@visulima/vis 1.0.0-alpha.39 → 1.0.0-alpha.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/dist/bin.js +1 -1
- package/dist/binx.js +1 -1
- package/dist/packem_chunks/bin.js +3 -3
- package/dist/packem_chunks/bloom-sync.js +1 -1
- package/dist/packem_chunks/fix.js +1 -1
- package/dist/packem_chunks/handler28.js +1 -1
- package/dist/packem_chunks/handler3.js +1 -1
- package/dist/packem_chunks/handler4.js +3 -3
- package/dist/packem_chunks/handler49.js +3 -3
- package/dist/packem_chunks/handler5.js +6 -6
- package/dist/packem_chunks/handler63.js +1 -1
- package/dist/packem_chunks/handler64.js +1 -1
- package/dist/packem_chunks/handler65.js +4 -4
- package/dist/packem_chunks/handler66.js +1 -1
- package/dist/packem_chunks/handler68.js +1 -1
- package/dist/packem_chunks/handler7.js +1 -1
- package/dist/packem_chunks/handler70.js +1 -1
- package/dist/packem_chunks/handler71.js +44 -44
- package/dist/packem_chunks/handler73.js +1 -1
- package/dist/packem_chunks/handler74.js +1 -1
- package/dist/packem_chunks/heal.js +1 -1
- package/dist/packem_chunks/help-command.js +1 -1
- package/dist/packem_chunks/sync.js +1 -1
- package/dist/packem_chunks/verify-lockfile.js +1 -1
- package/dist/packem_shared/{ai-analysis-K-DKU3ZA.js → ai-analysis-BUeX2J2H.js} +1 -1
- package/dist/packem_shared/{ai-fix-BPrYoCk8.js → ai-fix-9Vzlp6XU.js} +1 -1
- package/dist/packem_shared/{dependency-scan-anTuZB1t.js → dependency-scan-DnTgYleU.js} +1 -1
- package/dist/packem_shared/{index-BJbpNthk.js → index-Du8RWawQ.js} +1 -1
- package/dist/packem_shared/{index-B4RYu87L.js → index-yBikBkHT.js} +1 -1
- package/dist/packem_shared/{missing-package-json-BfWUxTGv.js → missing-package-json-8vNHwbqw.js} +1 -1
- package/dist/packem_shared/scan-progress-CFhc0CMj.js +2 -0
- package/index.d.ts +201 -201
- package/index.js +52 -52
- package/package.json +9 -9
- package/dist/packem_shared/scan-progress-DG7_JmTV.js +0 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
import{createRequire as p}from"node:module";import{m as u,f as _,I as $}from"../packem_shared/index-BDmTbWX1.js";import{cleanWorkspace as R}from"#native";import{l as b}from"../packem_shared/missing-package-json-
|
|
1
|
+
import{createRequire as p}from"node:module";import{m as u,f as _,I as $}from"../packem_shared/index-BDmTbWX1.js";import{cleanWorkspace as R}from"#native";import{l as b}from"../packem_shared/missing-package-json-8vNHwbqw.js";import{p as c}from"./bin.js";import{c as j}from"../packem_shared/utils-Cxree603.js";const g=p(import.meta.url),d=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,k=o=>{if(typeof d<"u"&&d.versions&&d.versions.node){const[r,n]=d.versions.node.split(".").map(Number);if(r>22||r===22&&n>=3||r===20&&n>=16)return d.getBuiltinModule(o)}return g(o)},{readdirSync:y,lstatSync:h,rmSync:v}=k("node:fs"),S=/node_modules/,w=/\.git/,C=o=>{const r=[],n=[o];for(;n.length>0;){const s=n.pop();let i;try{i=y(s)}catch{continue}for(const t of i){const e=u(s,t);try{const f=h(e);if(f.isSymbolicLink()||!f.isDirectory())continue}catch{continue}t==="node_modules"?r.push(e):t!==".git"&&t!==".hg"&&n.push(e)}}return r},P=["pnpm-lock.yaml","package-lock.json","npm-shrinkwrap.json","yarn.lock","bun.lock","bun.lockb"],q=(o,r,n)=>{let s=0,i=!1;for(const t of P){const e=u(o,t);if(_(e)){n.info(` ${e}`),s++;continue}}return{hadError:i,removed:s}},x=o=>{for(const r of $(o,{includeDirs:!1,includeSymlinks:!1,skip:[S,w]}))if(r.name==="package.json")return!0;return!1},m=(o,r,n)=>{let s=0,i=!1;for(const{packageDir:t}of b(o)){const e=u(o,t);if(!x(e)){if(r){n.info(` ${e}`),s++;continue}try{v(e,{force:!0,recursive:!0}),c.success(`Removed empty package ${e}`),s++}catch(f){c.error(`${e}: ${j(f)}`),i=!0}}}return{hadError:i,removed:s}},B=async({logger:o,options:r,workspaceRoot:n})=>{const s=n??process.cwd(),i=r.lockfile||!1,t=r.emptyPackages||!1;if(r.dryRun){const l=C(s);if(l.length>0){c.info("Would remove:");for(const a of l)o.info(` ${a}`)}else c.info("No node_modules directories found.");i&&q(s,!0,o),t&&(c.info("Would remove empty packages:"),m(s,!0,o));return}const e=R(s,i);for(const l of e.removed)c.success(`Removed ${l}`);for(const l of e.lockfilesRemoved)c.success(`Removed ${l}`);for(const l of e.errors)c.error(l);e.removed.length===0&&e.lockfilesRemoved.length===0?c.info("No node_modules directories found."):c.info(`Cleaned ${e.removed.length} node_modules director${e.removed.length===1?"y":"ies"}`);let f=!1;if(t){const{hadError:l,removed:a}=m(s,!1,o);f=l,a>0&&c.info(`Cleaned ${a} empty package director${a===1?"y":"ies"}`)}(e.errors.length>0||f)&&(process.exitCode=1)};export{B as default};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import{createRequire as Et}from"node:module";import{V as we,E as D,s as ye,q as pt,Q as dt}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{I as Lt,m as z,f as J,v as be,T as Ze,B as Tt}from"../packem_shared/index-BDmTbWX1.js";import{ad as Pt,ab as Vt,ac as zt,aC as Wt,u as Ve,
|
|
1
|
+
import{createRequire as Et}from"node:module";import{V as we,E as D,s as ye,q as pt,Q as dt}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{I as Lt,m as z,f as J,v as be,T as Ze,B as Tt}from"../packem_shared/index-BDmTbWX1.js";import{ad as Pt,ab as Vt,ac as zt,aC as Wt,u as Ve,i as _t,W as Ht,aR as Ut,p as u,l as Qe,c as Ft,N as Gt,f as Bt,Z as Xe,b as Kt,O as qt,r as De,a3 as Jt,a0 as Yt,a2 as Zt}from"./bin.js";import{whichBin as Qt}from"#native";import{r as ei,R as ti,b as ii}from"../packem_shared/ai-analysis-BUeX2J2H.js";import"../packem_shared/public-api-WqUCiyIe.js";import{w as ai,M as ni}from"../packem_shared/pm-runner-OGResYrA.js";import{s as L}from"../packem_shared/index-CgcF6_wo.js";import{c as gt,s as he,p as ri,e as oi,g as si}from"../packem_shared/index-Du8RWawQ.js";import{d as ci}from"../packem_shared/anolilab-text-CAM_E6uK.js";import{t as li,b as pi}from"../packem_shared/cyclonedx-kYozDyxp.js";import{s as fi}from"../packem_shared/scan-progress-CFhc0CMj.js";import{r as ui,A as et,q as tt}from"../packem_shared/advisories-DLeO5KMN.js";import{a as ut}from"./config.js";import{l as mi,f as hi,a as vi}from"../packem_shared/dependency-scan-DnTgYleU.js";import{r as wi}from"../packem_shared/manifests-Dj3pRKBT.js";import{l as $i,p as Si,O as Ni}from"../packem_shared/osv-bloom-B03tUWf3.js";const Ot=Et(import.meta.url),ee=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,Y=e=>{if(typeof ee<"u"&&ee.versions&&ee.versions.node){const[t,i]=ee.versions.node.split(".").map(Number);if(t>22||t===22&&i>=3||t===20&&i>=16)return ee.getBuiltinModule(e)}return Ot(e)},{spawnSync:Dt}=Y("node:child_process"),{createInterface:Mt}=Y("node:readline"),{stripVTControlCharacters:Xt}=Y("node:util"),{createHash:di}=Y("node:crypto"),{relative:ft,join:gi}=Y("node:path"),{readFileSync:mt,existsSync:yi,writeFileSync:bi,renameSync:xi,unlinkSync:ki}=Y("node:fs"),it=(e,t={})=>{Array.isArray(t.extensions)||(t.extensions=["js","mjs","cjs","ts"]);const i=[];for(const a of Lt(e,t))i.push(a.path);return i},xe=e=>`${e.packageName}@${e.packageVersion}:${e.vulnerability.id}`,Ai=e=>e==null||e===!0||e===""||e==="true"||e.toString().toLowerCase()==="all",Ci=(e,t)=>{if(Ai(t))return e;const i=String(t).trim();if(/^\d+$/.test(i)){const n=Number.parseInt(i,10)-1,o=e[n];return o?[o]:[]}const a=i.toLowerCase();return e.filter(n=>{const{aliases:o,id:r}=n.vulnerability;return r.toLowerCase()===a||(o??[]).some(c=>c.toLowerCase()===a)})},Ri=e=>{const{packageName:t,packageVersion:i,vulnerability:a}=e,n=(a.aliases??[]).join(", ")||"none",o=(a.fixedVersions??[]).join(", ")||"no fixed version published";return`You are a security engineer. Explain this dependency vulnerability for a developer triaging it.
|
|
2
2
|
|
|
3
3
|
Package: ${t}@${i}
|
|
4
4
|
Advisory: ${a.id} (aliases: ${n})
|
|
@@ -1,48 +1,48 @@
|
|
|
1
|
-
import{createRequire as
|
|
2
|
-
`;)t+=1;continue}if(i==="/"&&e[t+1]==="*"){for(t+=2;t<s&&!(e[t]==="*"&&e[t+1]==="/");)t+=1;t+=2;continue}if(i===","){let a=t+1;for(;a<s&&/\s/.test(e[a]??"");)a+=1;const d=e[a];if(d==="}"||d==="]"){t+=1;continue}}n+=i,t+=1}return n},Qt=(e,n)=>{const t=["renovate.json","renovate.json5",".renovaterc",".renovaterc.json"];for(const s of t){const r=B(e,s);if(!O(r))continue;let o;try{const a=K(r);o=JSON.parse(Xt(a))}catch{continue}if(!o)continue;if(Array.isArray(o.ignoreDeps))for(const a of["actions","docker","gitlab"])pe(n[a],o.ignoreDeps);const i=[["github-actions","actions"],["dockerfile","docker"],["docker-compose","docker"],["gitlabci","gitlab"],["gitlabci-include","gitlab"]];for(const[a,d]of i){const l=o[a];pe(n[d],l?.ignoreDeps)}if(!Array.isArray(o.packageRules))return;for(const a of o.packageRules){if(a.enabled!==!1)continue;const d=new Set;for(const c of a.matchManagers??[]){const f=Yt[c];f&&d.add(f)}for(const c of a.matchDatasources??[]){const f=Zt[c];f&&d.add(f)}d.size===0&&(d.add("actions"),d.add("docker"),d.add("gitlab"));const l=[...a.matchPackageNames??[],...a.matchDepNames??[],...a.matchPackagePatterns??[]];for(const c of d)pe(n[c],l)}return}},en=e=>{const n={actions:new Set,docker:new Set,gitlab:new Set};return Jt(e,n),Qt(e,n),n},me=(e,n,t)=>{const s=t[n];if(s.size===0)return!1;if(s.has(e))return!0;for(const r of s)if(/[*?[\]/.+]/.test(r))try{const o=r.replaceAll(/[.+^${}()|]/g,String.raw`\$&`).replaceAll("*",".*").replaceAll("?",".");if(new RegExp(`^${o}$`).test(e))return!0}catch{}return!1},H=e=>{const n=e.trim();if(n==="")return;const t=n.startsWith("v")||n.startsWith("V")?n.slice(1):n,s=(ee.valid(t)?ee.parse(t):void 0)??ee.coerce(t,{includePrerelease:!0});if(s)return{major:s.major,minor:s.minor,normalized:`${String(s.major)}.${String(s.minor)}.${String(s.patch)}${s.prerelease.length>0?`-${s.prerelease.join(".")}`:""}`,patch:s.patch,prerelease:s.prerelease.length>0,raw:n}},tn=(e,n)=>ee.rcompare(e.normalized,n.normalized),he=(e,n,t,s)=>{if(!n&&t!=="latest")return;const r=e.filter(o=>o.prerelease?!1:n?t==="patch"&&(o.major!==n.major||o.minor!==n.minor)||t==="minor"&&o.major!==n.major?!1:ee.gt(o.normalized,n.normalized):!0);if(r.length!==0)return r.toSorted(tn)[0]},$e=(e,n)=>!e||!n?"unknown":n.major!==e.major?"major":n.minor!==e.minor?"minor":n.patch!==e.patch?"patch":"unknown",nn="GitHub Actions",Ae=(e,n)=>`${e}@${n}`,sn=e=>({fixedVersions:e.fixedVersions,id:e.id,severity:e.severity,summary:e.summary}),on=(e,n)=>{if(n.length===0)return n;const t=Mt(e);if(!At(t))return n;const s=new Map;for(const o of n){const i=o.currentVersion??o.currentRef;i&&s.set(Ae(o.name,i),{name:o.name,version:i})}if(s.size===0)return n;const r=new Map;try{for(const[o,i]of s){const a=Pt([i],{ecosystem:nn,workspaceRoot:e}).get(i.name);a&&a.length>0&&r.set(o,a)}}catch{return n}return r.size===0?n:n.map(o=>{const i=o.currentVersion??o.currentRef;if(!i)return o;const a=r.get(Ae(o.name,i));return a?{...o,advisories:a.map(d=>sn(d))}:o})},Ke=e=>{if(!e)return{};const n={};for(const t of e.split(",")){const s=/^\s*<([^>]+)>\s*;\s*(.+)$/.exec(t);if(!s)continue;const r=s[1]??"",o=s[2]??"";switch(/rel\s*=\s*"?([^";\s]+)"?/i.exec(o)?.[1]?.toLowerCase()){case"first":{n.first=r;break}case"last":{n.last=r;break}case"next":{n.next=r;break}case"prev":case"previous":{n.previous=r;break}}}return n};class rn{token;apiBase;fetchImpl;tagsCache=new Map;commitCache=new Map;constructor(n){this.token=n.token??process.env.GITHUB_TOKEN??process.env.GH_TOKEN,this.apiBase=n.apiBase??"https://api.github.com",this.fetchImpl=n.fetch??fetch}async listTags(n,t){const s=`${n}/${t}`,r=this.tagsCache.get(s);if(r)return r;const o=this.fetchTags(n,t);return this.tagsCache.set(s,o),o}async resolveRef(n,t,s){const r=`${n}/${t}@${s}`,o=this.commitCache.get(r);if(o)return o;const i=this.fetchCommit(n,t,s);return this.commitCache.set(r,i),i}buildHeaders(){const n={Accept:"application/vnd.github+json","User-Agent":"vis-update-actions","X-GitHub-Api-Version":"2022-11-28"};return this.token&&(n.Authorization=`Bearer ${this.token}`),n}async fetchTags(n,t){const s=`${this.apiBase}/repos/${encodeURIComponent(n)}/${encodeURIComponent(t)}/tags?per_page=100`,r={parsed:[],tags:[]},o=[];let i=s,a=0;for(;i&&a<5;){const l=i;let c;try{c=await this.fetchImpl(l,{headers:this.buildHeaders()})}catch{return r}if(!c.ok)return r;let f;try{f=await c.json()}catch{return r}if(!Array.isArray(f))return r;for(const g of f){const m=typeof g.name=="string"?g.name:"",h=typeof g.commit?.sha=="string"?g.commit.sha:"";m!