@visulima/vis 1.0.0-alpha.34 → 1.0.0-alpha.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +78 -0
- package/LICENSE.md +3244 -1611
- package/README.md +44 -0
- package/dashboard/dist/index.html +11 -11
- package/dist/bin.js +1 -1
- package/dist/binx.js +1 -1
- package/dist/config/index.d.ts +74 -2
- package/dist/config/index.js +1 -1
- package/dist/generate/index.js +1 -1
- package/dist/packem_chunks/bin.js +584 -588
- package/dist/packem_chunks/bloom-status.js +2 -2
- package/dist/packem_chunks/bloom-sync.js +2 -2
- package/dist/packem_chunks/cache-attestation.js +1 -1
- package/dist/packem_chunks/config.js +18 -16
- package/dist/packem_chunks/devtools.js +56 -57
- package/dist/packem_chunks/doctor-probe.js +2 -2
- package/dist/packem_chunks/fix.js +11 -11
- package/dist/packem_chunks/handler.js +1 -1
- package/dist/packem_chunks/handler10.js +1 -1
- package/dist/packem_chunks/handler11.js +5 -5
- package/dist/packem_chunks/handler12.js +1 -1
- package/dist/packem_chunks/handler13.js +7 -7
- package/dist/packem_chunks/handler14.js +4 -4
- package/dist/packem_chunks/handler15.js +1 -1
- package/dist/packem_chunks/handler16.js +1 -1
- package/dist/packem_chunks/handler17.js +1 -1
- package/dist/packem_chunks/handler18.js +1 -1
- package/dist/packem_chunks/handler19.js +1 -1
- package/dist/packem_chunks/handler2.js +3 -3
- package/dist/packem_chunks/handler20.js +5 -5
- package/dist/packem_chunks/handler21.js +2 -2
- package/dist/packem_chunks/handler22.js +2 -2
- package/dist/packem_chunks/handler23.js +1 -1
- package/dist/packem_chunks/handler24.js +1 -1
- package/dist/packem_chunks/handler25.js +1 -5
- package/dist/packem_chunks/handler26.js +5 -1
- package/dist/packem_chunks/handler27.js +1 -3
- package/dist/packem_chunks/handler28.js +3 -1
- package/dist/packem_chunks/handler29.js +1 -7
- package/dist/packem_chunks/handler3.js +4 -4
- package/dist/packem_chunks/handler30.js +6 -32
- package/dist/packem_chunks/handler31.js +33 -3
- package/dist/packem_chunks/handler32.js +3 -8
- package/dist/packem_chunks/handler33.js +8 -1
- package/dist/packem_chunks/handler34.js +4 -5
- package/dist/packem_chunks/handler35.js +1 -11
- package/dist/packem_chunks/handler36.js +5 -3
- package/dist/packem_chunks/handler37.js +11 -22
- package/dist/packem_chunks/handler38.js +3 -61
- package/dist/packem_chunks/handler39.js +22 -3
- package/dist/packem_chunks/handler4.js +6 -6
- package/dist/packem_chunks/handler40.js +61 -6
- package/dist/packem_chunks/handler41.js +3 -24
- package/dist/packem_chunks/handler42.js +6 -25
- package/dist/packem_chunks/handler43.js +24 -153
- package/dist/packem_chunks/handler44.js +25 -10
- package/dist/packem_chunks/handler45.js +152 -707
- package/dist/packem_chunks/handler46.js +10 -24
- package/dist/packem_chunks/handler47.js +24 -322
- package/dist/packem_chunks/handler48.js +322 -48
- package/dist/packem_chunks/handler49.js +708 -3
- package/dist/packem_chunks/handler5.js +7 -7
- package/dist/packem_chunks/handler50.js +48 -27
- package/dist/packem_chunks/handler51.js +21 -189
- package/dist/packem_chunks/handler52.js +3 -34
- package/dist/packem_chunks/handler53.js +200 -0
- package/dist/packem_chunks/handler54.js +38 -0
- package/dist/packem_chunks/handler6.js +1 -1
- package/dist/packem_chunks/handler7.js +1 -1
- package/dist/packem_chunks/handler8.js +1 -1
- package/dist/packem_chunks/handler9.js +1 -1
- package/dist/packem_chunks/heal-accept.js +7 -7
- package/dist/packem_chunks/heal.js +11 -11
- package/dist/packem_chunks/help-command.js +30 -7
- package/dist/packem_chunks/index.js +6 -6
- package/dist/packem_chunks/keys-refresh.js +4 -4
- package/dist/packem_chunks/list.js +2 -2
- package/dist/packem_chunks/loader.js +4 -4
- package/dist/packem_chunks/loader2.js +1 -1
- package/dist/packem_chunks/prune.js +3 -3
- package/dist/packem_chunks/run.js +1 -1
- package/dist/packem_chunks/status.js +2 -2
- package/dist/packem_chunks/sync.js +2 -2
- package/dist/packem_chunks/sync2.js +2 -2
- package/dist/packem_chunks/tar.js +3 -3
- package/dist/packem_chunks/tripwire.js +2 -2
- package/dist/packem_chunks/verify-lockfile.js +2 -2
- package/dist/packem_shared/CONFIG_FILES-BfaR0jKT.js +1 -0
- package/dist/packem_shared/MultiSpinner-B9U0-aE3-B-gIXhFk.js +3 -0
- package/dist/packem_shared/Table-CcVkyULl-B_ef6zfS.js +35 -0
- package/dist/packem_shared/_commonjsHelpers-B5Y90VFO.js +1 -0
- package/dist/packem_shared/advisories-DLeO5KMN.js +1 -0
- package/dist/packem_shared/affected-shas-cVnX8-zs.js +1 -0
- package/dist/packem_shared/ai-analysis-DT3bU-_M.js +68 -0
- package/dist/packem_shared/ai-fix-BkNqd5nP.js +43 -0
- package/dist/packem_shared/build-scripts-CCCi8U66.js +1 -0
- package/dist/packem_shared/cyclonedx-86-DbHtf.js +4 -0
- package/dist/packem_shared/definePlugin-DoUcoYSy.js +1 -0
- package/dist/packem_shared/dependency-scan-BDTH898x.js +1 -0
- package/dist/packem_shared/docker-tNrDU3oK.js +59 -0
- package/dist/packem_shared/failure-log-Dwqt6_Ga.js +2 -0
- package/dist/packem_shared/giget-DHY1sQZC.js +2 -0
- package/dist/packem_shared/glob-fqg4KepW-B7EjLRvw.js +1 -0
- package/dist/packem_shared/index-BDmTbWX1.js +19 -0
- package/dist/packem_shared/index-C0Vj3XF8.js +30 -0
- package/dist/packem_shared/index-CB4p298r.js +1 -0
- package/dist/packem_shared/index-DMefdF51.js +1 -0
- package/dist/packem_shared/license-t5KnNX6v.js +1 -0
- package/dist/packem_shared/lifecycle-4z9hHE5b.js +2 -0
- package/dist/packem_shared/lockfile-C8Q1_4KK.js +1 -0
- package/dist/packem_shared/manifests-Dj3pRKBT.js +1 -0
- package/dist/packem_shared/min-release-age-D1alDE3K.js +34 -0
- package/dist/packem_shared/missing-package-json-41VUWFBY.js +1 -0
- package/dist/packem_shared/native-config-sync-BKAZ0NIs.js +21 -0
- package/dist/packem_shared/osv-bloom-B03tUWf3.js +2 -0
- package/dist/packem_shared/otelPlugin-DmKDBaPo.js +1 -0
- package/dist/packem_shared/peer-warnings-BXAzXqY3.js +1 -0
- package/dist/packem_shared/pm-runner-pVihAfxV.js +1 -0
- package/dist/packem_shared/provenance-DMuEftgc.js +1 -0
- package/dist/packem_shared/registry-keys-Bf2zzlcZ.js +1 -0
- package/dist/packem_shared/resolve-explicit-jH0RKyMJ.js +5 -0
- package/dist/packem_shared/runtime-check-Stc9AI78.js +1 -0
- package/dist/packem_shared/s1ngularity-BkfgC6NO.js +1 -0
- package/dist/packem_shared/scan-progress-JBbd9QeT.js +2 -0
- package/dist/packem_shared/selectors-GCJIe342.js +3 -0
- package/dist/packem_shared/signatures-D1H6h6GH.js +2 -0
- package/dist/packem_shared/spinner-BXSl864p.js +1 -0
- package/dist/packem_shared/subtree-C7bZuiSQ.js +2 -0
- package/dist/packem_shared/symbols-DPTlrJ3B.js +1 -0
- package/dist/packem_shared/tabs-BqUepRaD.js +1 -0
- package/dist/packem_shared/toolchain-pR7AJ-tB.js +5 -0
- package/dist/packem_shared/typosquats-C8qg1neE.js +1 -0
- package/dist/packem_shared/use-measured-height-BBJ9intr.js +1 -0
- package/dist/packem_shared/utils-Cxree603.js +1 -0
- package/dist/packem_shared/verify-Du7xZ2BJ.js +1 -0
- package/dist/packem_shared/vis-update-app-CTwRkNgj.js +1 -0
- package/dist/packem_shared/watch-BvIwLG4N.js +1 -0
- package/dist/packem_shared/watch-loop-DWkvv2tK.js +11 -0
- package/index.d.ts +201 -201
- package/index.js +751 -567
- package/package.json +16 -16
- package/schemas/vis-config.schema.json +4 -0
- package/dist/packem_shared/Table-3pFgIUZ2-DABgc6rj.js +0 -12
- package/dist/packem_shared/_commonjsHelpers-CLblCigl.js +0 -1
- package/dist/packem_shared/advisories-CGKZo9Rx.js +0 -1
- package/dist/packem_shared/affected-shas-BdnlfiV1.js +0 -1
- package/dist/packem_shared/ai-analysis-3QD_RS6F.js +0 -68
- package/dist/packem_shared/ai-fix-TsjDQz_0.js +0 -43
- package/dist/packem_shared/applyDefaults-BogleaFi.js +0 -1
- package/dist/packem_shared/build-scripts-DE6U8jVq.js +0 -1
- package/dist/packem_shared/cyclonedx-zf9R2jCs.js +0 -4
- package/dist/packem_shared/definePlugin-CWm4Dv_t.js +0 -1
- package/dist/packem_shared/dependency-scan-B70azq4x.js +0 -1
- package/dist/packem_shared/docker-EJiTY0Sz.js +0 -60
- package/dist/packem_shared/failure-log-Dxafk3t4.js +0 -2
- package/dist/packem_shared/giget-CcEy_Elm.js +0 -2
- package/dist/packem_shared/glob-D_7bct6p-D8itOHsr.js +0 -1
- package/dist/packem_shared/index-BpbjpCNL.js +0 -1
- package/dist/packem_shared/index-DH-5hsrC.js +0 -1
- package/dist/packem_shared/index-di3jpyZS.js +0 -30
- package/dist/packem_shared/license-zZU7aavK.js +0 -1
- package/dist/packem_shared/lifecycle-DvVTL8nx.js +0 -2
- package/dist/packem_shared/lockfile-CedmXr44.js +0 -1
