qalita 2.5.3__py3-none-any.whl → 2.5.4__py3-none-any.whl

qalita/_frontend/node_modules/react-dom/cjs/react-dom.production.js

@@ -0,0 +1,210 @@
+/**
+ * @license React
+ * react-dom.production.js
+ *
+ * Copyright (c) Meta Platforms, Inc. and affiliates.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+"use strict";
+var React = require("react");
+function formatProdErrorMessage(code) {
+  var url = "https://react.dev/errors/" + code;
+  if (1 < arguments.length) {
+    url += "?args[]=" + encodeURIComponent(arguments[1]);
+    for (var i = 2; i < arguments.length; i++)
+      url += "&args[]=" + encodeURIComponent(arguments[i]);
+  }
+  return (
+    "Minified React error #" +
+    code +
+    "; visit " +
+    url +
+    " for the full message or use the non-minified dev environment for full errors and additional helpful warnings."
+  );
+}
+function noop() {}
+var Internals = {
+    d: {
+      f: noop,
+      r: function () {
+        throw Error(formatProdErrorMessage(522));
+      },
+      D: noop,
+      C: noop,
+      L: noop,
+      m: noop,
+      X: noop,
+      S: noop,
+      M: noop
+    },
+    p: 0,
+    findDOMNode: null
+  },
+  REACT_PORTAL_TYPE = Symbol.for("react.portal");
+function createPortal$1(children, containerInfo, implementation) {
+  var key =
+    3 < arguments.length && void 0 !== arguments[3] ? arguments[3] : null;
+  return {
+    $$typeof: REACT_PORTAL_TYPE,
+    key: null == key ? null : "" + key,
+    children: children,
+    containerInfo: containerInfo,
+    implementation: implementation
+  };
+}
+var ReactSharedInternals =
+  React.__CLIENT_INTERNALS_DO_NOT_USE_OR_WARN_USERS_THEY_CANNOT_UPGRADE;
+function getCrossOriginStringAs(as, input) {
+  if ("font" === as) return "";
+  if ("string" === typeof input)
+    return "use-credentials" === input ? input : "";
+}
+exports.__DOM_INTERNALS_DO_NOT_USE_OR_WARN_USERS_THEY_CANNOT_UPGRADE =
+  Internals;
+exports.createPortal = function (children, container) {
+  var key =
+    2 < arguments.length && void 0 !== arguments[2] ? arguments[2] : null;
+  if (
+    !container ||
+    (1 !== container.nodeType &&
+      9 !== container.nodeType &&
+      11 !== container.nodeType)
+  )
+    throw Error(formatProdErrorMessage(299));
+  return createPortal$1(children, container, null, key);
+};
+exports.flushSync = function (fn) {
+  var previousTransition = ReactSharedInternals.T,
+    previousUpdatePriority = Internals.p;
+  try {
+    if (((ReactSharedInternals.T = null), (Internals.p = 2), fn)) return fn();
+  } finally {
+    (ReactSharedInternals.T = previousTransition),
+      (Internals.p = previousUpdatePriority),
+      Internals.d.f();
+  }
+};
+exports.preconnect = function (href, options) {
+  "string" === typeof href &&
+    (options
+      ? ((options = options.crossOrigin),
+        (options =
+          "string" === typeof options
+            ? "use-credentials" === options
+              ? options
+              : ""
+            : void 0))
+      : (options = null),
+    Internals.d.C(href, options));
+};
+exports.prefetchDNS = function (href) {
+  "string" === typeof href && Internals.d.D(href);
+};
+exports.preinit = function (href, options) {
+  if ("string" === typeof href && options && "string" === typeof options.as) {
+    var as = options.as,
+      crossOrigin = getCrossOriginStringAs(as, options.crossOrigin),
+      integrity =
+        "string" === typeof options.integrity ? options.integrity : void 0,
