diff --git a/opencti-platform/opencti-graphql/package.json b/opencti-platform/opencti-graphql/package.json index bb68df2d3dcc7..062aa27c492d5 100644 --- a/opencti-platform/opencti-graphql/package.json +++ b/opencti-platform/opencti-graphql/package.json @@ -122,7 +122,7 @@ "node-fetch": "3.3.2", "nodemailer": "6.9.11", "openai": "4.28.4", - "openid-client": "5.6.4", + "openid-client": "5.6.5", "opentelemetry-node-metrics": "3.0.0", "otplib": "12.0.1", "passport": "0.7.0", @@ -208,5 +208,8 @@ "domino": "patch:domino@2.1.6#./patch/domino-2.1.6.patch", "graphql": "patch:graphql@16.8.1#./patch/graphql-16.8.1.patch" }, + "workspaces": [ + "packages/*" + ], "packageManager": "yarn@4.1.0" } diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/client.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/client.js new file mode 100644 index 0000000000000..dc8f927c70367 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/client.js @@ -0,0 +1,1849 @@ +const { inspect } = require('util'); +const stdhttp = require('http'); +const crypto = require('crypto'); +const { strict: assert } = require('assert'); +const querystring = require('querystring'); +const url = require('url'); +const { URL, URLSearchParams } = require('url'); + +const jose = require('jose'); +const tokenHash = require('oidc-token-hash'); + +const isKeyObject = require('./helpers/is_key_object'); +const decodeJWT = require('./helpers/decode_jwt'); +const base64url = require('./helpers/base64url'); +const defaults = require('./helpers/defaults'); +const parseWwwAuthenticate = require('./helpers/www_authenticate_parser'); +const { assertSigningAlgValuesSupport, assertIssuerConfiguration } = require('./helpers/assert'); +const pick = require('./helpers/pick'); +const isPlainObject = require('./helpers/is_plain_object'); +const processResponse = require('./helpers/process_response'); +const TokenSet = require('./token_set'); +const { OPError, RPError } = require('./errors'); +const now = require('./helpers/unix_timestamp'); +const { random } = require('./helpers/generators'); +const request = require('./helpers/request'); +const { CLOCK_TOLERANCE } = require('./helpers/consts'); +const { keystores } = require('./helpers/weak_cache'); +const KeyStore = require('./helpers/keystore'); +const clone = require('./helpers/deep_clone'); +const { authenticatedPost, resolveResponseType, resolveRedirectUri } = require('./helpers/client'); +const { queryKeyStore } = require('./helpers/issuer'); +const DeviceFlowHandle = require('./device_flow_handle'); + +const [major, minor] = process.version + .slice(1) + .split('.') + .map((str) => parseInt(str, 10)); + +const rsaPssParams = major >= 17 || (major === 16 && minor >= 9); +const retryAttempt = Symbol(); +const skipNonceCheck = Symbol(); +const skipMaxAgeCheck = Symbol(); + +function pickCb(input) { + return pick( + input, + 'access_token', // OAuth 2.0 + 'code', // OAuth 2.0 + 'error_description', // OAuth 2.0 + 'error_uri', // OAuth 2.0 + 'error', // OAuth 2.0 + 'expires_in', // OAuth 2.0 + 'id_token', // OIDC Core 1.0 + 'iss', // draft-ietf-oauth-iss-auth-resp + 'response', // FAPI JARM + 'session_state', // OIDC Session Management + 'state', // OAuth 2.0 + 'token_type', // OAuth 2.0 + ); +} + +function authorizationHeaderValue(token, tokenType = 'Bearer') { + return `${tokenType} ${token}`; +} + +function getSearchParams(input) { + const parsed = url.parse(input); + if (!parsed.search) return {}; + return querystring.parse(parsed.search.substring(1)); +} + +function verifyPresence(payload, jwt, prop) { + if (payload[prop] === undefined) { + throw new RPError({ + message: `missing required JWT property ${prop}`, + jwt, + }); + } +} + +function authorizationParams(params) { + const authParams = { + client_id: this.client_id, + scope: 'openid', + response_type: resolveResponseType.call(this), + redirect_uri: resolveRedirectUri.call(this), + ...params, + }; + + Object.entries(authParams).forEach(([key, value]) => { + if (value === null || value === undefined) { + delete authParams[key]; + } else if (key === 'claims' && typeof value === 'object') { + authParams[key] = JSON.stringify(value); + } else if (key === 'resource' && Array.isArray(value)) { + authParams[key] = value; + } else if (typeof value !== 'string') { + authParams[key] = String(value); + } + }); + + return authParams; +} + +function getKeystore(jwks) { + if ( + !isPlainObject(jwks) || + !Array.isArray(jwks.keys) || + jwks.keys.some((k) => !isPlainObject(k) || !('kty' in k)) + ) { + throw new TypeError('jwks must be a JSON Web Key Set formatted object'); + } + + return KeyStore.fromJWKS(jwks, { onlyPrivate: true }); +} + +// if an OP doesnt support client_secret_basic but supports client_secret_post, use it instead +// this is in place to take care of most common pitfalls when first using discovered Issuers without +// the support for default values defined by Discovery 1.0 +function checkBasicSupport(client, properties) { + try { + const supported = client.issuer.token_endpoint_auth_methods_supported; + if (!supported.includes(properties.token_endpoint_auth_method)) { + if (supported.includes('client_secret_post')) { + properties.token_endpoint_auth_method = 'client_secret_post'; + } + } + } catch (err) {} +} + +function handleCommonMistakes(client, metadata, properties) { + if (!metadata.token_endpoint_auth_method) { + // if no explicit value was provided + checkBasicSupport(client, properties); + } + + // :fp: c'mon people... RTFM + if (metadata.redirect_uri) { + if (metadata.redirect_uris) { + throw new TypeError('provide a redirect_uri or redirect_uris, not both'); + } + properties.redirect_uris = [metadata.redirect_uri]; + delete properties.redirect_uri; + } + + if (metadata.response_type) { + if (metadata.response_types) { + throw new TypeError('provide a response_type or response_types, not both'); + } + properties.response_types = [metadata.response_type]; + delete properties.response_type; + } +} + +function getDefaultsForEndpoint(endpoint, issuer, properties) { + if (!issuer[`${endpoint}_endpoint`]) return; + + const tokenEndpointAuthMethod = properties.token_endpoint_auth_method; + const tokenEndpointAuthSigningAlg = properties.token_endpoint_auth_signing_alg; + + const eam = `${endpoint}_endpoint_auth_method`; + const easa = `${endpoint}_endpoint_auth_signing_alg`; + + if (properties[eam] === undefined && properties[easa] === undefined) { + if (tokenEndpointAuthMethod !== undefined) { + properties[eam] = tokenEndpointAuthMethod; + } + if (tokenEndpointAuthSigningAlg !== undefined) { + properties[easa] = tokenEndpointAuthSigningAlg; + } + } +} + +class BaseClient { + #metadata; + #issuer; + #aadIssValidation; + #additionalAuthorizedParties; + constructor(issuer, aadIssValidation, metadata = {}, jwks, options) { + this.#metadata = new Map(); + this.#issuer = issuer; + this.#aadIssValidation = aadIssValidation; + + if (typeof metadata.client_id !== 'string' || !metadata.client_id) { + throw new TypeError('client_id is required'); + } + + const properties = { + grant_types: ['authorization_code'], + id_token_signed_response_alg: 'RS256', + authorization_signed_response_alg: 'RS256', + response_types: ['code'], + token_endpoint_auth_method: 'client_secret_basic', + ...(this.fapi() + ? { + grant_types: ['authorization_code', 'implicit'], + id_token_signed_response_alg: 'PS256', + authorization_signed_response_alg: 'PS256', + response_types: ['code id_token'], + tls_client_certificate_bound_access_tokens: true, + token_endpoint_auth_method: undefined, + } + : undefined), + ...metadata, + }; + + if (this.fapi()) { + switch (properties.token_endpoint_auth_method) { + case 'self_signed_tls_client_auth': + case 'tls_client_auth': + break; + case 'private_key_jwt': + if (!jwks) { + throw new TypeError('jwks is required'); + } + break; + case undefined: + throw new TypeError('token_endpoint_auth_method is required'); + default: + throw new TypeError('invalid or unsupported token_endpoint_auth_method'); + } + } + + handleCommonMistakes(this, metadata, properties); + + assertSigningAlgValuesSupport('token', this.issuer, properties); + ['introspection', 'revocation'].forEach((endpoint) => { + getDefaultsForEndpoint(endpoint, this.issuer, properties); + assertSigningAlgValuesSupport(endpoint, this.issuer, properties); + }); + + Object.entries(properties).forEach(([key, value]) => { + this.#metadata.set(key, value); + if (!this[key]) { + Object.defineProperty(this, key, { + get() { + return this.#metadata.get(key); + }, + enumerable: true, + }); + } + }); + + if (jwks !== undefined) { + const keystore = getKeystore.call(this, jwks); + keystores.set(this, keystore); + } + + if (options != null && options.additionalAuthorizedParties) { + this.#additionalAuthorizedParties = clone(options.additionalAuthorizedParties); + } + + this[CLOCK_TOLERANCE] = 0; + } + + authorizationUrl(params = {}) { + if (!isPlainObject(params)) { + throw new TypeError('params must be a plain object'); + } + assertIssuerConfiguration(this.issuer, 'authorization_endpoint'); + const target = new URL(this.issuer.authorization_endpoint); + + for (const [name, value] of Object.entries(authorizationParams.call(this, params))) { + if (Array.isArray(value)) { + target.searchParams.delete(name); + for (const member of value) { + target.searchParams.append(name, member); + } + } else { + target.searchParams.set(name, value); + } + } + + // TODO: is the replace needed? + return target.href.replace(/\+/g, '%20'); + } + + authorizationPost(params = {}) { + if (!isPlainObject(params)) { + throw new TypeError('params must be a plain object'); + } + const inputs = authorizationParams.call(this, params); + const formInputs = Object.keys(inputs) + .map((name) => ``) + .join('\n'); + + return ` + +Requesting Authorization + + +
+ ${formInputs} +
+ +`; + } + + endSessionUrl(params = {}) { + assertIssuerConfiguration(this.issuer, 'end_session_endpoint'); + + const { 0: postLogout, length } = this.post_logout_redirect_uris || []; + + const { post_logout_redirect_uri = length === 1 ? postLogout : undefined } = params; + + let id_token_hint; + ({ id_token_hint, ...params } = params); + if (id_token_hint instanceof TokenSet) { + if (!id_token_hint.id_token) { + throw new TypeError('id_token not present in TokenSet'); + } + id_token_hint = id_token_hint.id_token; + } + + const target = url.parse(this.issuer.end_session_endpoint); + const query = defaults( + getSearchParams(this.issuer.end_session_endpoint), + params, + { + post_logout_redirect_uri, + client_id: this.client_id, + }, + { id_token_hint }, + ); + + Object.entries(query).forEach(([key, value]) => { + if (value === null || value === undefined) { + delete query[key]; + } + }); + + target.search = null; + target.query = query; + + return url.format(target); + } + + callbackParams(input) { + const isIncomingMessage = + input instanceof stdhttp.IncomingMessage || (input && input.method && input.url); + const isString = typeof input === 'string'; + + if (!isString && !isIncomingMessage) { + throw new TypeError( + '#callbackParams only accepts string urls, http.IncomingMessage or a lookalike', + ); + } + if (isIncomingMessage) { + switch (input.method) { + case 'GET': + return pickCb(getSearchParams(input.url)); + case 'POST': + if (input.body === undefined) { + throw new TypeError( + 'incoming message body missing, include a body parser prior to this method call', + ); + } + switch (typeof input.body) { + case 'object': + case 'string': + if (Buffer.isBuffer(input.body)) { + return pickCb(querystring.parse(input.body.toString('utf-8'))); + } + if (typeof input.body === 'string') { + return pickCb(querystring.parse(input.body)); + } + + return pickCb(input.body); + default: + throw new TypeError('invalid IncomingMessage body object'); + } + default: + throw new TypeError('invalid IncomingMessage method'); + } + } else { + return pickCb(getSearchParams(input)); + } + } + + async callback( + redirectUri, + parameters, + checks = {}, + { exchangeBody, clientAssertionPayload, DPoP } = {}, + ) { + let params = pickCb(parameters); + + if (checks.jarm && !('response' in parameters)) { + throw new RPError({ + message: 'expected a JARM response', + checks, + params, + }); + } else if ('response' in parameters) { + const decrypted = await this.decryptJARM(params.response); + params = await this.validateJARM(decrypted); + } + + if (this.default_max_age && !checks.max_age) { + checks.max_age = this.default_max_age; + } + + if (params.state && !checks.state) { + throw new TypeError('checks.state argument is missing'); + } + + if (!params.state && checks.state) { + throw new RPError({ + message: 'state missing from the response', + checks, + params, + }); + } + + if (checks.state !== params.state) { + throw new RPError({ + printf: ['state mismatch, expected %s, got: %s', checks.state, params.state], + checks, + params, + }); + } + + if ('iss' in params) { + assertIssuerConfiguration(this.issuer, 'issuer'); + if (params.iss !== this.issuer.issuer) { + throw new RPError({ + printf: ['iss mismatch, expected %s, got: %s', this.issuer.issuer, params.iss], + params, + }); + } + } else if ( + this.issuer.authorization_response_iss_parameter_supported && + !('id_token' in params) && + !('response' in parameters) + ) { + throw new RPError({ + message: 'iss missing from the response', + params, + }); + } + + if (params.error) { + throw new OPError(params); + } + + const RESPONSE_TYPE_REQUIRED_PARAMS = { + code: ['code'], + id_token: ['id_token'], + token: ['access_token', 'token_type'], + }; + + if (checks.response_type) { + for (const type of checks.response_type.split(' ')) { + if (type === 'none') { + if (params.code || params.id_token || params.access_token) { + throw new RPError({ + message: 'unexpected params encountered for "none" response', + checks, + params, + }); + } + } else { + for (const param of RESPONSE_TYPE_REQUIRED_PARAMS[type]) { + if (!params[param]) { + throw new RPError({ + message: `${param} missing from response`, + checks, + params, + }); + } + } + } + } + } + + if (params.id_token) { + const tokenset = new TokenSet(params); + await this.decryptIdToken(tokenset); + await this.validateIdToken( + tokenset, + checks.nonce, + 'authorization', + checks.max_age, + checks.state, + ); + + if (!params.code) { + return tokenset; + } + } + + if (params.code) { + const tokenset = await this.grant( + { + ...exchangeBody, + grant_type: 'authorization_code', + code: params.code, + redirect_uri: redirectUri, + code_verifier: checks.code_verifier, + }, + { clientAssertionPayload, DPoP }, + ); + + await this.decryptIdToken(tokenset); + await this.validateIdToken(tokenset, checks.nonce, 'token', checks.max_age); + + if (params.session_state) { + tokenset.session_state = params.session_state; + } + + return tokenset; + } + + return new TokenSet(params); + } + + async oauthCallback( + redirectUri, + parameters, + checks = {}, + { exchangeBody, clientAssertionPayload, DPoP } = {}, + ) { + let params = pickCb(parameters); + + if (checks.jarm && !('response' in parameters)) { + throw new RPError({ + message: 'expected a JARM response', + checks, + params, + }); + } else if ('response' in parameters) { + const decrypted = await this.decryptJARM(params.response); + params = await this.validateJARM(decrypted); + } + + if (params.state && !checks.state) { + throw new TypeError('checks.state argument is missing'); + } + + if (!params.state && checks.state) { + throw new RPError({ + message: 'state missing from the response', + checks, + params, + }); + } + + if (checks.state !== params.state) { + throw new RPError({ + printf: ['state mismatch, expected %s, got: %s', checks.state, params.state], + checks, + params, + }); + } + + if ('iss' in params) { + assertIssuerConfiguration(this.issuer, 'issuer'); + if (params.iss !== this.issuer.issuer) { + throw new RPError({ + printf: ['iss mismatch, expected %s, got: %s', this.issuer.issuer, params.iss], + params, + }); + } + } else if ( + this.issuer.authorization_response_iss_parameter_supported && + !('id_token' in params) && + !('response' in parameters) + ) { + throw new RPError({ + message: 'iss missing from the response', + params, + }); + } + + if (params.error) { + throw new OPError(params); + } + + if (typeof params.id_token === 'string' && params.id_token.length) { + throw new RPError({ + message: + 'id_token detected in the response, you must use client.callback() instead of client.oauthCallback()', + params, + }); + } + delete params.id_token; + + const RESPONSE_TYPE_REQUIRED_PARAMS = { + code: ['code'], + token: ['access_token', 'token_type'], + }; + + if (checks.response_type) { + for (const type of checks.response_type.split(' ')) { + if (type === 'none') { + if (params.code || params.id_token || params.access_token) { + throw new RPError({ + message: 'unexpected params encountered for "none" response', + checks, + params, + }); + } + } + + if (RESPONSE_TYPE_REQUIRED_PARAMS[type]) { + for (const param of RESPONSE_TYPE_REQUIRED_PARAMS[type]) { + if (!params[param]) { + throw new RPError({ + message: `${param} missing from response`, + checks, + params, + }); + } + } + } + } + } + + if (params.code) { + const tokenset = await this.grant( + { + ...exchangeBody, + grant_type: 'authorization_code', + code: params.code, + redirect_uri: redirectUri, + code_verifier: checks.code_verifier, + }, + { clientAssertionPayload, DPoP }, + ); + + if (typeof tokenset.id_token === 'string' && tokenset.id_token.length) { + throw new RPError({ + message: + 'id_token detected in the response, you must use client.callback() instead of client.oauthCallback()', + params, + }); + } + delete tokenset.id_token; + + return tokenset; + } + + return new TokenSet(params); + } + + async decryptIdToken(token) { + if (!this.id_token_encrypted_response_alg) { + return token; + } + + let idToken = token; + + if (idToken instanceof TokenSet) { + if (!idToken.id_token) { + throw new TypeError('id_token not present in TokenSet'); + } + idToken = idToken.id_token; + } + + const expectedAlg = this.id_token_encrypted_response_alg; + const expectedEnc = this.id_token_encrypted_response_enc; + + const result = await this.decryptJWE(idToken, expectedAlg, expectedEnc); + + if (token instanceof TokenSet) { + token.id_token = result; + return token; + } + + return result; + } + + async validateJWTUserinfo(body) { + const expectedAlg = this.userinfo_signed_response_alg; + + return this.validateJWT(body, expectedAlg, []); + } + + async decryptJARM(response) { + if (!this.authorization_encrypted_response_alg) { + return response; + } + + const expectedAlg = this.authorization_encrypted_response_alg; + const expectedEnc = this.authorization_encrypted_response_enc; + + return this.decryptJWE(response, expectedAlg, expectedEnc); + } + + async decryptJWTUserinfo(body) { + if (!this.userinfo_encrypted_response_alg) { + return body; + } + + const expectedAlg = this.userinfo_encrypted_response_alg; + const expectedEnc = this.userinfo_encrypted_response_enc; + + return this.decryptJWE(body, expectedAlg, expectedEnc); + } + + async decryptJWE(jwe, expectedAlg, expectedEnc = 'A128CBC-HS256') { + const header = JSON.parse(base64url.decode(jwe.split('.')[0])); + + if (header.alg !== expectedAlg) { + throw new RPError({ + printf: ['unexpected JWE alg received, expected %s, got: %s', expectedAlg, header.alg], + jwt: jwe, + }); + } + + if (header.enc !== expectedEnc) { + throw new RPError({ + printf: ['unexpected JWE enc received, expected %s, got: %s', expectedEnc, header.enc], + jwt: jwe, + }); + } + + const getPlaintext = (result) => new TextDecoder().decode(result.plaintext); + let plaintext; + if (expectedAlg.match(/^(?:RSA|ECDH)/)) { + const keystore = await keystores.get(this); + + const protectedHeader = jose.decodeProtectedHeader(jwe); + + for (const key of keystore.all({ + ...protectedHeader, + use: 'enc', + })) { + plaintext = await jose + .compactDecrypt(jwe, await key.keyObject(protectedHeader.alg)) + .then(getPlaintext, () => {}); + if (plaintext) break; + } + } else { + plaintext = await jose + .compactDecrypt(jwe, this.secretForAlg(expectedAlg === 'dir' ? expectedEnc : expectedAlg)) + .then(getPlaintext, () => {}); + } + + if (!plaintext) { + throw new RPError({ + message: 'failed to decrypt JWE', + jwt: jwe, + }); + } + return plaintext; + } + + async validateIdToken(tokenSet, nonce, returnedBy, maxAge, state) { + let idToken = tokenSet; + + const expectedAlg = this.id_token_signed_response_alg; + + const isTokenSet = idToken instanceof TokenSet; + + if (isTokenSet) { + if (!idToken.id_token) { + throw new TypeError('id_token not present in TokenSet'); + } + idToken = idToken.id_token; + } + + idToken = String(idToken); + + const timestamp = now(); + const { protected: header, payload, key } = await this.validateJWT(idToken, expectedAlg); + + if (typeof maxAge === 'number' || (maxAge !== skipMaxAgeCheck && this.require_auth_time)) { + if (!payload.auth_time) { + throw new RPError({ + message: 'missing required JWT property auth_time', + jwt: idToken, + }); + } + if (typeof payload.auth_time !== 'number') { + throw new RPError({ + message: 'JWT auth_time claim must be a JSON numeric value', + jwt: idToken, + }); + } + } + + if ( + typeof maxAge === 'number' && + payload.auth_time + maxAge < timestamp - this[CLOCK_TOLERANCE] + ) { + throw new RPError({ + printf: [ + 'too much time has elapsed since the last End-User authentication, max_age %i, auth_time: %i, now %i', + maxAge, + payload.auth_time, + timestamp - this[CLOCK_TOLERANCE], + ], + now: timestamp, + tolerance: this[CLOCK_TOLERANCE], + auth_time: payload.auth_time, + jwt: idToken, + }); + } + + if ( + nonce !== skipNonceCheck && + (payload.nonce || nonce !== undefined) && + payload.nonce !== nonce + ) { + throw new RPError({ + printf: ['nonce mismatch, expected %s, got: %s', nonce, payload.nonce], + jwt: idToken, + }); + } + + if (returnedBy === 'authorization') { + if (!payload.at_hash && tokenSet.access_token) { + throw new RPError({ + message: 'missing required property at_hash', + jwt: idToken, + }); + } + + if (!payload.c_hash && tokenSet.code) { + throw new RPError({ + message: 'missing required property c_hash', + jwt: idToken, + }); + } + + if (this.fapi()) { + if (!payload.s_hash && (tokenSet.state || state)) { + throw new RPError({ + message: 'missing required property s_hash', + jwt: idToken, + }); + } + } + + if (payload.s_hash) { + if (!state) { + throw new TypeError('cannot verify s_hash, "checks.state" property not provided'); + } + + try { + tokenHash.validate( + { claim: 's_hash', source: 'state' }, + payload.s_hash, + state, + header.alg, + key.jwk && key.jwk.crv, + ); + } catch (err) { + throw new RPError({ message: err.message, jwt: idToken }); + } + } + } + + if (this.fapi() && payload.iat < timestamp - 3600) { + throw new RPError({ + printf: ['JWT issued too far in the past, now %i, iat %i', timestamp, payload.iat], + now: timestamp, + tolerance: this[CLOCK_TOLERANCE], + iat: payload.iat, + jwt: idToken, + }); + } + + if (tokenSet.access_token && payload.at_hash !== undefined) { + try { + tokenHash.validate( + { claim: 'at_hash', source: 'access_token' }, + payload.at_hash, + tokenSet.access_token, + header.alg, + key.jwk && key.jwk.crv, + ); + } catch (err) { + throw new RPError({ message: err.message, jwt: idToken }); + } + } + + if (tokenSet.code && payload.c_hash !== undefined) { + try { + tokenHash.validate( + { claim: 'c_hash', source: 'code' }, + payload.c_hash, + tokenSet.code, + header.alg, + key.jwk && key.jwk.crv, + ); + } catch (err) { + throw new RPError({ message: err.message, jwt: idToken }); + } + } + + return tokenSet; + } + + async validateJWT(jwt, expectedAlg, required = ['iss', 'sub', 'aud', 'exp', 'iat']) { + const isSelfIssued = this.issuer.issuer === 'https://self-issued.me'; + const timestamp = now(); + let header; + let payload; + try { + ({ header, payload } = decodeJWT(jwt, { complete: true })); + } catch (err) { + throw new RPError({ + printf: ['failed to decode JWT (%s: %s)', err.name, err.message], + jwt, + }); + } + + if (header.alg !== expectedAlg) { + throw new RPError({ + printf: ['unexpected JWT alg received, expected %s, got: %s', expectedAlg, header.alg], + jwt, + }); + } + + if (isSelfIssued) { + required = [...required, 'sub_jwk']; + } + + required.forEach(verifyPresence.bind(undefined, payload, jwt)); + + if (payload.iss !== undefined) { + let expectedIss = this.issuer.issuer; + + if (this.#aadIssValidation) { + expectedIss = this.issuer.issuer.replace('{tenantid}', payload.tid); + } + + if (payload.iss !== expectedIss) { + throw new RPError({ + printf: ['unexpected iss value, expected %s, got: %s', expectedIss, payload.iss], + jwt, + }); + } + } + + if (payload.iat !== undefined) { + if (typeof payload.iat !== 'number') { + throw new RPError({ + message: 'JWT iat claim must be a JSON numeric value', + jwt, + }); + } + } + + if (payload.nbf !== undefined) { + if (typeof payload.nbf !== 'number') { + throw new RPError({ + message: 'JWT nbf claim must be a JSON numeric value', + jwt, + }); + } + if (payload.nbf > timestamp + this[CLOCK_TOLERANCE]) { + throw new RPError({ + printf: [ + 'JWT not active yet, now %i, nbf %i', + timestamp + this[CLOCK_TOLERANCE], + payload.nbf, + ], + now: timestamp, + tolerance: this[CLOCK_TOLERANCE], + nbf: payload.nbf, + jwt, + }); + } + } + + if (payload.exp !== undefined) { + if (typeof payload.exp !== 'number') { + throw new RPError({ + message: 'JWT exp claim must be a JSON numeric value', + jwt, + }); + } + if (timestamp - this[CLOCK_TOLERANCE] >= payload.exp) { + throw new RPError({ + printf: ['JWT expired, now %i, exp %i', timestamp - this[CLOCK_TOLERANCE], payload.exp], + now: timestamp, + tolerance: this[CLOCK_TOLERANCE], + exp: payload.exp, + jwt, + }); + } + } + + if (payload.aud !== undefined) { + if (Array.isArray(payload.aud)) { + if (payload.aud.length > 1 && !payload.azp) { + throw new RPError({ + message: 'missing required JWT property azp', + jwt, + }); + } + + if (!payload.aud.includes(this.client_id)) { + throw new RPError({ + printf: [ + 'aud is missing the client_id, expected %s to be included in %j', + this.client_id, + payload.aud, + ], + jwt, + }); + } + } else if (payload.aud !== this.client_id) { + throw new RPError({ + printf: ['aud mismatch, expected %s, got: %s', this.client_id, payload.aud], + jwt, + }); + } + } + + if (payload.azp !== undefined) { + let additionalAuthorizedParties = this.#additionalAuthorizedParties; + + if (typeof additionalAuthorizedParties === 'string') { + additionalAuthorizedParties = [this.client_id, additionalAuthorizedParties]; + } else if (Array.isArray(additionalAuthorizedParties)) { + additionalAuthorizedParties = [this.client_id, ...additionalAuthorizedParties]; + } else { + additionalAuthorizedParties = [this.client_id]; + } + + if (!additionalAuthorizedParties.includes(payload.azp)) { + throw new RPError({ + printf: ['azp mismatch, got: %s', payload.azp], + jwt, + }); + } + } + + let keys; + + if (isSelfIssued) { + try { + assert(isPlainObject(payload.sub_jwk)); + const key = await jose.importJWK(payload.sub_jwk, header.alg); + assert.equal(key.type, 'public'); + keys = [ + { + keyObject() { + return key; + }, + }, + ]; + } catch (err) { + throw new RPError({ + message: 'failed to use sub_jwk claim as an asymmetric JSON Web Key', + jwt, + }); + } + if ((await jose.calculateJwkThumbprint(payload.sub_jwk)) !== payload.sub) { + throw new RPError({ + message: 'failed to match the subject with sub_jwk', + jwt, + }); + } + } else if (header.alg.startsWith('HS')) { + keys = [this.secretForAlg(header.alg)]; + } else if (header.alg !== 'none') { + keys = await queryKeyStore.call(this.issuer, { ...header, use: 'sig' }); + } + + if (!keys && header.alg === 'none') { + return { protected: header, payload }; + } + + for (const key of keys) { + const verified = await jose + .compactVerify(jwt, key instanceof Uint8Array ? key : await key.keyObject(header.alg)) + .catch(() => {}); + if (verified) { + return { + payload, + protected: verified.protectedHeader, + key, + }; + } + } + + throw new RPError({ + message: 'failed to validate JWT signature', + jwt, + }); + } + + async refresh(refreshToken, { exchangeBody, clientAssertionPayload, DPoP } = {}) { + let token = refreshToken; + + if (token instanceof TokenSet) { + if (!token.refresh_token) { + throw new TypeError('refresh_token not present in TokenSet'); + } + token = token.refresh_token; + } + + const tokenset = await this.grant( + { + ...exchangeBody, + grant_type: 'refresh_token', + refresh_token: String(token), + }, + { clientAssertionPayload, DPoP }, + ); + + if (tokenset.id_token) { + await this.decryptIdToken(tokenset); + await this.validateIdToken(tokenset, skipNonceCheck, 'token', skipMaxAgeCheck); + + if (refreshToken instanceof TokenSet && refreshToken.id_token) { + const expectedSub = refreshToken.claims().sub; + const actualSub = tokenset.claims().sub; + if (actualSub !== expectedSub) { + throw new RPError({ + printf: ['sub mismatch, expected %s, got: %s', expectedSub, actualSub], + jwt: tokenset.id_token, + }); + } + } + } + + return tokenset; + } + + async requestResource( + resourceUrl, + accessToken, + { + method, + headers, + body, + DPoP, + tokenType = DPoP + ? 'DPoP' + : accessToken instanceof TokenSet + ? accessToken.token_type + : 'Bearer', + } = {}, + retry, + ) { + if (accessToken instanceof TokenSet) { + if (!accessToken.access_token) { + throw new TypeError('access_token not present in TokenSet'); + } + accessToken = accessToken.access_token; + } + + if (!accessToken) { + throw new TypeError('no access token provided'); + } else if (typeof accessToken !