@paklo/core 0.7.0 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/dist/azure/index.d.mts +2 -2
  2. package/dist/azure/index.mjs +5 -6
  3. package/dist/azure/index.mjs.map +1 -1
  4. package/dist/dependabot/index.d.mts +2 -2
  5. package/dist/dependabot/index.mjs +3 -4
  6. package/dist/{dependabot-DBfBwsNy.mjs → dependabot-BdrOiAWj.mjs} +9 -5
  7. package/dist/dependabot-BdrOiAWj.mjs.map +1 -0
  8. package/dist/github/index.d.mts +1 -1
  9. package/dist/github/index.mjs +1 -2
  10. package/dist/github/index.mjs.map +1 -1
  11. package/dist/http/index.mjs +1 -2
  12. package/dist/{http-50rptIBF.mjs → http-D2wwAKQ-.mjs} +2 -6
  13. package/dist/http-D2wwAKQ-.mjs.map +1 -0
  14. package/dist/{index-CLEzOAkx.d.mts → index--PMbsXAm.d.mts} +57 -34
  15. package/dist/{index-4kLQpBct.d.mts → index-BWftXTYB.d.mts} +1 -1
  16. package/dist/{job-Bv41xyKj.mjs → job-BuCBKP9L.mjs} +1 -1
  17. package/dist/{job-Bv41xyKj.mjs.map → job-BuCBKP9L.mjs.map} +1 -1
  18. package/dist/logger-IPTn7PT9.mjs +13 -0
  19. package/dist/logger-IPTn7PT9.mjs.map +1 -0
  20. package/dist/logger.mjs +1 -2
  21. package/dist/usage.d.mts +12 -3
  22. package/dist/usage.mjs +11 -5
  23. package/dist/usage.mjs.map +1 -1
  24. package/package.json +1 -9
  25. package/dist/dependabot-DBfBwsNy.mjs.map +0 -1
  26. package/dist/environment/index.d.mts +0 -33
  27. package/dist/environment/index.mjs +0 -3
  28. package/dist/environment-DxHQ97yw.mjs +0 -119
  29. package/dist/environment-DxHQ97yw.mjs.map +0 -1
  30. package/dist/http-50rptIBF.mjs.map +0 -1
  31. package/dist/logger-DIt9KuME.mjs +0 -14
  32. package/dist/logger-DIt9KuME.mjs.map +0 -1
  33. package/dist/shared-data/index.d.mts +0 -22
  34. package/dist/shared-data/index.mjs +0 -23
  35. package/dist/shared-data/index.mjs.map +0 -1
package/dist/{index-CLEzOAkx.d.mts → index--PMbsXAm.d.mts} RENAMED
@@ -1,4 +1,4 @@
1
- import { p as SecurityVulnerability } from "./index-4kLQpBct.mjs";
1
+ import { p as SecurityVulnerability } from "./index-BWftXTYB.mjs";
2
2
  import { z } from "zod";
3
3
  import { Hono } from "hono";
4
4
 
@@ -98,8 +98,8 @@ declare const DependabotGroupSchema: z.ZodObject<{
98
98
  "security-updates": "security-updates";
99
99
  }>>;
100
100
  'dependency-type': z.ZodOptional<z.ZodEnum<{
101
- development: "development";
102
101
  production: "production";
102
+ development: "development";
103
103
  }>>;
104
104
  patterns: z.ZodOptional<z.ZodArray<z.ZodString>>;
105
105
  'exclude-patterns': z.ZodOptional<z.ZodArray<z.ZodString>>;
@@ -113,11 +113,11 @@ type DependabotGroup = z.infer<typeof DependabotGroupSchema>;
113
113
  declare const DependabotAllowConditionSchema: z.ZodObject<{
114
114
  'dependency-name': z.ZodOptional<z.ZodString>;
115
115
  'dependency-type': z.ZodOptional<z.ZodEnum<{
116
+ production: "production";
117
+ development: "development";
116
118
  direct: "direct";
117
119
  indirect: "indirect";
118
- development: "development";
119
120
  all: "all";
120
- production: "production";
121
121
  }>>;
122
122
  'update-type': z.ZodOptional<z.ZodEnum<{
123
123
  all: "all";
@@ -227,10 +227,10 @@ declare const PackageEcosystemSchema: z.ZodEnum<{
227
227
  }>;
228
228
  type PackageEcosystem = z.infer<typeof PackageEcosystemSchema>;
229
229
  declare const VersioningStrategySchema: z.ZodEnum<{
230
- "lockfile-only": "lockfile-only";
231
230
  auto: "auto";
232
231
  increase: "increase";
233
232
  "increase-if-necessary": "increase-if-necessary";
233
+ "lockfile-only": "lockfile-only";
234
234
  widen: "widen";
235
235
  }>;
236
236
  type VersioningStrategy = z.infer<typeof VersioningStrategySchema>;
@@ -276,11 +276,11 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
276
276
  allow: z.ZodOptional<z.ZodArray<z.ZodObject<{
277
277
  'dependency-name': z.ZodOptional<z.ZodString>;
278
278
  'dependency-type': z.ZodOptional<z.ZodEnum<{
279
+ production: "production";
280
+ development: "development";
279
281
  direct: "direct";
280
282
  indirect: "indirect";
281
- development: "development";
282
283
  all: "all";
283
- production: "production";
284
284
  }>>;
285
285
  'update-type': z.ZodOptional<z.ZodEnum<{
286
286
  all: "all";
@@ -308,8 +308,8 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
308
308
  "security-updates": "security-updates";
309
309
  }>>;
310
310
  'dependency-type': z.ZodOptional<z.ZodEnum<{
311
- development: "development";
312
311
  production: "production";
312
+ development: "development";
313
313
  }>>;
314
314
  patterns: z.ZodOptional<z.ZodArray<z.ZodString>>;
315
315
  'exclude-patterns': z.ZodOptional<z.ZodArray<z.ZodString>>;
@@ -378,10 +378,10 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
378
378
  'target-branch': z.ZodOptional<z.ZodString>;
379
379
  vendor: z.ZodOptional<z.ZodBoolean>;
380
380
  'versioning-strategy': z.ZodOptional<z.ZodEnum<{
381
- "lockfile-only": "lockfile-only";
382
381
  auto: "auto";
383
382
  increase: "increase";
384
383
  "increase-if-necessary": "increase-if-necessary";
384
+ "lockfile-only": "lockfile-only";
385
385
  widen: "widen";
386
386
  }>>;
387
387
  patterns: z.ZodOptional<z.ZodArray<z.ZodString>>;
@@ -393,7 +393,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
393
393
  'exclude-paths'?: string[] | undefined;
394
394
  allow?: {
395
395
  'dependency-name'?: string | undefined;
396
- 'dependency-type'?: "direct" | "indirect" | "development" | "all" | "production" | undefined;
396
+ 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
397
397
  'update-type'?: "all" | "security" | undefined;
398
398
  }[] | undefined;
399
399
  assignees?: string[] | undefined;
@@ -413,7 +413,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
413
413
  groups?: Record<string, {
414
414
  IDENTIFIER?: string | undefined;
415
415
  'applies-to'?: "version-updates" | "security-updates" | undefined;
416
- 'dependency-type'?: "development" | "production" | undefined;
416
+ 'dependency-type'?: "production" | "development" | undefined;
417
417
  patterns?: string[] | undefined;
418
418
  'exclude-patterns'?: string[] | undefined;
419
419
  'update-types'?: ("major" | "minor" | "patch")[] | undefined;
@@ -441,7 +441,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
441
441
  } | undefined;
442
442
  'target-branch'?: string | undefined;
443
443
  vendor?: boolean | undefined;
444
- 'versioning-strategy'?: "lockfile-only" | "auto" | "increase" | "increase-if-necessary" | "widen" | undefined;
444
+ 'versioning-strategy'?: "auto" | "increase" | "increase-if-necessary" | "lockfile-only" | "widen" | undefined;
445
445
  patterns?: string[] | undefined;
446
446
  'multi-ecosystem-group'?: string | undefined;
447
447
  }, {
@@ -451,7 +451,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
451
451
  'exclude-paths'?: string[] | undefined;
452
452
  allow?: {
453
453
  'dependency-name'?: string | undefined;
454
- 'dependency-type'?: "direct" | "indirect" | "development" | "all" | "production" | undefined;
454
+ 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
455
455
  'update-type'?: "all" | "security" | undefined;
456
456
  }[] | undefined;
457
457
  assignees?: string[] | undefined;
@@ -471,7 +471,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
471
471
  groups?: Record<string, {
472
472
  IDENTIFIER?: string | undefined;
473
473
  'applies-to'?: "version-updates" | "security-updates" | undefined;
474
- 'dependency-type'?: "development" | "production" | undefined;
474
+ 'dependency-type'?: "production" | "development" | undefined;
475
475
  patterns?: string[] | undefined;
476
476
  'exclude-patterns'?: string[] | undefined;
477
477
  'update-types'?: ("major" | "minor" | "patch")[] | undefined;
@@ -499,7 +499,7 @@ declare const DependabotUpdateSchema: z.ZodPipe<z.ZodObject<{
499
499
  } | undefined;
500
500
  'target-branch'?: string | undefined;
501
501
  vendor?: boolean | undefined;
502
- 'versioning-strategy'?: "lockfile-only" | "auto" | "increase" | "increase-if-necessary" | "widen" | undefined;
502
+ 'versioning-strategy'?: "auto" | "increase" | "increase-if-necessary" | "lockfile-only" | "widen" | undefined;
503
503
  patterns?: string[] | undefined;
504
504
  'multi-ecosystem-group'?: string | undefined;
505
505
  }>>;
@@ -651,11 +651,11 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
651
651
  allow: z.ZodOptional<z.ZodArray<z.ZodObject<{
652
652
  'dependency-name': z.ZodOptional<z.ZodString>;
653
653
  'dependency-type': z.ZodOptional<z.ZodEnum<{
654
+ production: "production";
655
+ development: "development";
654
656
  direct: "direct";
655
657
  indirect: "indirect";
656
- development: "development";
657
658
  all: "all";
658
- production: "production";
659
659
  }>>;
660
660
  'update-type': z.ZodOptional<z.ZodEnum<{
661
661
  all: "all";
@@ -683,8 +683,8 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
683
683
  "security-updates": "security-updates";
684
684
  }>>;
685
685
  'dependency-type': z.ZodOptional<z.ZodEnum<{
686
- development: "development";
687
686
  production: "production";
687
+ development: "development";
688
688
  }>>;
689
689
  patterns: z.ZodOptional<z.ZodArray<z.ZodString>>;
690
690
  'exclude-patterns': z.ZodOptional<z.ZodArray<z.ZodString>>;
@@ -753,10 +753,10 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
753
753
  'target-branch': z.ZodOptional<z.ZodString>;
754
754
  vendor: z.ZodOptional<z.ZodBoolean>;
755
755
  'versioning-strategy': z.ZodOptional<z.ZodEnum<{
756
- "lockfile-only": "lockfile-only";
757
756
  auto: "auto";
758
757
  increase: "increase";
759
758
  "increase-if-necessary": "increase-if-necessary";
759
+ "lockfile-only": "lockfile-only";
760
760
  widen: "widen";
761
761
  }>>;
762
762
  patterns: z.ZodOptional<z.ZodArray<z.ZodString>>;
@@ -768,7 +768,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
768
768
  'exclude-paths'?: string[] | undefined;
769
769
  allow?: {
770
770
  'dependency-name'?: string | undefined;
771
- 'dependency-type'?: "direct" | "indirect" | "development" | "all" | "production" | undefined;
771
+ 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
772
772
  'update-type'?: "all" | "security" | undefined;
773
773
  }[] | undefined;
774
774
  assignees?: string[] | undefined;
@@ -788,7 +788,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
788
788
  groups?: Record<string, {
789
789
  IDENTIFIER?: string | undefined;
790
790
  'applies-to'?: "version-updates" | "security-updates" | undefined;
791
- 'dependency-type'?: "development" | "production" | undefined;
791
+ 'dependency-type'?: "production" | "development" | undefined;
792
792
  patterns?: string[] | undefined;
793
793
  'exclude-patterns'?: string[] | undefined;
794
794
  'update-types'?: ("major" | "minor" | "patch")[] | undefined;
@@ -816,7 +816,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
816
816
  } | undefined;
817
817
  'target-branch'?: string | undefined;
818
818
  vendor?: boolean | undefined;
819
- 'versioning-strategy'?: "lockfile-only" | "auto" | "increase" | "increase-if-necessary" | "widen" | undefined;
819
+ 'versioning-strategy'?: "auto" | "increase" | "increase-if-necessary" | "lockfile-only" | "widen" | undefined;
820
820
  patterns?: string[] | undefined;
821
821
  'multi-ecosystem-group'?: string | undefined;
822
822
  }, {
@@ -826,7 +826,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
826
826
  'exclude-paths'?: string[] | undefined;
827
827
  allow?: {
828
828
  'dependency-name'?: string | undefined;
829
- 'dependency-type'?: "direct" | "indirect" | "development" | "all" | "production" | undefined;
829
+ 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
830
830
  'update-type'?: "all" | "security" | undefined;
831
831
  }[] | undefined;
832
832
  assignees?: string[] | undefined;
@@ -846,7 +846,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
846
846
  groups?: Record<string, {
847
847
  IDENTIFIER?: string | undefined;
848
848
  'applies-to'?: "version-updates" | "security-updates" | undefined;
849
- 'dependency-type'?: "development" | "production" | undefined;
849
+ 'dependency-type'?: "production" | "development" | undefined;
850
850
  patterns?: string[] | undefined;
851
851
  'exclude-patterns'?: string[] | undefined;
852
852
  'update-types'?: ("major" | "minor" | "patch")[] | undefined;
@@ -874,7 +874,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
874
874
  } | undefined;
875
875
  'target-branch'?: string | undefined;
876
876
  vendor?: boolean | undefined;
877
- 'versioning-strategy'?: "lockfile-only" | "auto" | "increase" | "increase-if-necessary" | "widen" | undefined;
877
+ 'versioning-strategy'?: "auto" | "increase" | "increase-if-necessary" | "lockfile-only" | "widen" | undefined;
878
878
  patterns?: string[] | undefined;
879
879
  'multi-ecosystem-group'?: string | undefined;
880
880
  }>>>;
@@ -956,7 +956,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
956
956
  'exclude-paths'?: string[] | undefined;
957
957
  allow?: {
958
958
  'dependency-name'?: string | undefined;
959
- 'dependency-type'?: "direct" | "indirect" | "development" | "all" | "production" | undefined;
959
+ 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
960
960
  'update-type'?: "all" | "security" | undefined;
961
961
  }[] | undefined;
962
962
  assignees?: string[] | undefined;
@@ -976,7 +976,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
976
976
  groups?: Record<string, {
977
977
  IDENTIFIER?: string | undefined;
978
978
  'applies-to'?: "version-updates" | "security-updates" | undefined;
979
- 'dependency-type'?: "development" | "production" | undefined;
979
+ 'dependency-type'?: "production" | "development" | undefined;
980
980
  patterns?: string[] | undefined;
981
981
  'exclude-patterns'?: string[] | undefined;
982
982
  'update-types'?: ("major" | "minor" | "patch")[] | undefined;
@@ -1004,7 +1004,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
1004
1004
  } | undefined;
1005
1005
  'target-branch'?: string | undefined;
1006
1006
  vendor?: boolean | undefined;
1007
- 'versioning-strategy'?: "lockfile-only" | "auto" | "increase" | "increase-if-necessary" | "widen" | undefined;
1007
+ 'versioning-strategy'?: "auto" | "increase" | "increase-if-necessary" | "lockfile-only" | "widen" | undefined;
1008
1008
  patterns?: string[] | undefined;
1009
1009
  'multi-ecosystem-group'?: string | undefined;