- package/dist/packem_shared/lockfile-Cu2BH6bl.js +0 -1
- package/dist/packem_shared/manifests-BzWpKW8F.js +0 -1
- package/dist/packem_shared/min-release-age-DKMW2N_v.js +0 -34
- package/dist/packem_shared/missing-package-json-DKAwoiWK.js +0 -1
- package/dist/packem_shared/native-config-sync-DBkJ-hsF.js +0 -21
- package/dist/packem_shared/osv-bloom-0Vu8YRhg.js +0 -2
- package/dist/packem_shared/otelPlugin-CJR2T_lk.js +0 -1
- package/dist/packem_shared/peer-warnings-EvSJ18gE.js +0 -1
- package/dist/packem_shared/pm-runner-DmKT2FqF.js +0 -1
- package/dist/packem_shared/provenance-Cu6VR1Hy.js +0 -1
- package/dist/packem_shared/readFileSync-DseCu8sg-DEq4Fn3a.js +0 -1
- package/dist/packem_shared/registry-keys-CuBAVdsk.js +0 -1
- package/dist/packem_shared/resolve-explicit-Xue0oq8V.js +0 -5
- package/dist/packem_shared/runtime-check-CilFOqUU.js +0 -1
- package/dist/packem_shared/s1ngularity-adnHbyTd.js +0 -1
- package/dist/packem_shared/scan-progress-lZdk5KJ-.js +0 -2
- package/dist/packem_shared/selectors-DkgYFzdq.js +0 -3
- package/dist/packem_shared/signatures-FGbYV5QE.js +0 -2
- package/dist/packem_shared/spinner-0acw5pd_.js +0 -1
- package/dist/packem_shared/spinners-f91Rbo99-Bjf3NcO0.js +0 -1
- package/dist/packem_shared/symbols-CQmER5MT.js +0 -1
- package/dist/packem_shared/tabs-zUSdR1HI.js +0 -1
- package/dist/packem_shared/toolchain-DoG6b_G_.js +0 -5
- package/dist/packem_shared/typosquats-acxQ7blw.js +0 -1
- package/dist/packem_shared/use-measured-height-DyCBfLtu.js +0 -1
- package/dist/packem_shared/utils-DrNg0XTR.js +0 -1
- package/dist/packem_shared/verify-BYzxSKWD.js +0 -1
- package/dist/packem_shared/vis-update-app-D0QyGneK.js +0 -1
- package/dist/packem_shared/watch-DEL0yol9.js +0 -1
- package/dist/packem_shared/watch-loop-jmQQl2Qe.js +0 -11
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
|
|
2
|
-
Settings that would sync to pnpm-workspace.yaml:`);for(const
|
|
3
|
-
`);const
|
|
4
|
-
`);for(const r of
|
|
1
|
+
import{createRequire as Y}from"node:module";import{w as A,d as G,p,P as H,e as J,R as V,i as S,a as K,V as Z,$ as T,k as a,h as Q,g,H as M,W as X,G as ee,j as te,B as oe,F as f}from"./bin.js";import"../packem_shared/index-BDmTbWX1.js";import{K as se,Z as re,W as ne}from"../packem_shared/ai-analysis-DT3bU-_M.js";import{w as ie}from"../packem_shared/pm-runner-pVihAfxV.js";import{U as ae,b as ce,u as N}from"../packem_shared/vis-update-app-CTwRkNgj.js";const de=Y(import.meta.url),ue=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process;const he=async({argument:E,logger:o,options:e,visConfig:i,workspaceRoot:C})=>{if(!C)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");const d=C;if(e.securityConfig){const t=ie(d);if(A(i??{},t.name),e.sync&&t.name==="pnpm"){const s=G(i??{});if(s.length>0){p.info(`
|
|
2
|
+
Settings that would sync to pnpm-workspace.yaml:`);for(const R of s)p.success(` ${R}`)}else p.info("No security settings to sync.")}else e.sync&&t.name!=="pnpm"&&(p.info(`--sync is only available for pnpm projects. Your project uses ${t.name}.`),p.info("vis enforces security settings at the vis layer for non-pnpm projects."));if(!e.security&&!E?.length)return}const{packageManager:U}=H(d),B=J(d),c=i?.update??{},y=V(d,U,{dev:e.dev,includeInternal:e["include-internal"],peer:e.peer,prod:e.prod});if(y.size===0){o.info("No catalogs found.");return}const h=e.target??c.target??"latest";if(!["latest","minor","patch"].includes(h))throw new Error(`Invalid target "${h}". Use: latest, minor, or patch.`);const D={exclude:[...f(e.exclude),...f(c.exclude)],ignore:f(c.ignore),include:[...f(e.include),...f(c.include),...E],includeLocked:!!e.includeLocked,includePrerelease:e.prerelease||c.prerelease||!1,security:e.security!==!1,target:h};let j=0;for(const t of y.values())j+=t.size;const $=!!process.stdout.isTTY&&!te;let l;const F=$?(t,s)=>{l?l.rerender(a.createElement(N,{current:t,total:s})):l=T(a.createElement(N,{current:t,total:s}),{interactive:!0,patchConsole:!1})}:(t,s)=>{o.info(`Checking ${String(t)}/${String(s)} dependencies...`)};$||o.info(`Checking ${String(j)} catalog dependencies against npm registry...
|
|
3
|
+
`);const w=new Set;S("socket")&&w.add("socket"),S("depsDev")&&w.add("deps-dev");const v=i?.security?.policies?.score?.minimum,I=K(i?.security,{disabled:w,minimumScore:v}),{failed:k,outdated:n}=await Z(y,D,B,F,d,I,i?.security?.acceptedRisks);if(l&&(l.clear(),l.unmount()),k.length>0&&o.warn(`Failed to fetch: ${k.join(", ")}`),n.length===0){o.info("All catalog dependencies are up to date.");return}const b=e.format??c.format??"table",P=se(e.aiType??"impact"),u=e.ai?await re(n,o,i?.ai,P):void 0;if($&&b==="table"){const t=new ae(n,u??null),s=i?.tui?.autoExit??!1,R=s===!0?3:typeof s=="number"?s:0;await T(a.createElement(ce,{autoExitSeconds:R,isDryRun:!0,store:t}),{alternateScreen:!0,exitOnCtrlC:!1,interactive:!0,patchConsole:!0}).waitUntilExit();const q=process.stdout.columns||80;process.stdout.write(`
|
|
4
|
+
`);for(const r of n){const z=r.vulnerabilities?.length||r.socketReport&&r.socketReport.alerts.length>0,_=!!r.acceptedRisk,L=z?_?"✓":"⚠":"✓",O=_?"gray":r.updateType==="major"?"red":r.updateType==="minor"?"yellow":"green",m=r.socketReport?.score.overall,W=m===void 0?"":` [${String(Math.round(m*100))}%]`,x=m===void 0?void 0:oe(m);process.stdout.write(`${Q(a.createElement(g,null," ",a.createElement(g,{color:O},L),` ${r.packageName} ${r.currentRange} → ${r.newRange}`,a.createElement(g,{dimColor:!0},` ${r.updateType}`),x?a.createElement(g,{color:x},W):null),{columns:q})}
|
|
5
5
|
`)}process.stdout.write(`
|
|
6
|
-
`),o.info(
|
|
7
|
-
`)}else b==="minimal"?process.stdout.write(`${
|
|
8
|
-
`):(
|
|
6
|
+
`),o.info(M(n,v))}else if(b==="json"){const t={failed:k,outdated:n};u&&(t.aiAnalysis=u),process.stdout.write(`${JSON.stringify(t,void 0,2)}
|
|
7
|
+
`)}else b==="minimal"?process.stdout.write(`${X(n)}
|
|
8
|
+
`):(ee(n,o),o.info(M(n,v)),u&&(o.info(""),o.info(ne(u))));e.exitCode&&n.length>0&&(process.exitCode=1)};export{he as default};
|
|
@@ -1,27 +1,48 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
export default defineConfig({
|
|
6
|
-
|
|
7
|
-
});
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
`)},
|
|
17
|
-
`)
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
1
|
+
import{createRequire as nt}from"node:module";import{I as Pe,s as D,E as M,q as We,V as G,j as ot}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{m as B,f as O,v as K,I as J,A as rt,T as it}from"../packem_shared/index-BDmTbWX1.js";import{aY as at,P as ct,bb as lt,bc as ut,bd as dt,be as pt,u as ve,b1 as ft,j as ie,i as ue,e as gt,R as mt,a as ht,V as $t,bf as yt,bg as qe,$ as be,k as _,h as de,g as q,H as He,bh as wt,F as P,B as kt,bi as vt,bj as bt,W as Rt,G as xt}from"./bin.js";import{K as Ct,Z as Et,W as Re}from"../packem_shared/ai-analysis-DT3bU-_M.js";import{v as Tt,s as ee,I as jt,a as Le}from"../packem_shared/pm-runner-pVihAfxV.js";import{r as It,a as Nt,p as Dt}from"../packem_shared/resolve-explicit-jH0RKyMJ.js";import{r as Ot,s as Ut}from"../packem_shared/typosquats-C8qg1neE.js";import{U as Vt,b as Bt,u as xe}from"../packem_shared/vis-update-app-CTwRkNgj.js";import{h as Fe,P as ze}from"../packem_shared/peer-warnings-BXAzXqY3.js";import{f as _t}from"../packem_shared/utils-Cxree603.js";import{r as Mt,q as Pt}from"../packem_shared/advisories-DLeO5KMN.js";const st=nt(import.meta.url),X=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,_e=e=>{if(typeof X<"u"&&X.versions&&X.versions.node){const[n,t]=X.versions.node.split(".").map(Number);if(n>22||n===22&&t>=3||n===20&&t>=16)return X.getBuiltinModule(e)}return st(e)},{createInterface:Me}=_e("node:readline"),{existsSync:At,realpathSync:St}=_e("node:fs"),Wt=e=>{const n=[];for(const t of e.filters)n.push("--filter",t);return e.workspaceRoot&&n.push("--filter","."),n.push("update"),e.latest&&n.push("--latest"),e.recursive&&n.push("--recursive"),e.interactive&&n.push("--interactive"),e.dev&&n.push("--dev"),e.prod&&n.push("--prod"),e.noOptional&&n.push("--no-optional"),e.noSave&&n.push("--no-save"),n.push(...e.packages),{args:n,bin:"pnpm"}},qt=e=>{const n=[];return e.filters.length>0&&n.push("workspace",e.filters[0]),n.push("upgrade"),e.latest&&n.push("--latest"),n.push(...e.packages),{args:n,bin:"yarn"}},Ht=e=>{const n=[];if(e.filters.length>0||e.recursive){n.push("workspaces","foreach","--all");for(const t of e.filters)n.push("--include",t)}return n.push("up"),e.interactive&&n.push("--interactive"),n.push(...e.packages),{args:n,bin:"yarn"}},Lt=(e,n)=>{const t=["update"];e.latest&&n.push("npm does not support --latest flag. Packages will be updated within their semver range."),e.interactive&&n.push("npm does not support --interactive mode.");for(const s of e.filters)t.push("--workspace",s);return e.recursive&&t.push("--workspaces"),e.workspaceRoot&&t.push("--include-workspace-root"),e.dev&&t.push("--dev"),e.prod&&t.push("--production"),e.noOptional&&t.push("--no-optional"),e.noSave&&t.push("--no-save"),t.push(...e.packages),{args:t,bin:"npm"}},Ft=e=>{const n=["update"];e.latest&&n.push("--latest");for(const t of e.filters)n.push("--filter",t);return n.push(...e.packages),{args:n,bin:"bun"}},zt=(e,n)=>{const t=["outdated","--update"];return e.latest&&t.push("--latest"),e.interactive&&t.push("--interactive"),e.filters.length>0&&n.push("deno outdated has no --filter flag; ignoring."),(e.dev||e.prod)&&n.push("deno outdated has no --dev / --prod flags; dev/prod is governed by deno.json."),e.noOptional&&n.push("deno outdated has no --no-optional flag; ignoring."),e.noSave&&n.push("deno outdated has no --no-save flag; ignoring."),t.push(...e.packages),{args:t,bin:"deno"}},Gt=(e,n,t)=>{const s=[];if(t.global&&e!