From 2989e3932f22c999e9bb880851907c11922b3119 Mon Sep 17 00:00:00 2001 From: Igor Gentil Date: Fri, 22 May 2026 11:37:29 +1000 Subject: [PATCH 1/6] chore: sync uv.lock with pyproject.toml v1.2.0 The cfn-handler self-version entry in uv.lock had drifted from pyproject.toml: release-please bumped pyproject.toml to 1.2.0 in PR #16 but cannot run `uv lock` to update the corresponding entry in uv.lock. This commit clears that drift in isolation, ahead of the substantive fix that prevents it from recurring. See follow-up commit on this branch for the release-please-config change that automates this sync going forward. --- uv.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uv.lock b/uv.lock index e2b7d0f..3a6aa03 100644 --- a/uv.lock +++ b/uv.lock @@ -238,7 +238,7 @@ wheels = [ [[package]] name = "cfn-handler" -version = "1.1.1" +version = "1.2.0" source = { editable = "." } [package.dev-dependencies] From 83122fcc6642b5306cb2048f33493e6ac85ce6ad Mon Sep 17 00:00:00 2001 From: Igor Gentil Date: Fri, 22 May 2026 11:47:55 +1000 Subject: [PATCH 2/6] ci(release): sync uv.lock from release-please and flip CI to --locked Configures release-please to update the cfn-handler self-version entry in uv.lock alongside pyproject.toml on every release, eliminating the post-merge drift that surfaced as a dirty working tree on every `git pull` + `uv sync`. With drift fixed at the source, flips CI and the .envrc dev shell back from `uv sync --frozen` to `uv sync --locked`, which also catches a contributor editing pyproject.toml dependencies without running `uv lock` (previously a known foot-gun documented as a tradeoff). The release-please-config.json change uses the workaround discovered in googleapis/release-please#2455's comment thread: "extra-files": [ { "type": "toml", "path": "uv.lock", "jsonpath": "$.package[?(@.name.value=='cfn-handler')].version" } ] The `.value` accessor descends into release-please's TOML AST node shape (string nodes are exposed as {value, kind} rather than bare strings). Tracked upstream: - googleapis/release-please#2561 (feature request to make this native) - googleapis/release-please#2455 (bug behind the .value workaround) - googleapis/release-please#2693 (proposed upstream fix) Catch-up commit (preceding this one on the branch) cleared the existing 1.1.1 -> 1.2.0 drift in uv.lock so the very PR introducing --locked doesn't fail its own CI. OpenSpec change: openspec/changes/release-please-sync-uv-lock/ Updates the ci-infrastructure spec's lockfile-drift requirement. Files touched: - release-please-config.json: add extra-files block - .github/workflows/ci.yml: --frozen -> --locked (x2); rewrite comment - .github/workflows/examples-lint.yml: --frozen -> --locked - .envrc: --frozen -> --locked; rewrite comment block - .github/CONTRIBUTING.md: rewrite lockfile policy paragraph - docs/CI.md: replace 'Lockfile drift and --frozen' subsection; add 'Status: resolved' note to the v1.0.0 postmortem --- .envrc | 18 +- .github/CONTRIBUTING.md | 15 +- .github/workflows/ci.yml | 16 +- .github/workflows/examples-lint.yml | 2 +- docs/CI.md | 63 +++++-- .../.openspec.yaml | 2 + .../release-please-sync-uv-lock/design.md | 173 ++++++++++++++++++ .../release-please-sync-uv-lock/proposal.md | 124 +++++++++++++ .../specs/ci-infrastructure/spec.md | 55 ++++++ .../release-please-sync-uv-lock/tasks.md | 60 ++++++ release-please-config.json | 9 +- 11 files changed, 497 insertions(+), 40 deletions(-) create mode 100644 openspec/changes/release-please-sync-uv-lock/.openspec.yaml create mode 100644 openspec/changes/release-please-sync-uv-lock/design.md create mode 100644 openspec/changes/release-please-sync-uv-lock/proposal.md create mode 100644 openspec/changes/release-please-sync-uv-lock/specs/ci-infrastructure/spec.md create mode 100644 openspec/changes/release-please-sync-uv-lock/tasks.md diff --git a/.envrc b/.envrc index 4ee5e77..295ddea 100644 --- a/.envrc +++ b/.envrc @@ -14,16 +14,16 @@ fi # pytest, hypothesis, moto, ...). Works regardless of whether the Nix # branch above ran. # -# Use `--frozen` to mirror what CI does: install exactly what's locked, -# without auto-resolving against pyproject.toml. This prevents the -# uv.lock drift footgun where every pull after a release-please bump -# (which updates pyproject.toml's `version` but cannot run `uv lock`) -# would silently rewrite uv.lock and leave your working tree dirty. -# Trade-off: if you add a dep to pyproject.toml without running -# `uv lock`, it won't be installed until you re-lock manually. Same -# trade-off CI accepts; documented in CONTRIBUTING.md. +# Use `--locked` to mirror what CI does. Release-please syncs uv.lock's +# self-version entry alongside pyproject.toml on every release (see +# release-please-config.json's extra-files block), so the historical +# drift footgun (a `git pull` after a release-please bump silently +# rewriting uv.lock) is fixed at the source. With `--locked` here, any +# divergence between pyproject.toml and uv.lock — e.g. a forgotten +# `uv lock` after editing deps — fails fast in your shell, matching the +# CI diagnostic. if has uv; then - uv sync --all-groups --frozen --quiet + uv sync --all-groups --locked --quiet fi if [[ -d .venv ]]; then diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index b526131..d3db261 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -149,13 +149,14 @@ public API or the spec'd capabilities, use OpenSpec. versions. After **any** change to `pyproject.toml` dependencies, run `uv lock` and commit the resulting `uv.lock` in the same PR. -CI installs with `uv sync --frozen` (not `--locked`). This is intentional: -release-please bumps `version` in `pyproject.toml` for releases but cannot -also run `uv lock`, so the local project's version drifts in `uv.lock` -between releases. `--frozen` tolerates that single drift while still -pinning every dependency version to the lockfile. **It does not catch a -contributor forgetting to run `uv lock`** after adding a dep — please do -so manually. +CI installs with `uv sync --locked` (not `--frozen`). Release-please is +configured to update `uv.lock`'s `cfn-handler` self-version entry +alongside `pyproject.toml` on every release (see the `extra-files` +block in `release-please-config.json`), so the historical drift between +the two files is fixed at the source. **`--locked` therefore catches a +contributor forgetting to run `uv lock` after editing `pyproject.toml` +deps**, surfacing the diagnostic in CI immediately rather than at a +later maintenance step. ## Reporting security issues diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d098ca9..e7c7f3b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,12 +60,14 @@ jobs: cache-suffix: test - name: Install dependencies - # Use `--frozen` rather than `--locked` so release-please's bump of - # pyproject.toml's `version` (which release-please can't pair with a - # `uv lock`) does not break post-merge CI. `--frozen` still installs - # exactly the dep versions in uv.lock; only the local project's own - # version is read from the (current) pyproject.toml. - run: uv sync --frozen --only-group test + # `--locked` validates that pyproject.toml and uv.lock agree before + # installing. Release-please now keeps the cfn-handler self-version + # entry in uv.lock in lockstep with pyproject.toml (see + # release-please-config.json's extra-files block), so post-merge + # CI on main no longer breaks under --locked. Bonus: contributors + # who edit pyproject.toml deps without running `uv lock` are + # caught by CI immediately. + run: uv sync --locked --only-group test - name: Run tests with coverage run: uv run pytest --cov --cov-report=xml --cov-report=term @@ -105,7 +107,7 @@ jobs: cache-suffix: lint - name: Install lint dependencies - run: uv sync --frozen --only-group lint + run: uv sync --locked --only-group lint - name: Ruff check run: uv run ruff check src tests examples diff --git a/.github/workflows/examples-lint.yml b/.github/workflows/examples-lint.yml index 66f94d3..830e382 100644 --- a/.github/workflows/examples-lint.yml +++ b/.github/workflows/examples-lint.yml @@ -56,7 +56,7 @@ jobs: cache-suffix: examples-lint - name: Install lint dependencies - run: uv sync --frozen --only-group lint + run: uv sync --locked --only-group lint - name: cfn-lint over examples run: uv run cfn-lint examples/**/template.yaml diff --git a/docs/CI.md b/docs/CI.md index 668ea6a..2191e2a 100644 --- a/docs/CI.md +++ b/docs/CI.md @@ -276,25 +276,49 @@ SHAs** — bumping `pypa/gh-action-pypi-publish` is fine. It depends on the workflow filename, which is why renaming `release.yml` requires re-creating the binding on PyPI first. -### Lockfile drift and `--frozen` +### Lockfile sync via release-please `release-please-action` bumps `version` in `pyproject.toml` (and -`.release-please-manifest.json`) but **cannot** also run `uv lock` to -update `uv.lock`. Under `uv sync --locked`, that drift would break every -post-merge CI run on `main` immediately after a release-please merge. +`.release-please-manifest.json`) on every release PR. It is also +configured — via the `extra-files` block in +`release-please-config.json` — to update the `cfn-handler` self-version +entry in `uv.lock` in lockstep: + +```json +"extra-files": [ + { + "type": "toml", + "path": "uv.lock", + "jsonpath": "$.package[?