1010
1010
  }[];
@@ -1057,7 +1057,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
1057
1057
  'exclude-paths'?: string[] | undefined;
1058
1058
  allow?: {
1059
1059
  'dependency-name'?: string | undefined;
1060
- 'dependency-type'?: "direct" | "indirect" | "development" | "all" | "production" | undefined;
1060
+ 'dependency-type'?: "production" | "development" | "direct" | "indirect" | "all" | undefined;
1061
1061
  'update-type'?: "all" | "security" | undefined;
1062
1062
  }[] | undefined;
1063
1063
  assignees?: string[] | undefined;
@@ -1077,7 +1077,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
1077
1077
  groups?: Record<string, {
1078
1078
  IDENTIFIER?: string | undefined;
1079
1079
  'applies-to'?: "version-updates" | "security-updates" | undefined;
1080
- 'dependency-type'?: "development" | "production" | undefined;
1080
+ 'dependency-type'?: "production" | "development" | undefined;
1081
1081
  patterns?: string[] | undefined;
1082
1082
  'exclude-patterns'?: string[] | undefined;
1083
1083
  'update-types'?: ("major" | "minor" | "patch")[] | undefined;
@@ -1105,7 +1105,7 @@ declare const DependabotConfigSchema: z.ZodPipe<z.ZodObject<{
1105
1105
  } | undefined;
1106
1106
  'target-branch'?: string | undefined;
1107
1107
  vendor?: boolean | undefined;
1108
- 'versioning-strategy'?: "lockfile-only" | "auto" | "increase" | "increase-if-necessary" | "widen" | undefined;
1108
+ 'versioning-strategy'?: "auto" | "increase" | "increase-if-necessary" | "lockfile-only" | "widen" | undefined;
1109
1109
  patterns?: string[] | undefined;
1110
1110
  'multi-ecosystem-group'?: string | undefined;
1111
1111
  }[];
@@ -1838,6 +1838,7 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
1838
1838
  'updated-dependency-files': z.ZodArray<z.ZodObject<{
1839
1839
  content: z.ZodOptional<z.ZodNullable<z.ZodString>>;
1840
1840
  content_encoding: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
1841
+ "": "";
1841
1842
  "utf-8": "utf-8";
1842
1843
  base64: "base64";
1843
1844
  }>>>;
@@ -1874,6 +1875,7 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
1874
1875
  'updated-dependency-files': z.ZodArray<z.ZodObject<{
1875
1876
  content: z.ZodOptional<z.ZodNullable<z.ZodString>>;
1876
1877
  content_encoding: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
1878
+ "": "";
1877
1879
  "utf-8": "utf-8";
1878
1880
  base64: "base64";
1879
1881
  }>>>;
@@ -2027,8 +2029,8 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
2027
2029
  indirect: "indirect";
2028
2030
  }>;
2029
2031
  scope: z.ZodEnum<{
2030
- runtime: "runtime";
2031
2032
  development: "development";
2033
+ runtime: "runtime";
2032
2034
  }>;
2033
2035
  dependencies: z.ZodArray<z.ZodObject<{
2034
2036
  name: z.ZodString;
@@ -2074,6 +2076,12 @@ declare const DependabotRequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
2074
2076
  raw_version: z.ZodString;
2075
2077
  requirement: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
2076
2078
  }, z.core.$strip>>>;
2079
+ language: z.ZodOptional<z.ZodNullable<z.ZodObject<{
2080
+ name: z.ZodString;
2081
+ version: z.ZodString;
2082
+ raw_version: z.ZodString;
2083
+ requirement: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
2084
+ }, z.core.$strip>>>;
2077
2085
  version: z.ZodOptional<z.ZodNullable<z.ZodObject<{
2078
2086
  name: z.ZodString;
2079
2087
  version: z.ZodString;
@@ -2185,6 +2193,7 @@ declare function createApiServerApp({
2185
2193
  declare const DependabotDependencyFileSchema: z.ZodObject<{
2186
2194
  content: z.ZodOptional<z.ZodNullable<z.ZodString>>;
2187
2195
  content_encoding: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
2196
+ "": "";
2188
2197
  "utf-8": "utf-8";
2189
2198
  base64: "base64";
2190
2199
  }>>>;
@@ -2295,8 +2304,8 @@ declare const DependabotDependencySubmissionSchema: z.ZodObject<{
2295
2304
  indirect: "indirect";
2296
2305
  }>;
2297
2306
  scope: z.ZodEnum<{
2298
- runtime: "runtime";
2299
2307
  development: "development";
2308
+ runtime: "runtime";
2300
2309
  }>;
2301
2310
  dependencies: z.ZodArray<z.ZodObject<{
2302
2311
  name: z.ZodString;
@@ -2357,6 +2366,7 @@ declare const DependabotCreatePullRequestSchema: z.ZodObject<{
2357
2366
  'updated-dependency-files': z.ZodArray<z.ZodObject<{
2358
2367
  content: z.ZodOptional<z.ZodNullable<z.ZodString>>;
2359
2368
  content_encoding: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
2369
+ "": "";
2360
2370
  "utf-8": "utf-8";
2361
2371
  base64: "base64";
2362
2372
  }>>>;
@@ -2392,6 +2402,7 @@ declare const DependabotUpdatePullRequestSchema: z.ZodObject<{
2392
2402
  'updated-dependency-files': z.ZodArray<z.ZodObject<{
2393
2403
  content: z.ZodOptional<z.ZodNullable<z.ZodString>>;
2394
2404
  content_encoding: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
2405
+ "": "";
2395
2406
  "utf-8": "utf-8";
2396
2407
  base64: "base64";
2397
2408
  }>>>;
@@ -2479,6 +2490,12 @@ declare const DependabotEcosystemMetaSchema: z.ZodObject<{
2479
2490
  raw_version: z.ZodString;
2480
2491
  requirement: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
2481
2492
  }, z.core.$strip>>>;
2493
+ language: z.ZodOptional<z.ZodNullable<z.ZodObject<{
2494
+ name: z.ZodString;
2495
+ version: z.ZodString;
2496
+ raw_version: z.ZodString;
2497
+ requirement: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
2498
+ }, z.core.$strip>>>;
2482
2499
  version: z.ZodOptional<z.ZodNullable<z.ZodObject<{
2483
2500
  name: z.ZodString;
2484
2501
  version: z.ZodString;
@@ -2496,6 +2513,12 @@ declare const DependabotRecordEcosystemMetaSchema: z.ZodObject<{
2496
2513
  raw_version: z.ZodString;
2497
2514
  requirement: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
2498
2515
  }, z.core.$strip>>>;
2516
+ language: z.ZodOptional<z.ZodNullable<z.ZodObject<{
2517
+ name: z.ZodString;
2518
+ version: z.ZodString;
2519
+ raw_version: z.ZodString;
2520
+ requirement: z.ZodOptional<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodAny>>>;
2521
+ }, z.core.$strip>>>;
2499
2522
  version: z.ZodOptional<z.ZodNullable<z.ZodObject<{
2500
2523
  name: z.ZodString;
2501
2524
  version: z.ZodString;
@@ -2525,4 +2548,4 @@ declare const DependabotMetricSchema: z.ZodObject<{
2525
2548
  type DependabotMetric = z.infer<typeof DependabotMetricSchema>;
2526
2549
  //#endregion
2527
2550
  export { mapSourceFromDependabotConfigToJobConfig as $, DependabotCommitMessage as $t, DependabotRecordUpdateJobWarningSchema as A, DEPENDABOT_DEFAULT_AUTHOR_EMAIL as An, DependabotJobConfig as At, DependabotTokenType as B, DependabotRequirementSource as Bt, DependabotRecordEcosystemVersions as C, parseDependabotConfig as Cn, DependabotExistingPRSchema as Ct, DependabotRecordUpdateJobUnknownError as D, VariableFinderFn as Dn, DependabotGroupJobSchema as Dt, DependabotRecordUpdateJobErrorSchema as E, validateConfiguration as En, DependabotGroupJob as Et, CreateApiServerAppOptions as F, DependabotPackageManagerSchema as Ft, makeRandomJobId as G, DependabotSourceProvider as Gt, DependabotJobBuilder as H, DependabotSecurityAdvisory as Ht, DependabotRequest as I, DependabotProxyConfig as It, mapExperiments as J, FetchedFiles as Jt, mapAllowedUpdatesFromDependabotConfigToJobConfig as K, DependabotSourceProviderSchema as Kt, DependabotRequestSchema as L, DependabotProxyConfigSchema as Lt, DependabotUpdateDependencyListSchema as M, GitAuthor as Mn, DependabotJobFile as Mt, DependabotUpdatePullRequest as N, DependabotJobFileSchema as Nt, DependabotRecordUpdateJobUnknownErrorSchema as O, convertPlaceholder as On, DependabotGroupRuleJob as Ot, DependabotUpdatePullRequestSchema as P, DependabotPackageManager as Pt, mapSecurityAdvisories as Q, DependabotAllowConditionSchema as Qt, DependabotRequestType as R, DependabotRequirement as Rt, DependabotRecordEcosystemMetaSchema as S, VersioningStrategySchema as Sn, DependabotExistingPR as St, DependabotRecordUpdateJobError as T, parseUpdates as Tn, DependabotExperimentsSchema as Tt, DependabotJobBuilderOutput as U, DependabotSecurityAdvisorySchema as Ut, createApiServerApp as V, DependabotRequirementSourceSchema as Vt, DependabotSourceInfo as W, DependabotSource as Wt, mapIgnoreConditionsFromDependabotConfigToJobConfig as X, FileUpdaterInput as Xt, mapGroupsFromDependabotConfigToJobConfig as Y, FileFetcherInput as Yt, mapPackageEcosystemToPackageManager as Z, DependabotAllowCondition as Zt, DependabotMarkAsProcessed as _, DependabotUpdateSchema as _n, DependabotCredentialSchema as _t, DependabotCreatePullRequest as a, DependabotGroup as an, sanitizeRef as at, DependabotMetricSchema as b, PackageEcosystemSchema as bn, DependabotExistingGroupPR as bt, DependabotDependencyFileSchema as c, DependabotIgnoreConditionSchema as cn, DependabotAllowed as ct, DependabotEcosystemMeta as d, DependabotPullRequestBranchName as dn, DependabotCommandSchema as dt, DependabotCommitMessageSchema as en, mapVersionStrategyToRequirementsUpdateStrategy as et, DependabotEcosystemMetaSchema as f, DependabotRegistry as fn, DependabotCommitOptions as ft, DependabotIncrementMetricSchema as g, DependabotUpdate as gn, DependabotCredential as gt, DependabotIncrementMetric as h, DependabotScheduleSchema as hn, DependabotConditionSchema as ht, DependabotClosePullRequestSchema as i, DependabotCooldownSchema as in, getBranchNameForUpdate as it, DependabotUpdateDependencyList as j, DEPENDABOT_DEFAULT_AUTHOR_NAME as jn, DependabotJobConfigSchema as jt, DependabotRecordUpdateJobWarning as k, extractPlaceholder as kn, DependabotGroupRuleJobSchema as kt, DependabotDependencySubmission as l, DependabotMultiEcosystemGroup as ln, DependabotAllowedSchema as lt, DependabotEcosystemVersionManagerSchema as m, DependabotSchedule as mn, DependabotCondition as mt, DependabotClosePullRequestReason as n, DependabotConfigSchema as nn, parseExperiments as nt, DependabotCreatePullRequestSchema as o, DependabotGroupSchema as on, CertificateAuthority as ot, DependabotEcosystemVersionManager as p, DependabotRegistrySchema as pn, DependabotCommitOptionsSchema as pt, mapCredentials as q, DependabotSourceSchema as qt, DependabotClosePullRequestReasonEnum as r, DependabotCooldown as rn, makeDirectoryKey as rt, DependabotDependencyFile as s, DependabotIgnoreCondition as sn, CertificateAuthoritySchema as st, DependabotClosePullRequest as t, DependabotConfig as tn, DEFAULT_EXPERIMENTS as tt, DependabotDependencySubmissionSchema as u, DependabotMultiEcosystemGroupSchema as un, DependabotCommand as ut, DependabotMarkAsProcessedSchema as v, POSSIBLE_CONFIG_FILE_PATHS as vn, DependabotDependency as vt, DependabotRecordEcosystemVersionsSchema as w, parseRegistries as wn, DependabotExperiments as wt, DependabotRecordEcosystemMeta as x, VersioningStrategy as xn, DependabotExistingGroupPRSchema as xt, DependabotMetric as y, PackageEcosystem as yn, DependabotDependencySchema as yt, DependabotRequestTypeSchema as z, DependabotRequirementSchema as zt };
2528
- //# sourceMappingURL=index-CLEzOAkx.d.mts.map
2551
+ //# sourceMappingURL=index--PMbsXAm.d.mts.map
package/dist/{index-4kLQpBct.d.mts → index-BWftXTYB.d.mts} RENAMED
@@ -166,4 +166,4 @@ declare class GitHubSecurityAdvisoryClient {
166
166
  declare function filterVulnerabilities(securityVulnerabilities: SecurityVulnerability[]): SecurityVulnerability[];
167
167
  //#endregion
168
168
  export { createGitHubClient as _, PackageEcosystemSchema as a, SecurityAdvisoryIdentifierSchema as c, SecurityAdvisorySeverity as d, SecurityAdvisorySeveritySchema as f, getGhsaPackageEcosystemFromDependabotPackageManager as g, filterVulnerabilities as h, PackageEcosystem as i, SecurityAdvisoryIdentifierType as l, SecurityVulnerabilitySchema as m, GitHubSecurityAdvisoryClient as n, PackageSchema as o, SecurityVulnerability as p, Package as r, SecurityAdvisory as s, FirstPatchedVersion as t, SecurityAdvisorySchema as u };
169
- //# sourceMappingURL=index-4kLQpBct.d.mts.map
169
+ //# sourceMappingURL=index-BWftXTYB.d.mts.map
package/dist/{job-Bv41xyKj.mjs → job-BuCBKP9L.mjs} RENAMED
@@ -551,4 +551,4 @@ const DependabotJobFileSchema = z.object({ job: DependabotJobConfigSchema });
551
551
 
552
552
  //#endregion
553
553
  export { DependabotScheduleSchema as A, extractPlaceholder as B, DependabotCommitMessageSchema as C, DependabotIgnoreConditionSchema as D, DependabotGroupSchema as E, parseDependabotConfig as F, parseRegistries as I, parseUpdates as L, POSSIBLE_CONFIG_FILE_PATHS as M, PackageEcosystemSchema as N, DependabotMultiEcosystemGroupSchema as O, VersioningStrategySchema as P, validateConfiguration as R, DependabotAllowConditionSchema as S, DependabotCooldownSchema as T, makeDirectoryKey as V, DependabotRequirementSchema as _, DependabotConditionSchema as a, DependabotSourceProviderSchema as b, DependabotExistingGroupPRSchema as c, DependabotGroupJobSchema as d, DependabotGroupRuleJobSchema as f, DependabotProxyConfigSchema as g, DependabotPackageManagerSchema as h, DependabotCommitOptionsSchema as i, DependabotUpdateSchema as j, DependabotRegistrySchema as k, DependabotExistingPRSchema as l, DependabotJobFileSchema as m, DependabotAllowedSchema as n, DependabotCredentialSchema as o, DependabotJobConfigSchema as p, DependabotCommandSchema as r, DependabotDependencySchema as s, CertificateAuthoritySchema as t, DependabotExperimentsSchema as u, DependabotRequirementSourceSchema as v, DependabotConfigSchema as w, DependabotSourceSchema as x, DependabotSecurityAdvisorySchema as y, convertPlaceholder as z };
554
- //# sourceMappingURL=job-Bv41xyKj.mjs.map
554
+ //# sourceMappingURL=job-BuCBKP9L.mjs.map
