {\n return {\n 'dependency-group-name': data['dependency-group']?.name || null,\n dependencies: data.dependencies.map((dep) => ({\n 'dependency-name': dep.name,\n 'dependency-version': dep.version,\n directory: dep.directory,\n })),\n };\n}\n\nexport function getPullRequestDescription({\n packageManager,\n body,\n dependencies,\n maxDescriptionLength,\n}: {\n packageManager: string;\n body: string | null | undefined;\n dependencies: DependabotDependency[];\n maxDescriptionLength?: number;\n}): string {\n let header = '';\n const footer = '';\n\n // Fix up GitHub mentions encoding issues by removing instances of the zero-width space '\\u200B' as it does not render correctly in Azure DevOps.\n // https://github.com/dependabot/dependabot-core/issues/9572\n // https://github.com/dependabot/dependabot-core/blob/313fcff149b3126cb78b38d15f018907d729f8cc/common/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb#L245-L252\n const description = (body || '').replace(new RegExp(decodeURIComponent('%EF%BF%BD%EF%BF%BD%EF%BF%BD'), 'g'), '');\n\n // If there is exactly one dependency, add a compatibility score badge to the description header.\n // Compatibility scores are intended for single dependency security updates, not group updates.\n // https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores\n if (dependencies.length === 1) {\n const compatibilityScoreBadges = dependencies.map((dep) => {\n return `![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=${dep.name}&package-manager=${packageManager}&previous-version=${dep['previous-version']}&new-version=${dep.version})`;\n });\n header += `${compatibilityScoreBadges.join(' ')}\\n\\n`;\n }\n\n // Build the full pull request description.\n // The header/footer must not be truncated.\n // If the description is too long and a max length is provided, we truncate the body.\n if (maxDescriptionLength) {\n const maxDescriptionLengthAfterHeaderAndFooter = maxDescriptionLength - header.length - footer.length;\n return `${header}${description.substring(0, maxDescriptionLengthAfterHeaderAndFooter)}${footer}`;\n }\n return `${header}${description}${footer}`;\n}\n\n/**\n * Determines if a new pull request should supersede an existing pull request.\n *\n * Follows GitHub Dependabot's superseding logic:\n * - **Grouped PRs**: Supersede if same group name AND any dependency version changed\n * - **Single dependency PRs**: Supersede if updating the exact same dependency with a different version\n * - **Different scopes**: PRs with different dependency sets don't supersede each other\n *\n * A new PR supersedes an old PR when:\n * 1. Both are for the same group (same `dependency-group-name`), OR\n * Both update the exact same set of dependencies (same dependency names)\n * 2. AND at least one dependency has a different version\n *\n * This prevents incorrect superseding when PRs update overlapping but different dependency sets.