@qqbrowser/openclaw-qbot 0.10.18 → 0.10.20

package/node_modules/@aws-sdk/signature-v4-multi-region/package.json

@@ -1,15 +1,15 @@
 {
   "name": "@aws-sdk/signature-v4-multi-region",
-  "version": "3.996.33",
+  "version": "3.996.35",
   "scripts": {
     "build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
     "build:browser": "node ./test-browser/browser-build/esbuild",
     "build:cjs": "node ../../scripts/compilation/inline",
-    "build:es": "tsc -p tsconfig.es.json",
+    "build:es": "premove dist-es && tsc -p tsconfig.es.json",
     "build:include:deps": "yarn g:turbo run build -F=\"$npm_package_name\"",
-    "build:types": "tsc -p tsconfig.types.json",
+    "build:types": "premove dist-types && tsc -p tsconfig.types.json",
     "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
-    "clean": "premove dist-cjs dist-es dist-types tsconfig.cjs.tsbuildinfo tsconfig.es.tsbuildinfo tsconfig.types.tsbuildinfo",
+    "clean": "premove dist-cjs dist-es dist-types",
     "test": "yarn g:vitest run",
     "test:watch": "yarn g:vitest watch",
     "test:e2e": "yarn g:vitest run -c vitest.config.e2e.mts",
@@ -26,7 +26,7 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/types": "^3.973.12",
+    "@aws-sdk/types": "^3.973.13",
     "@smithy/signature-v4": "^5.4.6",
     "@smithy/types": "^4.14.3",
     "tslib": "^2.6.2"

package/node_modules/@aws-sdk/token-providers/dist-cjs/index.js

@@ -1,21 +1,19 @@
-'use strict';
-
-var client = require('@aws-sdk/core/client');
-var httpAuthSchemes = require('@aws-sdk/core/httpAuthSchemes');
-var config = require('@smithy/core/config');
-var node_fs = require('node:fs');
+const { setTokenFeature } = require("@aws-sdk/core/client");
+const { getBearerTokenEnvKey } = require("@aws-sdk/core/httpAuthSchemes");
+const { TokenProviderError, getSSOTokenFilepath, parseKnownFiles, getProfileName, loadSsoSessionData, getSSOTokenFromFile, memoize, chain } = require("@smithy/core/config");
+const { promises } = require("node:fs");
 
 const fromEnvSigningName = ({ logger, signingName } = {}) => async () => {
     logger?.debug?.("@aws-sdk/token-providers - fromEnvSigningName");
     if (!signingName) {
-        throw new config.TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger });
+        throw new TokenProviderError("Please pass 'signingName' to compute environment variable key", { logger });
     }
-    const bearerTokenKey = httpAuthSchemes.getBearerTokenEnvKey(signingName);
+    const bearerTokenKey = getBearerTokenEnvKey(signingName);
     if (!(bearerTokenKey in process.env)) {
-        throw new config.TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger });
+        throw new TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger });
     }
     const token = { token: process.env[bearerTokenKey] };
-    client.setTokenFeature(token, "BEARER_SERVICE_ENV_VARS", "3");
+    setTokenFeature(token, "BEARER_SERVICE_ENV_VARS", "3");
     return token;
 };
 
@@ -23,7 +21,7 @@ const EXPIRE_WINDOW_MS = 5 * 60 * 1000;
 const REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;
 
 const getSsoOidcClient = async (ssoRegion, init = {}, callerClientConfig) => {
-    const { SSOOIDCClient } = await import('@aws-sdk/nested-clients/sso-oidc');
+    const { SSOOIDCClient } = require('@aws-sdk/nested-clients/sso-oidc');
     const coalesce = (prop) => init.clientConfig?.[prop] ?? init.parentClientConfig?.[prop] ?? callerClientConfig?.[prop];
     const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {
         region: ssoRegion ?? init.clientConfig?.region,
@@ -34,7 +32,7 @@ const getSsoOidcClient = async (ssoRegion, init = {}, callerClientConfig) => {
 };
 