==""&&h!==""&&o.push({name:m,sha:h})}i=Ke(c.headers.get("link")).next,a+=1}const d=[];for(const l of o){const c=H(l.name);c&&d.push({...c,sha:l.sha})}return{parsed:d,tags:o}}async fetchCommit(n,t,s){const r=`${this.apiBase}/repos/${encodeURIComponent(n)}/${encodeURIComponent(t)}/commits/${encodeURIComponent(s)}`;try{const o=await this.fetchImpl(r,{headers:this.buildHeaders()});if(!o.ok)return;const i=await o.json();return typeof i.sha!="string"?void 0:{committedAt:i.commit?.committer?.date,sha:i.sha}}catch{return}}}const an=".github/workflows",cn=".github/actions",ln=/^\s*-?\s*uses:\s*(['"]?)([^'"\s#]+)\1(?:\s*#\s*(.+))?\s*$/,un=/^[a-f0-9]{40}$/i,dn=/actions-up-ignore-next-line(?::\s*(.+))?/i,pn=/actions-up-ignore-start/i,fn=/actions-up-ignore-end/i,gn=e=>{const n=e.split("/");if(n.length<2)return;const[t,s,...r]=n;if(!(!t||!s))return{owner:t,repo:s,subpath:r.length>0?r.join("/"):void 0}},mn=(e,n)=>{const t=n.split(/\r?\n/),s=[];let r,o=!1;for(const[i,a]of t.entries()){const d=a??"";if(pn.test(d)&&(o=!0),fn.test(d)){o=!1;continue}const l=d.trim(),c=l===""||l.startsWith("#")?dn.exec(d):void 0;if(c){r=c[1]??"actions-up-ignore-next-line";continue}const f=ln.exec(d);if(!f){r=void 0;continue}const g=f[1]??"",m=g==="'"||g==='"'?g:"",h=f[2]??"",x=f[3]?.trim();if(h.startsWith("./")||h.startsWith("../")||h.startsWith("docker://")){r=void 0;continue}const b=h.lastIndexOf("@");if(b<=0){r=void 0;continue}const w=h.slice(0,b),k=h.slice(b+1),v=gn(w);if(!v){r=void 0;continue}let p=r??(o?"actions-up-ignore-block":void 0);if(x){const $=/^actions-up-ignore(?:-next-line)?(?::\s*(.+))?(?:\s|$)/i.exec(x);$&&(p=p??$[1]??"actions-up-ignore")}r=void 0,s.push({file:e,ignoreReason:p,isSha:un.test(k),line:i+1,original:`${m}${h}${m}`,owner:v.owner,quote:m,ref:k,repo:v.repo,slug:w,subpath:v.subpath,trailingComment:x&&!p?x:void 0})}return s},Se=e=>e.endsWith(".yml")||e.endsWith(".yaml"),hn=(e,n=[])=>{const t=[],s=new Set,r=a=>{if(s.has(a))return;s.add(a);let d;try{d=K(a)}catch{return}const l=mn(a,d);t.push(...l)},o=B(e,an);if(O(o))for(const a of J(o,{includeDirs:!1,includeSymlinks:!1,maxDepth:1}))Se(a.name)&&r(a.path);const i=B(e,cn);if(O(i))for(const a of J(i,{includeDirs:!1,includeSymlinks:!1,maxDepth:3}))(a.name==="action.yml"||a.name==="action.yaml")&&r(a.path);for(const a of["action.yml","action.yaml"]){const d=B(e,a);O(d)&&r(d)}for(const a of n){const d=rt(a)?a:B(e,a);if(O(d))for(const l of J(d,{includeDirs:!1,includeSymlinks:!1}))Se(l.name)&&r(l.path)}return t},$n=40,yn=1440*60*1e3,wn=new Set(["develop","edge","main","master","stable","trunk"]),kn=e=>e.length===$n&&/^[a-f0-9]{40}$/i.test(e)?!1:wn.has(e.toLowerCase())?!0:H(e)===void 0,Ce=(e,n)=>{for(const t of n)try{if(new RegExp(t).test(e))return!0}catch{if(e.includes(t))return!0}return!1},vn=(e,n,t,s)=>{const r=s==="sha"||e.isSha,{quote:o}=e;return r?`${o}${e.slug}@${n}${o} # ${t}`:`${o}${e.slug}@${t}${o}`},bn=async(e,n)=>{const{ignoreRules:t,options:s,references:r,resolverOptions:o}=n,i=[],a=[],d=[];if(r.length===0)return{failed:d,ignored:a,updates:i};const l=new rn({apiBase:o?.apiBase,fetch:o?.fetch,token:s.githubToken??o?.token}),c=new Map;for(const w of r){const k=`${w.owner}/${w.repo}`,v=c.get(k)??[];v.push(w),c.set(k,v)}const f=Math.max(1,s.maxConcurrentRequests),g=[...c.keys()];let m=0;const h=async w=>{const k=c.get(w)??[],[v,p]=w.split("/");if(!v||!p)return;let $;try{$=await l.listTags(v,p)}catch{for(const u of k)d.push({file:u.file,reason:`failed to list tags for ${w}`});return}for(const u of k){const A=u.slug;let y;if(u.ignoreReason?y=u.ignoreReason:Ce(A,s.exclude)?y="matched --exclude":s.include.length>0&&!Ce(A,s.include)?y="not matched by --include":s.respectDependabotConfig&&t&&me(A,"actions",t)&&(y="ignored by dependabot/renovate config"),y){a.push({currentRef:u.ref,currentVersion:u.isSha?u.trailingComment?.replace(/^#\s*/,""):u.ref,ecosystem:"actions",file:u.file,ignored:!0,line:u.line,name:A,newRef:u.ref,newVersion:void 0,original:u.original,reason:y,replacement:u.original,updateType:"unknown"});continue}if(!s.includeBranches&&!u.isSha&&kn(u.ref)){a.push({currentRef:u.ref,currentVersion:u.ref,ecosystem:"actions",file:u.file,ignored:!0,line:u.line,name:A,newRef:u.ref,newVersion:void 0,original:u.original,reason:"branch reference (use --include-branches)",replacement:u.original,updateType:"unknown"});continue}const T=u.isSha?u.trailingComment?.replace(/^#\s*/,"").split(/\s+/)[0]??"":u.ref,R=H(T);if(u.isSha&&!R&&s.mode!=="latest"){a.push({currentRef:u.ref,currentVersion:void 0,ecosystem:"actions",file:u.file,ignored:!0,line:u.line,name:A,newRef:u.ref,newVersion:void 0,original:u.original,reason:`SHA pin has no version-hint comment; cannot apply --target=${s.mode}`,replacement:u.original,updateType:"unknown"});continue}const C=he($.parsed,R,s.mode);if(!C)continue;if(s.minAgeDays!==void 0){const j=await l.resolveRef(v,p,C.sha),L=j?.committedAt?new Date(j.committedAt).getTime():void 0;if(L&&(Date.now()-L)/yn<s.minAgeDays){a.push({currentRef:u.ref,currentVersion:R?.raw,ecosystem:"actions",file:u.file,ignored:!0,line:u.line,name:A,newRef:u.ref,newVersion:C.raw,original:u.original,reason:`release younger than ${String(s.minAgeDays)} days`,replacement:u.original,updateType:"unknown"});continue}}const E=s.style==="sha"||u.isSha?C.sha:C.raw,U=vn(u,C.sha,C.raw,s.style);i.push({currentRef:u.ref,currentVersion:R?.raw??u.trailingComment?.replace(/^#\s*/,""),ecosystem:"actions",file:u.file,line:u.line,name:A,newRef:E,newVersion:C.raw,original:u.original,replacement:U,updateType:$e(R,C),url:`https://github.com/${v}/${p}/releases/tag/${C.raw}`})}},x=[];for(let w=0;w<Math.min(f,g.length);w++)x.push((async()=>{for(;m<g.length;){const k=g[m];m+=1,k!==void 0&&await h(k)}})());await Promise.all(x);const b=on(e,i);return{failed:d,ignored:a,updates:b}},Rn=e=>e.toSorted((n,t)=>n.file!==t.file?n.file<t.file?-1:1:n.line-t.line),xn=e=>{const n=[],t=[];if(e.length===0)return{applied:n,skipped:t};const s=Rn(e),r=new Map;for(const o of s){const i=r.get(o.file)??[];i.push(o),r.set(o.file,i)}for(const[o,i]of r){let a;try{a=K(o)}catch(g){for(const m of i)t.push({reason:`read failed: ${g.message}`,update:m});continue}const d=a.includes(`\r
|
|
1
|
+
import{createRequire as ct}from"node:module";import{I as We,s as O,E as P,q as Le,V as G,j as ut}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{m as V,f as U,v as K,I as J,A as dt,T as pt}from"../packem_shared/index-BDmTbWX1.js";import"smol-toml";import{P as ft,ba as gt,bb as mt,bc as ht,bd as $t,u as Re,b0 as yt,r as ae,l as de,j as kt,R as wt,c as vt,V as bt,be as Rt,bf as He,$ as xe,d as M,h as pe,m as L,H as Fe,bg as xt,F as q,B as At,bh as St,bi as Et,o as Ct,G as Tt}from"./bin.js";import{E as jt}from"../packem_shared/public-api-WqUCiyIe.js";import{K as Dt,Z as Ot,W as Ae}from"../packem_shared/ai-analysis-BUeX2J2H.js";import{v as Ut,I as Bt,s as ze}from"../packem_shared/pm-runner-OGResYrA.js";import{r as Vt,a as _t,p as Mt}from"../packem_shared/resolve-explicit-CMDl55Nz.js";import{S as Pt}from"../packem_shared/min-release-age-D1alDE3K.js";import{r as qt,s as Wt}from"../packem_shared/typosquats-DN78xx1x.js";import{U as Lt,b as Ht,u as Se}from"../packem_shared/vis-update-app-k3fDxech.js";import{h as Ge,P as Ke}from"../packem_shared/peer-warnings-BXAzXqY3.js";import{f as Je}from"../packem_shared/utils-Cxree603.js";import{s as ee}from"../packem_shared/index-CgcF6_wo.js";import{r as Ft,q as zt}from"../packem_shared/advisories-DLeO5KMN.js";const lt=ct(import.meta.url),Z=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,Pe=e=>{if(typeof Z<"u"&&Z.versions&&Z.versions.node){const[t,n]=Z.versions.node.split(".").map(Number);if(t>22||t===22&&n>=3||t===20&&n>=16)return Z.getBuiltinModule(e)}return lt(e)},{createInterface:qe}=Pe("node:readline"),{existsSync:It,realpathSync:Nt}=Pe("node:fs"),Gt=e=>{const t=[];for(const n of e.filters)t.push("--filter",n);return e.workspaceRoot&&t.push("--filter","."),t.push("update"),e.latest&&t.push("--latest"),e.recursive&&t.push("--recursive"),e.interactive&&t.push("--interactive"),e.dev&&t.push("--dev"),e.prod&&t.push("--prod"),e.noOptional&&t.push("--no-optional"),e.noSave&&t.push("--no-save"),t.push(...e.packages),{args:t,bin:"pnpm"}},Kt=e=>{const t=[];return e.filters.length>0&&t.push("workspace",e.filters[0]),t.push("upgrade"),e.latest&&t.push("--latest"),t.push(...e.packages),{args:t,bin:"yarn"}},Jt=e=>{const t=[];if(e.filters.length>0||e.recursive){t.push("workspaces","foreach","--all");for(const n of e.filters)t.push("--include",n)}return t.push("up"),e.interactive&&t.push("--interactive"),t.push(...e.packages),{args:t,bin:"yarn"}},Yt=(e,t)=>{const n=["update"];e.latest&&t.push("npm does not support --latest flag. Packages will be updated within their semver range."),e.interactive&&t.push("npm does not support --interactive mode.");for(const s of e.filters)n.push("--workspace",s);return e.recursive&&n.push("--workspaces"),e.workspaceRoot&&n.push("--include-workspace-root"),e.dev&&n.push("--dev"),e.prod&&n.push("--production"),e.noOptional&&n.push("--no-optional"),e.noSave&&n.push("--no-save"),n.push(...e.packages),{args:n,bin:"npm"}},Xt=e=>{const t=["update"];e.latest&&t.push("--latest");for(const n of e.filters)t.push("--filter",n);return t.push(...e.packages),{args:t,bin:"bun"}},Zt=(e,t)=>{const n=["outdated","--update"];return e.latest&&n.push("--latest"),e.interactive&&n.push("--interactive"),e.filters.length>0&&t.push("deno outdated has no --filter flag; ignoring."),(e.dev||e.prod)&&t.push("deno outdated has no --dev / --prod flags; dev/prod is governed by deno.json."),e.noOptional&&t.push("deno outdated has no --no-optional flag; ignoring."),e.noSave&&t.push("deno outdated has no --no-save flag; ignoring."),n.push(...e.packages),{args:n,bin:"deno"}},Qt=(e,t,n)=>{const s=[];if(n.global&&e!=="aube"&&e!=="deno")return{command:{args:["update","--global",...n.packages],bin:"npm"},warnings:s};let r;switch(e){case"aube":{const o=Ut(n);r={args:o.args,bin:o.bin},s.push(...o.warnings);break}case"bun":{r=Xt(n);break}case"deno":{r=Zt(n,s);break}case"npm":{r=Yt(n,s);break}case"pnpm":{r=Gt(n);break}case"yarn":{r=t.startsWith("1.")?Kt(n):Jt(n);break}default:{const o=e;throw new Error(`Unsupported package manager: ${String(o)}`)}}return{command:r,warnings:s}},Ye=e=>{const t=e.indexOf("@");return t<=0?e:e.slice(0,t)},en=e=>{switch(e){case"docker":case"docker-compose":return"docker";case"github-actions":return"actions";case"gitlab-ci":return"gitlab";default:return}},tn=(e,t)=>{const n=[".github/dependabot.yml",".github/dependabot.yaml"];for(const s of n){const r=V(e,s);if(!U(r))continue;let o;try{o=jt(K(r))}catch{continue}if(o?.updates){for(const i of o.updates){const a=en(i["package-ecosystem"]);if(!(!a||!Array.isArray(i.ignore)))for(const d of i.ignore){const c=d["dependency-name"];typeof c=="string"&&c.length>0&&t[a].add(Ye(c))}}return}}},nn=Object.freeze({"docker-compose":"docker",dockerfile:"docker","github-actions":"actions",gitlabci:"gitlab","gitlabci-include":"gitlab"}),sn=Object.freeze({docker:"docker","github-tags":"actions"}),fe=(e,t)=>{if(t)for(const n of t)typeof n=="string"&&n.length>0&&e.add(Ye(n))},on=e=>{let t="",n=0;const{length:s}=e;let r=!1,o="";for(;n<s;){const i=e[n]??"";if(r){if(t+=i,i==="\\"&&n+1<s){t+=e[n+1]??"",n+=2;continue}i===o&&(r=!1),n+=1;continue}if(i==='"'||i==="'"){r=!0,o=i,t+=i,n+=1;continue}if(i==="/"&&e[n+1]==="/"){for(;n<s&&e[n]!==`
|
|
2
|
+
