@shawnstack/quickforge 1.3.20 → 1.3.22

package/node_modules/@smithy/credential-provider-imds/dist-es/fromContainerMetadata.js

@@ -1,4 +1,3 @@
-import { parse } from "node:url";
 import { CredentialsProviderError } from "@smithy/core/config";
 import { fromImdsCredentials, isImdsCredentials } from "./remoteProvider/ImdsCredentials";
 import { providerConfigFromInit } from "./remoteProvider/RemoteProviderInit";
@@ -34,14 +33,8 @@ const requestFromEcsImds = async (timeout, options) => {
     return buffer.toString();
 };
 const CMDS_IP = "169.254.170.2";
-const GREENGRASS_HOSTS = {
-    localhost: true,
-    "127.0.0.1": true,
-};
-const GREENGRASS_PROTOCOLS = {
-    "http:": true,
-    "https:": true,
-};
+const GREENGRASS_HOSTS = new Set(["localhost", "127.0.0.1"]);
+const GREENGRASS_PROTOCOLS = new Set(["http:", "https:"]);
 const getCmdsUri = async ({ logger }) => {
     if (process.env[ENV_CMDS_RELATIVE_URI]) {
         return {
@@ -50,21 +43,29 @@ const getCmdsUri = async ({ logger }) => {
         };
     }
     if (process.env[ENV_CMDS_FULL_URI]) {
-        const parsed = parse(process.env[ENV_CMDS_FULL_URI]);
-        if (!parsed.hostname || !(parsed.hostname in GREENGRASS_HOSTS)) {
+        let parsed;
+        try {
+            parsed = new URL(process.env[ENV_CMDS_FULL_URI]);
+        }
+        catch {
+            throw new CredentialsProviderError(`${process.env[ENV_CMDS_FULL_URI]} is not a valid container metadata service URL`, { tryNextLink: false, logger });
+        }
+        if (!parsed.hostname || !GREENGRASS_HOSTS.has(parsed.hostname)) {
             throw new CredentialsProviderError(`${parsed.hostname} is not a valid container metadata service hostname`, {
                 tryNextLink: false,
                 logger,
             });
         }
-        if (!parsed.protocol || !(parsed.protocol in GREENGRASS_PROTOCOLS)) {
+        if (!parsed.protocol || !GREENGRASS_PROTOCOLS.has(parsed.protocol)) {
             throw new CredentialsProviderError(`${parsed.protocol} is not a valid container metadata service protocol`, {
                 tryNextLink: false,
                 logger,
             });
         }
         return {
-            ...parsed,
+            protocol: parsed.protocol,
+            hostname: parsed.hostname,
+            path: parsed.pathname + parsed.search,
             port: parsed.port ? parseInt(parsed.port, 10) : undefined,
         };
     }

package/node_modules/@smithy/credential-provider-imds/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/credential-provider-imds",
-  "version": "4.3.4",
+  "version": "4.3.6",
   "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -27,7 +27,7 @@
   "license": "Apache-2.0",
   "sideEffects": false,
   "dependencies": {
-    "@smithy/core": "^3.24.4",
+    "@smithy/core": "^3.24.5",
     "@smithy/types": "^4.14.2",
     "tslib": "^2.6.2"
   },

package/node_modules/@smithy/fetch-http-handler/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/fetch-http-handler",
-  "version": "5.4.4",
+  "version": "5.4.5",
   "description": "Provides a way to make requests",
   "scripts": {
     "build": "concurrently 'yarn:build:types' 'yarn:build:es:cjs'",
@@ -27,7 +27,7 @@
   "module": "./dist-es/index.js",
   "types": "./dist-types/index.d.ts",
   "dependencies": {
-    "@smithy/core": "^3.24.4",
+    "@smithy/core": "^3.24.5",
     "@smithy/types": "^4.14.2",
     "tslib": "^2.6.2"
   },

package/node_modules/@smithy/node-http-handler/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/node-http-handler",
-  "version": "4.7.4",
+  "version": "4.7.5",
   "description": "Provides a way to make requests",
   "scripts": {
     "build": "concurrently 'yarn:build:types' 'yarn:build:es:cjs'",
@@ -26,7 +26,7 @@
   "module": "./dist-es/index.js",
   "types": "./dist-types/index.d.ts",
   "dependencies": {
-    "@smithy/core": "^3.24.4",
+    "@smithy/core": "^3.24.5",
     "@smithy/types": "^4.14.2",
     "tslib": "^2.6.2"
   },