 const getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}, callerClientConfig) => {
-    const { CreateTokenCommand } = await import('@aws-sdk/nested-clients/sso-oidc');
+    const { CreateTokenCommand } = require('@aws-sdk/nested-clients/sso-oidc');
     const ssoOidcClient = await getSsoOidcClient(ssoRegion, init, callerClientConfig);
     return ssoOidcClient.send(new CreateTokenCommand({
         clientId: ssoToken.clientId,
@@ -46,19 +44,19 @@ const getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}, callerClientCo
 
 const validateTokenExpiry = (token) => {
     if (token.expiration && token.expiration.getTime() < Date.now()) {
-        throw new config.TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);
+        throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);
     }
 };
 
 const validateTokenKey = (key, value, forRefresh = false) => {
     if (typeof value === "undefined") {
-        throw new config.TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, false);
+        throw new TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, false);
     }
 };
 
-const { writeFile } = node_fs.promises;
+const { writeFile } = promises;
 const writeSSOTokenToFile = (id, ssoToken) => {
-    const tokenFilepath = config.getSSOTokenFilepath(id);
+    const tokenFilepath = getSSOTokenFilepath(id);
     const tokenString = JSON.stringify(ssoToken, null, 2);
     return writeFile(tokenFilepath, tokenString);
 };
@@ -66,36 +64,36 @@ const writeSSOTokenToFile = (id, ssoToken) => {
 const lastRefreshAttemptTime = new Date(0);
 const fromSso = (init = {}) => async ({ callerClientConfig } = {}) => {
     init.logger?.debug("@aws-sdk/token-providers - fromSso");
-    const profiles = await config.parseKnownFiles(init);
-    const profileName = config.getProfileName({
+    const profiles = await parseKnownFiles(init);
+    const profileName = getProfileName({
         profile: init.profile ?? callerClientConfig?.profile,
     });
     const profile = profiles[profileName];
     if (!profile) {
-        throw new config.TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);
+        throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);
     }
     else if (!profile["sso_session"]) {
-        throw new config.TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);
+        throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);
     }
     const ssoSessionName = profile["sso_session"];
-    const ssoSessions = await config.loadSsoSessionData(init);
+    const ssoSessions = await loadSsoSessionData(init);
     const ssoSession = ssoSessions[ssoSessionName];
     if (!ssoSession) {
-        throw new config.TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);
+        throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);
     }
     for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) {
         if (!ssoSession[ssoSessionRequiredKey]) {
-            throw new config.TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);
+            throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);
         }
     }
     ssoSession["sso_start_url"];
     const ssoRegion = ssoSession["sso_region"];
     let ssoToken;
     try {
-        ssoToken = await config.getSSOTokenFromFile(ssoSessionName);
+        ssoToken = await getSSOTokenFromFile(ssoSessionName);
     }
     catch (e) {
-        throw new config.TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);
+        throw new TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);
     }
     validateTokenKey("accessToken", ssoToken.accessToken);
     validateTokenKey("expiresAt", ssoToken.expiresAt);
@@ -141,13 +139,13 @@ const fromSso = (init = {}) => async ({ callerClientConfig } = {}) => {
 const fromStatic = ({ token, logger }) => async () => {
     logger?.debug("@aws-sdk/token-providers - fromStatic");
     if (!token || !token.token) {
-        throw new config.TokenProviderError(`Please pass a valid token to fromStatic`, false);
+        throw new TokenProviderError(`Please pass a valid token to fromStatic`, false);
     }
     return token;
 };
 