=="aube"&&e!=="deno")return{command:{args:["update","--global",...t.packages],bin:"npm"},warnings:s};let r;switch(e){case"aube":{const o=Tt(t);r={args:o.args,bin:o.bin},s.push(...o.warnings);break}case"bun":{r=Ft(t);break}case"deno":{r=zt(t,s);break}case"npm":{r=Lt(t,s);break}case"pnpm":{r=Wt(t);break}case"yarn":{r=n.startsWith("1.")?qt(t):Ht(t);break}default:{const o=e;throw new Error(`Unsupported package manager: ${String(o)}`)}}return{command:r,warnings:s}},Ge=e=>{const n=e.indexOf("@");return n<=0?e:e.slice(0,n)},Kt=e=>{switch(e){case"docker":case"docker-compose":return"docker";case"github-actions":return"actions";case"gitlab-ci":return"gitlab";default:return}},Jt=(e,n)=>{const t=[".github/dependabot.yml",".github/dependabot.yaml"];for(const s of t){const r=B(e,s);if(!O(r))continue;let o;try{o=at(K(r))}catch{continue}if(o?.updates){for(const i of o.updates){const a=Kt(i["package-ecosystem"]);if(!(!a||!Array.isArray(i.ignore)))for(const d of i.ignore){const l=d["dependency-name"];typeof l=="string"&&l.length>0&&n[a].add(Ge(l))}}return}}},Yt=Object.freeze({"docker-compose":"docker",dockerfile:"docker","github-actions":"actions",gitlabci:"gitlab","gitlabci-include":"gitlab"}),Zt=Object.freeze({docker:"docker","github-tags":"actions"}),pe=(e,n)=>{if(n)for(const t of n)typeof t=="string"&&t.length>0&&e.add(Ge(t))},Xt=e=>{let n="",t=0;const{length:s}=e;let r=!1,o="";for(;t<s;){const i=e[t]??"";if(r){if(n+=i,i==="\\"&&t+1<s){n+=e[t+1]??"",t+=2;continue}i===o&&(r=!1),t+=1;continue}if(i==='"'||i==="'"){r=!0,o=i,n+=i,t+=1;continue}if(i==="/"&&e[t+1]==="/"){for(;t<s&&e[t]!==`
|
|
2
|
+
`;)t+=1;continue}if(i==="/"&&e[t+1]==="*"){for(t+=2;t<s&&!(e[t]==="*"&&e[t+1]==="/");)t+=1;t+=2;continue}if(i===","){let a=t+1;for(;a<s&&/\s/.test(e[a]??"");)a+=1;const d=e[a];if(d==="}"||d==="]"){t+=1;continue}}n+=i,t+=1}return n},Qt=(e,n)=>{const t=["renovate.json","renovate.json5",".renovaterc",".renovaterc.json"];for(const s of t){const r=B(e,s);if(!O(r))continue;let o;try{const a=K(r);o=JSON.parse(Xt(a))}catch{continue}if(!o)continue;if(Array.isArray(o.ignoreDeps))for(const a of["actions","docker","gitlab"])pe(n[a],o.ignoreDeps);const i=[["github-actions","actions"],["dockerfile","docker"],["docker-compose","docker"],["gitlabci","gitlab"],["gitlabci-include","gitlab"]];for(const[a,d]of i){const l=o[a];pe(n[d],l?.ignoreDeps)}if(!Array.isArray(o.packageRules))return;for(const a of o.packageRules){if(a.enabled!==!1)continue;const d=new Set;for(const c of a.matchManagers??[]){const f=Yt[c];f&&d.add(f)}for(const c of a.matchDatasources??[]){const f=Zt[c];f&&d.add(f)}d.size===0&&(d.add("actions"),d.add("docker"),d.add("gitlab"));const l=[...a.matchPackageNames??[],...a.matchDepNames??[],...a.matchPackagePatterns??[]];for(const c of d)pe(n[c],l)}return}},en=e=>{const n={actions:new Set,docker:new Set,gitlab:new Set};return Jt(e,n),Qt(e,n),n},me=(e,n,t)=>{const s=t[n];if(s.size===0)return!1;if(s.has(e))return!0;for(const r of s)if(/[*?[\]/.+]/.test(r))try{const o=r.replaceAll(/[.+^${}()|]/g,String.raw`\$&`).replaceAll("*",".*").replaceAll("?",".");if(new RegExp(`^${o}$`).test(e))return!0}catch{}return!1},H=e=>{const n=e.trim();if(n==="")return;const t=n.startsWith("v")||n.startsWith("V")?n.slice(1):n,s=(ee.valid(t)?ee.parse(t):void 0)??ee.coerce(t,{includePrerelease:!0});if(s)return{major:s.major,minor:s.minor,normalized:`${String(s.major)}.${String(s.minor)}.${String(s.patch)}${s.prerelease.length>0?`-${s.prerelease.join(".")}`:""}`,patch:s.patch,prerelease:s.prerelease.length>0,raw:n}},tn=(e,n)=>ee.rcompare(e.normalized,n.normalized),he=(e,n,t,s)=>{if(!n&&t!=="latest")return;const r=e.filter(o=>o.prerelease?!1:n?t==="patch"&&(o.major!==n.major||o.minor!==n.minor)||t==="minor"&&o.major!==n.major?!1:ee.gt(o.normalized,n.normalized):!0);if(r.length!==0)return r.toSorted(tn)[0]},$e=(e,n)=>!e||!n?"unknown":n.major!==e.major?"major":n.minor!==e.minor?"minor":n.patch!==e.patch?"patch":"unknown",nn="GitHub Actions",Ae=(e,n)=>`${e}@${n}`,sn=e=>({fixedVersions:e.fixedVersions,id:e.id,severity:e.severity,summary:e.summary}),on=(e,n)=>{if(n.length===0)return n;const t=Mt(e);if(!At(t))return n;const s=new Map;for(const o of n){const i=o.currentVersion??o.currentRef;i&&s.set(Ae(o.name,i),{name:o.name,version:i})}if(s.size===0)return n;const r=new Map;try{for(const[o,i]of s){const a=Pt([i],{ecosystem:nn,workspaceRoot:e}).get(i.name);a&&a.length>0&&r.set(o,a)}}catch{return n}return r.size===0?n:n.map(o=>{const i=o.currentVersion??o.currentRef;if(!i)return o;const a=r.get(Ae(o.name,i));return a?{...o,advisories:a.map(d=>sn(d))}:o})},Ke=e=>{if(!e)return{};const n={};for(const t of e.split(",")){const s=/^\s*<([^>]+)>\s*;\s*(.+)$/.exec(t);if(!s)continue;const r=s[1]??"",o=s[2]??"";switch(/rel\s*=\s*"?([^";\s]+)"?/i.exec(o)?.[1]?.toLowerCase()){case"first":{n.first=r;break}case"last":{n.last=r;break}case"next":{n.next=r;break}case"prev":case"previous":{n.previous=r;break}}}return n};class rn{token;apiBase;fetchImpl;tagsCache=new Map;commitCache=new Map;constructor(n){this.token=n.token??process.env.GITHUB_TOKEN??process.env.GH_TOKEN,this.apiBase=n.apiBase??"https://api.github.com",this.fetchImpl=n.fetch??fetch}async listTags(n,t){const s=`${n}/${t}`,r=this.tagsCache.get(s);if(r)return r;const o=this.fetchTags(n,t);return this.tagsCache.set(s,o),o}async resolveRef(n,t,s){const r=`${n}/${t}@${s}`,o=this.commitCache.get(r);if(o)return o;const i=this.fetchCommit(n,t,s);return this.commitCache.set(r,i),i}buildHeaders(){const n={Accept:"application/vnd.github+json","User-Agent":"vis-update-actions","X-GitHub-Api-Version":"2022-11-28"};return this.token&&(n.Authorization=`Bearer ${this.token}`),n}async fetchTags(n,t){const s=`${this.apiBase}/repos/${encodeURIComponent(n)}/${encodeURIComponent(t)}/tags?per_page=100`,r={parsed:[],tags:[]},o=[];let i=s,a=0;for(;i&&a<5;){const l=i;let c;try{c=await this.fetchImpl(l,{headers:this.buildHeaders()})}catch{return r}if(!c.ok)return r;let f;try{f=await c.json()}catch{return r}if(!Array.isArray(f))return r;for(const g of f){const m=typeof g.name=="string"?g.name:"",h=typeof g.commit?.sha=="string"?g.commit.sha:"";m!==""&&h!==""&&o.push({name:m,sha:h})}i=Ke(c.headers.get("link")).next,a+=1}const d=[];for(const l of o){const c=H(l.name);c&&d.push({...c,sha:l.sha})}return{parsed:d,tags:o}}async fetchCommit(n,t,s){const r=`${this.apiBase}/repos/${encodeURIComponent(n)}/${encodeURIComponent(t)}/commits/${encodeURIComponent(s)}`;try{const o=await this.fetchImpl(r,{headers:this.buildHeaders()});if(!o.ok)return;const i=await o.json();return typeof i.sha!="string"?void 0:{committedAt:i.commit?.committer?.date,sha:i.sha}}catch{return}}}const an=".github/workflows",cn=".github/actions",ln=/^\s*-?\s*uses:\s*(['"]?)([^'"\s#]+)\1(?:\s*#\s*(.+))?\s*$/,un=/^[a-f0-9]{40}$/i,dn=/actions-up-ignore-next-line(?::\s*(.+))?/i,pn=/actions-up-ignore-start/i,fn=/actions-up-ignore-end/i,gn=e=>{const n=e.split("/");if(n.length<2)return;const[t,s,...r]=n;if(!(!t||!s))return{owner:t,repo:s,subpath:r.length>0?r.join("/"):void 0}},mn=(e,n)=>{const t=n.split(/\r?