\n *\n * @param oldPr - The existing pull request's dependency data\n * @param newPr - The new pull request's dependency data\n * @returns `true` if the new PR should supersede the old PR, `false` otherwise\n *\n * @example\n * ```ts\n * // Single dependency - same dependency, different version: SUPERSEDE\n * const oldPr = {\n * 'dependency-group-name': null,\n * dependencies: [{ 'dependency-name': 'lodash', 'dependency-version': '4.17.20' }]\n * };\n * const newPr = {\n * 'dependency-group-name': null,\n * dependencies: [{ 'dependency-name': 'lodash', 'dependency-version': '4.17.21' }]\n * };\n * shouldSupersede(oldPr, newPr); // returns true\n * ```\n *\n * @example\n * ```ts\n * // Different dependency sets - overlap but different scope: DON'T SUPERSEDE\n * const oldPr = {\n * 'dependency-group-name': null,\n * dependencies: [\n * { 'dependency-name': 'lodash', 'dependency-version': '4.17.20' },\n * { 'dependency-name': 'express', 'dependency-version': '4.18.0' }\n * ]\n * };\n * const newPr = {\n * 'dependency-group-name': null,\n * dependencies: [\n * { 'dependency-name': 'lodash', 'dependency-version': '4.17.21' },\n * { 'dependency-name': 'react', 'dependency-version': '18.0.0' }\n * ]\n * };\n * shouldSupersede(oldPr, newPr); // returns false - different dependency sets\n * ```\n *\n * @example\n * ```ts\n * // Same group - version changed: SUPERSEDE\n * const oldPr = {\n * 'dependency-group-name': 'production',\n * dependencies: [{ 'dependency-name': 'lodash', 'dependency-version': '4.17.20' }]\n * };\n * const newPr = {\n * 'dependency-group-name': 'production',\n * dependencies: [{ 'dependency-name': 'lodash', 'dependency-version': '4.17.21' }]\n * };\n * shouldSupersede(oldPr, newPr); // returns true - same group, version changed\n * ```\n */\nexport function shouldSupersede(oldPr: DependabotPersistedPr, newPr: DependabotPersistedPr): boolean {\n // Both PRs mut have the same dependency group name (including both being null/undefined)\n const oldGroupName = oldPr['dependency-group-name'];\n const newGroupName = newPr['dependency-group-name'];\n if ((oldGroupName || undefined) !== (newGroupName || undefined)) {\n return false;\n }\n\n const oldDeps = getDependencyNames(oldPr);\n const newDeps = getDependencyNames(newPr);\n\n // Non-grouped PRs must have the same dependency names\n if (!oldGroupName && !areEqual(oldDeps, newDeps)) {\n return false;\n }\n\n // They're in the same scope - check if any dependency version changed\n const overlappingDeps = oldDeps.filter((dep) => newDeps.includes(dep));\n for (const dep of overlappingDeps) {\n const oldDep = oldPr.dependencies.find((d) => d['dependency-name'] === dep);\n const newDep = newPr.dependencies.find((d) => d['dependency-name'] === dep);\n if (oldDep?.