package/dist/{job-Bv41xyKj.mjs.map → job-BuCBKP9L.mjs.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"job-Bv41xyKj.mjs","names":["matches: RegExpExecArray[]","regexp: RegExp","betaEcosystems: PackageEcosystem[]","updates: DependabotUpdate[]","registries: Record<string, DependabotRegistry>","referenced: string[]"],"sources":["../src/dependabot/directory-key.ts","../src/dependabot/placeholder.ts","../src/dependabot/config.ts","../src/dependabot/job.ts"],"sourcesContent":["/**\n * Options for creating a directory key that supports both naming conventions:\n * - `ecosystem` (standard format)\n * - `package-ecosystem` (alternative format for compatibility)\n *\n * Either a single `directory` or multiple `directories` can be specified.\n */\ntype MakeDirectoryKeyOptions =\n | {\n /** The package ecosystem (e.g., 'npm', 'pip', 'bundler') */\n ecosystem: string;\n /** Single directory path (optional if directories is provided) */\n directory?: string | null;\n /** Multiple directory paths (optional if directory is provided) */\n directories?: string[];\n }\n | {\n /** The package ecosystem using alternative naming convention */\n 'package-ecosystem': string;\n /** Single directory path (optional if directories is provided) */\n directory?: string | null;\n /** Multiple directory paths (optional if directory is provided) */\n directories?: string[];\n };\n\n/**\n * Creates a unique directory key by combining the ecosystem and directory information.\n *\n * The key format is: `{ecosystem}::{directory_info}`\n * - For single directory: `npm::/src/frontend`\n * - For multiple directories: `npm::/src/frontend,/src/backend`\n *\n * @param options - Configuration object containing ecosystem and directory information\n * @returns A unique string key in the format `{ecosystem}::{directories}`\n *\n * @example\n * ```typescript\n * // Single directory\n * const key1 = makeDirectoryKey({ ecosystem: 'npm', directory: '/src' });\n * // Returns: \"npm::/src\"\n *\n * // Multiple directories\n * const key2 = makeDirectoryKey({\n * ecosystem: 'pip',\n * directories: ['/backend', '/scripts']\n * });\n * // Returns: \"pip::/backend,/scripts\"\n *\n * // Using alternative naming convention\n * const key3 = makeDirectoryKey({\n * 'package-ecosystem': 'bundler',\n * directory: '/app'\n * });\n * // Returns: \"bundler::/app\"\n * ```\n */\nexport function makeDirectoryKey(options: MakeDirectoryKeyOptions): string {\n // Extract ecosystem name from either naming convention\n const ecosystem = 'ecosystem' in options ? options.ecosystem : options['package-ecosystem'];\n\n // Use single directory if provided, otherwise join multiple directories with comma\n const directoryPart = options.directory ?? options.directories!.join(',');\n\n return `${ecosystem}::${directoryPart}`;\n}\n","export type VariableFinderFn = (name: string) => string | undefined | Promise<string | undefined>;\n\nasync function convertPlaceholder({\n input,\n variableFinder,\n}: {\n input?: string;\n variableFinder: VariableFinderFn;\n}): Promise<string | undefined> {\n if (!input) return undefined;\n\n const matches: RegExpExecArray[] = extractPlaceholder(input);\n let result = input;\n for (const match of matches) {\n const placeholder = match[0];\n const name = match[1]!;\n const value = (await variableFinder(name)) ?? placeholder;\n result = result.replace(placeholder, value);\n }\n return result;\n}\n\nfunction extractPlaceholder(input: string) {\n const matches: RegExpExecArray[] = [];\n const regexp: RegExp = /\\$\\{\\{\\s{0,10}([a-zA-Z_][a-zA-Z0-9._-]{0,99})\\s{0,10}\\}\\}/;\n\n let searchInput = input;\n let offset = 0;\n\n while (searchInput.length > 0) {\n const match = searchInput.match(regexp);\n if (!match || match.index === undefined) break;\n\n // Adjust match index to account for previous slices\n const adjustedMatch = Object.assign([...match], {\n index: match.index + offset,\n input: input,\n groups: match.groups,\n }) as RegExpExecArray;\n\n matches.push(adjustedMatch);\n\n // Move past this match\n const nextStart = match.index + match[0].length;\n offset += nextStart;\n searchInput = searchInput.slice(nextStart);\n }\n\n return matches;\n}\n\nexport { convertPlaceholder, extractPlaceholder };\n","import * as yaml from 'js-yaml';\nimport { z } from 'zod';\n\nimport { makeDirectoryKey } from './directory-key';\nimport { convertPlaceholder, type VariableFinderFn } from './placeholder';\n\nexport const DependabotRegistrySchema = z\n .object({\n type: z.enum([\n // order matches\n // https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#supported-private-registries\n\n 'cargo-registry',\n 'composer-repository',\n 'docker-registry',\n 'git',\n 'goproxy-server',\n 'helm-registry',\n 'hex-organization',\n 'hex-repository',\n 'maven-repository',\n 'npm-registry',\n 'nuget-feed',\n 'pub-repository',\n 'python-index',\n 'rubygems-server',\n 'terraform-registry',\n ]),\n url: z.string().optional(),\n username: z.string().optional(),\n password: z.string().optional(),\n key: z.string().optional(),\n token: z.string().optional(),\n 'replaces-base': z.boolean().optional(),\n host: z.string().optional(), // for terraform and composer only\n registry: z.string().optional(), // for npm only\n organization: z.string().optional(), // for hex-organisation only\n repo: z.string().optional(), // for hex-repository only\n 'public-key-fingerprint': z.string().optional(), // for hex-repository only\n 'index-url': z.string().optional(), // for python-index only\n 'auth-key': z.string().optional(), // used by composer-repository, docker-registry, etc\n 'tenant-id': z.string().optional(), // can only be for azure related stuff, not sure\n 'client-id': z.string().optional(), // can only be for azure related stuff, not sure\n })\n // change underscore to dash in the registry key/type\n .transform((value) => ({ ...value, type: value.type.replace('-', '_') }));\nexport type DependabotRegistry = z.infer<typeof DependabotRegistrySchema>;\n\nexport const DependabotGroupSchema = z.object({\n // Define an identifier for the group to use in branch names and pull request titles.\n // This must start and end with a letter, and can contain letters, pipes |, underscores _, or hyphens -.\n IDENTIFIER: z\n .string()\n .check(\n z.regex(/^[a-zA-Z][a-zA-Z0-9|_-]*[a-zA-Z]$/, {\n message:\n 'Group identifier must start and end with a letter, and can contain letters, pipes |, underscores _, or hyphens -.',\n }),\n )\n .optional(),\n 'applies-to': z.enum(['version-updates', 'security-updates']).optional(),\n 'dependency-type': z.enum(['development', 'production']).optional(),\n patterns: z.string().array().optional(),\n 'exclude-patterns': z.string().array().optional(),\n 'update-types': z.enum(['major', 'minor', 'patch']).array().optional(),\n});\nexport type DependabotGroup = z.infer<typeof DependabotGroupSchema>;\n\nexport const DependabotAllowConditionSchema = z.object({\n 'dependency-name': z.string().optional(),\n 'dependency-type': z.enum(['direct', 'indirect', 'all', 'production', 'development']).optional(),\n 'update-type': z.enum(['all', 'security']).optional(),\n});\nexport type DependabotAllowCondition = z.infer<typeof DependabotAllowConditionSchema>;\n\nexport const DependabotIgnoreConditionSchema = z\n .object({\n 'dependency-name': z.string().optional(),\n versions: z.string().array().or(z.string()).optional(),\n 'update-types': z\n .enum(['version-update:semver-major', 'version-update:semver-minor', 'version-update:semver-patch'])\n .array()\n .optional(),\n })\n .and(z.record(z.string(), z.any()));\nexport type DependabotIgnoreCondition = z.infer<typeof DependabotIgnoreConditionSchema>;\n\nexport const DependabotScheduleSchema = z\n .object({\n interval: z.enum(['daily', 'weekly', 'monthly', 'quarterly', 'semiannually', 'yearly', 'cron']),\n\n day: z\n .enum(['sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday'])\n .optional()\n .default('monday'),\n\n time: z\n .string()\n .default('02:00')\n .check(z.regex(/^(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$/, { message: 'Time must be in HH:MM format' }))\n .optional(),\n\n timezone: z\n .string()\n .optional()\n .default('Etc/UTC')\n .refine(\n (value) => {\n try {\n // If tz is not a valid IANA name, this throws a RangeError\n Intl.DateTimeFormat(undefined, { timeZone: value });\n return true;\n } catch {\n return false;\n }\n },\n { message: 'Invalid IANA time zone' },\n ),\n cronjob: z\n .string()\n .check(z.regex(/^\\S+ \\S+ \\S+ \\S+ \\S+$/, { message: 'Cronjob must be in standard cron format' }))\n .optional(),\n })\n .transform((value, { addIssue }) => {\n // if interval is 'cron', cronjob must be specified\n if (value.interval === 'cron' && !value.cronjob) {\n addIssue(\"The 'cronjob' field must be specified when the interval is set to 'cron'.\");\n }\n\n return value;\n });\nexport type DependabotSchedule = z.infer<typeof DependabotScheduleSchema>;\n\nexport const DependabotCommitMessageSchema = z.object({\n prefix: z.string().optional(),\n 'prefix-development': z.string().optional(),\n include: z.string().optional(),\n});\nexport type DependabotCommitMessage = z.infer<typeof DependabotCommitMessageSchema>;\n\nexport const DependabotCooldownSchema = z.object({\n 'default-days': z.number().optional(),\n 'semver-major-days': z.number().optional(),\n 'semver-minor-days': z.number().optional(),\n 'semver-patch-days': z.number().optional(),\n include: z.string().array().optional(),\n exclude: z.string().array().optional(),\n});\nexport type DependabotCooldown = z.infer<typeof DependabotCooldownSchema>;\n\nconst DependabotPullRequestBranchNameSchema = z.object({\n separator: z.string().optional(),\n});\nexport type DependabotPullRequestBranchName = z.infer<typeof DependabotPullRequestBranchNameSchema>;\n\nexport const PackageEcosystemSchema = z.enum([\n // order matches\n // https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem-\n\n 'bazel', // still in beta as of 2025-Nov-17\n 'bun',\n 'bundler',\n 'cargo',\n 'composer',\n 'devcontainers',\n 'docker',\n 'docker-compose',\n 'dotnet-sdk',\n 'helm',\n 'mix',\n 'elm',\n 'gitsubmodule',\n 'github-actions',\n 'gomod',\n 'gradle',\n 'julia',\n 'maven',\n 'npm',\n 'nuget',\n 'opentofu', // in beta as of 2025-Nov-17\n 'pip',\n 'pip-compile', // alias mapped to 'pip'\n 'pipenv', // alias mapped to 'pip'\n 'pnpm', // alias mapped to 'npm'\n 'poetry', // alias mapped to 'pip'\n 'pub',\n 'rust-toolchain',\n 'swift',\n 'terraform',\n 'uv',\n 'vcpkg',\n 'yarn', // alias mapped to 'npm'\n]);\nexport type PackageEcosystem = z.infer<typeof PackageEcosystemSchema>;\n\nexport const VersioningStrategySchema = z.enum(['auto', 'increase', 'increase-if-necessary', 'lockfile-only', 'widen']);\nexport type VersioningStrategy = z.infer<typeof VersioningStrategySchema>;\n\nexport const DependabotUpdateSchema = z\n .object({\n 'package-ecosystem': PackageEcosystemSchema,\n directory: z.string().optional(),\n directories: z.string().array().optional(),\n 'exclude-paths': z.string().array().optional(),\n allow: DependabotAllowConditionSchema.array().optional(),\n assignees: z.string().array().optional(),\n 'commit-message': DependabotCommitMessageSchema.optional(),\n cooldown: DependabotCooldownSchema.optional(),\n groups: z.record(z.string(), DependabotGroupSchema).optional(),\n ignore: DependabotIgnoreConditionSchema.array().optional(),\n 'insecure-external-code-execution': z.enum(['allow', 'deny']).optional(),\n labels: z.string().array().optional(),\n milestone: z.coerce.string().optional(),\n 'open-pull-requests-limit': z.number().check(z.int(), z.gte(0)).optional(),\n 'pull-request-branch-name': DependabotPullRequestBranchNameSchema.optional(),\n 'rebase-strategy': z.string().optional(),\n registries: z.string().array().optional(),\n schedule: DependabotScheduleSchema.optional(), // TODO: make required after 2025-Nov-30\n 'target-branch': z.string().optional(),\n vendor: z.boolean().optional(),\n 'versioning-strategy': VersioningStrategySchema.optional(),\n patterns: z.string().array().optional(),\n 'multi-ecosystem-group': z.string().optional(),\n })\n .transform((value, { addIssue }) => {\n // either 'directory' or 'directories' must be specified\n if (!value.directory && (!value.directories || value.directories.length === 0)) {\n addIssue(\"Either 'directory' or 'directories' must be specified in the dependency update configuration.\");\n }\n\n // validate that 'directory' does not contain glob patterns\n if (value.directory && /[*?[\\]{}]/.test(value.directory)) {\n addIssue(\"The 'directory' field must not include glob pattern.\");\n }\n\n value['open-pull-requests-limit'] ??= 5; // default to 5 if not specified\n\n // The patterns key is required when using multi-ecosystem-group.\n // You can specify dependency patterns to include only certain dependencies in the group,\n // or use [\"*\"] to include all dependencies.\n if (value['multi-ecosystem-group'] && (!value.patterns || value.patterns.length === 0)) {\n addIssue(\n \"The 'patterns' field must be specified and contain at least one pattern when using 'multi-ecosystem-group'.\",\n );\n }\n\n return value;\n });\nexport type DependabotUpdate = z.infer<typeof DependabotUpdateSchema>;\n\nexport const DependabotMultiEcosystemGroupSchema = z.object({\n schedule: DependabotScheduleSchema,\n labels: z.string().array().optional(), // behaviour: additive\n milestone: z.coerce.string().optional(), // behaviour: group-only\n assignees: z.string().array().optional(), // behaviour: additive\n 'target-branch': z.string().optional(), // behaviour: group-only\n 'commit-message': DependabotCommitMessageSchema.optional(), // behaviour: group-only\n 'pull-request-branch-name': DependabotPullRequestBranchNameSchema.optional(), // behaviour: group-only\n});\nexport type DependabotMultiEcosystemGroup = z.infer<typeof DependabotMultiEcosystemGroupSchema>;\n\n/**\n * Represents the dependabot.yaml configuration file options.\n * See: https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-dependabotyml\n */\nexport const DependabotConfigSchema = z\n .object({\n /**\n * Mandatory. configuration file version.\n **/\n version: z.number().refine((v) => v === 2, { message: 'Only version 2 of dependabot is supported' }),\n\n /**\n * Optional. Configure groups of ecosystems to update together in a single pull request.\n */\n 'multi-ecosystem-groups': z.record(z.string(), DependabotMultiEcosystemGroupSchema).optional(),\n\n /**\n * Mandatory. Configure how Dependabot updates the versions or project dependencies.\n * Each entry configures the update settings for a particular package manager.\n */\n updates: DependabotUpdateSchema.array().check(\n z.minLength(1, { message: 'At least one update configuration is required' }),\n ),\n\n /**\n * Optional.\n * Specify authentication details to access private package registries.\n */\n registries: z.record(z.string(), DependabotRegistrySchema).optional(),\n\n /**\n * Optional. Enables updates for ecosystems that are not yet generally available.