`;)n+=1;continue}if(i==="/"&&e[n+1]==="*"){for(n+=2;n<s&&!(e[n]==="*"&&e[n+1]==="/");)n+=1;n+=2;continue}if(i===","){let a=n+1;for(;a<s&&/\s/.test(e[a]??"");)a+=1;const d=e[a];if(d==="}"||d==="]"){n+=1;continue}}t+=i,n+=1}return t},rn=(e,t)=>{const n=["renovate.json","renovate.json5",".renovaterc",".renovaterc.json"];for(const s of n){const r=V(e,s);if(!U(r))continue;let o;try{const a=K(r);o=JSON.parse(on(a))}catch{continue}if(!o)continue;if(Array.isArray(o.ignoreDeps))for(const a of["actions","docker","gitlab"])fe(t[a],o.ignoreDeps);const i=[["github-actions","actions"],["dockerfile","docker"],["docker-compose","docker"],["gitlabci","gitlab"],["gitlabci-include","gitlab"]];for(const[a,d]of i){const c=o[a];fe(t[d],c?.ignoreDeps)}if(!Array.isArray(o.packageRules))return;for(const a of o.packageRules){if(a.enabled!==!1)continue;const d=new Set;for(const u of a.matchManagers??[]){const f=nn[u];f&&d.add(f)}for(const u of a.matchDatasources??[]){const f=sn[u];f&&d.add(f)}d.size===0&&(d.add("actions"),d.add("docker"),d.add("gitlab"));const c=[...a.matchPackageNames??[],...a.matchDepNames??[],...a.matchPackagePatterns??[]];for(const u of d)fe(t[u],c)}return}},an=e=>{const t={actions:new Set,docker:new Set,gitlab:new Set};return tn(e,t),rn(e,t),t},he=(e,t,n)=>{const s=n[t];if(s.size===0)return!1;if(s.has(e))return!0;for(const r of s)if(/[*?[\]/.+]/.test(r))try{const o=r.replaceAll(/[.+^${}()|]/g,String.raw`\$&`).replaceAll("*",".*").replaceAll("?",".");if(new RegExp(`^${o}$`).test(e))return!0}catch{}return!1},H=e=>{const t=e.trim();if(t==="")return;const n=t.startsWith("v")||t.startsWith("V")?t.slice(1):t,s=(ee.valid(n)?ee.parse(n):void 0)??ee.coerce(n,{includePrerelease:!0});if(s)return{major:s.major,minor:s.minor,normalized:`${String(s.major)}.${String(s.minor)}.${String(s.patch)}${s.prerelease.length>0?`-${s.prerelease.join(".")}`:""}`,patch:s.patch,prerelease:s.prerelease.length>0,raw:t}},cn=(e,t)=>ee.rcompare(e.normalized,t.normalized),$e=(e,t,n,s)=>{if(!t&&n!=="latest")return;const r=e.filter(o=>o.prerelease?!1:t?n==="patch"&&(o.major!==t.major||o.minor!==t.minor)||n==="minor"&&o.major!==t.major?!1:ee.gt(o.normalized,t.normalized):!0);if(r.length!==0)return r.toSorted(cn)[0]},ye=(e,t)=>!e||!t?"unknown":t.major!==e.major?"major":t.minor!==e.minor?"minor":t.patch!==e.patch?"patch":"unknown",ln="GitHub Actions",Ee=(e,t)=>`${e}@${t}`,un=e=>({fixedVersions:e.fixedVersions,id:e.id,severity:e.severity,summary:e.summary}),dn=(e,t)=>{if(t.length===0)return t;const n=Ft(e);if(!It(n))return t;const s=new Map;for(const o of t){const i=o.currentVersion??o.currentRef;i&&s.set(Ee(o.name,i),{name:o.name,version:i})}if(s.size===0)return t;const r=new Map;try{for(const[o,i]of s){const a=zt([i],{ecosystem:ln,workspaceRoot:e}).get(i.name);a&&a.length>0&&r.set(o,a)}}catch{return t}return r.size===0?t:t.map(o=>{const i=o.currentVersion??o.currentRef;if(!i)return o;const a=r.get(Ee(o.name,i));return a?{...o,advisories:a.map(d=>un(d))}:o})},Xe=e=>{if(!e)return{};const t={};for(const n of e.split(",")){const s=/^\s*<([^>]+)>\s*;\s*(.+)$/.exec(n);if(!s)continue;const r=s[1]??"",o=s[2]??"";switch(/rel\s*=\s*"?([^";\s]+)"?/i.exec(o)?.[1]?.toLowerCase()){case"first":{t.first=r;break}case"last":{t.last=r;break}case"next":{t.next=r;break}case"prev":case"previous":{t.previous=r;break}}}return t};class pn{token;apiBase;fetchImpl;tagsCache=new Map;commitCache=new Map;constructor(t){this.token=t.token??process.env.GITHUB_TOKEN??process.env.GH_TOKEN,this.apiBase=t.apiBase??"https://api.github.com",this.fetchImpl=t.fetch??fetch}async listTags(t,n){const s=`${t}/${n}`,r=this.tagsCache.get(s);if(r)return r;const o=this.fetchTags(t,n);return this.tagsCache.set(s,o),o}async resolveRef(t,n,s){const r=`${t}/${n}@${s}`,o=this.commitCache.get(r);if(o)return o;const i=this.fetchCommit(t,n,s);return this.commitCache.set(r,i),i}buildHeaders(){const t={Accept:"application/vnd.github+json","User-Agent":"vis-update-actions","X-GitHub-Api-Version":"2022-11-28"};return this.token&&(t.Authorization=`Bearer ${this.token}`),t}async fetchTags(t,n){const s=`${this.apiBase}/repos/${encodeURIComponent(t)}/${encodeURIComponent(n)}/tags?per_page=100`,r={parsed:[],tags:[]},o=[];let i=s,a=0;for(;i&&a<5;){const c=i;let u;try{u=await this.fetchImpl(c,{headers:this.buildHeaders()})}catch{return r}if(!u.ok)return r;let f;try{f=await u.json()}catch{return r}if(!Array.isArray(f))return r;for(const g of f){const m=typeof g.name=="string"?g.name:"",h=typeof g.commit?.sha=="string"?g.commit.sha:"";m!==""&&h!==""&&o.push({name:m,sha:h})}i=Xe(u.headers.get("link")).next,a+=1}const d=[];for(const c of o){const u=H(c.name);u&&d.push({...u,sha:c.sha})}return{parsed:d,tags:o}}async fetchCommit(t,n,s){const r=`${this.apiBase}/repos/${encodeURIComponent(t)}/${encodeURIComponent(n)}/commits/${encodeURIComponent(s)}`;try{const o=await this.fetchImpl(r,{headers:this.buildHeaders()});if(!o.ok)return;const i=await o.json();return typeof i.sha!="string"?void 0:{committedAt:i.commit?.committer?.date,sha:i.sha}}catch{return}}}const fn=".github/workflows",gn=".github/actions",mn=/^\s*-?\s*uses:\s*(['"]?)([^'"\s#]+)\1(?:\s*#\s*(.+))?\s*$/,hn=/^[a-f0-9]{40}$/i,$n=/actions-up-ignore-next-line(?::\s*(.+))?/i,yn=/actions-up-ignore-start/i,kn=/actions-up-ignore-end/i,wn=e=>{const t=e.split("/");if(t.length<2)return;const[n,s,...r]=t;if(!(!n||!s))return{owner:n,repo:s,subpath:r.length>0?r.join("/"):void 0}},vn=(e,t)=>{const n=t.split(/\r?\n/),s=[];let r,o=!1;for(const[i,a]of n.entries()){const d=a??"";if(yn.test(d)&&(o=!0),kn.test(d)){o=!1;continue}const c=d.trim(),u=c===""||c.startsWith("#")?$n.exec(d):void 0;if(u){r=u[1]??"actions-up-ignore-next-line";continue}const f=mn.exec(d);if(!f){r=void 0;continue}const g=f[1]??"",m=g==="'"||g==='"'?g:"",h=f[2]??"",v=f[3]?.trim();if(h.startsWith("./")||h.startsWith("../")||h.startsWith("docker://")){r=void 0;continue}const x=h.lastIndexOf("@");if(x<=0){r=void 0;continue}const $=h.slice(0,x),A=h.slice(x+1),y=wn($);if(!y){r=void 0;continue}let p=r??(o?"actions-up-ignore-block":void 0);if(v){const k=/^actions-up-ignore(?:-next-line)?(?::\s*(.+))?(?:\s|$)/i.exec(v);k&&(p=p??k[1]??"actions-up-ignore")}r=void 0,s.push({file:e,ignoreReason:p,isSha:hn.test(A),line:i+1,original:`${m}${h}${m}`,owner:y.owner,quote:m,ref:A,repo:y.repo,slug:$,subpath:y.subpath,trailingComment:v&&!p?v:void 0})}return s},Ce=e=>e.endsWith(".yml")||e.endsWith(".yaml"),bn=(e,t=[])=>{const n=[],s=new Set,r=a=>{if(s.has(a))return;s.add(a);let d;try{d=K(a)}catch{return}const c=vn(a,d);n.push(...c)},o=V(e,fn);if(U(o))for(const a of J(o,{includeDirs:!1,includeSymlinks:!1,maxDepth:1}))Ce(a.name)&&r(a.path);const i=V(e,gn);if(U(i))for(const a of J(i,{includeDirs:!1,includeSymlinks:!1,maxDepth:3}))(a.name==="action.yml"||a.name==="action.yaml")&&r(a.path);for(const a of["action.yml","action.yaml"]){const d=V(e,a);U(d)&&r(d)}for(const a of t){const d=dt(a)?a:V(e,a);if(U(d))for(const c of J(d,{includeDirs:!1,includeSymlinks:!1}))Ce(c.name)&&r(c.path)}return n},Rn=40,xn=1440*60*1e3,An=new Set(["develop","edge","main","master","stable","trunk"]),Sn=e=>e.length===Rn&&/^[a-f0-9]{40}$/i.test(e)?!1:An.has(e.toLowerCase())?!0:H(e)===void 0,Te=(e,t)=>{for(const n of t)try{if(new RegExp(n).test(e))return!0}catch{if(e.includes(n))return!0}return!1},En=(e,t,n,s)=>{const r=s==="sha"||e.isSha,{quote:o}=e;return r?`${o}${e.slug}@${t}${o} # ${n}`:`${o}${e.slug}@${n}${o}`},Cn=async(e,t)=>{const{ignoreRules:n,options:s,references:r,resolverOptions:o}=t,i=[],a=[],d=[];if(r.length===0)return{failed:d,ignored:a,updates:i};const c=new pn({apiBase:o?.apiBase,fetch:o?.fetch,token:s.githubToken??o?.token}),u=new Map;for(const $ of r){const A=`${$.owner}/${$.repo}`,y=u.get(A)??[];y.push($),u.set(A,y)}const f=Math.max(1,s.maxConcurrentRequests),g=[...u.keys()];let m=0;const h=async $=>{const A=u.get($)??[],[y,p]=$.split("/");if(!y||!p)return;let k;try{k=await c.listTags(y,p)}catch{for(const l of A)d.push({file:l.file,reason:`failed to list tags for ${$}`});return}for(const l of A){const S=l.slug;let w;if(l.ignoreReason?w=l.ignoreReason:Te(S,s.exclude)?w="matched --exclude":s.include.length>0&&!Te(S,s.include)?w="not matched by --include":s.respectDependabotConfig&&n&&he(S,"actions",n)&&(w="ignored by dependabot/renovate config"),w){a.push({currentRef:l.ref,currentVersion:l.isSha?l.trailingComment?.replace(/^#\s*/,""):l.ref,ecosystem:"actions",file:l.file,ignored:!0,line:l.line,name:S,newRef:l.ref,newVersion:void 0,original:l.original,reason:w,replacement:l.original,updateType:"unknown"});continue}if(!s.includeBranches&&!l.isSha&&Sn(l.ref)){a.push({currentRef:l.ref,currentVersion:l.ref,ecosystem:"actions",file:l.file,ignored:!0,line:l.line,name:S,newRef:l.ref,newVersion:void 0,original:l.original,reason:"branch reference (use --include-branches)",replacement:l.original,updateType:"unknown"});continue}const E=l.isSha?l.trailingComment?.replace(/^#\s*/,"").split(/\s+/)[0]??"":l.ref,C=H(E);if(l.isSha&&!C&&s.mode!=="latest"){a.push({currentRef:l.ref,currentVersion:void 0,ecosystem:"actions",file:l.file,ignored:!0,line:l.line,name:S,newRef:l.ref,newVersion:void 0,original:l.original,reason:`SHA pin has no version-hint comment; cannot apply --target=${s.mode}`,replacement:l.original,updateType:"unknown"});continue}const b=$e(k.parsed,C,s.mode);if(!b)continue;if(s.minAgeDays!==void 0){const _=await c.resolveRef(y,p,b.sha),D=_?.committedAt?new Date(_.committedAt).getTime():void 0;if(D&&(Date.now()-D)/xn<s.minAgeDays){a.push({currentRef:l.ref,currentVersion:C?.raw,ecosystem:"actions",file:l.file,ignored:!0,line:l.line,name:S,newRef:l.ref,newVersion:b.raw,original:l.original,reason:`release younger than ${String(s.minAgeDays)} days`,replacement:l.original,updateType:"unknown"});continue}}const T=s.style==="sha"||l.isSha?b.sha:b.raw,N=En(l,b.sha,b.raw,s.style);i.push({currentRef:l.ref,currentVersion:C?.raw??l.trailingComment?.replace(/^#\s*/,""),ecosystem:"actions",file:l.file,line:l.line,name:S,newRef:T,newVersion:b.raw,original:l.original,replacement:N,updateType:ye(C,b),url:`https://github.com/${y}/${p}/releases/tag/${b.raw}`})}},v=[];for(let $=0;$<Math.min(f,g.length);$++)v.push((async()=>{for(;m<g.length;){const A=g[m];m+=1,A!==void 0&&await h(A)}})());await Promise.all(v);const x=dn(e,i);return{failed:d,ignored:a,updates:x}},Tn=e=>e.toSorted((t,n)=>t.file!==n.file?t.file<n.file?-1:1:t.line-n.line),jn=e=>{const t=[],n=[];if(e.length===0)return{applied:t,skipped:n};const s=Tn(e),r=new Map;for(const o of s){const i=r.get(o.file)??[];i.push(o),r.set(o.file,i)}for(const[o,i]of r){let a;try{a=K(o)}catch(g){for(const m of i)n.push({reason:`read failed: ${g.message}`,update:m});continue}const d=a.includes(`\r
|
|
3
3
|
`)?`\r
|
|
4
4
|
`:`
|
|
5
|
-