-const nodeProvider = (init = {}) => config.memoize(config.chain(fromSso(init), async () => {
-    throw new config.TokenProviderError("Could not load token from any providers", false);
+const nodeProvider = (init = {}) => memoize(chain(fromSso(init), async () => {
+    throw new TokenProviderError("Could not load token from any providers", false);
 }), (token) => token.expiration !== undefined && token.expiration.getTime() - Date.now() < 300000, (token) => token.expiration !== undefined);
 
 exports.fromEnvSigningName = fromEnvSigningName;

package/node_modules/@aws-sdk/token-providers/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@aws-sdk/token-providers",
-  "version": "3.1065.0",
+  "version": "3.1069.0",
   "description": "A collection of token providers",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
   "scripts": {
     "build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
     "build:cjs": "node ../../scripts/compilation/inline",
-    "build:es": "tsc -p tsconfig.es.json",
+    "build:es": "premove dist-es && tsc -p tsconfig.es.json",
     "build:include:deps": "yarn g:turbo run build -F=\"$npm_package_name\"",
-    "build:types": "tsc -p tsconfig.types.json",
+    "build:types": "premove dist-types && tsc -p tsconfig.types.json",
     "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
-    "clean": "premove dist-cjs dist-es dist-types tsconfig.cjs.tsbuildinfo tsconfig.es.tsbuildinfo tsconfig.types.tsbuildinfo",
+    "clean": "premove dist-cjs dist-es dist-types",
     "extract:docs": "api-extractor run --local",
     "test": "yarn g:vitest run",
     "test:watch": "yarn g:vitest watch",
@@ -29,9 +29,9 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/core": "^3.974.20",
-    "@aws-sdk/nested-clients": "^3.997.19",
-    "@aws-sdk/types": "^3.973.12",
+    "@aws-sdk/core": "^3.974.21",
+    "@aws-sdk/nested-clients": "^3.997.21",
+    "@aws-sdk/types": "^3.973.13",
     "@smithy/core": "^3.24.6",
     "@smithy/types": "^4.14.3",
     "tslib": "^2.6.2"

package/node_modules/@aws-sdk/types/dist-cjs/index.js

@@ -1,13 +1,12 @@
-'use strict';
+const { EndpointURLScheme, HttpAuthLocation, RequestHandlerProtocol } = require("@smithy/types");
+exports.EndpointURLScheme = EndpointURLScheme;
+exports.HttpAuthLocation = HttpAuthLocation;
+exports.RequestHandlerProtocol = RequestHandlerProtocol;
 
-var types = require('@smithy/types');
-
-exports.HostAddressType = void 0;
+var HostAddressType;
 (function (HostAddressType) {
     HostAddressType["AAAA"] = "AAAA";
     HostAddressType["A"] = "A";
-})(exports.HostAddressType || (exports.HostAddressType = {}));
+})(HostAddressType || (HostAddressType = {}));
 
-exports.EndpointURLScheme = types.EndpointURLScheme;
-exports.HttpAuthLocation = types.HttpAuthLocation;
-exports.RequestHandlerProtocol = types.RequestHandlerProtocol;
+exports.HostAddressType = HostAddressType;

package/node_modules/@aws-sdk/types/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/types",
-  "version": "3.973.12",
+  "version": "3.973.13",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
   "types": "./dist-types/index.d.ts",
@@ -8,11 +8,11 @@
   "scripts": {
     "build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
     "build:cjs": "node ../../scripts/compilation/inline",
-    "build:es": "tsc -p tsconfig.es.json",
+    "build:es": "premove dist-es && tsc -p tsconfig.es.json",
     "build:include:deps": "yarn g:turbo run build -F=\"$npm_package_name\"",
-    "build:types": "tsc -p tsconfig.types.json",
+    "build:types": "premove dist-types && tsc -p tsconfig.types.json",
     "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
-    "clean": "premove dist-cjs dist-es dist-types tsconfig.cjs.tsbuildinfo tsconfig.es.tsbuildinfo tsconfig.types.tsbuildinfo",
+    "clean": "premove dist-cjs dist-es dist-types",
     "extract:docs": "api-extractor run --local",
     "test": "tsc -p tsconfig.test.json"
   },

package/node_modules/@aws-sdk/util-locate-window/dist-cjs/index.js

@@ -1,5 +1,3 @@
-'use strict';
-
 const fallbackWindow = {};
 function locateWindow() {
     if (typeof window !== "undefined") {