\n * https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#enable-beta-ecosystems-\n */\n 'enable-beta-ecosystems': z.boolean().optional(),\n })\n .transform((value, { addIssue }) => {\n // If you attempt to set group-only keys at the ecosystem level (in updates entries),\n // Dependabot will throw a configuration error and fail to process your dependabot.yml file.\n // These keys must only be specified in the multi-ecosystem-groups section.\n // https://docs.github.com/en/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates#group-only-keys\n const groupOnlyKeys = ['milestone', 'target-branch', 'commit-message', 'pull-request-branch-name'] as const;\n if (value['multi-ecosystem-groups']) {\n for (const update of value.updates) {\n for (const key of groupOnlyKeys) {\n if (key in update) {\n addIssue(\n `The '${key}' field must not be specified in the 'updates' section when using 'multi-ecosystem-groups'. It is a group-only field.`,\n );\n }\n }\n }\n }\n\n // ensure there is no update with the same package-ecosystem and directory/directories combination\n const seen = new Set<string>();\n for (const update of value.updates) {\n const key = makeDirectoryKey(update);\n if (seen.has(key)) {\n addIssue(\n `Duplicate update configuration found for '${update['package-ecosystem']}' and directory: '${update.directory ?? update.directories?.join(',')}'`,\n );\n }\n seen.add(key);\n }\n\n // ensure that the ecosystems in beta are only used when 'enable-beta-ecosystems' is true\n const betaEcosystems: PackageEcosystem[] = ['bazel', 'opentofu'];\n if (!value['enable-beta-ecosystems']) {\n for (const update of value.updates) {\n if (betaEcosystems.includes(update['package-ecosystem'])) {\n addIssue(\n `The package ecosystem '${update['package-ecosystem']}' is currently in beta. To use it, set 'enable-beta-ecosystems' to true in the dependabot configuration.`,\n );\n }\n }\n }\n\n return value;\n });\n\nexport type DependabotConfig = z.infer<typeof DependabotConfigSchema>;\n\nexport function parseUpdates(config: DependabotConfig, configPath: string): DependabotUpdate[] {\n const updates: DependabotUpdate[] = [];\n\n // Parse the value of each of the updates obtained from the file\n for (const update of config.updates) {\n // populate the 'ignore' conditions 'source' and 'updated-at' properties, if missing\n // NOTE: 'source' and 'updated-at' are not documented in the dependabot.yml config docs, but are defined in the dependabot-core and dependabot-cli models.\n // Currently they don't appear to add much value to the update process, but are populated here for completeness.\n if (update.ignore) {\n for (const condition of update.ignore) {\n condition.source ??= configPath;\n // we don't know the last updated time, so we use the current time\n condition['updated-at'] ??= new Date().toISOString();\n }\n }\n\n updates.push(update);\n }\n return updates;\n}\n\nexport async function parseRegistries(\n config: DependabotConfig,\n variableFinder: VariableFinderFn,\n): Promise<Record<string, DependabotRegistry>> {\n // Parse the value of each of the registries obtained from the config\n const registries: Record<string, DependabotRegistry> = {};\n for (const [key, registry] of Object.entries(config.registries || {})) {\n const updated = { ...registry };\n const { type } = updated;\n\n // handle special fields for 'hex-organization' types\n if (type === 'hex_organization' && !updated.organization) {\n throw new Error(`The value 'organization' in dependency registry config '${type}' is missing`);\n }\n\n // handle special fields for 'hex-repository' types\n if (type === 'hex_repository' && !updated.repo) {\n throw new Error(`The value 'repo' in dependency registry config '${key}' is missing`);\n }\n\n // parse username, password, key, and token while replacing tokens where necessary\n updated.username = await convertPlaceholder({ input: updated.username, variableFinder: variableFinder });\n updated.password = await convertPlaceholder({ input: updated.password, variableFinder: variableFinder });\n updated.key = await convertPlaceholder({ input: updated.key, variableFinder: variableFinder });\n updated.token = await convertPlaceholder({ input: updated.token, variableFinder: variableFinder });\n\n // TODO: include sources for this logic, otherwise it looks like magic.\n // Initially, this was based on reading through the dependabot-core logic\n // but much has since changed.\n\n // parse the url\n const url = updated.url;\n if (!url && type !== 'hex_organization') {\n throw new Error(`The value 'url' in dependency registry config '${key}' is missing`);\n }\n if (url) {\n /*\n * Some credentials do not use the 'url' property in the Ruby updater.\n * The 'host' and 'registry' properties are derived from the given URL.\n * The 'registry' property is derived from the 'url' by stripping off the scheme.\n * The 'host' property is derived from the hostname of the 'url'.\n *\n * 'npm_registry' and 'docker_registry' use 'registry' only.\n * 'terraform_registry' uses 'host' only.\n * 'composer_repository' uses both 'url' and 'host'.\n * 'python_index' uses 'index-url' instead of 'url'.\n */\n\n if (URL.canParse(url)) {\n const parsedUrl = new URL(url);\n\n const addRegistry = type === 'docker_registry' || type === 'npm_registry';\n if (addRegistry) updated.registry = url.replace('https://', '').replace('http://', '');\n\n const addHost = type === 'composer_repository' || type === 'terraform_registry';\n if (addHost) updated.host = parsedUrl.hostname;\n }\n\n if (type === 'python_index') updated['index-url'] = url;\n\n const removeUrl =\n type === 'docker_registry' ||\n type === 'npm_registry' ||\n type === 'terraform_registry' ||\n type === 'python_index';\n if (removeUrl) delete updated.url; // remove the url if not needed\n }\n\n // add to list\n registries[key] = updated;\n }\n return registries;\n}\n\nexport function validateConfiguration(updates: DependabotUpdate[], registries: Record<string, DependabotRegistry>) {\n const configured = Object.keys(registries);\n const referenced: string[] = [];\n for (const u of updates) referenced.push(...(u.registries ?? []));\n\n // ensure there are no configured registries that have not been referenced\n const missingConfiguration = referenced.filter((el) => !configured.includes(el));\n if (missingConfiguration.length > 0) {\n throw new Error(\n `Referenced registries: '${missingConfiguration.join(',')}' have not been configured in the root of dependabot.yml`,\n );\n }\n\n // ensure there are no registries referenced but not configured\n const missingReferences = configured.filter((el) => !referenced.includes(el));\n if (missingReferences.length > 0) {\n throw new Error(`Registries: '${missingReferences.join(',')}' have not been referenced by any update`);\n }\n}\n\n/**\n * Possible paths to the dependabot config file.\n * Remember to prefix with a forward slash when querying API endpoints or where necessary.\n */\nexport const POSSIBLE_CONFIG_FILE_PATHS = [\n '.azuredevops/dependabot.yml',\n '.azuredevops/dependabot.yaml',\n '.github/dependabot.yaml',\n '.github/dependabot.yml',\n];\n\n/**\n * Parse the contents of a dependabot config YAML file\n * @returns {DependabotConfig} config - the dependabot configuration\n */\nexport async function parseDependabotConfig({\n configContents,\n configPath,\n variableFinder,\n}: {\n configContents: string;\n configPath: string;\n variableFinder: VariableFinderFn;\n}): Promise<DependabotConfig> {\n // Load the config\n const loadedConfig = yaml.load(configContents);\n if (loadedConfig === null || typeof loadedConfig !== 'object') {\n throw new Error('Invalid dependabot config object');\n }\n\n // Parse the config\n const config = await DependabotConfigSchema.parseAsync(loadedConfig);\n const updates = parseUpdates(config, configPath);\n const registries = await parseRegistries(config, variableFinder);\n validateConfiguration(updates, registries);\n\n return { ...config, updates, registries };\n}\n","import { z } from 'zod';\nimport { DependabotCooldownSchema } from './config';\n\n// we use nullish() because it does optional() and allows the value to be set to null\n\nexport const DependabotCredentialSchema = z.record(z.string(), z.any());\nexport type DependabotCredential = z.infer<typeof DependabotCredentialSchema>;\n\nexport const CertificateAuthoritySchema = z.object({\n cert: z.string(),\n key: z.string(),\n});\nexport type CertificateAuthority = z.infer<typeof CertificateAuthoritySchema>;\n\nexport const DependabotProxyConfigSchema = z.object({\n all_credentials: DependabotCredentialSchema.array(),\n ca: CertificateAuthoritySchema,\n});\nexport type DependabotProxyConfig = z.infer<typeof DependabotProxyConfigSchema>;\n\nexport const DependabotSourceProviderSchema = z.enum(['azure', 'gitlab', 'bitbucket']);\nexport type DependabotSourceProvider = z.infer<typeof DependabotSourceProviderSchema>;\n\nexport const DependabotSourceSchema = z.object({\n provider: DependabotSourceProviderSchema,\n repo: z.string(),\n directory: z.string().nullish(),\n directories: z.string().array().nullish(),\n branch: z.string().nullish(),\n commit: z.string().nullish(),\n hostname: z.string().nullish(), // Must be provided if api-endpoint is\n 'api-endpoint': z.string().nullish(), // Must be provided if hostname is\n});\nexport type DependabotSource = z.infer<typeof DependabotSourceSchema>;\n\nexport const DependabotExistingPRSchema = z.object({\n 'dependency-name': z.string(),\n 'dependency-version': z.string().nullish(),\n directory: z.string().nullish(),\n removed: z.boolean().nullish(),\n});\nexport type DependabotExistingPR = z.infer<typeof DependabotExistingPRSchema>;\n\nexport const DependabotExistingGroupPRSchema = z.object({\n 'dependency-group-name': z.string(),\n dependencies: DependabotExistingPRSchema.array(),\n});\nexport type DependabotExistingGroupPR = z.infer<typeof DependabotExistingGroupPRSchema>;\n\nexport const DependabotAllowedSchema = z.object({\n 'dependency-name': z.string().nullish(),\n 'dependency-type': z.string().nullish(),\n 'update-type': z.enum(['all', 'security']).optional(),\n});\nexport type DependabotAllowed = z.infer<typeof DependabotAllowedSchema>;\n\nexport const DependabotGroupRuleJobSchema = z.object({\n patterns: z.string().array().nullish(),\n 'exclude-patterns': z.string().array().nullish(),\n 'dependency-type': z.string().nullish(),\n 'update-types': z.string().array().nullish(),\n});\nexport type DependabotGroupRuleJob = z.infer<typeof DependabotGroupRuleJobSchema>;\n\nexport const DependabotGroupJobSchema = z.object({\n name: z.string(),\n 'applies-to': z.string().nullish(),\n rules: DependabotGroupRuleJobSchema,\n});\nexport type DependabotGroupJob = z.infer<typeof DependabotGroupJobSchema>;\n\nexport const DependabotConditionSchema = z.object({\n 'dependency-name': z.string(),\n source: z.string().nullish(),\n 'update-types': z.string().array().nullish(),\n 'updated-at': z.coerce.string().nullish(),\n 'version-requirement': z.string().nullish(),\n});\nexport type DependabotCondition = z.infer<typeof DependabotConditionSchema>;\n\nexport const DependabotSecurityAdvisorySchema = z.object({\n 'dependency-name': z.string(),\n 'affected-versions': z.string().array(),\n 'patched-versions': z.string().array().nullish(), // may not be patched as of yet\n 'unaffected-versions': z.string().array(),\n});\nexport type DependabotSecurityAdvisory = z.infer<typeof DependabotSecurityAdvisorySchema>;\n\nexport const DependabotRequirementSourceSchema = z.record(z.string(), z.any());\nexport type DependabotRequirementSource = z.infer<typeof DependabotRequirementSourceSchema>;\n\nexport const DependabotRequirementSchema = z.object({\n file: z.string().nullish(), // e.g. 'requirements.txt' or '/Root.csproj'\n groups: z.string().array().nullish(), // e.g. ['dependencies']\n metadata: z.record(z.string(), z.any()).nullish(),\n requirement: z.string().nullish(), // e.g. '==3.2.0' or '8.1.0'\n source: DependabotRequirementSourceSchema.nullish(),\n version: z.string().nullish(),\n 'previous-version': z.string().nullish(),\n});\nexport type DependabotRequirement = z.infer<typeof DependabotRequirementSchema>;\n\nexport const DependabotDependencySchema = z.object({\n name: z.string(), // e.g. 'django' or 'GraphQL.Server.Ui.Voyager'\n 'previous-requirements': DependabotRequirementSchema.array().nullish(),\n 'previous-version': z.string().nullish(),\n version: z.string().nullish(), // e.g. '5.0.1' or '8.1.0'\n requirements: DependabotRequirementSchema.array().nullish(),\n removed: z.boolean().nullish(),\n directory: z.string().nullish(),\n});\nexport type DependabotDependency = z.infer<typeof DependabotDependencySchema>;\n\nexport const DependabotCommitOptionsSchema = z.object({\n prefix: z.string().nullish(),\n 'prefix-development': z.string().nullish(),\n 'include-scope': z.boolean().nullish(),\n});\nexport type DependabotCommitOptions = z.infer<typeof DependabotCommitOptionsSchema>;\n\nexport const DependabotExperimentsSchema = z.record(z.string(), z.union([z.string(), z.boolean()]));\nexport type DependabotExperiments = z.infer<typeof DependabotExperimentsSchema>;\n\nexport const DependabotPackageManagerSchema = z.enum([\n 'bundler',\n 'cargo',\n 'composer',\n 'pub',\n 'docker',\n 'elm',\n 'github_actions', // ecosystem(s): 'github-actions'\n 'submodules', // ecosystem(s): 'gitsubmodule'\n 'go_modules', // ecosystem(s): 'gomod'\n 'gradle',\n 'maven',\n 'hex', // ecosystem(s): 'mix'\n 'nuget',\n 'npm_and_yarn', // ecosystem(s): 'npm', 'pnpm', 'yarn'\n 'pip', // ecosystem(s): 'pipenv', 'pip-compile', 'poetry'\n 'rust_toolchain', // ecosystem(s): 'rust-toolchain'\n 'swift',\n 'terraform',\n 'devcontainers',\n 'dotnet_sdk', // ecosystem(s): 'dotnet-sdk'\n 'bun',\n 'docker_compose', // // ecosystem(s): 'docker-compose',\n 'uv',\n 'vcpkg',\n 'helm',\n 'julia',\n 'bazel',\n 'opentofu',\n]);\nexport type DependabotPackageManager = z.infer<typeof DependabotPackageManagerSchema>;\n\nexport const DependabotCommandSchema = z.enum(['graph', 'version', 'recreate']);\nexport type DependabotCommand = z.infer<typeof DependabotCommandSchema>;\n\n// See: https://github.com/dependabot/cli/blob/main/internal/model/job.go\n// https://github.com/dependabot/dependabot-core/blob/main/updater/lib/dependabot/job.rb\nexport const DependabotJobConfigSchema = z.object({\n id: z.string(),\n command: DependabotCommandSchema.optional(),\n 