== 'string') { + throw new TypeError('invalid access token provided'); + } + + const requestOpts = { + headers: { + Authorization: authorizationHeaderValue(accessToken, tokenType), + ...headers, + }, + body, + }; + + const mTLS = !!this.tls_client_certificate_bound_access_tokens; + + const response = await request.call( + this, + { + ...requestOpts, + responseType: 'buffer', + method, + url: resourceUrl, + }, + { accessToken, mTLS, DPoP }, + ); + + const wwwAuthenticate = response.headers['www-authenticate']; + if ( + retry !== retryAttempt && + wwwAuthenticate && + wwwAuthenticate.toLowerCase().startsWith('dpop ') && + parseWwwAuthenticate(wwwAuthenticate).error === 'use_dpop_nonce' + ) { + return this.requestResource(resourceUrl, accessToken, { + method, + headers, + body, + DPoP, + tokenType, + }); + } + + return response; + } + + async userinfo(accessToken, { method = 'GET', via = 'header', tokenType, params, DPoP } = {}) { + assertIssuerConfiguration(this.issuer, 'userinfo_endpoint'); + const options = { + tokenType, + method: String(method).toUpperCase(), + DPoP, + }; + + if (options.method !== 'GET' && options.method !== 'POST') { + throw new TypeError('#userinfo() method can only be POST or a GET'); + } + + if (via === 'body' && options.method !== 'POST') { + throw new TypeError('can only send body on POST'); + } + + const jwt = !!(this.userinfo_signed_response_alg || this.userinfo_encrypted_response_alg); + + if (jwt) { + options.headers = { Accept: 'application/jwt' }; + } else { + options.headers = { Accept: 'application/json' }; + } + const mTLS = !!this.tls_client_certificate_bound_access_tokens; + + let targetUrl; + if (mTLS && this.issuer.mtls_endpoint_aliases) { + targetUrl = this.issuer.mtls_endpoint_aliases.userinfo_endpoint; + } + + targetUrl = new URL(targetUrl || this.issuer.userinfo_endpoint); + + if (via === 'body') { + options.headers.Authorization = undefined; + options.headers['Content-Type'] = 'application/x-www-form-urlencoded'; + options.body = new URLSearchParams(); + options.body.append( + 'access_token', + accessToken instanceof TokenSet ? accessToken.access_token : accessToken, + ); + } + + // handle additional parameters, GET via querystring, POST via urlencoded body + if (params) { + if (options.method === 'GET') { + Object.entries(params).forEach(([key, value]) => { + targetUrl.searchParams.append(key, value); + }); + } else if (options.body) { + // POST && via body + Object.entries(params).forEach(([key, value]) => { + options.body.append(key, value); + }); + } else { + // POST && via header + options.body = new URLSearchParams(); + options.headers['Content-Type'] = 'application/x-www-form-urlencoded'; + Object.entries(params).forEach(([key, value]) => { + options.body.append(key, value); + }); + } + } + + if (options.body) { + options.body = options.body.toString(); + } + + const response = await this.requestResource(targetUrl, accessToken, options); + + let parsed = processResponse(response, { bearer: true }); + + if (jwt) { + if (!/^application\/jwt/.test(response.headers['content-type'])) { + throw new RPError({ + message: 'expected application/jwt response from the userinfo_endpoint', + response, + }); + } + + const body = response.body.toString(); + const userinfo = await this.decryptJWTUserinfo(body); + if (!this.userinfo_signed_response_alg) { + try { + parsed = JSON.parse(userinfo); + assert(isPlainObject(parsed)); + } catch (err) { + throw new RPError({ + message: 'failed to parse userinfo JWE payload as JSON', + jwt: userinfo, + }); + } + } else { + ({ payload: parsed } = await this.validateJWTUserinfo(userinfo)); + } + } else { + try { + parsed = JSON.parse(response.body); + } catch (err) { + Object.defineProperty(err, 'response', { value: response }); + throw err; + } + } + + if (accessToken instanceof TokenSet && accessToken.id_token) { + const expectedSub = accessToken.claims().sub; + if (parsed.sub !== expectedSub) { + throw new RPError({ + printf: ['userinfo sub mismatch, expected %s, got: %s', expectedSub, parsed.sub], + body: parsed, + jwt: accessToken.id_token, + }); + } + } + + return parsed; + } + + encryptionSecret(len) { + const hash = len <= 256 ? 'sha256' : len <= 384 ? 'sha384' : len <= 512 ? 'sha512' : false; + if (!hash) { + throw new Error('unsupported symmetric encryption key derivation'); + } + + return crypto + .createHash(hash) + .update(this.client_secret) + .digest() + .slice(0, len / 8); + } + + secretForAlg(alg) { + if (!this.client_secret) { + throw new TypeError('client_secret is required'); + } + + if (/^A(\d{3})(?:GCM)?KW$/.test(alg)) { + return this.encryptionSecret(parseInt(RegExp.$1, 10)); + } + + if (/^A(\d{3})(?:GCM|CBC-HS(\d{3}))$/.test(alg)) { + return this.encryptionSecret(parseInt(RegExp.$2 || RegExp.$1, 10)); + } + + return new TextEncoder().encode(this.client_secret); + } + + async grant(body, { clientAssertionPayload, DPoP } = {}, retry) { + assertIssuerConfiguration(this.issuer, 'token_endpoint'); + const response = await authenticatedPost.call( + this, + 'token', + { + form: body, + responseType: 'json', + }, + { clientAssertionPayload, DPoP }, + ); + let responseBody; + try { + responseBody = processResponse(response); + } catch (err) { + if (retry !== retryAttempt && err instanceof OPError && err.error === 'use_dpop_nonce') { + return this.grant(body, { clientAssertionPayload, DPoP }, retryAttempt); + } + throw err; + } + + return new TokenSet(responseBody); + } + + async deviceAuthorization(params = {}, { exchangeBody, clientAssertionPayload, DPoP } = {}) { + assertIssuerConfiguration(this.issuer, 'device_authorization_endpoint'); + assertIssuerConfiguration(this.issuer, 'token_endpoint'); + + const body = authorizationParams.call(this, { + client_id: this.client_id, + redirect_uri: null, + response_type: null, + ...params, + }); + + const response = await authenticatedPost.call( + this, + 'device_authorization', + { + responseType: 'json', + form: body, + }, + { clientAssertionPayload, endpointAuthMethod: 'token' }, + ); + const responseBody = processResponse(response); + + return new DeviceFlowHandle({ + client: this, + exchangeBody, + clientAssertionPayload, + response: responseBody, + maxAge: params.max_age, + DPoP, + }); + } + + async revoke(token, hint, { revokeBody, clientAssertionPayload } = {}) { + assertIssuerConfiguration(this.issuer, 'revocation_endpoint'); + if (hint !== undefined && typeof hint !== 'string') { + throw new TypeError('hint must be a string'); + } + + const form = { ...revokeBody, token }; + + if (hint) { + form.token_type_hint = hint; + } + + const response = await authenticatedPost.call( + this, + 'revocation', + { + form, + }, + { clientAssertionPayload }, + ); + processResponse(response, { body: false }); + } + + async introspect(token, hint, { introspectBody, clientAssertionPayload } = {}) { + assertIssuerConfiguration(this.issuer, 'introspection_endpoint'); + if (hint !== undefined && typeof hint !== 'string') { + throw new TypeError('hint must be a string'); + } + + const form = { ...introspectBody, token }; + if (hint) { + form.token_type_hint = hint; + } + + const response = await authenticatedPost.call( + this, + 'introspection', + { form, responseType: 'json' }, + { clientAssertionPayload }, + ); + + const responseBody = processResponse(response); + + return responseBody; + } + + static async register(metadata, options = {}) { + const { initialAccessToken, jwks, ...clientOptions } = options; + + assertIssuerConfiguration(this.issuer, 'registration_endpoint'); + + if (jwks !== undefined && !(metadata.jwks || metadata.jwks_uri)) { + const keystore = await getKeystore.call(this, jwks); + metadata.jwks = keystore.toJWKS(); + } + + const response = await request.call(this, { + headers: { + Accept: 'application/json', + ...(initialAccessToken + ? { + Authorization: authorizationHeaderValue(initialAccessToken), + } + : undefined), + }, + responseType: 'json', + json: metadata, + url: this.issuer.registration_endpoint, + method: 'POST', + }); + const responseBody = processResponse(response, { statusCode: 201, bearer: true }); + + return new this(responseBody, jwks, clientOptions); + } + + get metadata() { + return clone(Object.fromEntries(this.#metadata.entries())); + } + + static async fromUri(registrationClientUri, registrationAccessToken, jwks, clientOptions) { + const response = await request.call(this, { + method: 'GET', + url: registrationClientUri, + responseType: 'json', + headers: { + Authorization: authorizationHeaderValue(registrationAccessToken), + Accept: 'application/json', + }, + }); + const responseBody = processResponse(response, { bearer: true }); + + return new this(responseBody, jwks, clientOptions); + } + + async requestObject( + requestObject = {}, + { + sign: signingAlgorithm = this.request_object_signing_alg || 'none', + encrypt: { + alg: eKeyManagement = this.request_object_encryption_alg, + enc: eContentEncryption = this.request_object_encryption_enc || 'A128CBC-HS256', + } = {}, + } = {}, + ) { + if (!isPlainObject(requestObject)) { + throw new TypeError('requestObject must be a plain object'); + } + + let signed; + let key; + const unix = now(); + const header = { alg: signingAlgorithm, typ: 'oauth-authz-req+jwt' }; + const payload = JSON.stringify( + defaults({}, requestObject, { + iss: this.client_id, + aud: this.issuer.issuer, + client_id: this.client_id, + jti: random(), + iat: unix, + exp: unix + 300, + ...(this.fapi() ? { nbf: unix } : undefined), + }), + ); + if (signingAlgorithm === 'none') { + signed = [base64url.encode(JSON.stringify(header)), base64url.encode(payload), ''].join('.'); + } else { + const symmetric = signingAlgorithm.startsWith('HS'); + if (symmetric) { + key = this.secretForAlg(signingAlgorithm); + } else { + const keystore = await keystores.get(this); + + if (!keystore) { + throw new TypeError( + `no keystore present for client, cannot sign using alg ${signingAlgorithm}`, + ); + } + key = keystore.get({ alg: signingAlgorithm, use: 'sig' }); + if (!key) { + throw new TypeError(`no key to sign with found for alg ${signingAlgorithm}`); + } + } + + signed = await new jose.CompactSign(new TextEncoder().encode(payload)) + .setProtectedHeader({ + ...header, + kid: symmetric ? undefined : key.jwk.kid, + }) + .sign(symmetric ? key : await key.keyObject(signingAlgorithm)); + } + + if (!eKeyManagement) { + return signed; + } + + const fields = { alg: eKeyManagement, enc: eContentEncryption, cty: 'oauth-authz-req+jwt' }; + + if (fields.alg.match(/^(RSA|ECDH)/)) { + [key] = await queryKeyStore.call( + this.issuer, + { alg: fields.alg, use: 'enc' }, + { allowMulti: true }, + ); + } else { + key = this.secretForAlg(fields.alg === 'dir' ? fields.enc : fields.alg); + } + + return new jose.CompactEncrypt(new TextEncoder().encode(signed)) + .setProtectedHeader({ + ...fields, + kid: key instanceof Uint8Array ? undefined : key.jwk.kid, + }) + .encrypt(key instanceof Uint8Array ? key : await key.keyObject(fields.alg)); + } + + async pushedAuthorizationRequest(params = {}, { clientAssertionPayload } = {}) { + assertIssuerConfiguration(this.issuer, 'pushed_authorization_request_endpoint'); + + const body = { + ...('request' in params ? params : authorizationParams.call(this, params)), + client_id: this.client_id, + }; + + const response = await authenticatedPost.call( + this, + 'pushed_authorization_request', + { + responseType: 'json', + form: body, + }, + { clientAssertionPayload, endpointAuthMethod: 'token' }, + ); + const responseBody = processResponse(response, { statusCode: 201 }); + + if (!('expires_in' in responseBody)) { + throw new RPError({ + message: 'expected expires_in in Pushed Authorization Successful Response', + response, + }); + } + if (typeof responseBody.expires_in !== 'number') { + throw new RPError({ + message: 'invalid expires_in value in Pushed Authorization Successful Response', + response, + }); + } + if (!('request_uri' in responseBody)) { + throw new RPError({ + message: 'expected request_uri in Pushed Authorization Successful Response', + response, + }); + } + if (typeof responseBody.request_uri !== 'string') { + throw new RPError({ + message: 'invalid request_uri value in Pushed Authorization Successful Response', + response, + }); + } + + return responseBody; + } + + get issuer() { + return this.#issuer; + } + + /* istanbul ignore next */ + [inspect.custom]() { + return `${this.constructor.name} ${inspect(this.metadata, { + depth: Infinity, + colors: process.stdout.isTTY, + compact: false, + sorted: true, + })}`; + } + + fapi() { + return this.constructor.name === 'FAPI1Client'; + } + + async validateJARM(response) { + const expectedAlg = this.authorization_signed_response_alg; + const { payload } = await this.validateJWT(response, expectedAlg, ['iss', 'exp', 'aud']); + return pickCb(payload); + } + + /** + * @name dpopProof + * @api private + */ + async dpopProof(payload, privateKeyInput, accessToken) { + if (!isPlainObject(payload)) { + throw new TypeError('payload must be a plain object'); + } + + let privateKey; + if (isKeyObject(privateKeyInput)) { + privateKey = privateKeyInput; + } else if (privateKeyInput[Symbol.toStringTag] === 'CryptoKey') { + privateKey = privateKeyInput; + } else if (jose.cryptoRuntime === 'node:crypto') { + privateKey = crypto.createPrivateKey(privateKeyInput); + } else { + throw new TypeError('unrecognized crypto runtime'); + } + + if (privateKey.type !== 'private') { + throw new TypeError('"DPoP" option must be a private key'); + } + let alg = determineDPoPAlgorithm.call(this, privateKey, privateKeyInput); + + if (!alg) { + throw new TypeError('could not determine DPoP JWS Algorithm'); + } + + return new jose.SignJWT({ + ath: accessToken + ? base64url.encode(crypto.createHash('sha256').update(accessToken).digest()) + : undefined, + ...payload, + }) + .setProtectedHeader({ + alg, + typ: 'dpop+jwt', + jwk: await getJwk(privateKey, privateKeyInput), + }) + .setIssuedAt() + .setJti(random()) + .sign(privateKey); + } +} + +function determineDPoPAlgorithmFromCryptoKey(cryptoKey) { + switch (cryptoKey.algorithm.name) { + case 'Ed25519': + case 'Ed448': + return 'EdDSA'; + case 'ECDSA': { + switch (cryptoKey.algorithm.namedCurve) { + case 'P-256': + return 'ES256'; + case 'P-384': + return 'ES384'; + case 'P-521': + return 'ES512'; + default: + break; + } + break; + } + case 'RSASSA-PKCS1-v1_5': + return `RS${cryptoKey.algorithm.hash.name.slice(4)}`; + case 'RSA-PSS': + return `PS${cryptoKey.algorithm.hash.name.slice(4)}`; + default: + throw new TypeError('unsupported DPoP private key'); + } +} + +let determineDPoPAlgorithm; +if (jose.cryptoRuntime === 'node:crypto') { + determineDPoPAlgorithm = function (privateKey, privateKeyInput) { + if (privateKeyInput[Symbol.toStringTag] === 'CryptoKey') { + return determineDPoPAlgorithmFromCryptoKey(privateKey); + } + + switch (privateKey.asymmetricKeyType) { + case 'ed25519': + case 'ed448': + return 'EdDSA'; + case 'ec': + return determineEcAlgorithm(privateKey, privateKeyInput); + case 'rsa': + case rsaPssParams && 'rsa-pss': + return determineRsaAlgorithm( + privateKey, + privateKeyInput, + this.issuer.dpop_signing_alg_values_supported, + ); + default: + throw new TypeError('unsupported DPoP private key'); + } + }; + + const RSPS = /^(?:RS|PS)(?:256|384|512)$/; + function determineRsaAlgorithm(privateKey, privateKeyInput, valuesSupported) { + if ( + typeof privateKeyInput === 'object' && + privateKeyInput.format === 'jwk' && + privateKeyInput.key && + privateKeyInput.key.alg + ) { + return privateKeyInput.key.alg; + } + + if (Array.isArray(valuesSupported)) { + let candidates = valuesSupported.filter(RegExp.prototype.test.bind(RSPS)); + if (privateKey.asymmetricKeyType === 'rsa-pss') { + candidates = candidates.filter((value) => value.startsWith('PS')); + } + return ['PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS384'].find((preferred) => + candidates.includes(preferred), + ); + } + + return 'PS256'; + } + + const p256 = Buffer.from([42, 134, 72, 206, 61, 3, 1, 7]); + const p384 = Buffer.from([43, 129, 4, 0, 34]); + const p521 = Buffer.from([43, 129, 4, 0, 35]); + const secp256k1 = Buffer.from([43, 129, 4, 0, 10]); + + function determineEcAlgorithm(privateKey, privateKeyInput) { + // If input was a JWK + switch ( + typeof privateKeyInput === 'object' && + typeof privateKeyInput.key === 'object' && + privateKeyInput.key.crv + ) { + case 'P-256': + return 'ES256'; + case 'secp256k1': + return 'ES256K'; + case 'P-384': + return 'ES384'; + case 'P-512': + return 'ES512'; + default: + break; + } + + const buf = privateKey.export({ format: 'der', type: 'pkcs8' }); + const i = buf[1] < 128 ? 17 : 18; + const len = buf[i]; + const curveOid = buf.slice(i + 1, i + 1 + len); + if (curveOid.equals(p256)) { + return 'ES256'; + } + + if (curveOid.equals(p384)) { + return 'ES384'; + } + if (curveOid.equals(p521)) { + return 'ES512'; + } + + if (curveOid.equals(secp256k1)) { + return 'ES256K'; + } + + throw new TypeError('unsupported DPoP private key curve'); + } +} else { + determineDPoPAlgorithm = determineDPoPAlgorithmFromCryptoKey; +} + +const jwkCache = new WeakMap(); +async function getJwk(keyObject, privateKeyInput) { + if ( + jose.cryptoRuntime === 'node:crypto' && + typeof privateKeyInput === 'object' && + typeof privateKeyInput.key === 'object' && + privateKeyInput.format === 'jwk' + ) { + return pick(privateKeyInput.key, 'kty', 'crv', 'x', 'y', 'e', 'n'); + } + + if (jwkCache.has(privateKeyInput)) { + return jwkCache.get(privateKeyInput); + } + + const jwk = pick(await jose.exportJWK(keyObject), 'kty', 'crv', 'x', 'y', 'e', 'n'); + + if (isKeyObject(privateKeyInput) || jose.cryptoRuntime === 'WebCryptoAPI') { + jwkCache.set(privateKeyInput, jwk); + } + + return jwk; +} + +module.exports = (issuer, aadIssValidation = false) => + class Client extends BaseClient { + constructor(...args) { + super(issuer, aadIssValidation, ...args); + } + + static get issuer() { + return issuer; + } + }; + +module.exports.BaseClient = BaseClient; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/device_flow_handle.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/device_flow_handle.js new file mode 100644 index 0000000000000..ed61c7c0e43e4 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/device_flow_handle.js @@ -0,0 +1,125 @@ +const { inspect } = require('util'); + +const { RPError, OPError } = require('./errors'); +const now = require('./helpers/unix_timestamp'); + +class DeviceFlowHandle { + #aborted; + #client; + #clientAssertionPayload; + #DPoP; + #exchangeBody; + #expires_at; + #interval; + #maxAge; + #response; + constructor({ client, exchangeBody, clientAssertionPayload, response, maxAge, DPoP }) { + ['verification_uri', 'user_code', 'device_code'].forEach((prop) => { + if (typeof response[prop] !== 'string' || !response[prop]) { + throw new RPError( + `expected ${prop} string to be returned by Device Authorization Response, got %j`, + response[prop], + ); + } + }); + + if (!Number.isSafeInteger(response.expires_in)) { + throw new RPError( + 'expected expires_in number to be returned by Device Authorization Response, got %j', + response.expires_in, + ); + } + + this.#expires_at = now() + response.expires_in; + this.#client = client; + this.#DPoP = DPoP; + this.#maxAge = maxAge; + this.#exchangeBody = exchangeBody; + this.#clientAssertionPayload = clientAssertionPayload; + this.#response = response; + this.#interval = response.interval * 1000 || 5000; + } + + abort() { + this.#aborted = true; + } + + async poll({ signal } = {}) { + if ((signal && signal.aborted) || this.#aborted) { + throw new RPError('polling aborted'); + } + + if (this.expired()) { + throw new RPError( + 'the device code %j has expired and the device authorization session has concluded', + this.device_code, + ); + } + + await new Promise((resolve) => setTimeout(resolve, this.#interval)); + + let tokenset; + try { + tokenset = await this.#client.grant( + { + ...this.#exchangeBody, + grant_type: 'urn:ietf:params:oauth:grant-type:device_code', + device_code: this.device_code, + }, + { clientAssertionPayload: this.#clientAssertionPayload, DPoP: this.#DPoP }, + ); + } catch (err) { + switch (err instanceof OPError && err.error) { + case 'slow_down': + this.#interval += 5000; + case 'authorization_pending': + return this.poll({ signal }); + default: + throw err; + } + } + + if ('id_token' in tokenset) { + await this.#client.decryptIdToken(tokenset); + await this.#client.validateIdToken(tokenset, undefined, 'token', this.#maxAge); + } + + return tokenset; + } + + get device_code() { + return this.#response.device_code; + } + + get user_code() { + return this.#response.user_code; + } + + get verification_uri() { + return this.#response.verification_uri; + } + + get verification_uri_complete() { + return this.#response.verification_uri_complete; + } + + get expires_in() { + return Math.max.apply(null, [this.#expires_at - now(), 0]); + } + + expired() { + return this.expires_in === 0; + } + + /* istanbul ignore next */ + [inspect.custom]() { + return `${this.constructor.name} ${inspect(this.#response, { + depth: Infinity, + colors: process.stdout.isTTY, + compact: false, + sorted: true, + })}`; + } +} + +module.exports = DeviceFlowHandle; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/errors.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/errors.js new file mode 100644 index 0000000000000..30320848d468b --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/errors.js @@ -0,0 +1,55 @@ +const { format } = require('util'); + +class OPError extends Error { + constructor({ error_description, error, error_uri, session_state, state, scope }, response) { + super(!error_description ? error : `${error} (${error_description})`); + + Object.assign( + this, + { error }, + error_description && { error_description }, + error_uri && { error_uri }, + state && { state }, + scope && { scope }, + session_state && { session_state }, + ); + + if (response) { + Object.defineProperty(this, 'response', { + value: response, + }); + } + + this.name = this.constructor.name; + Error.captureStackTrace(this, this.constructor); + } +} + +class RPError extends Error { + constructor(...args) { + if (typeof args[0] === 'string') { + super(format(...args)); + } else { + const { message, printf, response, ...rest } = args[0]; + if (printf) { + super(format(...printf)); + } else { + super(message); + } + Object.assign(this, rest); + if (response) { + Object.defineProperty(this, 'response', { + value: response, + }); + } + } + + this.name = this.constructor.name; + Error.captureStackTrace(this, this.constructor); + } +} + +module.exports = { + OPError, + RPError, +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/assert.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/assert.js new file mode 100644 index 0000000000000..defda9163de83 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/assert.js @@ -0,0 +1,24 @@ +function assertSigningAlgValuesSupport(endpoint, issuer, properties) { + if (!issuer[`${endpoint}_endpoint`]) return; + + const eam = `${endpoint}_endpoint_auth_method`; + const easa = `${endpoint}_endpoint_auth_signing_alg`; + const easavs = `${endpoint}_endpoint_auth_signing_alg_values_supported`; + + if (properties[eam] && properties[eam].endsWith('_jwt') && !properties[easa] && !issuer[easavs]) { + throw new TypeError( + `${easavs} must be configured on the issuer if ${easa} is not defined on a client`, + ); + } +} + +function assertIssuerConfiguration(issuer, endpoint) { + if (!issuer[endpoint]) { + throw new TypeError(`${endpoint} must be configured on the issuer`); + } +} + +module.exports = { + assertSigningAlgValuesSupport, + assertIssuerConfiguration, +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/base64url.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/base64url.js new file mode 100644 index 0000000000000..ff7dbb79c587b --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/base64url.js @@ -0,0 +1,13 @@ +let encode; +if (Buffer.isEncoding('base64url')) { + encode = (input, encoding = 'utf8') => Buffer.from(input, encoding).toString('base64url'); +} else { + const fromBase64 = (base64) => base64.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_'); + encode = (input, encoding = 'utf8') => + fromBase64(Buffer.from(input, encoding).toString('base64')); +} + +const decode = (input) => Buffer.from(input, 'base64'); + +module.exports.decode = decode; +module.exports.encode = encode; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/client.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/client.js new file mode 100644 index 0000000000000..0d293f1d27724 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/client.js @@ -0,0 +1,211 @@ +const jose = require('jose'); + +const { RPError } = require('../errors'); + +const { assertIssuerConfiguration } = require('./assert'); +const { random } = require('./generators'); +const now = require('./unix_timestamp'); +const request = require('./request'); +const { keystores } = require('./weak_cache'); +const merge = require('./merge'); + +// TODO: in v6.x additionally encode the `- _ . ! ~ * ' ( )` characters +// https://github.com/panva/node-openid-client/commit/5a2ea80ef5e59ec0c03dbd97d82f551e24a9d348 +const formUrlEncode = (value) => encodeURIComponent(value).replace(/%20/g, '+'); + +async function clientAssertion(endpoint, payload) { + let alg = this[`${endpoint}_endpoint_auth_signing_alg`]; + if (!alg) { + assertIssuerConfiguration( + this.issuer, + `${endpoint}_endpoint_auth_signing_alg_values_supported`, + ); + } + + if (this[`${endpoint}_endpoint_auth_method`] === 'client_secret_jwt') { + if (!alg) { + const supported = this.issuer[`${endpoint}_endpoint_auth_signing_alg_values_supported`]; + alg = + Array.isArray(supported) && supported.find((signAlg) => /^HS(?:256|384|512)/.test(signAlg)); + } + + if (!alg) { + throw new RPError( + `failed to determine a JWS Algorithm to use for ${ + this[`${endpoint}_endpoint_auth_method`] + } Client Assertion`, + ); + } + + return new jose.CompactSign(Buffer.from(JSON.stringify(payload))) + .setProtectedHeader({ alg }) + .sign(this.secretForAlg(alg)); + } + + const keystore = await keystores.get(this); + + if (!keystore) { + throw new TypeError('no client jwks provided for signing a client assertion with'); + } + + if (!alg) { + const supported = this.issuer[`${endpoint}_endpoint_auth_signing_alg_values_supported`]; + alg = + Array.isArray(supported) && + supported.find((signAlg) => keystore.get({ alg: signAlg, use: 'sig' })); + } + + if (!alg) { + throw new RPError( + `failed to determine a JWS Algorithm to use for ${ + this[`${endpoint}_endpoint_auth_method`] + } Client Assertion`, + ); + } + + const key = keystore.get({ alg, use: 'sig' }); + if (!key) { + throw new RPError( + `no key found in client jwks to sign a client assertion with using alg ${alg}`, + ); + } + + return new jose.CompactSign(Buffer.from(JSON.stringify(payload))) + .setProtectedHeader({ alg, kid: key.jwk && key.jwk.kid }) + .sign(await key.keyObject(alg)); +} + +async function authFor(endpoint, { clientAssertionPayload } = {}) { + const authMethod = this[`${endpoint}_endpoint_auth_method`]; + switch (authMethod) { + case 'self_signed_tls_client_auth': + case 'tls_client_auth': + case 'none': + return { form: { client_id: this.client_id } }; + case 'client_secret_post': + if (typeof this.client_secret !== 'string') { + throw new TypeError( + 'client_secret_post client authentication method requires a client_secret', + ); + } + return { form: { client_id: this.client_id, client_secret: this.client_secret } }; + case 'private_key_jwt': + case 'client_secret_jwt': { + const timestamp = now(); + const audience = [ + ...new Set([this.issuer.issuer, this.issuer.token_endpoint].filter(Boolean)), + ]; + + const assertion = await clientAssertion.call(this, endpoint, { + iat: timestamp, + exp: timestamp + 60, + jti: random(), + iss: this.client_id, + sub: this.client_id, + aud: audience, + ...clientAssertionPayload, + }); + + return { + form: { + client_id: this.client_id, + client_assertion: assertion, + client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer', + }, + }; + } + case 'client_secret_basic': { + // This is correct behaviour, see https://tools.ietf.org/html/rfc6749#section-2.3.1 and the + // related appendix. (also https://github.com/panva/node-openid-client/pull/91) + // > The client identifier is encoded using the + // > "application/x-www-form-urlencoded" encoding algorithm per + // > Appendix B, and the encoded value is used as the username; the client + // > password is encoded using the same algorithm and used as the + // > password. + if (typeof this.client_secret !== 'string') { + throw new TypeError( + 'client_secret_basic client authentication method requires a client_secret', + ); + } + const encoded = `${formUrlEncode(this.client_id)}:${formUrlEncode(this.client_secret)}`; + const value = Buffer.from(encoded).toString('base64'); + return { headers: { Authorization: `Basic ${value}` } }; + } + default: { + throw new TypeError(`missing, or unsupported, ${endpoint}_endpoint_auth_method`); + } + } +} + +function resolveResponseType() { + const { length, 0: value } = this.response_types; + + if (length === 1) { + return value; + } + + return undefined; +} + +function resolveRedirectUri() { + const { length, 0: value } = this.redirect_uris || []; + + if (length === 1) { + return value; + } + + return undefined; +} + +async function authenticatedPost( + endpoint, + opts, + { clientAssertionPayload, endpointAuthMethod = endpoint, DPoP } = {}, +) { + const auth = await authFor.call(this, endpointAuthMethod, { clientAssertionPayload }); + const requestOpts = merge(opts, auth); + + const mTLS = + this[`${endpointAuthMethod}_endpoint_auth_method`].includes('tls_client_auth') || + (endpoint === 'token' && this.tls_client_certificate_bound_access_tokens); + + let targetUrl; + if (mTLS && this.issuer.mtls_endpoint_aliases) { + targetUrl = this.issuer.mtls_endpoint_aliases[`${endpoint}_endpoint`]; + } + + targetUrl = targetUrl || this.issuer[`${endpoint}_endpoint`]; + + if ('form' in requestOpts) { + for (const [key, value] of Object.entries(requestOpts.form)) { + if (typeof value === 'undefined') { + delete requestOpts.form[key]; + } + } + } + + return request.call( + this, + { + ...requestOpts, + method: 'POST', + url: targetUrl, + headers: { + ...