package/node_modules/@smithy/signature-v4/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/signature-v4",
-  "version": "5.4.4",
+  "version": "5.4.5",
   "description": "A standalone implementation of the AWS Signature V4 request signing algorithm",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -25,7 +25,7 @@
   "license": "Apache-2.0",
   "sideEffects": false,
   "dependencies": {
-    "@smithy/core": "^3.24.4",
+    "@smithy/core": "^3.24.5",
     "@smithy/types": "^4.14.2",
     "tslib": "^2.6.2"
   },

package/node_modules/eventsource-parser/README.md

@@ -109,6 +109,28 @@ const parser = createParser({
 > [!NOTE]
 > Leading whitespace is not stripped from comments, eg `: comment` will give ` comment` as the comment value, not `comment` (note the leading space).
 
+### Limiting buffered memory (`maxBufferSize`)
+
+By default the parser buffers data indefinitely until a server completes an event. A server (or proxy) that never terminates a line, or that keeps appending `data:` lines without ever sending a blank line to dispatch the event, can therefore grow the parser's buffers without bound.
+
+Pass a `maxBufferSize` (in characters) to `createParser` to cap this. If the combined size of the pending line buffer and the in-progress event's data buffer exceeds the limit, the parser emits a `ParseError` with `type: 'max-buffer-size-exceeded'` and becomes terminated: subsequent calls to `feed()` will throw until `reset()` is called.
+
+```ts
+const parser = createParser({
+  maxBufferSize: 1024 * 1024, // 1 MB
+  onEvent(event) {
+    // …
+  },
+  onError(error) {
+    if (error.type === 'max-buffer-size-exceeded') {
+      // Stream peer is misbehaving — typically you'd close the connection.
+    }
+  },
+})
+```
+
+The same option is available on the [stream variant](#stream-usage); the stream is always errored when this limit is exceeded, regardless of the `onError` setting (since the underlying parser is unrecoverable without a `reset()`).
+
 ## Stream usage
 
 ```ts
@@ -119,6 +141,15 @@ const eventStream = response.body
   .pipeThrough(new EventSourceParserStream())
 ```
 
+The stream constructor accepts a subset of the `createParser` options (`onComment`, `onRetry`, `maxBufferSize`) plus an `onError` that can either be a function or set to `'terminate'` to error the stream on parse errors. Events are delivered through the stream itself rather than via an `onEvent` callback:
+
+```ts
+new EventSourceParserStream({
+  maxBufferSize: 1024 * 1024,
+  onError: 'terminate',
+})
+```
+
 Note that the TransformStream is exposed under a separate export (`eventsource-parser/stream`), in order to maximize compatibility with environments that do not have the `TransformStream` constructor available.
 
