diff --git a/CLAUDE.md b/CLAUDE.md index 9e461ede..07c4a795 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -92,8 +92,11 @@ storage bindings:** `@ladybugdb/core` AND `@duckdb/node-api` are both removed (ADR 0019 supersedes ADR 0016). The write-only Parquet embeddings sidecar (BOM item #7) was dropped with DuckDB — nothing ever read it back; embeddings live in the `embeddings` table in `store.sqlite`. The code-pack -is now an 8-item BOM. (`onnxruntime-node`, the embedder, is the only -remaining native dep — optional, lazy under `--embeddings`.) +is now an 8-item BOM. **Zero native bindings, full stop:** the embedder is +`onnxruntime-web` (prebuilt WASM, in `optionalDependencies`, lazy under +`--embeddings`) — there is no `onnxruntime-node` and nothing compiles at +install. Parsing is WASM (`web-tree-sitter`) and the store is the built-in +`node:sqlite`, so the entire install is pure JS + WASM. Schema: one generic `nodes` table (typed base columns + `payload` JSON overflow for the 37 kind-specific shapes), one polymorphic diff --git a/packages/cli/package.json b/packages/cli/package.json index 85cfddc6..82af0eda 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -58,7 +58,6 @@ "listr2": "10.2.1", "lru-cache": "11.5.1", "piscina": "5.2.0", - "snyk-nodejs-lockfile-parser": "2.8.1", "web-tree-sitter": "0.26.9", "write-file-atomic": "8.0.0", "yaml": "2.9.0", diff --git a/packages/docs/src/content/docs/guides/troubleshooting.md b/packages/docs/src/content/docs/guides/troubleshooting.md index a5e4c7be..072bebe4 100644 --- a/packages/docs/src/content/docs/guides/troubleshooting.md +++ b/packages/docs/src/content/docs/guides/troubleshooting.md @@ -5,29 +5,32 @@ sidebar: order: 90 --- -## Native build failures +## Install / `node-gyp` build failures -Symptoms: `pnpm install` fails while building `@duckdb/node-api`. Error -mentions `node-gyp`, `python`, a C/C++ compiler, or `Visual Studio -Build Tools`. +Symptoms: `npm install -g @opencodehub/cli` (or `pnpm install` from a +checkout) fails with `node-gyp`, `python`, a C/C++ compiler, or `Visual +Studio Build Tools` in the error. -Fix: +OpenCodeHub installs with **zero native bindings**, so it never compiles +anything at install time. Every runtime component is pure JS or WASM: + +- Parsing is `web-tree-sitter` (WASM), with grammars vendored as `.wasm` + blobs — no native tree-sitter build. +- The store is a single-file SQLite index via the built-in `node:sqlite` + (Node ≥ 24.15) — no native database binding. +- The optional embedder is `onnxruntime-web` (prebuilt WASM), loaded lazily + only under `--embeddings` — no `onnxruntime-node`, no native ONNX build. + +So a `node-gyp` error almost always comes from an unrelated package in your +own project's tree, not from OpenCodeHub. Confirm with: -```bash title="probe the native toolchain" +```bash title="probe the environment" codehub doctor ``` -`doctor` checks Node version, the platform's C/C++ toolchain, and -whether each native module can load. Follow the remediation hints it -prints. - -The parse runtime is `web-tree-sitter` (WASM) on every supported Node -version, so a missing C/C++ toolchain does not break parsing. The only -native bindings OpenCodeHub loads are `@duckdb/node-api` (temporal store) -and `onnxruntime-node` (the local embedder) — both ship platform -prebuilds, so a normal install does not compile anything. If a prebuild -is missing for your platform, `codehub doctor` reports which module -failed to load and prints the remediation steps. +`doctor` checks the Node version and that each WASM/JS component loads. If +it reports green but your install still fails, the failing module belongs to +something else you are installing alongside the CLI. ## Stale index @@ -62,23 +65,14 @@ for the exact shape. ## Windows quirks -Parsing is WASM, so the parser needs no native toolchain on Windows. The -native bindings (`@duckdb/node-api`, `onnxruntime-node`) ship `win32-x64` -prebuilds, so a standard install pulls a binary rather than compiling. -If a prebuild is unavailable and a module has to build from source, you -need the Microsoft C++ Build Tools plus a matching Python for -`node-gyp`. In practice the fastest fix is to run everything under WSL2 — -WSL2 ships with a working toolchain out of the box and avoids path -separator issues. - -If you must stay on native Windows and a source build is forced: +OpenCodeHub has no native bindings, so a standard install never compiles +on Windows — parsing is WASM (`web-tree-sitter`), the store is the built-in +`node:sqlite`, and the optional embedder is `onnxruntime-web` (prebuilt +WASM). There is no C/C++ toolchain requirement. -1. Install Visual Studio Build Tools with the "Desktop development - with C++" workload. -2. Install Python from the Microsoft Store (Python 3.12). -3. `npm config set msvs_version 2022` and `npm config set python - python3.12`. -4. Re-run `pnpm install --frozen-lockfile`. +The remaining Windows friction is path-separator and shell quirks rather +than builds. If you hit those, the smoothest environment is WSL2, which +matches the POSIX paths the rest of the toolchain assumes. ## The index is missing a language I expected @@ -88,6 +82,26 @@ language without a native toolchain. If the language is not listed, it is not yet registered — see [adding a language provider](/opencodehub/contributing/adding-a-language-provider/). +## Deprecation warnings during `npm install -g @opencodehub/cli` + +Symptoms: `npm install -g @opencodehub/cli` prints `npm warn deprecated` +lines for transitive packages such as `glob@7.2.3` and `inflight@1.0.6`. + +These are cosmetic. They are deprecation notices npm emits for indirect +dependencies pulled in by a SCIP indexer the CLI ships +(`@sourcegraph/scip-python` → `glob` → `inflight`). They are not security +advisories: every published OpenCodeHub release passes osv-scanner, grype, +semgrep, and npm-audit in CI, and pinned `overrides` hold transitive +packages at patched versions. Nothing about the warnings affects install +correctness or runtime behaviour, and there is no action for you to take. + +The lockfile-parser warnings (`lodash.clone`, `lodash.isequal`, `uuid@8`) +that earlier releases also emitted are gone as of the native lockfile +parser — the CLI no longer bundles a third-party resolver for dependency +ingestion. The remaining `glob`/`inflight` pair originates inside the +upstream indexer and is tracked for removal once that package updates its +own dependencies. + ## More help - `codehub doctor --verbose` dumps every probe the doctor runs. diff --git a/packages/ingestion/package.json b/packages/ingestion/package.json index 0c868a5c..fcf4ecad 100644 --- a/packages/ingestion/package.json +++ b/packages/ingestion/package.json @@ -55,7 +55,6 @@ "graphology": "0.26.0", "graphology-dag": "0.4.1", "piscina": "5.2.0", - "snyk-nodejs-lockfile-parser": "2.8.1", "spdx-correct": "^3.2.0", "web-tree-sitter": "0.26.9", "write-file-atomic": "8.0.0" diff --git a/packages/ingestion/src/pipeline/dep-parsers/npm.test.ts b/packages/ingestion/src/pipeline/dep-parsers/npm.test.ts index a74a434c..89be1933 100644 --- a/packages/ingestion/src/pipeline/dep-parsers/npm.test.ts +++ b/packages/ingestion/src/pipeline/dep-parsers/npm.test.ts @@ -76,6 +76,242 @@ describe("parseNpmDeps — package-lock.json (lockfileVersion 2)", () => { }); }); +describe("parseNpmDeps — package-lock.json (lockfileVersion 3 + scoped + license)", () => { + let dir: string; + + before(async () => { + dir = await mkdtemp(path.join(tmpdir(), "och-npm-lock3-")); + await writeFile( + path.join(dir, "package.json"), + JSON.stringify({ name: "fixture", version: "2.0.0" }), + ); + // v3 lockfiles drop the legacy top-level `dependencies` mirror entirely + // and key everything under `packages`. Includes a scoped package and a + // `license` field to exercise the license join. + await writeFile( + path.join(dir, "package-lock.json"), + JSON.stringify({ + name: "fixture", + version: "2.0.0", + lockfileVersion: 3, + requires: true, + packages: { + "": { name: "fixture", version: "2.0.0" }, + "node_modules/left-pad": { version: "1.3.0", license: "WTFPL" }, + "node_modules/@scope/util": { version: "4.5.6", license: "MIT" }, + // Nested transitive (deduped npm layout) — still a resolved pkg. + "node_modules/left-pad/node_modules/semver": { version: "7.6.0" }, + }, + }), + ); + }); + + after(async () => { + await rm(dir, { recursive: true, force: true }); + }); + + it("emits every resolved package incl. scoped, nested, and license", async () => { + const warnings: string[] = []; + const out = await parseNpmDeps({ + absPath: path.join(dir, "package-lock.json"), + relPath: "package-lock.json", + repoRoot: dir, + onWarn: (m) => warnings.push(m), + }); + assert.equal(warnings.length, 0, `unexpected warnings: ${warnings.join("\n")}`); + const byName = new Map(out.map((d) => [d.name, d])); + assert.equal(byName.get("left-pad")?.version, "1.3.0"); + assert.equal(byName.get("left-pad")?.license, "WTFPL"); + assert.equal(byName.get("@scope/util")?.version, "4.5.6"); + assert.equal(byName.get("@scope/util")?.license, "MIT"); + // nested transitive captured by node_modules path tail + assert.equal(byName.get("semver")?.version, "7.6.0"); + // root project itself must NOT appear as a dependency + assert.equal(byName.has("fixture"), false); + }); +}); + +describe("parseNpmDeps — package-lock.json (legacy lockfileVersion 1)", () => { + let dir: string; + + before(async () => { + dir = await mkdtemp(path.join(tmpdir(), "och-npm-lock1-")); + await writeFile( + path.join(dir, "package.json"), + JSON.stringify({ name: "fixture", version: "1.0.0" }), + ); + // v1 has no `packages` map — only the nested `dependencies` tree. + await writeFile( + path.join(dir, "package-lock.json"), + JSON.stringify({ + name: "fixture", + version: "1.0.0", + lockfileVersion: 1, + requires: true, + dependencies: { + "left-pad": { version: "1.3.0" }, + minimist: { + version: "1.2.8", + dependencies: { "nested-dep": { version: "0.0.1" } }, + }, + }, + }), + ); + }); + + after(async () => { + await rm(dir, { recursive: true, force: true }); + }); + + it("walks the nested dependencies tree", async () => { + const out = await parseNpmDeps({ + absPath: path.join(dir, "package-lock.json"), + relPath: "package-lock.json", + repoRoot: dir, + onWarn: () => {}, + }); + const byName = new Map(out.map((d) => [d.name, d])); + assert.equal(byName.get("left-pad")?.version, "1.3.0"); + assert.equal(byName.get("minimist")?.version, "1.2.8"); + assert.equal(byName.get("nested-dep")?.version, "0.0.1"); + }); +}); + +describe("parseNpmDeps — pnpm-lock.yaml (v9 modern keys)", () => { + let dir: string; + + before(async () => { + dir = await mkdtemp(path.join(tmpdir(), "och-pnpm9-")); + await writeFile( + path.join(dir, "package.json"), + JSON.stringify({ name: "fixture", version: "1.0.0" }), + ); + // v9 keys are `name@version` / `@scope/name@version`, optionally with a + // `(peerHash)` suffix under both `packages:` and `snapshots:`. + await writeFile( + path.join(dir, "pnpm-lock.yaml"), + [ + "lockfileVersion: '9.0'", + "", + "packages:", + "", + " left-pad@1.3.0:", + " resolution: {integrity: sha512-fake==}", + "", + " '@scope/util@4.5.6':", + " resolution: {integrity: sha512-fake==}", + "", + " react-dom@18.2.0(react@18.2.0):", + " resolution: {integrity: sha512-fake==}", + "", + "snapshots:", + "", + " left-pad@1.3.0: {}", + "", + " '@scope/util@4.5.6': {}", + "", + ].join("\n"), + ); + }); + + after(async () => { + await rm(dir, { recursive: true, force: true }); + }); + + it("parses modern keys incl. scoped and peer-suffixed versions", async () => { + const warnings: string[] = []; + const out = await parseNpmDeps({ + absPath: path.join(dir, "pnpm-lock.yaml"), + relPath: "pnpm-lock.yaml", + repoRoot: dir, + onWarn: (m) => warnings.push(m), + }); + assert.equal(warnings.length, 0, `unexpected warnings: ${warnings.join("\n")}`); + const byName = new Map(out.map((d) => [d.name, d])); + assert.equal(byName.get("left-pad")?.version, "1.3.0"); + assert.equal(byName.get("@scope/util")?.version, "4.5.6"); + // peer suffix stripped to the bare version + assert.equal(byName.get("react-dom")?.version, "18.2.0"); + }); +}); + +describe("parseNpmDeps — pnpm-lock.yaml (legacy v6 slash keys)", () => { + let dir: string; + + before(async () => { + dir = await mkdtemp(path.join(tmpdir(), "och-pnpm6-")); + await writeFile( + path.join(dir, "package.json"), + JSON.stringify({ name: "fixture", version: "1.0.0" }), + ); + // v5/v6 keys are `/name/version` / `/@scope/name/version`, with optional + // `_peer` or `(peer)` suffix. + await writeFile( + path.join(dir, "pnpm-lock.yaml"), + [ + "lockfileVersion: '6.0'", + "", + "packages:", + "", + " /left-pad/1.3.0:", + " resolution: {integrity: sha512-fake==}", + "", + " /@scope/util/4.5.6:", + " resolution: {integrity: sha512-fake==}", + "", + " /react-dom/18.2.0_react@18.2.0:", + " resolution: {integrity: sha512-fake==}", + "", + ].join("\n"), + ); + }); + + after(async () => { + await rm(dir, { recursive: true, force: true }); + }); + + it("parses legacy slash keys incl. scoped and peer suffix", async () => { + const out = await parseNpmDeps({ + absPath: path.join(dir, "pnpm-lock.yaml"), + relPath: "pnpm-lock.yaml", + repoRoot: dir, + onWarn: () => {}, + }); + const byName = new Map(out.map((d) => [d.name, d])); + assert.equal(byName.get("left-pad")?.version, "1.3.0"); + assert.equal(byName.get("@scope/util")?.version, "4.5.6"); + assert.equal(byName.get("react-dom")?.version, "18.2.0"); + }); +}); + +describe("parseNpmDeps — lockfile without sibling package.json", () => { + let dir: string; + before(async () => { + dir = await mkdtemp(path.join(tmpdir(), "och-nolock-")); + await writeFile( + path.join(dir, "package-lock.json"), + JSON.stringify({ name: "x", version: "1.0.0", lockfileVersion: 3, packages: {} }), + ); + }); + after(async () => { + await rm(dir, { recursive: true, force: true }); + }); + it("warns about the missing manifest and returns []", async () => { + const warnings: string[] = []; + const out = await parseNpmDeps({ + absPath: path.join(dir, "package-lock.json"), + relPath: "package-lock.json", + repoRoot: dir, + onWarn: (m) => warnings.push(m), + }); + assert.deepEqual([...out], []); + assert.ok( + warnings.some((w) => w.includes("lacks sibling package.json")), + `expected sibling-manifest warning, got: ${warnings.join("\n")}`, + ); + }); +}); + describe("parseNpmDeps — bare package.json fallback", () => { let dir: string; diff --git a/packages/ingestion/src/pipeline/dep-parsers/npm.ts b/packages/ingestion/src/pipeline/dep-parsers/npm.ts index 8da16d72..0e1c640c 100644 --- a/packages/ingestion/src/pipeline/dep-parsers/npm.ts +++ b/packages/ingestion/src/pipeline/dep-parsers/npm.ts @@ -6,38 +6,37 @@ * - `pnpm-lock.yaml` — pnpm lockfile (5.x, 6.x, 9.x) * - `package.json` — fallback when no lockfile sits beside it * - * For lockfiles we lean on `snyk-nodejs-lockfile-parser` (Apache-2.0). - * The top-level `buildDepTree` shim only supports the legacy v1 - * lockfile format; we therefore call the ecosystem-specific dep-graph - * builders (`parseNpmLockV2Project`, `parsePnpmProject`) which handle - * lockfileVersion 2/3 and modern pnpm layouts. + * We parse every lockfile shape natively rather than delegating to a + * third-party resolver. What we need from a lockfile is exactly the flat + * set of resolved `name@version` pairs (the `DependencyNode` graph keys on + * that), and every modern lockfile already carries that set verbatim: + * - npm v2/v3 — the `packages` map keys each resolved install by its + * `node_modules/` path with a concrete `version`. + * - npm v1 — the nested `dependencies` tree carries `version` per node. + * - pnpm 5/6/9 — the `packages:` (and v9 `snapshots:`) section keys each + * resolved package as `@` (or legacy `//`). + * Reading those directly drops a heavyweight transitive dependency tree + * (snyk-nodejs-lockfile-parser pulled ~126 packages, including several + * deprecated ones that surfaced as `npm install` warnings for CLI users) + * and removes a runtime CJS graph that resisted bundling. License + * harvesting already scanned the same raw lockfile, so the package list and + * its licenses now come from one pass over one source of truth. * * For bare `package.json` (no lockfile), we parse top-level * `dependencies` + `devDependencies` directly — the version is the raw * semver specifier from the manifest (e.g. `^1.2.3`), which is the best * signal available without a resolver. * - * Errors (malformed JSON/YAML, snyk parser throws) are captured and - * reported via `onWarn`; the parser returns `[]` in that case. + * Errors (malformed JSON/YAML) are captured and reported via `onWarn`; the + * parser returns `[]` in that case. */ import { promises as fs } from "node:fs"; import path from "node:path"; -import { - InvalidUserInputError, - OutOfSyncError, - parseNpmLockV2Project, - parsePnpmProject, -} from "snyk-nodejs-lockfile-parser"; import type { ParseDepsFn, ParsedDependency } from "./types.js"; const NPM_ECO = "npm" as const; -/** Minimal shape we consume from the snyk DepGraph. */ -interface DepGraphLike { - getPkgs(): ReadonlyArray<{ name: string; version?: string }>; -} - /** * Dispatcher keyed on the final path segment. * `package.json` files are only parsed in "bare" mode when no lockfile @@ -69,33 +68,30 @@ async function parsePackageLock( relPath: string, onWarn: (m: string) => void, ): Promise { - const { manifestContents, lockContents } = await readManifestAndLock( - absPath, - relPath, - onWarn, - "package-lock.json", - ); - if (manifestContents === undefined || lockContents === undefined) return []; + // The sibling package.json is not needed to enumerate resolved packages + // (the lockfile is self-contained), but we still require it to exist so a + // stray lockfile with no project doesn't get parsed in isolation — this + // mirrors the prior behaviour where the parser demanded a manifest. + const { lockContents } = await readManifestAndLock(absPath, relPath, onWarn, "package-lock.json"); + if (lockContents === undefined) return []; - let graph: DepGraphLike; + let json: unknown; try { - graph = (await parseNpmLockV2Project(manifestContents, lockContents, { - includeDevDeps: true, - includeOptionalDeps: true, - strictOutOfSync: false, - pruneCycles: true, - })) as unknown as DepGraphLike; + json = JSON.parse(lockContents); } catch (err) { - if (err instanceof InvalidUserInputError || err instanceof OutOfSyncError) { - onWarn(`npm: ${relPath} parse error: ${err.message}`); - return []; - } - onWarn(`npm: ${relPath} parse error: ${err instanceof Error ? err.message : String(err)}`); + onWarn( + `npm: ${relPath} is not valid JSON: ${err instanceof Error ? err.message : String(err)}`, + ); + return []; + } + if (!isObject(json)) { + onWarn(`npm: ${relPath} top-level is not an object`); return []; } const licenses = harvestLicensesFromLockJson(lockContents); - return collectFromGraph(graph, relPath, licenses); + const pairs = collectNpmLockPairs(json); + return pairsToDeps(pairs, relPath, licenses); } async function parsePnpmLock( @@ -103,35 +99,185 @@ async function parsePnpmLock( relPath: string, onWarn: (m: string) => void, ): Promise { - const { manifestContents, lockContents } = await readManifestAndLock( - absPath, - relPath, - onWarn, - "pnpm-lock.yaml", - ); - if (manifestContents === undefined || lockContents === undefined) return []; - - let graph: DepGraphLike; - try { - graph = (await parsePnpmProject(manifestContents, lockContents, { - includeDevDeps: true, - includeOptionalDeps: true, - strictOutOfSync: false, - pruneWithinTopLevelDeps: true, - })) as unknown as DepGraphLike; - } catch (err) { - if (err instanceof InvalidUserInputError || err instanceof