\n/),s=[];let r,o=!1;for(const[i,a]of t.entries()){const d=a??"";if(pn.test(d)&&(o=!0),fn.test(d)){o=!1;continue}const l=d.trim(),c=l===""||l.startsWith("#")?dn.exec(d):void 0;if(c){r=c[1]??"actions-up-ignore-next-line";continue}const f=ln.exec(d);if(!f){r=void 0;continue}const g=f[1]??"",m=g==="'"||g==='"'?g:"",h=f[2]??"",x=f[3]?.trim();if(h.startsWith("./")||h.startsWith("../")||h.startsWith("docker://")){r=void 0;continue}const b=h.lastIndexOf("@");if(b<=0){r=void 0;continue}const w=h.slice(0,b),k=h.slice(b+1),v=gn(w);if(!v){r=void 0;continue}let p=r??(o?"actions-up-ignore-block":void 0);if(x){const $=/^actions-up-ignore(?:-next-line)?(?::\s*(.+))?(?:\s|$)/i.exec(x);$&&(p=p??$[1]??"actions-up-ignore")}r=void 0,s.push({file:e,ignoreReason:p,isSha:un.test(k),line:i+1,original:`${m}${h}${m}`,owner:v.owner,quote:m,ref:k,repo:v.repo,slug:w,subpath:v.subpath,trailingComment:x&&!p?x:void 0})}return s},Se=e=>e.endsWith(".yml")||e.endsWith(".yaml"),hn=(e,n=[])=>{const t=[],s=new Set,r=a=>{if(s.has(a))return;s.add(a);let d;try{d=K(a)}catch{return}const l=mn(a,d);t.push(...l)},o=B(e,an);if(O(o))for(const a of J(o,{includeDirs:!1,includeSymlinks:!1,maxDepth:1}))Se(a.name)&&r(a.path);const i=B(e,cn);if(O(i))for(const a of J(i,{includeDirs:!1,includeSymlinks:!1,maxDepth:3}))(a.name==="action.yml"||a.name==="action.yaml")&&r(a.path);for(const a of["action.yml","action.yaml"]){const d=B(e,a);O(d)&&r(d)}for(const a of n){const d=rt(a)?a:B(e,a);if(O(d))for(const l of J(d,{includeDirs:!1,includeSymlinks:!1}))Se(l.name)&&r(l.path)}return t},$n=40,yn=1440*60*1e3,wn=new Set(["develop","edge","main","master","stable","trunk"]),kn=e=>e.length===$n&&/^[a-f0-9]{40}$/i.test(e)?!1:wn.has(e.toLowerCase())?!0:H(e)===void 0,Ce=(e,n)=>{for(const t of n)try{if(new RegExp(t).test(e))return!0}catch{if(e.includes(t))return!0}return!1},vn=(e,n,t,s)=>{const r=s==="sha"||e.isSha,{quote:o}=e;return r?`${o}${e.slug}@${n}${o} # ${t}`:`${o}${e.slug}@${t}${o}`},bn=async(e,n)=>{const{ignoreRules:t,options:s,references:r,resolverOptions:o}=n,i=[],a=[],d=[];if(r.length===0)return{failed:d,ignored:a,updates:i};const l=new rn({apiBase:o?.apiBase,fetch:o?.fetch,token:s.githubToken??o?.token}),c=new Map;for(const w of r){const k=`${w.owner}/${w.repo}`,v=c.get(k)??[];v.push(w),c.set(k,v)}const f=Math.max(1,s.maxConcurrentRequests),g=[...c.keys()];let m=0;const h=async w=>{const k=c.get(w)??[],[v,p]=w.split("/");if(!v||!p)return;let $;try{$=await l.listTags(v,p)}catch{for(const u of k)d.push({file:u.file,reason:`failed to list tags for ${w}`});return}for(const u of k){const A=u.slug;let y;if(u.ignoreReason?y=u.ignoreReason:Ce(A,s.exclude)?y="matched --exclude":s.include.length>0&&!Ce(A,s.include)?y="not matched by --include":s.respectDependabotConfig&&t&&me(A,"actions",t)&&(y="ignored by dependabot/renovate config"),y){a.push({currentRef:u.ref,currentVersion:u.isSha?u.trailingComment?.replace(/^#\s*/,""):u.ref,ecosystem:"actions",file:u.file,ignored:!0,line:u.line,name:A,newRef:u.ref,newVersion:void 0,original:u.original,reason:y,replacement:u.original,updateType:"unknown"});continue}if(!s.includeBranches&&!u.isSha&&kn(u.ref)){a.push({currentRef:u.ref,currentVersion:u.ref,ecosystem:"actions",file:u.file,ignored:!0,line:u.line,name:A,newRef:u.ref,newVersion:void 0,original:u.original,reason:"branch reference (use --include-branches)",replacement:u.original,updateType:"unknown"});continue}const T=u.isSha?u.trailingComment?.replace(/^#\s*/,"").split(/\s+/)[0]??"":u.ref,R=H(T);if(u.isSha&&!R&&s.mode!=="latest"){a.push({currentRef:u.ref,currentVersion:void 0,ecosystem:"actions",file:u.file,ignored:!0,line:u.line,name:A,newRef:u.ref,newVersion:void 0,original:u.original,reason:`SHA pin has no version-hint comment; cannot apply --target=${s.mode}`,replacement:u.original,updateType:"unknown"});continue}const C=he($.parsed,R,s.mode);if(!C)continue;if(s.minAgeDays!==void 0){const j=await l.resolveRef(v,p,C.sha),L=j?.committedAt?new Date(j.committedAt).getTime():void 0;if(L&&(Date.now()-L)/yn<s.minAgeDays){a.push({currentRef:u.ref,currentVersion:R?.raw,ecosystem:"actions",file:u.file,ignored:!0,line:u.line,name:A,newRef:u.ref,newVersion:C.raw,original:u.original,reason:`release younger than ${String(s.minAgeDays)} days`,replacement:u.original,updateType:"unknown"});continue}}const E=s.style==="sha"||u.isSha?C.sha:C.raw,U=vn(u,C.sha,C.raw,s.style);i.push({currentRef:u.ref,currentVersion:R?.raw??u.trailingComment?.replace(/^#\s*/,""),ecosystem:"actions",file:u.file,line:u.line,name:A,newRef:E,newVersion:C.raw,original:u.original,replacement:U,updateType:$e(R,C),url:`https://github.com/${v}/${p}/releases/tag/${C.raw}`})}},x=[];for(let w=0;w<Math.min(f,g.length);w++)x.push((async()=>{for(;m<g.length;){const k=g[m];m+=1,k!==void 0&&await h(k)}})());await Promise.all(x);const b=on(e,i);return{failed:d,ignored:a,updates:b}},Rn=e=>e.toSorted((n,t)=>n.file!==t.file?n.file<t.file?-1:1:n.line-t.line),xn=e=>{const n=[],t=[];if(e.length===0)return{applied:n,skipped:t};const s=Rn(e),r=new Map;for(const o of s){const i=r.get(o.file)??[];i.push(o),r.set(o.file,i)}for(const[o,i]of r){let a;try{a=K(o)}catch(g){for(const m of i)t.push({reason:`read failed: ${g.message}`,update:m});continue}const d=a.includes(`\r
|
|
3
|
+
`)?`\r
|
|
4
|
+
`:`
|
|
5
|
+
`,l=a.split(/\r?\n/),c=[];for(const g of i){const m=g.line-1,h=l[m];if(h===void 0){t.push({reason:`line ${String(g.line)} out of range`,update:g});continue}const x=h.indexOf(g.original);if(x===-1){t.push({reason:"original token not found on expected line",update:g});continue}const b=h.slice(0,x),w=h.slice(x+g.original.length),k=/#\s*v?\d/.test(g.replacement)&&/^\s*#\s*v?\d[\w.+-]*\s*$/i.test(w)?"":w;l[m]=`${b}${g.replacement}${k}`,c.push(g)}if(c.length===0)continue;const f=l.join(d);try{it(o,f),n.push(...c)}catch(g){for(const m of c)t.push({reason:`write failed: ${g.message}`,update:m})}}return{applied:n,skipped:t}};class An{tokens;fetchImpl;tagCache=new Map;constructor(n={}){this.tokens=n.tokens??{},this.fetchImpl=n.fetch??fetch}async listTags(n,t,s){const r=`${n}/${t}/${s}`,o=this.tagCache.get(r);if(o)return o;const i=n==="docker.io"?this.listDockerHubTags(t,s):this.listV2Tags(n,t,s);return this.tagCache.set(r,i),i}async listDockerHubTags(n,t){const s={parsed:[],raw:[]},r=[],o=new Map;let i=`https://hub.docker.com/v2/repositories/${encodeURIComponent(n)}/${encodeURIComponent(t)}/tags?page_size=100`,a=0;for(;i&&a<5;){try{const d=await this.fetchImpl(i,{headers:{Accept:"application/json"}});if(!d.ok)break;const l=await d.json();if(Array.isArray(l.results)){for(const c of l.results)if(typeof c.name=="string"&&(r.push(c.name),typeof c.last_updated=="string")){const f=Date.parse(c.last_updated);Number.isNaN(f)||o.set(c.name,f)}}i=typeof l.next=="string"?l.next:void 0}catch{break}a+=1}return r.length===0?s:{parsed:r.map(d=>{const l=H(d);if(l)return{...l,lastUpdated:o.get(d)}}).filter(d=>d!==void 0),raw:r}}async listV2Tags(n,t,s){const r={parsed:[],raw:[]},o=t==="library"?s:`${t}/${s}`,i={Accept:"application/json"},a=this.tokens[n]??process.env[`DOCKER_REGISTRY_TOKEN_${n.toUpperCase().replaceAll(/[^A-Z0-9]/g,"_")}`];a&&(i.Authorization=`Bearer ${a}`);const d=`https://${n}`,l=[];let c=`${d}/v2/${o}/tags/list?n=100`,f=i,g=0;const m=()=>{const h=[];for(const x of l){const b=H(x);b&&h.push({...b,lastUpdated:void 0})}return{parsed:h,raw:l}};for(;c&&g<5;){try{let h=await this.fetchImpl(c,{headers:f});if(h.status===401&&f===i){const w=Cn(h.headers.get("www-authenticate"));if(w){const k=await this.fetchBearerToken(w);k&&(f={...i,Authorization:`Bearer ${k}`},h=await this.fetchImpl(c,{headers:f}))}}if(!h.ok)return g===0?r:m();const x=await h.json();if(!Array.isArray(x.tags))return g===0?r:m();for(const w of x.tags)typeof w=="string"&&l.push(w);const b=Ke(h.headers.get("link"));c=b.next?new URL(b.next,d).toString():void 0}catch{return g===0?r:m()}g+=1}return l.length===0?r:m()}async fetchBearerToken(n){const t=new URLSearchParams({scope:n.scope,service:n.service}),s=`${n.realm}?${t.toString()}`;try{const r=await this.fetchImpl(s,{headers:{Accept:"application/json"}});if(!r.ok)return;const o=await r.json();return o.token??o.access_token}catch{return}}}const Sn=e=>{const n=[];let t=0;const{length:s}=e;for(;t<s;){for(;t<s&&/\s/.test(e[t]??"");)t+=1;const r=t;for(;t<s&&e[t]!=="="&&e[t]!==",";)t+=1;const o=e.slice(r,t).trim();if(e[t]!=="="){for(;t<s&&e[t]!==",";)t+=1;t+=1;continue}t+=1;let i="";if(e[t]==='"'){for(t+=1;t<s&&e[t]!=='"';){if(e[t]==="\\"&&t+1<s){i+=e[t+1]??"",t+=2;continue}i+=e[t]??"",t+=1}t+=1}else{for(;t<s&&e[t]!==",";)i+=e[t]??"",t+=1;i=i.trim()}for(o.length>0&&n.push({key:o,value:i});t<s&&(/\s/.test(e[t]??"")||e[t]===",");)t+=1}return n},Cn=e=>{if(!e)return;const n=/^Bearer\s+(.