 ## License

package/node_modules/eventsource-parser/dist/index.cjs

@@ -8,29 +8,40 @@ class ParseError extends Error {
 const LF = 10, CR = 13, SPACE = 32;
 function noop(_arg) {
 }
-function createParser(callbacks) {
-  if (typeof callbacks == "function")
+function createParser(config) {
+  if (typeof config == "function")
     throw new TypeError(
-      "`callbacks` must be an object, got a function instead. Did you mean `{onEvent: fn}`?"
+      "`config` must be an object, got a function instead. Did you mean `createParser({onEvent: fn})`?"
     );
-  const { onEvent = noop, onError = noop, onRetry = noop, onComment } = callbacks, pendingFragments = [];
-  let isFirstChunk = !0, id, data = "", dataLines = 0, eventType;
+  const { onEvent = noop, onError = noop, onRetry = noop, onComment, maxBufferSize } = config, pendingFragments = [];
+  let pendingFragmentsLength = 0, isFirstChunk = !0, id, data = "", dataLines = 0, eventType, terminated = !1;
   function feed(chunk) {
+    if (terminated)
+      throw new Error(
+        "Cannot feed parser: it was terminated after exceeding the configured max buffer size. Call `reset()` to resume parsing."
+      );
     if (isFirstChunk && (isFirstChunk = !1, chunk.charCodeAt(0) === 239 && chunk.charCodeAt(1) === 187 && chunk.charCodeAt(2) === 191 && (chunk = chunk.slice(3))), pendingFragments.length === 0) {
       const trailing2 = processLines(chunk);
-      trailing2 !== "" && pendingFragments.push(trailing2);
+      trailing2 !== "" && (pendingFragments.push(trailing2), pendingFragmentsLength = trailing2.length), checkBufferSize();
       return;
     }
     if (chunk.indexOf(`
 `) === -1 && chunk.indexOf("\r") === -1) {
-      pendingFragments.push(chunk);
+      pendingFragments.push(chunk), pendingFragmentsLength += chunk.length, checkBufferSize();
       return;
     }
     pendingFragments.push(chunk);
     const input = pendingFragments.join("");
-    pendingFragments.length = 0;
+    pendingFragments.length = 0, pendingFragmentsLength = 0;
     const trailing = processLines(input);
-    trailing !== "" && pendingFragments.push(trailing);
+    trailing !== "" && (pendingFragments.push(trailing), pendingFragmentsLength = trailing.length), checkBufferSize();
+  }
+  function checkBufferSize() {
+    maxBufferSize !== void 0 && (pendingFragmentsLength + data.length <= maxBufferSize || (terminated = !0, pendingFragments.length = 0, pendingFragmentsLength = 0, id = void 0, data = "", dataLines = 0, eventType = void 0, onError(
+      new ParseError(`Buffered data exceeded max buffer size of ${maxBufferSize} characters`, {
+        type: "max-buffer-size-exceeded"
+      })
+    )));
   }
   function processLines(chunk) {
     let searchIndex = 0;
@@ -151,7 +162,7 @@ ${value}`, dataLines++;
       const incompleteLine = pendingFragments.join("");
       parseLine(incompleteLine, 0, incompleteLine.length);
     }
-    isFirstChunk = !0, id = void 0, data = "", dataLines = 0, eventType = void 0, pendingFragments.length = 0;
+    isFirstChunk = !0, id = void 0, data = "", dataLines = 0, eventType = void 0, pendingFragments.length = 0, pendingFragmentsLength = 0, terminated = !1;
   }
   return { feed, reset };
 }

package/node_modules/eventsource-parser/dist/index.js

@@ -6,29 +6,40 @@ class ParseError extends Error {
 const LF = 10, CR = 13, SPACE = 32;
 function noop(_arg) {
 }
-function createParser(callbacks) {
-  if (typeof callbacks == "function")
+function createParser(config) {
+  if (typeof config == "function")
     throw new TypeError(
-      "`callbacks` must be an object, got a function instead. Did you mean `{onEvent: fn}`?"
+      "`config` must be an object, got a function instead. Did you mean `createParser({onEvent: fn})`?"
     );
-  const { onEvent = noop, onError = noop, onRetry = noop, onComment } = callbacks, pendingFragments = [];
-  let isFirstChunk = !0, id, data = "", dataLines = 0, eventType;
+  const { onEvent = noop, onError = noop, onRetry = noop, onComment, maxBufferSize } = config, pendingFragments = [];
+  let pendingFragmentsLength = 0, isFirstChunk = !0, id, data = "", dataLines = 0, eventType, terminated = !1;
   function feed(chunk) {
+    if (terminated)
+      throw new Error(
+        "Cannot feed parser: it was terminated after exceeding the configured max buffer size. Call `reset()` to resume parsing."
+      );
     if (isFirstChunk && (isFirstChunk = !1, chunk.charCodeAt(0) === 239 && chunk.charCodeAt(1) === 187 && chunk.charCodeAt(2) === 191 && (chunk = chunk.slice(3))), pendingFragments.length === 0) {
       const trailing2 = processLines(chunk);
-      trailing2 !== "" && pendingFragments.push(trailing2);
+      trailing2 !== "" && (pendingFragments.push(trailing2), pendingFragmentsLength = trailing2.length), checkBufferSize();
       return;
     }
     if (chunk.indexOf(`
 `) === -1 && chunk.indexOf("\r") === -1) {
-      pendingFragments.push(chunk);
+      pendingFragments.push(chunk), pendingFragmentsLength += chunk.length, checkBufferSize();
       return;
     }
     pendingFragments.push(chunk);
     const input = pendingFragments.join("");
-    pendingFragments.length = 0;
+    pendingFragments.length = 0, pendingFragmentsLength = 0;
     const trailing = processLines(input);
-    trailing !== "" && pendingFragments.push(trailing);
+    trailing !== "" && (pendingFragments.push(trailing), pendingFragmentsLength = trailing.length), checkBufferSize();
+  }
+  function checkBufferSize() {
+    maxBufferSize !== void 0 && (pendingFragmentsLength + data.length <= maxBufferSize || (terminated = !0, pendingFragments.length = 0, pendingFragmentsLength = 0, id = void 0, data = "", dataLines = 0, eventType = void 0, onError(
+      new ParseError(`Buffered data exceeded max buffer size of ${maxBufferSize} characters`, {
+        type: "max-buffer-size-exceeded"
+      })
+    )));
   }
   function processLines(chunk) {
     let searchIndex = 0;
@@ -149,7 +160,7 @@ ${value}`, dataLines++;
       const incompleteLine = pendingFragments.join("");
       parseLine(incompleteLine, 0, incompleteLine.length);
     }
-    isFirstChunk = !0, id = void 0, data = "", dataLines = 0, eventType = void 0, pendingFragments.length = 0;
+    isFirstChunk = !0, id = void 0, data = "", dataLines = 0, eventType = void 0, pendingFragments.length = 0, pendingFragmentsLength = 0, terminated = !1;
   }
   return { feed, reset };
 }