OutOfSyncError) { - onWarn(`npm: ${relPath} parse error: ${err.message}`); - return []; - } - onWarn(`npm: ${relPath} parse error: ${err instanceof Error ? err.message : String(err)}`); - return []; - } + const { lockContents } = await readManifestAndLock(absPath, relPath, onWarn, "pnpm-lock.yaml"); + if (lockContents === undefined) return []; // pnpm v9+ lockfiles inline `resolution.integrity` + optionally // per-snapshot licenses — harvest what's present, best-effort. const licenses = harvestLicensesFromPnpmLockYaml(lockContents); - return collectFromGraph(graph, relPath, licenses); + const pairs = collectPnpmLockPairs(lockContents); + if (pairs.size === 0) { + // A well-formed pnpm lock always lists at least one package once any + // dependency is installed; an empty set means either a deps-free project + // or a shape we failed to recognise. Either way `[]` is the safe result, + // but warn so a genuinely unparseable lock is visible. + onWarn(`npm: ${relPath} yielded no resolved packages (empty or unrecognised pnpm-lock shape)`); + } + return pairsToDeps(pairs, relPath, licenses); +} + +/** + * Resolved `name@version` pairs from a parsed `package-lock.json`. + * + * v2/v3: the `packages` map keys each install by its `node_modules/` + * path (the root project is the `""` key, which we skip). v1: the nested + * `dependencies` tree carries a `version` on every node. Modern npm writes + * both `packages` and a legacy `dependencies` mirror, so preferring + * `packages` when present avoids double-counting; we fall back to + * `dependencies` only for true v1 locks. + */ +function collectNpmLockPairs(json: Record): Set { + const out = new Set(); + const pkgs = json["packages"]; + if (isObject(pkgs)) { + for (const [lockPath, entry] of Object.entries(pkgs)) { + if (lockPath === "") continue; // root project, not a dependency + if (!isObject(entry)) continue; + const version = typeof entry["version"] === "string" ? entry["version"] : ""; + const name = + typeof entry["name"] === "string" && entry["name"].length > 0 + ? entry["name"] + : pathToPackageName(lockPath); + if (name === undefined || version === "") continue; + out.add(`${name}\x00${version}`); + } + if (out.size > 0) return out; + } + // Legacy v1 lockfile: walk the nested `dependencies` tree. + const deps = json["dependencies"]; + if (isObject(deps)) collectV1LockPairs(deps, out); + return out; +} + +function collectV1LockPairs(deps: Record, out: Set): void { + for (const [name, entry] of Object.entries(deps)) { + if (!isObject(entry)) continue; + const version = typeof entry["version"] === "string" ? entry["version"] : ""; + if (version !== "") out.add(`${name}\x00${version}`); + const nested = entry["dependencies"]; + if (isObject(nested)) collectV1LockPairs(nested, out); + } +} + +/** + * Resolved `name@version` pairs from raw `pnpm-lock.yaml` text. + * + * We scan the package keys instead of YAML-parsing the whole document — the + * same string-scanning approach the license harvester already uses, which + * keeps the (already-large) ingestion package free of a YAML dependency. The + * key shapes across pnpm major versions: + * - v9: ` '@scope/name@1.2.3':` / ` name@1.2.3:` (under + * `packages:` and `snapshots:`) + * - v5/v6: ` /@scope/name/1.2.3:` / ` /name/1.2.3:` (leading + * slash, slash-separated version; may carry a `(peer)` suffix) + * A version segment always starts with a digit, which disambiguates the + * `@`/`/` that separates name from version from the `@` inside a scope. + */ +function collectPnpmLockPairs(lockContents: string): Set { + const out = new Set(); + for (const rawLine of lockContents.split(/\r?\n/)) { + // Only top-level map keys (two-space indent) under packages:/snapshots:. + const m = /^ {2}['"]?(\/?[^'"\s]+?)['"]?:\s*(?:\{\s*\})?\s*$/.exec(rawLine); + if (m === null) continue; + const rawKey = m[1] ?? ""; + const pair = pnpmKeyToPair(rawKey); + if (pair !== undefined) out.add(pair); + } + return out; +} + +/** + * Convert one pnpm package/snapshot key to a `name\x00version` pair, or + * `undefined` if the line is not a package key. Handles both the modern + * `name@version` and legacy `/name/version` shapes, scoped names, and the + * `(peerHash)` / `_peer` suffixes pnpm appends to disambiguate peer installs. + */ +function pnpmKeyToPair(rawKey: string): string | undefined { + let key = rawKey; + if (key.startsWith("/")) { + // Legacy v5/v6: `/name/1.2.3` or `/@scope/name/1.2.3`, optional `(peer)`. + key = key.slice(1); + const lastSlash = key.lastIndexOf("/"); + if (lastSlash <= 0) return undefined; + const name = key.slice(0, lastSlash); + const version = stripLegacyPeerSuffix(key.slice(lastSlash + 1)); + if (!startsWithDigit(version)) return undefined; + return `${name}\x00${version}`; + } + // Modern v9: `name@1.2.3` or `@scope/name@1.2.3`, optional `(peerHash)`. + // Strip the parenthetical peer suffix FIRST — it contains its own `@` + // (e.g. `(react@18.2.0)`) that would otherwise win the version-`@` scan. + // Only `(`-stripping here, never `_`: a modern package name can contain an + // underscore, and the `_peer` form is legacy-only (handled above). + const cleaned = stripParenSuffix(key); + const at = lastVersionAt(cleaned); + if (at <= 0) return undefined; + const name = cleaned.slice(0, at); + const version = cleaned.slice(at + 1); + if (name.length === 0 || !startsWithDigit(version)) return undefined; + return `${name}\x00${version}`; +} + +/** Drop a trailing `(...)` peer-resolution suffix (pnpm v9 modern keys). */ +function stripParenSuffix(s: string): string { + const i = s.indexOf("("); + return i >= 0 ? s.slice(0, i) : s; +} + +/** Index of the `@` that separates name from version (its next char is a digit). */ +function lastVersionAt(key: string): number { + for (let i = key.length - 1; i > 0; i -= 1) { + if (key.charCodeAt(i) === 64 /* @ */ && startsWithDigit(key.slice(i + 1))) return i; + } + return -1; +} + +/** + * Legacy v5/v6 pnpm appends `_react@18.0.0` (and sometimes a `(peer)` form) + * to a slash-key version for peer-resolved installs. A version segment in the + * legacy shape never contains a bare `_`, so cutting at the first `_` (or `(`) + * is safe here — unlike the modern key path, where names may contain `_`. + */ +function stripLegacyPeerSuffix(version: string): string { + const paren = version.indexOf("("); + if (paren >= 0) return version.slice(0, paren); + const underscore = version.indexOf("_"); + if (underscore >= 0) return version.slice(0, underscore); + return version; +} + +function startsWithDigit(s: string): boolean { + if (s.length === 0) return false; + const c = s.charCodeAt(0); + return c >= 48 && c <= 57; +} + +/** + * Promote `name\x00version` pairs into `ParsedDependency` records, joining + * the best-effort license map and de-duplicating on `name@version`. + */ +function pairsToDeps( + pairs: ReadonlySet, + lockfileSource: string, + licenses: ReadonlyMap, +): readonly ParsedDependency[] { + const out: ParsedDependency[] = []; + for (const pair of pairs) { + const sep = pair.indexOf("\x00"); + if (sep <= 0) continue; + const name = pair.slice(0, sep); + const version = pair.slice(sep + 1); + if (!name || !version) continue; + const license = licenses.get(`${name}@${version}`); + out.push({ + ecosystem: NPM_ECO, + name, + version, + lockfileSource, + ...(license !== undefined ? { license } : {}), + }); + } + return out; } /** @@ -278,17 +424,23 @@ async function parseBarePackageJson( return out; } +/** + * Read the lockfile, requiring a sibling `package.json` to exist first. The + * manifest contents themselves are no longer needed to enumerate resolved + * packages (the lockfile is self-contained), but its presence still gates + * parsing so a stray lockfile outside a real project isn't parsed alone — + * preserving the prior parser's contract. + */ async function readManifestAndLock( absPath: string, relPath: string, onWarn: (m: string) => void, lockLabel: string, -): Promise<{ manifestContents?: string; lockContents?: string }> { +): Promise<{ lockContents?: string }> { const lockDir = path.dirname(absPath); const manifestPath = path.join(lockDir, "package.json"); - let manifestContents: string; try { - manifestContents = await fs.readFile(manifestPath, "utf8"); + await fs.access(manifestPath); } catch (err) { onWarn( `npm: ${lockLabel} at ${relPath} lacks sibling package.json (${err instanceof Error ? err.message : String(err)})`, @@ -302,40 +454,7 @@ async function readManifestAndLock( onWarn(`npm: cannot read ${relPath}: ${err instanceof Error ? err.message : String(err)}`); return {}; } - return { manifestContents, lockContents }; -} - -function collectFromGraph( - graph: DepGraphLike, - lockfileSource: string, - licenses: ReadonlyMap = new Map(), -): readonly ParsedDependency[] { - const out: ParsedDependency[] = []; - const seen = new Set(); - const rootName = lockfileSource; - for (const pkg of graph.getPkgs()) { - const name = pkg.name; - const version = pkg.version ?? ""; - if (!name || !version) continue; - // `getPkgs` includes the root package keyed by the manifest's - // declared name — drop it so the manifest itself doesn't appear as - // its own dependency. We detect it by "no version" OR root-name - // string; the former already short-circuits above, the latter is a - // belt-and-suspenders extra check. - if (name === rootName) continue; - const key = `${name}@${version}`; - if (seen.has(key)) continue; - seen.add(key); - const license = licenses.get(key); - out.push({ - ecosystem: NPM_ECO, - name, - version, - lockfileSource, - ...(license !