'package-manager': DependabotPackageManagerSchema,\n 'allowed-updates': DependabotAllowedSchema.array(),\n debug: z.boolean().nullable(),\n 'dependency-groups': DependabotGroupJobSchema.array().nullish(),\n dependencies: z.string().array().nullable(),\n 'dependency-group-to-refresh': z.string().nullish(),\n 'existing-pull-requests': DependabotExistingPRSchema.array().array(),\n 'existing-group-pull-requests': DependabotExistingGroupPRSchema.array(),\n experiments: DependabotExperimentsSchema,\n 'ignore-conditions': DependabotConditionSchema.array(),\n 'lockfile-only': z.boolean(),\n 'requirements-update-strategy': z.string().nullable(),\n 'security-advisories': DependabotSecurityAdvisorySchema.array(),\n 'security-updates-only': z.boolean(),\n source: DependabotSourceSchema,\n 'update-subdependencies': z.boolean(),\n 'updating-a-pull-request': z.boolean(),\n 'vendor-dependencies': z.boolean(),\n 'reject-external-code': z.boolean().nullish(),\n 'repo-private': z.boolean(),\n 'commit-message-options': DependabotCommitOptionsSchema,\n 'credentials-metadata': DependabotCredentialSchema.array().nullish(),\n 'max-updater-run-time': z.int().nullish(),\n cooldown: DependabotCooldownSchema.nullish(),\n 'proxy-log-response-body-on-auth-failure': z.boolean().nullish(),\n 'enable-beta-ecosystems': z.boolean().nullish(),\n 'multi-ecosystem-update': z.boolean().nullish(),\n 'exclude-paths': z.string().array().optional(),\n});\nexport type DependabotJobConfig = z.infer<typeof DependabotJobConfigSchema>;\n\nexport const DependabotJobFileSchema = z.object({\n job: DependabotJobConfigSchema,\n});\nexport type DependabotJobFile = z.infer<typeof DependabotJobFileSchema>;\n\n// Code below is borrowed and adapted from dependabot-action\n\n// biome-ignore-start lint/suspicious/noExplicitAny: generic\nexport type FetchedFiles = {\n base_commit_sha: string;\n dependency_files: any[];\n base64_dependency_files: any[];\n};\n// biome-ignore-end lint/suspicious/noExplicitAny: generic\n\nexport type FileFetcherInput = {\n job: DependabotJobConfig;\n};\n\nexport type FileUpdaterInput = FetchedFiles & {\n job: DependabotJobConfig;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwDA,SAAgB,iBAAiB,SAA0C;AAOzE,QAAO,GALW,eAAe,UAAU,QAAQ,YAAY,QAAQ,qBAKnD,IAFE,QAAQ,aAAa,QAAQ,YAAa,KAAK,IAAI;;;;;AC3D3E,eAAe,mBAAmB,EAChC,OACA,kBAI8B;AAC9B,KAAI,CAAC,MAAO,QAAO;CAEnB,MAAMA,UAA6B,mBAAmB,MAAM;CAC5D,IAAI,SAAS;AACb,MAAK,MAAM,SAAS,SAAS;EAC3B,MAAM,cAAc,MAAM;EAC1B,MAAM,OAAO,MAAM;EACnB,MAAM,QAAS,MAAM,eAAe,KAAK,IAAK;AAC9C,WAAS,OAAO,QAAQ,aAAa,MAAM;;AAE7C,QAAO;;AAGT,SAAS,mBAAmB,OAAe;CACzC,MAAMA,UAA6B,EAAE;CACrC,MAAMC,SAAiB;CAEvB,IAAI,cAAc;CAClB,IAAI,SAAS;AAEb,QAAO,YAAY,SAAS,GAAG;EAC7B,MAAM,QAAQ,YAAY,MAAM,OAAO;AACvC,MAAI,CAAC,SAAS,MAAM,UAAU,OAAW;EAGzC,MAAM,gBAAgB,OAAO,OAAO,CAAC,GAAG,MAAM,EAAE;GAC9C,OAAO,MAAM,QAAQ;GACd;GACP,QAAQ,MAAM;GACf,CAAC;AAEF,UAAQ,KAAK,cAAc;EAG3B,MAAM,YAAY,MAAM,QAAQ,MAAM,GAAG;AACzC,YAAU;AACV,gBAAc,YAAY,MAAM,UAAU;;AAG5C,QAAO;;;;;AC1CT,MAAa,2BAA2B,EACrC,OAAO;CACN,MAAM,EAAE,KAAK;EAIX;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD,CAAC;CACF,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,OAAO,EAAE,QAAQ,CAAC,UAAU;CAC5B,iBAAiB,EAAE,SAAS,CAAC,UAAU;CACvC,MAAM,EAAE,QAAQ,CAAC,UAAU;CAC3B,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,cAAc,EAAE,QAAQ,CAAC,UAAU;CACnC,MAAM,EAAE,QAAQ,CAAC,UAAU;CAC3B,0BAA0B,EAAE,QAAQ,CAAC,UAAU;CAC/C,aAAa,EAAE,QAAQ,CAAC,UAAU;CAClC,YAAY,EAAE,QAAQ,CAAC,UAAU;CACjC,aAAa,EAAE,QAAQ,CAAC,UAAU;CAClC,aAAa,EAAE,QAAQ,CAAC,UAAU;CACnC,CAAC,CAED,WAAW,WAAW;CAAE,GAAG;CAAO,MAAM,MAAM,KAAK,QAAQ,KAAK,IAAI;CAAE,EAAE;AAG3E,MAAa,wBAAwB,EAAE,OAAO;CAG5C,YAAY,EACT,QAAQ,CACR,MACC,EAAE,MAAM,qCAAqC,EAC3C,SACE,qHACH,CAAC,CACH,CACA,UAAU;CACb,cAAc,EAAE,KAAK,CAAC,mBAAmB,mBAAmB,CAAC,CAAC,UAAU;CACxE,mBAAmB,EAAE,KAAK,CAAC,eAAe,aAAa,CAAC,CAAC,UAAU;CACnE,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACvC,oBAAoB,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACjD,gBAAgB,EAAE,KAAK;EAAC;EAAS;EAAS;EAAQ,CAAC,CAAC,OAAO,CAAC,UAAU;CACvE,CAAC;AAGF,MAAa,iCAAiC,EAAE,OAAO;CACrD,mBAAmB,EAAE,QAAQ,CAAC,UAAU;CACxC,mBAAmB,EAAE,KAAK;EAAC;EAAU;EAAY;EAAO;EAAc;EAAc,CAAC,CAAC,UAAU;CAChG,eAAe,EAAE,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC,UAAU;CACtD,CAAC;AAGF,MAAa,kCAAkC,EAC5C,OAAO;CACN,mBAAmB,EAAE,QAAQ,CAAC,UAAU;CACxC,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,UAAU;CACtD,gBAAgB,EACb,KAAK;EAAC;EAA+B;EAA+B;EAA8B,CAAC,CACnG,OAAO,CACP,UAAU;CACd,CAAC,CACD,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC;AAGrC,MAAa,2BAA2B,EACrC,OAAO;CACN,UAAU,EAAE,KAAK;EAAC;EAAS;EAAU;EAAW;EAAa;EAAgB;EAAU;EAAO,CAAC;CAE/F,KAAK,EACF,KAAK;EAAC;EAAU;EAAU;EAAW;EAAa;EAAY;EAAU;EAAW,CAAC,CACpF,UAAU,CACV,QAAQ,SAAS;CAEpB,MAAM,EACH,QAAQ,CACR,QAAQ,QAAQ,CAChB,MAAM,EAAE,MAAM,uCAAuC,EAAE,SAAS,gCAAgC,CAAC,CAAC,CAClG,UAAU;CAEb,UAAU,EACP,QAAQ,CACR,UAAU,CACV,QAAQ,UAAU,CAClB,QACE,UAAU;AACT,MAAI;AAEF,QAAK,eAAe,QAAW,EAAE,UAAU,OAAO,CAAC;AACnD,UAAO;UACD;AACN,UAAO;;IAGX,EAAE,SAAS,0BAA0B,CACtC;CACH,SAAS,EACN,QAAQ,CACR,MAAM,EAAE,MAAM,yBAAyB,EAAE,SAAS,2CAA2C,CAAC,CAAC,CAC/F,UAAU;CACd,CAAC,CACD,WAAW,OAAO,EAAE,eAAe;AAElC,KAAI,MAAM,aAAa,UAAU,CAAC,MAAM,QACtC,UAAS,4EAA4E;AAGvF,QAAO;EACP;AAGJ,MAAa,gCAAgC,EAAE,OAAO;CACpD,QAAQ,EAAE,QAAQ,CAAC,UAAU;CAC7B,sBAAsB,EAAE,QAAQ,CAAC,UAAU;CAC3C,SAAS,EAAE,QAAQ,CAAC,UAAU;CAC/B,CAAC;AAGF,MAAa,2BAA2B,EAAE,OAAO;CAC/C,gBAAgB,EAAE,QAAQ,CAAC,UAAU;CACrC,qBAAqB,EAAE,QAAQ,CAAC,UAAU;CAC1C,qBAAqB,EAAE,QAAQ,CAAC,UAAU;CAC1C,qBAAqB,EAAE,QAAQ,CAAC,UAAU;CAC1C,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACtC,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACvC,CAAC;AAGF,MAAM,wCAAwC,EAAE,OAAO,EACrD,WAAW,EAAE,QAAQ,CAAC,UAAU,EACjC,CAAC;AAGF,MAAa,yBAAyB,EAAE,KAAK;CAI3C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,2BAA2B,EAAE,KAAK;CAAC;CAAQ;CAAY;CAAyB;CAAiB;CAAQ,CAAC;AAGvH,MAAa,yBAAyB,EACnC,OAAO;CACN,qBAAqB;CACrB,WAAW,EAAE,QAAQ,CAAC,UAAU;CAChC,aAAa,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC1C,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC9C,OAAO,+BAA+B,OAAO,CAAC,UAAU;CACxD,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACxC,kBAAkB,8BAA8B,UAAU;CAC1D,UAAU,yBAAyB,UAAU;CAC7C,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,sBAAsB,CAAC,UAAU;CAC9D,QAAQ,gCAAgC,OAAO,CAAC,UAAU;CAC1D,oCAAoC,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,CAAC,UAAU;CACxE,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACrC,WAAW,EAAE,OAAO,QAAQ,CAAC,UAAU;CACvC,4BAA4B,EAAE,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU;CAC1E,4BAA4B,sCAAsC,UAAU;CAC5E,mBAAmB,EAAE,QAAQ,CAAC,UAAU;CACxC,YAAY,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACzC,UAAU,yBAAyB,UAAU;CAC7C,iBAAiB,EAAE,QAAQ,CAAC,UAAU;CACtC,QAAQ,EAAE,SAAS,CAAC,UAAU;CAC9B,uBAAuB,yBAAyB,UAAU;CAC1D,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACvC,yBAAyB,EAAE,QAAQ,CAAC,UAAU;CAC/C,CAAC,CACD,WAAW,OAAO,EAAE,eAAe;AAElC,KAAI,CAAC,MAAM,cAAc,CAAC,MAAM,eAAe,MAAM,YAAY,WAAW,GAC1E,UAAS,gGAAgG;AAI3G,KAAI,MAAM,aAAa,YAAY,KAAK,MAAM,UAAU,CACtD,UAAS,uDAAuD;AAGlE,OAAM,gCAAgC;AAKtC,KAAI,MAAM,6BAA6B,CAAC,MAAM,YAAY,MAAM,SAAS,WAAW,GAClF,UACE,8GACD;AAGH,QAAO;EACP;AAGJ,MAAa,sCAAsC,EAAE,OAAO;CAC1D,UAAU;CACV,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACrC,WAAW,EAAE,OAAO,QAAQ,CAAC,UAAU;CACvC,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACxC,iBAAiB,EAAE,QAAQ,CAAC,UAAU;CACtC,kBAAkB,8BAA8B,UAAU;CAC1D,4BAA4B,sCAAsC,UAAU;CAC7E,CAAC;;;;;AAOF,MAAa,yBAAyB,EACnC,OAAO;CAIN,SAAS,EAAE,QAAQ,CAAC,QAAQ,MAAM,MAAM,GAAG,EAAE,SAAS,6CAA6C,CAAC;CAKpG,0BAA0B,EAAE,OAAO,EAAE,QAAQ,EAAE,oCAAoC,CAAC,UAAU;CAM9F,SAAS,uBAAuB,OAAO,CAAC,MACtC,EAAE,UAAU,GAAG,EAAE,SAAS,iDAAiD,CAAC,CAC7E;CAMD,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,yBAAyB,CAAC,UAAU;CAMrE,0BAA0B,EAAE,SAAS,CAAC,UAAU;CACjD,CAAC,CACD,WAAW,OAAO,EAAE,eAAe;CAKlC,MAAM,gBAAgB;EAAC;EAAa;EAAiB;EAAkB;EAA2B;AAClG,KAAI,MAAM,2BACR;OAAK,MAAM,UAAU,MAAM,QACzB,MAAK,MAAM,OAAO,cAChB,KAAI,OAAO,OACT,UACE,QAAQ,IAAI,uHACb;;CAOT,MAAM,uBAAO,IAAI,KAAa;AAC9B,MAAK,MAAM,UAAU,MAAM,SAAS;EAClC,MAAM,MAAM,iBAAiB,OAAO;AACpC,MAAI,KAAK,IAAI,IAAI,CACf,UACE,6CAA6C,OAAO,qBAAqB,oBAAoB,OAAO,aAAa,OAAO,aAAa,KAAK,IAAI,CAAC,GAChJ;AAEH,OAAK,IAAI,IAAI;;CAIf,MAAMC,iBAAqC,CAAC,SAAS,WAAW;AAChE,KAAI,CAAC,MAAM,2BACT;OAAK,MAAM,UAAU,MAAM,QACzB,KAAI,eAAe,SAAS,OAAO,qBAAqB,CACtD,UACE,0BAA0B,OAAO,qBAAqB,0GACvD;;AAKP,QAAO;EACP;AAIJ,SAAgB,aAAa,QAA0B,YAAwC;CAC7F,MAAMC,UAA8B,EAAE;AAGtC,MAAK,MAAM,UAAU,OAAO,SAAS;AAInC,MAAI,OAAO,OACT,MAAK,MAAM,aAAa,OAAO,QAAQ;AACrC,aAAU,WAAW;AAErB,aAAU,mCAAkB,IAAI,MAAM,EAAC,aAAa;;AAIxD,UAAQ,KAAK,OAAO;;AAEtB,QAAO;;AAGT,eAAsB,gBACpB,QACA,gBAC6C;CAE7C,MAAMC,aAAiD,EAAE;AACzD,MAAK,MAAM,CAAC,KAAK,aAAa,OAAO,QAAQ,OAAO,cAAc,EAAE,CAAC,EAAE;EACrE,MAAM,UAAU,EAAE,GAAG,UAAU;EAC/B,MAAM,EAAE,SAAS;AAGjB,MAAI,SAAS,sBAAsB,CAAC,QAAQ,aAC1C,OAAM,IAAI,MAAM,2DAA2D,KAAK,cAAc;AAIhG,MAAI,SAAS,oBAAoB,CAAC,QAAQ,KACxC,OAAM,IAAI,MAAM,mDAAmD,IAAI,cAAc;AAIvF,UAAQ,WAAW,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAA0B;GAAgB,CAAC;AACxG,UAAQ,WAAW,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAA0B;GAAgB,CAAC;AACxG,UAAQ,MAAM,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAAqB;GAAgB,CAAC;AAC9F,UAAQ,QAAQ,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAAuB;GAAgB,CAAC;EAOlG,MAAM,MAAM,QAAQ;AACpB,MAAI,CAAC,OAAO,SAAS,mBACnB,OAAM,IAAI,MAAM,kDAAkD,IAAI,cAAc;AAEtF,MAAI,KAAK;AAaP,OAAI,IAAI,SAAS,IAAI,EAAE;IACrB,MAAM,YAAY,IAAI,IAAI,IAAI;AAG9B,QADoB,SAAS,qBAAqB,SAAS,eAC1C,SAAQ,WAAW,IAAI,QAAQ,YAAY,GAAG,CAAC,QAAQ,WAAW,GAAG;AAGtF,QADgB,SAAS,yBAAyB,SAAS,qBAC9C,SAAQ,OAAO,UAAU;;AAGxC,OAAI,SAAS,eAAgB,SAAQ,eAAe;AAOpD,OAJE,SAAS,qBACT,SAAS,kBACT,SAAS,wBACT,SAAS,eACI,QAAO,QAAQ;;AAIhC,aAAW,OAAO;;AAEpB,QAAO;;AAGT,SAAgB,sBAAsB,SAA6B,YAAgD;CACjH,MAAM,aAAa,OAAO,KAAK,WAAW;CAC1C,MAAMC,aAAuB,EAAE;AAC/B,MAAK,MAAM,KAAK,QAAS,YAAW,KAAK,GAAI,EAAE,cAAc,EAAE,CAAE;CAGjE,MAAM,uBAAuB,WAAW,QAAQ,OAAO,CAAC,WAAW,SAAS,GAAG,CAAC;AAChF,KAAI,qBAAqB,SAAS,EAChC,OAAM,IAAI,MACR,2BAA2B,qBAAqB,KAAK,IAAI,CAAC,0DAC3D;CAIH,MAAM,oBAAoB,WAAW,QAAQ,OAAO,CAAC,WAAW,SAAS,GAAG,CAAC;AAC7E,KAAI,kBAAkB,SAAS,EAC7B,OAAM,IAAI,MAAM,gBAAgB,kBAAkB,KAAK,IAAI,CAAC,0CAA0C;;;;;;AAQ1G,MAAa,6BAA6B;CACxC;CACA;CACA;CACA;CACD;;;;;AAMD,eAAsB,sBAAsB,EAC1C,gBACA,YACA,kBAK4B;CAE5B,MAAM,eAAe,KAAK,KAAK,eAAe;AAC9C,KAAI,iBAAiB,QAAQ,OAAO,iBAAiB,SACnD,OAAM,IAAI,MAAM,mCAAmC;CAIrD,MAAM,SAAS,MAAM,uBAAuB,WAAW,aAAa;CACpE,MAAM,UAAU,aAAa,QAAQ,WAAW;CAChD,MAAM,aAAa,MAAM,gBAAgB,QAAQ,eAAe;AAChE,uBAAsB,SAAS,WAAW;AAE1C,QAAO;EAAE,GAAG;EAAQ;EAAS;EAAY;;;;;AC1e3C,MAAa,6BAA6B,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC;AAGvE,MAAa,6BAA6B,EAAE,OAAO;CACjD,MAAM,EAAE,QAAQ;CAChB,KAAK,EAAE,QAAQ;CAChB,CAAC;AAGF,MAAa,8BAA8B,EAAE,OAAO;CAClD,iBAAiB,2BAA2B,OAAO;CACnD,IAAI;CACL,CAAC;AAGF,MAAa,iCAAiC,EAAE,KAAK;CAAC;CAAS;CAAU;CAAY,CAAC;AAGtF,MAAa,yBAAyB,EAAE,OAAO;CAC7C,UAAU;CACV,MAAM,EAAE,QAAQ;CAChB,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,aAAa,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACzC,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,UAAU,EAAE,QAAQ,CAAC,SAAS;CAC9B,gBAAgB,EAAE,QAAQ,CAAC,SAAS;CACrC,CAAC;AAGF,MAAa,6BAA6B,EAAE,OAAO;CACjD,mBAAmB,EAAE,QAAQ;CAC7B,sBAAsB,EAAE,QAAQ,CAAC,SAAS;CAC1C,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,SAAS,EAAE,SAAS,CAAC,SAAS;CAC/B,CAAC;AAGF,MAAa,kCAAkC,EAAE,OAAO;CACtD,yBAAyB,EAAE,QAAQ;CACnC,cAAc,2BAA2B,OAAO;CACjD,CAAC;AAGF,MAAa,0BAA0B,EAAE,OAAO;CAC9C,mBAAmB,EAAE,QAAQ,CAAC,SAAS;CACvC,mBAAmB,EAAE,QAAQ,CAAC,SAAS;CACvC,eAAe,EAAE,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC,UAAU;CACtD,CAAC;AAGF,MAAa,+BAA+B,EAAE,OAAO;CACnD,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACtC,oBAAoB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAChD,mBAAmB,EAAE,QAAQ,CAAC,SAAS;CACvC,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAC7C,CAAC;AAGF,MAAa,2BAA2B,EAAE,OAAO;CAC/C,MAAM,EAAE,QAAQ;CAChB,cAAc,EAAE,QAAQ,CAAC,SAAS;CAClC,OAAO;CACR,CAAC;AAGF,MAAa,4BAA4B,EAAE,OAAO;CAChD,mBAAmB,EAAE,QAAQ;CAC7B,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAC5C,cAAc,EAAE,OAAO,QAAQ,CAAC,SAAS;CACzC,uBAAuB,EAAE,QAAQ,CAAC,SAAS;CAC5C,CAAC;AAGF,MAAa,mCAAmC,EAAE,OAAO;CACvD,mBAAmB,EAAE,QAAQ;CAC7B,qBAAqB,EAAE,QAAQ,CAAC,OAAO;CACvC,oBAAoB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAChD,uBAAuB,EAAE,QAAQ,CAAC,OAAO;CAC1C,CAAC;AAGF,MAAa,oCAAoC,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC;AAG9E,MAAa,8BAA8B,EAAE,OAAO;CAClD,MAAM,EAAE,QAAQ,CAAC,SAAS;CAC1B,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACpC,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CACjD,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,QAAQ,kCAAkC,SAAS;CACnD,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC7B,oBAAoB,EAAE,QAAQ,CAAC,SAAS;CACzC,CAAC;AAGF,MAAa,6BAA6B,EAAE,OAAO;CACjD,MAAM,EAAE,QAAQ;CAChB,yBAAyB,4BAA4B,OAAO,CAAC,SAAS;CACtE,oBAAoB,EAAE,QAAQ,CAAC,SAAS;CACxC,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC7B,cAAc,4BAA4B,OAAO,CAAC,SAAS;CAC3D,SAAS,EAAE,SAAS,CAAC,SAAS;CAC9B,WAAW,EAAE,QAAQ,CAAC,SAAS;CAChC,CAAC;AAGF,MAAa,gCAAgC,EAAE,OAAO;CACpD,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,sBAAsB,EAAE,QAAQ,CAAC,SAAS;CAC1C,iBAAiB,EAAE,SAAS,CAAC,SAAS;CACvC,CAAC;AAGF,MAAa,8BAA8B,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC;AAGnG,MAAa,iCAAiC,EAAE,KAAK;CACnD;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,0BAA0B,EAAE,KAAK;CAAC;CAAS;CAAW;CAAW,CAAC;AAK/E,MAAa,4BAA4B,EAAE,OAAO;CAChD,IAAI,EAAE,QAAQ;CACd,SAAS,wBAAwB,UAAU;CAC3C,mBAAmB;CACnB,mBAAmB,wBAAwB,OAAO;CAClD,OAAO,EAAE,SAAS,CAAC,UAAU;CAC7B,qBAAqB,yBAAyB,OAAO,CAAC,SAAS;CAC/D,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC3C,+BAA+B,EAAE,QAAQ,CAAC,SAAS;CACnD,0BAA0B,2BAA2B,OAAO,CAAC,OAAO;CACpE,gCAAgC,gCAAgC,OAAO;CACvE,aAAa;CACb,qBAAqB,0BAA0B,OAAO;CACtD,iBAAiB,EAAE,SAAS;CAC5B,gCAAgC,EAAE,QAAQ,CAAC,UAAU;CACrD,uBAAuB,iCAAiC,OAAO;CAC/D,yBAAyB,EAAE,SAAS;CACpC,QAAQ;CACR,0BAA0B,EAAE,SAAS;CACrC,2BAA2B,EAAE,SAAS;CACtC,uBAAuB,EAAE,SAAS;CAClC,wBAAwB,EAAE,SAAS,CAAC,SAAS;CAC7C,gBAAgB,EAAE,SAAS;CAC3B,0BAA0B;CAC1B,wBAAwB,2BAA2B,OAAO,CAAC,SAAS;CACpE,wBAAwB,EAAE,KAAK,CAAC,SAAS;CACzC,UAAU,yBAAyB,SAAS;CAC5C,2CAA2C,EAAE,SAAS,CAAC,SAAS;CAChE,0BAA0B,EAAE,SAAS,CAAC,SAAS;CAC/C,0BAA0B,EAAE,SAAS,CAAC,SAAS;CAC/C,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC/C,CAAC;AAGF,MAAa,0BAA0B,EAAE,OAAO,EAC9C,KAAK,2BACN,CAAC"}
1