*)$/i.exec(e);if(!n)return;const t=new Map;for(const{key:o,value:i}of Sn(n[1]??""))t.set(o.toLowerCase(),i);const s=t.get("realm"),r=t.get("service");if(s)return{realm:s,scope:t.get("scope")??"",service:r??""}},En="docker.io",Tn="sha256:",oe=e=>{const n=e.trim();if(n===""||n.startsWith("$")||n.includes("${")||n.includes("$("))return;let t=n,s;const r=t.indexOf(`@${Tn}`);r!==-1&&(s=t.slice(r+1),t=t.slice(0,r));let o=En,i=t;const a=t.indexOf("/");if(a>0){const h=t.slice(0,a);(h==="localhost"||h.includes(".")||h.includes(":"))&&(o=h,i=t.slice(a+1))}let d="latest",l=i;const c=i.lastIndexOf(":");c!==-1&&!i.slice(c).includes("/")&&(d=i.slice(c+1),l=i.slice(0,c));let f="library",g=l;const m=l.indexOf("/");if(m!==-1&&(f=l.slice(0,m),g=l.slice(m+1)),g!=="")return{digest:s,name:g,namespace:f,original:n,registry:o,tag:d}},re=/vis-update-ignore-next-line/i,Je=/vis-update-ignore(?:\s|$|:)/i,Ye=e=>{const n=e.trim();return n===""||n.startsWith("#")},jn=/^\s*FROM\s+(?:--\S+\s+)*([^\s#]+)(?:\s[^#]*)?(#.*)?$/i,In=(e,n)=>{const t=n.split(/\r?\n/),s=[];let r=!1;for(const[o,i]of t.entries()){if(re.test(i)&&Ye(i)){r=!0;continue}const a=jn.exec(i);if(!a){i.trim()!==""&&!i.trim().startsWith("#")&&(r=!1);continue}const d=a[1]??"";if(d==="scratch"){r=!1;continue}const l=a[2]?.trim();let c=r?"vis-update-ignore-next-line":void 0;l&&re.test(l)?c=c??"vis-update-ignore-next-line":l&&Je.test(l)&&(c=c??"vis-update-ignore");const f=oe(d);r=!1,f&&s.push({...f,file:e,ignoreReason:c,kind:"dockerfile",line:o+1})}return s},Nn=/^\s*image:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,Dn=(e,n)=>{const t=n.split(/\r?\n/),s=[];let r=!1;for(const[o,i]of t.entries()){if(re.test(i)&&Ye(i)){r=!0;continue}const a=Nn.exec(i);if(!a){i.trim()!==""&&!i.trim().startsWith("#")&&(r=!1);continue}const d=a[2]??"",l=a[3]?.trim();let c=r?"vis-update-ignore-next-line":void 0;l&&re.test(l)?c=c??"vis-update-ignore-next-line":l&&Je.test(l)&&(c=c??"vis-update-ignore");const f=oe(d);r=!1,f&&s.push({...f,file:e,ignoreReason:c,kind:"compose",line:o+1})}return s},Ee=e=>{const n=e.toLowerCase();return n==="dockerfile"||n.startsWith("dockerfile.")?!0:n.endsWith(".dockerfile")},On=e=>{const n=e.toLowerCase();return/^(?:docker-)?compose(?:\..+)?\.ya?ml$/.test(n)},Un=new Set([".cache",".git",".nx",".pnpm-store",".turbo","build","dist","node_modules"]),Vn=/(?:^|\/)(?:\.git|node_modules|\.pnpm-store|\.turbo|\.nx|dist|build|\.cache)(?:\/|$)/,Bn=e=>{const n=[];if(!O(e))return n;const t=new Set,s=(r,o)=>{let i;try{i=St.native(r)}catch{i=r}if(t.has(i))return;t.add(i);let a;try{a=K(r)}catch{return}n.push(...o==="dockerfile"?In(r,a):Dn(r,a))};for(const r of J(e,{includeDirs:!1,includeSymlinks:!1,skip:[Vn]})){const{name:o}=r;Un.has(o)||(Ee(o)?s(r.path,"dockerfile"):On(o)&&s(r.path,"compose"))}for(const r of["Dockerfile","dockerfile","compose.yml","compose.yaml","docker-compose.yml","docker-compose.yaml"]){const o=B(e,r);O(o)&&s(o,Ee(r)?"dockerfile":"compose")}return n},_n=864e5,Te=(e,n)=>{for(const t of n)try{if(new RegExp(t).test(e))return!0}catch{if(e.includes(t))return!0}return!1},je=e=>{const n=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return e.registry==="docker.io"?n:`${e.registry}/${n}`},Mn=e=>e.digest!==void 0&&e.digest.length>0,Pn=e=>{if(e.registry==="docker.io")return`https://hub.docker.com/${e.namespace==="library"?`_/${e.name}`:`r/${e.namespace}/${e.name}`}/tags`;const n=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return`https://${e.registry}/${n}`},Wn=(e,n)=>{const t=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return`${e.registry==="docker.io"?t:`${e.registry}/${t}`}:${n}`},Ze=async(e,n)=>{const{ignoreRules:t,options:s,references:r,registryOptions:o}=n,i=[],a=[],d=[];if(r.length===0)return{failed:d,ignored:a,updates:i};const l=new An({fetch:o?.fetch,tokens:o?.tokens}),c=new Map;for(const b of r){const w=`${b.registry}|${b.namespace}|${b.name}`,k=c.get(w)??[];k.push(b),c.set(w,k)}const f=Math.max(1,s.maxConcurrentRequests),g=[...c.keys()];let m=0;const h=async b=>{const w=c.get(b)??[],k=w[0];if(!k)return;let v;try{v=await l.listTags(k.registry,k.namespace,k.name)}catch{for(const p of w)d.push({file:p.file,reason:`failed to list tags for ${je(p)}`});return}for(const p of w){const $=je(p);let u;if(p.ignoreReason?u=p.ignoreReason:Te($,s.exclude)?u="matched --exclude":s.include.length>0&&!Te($,s.include)?u="not matched by --include":s.respectDependabotConfig&&t&&me($,"docker",t)&&(u="ignored by dependabot/renovate config"),u){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:$,newRef:p.tag,newVersion:void 0,original:p.original,reason:u,replacement:p.original,updateType:"unknown"});continue}if(Mn(p)){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:$,newRef:p.tag,newVersion:void 0,original:p.original,reason:"digest-pinned image (refresh the pin manually to update)",replacement:p.original,updateType:"digest"});continue}const A=H(p.tag);if(!A&&!s.includeBranches){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:$,newRef:p.tag,newVersion:void 0,original:p.original,reason:"non-semver tag (use --include-branches)",replacement:p.original,updateType:"unknown"});continue}if(!A&&s.mode!=="latest"){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:$,newRef:p.tag,newVersion:void 0,original:p.original,reason:`branch ref has no version baseline for --target=${s.mode}`,replacement:p.original,updateType:"unknown"});continue}const y=he(v.parsed,A,s.mode);if(!y)continue;if(s.minAgeDays!==void 0&&y.lastUpdated!==void 0&&(Date.now()-y.lastUpdated)/_n<s.minAgeDays){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:$,newRef:y.raw,newVersion:y.raw,original:p.original,reason:`release younger than ${String(s.minAgeDays)} days`,replacement:p.original,updateType:"unknown"});continue}const T=y.raw,R=Wn(p,T);i.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,line:p.line,name:$,newRef:T,newVersion:T,original:p.original,replacement:R,updateType:$e(A,y),url:Pn(p)})}},x=[];for(let b=0;b<Math.min(f,g.length);b++)x.push((async()=>{for(;m<g.length;){const w=g[m];m+=1,w!==void 0&&await h(w)}})());return await Promise.all(x),{failed:d,ignored:a,updates:i}};class qn{token;tokenHeader;defaultApiBase;fetchImpl;tagCache=new Map;constructor(n){const t=n.token??process.env.GITLAB_TOKEN;t?(this.token=t,this.tokenHeader="PRIVATE-TOKEN"):process.env.CI_JOB_TOKEN?(this.token=process.env.CI_JOB_TOKEN,this.tokenHeader="JOB-TOKEN"):(this.token=void 0,this.tokenHeader="PRIVATE-TOKEN"),this.defaultApiBase=n.apiBase??"https://gitlab.com",this.fetchImpl=n.fetch??fetch}async listTags(n){const t=this.tagCache.get(n);if(t)return t;const s=this.fetchTags(n);return this.tagCache.set(n,s),s}resolveHostAndPath(n){const t=n.indexOf("/");if(t>0){const s=n.slice(0,t);if(s.includes("."))return{host:`https://${s}`,path:n.slice(t+1)}}return{host:this.defaultApiBase,path:n}}async fetchTags(n){const{host:t,path:s}=this.resolveHostAndPath(n),r=encodeURIComponent(s),o=`${t}/api/v4/projects/${r}/repository/tags?per_page=100`,i={Accept:"application/json","User-Agent":"vis-update-gitlab"};this.token&&(i[this.tokenHeader]=this.token);try{const a=await this.fetchImpl(o,{headers:i});if(!a.ok)return{error:`HTTP ${String(a.status)} from ${t}`,parsed:[],tags:[]};const d=await a.json();if(!Array.isArray(d))return{error:`unexpected response shape from ${t}`,parsed:[],tags:[]};const l=d.map(f=>({name:typeof f.name=="string"?f.name:"",sha:typeof f.commit?.id=="string"?f.commit.id:""})).filter(f=>f.name!==""),c=[];for(const f of l){const g=H(f.name);g&&c.push({...g,sha:f.sha})}return{parsed:c,tags:l}}catch(a){return{error:a instanceof Error?a.message:"fetch failed",parsed:[],tags:[]}}}}const Hn=/vis-update-ignore-next-line/i,Q=/vis-update-ignore(?:\s|$|:)/i,Ln=new Set([".gitlab-ci.yaml",".gitlab-ci.yml"]),Fn=e=>Ln.has(e)||e.endsWith(".gitlab-ci.yml")||e.endsWith(".gitlab-ci.yaml"),zn=/^\s*-?\s*project:\s*(['"]?)([^'"\s#]+)\1(?:\s*#.*)?$/,Gn=/^\s*ref:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,Kn=/^\s*-?\s*component:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,Jn=/^\s*image:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,Yn=/^\s*(?:-\s*)?(?:include:\s*)?\{([^}]*)\}\s*(?:#.*)?$/,Zn=/project:\s*(['"]?)([^'"\s,}]+)\1/,Xn=/ref:\s*(['"]?)([^'"\s,}]+)\1/,Qn=/component:\s*(['"]?)([^'"\s,}]+)\1/,es=/^(\s*-\s*name:\s*)(['"]?)([^'"\s#]+)\2(\s*#.*)?$/,ts=/^(\s*-\s*)(['"]?)([^'"\s#:]+:[^'"\s#]+)\2(\s*#.*)?$/,ns=/^\s*-?\s*[a-z_][\w-]*:\s*(?:#.*)?$/i,ss=(e,n)=>{const t=n.split(/\r?