(@.name.value=='cfn-handler')].version" + } +] +``` + +The jsonpath uses `@.name.value` rather than `@.name`. Release-please's +TOML parser exposes string nodes as `{value, kind}` objects rather +than bare strings, so the bare `@.name=='cfn-handler'` form does not +match. Tracked upstream as +[googleapis/release-please#2455][issue-2455] (the bug); +[#2561][issue-2561] (feature request to make this native); +[#2693][pr-2693] (proposed fix that would let us drop `.value`). -CI uses `uv sync --frozen` instead: +[issue-2455]: https://github.com/googleapis/release-please/issues/2455 +[issue-2561]: https://github.com/googleapis/release-please/issues/2561 +[pr-2693]: https://github.com/googleapis/release-please/pull/2693 + +CI uses `uv sync --locked`: ```yaml - name: Install dependencies - run: uv sync --frozen --only-group test + run: uv sync --locked --only-group test ``` -`--frozen` installs exactly the dependency versions recorded in -`uv.lock`; only the local project's own version is read from the current -`pyproject.toml`. The trade-off: a contributor adding a runtime -dependency to `pyproject.toml` without running `uv lock` will not be -caught by CI — see [Lockfile policy in CONTRIBUTING.md](../.github/CONTRIBUTING.md#lockfile-uvlock). +`--locked` validates that `pyproject.toml` and `uv.lock` agree before +installing. Because release-please now keeps both files in sync, post- +merge CI on `main` is no longer broken by release commits. The +secondary benefit: a contributor who edits `pyproject.toml` +dependencies without running `uv lock` is caught by CI immediately — +see [Lockfile policy in CONTRIBUTING.md](../.github/CONTRIBUTING.md#lockfile-uvlock). ### Recovery from a failed publish @@ -670,6 +694,13 @@ on bot-authored branches — so the failure didn't surface pre-merge. its release-please token via a dedicated GitHub App; see [How release-please PRs trigger required checks](#how-release-please-prs-trigger-required-checks).) +**Status: resolved.** Release-please is now configured to update +`uv.lock`'s self-version entry alongside `pyproject.toml` via +`extra-files` in `release-please-config.json`; CI has been moved +back from `uv sync --frozen` to `uv sync --locked`. Both files +move together on every release; contributor relock omissions are +now caught by CI. See [Lockfile sync via release-please](#lockfile-sync-via-release-please). + ### What we changed 1. Repinned `pypa/gh-action-pypi-publish` to its commit SHA. @@ -692,10 +723,12 @@ direct, side-effect-free check of exactly the bug class that broke us effects on the repo). The `--locked` failure would have surfaced post-merge CI on `main` -either way, but CONTRIBUTING.md's lockfile-policy section now warns -contributors to manually `uv lock` after dependency edits. The release- -please case is unrecoverable without manual reset, which is the failure -mode this postmortem describes. +either way. CONTRIBUTING.md's lockfile-policy section warns +contributors to manually `uv lock` after dependency edits, and CI under +`--locked` now catches the omission automatically (see +[Lockfile sync via release-please](#lockfile-sync-via-release-please)). +The release-please case is unrecoverable without manual reset, which is +the failure mode this postmortem describes. --- diff --git a/openspec/changes/release-please-sync-uv-lock/.openspec.yaml b/openspec/changes/release-please-sync-uv-lock/.openspec.yaml new file mode 100644 index 0000000..4a1c677 --- /dev/null +++ b/openspec/changes/release-please-sync-uv-lock/.openspec.yaml @@ -0,0 +1,2 @@ +schema: spec-driven +created: 2026-05-22 diff --git a/openspec/changes/release-please-sync-uv-lock/design.md b/openspec/changes/release-please-sync-uv-lock/design.md new file mode 100644 index 0000000..d405d5a --- /dev/null +++ b/openspec/changes/release-please-sync-uv-lock/design.md @@ -0,0 +1,173 @@ +# Design: Sync `uv.lock` self-version via release-please; flip CI back to `--locked` + +## Context + +Two related drifts have lived with this project since v1.0.0: + +1. **Release-time drift.** `release-please-action` knows about + `pyproject.toml` (via its `release-type: python`) and bumps the + `version` field on every release PR. It does *not* know about + `uv.lock`. Consequence: every release-please merge produces a main + commit where `pyproject.toml.version` is the new version but + `uv.lock` still records the old self-version. Local `uv sync` + silently rewrites `uv.lock` to match, leaving a dirty working tree + the developer didn't ask for. + +2. **Contributor drift.** A contributor editing `pyproject.toml` + dependencies but forgetting `uv lock` produces a stale lockfile + that ships in their PR. Documented in CONTRIBUTING.md as a + tradeoff but not enforced. + +CI was historically configured with `uv sync --frozen` to tolerate +drift #1 (the release-time case). `--frozen` does not validate +`pyproject.toml` ↔ `uv.lock` consistency; it just installs from the +lockfile as-is. The cost was that drift #2 also went uncaught. + +A community fix to `release-please-config.json` +([googleapis/release-please#2561][issue-2561]; the working syntax +discovered in [#2455][issue-2455]) closes drift #1 by making +release-please update the lockfile's self-version entry alongside +`pyproject.toml`. With drift #1 closed, `--frozen` is no longer +load-bearing, and we can flip back to `--locked` to also close drift +#2. + +[issue-2561]: https://github.com/googleapis/release-please/issues/2561 +[issue-2455]: https://github.com/googleapis/release-please/issues/2455 +[pr-2693]: https://github.com/googleapis/release-please/pull/2693 + +## Goals / Non-Goals + +**Goals:** + +- Eliminate the post-release-PR `uv.lock` drift on every developer's + workstation. +- Catch missing `uv lock` re-locks in CI rather than at later + maintenance points. +- Keep the change scoped to release tooling + CI configuration. No + library, API, or behaviour changes. + +**Non-Goals:** + +- Wait for the upstream "proper" fix (release-please PR + [#2693][pr-2693]). The `.value` workaround is stable enough today; + bumping the action when #2693 lands is a future follow-up. +- Re-engineer Dependabot grouping. Pip ecosystem already runs + `uv lock` on dependency bumps; if it surprises us, that's a + separate change. +- Touch PyPI Trusted Publishing, OIDC, branch protection, or any + other auth path. + +## Decisions + +### D1. Use release-please's `extra-files` mechanism with a TOML jsonpath + +The fix is a single `extra-files` block in +`release-please-config.json`: + +```json +"extra-files": [ + { + "type": "toml", + "path": "uv.lock", + "jsonpath": "$.package[?(@.name.value=='cfn-handler')].version" + } +] +``` + +The jsonpath uses `@.name.value` rather than `@.name`. Release- +please's TOML parser exposes string nodes as `{value, kind}` +objects rather than bare strings; the `.value` accessor descends +into the AST node. Tracked upstream as bug #2455; the upstream +fix (#2693) would make `@.name=='cfn-handler'` work, at which +point the bare form becomes the documented one. + +**Rejected alternative — post-release-PR commit pushing `uv lock` +back to the release branch.** A separate workflow could detect +release-please's commit, run `uv lock`, and push the result. This +would work but requires either (a) granting bot-write access to a +side-channel workflow or (b) Igor running the merge with elevated +auth. It also moves the bump out of release-please's atomic PR, +making release rollbacks more complex (two commits to revert +instead of one). + +**Rejected alternative — switch to a release tool that natively +understands `uv.lock`.