['dependency-version'] !== newDep?.['dependency-version']) {\n return true;\n }\n }\n\n // Same scope but all versions are identical - this is just a rebase\n return false;\n}\n"],"mappings":";;;;;;;;AAKA,MAAa,kCAAkC;AAC/C,MAAa,iCAAiC;;;;ACE9C,SAAgB,uBAAuB,EACrC,kBACA,kBACA,WACA,qBACA,cACA,YAAY,OAQH;CAIT,IAAI;AAEJ,KADiC,uBAAuB,aAAa,SAAS,GAChD;EAG5B,MAAM,mBAAmB,OACtB,WAAW,MAAM,CACjB,OAAO,aAAa,KAAK,MAAM,GAAG,EAAE,mBAAmB,GAAG,EAAE,wBAAwB,CAAC,KAAK,IAAI,CAAC,CAC/F,OAAO,MAAM,CACb,UAAU,GAAG,GAAG;AACnB,eAAa,GAAG,uBAAuB,QAAQ,GAAG;OAUlD,cAAa,GANW,aACrB,KAAK,MAAM,EAAE,mBAAmB,CAChC,KAAK,QAAQ,CACb,QAAQ,UAAU,IAAI,CACtB,QAAQ,MAAM,GAAG,CAEY,GADV,aAAa,IAAI,UAAU,YAAY,aAAa,KAAK;AAIjF,QAAO,YACL;EACE;EACA;EACA;EAEA,YACI,UACG,MAAM,IAAI,CACV,QAAQ,SAAS,KAAK,SAAS,EAAE,CACjC,KAAK,UAAU,GAClB;EACJ;EACD,EACD,UACD;;AAGH,SAAgB,YAAY,UAAkC,WAA2B;AAOvF,QACE,SAEG,QAAQ,MAAM,KAAK,EAAE,MAAM,CAAC,SAAS,EAAE,CACvC,KAAK,UAAU,CAEf,QAAQ,0BAA0B,GAAG,CAErC,QAAQ,SAAS,QAAQ,CAEzB,QAAQ,QAAQ,IAAI,CACpB,QAAQ,QAAQ,IAAI,CAEpB,QAAQ,OAAO,GAAG;;;;;AClFzB,MAAa,sBAA6C;CACxD,6BAA6B;CAC7B,mCAAmC;CACnC,gBAAgB;CAChB,gCAAgC;CAChC,oCAAoC;CACpC,wCAAwC;CACxC,yCAAyC;CACzC,wCAAwC;CACxC,8CAA8C;CAC9C,6CAA6C;CAC7C,6CAA6C;CAC7C,2BAA2B;CAC3B,oDAAoD;CACpD,gCAAgC;CACjC;;;;;;AAOD,SAAgB,iBAAiB,KAAiD;AAChF,QAAO,KACH,MAAM,IAAI,CACX,QAAQ,UAAU,MAAM,MAAM,KAAK,GAAG,CACtC,QAAQ,KAAK,QAAQ;EACpB,MAAM,CAAC,KAAK,SAAS,IAAI,MAAM,KAAK,EAAE;AACtC,MAAI,OAAQ,SAAS;AACrB,SAAO;IACN,EAAE,CAA0B;;;;;;;;;;AAWnC,SAAgB,cACd,aACA,MACA,QAA0B,MACH;AACvB,QAAO;EACL,GAAI,eAAe,EAAE;GAGpB,OAAO;EACT;;;;;;;;ACbH,IAAa,uBAAb,MAAkC;CAChC,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CAEjB,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CAEjB,YAAY,EACV,QACA,QACA,QACA,kBACA,mBACA,aACA,aACA,SAWC;AACD,OAAK,SAAS;AACd,OAAK,SAAS;AACd,OAAK,QAAQ;AAEb,OAAK,cAAc,cAAc,aAAa,0BAA0B,OAAO,0BAA0B;AAEzG,OAAK,iBAAiB,oCAAoC,OAAO,qBAAqB;AACtF,OAAK,SAAS,yCAAyC,QAAQ,OAAO;AACtE,OAAK,cAAc,eAAe;GAChC,gBAAgB,OAAO;GACvB;GACA;GACA;GACA,YAAY,OAAO;GACpB,CAAC;;;;;CAMJ,AAAO,oBAAoB,EAAE,MAAkD;AAC7E,SAAO;GACL,KAAK;IACC;IACJ,SAAS;IACT,mBAAmB,KAAK;IACxB,2BAA2B;IAC3B,cAAc;IACd,mBAAmB,CAAC;KAAE,mBAAmB;KAAU,eAAe;KAAO,CAAC;IAC1E,qBAAqB,CAAC,EAAE,mBAAmB,KAAK,CAAC;IACjD,yBAAyB;IACzB,uBAAuB,EAAE;IACzB,QAAQ,KAAK;IACb,0BAA0B;IAC1B,0BAA0B,EAAE;IAC5B,gCAAgC,EAAE;IAClC,aAAa,eAAe,KAAK,YAAY;IAC7C,gCAAgC;IAChC,iBAAiB;IACjB,0BAA0B;KACxB,QAAQ;KACR,sBAAsB;KACtB,iBAAiB;KAClB;IACD,uBAAuB;IACvB,gBAAgB;IAChB,OAAO,KAAK;IACb;GACD,aAAa,KAAK;GACnB;;;;;CAMH,AAAO,UAAU,EACf,IACA,SACA,yBACA,sBACA,qBACA,2BAQ6B;EAC7B,MAAM,qBAAqB,KAAK,OAAO,gCAAgC;EAEvE,IAAI;EACJ,IAAI,4BAA2C;EAC/C,IAAI;EACJ,IAAI;AAEJ,MAAI,qBAAqB;AACvB,yBAAsB;AACtB,+BACE,2BAA2B,sBAAsB,oBAAoB,2BAA2B;AAClG,2BAAwB,oBAAoB,aAAa,KAAK,MAAM,EAAE,mBAAmB;AACzF,qBAAkB,yBAAyB,QAAQ,MAAM,uBAAuB,SAAS,EAAE,QAAQ,KAAK,CAAC;SACpG;AACL,yBAAsB;GACtB,MAAM,QAAQ,yBAAyB,SAAS,0BAA0B;AAC1E,2BACE,sBAAsB,QAClB,OAAO,QAAQ,MAAM,yBAAyB,MAAM,MAAM,EAAE,QAAQ,SAAS,EAAE,CAAC,GAChF;AACN,qBAAkB;;EAIpB,MAAM,SAAS,EAAE,GAAG,KAAK,QAAQ;AACjC,MAAI,YAAY,WAAW,CAAC,OAAO,aAAa;AAC9C,UAAO,cAAc,CAAC,KAAK,OAAO,UAAW;AAC7C,UAAO,YAAY;;AAGrB,SAAO;GACL,KAAK;IACC;IACK;IACT,mBAAmB,KAAK;IACxB,2BAA2B,uBAAuB;IAClD,+BAA+B;IAC/B,qBAAqB,yCAAyC,KAAK,OAAO,OAAO;IACjF,cAAc;IACd,mBAAmB,iDAAiD,KAAK,OAAO,OAAO,mBAAmB;IAC1G,qBAAqB,mDAAmD,KAAK,OAAO,OAAO;IAC3F,yBAAyB;IACzB,uBAAuB,sBAAsB,gBAAgB;IAC7D;IACA,0BAA0B;IAC1B,0BAA0B,qBAAqB,QAAQ,OAAO,EAAE,2BAA2B,IAAI;IAC/F,gCAAgC,qBAAqB,QAAQ,OAAO,2BAA2B,GAAG;IAClG,0BAA0B;KACxB,QAAQ,KAAK,OAAO,mBAAmB,UAAU;KACjD,sBAAsB,KAAK,OAAO,oBAAoB,yBAAyB;KAC/E,iBACE,KAAK,OAAO,mBAAmB,SAAS,mBAAmB,EAAE,MAAM,KAAK,UAAU,OAAO;KAC5F;IACD,UAAU,KAAK,OAAO;IACtB,aAAa,eAAe,KAAK,YAAY;IAC7C,wBACE,KAAK,OAAO,qCAAqC,mBAAmB,EAAE,MAAM,KAAK;IACnF,gCAAgC,+CAC9B,KAAK,OAAO,uBACb;IACD,iBAAiB,KAAK,OAAO,2BAA2B;IACxD,uBAAuB,KAAK,OAAO,UAAU;IAC7C,gBAAgB;IAChB,OAAO,KAAK;IACZ,2CAA2C;IAC3C,wBAAwB;IACxB,0BAA0B,KAAK,OAAO,6BAA6B;IAMnE,0BAA0B;IAC1B,iBAAiB,KAAK,OAAO;IAC9B;GACD,aAAa,KAAK;GACnB;;;AAIL,SAAgB,oCAAoC,WAAuD;AAIzG,SAAQ,WAAR;EACE,KAAK,iBACH,QAAO;EACT,KAAK,aACH,QAAO;EACT,KAAK,iBACH,QAAO;EACT,KAAK,eACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,MACH,QAAO;EACT,KAAK,aACH,QAAO;EAET,KAAK,SACH,QAAO;EACT,KAAK,cACH,QAAO;EACT,KAAK,SACH,QAAO;EACT,KAAK,OACH,QAAO;EACT,KAAK,iBACH,QAAO;EACT,KAAK,OACH,QAAO;EACT,QACE,QAAO;;;AAIb,SAAgB,yCACd,QACA,QACkB;AAClB,QAAO;EACL,UAAU,OAAO;EACjB,gBAAgB,OAAO;EACvB,UAAU,OAAO;EACjB,MAAM,OAAO;EACb,QAAQ,OAAO;EACf,QAAQ;EACR,WAAW,OAAO;EAClB,aAAa,OAAO;EACrB;;AAGH,SAAgB,+CAA+C,UAA8C;AAC3G,KAAI,CAAC,SAAU,QAAO;AACtB,SAAQ,UAAR;EACE,KAAK,OACH,QAAO;EACT,KAAK,WACH,QAAO;EACT,KAAK,wBACH,QAAO;EACT,KAAK,gBACH,QAAO;EACT,KAAK,QACH,QAAO;EACT,QACE,OAAM,IAAI,MAAM,uDAAuD,SAAS,GAAG;;;AAIzF,SAAgB,yCACd,kBACsB;AACtB,KAAI,CAAC,oBAAoB,CAAC,OAAO,KAAK,iBAAiB,CAAC,OAAQ,QAAO,EAAE;AACzE,QAAO,OAAO,KAAK,iBAAiB,CACjC,QAAQ,SAAS,iBAAiB,MAAM,CACxC,KAAK,SAAS;EACb,MAAM,QAAQ,iBAAiB;AAC/B,SAAO;GACC;GACN,cAAc,MAAM;GACpB,OAAO;IACL,UAAU,MAAM,UAAU,SAAS,MAAM,WAAW,CAAC,IAAI;IACzD,oBAAoB,MAAM;IAC1B,mBAAmB,MAAM;IACzB,gBAAgB,MAAM;IACvB;GACF;GACD;;AAGN,SAAgB,iDACd,gBACA,oBACqB;AAIrB,KAAI,CAAC,eACH,QAAO,CACL;EACE,mBAAmB;EACnB,eAAe,qBAAqB,aAAa;EAClD,CACF;AAEH,QAAO,eAAe,KAAK,UAAU;AACnC,SAAO;GACL,mBAAmB,MAAM;GACzB,mBAAmB,MAAM;GACzB,eAAe,MAAM;GACtB;GACD;;AAGJ,SAAgB,mDACd,kBACuB;AACvB,KAAI,CAAC,iBAAkB,QAAO,EAAE;AAChC,QAAO,iBAAiB,KAAK,WAAW;AACtC,SAAO;GACL,QAAQ,OAAO;GACf,cAAc,OAAO;GACrB,mBAAmB,OAAO,sBAAsB;GAChD,gBAAgB,OAAO;GAIvB,uBAAuB,MAAM,QAAQ,OAAO,SAAS,GAAc,OAAO,UAAW,KAAK,KAAK,GAAG,OAAO;GAC1G;GACD;;AAGJ,SAAgB,eAAe,aAA4D;AACzF,iBAAgB,EAAE;AAClB,QAAO,OAAO,KAAK,YAAY,CAAC