+ {"version":3,"file":"job-BuCBKP9L.mjs","names":["matches: RegExpExecArray[]","regexp: RegExp","betaEcosystems: PackageEcosystem[]","updates: DependabotUpdate[]","registries: Record<string, DependabotRegistry>","referenced: string[]"],"sources":["../src/dependabot/directory-key.ts","../src/dependabot/placeholder.ts","../src/dependabot/config.ts","../src/dependabot/job.ts"],"sourcesContent":["/**\n * Options for creating a directory key that supports both naming conventions:\n * - `ecosystem` (standard format)\n * - `package-ecosystem` (alternative format for compatibility)\n *\n * Either a single `directory` or multiple `directories` can be specified.\n */\ntype MakeDirectoryKeyOptions =\n | {\n /** The package ecosystem (e.g., 'npm', 'pip', 'bundler') */\n ecosystem: string;\n /** Single directory path (optional if directories is provided) */\n directory?: string | null;\n /** Multiple directory paths (optional if directory is provided) */\n directories?: string[];\n }\n | {\n /** The package ecosystem using alternative naming convention */\n 'package-ecosystem': string;\n /** Single directory path (optional if directories is provided) */\n directory?: string | null;\n /** Multiple directory paths (optional if directory is provided) */\n directories?: string[];\n };\n\n/**\n * Creates a unique directory key by combining the ecosystem and directory information.\n *\n * The key format is: `{ecosystem}::{directory_info}`\n * - For single directory: `npm::/src/frontend`\n * - For multiple directories: `npm::/src/frontend,/src/backend`\n *\n * @param options - Configuration object containing ecosystem and directory information\n * @returns A unique string key in the format `{ecosystem}::{directories}`\n *\n * @example\n * ```typescript\n * // Single directory\n * const key1 = makeDirectoryKey({ ecosystem: 'npm', directory: '/src' });\n * // Returns: \"npm::/src\"\n *\n * // Multiple directories\n * const key2 = makeDirectoryKey({\n * ecosystem: 'pip',\n * directories: ['/backend', '/scripts']\n * });\n * // Returns: \"pip::/backend,/scripts\"\n *\n * // Using alternative naming convention\n * const key3 = makeDirectoryKey({\n * 'package-ecosystem': 'bundler',\n * directory: '/app'\n * });\n * // Returns: \"bundler::/app\"\n * ```\n */\nexport function makeDirectoryKey(options: MakeDirectoryKeyOptions): string {\n // Extract ecosystem name from either naming convention\n const ecosystem = 'ecosystem' in options ? options.ecosystem : options['package-ecosystem'];\n\n // Use single directory if provided, otherwise join multiple directories with comma\n const directoryPart = options.directory ?? options.directories!.join(',');\n\n return `${ecosystem}::${directoryPart}`;\n}\n","export type VariableFinderFn = (name: string) => string | undefined | Promise<string | undefined>;\n\nasync function convertPlaceholder({\n input,\n variableFinder,\n}: {\n input?: string;\n variableFinder: VariableFinderFn;\n}): Promise<string | undefined> {\n if (!input) return undefined;\n\n const matches: RegExpExecArray[] = extractPlaceholder(input);\n let result = input;\n for (const match of matches) {\n const placeholder = match[0];\n const name = match[1]!;\n const value = (await variableFinder(name)) ?? placeholder;\n result = result.replace(placeholder, value);\n }\n return result;\n}\n\nfunction extractPlaceholder(input: string) {\n const matches: RegExpExecArray[] = [];\n const regexp: RegExp = /\\$\\{\\{\\s{0,10}([a-zA-Z_][a-zA-Z0-9._-]{0,99})\\s{0,10}\\}\\}/;\n\n let searchInput = input;\n let offset = 0;\n\n while (searchInput.length > 0) {\n const match = searchInput.match(regexp);\n if (!match || match.index === undefined) break;\n\n // Adjust match index to account for previous slices\n const adjustedMatch = Object.assign([...match], {\n index: match.index + offset,\n input: input,\n groups: match.groups,\n }) as RegExpExecArray;\n\n matches.push(adjustedMatch);\n\n // Move past this match\n const nextStart = match.index + match[0].length;\n offset += nextStart;\n searchInput = searchInput.slice(nextStart);\n }\n\n return matches;\n}\n\nexport { convertPlaceholder, extractPlaceholder };\n","import * as yaml from 'js-yaml';\nimport { z } from 'zod';\n\nimport { makeDirectoryKey } from './directory-key';\nimport { convertPlaceholder, type VariableFinderFn } from './placeholder';\n\nexport const DependabotRegistrySchema = z\n .object({\n type: z.enum([\n // order matches\n // https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#supported-private-registries\n\n 'cargo-registry',\n 'composer-repository',\n 'docker-registry',\n 'git',\n 'goproxy-server',\n 'helm-registry',\n 'hex-organization',\n 'hex-repository',\n 'maven-repository',\n 'npm-registry',\n 'nuget-feed',\n 'pub-repository',\n 'python-index',\n 'rubygems-server',\n 'terraform-registry',\n ]),\n url: z.string().optional(),\n username: z.string().optional(),\n password: z.string().optional(),\n key: z.string().optional(),\n token: z.string().optional(),\n 'replaces-base': z.boolean().optional(),\n host: z.string().optional(), // for terraform and composer only\n registry: z.string().optional(), // for npm only\n organization: z.string().optional(), // for hex-organisation only\n repo: z.string().optional(), // for hex-repository only\n 'public-key-fingerprint': z.string().optional(), // for hex-repository only\n 'index-url': z.string().optional(), // for python-index only\n 'auth-key': z.string().optional(), // used by composer-repository, docker-registry, etc\n 'tenant-id': z.string().optional(), // can only be for azure related stuff, not sure\n 'client-id': z.string().optional(), // can only be for azure related stuff, not sure\n })\n // change underscore to dash in the registry key/type\n .transform((value) => ({ ...value, type: value.type.replace('-', '_') }));\nexport type DependabotRegistry = z.infer<typeof DependabotRegistrySchema>;\n\nexport const DependabotGroupSchema = z.object({\n // Define an identifier for the group to use in branch names and pull request titles.\n // This must start and end with a letter, and can contain letters, pipes |, underscores _, or hyphens -.\n IDENTIFIER: z\n .string()\n .check(\n z.regex(/^[a-zA-Z][a-zA-Z0-9|_-]*[a-zA-Z]$/, {\n message:\n 'Group identifier must start and end with a letter, and can contain letters, pipes |, underscores _, or hyphens -.',\n }),\n )\n .optional(),\n 'applies-to': z.enum(['version-updates', 'security-updates']).optional(),\n 'dependency-type': z.enum(['development', 'production']).optional(),\n patterns: z.string().array().optional(),\n 'exclude-patterns': z.string().array().optional(),\n 'update-types': z.enum(['major', 'minor', 'patch']).array().optional(),\n});\nexport type DependabotGroup = z.infer<typeof DependabotGroupSchema>;\n\nexport const DependabotAllowConditionSchema = z.object({\n 'dependency-name': z.string().optional(),\n 'dependency-type': z.enum(['direct', 'indirect', 'all', 'production', 'development']).optional(),\n 'update-type': z.enum(['all', 'security']).optional(),\n});\nexport type DependabotAllowCondition = z.infer<typeof DependabotAllowConditionSchema>;\n\nexport const DependabotIgnoreConditionSchema = z\n .object({\n 'dependency-name': z.string().optional(),\n versions: z.string().array().or(z.string()).optional(),\n 'update-types': z\n .enum(['version-update:semver-major', 'version-update:semver-minor', 'version-update:semver-patch'])\n .array()\n .optional(),\n })\n .and(z.record(z.string(), z.any()));\nexport type DependabotIgnoreCondition = z.infer<typeof DependabotIgnoreConditionSchema>;\n\nexport const DependabotScheduleSchema = z\n .object({\n interval: z.enum(['daily', 'weekly', 'monthly', 'quarterly', 'semiannually', 'yearly', 'cron']),\n\n day: z\n .enum(['sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday'])\n .optional()\n .default('monday'),\n\n time: z\n .string()\n .default('02:00')\n .check(z.regex(/^(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$/, { message: 'Time must be in HH:MM format' }))\n .optional(),\n\n timezone: z\n .string()\n .optional()\n .default('Etc/UTC')\n .refine(\n (value) => {\n try {\n // If tz is not a valid IANA name, this throws a RangeError\n Intl.DateTimeFormat(undefined, { timeZone: value });\n return true;\n } catch {\n return false;\n }\n },\n { message: 'Invalid IANA time zone' },\n ),\n cronjob: z\n .string()\n .check(z.regex(/^\\S+ \\S+ \\S+ \\S+ \\S+$/, { message: 'Cronjob must be in standard cron format' }))\n .optional(),\n })\n .transform((value, { addIssue }) => {\n // if interval is 'cron', cronjob must be specified\n if (value.interval === 'cron' && !value.cronjob) {\n addIssue(\"The 'cronjob' field must be specified when the interval is set to 'cron'.\");\n }\n\n return value;\n });\nexport type DependabotSchedule = z.infer<typeof DependabotScheduleSchema>;\n\nexport const DependabotCommitMessageSchema = z.object({\n prefix: z.string().optional(),\n 'prefix-development': z.string().optional(),\n include: z.string().optional(),\n});\nexport type DependabotCommitMessage = z.infer<typeof DependabotCommitMessageSchema>;\n\nexport const DependabotCooldownSchema = z.object({\n 'default-days': z.number().optional(),\n 'semver-major-days': z.number().optional(),\n 'semver-minor-days': z.number().optional(),\n 'semver-patch-days': z.number().optional(),\n include: z.string().array().optional(),\n exclude: z.string().array().optional(),\n});\nexport type DependabotCooldown = z.infer<typeof DependabotCooldownSchema>;\n\nconst DependabotPullRequestBranchNameSchema = z.object({\n separator: z.string().optional(),\n});\nexport type DependabotPullRequestBranchName = z.infer<typeof DependabotPullRequestBranchNameSchema>;\n\nexport const PackageEcosystemSchema = z.enum([\n // order matches\n // https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem-\n\n 'bazel', // still in beta as of 2025-Nov-17\n 'bun',\n 'bundler',\n 'cargo',\n 'composer',\n 'devcontainers',\n 'docker',\n 'docker-compose',\n 'dotnet-sdk',\n 'helm',\n 'mix',\n 'elm',\n 'gitsubmodule',\n 'github-actions',\n 'gomod',\n 'gradle',\n 'julia',\n 'maven',\n 'npm',\n 'nuget',\n 'opentofu', // in beta as of 2025-Nov-17\n 'pip',\n 'pip-compile', // alias mapped to 'pip'\n 'pipenv', // alias mapped to 'pip'\n 'pnpm', // alias mapped to 'npm'\n 'poetry', // alias mapped to 'pip'\n 'pub',\n 'rust-toolchain',\n 'swift',\n 'terraform',\n 'uv',\n 'vcpkg',\n 'yarn', // alias mapped to 'npm'\n]);\nexport type PackageEcosystem = z.infer<typeof PackageEcosystemSchema>;\n\nexport const VersioningStrategySchema = z.enum(['auto', 'increase', 'increase-if-necessary', 'lockfile-only', 'widen']);\nexport type VersioningStrategy = z.infer<typeof VersioningStrategySchema>;\n\nexport const DependabotUpdateSchema = z\n .object({\n 'package-ecosystem': PackageEcosystemSchema,\n directory: z.string().optional(),\n directories: z.string().array().optional(),\n 'exclude-paths': z.string().array().optional(),\n allow: DependabotAllowConditionSchema.array().optional(),\n assignees: z.string().array().optional(),\n 'commit-message': DependabotCommitMessageSchema.optional(),\n cooldown: DependabotCooldownSchema.optional(),\n groups: z.record(z.string(), DependabotGroupSchema).optional(),\n ignore: DependabotIgnoreConditionSchema.array().optional(),\n 'insecure-external-code-execution': z.enum(['allow', 'deny']).optional(),\n labels: z.string().array().optional(),\n milestone: z.coerce.string().optional(),\n 'open-pull-requests-limit': z.number().check(z.int(), z.gte(0)).optional(),\n 'pull-request-branch-name': DependabotPullRequestBranchNameSchema.optional(),\n 'rebase-strategy': z.string().optional(),\n registries: z.string().array().optional(),\n schedule: DependabotScheduleSchema.optional(), // TODO: make required after 2025-Nov-30\n 'target-branch': z.string().optional(),\n vendor: z.boolean().optional(),\n 'versioning-strategy': VersioningStrategySchema.optional(),\n patterns: z.string().array().optional(),\n 'multi-ecosystem-group': z.string().optional(),\n })\n .transform((value, { addIssue }) => {\n // either 'directory' or 'directories' must be specified\n if (!value.directory && (!value.directories || value.directories.length === 0)) {\n addIssue(\"Either 'directory' or 'directories' must be specified in the dependency update configuration.\");\n }\n\n // validate that 'directory' does not contain glob patterns\n if (value.directory && /[*?[\\]{}]/.test(value.directory)) {\n addIssue(\"The 'directory' field must not include glob pattern.\");\n }\n\n value['open-pull-requests-limit'] ??= 5; // default to 5 if not specified\n\n // The patterns key is required when using multi-ecosystem-group.\n // You can specify dependency patterns to include only certain dependencies in the group,\n // or use [\"*\"] to include all dependencies.\n if (value['multi-ecosystem-group'] && (!value.patterns || value.patterns.length === 0)) {\n addIssue(\n \"The 'patterns' field must be specified and contain at least one pattern when using 'multi-ecosystem-group'.\",\n );\n }\n\n return value;\n });\nexport type DependabotUpdate = z.infer<typeof DependabotUpdateSchema>;\n\nexport const DependabotMultiEcosystemGroupSchema = z.object({\n schedule: DependabotScheduleSchema,\n labels: z.string().array().optional(), // behaviour: additive\n milestone: z.coerce.string().optional(), // behaviour: group-only\n assignees: z.string().array().optional(), // behaviour: additive\n 'target-branch': z.string().optional(), // behaviour: group-only\n 'commit-message': DependabotCommitMessageSchema.optional(), // behaviour: group-only\n 'pull-request-branch-name': DependabotPullRequestBranchNameSchema.optional(), // behaviour: group-only\n});\nexport type DependabotMultiEcosystemGroup = z.infer<typeof DependabotMultiEcosystemGroupSchema>;\n\n/**\n * Represents the dependabot.yaml configuration file options.\n * See: https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#configuration-options-for-dependabotyml\n */\nexport const DependabotConfigSchema = z\n .object({\n /**\n * Mandatory. configuration file version.\n **/\n version: z.number().refine((v) => v === 2, { message: 'Only version 2 of dependabot is supported' }),\n\n /**\n * Optional. Configure groups of ecosystems to update together in a single pull request.\n */\n 'multi-ecosystem-groups': z.record(z.string(), DependabotMultiEcosystemGroupSchema).optional(),\n\n /**\n * Mandatory. Configure how Dependabot updates the versions or project dependencies.\n * Each entry configures the update settings for a particular package manager.\n */\n updates: DependabotUpdateSchema.array().check(\n z.minLength(1, { message: 'At least one update configuration is required' }),\n ),\n\n /**\n * Optional.