`,l=a.split(/\r?\n/),c=[];for(const g of i){const m=g.line-1,h=l[m];if(h===void 0){t.push({reason:`line ${String(g.line)} out of range`,update:g});continue}const x=h.indexOf(g.original);if(x===-1){t.push({reason:"original token not found on expected line",update:g});continue}const b=h.slice(0,x),w=h.slice(x+g.original.length),k=/#\s*v?\d/.test(g.replacement)&&/^\s*#\s*v?\d[\w.+-]*\s*$/i.test(w)?"":w;l[m]=`${b}${g.replacement}${k}`,c.push(g)}if(c.length===0)continue;const f=l.join(d);try{it(o,f),n.push(...c)}catch(g){for(const m of c)t.push({reason:`write failed: ${g.message}`,update:m})}}return{applied:n,skipped:t}};class An{tokens;fetchImpl;tagCache=new Map;constructor(n={}){this.tokens=n.tokens??{},this.fetchImpl=n.fetch??fetch}async listTags(n,t,s){const r=`${n}/${t}/${s}`,o=this.tagCache.get(r);if(o)return o;const i=n==="docker.io"?this.listDockerHubTags(t,s):this.listV2Tags(n,t,s);return this.tagCache.set(r,i),i}async listDockerHubTags(n,t){const s={parsed:[],raw:[]},r=[],o=new Map;let i=`https://hub.docker.com/v2/repositories/${encodeURIComponent(n)}/${encodeURIComponent(t)}/tags?page_size=100`,a=0;for(;i&&a<5;){try{const d=await this.fetchImpl(i,{headers:{Accept:"application/json"}});if(!d.ok)break;const l=await d.json();if(Array.isArray(l.results)){for(const c of l.results)if(typeof c.name=="string"&&(r.push(c.name),typeof c.last_updated=="string")){const f=Date.parse(c.last_updated);Number.isNaN(f)||o.set(c.name,f)}}i=typeof l.next=="string"?l.next:void 0}catch{break}a+=1}return r.length===0?s:{parsed:r.map(d=>{const l=H(d);if(l)return{...l,lastUpdated:o.get(d)}}).filter(d=>d!==void 0),raw:r}}async listV2Tags(n,t,s){const r={parsed:[],raw:[]},o=t==="library"?s:`${t}/${s}`,i={Accept:"application/json"},a=this.tokens[n]??process.env[`DOCKER_REGISTRY_TOKEN_${n.toUpperCase().replaceAll(/[^A-Z0-9]/g,"_")}`];a&&(i.Authorization=`Bearer ${a}`);const d=`https://${n}`,l=[];let c=`${d}/v2/${o}/tags/list?n=100`,f=i,g=0;const m=()=>{const h=[];for(const x of l){const b=H(x);b&&h.push({...b,lastUpdated:void 0})}return{parsed:h,raw:l}};for(;c&&g<5;){try{let h=await this.fetchImpl(c,{headers:f});if(h.status===401&&f===i){const w=Cn(h.headers.get("www-authenticate"));if(w){const k=await this.fetchBearerToken(w);k&&(f={...i,Authorization:`Bearer ${k}`},h=await this.fetchImpl(c,{headers:f}))}}if(!h.ok)return g===0?r:m();const x=await h.json();if(!Array.isArray(x.tags))return g===0?r:m();for(const w of x.tags)typeof w=="string"&&l.push(w);const b=Ke(h.headers.get("link"));c=b.next?new URL(b.next,d).toString():void 0}catch{return g===0?r:m()}g+=1}return l.length===0?r:m()}async fetchBearerToken(n){const t=new URLSearchParams({scope:n.scope,service:n.service}),s=`${n.realm}?${t.toString()}`;try{const r=await this.fetchImpl(s,{headers:{Accept:"application/json"}});if(!r.ok)return;const o=await r.json();return o.token??o.access_token}catch{return}}}const Sn=e=>{const n=[];let t=0;const{length:s}=e;for(;t<s;){for(;t<s&&/\s/.test(e[t]??"");)t+=1;const r=t;for(;t<s&&e[t]!=="="&&e[t]!==",";)t+=1;const o=e.slice(r,t).trim();if(e[t]!=="="){for(;t<s&&e[t]!==",";)t+=1;t+=1;continue}t+=1;let i="";if(e[t]==='"'){for(t+=1;t<s&&e[t]!=='"';){if(e[t]==="\\"&&t+1<s){i+=e[t+1]??"",t+=2;continue}i+=e[t]??"",t+=1}t+=1}else{for(;t<s&&e[t]!==",";)i+=e[t]??"",t+=1;i=i.trim()}for(o.length>0&&n.push({key:o,value:i});t<s&&(/\s/.test(e[t]??"")||e[t]===",");)t+=1}return n},Cn=e=>{if(!e)return;const n=/^Bearer\s+(.*)$/i.exec(e);if(!n)return;const t=new Map;for(const{key:o,value:i}of Sn(n[1]??""))t.set(o.toLowerCase(),i);const s=t.get("realm"),r=t.get("service");if(s)return{realm:s,scope:t.get("scope")??"",service:r??""}},En="docker.io",Tn="sha256:",oe=e=>{const n=e.trim();if(n===""||n.startsWith("$")||n.includes("${")||n.includes("$("))return;let t=n,s;const r=t.indexOf(`@${Tn}`);r!==-1&&(s=t.slice(r+1),t=t.slice(0,r));let o=En,i=t;const a=t.indexOf("/");if(a>0){const h=t.slice(0,a);(h==="localhost"||h.includes(".")||h.includes(":"))&&(o=h,i=t.slice(a+1))}let d="latest",l=i;const c=i.lastIndexOf(":");c!==-1&&!i.slice(c).includes("/")&&(d=i.slice(c+1),l=i.slice(0,c));let f="library",g=l;const m=l.indexOf("/");if(m!==-1&&(f=l.slice(0,m),g=l.slice(m+1)),g!=="")return{digest:s,name:g,namespace:f,original:n,registry:o,tag:d}},re=/vis-update-ignore-next-line/i,Je=/vis-update-ignore(?:\s|$|:)/i,Ye=e=>{const n=e.trim();return n===""||n.startsWith("#")},jn=/^\s*FROM\s+(?:--\S+\s+)*([^\s#]+)(?:\s[^#]*)?(#.*)?$/i,In=(e,n)=>{const t=n.split(/\r?\n/),s=[];let r=!1;for(const[o,i]of t.entries()){if(re.test(i)&&Ye(i)){r=!0;continue}const a=jn.exec(i);if(!a){i.trim()!==""&&!i.trim().startsWith("#")&&(r=!1);continue}const d=a[1]??"";if(d==="scratch"){r=!1;continue}const l=a[2]?.trim();let c=r?"vis-update-ignore-next-line":void 0;l&&re.test(l)?c=c??"vis-update-ignore-next-line":l&&Je.test(l)&&(c=c??"vis-update-ignore");const f=oe(d);r=!1,f&&s.push({...f,file:e,ignoreReason:c,kind:"dockerfile",line:o+1})}return s},Nn=/^\s*image:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,Dn=(e,n)=>{const t=n.split(/\r?\n/),s=[];let r=!1;for(const[o,i]of t.entries()){if(re.test(i)&&Ye(i)){r=!0;continue}const a=Nn.exec(i);if(!a){i.trim()!==""&&!i.trim().startsWith("#")&&(r=!1);continue}const d=a[2]??"",l=a[3]?.trim();let c=r?"vis-update-ignore-next-line":void 0;l&&re.test(l)?c=c??"vis-update-ignore-next-line":l&&Je.test(l)&&(c=c??"vis-update-ignore");const f=oe(d);r=!1,f&&s.push({...f,file:e,ignoreReason:c,kind:"compose",line:o+1})}return s},Ee=e=>{const n=e.toLowerCase();return n==="dockerfile"||n.startsWith("dockerfile.")?!0:n.endsWith(".dockerfile")},On=e=>{const n=e.toLowerCase();return/^(?:docker-)?compose(?:\..+)?\.ya?ml$/.test(n)},Un=new Set([".cache",".git",".nx",".pnpm-store",".turbo","build","dist","node_modules"]),Vn=/(?:^|\/)(?:\.git|node_modules|\.pnpm-store|\.turbo|\.nx|dist|build|\.cache)(?:\/|$)/,Bn=e=>{const n=[];if(!O(e))return n;const t=new Set,s=(r,o)=>{let i;try{i=St.native(r)}catch{i=r}if(t.has(i))return;t.add(i);let a;try{a=K(r)}catch{return}n.push(...o==="dockerfile"?In(r,a):Dn(r,a))};for(const r of J(e,{includeDirs:!1,includeSymlinks:!1,skip:[Vn]})){const{name:o}=r;Un.has(o)||(Ee(o)?s(r.path,"dockerfile"):On(o)&&s(r.path,"compose"))}for(const r of["Dockerfile","dockerfile","compose.yml","compose.yaml","docker-compose.yml","docker-compose.yaml"]){const o=B(e,r);O(o)&&s(o,Ee(r)?"dockerfile":"compose")}return n},_n=864e5,Te=(e,n)=>{for(const t of n)try{if(new RegExp(t).test(e))return!0}catch{if(e.includes(t))return!0}return!1},je=e=>{const n=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return e.registry==="docker.io"?n:`${e.registry}/${n}`},Mn=e=>e.digest!==void 0&&e.digest.length>0,Pn=e=>{if(e.registry==="docker.io")return`https://hub.docker.com/${e.namespace==="library"?`_/${e.name}`:`r/${e.namespace}/${e.name}`}/tags`;const n=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return`https://${e.registry}/${n}`},qn=(e,n)=>{const t=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return`${e.registry==="docker.io"?t:`${e.registry}/${t}`}:${n}`},Ze=async(e,n)=>{const{ignoreRules:t,options:s,references:r,registryOptions:o}=n,i=[],a=[],d=[];if(r.length===0)return{failed:d,ignored:a,updates:i};const l=new An({fetch:o?.fetch,tokens:o?.tokens}),c=new Map;for(const b of r){const w=`${b.registry}|${b.namespace}|${b.name}`,k=c.get(w)??[];k.push(b),c.set(w,k)}const f=Math.max(1,s.maxConcurrentRequests),g=[...c.keys()];let m=0;const h=async b=>{const w=c.get(b)??[],k=w[0];if(!k)return;let v;try{v=await l.listTags(k.registry,k.namespace,k.name)}catch{for(const p of w)d.push({file:p.file,reason:`failed to list tags for ${je(p)}`});return}for(const p of w){const $=je(p);let u;if(p.ignoreReason?u=p.ignoreReason:Te($,s.exclude)?u="matched --exclude":s.include.length>0&&!Te($,s.include)?u="not matched by --include":s.respectDependabotConfig&&t&&me($,"docker",t)&&(u="ignored by dependabot/renovate config"),u){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:$,newRef:p.tag,newVersion:void 0,original:p.original,reason:u,replacement:p.original,updateType:"unknown"});continue}if(Mn(p)){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:$,newRef:p.tag,newVersion:void 0,original:p.original,reason:"digest-pinned image (refresh the pin manually to update)",replacement:p.original,updateType:"digest"});continue}const A=H(p.tag);if(!A&&!s.includeBranches){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:$,newRef:p.tag,newVersion:void 0,original:p.original,reason:"non-semver tag (use --include-branches)",replacement:p.original,updateType:"unknown"});continue}if(!A&&s.mode!=="latest"){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:$,newRef:p.tag,newVersion:void 0,original:p.original,reason:`branch ref has no version baseline for --target=${s.mode}`,replacement:p.original,updateType:"unknown"});continue}const y=he(v.parsed,A,s.mode);if(!y)continue;if(s.minAgeDays!==void 0&&y.lastUpdated!==void 0&&(Date.now()-y.lastUpdated)/_n<s.minAgeDays){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:$,newRef:y.raw,newVersion:y.raw,original:p.original,reason:`release younger than ${String(s.minAgeDays)} days`,replacement:p.original,updateType:"unknown"});continue}const T=y.raw,R=qn(p,T);i.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,line:p.line,name:$,newRef:T,newVersion:T,original:p.original,replacement:R,updateType:$e(A,y),url:Pn(p)})}},x=[];for(let b=0;b<Math.min(f,g.length);b++)x.push((async()=>{for(;m<g.length;){const w=g[m];m+=1,w!==void 0&&await h(w)}})());return await Promise.all(x),{failed:d,ignored:a,updates:i}};class Wn{token;tokenHeader;defaultApiBase;fetchImpl;tagCache=new Map;constructor(n){const t=n.token??process.env.GITLAB_TOKEN;t?(this.token=t,this.tokenHeader="PRIVATE-TOKEN"):process.env.CI_JOB_TOKEN?(this.token=process.env.CI_JOB_TOKEN,this.tokenHeader="JOB-TOKEN"):(this.token=void 0,this.tokenHeader="PRIVATE-TOKEN"),this.defaultApiBase=n.apiBase??"https://gitlab.com",this.fetchImpl=n.fetch??fetch}async listTags(n){const t=this.tagCache.get(n);if(t)return t;const s=this.fetchTags(n);return this.tagCache.set(n,s),s}resolveHostAndPath(n){const t=n.indexOf("/");if(t>0){const s=n.slice(0,t);if(s.includes("."))return{host:`https://${s}`,path:n.slice(t+1)}}return{host:this.defaultApiBase,path:n}}async fetchTags(n){const{host:t,path:s}=this.resolveHostAndPath(n),r=encodeURIComponent(s),o=`${t}/api/v4/projects/${r}/repository/tags?per_page=100`,i={Accept:"application/json","User-Agent":"vis-update-gitlab"};this.token&&(i[this.tokenHeader]=this.token);try{const a=await this.fetchImpl(o,{headers:i});if(!a.ok)return{error:`HTTP ${String(a.status)} from ${t}`,parsed:[],tags:[]};const d=await a.json();if(!Array.isArray(d))return{error:`unexpected response shape from ${t}`,parsed:[],tags:[]};const l=d.map(f=>({name:typeof f.name=="string"?f.name:"",sha:typeof f.commit?.id=="string"?f.commit.id:""})).filter(f=>f.name!==""),c=[];for(const f of l){const g=H(f.name);g&&c.push({...g,sha:f.sha})}return{parsed:c,tags:l}}catch(a){return{error:a instanceof Error?a.message:"fetch failed",parsed:[],tags:[]}}}}const Hn=/vis-update-ignore-next-line/i,Q=/vis-update-ignore(?:\s|$|:)/i,Ln=new Set([".gitlab-ci.yaml",".gitlab-ci.yml"]),Fn=e=>Ln.has(e)||e.endsWith(".gitlab-ci.yml")||e.endsWith(".gitlab-ci.yaml"),zn=/^\s*-?\s*project:\s*(['"]?)([^'"\s#]+)\1(?:\s*#.*)?$/,Gn=/^\s*ref:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,Kn=/^\s*-?\s*component:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,Jn=/^\s*image:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,Yn=/^\s*(?:-\s*)?(?:include:\s*)?\{([^}]*)\}\s*(?:#.*)?$/,Zn=/project:\s*(['"]?)([^'"\s,}]+)\1/,Xn=/ref:\s*(['"]?)([^'"\s,}]+)\1/,Qn=/component:\s*(['"]?)([^'"\s,}]+)\1/,es=/^(\s*-\s*name:\s*)(['"]?)([^'"\s#]+)\2(\s*#.*)?$/,ts=/^(\s*-\s*)(['"]?)([^'"\s#:]+:[^'"\s#]+)\2(\s*#.*)?$/,ns=/^\s*-?\s*[a-z_][\w-]*:\s*(?:#.*)?$/i,ss=(e,n)=>{const t=n.split(/\r?\n/),s=[],r=[];let o,i=!1,a=!1,d=-1;for(const[l,c]of t.entries()){const f=c??"",g=f.trim(),m=g===""||g.startsWith("#");if(Hn.test(f)&&m){i=!0;continue}const h=/^(\s*)services:\s*(?:#.*)?$/.exec(f);if(h){a=!0,d=h[1]?.length??0;continue}a&&g!==""&&!g.startsWith("-")&&!g.startsWith("#")&&f.search(/\S/)<=d&&(a=!1,d=-1);const x=Jn.exec(f);if(x){const p=x[2]??"",$=oe(p);if($){const u=x[3]?.trim();let A=i?"vis-update-ignore-next-line":void 0;u&&Q.test(u)&&(A=A??"vis-update-ignore"),r.push({...$,file:e,ignoreReason:A,kind:"compose",line:l+1})}i=!1;continue}if(a){const p=es.exec(f),$=p?void 0:ts.exec(f),u=p??$;if(u){const A=u[3]??"",y=oe(A);if(y){const T=u[4]?.trim();let R=i?"vis-update-ignore-next-line":void 0;T&&Q.test(T)&&(R=R??"vis-update-ignore"),r.push({...y,file:e,ignoreReason:R,kind:"compose",line:l+1})}}}const b=zn.exec(f);if(b){o={line:l+1,project:b[2]??""};continue}const w=Gn.exec(f);if(w&&o){const p=w[3]?.trim();let $=i?"vis-update-ignore-next-line":void 0;p&&Q.test(p)&&($=$??"vis-update-ignore"),s.push({file:e,ignoreReason:$,kind:"project",line:l+1,original:w[2]??"",project:o.project,ref:w[2]??""