** None exist that match release-please's +feature set (Conventional-Commits-driven SemVer, GitHub-native PR +flow, manifest mode, multi-file updates). Build-vs-buy is squarely +buy here. + +### D2. Flip CI and `.envrc` to `--locked` in the same change + +Once D1 closes drift #1, the rationale for `--frozen` evaporates: +both files now move together on every release. We could keep +`--frozen` defensively, but the net effect is to keep drift #2 (the +contributor case) as a foot-gun for no benefit. The principled +move is to flip to `--locked` and let CI catch the drift it was +designed to catch. + +**Rejected alternative — keep `--frozen` for now, flip later.** The +risk of waiting is institutional memory: someone reading the +`--frozen` rationale comment in `ci.yml` six months from now would +see "release-please can't bump uv.lock" and have no signal that the +problem is fixed. Flipping now is a single commit; waiting is a +permanent stale comment unless we also rewrite the comment. If we're +already rewriting the comment, we should make the rationale +self-consistent. + +### D3. Catch-up `uv lock` lands as a separate first commit on this branch + +The current `main` has `uv.lock` at v1.1.1, `pyproject.toml` at +v1.2.0. If we flip to `--locked` without first re-locking, the very +first CI run on this branch fails with `The lockfile at uv.lock +needs to be updated, but --locked was provided`. Two options: + +- (a) Combined commit: include the one-line `uv.lock` bump in the + same commit as the workflow flip. +- (b) Separate commit: re-lock first, then flip. + +We chose (b). The `uv.lock` self-version diff (1.1.1 → 1.2.0) is a +mechanical sync, not a substantive change; isolating it makes the +PR's substantive diff self-contained and reviewable. Squash-merge +collapses both into a single `ci(release):` commit on `main` so +the historical record stays clean. + +### D4. Update `.envrc` to mirror CI + +The `.envrc` block currently runs `uv sync --all-groups --frozen` +explicitly to avoid surprising contributors with a dirty `uv.lock` +on `git pull`. With drift #1 closed, the surprise no longer occurs; +keeping `--frozen` would diverge from CI's posture and let +contributors land PRs that fail CI for a reason their local shell +can't reproduce. Match CI: `--locked` everywhere. + +### D5. Documentation: rewrite the "why `--frozen`" notes, don't delete them + +Three places explain the historical `--frozen` choice: +`.github/CONTRIBUTING.md`, `docs/CI.md`, `.envrc`'s inline comment, +and `ci.yml`'s inline comment. We rewrite each to describe the new +posture (release-please syncs `uv.lock`; CI uses `--locked`) rather +than deleting the section, because future readers will want to know +both *that* the lockfile is kept in sync and *how*. The CI.md +postmortem at "Root cause #2" stays as historical context with a +forward-reference to the new section. + +## Risks / Trade-offs + +- **Risk: `.value` jsonpath is undocumented.** → Mitigation: action + is SHA-pinned (`5c625bfb...`), so a future upstream change cannot + silently break us. Spec scenario explicitly covers regression + detection: `--locked` CI fails the next post-merge run on `main`, + surfacing the issue immediately. Comment in + `release-please-config.json` references the upstream issues so a + future-Igor doesn't reverse-engineer the syntax. +- **Risk: existing drift on `main` (1.1.1 vs 1.2.0) breaks `--locked` + on this very PR.** → Mitigation: D3's separate catch-up commit. +- **Risk: Dependabot pip PRs fail under `--locked` if it forgets to + re-lock.** → Tested behaviour: Dependabot's `pip` ecosystem runs + the underlying lock update on bumps. If a Dependabot PR ever lands + with a stale lockfile, CI catches it (the desired behaviour) and + we open a follow-up to fix the bot config. +- **Trade-off: tighter coupling between release-please's internal + TOML AST and our config.** → Accepted because the alternative + (out-of-band `uv lock` push) is more complex and more fragile. + Coupling is documented; SHA pin guards against silent breakage. diff --git a/openspec/changes/release-please-sync-uv-lock/proposal.md b/openspec/changes/release-please-sync-uv-lock/proposal.md new file mode 100644 index 0000000..df63614 --- /dev/null +++ b/openspec/changes/release-please-sync-uv-lock/proposal.md @@ -0,0 +1,124 @@ +# Proposal: Sync `uv.lock` self-version via release-please; flip CI back to `--locked` + +## Why + +After every release-please merge, `pyproject.toml`'s `version` is bumped +but the corresponding `[[package]] name = "cfn-handler"` entry in +`uv.lock` is left at the old version. This drift surfaces locally on +every `git pull` followed by `uv sync` (the working tree shows +`uv.lock` modified) and has historically broken CI. The accepted +workaround was to install via `uv sync --frozen` everywhere — in +`ci.yml`, `examples-lint.yml`, and `.envrc` — which tolerates that +drift but accepts a known foot-gun in return: a contributor adding a +runtime dependency to `pyproject.toml` without running `uv lock` is +not caught by CI. + +A community-discovered fix to `release-please-config.json` +([googleapis/release-please#2561][issue-2561]; comment thread on +[#2455][issue-2455]) lets release-please update `uv.lock`'s self- +version entry alongside `pyproject.toml` via the existing +`extra-files` mechanism. The trick is the jsonpath syntax +`$.package[?(@.name.value=='')].version` — the `.value` accessor +descends into release-please's internal TOML AST node shape (where +strings are exposed as `{value, kind}` rather than bare strings), +working around the bug tracked in #2455. Upstream PR +[#2693][pr-2693] aims to make this `.value` accessor unnecessary by +fixing the parser; until that ships, the workaround is stable. + +With both files now bumped together, the original justification for +`--frozen` evaporates. We can flip CI and `.envrc` back to `--locked` +and close the contributor-relock foot-gun in the same change. + +[issue-2561]: https://github.com/googleapis/release-please/issues/2561 +[issue-2455]: https://github.com/googleapis/release-please/issues/2455 +[pr-2693]: https://github.com/googleapis/release-please/pull/2693 + +## What Changes + +### Release pipeline configuration + +- **MODIFIED** `release-please-config.json` — add an `extra-files` + entry under `packages."."` that targets `uv.lock` with the + TOML-jsonpath workaround. Release-please will rewrite the matched + `version` field in lockstep with `pyproject.toml` on every release + PR. + +### CI workflows + +- **MODIFIED** `.github/workflows/ci.yml` — both `uv sync --frozen` + invocations (test job, lint job) become `--locked`. The inline + comment explaining the `--frozen` choice is rewritten to describe + the new posture. +- **MODIFIED** `.github/workflows/examples-lint.yml` — `uv sync + --frozen --only-group lint` becomes `--locked`. + +### Local developer environment + +- **MODIFIED** `.envrc` — `uv sync --all-groups --frozen --quiet` + becomes `--locked`. The block comment is rewritten: with + release-please now syncing `uv.lock`, the original drift footgun is + fixed at the source; `--locked` here mirrors CI and gives developers + the same diagnostic immediately. + +### One-shot lockfile catch-up + +- **MODIFIED** `uv.lock` — a separate commit on this branch (landing + *before* the substantive change) re-locks to bring the self-version + entry from `1.1.1` to `1.2.0`. Without this, the very PR that flips + CI to `--locked` would fail its own CI run. The diff is exactly one + line. + +### Documentation + +- **MODIFIED** `.github/CONTRIBUTING.md` — the "Lockfile (`uv.lock`)" + section's `--frozen` paragraph is replaced with a `--locked` + rationale. +- **MODIFIED** `docs/CI.md` — the "Lockfile drift and `--frozen`" + subsection is replaced with a "Lockfile sync via release-please" + subsection. The postmortem at "Root cause #2: `--locked` vs + release-please version bump" gains a forward-reference noting the + resolution. + +### Non-goals + +- **No** library API changes. This is purely CI/release tooling. +- **No** changes to PyPI Trusted Publishing, OIDC, branch protection, + or any other auth path. +- **No** preemptive update of `secure-workflows.yml` policy or + Dependabot grouping. The `--locked` flip may surface Dependabot PRs + that fail because the bot can't re-lock; if it does, that becomes a + separate change. We expect Dependabot's pip ecosystem to re-lock + correctly because it already runs `uv lock` on dependency bumps. + +## Capabilities + +### Modified Capabilities + +- `ci-infrastructure` — replaces the existing + `Lockfile drift policy: uv sync --frozen in CI; manual uv lock + after dependency edits` requirement with a new + `Lockfile drift policy: release-please syncs uv.lock; CI uses + --locked` requirement. The behavioural contract changes: CI now + catches a contributor adding a dep without re-locking; release PRs + now include the matching `uv.lock` self-version