package/node_modules/@aws-sdk/util-locate-window/package.json

@@ -1,14 +1,14 @@
 {
   "name": "@aws-sdk/util-locate-window",
-  "version": "3.965.7",
+  "version": "3.965.8",
   "scripts": {
     "build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
     "build:cjs": "node ../../scripts/compilation/inline",
-    "build:es": "tsc -p tsconfig.es.json",
+    "build:es": "premove dist-es && tsc -p tsconfig.es.json",
     "build:include:deps": "yarn g:turbo run build -F=\"$npm_package_name\"",
-    "build:types": "tsc -p tsconfig.types.json",
+    "build:types": "premove dist-types && tsc -p tsconfig.types.json",
     "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
-    "clean": "premove dist-cjs dist-es dist-types tsconfig.cjs.tsbuildinfo tsconfig.es.tsbuildinfo tsconfig.types.tsbuildinfo",
+    "clean": "premove dist-cjs dist-es dist-types",
     "test": "yarn g:vitest run",
     "test:watch": "yarn g:vitest watch"
   },

package/node_modules/@aws-sdk/xml-builder/dist-cjs/index.js

@@ -1,6 +1,5 @@
-'use strict';
-
-var xmlParser = require('./xml-parser');
+const { parseXML } = require("./xml-parser");
+exports.parseXML = parseXML;
 
 const ATTR_ESCAPE_RE = /[&<>"]/g;
 const ATTR_ESCAPE_MAP = {
@@ -126,6 +125,5 @@ class XmlNode {
     }
 }
 
-exports.parseXML = xmlParser.parseXML;
 exports.XmlNode = XmlNode;
 exports.XmlText = XmlText;

package/node_modules/@aws-sdk/xml-builder/dist-cjs/xml-external/nodable_entities.js

@@ -1,13 +1,11 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.EntityDecoderImpl = exports.CURRENCY = exports.COMMON_HTML = exports.XML = void 0;
-exports.XML = {
+const XML = {
     amp: "&",
     apos: "'",
     gt: ">",
     lt: "<",
     quot: '"',
 };
+exports.XML = XML;
 exports.COMMON_HTML = {
     nbsp: "\u00a0",
     copy: "\u00a9",
@@ -110,7 +108,7 @@ function parseNCRConfig(ncr) {
     const clampedNull = Math.max(nullLevel, NCR_LEVEL.remove);
     return { xmlVersion, onLevel, nullLevel: clampedNull };
 }
-const EntityDecoderImpl = class EntityDecoderImpl {
+exports.EntityDecoderImpl = class EntityDecoderImpl {
     _limit;
     _maxTotalExpansions;
     _maxExpandedLength;
@@ -134,7 +132,7 @@ const EntityDecoderImpl = class EntityDecoderImpl {
         this._postCheck = typeof options.postCheck === "function" ? options.postCheck : (r) => r;
         this._limitTiers = parseLimitTiers(this._limit.applyLimitsTo ?? LIMIT_TIER_EXTERNAL);
         this._numericAllowed = options.numericAllowed ?? true;
-        this._baseMap = mergeEntityMaps(exports.XML, options.namedEntities || null);
+        this._baseMap = mergeEntityMaps(XML, options.namedEntities || null);
         this._externalMap = Object.create(null);
         this._inputMap = Object.create(null);
         this._totalExpansions = 0;
@@ -333,4 +331,3 @@ const EntityDecoderImpl = class EntityDecoderImpl {
         return this._applyNCRAction(effective, token, cp);
     }
 };
-exports.EntityDecoderImpl = EntityDecoderImpl;

package/node_modules/@aws-sdk/xml-builder/dist-cjs/xml-parser.browser.js

@@ -1,8 +1,5 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseXML = parseXML;
 let parser;
-function parseXML(xmlString) {
+exports.parseXML = function parseXML(xmlString) {
     if (!parser) {
         parser = new DOMParser();
     }
@@ -57,4 +54,4 @@ function parseXML(xmlString) {
     return {
         [xmlDocument.documentElement.nodeName]: xmlToObj(xmlDocument.documentElement),
     };
-}
+};