}),o=void 0,i=!1;continue}const k=Kn.exec(f);if(k){const p=k[2]??"",$=p.lastIndexOf("@");if($>0){const u=p.slice(0,$),A=p.slice($+1),y=u.lastIndexOf("/"),T=y>0?u.slice(0,y):u,R=y>0?u.slice(y+1):void 0,C=k[3]?.trim();let E=i?"vis-update-ignore-next-line":void 0;C&&Q.test(C)&&(E=E??"vis-update-ignore"),s.push({componentName:R,file:e,ignoreReason:E,kind:"component",line:l+1,original:p,project:T,ref:A})}i=!1;continue}const v=Yn.exec(f);if(v){const p=v[1]??"",$=/#(.*)$/.exec(f)?.[1]?.trim();let u=i?"vis-update-ignore-next-line":void 0;$&&Q.test($)&&(u=u??"vis-update-ignore");const A=Qn.exec(p);if(A){const y=A[2]??"",T=y.lastIndexOf("@");if(T>0){const R=y.slice(0,T),C=y.slice(T+1),E=R.lastIndexOf("/"),U=E>0?R.slice(0,E):R,j=E>0?R.slice(E+1):void 0;s.push({componentName:j,file:e,ignoreReason:u,kind:"component",line:l+1,original:y,project:U,ref:C})}}else{const y=Zn.exec(p),T=Xn.exec(p);y&&T&&s.push({file:e,ignoreReason:u,kind:"project",line:l+1,original:T[2]??"",project:y[2]??"",ref:T[2]??""})}i=!1;continue}g!==""&&!g.startsWith("#")&&!ns.test(f)&&(i=!1)}return{images:r,includes:s}},Ie=/^(?:\.git|node_modules|\.pnpm-store|\.turbo|\.nx|dist|build|\.cache)$/,os=e=>{const n=[],t=[];if(!O(e))return{images:t,includes:n};const s=o=>{let i;try{i=K(o)}catch{return}const{images:a,includes:d}=ss(o,i);n.push(...d),t.push(...a)};for(const o of[".gitlab-ci.yml",".gitlab-ci.yaml"]){const i=B(e,o);O(i)&&s(i)}const r=B(e,".gitlab");if(O(r))for(const o of J(r,{includeDirs:!1,includeSymlinks:!1,skip:[Ie]}))(o.name.endsWith(".yml")||o.name.endsWith(".yaml"))&&s(o.path);for(const o of J(e,{includeDirs:!1,includeSymlinks:!1,maxDepth:2,skip:[Ie]}))Fn(o.name)&&!t.some(i=>i.file===o.path)&&!n.some(i=>i.file===o.path)&&s(o.path);return{images:t,includes:n}},Ne=(e,n)=>{for(const t of n)try{if(new RegExp(t).test(e))return!0}catch{if(e.includes(t))return!0}return!1},rs=(e,n,t)=>{const s=e.indexOf("/");return s>0&&e.slice(0,s).includes(".")?`https://${e.slice(0,s)}/${e.slice(s+1)}/-/releases/${n}`:`${t}/${e}/-/releases/${n}`},is=async(e,n)=>{const{ignoreRules:t,imageReferences:s,includes:r,options:o,registryOptions:i,resolverOptions:a}=n,d=[],l=[],c=[];if(s.length>0){const v=await Ze(e,{ignoreRules:t,options:o,references:s,registryOptions:i});for(const p of v.updates)d.push({...p,ecosystem:"gitlab"});for(const p of v.ignored)l.push({...p,ecosystem:"gitlab"});c.push(...v.failed)}if(r.length===0)return{failed:c,ignored:l,updates:d};const f=new Wn({apiBase:a?.apiBase,fetch:a?.fetch,token:o.gitlabToken??a?.token}),g=a?.apiBase??"https://gitlab.com",m=new Map;for(const v of r){const p=m.get(v.project)??[];p.push(v),m.set(v.project,p)}const h=Math.max(1,o.maxConcurrentRequests),x=[...m.keys()];let b=0;const w=async v=>{const p=m.get(v)??[];let $;try{$=await f.listTags(v)}catch{for(const u of p)c.push({file:u.file,reason:`failed to list tags for ${v}`});return}if($.error){for(const u of p)c.push({file:u.file,reason:`failed to list tags for ${v}: ${$.error}`});return}for(const u of p){const A=u.kind==="component"&&u.componentName?`${u.project}/${u.componentName}`:u.project;let y;u.ignoreReason?y=u.ignoreReason:Ne(A,o.exclude)?y="matched --exclude":o.include.length>0&&!Ne(A,o.include)?y="not matched by --include":o.respectDependabotConfig&&t&&me(A,"gitlab",t)&&(y="ignored by dependabot/renovate config");const T=U=>({currentRef:u.ref,currentVersion:u.ref,ecosystem:"gitlab",file:u.file,ignored:!0,line:u.line,name:A,newRef:u.ref,newVersion:void 0,original:u.original,reason:U,replacement:u.original,updateType:"unknown"});if(y){l.push(T(y));continue}const R=H(u.ref);if(!R&&!o.includeBranches){l.push(T("branch reference (use --include-branches)"));continue}if(!R&&o.mode!=="latest"){l.push(T(`branch ref has no version baseline for --target=${o.mode}`));continue}const C=he($.parsed,R,o.mode);if(!C)continue;let E;u.kind==="component"?E=`${u.componentName?`${u.project}/${u.componentName}`:u.project}@${C.raw}`:E=C.raw,d.push({currentRef:u.ref,currentVersion:R?.raw??u.ref,ecosystem:"gitlab",file:u.file,line:u.line,name:A,newRef:C.raw,newVersion:C.raw,original:u.original,replacement:E,updateType:$e(R,C),url:rs(u.project,C.raw,g)})}},k=[];for(let v=0;v<Math.min(h,x.length);v++)k.push((async()=>{for(;b<x.length;){const p=x[b];b+=1,p!==void 0&&await w(p)}})());return await Promise.all(k),{failed:c,ignored:l,updates:d}},as={disabled:new Set,exclude:[],githubToken:void 0,gitlabToken:void 0,include:[],includeBranches:!1,maxConcurrentRequests:8,minAgeDays:void 0,mode:"latest",respectDependabotConfig:!0,style:"sha"},cs=async e=>{const n={...as,...e.options,disabled:e.options?.disabled??new Set},t=n.respectDependabotConfig?en(e.workspaceRoot):void 0,s={actions:{failed:[],ignored:[],updates:[]},docker:{failed:[],ignored:[],updates:[]},gitlab:{failed:[],ignored:[],updates:[]}},r=[];let o=0;if(!n.disabled.has("actions")){const d=hn(e.workspaceRoot);d.length>0&&(o+=1,r.push(bn(e.workspaceRoot,{ignoreRules:t,options:n,references:d}).then(l=>{s.actions=l})))}if(!n.disabled.has("docker")){const d=Bn(e.workspaceRoot);d.length>0&&(o+=1,r.push(Ze(e.workspaceRoot,{ignoreRules:t,options:n,references:d}).then(l=>{s.docker=l})))}if(!n.disabled.has("gitlab")){const{images:d,includes:l}=os(e.workspaceRoot);d.length+l.length>0&&(o+=1,r.push(is(e.workspaceRoot,{ignoreRules:t,imageReferences:d,includes:l,options:n}).then(c=>{s.gitlab=c})))}await Promise.all(r);const i=[...s.actions.updates,...s.docker.updates,...s.gitlab.updates],a=[...s.actions.ignored,...s.docker.ignored,...s.gitlab.ignored];return{failed:[...s.actions.failed,...s.docker.failed,...s.gitlab.failed],ignored:a,perEcosystem:s,scanned:o,updates:i}},ls={actions:"GitHub Actions",docker:"Docker",gitlab:"GitLab CI"},fe=e=>e.updateType==="major",us=e=>{switch(e){case"major":return G;case"minor":return D;case"patch":return Pe;default:return qe}},De=e=>{const n=us(e.updateType),t=e.currentVersion??e.currentRef,s=e.newVersion??e.newRef,r=e.url?` ${M(e.url)}`:"",o=e.advisories&&e.advisories.length>0?` ${G(`⚠ ${String(e.advisories.length)} advisor${e.advisories.length===1?"y":"ies"}`)}`:"";return` ${n(e.updateType.padEnd(7))} ${e.name} ${M(t)} → ${s}${o}${r}`},Oe=e=>!e.advisories||e.advisories.length===0?[]:e.advisories.map(n=>` ${n.severity==="CRITICAL"||n.severity==="HIGH"?G(n.severity):D(n.severity)} ${n.id} ${M(n.summary)}`),ds=(e,n)=>{const t=[],s=e.updates.length;if(s===0&&e.scanned===0)return"";if(s===0){if(e.failed.length===0&&e.ignored.length===0)return t.push(`${Pe("✓")} All ecosystem references up to date.`),t.join(`
|
|
6
|
-
`);if(
|
|
7
|
-
${
|
|
8
|
-
${
|
|
9
|
-
`)}
|
|
10
|
-
${
|
|
11
|
-
${G(
|
|
12
|
-
${
|
|
13
|
-
${
|
|
14
|
-
${
|
|
15
|
-
${
|
|
16
|
-
`)},
|
|
17
|
-
`)}}},
|
|
18
|
-
${
|
|
19
|
-
`):
|
|
20
|
-
`):(
|
|
5
|
+
`,c=a.split(/\r?\n/),u=[];for(const g of i){const m=g.line-1,h=c[m];if(h===void 0){n.push({reason:`line ${String(g.line)} out of range`,update:g});continue}const v=h.indexOf(g.original);if(v===-1){n.push({reason:"original token not found on expected line",update:g});continue}const x=h.slice(0,v),$=h.slice(v+g.original.length),A=/#\s*v?\d/.test(g.replacement)&&/^\s*#\s*v?\d[\w.+-]*\s*$/i.test($)?"":$;c[m]=`${x}${g.replacement}${A}`,u.push(g)}if(u.length===0)continue;const f=c.join(d);try{pt(o,f),t.push(...u)}catch(g){for(const m of u)n.push({reason:`write failed: ${g.message}`,update:m})}}return{applied:t,skipped:n}};class In{tokens;fetchImpl;tagCache=new Map;constructor(t={}){this.tokens=t.tokens??{},this.fetchImpl=t.fetch??fetch}async listTags(t,n,s){const r=`${t}/${n}/${s}`,o=this.tagCache.get(r);if(o)return o;const i=t==="docker.io"?this.listDockerHubTags(n,s):this.listV2Tags(t,n,s);return this.tagCache.set(r,i),i}async listDockerHubTags(t,n){const s={parsed:[],raw:[]},r=[],o=new Map;let i=`https://hub.docker.com/v2/repositories/${encodeURIComponent(t)}/${encodeURIComponent(n)}/tags?page_size=100`,a=0;for(;i&&a<5;){try{const d=await this.fetchImpl(i,{headers:{Accept:"application/json"}});if(!d.ok)break;const c=await d.json();if(Array.isArray(c.results)){for(const u of c.results)if(typeof u.name=="string"&&(r.push(u.name),typeof u.last_updated=="string")){const f=Date.parse(u.last_updated);Number.isNaN(f)||o.set(u.name,f)}}i=typeof c.next=="string"?c.next:void 0}catch{break}a+=1}return r.length===0?s:{parsed:r.map(d=>{const c=H(d);if(c)return{...c,lastUpdated:o.get(d)}}).filter(d=>d!==void 0),raw:r}}async listV2Tags(t,n,s){const r={parsed:[],raw:[]},o=n==="library"?s:`${n}/${s}`,i={Accept:"application/json"},a=this.tokens[t]??process.env[`DOCKER_REGISTRY_TOKEN_${t.toUpperCase().replaceAll(/[^A-Z0-9]/g,"_")}`];a&&(i.Authorization=`Bearer ${a}`);const d=`https://${t}`,c=[];let u=`${d}/v2/${o}/tags/list?n=100`,f=i,g=0;const m=()=>{const h=[];for(const v of c){const x=H(v);x&&h.push({...x,lastUpdated:void 0})}return{parsed:h,raw:c}};for(;u&&g<5;){try{let h=await this.fetchImpl(u,{headers:f});if(h.status===401&&f===i){const $=Dn(h.headers.get("www-authenticate"));if($){const A=await this.fetchBearerToken($);A&&(f={...i,Authorization:`Bearer ${A}`},h=await this.fetchImpl(u,{headers:f}))}}if(!h.ok)return g===0?r:m();const v=await h.json();if(!Array.isArray(v.tags))return g===0?r:m();for(const $ of v.tags)typeof $=="string"&&c.push($);const x=Xe(h.headers.get("link"));u=x.next?new URL(x.next,d).toString():void 0}catch{return g===0?r:m()}g+=1}return c.length===0?r:m()}async fetchBearerToken(t){const n=new URLSearchParams({scope:t.scope,service:t.service}),s=`${t.realm}?${n.toString()}`;try{const r=await this.fetchImpl(s,{headers:{Accept:"application/json"}});if(!r.ok)return;const o=await r.json();return o.token??o.access_token}catch{return}}}const Nn=e=>{const t=[];let n=0;const{length:s}=e;for(;n<s;){for(;n<s&&/\s/.test(e[n]??"");)n+=1;const r=n;for(;n<s&&e[n]!=="="&&e[n]!==",";)n+=1;const o=e.slice(r,n).trim();if(e[n]!=="="){for(;n<s&&e[n]!==",";)n+=1;n+=1;continue}n+=1;let i="";if(e[n]==='"'){for(n+=1;n<s&&e[n]!=='"';){if(e[n]==="\\"&&n+1<s){i+=e[n+1]??"",n+=2;continue}i+=e[n]??"",n+=1}n+=1}else{for(;n<s&&e[n]!==",";)i+=e[n]??"",n+=1;i=i.trim()}for(o.length>0&&t.push({key:o,value:i});n<s&&(/\s/.test(e[n]??"")||e[n]===",");)n+=1}return t},Dn=e=>{if(!e)return;const t=/^Bearer\s+(.*)$/i.exec(e);if(!t)return;const n=new Map;for(const{key:o,value:i}of Nn(t[1]??""))n.set(o.toLowerCase(),i);const s=n.get("realm"),r=n.get("service");if(s)return{realm:s,scope:n.get("scope")??"",service:r??""}},On="docker.io",Un="sha256:",re=e=>{const t=e.trim();if(t===""||t.startsWith("$")||t.includes("${")||t.includes("$("))return;let n=t,s;const r=n.indexOf(`@${Un}`);r!==-1&&(s=n.slice(r+1),n=n.slice(0,r));let o=On,i=n;const a=n.indexOf("/");if(a>0){const h=n.slice(0,a);(h==="localhost"||h.includes(".")||h.includes(":"))&&(o=h,i=n.slice(a+1))}let d="latest",c=i;const u=i.lastIndexOf(":");u!==-1&&!i.slice(u).includes("/")&&(d=i.slice(u+1),c=i.slice(0,u));let f="library",g=c;const m=c.indexOf("/");if(m!==-1&&(f=c.slice(0,m),g=c.slice(m+1)),g!=="")return{digest:s,name:g,namespace:f,original:t,registry:o,tag:d}},ie=/vis-update-ignore-next-line/i,Ze=/vis-update-ignore(?:\s|$|:)/i,Qe=e=>{const t=e.trim();return t===""||t.startsWith("#")},Bn=/^\s*FROM\s+(?:--\S+\s+)*([^\s#]+)(?:\s[^#]*)?(#.*)?$/i,Vn=(e,t)=>{const n=t.split(/\r?\n/),s=[];let r=!1;for(const[o,i]of n.entries()){if(ie.test(i)&&Qe(i)){r=!0;continue}const a=Bn.exec(i);if(!a){i.trim()!==""&&!i.trim().startsWith("#")&&(r=!1);continue}const d=a[1]??"";if(d==="scratch"){r=!1;continue}const c=a[2]?.trim();let u=r?"vis-update-ignore-next-line":void 0;c&&ie.test(c)?u=u??"vis-update-ignore-next-line":c&&Ze.test(c)&&(u=u??"vis-update-ignore");const f=re(d);r=!1,f&&s.push({...f,file:e,ignoreReason:u,kind:"dockerfile",line:o+1})}return s},_n=/^\s*image:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,Mn=(e,t)=>{const n=t.split(/\r?\n/),s=[];let r=!1;for(const[o,i]of n.entries()){if(ie.test(i)&&Qe(i)){r=!0;continue}const a=_n.exec(i);if(!a){i.trim()!