bump. + +## Impact + +- **Maintainer workload**: zero recurring; one-time edit to + `release-please-config.json` plus the workflow / docs cleanup. +- **Release pipeline**: every release PR henceforth includes the + `uv.lock` self-version line in its diff. No manual intervention. +- **Contributor workflow**: `uv sync` (default `--locked` semantics + via `.envrc`) now catches missed re-locks immediately rather than + silently producing a stale lockfile. Same applies to CI. +- **Backwards compatibility**: nothing user-facing breaks. The first + release-please PR opened after this lands will be the first to + ship the `extra-files` behaviour; an unlikely failure (e.g., the + `.value` accessor regresses upstream) would surface as a + release-please PR with `uv.lock` unchanged, caught by the next + post-merge CI run on `main`. +- **Risk**: the `.value` jsonpath syntax is undocumented (it leaks + release-please's TOML AST shape). Pinned action SHA insulates us + from upstream surprises; if PR #2693 ships and we bump the action, + the bare jsonpath becomes the official form and we'd update in a + follow-up change. diff --git a/openspec/changes/release-please-sync-uv-lock/specs/ci-infrastructure/spec.md b/openspec/changes/release-please-sync-uv-lock/specs/ci-infrastructure/spec.md new file mode 100644 index 0000000..4021a73 --- /dev/null +++ b/openspec/changes/release-please-sync-uv-lock/specs/ci-infrastructure/spec.md @@ -0,0 +1,55 @@ +# Spec delta: ci-infrastructure + +## MODIFIED Requirements + +### Requirement: Lockfile drift policy: release-please syncs `uv.lock`; CI uses `--locked` + +Releases SHALL keep the project's self-version entry in `uv.lock` +synchronised with `pyproject.toml`. `release-please-config.json` +SHALL list `uv.lock` as an `extra-files` entry of type `toml`, +matching the project's package via the jsonpath +`$.package[?(@.name.value=='cfn-handler')].version`. The `.value` +accessor descends into release-please's TOML AST node shape (which +exposes string nodes as `{value, kind}` rather than bare strings) +and is required as a workaround for +[googleapis/release-please#2455](https://github.com/googleapis/release-please/issues/2455); +the upstream tracker is +[#2561](https://github.com/googleapis/release-please/issues/2561) and +the proposed fix is PR +[#2693](https://github.com/googleapis/release-please/pull/2693). + +CI SHALL install dependencies via `uv sync --locked --only-group ` +in `ci.yml` and `examples-lint.yml`. Local development via `.envrc` +SHALL also use `--locked` so contributors see the same diagnostics +locally that CI produces. With release-please syncing `uv.lock`'s +self-version entry, the lockfile and `pyproject.toml` move in +lockstep on every release; with `--locked` enforced, contributors who +edit `pyproject.toml` dependencies without running `uv lock` are +caught immediately by CI rather than discovered at a later +maintenance step. + +#### Scenario: Post-release CI on main + +- **WHEN** the release PR is merged, bumping `pyproject.toml` from + `X.Y.Z` to `X.Y.Z+1` *and* the corresponding `[[package]] name = + "cfn-handler"` `version` in `uv.lock` (because the `extra-files` + entry directs release-please to update both) +- **THEN** the next `ci.yml` run on `main` succeeds because `uv sync + --locked` finds `pyproject.toml` and `uv.lock` consistent + +#### Scenario: A contributor adds a new runtime dependency without re-locking + +- **WHEN** a PR adds a dependency to `pyproject.toml` but does not + include the resulting `uv.lock` change +- **THEN** `uv sync --locked` fails the PR's CI run with + `The lockfile at uv.lock needs to be updated, but --locked was + provided`, surfacing the missed re-lock before review + +#### Scenario: release-please's TOML AST shape regresses upstream + +- **WHEN** a future release-please bump changes the parser such that + the `.value` accessor no longer matches the cfn-handler package +- **THEN** the next release PR ships with `uv.lock`'s self-version + unchanged; the post-merge `ci.yml` run on `main` fails under + `--locked` and the failure is loud, fast, and bisectable to the + release PR commit diff --git a/openspec/changes/release-please-sync-uv-lock/tasks.md b/openspec/changes/release-please-sync-uv-lock/tasks.md new file mode 100644 index 0000000..8df7299 --- /dev/null +++ b/openspec/changes/release-please-sync-uv-lock/tasks.md @@ -0,0 +1,60 @@ +# Tasks: Sync `uv.lock` self-version via release-please; flip CI back to `--locked` + +## 1. Catch-up `uv.lock` (separate first commit on this branch) + +- [x] 1.1 Run `uv lock` locally on `main`-derived branch +- [x] 1.2 Verify the diff is exactly one line: `uv.lock` line ~241, `version = "1.1.1"` → `version = "1.2.0"` for the `cfn-handler` `[[package]]` block +- [x] 1.3 Commit on this branch with message `chore: sync uv.lock with pyproject.toml v1.2.0` and a body noting that this clears existing release-please drift before the substantive fix lands + +## 2. Release-please configuration + +- [ ] 2.1 Edit `release-please-config.json`: under `packages."."`, add an `extra-files` array with one entry: `{"type": "toml", "path": "uv.lock", "jsonpath": "$.package[?(@.name.value=='cfn-handler')].version"}` +- [ ] 2.2 Verify with `cat release-please-config.json | jq .` that the JSON is valid + +## 3. Workflow flip: `--frozen` → `--locked` + +- [ ] 3.1 Edit `.github/workflows/ci.yml` line ~68 (`uv sync --frozen --only-group test` → `uv sync --locked --only-group test`); rewrite the inline comment block above the step to describe the new posture +- [ ] 3.2 Edit `.github/workflows/ci.yml` line ~108 (`uv sync --frozen --only-group lint` → `uv sync --locked --only-group lint`) +- [ ] 3.3 Edit `.github/workflows/examples-lint.yml` line ~59 (`uv sync --frozen --only-group lint` → `uv sync --locked --only-group lint`) + +## 4. Local environment + +- [ ] 4.1 Edit `.envrc` line 26 (`uv sync --all-groups --frozen --quiet` → `uv sync --all-groups --locked --quiet`) +- [ ] 4.2 Rewrite the comment block at `.envrc` lines 17-24 to describe the new posture (release-please syncs `uv.lock`; `--locked` mirrors CI; contributors see lockfile drift locally before push) + +## 5. Documentation + +- [ ] 5.1 Edit `.github/CONTRIBUTING.md` lines ~152-158: replace the "uv sync --frozen" paragraph with a `--locked` paragraph noting the release-please sync +- [ ] 5.2 Edit `docs/CI.md` lines ~279-298: replace the "Lockfile drift and `--frozen`" subsection with a "Lockfile sync via release-please" subsection +- [ ] 5.3 Edit `docs/CI.md` postmortem at "Root cause #2" (lines ~657-672): append a sentence noting the resolution and back-reference the new section + +## 6. Validation (before push) + +- [ ] 6.1 `openspec validate release-please-sync-uv-lock --strict` passes +- [ ] 6.2 `uv sync --locked` succeeds locally — proves the catch-up commit cleared all drift +- [ ] 6.3 `just ci-check` passes (no library changes; should be green) +- [ ] 6.4 `git diff main..HEAD --stat` shows: 2 commits, ~7 files changed; no surprising files + +## 7. Open PR + +- [ ] 7.1 Push the branch `ci/release-please-sync-uv-lock` to origin +- [ ] 7.2 `gh pr create` against `main`. Title: `ci(release): sync uv.lock from release-please and flip CI to --locked`. Body links to the proposal and the three upstream issues (#2561, #2455, #2693) + +## 8. Cloud CI on the PR + +- [ ] 8.1 `secure-workflows.yml` re-validates SHA-pins; reports SUCCESS (no SHA changes) +- [ ] 8.2 `ci.yml` matrix + lint pass under the new `--locked` install (proves the catch-up worked end-to-end) +- [ ] 8.3 `examples-lint.yml` does not trigger (no examples changes); not required for merge +- [ ] 8.4 `analyze (python)` and `review dependencies` complete + +## 9. Merge + first post-merge release + +- [ ] 9.1 Squash-merge with title `ci(release): sync uv.lock from release-please and flip CI to --locked`. The `ci:` prefix produces no version bump +- [ ] 9.2 The merge does NOT itself trigger a release. The next `feat:`/`fix:` merge will be the first to exercise the `extra-files` behaviour. Watch that release-please run end-to-end: + - The release PR diff includes the `uv.lock` self-version line (`cfn-handler` `[[package]]` block, `version = "X.Y.Z"`) + - Squash-merging the release PR triggers the full downstream pipeline AND the post-merge `ci.yml` on `main` passes under `--locked` (proves the source-of-drift fix is correct) + +## 10. Archive + +- [ ] 10.1 After step 9.2 confirms in production, run `openspec archive release-please-sync-uv-lock` +- [ ] 10.2 Verify the MODIFIED requirement merges into `openspec/specs/ci-infrastructure/spec.md` correctly (replaces the old `--frozen` requirement) diff --git a/release-please-config.json b/release-please-config.json index c38896c..273fdc6 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -8,7 +8,14 @@ "changelog-path": "CHANGELOG.md", "packages": { ".": { - "package-name": "cfn-handler" + "package-name": "cfn-handler", + "extra-files": [ + { + "type": "toml", + "path": "uv.lock", + "jsonpath": "$.package[?