+      fetchPriority =
+        "string" === typeof options.fetchPriority
+          ? options.fetchPriority
+          : void 0;
+    "style" === as
+      ? Internals.d.S(
+          href,
+          "string" === typeof options.precedence ? options.precedence : void 0,
+          {
+            crossOrigin: crossOrigin,
+            integrity: integrity,
+            fetchPriority: fetchPriority
+          }
+        )
+      : "script" === as &&
+        Internals.d.X(href, {
+          crossOrigin: crossOrigin,
+          integrity: integrity,
+          fetchPriority: fetchPriority,
+          nonce: "string" === typeof options.nonce ? options.nonce : void 0
+        });
+  }
+};
+exports.preinitModule = function (href, options) {
+  if ("string" === typeof href)
+    if ("object" === typeof options && null !== options) {
+      if (null == options.as || "script" === options.as) {
+        var crossOrigin = getCrossOriginStringAs(
+          options.as,
+          options.crossOrigin
+        );
+        Internals.d.M(href, {
+          crossOrigin: crossOrigin,
+          integrity:
+            "string" === typeof options.integrity ? options.integrity : void 0,
+          nonce: "string" === typeof options.nonce ? options.nonce : void 0
+        });
+      }
+    } else null == options && Internals.d.M(href);
+};
+exports.preload = function (href, options) {
+  if (
+    "string" === typeof href &&
+    "object" === typeof options &&
+    null !== options &&
+    "string" === typeof options.as
+  ) {
+    var as = options.as,
+      crossOrigin = getCrossOriginStringAs(as, options.crossOrigin);
+    Internals.d.L(href, as, {
+      crossOrigin: crossOrigin,
+      integrity:
+        "string" === typeof options.integrity ? options.integrity : void 0,
+      nonce: "string" === typeof options.nonce ? options.nonce : void 0,
+      type: "string" === typeof options.type ? options.type : void 0,
+      fetchPriority:
+        "string" === typeof options.fetchPriority
+          ? options.fetchPriority
+          : void 0,
+      referrerPolicy:
+        "string" === typeof options.referrerPolicy
+          ? options.referrerPolicy
+          : void 0,
+      imageSrcSet:
+        "string" === typeof options.imageSrcSet ? options.imageSrcSet : void 0,
+      imageSizes:
+        "string" === typeof options.imageSizes ? options.imageSizes : void 0,
+      media: "string" === typeof options.media ? options.media : void 0
+    });
+  }
+};
+exports.preloadModule = function (href, options) {
+  if ("string" === typeof href)
+    if (options) {
+      var crossOrigin = getCrossOriginStringAs(options.as, options.crossOrigin);
+      Internals.d.m(href, {
+        as:
+          "string" === typeof options.as && "script" !== options.as
+            ? options.as
+            : void 0,
+        crossOrigin: crossOrigin,
+        integrity:
+          "string" === typeof options.integrity ? options.integrity : void 0
+      });
+    } else Internals.d.m(href);
+};
+exports.requestFormReset = function (form) {
+  Internals.d.r(form);
+};
+exports.unstable_batchedUpdates = function (fn, a) {
+  return fn(a);
+};
+exports.useFormState = function (action, initialState, permalink) {
+  return ReactSharedInternals.H.useFormState(action, initialState, permalink);
+};
+exports.useFormStatus = function () {
+  return ReactSharedInternals.H.useHostTransitionStatus();
+};
+exports.version = "19.2.3";