package/node_modules/@aws-sdk/xml-builder/dist-cjs/xml-parser.js

@@ -1,10 +1,7 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseXML = parseXML;
-const fast_xml_parser_1 = require("fast-xml-parser");
-const nodable_entities_1 = require("./xml-external/nodable_entities");
-const entityDecoder = new nodable_entities_1.EntityDecoderImpl({
-    namedEntities: { ...nodable_entities_1.XML, ...nodable_entities_1.COMMON_HTML, ...nodable_entities_1.CURRENCY },
+const { XMLParser } = require("fast-xml-parser");
+const { COMMON_HTML, CURRENCY, EntityDecoderImpl, XML } = require("./xml-external/nodable_entities");
+const entityDecoder = new EntityDecoderImpl({
+    namedEntities: { ...XML, ...COMMON_HTML, ...CURRENCY },
     numericAllowed: true,
     limit: {
         maxTotalExpansions: Infinity,
@@ -13,7 +10,7 @@ const entityDecoder = new nodable_entities_1.EntityDecoderImpl({
         xmlVersion: 1.1,
     },
 });
-const parser = new fast_xml_parser_1.XMLParser({
+const parser = new XMLParser({
     attributeNamePrefix: "",
     processEntities: {
         enabled: true,
@@ -42,6 +39,6 @@ const parser = new fast_xml_parser_1.XMLParser({
     tagValueProcessor: (_, val) => (val.trim() === "" && val.includes("\n") ? "" : undefined),
     maxNestedTags: Infinity,
 });
-function parseXML(xmlString) {
+exports.parseXML = function parseXML(xmlString) {
     return parser.parse(xmlString, true);
-}
+};

package/node_modules/@aws-sdk/xml-builder/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/xml-builder",
-  "version": "3.972.29",
+  "version": "3.972.30",
   "description": "XML utilities for the AWS SDK",
   "dependencies": {
     "@smithy/types": "^4.14.3",
@@ -10,11 +10,11 @@
   "scripts": {
     "build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
     "build:cjs": "node ../../scripts/compilation/inline",
-    "build:es": "tsc -p tsconfig.es.json",
+    "build:es": "premove dist-es && tsc -p tsconfig.es.json",
     "build:include:deps": "yarn g:turbo run build -F=\"$npm_package_name\"",
-    "build:types": "tsc -p tsconfig.types.json",
+    "build:types": "premove dist-types && tsc -p tsconfig.types.json",
     "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
-    "clean": "premove dist-cjs dist-es dist-types tsconfig.cjs.tsbuildinfo tsconfig.es.tsbuildinfo tsconfig.types.tsbuildinfo",
+    "clean": "premove dist-cjs dist-es dist-types",
     "test": "yarn g:vitest run",
     "test:watch": "yarn g:vitest watch"
   },

package/node_modules/@line/bot-sdk/node_modules/@types/node/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@types/node",
-    "version": "24.13.1",
+    "version": "24.13.2",
     "description": "TypeScript definitions for node",
     "homepage": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node",
     "license": "MIT",
@@ -150,6 +150,6 @@
         "undici-types": "~7.18.0"
     },
     "peerDependencies": {},
-    "typesPublisherContentHash": "fa312cd3b08062d3d95a56c5ce645db8cdd1bf6221ced016b849492c72d3286c",
+    "typesPublisherContentHash": "a89004d9764ce24ab2bba15ae9f27f0c75ae8c293f77ce7f8846bbe10f8e18a8",
     "typeScriptVersion": "5.3"
 }

package/node_modules/@nodable/entities/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nodable/entities",
-  "version": "2.1.1",
+  "version": "2.2.0",
   "description": "Entity parser for XML, HTML, External entites with security and NCR control",
   "main": "./src/index.js",
   "type": "module",
@@ -25,10 +25,13 @@
     "xml",
     "html",
     "entity",
+    "entities",
+    "stringify",
     "encode",
     "decode",
     "ncr",
     "security",
+    "safe",
     "performance"
   ],
   "author": "Amit Gupta (https://solothought.com)",

package/node_modules/@nodable/entities/src/EntityDecoder.js

@@ -5,6 +5,30 @@
 
 import { XML as DEFAULT_XML_ENTITIES } from "./entities.js"
 