(@.name.value=='cfn-handler')].version" + } + ] } } } From 1cacfcf7ed6fa1e7b42de7146e0ab970d4924b9c Mon Sep 17 00:00:00 2001 From: Igor Gentil Date: Fri, 22 May 2026 12:01:36 +1000 Subject: [PATCH 3/6] chore(test): add local validator for release-please uv.lock updater MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds tests/release-please/, a Node.js validator that loads release- please's GenericToml updater locally and exercises it against the real uv.lock + the jsonpath from release-please-config.json. Catches: 1. Configured jsonpath stops matching the cfn-handler entry (someone removed/edited the extra-files block by mistake) 2. release-please starts re-serialising uv.lock instead of doing a surgical byte-range edit (would cause whole-file rewrites in every release PR — see the misleading docstring on GenericToml that prompted this validator) 3. Bare `@.name` jsonpath unexpectedly starts working, which would mean googleapis/release-please#2693 has landed and we can drop the .value workaround and simplify the config Pinned to release-please 17.3.0 — the version bundled in the action SHA pinned in release.yml. README documents the version-linkage policy: bumping the action SHA also bumps this pin. Layout: tests/release-please/ \u251c\u2500\u2500 README.md purpose, usage, version-pin policy \u251c\u2500\u2500 package.json release-please pin (one dep) \u251c\u2500\u2500 package-lock.json committed for repro \u2514\u2500\u2500 validate-uv-lock-updater.js the actual checks (positive + negative) node_modules/ is gitignored. pytest doesn't collect non-Python files. ruff doesn't lint non-Python files. mypy/pyright/coverage scope is src/ only. Adding this directory is fully isolated from existing tooling. Run manually: cd tests/release-please && npm install && node validate-uv-lock-updater.js A `just` recipe wiring this in as a pre-push check is a follow-up. --- .gitignore | 4 + tests/release-please/README.md | 101 + tests/release-please/package-lock.json | 1967 +++++++++++++++++ tests/release-please/package.json | 12 + .../validate-uv-lock-updater.js | 216 ++ 5 files changed, 2300 insertions(+) create mode 100644 tests/release-please/README.md create mode 100644 tests/release-please/package-lock.json create mode 100644 tests/release-please/package.json create mode 100644 tests/release-please/validate-uv-lock-updater.js diff --git a/.gitignore b/.gitignore index 449688d..e5d98e3 100644 --- a/.gitignore +++ b/.gitignore @@ -56,3 +56,7 @@ scratch/ # act (local GH Actions runner) .actrc.local .act-cache/ + +# Node (only used by tests/release-please/ for local validation; the lockfile +# is committed for reproducibility, the modules are not). +node_modules/ diff --git a/tests/release-please/README.md b/tests/release-please/README.md new file mode 100644 index 0000000..20295eb --- /dev/null +++ b/tests/release-please/README.md @@ -0,0 +1,101 @@ +# release-please `uv.lock` updater validator + +A local, network-free check that release-please's `extra-files` +configuration in [`release-please-config.json`](../../release-please-config.json) +will surgically update `uv.lock`'s `cfn-handler` self-version entry — +and only that entry — on every release. + +## Why this exists + +Release-please's `GenericToml` updater is configured via a jsonpath that +must navigate release-please's internal TOML AST (where string nodes are +exposed as `{value, kind}` objects, not bare strings). The bare form +`$.package[?(@.name=='cfn-handler')].version` does NOT match — see +[googleapis/release-please#2455][issue-2455]. The working form needs +`.value`: + +``` +$.package[?(@.name.value=='cfn-handler')].version +``` + +[Upstream PR #2693][pr-2693] proposes to make the bare form work; until +it lands, the `.value` workaround is what we have. + +The class-level docstring on `GenericToml` says: + +> Note that used parser does reformat the document and removes all +> comments, and converts everything to pure TOML. + +That is misleading. The actual implementation in `util/toml-edit.js` +uses a `TaggedTOMLParser` that annotates each value with byte offsets; +the replacement is a surgical `input.slice(0, start) + new + input.slice(end)`. +Original formatting, comments, and ordering survive. If the docstring +had been right, this whole approach would be unusable (1872-line +`uv.lock` rewrites every release). It isn't — but **trust but verify**; +this script keeps that verification automated. + +[issue-2455]: https://github.com/googleapis/release-please/issues/2455 +[issue-2561]: https://github.com/googleapis/release-please/issues/2561 +[pr-2693]: https://github.com/googleapis/release-please/pull/2693 + +## What the script checks + +| # | Check | Failure mode it catches | +|---|---|---| +| 1 | Configured jsonpath matches the cfn-handler entry | Someone broke / removed the `extra-files` block; `uv.lock` will go un-updated | +| 2 | The line count of `uv.lock` is preserved | release-please started re-serialising the file (whole-file rewrite) | +| 3 | Exactly one line changed | The jsonpath now matches more than the cfn-handler self-entry | +| 4 | The changed line is `version = "X.Y.Z"` | The matched node isn't a version field | +| 5 | Byte delta is small and explainable | Something larger than the version string changed | +| 6 | Bare `@.name` jsonpath does NOT match | Bug #2455 is fixed upstream; we can drop `.value` and simplify the config | + +## How to run + +```sh +cd tests/release-please +npm install # one-time, after a fresh clone or version bump +node validate-uv-lock-updater.js +``` + +Or via the npm script: + +```sh +npm run validate +``` + +`npm install` is committed-lockfile reproducible (`package-lock.json` is +checked in). `node_modules/` is gitignored. + +A `just` recipe will be added later to wire this in as a pre-push check; +until then it's manual. + +## Version pinning policy + +`package.json` pins `release-please` to **the exact version bundled in +the `release-please-action` SHA used by `.github/workflows/release.yml`**. + +When you bump `googleapis/release-please-action` in `release.yml`: + +1. Find the new action's bundled release-please version. The action's + `package.json` declares it; e.g. action v4.4.1's `package.json` + pinned `release-please` to `^17.1.3` and shipped with `17.3.0` in + the action's `package-lock.json`. +2. Update `dependencies.release-please` here to match. +3. Re-run `npm install`; commit the updated `package-lock.json`. +4. Re-run this validator. If anything in the output changes (especially + the negative test going from FAIL→PASS, suggesting #2693 has + landed), update [the spec][spec] and the inline workaround comments + in `release-please-config.json`. + +[spec]: ../../openspec/specs/ci-infrastructure/spec.md + +## What this script does NOT validate + +- Whether release-please will *open the right release PR* (commit + parsing, version bumping logic). That's tested by release-please's + own test suite. +- The full release pipeline. For end-to-end validation, the cheap + signal is "merge a `feat:` or `fix:`, watch the release PR's diff + contain the `uv.lock` self-version line". +- That `uv sync --locked` actually succeeds in CI under the new posture. + That's verified by `just ci-check` in this repo. diff --git a/tests/release-please/package-lock.json b/tests/release-please/package-lock.json new file mode 100644 index 0000000..65cc242 --- /dev/null +++ b/tests/release-please/package-lock.json @@ -0,0 +1,1967 @@ +{ + "name": "cfn-handler-release-please-validator", + "version": "0.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "cfn-handler-release-please-validator", + "version": "0.0.0", + "dependencies": { + "release-please": "17.3.0" + } + }, + "node_modules/@babel/code-frame": { + "version": "7.29.0", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz", + "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==", + "license": "MIT", + "dependencies": { + "@babel/helper-validator-identifier": "^7.28.5", + "js-tokens": "^4.0.0", + "picocolors": "^1.1.