package/node_modules/eventsource-parser/dist/stream.cjs

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: !0 });
 var index = require("./index.cjs");
 class EventSourceParserStream extends TransformStream {
-  constructor({ onError, onRetry, onComment } = {}) {
+  constructor({ onError, onRetry, onComment, maxBufferSize } = {}) {
     let parser;
     super({
       start(controller) {
@@ -11,10 +11,11 @@ class EventSourceParserStream extends TransformStream {
             controller.enqueue(event);
           },
           onError(error) {
-            onError === "terminate" ? controller.error(error) : typeof onError == "function" && onError(error);
+            typeof onError == "function" && onError(error), (onError === "terminate" || error.type === "max-buffer-size-exceeded") && controller.error(error);
           },
           onRetry,
-          onComment
+          onComment,
+          maxBufferSize
         });
       },
       transform(chunk) {

package/node_modules/eventsource-parser/dist/stream.js

@@ -1,7 +1,7 @@
 import { createParser } from "./index.js";
 import { ParseError } from "./index.js";
 class EventSourceParserStream extends TransformStream {
-  constructor({ onError, onRetry, onComment } = {}) {
+  constructor({ onError, onRetry, onComment, maxBufferSize } = {}) {
     let parser;
     super({
       start(controller) {
@@ -10,10 +10,11 @@ class EventSourceParserStream extends TransformStream {
             controller.enqueue(event);
           },
           onError(error) {
-            onError === "terminate" ? controller.error(error) : typeof onError == "function" && onError(error);
+            typeof onError == "function" && onError(error), (onError === "terminate" || error.type === "max-buffer-size-exceeded") && controller.error(error);
           },
           onRetry,
-          onComment
+          onComment,
+          maxBufferSize
         });
       },
       transform(chunk) {

package/node_modules/eventsource-parser/package.json

@@ -1,6 +1,6 @@
 {
   "name": "eventsource-parser",
-  "version": "3.0.8",
+  "version": "3.1.0",
   "description": "Streaming, source-agnostic EventSource/Server-Sent Events parser",
   "keywords": [
     "eventsource",
@@ -63,21 +63,21 @@
     "test:node": "vitest --reporter=verbose"
   },
   "devDependencies": {
-    "@sanity/pkg-utils": "^10.4.15",
+    "@sanity/pkg-utils": "^10.4.18",
     "@sanity/semantic-release-preset": "^6.0.0",
     "@sanity/tsconfig": "^2.1.0",
     "@types/node": "^20.19.0",
-    "eventsource-encoder": "^1.0.1",
-    "knip": "^6.4.1",
+    "eventsource-encoder": "^1.0.2",
+    "knip": "^6.7.0",
     "mitata": "^1.0.34",
-    "oxfmt": "^0.45.0",
-    "oxlint": "^1.60.0",
+    "oxfmt": "^0.47.0",
+    "oxlint": "^1.62.0",
     "rimraf": "^6.1.3",
     "rollup-plugin-visualizer": "^6.0.3",
     "semantic-release": "^25.0.3",
-    "terser": "^5.46.1",
+    "terser": "^5.46.2",
     "typescript": "^5.9.3",
-    "vitest": "^4.1.4"
+    "vitest": "^4.1.5"
   },
   "browserslist": [
     "node >= 18",