==""&&!i.trim().startsWith("#")&&(r=!1);continue}const d=a[2]??"",c=a[3]?.trim();let u=r?"vis-update-ignore-next-line":void 0;c&&ie.test(c)?u=u??"vis-update-ignore-next-line":c&&Ze.test(c)&&(u=u??"vis-update-ignore");const f=re(d);r=!1,f&&s.push({...f,file:e,ignoreReason:u,kind:"compose",line:o+1})}return s},je=e=>{const t=e.toLowerCase();return t==="dockerfile"||t.startsWith("dockerfile.")?!0:t.endsWith(".dockerfile")},Pn=e=>{const t=e.toLowerCase();return/^(?:docker-)?compose(?:\..+)?\.ya?ml$/.test(t)},qn=new Set([".cache",".git",".nx",".pnpm-store",".turbo","build","dist","node_modules"]),Wn=/(?:^|\/)(?:\.git|node_modules|\.pnpm-store|\.turbo|\.nx|dist|build|\.cache)(?:\/|$)/,Ln=e=>{const t=[];if(!U(e))return t;const n=new Set,s=(r,o)=>{let i;try{i=Nt.native(r)}catch{i=r}if(n.has(i))return;n.add(i);let a;try{a=K(r)}catch{return}t.push(...o==="dockerfile"?Vn(r,a):Mn(r,a))};for(const r of J(e,{includeDirs:!1,includeSymlinks:!1,skip:[Wn]})){const{name:o}=r;qn.has(o)||(je(o)?s(r.path,"dockerfile"):Pn(o)&&s(r.path,"compose"))}for(const r of["Dockerfile","dockerfile","compose.yml","compose.yaml","docker-compose.yml","docker-compose.yaml"]){const o=V(e,r);U(o)&&s(o,je(r)?"dockerfile":"compose")}return t},Hn=864e5,Ie=(e,t)=>{for(const n of t)try{if(new RegExp(n).test(e))return!0}catch{if(e.includes(n))return!0}return!1},Ne=e=>{const t=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return e.registry==="docker.io"?t:`${e.registry}/${t}`},Fn=e=>e.digest!==void 0&&e.digest.length>0,zn=e=>{if(e.registry==="docker.io")return`https://hub.docker.com/${e.namespace==="library"?`_/${e.name}`:`r/${e.namespace}/${e.name}`}/tags`;const t=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return`https://${e.registry}/${t}`},Gn=(e,t)=>{const n=e.namespace==="library"?e.name:`${e.namespace}/${e.name}`;return`${e.registry==="docker.io"?n:`${e.registry}/${n}`}:${t}`},et=async(e,t)=>{const{ignoreRules:n,options:s,references:r,registryOptions:o}=t,i=[],a=[],d=[];if(r.length===0)return{failed:d,ignored:a,updates:i};const c=new In({fetch:o?.fetch,tokens:o?.tokens}),u=new Map;for(const x of r){const $=`${x.registry}|${x.namespace}|${x.name}`,A=u.get($)??[];A.push(x),u.set($,A)}const f=Math.max(1,s.maxConcurrentRequests),g=[...u.keys()];let m=0;const h=async x=>{const $=u.get(x)??[],A=$[0];if(!A)return;let y;try{y=await c.listTags(A.registry,A.namespace,A.name)}catch{for(const p of $)d.push({file:p.file,reason:`failed to list tags for ${Ne(p)}`});return}for(const p of $){const k=Ne(p);let l;if(p.ignoreReason?l=p.ignoreReason:Ie(k,s.exclude)?l="matched --exclude":s.include.length>0&&!Ie(k,s.include)?l="not matched by --include":s.respectDependabotConfig&&n&&he(k,"docker",n)&&(l="ignored by dependabot/renovate config"),l){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:k,newRef:p.tag,newVersion:void 0,original:p.original,reason:l,replacement:p.original,updateType:"unknown"});continue}if(Fn(p)){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:k,newRef:p.tag,newVersion:void 0,original:p.original,reason:"digest-pinned image (refresh the pin manually to update)",replacement:p.original,updateType:"digest"});continue}const S=H(p.tag);if(!S&&!s.includeBranches){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:k,newRef:p.tag,newVersion:void 0,original:p.original,reason:"non-semver tag (use --include-branches)",replacement:p.original,updateType:"unknown"});continue}if(!S&&s.mode!=="latest"){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:k,newRef:p.tag,newVersion:void 0,original:p.original,reason:`branch ref has no version baseline for --target=${s.mode}`,replacement:p.original,updateType:"unknown"});continue}const w=$e(y.parsed,S,s.mode);if(!w)continue;if(s.minAgeDays!==void 0&&w.lastUpdated!==void 0&&(Date.now()-w.lastUpdated)/Hn<s.minAgeDays){a.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,ignored:!0,line:p.line,name:k,newRef:w.raw,newVersion:w.raw,original:p.original,reason:`release younger than ${String(s.minAgeDays)} days`,replacement:p.original,updateType:"unknown"});continue}const E=w.raw,C=Gn(p,E);i.push({currentRef:p.tag,currentVersion:p.tag,ecosystem:"docker",file:p.file,line:p.line,name:k,newRef:E,newVersion:E,original:p.original,replacement:C,updateType:ye(S,w),url:zn(p)})}},v=[];for(let x=0;x<Math.min(f,g.length);x++)v.push((async()=>{for(;m<g.length;){const $=g[m];m+=1,$!==void 0&&await h($)}})());return await Promise.all(v),{failed:d,ignored:a,updates:i}};class Kn{token;tokenHeader;defaultApiBase;fetchImpl;tagCache=new Map;constructor(t){const n=t.token??process.env.GITLAB_TOKEN;n?(this.token=n,this.tokenHeader="PRIVATE-TOKEN"):process.env.CI_JOB_TOKEN?(this.token=process.env.CI_JOB_TOKEN,this.tokenHeader="JOB-TOKEN"):(this.token=void 0,this.tokenHeader="PRIVATE-TOKEN"),this.defaultApiBase=t.apiBase??"https://gitlab.com",this.fetchImpl=t.fetch??fetch}async listTags(t){const n=this.tagCache.get(t);if(n)return n;const s=this.fetchTags(t);return this.tagCache.set(t,s),s}resolveHostAndPath(t){const n=t.indexOf("/");if(n>0){const s=t.slice(0,n);if(s.includes("."))return{host:`https://${s}`,path:t.slice(n+1)}}return{host:this.defaultApiBase,path:t}}async fetchTags(t){const{host:n,path:s}=this.resolveHostAndPath(t),r=encodeURIComponent(s),o=`${n}/api/v4/projects/${r}/repository/tags?per_page=100`,i={Accept:"application/json","User-Agent":"vis-update-gitlab"};this.token&&(i[this.tokenHeader]=this.token);try{const a=await this.fetchImpl(o,{headers:i});if(!a.ok)return{error:`HTTP ${String(a.status)} from ${n}`,parsed:[],tags:[]};const d=await a.json();if(!Array.isArray(d))return{error:`unexpected response shape from ${n}`,parsed:[],tags:[]};const c=d.map(f=>({name:typeof f.name=="string"?f.name:"",sha:typeof f.commit?.id=="string"?f.commit.id:""})).filter(f=>f.name!==""),u=[];for(const f of c){const g=H(f.name);g&&u.push({...g,sha:f.sha})}return{parsed:u,tags:c}}catch(a){return{error:a instanceof Error?a.message:"fetch failed",parsed:[],tags:[]}}}}const Jn=/vis-update-ignore-next-line/i,Q=/vis-update-ignore(?:\s|$|:)/i,Yn=new Set([".gitlab-ci.yaml",".gitlab-ci.yml"]),Xn=e=>Yn.has(e)||e.endsWith(".gitlab-ci.yml")||e.endsWith(".gitlab-ci.yaml"),Zn=/^\s*-?\s*project:\s*(['"]?)([^'"\s#]+)\1(?:\s*#.*)?$/,Qn=/^\s*ref:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,es=/^\s*-?\s*component:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,ts=/^\s*image:\s*(['"]?)([^'"\s#]+)\1(\s*#.*)?$/,ns=/^\s*(?:-\s*)?(?:include:\s*)?\{([^}]*)\}\s*(?:#.*)?$/,ss=/project:\s*(['"]?)([^'"\s,}]+)\1/,os=/ref:\s*(['"]?)([^'"\s,}]+)\1/,rs=/component:\s*(['"]?)([^'"\s,}]+)\1/,is=/^(\s*-\s*name:\s*)(['"]?)([^'"\s#]+)\2(\s*#.*)?$/,as=/^(\s*-\s*)(['"]?)([^'"\s#:]+:[^'"\s#]+)\2(\s*#.*)?$/,cs=/^\s*-?\s*[a-z_][\w-]*:\s*(?:#.*)?$/i,ls=(e,t)=>{const n=t.split(/\r?\n/),s=[],r=[];let o,i=!1,a=!1,d=-1;for(const[c,u]of n.entries()){const f=u??"",g=f.trim(),m=g===""||g.startsWith("#");if(Jn.test(f)&&m){i=!0;continue}const h=/^(\s*)services:\s*(?:#.*)?$/.exec(f);if(h){a=!0,d=h[1]?.length??0;continue}a&&g!==""&&!g.startsWith("-")&&!g.startsWith("#")&&f.search(/\S/)<=d&&(a=!1,d=-1);const v=ts.exec(f);if(v){const p=v[2]??"",k=re(p);if(k){const l=v[3]?.trim();let S=i?"vis-update-ignore-next-line":void 0;l&&Q.test(l)&&(S=S??"vis-update-ignore"),r.push({...k,file:e,ignoreReason:S,kind:"compose",line:c+1})}i=!1;continue}if(a){const p=is.exec(f),k=p?void 0:as.exec(f),l=p??k;if(l){const S=l[3]??"",w=re(S);if(w){const E=l[4]?.trim();let C=i?"vis-update-ignore-next-line":void 0;E&&Q.test(E)&&(C=C??"vis-update-ignore"),r.push({...w,file:e,ignoreReason:C,kind:"compose",line:c+1})}}}const x=Zn.exec(f);if(x){o={line:c+1,project:x[2]??""};continue}const $=Qn.exec(f);if($&&o){const p=$[3]?.trim();let k=i?"vis-update-ignore-next-line":void 0;p&&Q.test(p)&&(k=k??"vis-update-ignore"),s.push({file:e,ignoreReason:k,kind:"project",line:c+1,original:$[2]??"",project:o.project,ref:$[2]??""}),o=void 0,i=!1;continue}const A=es.exec(f);if(A){const p=A[2]??"",k=p.lastIndexOf("@");if(k>0){const l=p.slice(0,k),S=p.slice(k+1),w=l.lastIndexOf("/"),E=w>0?l.slice(0,w):l,C=w>0?l.slice(w+1):void 0,b=A[3]?.trim();let T=i?"vis-update-ignore-next-line":void 0;b&&Q.test(b)&&(T=T??"vis-update-ignore"),s.push({componentName:C,file:e,ignoreReason:T,kind:"component",line:c+1,original:p,project:E,ref:S})}i=!1;continue}const y=ns.exec(f);if(y){const p=y[1]??"",k=/#(.*)$/.exec(f)?.[1]?.trim();let l=i?"vis-update-ignore-next-line":void 0;k&&Q.test(k)&&(l=l??"vis-update-ignore");const S=rs.exec(p);if(S){const w=S[2]??"",E=w.lastIndexOf("@");if(E>0){const C=w.slice(0,E),b=w.slice(E+1),T=C.lastIndexOf("/"),N=T>0?C.slice(0,T):C,_=T>0?C.slice(T+1):void 0;s.push({componentName:_,file:e,ignoreReason:l,kind:"component",line:c+1,original:w,project:N,ref:b})}}else{const w=ss.exec(p),E=os.exec(p);w&&E&&s.push({file:e,ignoreReason:l,kind:"project",line:c+1,original:E[2]??"",project:w[2]??"",ref:E[2]??""})}i=!1;continue}g!==""&&!g.startsWith("#")&&!cs.test(f)&&(i=!1)}return{images:r,includes:s}},De=/^(?:\.git|node_modules|\.pnpm-store|\.turbo|\.nx|dist|build|\.cache)$/,us=e=>{const t=[],n=[];if(!U(e))return{images:n,includes:t};const s=o=>{let i;try{i=K(o)}catch{return}const{images:a,includes:d}=ls(o,i);t.push(...d),n.push(...a)};for(const o of[".gitlab-ci.yml",".gitlab-ci.yaml"]){const i=V(e,o);U(i)&&s(i)}const r=V(e,".gitlab");if(U(r))for(const o of J(r,{includeDirs:!1,includeSymlinks:!1,skip:[De]}))(o.name.endsWith(".yml")||o.name.endsWith(".yaml"))&&s(o.path);for(const o of J(e,{includeDirs:!1,includeSymlinks:!1,maxDepth:2,skip:[De]}))Xn(o.name)&&!n.some(i=>i.file===o.path)&&!t.some(i=>i.file===o.path)&&s(o.path);return{images:n,includes:t}},Oe=(e,t)=>{for(const n of t)try{if(new RegExp(n).test(e))return!0}catch{if(e.includes(n))return!0}return!1},ds=(e,t,n)=>{const s=e.indexOf("/");return s>0&&e.slice(0,s).includes(".")?`https://${e.slice(0,s)}/${e.slice(s+1)}/-/releases/${t}`:`${n}/${e}/-/releases/${t}`},ps=async(e,t)=>{const{ignoreRules:n,imageReferences:s,includes:r,options:o,registryOptions:i,resolverOptions:a}=t,d=[],c=[],u=[];if(s.length>0){const y=await et(e,{ignoreRules:n,options:o,references:s,registryOptions:i});for(const p of y.updates)d.push({...p,ecosystem:"gitlab"});for(const p of y.ignored)c.push({...p,ecosystem:"gitlab"});u.push(...y.failed)}if(r.length===0)return{failed:u,ignored:c,updates:d};const f=new Kn({apiBase:a?.apiBase,fetch:a?.fetch,token:o.gitlabToken??a?.token}),g=a?.apiBase??"https://gitlab.com",m=new Map;for(const y of r){const p=m.get(y.project)??[];p.push(y),m.set(y.project,p)}const h=Math.max(1,o.maxConcurrentRequests),v=[...m.keys()];let x=0;const $=async y=>{const p=m.get(y)??[];let k;try{k=await f.listTags(y)}catch{for(const l of p)u.push({file:l.file,reason:`failed to list tags for ${y}`});return}if(k.error){for(const l of p)u.push({file:l.file,reason:`failed to list tags for ${y}: ${k.error}`});return}for(const l of p){const S=l.kind==="component"&&l.componentName?`${l.project}/${l.componentName}`:l.project;let w;l.ignoreReason?w=l.ignoreReason:Oe(S,o.exclude)?w="matched --exclude":o.include.length>0&&!Oe(S,o.include)?w="not matched by --include":o.respectDependabotConfig&&n&&he(S,"gitlab",n)&&(w="ignored by dependabot/renovate config");const E=N=>({currentRef:l.ref,currentVersion:l.ref,ecosystem:"gitlab",file:l.file,ignored:!0,line:l.line,name:S,newRef:l.ref,newVersion:void 0,original:l.original,reason:N,replacement:l.original,updateType:"unknown"});if(w){c.push(E(w));continue}const C=H(l.ref);if(!C&&!o.includeBranches){c.push(E("branch reference (use --include-branches)"));continue}if(!C&&o.mode!=="latest"){c.push(E(`branch ref has no version baseline for --target=${o.mode}`));continue}const b=$e(k.parsed,C,o.mode);if(!b)continue;let T;l.kind==="component"?T=`${l.componentName?`${l.project}/${l.componentName}`:l.project}@${b.raw}`:T=b.raw,d.push({currentRef:l.ref,currentVersion:C?.raw??l.ref,ecosystem:"gitlab",file:l.file,line:l.line,name:S,newRef:b.raw,newVersion:b.raw,original:l.original,replacement:T,updateType:ye(C,b),url:ds(l.project,b.raw,g)})}},A=[];for(let y=0;y<Math.min(h,v.length);y++)A.push((async()=>{for(;x<v.length;){const p=v[x];x+=1,p!