+// ---------------------------------------------------------------------------
+// Entity hook action constants
+// ---------------------------------------------------------------------------
+
+/**
+ * Action constants for `onExternalEntity` and `onInputEntity` hooks.
+ *
+ * Use these instead of raw strings to avoid typos:
+ *
+ * @example
+ * import EntityDecoder, { ENTITY_ACTION } from './EntityDecoder.js';
+ * const dec = new EntityDecoder({
+ *   onInputEntity: (name, value) => ENTITY_ACTION.BLOCK,
+ * });
+ */
+export const ENTITY_ACTION = Object.freeze({
+  /** Resolve and expand the entity normally. */
+  ALLOW: 'allow',
+  /** Silently skip this entity — it will not be registered. */
+  BLOCK: 'block',
+  /** Throw an error, aborting entity registration entirely. */
+  THROW: 'throw',
+});
+
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
@@ -169,6 +193,14 @@ export default class EntityDecoder {
    *   the effective action is max(onNCR, rangeMinimum).
    * @param {'remove'|'throw'} [options.ncr.nullNCR='remove']
    *   Action for U+0000 (null). 'allow' and 'leave' are clamped to 'remove' since null is never safe.
+   * @param {((name: string, value: string) => 'allow'|'block'|'throw')|null} [options.onExternalEntity=null]
+   *   Hook called when an external entity is registered via `setExternalEntities()` or
+   *   `addExternalEntity()`. Return `ENTITY_ACTION.ALLOW` to accept the entity,
+   *   `ENTITY_ACTION.BLOCK` to silently skip it, or `ENTITY_ACTION.THROW` to abort with an error.
+   * @param {((name: string, value: string) => 'allow'|'block'|'throw')|null} [options.onInputEntity=null]
+   *   Hook called when an input entity is registered via `addInputEntities()`. Return
+   *   `ENTITY_ACTION.ALLOW` to accept, `ENTITY_ACTION.BLOCK` to silently skip, or
+   *   `ENTITY_ACTION.THROW` to abort with an error.
    */
   constructor(options = {}) {
     this._limit = options.limit || {};
@@ -204,6 +236,43 @@ export default class EntityDecoder {
     this._ncrXmlVersion = ncrCfg.xmlVersion;
     this._ncrOnLevel = ncrCfg.onLevel;
     this._ncrNullLevel = ncrCfg.nullLevel;
+
+    // --- Registration hooks ---
+    /** @type {((name: string, value: string) => 'allow'|'block'|'throw')|null} */
+    this._onExternalEntity = typeof options.onExternalEntity === 'function'
+      ? options.onExternalEntity
+      : null;
+    /** @type {((name: string, value: string) => 'allow'|'block'|'throw')|null} */
+    this._onInputEntity = typeof options.onInputEntity === 'function'
+      ? options.onInputEntity
+      : null;
+  }
+
+  // -------------------------------------------------------------------------
+  // Private: registration hook dispatch
+  // -------------------------------------------------------------------------
+
+  /**
+   * Invoke a registration hook for a single entity name/value pair.
+   * Returns true when the entity should be accepted, false when it should be
+   * silently skipped (BLOCK), and throws when the hook returns THROW.
+   *
+   * @param {((name: string, value: string) => 'allow'|'block'|'throw')|null} hook
+   * @param {string} name
+   * @param {string} value
+   * @param {string} context  — used in error messages ('external' | 'input')
+   * @returns {boolean}  true = accept, false = skip
+   */
+  _applyRegistrationHook(hook, name, value, context) {
+    if (!hook) return true; // no hook → always accept
+    const action = hook(name, value);
+    if (action === ENTITY_ACTION.BLOCK) return false;
+    if (action === ENTITY_ACTION.THROW) {
+      throw new Error(
+        `[EntityDecoder] Registration of ${context} entity "&${name};" was rejected by hook`
+      );
+    }
+    return true; // ALLOW or any unknown return value → accept
   }
 