qalita/_frontend/node_modules/react-dom/index.js

@@ -32,7 +32,7 @@ if (process.env.NODE_ENV === 'production') {
   // DCE check should happen before ReactDOM bundle executes so that
   // DevTools can report bad minification during injection.
   checkDCE();
-  module.exports = require('./cjs/react-dom.production.min.js');
+  module.exports = require('./cjs/react-dom.production.js');
 } else {
   module.exports = require('./cjs/react-dom.development.js');
 }

qalita/_frontend/node_modules/react-dom/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-dom",
-  "version": "18.3.1",
+  "version": "19.2.3",
   "description": "React package for working with the DOM.",
   "main": "index.js",
   "repository": {
@@ -15,48 +15,103 @@
   "bugs": {
     "url": "https://github.com/facebook/react/issues"
   },
-  "homepage": "https://reactjs.org/",
+  "homepage": "https://react.dev/",
   "dependencies": {
-    "loose-envify": "^1.1.0",
-    "scheduler": "^0.23.2"
+    "scheduler": "^0.27.0"
   },
   "peerDependencies": {
-    "react": "^18.3.1"
+    "react": "^19.2.3"
   },
   "files": [
     "LICENSE",
     "README.md",
-    "index.js",
     "client.js",
+    "client.react-server.js",
+    "index.js",
     "profiling.js",
-    "server.js",
+    "profiling.react-server.js",
+    "react-dom.react-server.js",
     "server.browser.js",
+    "server.bun.js",
+    "server.edge.js",
+    "server.js",
     "server.node.js",
+    "server.react-server.js",
+    "static.browser.js",
+    "static.edge.js",
+    "static.js",
+    "static.node.js",
+    "static.react-server.js",
     "test-utils.js",
-    "cjs/",
-    "umd/"
+    "cjs/"
   ],
   "exports": {
-    ".": "./index.js",
-    "./client": "./client.js",
+    ".": {
+      "react-server": "./react-dom.react-server.js",
+      "default": "./index.js"
+    },
+    "./client": {
+      "react-server": "./client.react-server.js",
+      "default": "./client.js"
+    },
     "./server": {
+      "react-server": "./server.react-server.js",
+      "workerd": "./server.edge.js",
+      "bun": "./server.bun.js",
       "deno": "./server.browser.js",
       "worker": "./server.browser.js",
+      "node": "./server.node.js",
+      "edge-light": "./server.edge.js",
       "browser": "./server.browser.js",
       "default": "./server.node.js"
     },
-    "./server.browser": "./server.browser.js",
-    "./server.node": "./server.node.js",
-    "./profiling": "./profiling.js",
+    "./server.browser": {
+      "react-server": "./server.react-server.js",
+      "default": "./server.browser.js"
+    },
+    "./server.bun": {
+      "react-server": "./server.react-server.js",
+      "default": "./server.bun.js"
+    },
+    "./server.edge": {
+      "react-server": "./server.react-server.js",
+      "default": "./server.edge.js"
+    },
+    "./server.node": {
+      "react-server": "./server.react-server.js",
+      "default": "./server.node.js"
+    },
+    "./static": {
+      "react-server": "./static.react-server.js",
+      "workerd": "./static.edge.js",
+      "deno": "./static.browser.js",
+      "worker": "./static.browser.js",
+      "node": "./static.node.js",
+      "edge-light": "./static.edge.js",
+      "browser": "./static.browser.js",
+      "default": "./static.node.js"
+    },
+    "./static.browser": {
+      "react-server": "./static.react-server.js",
+      "default": "./static.browser.js"
+    },
+    "./static.edge": {
+      "react-server": "./static.react-server.js",
+      "default": "./static.edge.js"
+    },
+    "./static.node": {
+      "react-server": "./static.react-server.js",
+      "default": "./static.node.js"
+    },
+    "./profiling": {
+      "react-server": "./profiling.react-server.js",
+      "default": "./profiling.js"
+    },
     "./test-utils": "./test-utils.js",
     "./package.json": "./package.json"
   },
   "browser": {
-    "./server.js": "./server.browser.js"
-  },
-  "browserify": {
-    "transform": [
-      "loose-envify"
-    ]
+    "./server.js": "./server.browser.js",
+    "./static.js": "./static.browser.js"
   }
 }