,QAAQ,KAAK,QAAQ;EAGnD,MAAM,QAAQ,YAAY;AAC1B,MAAI,OAAO,UAAU,YAAY,OAAO,mBAAmB,KAAK,OAC9D,KAAI,OAAO;WACF,OAAO,UAAU,YAAY,OAAO,mBAAmB,KAAK,QACrE,KAAI,OAAO;WAEP,OAAO,UAAU,YAAY,OAAO,UAAU,UAAW,KAAI,OAAO;AAE1E,SAAO;IACN,EAAE,CAA0B;;AAGjC,SAAgB,sBAAsB,yBAAiF;AACrH,KAAI,CAAC,wBAAyB,QAAO,EAAE;CAIvC,MAAM,mEAAmD,IAAI,KAAsC;AACnG,MAAK,MAAM,QAAQ,yBAAyB;EAC1C,MAAM,MAAM,GAAG,KAAK,QAAQ,KAAK,GAAG,KAAK,SAAS,YAAY,KAAK,MAAM,GAAG,EAAE,KAAK,GAAG,EAAE,QAAQ,CAAC,KAAK,IAAI;AAC1G,MAAI,CAAC,iDAAiD,IAAI,IAAI,CAC5D,kDAAiD,IAAI,KAAK,EAAE,CAAC;AAE/D,mDAAiD,IAAI,IAAI,CAAE,KAAK,KAAK;;AAEvE,QAAO,MAAM,KAAK,iDAAiD,QAAQ,CAAC,CAAC,KAAK,UAAU;AAC1F,SAAO;GACL,mBAAmB,MAAM,GAAI,QAAQ;GACrC,qBAAqB,MAAM,KAAK,MAAM,EAAE,uBAAuB,CAAC,QAAQ,MAAM,KAAK,EAAE,SAAS,EAAE;GAChG,oBAAoB,MACjB,KAAK,MAAM,EAAE,qBAAqB,WAAW,CAC7C,QAAQ,MAAM,KAAK,EAAE,SAAS,EAAE,CAChC,KAAK,MAAM,EAAG;GACjB,uBAAuB,EAAE;GAC1B;GACD;;AAGJ,SAAgB,eAAe,EAC7B,gBACA,kBACA,mBACA,aACA,cAOyB;CACzB,MAAM,cAAc,EAAE;AAGtB,KAAI,kBACF,aAAY,KAAK;EACf,MAAM;EACN,MAAM;EACN,WAAW,oBAAoB,IAAI,MAAM,EAAE,SAAS,IAAI,mBAAmB;EAC3E,UAAU;EACX,CAAC;AAIJ,KAAI,YACF,aAAY,KAAK;EACf,MAAM;EACN,MAAM;EACN,UAAU;EACV,UAAU;EACX,CAAC;AAEJ,KAAI,WAGF,aAAY,KAAK,GAAG,OAAO,OAAO,WAAW,CAAC;AAGhD,QAAO;;;;;ACrbT,MAAa,iCAAiC,EAAE,OAAO;CAErD,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC7B,kBAAkB,EACf,KAAK;EACJ;EACA;EAEA;EACD,CAAC,CACD,SAAS;CACZ,SAAS,EAAE,SAAS,CAAC,SAAS;CAC9B,WAAW,EAAE,QAAQ;CACrB,MAAM,EAAE,QAAQ;CAChB,WAAW,EAAE,KAAK;EAAC;EAAU;EAAU;EAAS,CAAC;CACjD,cAAc,EAAE,SAAS,CAAC,SAAS;CACnC,eAAe,EAAE,SAAS,CAAC,SAAS;CACpC,gBAAgB,EAAE,QAAQ,CAAC,SAAS;CACpC,MAAM,EAAE,QAAQ,CAAC,SAAS;CAC1B,MAAM,EACH,KAAK;EACJ,YAAY;EACZ,MAAM;EACN,WAAW;EACX,WAAW;EACX,SAAS;EACV,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,SAAS;CACb,CAAC;AAGF,MAAa,uCAAuC,EAAE,OAAO;CAC3D,cAAc,2BAA2B,OAAO;CAChD,kBAAkB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAC/C,CAAC;AAGF,MAAa,uCAAuC,EAAE,OAAO;CAC3D,SAAS,EAAE,QAAQ;CACnB,KAAK,EAAE,QAAQ;CACf,KAAK,EAAE,QAAQ;CACf,KAAK,EAAE,OAAO;EACZ,YAAY,EAAE,QAAQ;EACtB,IAAI,EAAE,QAAQ;EACf,CAAC;CACF,UAAU,EAAE,OAAO;EACjB,MAAM,EAAE,QAAQ;EAChB,SAAS,EAAE,QAAQ;EACnB,KAAK,EAAE,QAAQ;EAChB,CAAC;CACF,WAAW,EAAE,OAAO;EAClB,MAAM,EAAE,QAAQ,CAAC,SAAS;EAC1B,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,CAAC,CAAC,SAAS;EACzD,UAAU,EAAE,OAAO,EAAE,WAAW,gCAAgC,CAAC,CAAC,SAAS;EAC3E,UAAU,EACP,OAAO;GACN,aAAa,EAAE,QAAQ;GACvB,cAAc,EAAE,KAAK,CAAC,UAAU,WAAW,CAAC;GAC5C,OAAO,EAAE,KAAK,CAAC,WAAW,cAAc,CAAC;GACzC,cAAc,2BAA2B,OAAO;GACjD,CAAC,CACD,SAAS;EACb,CAAC;CACF,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CAClD,CAAC;AAGF,MAAa,oCAAoC,EAAE,OAAO;CACxD,mBAAmB,EAAE,QAAQ;CAC7B,cAAc,2BAA2B,OAAO;CAChD,4BAA4B,+BAA+B,OAAO;CAClE,YAAY,EAAE,QAAQ;CACtB,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,kBAAkB,EAAE,QAAQ;CAC5B,oBAAoB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CAC5