package/node_modules/hasown/CHANGELOG.md

@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v2.0.4](https://github.com/inspect-js/hasOwn/compare/v2.0.3...v2.0.4) - 2026-05-28
+
+### Commits
+
+- [types] drop the dead key-narrowing overload [`fdab00e`](https://github.com/inspect-js/hasOwn/commit/fdab00e2703e65411424e19bf86a7e72a8f10da9)
+- [Dev Deps] update `@ljharb/eslint-config`, `auto-changelog`, `eslint` [`91f6247`](https://github.com/inspect-js/hasOwn/commit/91f624768dd0f7db0d019b89d4d86bd66e20ec30)
+
 ## [v2.0.3](https://github.com/inspect-js/hasOwn/compare/v2.0.2...v2.0.3) - 2026-04-17
 
 ### Commits

package/node_modules/hasown/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "hasown",
-	"version": "2.0.3",
+	"version": "2.0.4",
 	"description": "A robust, ES3 compatible, \"has own property\" predicate.",
 	"main": "index.js",
 	"exports": {
@@ -52,13 +52,12 @@
 	},
 	"devDependencies": {
 		"@arethetypeswrong/cli": "^0.18.2",
-		"@ljharb/eslint-config": "^22.2.2",
+		"@ljharb/eslint-config": "^22.2.3",
 		"@ljharb/tsconfig": "^0.3.2",
 		"@types/function-bind": "^1.1.10",
 		"@types/tape": "^5.8.1",
-		"auto-changelog": "^2.5.0",
-		"encoding": "^0.1.13",
-		"eslint": "^10.2.0",
+		"auto-changelog": "^2.5.1",
+		"eslint": "^10.4.0",
 		"evalmd": "^0.0.19",
 		"in-publish": "^2.0.1",
 		"jiti": "^0.0.0",

package/node_modules/protobufjs/dist/light/protobuf.js

@@ -1,6 +1,6 @@
 /*!
- * protobuf.js v7.6.1 (c) 2016, daniel wirtz
- * compiled fri, 22 may 2026 02:52:08 utc
+ * protobuf.js v7.6.2 (c) 2016, daniel wirtz
+ * compiled sat, 30 may 2026 21:57:57 utc
  * licensed under the bsd-3-clause license
  * see: https://github.com/dcodeio/protobuf.js for details
  */
@@ -1207,7 +1207,7 @@ function genValuePartial_fromObject(gen, field, fieldIndex, prop) {
             } gen
             ("}");
         } else gen
-            ("if(typeof d%s!==\"object\")", prop)
+            ("if(!util.isObject(d%s))", prop)
                 ("throw TypeError(%j)", field.fullName + ": object expected")
             ("m%s=types[%i].fromObject(d%s,n+1)", prop, fieldIndex, prop);
     } else {
@@ -1274,6 +1274,8 @@ converter.fromObject = function fromObject(mtype) {
     var gen = util.codegen(["d", "n"], mtype.name + "$fromObject")
     ("if(d instanceof this.ctor)")
         ("return d")
+    ("if(!util.isObject(d))")
+        ("throw TypeError(%j)", mtype.fullName + ": object expected")
     ("if(n===undefined)n=0")
     ("if(n>util.recursionLimit)")
         ("throw Error(\"maximum nesting depth exceeded\")");
@@ -1288,7 +1290,7 @@ converter.fromObject = function fromObject(mtype) {
         // Map fields
         if (field.map) { gen
     ("if(d%s){", prop)
-        ("if(typeof d%s!==\"object\")", prop)
+        ("if(!util.isObject(d%s))", prop)
             ("throw TypeError(%j)", field.fullName + ": object expected")
         ("m%s={}", prop)
         ("for(var ks=Object.keys(d%s),i=0;i<ks.length;++i){", prop);
@@ -5049,7 +5051,7 @@ Root._configure = function(Type_, parse_, common_) {
 
 },{"16":16,"17":17,"23":23,"25":25,"35":35}],29:[function(require,module,exports){
 "use strict";
-module.exports = {};
+module.exports = Object.create(null);
 
 /**
  * Named roots.