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-identifier": { + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz", + "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@conventional-commits/parser": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/@conventional-commits/parser/-/parser-0.4.1.tgz", + "integrity": "sha512-H2ZmUVt6q+KBccXfMBhbBF14NlANeqHTXL4qCL6QGbMzrc4HDXyzWuxPxPNbz71f/5UkR5DrycP5VO9u7crahg==", + "license": "ISC", + "dependencies": { + "unist-util-visit": "^2.0.3", + "unist-util-visit-parents": "^3.1.1" + } + }, + "node_modules/@google-automations/git-file-utils": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@google-automations/git-file-utils/-/git-file-utils-3.0.1.tgz", + "integrity": "sha512-vlQZ8DlBcippB5zTY0M5Rib8tKT4yQ7oBKbs6kcWAzp70oyillKinXLZwlIgNTmfzzZx1J6cez3M0EmrpXFRcw==", + "license": "Apache-2.0", + "dependencies": { + "@octokit/rest": "^20.1.1", + "@octokit/types": "^13.0.0", + "js-yaml": "^4.1.1", + "minimatch": "^10.2.4" + }, + "engines": { + "node": ">= 20" + } + }, + "node_modules/@iarna/toml": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@iarna/toml/-/toml-3.0.0.tgz", + "integrity": "sha512-td6ZUkz2oS3VeleBcN+m//Q6HlCFCPrnI0FZhrt/h4XqLEdOyYp2u21nd8MdsR+WJy5r9PTDaHTDDfhf4H4l6Q==", + "license": "ISC" + }, + "node_modules/@jsep-plugin/assignment": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/@jsep-plugin/assignment/-/assignment-1.3.0.tgz", + "integrity": "sha512-VVgV+CXrhbMI3aSusQyclHkenWSAm95WaiKrMxRFam3JSUiIaQjoMIw2sEs/OX4XifnqeQUN4DYbJjlA8EfktQ==", + "license": "MIT", + "engines": { + "node": ">= 10.16.0" + }, + "peerDependencies": { + "jsep": "^0.4.0||^1.0.0" + } + }, + "node_modules/@jsep-plugin/regex": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@jsep-plugin/regex/-/regex-1.0.4.tgz", + "integrity": "sha512-q7qL4Mgjs1vByCaTnDFcBnV9HS7GVPJX5vyVoCgZHNSC9rjwIlmbXG5sUuorR5ndfHAIlJ8pVStxvjXHbNvtUg==", + "license": "MIT", + "engines": { + "node": ">= 10.16.0" + }, + "peerDependencies": { + "jsep": "^0.4.0||^1.0.0" + } + }, + "node_modules/@octokit/auth-token": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-4.0.0.tgz", + "integrity": "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA==", + "license": "MIT", + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/core": { + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.2.2.tgz", + "integrity": "sha512-/g2d4sW9nUDJOMz3mabVQvOGhVa4e/BN/Um7yca9Bb2XTzPPnfTWHWQg+IsEYO7M3Vx+EXvaM/I2pJWIMun1bg==", + "license": "MIT", + "dependencies": { + "@octokit/auth-token": "^4.0.0", + "@octokit/graphql": "^7.1.0", + "@octokit/request": "^8.4.1", + "@octokit/request-error": "^5.1.1", + "@octokit/types": "^13.0.0", + "before-after-hook": "^2.2.0", + "universal-user-agent": "^6.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/endpoint": { + "version": "9.0.6", + "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.6.tgz", + "integrity": "sha512-H1fNTMA57HbkFESSt3Y9+FBICv+0jFceJFPWDePYlR/iMGrwM5ph+Dd4XRQs+8X+PUFURLQgX9ChPfhJ/1uNQw==", + "license": "MIT", + "dependencies": { + "@octokit/types": "^13.1.0", + "universal-user-agent": "^6.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/graphql": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-7.1.1.tgz", + "integrity": "sha512-3mkDltSfcDUoa176nlGoA32RGjeWjl3K7F/BwHwRMJUW/IteSa4bnSV8p2ThNkcIcZU2umkZWxwETSSCJf2Q7g==", + "license": "MIT", + "dependencies": { + "@octokit/request": "^8.4.1", + "@octokit/types": "^13.0.0", + "universal-user-agent": "^6.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/openapi-types": { + "version": "24.2.0", + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz", + "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==", + "license": "MIT" + }, + "node_modules/@octokit/plugin-paginate-rest": { + "version": "11.4.4-cjs.2", + "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-11.4.4-cjs.2.tgz", + "integrity": "sha512-2dK6z8fhs8lla5PaOTgqfCGBxgAv/le+EhPs27KklPhm1bKObpu6lXzwfUEQ16ajXzqNrKMujsFyo9K2eaoISw==", + "license": "MIT", + "dependencies": { + "@octokit/types": "^13.7.0" + }, + "engines": { + "node": ">= 18" + }, + "peerDependencies": { + "@octokit/core": "5" + } + }, + "node_modules/@octokit/plugin-request-log": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/@octokit/plugin-request-log/-/plugin-request-log-4.0.1.tgz", + "integrity": "sha512-GihNqNpGHorUrO7Qa9JbAl0dbLnqJVrV8OXe2Zm5/Y4wFkZQDfTreBzVmiRfJVfE4mClXdihHnbpyyO9FSX4HA==", + "license": "MIT", + "engines": { + "node": ">= 18" + }, + "peerDependencies": { + "@octokit/core": "5" + } + }, + "node_modules/@octokit/plugin-rest-endpoint-methods": { + "version": "13.3.2-cjs.1", + "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-13.3.2-cjs.1.tgz", + "integrity": "sha512-VUjIjOOvF2oELQmiFpWA1aOPdawpyaCUqcEBc/UOUnj3Xp6DJGrJ1+bjUIIDzdHjnFNO6q57ODMfdEZnoBkCwQ==", + "license": "MIT", + "dependencies": { + "@octokit/types": "^13.8.0" + }, + "engines": { + "node": ">= 18" + }, + "peerDependencies": { + "@octokit/core": "^5" + } + }, + "node_modules/@octokit/request": { + "version": "8.4.1", + "resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.4.1.tgz", + "integrity": "sha512-qnB2+SY3hkCmBxZsR/MPCybNmbJe4KAlfWErXq+rBKkQJlbjdJeS85VI9r8UqeLYLvnAenU8Q1okM/0MBsAGXw==", + "license": "MIT", + "dependencies": { + "@octokit/endpoint": "^9.0.6", + "@octokit/request-error": "^5.1.1", + "@octokit/types": "^13.1.0", + "universal-user-agent": "^6.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/request-error": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.1.tgz", + "integrity": "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g==", + "license": "MIT", + "dependencies": { + "@octokit/types": "^13.1.0", + "deprecation": "^2.0.0", + "once": "^1.4.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/rest": { + "version": "20.1.2", + "resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-20.1.2.tgz", + "integrity": "sha512-GmYiltypkHHtihFwPRxlaorG5R9VAHuk/vbszVoRTGXnAsY60wYLkh/E2XiFmdZmqrisw+9FaazS1i5SbdWYgA==", + "license": "MIT", + "dependencies": { + "@octokit/core": "^5.0.2", + "@octokit/plugin-paginate-rest": "11.4.4-cjs.2", + "@octokit/plugin-request-log": "^4.0.0", + "@octokit/plugin-rest-endpoint-methods": "13.3.2-cjs.1" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/@octokit/types": { + "version": "13.10.0", + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz", + "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==", + "license": "MIT", + "dependencies": { + "@octokit/openapi-types": "^24.2.0" + } + }, + "node_modules/@types/minimist": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/@types/minimist/-/minimist-1.2.5.tgz", + "integrity": "sha512-hov8bUuiLiyFPGyFPE1lwWhmzYbirOXQNNo40+y3zow8aFVTeyn3VWL0VFFfdNddA8S4Vf0Tc062rzyNr7Paag==", + "license": "MIT" + }, + "node_modules/@types/normalize-package-data": { + "version": "2.4.4", + "resolved": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==", + "license": "MIT" + }, + "node_modules/@types/npm-package-arg": { + "version": "6.1.4", + "resolved": "https://registry.npmjs.org/@types/npm-package-arg/-/npm-package-arg-6.1.4.tgz", + "integrity": "sha512-vDgdbMy2QXHnAruzlv68pUtXCjmqUk3WrBAsRboRovsOmxbfn/WiYCjmecyKjGztnMps5dWp4Uq2prp+Ilo17Q==", + "license": "MIT" + }, + "node_modules/@types/unist": { + "version": "2.0.11", + "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz", + "integrity": "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==", + "license": "MIT" + }, + "node_modules/@types/yargs": { + "version": "16.0.11", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.11.tgz", + "integrity": "sha512-sbtvk8wDN+JvEdabmZExoW/HNr1cB7D/j4LT08rMiuikfA7m/JNJg7ATQcgzs34zHnoScDkY0ZRSl29Fkmk36g==", + "license": "MIT", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/@types/yargs-parser": { + "version": "21.0.3", + "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "integrity": "sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ==", + "license": "MIT" + }, + "node_modules/@xmldom/xmldom": { + "version": "0.8.13", + "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.13.tgz", + "integrity": "sha512-KRYzxepc14G/CEpEGc3Yn+JKaAeT63smlDr+vjB8jRfgTBBI9wRj/nkQEO+ucV8p8I9bfKLWp37uHgFrbntPvw==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/agent-base": { + "version": "7.1.4", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz", + "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==", + "license": "MIT", + "engines": { + "node": ">= 14" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "license": "MIT", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "license": "Python-2.0" + }, + "node_modules/array-ify": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/array-ify/-/array-ify-1.0.0.tgz", + "integrity": "sha512-c5AMf34bKdvPhQ7tBGhqkgKNUzMr4WUs+WDtC2ZUGOUncbxKMTvqxYctiseW3+L4bA8ec+GcZ6/A/FW4m8ukng==", + "license": "MIT" + }, + "node_modules/arrify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "integrity": "sha512-3CYzex9M9FGQjCGMGyi6/31c8GJbgb0qGyrx5HWxPd0aCwh4cB2YjMb2Xf9UuoogrMrlO9cTqnB5rI5GHZTcUA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/async-retry": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "integrity": "sha512-wfr/jstw9xNi/0teMHrRW7dsz3Lt5ARhYNZ2ewpadnhaIp5mbALhOAP+EAdsC7t4Z6wqsDVv9+W6gm1Dk9mEyw==", + "license": "MIT", + "dependencies": { + "retry": "0.13.1" + } + }, + "node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/before-after-hook": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz", + "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==", + "license": "Apache-2.0" + }, + "node_modules/boolbase": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", + "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==", + "license": "ISC" + }, + "node_modules/brace-expansion": { + "version": "5.0.6", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz", + "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==", + "license": "MIT", + "dependencies": { + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/camelcase": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/camelcase-keys": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-6.2.2.tgz", + "integrity": "sha512-YrwaA0vEKazPBkn0ipTiMpSajYDSe+KjQfrjhcBMxJt/znbvlHd8Pw/Vamaz5EB4Wfhs3SUR3Z9mwRu/P3s3Yg==", + "license": "MIT", + "dependencies": { + "camelcase": "^5.3.1", + "map-obj": "^4.0.0", + "quick-lru": "^4.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/cliui": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==", + "license": "ISC", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.1", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/code-suggester": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/code-suggester/-/code-suggester-5.0.1.tgz", + "integrity": "sha512-8qJiiSCfkbPNWvjEFzdG1UW3axL+Bs0ldV1/TdlBKmF9I/a/WooSQZQCi9M44HoXbVTQesn/IQr6+nIWNnVIWA==", + "license": "Apache-2.0", + "dependencies": { + "@octokit/rest": "^20.1.2", + "@types/yargs": "^16.0.0", + "async-retry": "^1.3.1", + "diff": "^8.0.3", + "glob": "^7.1.6", + "parse-diff": "^0.11.0", + "yargs": "^16.0.0" + }, + "bin": { + "code-suggester": "build/src/bin/code-suggester.js" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/code-suggester/node_modules/cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "license": "ISC", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, + "node_modules/code-suggester/node_modules/yargs": { + "version": "16.2.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "license": "MIT", + "dependencies": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "license": "MIT", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "license": "MIT" + }, + "node_modules/compare-func": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/compare-func/-/compare-func-2.0.0.tgz", + "integrity": "sha512-zHig5N+tPWARooBnb0Zx1MFcdfpyJrfTJ3Y5L+IFvUm8rM74hHz66z0gw0x4tijh5CorKkKUCnW82R2vmpeCRA==", + "license": "MIT", + "dependencies": { + "array-ify": "^1.0.0", + "dot-prop": "^5.1.0" + } + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "license": "MIT" + }, + "node_modules/conventional-changelog-conventionalcommits": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/conventional-changelog-conventionalcommits/-/conventional-changelog-conventionalcommits-6.1.0.tgz", + "integrity": "sha512-3cS3GEtR78zTfMzk0AizXKKIdN4OvSh7ibNz6/DPbhWWQu7LqE/8+/GqSodV+sywUR2gpJAdP/1JFf4XtN7Zpw==", + "license": "ISC", + "dependencies": { + "compare-func": "^2.0.0" + }, + "engines": { + "node": ">=14" + } + }, + "node_modules/conventional-changelog-writer": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/conventional-changelog-writer/-/conventional-changelog-writer-6.0.1.tgz", + "integrity": "sha512-359t9aHorPw+U+nHzUXHS5ZnPBOizRxfQsWT5ZDHBfvfxQOAik+yfuhKXG66CN5LEWPpMNnIMHUTCKeYNprvHQ==", + "license": "MIT", + "dependencies": { + "conventional-commits-filter": "^3.0.0", + "dateformat": "^3.0.3", + "handlebars": "^4.7.7", + "json-stringify-safe": "^5.0.1", + "meow": "^8.1.2", + "semver": "^7.0.0", + "split": "^1.0.1" + }, + "bin": { + "conventional-changelog-writer": "cli.js" + }, + "engines": { + "node": ">=14" + } + }, + "node_modules/conventional-commits-filter": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/conventional-commits-filter/-/conventional-commits-filter-3.0.0.tgz", + "integrity": "sha512-1ymej8b5LouPx9Ox0Dw/qAO2dVdfpRFq28e5Y0jJEU8ZrLdy0vOSkkIInwmxErFGhg6SALro60ZrwYFVTUDo4Q==", + "license": "MIT", + "dependencies": { + "lodash.ismatch": "^4.4.0", + "modify-values": "^1.0.1" + }, + "engines": { + "node": ">=14" + } + }, + "node_modules/css-select": { + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/css-select/-/css-select-5.2.2.tgz", + "integrity": "sha512-TizTzUddG/xYLA3NXodFM0fSbNizXjOKhqiQQwvhlspadZokn1KDy0NZFS0wuEubIYAV5/c1/lAr0TaaFXEXzw==", + "license": "BSD-2-Clause", + "dependencies": { + "boolbase": "^1.0.0", + "css-what": "^6.1.0", + "domhandler": "^5.0.2", + "domutils": "^3.0.1", + "nth-check": "^2.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/css-what": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/css-what/-/css-what-6.2.2.tgz", + "integrity": "sha512-u/O3vwbptzhMs3L1fQE82ZSLHQQfto5gyZzwteVIEyeaY5Fc7R4dapF/BvRoSYFeqfBk4m0V1Vafq5Pjv25wvA==", + "license": "BSD-2-Clause", + "engines": { + "node": ">= 6" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/dateformat": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/dateformat/-/dateformat-3.0.3.tgz", + "integrity": "sha512-jyCETtSl3VMZMWeRo7iY1FL19ges1t55hMo5yaam4Jrsm5EPL89UQkoQRyiI+Yf4k8r2ZpdngkV8hr1lIdjb3Q==", + "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/decamelize": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", + "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/decamelize-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/decamelize-keys/-/decamelize-keys-1.1.1.tgz", + "integrity": "sha512-WiPxgEirIV0/eIOMcnFBA3/IJZAZqKnwAwWyvvdi4lsr1WCN22nhdf/3db3DoZcUjTV2SqfzIwNyp6y2xs3nmg==", + "license": "MIT", + "dependencies": { + "decamelize": "^1.1.0", + "map-obj": "^1.0.0" + }, + "engines": { + "node": ">=0.10.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/decamelize-keys/node_modules/map-obj": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz", + "integrity": "sha512-7N/q3lyZ+LVCp7PzuxrJr4KMbBE2hW7BT7YNia330OFxIf4d3r5zVpicP2650l7CPN6RM9zOJRl3NGpqSiw3Eg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/deprecation": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", + "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==", + "license": "ISC" + }, + "node_modules/detect-indent": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/detect-indent/-/detect-indent-6.1.0.tgz", + "integrity": "sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/diff": { + "version": "8.0.4", + "resolved": "https://registry.npmjs.org/diff/-/diff-8.0.4.tgz", + "integrity": "sha512-DPi0FmjiSU5EvQV0++GFDOJ9ASQUVFh5kD+OzOnYdi7n3Wpm9hWWGfB/O2blfHcMVTL5WkQXSnRiK9makhrcnw==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/dom-serializer": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==", + "license": "MIT", + "dependencies": { + "domelementtype": "^2.3.0", + "domhandler": "^5.0.2", + "entities": "^4.2.0" + }, + "funding": { + "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1" + } + }, + "node_modules/domelementtype": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "license": "BSD-2-Clause" + }, + "node_modules/domhandler": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==", + "license": "BSD-2-Clause", + "dependencies": { + "domelementtype": "^2.3.0" + }, + "engines": { + "node": ">= 