\n * Specify authentication details to access private package registries.\n */\n registries: z.record(z.string(), DependabotRegistrySchema).optional(),\n\n /**\n * Optional. Enables updates for ecosystems that are not yet generally available.\n * https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#enable-beta-ecosystems-\n */\n 'enable-beta-ecosystems': z.boolean().optional(),\n })\n .transform((value, { addIssue }) => {\n // If you attempt to set group-only keys at the ecosystem level (in updates entries),\n // Dependabot will throw a configuration error and fail to process your dependabot.yml file.\n // These keys must only be specified in the multi-ecosystem-groups section.\n // https://docs.github.com/en/code-security/dependabot/working-with-dependabot/configuring-multi-ecosystem-updates#group-only-keys\n const groupOnlyKeys = ['milestone', 'target-branch', 'commit-message', 'pull-request-branch-name'] as const;\n if (value['multi-ecosystem-groups']) {\n for (const update of value.updates) {\n for (const key of groupOnlyKeys) {\n if (key in update) {\n addIssue(\n `The '${key}' field must not be specified in the 'updates' section when using 'multi-ecosystem-groups'. It is a group-only field.`,\n );\n }\n }\n }\n }\n\n // ensure there is no update with the same package-ecosystem and directory/directories combination\n const seen = new Set<string>();\n for (const update of value.updates) {\n const key = makeDirectoryKey(update);\n if (seen.has(key)) {\n addIssue(\n `Duplicate update configuration found for '${update['package-ecosystem']}' and directory: '${update.directory ?? update.directories?.join(',')}'`,\n );\n }\n seen.add(key);\n }\n\n // ensure that the ecosystems in beta are only used when 'enable-beta-ecosystems' is true\n const betaEcosystems: PackageEcosystem[] = ['bazel', 'opentofu'];\n if (!value['enable-beta-ecosystems']) {\n for (const update of value.updates) {\n if (betaEcosystems.includes(update['package-ecosystem'])) {\n addIssue(\n `The package ecosystem '${update['package-ecosystem']}' is currently in beta. To use it, set 'enable-beta-ecosystems' to true in the dependabot configuration.`,\n );\n }\n }\n }\n\n return value;\n });\n\nexport type DependabotConfig = z.infer<typeof DependabotConfigSchema>;\n\nexport function parseUpdates(config: DependabotConfig, configPath: string): DependabotUpdate[] {\n const updates: DependabotUpdate[] = [];\n\n // Parse the value of each of the updates obtained from the file\n for (const update of config.updates) {\n // populate the 'ignore' conditions 'source' and 'updated-at' properties, if missing\n // NOTE: 'source' and 'updated-at' are not documented in the dependabot.yml config docs, but are defined in the dependabot-core and dependabot-cli models.\n // Currently they don't appear to add much value to the update process, but are populated here for completeness.\n if (update.ignore) {\n for (const condition of update.ignore) {\n condition.source ??= configPath;\n // we don't know the last updated time, so we use the current time\n condition['updated-at'] ??= new Date().toISOString();\n }\n }\n\n updates.push(update);\n }\n return updates;\n}\n\nexport async function parseRegistries(\n config: DependabotConfig,\n variableFinder: VariableFinderFn,\n): Promise<Record<string, DependabotRegistry>> {\n // Parse the value of each of the registries obtained from the config\n const registries: Record<string, DependabotRegistry> = {};\n for (const [key, registry] of Object.entries(config.registries || {})) {\n const updated = { ...registry };\n const { type } = updated;\n\n // handle special fields for 'hex-organization' types\n if (type === 'hex_organization' && !updated.organization) {\n throw new Error(`The value 'organization' in dependency registry config '${type}' is missing`);\n }\n\n // handle special fields for 'hex-repository' types\n if (type === 'hex_repository' && !updated.repo) {\n throw new Error(`The value 'repo' in dependency registry config '${key}' is missing`);\n }\n\n // parse username, password, key, and token while replacing tokens where necessary\n updated.username = await convertPlaceholder({ input: updated.username, variableFinder: variableFinder });\n updated.password = await convertPlaceholder({ input: updated.password, variableFinder: variableFinder });\n updated.key = await convertPlaceholder({ input: updated.key, variableFinder: variableFinder });\n updated.token = await convertPlaceholder({ input: updated.token, variableFinder: variableFinder });\n\n // TODO: include sources for this logic, otherwise it looks like magic.\n // Initially, this was based on reading through the dependabot-core logic\n // but much has since changed.\n\n // parse the url\n const url = updated.url;\n if (!url && type !== 'hex_organization') {\n throw new Error(`The value 'url' in dependency registry config '${key}' is missing`);\n }\n if (url) {\n /*\n * Some credentials do not use the 'url' property in the Ruby updater.\n * The 'host' and 'registry' properties are derived from the given URL.\n * The 'registry' property is derived from the 'url' by stripping off the scheme.\n * The 'host' property is derived from the hostname of the 'url'.\n *\n * 'npm_registry' and 'docker_registry' use 'registry' only.\n * 'terraform_registry' uses 'host' only.\n * 'composer_repository' uses both 'url' and 'host'.\n * 'python_index' uses 'index-url' instead of 'url'.\n */\n\n if (URL.canParse(url)) {\n const parsedUrl = new URL(url);\n\n const addRegistry = type === 'docker_registry' || type === 'npm_registry';\n if (addRegistry) updated.registry = url.replace('https://', '').replace('http://', '');\n\n const addHost = type === 'composer_repository' || type === 'terraform_registry';\n if (addHost) updated.host = parsedUrl.hostname;\n }\n\n if (type === 'python_index') updated['index-url'] = url;\n\n const removeUrl =\n type === 'docker_registry' ||\n type === 'npm_registry' ||\n type === 'terraform_registry' ||\n type === 'python_index';\n if (removeUrl) delete updated.url; // remove the url if not needed\n }\n\n // add to list\n registries[key] = updated;\n }\n return registries;\n}\n\nexport function validateConfiguration(updates: DependabotUpdate[], registries: Record<string, DependabotRegistry>) {\n const configured = Object.keys(registries);\n const referenced: string[] = [];\n for (const u of updates) referenced.push(...(u.registries ?? []));\n\n // ensure there are no configured registries that have not been referenced\n const missingConfiguration = referenced.filter((el) => !configured.includes(el));\n if (missingConfiguration.length > 0) {\n throw new Error(\n `Referenced registries: '${missingConfiguration.join(',')}' have not been configured in the root of dependabot.yml`,\n );\n }\n\n // ensure there are no registries referenced but not configured\n const missingReferences = configured.filter((el) => !referenced.includes(el));\n if (missingReferences.length > 0) {\n throw new Error(`Registries: '${missingReferences.join(',')}' have not been referenced by any update`);\n }\n}\n\n/**\n * Possible paths to the dependabot config file.\n * Remember to prefix with a forward slash when querying API endpoints or where necessary.\n */\nexport const POSSIBLE_CONFIG_FILE_PATHS = [\n '.azuredevops/dependabot.yml',\n '.azuredevops/dependabot.yaml',\n '.github/dependabot.yaml',\n '.github/dependabot.yml',\n];\n\n/**\n * Parse the contents of a dependabot config YAML file\n * @returns {DependabotConfig} config - the dependabot configuration\n */\nexport async function parseDependabotConfig({\n configContents,\n configPath,\n variableFinder,\n}: {\n configContents: string;\n configPath: string;\n variableFinder: VariableFinderFn;\n}): Promise<DependabotConfig> {\n // Load the config\n const loadedConfig = yaml.load(configContents);\n if (loadedConfig === null || typeof loadedConfig !== 'object') {\n throw new Error('Invalid dependabot config object');\n }\n\n // Parse the config\n const config = await DependabotConfigSchema.parseAsync(loadedConfig);\n const updates = parseUpdates(config, configPath);\n const registries = await parseRegistries(config, variableFinder);\n validateConfiguration(updates, registries);\n\n return { ...config, updates, registries };\n}\n","import { z } from 'zod';\nimport { DependabotCooldownSchema } from './config';\n\n// we use nullish() because it does optional() and allows the value to be set to null\n\nexport const DependabotCredentialSchema = z.record(z.string(), z.any());\nexport type DependabotCredential = z.infer<typeof DependabotCredentialSchema>;\n\nexport const CertificateAuthoritySchema = z.object({\n cert: z.string(),\n key: z.string(),\n});\nexport type CertificateAuthority = z.infer<typeof CertificateAuthoritySchema>;\n\nexport const DependabotProxyConfigSchema = z.object({\n all_credentials: DependabotCredentialSchema.array(),\n ca: CertificateAuthoritySchema,\n});\nexport type DependabotProxyConfig = z.infer<typeof DependabotProxyConfigSchema>;\n\nexport const DependabotSourceProviderSchema = z.enum(['azure', 'gitlab', 'bitbucket']);\nexport type DependabotSourceProvider = z.infer<typeof DependabotSourceProviderSchema>;\n\nexport const DependabotSourceSchema = z.object({\n provider: DependabotSourceProviderSchema,\n repo: z.string(),\n directory: z.string().nullish(),\n directories: z.string().array().nullish(),\n branch: z.string().nullish(),\n commit: z.string().nullish(),\n hostname: z.string().nullish(), // Must be provided if api-endpoint is\n 'api-endpoint': z.string().nullish(), // Must be provided if hostname is\n});\nexport type DependabotSource = z.infer<typeof DependabotSourceSchema>;\n\nexport const DependabotExistingPRSchema = z.object({\n 'dependency-name': z.string(),\n 'dependency-version': z.string().nullish(),\n directory: z.string().nullish(),\n removed: z.boolean().nullish(),\n});\nexport type DependabotExistingPR = z.infer<typeof DependabotExistingPRSchema>;\n\nexport const DependabotExistingGroupPRSchema = z.object({\n 'dependency-group-name': z.string(),\n dependencies: DependabotExistingPRSchema.array(),\n});\nexport type DependabotExistingGroupPR = z.infer<typeof DependabotExistingGroupPRSchema>;\n\nexport const DependabotAllowedSchema = z.object({\n 'dependency-name': z.string().nullish(),\n 'dependency-type': z.string().nullish(),\n 'update-type': z.enum(['all', 'security']).optional(),\n});\nexport type DependabotAllowed = z.infer<typeof DependabotAllowedSchema>;\n\nexport const DependabotGroupRuleJobSchema = z.object({\n patterns: z.string().array().nullish(),\n 'exclude-patterns': z.string().array().nullish(),\n 'dependency-type': z.string().nullish(),\n 'update-types': z.string().array().nullish(),\n});\nexport type DependabotGroupRuleJob = z.infer<typeof DependabotGroupRuleJobSchema>;\n\nexport const DependabotGroupJobSchema = z.object({\n name: z.string(),\n 'applies-to': z.string().nullish(),\n rules: DependabotGroupRuleJobSchema,\n});\nexport type DependabotGroupJob = z.infer<typeof DependabotGroupJobSchema>;\n\nexport const DependabotConditionSchema = z.object({\n 'dependency-name': z.string(),\n source: z.string().nullish(),\n 'update-types': z.string().array().nullish(),\n 'updated-at': z.coerce.string().nullish(),\n 'version-requirement': z.string().nullish(),\n});\nexport type DependabotCondition = z.infer<typeof DependabotConditionSchema>;\n\nexport const DependabotSecurityAdvisorySchema = z.object({\n 'dependency-name': z.string(),\n 'affected-versions': z.string().array(),\n 'patched-versions': z.string().array().nullish(), // may not be patched as of yet\n 'unaffected-versions': z.string().array(),\n});\nexport type DependabotSecurityAdvisory = z.infer<typeof DependabotSecurityAdvisorySchema>;\n\nexport const DependabotRequirementSourceSchema = z.record(z.string(), z.any());\nexport type DependabotRequirementSource = z.infer<typeof DependabotRequirementSourceSchema>;\n\nexport const DependabotRequirementSchema = z.object({\n file: z.string().nullish(), // e.g. 'requirements.txt' or '/Root.csproj'\n groups: z.string().array().nullish(), // e.g. ['dependencies']\n metadata: z.record(z.string(), z.any()).nullish(),\n requirement: z.string().nullish(), // e.g. '==3.2.0' or '8.1.0'\n source: DependabotRequirementSourceSchema.nullish(),\n version: z.string().nullish(),\n 'previous-version': z.string().nullish(),\n});\nexport type DependabotRequirement = z.infer<typeof DependabotRequirementSchema>;\n\nexport const DependabotDependencySchema = z.object({\n name: z.string(), // e.g. 