\n/),s=[],r=[];let o,i=!1,a=!1,d=-1;for(const[l,c]of t.entries()){const f=c??"",g=f.trim(),m=g===""||g.startsWith("#");if(Hn.test(f)&&m){i=!0;continue}const h=/^(\s*)services:\s*(?:#.*)?$/.exec(f);if(h){a=!0,d=h[1]?.length??0;continue}a&&g!==""&&!g.startsWith("-")&&!g.startsWith("#")&&f.search(/\S/)<=d&&(a=!1,d=-1);const x=Jn.exec(f);if(x){const p=x[2]??"",$=oe(p);if($){const u=x[3]?.trim();let A=i?"vis-update-ignore-next-line":void 0;u&&Q.test(u)&&(A=A??"vis-update-ignore"),r.push({...$,file:e,ignoreReason:A,kind:"compose",line:l+1})}i=!1;continue}if(a){const p=es.exec(f),$=p?void 0:ts.exec(f),u=p??$;if(u){const A=u[3]??"",y=oe(A);if(y){const T=u[4]?.trim();let R=i?"vis-update-ignore-next-line":void 0;T&&Q.test(T)&&(R=R??"vis-update-ignore"),r.push({...y,file:e,ignoreReason:R,kind:"compose",line:l+1})}}}const b=zn.exec(f);if(b){o={line:l+1,project:b[2]??""};continue}const w=Gn.exec(f);if(w&&o){const p=w[3]?.trim();let $=i?"vis-update-ignore-next-line":void 0;p&&Q.test(p)&&($=$??"vis-update-ignore"),s.push({file:e,ignoreReason:$,kind:"project",line:l+1,original:w[2]??"",project:o.project,ref:w[2]??""}),o=void 0,i=!1;continue}const k=Kn.exec(f);if(k){const p=k[2]??"",$=p.lastIndexOf("@");if($>0){const u=p.slice(0,$),A=p.slice($+1),y=u.lastIndexOf("/"),T=y>0?u.slice(0,y):u,R=y>0?u.slice(y+1):void 0,C=k[3]?.trim();let E=i?"vis-update-ignore-next-line":void 0;C&&Q.test(C)&&(E=E??"vis-update-ignore"),s.push({componentName:R,file:e,ignoreReason:E,kind:"component",line:l+1,original:p,project:T,ref:A})}i=!1;continue}const v=Yn.exec(f);if(v){const p=v[1]??"",$=/#(.*)$/.exec(f)?.[1]?.trim();let u=i?"vis-update-ignore-next-line":void 0;$&&Q.test($)&&(u=u??"vis-update-ignore");const A=Qn.exec(p);if(A){const y=A[2]??"",T=y.lastIndexOf("@");if(T>0){const R=y.slice(0,T),C=y.slice(T+1),E=R.lastIndexOf("/"),U=E>0?R.slice(0,E):R,j=E>0?R.slice(E+1):void 0;s.push({componentName:j,file:e,ignoreReason:u,kind:"component",line:l+1,original:y,project:U,ref:C})}}else{const y=Zn.exec(p),T=Xn.exec(p);y&&T&&s.push({file:e,ignoreReason:u,kind:"project",line:l+1,original:T[2]??"",project:y[2]??"",ref:T[2]??""})}i=!1;continue}g!==""&&!g.startsWith("#")&&!ns.test(f)&&(i=!1)}return{images:r,includes:s}},Ie=/^(?:\.git|node_modules|\.pnpm-store|\.turbo|\.nx|dist|build|\.cache)$/,os=e=>{const n=[],t=[];if(!O(e))return{images:t,includes:n};const s=o=>{let i;try{i=K(o)}catch{return}const{images:a,includes:d}=ss(o,i);n.push(...d),t.push(...a)};for(const o of[".gitlab-ci.yml",".gitlab-ci.yaml"]){const i=B(e,o);O(i)&&s(i)}const r=B(e,".gitlab");if(O(r))for(const o of J(r,{includeDirs:!1,includeSymlinks:!1,skip:[Ie]}))(o.name.endsWith(".yml")||o.name.endsWith(".yaml"))&&s(o.path);for(const o of J(e,{includeDirs:!1,includeSymlinks:!1,maxDepth:2,skip:[Ie]}))Fn(o.name)&&!t.some(i=>i.file===o.path)&&!n.some(i=>i.file===o.path)&&s(o.path);return{images:t,includes:n}},Ne=(e,n)=>{for(const t of n)try{if(new RegExp(t).test(e))return!0}catch{if(e.includes(t))return!0}return!1},rs=(e,n,t)=>{const s=e.indexOf("/");return s>0&&e.slice(0,s).includes(".")?`https://${e.slice(0,s)}/${e.slice(s+1)}/-/releases/${n}`:`${t}/${e}/-/releases/${n}`},is=async(e,n)=>{const{ignoreRules:t,imageReferences:s,includes:r,options:o,registryOptions:i,resolverOptions:a}=n,d=[],l=[],c=[];if(s.length>0){const v=await Ze(e,{ignoreRules:t,options:o,references:s,registryOptions:i});for(const p of v.updates)d.push({...p,ecosystem:"gitlab"});for(const p of v.ignored)l.push({...p,ecosystem:"gitlab"});c.push(...v.failed)}if(r.length===0)return{failed:c,ignored:l,updates:d};const f=new qn({apiBase:a?.apiBase,fetch:a?.fetch,token:o.gitlabToken??a?.token}),g=a?.apiBase??"https://gitlab.com",m=new Map;for(const v of r){const p=m.get(v.project)??[];p.push(v),m.set(v.project,p)}const h=Math.max(1,o.maxConcurrentRequests),x=[...m.keys()];let b=0;const w=async v=>{const p=m.get(v)??[];let $;try{$=await f.listTags(v)}catch{for(const u of p)c.push({file:u.file,reason:`failed to list tags for ${v}`});return}if($.error){for(const u of p)c.push({file:u.file,reason:`failed to list tags for ${v}: ${$.error}`});return}for(const u of p){const A=u.kind==="component"&&u.componentName?`${u.project}/${u.componentName}`:u.project;let y;u.ignoreReason?y=u.ignoreReason:Ne(A,o.exclude)?y="matched --exclude":o.include.length>0&&!Ne(A,o.include)?y="not matched by --include":o.respectDependabotConfig&&t&&me(A,"gitlab",t)&&(y="ignored by dependabot/renovate config");const T=U=>({currentRef:u.ref,currentVersion:u.ref,ecosystem:"gitlab",file:u.file,ignored:!0,line:u.line,name:A,newRef:u.ref,newVersion:void 0,original:u.original,reason:U,replacement:u.original,updateType:"unknown"});if(y){l.push(T(y));continue}const R=H(u.ref);if(!R&&!o.includeBranches){l.push(T("branch reference (use --include-branches)"));continue}if(!R&&o.mode!=="latest"){l.push(T(`branch ref has no version baseline for --target=${o.mode}`));continue}const C=he($.parsed,R,o.mode);if(!C)continue;let E;u.kind==="component"?E=`${u.componentName?`${u.project}/${u.componentName}`:u.project}@${C.raw}`:E=C.raw,d.push({currentRef:u.ref,currentVersion:R?.raw??u.ref,ecosystem:"gitlab",file:u.file,line:u.line,name:A,newRef:C.raw,newVersion:C.raw,original:u.original,replacement:E,updateType:$e(R,C),url:rs(u.project,C.raw,g)})}},k=[];for(let v=0;v<Math.min(h,x.length);v++)k.push((async()=>{for(;b<x.length;){const p=x[b];b+=1,p!==void 0&&await w(p)}})());return await Promise.all(k),{failed:c,ignored:l,updates:d}},as={disabled:new Set,exclude:[],githubToken:void 0,gitlabToken:void 0,include:[],includeBranches:!1,maxConcurrentRequests:8,minAgeDays:void 0,mode:"latest",respectDependabotConfig:!0,style:"sha"},cs=async e=>{const n={...as,...e.options,disabled:e.options?.disabled??new Set},t=n.respectDependabotConfig?en(e.workspaceRoot):void 0,s={actions:{failed:[],ignored:[],updates:[]},docker:{failed:[],ignored:[],updates:[]},gitlab:{failed:[],ignored:[],updates:[]}},r=[];let o=0;if(!n.disabled.has("actions")){const d=hn(e.workspaceRoot);d.length>0&&(o+=1,r.push(bn(e.workspaceRoot,{ignoreRules:t,options:n,references:d}).then(l=>{s.actions=l})))}if(!n.disabled.has("docker")){const d=Bn(e.workspaceRoot);d.length>0&&(o+=1,r.push(Ze(e.workspaceRoot,{ignoreRules:t,options:n,references:d}).then(l=>{s.docker=l})))}if(!n.disabled.has("gitlab")){const{images:d,includes:l}=os(e.workspaceRoot);d.length+l.length>0&&(o+=1,r.push(is(e.workspaceRoot,{ignoreRules:t,imageReferences:d,includes:l,options:n}).then(c=>{s.gitlab=c})))}await Promise.all(r);const i=[...s.actions.updates,...s.docker.updates,...s.gitlab.updates],a=[...s.actions.ignored,...s.docker.ignored,...s.gitlab.ignored];return{failed:[...s.actions.failed,...s.docker.failed,...s.gitlab.failed],ignored:a,perEcosystem:s,scanned:o,updates:i}},ls={actions:"GitHub Actions",docker:"Docker",gitlab:"GitLab CI"},fe=e=>e.updateType==="major",us=e=>{switch(e){case"major":return G;case"minor":return D;case"patch":return Pe;default:return We}},De=e=>{const n=us(e.updateType),t=e.currentVersion??e.currentRef,s=e.newVersion??e.newRef,r=e.url?` ${M(e.url)}`:"",o=e.advisories&&e.advisories.length>0?` ${G(`⚠ ${String(e.advisories.length)} advisor${e.advisories.length===1?"y":"ies"}`)}`:"";return` ${n(e.updateType.padEnd(7))} ${e.name} ${M(t)} → ${s}${o}${r}`},Oe=e=>!e.advisories||e.advisories.length===0?[]:e.advisories.map(n=>` ${n.severity==="CRITICAL"||n.severity==="HIGH"?G(n.severity):D(n.severity)} ${n.id} ${M(n.summary)}`),ds=(e,n)=>{const t=[],s=e.updates.length;if(s===0&&e.scanned===0)return"";if(s===0){if(e.failed.length===0&&e.ignored.length===0)return t.push(`${Pe("✓")} All ecosystem references up to date.`),t.join(`
|
|
6
|
+
`);if(t.push(`${D("⚠")} No actionable updates found.`),e.failed.length>0){t.push(`
|
|
7
|
+
${D("Failed lookups:")}`);for(const o of e.failed)t.push(` ${o.file}: ${o.reason}`)}if(n.showIgnored&&e.ignored.length>0){t.push(`
|
|
8
|
+
${M("Ignored:")}`);for(const o of e.ignored)t.push(` ${M(o.name)} ${M(o.reason??"")}`)}return t.join(`
|
|
9
|
+
`)}t.push(`
|
|
10
|
+
${We("Ecosystem updates")} — ${String(s)} reference${s===1?"":"s"} can be bumped:`);const r=e.updates.filter(o=>fe(o));if(r.length>0){t.push(`
|
|
11
|
+
${G(ot(`⚠ Breaking changes (${String(r.length)})`))}`),t.push(` ${M("Review release notes before applying — these cross a major-version boundary.")}`);for(const o of r)t.push(De(o)),t.push(...Oe(o))}for(const o of Object.keys(e.perEcosystem)){const i=e.perEcosystem[o];if(i.updates.length!==0){t.push(`
|
|
12