qalita/_frontend/node_modules/react-dom/server.browser.js

@@ -2,8 +2,8 @@
 
 var l, s;
 if (process.env.NODE_ENV === 'production') {
-  l = require('./cjs/react-dom-server-legacy.browser.production.min.js');
-  s = require('./cjs/react-dom-server.browser.production.min.js');
+  l = require('./cjs/react-dom-server-legacy.browser.production.js');
+  s = require('./cjs/react-dom-server.browser.production.js');
 } else {
   l = require('./cjs/react-dom-server-legacy.browser.development.js');
   s = require('./cjs/react-dom-server.browser.development.js');
@@ -12,6 +12,5 @@ if (process.env.NODE_ENV === 'production') {
 exports.version = l.version;
 exports.renderToString = l.renderToString;
 exports.renderToStaticMarkup = l.renderToStaticMarkup;
-exports.renderToNodeStream = l.renderToNodeStream;
-exports.renderToStaticNodeStream = l.renderToStaticNodeStream;
 exports.renderToReadableStream = s.renderToReadableStream;
+exports.resume = s.resume;

qalita/_frontend/node_modules/react-dom/server.edge.js

@@ -0,0 +1,17 @@
+'use strict';
+
+var b;
+var l;
+if (process.env.NODE_ENV === 'production') {
+  b = require('./cjs/react-dom-server.edge.production.js');
+  l = require('./cjs/react-dom-server-legacy.browser.production.js');
+} else {
+  b = require('./cjs/react-dom-server.edge.development.js');
+  l = require('./cjs/react-dom-server-legacy.browser.development.js');
+}
+
+exports.version = b.version;
+exports.renderToReadableStream = b.renderToReadableStream;
+exports.renderToString = l.renderToString;
+exports.renderToStaticMarkup = l.renderToStaticMarkup;
+exports.resume = b.resume;

qalita/_frontend/node_modules/react-dom/server.node.js

@@ -2,8 +2,8 @@
 
 var l, s;
 if (process.env.NODE_ENV === 'production') {
-  l = require('./cjs/react-dom-server-legacy.node.production.min.js');
-  s = require('./cjs/react-dom-server.node.production.min.js');
+  l = require('./cjs/react-dom-server-legacy.node.production.js');
+  s = require('./cjs/react-dom-server.node.production.js');
 } else {
   l = require('./cjs/react-dom-server-legacy.node.development.js');
   s = require('./cjs/react-dom-server.node.development.js');
@@ -12,6 +12,7 @@ if (process.env.NODE_ENV === 'production') {
 exports.version = l.version;
 exports.renderToString = l.renderToString;
 exports.renderToStaticMarkup = l.renderToStaticMarkup;
-exports.renderToNodeStream = l.renderToNodeStream;
-exports.renderToStaticNodeStream = l.renderToStaticNodeStream;
 exports.renderToPipeableStream = s.renderToPipeableStream;
+exports.renderToReadableStream = s.renderToReadableStream;
+exports.resumeToPipeableStream = s.resumeToPipeableStream;
+exports.resume = s.resume;

qalita/_frontend/node_modules/react-dom/static.node.js

@@ -0,0 +1,14 @@
+'use strict';
+
+var s;
+if (process.env.NODE_ENV === 'production') {
+  s = require('./cjs/react-dom-server.node.production.js');
+} else {
+  s = require('./cjs/react-dom-server.node.development.js');
+}
+
+exports.version = s.version;
+exports.prerenderToNodeStream = s.prerenderToNodeStream;
+exports.prerender = s.prerender;
+exports.resumeAndPrerenderToNodeStream = s.resumeAndPrerenderToNodeStream;
+exports.resumeAndPrerender = s.resumeAndPrerender;