(endpoint !== 'revocation' + ? { + Accept: 'application/json', + } + : undefined), + ...requestOpts.headers, + }, + }, + { mTLS, DPoP }, + ); +} + +module.exports = { + resolveResponseType, + resolveRedirectUri, + authFor, + authenticatedPost, +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/consts.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/consts.js new file mode 100644 index 0000000000000..15b33663292c9 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/consts.js @@ -0,0 +1,7 @@ +const HTTP_OPTIONS = Symbol(); +const CLOCK_TOLERANCE = Symbol(); + +module.exports = { + CLOCK_TOLERANCE, + HTTP_OPTIONS, +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/decode_jwt.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/decode_jwt.js new file mode 100644 index 0000000000000..741e352ec85e8 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/decode_jwt.js @@ -0,0 +1,27 @@ +const base64url = require('./base64url'); + +module.exports = (token) => { + if (typeof token !== 'string' || !token) { + throw new TypeError('JWT must be a string'); + } + + const { 0: header, 1: payload, 2: signature, length } = token.split('.'); + + if (length === 5) { + throw new TypeError('encrypted JWTs cannot be decoded'); + } + + if (length !== 3) { + throw new Error('JWTs must have three components'); + } + + try { + return { + header: JSON.parse(base64url.decode(header)), + payload: JSON.parse(base64url.decode(payload)), + signature, + }; + } catch (err) { + throw new Error('JWT is malformed'); + } +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/deep_clone.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/deep_clone.js new file mode 100644 index 0000000000000..0ec848a2b643e --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/deep_clone.js @@ -0,0 +1 @@ +module.exports = globalThis.structuredClone || ((obj) => JSON.parse(JSON.stringify(obj))); diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/defaults.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/defaults.js new file mode 100644 index 0000000000000..d2f73e9057526 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/defaults.js @@ -0,0 +1,27 @@ +const isPlainObject = require('./is_plain_object'); + +function defaults(deep, target, ...sources) { + for (const source of sources) { + if (!isPlainObject(source)) { + continue; + } + for (const [key, value] of Object.entries(source)) { + /* istanbul ignore if */ + if (key === '__proto__' || key === 'constructor') { + continue; + } + if (typeof target[key] === 'undefined' && typeof value !== 'undefined') { + target[key] = value; + } + + if (deep && isPlainObject(target[key]) && isPlainObject(value)) { + defaults(true, target[key], value); + } + } + } + + return target; +} + +module.exports = defaults.bind(undefined, false); +module.exports.deep = defaults.bind(undefined, true); diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/generators.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/generators.js new file mode 100644 index 0000000000000..aa1cfca000490 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/generators.js @@ -0,0 +1,14 @@ +const { createHash, randomBytes } = require('crypto'); + +const base64url = require('./base64url'); + +const random = (bytes = 32) => base64url.encode(randomBytes(bytes)); + +module.exports = { + random, + state: random, + nonce: random, + codeVerifier: random, + codeChallenge: (codeVerifier) => + base64url.encode(createHash('sha256').update(codeVerifier).digest()), +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/is_key_object.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/is_key_object.js new file mode 100644 index 0000000000000..2d8e6c6722c4e --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/is_key_object.js @@ -0,0 +1,4 @@ +const util = require('util'); +const crypto = require('crypto'); + +module.exports = util.types.isKeyObject || ((obj) => obj && obj instanceof crypto.KeyObject); diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/is_plain_object.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/is_plain_object.js new file mode 100644 index 0000000000000..d3020126c86ac --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/is_plain_object.js @@ -0,0 +1 @@ +module.exports = (a) => !!a && a.constructor === Object; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/issuer.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/issuer.js new file mode 100644 index 0000000000000..40c572637cc12 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/issuer.js @@ -0,0 +1,111 @@ +const objectHash = require('object-hash'); +const LRU = require('lru-cache'); + +const { RPError } = require('../errors'); + +const { assertIssuerConfiguration } = require('./assert'); +const KeyStore = require('./keystore'); +const { keystores } = require('./weak_cache'); +const processResponse = require('./process_response'); +const request = require('./request'); + +const inFlight = new WeakMap(); +const caches = new WeakMap(); +const lrus = (ctx) => { + if (!caches.has(ctx)) { + caches.set(ctx, new LRU({ max: 100 })); + } + return caches.get(ctx); +}; + +async function getKeyStore(reload = false) { + assertIssuerConfiguration(this, 'jwks_uri'); + + const keystore = keystores.get(this); + const cache = lrus(this); + + if (reload || !keystore) { + if (inFlight.has(this)) { + return inFlight.get(this); + } + cache.reset(); + inFlight.set( + this, + (async () => { + const response = await request + .call(this, { + method: 'GET', + responseType: 'json', + url: this.jwks_uri, + headers: { + Accept: 'application/json, application/jwk-set+json', + }, + }) + .finally(() => { + inFlight.delete(this); + }); + const jwks = processResponse(response); + + const joseKeyStore = KeyStore.fromJWKS(jwks, { onlyPublic: true }); + cache.set('throttle', true, 60 * 1000); + keystores.set(this, joseKeyStore); + + return joseKeyStore; + })(), + ); + + return inFlight.get(this); + } + + return keystore; +} + +async function queryKeyStore({ kid, kty, alg, use }, { allowMulti = false } = {}) { + const cache = lrus(this); + + const def = { + kid, + kty, + alg, + use, + }; + + const defHash = objectHash(def, { + algorithm: 'sha256', + ignoreUnknown: true, + unorderedArrays: true, + unorderedSets: true, + respectType: false, + }); + + // refresh keystore on every unknown key but also only upto once every minute + const freshJwksUri = cache.get(defHash) || cache.get('throttle'); + + const keystore = await getKeyStore.call(this, !freshJwksUri); + const keys = keystore.all(def); + + delete def.use; + if (keys.length === 0) { + throw new RPError({ + printf: ["no valid key found in issuer's jwks_uri for key parameters %j", def], + jwks: keystore, + }); + } + + if (!allowMulti && keys.length > 1 && !kid) { + throw new RPError({ + printf: [ + "multiple matching keys found in issuer's jwks_uri for key parameters %j, kid must be provided in this case", + def, + ], + jwks: keystore, + }); + } + + cache.set(defHash, true); + + return keys; +} + +module.exports.queryKeyStore = queryKeyStore; +module.exports.keystore = getKeyStore; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/keystore.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/keystore.js new file mode 100644 index 0000000000000..60ddd609850f4 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/keystore.js @@ -0,0 +1,298 @@ +const jose = require('jose'); + +const clone = require('./deep_clone'); +const isPlainObject = require('./is_plain_object'); + +const internal = Symbol(); + +const keyscore = (key, { alg, use }) => { + let score = 0; + + if (alg && key.alg) { + score++; + } + + if (use && key.use) { + score++; + } + + return score; +}; + +function getKtyFromAlg(alg) { + switch (typeof alg === 'string' && alg.slice(0, 2)) { + case 'RS': + case 'PS': + return 'RSA'; + case 'ES': + return 'EC'; + case 'Ed': + return 'OKP'; + default: + return undefined; + } +} + +function getAlgorithms(use, alg, kty, crv) { + // Ed25519, Ed448, and secp256k1 always have "alg" + // OKP always has "use" + if (alg) { + return new Set([alg]); + } + + switch (kty) { + case 'EC': { + let algs = []; + + if (use === 'enc' || use === undefined) { + algs = algs.concat(['ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW']); + } + + if (use === 'sig' || use === undefined) { + switch (crv) { + case 'P-256': + case 'P-384': + algs = algs.concat([`ES${crv.slice(-3)}`]); + break; + case 'P-521': + algs = algs.concat(['ES512']); + break; + case 'secp256k1': + if (jose.cryptoRuntime === 'node:crypto') { + algs = algs.concat(['ES256K']); + } + break; + } + } + + return new Set(algs); + } + case 'OKP': { + return new Set(['ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW']); + } + case 'RSA': { + let algs = []; + + if (use === 'enc' || use === undefined) { + algs = algs.concat(['RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512']); + if (jose.cryptoRuntime === 'node:crypto') { + algs = algs.concat(['RSA1_5']); + } + } + + if (use === 'sig' || use === undefined) { + algs = algs.concat(['PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512']); + } + + return new Set(algs); + } + default: + throw new Error('unreachable'); + } +} + +module.exports = class KeyStore { + #keys; + + constructor(i, keys) { + if (i !== internal) throw new Error('invalid constructor call'); + this.#keys = keys; + } + + toJWKS() { + return { + keys: this.map(({ jwk: { d, p, q, dp, dq, qi, ...jwk } }) => jwk), + }; + } + + all({ alg, kid, use } = {}) { + if (!use || !alg) { + throw new Error(); + } + + const kty = getKtyFromAlg(alg); + + const search = { alg, use }; + return this.filter((key) => { + let candidate = true; + + if (candidate && kty !== undefined && key.jwk.kty !== kty) { + candidate = false; + } + + if (candidate && kid !== undefined && key.jwk.kid !== kid) { + candidate = false; + } + + if (candidate && use !== undefined && key.jwk.use !== undefined && key.jwk.use !== use) { + candidate = false; + } + + if (candidate && key.jwk.alg && key.jwk.alg !== alg) { + candidate = false; + } else if (!key.algorithms.has(alg)) { + candidate = false; + } + + return candidate; + }).sort((first, second) => keyscore(second, search) - keyscore(first, search)); + } + + get(...args) { + return this.all(...args)[0]; + } + + static async fromJWKS(jwks, { onlyPublic = false, onlyPrivate = false } = {}) { + if ( + !isPlainObject(jwks) || + !Array.isArray(jwks.keys) || + jwks.keys.some((k) => !isPlainObject(k) || !('kty' in k)) + ) { + throw new TypeError('jwks must be a JSON Web Key Set formatted object'); + } + + const keys = []; + + for (let jwk of jwks.keys) { + jwk = clone(jwk); + const { kty, kid, crv } = jwk; + + let { alg, use } = jwk; + + if (typeof kty !== 'string' || !kty) { + continue; + } + + if (use !== undefined && use !== 'sig' && use !== 'enc') { + continue; + } + + if (typeof alg !== 'string' && alg !== undefined) { + continue; + } + + if (typeof kid !== 'string' && kid !== undefined) { + continue; + } + + if (kty === 'EC' && use === 'sig') { + switch (crv) { + case 'P-256': + alg = 'ES256'; + break; + case 'P-384': + alg = 'ES384'; + break; + case 'P-521': + alg = 'ES512'; + break; + default: + break; + } + } + + if (crv === 'secp256k1') { + use = 'sig'; + alg = 'ES256K'; + } + + if (kty === 'OKP') { + switch (crv) { + case 'Ed25519': + case 'Ed448': + use = 'sig'; + alg = 'EdDSA'; + break; + case 'X25519': + case 'X448': + use = 'enc'; + break; + default: + break; + } + } + + if (alg && !use) { + switch (true) { + case alg.startsWith('ECDH'): + use = 'enc'; + break; + case alg.startsWith('RSA'): + use = 'enc'; + break; + default: + break; + } + } + + if (onlyPrivate && (jwk.kty === 'oct' || !jwk.d)) { + throw new Error('jwks must only contain private keys'); + } + + if (onlyPublic && (jwk.d || jwk.k)) { + continue; + } + + keys.push({ + jwk: { ...jwk, alg, use }, + async keyObject(alg) { + if (this[alg]) { + return this[alg]; + } + + const keyObject = await jose.importJWK(this.jwk, alg); + this[alg] = keyObject; + return keyObject; + }, + get algorithms() { + Object.defineProperty(this, 'algorithms', { + value: getAlgorithms(this.jwk.use, this.jwk.alg, this.jwk.kty, this.jwk.crv), + enumerable: true, + configurable: false, + }); + return this.algorithms; + }, + }); + } + + return new this(internal, keys); + } + + filter(...args) { + return this.#keys.filter(...args); + } + + find(...args) { + return this.#keys.find(...args); + } + + every(...args) { + return this.#keys.every(...args); + } + + some(...args) { + return this.#keys.some(...args); + } + + map(...args) { + return this.#keys.map(...args); + } + + forEach(...args) { + return this.#keys.forEach(...args); + } + + reduce(...args) { + return this.#keys.reduce(...args); + } + + sort(...args) { + return this.#keys.sort(...args); + } + + *[Symbol.iterator]() { + for (const key of this.#keys) { + yield key; + } + } +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/merge.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/merge.js new file mode 100644 index 0000000000000..6010541a55825 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/merge.js @@ -0,0 +1,24 @@ +const isPlainObject = require('./is_plain_object'); + +function merge(target, ...sources) { + for (const source of sources) { + if (!isPlainObject(source)) { + continue; + } + for (const [key, value] of Object.entries(source)) { + /* istanbul ignore if */ + if (key === '__proto__' || key === 'constructor') { + continue; + } + if (isPlainObject(target[key]) && isPlainObject(value)) { + target[key] = merge(target[key], value); + } else if (typeof value !== 'undefined') { + target[key] = value; + } + } + } + + return target; +} + +module.exports = merge; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/pick.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/pick.js new file mode 100644 index 0000000000000..bfcdfc3e837bf --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/pick.js @@ -0,0 +1,9 @@ +module.exports = function pick(object, ...paths) { + const obj = {}; + for (const path of paths) { + if (object[path] !== undefined) { + obj[path] = object[path]; + } + } + return obj; +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/process_response.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/process_response.js new file mode 100644 index 0000000000000..7dad56556f717 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/process_response.js @@ -0,0 +1,71 @@ +const { STATUS_CODES } = require('http'); +const { format } = require('util'); + +const { OPError } = require('../errors'); +const parseWwwAuthenticate = require('./www_authenticate_parser'); + +const throwAuthenticateErrors = (response) => { + const params = parseWwwAuthenticate(response.headers['www-authenticate']); + + if (params.error) { + throw new OPError(params, response); + } +}; + +const isStandardBodyError = (response) => { + let result = false; + try { + let jsonbody; + if (typeof response.body !== 'object' || Buffer.isBuffer(response.body)) { + jsonbody = JSON.parse(response.body); + } else { + jsonbody = response.body; + } + result = typeof jsonbody.error === 'string' && jsonbody.error.length; + if (result) Object.defineProperty(response, 'body', { value: jsonbody, configurable: true }); + } catch (err) {} + + return result; +}; + +function processResponse(response, { statusCode = 200, body = true, bearer = false } = {}) { + if (response.statusCode !== statusCode) { + if (bearer) { + throwAuthenticateErrors(response); + } + + if (isStandardBodyError(response)) { + throw new OPError(response.body, response); + } + + throw new OPError( + { + error: format( + 'expected %i %s, got: %i %s', + statusCode, + STATUS_CODES[statusCode], + response.statusCode, + STATUS_CODES[response.statusCode], + ), + }, + response, + ); + } + + if (body && !response.body) { + throw new OPError( + { + error: format( + 'expected %i %s with body but no body was returned', + statusCode, + STATUS_CODES[statusCode], + ), + }, + response, + ); + } + + return response.body; +} + +module.exports = processResponse; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/request.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/request.js new file mode 100644 index 0000000000000..d3dfda3b8291a --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/request.js @@ -0,0 +1,200 @@ +const assert = require('assert'); +const querystring = require('querystring'); +const http = require('http'); +const https = require('https'); +const { once } = require('events'); +const { URL } = require('url'); + +const LRU = require('lru-cache'); + +const pkg = require('../../package.json'); +const { RPError } = require('../errors'); + +const pick = require('./pick'); +const { deep: defaultsDeep } = require('./defaults'); +const { HTTP_OPTIONS } = require('./consts'); + +let DEFAULT_HTTP_OPTIONS; +const NQCHAR = /^[\x21\x23-\x5B\x5D-\x7E]+$/; + +const allowed = [ + 'agent', + 'ca', + 'cert', + 'crl', + 'headers', + 'key', + 'lookup', + 'passphrase', + 'pfx', + 'timeout', +]; + +const setDefaults = (props, options) => { + DEFAULT_HTTP_OPTIONS = defaultsDeep( + {}, + props.length ? pick(options, ...props) : options, + DEFAULT_HTTP_OPTIONS, + ); +}; + +setDefaults([], { + headers: { + 'User-Agent': `${pkg.name}/${pkg.version} (${pkg.homepage})`, + 'Accept-Encoding': 'identity', + }, + timeout: 3500, +}); + +function send(req, body, contentType) { + if (contentType) { + req.removeHeader('content-type'); + req.setHeader('content-type', contentType); + } + if (body) { + req.removeHeader('content-length'); + req.setHeader('content-length', Buffer.byteLength(body)); + req.write(body); + } + req.end(); +} + +const nonces = new LRU({ max: 100 }); + +module.exports = async function request(options, { accessToken, mTLS = false, DPoP } = {}) { + let url; + try { + url = new URL(options.url); + delete options.url; + assert(/^(https?:)$/.test(url.protocol)); + } catch (err) { + throw new TypeError('only valid absolute URLs can be requested'); + } + const optsFn = this[HTTP_OPTIONS]; + let opts = options; + + const nonceKey = `${url.origin}${url.pathname}`; + if (DPoP && 'dpopProof' in this) { + opts.headers = opts.headers || {}; + opts.headers.DPoP = await this.dpopProof( + { + htu: `${url.origin}${url.pathname}`, + htm: options.method, + nonce: nonces.get(nonceKey), + }, + DPoP, + accessToken, + ); + } + + let userOptions; + if (optsFn) { + userOptions = pick( + optsFn.call(this, url, defaultsDeep({}, opts, DEFAULT_HTTP_OPTIONS)), + ...allowed, + ); + } + opts = defaultsDeep({}, userOptions, opts, DEFAULT_HTTP_OPTIONS); + + if (mTLS && !opts.pfx && !(opts.key && opts.cert)) { + throw new TypeError('mutual-TLS certificate and key not set'); + } + + if (opts.searchParams) { + for (const [key, value] of Object.entries(opts.searchParams)) { + url.searchParams.delete(key); + url.searchParams.set(key, value); + } + } + + let responseType; + let form; + let json; + let body; + ({ form, responseType, json, body, ...opts } = opts); + + for (const [key, value] of Object.entries(opts.headers || {})) { + if (value === undefined) { + delete opts.headers[key]; + } + } + + let response; + const req = (url.protocol === 'https:' ? https.request : http.request)(url.href, opts); + return (async () => { + if (json) { + send(req, JSON.stringify(json), 'application/json'); + } else if (form) { + send(req, querystring.stringify(form), 'application/x-www-form-urlencoded'); + } else if (body) { + send(req, body); + } else { + send(req); + } + + [response] = await Promise.race([once(req, 'response'), once(req, 'timeout')]); + + // timeout reached + if (!response) { + req.destroy(); + throw new RPError(`outgoing request timed out after ${opts.timeout}ms`); + } + + const parts = []; + + for await (const part of response) { + parts.push(part); + } + + if (parts.length) { + switch (responseType) { + case 'json': { + Object.defineProperty(response, 'body', { + get() { + let value = Buffer.concat(parts); + try { + value = JSON.parse(value); + } catch (err) { + Object.defineProperty(err, 'response', { value: response }); + throw err; + } finally { + Object.defineProperty(response, 'body', { value, configurable: true }); + } + return value; + }, + configurable: true, + }); + break; + } + case undefined: + case 'buffer': { + Object.defineProperty(response, 'body', { + get() { + const value = Buffer.concat(parts); + Object.defineProperty(response, 'body', { value, configurable: true }); + return value; + }, + configurable: true, + }); + break; + } + default: + throw new TypeError('unsupported responseType request option'); + } + } + + return response; + })() + .catch((err) => { + if (response) Object.defineProperty(err, 'response', { value: response }); + throw err; + }) + .finally(() => { + const dpopNonce = response && response.headers['dpop-nonce']; + if (dpopNonce && NQCHAR.test(dpopNonce)) { + nonces.set(nonceKey, dpopNonce); + } + }); +}; + +module.exports.setDefaults = setDefaults.bind(undefined, allowed); diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/unix_timestamp.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/unix_timestamp.js new file mode 100644 index 0000000000000..14da6e2aa100e --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/unix_timestamp.js @@ -0,0 +1 @@ +module.exports = () => Math.floor(Date.now() / 1000); diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/weak_cache.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/weak_cache.js new file mode 100644 index 0000000000000..6f1c6b77fef67 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/weak_cache.js @@ -0,0 +1 @@ +module.exports.keystores = new WeakMap(); diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/webfinger_normalize.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/webfinger_normalize.js new file mode 100644 index 0000000000000..47e8dc066d269 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/webfinger_normalize.js @@ -0,0 +1,71 @@ +// Credit: https://github.com/rohe/pyoidc/blob/master/src/oic/utils/webfinger.py + +// -- Normalization -- +// A string of any other type is interpreted as a URI either the form of scheme +// "://" authority path-abempty [ "?" query ] [ "#" fragment ] or authority +// path-abempty [ "?" query ] [ "#" fragment ] per RFC 3986 [RFC3986] and is +// normalized according to the following rules: +// +// If the user input Identifier does not have an RFC 3986 [RFC3986] scheme +// portion, the string is interpreted as [userinfo "@"] host [":" port] +// path-abempty [ "?" query ] [ "#" fragment ] per RFC 3986 [RFC3986]. +// If the userinfo component is present and all of the path component, query +// component, and port component are empty, the acct scheme is assumed. In this +// case, the normalized URI is formed by prefixing acct: to the string as the +// scheme. Per the 'acct' URI Scheme [I‑D.ietf‑appsawg‑acct‑uri], if there is an +// at-sign character ('@') in the userinfo component, it needs to be +// percent-encoded as described in RFC 3986 [RFC3986]. +// For all other inputs without a scheme portion, the https scheme is assumed, +// and the normalized URI is formed by prefixing https:// to the string as the +// scheme. +// If the resulting URI contains a fragment portion, it MUST be stripped off +// together with the fragment delimiter character "#". +// The WebFinger [I‑D.ietf‑appsawg‑webfinger] Resource in this case is the +// resulting URI, and the WebFinger Host is the authority component. +// +// Note: Since the definition of authority in RFC 3986 [RFC3986] is +// [ userinfo "@" ] host [ ":" port ], it is legal to have a user input +// identifier like userinfo@host:port, e.g., alice@example.com:8080. + +const PORT = /^\d+$/; + +function hasScheme(input) { + if (input.includes('://')) return true; + + const authority = input.replace(/(\/|\?)/g, '#').split('#')[0]; + if (authority.includes(':')) { + const index = authority.indexOf(':'); + const hostOrPort = authority.slice(index + 1); + if (!PORT.test(hostOrPort)) { + return true; + } + } + + return false; +} + +function acctSchemeAssumed(input) { + if (!input.includes('@')) return false; + const parts = input.split('@'); + const host = parts[parts.length - 1]; + return !(host.includes(':') || host.includes('/') || host.includes('?')); +} + +function normalize(input) { + if (typeof input !== 'string') { + throw new TypeError('input must be a string'); + } + + let output; + if (hasScheme(input)) { + output = input; + } else if (acctSchemeAssumed(input)) { + output = `acct:${input}`; + } else { + output = `https://${input}`; + } + + return output.split('#')[0]; +} + +module.exports = normalize; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/www_authenticate_parser.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/www_authenticate_parser.js new file mode 100644 index 0000000000000..a645df8641603 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/helpers/www_authenticate_parser.js @@ -0,0 +1,14 @@ +const REGEXP = /(\w+)=("[^"]*")/g; + +module.exports = (wwwAuthenticate) => { + const params = {}; + try { + while (REGEXP.exec(wwwAuthenticate) !== null) { + if (RegExp.$1 && RegExp.$2) { + params[RegExp.$1] = RegExp.$2.slice(1, -1); + } + } + } catch (err) {} + + return params; +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/index.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/index.js new file mode 100644 index 0000000000000..b97a99fc70932 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/index.js @@ -0,0 +1,23 @@ +const Issuer = require('./issuer'); +const { OPError, RPError } = require('./errors'); +const Strategy = require('./passport_strategy'); +const TokenSet = require('./token_set'); +const { CLOCK_TOLERANCE, HTTP_OPTIONS } = require('./helpers/consts'); +const generators = require('./helpers/generators'); +const { setDefaults } = require('./helpers/request'); + +module.exports = { + Issuer, + Strategy, + TokenSet, + errors: { + OPError, + RPError, + }, + custom: { + setHttpOptionsDefaults: setDefaults, + http_options: HTTP_OPTIONS, + clock_tolerance: CLOCK_TOLERANCE, + }, + generators, +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/index.mjs b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/index.mjs new file mode 100644 index 0000000000000..03961a99a8990 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/index.mjs @@ -0,0 +1,9 @@ +import mod from './index.js'; + +export default mod; +export const Issuer = mod.Issuer; +export const Strategy = mod.Strategy; +export const TokenSet = mod.TokenSet; +export const errors = mod.errors; +export const custom = mod.custom; +export const generators = mod.generators; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/issuer.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/issuer.js new file mode 100644 index 0000000000000..3329e889fd3e3 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/issuer.js @@ -0,0 +1,191 @@ +const { inspect } = require('util'); +const url = require('url'); + +const { RPError } = require('./errors'); +const getClient = require('./client'); +const registry = require('./issuer_registry'); +const processResponse = require('./helpers/process_response'); +const webfingerNormalize = require('./helpers/webfinger_normalize'); +const request = require('./helpers/request'); +const clone = require('./helpers/deep_clone'); +const { keystore } = require('./helpers/issuer'); + +const AAD_MULTITENANT_DISCOVERY = [ + 'https://login.microsoftonline.com/common/.well-known/openid-configuration', + 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration', + 'https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration', + 'https://login.microsoftonline.com/consumers/v2.0/.well-known/openid-configuration', +]; +const AAD_MULTITENANT = Symbol(); +const ISSUER_DEFAULTS = { + claim_types_supported: ['normal'], + claims_parameter_supported: false, + grant_types_supported: ['authorization_code', 'implicit'], + request_parameter_supported: false, + request_uri_parameter_supported: true, + require_request_uri_registration: false, + response_modes_supported: ['query', 'fragment'], + token_endpoint_auth_methods_supported: ['client_secret_basic'], +}; + +class Issuer { + #metadata; + constructor(meta = {}) { + const aadIssValidation = meta[AAD_MULTITENANT]; + delete meta[AAD_MULTITENANT]; + ['introspection', 'revocation'].forEach((endpoint) => { + // if intro/revocation endpoint auth specific meta is missing use the token ones if they + // are defined + if ( + meta[`${endpoint}_endpoint`] && + meta[`${endpoint}_endpoint_auth_methods_supported`] === undefined && + meta[`${endpoint}_endpoint_auth_signing_alg_values_supported`] === undefined + ) { + if (meta.token_endpoint_auth_methods_supported) { + meta[`${endpoint}_endpoint_auth_methods_supported`] = + meta.token_endpoint_auth_methods_supported; + } + if (meta.token_endpoint_auth_signing_alg_values_supported) { + meta[`${endpoint}_endpoint_auth_signing_alg_values_supported`] = + meta.token_endpoint_auth_signing_alg_values_supported; + } + } + }); + + this.