D,CAAC;AAGF,MAAa,oCAAoC,EAAE,OAAO;CACxD,mBAAmB,EAAE,QAAQ;CAC7B,oBAAoB,EAAE,QAAQ,CAAC,OAAO;CACtC,4BAA4B,+BAA+B,OAAO;CAClE,YAAY,EAAE,QAAQ,CAAC,SAAS;CAChC,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,kBAAkB,EAAE,QAAQ,CAAC,SAAS;CACtC,oBAAoB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CAC5D,CAAC;AAGF,MAAa,uCAAuC,EAAE,KAAK;CACzD;CACA;CACA;CACA;CACA;CACD,CAAC;AAEF,MAAa,mCAAmC,EAAE,OAAO;CACvD,oBAAoB,EAAE,QAAQ,CAAC,OAAO;CACtC,QAAQ,qCAAqC,SAAS;CACvD,CAAC;AAGF,MAAa,kCAAkC,EAAE,OAAO,EACtD,mBAAmB,EAAE,QAAQ,CAAC,SAAS,EACxC,CAAC;AAGF,MAAa,2BAA2B,EAAE,OAAO;CAC/C,cAAc,EAAE,QAAQ;CACxB,iBAAiB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CACxD,SAAS,EAAE,SAAS,CAAC,SAAS;CAC/B,CAAC;AAGF,MAAa,uCAAuC,yBAAyB,OAAO,EAAE,CAAC;AAGvF,MAAa,yCAAyC,EAAE,OAAO;CAC7D,aAAa,EAAE,QAAQ;CACvB,cAAc,EAAE,QAAQ;CACxB,oBAAoB,EAAE,QAAQ;CAC/B,CAAC;AAGF,MAAa,8CAA8C,yBAAyB,OAAO,EAAE,CAAC;AAG9F,MAAa,0CAA0C,EAAE,OAAO,EAC9D,oBAAoB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS,EAC5D,CAAC;AAGF,MAAa,0CAA0C,EAAE,OAAO;CAC9D,MAAM,EAAE,QAAQ;CAChB,SAAS,EAAE,QAAQ;CACnB,aAAa,EAAE,QAAQ;CACvB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CACrD,CAAC;AAGF,MAAa,gCAAgC,EAAE,OAAO;CACpD,MAAM,EAAE,QAAQ;CAChB,iBAAiB,wCAAwC,SAAS;CAClE,UAAU,wCAAwC,SAAS;CAC3D,SAAS,wCAAwC,SAAS;CAC3D,CAAC;AAGF,MAAa,sCAAsC,EAAE,OAAO,EAC1D,WAAW,+BACZ,CAAC;AAGF,MAAa,qCAAqC,EAAE,OAAO,EACzD,UAAU,EAAE,OAAO;CACjB,gBAAgB;CAChB,QAAQ,EAAE,OAAO;EACf,cAAc,EAAE,QAAQ;EACxB,mBAAmB,EAAE,QAAQ;EAC7B,mBAAmB,EAAE,QAAQ;EAC7B,mBAAmB,EAAE,QAAQ;EAC9B,CAAC;CACH,CAAC,EACH,CAAC;AAGF,MAAa,kCAAkC,EAAE,OAAO;CACtD,QAAQ,EAAE,QAAQ;CAClB,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CAC9C,CAAC;AAGF,MAAa,yBAAyB,EAAE,OAAO;CAC7C,QAAQ,EAAE,QAAQ;CAClB,MAAM,EAAE,KAAK;EAAC;EAAa;EAAS;EAAgB;EAAY,CAAC;CACjE,OAAO,EAAE,QAAQ,CAAC,SAAS;CAC3B,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACpC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC,SAAS;CACjD,CAAC;;;;ACnKF,MAAa,8BAA8B,EAAE,KAAK;CAChD;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,0BAA0B,EAAE,mBAAmB,QAAQ;CAClE,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,sBAAsB;EAAE,MAAM;EAAmC,CAAC;CAC7F,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,sBAAsB;EAAE,MAAM;EAAmC,CAAC;CAC7F,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,qBAAqB;EAAE,MAAM;EAAkC,CAAC;CAC3F,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,0BAA0B;EAAE,MAAM;EAAsC,CAAC;CACpG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,4BAA4B;EAAE,MAAM;EAAwC,CAAC;CACxG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,kCAAkC;EAAE,MAAM;EAA6C,CAAC;CACnH,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,oBAAoB;EAAE,MAAM;EAAiC,CAAC;CACzF,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,yBAAyB;EAAE,MAAM;EAAsC,CAAC;CACnG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,+BAA+B;EAAE,MAAM;EAAsC,CAAC;CACzG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,4BAA4B;EAAE,MAAM;EAAyC,CAAC;CACzG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,wBAAwB;EAAE,MAAM,oCAAoC,OAAO;EAAE,CAAC;CACzG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,uBAAuB;EAAE,MAAM,mCAAmC,OAAO;EAAE,CAAC;CACvG,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,mBAAmB;EAAE,MAAM;EAAiC,CAAC;CACxF,EAAE,OAAO;EAAE,MAAM,EAAE,QAAQ,iBAAiB;EAAE,MAAM,uBAAuB,OAAO;EAAE,CAAC;CACtF,CAAC;;;;;;;;;;;;;AAmFF,SAAgB,mBAAmB,EACjC,WAAW,oBACX,cACA,QACA,gBACA,SACA,UACkC;CAElC,MAAM,MAAM,IAAI,MAAM,CAAC,SAAS,SAAS;CAgBzC,SAAS,UAA6B,MAA6B,QAAW,QAAiB;AAC7F,MAAI,GACF,UAAU,QACV,QAAQ,QACR,WAAW,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,EACjD,OAAO,SAAS,SAAS;GAOvB,MAAM,UADM,IAAI,IAAI,QAAQ,IAAI,IAAI,CAChB,aAAa;GACjC,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;AACzC,OAAI,SAAS;IACX,MAAM,QAAQ,QAAQ,IAAI,OAAO,gBAAgB;AACjD,QAAI,CAAC,MAAO,QAAO,QAAQ,KAAK,MAAM,IAAI;AAE1C,QAAI,CADU,MAAM,aAAa,OAAO,IAAI,MAAM,CACtC,QAAO,QAAQ,KAAK,MAAM,IAAI;SAE1C,QAAO,MAAM,oDAAoD,QAAQ,IAAI,MAAM;AAIrF,OAAI,QACF,OAAM,QAAQ,IAAI,MAAM,MAAM,QAAQ,IAAI,MAAM,CAAC;AAGnD,SAAM,MAAM;KAEd,WAAW,QAAQ,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC,CAAC,EAC9C,OAAO,YAAY;GACjB,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;GACzC,MAAM,EAAE,SAAS,QAAQ,IAAI,MAAM,OAAO;GAE1C,MAAM,UAAmB,MAAM,OAAO,IAAI;IAAE;IAAY;IAAa,CAAC;AACtE,UAAO,QAAQ,KAAK,MAAM,UAAU,MAAM,IAAI;IAEjD;;AAGH,WAAU,uBAAuB,kCAAkC;AACnE,WAAU,uBAAuB,kCAAkC;AACnE,WAAU,sBAAsB,iCAAiC;AACjE,WAAU,2BAA2B,qCAAqC;AAC1E,WAAU,6BAA6B,uCAAuC;AAC9E,WAAU,mCAAmC,4CAA4C;AACzF,WAAU,qBAAqB,iCAAiC,QAAQ;AACxE,WAAU,0BAA0B,qCAAqC;AACzE,WAAU,gCAAgC,qCAAqC;AAC/E,WAAU,6BAA6B,wCAAwC;AAC/E,WAAU,yBAAyB,oCAAoC,OAAO,CAAC;AAC/E,WAAU,wBAAwB,mCAAmC,OAAO,CAAC;AAC7E,WAAU,oBAAoB,gCAAgC;AAC9D,WAAU,kBAAkB,uBAAuB,OAAO,CAAC;AAK3D,KAAI,GACF,OACA,gBACA,WAAW,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,EACjD,OAAO,SAAS,SAAS;EACvB,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;EACzC,MAAM,QAAQ,QAAQ,IAAI,OAAO,gBAAgB;AACjD,MAAI,CAAC,MAAO,QAAO,QAAQ,KAAK,MAAM,IAAI;AAE1C,MAAI,CADU,MAAM,aAAa,OAAO,IAAI,MAAM,CACtC,QAAO,QAAQ,KAAK,MAAM,IAAI;AAC1C,QAAM,MAAM;IAEd,OAAO,YAAY;EACjB,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;EACzC,MAAM,MAAM,MAAM,OAAO,GAAG;AAC5B,MAAI,CAAC,IAAK,QAAO,QAAQ,KAAK,MAAM,IAAI;AACxC,SAAO,QAAQ,KAAK,IAAI;GAE3B;AACD,KAAI,GACF,OACA,oBACA,WAAW,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,EACjD,OAAO,SAAS,SAAS;EACvB,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;EACzC,MAAM,QAAQ,QAAQ,IAAI,OAAO,gBAAgB;AACjD,MAAI,CAAC,MAAO,QAAO,QAAQ,KAAK,MAAM,IAAI;AAE1C,MAAI,CADU,MAAM,aAAa,eAAe,IAAI,MAAM,CAC9C,QAAO,QAAQ,KAAK,MAAM,IAAI;AAC1C,QAAM,MAAM;IAEd,OAAO,YAAY;EACjB,MAAM,EAAE,OAAO,QAAQ,IAAI,MAAM,QAAQ;EACzC,MAAM,cAAc,MAAM,eAAe,GAAG;AAC5C,MAAI,CAAC,YAAa,QAAO,QAAQ,KAAK,MAAM,IAAI;AAChD,SAAO,QAAQ,KAAK,YAAY;GAEnC;AAED,QAAO;;;;;AClQT,SAAgB,kBAAkB,MAAsB;AAEtD,QAAO,MACH,QAAQ,OAAO,IAAI,EACnB,QAAQ,SAAS,IAAI,EACrB,QAAQ,WAAW,MAAM;;AAK/B,SAAgB,oBAAoB,QAAqC;AAEvE,QAAO,QAAQ,QAAQ,mBAAmB,GAAG;;AAG/C,SAAgB,mBAAmB,IAAqC;AACtE,QAAO,GAAG,aAAa,KAAK,QAAQ,IAAI,oBAAoB,UAAU,CAAC;;AAGzE,SAAgB,SAAS,GAAa,GAAsB;AAC1D,KAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,QAAO,EAAE,OAAO,SAAS,EAAE,SAAS,KAAK,CAAC;;AAG5C,SAAgB,0BAA0B,MAAsD;CAE9F,MAAM,qBAAqB,KAAK,oBAAoB;CACpD,IAAI;AACJ,SAAQ,KAAK,QAAb;EACE,KAAK;AACH,YAAS;AACT;EACF,KAAK;AACH,YAAS;AACT;EACF,KAAK;AACH,YAAS,cAAc,mBAAmB;AAC1C;EACF,KAAK;AACH,YAAS,cAAc,mBAAmB;AAC1C;EACF,KAAK;AACH,YAAS,cAAc,mBAAmB;AAC1C;;AAEJ,KAAI,UAAU,OAAO,SAAS,EAC5B,WAAU;AAEZ,QAAO;;AAGT,SAAgB,eAAe,MAA0D;AACvF,QAAO;EACL,yBAAyB,KAAK,qBAAqB,QAAQ;EAC3D,cAAc,KAAK,aAAa,KAAK,SAAS;GAC5C,mBAAmB,IAAI;GACvB,sBAAsB,IAAI;GAC1B,WAAW,IAAI;GAChB,EAAE;EACJ;;AAGH,SAAgB,0BAA0B,EACxC,gBACA,MACA,cACA,wBAMS;CACT,IAAI,SAAS;CACb,MAAM,SAAS;CAKf,MAAM,eAAe,QAAQ,IAAI,QAAQ,IAAI,OAAO,mBAAmB,8BAA8B,EAAE,IAAI,EAAE,GAAG;AAKhH,KAAI,aAAa,WAAW,GAAG;EAC7B,MAAM,2BAA2B,aAAa,KAAK,QAAQ;AACzD,UAAO,wHAAwH,IAAI,KAAK,mBAAmB,eAAe,oBAAoB,IAAI,oBAAoB,eAAe,IAAI,QAAQ;IACjP;AACF,YAAU,GAAG,yBAAyB,KAAK,IAAI,CAAC;;AAMlD,KAAI,sBAAsB;EACxB,MAAM,2CAA2C,uBAAuB,OAAO,SAAS;AACxF,SAAO,GAAG,SAAS,YAAY,UAAU,GAAG,yCAAyC,GAAG;;AAE1F,QAAO,GAAG,SAAS,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsEnC,SAAgB,gBAAgB,OAA8B,OAAuC;CAEnG,MAAM,eAAe,MAAM;CAC3B,MAAM,eAAe,MAAM;AAC3B,MAAK,gBAAgB,aAAgB,gBAAgB,QACnD,QAAO;CAGT,MAAM,UAAU,mBAAmB,MAAM;CACzC,MAAM,UAAU,mBAAmB,MAAM;AAGzC,KAAI,CAAC,gBAAgB,CAAC,SAAS,SAAS,QAAQ,CAC9C,QAAO;CAIT,MAAM,kBAAkB,QAAQ,QAAQ,QAAQ,QAAQ,SAAS,IAAI,CAAC;AACtE,MAAK,MAAM,OAAO,iBAAiB;EACjC,MAAM,SAAS,MAAM,aAAa,MAAM,MAAM,EAAE,uBAAuB,IAAI;EAC3E,MAAM,SAAS,MAAM,aAAa,MAAM,MAAM,EAAE,uBAAuB,IAAI;AAC3E,MAAI,SAAS,0BAA0B,SAAS,sBAC9C,QAAO;;AAKX,QAAO"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@paklo/core",
3
- "version": "0.13.0",
3
+ "version": "0.14.1",
4
4
  "sideEffects": false,
5
5
  "type": "module",
6
6
  "author": "mburumaxwell",
@@ -55,20 +55,20 @@
55
55
  "homepage": "https://github.com/mburumaxwell/paklo#readme",
56
56
  "dependencies": {
57
57
  "@hono/zod-validator": "0.7.6",
58
- "hono": "4.11.5",
58
+ "hono": "4.12.3",
59
59
  "js-yaml": "4.1.1",
60
60
  "ky": "1.14.3",
61
61
  "octokit": "5.0.5",
62
- "pino": "10.3.0",
62
+ "pino": "10.3.1",
63
63
  "pino-pretty": "13.1.3",
64
- "semver": "7.7.3",
64
+ "semver": "7.7.4",
65
65
  "zod": "4.3.6"
66
66
  },
67
67
  "devDependencies": {
68
68
  "@types/js-yaml": "4.0.9",
69
- "@types/node": "25.0.3",
69
+ "@types/node": "25.3.3",
70
70
  "@types/semver": "7.7.1",
71
- "tsdown": "0.20.1"
71
+ "tsdown": "0.20.3"
72
72
  },
73
73
  "publishConfig": {
74
74
  "access": "public"