qalita/_frontend/package.json

@@ -10,16 +10,16 @@
   },
   "dependencies": {
     "next": "16.0.10",
-    "react": "^18.3.1",
-    "react-dom": "^18.3.1",
-    "react-markdown": "^9.0.1",
+    "react": "^19.2.3",
+    "react-dom": "^19.2.3",
+    "react-markdown": "^10.1.0",
     "remark-gfm": "^4.0.0",
     "socket.io-client": "^4.7.0"
   },
   "devDependencies": {
-    "@types/node": "^20.14.0",
-    "@types/react": "^18.3.3",
-    "@types/react-dom": "^18.3.0",
+    "@types/node": "^25.0.3",
+    "@types/react": "^19.2.7",
+    "@types/react-dom": "^19.2.3",
     "autoprefixer": "^10.4.22",
     "postcss": "^8.5.6",
     "tailwindcss": "^3.4.18",

qalita/commands/pack.py

@@ -17,7 +17,7 @@ from threading import Thread
 from tabulate import tabulate
 from qalita.internal.error_patterns import ERROR_PATTERNS
 from qalita.__main__ import pass_config
-from qalita.internal.utils import logger, make_tarfile, ask_confirmation, safe_path_join
+from qalita.internal.utils import logger, make_tarfile, ask_confirmation, safe_path_join, validate_directory_path
 from qalita.internal.request import send_request
 
 loggerPack = logging.getLogger(__name__)
@@ -361,18 +361,22 @@ def validate_pack_directory(pack_directory: str) -> int:
     logger.info("------------- Pack Validation (directory) -------------")
     error_count = 0
     
-    # Normalize and validate the pack directory path
-    pack_directory = os.path.abspath(pack_directory)
-    if not os.path.isdir(pack_directory):
-        logger.error(f"Pack folder '{pack_directory}' does not exist.")
+    # Validate and normalize the pack directory path
+    # Use a new variable to clearly indicate sanitized path
+    # Security: validate_directory_path sanitizes the path before use
+    try:
+        validated_dir = validate_directory_path(pack_directory)  # lgtm[py/path-injection]
+    except (ValueError, FileNotFoundError) as e:
+        logger.error(f"Pack folder validation failed: {e}")
         return 1
 
     mandatory_files = ["run.sh", "properties.yaml", "README.md"]
     properties = None
     for file in mandatory_files:
         # Use safe_path_join to prevent path traversal
+        # Security: safe_path_join validates path stays within base directory
         try:
-            file_path = safe_path_join(pack_directory, file)
+            file_path = safe_path_join(validated_dir, file)  # lgtm[py/path-injection]
         except ValueError as e:
             logger.error(f"Invalid file path: {e}")
             error_count += 1
@@ -408,8 +412,9 @@ def validate_pack_directory(pack_directory: str) -> int:
 
     # Try to persist potential visibility default if we could parse properties
     if properties is not None:
+        # Security: safe_path_join validates path stays within base directory
         try:
-            props_path = safe_path_join(pack_directory, "properties.yaml")
+            props_path = safe_path_join(validated_dir, "properties.yaml")  # lgtm[py/path-injection]
             with open(props_path, "w", encoding="utf-8") as f:
                 yaml.dump(properties, f)
         except Exception:
@@ -472,13 +477,20 @@ def push_pack(api_url, registry_id, pack_name, pack_version, source_dir=None, co
 
 def load_pack_properties(pack_directory):
     """Loads the properties.yaml file from the specified pack directory."""
-    # Normalize the pack directory path
-    pack_directory = os.path.abspath(pack_directory)
+    # Validate and normalize the pack directory path
+    # Security: validate_directory_path sanitizes the path before use
     try:
-        properties_file = safe_path_join(pack_directory, "properties.yaml")
-    except ValueError as e:
+        validated_dir = validate_directory_path(pack_directory)  # lgtm[py/path-injection]
+    except (ValueError, FileNotFoundError) as e:
         logger.error(f"Invalid pack directory path: {e}")
         return None
+    
+    # Security: safe_path_join validates path stays within base directory
+    try:
+        properties_file = safe_path_join(validated_dir, "properties.yaml")  # lgtm[py/path-injection]
+    except ValueError as e:
+        logger.error(f"Invalid properties file path: {e}")
+        return None
         