|
+
${ls[o]} (${String(i.updates.length)})`);for(const a of i.updates)t.push(De(a)),t.push(...Oe(a))}}if(n.showIgnored&&e.ignored.length>0){t.push(`
|
|
13
|
+
${M("Ignored:")}`);for(const o of e.ignored)t.push(` ${M(o.name)} ${M(o.reason??"")}`)}if(e.failed.length>0){t.push(`
|
|
14
|
+
${D("Failed lookups:")}`);for(const o of e.failed)t.push(` ${o.file}: ${o.reason}`)}return n.previewOnly&&t.push(`
|
|
15
|
+
${D("ℹ")} ${M("Not applied automatically — re-run with `--interactive` to choose which to apply, or `--yes` to apply all.")}`),t.join(`
|
|
16
|
+
`)},ps=e=>JSON.stringify({ecosystems:{failed:e.failed,ignored:e.ignored,perEcosystem:e.perEcosystem,scanned:e.scanned,updates:e.updates}},void 0,2),fs=()=>{const e=Me({input:process.stdin,output:process.stdout});return{ask:n=>new Promise(t=>{e.question(n,s=>{t(s.trim())})}),close:()=>{e.close()},write:n=>{process.stdout.write(`${n}
|
|
17
|
+
`)}}},gs=(e,n)=>e.split(",").map(t=>Number.parseInt(t.trim(),10)-1).filter(t=>Number.isInteger(t)&&t>=0&&t<n),ms=async(e,n=fs())=>{if(e.length===0)return n.close(),[];n.write(""),n.write("Outdated ecosystem references:");for(const[s,r]of e.entries()){const o=r.currentVersion??r.currentRef,i=r.newVersion??r.newRef,a=fe(r)?" [BREAKING]":"";n.write(` ${String(s+1)}. [${r.ecosystem}] ${r.name}: ${o} → ${i} (${r.updateType})${a}`)}n.write("");const t=(await n.ask("Apply updates? [a]ll / [s]afe / [n]one / numbers: ")).toLowerCase();if(t==="a"||t==="all")return n.close(),e;if(t==="s"||t==="safe")return n.close(),e.filter(s=>!fe(s));if(t==="n"||t==="none"||t==="")return n.close(),[];if(/^[\d ,]+$/.test(t)){const s=gs(t,e.length);return n.close(),s.map(r=>e[r]).filter(r=>r!==void 0)}return n.close(),[]},Xe=e=>{const n=e.trim();if(n==="")return;const t=/^(\d+(?:\.\d+)?)\s*([mhdw])?$/i.exec(n);if(!t)return;const s=Number.parseFloat(t[1]);if(!(!Number.isFinite(s)||s<0))switch((t[2]??"m").toLowerCase()){case"d":return s*60*24;case"h":return s*60;case"m":return s;case"w":return s*60*24*7;default:return}},hs=e=>{const n=e.trim();return/^\d+(?:\.\d+)?$/.test(n)?Number.parseFloat(n)*1440:Xe(n)},_s=e=>!Number.isFinite(e)||e<=0?"0m":e%1440===0?`${String(e/1440)}d`:e%60===0?`${String(e/60)}h`:`${String(e)}m`,$s=(e,n)=>{try{switch(n){case"bun":{const t=B(e,"bunfig.toml");if(O(t)){const s=ft(t),r=s?.install?.minimumReleaseAge;return{excludes:Array.isArray(s?.install?.minimumReleaseAgeExcludes)?s.install.minimumReleaseAgeExcludes:void 0,minutes:typeof r=="number"?Math.round(r/60):void 0}}break}case"npm":{const t=B(e,".npmrc");if(O(t)){const s=K(t),r=/^\s*min-release-age\s*=\s*([^\s#;]+)/m.exec(s);return{minutes:r?hs(r[1]):void 0}}break}case"pnpm":{const t=B(e,"pnpm-workspace.yaml");if(O(t)){const s=ve(t);return{excludes:Array.isArray(s?.minimumReleaseAgeExclude)?s.minimumReleaseAgeExclude:void 0,minutes:typeof s?.minimumReleaseAge=="number"?s.minimumReleaseAge:void 0}}break}case"yarn":{const t=B(e,".yarnrc.yml");if(O(t)){const s=ve(t)?.npmMinimalAgeGate;if(typeof s=="string")return{minutes:Xe(s)};if(typeof s=="number")return{minutes:s}}break}}}catch{}return{}},ys=(e,n,t)=>{const s=e.latest?"latest":e.target??n.target??"latest";if(!["latest","minor","patch"].includes(s))throw new Error(`Invalid target "${s}". Use: latest, minor, or patch.`);const r=e.maxConcurrentRequests,o=typeof r=="number"&&r>0?r:n.maxConcurrentRequests,i=typeof e.releaseChannel=="string"?e.releaseChannel.toLowerCase():void 0;if(i!==void 0&&!["any","same","stable"].includes(i))throw new Error(`Invalid --release-channel "${String(e.releaseChannel)}". Use: any, same, or stable.`);const a=i??n.releaseChannel;return{exclude:[...P(e.exclude),...P(n.exclude)],ignore:P(n.ignore),include:[...P(e.include),...P(n.include),...t],includeLocked:e.includeLocked||n.includeLocked||!1,includePrerelease:e.prerelease||n.prerelease||!1,maxConcurrentRequests:o,minimumReleaseAge:n.minimumReleaseAge,minimumReleaseAgeExclude:n.minimumReleaseAgeExclude,packageMode:n.packageMode,releaseChannel:a,security:e.security===!1?!1:e.ai||(n.security??!0),target:s}},Ue=(e,n)=>{if(e.length!==0){n.info(`
|
|
18
|
+
${D("⚠")} ${String(e.length)} package${e.length===1?"":"s"} skipped by target constraint (use --target latest to include):`);for(const t of e)n.info(` ${t.packageName} ${t.currentRange} → ${t.newRange} (${t.updateType})`)}},Ve=(e,n,t,s,r)=>{t==="json"?process.stdout.write(`${bt({checkedCount:0,failed:n,filteredByTarget:[],ignored:[],outdated:e})}
|
|
19
|
+
`):t==="minimal"?process.stdout.write(`${Rt(e)}
|
|
20
|
+
`):(xt(e,s),s.info(He(e,r)))},Be=async(e,n,t,s,r,o,i)=>{const a=vt(e,t,n,!0,{useEditorconfig:i}),d=n==="pnpm"?"pnpm-workspace.yaml":"package.json";if(r.info(`
|
|
21
|
+
Updated ${d}`),a&&r.info(`Backup saved to ${a}`),s.changelog){r.info(`
|
|
22
|
+
Fetching changelogs...`);const l=await qe(t,void 0,o);for(const c of l){const f=c.releaseUrl??c.repoUrl??c.npmUrl;r.info(` ${c.packageName}: ${f}`)}}if(s.install??!0){const l=n,c=["install"];r.info(`Running ${l} ${c.join(" ")}...
|
|
23
|
+
`);try{const{code:f,output:g}=await Le(l,c,{cwd:e,env:process.env});f!==0?r.warn(`${l} ${c.join(" ")} failed. You may need to run it manually.`):s.peer!==!0&&Fe(g)&&r.info(ze)}catch{r.warn(`${l} ${c.join(" ")} failed. You may need to run it manually.`)}}},ge={applied:!1,canceled:!1,jsonEmitted:!1},ws=async(e,n,t,s,r,o)=>{const i=t.update??{},a=[["global","--global is not supported in catalog mode"],["recursive","--recursive is not needed in catalog mode (catalogs are workspace-level)"],["filter","--filter is not supported in catalog mode (use --include/--exclude instead)"],["no-save","--no-save is not supported in catalog mode"],["workspace-root","--workspace-root is not needed in catalog mode"],["no-optional","--no-optional is not supported in catalog mode"]];for(const[S,I]of a)s[S]&&o.warn(`${D("⚠")} ${I}, ignoring.`);const d=ue("minReleaseAge"),{excludes:l,minutes:c}=d?{excludes:void 0,minutes:void 0}:$s(e,n),f=d?void 0:i.minimumReleaseAge??c,g=d?void 0:i.minimumReleaseAgeExclude??l;if(d&&(i.minimumReleaseAge!==void 0||c!==void 0)&&o.info("minimumReleaseAge gate disabled via MARSHALL_DISABLE_MIN_RELEASE_AGE."),!d&&i.minimumReleaseAge!==void 0&&c!==void 0&&i.minimumReleaseAge!==c){const S=n==="pnpm"?"pnpm-workspace.yaml":"bunfig.toml";o.warn(`${D("⚠")} minimumReleaseAge mismatch: vis config = ${String(i.minimumReleaseAge)} min, ${S} = ${String(c)} min. Consider keeping them in sync.`)}const m=gt(e),h=s["include-internal"],x=s.peer,b=mt(e,n,{depFields:i.depFields,dev:s.dev,includeInternal:h,peer:x,prod:s.prod});if(b.size===0)return o.info("No catalogs found."),ge;const w={...i,minimumReleaseAge:f,minimumReleaseAgeExclude:g},k=ys(s,w,r);let v=0;for(const S of b.values())v+=S.size;const p=!!process.stdout.isTTY&&!ie;let $;const u=p?(S,I)=>{$?$.rerender(_.createElement(xe,{current:S,total:I})):(process.stdout.write(`
|
|
24
|
+
`),$=be(_.createElement(xe,{current:S,total:I}),{interactive:!0,patchConsole:!1}))}:(S,I)=>{o.info(`Checking ${String(S)}/${String(I)} dependencies...`)};p||o.info(`Checking ${String(v)} catalog dependencies...
|
|
25
|
+
`);const A=new Set;ue("socket")&&A.add("socket"),ue("depsDev")&&A.add("deps-dev");const y=t.security?.policies?.score?.minimum,T=ht(t.security,{disabled:A,minimumScore:y}),{checkedCount:R,failed:C,filteredByTarget:E,ignored:U,outdated:j}=await $t(b,k,m,u,e,T,t.security?.acceptedRisks);$&&($.clear(),$.unmount());const L=h?{ignored:[],outdated:[]}:yt(e,{depFields:i.depFields,dev:s.dev,exclude:k.exclude,ignore:k.ignore,include:k.include,packageMode:k.packageMode,peer:x,prod:s.prod,target:k.target});if(L.outdated.length>0){const S=new Set(j.map(I=>`${I.catalogName}|${I.packageName}`));for(const I of L.outdated)S.has(`${I.catalogName}|${I.packageName}`)||j.push(I)}if(L.ignored.length>0)for(const S of L.ignored)U.includes(S)||U.push(S);const ye=R-j.length-C.length;if(C.length>0&&o.warn(`Failed to fetch: ${C.join(", ")}`),U.length>0&&o.info(`Skipped ${String(U.length)} ignored package${U.length===1?"":"s"}: ${U.join(", ")}`),!p&&R>j.length){const S=[...b.values()].reduce((Z,ae)=>Z+ae.size,0),I=S>R?` (${String(S)} catalog entries, ${String(S-R)} duplicates)`:"";o.info(`Checked ${String(R)} unique packages${I}: ${String(j.length)} outdated, ${String(ye)} up-to-date${C.length>0?`, ${String(C.length)} failed`:""}${E.length>0?`, ${String(E.length)} skipped by target`:""}`)}if(j.length===0)return E.length>0?o.info(`All catalog dependencies are up to date within the current target.