#metadata = new Map(); + + Object.entries(meta).forEach(([key, value]) => { + this.#metadata.set(key, value); + if (!this[key]) { + Object.defineProperty(this, key, { + get() { + return this.#metadata.get(key); + }, + enumerable: true, + }); + } + }); + + registry.set(this.issuer, this); + + const Client = getClient(this, aadIssValidation); + + Object.defineProperties(this, { + Client: { value: Client, enumerable: true }, + FAPI1Client: { value: class FAPI1Client extends Client {}, enumerable: true }, + }); + } + + get metadata() { + return clone(Object.fromEntries(this.#metadata.entries())); + } + + static async webfinger(input) { + const resource = webfingerNormalize(input); + const { host } = url.parse(resource); + const webfingerUrl = `https://${host}/.well-known/webfinger`; + + const response = await request.call(this, { + method: 'GET', + url: webfingerUrl, + responseType: 'json', + searchParams: { resource, rel: 'http://openid.net/specs/connect/1.0/issuer' }, + headers: { + Accept: 'application/json', + }, + }); + const body = processResponse(response); + + const location = + Array.isArray(body.links) && + body.links.find( + (link) => + typeof link === 'object' && + link.rel === 'http://openid.net/specs/connect/1.0/issuer' && + link.href, + ); + + if (!location) { + throw new RPError({ + message: 'no issuer found in webfinger response', + body, + }); + } + + if (typeof location.href !== 'string' || !location.href.startsWith('https://')) { + throw new RPError({ + printf: ['invalid issuer location %s', location.href], + body, + }); + } + + const expectedIssuer = location.href; + if (registry.has(expectedIssuer)) { + return registry.get(expectedIssuer); + } + + const issuer = await this.discover(expectedIssuer); + + if (issuer.issuer !== expectedIssuer) { + registry.del(issuer.issuer); + throw new RPError( + 'discovered issuer mismatch, expected %s, got: %s', + expectedIssuer, + issuer.issuer, + ); + } + return issuer; + } + + static async discover(uri) { + const wellKnownUri = resolveWellKnownUri(uri); + + const response = await request.call(this, { + method: 'GET', + responseType: 'json', + url: wellKnownUri, + headers: { + Accept: 'application/json', + }, + }); + const body = processResponse(response); + return new Issuer({ + ...ISSUER_DEFAULTS, + ...body, + [AAD_MULTITENANT]: !!AAD_MULTITENANT_DISCOVERY.find((discoveryURL) => + wellKnownUri.startsWith(discoveryURL), + ), + }); + } + + async reloadJwksUri() { + await keystore.call(this, true); + } + + /* istanbul ignore next */ + [inspect.custom]() { + return `${this.constructor.name} ${inspect(this.metadata, { + depth: Infinity, + colors: process.stdout.isTTY, + compact: false, + sorted: true, + })}`; + } +} + +function resolveWellKnownUri(uri) { + const parsed = url.parse(uri); + if (parsed.pathname.includes('/.well-known/')) { + return uri; + } else { + let pathname; + if (parsed.pathname.endsWith('/')) { + pathname = `${parsed.pathname}.well-known/openid-configuration`; + } else { + pathname = `${parsed.pathname}/.well-known/openid-configuration`; + } + return url.format({ ...parsed, pathname }); + } +} + +module.exports = Issuer; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/issuer_registry.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/issuer_registry.js new file mode 100644 index 0000000000000..291f489b37aa6 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/issuer_registry.js @@ -0,0 +1,3 @@ +const LRU = require('lru-cache'); + +module.exports = new LRU({ max: 100 }); diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/passport_strategy.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/passport_strategy.js new file mode 100644 index 0000000000000..d606be96d4f99 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/passport_strategy.js @@ -0,0 +1,210 @@ +const url = require('url'); +const { format } = require('util'); + +const cloneDeep = require('./helpers/deep_clone'); +const { RPError, OPError } = require('./errors'); +const { BaseClient } = require('./client'); +const { random, codeChallenge } = require('./helpers/generators'); +const pick = require('./helpers/pick'); +const { resolveResponseType, resolveRedirectUri } = require('./helpers/client'); +const { logApp } = require("../../../src/config/conf"); + +function verified(err, user, info = {}) { + if (err) { + this.error(err); + } else if (!user) { + this.fail(info); + } else { + this.success(user, info); + } +} + +function OpenIDConnectStrategy( + { client, params = {}, passReqToCallback = false, sessionKey, usePKCE = true, extras = {} } = {}, + verify, +) { + if (!(client instanceof BaseClient)) { + throw new TypeError('client must be an instance of openid-client Client'); + } + + if (typeof verify !== 'function') { + throw new TypeError('verify callback must be a function'); + } + + if (!client.issuer || !client.issuer.issuer) { + throw new TypeError('client must have an issuer with an identifier'); + } + + this._client = client; + this._issuer = client.issuer; + this._verify = verify; + this._passReqToCallback = passReqToCallback; + this._usePKCE = usePKCE; + this._key = sessionKey || `oidc:${url.parse(this._issuer.issuer).hostname}`; + this._params = cloneDeep(params); + + // state and nonce are handled in authenticate() + delete this._params.state; + delete this._params.nonce; + + this._extras = cloneDeep(extras); + + if (!this._params.response_type) this._params.response_type = resolveResponseType.call(client); + if (!this._params.redirect_uri) this._params.redirect_uri = resolveRedirectUri.call(client); + if (!this._params.scope) this._params.scope = 'openid'; + + if (this._usePKCE === true) { + const supportedMethods = Array.isArray(this._issuer.code_challenge_methods_supported) + ? this._issuer.code_challenge_methods_supported + : false; + + if (supportedMethods && supportedMethods.includes('S256')) { + this._usePKCE = 'S256'; + } else if (supportedMethods && supportedMethods.includes('plain')) { + this._usePKCE = 'plain'; + } else if (supportedMethods) { + throw new TypeError( + 'neither code_challenge_method supported by the client is supported by the issuer', + ); + } else { + this._usePKCE = 'S256'; + } + } else if (typeof this._usePKCE === 'string' && !['plain', 'S256'].includes(this._usePKCE)) { + throw new TypeError(`${this._usePKCE} is not valid/implemented PKCE code_challenge_method`); + } + + this.name = url.parse(client.issuer.issuer).hostname; +} + +OpenIDConnectStrategy.prototype.authenticate = function authenticate(req, options) { + (async () => { + const client = this._client; + if (!req.session) { + logApp.error("[OPENID] authentication requires session support") + throw new TypeError('authentication requires session support'); + } + const reqParams = client.callbackParams(req); + const sessionKey = this._key; + + const { 0: parameter, length } = Object.keys(reqParams); + + /** + * Start authentication request if this has no authorization response parameters or + * this might a login initiated from a third party as per + * https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin. + */ + if (length === 0 || (length === 1 && parameter === 'iss')) { + // provide options object with extra authentication parameters + const params = { + state: random(), + ...this._params, + ...options, + }; + + if (!params.nonce && params.response_type.includes('id_token')) { + params.nonce = random(); + } + + req.session[sessionKey] = pick(params, 'nonce', 'state', 'max_age', 'response_type'); + + if (this._usePKCE && params.response_type.includes('code')) { + const verifier = random(); + req.session[sessionKey].code_verifier = verifier; + + switch (this._usePKCE) { + case 'S256': + params.code_challenge = codeChallenge(verifier); + params.code_challenge_method = 'S256'; + break; + case 'plain': + params.code_challenge = verifier; + break; + } + } + logApp.info("[OPENID] Start authentication request", { params, url: client.authorizationUrl(params) }) + this.redirect(client.authorizationUrl(params)); + return; + } + /* end authentication request */ + + /* start authentication response */ + logApp.info("[OPENID] Start authentication response", { sessionKey }) + const session = req.session[sessionKey]; + if (Object.keys(session || {}).length === 0) { + logApp.error("Did not find expected authorization request details in session", { sessionKey, session }) + throw new Error( + format( + 'did not find expected authorization request details in session, req.session["%s"] is %j', + sessionKey, + session, + ), + ); + } + + const { + state, + nonce, + max_age: maxAge, + code_verifier: codeVerifier, + response_type: responseType, + } = session; + + try { + delete req.session[sessionKey]; + } catch (err) {} + + const opts = { + redirect_uri: this._params.redirect_uri, + ...options, + }; + + const checks = { + state, + nonce, + max_age: maxAge, + code_verifier: codeVerifier, + response_type: responseType, + }; + logApp.info("[OPENID] Start callback response", { reqParams, checks, extras: this._extras, uri: opts.redirect_uri }) + const tokenset = await client.callback(opts.redirect_uri, reqParams, checks, this._extras); + logApp.info("[OPENID] End callback response tokenset", { tokenset }) + const passReq = this._passReqToCallback; + const loadUserinfo = this._verify.length > (passReq ? 3 : 2) && client.issuer.userinfo_endpoint; + logApp.info("[OPENID] End callback response loadUserinfo", { loadUserinfo }) + const args = [tokenset, verified.bind(this)]; + + if (loadUserinfo) { + if (!tokenset.access_token) { + logApp.error("[OPENID] RPError expected access_token to be returned when asking for userinfo in verify callback", { tokenset }) + throw new RPError({ + message: + 'expected access_token to be returned when asking for userinfo in verify callback', + tokenset, + }); + } + const userinfo = await client.userinfo(tokenset); + args.splice(1, 0, userinfo); + } + + if (passReq) { + args.unshift(req); + } + logApp.info("[OPENID] _verify", { args }) + this._verify(...args); + /* end authentication response */ + })().catch((error) => { + logApp.error("[OPENID] General openid passport error", { error }) + if ( + (error instanceof OPError && + error.error !== 'server_error' && + !error.error.startsWith('invalid')) || + error instanceof RPError + ) { + this.fail(error); + } else { + this.error(error); + } + }); +}; + +module.exports = OpenIDConnectStrategy; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/lib/token_set.js b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/token_set.js new file mode 100644 index 0000000000000..cdf2f0d824177 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/lib/token_set.js @@ -0,0 +1,35 @@ +const base64url = require('./helpers/base64url'); +const now = require('./helpers/unix_timestamp'); + +class TokenSet { + constructor(values) { + Object.assign(this, values); + const { constructor, ...properties } = Object.getOwnPropertyDescriptors( + this.constructor.prototype, + ); + + Object.defineProperties(this, properties); + } + + set expires_in(value) { + this.expires_at = now() + Number(value); + } + + get expires_in() { + return Math.max.apply(null, [this.expires_at - now(), 0]); + } + + expired() { + return this.expires_in === 0; + } + + claims() { + if (!this.id_token) { + throw new TypeError('id_token not present in TokenSet'); + } + + return JSON.parse(base64url.decode(this.id_token.split('.')[1])); + } +} + +module.exports = TokenSet; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/package-lock.json b/opencti-platform/opencti-graphql/packages/node-openid-client/package-lock.json new file mode 100644 index 0000000000000..7fedf4ba21915 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/package-lock.json @@ -0,0 +1,1337 @@ +{ + "name": "openid-client", + "version": "5.6.5", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "openid-client", + "version": "5.6.5", + "license": "MIT", + "dependencies": { + "jose": "^4.15.5", + "lru-cache": "^6.0.0", + "object-hash": "^2.2.0", + "oidc-token-hash": "^5.0.3" + }, + "devDependencies": { + "@types/node": "^16.18.87", + "@types/passport": "^1.0.16", + "base64url": "^3.0.1", + "chai": "^4.4.1", + "mocha": "^10.3.0", + "nock": "^13.5.4", + "prettier": "^2.8.8", + "readable-mock-req": "^0.2.2", + "sinon": "^9.2.4", + "timekeeper": "^2.3.1" + }, + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "node_modules/@sinonjs/commons": { + "version": "1.8.6", + "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "integrity": "sha512-Ky+XkAkqPZSm3NLBeUng77EBQl3cmeJhITaGHdYH8kjVB+aun3S4XBRti2zt17mtt0mIUDiNxYeoJm6drVvBJQ==", + "dev": true, + "dependencies": { + "type-detect": "4.0.8" + } + }, + "node_modules/@sinonjs/fake-timers": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-6.0.1.tgz", + "integrity": "sha512-MZPUxrmFubI36XS1DI3qmI0YdN1gks62JtFZvxR67ljjSNCeK6U08Zx4msEWOXuofgqUt6zPHSi1H9fbjR/NRA==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.7.0" + } + }, + "node_modules/@sinonjs/samsam": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-5.3.1.tgz", + "integrity": "sha512-1Hc0b1TtyfBu8ixF/tpfSHTVWKwCBLY4QJbkgnE7HcwyvT2xArDxb4K7dMgqRm3szI+LJbzmW/s4xxEhv6hwDg==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.6.0", + "lodash.get": "^4.4.2", + "type-detect": "^4.0.8" + } + }, + "node_modules/@sinonjs/text-encoding": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "integrity": "sha512-sXXKG+uL9IrKqViTtao2Ws6dy0znu9sOaP1di/jKGW1M6VssO8vlpXCQcpZ+jisQ1tTFAC5Jo/EOzFbggBagFQ==", + "dev": true + }, + "node_modules/@types/body-parser": { + "version": "1.19.5", + "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "integrity": "sha512-fB3Zu92ucau0iQ0JMCFQE7b/dv8Ot07NI3KaZIkIUNXq82k4eBAqUaneXfleGY9JWskeS9y+u0nXMyspcuQrCg==", + "dev": true, + "dependencies": { + "@types/connect": "*", + "@types/node": "*" + } + }, + "node_modules/@types/connect": { + "version": "3.4.38", + "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==", + "dev": true, + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/express": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "integrity": "sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==", + "dev": true, + "dependencies": { + "@types/body-parser": "*", + "@types/express-serve-static-core": "^4.17.33", + "@types/qs": "*", + "@types/serve-static": "*" + } + }, + "node_modules/@types/express-serve-static-core": { + "version": "4.17.43", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.43.tgz", + "integrity": "sha512-oaYtiBirUOPQGSWNGPWnzyAFJ0BP3cwvN4oWZQY+zUBwpVIGsKUkpBpSztp74drYcjavs7SKFZ4DX1V2QeN8rg==", + "dev": true, + "dependencies": { + "@types/node": "*", + "@types/qs": "*", + "@types/range-parser": "*", + "@types/send": "*" + } + }, + "node_modules/@types/http-errors": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "integrity": "sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==", + "dev": true + }, + "node_modules/@types/mime": { + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==", + "dev": true + }, + "node_modules/@types/node": { + "version": "16.18.87", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.87.tgz", + "integrity": "sha512-+IzfhNirR/MDbXz6Om5eHV54D9mQlEMGag6AgEzlju0xH3M8baCXYwqQ6RKgGMpn9wSTx6Ltya/0y4Z8eSfdLw==", + "dev": true + }, + "node_modules/@types/passport": { + "version": "1.0.16", + "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.16.tgz", + "integrity": "sha512-FD0qD5hbPWQzaM0wHUnJ/T0BBCJBxCeemtnCwc/ThhTg3x9jfrAcRUmj5Dopza+MfFS9acTe3wk7rcVnRIp/0A==", + "dev": true, + "dependencies": { + "@types/express": "*" + } + }, + "node_modules/@types/qs": { + "version": "6.9.12", + "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.12.tgz", + "integrity": "sha512-bZcOkJ6uWrL0Qb2NAWKa7TBU+mJHPzhx9jjLL1KHF+XpzEcR7EXHvjbHlGtR/IsP1vyPrehuS6XqkmaePy//mg==", + "dev": true + }, + "node_modules/@types/range-parser": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==", + "dev": true + }, + "node_modules/@types/send": { + "version": "0.17.4", + "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "integrity": "sha512-x2EM6TJOybec7c52BX0ZspPodMsQUd5L6PRwOunVyVUhXiBSKf3AezDL8Dgvgt5o0UfKNfuA0eMLr2wLT4AiBA==", + "dev": true, + "dependencies": { + "@types/mime": "^1", + "@types/node": "*" + } + }, + "node_modules/@types/serve-static": { + "version": "1.15.5", + "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.5.tgz", + "integrity": "sha512-PDRk21MnK70hja/YF8AHfC7yIsiQHn1rcXx7ijCFBX/k+XQJhQT/gw3xekXKJvx+5SXaMMS8oqQy09Mzvz2TuQ==", + "dev": true, + "dependencies": { + "@types/http-errors": "*", + "@types/mime": "*", + "@types/node": "*" + } + }, + "node_modules/ansi-colors": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "dev": true, + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + }, + "node_modules/assertion-error": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==", + "dev": true, + "engines": { + "node": "*" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "node_modules/base64url": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", + "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==", + "dev": true, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/binary-extensions": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", + "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "dependencies": { + "fill-range": "^7.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/browser-stdout": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", + "dev": true + }, + "node_modules/camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/chai": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "integrity": "sha512-13sOfMv2+DWduEU+/xbun3LScLoqN17nBeTLUsmDfKdoiC1fr0n9PU4guu4AhRcOVFk/sW8LyZWHuhWtQZiF+g==", + "dev": true, + "dependencies": { + "assertion-error": "^1.1.0", + "check-error": "^1.0.3", + "deep-eql": "^4.1.3", + "get-func-name": "^2.0.2", + "loupe": "^2.3.6", + "pathval": "^1.1.1", + "type-detect": "^4.0.8" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/chalk/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/check-error": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "integrity": "sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==", + "dev": true, + "dependencies": { + "get-func-name": "^2.0.2" + }, + "engines": { + "node": "*" + } + }, + "node_modules/chokidar": { + "version": "3.5.3", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", + "dev": true, + "funding": [ + { + "type": "individual", + "url": "https://paulmillr.com/funding/" + } + ], + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dev": true, + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "node_modules/core-util-is": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", + "dev": true + }, + "node_modules/debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "dev": true, + "dependencies": { + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/debug/node_modules/ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, + "node_modules/decamelize": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/deep-eql": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "integrity": "sha512-WaEtAOpRA1MQ0eohqZjpGD8zdI0Ovsm8mmFhaDN8dvDZzyoUMcYDnf5Y6iu7HTXxf8JDS23qWa4a+hKCDyOPzw==", + "dev": true, + "dependencies": { + "type-detect": "^4.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/diff": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", + "dev": true, + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true + }, + "node_modules/escalade": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "integrity": "sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==", + "dev": true, + "bin": { + "flat": "cli.js" + } + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", + "dev": true + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "dev": true, + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, + "node_modules/get-func-name": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "integrity": "sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==", + "dev": true, + "engines": { + "node": "*" + } + }, + "node_modules/glob": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "integrity": "sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ==", + "dev": true, + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^5.0.1", + "once": "^1.3.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/he": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "dev": true, + "bin": { + "he": "bin/he" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "dev": true, + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-plain-obj": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-readable-stream": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-readable-stream/-/is-readable-stream-1.0.1.tgz", + "integrity": "sha512-hj/cPKXI7ITRRFeaHPg9WwEzye4cj+xjcUnvelBuCcBsyXYzYXi//Yh+oSVn8bMiyt1b8cNOPwkYxEJXl+6v7w==", + "deprecated": "use is-stream instead", + "dev": true + }, + "node_modules/is-unicode-supported": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/isarray": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", + "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==", + "dev": true + }, + "node_modules/jose": { + "version": "4.15.5", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.5.tgz", + "integrity": "sha512-jc7BFxgKPKi94uOvEmzlSWFFe2+vASyXaKUpdQKatWAESU2MWjDfFf0fdfc83CDKcA5QecabZeNLyfhe3yKNkg==", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dev": true, + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/json-stringify-safe": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", + "dev": true + }, + "node_modules/just-extend": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-4.2.1.tgz", + "integrity": "sha512-g3UB796vUFIY90VIv/WX3L2c8CS2MdWUww3CNrYmqza1Fg0DURc2K/O4YrnklBdQarSJ/y8JnJYDGc+1iumQjg==", + "dev": true + }, + "node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lodash.get": { + "version": "4.4.2", + "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "integrity": "sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ==", + "dev": true + }, + "node_modules/log-symbols": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==", + "dev": true, + "dependencies": { + "chalk": "^4.1.0", + "is-unicode-supported": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/loupe": { + "version": "2.3.7", + "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "integrity": "sha512-zSMINGVYkdpYSOBmLi0D1Uo7JU9nVdQKrHxC8eYlV+9YKK9WePqAlL7lSlorG/U2Fw1w0hTBmaa/jrQ3UbPHtA==", + "dev": true, + "dependencies": { + "get-func-name": "^2.0.1" + } + }, + "node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/methods": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", + "dev": true, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/minimatch": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==", + "dev": true, + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/mocha": { + "version": "10.3.0", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.3.0.tgz", + "integrity": "sha512-uF2XJs+7xSLsrmIvn37i/wnc91nw7XjOQB8ccyx5aEgdnohr7n+rEiZP23WkCYHjilR6+EboEnbq/ZQDz4LSbg==", + "dev": true, + "dependencies": { + "ansi-colors": "4.1.1", + "browser-stdout": "1.3.1", + "chokidar": "3.5.3", + "debug": "4.3.4", + "diff": "5.0.0", + "escape-string-regexp": "4.0.0", + "find-up": "5.0.0", + "glob": "8.1.0", + "he": "1.2.0", + "js-yaml": "4.1.0", + "log-symbols": "4.1.0", + "minimatch": "5.0.1", + "ms": "2.1.3", + "serialize-javascript": "6.0.0", + "strip-json-comments": "3.1.1", + "supports-color": "8.1.1", + "workerpool": "6.2.1", + "yargs": "16.2.0", + "yargs-parser": "20.2.4", + "yargs-unparser": "2.0.0" + }, + "bin": { + "_mocha": "bin/_mocha", + "mocha": "bin/mocha.js" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true + }, + "node_modules/nise": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/nise/-/nise-4.1.0.tgz", + "integrity": "sha512-eQMEmGN/8arp0xsvGoQ+B1qvSkR73B1nWSCh7nOt5neMCtwcQVYQGdzQMhcNscktTsWB54xnlSQFzOAPJD8nXA==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.7.0", + "@sinonjs/fake-timers": "^6.0.0", + "@sinonjs/text-encoding": "^0.7.1", + "just-extend": "^4.0.2", + "path-to-regexp": "^1.7.0" + } + }, + "node_modules/nock": { + "version": "13.5.4", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "integrity": "sha512-yAyTfdeNJGGBFxWdzSKCBYxs5FxLbCg5X5Q4ets974hcQzG1+qCxvIyOo4j2Ry6MUlhWVMX4OoYDefAIIwupjw==", + "dev": true, + "dependencies": { + "debug": "^4.1.0", + "json-stringify-safe": "^5.0.1", + "propagate": "^2.0.0" + }, + "engines": { + "node": ">= 10.13" + } + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-hash": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", + "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==", + "engines": { + "node": ">= 6" + } + }, + "node_modules/oidc-token-hash": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz", + "integrity": "sha512-IF4PcGgzAr6XXSff26Sk/+P4KZFJVuHAJZj3wgO3vX2bMdNVp/QXTP3P7CEm9V1IdG8lDLY3HhiqpsE/nOwpPw==", + "engines": { + "node": "^10.13.0 || >=12.0.0" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dev": true, + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/path-to-regexp": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz", + "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==", + "dev": true, + "dependencies": { + "isarray": "0.0.1" + } + }, + "node_modules/pathval": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==", + "dev": true, + "engines": { + "node": "*" + } + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true, + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/prettier": { + "version": "2.8.8", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.8.tgz", + "integrity": "sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==", + "dev": true, + "bin": { + "prettier": "bin-prettier.js" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + }, + "node_modules/propagate": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "integrity": "sha512-vGrhOavPSTz4QVNuBNdcNXePNdNMaO1xj9yBeH1ScQPjk/rhg9sSlCXPhMkFuaNNW/syTvYqsnbIJxMBfRbbag==", + "dev": true, + "engines": { + "node": ">= 8" + } + }, + "node_modules/randombytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "dev": true, + "dependencies": { + "safe-buffer": "^5.1.0" + } + }, + "node_modules/readable-mock-req": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/readable-mock-req/-/readable-mock-req-0.2.2.tgz", + "integrity": "sha512-SQwHpJeeCsmtZ8mZmi4aoS3ujArujrQp7QMqt4t+O4f9sBztMv0V9Oufdc1vjzU7MMCc9TLOj7tYKoRE/QHMMg==", + "dev": true, + "dependencies": { + "is-readable-stream": "~1.0.0", + "methods": "~1.1.1", + "readable-stream": "~1.1.0" + }, + "engines": { + "node": ">=0.10" + } + }, + "node_modules/readable-stream": { + "version": "1.1.14", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz", + "integrity": "sha512-+MeVjFf4L44XUkhM1eYbD8fyEsxcV81pqMSR5gblfcLCHfZvbrqy4/qYHE+/R5HoBUT11WV5O08Cr1n3YXkWVQ==", + "dev": true, + "dependencies": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.1", + "isarray": "0.0.1", + "string_decoder": "~0.10.x" + } + }, + "node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dev": true, + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/serialize-javascript": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==", + "dev": true, + "dependencies": { + "randombytes": "^2.1.0" + } + }, + "node_modules/sinon": { + "version": "9.2.4", + "resolved": "https://registry.npmjs.org/sinon/-/sinon-9.2.4.tgz", + "integrity": "sha512-zljcULZQsJxVra28qIAL6ow1Z9tpattkCTEJR4RBP3TGc00FcttsP5pK284Nas5WjMZU5Yzy3kAIp3B3KRf5Yg==", + "deprecated": "16.1.1", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.8.1", + "@sinonjs/fake-timers": "^6.0.1", + "@sinonjs/samsam": "^5.3.1", + "diff": "^4.0.2", + "nise": "^4.0.4", + "supports-color": "^7.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/sinon" + } + }, + "node_modules/sinon/node_modules/diff": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", + "dev": true, + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/sinon/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/string_decoder": { + "version": "0.10.31", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", + "integrity": "sha512-ev2QzSzWPYmy9GuqfIVildA4OdcGLeFZQrq5ys6RtiuF+RQQiZWr8TZNyAcuVXyQRYfEO+MsoB/1BuQVhOJuoQ==", + "dev": true + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "dev": true, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/timekeeper": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/timekeeper/-/timekeeper-2.3.1.tgz", + "integrity": "sha512-LeQRS7/4JcC0PgdSFnfUiStQEdiuySlCj/5SJ18D+T1n9BoY7PxKFfCwLulpHXoLUFr67HxBddQdEX47lDGx1g==", + "dev": true + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/type-detect": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==", + "dev": true, + "engines": { + "node": ">=4" + } + }, + "node_modules/workerpool": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==", + "dev": true + }, + "node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "dev": true + }, + "node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + }, + "node_modules/yargs": { + "version": "16.2.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "dev": true, + "dependencies": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs-parser": { + "version": "20.2.4", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs-unparser": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==", + "dev": true, + "dependencies": { + "camelcase": "^6.0.0", + "decamelize": "^4.0.0", + "flat": "^5.0.2", + "is-plain-obj": "^2.1.