   // -------------------------------------------------------------------------
@@ -213,6 +282,9 @@ export default class EntityDecoder {
   /**
    * Replace the full set of persistent external entities.
    * All keys are validated — throws on invalid characters.
+   * If `onExternalEntity` is set, it is called once per entry; entries that
+   * return `ENTITY_ACTION.BLOCK` are silently omitted, `ENTITY_ACTION.THROW`
+   * aborts the whole call.
    * @param {Record<string, string | { regex?: RegExp, val: string }>} map
    */
   setExternalEntities(map) {
@@ -221,18 +293,34 @@ export default class EntityDecoder {
         validateEntityName(key);
       }
     }
-    this._externalMap = mergeEntityMaps(map);
+    if (!this._onExternalEntity) {
+      this._externalMap = mergeEntityMaps(map);
+      return;
+    }
+    // Hook present — resolve values first, then filter
+    const flat = mergeEntityMaps(map);
+    const filtered = Object.create(null);
+    for (const [name, value] of Object.entries(flat)) {
+      if (this._applyRegistrationHook(this._onExternalEntity, name, value, 'external')) {
+        filtered[name] = value;
+      }
+    }
+    this._externalMap = filtered;
   }
 
   /**
    * Add a single persistent external entity.
+   * If `onExternalEntity` is set it is called before the entity is stored;
+   * `ENTITY_ACTION.BLOCK` silently skips storage, `ENTITY_ACTION.THROW` raises.
    * @param {string} key
    * @param {string} value
    */
   addExternalEntity(key, value) {
     validateEntityName(key);
     if (typeof value === 'string' && value.indexOf('&') === -1) {
-      this._externalMap[key] = value;
+      if (this._applyRegistrationHook(this._onExternalEntity, key, value, 'external')) {
+        this._externalMap[key] = value;
+      }
     }
   }
 
@@ -243,12 +331,25 @@ export default class EntityDecoder {
   /**
    * Inject DOCTYPE entities for the current document.
    * Also resets per-document expansion counters.
+   * If `onInputEntity` is set it is called once per entry; entries returning
+   * `ENTITY_ACTION.BLOCK` are silently omitted, `ENTITY_ACTION.THROW` aborts.
    * @param {Record<string, string | { regx?: RegExp, regex?: RegExp, val: string }>} map
    */
   addInputEntities(map) {
     this._totalExpansions = 0;
     this._expandedLength = 0;
-    this._inputMap = mergeEntityMaps(map);
+    if (!this._onInputEntity) {
+      this._inputMap = mergeEntityMaps(map);
+      return;
+    }
+    const flat = mergeEntityMaps(map);
+    const filtered = Object.create(null);
+    for (const [name, value] of Object.entries(flat)) {
+      if (this._applyRegistrationHook(this._onInputEntity, name, value, 'input')) {
+        filtered[name] = value;
+      }
+    }
+    this._inputMap = filtered;
   }
 
   // -------------------------------------------------------------------------

package/node_modules/@nodable/entities/src/index.js

@@ -6,7 +6,7 @@
 
  */
 
-export { default as EntityDecoder } from './EntityDecoder.js';
+export { default as EntityDecoder, ENTITY_ACTION } from './EntityDecoder.js';
 export {
   COMMON_HTML,
   XML,

package/node_modules/@slack/oauth/node_modules/@slack/web-api/dist/chat-stream.js

@@ -46,6 +46,14 @@ class ChatStreamer {
         this.state = 'starting';
         this.streamArgs = args;
     }
+    /**
+     * @description The message timestamp of the stream. Returns `undefined` until the first flush
+     * (when `chat.startStream` is called).
+     * @see {@link https://docs.slack.dev/reference/methods/chat.update}
+     */
+    get ts() {
+        return this.streamTs;
+    }
     /**
      * Append to the stream.
      *

package/node_modules/@slack/oauth/node_modules/@slack/web-api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@slack/web-api",
-  "version": "7.16.0",
+  "version": "7.17.0",
   "description": "Official library for using the Slack Platform's Web API",
   "author": "Slack Technologies, LLC",
   "license": "MIT",