|
|
26
|
+
${String(E.length)} package${E.length===1?" has":"s have"} newer versions available with --target latest:
|
|
27
|
+
${E.map(S=>` ${S.packageName} ${S.currentRange} → ${S.newRange} (${S.updateType})`).join(`
|
|
28
|
+
`)}`):o.info("All catalog dependencies are up to date."),ge;const F=s.format??i.format??"table";let W;if(s.ai){const S=Ct(s.aiType??"impact");W=await Et(j,o,t.ai,S)}const te=!!s.dryRun;if(!te&&r.length>0&&s.marshallCheck!==!1){const S=await It(r);if(S.length>0){const I=await Nt(S,{config:t?.security?.marshalls,workspaceRoot:e});if(!await Dt(I))return process.exitCode=1,{applied:!1,canceled:!0,jsonEmitted:!1}}}if(p&&F==="table"){const S=new Vt(j,W??null);let I;if(s.changelog){o.info("Fetching changelogs...");const N=await qe(j,void 0,m);I=new Map;for(const V of N){const z=V.releaseUrl??V.repoUrl??V.npmUrl;z&&I.set(V.packageName,z)}}const Z=t.tui?.autoExit??!1,ae=Z===!0?3:typeof Z=="number"?Z:0,we=await be(_.createElement(Bt,{autoExitSeconds:ae,changelogUrls:I,checkedCount:R,filteredOutEntries:E,isDryRun:te,store:S,totalCatalogEntries:v}),{alternateScreen:!0,exitOnCtrlC:!1,interactive:!0,patchConsole:!0}).waitUntilExit(),ce=process.stdout.columns||80;process.stdout.write(`
|
|
29
|
+
`);for(const N of j){const V=N.vulnerabilities?.length||N.socketReport&&N.socketReport.alerts.length>0,z=!!N.acceptedRisk,le=V?z?"✓":"⚠":"✓",et=z?"gray":N.updateType==="major"?"red":N.updateType==="minor"?"yellow":"green",se=N.socketReport?.score.overall,tt=se===void 0?"":` [${String(Math.round(se*100))}%]`,ke=se===void 0?void 0:kt(se);process.stdout.write(`${de(_.createElement(q,null," ",_.createElement(q,{color:et},le),` ${N.packageName} ${N.currentRange} → ${N.newRange}`,_.createElement(q,{dimColor:!0},` ${N.updateType}`),ke?_.createElement(q,{color:ke},tt):null),{columns:ce})}
|
|
30
|
+
`)}if(process.stdout.write(`
|
|
31
|
+
`),o.info(He(j,y)),R>j.length){const N=[...b.values()].reduce((z,le)=>z+le.size,0),V=N>R?` (${String(N)} catalog entries, ${String(N-R)} duplicates)`:"";o.log(),o.info(`Checked ${String(R)} unique packages${V}: ${String(ye)} up-to-date${C.length>0?`, ${String(C.length)} failed`:""}`)}if(E.length>0){process.stdout.write(`
|
|
32
|
+
`);const N=`${String(E.length)} package${E.length===1?"":"s"} skipped by target constraint (use --target latest to include):`;process.stdout.write(`${de(_.createElement(q,{color:"yellow"},` ${N}`),{columns:ce})}
|
|
33
|
+
`);for(const V of E)process.stdout.write(`${de(_.createElement(q,null," ",_.createElement(q,{dimColor:!0},V.packageName),` ${V.currentRange} → ${V.newRange}`,_.createElement(q,{dimColor:!0},` ${V.updateType}`)),{columns:ce})}
|
|
34
|
+
`)}const ne=Array.isArray(we)?we:[];if(ne.length>0&&!te){o.info(`
|
|
35
|
+
Applying ${String(ne.length)} updates...
|
|
36
|
+
`);const N={...s,install:s.install??i.install};return await Be(e,n,ne,N,o,m,t.editorconfig??!0),{applied:!0,canceled:!1,jsonEmitted:!1}}return{applied:!1,canceled:ne.length===0,jsonEmitted:!1}}if(te){if(F==="json"){const S={failed:C,filteredByTarget:E,ignored:U,outdated:j};W&&(S.aiAnalysis=W),process.stdout.write(`${JSON.stringify(S,void 0,2)}
|
|
37
|
+
`)}else o.info(`Would update ${String(j.length)} dependencies:
|
|
38
|
+
`),Ve(j,C,F,o,y),W&&(o.info(""),o.info(Re(W))),Ue(E,o);return{applied:!1,canceled:!1,jsonEmitted:F==="json"}}W&&F!=="json"&&(o.info(Re(W)),o.info(""));let Y=j;if(s.interactive&&(Y=await wt(j),Y.length===0))return o.info("No updates selected."),{applied:!1,canceled:!0,jsonEmitted:!1};o.info(`Updating ${String(Y.length)} catalog dependencies...
|
|
39
|
+
`),Ve(Y,[],F,o,y),Ue(E,o);const Qe={...s,install:s.install??i.install};return await Be(e,n,Y,Qe,o,m),{applied:!0,canceled:!1,jsonEmitted:F==="json"}},ks=async(e,n,t,s,r,o)=>{const i={dev:s.dev,filters:P(s.filter),global:s.global,interactive:s.interactive,latest:s.latest||s.target==="latest",noOptional:s.optional===!1,noSave:s.save===!1,packages:r,prod:s.prod,recursive:s.recursive,workspaceRoot:s.workspaceRoot},{command:a,warnings:d}=Gt(n,t,i);for(const c of d)o.warn(c);const l=`${a.bin} ${a.args.join(" ")}`.trim();if(s.dryRun)return o.info(`Would run: ${l}`),ge;o.info(`Running: ${l}`);try{const{code:c,output:f}=await Le(a.bin,a.args,{cwd:e,env:process.env});if(c!==0)return o.error(`
|
|
40
|
+
${G("✖")} Update failed (exit code ${String(c)})`),o.error(` Command: ${l}`),o.error(` Directory: ${e}
|
|
41
|
+
`),process.exitCode=c,{applied:!1,canceled:!1,jsonEmitted:!1};s.peer!==!0&&Fe(f)&&o.info(ze)}catch(c){const f=c.status??1;return o.error(`
|
|
42
|
+
${G("✖")} Update failed (exit code ${String(f)})`),o.error(` Command: ${l}`),o.error(` Directory: ${e}
|
|
43
|
+
`),process.exitCode=f,{applied:!1,canceled:!1,jsonEmitted:!1}}return{applied:!0,canceled:!1,jsonEmitted:!1}},vs=async(e,n,t)=>{const s=e.latest===!0||e.target==="latest";if(n||!s||e.dryRun===!0||e.yes===!0||e.interactive===!0)return!0;if(!(process.stdout.isTTY&&!ie))return t.error(`${G("✖")} Refusing to run blanket --latest update in a non-interactive context.`),t.error(" Re-run with --yes to confirm, --dry-run to preview, or pass explicit package names."),process.exitCode=1,!1;const r=Me({input:process.stdin,output:process.stdout});try{const o=(await new Promise(i=>{r.question(`${D("⚠")} About to upgrade ALL dependencies to their latest versions. This may include breaking changes.
|
|
44
|
+
Continue? [y/N] `,i)})).trim().toLowerCase();return o==="y"||o==="yes"?!0:(t.info("Aborted."),!1)}finally{r.close()}},bs=(e,n)=>{const t=new Set;e.actions===!1&&t.add("actions"),e.docker===!1&&t.add("docker"),e.gitlab===!1&&t.add("gitlab");const s=e.style??"sha";if(s!=="sha"&&s!=="preserve")throw new Error(`Invalid --style "${s}". Use: sha or preserve.`);const r=e.latest===!0?"latest":e.target??"latest";if(r!=="latest"&&r!=="minor"&&r!=="patch")throw new Error(`Invalid target "${r}". Use: latest, minor, or patch.`);const o=r,i=n.update??{};return{disabled:t,exclude:[...P(e.exclude),...P(i.exclude)],githubToken:e.actionsToken??void 0,gitlabToken:e.gitlabToken??void 0,include:P(e.include),includeBranches:e.includeBranches===!0,maxConcurrentRequests:typeof e.maxConcurrentRequests=="number"&&e.maxConcurrentRequests>0?e.maxConcurrentRequests:8,minAgeDays:typeof i.minimumReleaseAge=="number"&&i.minimumReleaseAge>0?i.minimumReleaseAge/1440:void 0,mode:o,respectDependabotConfig:!0,style:s}},Rs=(e,n)=>e.dryRun===!0||process.exitCode!==void 0&&process.exitCode!==0||n.canceled?!1:e.yes===!0?!0:e.interactive===!0&&!!process.stdout.isTTY&&!ie,xs=async(e,n,t,s,r)=>{const o=bs(n,t);if(o.disabled.size===3)return;let i;try{i=await cs({options:o,workspaceRoot:e})}catch(m){s.warn(`${D("⚠")} Ecosystem update scan failed: ${m.message}`);return}if(i.scanned===0)return i;const a=n.format??"table",d=!!n.dryRun,l=Rs(n,r);if(a==="json")r.jsonEmitted?s.warn(`${D("⚠")} ${String(i.updates.length)} ecosystem update${i.updates.length===1?"":"s"} available but not emitted in --format=json (catalog already wrote one JSON document). Rerun with --format=table or --no-catalog to see them.`):process.stdout.write(`${ps(i)}
|
|
45
|
+
`);else if(a!=="minimal"){const m=ds(i,{previewOnly:!l&&!d,showIgnored:n.interactive===!0});m&&s.info(m)}if(i.updates.length===0)return i;if(d)return a==="minimal"&&s.info(`
|
|
46
|
+
${D("ℹ")} ${String(i.updates.length)} ecosystem reference${i.updates.length===1?"":"s"} can be bumped — not applied (--dry-run). Re-run without --dry-run and with \`--interactive\` or \`--yes\` to apply.`),i;if(!l)return a==="minimal"&&s.info(`
|
|
47
|
+
${D("ℹ")} ${String(i.updates.length)} ecosystem reference${i.updates.length===1?"":"s"} can be bumped — not applied automatically. Re-run with \`--interactive\` to choose, or \`--yes\` to apply all (or \`--no-actions\` / \`--no-docker\` / \`--no-gitlab\` to silence by ecosystem).`),i;let c=i.updates;if(n.interactive===!0&&process.stdout.isTTY&&!ie&&(c=await ms(i.updates),c.length===0))return s.info(`${D("ℹ")} No ecosystem updates selected.`),i;const{applied:f,skipped:g}=xn(c);if(f.length>0&&s.info(`
|
|
48
|
+
${String(f.length)} ecosystem reference${f.length===1?"":"s"} updated.`),g.length>0){s.warn(`${D("⚠")} ${String(g.length)} ecosystem update${g.length===1?"":"s"} skipped:`);for(const m of g)s.warn(` ${m.update.name} (${m.update.file}:${String(m.update.line)}): ${m.reason}`)}return i},As=e=>{const n=e.style;if(n!==void 0&&n!=="sha"&&n!=="preserve")throw new Error(`Invalid --style "${n}". Use: sha or preserve.`);const t=e.target;if(t!==void 0&&t!=="latest"&&t!=="minor"&&t!=="patch")throw new Error(`Invalid --target "${t}". Use: latest, minor, or patch.`)},Ms=async({argument:e,logger:n,options:t,visConfig:s,workspaceRoot:r})=>{if(!r)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");As(t);let o=e;const i=r,{packageManager:a}=ct(i);if(t.typosquatCheck!==!1){if(o.length>0){const c=o.map(m=>_t(m)),f=s?.security?.typosquatAllowlist,g=await Ot(c.map(m=>m.name),f);if(!g.ok){process.exitCode=1;return}o=c.map((m,h)=>{const x=g.packages[h];return x!==m.name?m.versionSpec?`${x}@${m.versionSpec}`:x??"":o[h]??""})}else if(!await Ut(i,s?.security?.typosquatAllowlist)){process.exitCode=1;return}}if(t.rollback){if(!lt(i,a)){n.info("No backup found. Run 'vis update' first to create a backup.");return}if(ut(i,a))n.info("Restored from backup.");else throw new Error("Failed to restore from backup.");return}if(!await vs(t,o.length>0,n))return;const d=t.catalog!==!1&&dt(i,a);let l;if(d)l=await ws(i,a,s??{},t,o,n);else{const c=jt(i,{configBackend:s?.install?.backend,configCorepack:s?.install?.corepack}),f=c.name==="aube"?"":pt(c.name);l=await ks(i,c.name,f,t,o,n)}o.length===0&&await xs(i,t,s??{},n,l)};export{Ms as default,_s as formatMinutesAsTimeString,hs as parseNpmReleaseAgeValue,Xe as parseTimeStringToMinutes,$s as readPmNativeMinimumReleaseAge,vs as requireBlanketUpdateConfirmation,xs as runEcosystemUpdate,Rs as shouldApplyEcosystem};
|