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + } + } +} diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/package.json b/opencti-platform/opencti-graphql/packages/node-openid-client/package.json new file mode 100644 index 0000000000000..04db0dfc9a720 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/package.json @@ -0,0 +1,106 @@ +{ + "name": "openid-client", + "version": "5.6.5", + "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", + "keywords": [ + "auth", + "authentication", + "basic", + "certified", + "client", + "connect", + "dynamic", + "electron", + "hybrid", + "identity", + "implicit", + "oauth", + "oauth2", + "oidc", + "openid", + "passport", + "relying party", + "strategy" + ], + "homepage": "https://github.com/panva/node-openid-client", + "repository": "panva/node-openid-client", + "funding": { + "url": "https://github.com/sponsors/panva" + }, + "license": "MIT", + "author": "Filip Skokan ", + "exports": { + "types": "./types/index.d.ts", + "import": "./lib/index.mjs", + "require": "./lib/index.js" + }, + "main": "./lib/index.js", + "types": "./types/index.d.ts", + "files": [ + "lib", + "types/index.d.ts" + ], + "scripts": { + "format": "npx prettier --loglevel silent --write ./lib ./test ./certification ./types", + "test": "mocha test/**/*.test.js" + }, + "dependencies": { + "jose": "^4.15.5", + "lru-cache": "^6.0.0", + "object-hash": "^2.2.0", + "oidc-token-hash": "^5.0.3" + }, + "devDependencies": { + "@types/node": "^16.18.87", + "@types/passport": "^1.0.16", + "base64url": "^3.0.1", + "chai": "^4.4.1", + "mocha": "^10.3.0", + "nock": "^13.5.4", + "prettier": "^2.8.8", + "readable-mock-req": "^0.2.2", + "sinon": "^9.2.4", + "timekeeper": "^2.3.1" + }, + "standard-version": { + "scripts": { + "postchangelog": "sed -i '' -e 's/### \\[/## [/g' CHANGELOG.md" + }, + "types": [ + { + "type": "feat", + "section": "Features" + }, + { + "type": "fix", + "section": "Fixes" + }, + { + "type": "chore", + "hidden": true + }, + { + "type": "docs", + "hidden": true + }, + { + "type": "style", + "hidden": true + }, + { + "type": "refactor", + "section": "Refactor", + "hidden": false + }, + { + "type": "perf", + "section": "Performance", + "hidden": false + }, + { + "type": "test", + "hidden": true + } + ] + } +} diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/types/index.d.ts b/opencti-platform/opencti-graphql/packages/node-openid-client/types/index.d.ts new file mode 100644 index 0000000000000..d6b5aa0fd1817 --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/types/index.d.ts @@ -0,0 +1,622 @@ +/// +// TypeScript Version: 3.6 + +import * as http from 'http'; +import * as https from 'https'; +import * as http2 from 'http2'; + +import { URL } from 'url'; +import * as jose from 'jose'; +import * as crypto from 'crypto'; +import { format } from 'util'; + +export type HttpOptions = Partial< + Pick< + https.RequestOptions, + | 'agent' + | 'ca' + | 'cert' + | 'crl' + | 'headers' + | 'key' + | 'lookup' + | 'passphrase' + | 'pfx' + | 'timeout' + > +>; +export type RetryFunction = (retry: number, error: Error) => number; +export type CustomHttpOptionsProvider = ( + url: URL, + options: Omit, +) => HttpOptions; +export type TokenTypeHint = 'access_token' | 'refresh_token' | string; +export type DPoPInput = crypto.KeyObject | Parameters[0]; + +interface UnknownObject { + [key: string]: unknown; +} + +export const custom: { + setHttpOptionsDefaults(params: HttpOptions): undefined; + readonly http_options: unique symbol; + readonly clock_tolerance: unique symbol; +}; + +export type ResponseType = 'code' | 'id_token' | 'code id_token' | 'none' | string; +export type ClientAuthMethod = + | 'client_secret_basic' + | 'client_secret_post' + | 'client_secret_jwt' + | 'private_key_jwt' + | 'tls_client_auth' + | 'self_signed_tls_client_auth' + | 'none'; + +export interface ClientMetadata { + // important + client_id: string; + id_token_signed_response_alg?: string; + token_endpoint_auth_method?: ClientAuthMethod; + client_secret?: string; + redirect_uris?: string[]; + response_types?: ResponseType[]; + post_logout_redirect_uris?: string[]; + default_max_age?: number; + require_auth_time?: boolean; + tls_client_certificate_bound_access_tokens?: boolean; + request_object_signing_alg?: string; + + // less important + id_token_encrypted_response_alg?: string; + id_token_encrypted_response_enc?: string; + introspection_endpoint_auth_method?: ClientAuthMethod; + introspection_endpoint_auth_signing_alg?: string; + request_object_encryption_alg?: string; + request_object_encryption_enc?: string; + revocation_endpoint_auth_method?: ClientAuthMethod; + revocation_endpoint_auth_signing_alg?: string; + token_endpoint_auth_signing_alg?: string; + userinfo_encrypted_response_alg?: string; + userinfo_encrypted_response_enc?: string; + userinfo_signed_response_alg?: string; + authorization_encrypted_response_alg?: string; + authorization_encrypted_response_enc?: string; + authorization_signed_response_alg?: string; + + [key: string]: unknown; +} + +export interface ClaimsParameterMember { + essential?: boolean; + value?: string; + values?: string[]; + + [key: string]: unknown; +} + +export interface AuthorizationParameters { + acr_values?: string; + audience?: string; + claims?: + | string + | { + id_token?: { + [key: string]: null | ClaimsParameterMember; + }; + userinfo?: { + [key: string]: null | ClaimsParameterMember; + }; + }; + claims_locales?: string; + client_id?: string; + code_challenge_method?: string; + code_challenge?: string; + display?: string; + id_token_hint?: string; + login_hint?: string; + max_age?: number; + nonce?: string; + prompt?: string; + redirect_uri?: string; + registration?: string; + request_uri?: string; + request?: string; + resource?: string | string[]; + response_mode?: string; + response_type?: string; + scope?: string; + state?: string; + ui_locales?: string; + + [key: string]: unknown; +} + +export interface EndSessionParameters { + id_token_hint?: TokenSet | string; + post_logout_redirect_uri?: string; + state?: string; + client_id?: string; + logout_hint?: string; + + [key: string]: unknown; +} + +export interface CallbackParamsType { + access_token?: string; + code?: string; + error?: string; + error_description?: string; + error_uri?: string; + expires_in?: string; + id_token?: string; + state?: string; + token_type?: string; + session_state?: string; + response?: string; + + [key: string]: unknown; +} + +export interface OAuthCallbackChecks { + response_type?: string; + state?: string; + code_verifier?: string; + jarm?: boolean; + scope?: string; // TODO: remove in v6.x +} + +export interface OpenIDCallbackChecks extends OAuthCallbackChecks { + max_age?: number; + nonce?: string; +} + +export interface CallbackExtras { + exchangeBody?: object; + clientAssertionPayload?: object; + DPoP?: DPoPInput; +} + +export interface RefreshExtras { + exchangeBody?: object; + clientAssertionPayload?: object; + DPoP?: DPoPInput; +} + +export interface GrantBody { + grant_type: string; + + [key: string]: unknown; +} + +export interface GrantExtras { + clientAssertionPayload?: object; + DPoP?: DPoPInput; +} + +export interface IntrospectExtras { + introspectBody?: object; + clientAssertionPayload?: object; +} + +export interface RevokeExtras { + revokeBody?: object; + clientAssertionPayload?: object; +} + +export interface RequestObjectPayload extends AuthorizationParameters { + client_id?: string; + iss?: string; + aud?: string; + iat?: number; + exp?: number; + jti?: string; + + [key: string]: unknown; +} + +export interface RegisterOther { + jwks?: { keys: jose.JWK[] }; + initialAccessToken?: string; +} + +export interface DeviceAuthorizationParameters { + client_id?: string; + scope?: string; + + [key: string]: unknown; +} + +export interface DeviceAuthorizationExtras { + exchangeBody?: object; + clientAssertionPayload?: object; + DPoP?: DPoPInput; +} + +export interface PushedAuthorizationRequestExtras { + clientAssertionPayload?: object; +} + +export type Address = Override< + { + formatted?: string; + street_address?: string; + locality?: string; + region?: string; + postal_code?: string; + country?: string; + }, + ExtendedAddress +>; + +export type UserinfoResponse< + UserInfo extends {} = UnknownObject, + ExtendedAddress extends {} = UnknownObject, +> = Override< + { + sub: string; + name?: string; + given_name?: string; + family_name?: string; + middle_name?: string; + nickname?: string; + preferred_username?: string; + profile?: string; + picture?: string; + website?: string; + email?: string; + email_verified?: boolean; + gender?: string; + birthdate?: string; + zoneinfo?: string; + locale?: string; + phone_number?: string; + updated_at?: number; + address?: Address; + }, + UserInfo +>; + +export interface IntrospectionResponse { + active: boolean; + client_id?: string; + exp?: number; + iat?: number; + sid?: string; + iss?: string; + jti?: string; + username?: string; + aud?: string | string[]; + scope: string; + sub?: string; + nbf?: number; + token_type?: string; + cnf?: { + 'x5t#S256'?: string; + + [key: string]: unknown; + }; + + [key: string]: unknown; +} + +export interface ClientOptions { + additionalAuthorizedParties?: string | string[]; +} + +export type Client = InstanceType; +declare class BaseClient { + constructor(metadata: ClientMetadata, jwks?: { keys: jose.JWK[] }, options?: ClientOptions); + [custom.http_options]: CustomHttpOptionsProvider; + [custom.clock_tolerance]: number; + metadata: ClientMetadata; + issuer: Issuer; + static issuer: Issuer; + + authorizationUrl(parameters?: AuthorizationParameters): string; + endSessionUrl(parameters?: EndSessionParameters): string; + callbackParams( + input: string | http.IncomingMessage | http2.Http2ServerRequest, + ): CallbackParamsType; + callback( + redirectUri: string | undefined, + parameters: CallbackParamsType, + checks?: OpenIDCallbackChecks, + extras?: CallbackExtras, + ): Promise; + oauthCallback( + redirectUri: string | undefined, + parameters: CallbackParamsType, + checks?: OAuthCallbackChecks, + extras?: CallbackExtras, + ): Promise; + refresh(refreshToken: TokenSet | string, extras?: RefreshExtras): Promise; + userinfo( + accessToken: TokenSet | string, + options?: { + method?: 'GET' | 'POST'; + via?: 'header' | 'body'; + tokenType?: string; + params?: object; + DPoP?: DPoPInput; + }, + ): Promise>; + requestResource( + resourceUrl: string | URL, + accessToken: TokenSet | string, + options?: { + headers?: object; + body?: string | Buffer; + method?: 'GET' | 'POST' | 'PUT' | 'HEAD' | 'DELETE' | 'OPTIONS' | 'TRACE' | 'PATCH'; + tokenType?: string; + DPoP?: DPoPInput; + }, + ): Promise<{ body?: Buffer } & http.IncomingMessage>; + grant(body: GrantBody, extras?: GrantExtras): Promise; + introspect( + token: string, + tokenTypeHint?: TokenTypeHint, + extras?: IntrospectExtras, + ): Promise; + revoke(token: string, tokenTypeHint?: TokenTypeHint, extras?: RevokeExtras): Promise; + requestObject(payload: RequestObjectPayload): Promise; + deviceAuthorization( + parameters?: DeviceAuthorizationParameters, + extras?: DeviceAuthorizationExtras, + ): Promise>; + pushedAuthorizationRequest( + parameters?: AuthorizationParameters, + extras?: PushedAuthorizationRequestExtras, + ): Promise<{ + request_uri: string; + expires_in: number; + [key: string]: unknown; + }>; + static register(metadata: object, other?: RegisterOther & ClientOptions): Promise; + static fromUri( + registrationClientUri: string, + registrationAccessToken: string, + jwks?: { keys: jose.JWK[] }, + clientOptions?: ClientOptions, + ): Promise; + static [custom.http_options]: CustomHttpOptionsProvider; + + [key: string]: unknown; +} + +interface DeviceFlowPollOptions { + // @ts-ignore + signal?: AbortSignal; +} + +export class DeviceFlowHandle { + poll(options?: DeviceFlowPollOptions): Promise; + abort(): void; + expired(): boolean; + expires_at: number; + client: TClient; + user_code: string; + device_code: string; + verification_uri: string; + verification_uri_complete: string; + expires_in: number; +} + +export interface IssuerMetadata { + issuer: string; + authorization_endpoint?: string; + token_endpoint?: string; + jwks_uri?: string; + userinfo_endpoint?: string; + revocation_endpoint?: string; + end_session_endpoint?: string; + registration_endpoint?: string; + token_endpoint_auth_methods_supported?: string[]; + token_endpoint_auth_signing_alg_values_supported?: string[]; + introspection_endpoint_auth_methods_supported?: string[]; + introspection_endpoint_auth_signing_alg_values_supported?: string[]; + revocation_endpoint_auth_methods_supported?: string[]; + revocation_endpoint_auth_signing_alg_values_supported?: string[]; + request_object_signing_alg_values_supported?: string[]; + mtls_endpoint_aliases?: MtlsEndpointAliases; + + [key: string]: unknown; +} + +export interface MtlsEndpointAliases { + token_endpoint?: string; + userinfo_endpoint?: string; + revocation_endpoint?: string; + introspection_endpoint?: string; + device_authorization_endpoint?: string; +} + +export interface TypeOfGenericClient { + new (metadata: ClientMetadata, jwks?: { keys: jose.JWK[] }, options?: ClientOptions): TClient; + [custom.http_options]: CustomHttpOptionsProvider; + [custom.clock_tolerance]: number; +} + +export class Issuer { + constructor(metadata: IssuerMetadata); + + Client: TypeOfGenericClient; + + FAPI1Client: TypeOfGenericClient; + + metadata: IssuerMetadata; + [custom.http_options]: CustomHttpOptionsProvider; + static discover(issuer: string): Promise>; + static webfinger(input: string): Promise>; + static [custom.http_options]: CustomHttpOptionsProvider; + [key: string]: unknown; +} + +export interface TokenSetParameters { + access_token?: string; + token_type?: string; + id_token?: string; + refresh_token?: string; + scope?: string; + + expires_at?: number; + session_state?: string; + + [key: string]: unknown; +} + +export interface IdTokenClaims extends UserinfoResponse { + acr?: string; + amr?: string[]; + at_hash?: string; + aud: string | string[]; + auth_time?: number; + azp?: string; + c_hash?: string; + exp: number; + iat: number; + iss: string; + nonce?: string; + s_hash?: string; + sub: string; + + [key: string]: unknown; +} + +export class TokenSet implements TokenSetParameters { + access_token?: string; + token_type?: string; + id_token?: string; + refresh_token?: string; + expires_in?: number; + expires_at?: number; + session_state?: string; + scope?: string; + + constructor(input?: TokenSetParameters); + + expired(): boolean; + claims(): IdTokenClaims; + + [key: string]: unknown; +} + +export type StrategyVerifyCallbackUserInfo< + TUser, + TUserInfo extends {} = UnknownObject, + TAddress extends {} = UnknownObject, +> = ( + tokenset: TokenSet, + userinfo: UserinfoResponse, + done: (err: any, user?: TUser) => void, +) => void; +export type StrategyVerifyCallback = ( + tokenset: TokenSet, + done: (err: any, user?: TUser) => void, +) => void; +export type StrategyVerifyCallbackReqUserInfo< + TUser, + TUserInfo extends {} = UnknownObject, + TAddress extends {} = UnknownObject, +> = ( + req: http.IncomingMessage, + tokenset: TokenSet, + userinfo: UserinfoResponse, + done: (err: any, user?: TUser) => void, +) => void; +export type StrategyVerifyCallbackReq = ( + req: http.IncomingMessage, + tokenset: TokenSet, + done: (err: any, user?: TUser) => void, +) => void; + +export interface StrategyOptions { + client: TClient; + params?: AuthorizationParameters; + extras?: CallbackExtras; + passReqToCallback?: boolean; + usePKCE?: boolean | string; + sessionKey?: string; +} + +export class Strategy { + constructor( + options: StrategyOptions, + verify: + | StrategyVerifyCallback + | StrategyVerifyCallbackUserInfo + | StrategyVerifyCallbackReq + | StrategyVerifyCallbackReqUserInfo, + ); + + authenticate(req: any, options?: any): void; + success(user: any, info?: any): void; + fail(challenge: any, status: number): void; + fail(status: number): void; + redirect(url: string, status?: number): void; + pass(): void; + error(err: Error): void; +} + +export namespace generators { + function random(bytes?: number): string; + function state(bytes?: number): string; + function nonce(bytes?: number): string; + function codeVerifier(bytes?: number): string; + function codeChallenge(verifier: string): string; +} + +export namespace errors { + class OPError extends Error { + error_description?: string; + error?: string; + error_uri?: string; + state?: string; + scope?: string; + session_state?: string; + response?: { body?: UnknownObject | Buffer } & http.IncomingMessage; + + constructor( + params: { + error: string; + error_description?: string; + error_uri?: string; + state?: string; + scope?: string; + session_state?: string; + }, + response?: { body?: UnknownObject | Buffer } & http.IncomingMessage, + ); + } + + class RPError extends Error { + jwt?: string; + checks?: object; + params?: object; + body?: object; + response?: { body?: UnknownObject | Buffer } & http.IncomingMessage; + now?: number; + tolerance?: number; + nbf?: number; + exp?: number; + iat?: number; + auth_time?: number; + + constructor(...args: Parameters); + constructor(options: { + message?: string; + printf?: Parameters; + response?: { body?: UnknownObject | Buffer } & http.IncomingMessage; + [key: string]: unknown; + }); + } +} + +type KnownKeys = { + [K in keyof T]: string extends K ? never : number extends K ? never : K; +} extends { [_ in keyof T]: infer U } + ? {} extends U + ? never + : U + : never; +type Override = Omit>> & T2; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/types/openid-client-tests.ts b/opencti-platform/opencti-graphql/packages/node-openid-client/types/openid-client-tests.ts new file mode 100644 index 0000000000000..dc9581554b62b --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/types/openid-client-tests.ts @@ -0,0 +1,281 @@ +import { IncomingMessage } from 'http'; +import { generateKeyPairSync } from 'crypto'; + +import { + custom, + generators, + Issuer, + Client, + Strategy, + StrategyVerifyCallback, + StrategyOptions, + TokenSet, + RegisterOther, + IssuerMetadata, +} from './index.d'; +import passport from 'passport'; + +async (req: IncomingMessage) => { + // Custom HTTP options on the `Issuer` _c'tor_ (e.g. used for `Issuer.discover()`): + Issuer[custom.http_options] = () => ({ timeout: 10000 }); + + let issuer = await Issuer.discover('https://accounts.google.com'); + console.log('Discovered issuer %O', issuer.metadata.issuer); + + // + issuer = new Issuer({ + issuer: 'https://accounts.google.com', + authorization_endpoint: 'https://accounts.google.com/o/oauth2/v2/auth', + token_endpoint: 'https://oauth2.googleapis.com/token', + userinfo_endpoint: 'https://openidconnect.googleapis.com/v1/userinfo', + revocation_endpoint: 'https://oauth2.googleapis.com/revoke', + jwks_uri: 'https://www.googleapis.com/oauth2/v3/certs', + token_endpoint_auth_methods_supported: ['client_secret_post', 'client_secret_basic'], + }); + + issuer[custom.http_options] = () => ({ timeout: 10000 }); + + // + + issuer.Client[custom.http_options] = () => ({ timeout: 10000 }); + + const client = new issuer.Client({ + client_id: 'c', + client_secret: 's', + redirect_uris: ['http://localhost:3000/cb'], + response_types: ['code'], + }); + console.log(client.metadata.client_id); + + // Custom HTTP options on the `Client` _instance_ + client[custom.http_options] = () => ({ timeout: 10000 }); + client[custom.clock_tolerance] = 5; + + // + + const { privateKey: keyobject } = generateKeyPairSync('rsa', { modulusLength: 2048 }); + const jwk = { kty: 'EC', x: 'foo', y: 'bar', d: 'baz', crv: 'P-256' }; + + client.callback('https://rp.example.com/cb', {}, {}, { DPoP: keyobject }); + client.callback('https://rp.example.com/cb', {}, {}, { DPoP: { key: jwk, format: 'jwk' } }); + + client.oauthCallback('https://rp.example.com/cb', {}, {}, { DPoP: keyobject }); + client.oauthCallback('https://rp.example.com/cb', {}, {}, { DPoP: { key: jwk, format: 'jwk' } }); + + client.userinfo('token', { DPoP: keyobject }); + client.userinfo('token', { DPoP: { key: jwk, format: 'jwk' } }); + + client.requestResource('https://rs.example.com/resource', 'token', { DPoP: keyobject }); + client.requestResource('https://rs.example.com/resource', 'token', { + DPoP: { key: jwk, format: 'jwk' }, + }); + + client.pushedAuthorizationRequest(); + client.pushedAuthorizationRequest({}); + client.pushedAuthorizationRequest({ foo: 'bar' }); + client.pushedAuthorizationRequest({ foo: 'bar' }, { clientAssertionPayload: {} }); + + { + const { request_uri, expires_in } = await client.pushedAuthorizationRequest(); + request_uri.substring(0); + expires_in.toFixed(); + } + + client.deviceAuthorization({}, { DPoP: keyobject }); + const handle = await client.deviceAuthorization({}, { DPoP: { key: jwk, format: 'jwk' } }); + + handle.abort(); + handle.poll(); + + const ac = new AbortController(); + handle.poll({ signal: ac.signal }); + + client.grant({ grant_type: 'client_credentials' }, { DPoP: keyobject }); + client.grant({ grant_type: 'client_credentials' }, { DPoP: { key: jwk, format: 'jwk' } }); + + client.refresh('token', { DPoP: keyobject }); + client.refresh('token', { DPoP: { key: jwk, format: 'jwk' } }); + + // + + const code_verifier = generators.codeVerifier(); + + const code_challenge = generators.codeChallenge(code_verifier); + + // + + client + .authorizationUrl({ + scope: 'openid email profile', + response_mode: 'form_post', + nonce: 'nonce', + resource: 'https://my.api.example.com/resource/32178', + code_challenge, + code_challenge_method: 'S256', + }) + .substring(0); + + // + + const params = client.callbackParams(req); + const callbackResponse = await client.callback('https://client.example.com/callback', params, { + code_verifier, + }); + console.log( + callbackResponse.id_token, + callbackResponse.access_token, + callbackResponse.refresh_token, + ); + console.log( + callbackResponse.expired(), + callbackResponse.claims()['some claim name'], + callbackResponse.claims().sub, + ); + + // + + await client.userinfo('access token'); + const userinfo = await client.userinfo(callbackResponse); + console.log(userinfo['some user info name']); + + // + + const userinfoGeneric = await client.userinfo<{ someProp: number }>(callbackResponse); + console.log(userinfoGeneric.someProp); + + // + + const userinfoAddressGeneric = await client.userinfo<{ someProp: number }, { street: string }>( + callbackResponse, + ); + console.log( + userinfoAddressGeneric.address ? userinfoAddressGeneric.address.street.substring(0) : undefined, + ); + + // + + const userinfoOverride = await client.userinfo<{ email_verified: string }>(callbackResponse); + console.log(userinfoOverride.email_verified.substring(0)); + + // + + await client.requestResource('https://rs.example.com/resource', 'access token', { + headers: { Accept: 'application/json' }, + }); + const resource = await client.requestResource( + 'https://rs.example.com/resource', + callbackResponse, + { headers: { Accept: 'application/json' } }, + ); + console.log(resource.body!.byteLength); + console.log(resource.body!.toString('utf-8')); + + // + + const grantResponse = await client.grant({ + grant_type: 'client_credentials', + acr_values: 'acr_values', + }); + console.log(grantResponse.access_token); + + // + + const introspectResponse = await client.introspect('token'); + const active: boolean = introspectResponse.active; + console.log(introspectResponse['some claim name']); + + client.introspect('token', 'tokenTypeHint'); + + client.introspect('token', 'tokenTypeHint', {}); + client.introspect('token', 'tokenTypeHint', { introspectBody: {} }); + + // + + client.endSessionUrl({ id_token_hint: 'id_token_hint' }).substring(0); + + // + + await client.revoke('token', 'hint'); + client.revoke('token', 'hint', {}); + client.revoke('token', 'hint', { revokeBody: {}, clientAssertionPayload: {} }); + + await client.refresh('token'); + await client.refresh('token', {}); + await client.refresh('token', { exchangeBody: {}, clientAssertionPayload: {} }); + + // generics setup + class CustomClient extends issuer.Client { + myCustomMethod() {} + + static async register(metadata: object, other?: RegisterOther): Promise { + return new CustomClient({ + client_id: 'xxxx', + }); + } + } + + // generics: issuer + + class CustomIssuer extends Issuer { + constructor(metadata: IssuerMetadata) { + super(metadata); + } + } + + const customIssuer = new CustomIssuer({ + issuer: 'test-issuer', + }); + + const customIssuedClient = new customIssuer.Client({ + client_id: 'c', + client_secret: 's', + redirect_uris: ['http://localhost:3000/cb'], + response_types: ['code'], + }); + + customIssuedClient.myCustomMethod(); + + // generics: strategy + class PassportUser { + tokenset: TokenSet; + + constructor(tokenset: TokenSet) { + this.tokenset = tokenset; + } + + getAccessToken() { + return this.tokenset.access_token; + } + } + + const verify: StrategyVerifyCallback = (tokenset, done) => { + const user = new PassportUser(tokenset); + const accessToken = user.getAccessToken(); + done(null, user); + }; + + class CustomStrategy extends Strategy { + client: CustomClient; + + constructor( + options: StrategyOptions, + verify: StrategyVerifyCallback, + ) { + super(options, verify); + + this.client = options.client; + } + } + + const customClient = await CustomClient.register({}); + + const strategyOptions = { + client: customClient, + }; + + strategyOptions.client.myCustomMethod(); + + const customStrategy = new CustomStrategy(strategyOptions, verify); + + passport.use('oidc', new Strategy({ client, params: { foo: 'bar ' } }, verify)); +}; diff --git a/opencti-platform/opencti-graphql/packages/node-openid-client/types/tsconfig.json b/opencti-platform/opencti-graphql/packages/node-openid-client/types/tsconfig.json new file mode 100644 index 0000000000000..6cb2ee965c11c --- /dev/null +++ b/opencti-platform/opencti-graphql/packages/node-openid-client/types/tsconfig.json @@ -0,0 +1,17 @@ +{ + "compilerOptions": { + "module": "commonjs", + "lib": ["es6"], + "noImplicitAny": true, + "noImplicitThis": true, + "strictNullChecks": true, + "esModuleInterop": true, + "strictFunctionTypes": true, + "baseUrl": "../", + "typeRoots": ["../"], + "types": [], + "noEmit": true, + "forceConsistentCasingInFileNames": true + }, + "files": ["index.d.ts", "openid-client-tests.ts"] +} diff --git a/opencti-platform/opencti-graphql/yarn.lock b/opencti-platform/opencti-graphql/yarn.lock index 9c694a6abca4a..42abd2eb76ac6 100644 --- a/opencti-platform/opencti-graphql/yarn.lock +++ b/opencti-platform/opencti-graphql/yarn.lock @@ -865,7 +865,7 @@ __metadata: languageName: node linkType: hard -"@aws-sdk/types@npm:3.523.0, @aws-sdk/types@npm:^3.222.0": +"@aws-sdk/types@npm:3.523.0": version: 3.523.0 resolution: "@aws-sdk/types@npm:3.523.0" dependencies: @@ -875,6 +875,16 @@ __metadata: languageName: node linkType: hard +"@aws-sdk/types@npm:^3.222.0": + version: 3.533.0 + resolution: "@aws-sdk/types@npm:3.533.0" + dependencies: + "@smithy/types": "npm:^2.11.0" + tslib: "npm:^2.5.0" + checksum: 10/20d26d101b9b15d0790193bbf1cb17931fe3746dc04fa715d9f6f62355343356b0fbdfe7ec804117ee1179b2dcfcfe39bfc11461e25ba5017856c7c648aad32d + languageName: node + linkType: hard + "@aws-sdk/util-arn-parser@npm:3.495.0": version: 3.495.0 resolution: "@aws-sdk/util-arn-parser@npm:3.495.0" @@ -2742,17 +2752,17 @@ __metadata: linkType: hard "@graphql-tools/executor@npm:^1.2.1": - version: 1.2.1 - resolution: "@graphql-tools/executor@npm:1.2.1" + version: 1.2.2 + resolution: "@graphql-tools/executor@npm:1.2.2" dependencies: - "@graphql-tools/utils": "npm:^10.0.13" + "@graphql-tools/utils": "npm:^10.1.1" "@graphql-typed-document-node/core": "npm:3.2.0" "@repeaterjs/repeater": "npm:^3.0.4" tslib: "npm:^2.4.0" value-or-promise: "npm:^1.0.12" peerDependencies: graphql: ^14.0.0 || ^15.0.0 || ^16.0.0 || ^17.0.0 - checksum: 10/14e914c1bd42ee871c5a3f672293dd4ddfe529fd11c100fba2f9671aa9a0f4d3faabbb6ece3f6e56d941b68e7707d3ea78b0f9ec7406823cc38aa4f038ab5bc8 + checksum: 10/ee7d0dfa5540f3171184639f9d9239f17a34bcc21ac64fc2cb51212149a96b54f5794b25eb477332f7f17e15e9ea87dff54ca9db96da14e37d88e71661e7bccb languageName: node linkType: hard @@ -3029,7 +3039,7 @@ __metadata: languageName: node linkType: hard -"@graphql-tools/utils@npm:10.1.0, @graphql-tools/utils@npm:^10.0.0, @graphql-tools/utils@npm:^10.0.13": +"@graphql-tools/utils@npm:10.1.0": version: 10.1.0 resolution: "@graphql-tools/utils@npm:10.1.0" dependencies: @@ -3054,6 +3064,20 @@ __metadata: languageName: node linkType: hard +"@graphql-tools/utils@npm:^10.0.0, @graphql-tools/utils@npm:^10.0.13, @graphql-tools/utils@npm:^10.1.1": + version: 10.1.2 + resolution: "@graphql-tools/utils@npm:10.1.2" + dependencies: + "@graphql-typed-document-node/core": "npm:^3.1.1" + cross-inspect: "npm:1.0.0" + dset: "npm:^3.1.2" + tslib: "npm:^2.4.0" + peerDependencies: + graphql: ^14.0.0 || ^15.0.0 || ^16.0.0 || ^17.0.0 + checksum: 10/e2e8362ac5d30b037d770559e66c634bb6903c76f4c57299a7426eb10dbd1d982605f3bf29cd948246d53f2f639d8f01fd905a392d7f58836f1827707f716d48 + languageName: node + linkType: hard + "@graphql-tools/utils@npm:^9.0.0, @graphql-tools/utils@npm:^9.2.1": version: 9.2.1 resolution: "@graphql-tools/utils@npm:9.2.1" @@ -3067,17 +3091,17 @@ __metadata: linkType: hard "@graphql-tools/wrap@npm:^10.0.2": - version: 10.0.2 - resolution: "@graphql-tools/wrap@npm:10.0.2" + version: 10.0.5 + resolution: "@graphql-tools/wrap@npm:10.0.5" dependencies: "@graphql-tools/delegate": "npm:^10.0.4" "@graphql-tools/schema": "npm:^10.0.3" - "@graphql-tools/utils": "npm:^10.0.13" + "@graphql-tools/utils": "npm:^10.1.1" tslib: "npm:^2.4.0" value-or-promise: "npm:^1.0.12" peerDependencies: graphql: ^14.0.0 || ^15.0.0 || ^16.0.0 || ^17.0.0 - checksum: 10/96f6a6493052012bebd803b7a6e6ec5a041abd64114caa4cbe1dc3eb18e2887c1d944ddeb18398c1778d4068f63593f0ddd292f3cb0a3fa426ce921c5b3dffa6 + checksum: 10/02d5278bf1aea75897850f9bcf691104979490d5e74b577c9dc64df2c920d4be43fa8dbdedb7a58444d8baa96cf475939f2e5cc696ab60df16a0b04bf09c9219 languageName: node linkType: hard @@ -3091,16 +3115,16 @@ __metadata: linkType: hard "@grpc/grpc-js@npm:^1.7.1": - version: 1.10.1 - resolution: "@grpc/grpc-js@npm:1.10.1" + version: 1.10.2 + resolution: "@grpc/grpc-js@npm:1.10.2" dependencies: - "@grpc/proto-loader": "npm:^0.7.8" - "@types/node": "npm:>=12.12.47" - checksum: 10/d71dc86f59db93c5367222d6e887d3bd0215b0e5ae00ecf07acbf2b61ed7b05ab17ebb3d317a2f31cb1747627548ec77ea1df1816c24e0362c3c6c1f9c4418e2 + "@grpc/proto-loader": "npm:^0.7.10" + "@js-sdsl/ordered-map": "npm:^4.4.2" + checksum: 10/9028db7917b141a7abdb5ab383fde990173a22a137bee665f5edad80ed7fb8d96464ea87f816520ecc6312eb7c9a4a9c2de159d75c928b13036f5b3b6fc2323a languageName: node linkType: hard -"@grpc/proto-loader@npm:^0.7.8": +"@grpc/proto-loader@npm:^0.7.10": version: 0.7.10 resolution: "@grpc/proto-loader@npm:0.7.10" dependencies: @@ -3232,6 +3256,13 @@ __metadata: languageName: node linkType: hard +"@js-sdsl/ordered-map@npm:^4.4.2": + version: 4.4.2 + resolution: "@js-sdsl/ordered-map@npm:4.4.2" + checksum: 10/ac64e3f0615ecc015461c9f527f124d2edaa9e68de153c1e270c627e01e83d046522d7e872692fd57a8c514578b539afceff75831c0d8b2a9a7a347fbed35af4 + languageName: node + linkType: hard + "@kamilkisiela/fast-url-parser@npm:^1.1.4": version: 1.1.4 resolution: "@kamilkisiela/fast-url-parser@npm:1.1.4" @@ -3844,93 +3875,93 @@ __metadata: languageName: node linkType: hard -"@rollup/rollup-android-arm-eabi@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-android-arm-eabi@npm:4.12.0" +"@rollup/rollup-android-arm-eabi@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-android-arm-eabi@npm:4.13.0" conditions: os=android & cpu=arm languageName: node linkType: hard -"@rollup/rollup-android-arm64@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-android-arm64@npm:4.12.0" +"@rollup/rollup-android-arm64@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-android-arm64@npm:4.13.0" conditions: os=android & cpu=arm64 languageName: node linkType: hard -"@rollup/rollup-darwin-arm64@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-darwin-arm64@npm:4.12.0" +"@rollup/rollup-darwin-arm64@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-darwin-arm64@npm:4.13.0" conditions: os=darwin & cpu=arm64 languageName: node linkType: hard -"@rollup/rollup-darwin-x64@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-darwin-x64@npm:4.12.0" +"@rollup/rollup-darwin-x64@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-darwin-x64@npm:4.13.0" conditions: os=darwin & cpu=x64 languageName: node linkType: hard -"@rollup/rollup-linux-arm-gnueabihf@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-linux-arm-gnueabihf@npm:4.12.0" +"@rollup/rollup-linux-arm-gnueabihf@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-linux-arm-gnueabihf@npm:4.13.0" conditions: os=linux & cpu=arm languageName: node linkType: hard -"@rollup/rollup-linux-arm64-gnu@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-linux-arm64-gnu@npm:4.12.0" +"@rollup/rollup-linux-arm64-gnu@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-linux-arm64-gnu@npm:4.13.0" conditions: os=linux & cpu=arm64 & libc=glibc languageName: node linkType: hard -"@rollup/rollup-linux-arm64-musl@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-linux-arm64-musl@npm:4.12.0" +"@rollup/rollup-linux-arm64-musl@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-linux-arm64-musl@npm:4.13.0" conditions: os=linux & cpu=arm64 & libc=musl languageName: node linkType: hard -"@rollup/rollup-linux-riscv64-gnu@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-linux-riscv64-gnu@npm:4.12.0" +"@rollup/rollup-linux-riscv64-gnu@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-linux-riscv64-gnu@npm:4.13.0" conditions: os=linux & cpu=riscv64 & libc=glibc languageName: node linkType: hard -"@rollup/rollup-linux-x64-gnu@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-linux-x64-gnu@npm:4.12.0" +"@rollup/rollup-linux-x64-gnu@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-linux-x64-gnu@npm:4.13.0" conditions: os=linux & cpu=x64 & libc=glibc languageName: node linkType: hard -"@rollup/rollup-linux-x64-musl@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-linux-x64-musl@npm:4.12.0" +"@rollup/rollup-linux-x64-musl@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-linux-x64-musl@npm:4.13.0" conditions: os=linux & cpu=x64 & libc=musl languageName: node linkType: hard -"@rollup/rollup-win32-arm64-msvc@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-win32-arm64-msvc@npm:4.12.0" +"@rollup/rollup-win32-arm64-msvc@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-win32-arm64-msvc@npm:4.13.0" conditions: os=win32 & cpu=arm64 languageName: node linkType: hard -"@rollup/rollup-win32-ia32-msvc@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-win32-ia32-msvc@npm:4.12.0" +"@rollup/rollup-win32-ia32-msvc@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-win32-ia32-msvc@npm:4.13.0" conditions: os=win32 & cpu=ia32 languageName: node linkType: hard -"@rollup/rollup-win32-x64-msvc@npm:4.12.0": - version: 4.12.0 - resolution: "@rollup/rollup-win32-x64-msvc@npm:4.12.0" +"@rollup/rollup-win32-x64-msvc@npm:4.13.0": + version: 4.13.0 + resolution: "@rollup/rollup-win32-x64-msvc@npm:4.13.0" conditions: os=win32 & cpu=x64 languageName: node linkType: hard @@ -3942,23 +3973,59 @@ __metadata: languageName: node linkType: hard -"@smithy/abort-controller@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/abort-controller@npm:2.1.3" +"@sinonjs/commons@npm:^1.6.0, @sinonjs/commons@npm:^1.7.0, @sinonjs/commons@npm:^1.8.1": + version: 1.8.6 + resolution: "@sinonjs/commons@npm:1.8.6" dependencies: - "@smithy/types": "npm:^2.10.1" + type-detect: "npm:4.0.8" + checksum: 10/51987338fd8b4d1e135822ad593dd23a3288764aa41d83c695124d512bc38b87eece859078008651ecc7f1df89a7e558a515dc6f02d21a93be4ba50b39a28914 + languageName: node + linkType: hard + +"@sinonjs/fake-timers@npm:^6.0.0, @sinonjs/fake-timers@npm:^6.0.1": + version: 6.0.1 + resolution: "@sinonjs/fake-timers@npm:6.0.1" + dependencies: + "@sinonjs/commons": "npm:^1.7.0" + checksum: 10/c7ee19f62bd0ca52553dd5fca9b3921373218c9fed0f02af2f8e5261f65ce9ff0a5e55ca612ded6daf4088a243e905d61bd6dce1c6d325794283b55c71708395 + languageName: node + linkType: hard + +"@sinonjs/samsam@npm:^5.3.1": + version: 5.3.1 + resolution: "@sinonjs/samsam@npm:5.3.1" + dependencies: + "@sinonjs/commons": "npm:^1.6.0" + lodash.get: "npm:^4.4.2" + type-detect: "npm:^4.0.8" + checksum: 10/6850b9980f042a844072a34ce3ca80b098d4550c8c7a83b2b2e7beb1e06ad19608699544b7a8b0c7db882528d8b74321dfd185d0651cff08cbe793cb73dd39d3 + languageName: node + linkType: hard + +"@sinonjs/text-encoding@npm:^0.7.1": + version: 0.7.2 + resolution: "@sinonjs/text-encoding@npm:0.7.2" + checksum: 10/ec713fb44888c852d84ca54f6abf9c14d036c11a5d5bfab7825b8b9d2b22127dbe53412c68f4dbb0c05ea5ed61c64679bd2845c177d81462db41e0d3d7eca499 + languageName: node + linkType: hard + +"@smithy/abort-controller@npm:^2.1.3, @smithy/abort-controller@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/abort-controller@npm:2.1.4" + dependencies: + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/531ca34c78500bafd1f82da13ecf406dca16b2e720a5e7c96fb73ea0636eb8c0ee428eb9881b338cef51014aef8a44b85bed628761c57a6d726f507fe0a25307 + checksum: 10/6d1c0c2e4fead52975a900ce00c34721d120cbb22935ac443b14ce61388651dd46d8682446efb75345bf481f22f654d1cb38a5fbc30f9aa1d05434446a1e34d0 languageName: node linkType: hard -"@smithy/chunked-blob-reader-native@npm:^2.1.1": - version: 2.1.1 - resolution: "@smithy/chunked-blob-reader-native@npm:2.1.1" +"@smithy/chunked-blob-reader-native@npm:^2.1.3": + version: 2.1.3 + resolution: "@smithy/chunked-blob-reader-native@npm:2.1.3" dependencies: - "@smithy/util-base64": "npm:^2.1.1" + "@smithy/util-base64": "npm:^2.2.1" tslib: "npm:^2.5.0" - checksum: 10/3e4bfc4afe794e98fd9f0f6d8fa7eceea5fa79c330c42eb96d27d74d81d2fb65d89482e705e20537c68042688aa53c3c7b08743900eb8c06567fd9ac4b2f6368 + checksum: 10/136964c8c3c7ffbad5fd1f6729dd162344e560815f37bc2a9c636a9d0dcf56319c4e96de51a6ab3a4836f025c0294bfb4e83d9e7e3be4781d703f6038dd046ef languageName: node linkType: hard @@ -3971,158 +4038,158 @@ __metadata: languageName: node linkType: hard -"@smithy/config-resolver@npm:^2.1.4": - version: 2.1.4 - resolution: "@smithy/config-resolver@npm:2.1.4" +"@smithy/config-resolver@npm:^2.1.4, @smithy/config-resolver@npm:^2.1.5": + version: 2.1.5 + resolution: "@smithy/config-resolver@npm:2.1.5" dependencies: - "@smithy/node-config-provider": "npm:^2.2.4" - "@smithy/types": "npm:^2.10.1" + "@smithy/node-config-provider": "npm:^2.2.5" + "@smithy/types": "npm:^2.11.0" "@smithy/util-config-provider": "npm:^2.2.1" - "@smithy/util-middleware": "npm:^2.1.3" + "@smithy/util-middleware": "npm:^2.1.4" tslib: "npm:^2.5.0" - checksum: 10/b37b89864d2055b0628eda3700281eb95f56c0b4f900c6269afb17afaab5510f59b95a8a17a4550845d41536a23346d8cb1a3700b6ebb415d003f4cb56a13b1f + checksum: 10/d422539cdd15f522a662ce61f7f69f2f76babd79f6961c14cfe0ff31c5846703c210310291c7f50d4091c67de83880d33503d0cd889f97bce72d3a379347aa59 languageName: node linkType: hard "@smithy/core@npm:^1.3.5": - version: 1.3.5 - resolution: "@smithy/core@npm:1.3.5" - dependencies: - "@smithy/middleware-endpoint": "npm:^2.4.4" - "@smithy/middleware-retry": "npm:^2.1.4" - "@smithy/middleware-serde": "npm:^2.1.3" - "@smithy/protocol-http": "npm:^3.2.1" - "@smithy/smithy-client": "npm:^2.4.2" - "@smithy/types": "npm:^2.10.1" - "@smithy/util-middleware": "npm:^2.1.3" + version: 1.3.8 + resolution: "@smithy/core@npm:1.3.8" + dependencies: + "@smithy/middleware-endpoint": "npm:^2.4.6" + "@smithy/middleware-retry": "npm:^2.1.7" + "@smithy/middleware-serde": "npm:^2.2.1" + "@smithy/protocol-http": "npm:^3.2.2" + "@smithy/smithy-client": "npm:^2.4.5" + "@smithy/types": "npm:^2.11.0" + "@smithy/util-middleware": "npm:^2.1.4" tslib: "npm:^2.5.0" - checksum: 10/055ebcd419423706a9b227e84d45fb8ed536c6dfa90c81eb65ede66a117416be40830ba76bd48b1e6a4ffa53833b938b316a1b23d82fdda44c555d298139d086 + checksum: 10/3aafe7f6726d433a01ffb3e751a2aae9ae98745cb2936de7ecf4d50f45683656d8f77ccf92dab97f8499aa11412db7e9e6ce8fb15c5b1e368ddd167cd7dc5b6b languageName: node linkType: hard -"@smithy/credential-provider-imds@npm:^2.2.3, @smithy/credential-provider-imds@npm:^2.2.4": - version: 2.2.4 - resolution: "@smithy/credential-provider-imds@npm:2.2.4" +"@smithy/credential-provider-imds@npm:^2.2.3, @smithy/credential-provider-imds@npm:^2.2.6": + version: 2.2.6 + resolution: "@smithy/credential-provider-imds@npm:2.2.6" dependencies: - "@smithy/node-config-provider": "npm:^2.2.4" - "@smithy/property-provider": "npm:^2.1.3" - "@smithy/types": "npm:^2.10.1" - "@smithy/url-parser": "npm:^2.1.3" + "@smithy/node-config-provider": "npm:^2.2.5" + "@smithy/property-provider": "npm:^2.1.4" + "@smithy/types": "npm:^2.11.0" + "@smithy/url-parser": "npm:^2.1.4" tslib: "npm:^2.5.0" - checksum: 10/0796ebf303677b4848ba4b511c59a552550007bac6a4e85c703c14cb2361f3ba668e25038edb462846fa5645ec57f56bb9115179d8007475a7ec0b020f52bcc7 + checksum: 10/7d2154db3d2a14666cb0a28c8512fbe0a07bea347ab76e61e5a0cee183497df668c2e11e447630c88e299ea9153fa401196e4fe2ec52947464ac93d3a8aba518 languageName: node linkType: hard -"@smithy/eventstream-codec@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/eventstream-codec@npm:2.1.3" +"@smithy/eventstream-codec@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/eventstream-codec@npm:2.1.4" dependencies: "@aws-crypto/crc32": "npm:3.0.0" - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" "@smithy/util-hex-encoding": "npm:^2.1.1" tslib: "npm:^2.5.0" - checksum: 10/f8627b09f13777fbac17b754e54459401e873bb8d9bbd3d3dac96249db73f19fefdd6fa085dcf6be8575eb7769ed0ec89b6f48d36536b9c7ffcccbeceb0c0455 + checksum: 10/1b121cd88043e1e5905f6b56b5d6921968b42468cdcbf0723e5d0506c6b958ba972b2133f4022ed2d72bbfedf2735594763bee94bb6e437a695d9b65596b9170 languageName: node linkType: hard "@smithy/eventstream-serde-browser@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/eventstream-serde-browser@npm:2.1.3" + version: 2.1.4 + resolution: "@smithy/eventstream-serde-browser@npm:2.1.4" dependencies: - "@smithy/eventstream-serde-universal": "npm:^2.1.3" - "@smithy/types": "npm:^2.10.1" + "@smithy/eventstream-serde-universal": "npm:^2.1.4" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/fa823eb8718ada1b8208744e247562ac33c2314fc945bd0d74a55938cc975dff82bf7f63c708603b10a3e37cb938bb6920b0b5510802fe6e5289c8295cb0c83b + checksum: 10/c7a8deaafcb1f91330ab3ce9b3772a4f378de52cdfe77f3fea738f286a4ac4ce28a8b25e1f0a6de6ee6c236ae4347a91f71007f5da0addf71e2b4a636ffd9345 languageName: node linkType: hard "@smithy/eventstream-serde-config-resolver@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/eventstream-serde-config-resolver@npm:2.1.3" + version: 2.1.4 + resolution: "@smithy/eventstream-serde-config-resolver@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/975da131e604f4e14fff974d1a652506709e5e09436c4ad4144c04e9cafb930f35b2663fd8143cfc92667f72789f4da98b2dc827c4908978412af1393346405f + checksum: 10/4d4de1e5877a355e234e8c3a368b492e2629d286e7f205a2e8c2b4262ee58da5cf71e306a39792d3fe3f56c0f20540940e905a37ca37e6179ac899d1eb020299 languageName: node linkType: hard "@smithy/eventstream-serde-node@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/eventstream-serde-node@npm:2.1.3" + version: 2.1.4 + resolution: "@smithy/eventstream-serde-node@npm:2.1.4" dependencies: - "@smithy/eventstream-serde-universal": "npm:^2.1.3" - "@smithy/types": "npm:^2.10.1" + "@smithy/eventstream-serde-universal": "npm:^2.1.4" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/7bb81b0c82353951ed5c0e49403b054c449ef2a158f691cdc87094c5b76e250c86e954235c485a5908fd8486f1c4db1722d06510a8d788a39dec9586835343fc + checksum: 10/b65b9c0b1208e11be3be4b7ce10caa42f9c23037eff930a0512b8d8aeb4120f0500796a3cef6b0fbdf42428186959066a30283b67ca8f7d3d0c320ba83aa0e8d languageName: node linkType: hard -"@smithy/eventstream-serde-universal@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/eventstream-serde-universal@npm:2.1.3" +"@smithy/eventstream-serde-universal@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/eventstream-serde-universal@npm:2.1.4" dependencies: - "@smithy/eventstream-codec": "npm:^2.1.3" - "@smithy/types": "npm:^2.10.1" + "@smithy/eventstream-codec": "npm:^2.1.4" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/d2fd490de5727c59cf9b961a7521b07ef495a5a1dd9fda8ea570927460c2fc0bd70edc1ca629e570808be96c73bf1609caddca004b599e10621f17a592606c43 + checksum: 10/234479eb299416f6cec4bb20e058c4a8675ea8678615819873bed575ca283f4dc3c8776b2791350f05cece385a61be88c6a56c007cd4e6a55520ac1295256867 languageName: node linkType: hard -"@smithy/fetch-http-handler@npm:^2.4.3": - version: 2.4.3 - resolution: "@smithy/fetch-http-handler@npm:2.4.3" +"@smithy/fetch-http-handler@npm:^2.4.3, @smithy/fetch-http-handler@npm:^2.4.5": + version: 2.4.5 + resolution: "@smithy/fetch-http-handler@npm:2.4.5" dependencies: - "@smithy/protocol-http": "npm:^3.2.1" - "@smithy/querystring-builder": "npm:^2.1.3" - "@smithy/types": "npm:^2.10.1" - "@smithy/util-base64": "npm:^2.1.1" + "@smithy/protocol-http": "npm:^3.2.2" + "@smithy/querystring-builder": "npm:^2.1.4" + "@smithy/types": "npm:^2.11.0" + "@smithy/util-base64": "npm:^2.2.1" tslib: "npm:^2.5.0" - checksum: 10/c45ef3273b42c16d59edfac2c985a720e459a14246e96bca5c2d63d0379a2a224efdd265b9c2b0771dcb805b926667326136b5e1347020cf08386f5d6a327f50 + checksum: 10/ee0398fa07076dce92260da97ec7d1ff72593a702c48ce36d37489f5aa65471154f6171fa9ed35892543346ee02d7f77bbd6d8a333e5c09f775bcc00aebe8070 languageName: node linkType: hard "@smithy/hash-blob-browser@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/hash-blob-browser@npm:2.1.3" + version: 2.1.5 + resolution: "@smithy/hash-blob-browser@npm:2.1.5" dependencies: "@smithy/chunked-blob-reader": "npm:^2.1.1" - "@smithy/chunked-blob-reader-native": "npm:^2.1.1" - "@smithy/types": "npm:^2.10.1" + "@smithy/chunked-blob-reader-native": "npm:^2.1.3" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/cd29791af760090f8cee88c08c48fd2ba9014ebb98b85eac6c743977af6f3fd0cd7729e43c6878e075ddcf2543c0ce6bbd2b315ccc358bd569b73fa8fa39af02 + checksum: 10/ccf38d751ec550641e547a778aeefacb56d3fa2f9429cc55ae7a01a1583bc60aed77422c8af5e3c9d503ec4ce7ecf6d405e5d16cb1f878b23034f4c0c6a9051c languageName: node linkType: hard "@smithy/hash-node@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/hash-node@npm:2.1.3" + version: 2.1.4 + resolution: "@smithy/hash-node@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" "@smithy/util-buffer-from": "npm:^2.1.1" - "@smithy/util-utf8": "npm:^2.1.1" + "@smithy/util-utf8": "npm:^2.2.0" tslib: "npm:^2.5.0" - checksum: 10/8849b1c012e683f541202512442b3207d2aba17c860df97e675c78442112a7f34fa1f29161c58e398a67e0063d5eb8316a7c91e62e820231ad81b6ed750c7c1c + checksum: 10/5e747c0347bd6f01b80229cd8508935aaccbd7ff261021766b792502a2b378d5d1930a9a13adbde70590cf2724635cd7ede98e5091373809c9fb70554ee541f1 languageName: node linkType: hard "@smithy/hash-stream-node@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/hash-stream-node@npm:2.1.3" + version: 2.1.4 + resolution: "@smithy/hash-stream-node@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" - "@smithy/util-utf8": "npm:^2.1.1" + "@smithy/types": "npm:^2.11.0" + "@smithy/util-utf8": "npm:^2.2.0" tslib: "npm:^2.5.0" - checksum: 10/6db46d882412c9fb1de558fb99877378b54c07ffd02bebdd8be59463480c6e8172f9ba0276c64b199bb7dbe0b6451283b82108161e0f777a117722d9e992a051 + checksum: 10/fa98fa43172c1d24186cc35ed0245a08a0f71c46cf172e29024e512b0dfbbc90a70435f185248857592c1b3ec54fb3739b6aa9fc1add45ac5d0013177c7ac20d languageName: node linkType: hard "@smithy/invalid-dependency@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/invalid-dependency@npm:2.1.3" + version: 2.1.4 + resolution: "@smithy/invalid-dependency@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/345a170eae501f2db87d92615c108988885884a6f15f353c2da96feaa69f2b915ed08239e44df3928700d42b076207c1916d4f8dd71bda8625ebc6adc1ef9ae2 + checksum: 10/c364f83dfd6d3a550df7dd23f288311e5d2be326d8db4f92e5d2a10ef78307ea6de261d188d8390487dfd748e171aaefed362111c8d4cf9f653d4c66c9143d1f languageName: node linkType: hard @@ -4136,101 +4203,101 @@ __metadata: linkType: hard "@smithy/md5-js@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/md5-js@npm:2.1.3" + version: 2.1.4 + resolution: "@smithy/md5-js@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" - "@smithy/util-utf8": "npm:^2.1.1" + "@smithy/types": "npm:^2.11.0" + "@smithy/util-utf8": "npm:^2.2.0" tslib: "npm:^2.5.0" - checksum: 10/0d4118084e87b9f857d4857baca711afeeeb3afc2c72167f0073ee375bd2f95028bfbbf0716a62da2ec9d200b36de463d533e8a57799f50a11b3c9f4bbcb792f + checksum: 10/2ef9cd22e74d798a781e6fee1d4f99fe52f7bd5552a97fd22851bfaa5318213502dbd0749f0d41bff250e57dcf128d855f1f1fb12e9b7a49e0bf3f0de3fa828f languageName: node linkType: hard "@smithy/middleware-content-length@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/middleware-content-length@npm:2.1.3" + version: 2.1.4 + resolution: "@smithy/middleware-content-length@npm:2.1.4" dependencies: - "@smithy/protocol-http": "npm:^3.2.1" - "@smithy/types": "npm:^2.10.1" + "@smithy/protocol-http": "npm:^3.2.2" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/a9f920f48c98a6aba25586b5d62bece02a73e9464e2a9faa410d25e6ab8e22e62575f3d40922a3564cda438883f5d7566e94f72aeeedc1ce46b8d82af563f496 + checksum: 10/69f594cfda8d68129b9cdd33927afc4de188119b2bca7f351b4289ffa51ba98e230ec935d9959ec64336e15390c4cca6c367eb05575804291e06b6b92cd49fb5 languageName: node linkType: hard -"@smithy/middleware-endpoint@npm:^2.4.4": - version: 2.4.4 - resolution: "@smithy/middleware-endpoint@npm:2.4.4" - dependencies: - "@smithy/middleware-serde": "npm:^2.1.3" - "@smithy/node-config-provider": "npm:^2.2.4" - "@smithy/shared-ini-file-loader": "npm:^2.3.4" - "@smithy/types": "npm:^2.10.1" - "@smithy/url-parser": "npm:^2.1.3" - "@smithy/util-middleware": "npm:^2.1.3" +"@smithy/middleware-endpoint@npm:^2.4.4, @smithy/middleware-endpoint@npm:^2.4.6": + version: 2.4.6 + resolution: "@smithy/middleware-endpoint@npm:2.4.6" + dependencies: + "@smithy/middleware-serde": "npm:^2.2.1" + "@smithy/node-config-provider": "npm:^2.2.5" + "@smithy/shared-ini-file-loader": "npm:^2.3.5" + "@smithy/types": "npm:^2.11.0" + "@smithy/url-parser": "npm:^2.1.4" + "@smithy/util-middleware": "npm:^2.1.4" tslib: "npm:^2.5.0" - checksum: 10/f7492955e77d27f8132776d23c437058df22e8f17baa49c5d7cca01843f0eff868143f337162cd254eed207951b03ad39877f33d8223d671c0111aeee950c623 + checksum: 10/6e5b717e0f71d68fa016e26988127e81595682996fcde5e69beed08d9bcc013c3a0fd21e351c08697655cc69dca03281f77bee55677cbd61a8dc4ff5aeb6a328 languageName: node linkType: hard -"@smithy/middleware-retry@npm:^2.1.4": - version: 2.1.4 - resolution: "@smithy/middleware-retry@npm:2.1.4" +"@smithy/middleware-retry@npm:^2.1.4, @smithy/middleware-retry@npm:^2.1.7": + version: 2.1.7 + resolution: "@smithy/middleware-retry@npm:2.1.7" dependencies: - "@smithy/node-config-provider": "npm:^2.2.4" - "@smithy/protocol-http": "npm:^3.2.1" - "@smithy/service-error-classification": "npm:^2.1.3" - "@smithy/smithy-client": "npm:^2.4.2" - "@smithy/types": "npm:^2.10.1" - "@smithy/util-middleware": "npm:^2.1.3" - "@smithy/util-retry": "npm:^2.1.3" + "@smithy/node-config-provider": "npm:^2.2.5" + "@smithy/protocol-http": "npm:^3.2.2" + "@smithy/service-error-classification": "npm:^2.1.4" + "@smithy/smithy-client": "npm:^2.4.5" + "@smithy/types": "npm:^2.11.0" + "@smithy/util-middleware": "npm:^2.1.4" + "@smithy/util-retry": "npm:^2.1.4" tslib: "npm:^2.5.0" uuid: "npm:^8.3.2" - checksum: 10/9663fda23bae1918d16da4659b82f6a03ebb9f18982fd24077aced6087797d3d2b2c0143454350c63322a8f001885fc5b18155fafdfdbb09154c1fbe86c6d391 + checksum: 10/3205c66865b1ece08663a558823bbd6acff93257fa444f7a712a4bb0c1b7be5a87edc4696cccfdfa1f3a2541ba214841424f03af38222161a0fe95c9d2d1eee2 languageName: node linkType: hard -"@smithy/middleware-serde@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/middleware-serde@npm:2.1.3" +"@smithy/middleware-serde@npm:^2.1.3, @smithy/middleware-serde@npm:^2.2.1": + version: 2.2.1 + resolution: "@smithy/middleware-serde@npm:2.2.1" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/2a37f75caae8d2ad7d43af5f78b3d0d7f5940b375dc28e859b38a48044cb458ef0fcc5f626cc29f191675b5da90fbcc2fcfd13c91b31c37ea5fa2349cddddd28 + checksum: 10/7f61d46ffdaea9278d9defd1ac39fdf949d7051cf487da1056a76fc249643b91fc05a433180d8047d7c325dd690b9c44af0ab8bfad647fd1a6434c24cdd59b1e languageName: node linkType: hard -"@smithy/middleware-stack@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/middleware-stack@npm:2.1.3" +"@smithy/middleware-stack@npm:^2.1.3, @smithy/middleware-stack@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/middleware-stack@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/8cb99ca4de30fe567ec4120877f6c9ec622435e1ea7a5dca3aebbd5c6a5abe3ea56cc05b86df2b082c9ea301d00664e489b6b12e3dd86979d27b58f7eed4d8a6 + checksum: 10/ea6ba334f952ef01643e1e198813b6f630f7fef32434d7f8250388785e8a9f62b1fe948c850e760c5ae404805a1efda026eccb404d69c83671fa13c4a41648f7 languageName: node linkType: hard -"@smithy/node-config-provider@npm:^2.2.4": - version: 2.2.4 - resolution: "@smithy/node-config-provider@npm:2.2.4" +"@smithy/node-config-provider@npm:^2.2.4, @smithy/node-config-provider@npm:^2.2.5": + version: 2.2.5 + resolution: "@smithy/node-config-provider@npm:2.2.5" dependencies: - "@smithy/property-provider": "npm:^2.1.3" - "@smithy/shared-ini-file-loader": "npm:^2.3.4" - "@smithy/types": "npm:^2.10.1" + "@smithy/property-provider": "npm:^2.1.4" + "@smithy/shared-ini-file-loader": "npm:^2.3.5" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/e1cb87de325d01fd45026aa02698d125fb3b1cdc0b6699bc95aba16de325f5ac5e01a9fd2b8df84959814b305fdc0e8447cb262b3ae64ca8b35b242a5ffc57cb + checksum: 10/869fef2aa22a4af405bb085b696df7ef31fc5c6df5dc2137aa7017a81f7f55a3cbfabe1a19c199f1c12acfdb14fcc6f346adc6a1949d833674aedb8d4a678897 languageName: node linkType: hard -"@smithy/node-http-handler@npm:^2.4.1": - version: 2.4.1 - resolution: "@smithy/node-http-handler@npm:2.4.1" +"@smithy/node-http-handler@npm:^2.4.1, @smithy/node-http-handler@npm:^2.4.3": + version: 2.4.3 + resolution: "@smithy/node-http-handler@npm:2.4.3" dependencies: - "@smithy/abort-controller": "npm:^2.1.3" - "@smithy/protocol-http": "npm:^3.2.1" - "@smithy/querystring-builder": "npm:^2.1.3" - "@smithy/types": "npm:^2.10.1" + "@smithy/abort-controller": "npm:^2.1.4" + "@smithy/protocol-http": "npm:^3.2.2" + "@smithy/querystring-builder": "npm:^2.1.4" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/0d4a374294fed567940599a12cf49412f2a020145486cca0b8e6337960aebb9bf986e1d6b3f73a65dcd196a619711d131edd0f52ef2890da6b47a7e84cbb2ab3 + checksum: 10/5c3b2a91a2d3447b634636ffced8b8fb91a10fac64107baae0367d7f10f87bfb8384cf2a5c7137f17f802048fc0fea4220bf0f486c04fc0778a8f32564c8a7dd languageName: node linkType: hard @@ -4244,93 +4311,93 @@ __metadata: languageName: node linkType: hard -"@smithy/property-provider@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/property-provider@npm:2.1.3" +"@smithy/property-provider@npm:^2.1.3, @smithy/property-provider@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/property-provider@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/bdd5ca4861b77214a3baa15a04306625395c1035658b65d2a744595483b3a948271e9bc8791745804f6d4885a49fa78d295b0d647de96b316bf5b5b638d37baa + checksum: 10/d68fbfbb06c708e839b62578ae30307bfbd904a9feaf6297789117fd1ef092c1a8772d70d893a32a8e91db4158075b6dc1d8a6de0ed0038e9d7aee147f57ae69 languageName: node linkType: hard -"@smithy/protocol-http@npm:^3.2.1": - version: 3.2.1 - resolution: "@smithy/protocol-http@npm:3.2.1" +"@smithy/protocol-http@npm:^3.2.1, @smithy/protocol-http@npm:^3.2.2": + version: 3.2.2 + resolution: "@smithy/protocol-http@npm:3.2.2" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/3c77032186aaf1e5580863ae9f0c0286cf128e7c399865d976f2c19db693723c851a3088e1228b6318994499dbd7a9515493b457a7c2be49615792ecf764210f + checksum: 10/4de258c1369d422c31793332eddb9257ee54215b64df70d231c192900fd2edf614874baea69a1efd6bdef9e731f0e64c111965144e1d20749dd171dc1d9e49e1 languageName: node linkType: hard -"@smithy/querystring-builder@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/querystring-builder@npm:2.1.3" +"@smithy/querystring-builder@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/querystring-builder@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" "@smithy/util-uri-escape": "npm:^2.1.1" tslib: "npm:^2.5.0" - checksum: 10/90a9261e446b2a1f067695e3c2b7ce47e3613a62bcf1b6f7039e35c41f51beadfb383fd69aca6b1277e5ec3b6754b8db589927aa3c71a6c4aa015e346081819d + checksum: 10/ada2e97d5116cf9eef9a0bdd2978aa2ea0251ae54cc114b234b6aa3ccf997495acd126927ed84853465663d1812a72fb49e389ab224792ced8e710b8244a80c7 languageName: node linkType: hard -"@smithy/querystring-parser@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/querystring-parser@npm:2.1.3" +"@smithy/querystring-parser@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/querystring-parser@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/8d9f44e7db75d7996b44a51b8398240610b6394b9d68cecd1be62b7d19970db56dbbfef3ea9e3e0e8cfc77f3ca5409df1ec63b8f53d538ee1afc01c1c5a2578a + checksum: 10/f101516785b5d3605e3d97b98818bcc2cd25df007b7223ea0cab1a2d11db6ae52ca9eb53216a5ad51dec5cd4a3182f0f0fdd97ecd6b83470f0a0697e1be33cdd languageName: node linkType: hard -"@smithy/service-error-classification@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/service-error-classification@npm:2.1.3" +"@smithy/service-error-classification@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/service-error-classification@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" - checksum: 10/e4f4730a765b7f39affc1fde4afd8c15454675b661a5468006474b78be1622cbdae6a6673bcfe12e649f25df72a91e0e37af1eaf4d40788baac092409162f51e + "@smithy/types": "npm:^2.11.0" + checksum: 10/ab6a0ec8cfce525953a766d36b1f93f0f27905f6430eb9cdad341c7526dcfc7f7ed5e128be6b64bcac7a5accada61bbe1a8c396c380a7c109f8548ec4e4f1a96 languageName: node linkType: hard -"@smithy/shared-ini-file-loader@npm:^2.3.3, @smithy/shared-ini-file-loader@npm:^2.3.4": - version: 2.3.4 - resolution: "@smithy/shared-ini-file-loader@npm:2.3.4" +"@smithy/shared-ini-file-loader@npm:^2.3.3, @smithy/shared-ini-file-loader@npm:^2.3.5": + version: 2.3.5 + resolution: "@smithy/shared-ini-file-loader@npm:2.3.5" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/53c242bb4feffb76da56ce876ab686a90643e40e653898e98e3bf3f8d249bf5ceefcd6c940f10a015975813c6cb248ae8a5d6aa13eace6047fdb81c660a65ebc + checksum: 10/68f738eda23f9516c8c556c47804b3386c1f19fe256e3b92da6b90984894f6312dbe8a45617932ee0634124ce7441808a5380630ced090ef395ef8d6837ec4ca languageName: node linkType: hard "@smithy/signature-v4@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/signature-v4@npm:2.1.3" + version: 2.1.4 + resolution: "@smithy/signature-v4@npm:2.1.4" dependencies: - "@smithy/eventstream-codec": "npm:^2.1.3" + "@smithy/eventstream-codec": "npm:^2.1.4" "@smithy/is-array-buffer": "npm:^2.1.1" - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" "@smithy/util-hex-encoding": "npm:^2.1.1" - "@smithy/util-middleware": "npm:^2.1.3" + "@smithy/util-middleware": "npm:^2.1.4" "@smithy/util-uri-escape": "npm:^2.1.1" - "@smithy/util-utf8": "npm:^2.1.1" + "@smithy/util-utf8": "npm:^2.2.0" tslib: "npm:^2.5.0" - checksum: 10/749e4b56f552c379dba0327a9c4ef962fdc68a65c1185cc128dda2a40354f7cb406d863f225ff039e796970876d3d8e822d3cd4b12f995e0cf277414d4bc3bcb + checksum: 10/4c4b98c7f701b8e193d3ff7e7ede3bd2a6006da4371e54f8972b22f28e6e8fbf329e8dd2f77dd7649d5161ec066bee6cb86dabbc9e33cb0bc5923fce677ce3bf languageName: node linkType: hard -"@smithy/smithy-client@npm:^2.4.2": - version: 2.4.2 - resolution: "@smithy/smithy-client@npm:2.4.2" +"@smithy/smithy-client@npm:^2.4.2, @smithy/smithy-client@npm:^2.4.5": + version: 2.4.5 + resolution: "@smithy/smithy-client@npm:2.4.5" dependencies: - "@smithy/middleware-endpoint": "npm:^2.4.4" - "@smithy/middleware-stack": "npm:^2.1.3" - "@smithy/protocol-http": "npm:^3.2.1" - "@smithy/types": "npm:^2.10.1" - "@smithy/util-stream": "npm:^2.1.3" + "@smithy/middleware-endpoint": "npm:^2.4.6" + "@smithy/middleware-stack": "npm:^2.1.4" + "@smithy/protocol-http": "npm:^3.2.2" + "@smithy/types": "npm:^2.11.0" + "@smithy/util-stream": "npm:^2.1.5" tslib: "npm:^2.5.0" - checksum: 10/615d7dd283829e9bd8a05212cc6ed6606ebd1a87df25eff116dfed2c445d0ab9c30fc82b01d33e94c73774b28819e24929b980fdb7187804496d990692b0217d + checksum: 10/4a62d89ab5c243270c4514060cf5abeb4fa955bc04229d72807e3a55ab7400ece1e4c7b3505ca44e81dd8ff42d530cea7365e4d0644f0c75d64e9760e55dd319 languageName: node linkType: hard @@ -4343,33 +4410,34 @@ __metadata: languageName: node linkType: hard -"@smithy/types@npm:^2.10.1": - version: 2.10.1 - resolution: "@smithy/types@npm:2.10.1" +"@smithy/types@npm:^2.10.1, @smithy/types@npm:^2.11.0": + version: 2.11.0 + resolution: "@smithy/types@npm:2.11.0" dependencies: tslib: "npm:^2.5.0" - checksum: 10/1ed2e03899728b0e4424e6d892432c37bc902fc13a224005be95fec8d119725e76761a61571c7274cd04486514abbc0945bd80e8d8d5a49d23f461c942223736 + checksum: 10/658cdb3e9710870729ab10921eb6eadd1cc7a1801ef3dc4562322a5674b1d1c1d9f8c283cd209e8389606b5cfc692b15484858406c35bbaede8fea15b2ef3de8 languageName: node linkType: hard -"@smithy/url-parser@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/url-parser@npm:2.1.3" +"@smithy/url-parser@npm:^2.1.3, @smithy/url-parser@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/url-parser@npm:2.1.4" dependencies: - "@smithy/querystring-parser": "npm:^2.1.3" - "@smithy/types": "npm:^2.10.1" + "@smithy/querystring-parser": "npm:^2.1.4" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/92913b25875f4548f3266ff1559789a997485cf85a64ea225895114dadd87c9fd4171db9905f14ef3c35e18d781afb26b286b37bd4eac8c7990bb2980b84a785 + checksum: 10/c4e3f32bb8ca00ae70e87ed33385f078dac4d8b2224d186ca3a08183f0c591bd28f526ef0259efad5a13988bc359e3799a94ae4c478028f50b394b66a68f745a languageName: node linkType: hard -"@smithy/util-base64@npm:^2.1.1": - version: 2.1.1 - resolution: "@smithy/util-base64@npm:2.1.1" +"@smithy/util-base64@npm:^2.1.1, @smithy/util-base64@npm:^2.2.1": + version: 2.2.1 + resolution: "@smithy/util-base64@npm:2.2.1" dependencies: "@smithy/util-buffer-from": "npm:^2.1.1" + "@smithy/util-utf8": "npm:^2.2.0" tslib: "npm:^2.5.0" - checksum: 10/379aa5f1f1c4700e561767f8534ff3921bbacc8bb8afd915a22e242641bbb282ea6b5e19944c64ae014af56a7434354fe26f4387f3c75c5e4d692217ec423582 + checksum: 10/ed2235b672fd9f3e37f6b7a187b96957556b95de9ec0c999d26c9f81588d09d807a8a199bb4ab3ec0c9e22830cb91345e821860d7a8f6f79ec8b0c15f79f5b21 languageName: node linkType: hard @@ -4383,11 +4451,11 @@ __metadata: linkType: hard "@smithy/util-body-length-node@npm:^2.2.1": - version: 2.2.1 - resolution: "@smithy/util-body-length-node@npm:2.2.1" + version: 2.2.2 + resolution: "@smithy/util-body-length-node@npm:2.2.2" dependencies: tslib: "npm:^2.5.0" - checksum: 10/7e8df29ea7f2c08022c4339480ebde68173fb8147082123309253a6aa9a11055fde649483d743cfbac69f0789630e12e8e5afd276f55efe6a9b20bdf0ec6732d + checksum: 10/0b418135756cb419520303cc5a1b39cef6cbb33a55fae4fb1e13a81388c11d980dbe470a44f222168d3ec88f6ca23c35ed2c2290a12b566b0d5389dda181b7da languageName: node linkType: hard @@ -4411,41 +4479,41 @@ __metadata: linkType: hard "@smithy/util-defaults-mode-browser@npm:^2.1.4": - version: 2.1.4 - resolution: "@smithy/util-defaults-mode-browser@npm:2.1.4" + version: 2.1.7 + resolution: "@smithy/util-defaults-mode-browser@npm:2.1.7" dependencies: - "@smithy/property-provider": "npm:^2.1.3" - "@smithy/smithy-client": "npm:^2.4.2" - "@smithy/types": "npm:^2.10.1" + "@smithy/property-provider": "npm:^2.1.4" + "@smithy/smithy-client": "npm:^2.4.5" + "@smithy/types": "npm:^2.11.0" bowser: "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/18c1804650ec83fed5e9426520abed62c9772afb0f1bfb0956c032dc1ca71c7580ce4b86daa15ace6fbdc4942ebfb5505bf8ebba6f5b9ae161772f1c9648e6f0 + checksum: 10/fe5ad4c0bb32d08b218e8d59bcb5e81519ffdefd3df09e370a08214b87254314cb649838f1f5cfc702191e5aee4e549834ec192cb37c40f3245a32d84ed74390 languageName: node linkType: hard "@smithy/util-defaults-mode-node@npm:^2.2.3": - version: 2.2.3 - resolution: "@smithy/util-defaults-mode-node@npm:2.2.3" - dependencies: - "@smithy/config-resolver": "npm:^2.1.4" - "@smithy/credential-provider-imds": "npm:^2.2.4" - "@smithy/node-config-provider": "npm:^2.2.4" - "@smithy/property-provider": "npm:^2.1.3" - "@smithy/smithy-client": "npm:^2.4.2" - "@smithy/types": "npm:^2.10.1" + version: 2.2.7 + resolution: "@smithy/util-defaults-mode-node@npm:2.2.7" + dependencies: + "@smithy/config-resolver": "npm:^2.1.5" + "@smithy/credential-provider-imds": "npm:^2.2.6" + "@smithy/node-config-provider": "npm:^2.2.5" + "@smithy/property-provider": "npm:^2.1.4" + "@smithy/smithy-client": "npm:^2.4.5" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/5dc3c584ffe4978dd2dd052345adf857b0b7dae1582fd7ae5f83657f1c368820cedadd61a69bfa3588610ee1fadbbf598f63d311ef9ed1e09776af759441de73 + checksum: 10/53f8986ee56dfc9310f616fe235fc585e24b5ddda4b8cd5fe45e7c436a2de554594027d37e2a6841b485bb4b22b8c316d47c35b0c90cfcb5ef8b8acd4d86194e languageName: node linkType: hard "@smithy/util-endpoints@npm:^1.1.4": - version: 1.1.4 - resolution: "@smithy/util-endpoints@npm:1.1.4" + version: 1.1.5 + resolution: "@smithy/util-endpoints@npm:1.1.5" dependencies: - "@smithy/node-config-provider": "npm:^2.2.4" - "@smithy/types": "npm:^2.10.1" + "@smithy/node-config-provider": "npm:^2.2.5" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/3c57188e5bc5a46fcb4e124f9940ad442906f94ef41552204f477e4e341c8ebeb57bea0b19b1399838952c1df4037736a8fe468045cc616dd50650a1eaf4cb55 + checksum: 10/8f2d3841db6581d3e4b93c9d88e9e1da3a0cca81a1d337966775cbf2b0b4df52ecc5c225ddda042e14f14422a2f3f4581c4945057b5641241c23ac9e275005d9 languageName: node linkType: hard @@ -4458,40 +4526,40 @@ __metadata: languageName: node linkType: hard -"@smithy/util-middleware@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/util-middleware@npm:2.1.3" +"@smithy/util-middleware@npm:^2.1.3, @smithy/util-middleware@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/util-middleware@npm:2.1.4" dependencies: - "@smithy/types": "npm:^2.10.1" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/cdd89ce3c306ab62537a2267d32822271af77ad08d61b3ba327d4a13dfcd05a252d9ac2ce70d3fda4680541d17238acb0ca79a949bb5fbf27540211f3373b922 + checksum: 10/10f1aa9576b9767a567df32f9868a20061344f2f1e45c457760041dcebea6f60654a06a95bcecd7d9c4f27466086626f6927709ec545ad41f01e1931f325cdb6 languageName: node linkType: hard -"@smithy/util-retry@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/util-retry@npm:2.1.3" +"@smithy/util-retry@npm:^2.1.3, @smithy/util-retry@npm:^2.1.4": + version: 2.1.4 + resolution: "@smithy/util-retry@npm:2.1.4" dependencies: - "@smithy/service-error-classification": "npm:^2.1.3" - "@smithy/types": "npm:^2.10.1" + "@smithy/service-error-classification": "npm:^2.1.4" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/75278792d7f1dd981c4a5d71faae003bed4a8ea2973531183ed5480a2a33d8baf8fdb3a348e657b284b25dc35f0f685a076c53ec83828f9e26a34499a7c32c08 + checksum: 10/c7ec90177e06729730779daf18d71776035253290b90968719fcdb818292e72b19f717b6975486d23690f0d5d29e6e0af229cc420c1d578740d67a9565f5bee2 languageName: node linkType: hard -"@smithy/util-stream@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/util-stream@npm:2.1.3" +"@smithy/util-stream@npm:^2.1.3, @smithy/util-stream@npm:^2.1.5": + version: 2.1.5 + resolution: "@smithy/util-stream@npm:2.1.5" dependencies: - "@smithy/fetch-http-handler": "npm:^2.4.3" - "@smithy/node-http-handler": "npm:^2.4.1" - "@smithy/types": "npm:^2.10.1" - "@smithy/util-base64": "npm:^2.1.1" + "@smithy/fetch-http-handler": "npm:^2.4.5" + "@smithy/node-http-handler": "npm:^2.4.3" + "@smithy/types": "npm:^2.11.0" + "@smithy/util-base64": "npm:^2.2.1" "@smithy/util-buffer-from": "npm:^2.1.1" "@smithy/util-hex-encoding": "npm:^2.1.1" - "@smithy/util-utf8": "npm:^2.1.1" + "@smithy/util-utf8": "npm:^2.2.0" tslib: "npm:^2.5.0" - checksum: 10/6b5065d2b4cd63c4d767082c99c24157fb31ef485eb110e2a186b27c5bb749a300b507bcc9d26322ab19a0441dd1d2859ac85c974623b17b798eee4835016afb + checksum: 10/8393ed60dcc62d4f8f29690f41290cf47337bd7820fb06e406509ef8275c81a268c63feaf837daadab8cb39cbf66dbb883af38d81c58cc4cb32bab342b2571fa languageName: node linkType: hard @@ -4504,24 +4572,24 @@ __metadata: languageName: node linkType: hard -"@smithy/util-utf8@npm:^2.1.1": - version: 2.1.1 - resolution: "@smithy/util-utf8@npm:2.1.1" +"@smithy/util-utf8@npm:^2.1.1, @smithy/util-utf8@npm:^2.2.0": + version: 2.2.0 + resolution: "@smithy/util-utf8@npm:2.2.0" dependencies: "@smithy/util-buffer-from": "npm:^2.1.1" tslib: "npm:^2.5.0" - checksum: 10/736992921e50c2c96234dc5eab305a30d29b1cfa29ce5ad2ec0e4b3f2e0dc3e2d29303bd1362bd20fa2e66c5fd494c558f4b1050b91ead5e13a479903bb9686f + checksum: 10/5a33d77057b35a82a7a75904b2da2b179f3edd4ec9ca138cd439fc68ea1bd7b409c377898d27e48252a505b0fb622f085cda21eda6f7a98cd49c91980c1daa82 languageName: node linkType: hard "@smithy/util-waiter@npm:^2.1.3": - version: 2.1.3 - resolution: "@smithy/util-waiter@npm:2.1.3" + version: 2.1.4 + resolution: "@smithy/util-waiter@npm:2.1.4" dependencies: - "@smithy/abort-controller": "npm:^2.1.3" - "@smithy/types": "npm:^2.10.1" + "@smithy/abort-controller": "npm:^2.1.4" + "@smithy/types": "npm:^2.11.0" tslib: "npm:^2.5.0" - checksum: 10/2afcaa900757eae5959b1a7a96ad059fdd32e94d27b14cf8f6a527f0e366ca8735cb9fcc514b8a3b8082ba3a7b1f71f505531d44042e7fa78e0a6cde715aae83 + checksum: 10/1faa02b91b0d2067a130b19321def9dba5219ddbacaa6fa06ba6b19f39a9f2e5e8b85ae7a4307a88a0b11c5306df66cdfc1dacf779e7c9dd6f1f3b96640f7ac0 languageName: node linkType: hard @@ -4835,12 +4903,12 @@ __metadata: languageName: node linkType: hard -"@types/node@npm:*, @types/node@npm:>=12.12.47, @types/node@npm:>=13.7.0": - version: 20.11.24 - resolution: "@types/node@npm:20.11.24" +"@types/node@npm:*, @types/node@npm:>=13.7.0": + version: 20.11.27 + resolution: "@types/node@npm:20.11.27" dependencies: undici-types: "npm:~5.26.4" - checksum: 10/7f34bfae5f9b98b9910230af4b4c52dc7fb2d1e96fdebfbc3d7576f8ab3d100076f193f9469add9e7418b455294155e7e6a028498cc5e98f9d49349875a459cf + checksum: 10/4be53485d499dd7c7896190e76a0ce1f6c6917d1f4d0b4b240b3670160fcbc548daed32beaac0fc92429b37dbeaa2496fc56f460acaab969bddb77394318a89b languageName: node linkType: hard @@ -4851,12 +4919,19 @@ __metadata: languageName: node linkType: hard +"@types/node@npm:^16.18.87": + version: 16.18.89 + resolution: "@types/node@npm:16.18.89" + checksum: 10/b412f78cd52c6640a215838aae5f69adc8ce1bcc30e61d8c2437a384478dcd7e182e802a85ed18b23fb99dd337821ed67846579b1db828f2e99144195a0ee23b + languageName: node + linkType: hard + "@types/node@npm:^18.11.18": - version: 18.19.21 - resolution: "@types/node@npm:18.19.21" + version: 18.19.24 + resolution: "@types/node@npm:18.19.24" dependencies: undici-types: "npm:~5.26.4" - checksum: 10/3a5c5841f294bc35b5b416a32764b5c0c2f22f4cef48cb7d2e3b4e068a52d5857e50da8e6e0685e743127c70344301c833849a3904ce3bd3f67448da5e85487a + checksum: 10/75aa69309d76c6be300d7264c462952ab0d37d69c289a0fd5d27ccf06273b3a9c745317c2004f757bdbcc8f48d693a625b5925c09cac77605979ecb825066627 languageName: node linkType: hard @@ -4867,6 +4942,15 @@ __metadata: languageName: node linkType: hard +"@types/passport@npm:^1.0.16": + version: 1.0.16 + resolution: "@types/passport@npm:1.0.16" + dependencies: + "@types/express": "npm:*" + checksum: 10/0ee7b9a46192cb60fb4e49038417b0c10b38e50204ed05b5204b3ea9a73e25da34ca8fe05205eaf42fe977610cdbd3a0d5f2228f8661fe0b303bc758fa2a158f + languageName: node + linkType: hard + "@types/qs@npm:*": version: 6.9.12 resolution: "@types/qs@npm:6.9.12" @@ -5229,15 +5313,15 @@ __metadata: linkType: hard "@whatwg-node/node-fetch@npm:^0.5.7": - version: 0.5.7 - resolution: "@whatwg-node/node-fetch@npm:0.5.7" + version: 0.5.8 + resolution: "@whatwg-node/node-fetch@npm:0.5.8" dependencies: "@kamilkisiela/fast-url-parser": "npm:^1.1.4" "@whatwg-node/events": "npm:^0.1.0" busboy: "npm:^1.6.0" fast-querystring: "npm:^1.1.1" tslib: "npm:^2.3.1" - checksum: 10/6cc39d9aaf6e86ab1b1ba002509a69bc4db0f5e183ef4a75c34463990ce1a53727b29fd4d16f2b0a0e169bd539ab5a4a522c38d370693a0eb2a5ed64e2ed093f + checksum: 10/6ecaf420e3db295ba0e18c295a82e0380c539c46dfa6dfd450d75f081d3a4026d62063f875f47df95d7c2190e09544bbbc43be0cac0254a7eafc5fcf7e98c71e languageName: node linkType: hard @@ -5405,6 +5489,13 @@ __metadata: languageName: node linkType: hard +"ansi-colors@npm:4.1.1": + version: 4.1.1 + resolution: "ansi-colors@npm:4.1.1" + checksum: 10/e862fddd0a9ca88f1e7c9312ea70674cec3af360c994762309f6323730525e92c77d2715ee5f08aa8f438b7ca18efe378af647f501fc92b15b8e4b3b52d09db4 + languageName: node + linkType: hard + "ansi-escapes@npm:^4.2.1, ansi-escapes@npm:^4.3.0": version: 4.3.2 resolution: "ansi-escapes@npm:4.3.2" @@ -5467,6 +5558,16 @@ __metadata: languageName: node linkType: hard +"anymatch@npm:~3.1.2": + version: 3.1.3 + resolution: "anymatch@npm:3.1.3" + dependencies: + normalize-path: "npm:^3.0.0" + picomatch: "npm:^2.0.4" + checksum: 10/3e044fd6d1d26545f235a9fe4d7a534e2029d8e59fa7fd9f2a6eb21230f6b5380ea1eaf55136e60cbf8e613544b3b766e7a6fa2102e2a3a117505466e3025dc2 + languageName: node + linkType: hard + "apollo-datasource@npm:^3.3.2": version: 3.3.2 resolution: "apollo-datasource@npm:3.3.2" @@ -5684,16 +5785,17 @@ __metadata: linkType: hard "archiver-utils@npm:^5.0.0": - version: 5.0.1 - resolution: "archiver-utils@npm:5.0.1" + version: 5.0.2 + resolution: "archiver-utils@npm:5.0.2" dependencies: glob: "npm:^10.0.0" graceful-fs: "npm:^4.2.0" + is-stream: "npm:^2.0.1" lazystream: "npm:^1.0.0" lodash: "npm:^4.17.15" normalize-path: "npm:^3.0.0" - readable-stream: "npm:^3.6.0" - checksum: 10/6373330ac77d62c745e0189dc41222fd543f50f4376a348fa65072a76a5f6e1be249dde0f093cd4c4c8500d428894af8e849422db8afc3b41853510a62b2eb7f + readable-stream: "npm:^4.0.0" + checksum: 10/9dde4aa3f0cb1bdfe0b3d4c969f82e6cca9ae76338b7fee6f0071a14a2a38c0cdd1c41ecd3e362466585aa6cc5d07e9e435abea8c94fd9c7ace35f184abef9e4 languageName: node linkType: hard @@ -5985,7 +6087,7 @@ __metadata: languageName: node linkType: hard -"available-typed-arrays@npm:^1.0.6, available-typed-arrays@npm:^1.0.7": +"available-typed-arrays@npm:^1.0.7": version: 1.0.7 resolution: "available-typed-arrays@npm:1.0.7" dependencies: @@ -6144,7 +6246,7 @@ __metadata: languageName: node linkType: hard -"base64url@npm:3.x.x": +"base64url@npm:3.x.x, base64url@npm:^3.0.1": version: 3.0.1 resolution: "base64url@npm:3.0.1" checksum: 10/a77b2a3a526b3343e25be424de3ae0aa937d78f6af7c813ef9020ef98001c0f4e2323afcd7d8b2d2978996bf8c42445c3e9f60c218c622593e5fdfd54a3d6e18 @@ -6165,6 +6267,13 @@ __metadata: languageName: node linkType: hard +"binary-extensions@npm:^2.0.0": + version: 2.3.0 + resolution: "binary-extensions@npm:2.3.0" + checksum: 10/bcad01494e8a9283abf18c1b967af65ee79b0c6a9e6fcfafebfe91dbe6e0fc7272bafb73389e198b310516ae04f7ad17d79aacf6cb4c0d5d5202a7e2e52c7d98 + languageName: node + linkType: hard + "binary@npm:~0.3.0": version: 0.3.0 resolution: "binary@npm:0.3.0" @@ -6260,7 +6369,7 @@ __metadata: languageName: node linkType: hard -"braces@npm:^3.0.2": +"braces@npm:^3.0.2, braces@npm:~3.0.2": version: 3.0.2 resolution: "braces@npm:3.0.2" dependencies: @@ -6269,6 +6378,13 @@ __metadata: languageName: node linkType: hard +"browser-stdout@npm:1.3.1": + version: 1.3.1 + resolution: "browser-stdout@npm:1.3.1" + checksum: 10/ac70a84e346bb7afc5045ec6f22f6a681b15a4057447d4cc1c48a25c6dedb302a49a46dd4ddfb5cdd9c96e0c905a8539be1b98ae7bc440512152967009ec7015 + languageName: node + linkType: hard + "browserslist@npm:^4.22.2": version: 4.23.0 resolution: "browserslist@npm:4.23.0" @@ -6461,10 +6577,17 @@ __metadata: languageName: node linkType: hard +"camelcase@npm:^6.0.0": + version: 6.3.0 + resolution: "camelcase@npm:6.3.0" + checksum: 10/8c96818a9076434998511251dcb2761a94817ea17dbdc37f47ac080bd088fc62c7369429a19e2178b993497132c8cbcf5cc1f44ba963e76782ba469c0474938d + languageName: node + linkType: hard + "caniuse-lite@npm:^1.0.30001587": - version: 1.0.30001591 - resolution: "caniuse-lite@npm:1.0.30001591" - checksum: 10/3891fad30a99b984a3a20570c0440d35dda933c79ea190cdb78a1f1743866506a4b41b4389b53a7c0351f2228125f9dc49308463f57e61503e5689b444add1a8 + version: 1.0.30001597 + resolution: "caniuse-lite@npm:1.0.30001597" + checksum: 10/44a268113faeee51e249cbcb3924dc3765f26cd527a134e3bb720ed20d50abd8b9291500a88beee061cc03ae9f15ddc9045d57e30d25a98efeaff4f7bb8965c1 languageName: node linkType: hard @@ -6486,7 +6609,7 @@ __metadata: languageName: node linkType: hard -"chai@npm:^4.3.10": +"chai@npm:^4.3.10, chai@npm:^4.4.1": version: 4.4.1 resolution: "chai@npm:4.4.1" dependencies: @@ -6592,6 +6715,25 @@ __metadata: languageName: node linkType: hard +"chokidar@npm:3.5.3": + version: 3.5.3 + resolution: "chokidar@npm:3.5.3" + dependencies: + anymatch: "npm:~3.1.2" + braces: "npm:~3.0.2" + fsevents: "npm:~2.3.2" + glob-parent: "npm:~5.1.2" + is-binary-path: "npm:~2.1.0" + is-glob: "npm:~4.0.1" + normalize-path: "npm:~3.0.0" + readdirp: "npm:~3.6.0" + dependenciesMeta: + fsevents: + optional: true + checksum: 10/863e3ff78ee7a4a24513d2a416856e84c8e4f5e60efbe03e8ab791af1a183f569b62fc6f6b8044e2804966cb81277ddbbc1dc374fba3265bd609ea8efd62f5b3 + languageName: node + linkType: hard + "chownr@npm:^2.0.0": version: 2.0.0 resolution: "chownr@npm:2.0.0" @@ -6811,15 +6953,16 @@ __metadata: languageName: node linkType: hard -"compress-commons@npm:^6.0.0": - version: 6.0.1 - resolution: "compress-commons@npm:6.0.1" +"compress-commons@npm:^6.0.2": + version: 6.0.2 + resolution: "compress-commons@npm:6.0.2" dependencies: crc-32: "npm:^1.2.0" crc32-stream: "npm:^6.0.0" + is-stream: "npm:^2.0.1" normalize-path: "npm:^3.0.0" readable-stream: "npm:^4.0.0" - checksum: 10/0c00b0d70537531ab7d8fd5dd85f2deab15f4039aaae67b870b0f947536df23b3d19e4f2c5360dd34894e3d279d84df0918777cbe6931cd4a37edc9c3e3de836 + checksum: 10/78e3ba10aeef919a1c5bbac21e120f3e1558a31b2defebbfa1635274fc7f7e8a3a0ee748a06249589acd0b33a0d58144b8238ff77afc3220f8d403a96fcc13aa languageName: node linkType: hard @@ -7072,10 +7215,43 @@ __metadata: languageName: node linkType: hard -"data-uri-to-buffer@npm:^4.0.0": - version: 4.0.1 - resolution: "data-uri-to-buffer@npm:4.0.1" - checksum: 10/0d0790b67ffec5302f204c2ccca4494f70b4e2d940fea3d36b09f0bb2b8539c2e86690429eb1f1dc4bcc9e4df0644193073e63d9ee48ac9fce79ec1506e4aa4c +"data-uri-to-buffer@npm:^4.0.0": + version: 4.0.1 + resolution: "data-uri-to-buffer@npm:4.0.1" + checksum: 10/0d0790b67ffec5302f204c2ccca4494f70b4e2d940fea3d36b09f0bb2b8539c2e86690429eb1f1dc4bcc9e4df0644193073e63d9ee48ac9fce79ec1506e4aa4c + languageName: node + linkType: hard + +"data-view-buffer@npm:^1.0.1": + version: 1.0.1 + resolution: "data-view-buffer@npm:1.0.1" + dependencies: + call-bind: "npm:^1.0.6" + es-errors: "npm:^1.3.0" + is-data-view: "npm:^1.0.1" + checksum: 10/5919a39a18ee919573336158fd162fdf8ada1bc23a139f28543fd45fac48e0ea4a3ad3bfde91de124d4106e65c4a7525f6a84c20ba0797ec890a77a96d13a82a + languageName: node + linkType: hard + +"data-view-byte-length@npm:^1.0.0": + version: 1.0.1 + resolution: "data-view-byte-length@npm:1.0.1" + dependencies: + call-bind: "npm:^1.0.7" + es-errors: "npm:^1.3.0" + is-data-view: "npm:^1.0.1" + checksum: 10/f33c65e58d8d0432ad79761f2e8a579818d724b5dc6dc4e700489b762d963ab30873c0f1c37d8f2ed12ef51c706d1195f64422856d25f067457aeec50cc40aac + languageName: node + linkType: hard + +"data-view-byte-offset@npm:^1.0.0": + version: 1.0.0 + resolution: "data-view-byte-offset@npm:1.0.0" + dependencies: + call-bind: "npm:^1.0.6" + es-errors: "npm:^1.3.0" + is-data-view: "npm:^1.0.1" + checksum: 10/96f34f151bf02affb7b9f98762fb7aca1dd5f4553cb57b80bce750ca609c15d33ca659568ef1d422f7e35680736cbccb893a3d4b012760c758c1446bbdc4c6db languageName: node linkType: hard @@ -7116,7 +7292,7 @@ __metadata: languageName: node linkType: hard -"debug@npm:4, debug@npm:^4.1.0, debug@npm:^4.1.1, debug@npm:^4.3.1, debug@npm:^4.3.2, debug@npm:^4.3.4": +"debug@npm:4, debug@npm:4.3.4, debug@npm:^4.1.0, debug@npm:^4.1.1, debug@npm:^4.3.1, debug@npm:^4.3.2, debug@npm:^4.3.4": version: 4.3.4 resolution: "debug@npm:4.3.4" dependencies: @@ -7144,6 +7320,13 @@ __metadata: languageName: node linkType: hard +"decamelize@npm:^4.0.0": + version: 4.0.0 + resolution: "decamelize@npm:4.0.0" + checksum: 10/b7d09b82652c39eead4d6678bb578e3bebd848add894b76d0f6b395bc45b2d692fb88d977e7cfb93c4ed6c119b05a1347cef261174916c2e75c0a8ca57da1809 + languageName: node + linkType: hard + "deep-eql@npm:^4.1.3": version: 4.1.3 resolution: "deep-eql@npm:4.1.3" @@ -7176,7 +7359,7 @@ __metadata: languageName: node linkType: hard -"define-data-property@npm:^1.0.1, define-data-property@npm:^1.1.2, define-data-property@npm:^1.1.4": +"define-data-property@npm:^1.0.1, define-data-property@npm:^1.1.4": version: 1.1.4 resolution: "define-data-property@npm:1.1.4" dependencies: @@ -7261,6 +7444,20 @@ __metadata: languageName: node linkType: hard +"diff@npm:5.0.0": + version: 5.0.0 + resolution: "diff@npm:5.0.0" + checksum: 10/4a179a75b17cbb420eb9145be913f9ddb34b47cb2ba4301e80ae745122826a468f02ca8f5e56945958de26ace594899c8381acb6659c88e7803ef078b53d690c + languageName: node + linkType: hard + +"diff@npm:^4.0.2": + version: 4.0.2 + resolution: "diff@npm:4.0.2" + checksum: 10/ec09ec2101934ca5966355a229d77afcad5911c92e2a77413efda5455636c4cf2ce84057e2d7715227a2eeeda04255b849bd3ae3a4dd22eb22e86e76456df069 + languageName: node + linkType: hard + "digest-fetch@npm:^1.3.0": version: 1.3.0 resolution: "digest-fetch@npm:1.3.0" @@ -7383,9 +7580,9 @@ __metadata: linkType: hard "electron-to-chromium@npm:^1.4.668": - version: 1.4.690 - resolution: "electron-to-chromium@npm:1.4.690" - checksum: 10/3a8e43623b8b5d39783e369b28fe3ebcf5d26157793b27286c24a2a1536b10bb94b22468d1403c2f1a7beb2537a029e032bc320661ddc438f8a7e0e57dfd1efa + version: 1.4.706 + resolution: "electron-to-chromium@npm:1.4.706" + checksum: 10/0104f86e09f11add038c3ae2a9a418fab1e55516ff8a141e36d3c3fecafe4743cc11c80d208f66f2e5363677c65255c8bd17e7119be0a7f9419c74d40c12f2f3 languageName: node linkType: hard @@ -7436,12 +7633,12 @@ __metadata: linkType: hard "enhanced-resolve@npm:^5.0.0": - version: 5.15.1 - resolution: "enhanced-resolve@npm:5.15.1" + version: 5.16.0 + resolution: "enhanced-resolve@npm:5.16.0" dependencies: graceful-fs: "npm:^4.2.4" tapable: "npm:^2.2.0" - checksum: 10/9d4badf18c515f7607539e61d7b78f3057ba2f17b97d188c5ef9bcbc26fa6d25b66f0007d39a3a3c3c2a83b53bedbdb6ce82250c57b85470b6b73004d78989be + checksum: 10/47f123676b9b179b35195769b9d9523f314f6fc3a13d4461a4d95d5beaec9adc26aaa3b60b61f93e21ed1290dff0e9d9e67df343ec47f4480669a8e26ffe52a3 languageName: node linkType: hard @@ -7469,13 +7666,16 @@ __metadata: linkType: hard "es-abstract@npm:^1.22.1, es-abstract@npm:^1.22.3, es-abstract@npm:^1.22.4": - version: 1.22.5 - resolution: "es-abstract@npm:1.22.5" + version: 1.23.0 + resolution: "es-abstract@npm:1.23.0" dependencies: array-buffer-byte-length: "npm:^1.0.1" arraybuffer.prototype.slice: "npm:^1.0.3" available-typed-arrays: "npm:^1.0.7" call-bind: "npm:^1.0.7" + data-view-buffer: "npm:^1.0.1" + data-view-byte-length: "npm:^1.0.0" + data-view-byte-offset: "npm:^1.0.0" es-define-property: "npm:^1.0.0" es-errors: "npm:^1.3.0" es-set-tostringtag: "npm:^2.0.3" @@ -7492,6 +7692,7 @@ __metadata: internal-slot: "npm:^1.0.7" is-array-buffer: "npm:^3.0.4" is-callable: "npm:^1.2.7" + is-data-view: "npm:^1.0.1" is-negative-zero: "npm:^2.0.3" is-regex: "npm:^1.1.4" is-shared-array-buffer: "npm:^1.0.3" @@ -7513,7 +7714,7 @@ __metadata: typed-array-length: "npm:^1.0.5" unbox-primitive: "npm:^1.0.2" which-typed-array: "npm:^1.1.14" - checksum: 10/33bba7be636a6c56d836bb7d8860d2082deb02903c906cf31a93840302ac42c731b6d4f6393c1d112fa46c8778b2c1282e7833d206fe5e88e803dab1c8afefed + checksum: 10/b66cec32fcb896c7a3bbb7cb717f3f6bbbb73efe1c6003f0d7a899aecc358feed38ec2cad55e2a1d71a4a95ec7e7cc1dbbca34368deb0b98e36fe02cc5559b31 languageName: node linkType: hard @@ -7810,6 +8011,13 @@ __metadata: languageName: node linkType: hard +"escape-string-regexp@npm:4.0.0, escape-string-regexp@npm:^4.0.0": + version: 4.0.0 + resolution: "escape-string-regexp@npm:4.0.0" + checksum: 10/98b48897d93060f2322108bf29db0feba7dd774be96cd069458d1453347b25ce8682ecc39859d4bca2203cc0ab19c237bcc71755eff49a0f8d90beadeeba5cc5 + languageName: node + linkType: hard + "escape-string-regexp@npm:^1.0.5": version: 1.0.5 resolution: "escape-string-regexp@npm:1.0.5" @@ -7817,13 +8025,6 @@ __metadata: languageName: node linkType: hard -"escape-string-regexp@npm:^4.0.0": - version: 4.0.0 - resolution: "escape-string-regexp@npm:4.0.0" - checksum: 10/98b48897d93060f2322108bf29db0feba7dd774be96cd069458d1453347b25ce8682ecc39859d4bca2203cc0ab19c237bcc71755eff49a0f8d90beadeeba5cc5 - languageName: node - linkType: hard - "eslint-config-airbnb-base@npm:15.0.0, eslint-config-airbnb-base@npm:^15.0.0": version: 15.0.0 resolution: "eslint-config-airbnb-base@npm:15.0.0" @@ -8534,23 +8735,23 @@ __metadata: languageName: node linkType: hard -"find-up@npm:^4.1.0": - version: 4.1.0 - resolution: "find-up@npm:4.1.0" +"find-up@npm:5.0.0, find-up@npm:^5.0.0": + version: 5.0.0 + resolution: "find-up@npm:5.0.0" dependencies: - locate-path: "npm:^5.0.0" + locate-path: "npm:^6.0.0" path-exists: "npm:^4.0.0" - checksum: 10/4c172680e8f8c1f78839486e14a43ef82e9decd0e74145f40707cc42e7420506d5ec92d9a11c22bd2c48fb0c384ea05dd30e10dd152fefeec6f2f75282a8b844 + checksum: 10/07955e357348f34660bde7920783204ff5a26ac2cafcaa28bace494027158a97b9f56faaf2d89a6106211a8174db650dd9f503f9c0d526b1202d5554a00b9095 languageName: node linkType: hard -"find-up@npm:^5.0.0": - version: 5.0.0 - resolution: "find-up@npm:5.0.0" +"find-up@npm:^4.1.0": + version: 4.1.0 + resolution: "find-up@npm:4.1.0" dependencies: - locate-path: "npm:^6.0.0" + locate-path: "npm:^5.0.0" path-exists: "npm:^4.0.0" - checksum: 10/07955e357348f34660bde7920783204ff5a26ac2cafcaa28bace494027158a97b9f56faaf2d89a6106211a8174db650dd9f503f9c0d526b1202d5554a00b9095 + checksum: 10/4c172680e8f8c1f78839486e14a43ef82e9decd0e74145f40707cc42e7420506d5ec92d9a11c22bd2c48fb0c384ea05dd30e10dd152fefeec6f2f75282a8b844 languageName: node linkType: hard @@ -8565,6 +8766,15 @@ __metadata: languageName: node linkType: hard +"flat@npm:^5.0.2": + version: 5.0.2 + resolution: "flat@npm:5.0.2" + bin: + flat: cli.js + checksum: 10/72479e651c15eab53e25ce04c31bab18cfaac0556505cac19221dbbe85bbb9686bc76e4d397e89e5bf516ce667dcf818f8b07e585568edba55abc2bf1f698fb5 + languageName: node + linkType: hard + "flatted@npm:^3.2.9": version: 3.3.1 resolution: "flatted@npm:3.3.1" @@ -8580,12 +8790,12 @@ __metadata: linkType: hard "follow-redirects@npm:^1.14.0, follow-redirects@npm:^1.15.4": - version: 1.15.5 - resolution: "follow-redirects@npm:1.15.5" + version: 1.15.6 + resolution: "follow-redirects@npm:1.15.6" peerDependenciesMeta: debug: optional: true - checksum: 10/d467f13c1c6aa734599b8b369cd7a625b20081af358f6204ff515f6f4116eb440de9c4e0c49f10798eeb0df26c95dd05d5e0d9ddc5786ab1a8a8abefe92929b4 + checksum: 10/70c7612c4cab18e546e36b991bbf8009a1a41cf85354afe04b113d1117569abf760269409cb3eb842d9f7b03d62826687086b081c566ea7b1e6613cf29030bf7 languageName: node linkType: hard @@ -8787,7 +8997,7 @@ __metadata: languageName: node linkType: hard -"get-intrinsic@npm:^1.1.1, get-intrinsic@npm:^1.1.3, get-intrinsic@npm:^1.2.1, get-intrinsic@npm:^1.2.2, get-intrinsic@npm:^1.2.3, get-intrinsic@npm:^1.2.4": +"get-intrinsic@npm:^1.1.3, get-intrinsic@npm:^1.2.1, get-intrinsic@npm:^1.2.3, get-intrinsic@npm:^1.2.4": version: 1.2.4 resolution: "get-intrinsic@npm:1.2.4" dependencies: @@ -8830,7 +9040,7 @@ __metadata: languageName: node linkType: hard -"glob-parent@npm:^5.1.2": +"glob-parent@npm:^5.1.2, glob-parent@npm:~5.1.2": version: 5.1.2 resolution: "glob-parent@npm:5.1.2" dependencies: @@ -8848,6 +9058,19 @@ __metadata: languageName: node linkType: hard +"glob@npm:8.1.0": + version: 8.1.0 + resolution: "glob@npm:8.1.0" + dependencies: + fs.realpath: "npm:^1.0.0" + inflight: "npm:^1.0.4" + inherits: "npm:2" + minimatch: "npm:^5.0.1" + once: "npm:^1.3.0" + checksum: 10/9aab1c75eb087c35dbc41d1f742e51d0507aa2b14c910d96fb8287107a10a22f4bbdce26fc0a3da4c69a20f7b26d62f1640b346a4f6e6becfff47f335bb1dc5e + languageName: node + linkType: hard + "glob@npm:^10.0.0, glob@npm:^10.2.2, glob@npm:^10.3.10": version: 10.3.10 resolution: "glob@npm:10.3.10" @@ -9179,7 +9402,7 @@ __metadata: languageName: node linkType: hard -"has-property-descriptors@npm:^1.0.0, has-property-descriptors@npm:^1.0.1, has-property-descriptors@npm:^1.0.2": +"has-property-descriptors@npm:^1.0.0, has-property-descriptors@npm:^1.0.2": version: 1.0.2 resolution: "has-property-descriptors@npm:1.0.2" dependencies: @@ -9202,7 +9425,7 @@ __metadata: languageName: node linkType: hard -"has-tostringtag@npm:^1.0.0, has-tostringtag@npm:^1.0.1, has-tostringtag@npm:^1.0.2": +"has-tostringtag@npm:^1.0.0, has-tostringtag@npm:^1.0.2": version: 1.0.2 resolution: "has-tostringtag@npm:1.0.2" dependencies: @@ -9212,15 +9435,15 @@ __metadata: linkType: hard "hasown@npm:^2.0.0, hasown@npm:^2.0.1": - version: 2.0.1 - resolution: "hasown@npm:2.0.1" + version: 2.0.2 + resolution: "hasown@npm:2.0.2" dependencies: function-bind: "npm:^1.1.2" - checksum: 10/b7f9107387ee68abed88e965c2b99e868b5e0e9d289db1ddd080706ffafb69533b4f538b0e6362585bae8d6cbd080249f65e79702f74c225990f66d6106be3f6 + checksum: 10/7898a9c1788b2862cf0f9c345a6bec77ba4a0c0983c7f19d610c382343d4f98fa260686b225dfb1f88393a66679d2ec58ee310c1d6868c081eda7918f32cc70a languageName: node linkType: hard -"he@npm:^1.2.0": +"he@npm:1.2.0, he@npm:^1.2.0": version: 1.2.0 resolution: "he@npm:1.2.0" bin: @@ -9592,6 +9815,15 @@ __metadata: languageName: node linkType: hard +"is-binary-path@npm:~2.1.0": + version: 2.1.0 + resolution: "is-binary-path@npm:2.1.0" + dependencies: + binary-extensions: "npm:^2.0.0" + checksum: 10/078e51b4f956c2c5fd2b26bb2672c3ccf7e1faff38e0ebdba45612265f4e3d9fc3127a1fa8370bbf09eab61339203c3d3b7af5662cbf8be4030f8fac37745b0e + languageName: node + linkType: hard + "is-boolean-object@npm:^1.1.0": version: 1.1.2 resolution: "is-boolean-object@npm:1.1.2" @@ -9625,6 +9857,15 @@ __metadata: languageName: node linkType: hard +"is-data-view@npm:^1.0.1": + version: 1.0.1 + resolution: "is-data-view@npm:1.0.1" + dependencies: + is-typed-array: "npm:^1.1.13" + checksum: 10/4ba4562ac2b2ec005fefe48269d6bd0152785458cd253c746154ffb8a8ab506a29d0cfb3b74af87513843776a88e4981ae25c89457bf640a33748eab1a7216b5 + languageName: node + linkType: hard + "is-date-object@npm:^1.0.1, is-date-object@npm:^1.0.5": version: 1.0.5 resolution: "is-date-object@npm:1.0.5" @@ -9675,7 +9916,7 @@ __metadata: languageName: node linkType: hard -"is-glob@npm:4.0.3, is-glob@npm:^4.0.0, is-glob@npm:^4.0.1, is-glob@npm:^4.0.3": +"is-glob@npm:4.0.3, is-glob@npm:^4.0.0, is-glob@npm:^4.0.1, is-glob@npm:^4.0.3, is-glob@npm:~4.0.1": version: 4.0.3 resolution: "is-glob@npm:4.0.3" dependencies: @@ -9707,10 +9948,10 @@ __metadata: languageName: node linkType: hard -"is-map@npm:^2.0.1": - version: 2.0.2 - resolution: "is-map@npm:2.0.2" - checksum: 10/60ba910f835f2eacb1fdf5b5a6c60fe1c702d012a7673e6546992bcc0c873f62ada6e13d327f9e48f1720d49c152d6cdecae1fa47a261ef3d247c3ce6f0e1d39 +"is-map@npm:^2.0.3": + version: 2.0.3 + resolution: "is-map@npm:2.0.3" + checksum: 10/8de7b41715b08bcb0e5edb0fb9384b80d2d5bcd10e142188f33247d19ff078abaf8e9b6f858e2302d8d05376a26a55cd23a3c9f8ab93292b02fcd2cc9e4e92bb languageName: node linkType: hard @@ -9744,6 +9985,20 @@ __metadata: languageName: node linkType: hard +"is-plain-obj@npm:^2.1.0": + version: 2.1.0 + resolution: "is-plain-obj@npm:2.1.0" + checksum: 10/cec9100678b0a9fe0248a81743041ed990c2d4c99f893d935545cfbc42876cbe86d207f3b895700c690ad2fa520e568c44afc1605044b535a7820c1d40e38daa + languageName: node + linkType: hard + +"is-readable-stream@npm:~1.0.0": + version: 1.0.1 + resolution: "is-readable-stream@npm:1.0.1" + checksum: 10/f5e08edf4c8d09c171500692556bb20d678a1e9f674eb4da3c927bb5bd8b5d6ad1923f91ae325e6dd4524b73131c10ff7334cbeea58e169b0567affdcd695b99 + languageName: node + linkType: hard + "is-regex@npm:^1.1.4": version: 1.1.4 resolution: "is-regex@npm:1.1.4" @@ -9763,10 +10018,10 @@ __metadata: languageName: node linkType: hard -"is-set@npm:^2.0.1": - version: 2.0.2 - resolution: "is-set@npm:2.0.2" - checksum: 10/d89e82acdc7760993474f529e043f9c4a1d63ed4774d21cc2e331d0e401e5c91c27743cd7c889137028f6a742234759a4bd602368fbdbf0b0321994aefd5603f +"is-set@npm:^2.0.3": + version: 2.0.3 + resolution: "is-set@npm:2.0.3" + checksum: 10/5685df33f0a4a6098a98c72d94d67cad81b2bc72f1fb2091f3d9283c4a1c582123cd709145b02a9745f0ce6b41e3e43f1c944496d1d74d4ea43358be61308669 languageName: node linkType: hard @@ -9779,7 +10034,7 @@ __metadata: languageName: node linkType: hard -"is-stream@npm:^2.0.0": +"is-stream@npm:^2.0.0, is-stream@npm:^2.0.1": version: 2.0.1 resolution: "is-stream@npm:2.0.1" checksum: 10/b8e05ccdf96ac330ea83c12450304d4a591f9958c11fd17bed240af8d5ffe08aedafa4c0f4cfccd4d28dc9d4d129daca1023633d5c11601a6cbc77521f6fae66 @@ -9845,10 +10100,10 @@ __metadata: languageName: node linkType: hard -"is-weakmap@npm:^2.0.1": - version: 2.0.1 - resolution: "is-weakmap@npm:2.0.1" - checksum: 10/289fa4e8ba1bdda40ca78481266f6925b7c46a85599e6a41a77010bf91e5a24dfb660db96863bbf655ecdbda0ab517204d6a4e0c151dbec9d022c556321f3776 +"is-weakmap@npm:^2.0.2": + version: 2.0.2 + resolution: "is-weakmap@npm:2.0.2" + checksum: 10/a7b7e23206c542dcf2fa0abc483142731788771527e90e7e24f658c0833a0d91948a4f7b30d78f7a65255a48512e41a0288b778ba7fc396137515c12e201fd11 languageName: node linkType: hard @@ -9861,13 +10116,13 @@ __metadata: languageName: node linkType: hard -"is-weakset@npm:^2.0.1": - version: 2.0.2 - resolution: "is-weakset@npm:2.0.2" +"is-weakset@npm:^2.0.3": + version: 2.0.3 + resolution: "is-weakset@npm:2.0.3" dependencies: - call-bind: "npm:^1.0.2" - get-intrinsic: "npm:^1.1.1" - checksum: 10/8f2ddb9639716fd7936784e175ea1183c5c4c05274c34f34f6a53175313cb1c9c35a8b795623306995e2f7cc8f25aa46302f15a2113e51c5052d447be427195c + call-bind: "npm:^1.0.7" + get-intrinsic: "npm:^1.2.4" + checksum: 10/40159582ff1b44fc40085f631baf19f56479b05af2faede65b4e6a0b6acab745c13fd070e35b475aafd8a1ee50879ba5a3f1265125b46bebdb446b6be1f62165 languageName: node linkType: hard @@ -10054,7 +10309,7 @@ __metadata: languageName: node linkType: hard -"js-yaml@npm:^4.0.0, js-yaml@npm:^4.1.0": +"js-yaml@npm:4.1.0, js-yaml@npm:^4.0.0, js-yaml@npm:^4.1.0": version: 4.1.0 resolution: "js-yaml@npm:4.1.0" dependencies: @@ -10128,6 +10383,13 @@ __metadata: languageName: node linkType: hard +"json-stringify-safe@npm:^5.0.1": + version: 5.0.1 + resolution: "json-stringify-safe@npm:5.0.1" + checksum: 10/59169a081e4eeb6f9559ae1f938f656191c000e0512aa6df9f3c8b2437a4ab1823819c6b9fd1818a4e39593ccfd72e9a051fdd3e2d1e340ed913679e888ded8c + languageName: node + linkType: hard + "json-to-plain-text@npm:1.1.4": version: 1.1.4 resolution: "json-to-plain-text@npm:1.1.4" @@ -10182,6 +10444,13 @@ __metadata: languageName: node linkType: hard +"just-extend@npm:^4.0.2": + version: 4.2.1 + resolution: "just-extend@npm:4.2.1" + checksum: 10/375389c0847d56300873fa622fbc5c5e208933e372bbedb39c82f583299cdad4fe9c4773bc35fcd9c42cd85744f07474ca4163aa0f9125dd5be37bc09075eb49 + languageName: node + linkType: hard + "jwt-decode@npm:4.0.0": version: 4.0.0 resolution: "jwt-decode@npm:4.0.0" @@ -10377,6 +10646,13 @@ __metadata: languageName: node linkType: hard +"lodash.get@npm:^4.4.2": + version: 4.4.2 + resolution: "lodash.get@npm:4.4.2" + checksum: 10/2a4925f6e89bc2c010a77a802d1ba357e17ed1ea03c2ddf6a146429f2856a216663e694a6aa3549a318cbbba3fd8b7decb392db457e6ac0b83dc745ed0a17380 + languageName: node + linkType: hard + "lodash.isarguments@npm:^3.1.0": version: 3.1.0 resolution: "lodash.isarguments@npm:3.1.0" @@ -10419,7 +10695,7 @@ __metadata: languageName: node linkType: hard -"log-symbols@npm:^4.0.0, log-symbols@npm:^4.1.0": +"log-symbols@npm:4.1.0, log-symbols@npm:^4.0.0, log-symbols@npm:^4.1.0": version: 4.1.0 resolution: "log-symbols@npm:4.1.0" dependencies: @@ -10554,11 +10830,11 @@ __metadata: linkType: hard "magic-string@npm:^0.30.5": - version: 0.30.7 - resolution: "magic-string@npm:0.30.7" + version: 0.30.8 + resolution: "magic-string@npm:0.30.8" dependencies: "@jridgewell/sourcemap-codec": "npm:^1.4.15" - checksum: 10/883eaaf6792a3263e44f4bcdcd35ace272268e4b98ed5a770ad711947958d2f9fc683e474945e306e2bdc152b7e44d369ee312690d87025b9879fc63fbe1409c + checksum: 10/72ab63817af600e92c19dc8489c1aa4a9599da00cfd59b2319709bd48fb0cf533fdf354bf140ac86e598dbd63e6b2cc83647fe8448f864a3eb6061c62c94e784 languageName: node linkType: hard @@ -10672,7 +10948,7 @@ __metadata: languageName: node linkType: hard -"methods@npm:~1.1.2": +"methods@npm:~1.1.1, methods@npm:~1.1.2": version: 1.1.2 resolution: "methods@npm:1.1.2" checksum: 10/a385dd974faa34b5dd021b2bbf78c722881bf6f003bfe6d391d7da3ea1ed625d1ff10ddd13c57531f628b3e785be38d3eed10ad03cebd90b76932413df9a1820 @@ -10751,6 +11027,15 @@ __metadata: languageName: node linkType: hard +"minimatch@npm:5.0.1": + version: 5.0.1 + resolution: "minimatch@npm:5.0.1" + dependencies: + brace-expansion: "npm:^2.0.1" + checksum: 10/2656580f18d9f38ada186196fcc72dc9076d70f7227adc664e72614d464e075dc4ae3936e6742519e09e336996ef33c6035e606888b12f65ca7fda792ddd2085 + languageName: node + linkType: hard + "minimatch@npm:9.0.3, minimatch@npm:^9.0.1": version: 9.0.3 resolution: "minimatch@npm:9.0.3" @@ -10919,6 +11204,37 @@ __metadata: languageName: node linkType: hard +"mocha@npm:^10.3.0": + version: 10.3.0 + resolution: "mocha@npm:10.3.0" + dependencies: + ansi-colors: "npm:4.1.1" + browser-stdout: "npm:1.3.1" + chokidar: "npm:3.5.3" + debug: "npm:4.3.4" + diff: "npm:5.0.0" + escape-string-regexp: "npm:4.0.0" + find-up: "npm:5.0.0" + glob: "npm:8.1.0" + he: "npm:1.2.0" + js-yaml: "npm:4.1.0" + log-symbols: "npm:4.1.0" + minimatch: "npm:5.0.1" + ms: "npm:2.1.3" + serialize-javascript: "npm:6.0.0" + strip-json-comments: "npm:3.1.1" + supports-color: "npm:8.1.1" + workerpool: "npm:6.2.1" + yargs: "npm:16.2.0" + yargs-parser: "npm:20.2.4" + yargs-unparser: "npm:2.0.0" + bin: + _mocha: bin/_mocha + mocha: bin/mocha.js + checksum: 10/8b30b3fdb3f365fca7e069fce732e13db4192e1bf8f49e63ec67a3b7857c41cbcd162289ad22178db6ef405fb251b8a0dbb54e942d08c72abf45e1ec3fcdd052 + languageName: node + linkType: hard + "module-details-from-path@npm:^1.0.3": version: 1.0.3 resolution: "module-details-from-path@npm:1.0.3" @@ -11021,6 +11337,19 @@ __metadata: languageName: node linkType: hard +"nise@npm:^4.0.4": + version: 4.1.0 + resolution: "nise@npm:4.1.0" + dependencies: + "@sinonjs/commons": "npm:^1.7.0" + "@sinonjs/fake-timers": "npm:^6.0.0" + "@sinonjs/text-encoding": "npm:^0.7.1" + just-extend: "npm:^4.0.2" + path-to-regexp: "npm:^1.7.0" + checksum: 10/ff7c2e316c8ae8327573417fefcc84070d9dcfa423b123d014d21db5f7de07580f76a85143c2f91eaf5f1a979f3f9a3721e3652753e58ddaa703aa8d65539b0b + languageName: node + linkType: hard + "no-case@npm:^3.0.4": version: 3.0.4 resolution: "no-case@npm:3.0.4" @@ -11031,6 +11360,17 @@ __metadata: languageName: node linkType: hard +"nock@npm:^13.5.4": + version: 13.5.4 + resolution: "nock@npm:13.5.4" + dependencies: + debug: "npm:^4.1.0" + json-stringify-safe: "npm:^5.0.1" + propagate: "npm:^2.0.0" + checksum: 10/75bad391bae4efb81b742734af5f2d87309cd93d3ca6b78372fd37946d78ccb254d79104676619866915e6734abfc1b00fee2aa42073a4843ca3c746aad35a4d + languageName: node + linkType: hard + "node-abort-controller@npm:^3.0.1": version: 3.1.1 resolution: "node-abort-controller@npm:3.1.1" @@ -11149,7 +11489,7 @@ __metadata: languageName: node linkType: hard -"normalize-path@npm:^3.0.0": +"normalize-path@npm:^3.0.0, normalize-path@npm:~3.0.0": version: 3.0.0 resolution: "normalize-path@npm:3.0.0" checksum: 10/88eeb4da891e10b1318c4b2476b6e2ecbeb5ff97d946815ffea7794c31a89017c70d7f34b3c2ebf23ef4e9fc9fb99f7dffe36da22011b5b5c6ffa34f4873ec20 @@ -11500,7 +11840,7 @@ __metadata: node-fetch: "npm:3.3.2" nodemailer: "npm:6.9.11" openai: "npm:4.28.4" - openid-client: "npm:5.6.4" + openid-client: "npm:5.6.5" opentelemetry-node-metrics: "npm:3.0.0" otplib: "npm:12.0.1" passport: "npm:0.7.0" @@ -11536,17 +11876,26 @@ __metadata: languageName: unknown linkType: soft -"openid-client@npm:5.6.4": - version: 5.6.4 - resolution: "openid-client@npm:5.6.4" +"openid-client@npm:5.6.5, openid-client@workspace:packages/node-openid-client": + version: 0.0.0-use.local + resolution: "openid-client@workspace:packages/node-openid-client" dependencies: - jose: "npm:^4.15.4" + "@types/node": "npm:^16.18.87" + "@types/passport": "npm:^1.0.16" + base64url: "npm:^3.0.1" + chai: "npm:^4.4.1" + jose: "npm:^4.15.5" lru-cache: "npm:^6.0.0" + mocha: "npm:^10.3.0" + nock: "npm:^13.5.4" object-hash: "npm:^2.2.0" oidc-token-hash: "npm:^5.0.3" - checksum: 10/ab9b1ec59be68f13b10c4e4eb1979e204d211701b139c2363e58faeb4bb0b67e26782fd2080d7488bb3e7e2ebc3c2aac43cff7284c3da3723cfe4f9b29852c24 - languageName: node - linkType: hard + prettier: "npm:^2.8.8" + readable-mock-req: "npm:^0.2.2" + sinon: "npm:^9.2.4" + timekeeper: "npm:^2.3.1" + languageName: unknown + linkType: soft "opentelemetry-node-metrics@npm:3.0.0": version: 3.0.0 @@ -11945,6 +12294,15 @@ __metadata: languageName: node linkType: hard +"path-to-regexp@npm:^1.7.0": + version: 1.8.0 + resolution: "path-to-regexp@npm:1.8.0" + dependencies: + isarray: "npm:0.0.1" + checksum: 10/45a01690f72919163cf89714e31a285937b14ad54c53734c826363fcf7beba9d9d0f2de802b4986b1264374562d6a3398a2e5289753a764e3a256494f1e52add + languageName: node + linkType: hard + "path-type@npm:^4.0.0": version: 4.0.0 resolution: "path-type@npm:4.0.0" @@ -11987,7 +12345,7 @@ __metadata: languageName: node linkType: hard -"picomatch@npm:^2.3.1": +"picomatch@npm:^2.0.4, picomatch@npm:^2.2.1, picomatch@npm:^2.3.1": version: 2.3.1 resolution: "picomatch@npm:2.3.1" checksum: 10/60c2595003b05e4535394d1da94850f5372c9427ca4413b71210f437f7b2ca091dbd611c45e8b37d10036fa8eade25c1b8951654f9d3973bfa66a2ff4d3b08bc @@ -12037,6 +12395,15 @@ __metadata: languageName: node linkType: hard +"prettier@npm:^2.8.8": + version: 2.8.8 + resolution: "prettier@npm:2.8.8" + bin: + prettier: bin-prettier.js + checksum: 10/00cdb6ab0281f98306cd1847425c24cbaaa48a5ff03633945ab4c701901b8e96ad558eb0777364ffc312f437af9b5a07d0f45346266e8245beaf6247b9c62b24 + languageName: node + linkType: hard + "pretty-format@npm:^29.7.0": version: 29.7.0 resolution: "pretty-format@npm:29.7.0" @@ -12109,6 +12476,13 @@ __metadata: languageName: node linkType: hard +"propagate@npm:^2.0.0": + version: 2.0.1 + resolution: "propagate@npm:2.0.1" + checksum: 10/8c761c16e8232f82f6d015d3e01e8bd4109f47ad804f904d950f6fe319813b448ca112246b6bfdc182b400424b155b0b7c4525a9bb009e6fa950200157569c14 + languageName: node + linkType: hard + "protobufjs@npm:^7.2.3, protobufjs@npm:^7.2.4": version: 7.2.6 resolution: "protobufjs@npm:7.2.6" @@ -12234,6 +12608,15 @@ __metadata: languageName: node linkType: hard +"randombytes@npm:^2.1.0": + version: 2.1.0 + resolution: "randombytes@npm:2.1.0" + dependencies: + safe-buffer: "npm:^5.1.0" + checksum: 10/4efd1ad3d88db77c2d16588dc54c2b52fd2461e70fe5724611f38d283857094fe09040fa2c9776366803c3152cf133171b452ef717592b65631ce5dc3a2bdafc + languageName: node + linkType: hard + "range-parser@npm:~1.2.1": version: 1.2.1 resolution: "range-parser@npm:1.2.1" @@ -12267,7 +12650,18 @@ __metadata: languageName: node linkType: hard -"readable-stream@npm:1.x >=1.1.9": +"readable-mock-req@npm:^0.2.2": + version: 0.2.2 + resolution: "readable-mock-req@npm:0.2.2" + dependencies: + is-readable-stream: "npm:~1.0.0" + methods: "npm:~1.1.1" + readable-stream: "npm:~1.1.0" + checksum: 10/cdee1c20879dc76e3fac2fbfd43efdab6b9abc51df3801310909ccccaf385c9d5838e0347976795f1ec45c38a3e16d3eb96e07427fa4d7b337219580e51c9716 + languageName: node + linkType: hard + +"readable-stream@npm:1.x >=1.1.9, readable-stream@npm:~1.1.0": version: 1.1.14 resolution: "readable-stream@npm:1.1.14" dependencies: @@ -12336,6 +12730,15 @@ __metadata: languageName: node linkType: hard +"readdirp@npm:~3.6.0": + version: 3.6.0 + resolution: "readdirp@npm:3.6.0" + dependencies: + picomatch: "npm:^2.2.1" + checksum: 10/196b30ef6ccf9b6e18c4e1724b7334f72a093d011a99f3b5920470f0b3406a51770867b3e1ae9711f227ef7a7065982f6ee2ce316746b2cb42c88efe44297fe7 + languageName: node + linkType: hard + "redis-errors@npm:^1.0.0, redis-errors@npm:^1.2.0": version: 1.2.0 resolution: "redis-errors@npm:1.2.0" @@ -12442,13 +12845,13 @@ __metadata: linkType: hard "require-in-the-middle@npm:^7.1.1": - version: 7.2.0 - resolution: "require-in-the-middle@npm:7.2.0" + version: 7.2.1 + resolution: "require-in-the-middle@npm:7.2.1" dependencies: debug: "npm:^4.1.1" module-details-from-path: "npm:^1.0.3" resolve: "npm:^1.22.1" - checksum: 10/f77f865d5f689d8cada40c9bb947a86d2992b34ee9d3b98aaa7f643acd101ede624e5fe3e9200103900f6b772af4277ef97d08a9332160c895861dc3f801be67 + checksum: 10/f61867f8aeeb2132072dab0a3774b2c34882c9926bd2862d05d3a268073cfbd7af0de40807d3bd6b5f54b164fade84f60ad4f02806b52cbb137818fa216464ee languageName: node linkType: hard @@ -12593,22 +12996,22 @@ __metadata: linkType: hard "rollup@npm:^4.2.0": - version: 4.12.0 - resolution: "rollup@npm:4.12.0" - dependencies: - "@rollup/rollup-android-arm-eabi": "npm:4.12.0" - "@rollup/rollup-android-arm64": "npm:4.12.0" - "@rollup/rollup-darwin-arm64": "npm:4.12.0" - "@rollup/rollup-darwin-x64": "npm:4.12.0" - "@rollup/rollup-linux-arm-gnueabihf": "npm:4.12.0" - "@rollup/rollup-linux-arm64-gnu": "npm:4.12.0" - "@rollup/rollup-linux-arm64-musl": "npm:4.12.0" - "@rollup/rollup-linux-riscv64-gnu": "npm:4.12.0" - "@rollup/rollup-linux-x64-gnu": "npm:4.12.0" - "@rollup/rollup-linux-x64-musl": "npm:4.12.0" - "@rollup/rollup-win32-arm64-msvc": "npm:4.12.0" - "@rollup/rollup-win32-ia32-msvc": "npm:4.12.0" - "@rollup/rollup-win32-x64-msvc": "npm:4.12.0" + version: 4.13.0 + resolution: "rollup@npm:4.13.0" + dependencies: + "@rollup/rollup-android-arm-eabi": "npm:4.13.0" + "@rollup/rollup-android-arm64": "npm:4.13.0" + "@rollup/rollup-darwin-arm64": "npm:4.13.0" + "@rollup/rollup-darwin-x64": "npm:4.13.0" + "@rollup/rollup-linux-arm-gnueabihf": "npm:4.13.0" + "@rollup/rollup-linux-arm64-gnu": "npm:4.13.0" + "@rollup/rollup-linux-arm64-musl": "npm:4.13.0" + "@rollup/rollup-linux-riscv64-gnu": "npm:4.13.0" + "@rollup/rollup-linux-x64-gnu": "npm:4.13.0" + "@rollup/rollup-linux-x64-musl": "npm:4.13.0" + "@rollup/rollup-win32-arm64-msvc": "npm:4.13.0" + "@rollup/rollup-win32-ia32-msvc": "npm:4.13.0" + "@rollup/rollup-win32-x64-msvc": "npm:4.13.0" "@types/estree": "npm:1.0.5" fsevents: "npm:~2.3.2" dependenciesMeta: @@ -12642,7 +13045,7 @@ __metadata: optional: true bin: rollup: dist/bin/rollup - checksum: 10/098eac4dcaf051b71c4efb7e3df059f6563d030b4dfbd2622a4d70acf4d02c463885643c63a21dda45153470f9be5047acd11eab19d4b2ed1c06b8ff57997e8e + checksum: 10/3ebced8ad49e8b5617cb7013cb106dd8ac99ae31a71f9689dc689b8fdaf0eb109f3d861330ef659e5f28a2c38e040282aea0e1df150b165f53f649d46275df84 languageName: node linkType: hard @@ -12672,14 +13075,14 @@ __metadata: linkType: hard "safe-array-concat@npm:^1.1.0": - version: 1.1.0 - resolution: "safe-array-concat@npm:1.1.0" + version: 1.1.2 + resolution: "safe-array-concat@npm:1.1.2" dependencies: - call-bind: "npm:^1.0.5" - get-intrinsic: "npm:^1.2.2" + call-bind: "npm:^1.0.7" + get-intrinsic: "npm:^1.2.4" has-symbols: "npm:^1.0.3" isarray: "npm:^2.0.5" - checksum: 10/41ac35ce46c44e2e8637b1805b0697d5269507779e3082b7afb92c01605fd73ab813bbc799510c56e300cfc941b1447fd98a338205db52db7fd1322ab32d7c9f + checksum: 10/a54f8040d7cb696a1ee38d19cc71ab3cfb654b9b81bae00c6459618cfad8214ece7e6666592f9c925aafef43d0a20c5e6fbb3413a2b618e1ce9d516a2e6dcfc5 languageName: node linkType: hard @@ -12690,7 +13093,7 @@ __metadata: languageName: node linkType: hard -"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1, safe-buffer@npm:~5.2.0": +"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.0, safe-buffer@npm:~5.2.0": version: 5.2.1 resolution: "safe-buffer@npm:5.2.1" checksum: 10/32872cd0ff68a3ddade7a7617b8f4c2ae8764d8b7d884c651b74457967a9e0e886267d3ecc781220629c44a865167b61c375d2da6c720c840ecd73f45d5d9451 @@ -12811,6 +13214,15 @@ __metadata: languageName: node linkType: hard +"serialize-javascript@npm:6.0.0": + version: 6.0.0 + resolution: "serialize-javascript@npm:6.0.0" + dependencies: + randombytes: "npm:^2.1.0" + checksum: 10/ed3dabfbb565c48c9eb1ca8fe58f0d256902ab70a8a605be634ddd68388d5f728bb0bd1268e94fab628748ba8ad8392f01b05f3cbe1e4878b5c58c669fd3d1b4 + languageName: node + linkType: hard + "serve-static@npm:1.15.0": version: 1.15.0 resolution: "serve-static@npm:1.15.0" @@ -12831,16 +13243,16 @@ __metadata: linkType: hard "set-function-length@npm:^1.2.1": - version: 1.2.1 - resolution: "set-function-length@npm:1.2.1" + version: 1.2.2 + resolution: "set-function-length@npm:1.2.2" dependencies: - define-data-property: "npm:^1.1.2" + define-data-property: "npm:^1.1.4" es-errors: "npm:^1.3.0" function-bind: "npm:^1.1.2" - get-intrinsic: "npm:^1.2.3" + get-intrinsic: "npm:^1.2.4" gopd: "npm:^1.0.1" - has-property-descriptors: "npm:^1.0.1" - checksum: 10/9ab1d200149574ab27c1a7acae56d6235e02568fc68655fe8afe63e4e02ccad3c27665f55c32408bd1ff40705939dbb7539abfb9c3a07fda27ecad1ab9e449f5 + has-property-descriptors: "npm:^1.0.2" + checksum: 10/505d62b8e088468917ca4e3f8f39d0e29f9a563b97dbebf92f4bd2c3172ccfb3c5b8e4566d5fcd00784a00433900e7cb8fbc404e2dbd8c3818ba05bb9d4a8a6d languageName: node linkType: hard @@ -12979,6 +13391,20 @@ __metadata: languageName: node linkType: hard +"sinon@npm:^9.2.4": + version: 9.2.4 + resolution: "sinon@npm:9.2.4" + dependencies: + "@sinonjs/commons": "npm:^1.8.1" + "@sinonjs/fake-timers": "npm:^6.0.1" + "@sinonjs/samsam": "npm:^5.3.1" + diff: "npm:^4.0.2" + nise: "npm:^4.0.4" + supports-color: "npm:^7.1.0" + checksum: 10/4597c12e2490b22aaae5fb1edca169a10e71dee73c13d2d12d6d9fa7f3bdbdb53ec5ad52c631c301fb3eab79471a30b05be65155c30ca415169470ea4789eae6 + languageName: node + linkType: hard + "slash@npm:^3.0.0": version: 3.0.0 resolution: "slash@npm:3.0.0" @@ -13313,7 +13739,7 @@ __metadata: languageName: node linkType: hard -"strip-json-comments@npm:^3.1.1": +"strip-json-comments@npm:3.1.1, strip-json-comments@npm:^3.1.1": version: 3.1.1 resolution: "strip-json-comments@npm:3.1.1" checksum: 10/492f73e27268f9b1c122733f28ecb0e7e8d8a531a6662efbd08e22cccb3f9475e90a1b82cab06a392f6afae6d2de636f977e231296400d0ec5304ba70f166443 @@ -13361,6 +13787,15 @@ __metadata: languageName: node linkType: hard +"supports-color@npm:8.1.1": + version: 8.1.1 + resolution: "supports-color@npm:8.1.1" + dependencies: + has-flag: "npm:^4.0.0" + checksum: 10/157b534df88e39c5518c5e78c35580c1eca848d7dbaf31bbe06cdfc048e22c7ff1a9d046ae17b25691128f631a51d9ec373c1b740c12ae4f0de6e292037e4282 + languageName: node + linkType: hard + "supports-color@npm:^5.3.0": version: 5.5.0 resolution: "supports-color@npm:5.5.0" @@ -13495,6 +13930,13 @@ __metadata: languageName: node linkType: hard +"timekeeper@npm:^2.3.1": + version: 2.3.1 + resolution: "timekeeper@npm:2.3.1" + checksum: 10/badcf9aeefa66e50f4e9ba42775c6e600fd76f9b7adaca67cf84b9bcb384fdac8d8578dc5a7aa39f6f868946f47f4d3b99118f18d49c576a63729618cf55d445 + languageName: node + linkType: hard + "tinybench@npm:^2.5.1": version: 2.6.0 resolution: "tinybench@npm:2.6.0" @@ -13610,11 +14052,11 @@ __metadata: linkType: hard "ts-api-utils@npm:^1.0.1": - version: 1.2.1 - resolution: "ts-api-utils@npm:1.2.1" + version: 1.3.0 + resolution: "ts-api-utils@npm:1.3.0" peerDependencies: typescript: ">=4.2.0" - checksum: 10/6d7f60fd01e3885bb334607f22b9cb1002e72da81dad2e672fef1b0d1a2f640b0f0ff5310369401488fac90c7a7f5d39c89fd18789af59c672c9b5aef4cade3e + checksum: 10/3ee44faa24410cd649b5c864e068d438aa437ef64e9e4a66a41646a6d3024d3097a695eeb3fb26ee364705d3cb9653a65756d009e6a53badb6066a5f447bf7ed languageName: node linkType: hard @@ -13708,7 +14150,7 @@ __metadata: languageName: node linkType: hard -"type-detect@npm:^4.0.0, type-detect@npm:^4.0.8": +"type-detect@npm:4.0.8, type-detect@npm:^4.0.0, type-detect@npm:^4.0.8": version: 4.0.8 resolution: "type-detect@npm:4.0.8" checksum: 10/5179e3b8ebc51fce1b13efb75fdea4595484433f9683bbc2dca6d99789dba4e602ab7922d2656f2ce8383987467f7770131d4a7f06a26287db0615d2f4c4ce7d @@ -14180,8 +14622,8 @@ __metadata: linkType: hard "vite@npm:^5.0.0": - version: 5.1.4 - resolution: "vite@npm:5.1.4" + version: 5.1.6 + resolution: "vite@npm:5.1.6" dependencies: esbuild: "npm:^0.19.3" fsevents: "npm:~2.3.3" @@ -14215,7 +14657,7 @@ __metadata: optional: true bin: vite: bin/vite.js - checksum: 10/e9003b853f0784260f4fe7ce0190124b347fd8fd6bf889a07080facd0d9a9667eaff4022eddb1ba3f0283ef69d15d77f84bca832082e48874a7a62e7f6d66b08 + checksum: 10/f48073e93ead62fa58034398442de4517c824b3e50184f8b4059fb24077a26f2c04e910e29d7fb7ec51ea53eb61b9c7d94d56b14a38851de80c67480094cc79d languageName: node linkType: hard @@ -14373,14 +14815,14 @@ __metadata: linkType: hard "which-collection@npm:^1.0.1": - version: 1.0.1 - resolution: "which-collection@npm:1.0.1" + version: 1.0.2 + resolution: "which-collection@npm:1.0.2" dependencies: - is-map: "npm:^2.0.1" - is-set: "npm:^2.0.1" - is-weakmap: "npm:^2.0.1" - is-weakset: "npm:^2.0.1" - checksum: 10/85c95fcf92df7972ce66bed879e53d9dc752a30ef08e1ca4696df56bcf1c302e3b9965a39b04a20fa280a997fad6c170eb0b4d62435569b7f6c0bc7be910572b + is-map: "npm:^2.0.3" + is-set: "npm:^2.0.3" + is-weakmap: "npm:^2.0.2" + is-weakset: "npm:^2.0.3" + checksum: 10/674bf659b9bcfe4055f08634b48a8588e879161b9fefed57e9ec4ff5601e4d50a05ccd76cf10f698ef5873784e5df3223336d56c7ce88e13bcf52ebe582fc8d7 languageName: node linkType: hard @@ -14392,15 +14834,15 @@ __metadata: linkType: hard "which-typed-array@npm:^1.1.14, which-typed-array@npm:^1.1.9": - version: 1.1.14 - resolution: "which-typed-array@npm:1.1.14" + version: 1.1.15 + resolution: "which-typed-array@npm:1.1.15" dependencies: - available-typed-arrays: "npm:^1.0.6" - call-bind: "npm:^1.0.5" + available-typed-arrays: "npm:^1.0.7" + call-bind: "npm:^1.0.7" for-each: "npm:^0.3.3" gopd: "npm:^1.0.1" - has-tostringtag: "npm:^1.0.1" - checksum: 10/56253d2c9d6b41b8a4af96d8c2751bac5508906bd500cdcd0dc5301fb082de0391a4311ab21258bc8d2609ed593f422c1a66f0020fcb3a1e97f719bc928b9018 + has-tostringtag: "npm:^1.0.2" + checksum: 10/c3b6a99beadc971baa53c3ee5b749f2b9bdfa3b3b9a70650dd8511a48b61d877288b498d424712e9991d16019633086bd8b5923369460d93463c5825fa36c448 languageName: node linkType: hard @@ -14482,6 +14924,13 @@ __metadata: languageName: node linkType: hard +"workerpool@npm:6.2.1": + version: 6.2.1 + resolution: "workerpool@npm:6.2.1" + checksum: 10/3e637f76320cab92eaeffa4fbefb351db02e20aa29245d8ee05fa7c088780ef7b4446bfafff2668a22fd94b7d9d97c7020117036ac77a76370ecea278b9a9b91 + languageName: node + linkType: hard + "wrap-ansi-cjs@npm:wrap-ansi@^7.0.0, wrap-ansi@npm:^7.0.0": version: 7.0.0 resolution: "wrap-ansi@npm:7.0.0" @@ -14615,14 +15064,14 @@ __metadata: linkType: hard "xss@npm:^1.0.8": - version: 1.0.14 - resolution: "xss@npm:1.0.14" + version: 1.0.15 + resolution: "xss@npm:1.0.15" dependencies: commander: "npm:^2.20.3" cssfilter: "npm:0.0.10" bin: xss: bin/xss - checksum: 10/dc97acaee35e5ed453fe5628841daf7b4aba5ed26b31ff4eadf831f42cded1ddebc218ff0db1d6a73e301bfada8a5236fec0c234233d66a20ecc319da542b357 + checksum: 10/074ad54babac9dd5107466dbf30d3b871dbedae1f8e7b8f4e3b76d60da8b92bd0f66f18ccd26b8524545444ef784b78c526cee089a907aa904f83c8b8d7958f6 languageName: node linkType: hard @@ -14662,11 +15111,18 @@ __metadata: linkType: hard "yaml@npm:^2.3.1": - version: 2.4.0 - resolution: "yaml@npm:2.4.0" + version: 2.4.1 + resolution: "yaml@npm:2.4.1" bin: yaml: bin.mjs - checksum: 10/60cdb4499365a9649b4fb5cfbc496a1cd415013166f1c97aef7bf002caa0ad146058c3af91dda94c5799085d8728f1e8859b3854897ecebd10b84d7b054f0a40 + checksum: 10/2c54fd69ef59126758ae710f9756405a7d41abcbb61aca894250d0e81e76057c14dc9bb00a9528f72f99b8f24077f694a6f7fd09cdd6711fcec2eebfbb5df409 + languageName: node + linkType: hard + +"yargs-parser@npm:20.2.4": + version: 20.2.4 + resolution: "yargs-parser@npm:20.2.4" + checksum: 10/db8f251ae40e24782d5c089ed86883ba3c0ce7f3c174002a67ec500802f928df9d505fea5d04829769221ce20b0f69f6fb1138fbb2e2fb102e3e9d426d20edab languageName: node linkType: hard @@ -14694,6 +15150,33 @@ __metadata: languageName: node linkType: hard +"yargs-unparser@npm:2.0.0": + version: 2.0.0 + resolution: "yargs-unparser@npm:2.0.0" + dependencies: + camelcase: "npm:^6.0.0" + decamelize: "npm:^4.0.0" + flat: "npm:^5.0.2" + is-plain-obj: "npm:^2.1.0" + checksum: 10/68f9a542c6927c3768c2f16c28f71b19008710abd6b8f8efbac6dcce26bbb68ab6503bed1d5994bdbc2df9a5c87c161110c1dfe04c6a3fe5c6ad1b0e15d9a8a3 + languageName: node + linkType: hard + +"yargs@npm:16.2.0, yargs@npm:^16.1.1": + version: 16.2.0 + resolution: "yargs@npm:16.2.0" + dependencies: + cliui: "npm:^7.0.2" + escalade: "npm:^3.1.1" + get-caller-file: "npm:^2.0.5" + require-directory: "npm:^2.1.1" + string-width: "npm:^4.2.0" + y18n: "npm:^5.0.5" + yargs-parser: "npm:^20.2.2" + checksum: 10/807fa21211d2117135d557f95fcd3c3d390530cda2eca0c840f1d95f0f40209dcfeb5ec18c785a1f3425896e623e3b2681e8bb7b6600060eda1c3f4804e7957e + languageName: node + linkType: hard + "yargs@npm:^15.3.1": version: 15.4.1 resolution: "yargs@npm:15.4.1" @@ -14713,21 +15196,6 @@ __metadata: languageName: node linkType: hard -"yargs@npm:^16.1.1": - version: 16.2.0 - resolution: "yargs@npm:16.2.0" - dependencies: - cliui: "npm:^7.0.2" - escalade: "npm:^3.1.1" - get-caller-file: "npm:^2.0.5" - require-directory: "npm:^2.1.1" - string-width: "npm:^4.2.0" - y18n: "npm:^5.0.5" - yargs-parser: "npm:^20.2.2" - checksum: 10/807fa21211d2117135d557f95fcd3c3d390530cda2eca0c840f1d95f0f40209dcfeb5ec18c785a1f3425896e623e3b2681e8bb7b6600060eda1c3f4804e7957e - languageName: node - linkType: hard - "yargs@npm:^17.0.0, yargs@npm:^17.7.2": version: 17.7.2 resolution: "yargs@npm:17.7.2" @@ -14786,12 +15254,12 @@ __metadata: linkType: hard "zip-stream@npm:^6.0.0": - version: 6.0.0 - resolution: "zip-stream@npm:6.0.0" + version: 6.0.1 + resolution: "zip-stream@npm:6.0.1" dependencies: archiver-utils: "npm:^5.0.0" - compress-commons: "npm:^6.0.0" + compress-commons: "npm:^6.0.2" readable-stream: "npm:^4.0.0" - checksum: 10/114565901579dc023b41b2d3d3ce2721ad734032295d50977dd58899cb6d1922abb6336ee388f6f90b74e0a384cb9c590f80cf9f1ac9ede865bd212ba96f6070 + checksum: 10/aa5abd6a89590eadeba040afbc375f53337f12637e5e98330012a12d9886cde7a3ccc28bd91aafab50576035bbb1de39a9a316eecf2411c8b9009c9f94f0db27 languageName: node linkType: hard