==void 0&&await $(p)}})());return await Promise.all(A),{failed:u,ignored:c,updates:d}},fs={disabled:new Set,exclude:[],githubToken:void 0,gitlabToken:void 0,include:[],includeBranches:!1,maxConcurrentRequests:8,minAgeDays:void 0,mode:"latest",respectDependabotConfig:!0,style:"sha"},gs=async e=>{const t={...fs,...e.options,disabled:e.options?.disabled??new Set},n=t.respectDependabotConfig?an(e.workspaceRoot):void 0,s={actions:{failed:[],ignored:[],updates:[]},docker:{failed:[],ignored:[],updates:[]},gitlab:{failed:[],ignored:[],updates:[]}},r=[];let o=0;if(!t.disabled.has("actions")){const d=bn(e.workspaceRoot);d.length>0&&(o+=1,r.push(Cn(e.workspaceRoot,{ignoreRules:n,options:t,references:d}).then(c=>{s.actions=c})))}if(!t.disabled.has("docker")){const d=Ln(e.workspaceRoot);d.length>0&&(o+=1,r.push(et(e.workspaceRoot,{ignoreRules:n,options:t,references:d}).then(c=>{s.docker=c})))}if(!t.disabled.has("gitlab")){const{images:d,includes:c}=us(e.workspaceRoot);d.length+c.length>0&&(o+=1,r.push(ps(e.workspaceRoot,{ignoreRules:n,imageReferences:d,includes:c,options:t}).then(u=>{s.gitlab=u})))}await Promise.all(r);const i=[...s.actions.updates,...s.docker.updates,...s.gitlab.updates],a=[...s.actions.ignored,...s.docker.ignored,...s.gitlab.ignored];return{failed:[...s.actions.failed,...s.docker.failed,...s.gitlab.failed],ignored:a,perEcosystem:s,scanned:o,updates:i}},ms={actions:"GitHub Actions",docker:"Docker",gitlab:"GitLab CI"},ge=e=>e.updateType==="major",hs=e=>{switch(e){case"major":return G;case"minor":return O;case"patch":return We;default:return Le}},Ue=e=>{const t=hs(e.updateType),n=e.currentVersion??e.currentRef,s=e.newVersion??e.newRef,r=e.url?` ${P(e.url)}`:"",o=e.advisories&&e.advisories.length>0?` ${G(`⚠ ${String(e.advisories.length)} advisor${e.advisories.length===1?"y":"ies"}`)}`:"";return` ${t(e.updateType.padEnd(7))} ${e.name} ${P(n)} → ${s}${o}${r}`},Be=e=>!e.advisories||e.advisories.length===0?[]:e.advisories.map(t=>` ${t.severity==="CRITICAL"||t.severity==="HIGH"?G(t.severity):O(t.severity)} ${t.id} ${P(t.summary)}`),$s=(e,t)=>{const n=[],s=e.updates.length;if(s===0&&e.scanned===0)return"";if(s===0){if(e.failed.length===0&&e.ignored.length===0)return n.push(`${We("✓")} All ecosystem references up to date.`),n.join(`
|
|
6
|
+
`);if(n.push(`${O("⚠")} No actionable updates found.`),e.failed.length>0){n.push(`
|
|
7
|
+
${O("Failed lookups:")}`);for(const o of e.failed)n.push(` ${o.file}: ${o.reason}`)}if(t.showIgnored&&e.ignored.length>0){n.push(`
|
|
8
|
+
${P("Ignored:")}`);for(const o of e.ignored)n.push(` ${P(o.name)} ${P(o.reason??"")}`)}return n.join(`
|
|
9
|
+
`)}n.push(`
|
|
10
|
+
${Le("Ecosystem updates")} — ${String(s)} reference${s===1?"":"s"} can be bumped:`);const r=e.updates.filter(o=>ge(o));if(r.length>0){n.push(`
|
|
11
|
+
${G(ut(`⚠ Breaking changes (${String(r.length)})`))}`),n.push(` ${P("Review release notes before applying — these cross a major-version boundary.")}`);for(const o of r)n.push(Ue(o)),n.push(...Be(o))}for(const o of Object.keys(e.perEcosystem)){const i=e.perEcosystem[o];if(i.updates.length!==0){n.push(`
|
|
12
|
+
${ms[o]} (${String(i.updates.length)})`);for(const a of i.updates)n.push(Ue(a)),n.push(...Be(a))}}if(t.showIgnored&&e.ignored.length>0){n.push(`
|
|
13
|
+
${P("Ignored:")}`);for(const o of e.ignored)n.push(` ${P(o.name)} ${P(o.reason??"")}`)}if(e.failed.length>0){n.push(`
|
|
14
|
+
${O("Failed lookups:")}`);for(const o of e.failed)n.push(` ${o.file}: ${o.reason}`)}return t.previewOnly&&n.push(`
|
|
15
|
+
${O("ℹ")} ${P("Not applied automatically — re-run with `--interactive` to choose which to apply, or `--yes` to apply all.")}`),n.join(`
|
|
16
|
+
`)},ys=e=>JSON.stringify({ecosystems:{failed:e.failed,ignored:e.ignored,perEcosystem:e.perEcosystem,scanned:e.scanned,updates:e.updates}},void 0,2),ks=()=>{const e=qe({input:process.stdin,output:process.stdout});return{ask:t=>new Promise(n=>{e.question(t,s=>{n(s.trim())})}),close:()=>{e.close()},write:t=>{process.stdout.write(`${t}
|
|
17
|
+
`)}}},ws=(e,t)=>e.split(",").map(n=>Number.parseInt(n.trim(),10)-1).filter(n=>Number.isInteger(n)&&n>=0&&n<t),vs=async(e,t=ks())=>{if(e.length===0)return t.close(),[];t.write(""),t.write("Outdated ecosystem references:");for(const[s,r]of e.entries()){const o=r.currentVersion??r.currentRef,i=r.newVersion??r.newRef,a=ge(r)?" [BREAKING]":"";t.write(` ${String(s+1)}. [${r.ecosystem}] ${r.name}: ${o} → ${i} (${r.updateType})${a}`)}t.write("");const n=(await t.ask("Apply updates? [a]ll / [s]afe / [n]one / numbers: ")).toLowerCase();if(n==="a"||n==="all")return t.close(),e;if(n==="s"||n==="safe")return t.close(),e.filter(s=>!ge(s));if(n==="n"||n==="none"||n==="")return t.close(),[];if(/^[\d ,]+$/.test(n)){const s=ws(n,e.length);return t.close(),s.map(r=>e[r]).filter(r=>r!==void 0)}return t.close(),[]},tt=e=>{const t=e.trim();if(t==="")return;const n=/^(\d+(?:\.\d+)?)\s*([mhdw])?$/i.exec(t);if(!n)return;const s=Number.parseFloat(n[1]);if(!(!Number.isFinite(s)||s<0))switch((n[2]??"m").toLowerCase()){case"d":return s*60*24;case"h":return s*60;case"m":return s;case"w":return s*60*24*7;default:return}},bs=e=>{const t=e.trim();return/^\d+(?:\.\d+)?$/.test(t)?Number.parseFloat(t)*1440:tt(t)},Ks=e=>!Number.isFinite(e)||e<=0?"0m":e%1440===0?`${String(e/1440)}d`:e%60===0?`${String(e/60)}h`:`${String(e)}m`,ke=(e,t)=>{try{switch(t){case"bun":{const n=V(e,"bunfig.toml");if(U(n)){const s=yt(n),r=s?.install?.minimumReleaseAge;return{excludes:Array.isArray(s?.install?.minimumReleaseAgeExcludes)?s.install.minimumReleaseAgeExcludes:void 0,minutes:typeof r=="number"?Math.round(r/60):void 0}}break}case"npm":{const n=V(e,".npmrc");if(U(n)){const s=K(n),r=/^\s*min-release-age\s*=\s*([^\s#;]+)/m.exec(s);return{minutes:r?bs(r[1]):void 0}}break}case"pnpm":{const n=V(e,"pnpm-workspace.yaml");if(U(n)){const s=Re(n);return{excludes:Array.isArray(s?.minimumReleaseAgeExclude)?s.minimumReleaseAgeExclude:void 0,minutes:typeof s?.minimumReleaseAge=="number"?s.minimumReleaseAge:void 0}}break}case"yarn":{const n=V(e,".yarnrc.yml");if(U(n)){const s=Re(n),r=s?.npmMinimalAgeGate,o=Array.isArray(s?.npmPreapprovedPackages)?s.npmPreapprovedPackages:void 0;if(typeof r=="string")return{excludes:o,minutes:tt(r)};if(typeof r=="number")return{excludes:o,minutes:r}}break}}}catch{}return{}},Rs={bun:"minimumReleaseAgeExcludes",pnpm:"minimumReleaseAgeExclude",yarn:"npmPreapprovedPackages"},nt={bun:"bunfig.toml minimumReleaseAgeExcludes",npm:".npmrc",pnpm:"pnpm-workspace.yaml minimumReleaseAgeExclude",yarn:".yarnrc.yml npmPreapprovedPackages"},st=(e,t,n)=>{const s=ke(t,e);if(typeof s.minutes!="number"||s.minutes<=0)return{added:[],unsupported:!1};if(!(e in Rs))return{added:[],unsupported:!0};const r=s.excludes??[],o=[...new Set(n)].filter(i=>!r.includes(i));return o.length===0?{added:[],unsupported:!1}:(Pt(e,t,s.minutes,[...r,...o]),{added:o,unsupported:!1})},ot=(e,t,n)=>{n.added.length>0?e.info(`Added ${String(n.added.length)} package${n.added.length===1?"":"s"} to ${nt[t]??"the package manager config"} so --ignore-release-age versions install: ${n.added.join(", ")}`):n.unsupported&&e.warn(`${O("⚠")} npm has no per-package release-age exclude list, so vis can't exempt just the selected packages. Lower min-release-age in .npmrc or pass --min-release-age=0 to the install.`)},xs=(e,t,n)=>{const s=e.latest?"latest":e.target??t.target??"latest";if(!["latest","minor","patch"].includes(s))throw new Error(`Invalid target "${s}". Use: latest, minor, or patch.`);const r=e.maxConcurrentRequests,o=typeof r=="number"&&r>0?r:t.maxConcurrentRequests,i=typeof e.releaseChannel=="string"?e.releaseChannel.toLowerCase():void 0;if(i!==void 0&&!["any","same","stable"].includes(i))throw new Error(`Invalid --release-channel "${String(e.releaseChannel)}". Use: any, same, or stable.`);const a=i??t.releaseChannel;return{exclude:[...q(e.exclude),...q(t.exclude)],ignore:q(t.ignore),include:[...q(e.include),...q(t.include),...n],includeLocked:e.includeLocked||t.includeLocked||!1,includePrerelease:e.prerelease||t.prerelease||!1,maxConcurrentRequests:o,minimumReleaseAge:t.minimumReleaseAge,minimumReleaseAgeExclude:t.minimumReleaseAgeExclude,packageMode:t.packageMode,releaseChannel:a,security:e.security===!1?!1:e.ai||(t.security??!0),target:s}},Ve=(e,t)=>{if(e.length!==0){t.info(`
|
|
18
|
+
${O("⚠")} ${String(e.length)} package${e.length===1?"":"s"} skipped by target constraint (use --target latest to include):`);for(const n of e)t.info(` ${n.packageName} ${n.currentRange} → ${n.newRange} (${n.updateType})`)}},_e=(e,t,n,s,r)=>{n==="json"?process.stdout.write(`${Et({checkedCount:0,failed:t,filteredByTarget:[],ignored:[],outdated:e})}
|
|
19
|
+
`):n==="minimal"?process.stdout.write(`${Ct(e)}
|
|
20
|
+
`):(Tt(e,s),s.info(Fe(e,r)))},Me=async(e,t,n,s,r,o,i)=>{const a=St(e,n,t,!0,{useEditorconfig:i}),d=t==="pnpm"?"pnpm-workspace.yaml":"package.json";if(r.info(`
|
|
21
21
|
Updated ${d}`),a&&r.info(`Backup saved to ${a}`),s.changelog){r.info(`
|
|
22
|
-
Fetching changelogs...`);const
|
|
23
|
-
`);try{const{code:f,output:g}=await
|
|
24
|
-
`)
|
|
25
|
-
`);const
|
|
26
|
-
${String(
|
|
27
|
-
${
|
|
28
|
-
`)}`):o.info("All catalog dependencies are up to date."),
|
|
29
|
-
`);for(const
|
|
22
|
+
Fetching changelogs...`);const c=await He(n,void 0,o);for(const u of c){const f=u.releaseUrl??u.repoUrl??u.npmUrl;r.info(` ${u.packageName}: ${f}`)}}if(s["ignore-release-age"]===!0&&n.length>0&&ot(r,t,st(t,e,n.map(c=>c.packageName))),s.install??!0){const c=t,u=["install"];r.info(`Running ${c} ${u.join(" ")}...
|
|
23
|
+
`);try{const{code:f,output:g}=await ze(c,u,{cwd:e,env:process.env});f!==0?r.warn(`${c} ${u.join(" ")} failed. You may need to run it manually.`):s.peer!==!0&&Ge(g)&&r.info(Ke)}catch{r.warn(`${c} ${u.join(" ")} failed. You may need to run it manually.`)}}},me={applied:!1,canceled:!1,jsonEmitted:!1},As=async(e,t,n,s,r,o)=>{const i=n.update??{},a=[["global","--global is not supported in catalog mode"],["recursive","--recursive is not needed in catalog mode (catalogs are workspace-level)"],["filter","--filter is not supported in catalog mode (use --include/--exclude instead)"],["no-save","--no-save is not supported in catalog mode"],["workspace-root","--workspace-root is not needed in catalog mode"],["no-optional","--no-optional is not supported in catalog mode"]];for(const[R,j]of a)s[R]&&o.warn(`${O("⚠")} ${j}, ignoring.`);const d=s["ignore-release-age"]===!0,c=de("minReleaseAge")||d,{excludes:u,minutes:f}=c?{excludes:void 0,minutes:void 0}:ke(e,t),g=c?void 0:i.minimumReleaseAge??f,m=c?void 0:i.minimumReleaseAgeExclude??u;if(d?o.info(`${O("⚠")} --ignore-release-age: selecting the latest versions regardless of minimumReleaseAge.`):c&&(i.minimumReleaseAge!==void 0||f!==void 0)&&o.info("minimumReleaseAge gate disabled via MARSHALL_DISABLE_MIN_RELEASE_AGE."),!c&&i.minimumReleaseAge!==void 0&&f!==void 0&&i.minimumReleaseAge!==f){const R=t==="pnpm"?"pnpm-workspace.yaml":"bunfig.toml";o.warn(`${O("⚠")} minimumReleaseAge mismatch: vis config = ${String(i.minimumReleaseAge)} min, ${R} = ${String(f)} min. Consider keeping them in sync.`)}const h=kt(e),v=s["include-internal"],x=s.peer,$=wt(e,t,{depFields:i.depFields,dev:s.dev,includeInternal:v,peer:x,prod:s.prod});if($.size===0)return o.info("No catalogs found."),me;const A={...i,minimumReleaseAge:g,minimumReleaseAgeExclude:m},y=xs(s,A,r);let p=0;for(const R of $.values())p+=R.size;const k=!!process.stdout.isTTY&&!ae;let l;const S=k?(R,j)=>{l?l.rerender(M.createElement(Se,{current:R,total:j})):(process.stdout.write(`
|
|
24
|
+
`),l=xe(M.createElement(Se,{current:R,total:j}),{interactive:!0,patchConsole:!1}))}:(R,j)=>{o.info(`Checking ${String(R)}/${String(j)} dependencies...`)};k||o.info(`Checking ${String(p)} catalog dependencies...