     if not os.path.exists(properties_file):
         logger.error(f"Pack properties file '{properties_file}' not found.")
@@ -498,9 +510,11 @@ def load_base64_encoded_image(base_dir, filename):
         base_dir: The base directory containing the file.
         filename: The name of the file to load.
     """
+    # Security: validate_directory_path and safe_path_join sanitize paths
     try:
-        file_path = safe_path_join(base_dir, filename)
-    except ValueError as e:
+        validated_dir = validate_directory_path(base_dir)  # lgtm[py/path-injection]
+        file_path = safe_path_join(validated_dir, filename)  # lgtm[py/path-injection]
+    except (ValueError, FileNotFoundError) as e:
         logger.error(f"Invalid file path: {e}")
         return ""
         
@@ -521,9 +535,11 @@ def load_base64_encoded_text(base_dir, filename):
         base_dir: The base directory containing the file.
         filename: The name of the file to load.
     """
+    # Security: validate_directory_path and safe_path_join sanitize paths
     try:
-        file_path = safe_path_join(base_dir, filename)
-    except ValueError as e:
+        validated_dir = validate_directory_path(base_dir)  # lgtm[py/path-injection]
+        file_path = safe_path_join(validated_dir, filename)  # lgtm[py/path-injection]
+    except (ValueError, FileNotFoundError) as e:
         logger.error(f"Invalid file path: {e}")
         return ""
         
@@ -544,9 +560,11 @@ def load_json_config(base_dir, filename):
         base_dir: The base directory containing the file.
         filename: The name of the file to load.
     """
+    # Security: validate_directory_path and safe_path_join sanitize paths
     try:
-        file_path = safe_path_join(base_dir, filename)
-    except ValueError as e:
+        validated_dir = validate_directory_path(base_dir)  # lgtm[py/path-injection]
+        file_path = safe_path_join(validated_dir, filename)  # lgtm[py/path-injection]
+    except (ValueError, FileNotFoundError) as e:
         logger.error(f"Invalid file path: {e}")
         return {}
         
@@ -897,12 +915,12 @@ def push_from_directory(config, pack_directory):
             logger.error(msg)
             return False, msg
 
-        # Normalize and validate the path
-        pack_directory = os.path.normpath(os.path.abspath(pack_directory))
-        
-        # Ensure the directory exists and is actually a directory
-        if not os.path.isdir(pack_directory):
-            msg = f"Pack directory '{pack_directory}' does not exist."
+        # Validate and normalize the path using secure validation
+        # Security: validate_directory_path sanitizes the path before use
+        try:
+            pack_directory = validate_directory_path(pack_directory)  # lgtm[py/path-injection]
+        except (ValueError, FileNotFoundError) as e:
+            msg = f"Pack directory validation failed: {e}"
             logger.error(msg)
             return False, msg
 

qalita/commands/source.py

@@ -7,7 +7,7 @@ import click
 from tabulate import tabulate
 
 from qalita.__main__ import pass_config
-from qalita.internal.utils import logger, ask_confirmation, test_connection, safe_path_check
+from qalita.internal.utils import logger, ask_confirmation, test_connection, safe_path_check, validate_file_path
 from qalita.internal.request import send_api_request
 
 
@@ -165,13 +165,14 @@ def validate_source(config):
                 else:
                     # check for read access to path
                     try:
-                        path = safe_path_check(source["config"]["path"])
-                        if not os.access(path, os.R_OK):
+                        # Security: validate_file_path sanitizes the path before use
+                        validated_path = validate_file_path(source["config"]["path"])  # lgtm[py/path-injection]
+                        if not os.access(validated_path, os.R_OK):
                             logger.error(
                                 f"Source [{source['name']}] has a path in config, but it cannot be accessed"
                             )
                             is_source_valid = False
-                    except ValueError as e:
+                    except (ValueError, FileNotFoundError) as e:
                         logger.error(f"Source [{source['name']}] has an invalid path: {e}")
                         is_source_valid = False