== undefined ? { license } : {}), - }); - } - return out; + return { lockContents }; } function isObject(x: unknown): x is Record { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index b7a49292..bc9e65c0 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -114,7 +114,7 @@ importers: version: 0.0.11 '@cyclonedx/cyclonedx-library': specifier: 10.1.0 - version: 10.1.0(ajv-formats-draft2019@1.6.1(ajv@8.18.0))(ajv-formats@3.0.1(ajv@8.18.0))(ajv@8.18.0)(packageurl-js@2.0.1)(spdx-expression-parse@4.0.0) + version: 10.1.0(ajv-formats@3.0.1(ajv@8.18.0))(ajv@8.18.0) '@huggingface/tokenizers': specifier: 0.1.3 version: 0.1.3 @@ -151,9 +151,6 @@ importers: piscina: specifier: 5.2.0 version: 5.2.0 - snyk-nodejs-lockfile-parser: - specifier: 2.8.1 - version: 2.8.1(typanion@3.14.0) web-tree-sitter: specifier: 0.26.9 version: 0.26.9 @@ -214,7 +211,7 @@ importers: version: 4.0.3 tsup: specifier: ^8.5.1 - version: 8.5.1(jiti@2.6.1)(postcss@8.5.15)(tsx@4.22.4)(typescript@6.0.3)(yaml@2.9.0) + version: 8.5.1(typescript@6.0.3)(yaml@2.9.0) typescript: specifier: 6.0.3 version: 6.0.3 @@ -328,7 +325,7 @@ importers: version: 3.1075.0 '@cyclonedx/cyclonedx-library': specifier: 10.1.0 - version: 10.1.0(ajv-formats-draft2019@1.6.1(ajv@8.20.0))(ajv-formats@3.0.1(ajv@8.20.0))(ajv@8.20.0)(packageurl-js@2.0.1)(spdx-expression-parse@4.0.0) + version: 10.1.0(ajv-formats-draft2019@1.6.1(ajv@8.20.0))(ajv-formats@3.0.1(ajv@8.20.0))(ajv@8.20.0)(spdx-expression-parse@3.0.1) '@iarna/toml': specifier: 2.2.5 version: 2.2.5 @@ -365,9 +362,6 @@ importers: piscina: specifier: 5.2.0 version: 5.2.0 - snyk-nodejs-lockfile-parser: - specifier: 2.8.1 - version: 2.8.1(typanion@3.14.0) spdx-correct: specifier: ^3.2.0 version: 3.2.0 @@ -639,9 +633,6 @@ packages: peerDependencies: openapi-types: '>=7' - '@arcanis/slice-ansi@1.1.1': - resolution: {integrity: sha512-xguP2WR2Dv0gQ7Ykbdb7BNCnPnIPB94uTi0Z2NvkRBEnhbwjOQ7QyQKJXrVQg4qDpiD9hA5l5cCwy/z2OXgc3w==} - '@astrojs/compiler@4.0.0': resolution: {integrity: sha512-eouss7G8ygdZqHuke033VMcVw5HTZUu+PXd/h06DGDUg/jt5btPYPqh66ENWw/mU78rBrf/oeC4oqoBwMtDMNA==} @@ -1746,18 +1737,6 @@ packages: '@nodable/entities@2.2.0': resolution: {integrity: sha512-9uGyhaQavEUMC8AIddIjau4NsnsXhou+j5sBAGojCM1oxmQpVKTWR/9JxABD6UAv12vpIms55fPZKFQEhG6uBg==} - '@nodelib/fs.scandir@2.1.5': - resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==} - engines: {node: '>= 8'} - - '@nodelib/fs.stat@2.0.5': - resolution: {integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==} - engines: {node: '>= 8'} - - '@nodelib/fs.walk@1.2.8': - resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==} - engines: {node: '>= 8'} - '@npmcli/agent@4.0.2': resolution: {integrity: sha512-EUEuWAxnL07Sp5/iC/1X6Xj+XThUvnbei9zfRWZdEXa7lss9RTHMhAHBeg+MZ5To9s/gGaSI+UwZTPdYMvKSeg==} engines: {node: ^20.17.0 || >=22.9.0} @@ -1857,14 +1836,6 @@ packages: cpu: [x64] os: [win32] - '@pnpm/crypto.base32-hash@1.0.1': - resolution: {integrity: sha512-pzAXNn6KxTA3kbcI3iEnYs4vtH51XEVqmK/1EiD18MaPKylhqy8UvMJK3zKG+jeP82cqQbozcTGm4yOQ8i3vNw==} - engines: {node: '>=14.6'} - - '@pnpm/types@8.9.0': - resolution: {integrity: sha512-3MYHYm8epnciApn6w5Fzx6sepawmsNU7l6lvIq+ER22/DPSrr83YMhU/EQWnf4lORn2YyiXFj0FJSyJzEtIGmw==} - engines: {node: '>=14.6'} - '@protobufjs/aspromise@1.1.2': resolution: {integrity: sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==} @@ -2240,10 +2211,6 @@ packages: resolution: {integrity: sha512-KxXvfapcixpz6rVEB6HPjOUZT22yN6v0vI0urQSk1L8MlEWPDFCZkhw2xmkyoTGYeFw7tWTZd7e3lVzRZRN/EA==} engines: {node: '>=18'} - '@sindresorhus/is@4.6.0': - resolution: {integrity: sha512-t09vSN3MdfsyCHoFcTRCH/iUtG7OJ0CsjzB8cjAmKc/va/kIgeDI/TxsigdncE/4be734m0cvIYwNaV4i2XqAw==} - engines: {node: '>=10'} - '@smithy/core@3.26.0': resolution: {integrity: sha512-mLUktFAn+Pa2agl1J7VgtYNFWCX8/b4GMJSK1hCu4YCvtBfM6F8Os3EP4ry+DFFlXOf3wyvlgXhuUdFoy52D3g==} engines: {node: '>=18.0.0'} @@ -2280,16 +2247,6 @@ packages: resolution: {integrity: sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==} engines: {node: '>=14.0.0'} - '@snyk/dep-graph@2.16.9': - resolution: {integrity: sha512-sXjyY0+r+jwS1Tu5MSg2HyT4E/nEeo5zl9lxcmQIzfFl3jIUum5qxOj24XszJO8X3HgdmOByGQvi62Rkg9fePg==} - engines: {node: '>=10'} - - '@snyk/error-catalog-nodejs-public@5.82.0': - resolution: {integrity: sha512-nBhOvDHTeRMQ3ARYDxtAf7CLEs+c50cT86SaWaADmsdxOcMdzHF13pNjiYxN6hiKhuffyKLPdK+6VF3UQze7hg==} - - '@snyk/graphlib@2.1.9-patch.3': - resolution: {integrity: sha512-bBY9b9ulfLj0v2Eer0yFYa3syVeIxVKl2EpxSrsVeT4mjA0CltZyHsF0JjoaGXP27nItTdJS5uVsj1NA+3aE+Q==} - '@sourcegraph/scip-python@0.6.6': resolution: {integrity: sha512-qoKL1Rggg0o5newAFbCFAKlS0AjWxG5MA+mC28BtgxOv0DhO4zdL8u7151FxEppDpXMVvm7+yXSjXotoVH9cMQ==} hasBin: true @@ -2298,10 +2255,6 @@ packages: resolution: {integrity: sha512-k+AtsrqmS41Sd5qjkZlHcmvoSQIvBOonRj4jpgp0KNFM6aqvMGpdSuPUqrUcg8ENTKjUbfaUVszgQwq3bCOvwA==} hasBin: true - '@szmarczak/http-timer@4.0.6': - resolution: {integrity: sha512-4BAffykYOgO+5nzBWYwE3W90sBgLJoUPRWWcL8wlyiM8IB8ipJz3UMJ9KXQd1RKQXpKp8Tutn80HZtWsu2u76w==} - engines: {node: '>=10'} - '@ts-morph/common@0.29.0': resolution: {integrity: sha512-35oUmphHbJvQ/+UTwFNme/t2p3FoKiGJ5auTjjpNTop2dyREspirjMy82PLSC1pnDJ8ah1GU98hwpVt64YXQsg==} @@ -2328,9 +2281,6 @@ packages: '@types/braces@3.0.5': resolution: {integrity: sha512-SQFof9H+LXeWNz8wDe7oN5zu7ket0qwMu5vZubW4GCJ8Kkeh6nBWUz87+KTz/G3Kqsrp0j/W253XJb3KMEeg3w==} - '@types/cacheable-request@6.0.3': - resolution: {integrity: sha512-IQ3EbTzGxIigb1I3qPZc1rWJnH0BmSKv5QYTalEwweFvyBDLSAe24zP0le/hyi7ecGfZVlIVAg4BZqb8WBwKqw==} - '@types/d3-array@3.2.2': resolution: {integrity: sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw==} @@ -2427,9 +2377,6 @@ packages: '@types/debug@4.1.13': resolution: {integrity: sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==} - '@types/emscripten@1.41.5': - resolution: {integrity: sha512-cMQm7pxu6BxtHyqJ7mQZ2kXWV5SLmugybFdHCBbJ5eHzOo6VhBckEgAT3//rP5FwPHNPeEiq4SmQ5ucBwsOo4Q==} - '@types/estree-jsx@1.0.5': resolution: {integrity: sha512-52CcUVNFyfb1A2ALocQw/Dd1BQFNmSdkuC3BkZ6iqhdMfQz7JWOFRuJFloOzjk+6WijU56m9oKXFAXc7o3Towg==} @@ -2445,18 +2392,12 @@ packages: '@types/hast@3.0.4': resolution: {integrity: sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ==} - '@types/http-cache-semantics@4.2.0': - resolution: {integrity: sha512-L3LgimLHXtGkWikKnsPg0/VFx9OGZaC+eN1u4r+OB1XRqH3meBIAVC2zr1WdMH+RHmnRkqliQAOHNJ/E0j/e0Q==} - '@types/js-yaml@4.0.9': resolution: {integrity: sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg==} '@types/json-schema@7.0.15': resolution: {integrity: sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==} - '@types/keyv@3.1.4': - resolution: {integrity: sha512-BQ5aZNSCpj7D6K2ksrRCTmKRLEpnPvWDiLPfoGyhZ++8YtiK9d/3DBKPJgry359X/P1PfruyYwvnvwFjuEiEIg==} - '@types/mdast@4.0.4': resolution: {integrity: sha512-kGaNbPh1k7AFzgpud/gMdvIm5xuECykRR+JnWKQno9TAXVa6WIVCGTPvYGekIDL4uwCZQSYbUxNBSb1aUo79oA==} @@ -2481,24 +2422,15 @@ packages: '@types/picomatch@4.0.3': resolution: {integrity: sha512-iG0T6+nYJ9FAPmx9SsUlnwcq1ZVRuCXcVEvWnntoPlrOpwtSTKNDC9uVAxTsC3PUvJ+99n4RpAcNgBbHX3JSnQ==} - '@types/responselike@1.0.3': - resolution: {integrity: sha512-H/+L+UkTV33uf49PH5pCAUBVPNj2nDBXTN+qS1dOwyyg24l3CcicicCA7ca+HMvJBZcFgl5r8e+RR6elsb4Lyw==} - '@types/sarif@2.1.7': resolution: {integrity: sha512-kRz0VEkJqWLf1LLVN4pT1cg1Z9wAuvI6L97V3m2f5B76Tg8d413ddvLBPTEHAZJlnn4XSvu0FkZtViCQGVyrXQ==} '@types/sax@1.2.7': resolution: {integrity: sha512-rO73L89PJxeYM3s3pPPjiPgVVcymqU490g0YO5n5By0k2Erzj6tay/4lr1CHAAU4JyOWd1rpQ8bCf6cZfHU96A==} - '@types/semver@7.7.1': - resolution: {integrity: sha512-FmgJfu+MOcQ370SD0ev7EI8TlCAfKYU+B4m5T3yXc1CiRN94g/SZPtsCkk506aUDtlMnFZvasDwHHUcZUEaYuA==} - '@types/spdx-correct@3.1.3': resolution: {integrity: sha512-fdQ0oyqcKpAH+FwNEerZl1oTslsrhFYhdbb21IO1FKXK/+TFYM2IO1c/Nvsh7MCPVp8TYEAPXIOlXUJRkWoUWQ==} - '@types/treeify@1.0.3': - resolution: {integrity: sha512-hx0o7zWEUU4R2Amn+pjCBQQt23Khy/Dk56gQU5xi5jtPL1h83ACJCeFaB2M/+WO1AntvWrSoVnnCAfI1AQH4Cg==} - '@types/trusted-types@2.0.7': resolution: {integrity: sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==} @@ -2520,32 +2452,6 @@ packages: '@upsetjs/venn.js@2.0.0': resolution: {integrity: sha512-WbBhLrooyePuQ1VZxrJjtLvTc4NVfpOyKx0sKqioq9bX1C1m7Jgykkn8gLrtwumBioXIqam8DLxp88Adbue6Hw==} - '@yarnpkg/core@4.9.0': - resolution: {integrity: sha512-vhJEVo423jAZBtU5CDe2HEkyNkEYfgMfukNQk1uyYFkP3OmCsuLzpyqbJCEXIg6Fy3YTrQg7kSCnjHbLed3toA==} - engines: {node: '>=18.12.0'} - - '@yarnpkg/fslib@3.1.5': - resolution: {integrity: sha512-hXaPIWl5GZA+rXcx+yaKWUuePJruZuD+3A5A2X6paEBfFsyCD7oEp88lSMj1ym1ehBWUmhNH/YGOp+SrbmSBPg==} - engines: {node: '>=18.12.0'} - - '@yarnpkg/libzip@3.2.2': - resolution: {integrity: sha512-Kqxgjfy6SwwC4tTGQYToIWtUhIORTpkowqgd9kkMiBixor0eourHZZAggt/7N4WQKt9iCyPSkO3Xvr44vXUBAw==} - engines: {node: '>=18.12.0'} - peerDependencies: - '@yarnpkg/fslib': ^3.1.3 - - '@yarnpkg/lockfile@1.1.0': - resolution: {integrity: sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ==} - - '@yarnpkg/parsers@3.0.3': - resolution: {integrity: sha512-mQZgUSgFurUtA07ceMjxrWkYz8QtDuYkvPlu0ZqncgjopQ0t6CNEo/OSealkmnagSUx8ZD5ewvezUwUuMqutQg==} - engines: {node: '>=18.12.0'} - - '@yarnpkg/shell@4.1.3': - resolution: {integrity: sha512-5igwsHbPtSAlLdmMdKqU3atXjwhtLFQXsYAG0sn1XcPb3yF8WxxtWxN6fycBoUvFyIHFz1G0KeRefnAy8n6gdw==} - engines: {node: '>=18.12.0'} - hasBin: true - abbrev@2.0.0: resolution: {integrity: sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ==} engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0} @@ -2581,10 +2487,6 @@ packages: resolution: {integrity: sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==} engines: {node: '>= 14'} - aggregate-error@3.1.0: - resolution: {integrity: sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==} - engines: {node: '>=8'} - ajv-draft-04@1.0.0: resolution: {integrity: sha512-mv00Te6nmYbRp5DCwclxtt7yV/joXJPGS7nM+97GdxvuttCOfgI3K4U25zboyeX0O+myI8ERluxQe5wljMmVIw==} peerDependencies: @@ -2687,9 +2589,6 @@ packages: engines: {node: '>=22.12.0', npm: '>=9.6.5', pnpm: '>=7.1.0'} hasBin: true - async@3.2.6: - resolution: {integrity: sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==} - at-least-node@1.0.0: resolution: {integrity: sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==} engines: {node: '>= 4.0.0'} @@ -2770,14 +2669,6 @@ packages: resolution: {integrity: sha512-M3Lab8NPYlZU2exsL3bMVvMrMqgwCnMWfdZbK28bn3pK6APT/Te/I8hjRPNu1uwORY9a1eEQoifXbKPQMfMTOA==} engines: {node: ^20.17.0 || >=22.9.0} - cacheable-lookup@5.0.4: - resolution: {integrity: sha512-2/kNscPhpcxrOigMZzbiWF7dz8ilhb/nIHU3EyZiXWXpeq/au8qJ8VhdftMkty3n7Gj6HIGalQG8oiBNB3AJgA==} - engines: {node: '>=10.6.0'} - - cacheable-request@7.0.4: - resolution: {integrity: sha512-v+p6ongsrp0yTGbJXjgxPow2+DL93DASP4kXCDKb8/bwRtt9OEF3whggkkDkGNzgcWy2XaF4a8nZglC7uElscg==} - engines: {node: '>=8'} - cachedir@2.4.0: resolution: {integrity: sha512-9EtFOZR8g22CL7BWjJ9BUx1+A/djkofnyW3aOXZORNW2kxoUpx2h+uN2cOqwPmFhnpVmxg+KW2OjOSgChTEvsQ==} engines: {node: '>=6'} @@ -2797,10 +2688,6 @@ packages: resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==} engines: {node: '>=6'} - camelcase@5.3.1: - resolution: {integrity: sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==} - engines: {node: '>=6'} - ccount@2.0.1: resolution: {integrity: sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg==} @@ -2847,10 +2734,6 @@ packages: resolution: {integrity: sha512-77PSwercCZU2Fc4sX94eF8k8Pxte6JAwL4/ICZLFjJLqegs7kCuAsqqj/70NQF6TvDpgFjkubQB2FW2ZZddvQg==} engines: {node: '>=8'} - clean-stack@2.2.0: - resolution: {integrity: sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==} - engines: {node: '>=6'} - cli-cursor@3.1.0: resolution: {integrity: sha512-I/zHAwsKf9FqGoXM4WWRACob9+SNukZTd94DWF57E4toouRulbCxcUh6RKUEOQlYTHJnzkPMySvPNaaSLNfLZw==} engines: {node: '>=8'} @@ -2875,18 +2758,10 @@ packages: resolution: {integrity: sha512-FxqpkPPwu1HjuN93Omfm4h8uIanXofW0RxVEW3k5RKx+mJJYSthzNhp32Kzxxy3YAEZ/Dc/EWN1vZRY0+kOhbw==} engines: {node: '>= 10'} - clipanion@4.0.0-rc.4: - resolution: {integrity: sha512-CXkMQxU6s9GklO/1f714dkKBMu1lopS1WFF0B8o4AxPykR1hpozxSiUZ5ZUeBjfPgCWqbcNOtZVFhB8Lkfp1+Q==} - peerDependencies: - typanion: '*' - cliui@9.0.1: resolution: {integrity: sha512-k7ndgKhwoQveBL+/1tqGJYNz097I7WOvwbmmU2AR5+magtbjPWQTS1C5vzGkBC8Ym8UWRzfKUzUUqFLypY4Q+w==} engines: {node: '>=20'} - clone-response@1.0.3: - resolution: {integrity: sha512-ROoL94jJH2dUVML2Y/5PEDNaSHgeOdSDicUyS7izcF63G6sTc/FTjLub4b8Il9S8S0beOfYt0TaA5qvFK+w0wA==} - clone@1.0.4: resolution: {integrity: sha512-JQHZ2QMW6l3aH/j6xCqQThY/9OH4D/9ls34cgkUBiEeocRTU04tHfKPBsUK1PqZCUQM7GiA0IIXJSuXHI64Kbg==} engines: {node: '>=0.8'} @@ -3268,20 +3143,12 @@ packages: decode-named-character-reference@1.3.0: resolution: {integrity: sha512-GtpQYB283KrPp6nRw50q3U9/VfOutZOe103qlN7BPP6Ad27xYnOIWv4lPzo8HCAL+mMZofJ9KEy30fq6MfaK6Q==} - decompress-response@6.0.0: - resolution: {integrity: sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==} - engines: {node: '>=10'} - dedent@0.7.0: resolution: {integrity: sha512-Q6fKUPqnAHAyhiUgFU7BUzLiv0kd8saH9al7tnu5Q/okj6dnupxyTgFIBjVzJATdfIAm9NAsvXNzjaKa+bxVyA==} defaults@1.0.4: resolution: {integrity: sha512-eFuaLoy/Rxalv2kr+lqMlUnrDWV+3j4pljOIJgLIhI058IQfWJ7vXhyEIHu+HtC738klGALYxOKDO0bQP3tg8A==} - defer-to-connect@2.0.1: - resolution: {integrity: sha512-4tvttepXG1VaYGrRibk5EwJd1t4udunSOVMdLSAL6mId1ix438oPwPZMALY41FCijukO1L0twNcGsdzS7dHgDg==} - engines: {node: '>=10'} - defu@6.1.7: resolution: {integrity: sha512-7z22QmUWiQ/2d0KkdYmANbRUVABpZ9SNYyH5vx6PZ+nE5bcC0l7uFvEfHlyld/HcGBFTL536ClDt3DEcSlEJAQ==} @@ -3292,10 +3159,6 @@ packages: resolution: {integrity: sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==} engines: {node: '>= 0.8'} - dependency-path@9.2.8: - resolution: {integrity: sha512-S0OhIK7sIyAsph8hVH/LMCTDL3jozKtlrPx3dMQrlE2nAlXTquTT+AcOufphDMTQqLkfn4acvfiem9I1IWZ4jQ==} - engines: {node: '>=14.6'} - dequal@2.0.3: resolution: {integrity: sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==} engines: {node: '>=6'} @@ -3360,10 +3223,6 @@ packages: resolution: {integrity: sha512-QM8q3zDe58hqUqjraQOmzZ1LIH9SWQJTlEKCH4kJ2oQvLZk7RbQXvtDM2XEq3fwkV9CCvvH4LA0AV+ogFsBM2Q==} engines: {node: '>=8'} - dotenv@16.6.1: - resolution: {integrity: sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow==} - engines: {node: '>=12'} - dset@3.1.4: resolution: {integrity: sha512-2QF/g9/zTaPDc3BjNcVTGoBbXBgYfMTTceLaYcFJ/W9kggFUkhxD/hMEeuLKbugyef9SqAx8cpgwlIP/jinUTA==} engines: {node: '>=4'} @@ -3381,17 +3240,10 @@ packages: emoji-regex@8.0.0: resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==} - encode-registry@3.0.1: - resolution: {integrity: sha512-6qOwkl1g0fv0DN3Y3ggr2EaZXN71aoAqPp3p/pVaWSBSIo+YjLOWN61Fva43oVyQNPf7kgm8lkudzlzojwE2jw==} - engines: {node: '>=10'} - encodeurl@2.0.0: resolution: {integrity: sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==} engines: {node: '>= 0.8'} - end-of-stream@1.4.5: - resolution: {integrity: sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==} - entities@4.5.0: resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==} engines: {node: '>=0.12'} @@ -3432,9 +3284,6 @@ packages: es-toolkit@1.47.0: resolution: {integrity: sha512-n1GuoD0WEQZMBk5tttoZSqwgyLx01oqa5XsBmCHwPyNe1S9jPBEmtR2pSgp2kJuWE3ciFZ6yRHmY4pM4C3OOkw==} - es-toolkit@1.47.1: - resolution: {integrity: sha512-5RAqEwf4P4E17p+W75KLOWw/nOvKZzSQpxM32IpI2KZLaVonjTrZ0Ai5ghMaVI9eKC2p8eoQgcBdkEDgzFk6+Q==} - es-toolkit@1.48.1: resolution: {integrity: sha512-wfnXlwd5I75eXRtdD2vuEs50xHHESECDsGD7yiQnfFVNoa5522NwXEbmgo98LfiukSQHs+mBM7/YG3qKJB9/mQ==} @@ -3492,9 +3341,6 @@ packages: resolution: {integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==} engines: {node: '>= 0.6'} - event-loop-spinner@2.3.2: - resolution: {integrity: sha512-O078Lkxi/yZEPPifcizDOGUeK1OFOlPC6sfCCrx10odvqX3tEi9XLaIRt9cIl9TBFcPZzuMaXbJ0b+T6D2Tnjg==} - eventemitter3@5.0.4: resolution: {integrity: sha512-mlsTRyGaPBjPedk6Bvw+aqbsXDtoAyAzm5MO7JgU+yVRyMQ5O8bD4Kcci7BS85f93veegeCPkL8R4GLClnjLFw==} @@ -3536,10 +3382,6 @@ packages: fast-deep-equal@3.1.3: resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==} - fast-glob@3.3.3: - resolution: {integrity: sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==} - engines: {node: '>=8.6.0'} - fast-string-truncated-width@3.0.3: resolution: {integrity: sha512-0jjjIEL6+0jag3l2XWWizO64/aZVtpiGE3t0Zgqxv0DPuxiMjvB3M24fCyhZUO4KomJQPj3LTSUnDP3GpdwC0g==} @@ -3559,9 +3401,6 @@ packages: resolution: {integrity: sha512-brCNCeScma/kqa54J4PIDriSSSLssRkuYaUCpvHJulGc3HGI/xxKUCTDcYkAdqJsyb//ydpbxecjC3hB9+tb/g==} hasBin: true - fastq@1.20.1: - resolution: {integrity: sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==} - fdir@6.5.0: resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==} engines: {node: '>=12.0.0'} @@ -3658,10 +3497,6 @@ packages: resolution: {integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==} engines: {node: '>= 0.4'} - get-stream@5.2.0: - resolution: {integrity: sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==} - engines: {node: '>=8'} - get-tsconfig@5.0.0-beta.4: resolution: {integrity: sha512-7nF7C9fIPFEMHgEMEfgIlO9wDdZ8CyHw27rWciFZfHvHDReIiPhsYuzPRXsfvBCqFy1l8RRyyWV7QLM+ZhUJsQ==} engines: {node: '>=20.20.0'} @@ -3705,19 +3540,12 @@ packages: resolution: {integrity: sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==} engines: {node: '>= 0.4'} - got@11.8.6: - resolution: {integrity: sha512-6tfZ91bOr7bOXnK7PRDCGBLa1H4U080YHNaAQ2KsMGlLEzRbk44nsZF2E1IeRc3vtJHPVbKCYgdFbaGO2ljd8g==} - engines: {node: '>=10.19.0'} - gpt-tokenizer@3.4.0: resolution: {integrity: sha512-wxFLnhIXTDjYebd9A9pGl3e31ZpSypbpIJSOswbgop5jLte/AsZVDvjlbEuVFlsqZixVKqbcoNmRlFDf6pz/UQ==} graceful-fs@4.2.11: resolution: {integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==} - grapheme-splitter@1.0.4: - resolution: {integrity: sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ==} - graphology-dag@0.4.1: resolution: {integrity: sha512-3ch9oOAnHZDoT043vyg7ukmSkKJ505nFzaHaYOn0IF2PgGo5VtIavyVK4UpbIa4tli3hhGm1ZTdBsubTmaxu/w==} peerDependencies: @@ -3846,10 +3674,6 @@ packages: resolution: {integrity: sha512-Hc+ghLoSt6QaYZUv0WBiIvmMDZuZZ7oaDvdH8MbfOO4lOsxdXLEvuC6ePoGs9H1X9oCLyq6+NVN0MKqD+ydxyg==} engines: {node: ^20.17.0 || >=22.9.0} - hpagent@1.2.0: - resolution: {integrity: sha512-A91dYTeIB6NoXG+PxTQpCCDDnfHsW9kc06Lvpu1TEe9gnd6ZFeiBoRO9JvzEv6xK7EX97/dUE8g/vBMTqTS3CA==} - engines: {node: '>=14'} - html-escaper@3.0.3: resolution: {integrity: sha512-RuMffC89BOWQoY0WKGpIhn5gX3iI54O6nRA0yC124NYVtzjmFWBIiFd8M0x+ZdX0P9R4lADg1mgP8C7PxGOWuQ==} @@ -3870,10 +3694,6 @@ packages: resolution: {integrity: sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==} engines: {node: '>= 14'} - http2-wrapper@1.0.3: - resolution: {integrity: sha512-V+23sDMr12Wnz7iTcDeJr3O6AIxlnvT/bmaAAAP/Xda35C90p9599p0F1eHR/N1KILWSoWVAiOMFjBBXaXSMxg==} - engines: {node: '>=10.19.0'} - https-proxy-agent@7.0.6: resolution: {integrity: sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==} engines: {node: '>= 14'} @@ -3908,10 +3728,6 @@ packages: import-meta-resolve@4.2.0: resolution: {integrity: sha512-Iqv2fzaTQN28s/FwZAoFq0ZSs/7hMAHJVX+w8PZl3cY19Pxk6jFFalxQoIfW2826i/fDLXv8IiEZRIT0lDuWcg==} - indent-string@4.0.0: - resolution: {integrity: sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==} - engines: {node: '>=8'} - inflight@1.0.6: resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. @@ -4067,9 +3883,6 @@ packages: resolution: {integrity: sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==} hasBin: true - json-buffer@3.0.1: - resolution: {integrity: sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==} - json-parse-even-better-errors@2.3.1: resolution: {integrity: sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==} @@ -4106,9 +3919,6 @@ packages: resolution: {integrity: sha512-WHy4Coo+bGZyH7NwJKHkS04YFsFcarWbAEOAC3EMndzdN6VSZqklLLIgfxzyaW9jDoeGYJX9SWbJPKpecox0Uw==} hasBin: true - keyv@4.5.4: - resolution: {integrity: sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==} - khroma@2.1.0: resolution: {integrity: sha512-Ls993zuzfayK269Svk9hzpeGUKob/sIgZzyHYdjQoAdQetRKpOLj+k/QQQ/6Qi0Yz65mlROrfd+Ev+1+7dz9Kw==} @@ -4199,68 +4009,12 @@ packages: lodash-es@4.18.1: resolution: {integrity: sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A==} - lodash.clone@4.5.0: - resolution: {integrity: sha512-GhrVeweiTD6uTmmn5hV/lzgCQhccwReIVRLHp7LT4SopOjqEZ5BbX8b5WWEtAKasjmy8hR7ZPwsYlxRCku5odg==} - deprecated: This package is deprecated. Use structuredClone instead. - lodash.clonedeep@4.5.0: resolution: {integrity: sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==} - lodash.constant@3.0.0: - resolution: {integrity: sha512-X5XMrB+SdI1mFa81162NSTo/YNd23SLdLOLzcXTwS4inDZ5YCL8X67UFzZJAH4CqIa6R8cr56CShfA5K5MFiYQ==} - - lodash.filter@4.6.0: - resolution: {integrity: sha512-pXYUy7PR8BCLwX5mgJ/aNtyOvuJTdZAo9EQFUvMIYugqmJxnrYaANvTbgndOzHSCSR0wnlBBfRXJL5SbWxo3FQ==} - - lodash.flatmap@4.5.0: - resolution: {integrity: sha512-/OcpcAGWlrZyoHGeHh3cAoa6nGdX6QYtmzNP84Jqol6UEQQ2gIaU3H+0eICcjcKGl0/XF8LWOujNn9lffsnaOg==} - - lodash.foreach@4.5.0: - resolution: {integrity: sha512-aEXTF4d+m05rVOAUG3z4vZZ4xVexLKZGF0lIxuHZ1Hplpk/3B6Z1+/ICICYRLm7c41Z2xiejbkCkJoTlypoXhQ==} - - lodash.has@4.5.2: - resolution: {integrity: sha512-rnYUdIo6xRCJnQmbVFEwcxF144erlD+M3YcJUVesflU9paQaE8p+fJDcIQrlMYbxoANFL+AB9hZrzSBBk5PL+g==} - - lodash.isempty@4.4.0: - resolution: {integrity: sha512-oKMuF3xEeqDltrGMfDxAPGIVMSSRv8tbRSODbrs4KGsRRLEhrW8N8Rd4DRgB2+621hY8A8XwwrTVhXWpxFvMzg==} - - lodash.isequal@4.5.0: - resolution: {integrity: sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==} - deprecated: This package is deprecated. Use require('node:util').isDeepStrictEqual instead. - - lodash.isfunction@3.0.9: - resolution: {integrity: sha512-AirXNj15uRIMMPihnkInB4i3NHeb4iBtNg9WRWuK2o31S+ePwwNmDPaTL3o7dTJ+VXNZim7rFs4rxN4YU1oUJw==} - - lodash.isundefined@3.0.1: - resolution: {integrity: sha512-MXB1is3s899/cD8jheYYE2V9qTHwKvt+npCwpD+1Sxm3Q3cECXCiYHjeHWXNwr6Q0SOBPrYUDxendrO6goVTEA==} - - lodash.keys@4.2.0: - resolution: {integrity: sha512-J79MkJcp7Df5mizHiVNpjoHXLi4HLjh9VLS/M7lQSGoQ+0oQ+lWEigREkqKyizPB1IawvQLLKY8mzEcm1tkyxQ==} - lodash.map@4.6.0: resolution: {integrity: sha512-worNHGKLDetmcEYDvh2stPCrrQRkP20E4l0iIS7F8EvzMqBBi7ltvFN5m1HvTf1P7Jk1txKhvFcmYsCr8O2F1Q==} - lodash.merge@4.6.2: - resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==} - - lodash.reduce@4.6.0: - resolution: {integrity: sha512-6raRe2vxCYBhpBu+B+TtNGUzah+hQjVdu3E17wfusjyrXBka2nBS8OH/gjVZ5PvHOhWmIZTYri09Z6n/QfnNMw==} - - lodash.size@4.2.0: - resolution: {integrity: sha512-wbu3SF1XC5ijqm0piNxw59yCbuUf2kaShumYBLWUrcCvwh6C8odz6SY/wGVzCWTQTFL/1Ygbvqg2eLtspUVVAQ==} - - lodash.topairs@4.3.0: - resolution: {integrity: sha512-qrRMbykBSEGdOgQLJJqVSdPWMD7Q+GJJ5jMRfQYb+LTLsw3tYVIabnCzRqTJb2WTo17PG5gNzXuFaZgYH/9SAQ==} - - lodash.transform@4.6.0: - resolution: {integrity: sha512-LO37ZnhmBVx0GvOU/caQuipEh4GN82TcWv3yHlebGDgOxbxiwwzW5Pcx2AcvpIv2WmvmSMoC492yQFNhy/l/UQ==} - - lodash.union@4.6.0: - resolution: {integrity: sha512-c4pB2CdGrGdjMKYLA+XiRDO7Y0PRQbm/Gzg8qMj+QH+pFVAoTp5sBpO0odL3FjoPCGjK96p6qsP+yQoiLoOBcw==} - - lodash.values@4.3.0: - resolution: {integrity: sha512-r0RwvdCv8id9TUblb/O7rYPwVy6lerCbcawrfdo9iC/1t1wsNMJknO79WNBgwkH0hIeJ08jmvvESbFpNb4jH0Q==} - lodash@4.18.0: resolution: {integrity: sha512-l1mfj2atMqndAHI3ls7XqPxEjV2J9ZkcNyHpoZA3r2T1LLwDB69jgkMWh71YKwhBbK0G2f4WSn05ahmQXVxupA==} deprecated: Bad release. Please use lodash@4.17.21 instead. @@ -4286,10 +4040,6 @@ packages: resolution: {integrity: sha512-Ajzxb8CM6WAnFjgiloPsI3bF+WCxcvhdIG3KNA2KN962+tdBsHcuQ4k4qX/EcS/2CRkcc0iAkR956Nib6aXU/Q==} engines: {node: '>=0.10.0'} - lowercase-keys@2.0.0: - resolution: {integrity: sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==} - engines: {node: '>=8'} - lru-cache@11.5.1: resolution: {integrity: sha512-RPimw/7aMdv2oqRrxKwvZXcPfwBrn/JZ2xYcY9Hus/6LaS3VOAKVWKWgNLCFSiOm1ESXinjsDlidVU7JlnCN2A==} engines: {node: 20 || >=22} @@ -4307,10 +4057,6 @@ packages: resolution: {integrity: sha512-Je0fLJ0F5atA7F+eIlLzk+Wkcl57JDf4kf+EW8xiP5E31xOQxkIxTbgf1Oi1Lw9tRI9UEMRdI5Vz2xTzoNU1Jw==} engines: {node: ^20.17.0 || >=22.9.0} - map-age-cleaner@0.1.3: - resolution: {integrity: sha512-bJzx6nMoP6PDLPBFmg7+xRKeFZvFboMrGlxmNj9ClvX53KrmvM5bXFXEWjbz4cz1AFn+jWJ9z/DJSz7hrs0w3w==} - engines: {node: '>=6'} - markdown-extensions@2.0.0: resolution: {integrity: sha512-o5vL7aDWatOTX8LzaS1WMoaoxIiLRQJuIKKe2wAw6IeULDHaqbiqiggmx+pKvZDb1Sj+pE46Sn1T7lCqfFtg1Q==} engines: {node: '>=16'} @@ -4391,10 +4137,6 @@ packages: resolution: {integrity: sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==} engines: {node: '>= 0.8'} - mem@8.1.1: - resolution: {integrity: sha512-qFCFUDs7U3b8mBDPyz5EToEKoAkgCzqquIgi9nkkR9bixxOVOre+09lbuH7+9Kn2NFpm56M3GUWVbU2hQgdACA==} - engines: {node: '>=10'} - meow@13.2.0: resolution: {integrity: sha512-pxQJQzB6djGPXh08dacEloMFopsOqGVRKFPYvPOt9XDZ1HasbgDZA74CJGreSU4G3Ak7EFJGoiH2auq+yXISgA==} engines: {node: '>=18'} @@ -4403,10 +4145,6 @@ packages: resolution: {integrity: sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==} engines: {node: '>=18'} - merge2@1.4.1: - resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==} - engines: {node: '>= 8'} - merge@2.1.1: resolution: {integrity: sha512-jz+Cfrg9GWOZbQAnDQ4hlVnQky+341Yk5ru8bZSe6sIDTCIg8n9i/u7hSQGSVOF3C7lH6mGtqjkiT9G4wFLL0w==} @@ -4545,22 +4283,10 @@ packages: resolution: {integrity: sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==} engines: {node: '>=6'} - mimic-fn@3.1.0: - resolution: {integrity: sha512-Ysbi9uYW9hFyfrThdDEQuykN4Ey6BuwPD2kpI5ES/nFTDn/98yxYNLZJcgUAKPT/mcrLLKaGzJR9YVxJrIdASQ==} - engines: {node: '>=8'} - mimic-function@5.0.1: resolution: {integrity: sha512-VP79XUPxV2CigYP3jWwAUFSku2aKqBH7uTAapFWCBqutsbmDo96KY5o8uh6U+/YSIn5OxJnXp73beVkpqMIGhA==} engines: {node: '>=18'} - mimic-response@1.0.1: - resolution: {integrity: sha512-j5EctnkH7amfV/q5Hgmoal1g2QHFJRraOtmx0JpIqkxhBhI/lJSl1nMpQ45hVarwNETOoWEimndZ4QK0RHxuxQ==} - engines: {node: '>=4'} - - mimic-response@3.1.0: - resolution: {integrity: sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==} - engines: {node: '>=10'} - mini-svg-data-uri@1.4.4: resolution: {integrity: sha512-r9deDe9p5FJUPZAk3A59wGH7Ii9YrjjWw0jmw/liSbHl2CHiyXj6FcDXDu2K3TjVAXqiJdaw3xxwlZZr9E6nHg==} hasBin: true @@ -4679,10 +4405,6 @@ packages: resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==} engines: {node: '>=0.10.0'} - normalize-url@6.1.0: - resolution: {integrity: sha512-DlL+XwOy3NxAQ8xuC0okPgK46iuVNAK01YN7RueYBqqFeGsBjV9XmCAzAdgt+667bCl5kPh9EqKKDwnaPG1I7A==} - engines: {node: '>=10'} - npm-bundled@5.0.0: resolution: {integrity: sha512-JLSpbzh6UUXIEoqPsYBvVNVmyrjVZ1fzEFbqxKkTJQkWBO3xFzFT+KDnSKQWwOQNbuWRwt5LSD6HOTLGIWzfrw==} engines: {node: ^20.17.0 || >=22.9.0} @@ -4718,10 +4440,6 @@ packages: resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==} engines: {node: '>=0.10.0'} - object-hash@3.0.0: - resolution: {integrity: sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==} - engines: {node: '>= 6'} - object-inspect@1.13.4: resolution: {integrity: sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==} engines: {node: '>= 0.4'} @@ -4773,26 +4491,10 @@ packages: resolution: {integrity: sha512-5b6Y85tPxZZ7QytO+BQzysW31HJku27cRIlkbAXaNx+BdcVi+LlRFmVXzeF6a7JCwJpyw5c4b+YSVImQIrBpuQ==} engines: {node: '>=10'} - p-cancelable@2.1.1: - resolution: {integrity: sha512-BZOr3nRQHOntUjTrH8+Lh54smKHoHyur8We1V8DSMVrl5A2malOOwuJRnKRDjSnkoeBh4at6BwEnb5I7Jl31wg==} - engines: {node: '>=8'} - - p-defer@1.0.0: - resolution: {integrity: sha512-wB3wfAxZpk2AzOfUMJNL+d36xothRSyj8EXOa4f6GMqYDN9BJaaSISbsk+wS9abmnebVw95C2Kb5t85UmpCxuw==} - engines: {node: '>=4'} - - p-limit@2.3.0: - resolution: {integrity: sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==} - engines: {node: '>=6'} - p-limit@7.3.0: resolution: {integrity: sha512-7cIXg/Z0M5WZRblrsOla88S4wAK+zOQQWeBYfV3qJuJXMr+LnbYjaadrFaS0JILfEDPVqHyKnZ1Z/1d6J9VVUw==} engines: {node: '>=20'} - p-map@4.0.0: - resolution: {integrity: sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==} - engines: {node: '>=10'} - p-map@7.0.4: resolution: {integrity: sha512-tkAQEw8ysMzmkhgw8k+1U/iPhWNhykKnSk4Rd5zLoPJCuJaGRPo6YposrZgaxHKzDHdDWWZvE/Sk7hsL2X/CpQ==} engines: {node: '>=18'} @@ -4805,16 +4507,9 @@ packages: resolution: {integrity: sha512-AxTM2wDGORHGEkPCt8yqxOTMgpfbEHqF51f/5fJCmwFC3C/zNcGT63SymH2ttOAaiIws2zVg4+izQCjrakcwHg==} engines: {node: '>=20'} - p-try@2.2.0: - resolution: {integrity: sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==} - engines: {node: '>=6'} - package-manager-detector@1.6.0: resolution: {integrity: sha512-61A5ThoTiDG/C8s8UMZwSorAGwMJ0ERVGj2OjoW5pAalsNOg15+iQiPzrLJ4jhZ1HJzmC2PIHT2oEiH3R5fzNA==} - packageurl-js@2.0.1: - resolution: {integrity: sha512-N5ixXjzTy4QDQH0Q9YFjqIWd6zH6936Djpl2m9QNFmDv5Fum8q8BjkpAcHNMzOFE0IwQrFhJWex3AN6kS0OSwg==} - pacote@21.5.1: resolution: {integrity: sha512-KvcJ9iy3crysCsgqc4+PknH/w6jkrp8JN36mpZBPwNaDRwTfMZD37YzRazNstiZUOhuF5pno9f78n9mEJBavwg==} engines: {node: ^20.17.0 || >=22.9.0} @@ -4998,9 +4693,6 @@ packages: resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==} engines: {node: '>= 0.10'} - pump@3.0.4: - resolution: {integrity: sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==} - punycode@2.3.1: resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==} engines: {node: '>=6'} @@ -5009,13 +4701,6 @@ packages: resolution: {integrity: sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==} engines: {node: '>=0.6'} - queue-microtask@1.2.3: - resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==} - - quick-lru@5.1.1: - resolution: {integrity: sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==} - engines: {node: '>=10'} - radix3@1.1.2: resolution: {integrity: sha512-b484I/7b8rDEdSDKckSSBA8knMpcdsXudlE/LNL639wFoHKwLbEkQFZHWEYwDC0wa0FKUcCY+GAF73Z7wxNVFA==} @@ -5138,9 +4823,6 @@ packages: resolution: {integrity: sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==} engines: {node: '>=0.10.0'} - resolve-alpn@1.2.1: - resolution: {integrity: sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g==} - resolve-dir@1.0.1: resolution: {integrity: sha512-R7uiTjECzvOsWSfdM0QKFNBVFcK27aHOUwdvK53BcW8zqnGdYp0Fbj82cy54+2A4P2tFM22J5kRfe1R+lM/1yg==} engines: {node: '>=0.10.0'} @@ -5156,9 +4838,6 @@ packages: resolve-pkg-maps@1.0.0: resolution: {integrity: sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw==} - responselike@2.0.1: - resolution: {integrity: sha512-4gl03wn3hj1HP3yzgdI7d3lCkF95F21Pz4BPGvKHinyQzALR5CapwC8yIi0Rh58DEMQ/SguC03wFj2k0M/mHhw==} - restore-cursor@3.1.0: resolution: {integrity: sha512-l+sSefzHpj5qimhFSE5a8nufZYAM3sBSVMAPtYkmC+4EH2anSGaEMXSD0izRQbu9nfyQ9y5JrVmp7E8oZrUjvA==} engines: {node: '>=8'} @@ -5183,13 +4862,6 @@ packages: retext@9.0.0: resolution: {integrity: sha512-sbMDcpHCNjvlheSgMfEcVrZko3cDzdbe1x/e7G66dFp0Ff7Mldvi2uv6JkJQzdRcvLYE8CA8Oe8siQx8ZOgTcA==} - reusify@1.1.0: - resolution: {integrity: sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==} - engines: {iojs: '>=1.0.0', node: '>=0.10.0'} - - rfc4648@1.5.4: - resolution: {integrity: sha512-rRg/6Lb+IGfJqO05HZkN50UtY7K/JhxJag1kP23+zyMfrvoB0B7RWv06MbOzoc79RgCdNTiUaNsTT1AJZ7Z+cg==} - rfdc@1.4.1: resolution: {integrity: sha512-q1b3N5QkRUWUl7iyylaaj3kOpIT0N2i9MqIEQXP73GVsN9cw3fdx8X63cEmWhJGi2PPCF23Ijp7ktmd39rawIA==} @@ -5217,9 +4889,6 @@ packages: resolution: {integrity: sha512-tvVnVv01b8c1RrA6Ep7JkStj85Guv/YrMcwqYQnwjsAS2cTmmPGBBjAjpCW7RrSodNSoE2/qg9O4bceNvUuDgQ==} engines: {node: '>=0.12.0'} - run-parallel@1.2.0: - resolution: {integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==} - rw@1.3.3: resolution: {integrity: sha512-PdhdWy89SiZogBLaw42zdeqtRJ//zFd2PgQavcICDUgJT5oW10QCRKbJ6bg4r0/UY2M6BWd5tkxuGFRvCkgfHQ==} @@ -5335,14 +5004,6 @@ packages: resolution: {integrity: sha512-Gz11jbNU0plrReU9Sj7fmshSBxxJ9ShdD2q4ktHIHo/rpTH6lFyQoYHYKINPJtPe8aHFnsbtW46Ls0tCCBsIZg==} engines: {node: '>=0.10'} - snyk-config@5.3.0: - resolution: {integrity: sha512-YPxhYZXBXgnYdvovwlKf5JYcOp+nxB7lel3tWLarYqZ4hwxN118FodIFb8nSqMrepsPdyOaQYKKnrTYqvQeaJA==} - - snyk-nodejs-lockfile-parser@2.8.1: - resolution: {integrity: sha512-DlUuMVcKC+zZkSYKLsOTuoqDc6SneG1zN8hqc5p5gi8pvhr4AoCgHScICbLoW9ZnukLZi5gMOLVFF/ea61dv/A==} - engines: {node: ^20.19.0 || ^22.13.0 || >=24.0.0, npm: '>=10'} - hasBin: true - socks-proxy-agent@8.0.5: resolution: {integrity: sha512-HehCEsotFqbPW9sJ8WVYB6UbmIMv7kUUORIF2Nncq4VQvBfNBLibW9YZR5dlYCSUhwcD628pRllm7n+E+YTzJw==} engines: {node: '>= 14'} @@ -5529,9 +5190,6 @@ packages: resolution: {integrity: sha512-wXR/dYpcqKmfWpEdZjiKJOwCNFndD0DMnrW/cYjVGttEkBfVgcLFHoNrlj47mjOVic9yyNu65alsgF4NQyTa2g==} engines: {node: '>=12.0.0'} - tinylogic@2.0.0: - resolution: {integrity: sha512-dljTkiLLITtsjqBvTA1MRZQK/sGP4kI3UJKc3yA9fMzYbMF2RhcN04SeROVqJBIYYOoJMM8u0WDnhFwMSFQotw==} - to-regex-range@5.0.1: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} @@ -5585,9 +5243,6 @@ packages: '@swc/wasm': optional: true - tslib@1.14.1: - resolution: {integrity: sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==} - tslib@2.8.1: resolution: {integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==} @@ -5619,9 +5274,6 @@ packages: resolution: {integrity: sha512-50QV99kCKH5P/Vs4E2Gzp7BopNV+KzTXqWeaxrfu5IQJBOULRsTIS9seSsOVT8ZnGXzCyx55nYWAi4qJzpZKEQ==} engines: {node: ^20.17.0 || >=22.9.0} - typanion@3.14.0: - resolution: {integrity: sha512-ZW/lVMRabETuYCd9O9ZvMhAh8GslSqaUjxmK/JLPCh6l73CvLBiuXswj/+7LdnWOgYsQ130FqLzFz5aGT4I3Ug==} - type-fest@0.21.3: resolution: {integrity: sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==} engines: {node: '>=10'} @@ -6005,10 +5657,6 @@ snapshots: call-me-maybe: 1.0.2 openapi-types: 12.1.3 - '@arcanis/slice-ansi@1.1.1': - dependencies: - grapheme-splitter: 1.0.4 - '@astrojs/compiler@4.0.0': {} '@astrojs/internal-helpers@0.10.0': @@ -6640,21 +6288,17 @@ snapshots: '@ctrl/tinycolor@4.2.0': {} - '@cyclonedx/cyclonedx-library@10.1.0(ajv-formats-draft2019@1.6.1(ajv@8.18.0))(ajv-formats@3.0.1(ajv@8.18.0))(ajv@8.18.0)(packageurl-js@2.0.1)(spdx-expression-parse@4.0.0)': - optionalDependencies: - ajv: 8.18.0 - ajv-formats: 3.0.1(ajv@8.18.0) - ajv-formats-draft2019: 1.6.1(ajv@8.18.0) - packageurl-js: 2.0.1 - spdx-expression-parse: 4.0.0 - - '@cyclonedx/cyclonedx-library@10.1.0(ajv-formats-draft2019@1.6.1(ajv@8.20.0))(ajv-formats@3.0.1(ajv@8.20.0))(ajv@8.20.0)(packageurl-js@2.0.1)(spdx-expression-parse@4.0.0)': + '@cyclonedx/cyclonedx-library@10.1.0(ajv-formats-draft2019@1.6.1(ajv@8.20.0))(ajv-formats@3.0.1(ajv@8.20.0))(ajv@8.20.0)(spdx-expression-parse@3.0.1)': optionalDependencies: ajv: 8.20.0 ajv-formats: 3.0.1(ajv@8.20.0) ajv-formats-draft2019: 1.6.1(ajv@8.20.0) - packageurl-js: 2.0.1 - spdx-expression-parse: 4.0.0 + spdx-expression-parse: 3.0.1 + + '@cyclonedx/cyclonedx-library@10.1.0(ajv-formats@3.0.1(ajv@8.18.0))(ajv@8.18.0)': + optionalDependencies: + ajv: 8.18.0 + ajv-formats: 3.0.1(ajv@8.18.0) '@emnapi/runtime@1.11.1': dependencies: @@ -7174,18 +6818,6 @@ snapshots: '@nodable/entities@2.2.0': {} - '@nodelib/fs.scandir@2.1.5': - dependencies: - '@nodelib/fs.stat': 2.0.5 - run-parallel: 1.2.0 - - '@nodelib/fs.stat@2.0.5': {} - - '@nodelib/fs.walk@1.2.8': - dependencies: - '@nodelib/fs.scandir': 2.1.5 - fastq: 1.20.1 - '@npmcli/agent@4.0.2': dependencies: agent-base: 7.1.4 @@ -7329,12 +6961,6 @@ snapshots: '@pagefind/windows-x64@1.5.2': optional: true - '@pnpm/crypto.base32-hash@1.0.1': - dependencies: - rfc4648: 1.5.4 - - '@pnpm/types@8.9.0': {} - '@protobufjs/aspromise@1.1.2': optional: true @@ -7600,8 +7226,6 @@ snapshots: '@simple-libs/stream-utils@1.2.0': {} - '@sindresorhus/is@4.6.0': {} - '@smithy/core@3.26.0': dependencies: '@aws-crypto/crc32': 5.2.0 @@ -7650,51 +7274,6 @@ snapshots: '@smithy/util-buffer-from': 2.2.0 tslib: 2.8.1 - '@snyk/dep-graph@2.16.9': - dependencies: - event-loop-spinner: 2.3.2 - lodash.clone: 4.5.0 - lodash.constant: 3.0.0 - lodash.filter: 4.6.0 - lodash.foreach: 4.5.0 - lodash.isempty: 4.4.0 - lodash.isequal: 4.5.0 - lodash.isfunction: 3.0.9 - lodash.isundefined: 3.0.1 - lodash.map: 4.6.0 - lodash.reduce: 4.6.0 - lodash.size: 4.2.0 - lodash.transform: 4.6.0 - lodash.union: 4.6.0 - lodash.values: 4.3.0 - object-hash: 3.0.0 - packageurl-js: 2.0.1 - semver: 7.8.4 - tslib: 2.8.1 - - '@snyk/error-catalog-nodejs-public@5.82.0': - dependencies: - tslib: 2.8.1 - uuid: 14.0.0 - - '@snyk/graphlib@2.1.9-patch.3': - dependencies: - lodash.clone: 4.5.0 - lodash.constant: 3.0.0 - lodash.filter: 4.6.0 - lodash.foreach: 4.5.0 - lodash.has: 4.5.2 - lodash.isempty: 4.4.0 - lodash.isfunction: 3.0.9 - lodash.isundefined: 3.0.1 - lodash.keys: 4.2.0 - lodash.map: 4.6.0 - lodash.reduce: 4.6.0 - lodash.size: 4.2.0 - lodash.transform: 4.6.0 - lodash.union: 4.6.0 - lodash.values: 4.3.0 - '@sourcegraph/scip-python@0.6.6(@types/node@25.9.3)(typescript@6.0.3)': dependencies: '@iarna/toml': 2.2.5 @@ -7718,10 +7297,6 @@ snapshots: progress: 2.0.3 typescript: 5.9.3 - '@szmarczak/http-timer@4.0.6': - dependencies: - defer-to-connect: 2.0.1 - '@ts-morph/common@0.29.0': dependencies: minimatch: 10.2.5 @@ -7746,13 +7321,6 @@ snapshots: '@types/braces@3.0.5': {} - '@types/cacheable-request@6.0.3': - dependencies: - '@types/http-cache-semantics': 4.2.0 - '@types/keyv': 3.1.4 - '@types/node': 25.9.3 - '@types/responselike': 1.0.3 - '@types/d3-array@3.2.2': {} '@types/d3-axis@3.0.6': @@ -7874,8 +7442,6 @@ snapshots: dependencies: '@types/ms': 2.1.0 - '@types/emscripten@1.41.5': {} - '@types/estree-jsx@1.0.5': dependencies: '@types/estree': 1.0.9 @@ -7890,16 +7456,10 @@ snapshots: dependencies: '@types/unist': 3.0.3 - '@types/http-cache-semantics@4.2.0': {} - '@types/js-yaml@4.0.9': {} '@types/json-schema@7.0.15': {} - '@types/keyv@3.1.4': - dependencies: - '@types/node': 25.9.3 - '@types/mdast@4.0.4': dependencies: '@types/unist': 3.0.3 @@ -7926,22 +7486,14 @@ snapshots: '@types/picomatch@4.0.3': {} - '@types/responselike@1.0.3': - dependencies: - '@types/node': 25.9.3 - '@types/sarif@2.1.7': {} '@types/sax@1.2.7': dependencies: '@types/node': 25.9.3 - '@types/semver@7.7.1': {} - '@types/spdx-correct@3.1.3': {} - '@types/treeify@1.0.3': {} - '@types/trusted-types@2.0.7': optional: true @@ -7962,67 +7514,6 @@ snapshots: d3-selection: 3.0.0 d3-transition: 3.0.1(d3-selection@3.0.0) - '@yarnpkg/core@4.9.0(typanion@3.14.0)': - dependencies: - '@arcanis/slice-ansi': 1.1.1 - '@types/semver': 7.7.1 - '@types/treeify': 1.0.3 - '@yarnpkg/fslib': 3.1.5 - '@yarnpkg/libzip': 3.2.2(@yarnpkg/fslib@3.1.5) - '@yarnpkg/parsers': 3.0.3 - '@yarnpkg/shell': 4.1.3(typanion@3.14.0) - camelcase: 5.3.1 - chalk: 4.1.2 - ci-info: 4.4.0 - clipanion: 4.0.0-rc.4(typanion@3.14.0) - cross-spawn: 7.0.6 - diff: 5.2.2 - dotenv: 16.6.1 - es-toolkit: 1.47.1 - fast-glob: 3.3.3 - got: 11.8.6 - hpagent: 1.2.0 - micromatch: 4.0.8 - p-limit: 2.3.0 - semver: 7.8.4 - strip-ansi: 6.0.1 - tar: 7.5.16 - tinylogic: 2.0.0 - treeify: 1.1.0 - tslib: 2.8.1 - transitivePeerDependencies: - - typanion - - '@yarnpkg/fslib@3.1.5': - dependencies: - tslib: 2.8.1 - - '@yarnpkg/libzip@3.2.2(@yarnpkg/fslib@3.1.5)': - dependencies: - '@types/emscripten': 1.41.5 - '@yarnpkg/fslib': 3.1.5 - tslib: 2.8.1 - - '@yarnpkg/lockfile@1.1.0': {} - - '@yarnpkg/parsers@3.0.3': - dependencies: - js-yaml: 4.2.0 - tslib: 2.8.1 - - '@yarnpkg/shell@4.1.3(typanion@3.14.0)': - dependencies: - '@yarnpkg/fslib': 3.1.5 - '@yarnpkg/parsers': 3.0.3 - chalk: 4.1.2 - clipanion: 4.0.0-rc.4(typanion@3.14.0) - cross-spawn: 7.0.6 - fast-glob: 3.3.3 - micromatch: 4.0.8 - tslib: 2.8.1 - transitivePeerDependencies: - - typanion - abbrev@2.0.0: {} abbrev@4.0.0: {} @@ -8046,24 +7537,10 @@ snapshots: agent-base@7.1.4: {} - aggregate-error@3.1.0: - dependencies: - clean-stack: 2.2.0 - indent-string: 4.0.0 - ajv-draft-04@1.0.0(ajv@8.18.0): optionalDependencies: ajv: 8.18.0 - ajv-formats-draft2019@1.6.1(ajv@8.18.0): - dependencies: - ajv: 8.18.0 - punycode: 2.3.1 - schemes: 1.4.0 - smtp-address-parser: 1.1.0 - uri-js: 4.4.1 - optional: true - ajv-formats-draft2019@1.6.1(ajv@8.20.0): dependencies: ajv: 8.20.0 @@ -8239,8 +7716,6 @@ snapshots: - uploadthing - yaml - async@3.2.6: {} - at-least-node@1.0.0: {} axobject-query@4.1.0: {} @@ -8335,18 +7810,6 @@ snapshots: p-map: 7.0.4 ssri: 13.0.1 - cacheable-lookup@5.0.4: {} - - cacheable-request@7.0.4: - dependencies: - clone-response: 1.0.3 - get-stream: 5.2.0 - http-cache-semantics: 4.2.0 - keyv: 4.5.4 - lowercase-keys: 2.0.0 - normalize-url: 6.1.0 - responselike: 2.0.1 - cachedir@2.4.0: {} call-bind-apply-helpers@1.0.2: @@ -8363,8 +7826,6 @@ snapshots: callsites@3.1.0: {} - camelcase@5.3.1: {} - ccount@2.0.1: {} chalk@2.4.2: @@ -8412,8 +7873,6 @@ snapshots: ci-info@4.4.0: {} - clean-stack@2.2.0: {} - cli-cursor@3.1.0: dependencies: restore-cursor: 3.1.0 @@ -8437,20 +7896,12 @@ snapshots: cli-width@3.0.0: {} - clipanion@4.0.0-rc.4(typanion@3.14.0): - dependencies: - typanion: 3.14.0 - cliui@9.0.1: dependencies: string-width: 7.2.0 strip-ansi: 7.2.0 wrap-ansi: 9.0.2 - clone-response@1.0.3: - dependencies: - mimic-response: 1.0.1 - clone@1.0.4: {} clsx@2.1.1: {} @@ -8851,18 +8302,12 @@ snapshots: dependencies: character-entities: 2.0.2 - decompress-response@6.0.0: - dependencies: - mimic-response: 3.1.0 - dedent@0.7.0: {} defaults@1.0.4: dependencies: clone: 1.0.4 - defer-to-connect@2.0.1: {} - defu@6.1.7: {} delaunator@5.1.0: @@ -8871,13 +8316,6 @@ snapshots: depd@2.0.0: {} - dependency-path@9.2.8: - dependencies: - '@pnpm/crypto.base32-hash': 1.0.1 - '@pnpm/types': 8.9.0 - encode-registry: 3.0.1 - semver: 7.8.4 - dequal@2.0.3: {} destr@2.0.5: {} @@ -8930,8 +8368,6 @@ snapshots: dependencies: is-obj: 2.0.0 - dotenv@16.6.1: {} - dset@3.1.4: {} dunder-proto@1.0.1: @@ -8946,16 +8382,8 @@ snapshots: emoji-regex@8.0.0: {} - encode-registry@3.0.1: - dependencies: - mem: 8.1.1 - encodeurl@2.0.0: {} - end-of-stream@1.4.5: - dependencies: - once: 1.4.0 - entities@4.5.0: {} entities@6.0.1: {} @@ -8984,8 +8412,6 @@ snapshots: es-toolkit@1.47.0: optional: true - es-toolkit@1.47.1: {} - es-toolkit@1.48.1: {} esast-util-from-estree@2.0.0: @@ -9076,10 +8502,6 @@ snapshots: etag@1.8.1: {} - event-loop-spinner@2.3.2: - dependencies: - tslib: 2.8.1 - eventemitter3@5.0.4: {} events@3.3.0: {} @@ -9145,14 +8567,6 @@ snapshots: fast-deep-equal@3.1.3: {} - fast-glob@3.3.3: - dependencies: - '@nodelib/fs.stat': 2.0.5 - '@nodelib/fs.walk': 1.2.8 - glob-parent: 5.1.2 - merge2: 1.4.1 - micromatch: 4.0.8 - fast-string-truncated-width@3.0.3: {} fast-string-width@3.0.2: @@ -9179,10 +8593,6 @@ snapshots: strnum: 2.4.1 xml-naming: 0.1.0 - fastq@1.20.1: - dependencies: - reusify: 1.1.0 - fdir@6.5.0(picomatch@4.0.4): optionalDependencies: picomatch: 4.0.4 @@ -9286,10 +8696,6 @@ snapshots: dunder-proto: 1.0.1 es-object-atoms: 1.1.1 - get-stream@5.2.0: - dependencies: - pump: 3.0.4 - get-tsconfig@5.0.0-beta.4: dependencies: resolve-pkg-maps: 1.0.0 @@ -9345,26 +8751,10 @@ snapshots: gopd@1.2.0: {} - got@11.8.6: - dependencies: - '@sindresorhus/is': 4.6.0 - '@szmarczak/http-timer': 4.0.6 - '@types/cacheable-request': 6.0.3 - '@types/responselike': 1.0.3 - cacheable-lookup: 5.0.4 - cacheable-request: 7.0.4 - decompress-response: 6.0.0 - http2-wrapper: 1.0.3 - lowercase-keys: 2.0.0 - p-cancelable: 2.1.1 - responselike: 2.0.1 - gpt-tokenizer@3.4.0: {} graceful-fs@4.2.11: {} - grapheme-splitter@1.0.4: {} - graphology-dag@0.4.1(graphology-types@0.24.8): dependencies: graphology-types: 0.24.8 @@ -9640,8 +9030,6 @@ snapshots: dependencies: lru-cache: 11.5.1 - hpagent@1.2.0: {} - html-escaper@3.0.3: {} html-void-elements@3.0.0: {} @@ -9665,11 +9053,6 @@ snapshots: transitivePeerDependencies: - supports-color - http2-wrapper@1.0.3: - dependencies: - quick-lru: 5.1.1 - resolve-alpn: 1.2.1 - https-proxy-agent@7.0.6: dependencies: agent-base: 7.1.4 @@ -9702,8 +9085,6 @@ snapshots: import-meta-resolve@4.2.0: {} - indent-string@4.0.0: {} - inflight@1.0.6: dependencies: once: 1.4.0 @@ -9824,8 +9205,6 @@ snapshots: dependencies: argparse: 2.0.1 - json-buffer@3.0.1: {} - json-parse-even-better-errors@2.3.1: {} json-parse-even-better-errors@5.0.0: {} @@ -9854,10 +9233,6 @@ snapshots: dependencies: commander: 8.3.0 - keyv@4.5.4: - dependencies: - json-buffer: 3.0.1 - khroma@2.1.0: {} klona@2.0.6: {} @@ -9942,46 +9317,10 @@ snapshots: lodash-es@4.18.1: {} - lodash.clone@4.5.0: {} - lodash.clonedeep@4.5.0: {} - lodash.constant@3.0.0: {} - - lodash.filter@4.6.0: {} - - lodash.flatmap@4.5.0: {} - - lodash.foreach@4.5.0: {} - - lodash.has@4.5.2: {} - - lodash.isempty@4.4.0: {} - - lodash.isequal@4.5.0: {} - - lodash.isfunction@3.0.9: {} - - lodash.isundefined@3.0.1: {} - - lodash.keys@4.2.0: {} - lodash.map@4.6.0: {} - lodash.merge@4.6.2: {} - - lodash.reduce@4.6.0: {} - - lodash.size@4.2.0: {} - - lodash.topairs@4.3.0: {} - - lodash.transform@4.6.0: {} - - lodash.union@4.6.0: {} - - lodash.values@4.3.0: {} - lodash@4.18.0: {} lodash@4.18.1: {} @@ -10006,8 +9345,6 @@ snapshots: longest@2.0.1: {} - lowercase-keys@2.0.0: {} - lru-cache@11.5.1: {} magic-string@0.30.21: @@ -10039,10 +9376,6 @@ snapshots: transitivePeerDependencies: - supports-color - map-age-cleaner@0.1.3: - dependencies: - p-defer: 1.0.0 - markdown-extensions@2.0.0: {} markdown-table@3.0.4: {} @@ -10240,17 +9573,10 @@ snapshots: media-typer@1.1.0: {} - mem@8.1.1: - dependencies: - map-age-cleaner: 0.1.3 - mimic-fn: 3.1.0 - meow@13.2.0: {} merge-descriptors@2.0.0: {} - merge2@1.4.1: {} - merge@2.1.1: {} mermaid-isomorphic@3.1.0(playwright@1.61.1): @@ -10572,14 +9898,8 @@ snapshots: mimic-fn@2.1.0: {} - mimic-fn@3.1.0: {} - mimic-function@5.0.1: {} - mimic-response@1.0.1: {} - - mimic-response@3.1.0: {} - mini-svg-data-uri@1.4.4: {} minimatch@10.2.5: @@ -10697,8 +10017,6 @@ snapshots: normalize-path@3.0.0: {} - normalize-url@6.1.0: {} - npm-bundled@5.0.0: dependencies: npm-normalize-package-bin: 5.0.0 @@ -10747,8 +10065,6 @@ snapshots: object-assign@4.1.1: {} - object-hash@3.0.0: {} - object-inspect@1.13.4: {} obliterator@2.0.5: {} @@ -10814,22 +10130,10 @@ snapshots: strip-ansi: 6.0.1 wcwidth: 1.0.1 - p-cancelable@2.1.1: {} - - p-defer@1.0.0: {} - - p-limit@2.3.0: - dependencies: - p-try: 2.2.0 - p-limit@7.3.0: dependencies: yocto-queue: 1.2.2 - p-map@4.0.0: - dependencies: - aggregate-error: 3.1.0 - p-map@7.0.4: {} p-queue@9.3.0: @@ -10839,12 +10143,8 @@ snapshots: p-timeout@7.0.1: {} - p-try@2.2.0: {} - package-manager-detector@1.6.0: {} - packageurl-js@2.0.1: {} - pacote@21.5.1: dependencies: '@gar/promise-retry': 1.0.3 @@ -10981,13 +10281,10 @@ snapshots: path-data-parser: 0.1.0 points-on-curve: 0.2.0 - postcss-load-config@6.0.1(jiti@2.6.1)(postcss@8.5.15)(tsx@4.22.4)(yaml@2.9.0): + postcss-load-config@6.0.1(yaml@2.9.0): dependencies: lilconfig: 3.1.3 optionalDependencies: - jiti: 2.6.1 - postcss: 8.5.15 - tsx: 4.22.4 yaml: 2.9.0 postcss-nested@6.2.0(postcss@8.5.15): @@ -11045,21 +10342,12 @@ snapshots: forwarded: 0.2.0 ipaddr.js: 1.9.1 - pump@3.0.4: - dependencies: - end-of-stream: 1.4.5 - once: 1.4.0 - punycode@2.3.1: {} qs@6.15.2: dependencies: side-channel: 1.1.0 - queue-microtask@1.2.3: {} - - quick-lru@5.1.1: {} - radix3@1.1.2: {} railroad-diagrams@1.0.0: {} @@ -11261,8 +10549,6 @@ snapshots: require-from-string@2.0.2: {} - resolve-alpn@1.2.1: {} - resolve-dir@1.0.1: dependencies: expand-tilde: 2.0.2 @@ -11274,10 +10560,6 @@ snapshots: resolve-pkg-maps@1.0.0: {} - responselike@2.0.1: - dependencies: - lowercase-keys: 2.0.0 - restore-cursor@3.1.0: dependencies: onetime: 5.1.2 @@ -11315,10 +10597,6 @@ snapshots: retext-stringify: 4.0.0 unified: 11.0.5 - reusify@1.1.0: {} - - rfc4648@1.5.4: {} - rfdc@1.4.1: {} robust-predicates@3.0.3: {} @@ -11404,10 +10682,6 @@ snapshots: run-async@2.4.1: {} - run-parallel@1.2.0: - dependencies: - queue-microtask: 1.2.3 - rw@1.3.3: {} rxjs@7.8.2: @@ -11606,40 +10880,6 @@ snapshots: dependencies: nearley: 2.20.1 - snyk-config@5.3.0: - dependencies: - async: 3.2.6 - debug: 4.4.3 - lodash.merge: 4.6.2 - minimist: 1.2.8 - transitivePeerDependencies: - - supports-color - - snyk-nodejs-lockfile-parser@2.8.1(typanion@3.14.0): - dependencies: - '@snyk/dep-graph': 2.16.9 - '@snyk/error-catalog-nodejs-public': 5.82.0 - '@snyk/graphlib': 2.1.9-patch.3 - '@yarnpkg/core': 4.9.0(typanion@3.14.0) - '@yarnpkg/lockfile': 1.1.0 - debug: 4.4.3 - dependency-path: 9.2.8 - event-loop-spinner: 2.3.2 - js-yaml: 4.2.0 - lodash.clonedeep: 4.5.0 - lodash.flatmap: 4.5.0 - lodash.isempty: 4.4.0 - lodash.topairs: 4.3.0 - micromatch: 4.0.8 - p-map: 4.0.0 - semver: 7.8.4 - snyk-config: 5.3.0 - tslib: 1.14.1 - uuid: 14.0.0 - transitivePeerDependencies: - - supports-color - - typanion - socks-proxy-agent@8.0.5: dependencies: agent-base: 7.1.4 @@ -11873,8 +11113,6 @@ snapshots: fdir: 6.5.0(picomatch@4.0.4) picomatch: 4.0.4 - tinylogic@2.0.0: {} - to-regex-range@5.0.1: dependencies: is-number: 7.0.0 @@ -11921,11 +11159,9 @@ snapshots: v8-compile-cache-lib: 3.0.1 yn: 3.1.1 - tslib@1.14.1: {} - tslib@2.8.1: {} - tsup@8.5.1(jiti@2.6.1)(postcss@8.5.15)(tsx@4.22.4)(typescript@6.0.3)(yaml@2.9.0): + tsup@8.5.1(typescript@6.0.3)(yaml@2.9.0): dependencies: bundle-require: 5.1.0(esbuild@0.28.1) cac: 6.7.14 @@ -11936,7 +11172,7 @@ snapshots: fix-dts-default-cjs-exports: 1.0.1 joycon: 3.1.1 picocolors: 1.1.1 - postcss-load-config: 6.0.1(jiti@2.6.1)(postcss@8.5.15)(tsx@4.22.4)(yaml@2.9.0) + postcss-load-config: 6.0.1(yaml@2.9.0) resolve-from: 5.0.0 rollup: 4.60.3 source-map: 0.7.6 @@ -11945,7 +11181,6 @@ snapshots: tinyglobby: 0.2.16 tree-kill: 1.2.2 optionalDependencies: - postcss: 8.5.15 typescript: 6.0.3 transitivePeerDependencies: - jiti @@ -11967,8 +11202,6 @@ snapshots: transitivePeerDependencies: - supports-color - typanion@3.14.0: {} - type-fest@0.21.3: {} type-is@2.1.0: @@ -12278,7 +11511,6 @@ time: playwright@1.61.1: '2026-06-23T19:49:00.061Z' rehype-mermaid@3.0.0: '2024-10-08T18:54:56.311Z' sharp@0.35.2: '2026-06-19T13:47:27.073Z' - snyk-nodejs-lockfile-parser@2.8.1: '2026-06-16T14:45:43.111Z' spdx-correct@3.2.0: '2023-03-07T01:53:18.381Z' starlight-links-validator@0.24.1: '2026-06-12T09:46:53.691Z' starlight-llms-txt@0.10.0: '2026-05-14T09:22:12.691Z'