|
|
25
|
+
`);const w=new Set;de("socket")&&w.add("socket"),de("depsDev")&&w.add("deps-dev");const E=n.security?.policies?.score?.minimum,C=vt(n.security,{disabled:w,minimumScore:E}),{checkedCount:b,failed:T,filteredByTarget:N,ignored:_,outdated:D}=await bt($,y,h,S,e,C,n.security?.acceptedRisks);l&&(l.clear(),l.unmount());const te=v?{ignored:[],outdated:[]}:Rt(e,{depFields:i.depFields,dev:s.dev,exclude:y.exclude,ignore:y.ignore,include:y.include,packageMode:y.packageMode,peer:x,prod:s.prod,target:y.target});if(te.outdated.length>0){const R=new Set(D.map(j=>`${j.catalogName}|${j.packageName}`));for(const j of te.outdated)R.has(`${j.catalogName}|${j.packageName}`)||D.push(j)}if(te.ignored.length>0)for(const R of te.ignored)_.includes(R)||_.push(R);const we=b-D.length-T.length;if(T.length>0&&o.warn(`Failed to fetch: ${T.join(", ")}`),_.length>0&&o.info(`Skipped ${String(_.length)} ignored package${_.length===1?"":"s"}: ${_.join(", ")}`),!k&&b>D.length){const R=[...$.values()].reduce((X,ce)=>X+ce.size,0),j=R>b?` (${String(R)} catalog entries, ${String(R-b)} duplicates)`:"";o.info(`Checked ${String(b)} unique packages${j}: ${String(D.length)} outdated, ${String(we)} up-to-date${T.length>0?`, ${String(T.length)} failed`:""}${N.length>0?`, ${String(N.length)} skipped by target`:""}`)}if(D.length===0)return N.length>0?o.info(`All catalog dependencies are up to date within the current target.
|
|
26
|
+
${String(N.length)} package${N.length===1?" has":"s have"} newer versions available with --target latest:
|
|
27
|
+
${N.map(R=>` ${R.packageName} ${R.currentRange} → ${R.newRange} (${R.updateType})`).join(`
|
|
28
|
+
`)}`):o.info("All catalog dependencies are up to date."),me;const F=s.format??i.format??"table";let W;if(s.ai){const R=Dt(s.aiType??"impact");W=await Ot(D,o,n.ai,R)}const ne=!!s.dryRun;if(!ne&&r.length>0&&s.marshallCheck!==!1){const R=await Vt(r);if(R.length>0){const j=await _t(R,{config:n?.security?.marshalls,workspaceRoot:e});if(!await Mt(j))return process.exitCode=1,{applied:!1,canceled:!0,jsonEmitted:!1}}}if(k&&F==="table"){const R=new Lt(D,W??null);let j;if(s.changelog){o.info("Fetching changelogs...");const I=await He(D,void 0,h);j=new Map;for(const B of I){const z=B.releaseUrl??B.repoUrl??B.npmUrl;z&&j.set(B.packageName,z)}}const X=n.tui?.autoExit??!1,ce=X===!0?3:typeof X=="number"?X:0,ve=await xe(M.createElement(Ht,{autoExitSeconds:ce,changelogUrls:j,checkedCount:b,filteredOutEntries:N,isDryRun:ne,store:R,totalCatalogEntries:p}),{alternateScreen:!0,exitOnCtrlC:!1,interactive:!0,patchConsole:!0}).waitUntilExit(),le=process.stdout.columns||80;process.stdout.write(`
|
|
29
|
+
`);for(const I of D){const B=I.vulnerabilities?.length||I.socketReport&&I.socketReport.alerts.length>0,z=!!I.acceptedRisk,ue=B?z?"✓":"⚠":"✓",it=z?"gray":I.updateType==="major"?"red":I.updateType==="minor"?"yellow":"green",oe=I.socketReport?.score.overall,at=oe===void 0?"":` [${String(Math.round(oe*100))}%]`,be=oe===void 0?void 0:At(oe);process.stdout.write(`${pe(M.createElement(L,null," ",M.createElement(L,{color:it},ue),` ${I.packageName} ${I.currentRange} → ${I.newRange}`,M.createElement(L,{dimColor:!0},` ${I.updateType}`),be?M.createElement(L,{color:be},at):null),{columns:le})}
|
|
30
30
|
`)}if(process.stdout.write(`
|
|
31
|
-
`),o.info(
|
|
32
|
-
`);const
|
|
33
|
-
`);for(const
|
|
34
|
-
`)}const
|
|
35
|
-
Applying ${String(
|
|
36
|
-
`);const
|
|
37
|
-
`)}else o.info(`Would update ${String(
|
|
38
|
-
`),
|
|
39
|
-
`),
|
|
40
|
-
${G("✖")} Update failed (exit code ${String(
|
|
41
|
-
`),process.exitCode=
|
|
42
|
-
${G("✖")} Update failed (exit code ${String(f)})`),o.error(` Command: ${
|
|
43
|
-
`),process.exitCode=f,{applied:!1,canceled:!1,jsonEmitted:!1}}return{applied:!0,canceled:!1,jsonEmitted:!1}},
|
|
44
|
-
Continue? [y/N] `,i)})).trim().toLowerCase();return o==="y"||o==="yes"?!0:(
|
|
45
|
-
`);else if(a!=="minimal"){const m
|
|
46
|
-
${
|
|
47
|
-
${
|
|
48
|
-
${String(f.length)} ecosystem reference${f.length===1?"":"s"} updated.`),g.length>0){s.warn(`${
|
|
31
|
+
`),o.info(Fe(D,E)),b>D.length){const I=[...$.values()].reduce((z,ue)=>z+ue.size,0),B=I>b?` (${String(I)} catalog entries, ${String(I-b)} duplicates)`:"";o.log(),o.info(`Checked ${String(b)} unique packages${B}: ${String(we)} up-to-date${T.length>0?`, ${String(T.length)} failed`:""}`)}if(N.length>0){process.stdout.write(`
|
|
32
|
+
`);const I=`${String(N.length)} package${N.length===1?"":"s"} skipped by target constraint (use --target latest to include):`;process.stdout.write(`${pe(M.createElement(L,{color:"yellow"},` ${I}`),{columns:le})}
|
|
33
|
+
`);for(const B of N)process.stdout.write(`${pe(M.createElement(L,null," ",M.createElement(L,{dimColor:!0},B.packageName),` ${B.currentRange} → ${B.newRange}`,M.createElement(L,{dimColor:!0},` ${B.updateType}`)),{columns:le})}
|
|
34
|
+
`)}const se=Array.isArray(ve)?ve:[];if(se.length>0&&!ne){o.info(`
|
|
35
|
+
Applying ${String(se.length)} updates...
|
|
36
|
+
`);const I={...s,install:s.install??i.install};return await Me(e,t,se,I,o,h,n.editorconfig??!0),{applied:!0,canceled:!1,jsonEmitted:!1}}return{applied:!1,canceled:se.length===0,jsonEmitted:!1}}if(ne){if(F==="json"){const R={failed:T,filteredByTarget:N,ignored:_,outdated:D};W&&(R.aiAnalysis=W),process.stdout.write(`${JSON.stringify(R,void 0,2)}
|
|
37
|
+
`)}else o.info(`Would update ${String(D.length)} dependencies:
|
|
38
|
+
`),_e(D,T,F,o,E),W&&(o.info(""),o.info(Ae(W))),Ve(N,o);return{applied:!1,canceled:!1,jsonEmitted:F==="json"}}W&&F!=="json"&&(o.info(Ae(W)),o.info(""));let Y=D;if(s.interactive&&(Y=await xt(D),Y.length===0))return o.info("No updates selected."),{applied:!1,canceled:!0,jsonEmitted:!1};o.info(`Updating ${String(Y.length)} catalog dependencies...
|
|
39
|
+
`),_e(Y,[],F,o,E),Ve(N,o);const rt={...s,install:s.install??i.install};return await Me(e,t,Y,rt,o,h),{applied:!0,canceled:!1,jsonEmitted:F==="json"}},Ss=async(e,t,n,s,r,o)=>{if(s["ignore-release-age"]===!0){const u=ke(e,t),f=typeof u.minutes=="number"&&u.minutes>0;if(f&&r.length>0){const g=r.map(m=>Je(m).name);ot(o,t,st(t,e,g))}else f&&o.warn(`${O("⚠")} --ignore-release-age without package names can't pre-exempt packages in pm-wrapper mode (vis doesn't know which will change). Pass explicit package names, use catalog mode, or lower the gate in ${nt[t]??"your package manager config"}.`)}const i={dev:s.dev,filters:q(s.filter),global:s.global,interactive:s.interactive,latest:s.latest||s.target==="latest",noOptional:s.optional===!1,noSave:s.save===!1,packages:r,prod:s.prod,recursive:s.recursive,workspaceRoot:s.workspaceRoot},{command:a,warnings:d}=Qt(t,n,i);for(const u of d)o.warn(u);const c=`${a.bin} ${a.args.join(" ")}`.trim();if(s.dryRun)return o.info(`Would run: ${c}`),me;o.info(`Running: ${c}`);try{const{code:u,output:f}=await ze(a.bin,a.args,{cwd:e,env:process.env});if(u!==0)return o.error(`
|
|
40
|
+
${G("✖")} Update failed (exit code ${String(u)})`),o.error(` Command: ${c}`),o.error(` Directory: ${e}
|
|
41
|
+
`),process.exitCode=u,{applied:!1,canceled:!1,jsonEmitted:!1};s.peer!==!0&&Ge(f)&&o.info(Ke)}catch(u){const f=u.status??1;return o.error(`
|
|
42
|
+
${G("✖")} Update failed (exit code ${String(f)})`),o.error(` Command: ${c}`),o.error(` Directory: ${e}
|
|
43
|
+
`),process.exitCode=f,{applied:!1,canceled:!1,jsonEmitted:!1}}return{applied:!0,canceled:!1,jsonEmitted:!1}},Es=async(e,t,n)=>{const s=e.latest===!0||e.target==="latest";if(t||!s||e.dryRun===!0||e.yes===!0||e.interactive===!0)return!0;if(!(process.stdout.isTTY&&!ae))return n.error(`${G("✖")} Refusing to run blanket --latest update in a non-interactive context.`),n.error(" Re-run with --yes to confirm, --dry-run to preview, or pass explicit package names."),process.exitCode=1,!1;const r=qe({input:process.stdin,output:process.stdout});try{const o=(await new Promise(i=>{r.question(`${O("⚠")} About to upgrade ALL dependencies to their latest versions. This may include breaking changes.
|
|
44
|
+
Continue? [y/N] `,i)})).trim().toLowerCase();return o==="y"||o==="yes"?!0:(n.info("Aborted."),!1)}finally{r.close()}},Cs=(e,t)=>{const n=new Set;e.actions===!1&&n.add("actions"),e.docker===!1&&n.add("docker"),e.gitlab===!1&&n.add("gitlab");const s=e.style??"sha";if(s!=="sha"&&s!=="preserve")throw new Error(`Invalid --style "${s}". Use: sha or preserve.`);const r=e.latest===!0?"latest":e.target??"latest";if(r!=="latest"&&r!=="minor"&&r!=="patch")throw new Error(`Invalid target "${r}". Use: latest, minor, or patch.`);const o=r,i=t.update??{};return{disabled:n,exclude:[...q(e.exclude),...q(i.exclude)],githubToken:e.actionsToken??void 0,gitlabToken:e.gitlabToken??void 0,include:q(e.include),includeBranches:e.includeBranches===!0,maxConcurrentRequests:typeof e.maxConcurrentRequests=="number"&&e.maxConcurrentRequests>0?e.maxConcurrentRequests:8,minAgeDays:typeof i.minimumReleaseAge=="number"&&i.minimumReleaseAge>0?i.minimumReleaseAge/1440:void 0,mode:o,respectDependabotConfig:!0,style:s}},Ts=(e,t)=>e.dryRun===!0||process.exitCode!==void 0&&process.exitCode!==0||t.canceled?!1:e.yes===!0?!0:e.interactive===!0&&!!process.stdout.isTTY&&!ae,js=async(e,t,n,s,r)=>{const o=Cs(t,n);if(o.disabled.size===3)return;let i;try{i=await gs({options:o,workspaceRoot:e})}catch(m){s.warn(`${O("⚠")} Ecosystem update scan failed: ${m.message}`);return}if(i.scanned===0)return i;const a=t.format??"table",d=!!t.dryRun,c=Ts(t,r);if(a==="json")r.jsonEmitted?s.warn(`${O("⚠")} ${String(i.updates.length)} ecosystem update${i.updates.length===1?"":"s"} available but not emitted in --format=json (catalog already wrote one JSON document). Rerun with --format=table or --no-catalog to see them.`):process.stdout.write(`${ys(i)}
|
|
45
|
+
`);else if(a!=="minimal"){const m=$s(i,{previewOnly:!c&&!d,showIgnored:t.interactive===!0});m&&s.info(m)}if(i.updates.length===0)return i;if(d)return a==="minimal"&&s.info(`
|
|
46
|
+
${O("ℹ")} ${String(i.updates.length)} ecosystem reference${i.updates.length===1?"":"s"} can be bumped — not applied (--dry-run). Re-run without --dry-run and with \`--interactive\` or \`--yes\` to apply.`),i;if(!c)return a==="minimal"&&s.info(`
|
|
47
|
+
${O("ℹ")} ${String(i.updates.length)} ecosystem reference${i.updates.length===1?"":"s"} can be bumped — not applied automatically. Re-run with \`--interactive\` to choose, or \`--yes\` to apply all (or \`--no-actions\` / \`--no-docker\` / \`--no-gitlab\` to silence by ecosystem).`),i;let u=i.updates;if(t.interactive===!0&&process.stdout.isTTY&&!ae&&(u=await vs(i.updates),u.length===0))return s.info(`${O("ℹ")} No ecosystem updates selected.`),i;const{applied:f,skipped:g}=jn(u);if(f.length>0&&s.info(`
|
|
48
|
+
${String(f.length)} ecosystem reference${f.length===1?"":"s"} updated.`),g.length>0){s.warn(`${O("⚠")} ${String(g.length)} ecosystem update${g.length===1?"":"s"} skipped:`);for(const m of g)s.warn(` ${m.update.name} (${m.update.file}:${String(m.update.line)}): ${m.reason}`)}return i},Is=e=>{const t=e.style;if(t!==void 0&&t!=="sha"&&t!=="preserve")throw new Error(`Invalid --style "${t}". Use: sha or preserve.`);const n=e.target;if(n!==void 0&&n!=="latest"&&n!=="minor"&&n!=="patch")throw new Error(`Invalid --target "${n}". Use: latest, minor, or patch.`)},Js=async({argument:e,logger:t,options:n,visConfig:s,workspaceRoot:r})=>{if(!r)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");Is(n);let o=e;const i=r,{packageManager:a}=ft(i);if(n.typosquatCheck!==!1){if(o.length>0){const u=o.map(m=>Je(m)),f=s?.security?.typosquatAllowlist,g=await qt(u.map(m=>m.name),f);if(!g.ok){process.exitCode=1;return}o=u.map((m,h)=>{const v=g.packages[h];return v!==m.name?m.versionSpec?`${v}@${m.versionSpec}`:v??"":o[h]??""})}else if(!await Wt(i,s?.security?.typosquatAllowlist)){process.exitCode=1;return}}if(n.rollback){if(!gt(i,a)){t.info("No backup found. Run 'vis update' first to create a backup.");return}if(mt(i,a))t.info("Restored from backup.");else throw new Error("Failed to restore from backup.");return}if(!await Es(n,o.length>0,t))return;const d=n.catalog!==!1&&ht(i,a);let c;if(d)c=await As(i,a,s??{},n,o,t);else{const u=Bt(i,{configBackend:s?.install?.backend,configCorepack:s?.install?.corepack}),f=u.name==="aube"?"":$t(u.name);c=await Ss(i,u.name,f,n,o,t)}o.length===0&&await js(i,n,s??{},t,c)};export{st as addReleaseAgeExcludesForInstall,Js as default,Ks as formatMinutesAsTimeString,bs as parseNpmReleaseAgeValue,tt as parseTimeStringToMinutes,ke as readPmNativeMinimumReleaseAge,Es as requireBlanketUpdateConfirmation,js as runEcosystemUpdate,Ts as shouldApplyEcosystem};
|