'django' or 'GraphQL.Server.Ui.Voyager'\n 'previous-requirements': DependabotRequirementSchema.array().nullish(),\n 'previous-version': z.string().nullish(),\n version: z.string().nullish(), // e.g. '5.0.1' or '8.1.0'\n requirements: DependabotRequirementSchema.array().nullish(),\n removed: z.boolean().nullish(),\n directory: z.string().nullish(),\n});\nexport type DependabotDependency = z.infer<typeof DependabotDependencySchema>;\n\nexport const DependabotCommitOptionsSchema = z.object({\n prefix: z.string().nullish(),\n 'prefix-development': z.string().nullish(),\n 'include-scope': z.boolean().nullish(),\n});\nexport type DependabotCommitOptions = z.infer<typeof DependabotCommitOptionsSchema>;\n\nexport const DependabotExperimentsSchema = z.record(z.string(), z.union([z.string(), z.boolean()]));\nexport type DependabotExperiments = z.infer<typeof DependabotExperimentsSchema>;\n\nexport const DependabotPackageManagerSchema = z.enum([\n 'bundler',\n 'cargo',\n 'composer',\n 'pub',\n 'docker',\n 'elm',\n 'github_actions', // ecosystem(s): 'github-actions'\n 'submodules', // ecosystem(s): 'gitsubmodule'\n 'go_modules', // ecosystem(s): 'gomod'\n 'gradle',\n 'maven',\n 'hex', // ecosystem(s): 'mix'\n 'nuget',\n 'npm_and_yarn', // ecosystem(s): 'npm', 'pnpm', 'yarn'\n 'pip', // ecosystem(s): 'pipenv', 'pip-compile', 'poetry'\n 'rust_toolchain', // ecosystem(s): 'rust-toolchain'\n 'swift',\n 'terraform',\n 'devcontainers',\n 'dotnet_sdk', // ecosystem(s): 'dotnet-sdk'\n 'bun',\n 'docker_compose', // // ecosystem(s): 'docker-compose',\n 'uv',\n 'vcpkg',\n 'helm',\n 'julia',\n 'bazel',\n 'opentofu',\n]);\nexport type DependabotPackageManager = z.infer<typeof DependabotPackageManagerSchema>;\n\nexport const DependabotCommandSchema = z.enum(['graph', 'version', 'recreate']);\nexport type DependabotCommand = z.infer<typeof DependabotCommandSchema>;\n\n// See: https://github.com/dependabot/cli/blob/main/internal/model/job.go\n// https://github.com/dependabot/dependabot-core/blob/main/updater/lib/dependabot/job.rb\nexport const DependabotJobConfigSchema = z.object({\n id: z.string(),\n command: DependabotCommandSchema.optional(),\n 'package-manager': DependabotPackageManagerSchema,\n 'allowed-updates': DependabotAllowedSchema.array(),\n debug: z.boolean().nullable(),\n 'dependency-groups': DependabotGroupJobSchema.array().nullish(),\n dependencies: z.string().array().nullable(),\n 'dependency-group-to-refresh': z.string().nullish(),\n 'existing-pull-requests': DependabotExistingPRSchema.array().array(),\n 'existing-group-pull-requests': DependabotExistingGroupPRSchema.array(),\n experiments: DependabotExperimentsSchema,\n 'ignore-conditions': DependabotConditionSchema.array(),\n 'lockfile-only': z.boolean(),\n 'requirements-update-strategy': z.string().nullable(),\n 'security-advisories': DependabotSecurityAdvisorySchema.array(),\n 'security-updates-only': z.boolean(),\n source: DependabotSourceSchema,\n 'update-subdependencies': z.boolean(),\n 'updating-a-pull-request': z.boolean(),\n 'vendor-dependencies': z.boolean(),\n 'reject-external-code': z.boolean().nullish(),\n 'repo-private': z.boolean(),\n 'commit-message-options': DependabotCommitOptionsSchema,\n 'credentials-metadata': DependabotCredentialSchema.array().nullish(),\n 'max-updater-run-time': z.int().nullish(),\n cooldown: DependabotCooldownSchema.nullish(),\n 'proxy-log-response-body-on-auth-failure': z.boolean().nullish(),\n 'enable-beta-ecosystems': z.boolean().nullish(),\n 'multi-ecosystem-update': z.boolean().nullish(),\n 'exclude-paths': z.string().array().optional(),\n});\nexport type DependabotJobConfig = z.infer<typeof DependabotJobConfigSchema>;\n\nexport const DependabotJobFileSchema = z.object({\n job: DependabotJobConfigSchema,\n});\nexport type DependabotJobFile = z.infer<typeof DependabotJobFileSchema>;\n\n// Code below is borrowed and adapted from dependabot-action\n\n// biome-ignore-start lint/suspicious/noExplicitAny: generic\nexport type FetchedFiles = {\n base_commit_sha: string;\n dependency_files: any[];\n base64_dependency_files: any[];\n};\n// biome-ignore-end lint/suspicious/noExplicitAny: generic\n\nexport type FileFetcherInput = {\n job: DependabotJobConfig;\n};\n\nexport type FileUpdaterInput = FetchedFiles & {\n job: DependabotJobConfig;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwDA,SAAgB,iBAAiB,SAA0C;AAOzE,QAAO,GALW,eAAe,UAAU,QAAQ,YAAY,QAAQ,qBAKnD,IAFE,QAAQ,aAAa,QAAQ,YAAa,KAAK,IAAI;;;;;AC3D3E,eAAe,mBAAmB,EAChC,OACA,kBAI8B;AAC9B,KAAI,CAAC,MAAO,QAAO;CAEnB,MAAMA,UAA6B,mBAAmB,MAAM;CAC5D,IAAI,SAAS;AACb,MAAK,MAAM,SAAS,SAAS;EAC3B,MAAM,cAAc,MAAM;EAC1B,MAAM,OAAO,MAAM;EACnB,MAAM,QAAS,MAAM,eAAe,KAAK,IAAK;AAC9C,WAAS,OAAO,QAAQ,aAAa,MAAM;;AAE7C,QAAO;;AAGT,SAAS,mBAAmB,OAAe;CACzC,MAAMA,UAA6B,EAAE;CACrC,MAAMC,SAAiB;CAEvB,IAAI,cAAc;CAClB,IAAI,SAAS;AAEb,QAAO,YAAY,SAAS,GAAG;EAC7B,MAAM,QAAQ,YAAY,MAAM,OAAO;AACvC,MAAI,CAAC,SAAS,MAAM,UAAU,OAAW;EAGzC,MAAM,gBAAgB,OAAO,OAAO,CAAC,GAAG,MAAM,EAAE;GAC9C,OAAO,MAAM,QAAQ;GACd;GACP,QAAQ,MAAM;GACf,CAAC;AAEF,UAAQ,KAAK,cAAc;EAG3B,MAAM,YAAY,MAAM,QAAQ,MAAM,GAAG;AACzC,YAAU;AACV,gBAAc,YAAY,MAAM,UAAU;;AAG5C,QAAO;;;;;AC1CT,MAAa,2BAA2B,EACrC,OAAO;CACN,MAAM,EAAE,KAAK;EAIX;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD,CAAC;CACF,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,OAAO,EAAE,QAAQ,CAAC,UAAU;CAC5B,iBAAiB,EAAE,SAAS,CAAC,UAAU;CACvC,MAAM,EAAE,QAAQ,CAAC,UAAU;CAC3B,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,cAAc,EAAE,QAAQ,CAAC,UAAU;CACnC,MAAM,EAAE,QAAQ,CAAC,UAAU;CAC3B,0BAA0B,EAAE,QAAQ,CAAC,UAAU;CAC/C,aAAa,EAAE,QAAQ,CAAC,UAAU;CAClC,YAAY,EAAE,QAAQ,CAAC,UAAU;CACjC,aAAa,EAAE,QAAQ,CAAC,UAAU;CAClC,aAAa,EAAE,QAAQ,CAAC,UAAU;CACnC,CAAC,CAED,WAAW,WAAW;CAAE,GAAG;CAAO,MAAM,MAAM,KAAK,QAAQ,KAAK,IAAI;CAAE,EAAE;AAG3E,MAAa,wBAAwB,EAAE,OAAO;CAG5C,YAAY,EACT,QAAQ,CACR,MACC,EAAE,MAAM,qCAAqC,EAC3C,SACE,qHACH,CAAC,CACH,CACA,UAAU;CACb,cAAc,EAAE,KAAK,CAAC,mBAAmB,mBAAmB,CAAC,CAAC,UAAU;CACxE,mBAAmB,EAAE,KAAK,CAAC,eAAe,aAAa,CAAC,CAAC,UAAU;CACnE,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACvC,oBAAoB,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACjD,gBAAgB,EAAE,KAAK;EAAC;EAAS;EAAS;EAAQ,CAAC,CAAC,OAAO,CAAC,UAAU;CACvE,CAAC;AAGF,MAAa,iCAAiC,EAAE,OAAO;CACrD,mBAAmB,EAAE,QAAQ,CAAC,UAAU;CACxC,mBAAmB,EAAE,KAAK;EAAC;EAAU;EAAY;EAAO;EAAc;EAAc,CAAC,CAAC,UAAU;CAChG,eAAe,EAAE,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC,UAAU;CACtD,CAAC;AAGF,MAAa,kCAAkC,EAC5C,OAAO;CACN,mBAAmB,EAAE,QAAQ,CAAC,UAAU;CACxC,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,UAAU;CACtD,gBAAgB,EACb,KAAK;EAAC;EAA+B;EAA+B;EAA8B,CAAC,CACnG,OAAO,CACP,UAAU;CACd,CAAC,CACD,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC;AAGrC,MAAa,2BAA2B,EACrC,OAAO;CACN,UAAU,EAAE,KAAK;EAAC;EAAS;EAAU;EAAW;EAAa;EAAgB;EAAU;EAAO,CAAC;CAE/F,KAAK,EACF,KAAK;EAAC;EAAU;EAAU;EAAW;EAAa;EAAY;EAAU;EAAW,CAAC,CACpF,UAAU,CACV,QAAQ,SAAS;CAEpB,MAAM,EACH,QAAQ,CACR,QAAQ,QAAQ,CAChB,MAAM,EAAE,MAAM,uCAAuC,EAAE,SAAS,gCAAgC,CAAC,CAAC,CAClG,UAAU;CAEb,UAAU,EACP,QAAQ,CACR,UAAU,CACV,QAAQ,UAAU,CAClB,QACE,UAAU;AACT,MAAI;AAEF,QAAK,eAAe,QAAW,EAAE,UAAU,OAAO,CAAC;AACnD,UAAO;UACD;AACN,UAAO;;IAGX,EAAE,SAAS,0BAA0B,CACtC;CACH,SAAS,EACN,QAAQ,CACR,MAAM,EAAE,MAAM,yBAAyB,EAAE,SAAS,2CAA2C,CAAC,CAAC,CAC/F,UAAU;CACd,CAAC,CACD,WAAW,OAAO,EAAE,eAAe;AAElC,KAAI,MAAM,aAAa,UAAU,CAAC,MAAM,QACtC,UAAS,4EAA4E;AAGvF,QAAO;EACP;AAGJ,MAAa,gCAAgC,EAAE,OAAO;CACpD,QAAQ,EAAE,QAAQ,CAAC,UAAU;CAC7B,sBAAsB,EAAE,QAAQ,CAAC,UAAU;CAC3C,SAAS,EAAE,QAAQ,CAAC,UAAU;CAC/B,CAAC;AAGF,MAAa,2BAA2B,EAAE,OAAO;CAC/C,gBAAgB,EAAE,QAAQ,CAAC,UAAU;CACrC,qBAAqB,EAAE,QAAQ,CAAC,UAAU;CAC1C,qBAAqB,EAAE,QAAQ,CAAC,UAAU;CAC1C,qBAAqB,EAAE,QAAQ,CAAC,UAAU;CAC1C,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACtC,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACvC,CAAC;AAGF,MAAM,wCAAwC,EAAE,OAAO,EACrD,WAAW,EAAE,QAAQ,CAAC,UAAU,EACjC,CAAC;AAGF,MAAa,yBAAyB,EAAE,KAAK;CAI3C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,2BAA2B,EAAE,KAAK;CAAC;CAAQ;CAAY;CAAyB;CAAiB;CAAQ,CAAC;AAGvH,MAAa,yBAAyB,EACnC,OAAO;CACN,qBAAqB;CACrB,WAAW,EAAE,QAAQ,CAAC,UAAU;CAChC,aAAa,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC1C,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC9C,OAAO,+BAA+B,OAAO,CAAC,UAAU;CACxD,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACxC,kBAAkB,8BAA8B,UAAU;CAC1D,UAAU,yBAAyB,UAAU;CAC7C,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,sBAAsB,CAAC,UAAU;CAC9D,QAAQ,gCAAgC,OAAO,CAAC,UAAU;CAC1D,oCAAoC,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,CAAC,UAAU;CACxE,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACrC,WAAW,EAAE,OAAO,QAAQ,CAAC,UAAU;CACvC,4BAA4B,EAAE,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,UAAU;CAC1E,4BAA4B,sCAAsC,UAAU;CAC5E,mBAAmB,EAAE,QAAQ,CAAC,UAAU;CACxC,YAAY,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACzC,UAAU,yBAAyB,UAAU;CAC7C,iBAAiB,EAAE,QAAQ,CAAC,UAAU;CACtC,QAAQ,EAAE,SAAS,CAAC,UAAU;CAC9B,uBAAuB,yBAAyB,UAAU;CAC1D,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACvC,yBAAyB,EAAE,QAAQ,CAAC,UAAU;CAC/C,CAAC,CACD,WAAW,OAAO,EAAE,eAAe;AAElC,KAAI,CAAC,MAAM,cAAc,CAAC,MAAM,eAAe,MAAM,YAAY,WAAW,GAC1E,UAAS,gGAAgG;AAI3G,KAAI,MAAM,aAAa,YAAY,KAAK,MAAM,UAAU,CACtD,UAAS,uDAAuD;AAGlE,OAAM,gCAAgC;AAKtC,KAAI,MAAM,6BAA6B,CAAC,MAAM,YAAY,MAAM,SAAS,WAAW,GAClF,UACE,8GACD;AAGH,QAAO;EACP;AAGJ,MAAa,sCAAsC,EAAE,OAAO;CAC1D,UAAU;CACV,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACrC,WAAW,EAAE,OAAO,QAAQ,CAAC,UAAU;CACvC,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CACxC,iBAAiB,EAAE,QAAQ,CAAC,UAAU;CACtC,kBAAkB,8BAA8B,UAAU;CAC1D,4BAA4B,sCAAsC,UAAU;CAC7E,CAAC;;;;;AAOF,MAAa,yBAAyB,EACnC,OAAO;CAIN,SAAS,EAAE,QAAQ,CAAC,QAAQ,MAAM,MAAM,GAAG,EAAE,SAAS,6CAA6C,CAAC;CAKpG,0BAA0B,EAAE,OAAO,EAAE,QAAQ,EAAE,oCAAoC,CAAC,UAAU;CAM9F,SAAS,uBAAuB,OAAO,CAAC,MACtC,EAAE,UAAU,GAAG,EAAE,SAAS,iDAAiD,CAAC,CAC7E;CAMD,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,yBAAyB,CAAC,UAAU;CAMrE,0BAA0B,EAAE,SAAS,CAAC,UAAU;CACjD,CAAC,CACD,WAAW,OAAO,EAAE,eAAe;CAKlC,MAAM,gBAAgB;EAAC;EAAa;EAAiB;EAAkB;EAA2B;AAClG,KAAI,MAAM,2BACR;OAAK,MAAM,UAAU,MAAM,QACzB,MAAK,MAAM,OAAO,cAChB,KAAI,OAAO,OACT,UACE,QAAQ,IAAI,uHACb;;CAOT,MAAM,uBAAO,IAAI,KAAa;AAC9B,MAAK,MAAM,UAAU,MAAM,SAAS;EAClC,MAAM,MAAM,iBAAiB,OAAO;AACpC,MAAI,KAAK,IAAI,IAAI,CACf,UACE,6CAA6C,OAAO,qBAAqB,oBAAoB,OAAO,aAAa,OAAO,aAAa,KAAK,IAAI,CAAC,GAChJ;AAEH,OAAK,IAAI,IAAI;;CAIf,MAAMC,iBAAqC,CAAC,SAAS,WAAW;AAChE,KAAI,CAAC,MAAM,2BACT;OAAK,MAAM,UAAU,MAAM,QACzB,KAAI,eAAe,SAAS,OAAO,qBAAqB,CACtD,UACE,0BAA0B,OAAO,qBAAqB,0GACvD;;AAKP,QAAO;EACP;AAIJ,SAAgB,aAAa,QAA0B,YAAwC;CAC7F,MAAMC,UAA8B,EAAE;AAGtC,MAAK,MAAM,UAAU,OAAO,SAAS;AAInC,MAAI,OAAO,OACT,MAAK,MAAM,aAAa,OAAO,QAAQ;AACrC,aAAU,WAAW;AAErB,aAAU,mCAAkB,IAAI,MAAM,EAAC,aAAa;;AAIxD,UAAQ,KAAK,OAAO;;AAEtB,QAAO;;AAGT,eAAsB,gBACpB,QACA,gBAC6C;CAE7C,MAAMC,aAAiD,EAAE;AACzD,MAAK,MAAM,CAAC,KAAK,aAAa,OAAO,QAAQ,OAAO,cAAc,EAAE,CAAC,EAAE;EACrE,MAAM,UAAU,EAAE,GAAG,UAAU;EAC/B,MAAM,EAAE,SAAS;AAGjB,MAAI,SAAS,sBAAsB,CAAC,QAAQ,aAC1C,OAAM,IAAI,MAAM,2DAA2D,KAAK,cAAc;AAIhG,MAAI,SAAS,oBAAoB,CAAC,QAAQ,KACxC,OAAM,IAAI,MAAM,mDAAmD,IAAI,cAAc;AAIvF,UAAQ,WAAW,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAA0B;GAAgB,CAAC;AACxG,UAAQ,WAAW,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAA0B;GAAgB,CAAC;AACxG,UAAQ,MAAM,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAAqB;GAAgB,CAAC;AAC9F,UAAQ,QAAQ,MAAM,mBAAmB;GAAE,OAAO,QAAQ;GAAuB;GAAgB,CAAC;EAOlG,MAAM,MAAM,QAAQ;AACpB,MAAI,CAAC,OAAO,SAAS,mBACnB,OAAM,IAAI,MAAM,kDAAkD,IAAI,cAAc;AAEtF,MAAI,KAAK;AAaP,OAAI,IAAI,SAAS,IAAI,EAAE;IACrB,MAAM,YAAY,IAAI,IAAI,IAAI;AAG9B,QADoB,SAAS,qBAAqB,SAAS,eAC1C,SAAQ,WAAW,IAAI,QAAQ,YAAY,GAAG,CAAC,QAAQ,WAAW,GAAG;AAGtF,QADgB,SAAS,yBAAyB,SAAS,qBAC9C,SAAQ,OAAO,UAAU;;AAGxC,OAAI,SAAS,eAAgB,SAAQ,eAAe;AAOpD,OAJE,SAAS,qBACT,SAAS,kBACT,SAAS,wBACT,SAAS,eACI,QAAO,QAAQ;;AAIhC,aAAW,OAAO;;AAEpB,QAAO;;AAGT,SAAgB,sBAAsB,SAA6B,YAAgD;CACjH,MAAM,aAAa,OAAO,KAAK,WAAW;CAC1C,MAAMC,aAAuB,EAAE;AAC/B,MAAK,MAAM,KAAK,QAAS,YAAW,KAAK,GAAI,EAAE,cAAc,EAAE,CAAE;CAGjE,MAAM,uBAAuB,WAAW,QAAQ,OAAO,CAAC,WAAW,SAAS,GAAG,CAAC;AAChF,KAAI,qBAAqB,SAAS,EAChC,OAAM,IAAI,MACR,2BAA2B,qBAAqB,KAAK,IAAI,CAAC,0DAC3D;CAIH,MAAM,oBAAoB,WAAW,QAAQ,OAAO,CAAC,WAAW,SAAS,GAAG,CAAC;AAC7E,KAAI,kBAAkB,SAAS,EAC7B,OAAM,IAAI,MAAM,gBAAgB,kBAAkB,KAAK,IAAI,CAAC,0CAA0C;;;;;;AAQ1G,MAAa,6BAA6B;CACxC;CACA;CACA;CACA;CACD;;;;;AAMD,eAAsB,sBAAsB,EAC1C,gBACA,YACA,kBAK4B;CAE5B,MAAM,eAAe,KAAK,KAAK,eAAe;AAC9C,KAAI,iBAAiB,QAAQ,OAAO,iBAAiB,SACnD,OAAM,IAAI,MAAM,mCAAmC;CAIrD,MAAM,SAAS,MAAM,uBAAuB,WAAW,aAAa;CACpE,MAAM,UAAU,aAAa,QAAQ,WAAW;CAChD,MAAM,aAAa,MAAM,gBAAgB,QAAQ,eAAe;AAChE,uBAAsB,SAAS,WAAW;AAE1C,QAAO;EAAE,GAAG;EAAQ;EAAS;EAAY;;;;;AC1e3C,MAAa,6BAA6B,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC;AAGvE,MAAa,6BAA6B,EAAE,OAAO;CACjD,MAAM,EAAE,QAAQ;CAChB,KAAK,EAAE,QAAQ;CAChB,CAAC;AAGF,MAAa,8BAA8B,EAAE,OAAO;CAClD,iBAAiB,2BAA2B,OAAO;CACnD,IAAI;CACL,CAAC;AAGF,MAAa,iCAAiC,EAAE,KAAK;CAAC;CAAS;CAAU;CAAY,CAAC;AAGtF,MAAa,yBAAyB,EAAE,OAAO;CAC7C,UAAU;CACV,MAAM,EAAE,QAAQ;CAChB,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,aAAa,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACzC,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,UAAU,EAAE,QAAQ,CAAC,SAAS;CAC9B,gBAAgB,EAAE,QAAQ,CAAC,SAAS;CACrC,CAAC;AAGF,MAAa,6BAA6B,EAAE,OAAO;CACjD,mBAAmB,EAAE,QAAQ;CAC7B,sBAAsB,EAAE,QAAQ,CAAC,SAAS;CAC1C,WAAW,EAAE,QAAQ,CAAC,SAAS;CAC/B,SAAS,EAAE,SAAS,CAAC,SAAS;CAC/B,CAAC;AAGF,MAAa,kCAAkC,EAAE,OAAO;CACtD,yBAAyB,EAAE,QAAQ;CACnC,cAAc,2BAA2B,OAAO;CACjD,CAAC;AAGF,MAAa,0BAA0B,EAAE,OAAO;CAC9C,mBAAmB,EAAE,QAAQ,CAAC,SAAS;CACvC,mBAAmB,EAAE,QAAQ,CAAC,SAAS;CACvC,eAAe,EAAE,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC,UAAU;CACtD,CAAC;AAGF,MAAa,+BAA+B,EAAE,OAAO;CACnD,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACtC,oBAAoB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAChD,mBAAmB,EAAE,QAAQ,CAAC,SAAS;CACvC,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAC7C,CAAC;AAGF,MAAa,2BAA2B,EAAE,OAAO;CAC/C,MAAM,EAAE,QAAQ;CAChB,cAAc,EAAE,QAAQ,CAAC,SAAS;CAClC,OAAO;CACR,CAAC;AAGF,MAAa,4BAA4B,EAAE,OAAO;CAChD,mBAAmB,EAAE,QAAQ;CAC7B,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAC5C,cAAc,EAAE,OAAO,QAAQ,CAAC,SAAS;CACzC,uBAAuB,EAAE,QAAQ,CAAC,SAAS;CAC5C,CAAC;AAGF,MAAa,mCAAmC,EAAE,OAAO;CACvD,mBAAmB,EAAE,QAAQ;CAC7B,qBAAqB,EAAE,QAAQ,CAAC,OAAO;CACvC,oBAAoB,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CAChD,uBAAuB,EAAE,QAAQ,CAAC,OAAO;CAC1C,CAAC;AAGF,MAAa,oCAAoC,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC;AAG9E,MAAa,8BAA8B,EAAE,OAAO;CAClD,MAAM,EAAE,QAAQ,CAAC,SAAS;CAC1B,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,SAAS;CACpC,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,SAAS;CACjD,aAAa,EAAE,QAAQ,CAAC,SAAS;CACjC,QAAQ,kCAAkC,SAAS;CACnD,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC7B,oBAAoB,EAAE,QAAQ,CAAC,SAAS;CACzC,CAAC;AAGF,MAAa,6BAA6B,EAAE,OAAO;CACjD,MAAM,EAAE,QAAQ;CAChB,yBAAyB,4BAA4B,OAAO,CAAC,SAAS;CACtE,oBAAoB,EAAE,QAAQ,CAAC,SAAS;CACxC,SAAS,EAAE,QAAQ,CAAC,SAAS;CAC7B,cAAc,4BAA4B,OAAO,CAAC,SAAS;CAC3D,SAAS,EAAE,SAAS,CAAC,SAAS;CAC9B,WAAW,EAAE,QAAQ,CAAC,SAAS;CAChC,CAAC;AAGF,MAAa,gCAAgC,EAAE,OAAO;CACpD,QAAQ,EAAE,QAAQ,CAAC,SAAS;CAC5B,sBAAsB,EAAE,QAAQ,CAAC,SAAS;CAC1C,iBAAiB,EAAE,SAAS,CAAC,SAAS;CACvC,CAAC;AAGF,MAAa,8BAA8B,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC;AAGnG,MAAa,iCAAiC,EAAE,KAAK;CACnD;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAa,0BAA0B,EAAE,KAAK;CAAC;CAAS;CAAW;CAAW,CAAC;AAK/E,MAAa,4BAA4B,EAAE,OAAO;CAChD,IAAI,EAAE,QAAQ;CACd,SAAS,wBAAwB,UAAU;CAC3C,mBAAmB;CACnB,mBAAmB,wBAAwB,OAAO;CAClD,OAAO,EAAE,SAAS,CAAC,UAAU;CAC7B,qBAAqB,yBAAyB,OAAO,CAAC,SAAS;CAC/D,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC3C,+BAA+B,EAAE,QAAQ,CAAC,SAAS;CACnD,0BAA0B,2BAA2B,OAAO,CAAC,OAAO;CACpE,gCAAgC,gCAAgC,OAAO;CACvE,aAAa;CACb,qBAAqB,0BAA0B,OAAO;CACtD,iBAAiB,EAAE,SAAS;CAC5B,gCAAgC,EAAE,QAAQ,CAAC,UAAU;CACrD,uBAAuB,iCAAiC,OAAO;CAC/D,yBAAyB,EAAE,SAAS;CACpC,QAAQ;CACR,0BAA0B,EAAE,SAAS;CACrC,2BAA2B,EAAE,SAAS;CACtC,uBAAuB,EAAE,SAAS;CAClC,wBAAwB,EAAE,SAAS,CAAC,SAAS;CAC7C,gBAAgB,EAAE,SAAS;CAC3B,0BAA0B;CAC1B,wBAAwB,2BAA2B,OAAO,CAAC,SAAS;CACpE,wBAAwB,EAAE,KAAK,CAAC,SAAS;CACzC,UAAU,yBAAyB,SAAS;CAC5C,2CAA2C,EAAE,SAAS,CAAC,SAAS;CAChE,0BAA0B,EAAE,SAAS,CAAC,SAAS;CAC/C,0BAA0B,EAAE,SAAS,CAAC,SAAS;CAC/C,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU;CAC/C,CAAC;AAGF,MAAa,0BAA0B,EAAE,OAAO,EAC9C,KAAK,2BACN,CAAC"}