4" + }, + "funding": { + "url": "https://github.com/fb55/domhandler?sponsor=1" + } + }, + "node_modules/domutils": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz", + "integrity": "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==", + "license": "BSD-2-Clause", + "dependencies": { + "dom-serializer": "^2.0.0", + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3" + }, + "funding": { + "url": "https://github.com/fb55/domutils?sponsor=1" + } + }, + "node_modules/dot-prop": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-5.3.0.tgz", + "integrity": "sha512-QM8q3zDe58hqUqjraQOmzZ1LIH9SWQJTlEKCH4kJ2oQvLZk7RbQXvtDM2XEq3fwkV9CCvvH4LA0AV+ogFsBM2Q==", + "license": "MIT", + "dependencies": { + "is-obj": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, + "node_modules/entities": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.12" + }, + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/error-ex": { + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.4.tgz", + "integrity": "sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ==", + "license": "MIT", + "dependencies": { + "is-arrayish": "^0.2.1" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/escalade": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", + "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", + "license": "MIT", + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/figures": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "integrity": "sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==", + "license": "MIT", + "dependencies": { + "escape-string-regexp": "^1.0.5" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "license": "MIT", + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", + "license": "ISC" + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "license": "ISC", + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, + "node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me", + "license": "ISC", + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob/node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "license": "MIT" + }, + "node_modules/glob/node_modules/brace-expansion": { + "version": "1.1.14", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz", + "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==", + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/glob/node_modules/minimatch": { + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz", + "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==", + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/handlebars": { + "version": "4.7.9", + "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz", + "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==", + "license": "MIT", + "dependencies": { + "minimist": "^1.2.5", + "neo-async": "^2.6.2", + "source-map": "^0.6.1", + "wordwrap": "^1.0.0" + }, + "bin": { + "handlebars": "bin/handlebars" + }, + "engines": { + "node": ">=0.4.7" + }, + "optionalDependencies": { + "uglify-js": "^3.1.4" + } + }, + "node_modules/hard-rejection": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/hard-rejection/-/hard-rejection-2.1.0.tgz", + "integrity": "sha512-VIZB+ibDhx7ObhAe7OVtoEbuP4h/MuOTHJ+J8h/eBXotJYl0fBgR72xDFCKgIh22OJZIOVNxBMWuhAr10r8HdA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/hasown": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz", + "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/he": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "license": "MIT", + "bin": { + "he": "bin/he" + } + }, + "node_modules/hosted-git-info": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.1.0.tgz", + "integrity": "sha512-kyCuEOWjJqZuDbRHzL8V93NzQhwIB71oFWSyzVo+KPZI+pnQPPxucdkrOZvkLRnrf5URsQM+IJ09Dw29cRALIA==", + "license": "ISC", + "dependencies": { + "lru-cache": "^6.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/http-proxy-agent": { + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz", + "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==", + "license": "MIT", + "dependencies": { + "agent-base": "^7.1.0", + "debug": "^4.3.4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/https-proxy-agent": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz", + "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==", + "license": "MIT", + "dependencies": { + "agent-base": "^7.1.2", + "debug": "4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/indent-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.", + "license": "ISC", + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/is-arrayish": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg==", + "license": "MIT" + }, + "node_modules/is-core-module": { + "version": "2.16.2", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.2.tgz", + "integrity": "sha512-evOr8xfXKxE6qSR0hSXL2r3sd7ALj8+7jQEUvPYcm5sgZFdJ+AYzT6yNmJenvIYQBgIGwfwz08sL8zoL7yq2BA==", + "license": "MIT", + "dependencies": { + "hasown": "^2.0.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-obj": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-2.0.0.tgz", + "integrity": "sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-plain-obj": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", + "integrity": "sha512-yvkRyxmFKEOQ4pNXCmJG5AEQNlXJS5LaONXo5/cLdTZdWvsZ1ioJEonLGAosKlMWE8lwUy/bJzMjcw8az73+Fg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "license": "MIT" + }, + "node_modules/js-yaml": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", + "license": "MIT", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/jsep": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/jsep/-/jsep-1.4.0.tgz", + "integrity": "sha512-B7qPcEVE3NVkmSJbaYxvv4cHkVW7DQsZz13pUMrfS8z8Q/BuShN+gcTXrUlPiGqM2/t/EEaI030bpxMqY8gMlw==", + "license": "MIT", + "engines": { + "node": ">= 10.16.0" + } + }, + "node_modules/json-parse-even-better-errors": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", + "license": "MIT" + }, + "node_modules/json-stringify-safe": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", + "license": "ISC" + }, + "node_modules/jsonpath-plus": { + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.4.0.tgz", + "integrity": "sha512-T92WWatJXmhBbKsgH/0hl+jxjdXrifi5IKeMY02DWggRxX0UElcbVzPlmgLTbvsPeW1PasQ6xE2Q75stkhGbsA==", + "license": "MIT", + "dependencies": { + "@jsep-plugin/assignment": "^1.3.0", + "@jsep-plugin/regex": "^1.0.4", + "jsep": "^1.4.0" + }, + "bin": { + "jsonpath": "bin/jsonpath-cli.js", + "jsonpath-plus": "bin/jsonpath-cli.js" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/lines-and-columns": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", + "license": "MIT" + }, + "node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "license": "MIT", + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/lodash.ismatch": { + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/lodash.ismatch/-/lodash.ismatch-4.4.0.tgz", + "integrity": "sha512-fPMfXjGQEV9Xsq/8MTSgUf255gawYRbjwMyDbcvDhXgV7enSZA0hynz6vMPnpAb5iONEzBHBPsT+0zes5Z301g==", + "license": "MIT" + }, + "node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "license": "ISC", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/map-obj": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-4.3.0.tgz", + "integrity": "sha512-hdN1wVrZbb29eBGiGjJbeP8JbKjq1urkHJ/LIP/NY48MZ1QVXUsQBV1G1zvYFHn1XE06cwjBsOI2K3Ulnj1YXQ==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/meow": { + "version": "8.1.2", + "resolved": "https://registry.npmjs.org/meow/-/meow-8.1.2.tgz", + "integrity": "sha512-r85E3NdZ+mpYk1C6RjPFEMSE+s1iZMuHtsHAqY0DT3jZczl0diWUZ8g6oU7h0M9cD2EL+PzaYghhCLzR0ZNn5Q==", + "license": "MIT", + "dependencies": { + "@types/minimist": "^1.2.0", + "camelcase-keys": "^6.2.2", + "decamelize-keys": "^1.1.0", + "hard-rejection": "^2.1.0", + "minimist-options": "4.1.0", + "normalize-package-data": "^3.0.0", + "read-pkg-up": "^7.0.1", + "redent": "^3.0.0", + "trim-newlines": "^3.0.0", + "type-fest": "^0.18.0", + "yargs-parser": "^20.2.3" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/meow/node_modules/type-fest": { + "version": "0.18.1", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.18.1.tgz", + "integrity": "sha512-OIAYXk8+ISY+qTOwkHtKqzAuxchoMiD9Udx+FSGQDuiRR+PJKJHc2NJAXlbhkGwTt/4/nKZxELY1w3ReWOL8mw==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/min-indent": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/minimatch": { + "version": "10.2.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", + "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==", + "license": "BlueOak-1.0.0", + "dependencies": { + "brace-expansion": "^5.0.5" + }, + "engines": { + "node": "18 || 20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/minimist-options": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/minimist-options/-/minimist-options-4.1.0.tgz", + "integrity": "sha512-Q4r8ghd80yhO/0j1O3B2BjweX3fiHg9cdOwjJd2J76Q135c+NDxGCqdYKQ1SKBuFfgWbAUzBfvYjPUEeNgqN1A==", + "license": "MIT", + "dependencies": { + "arrify": "^1.0.1", + "is-plain-obj": "^1.1.0", + "kind-of": "^6.0.3" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/modify-values": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/modify-values/-/modify-values-1.0.1.tgz", + "integrity": "sha512-xV2bxeN6F7oYjZWTe/YPAy6MN2M+sL4u/Rlm2AHCIVGfo2p1yGmBHQ6vHehl4bRTZBdHu3TSkWdYgkwpYzAGSw==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/neo-async": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", + "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==", + "license": "MIT" + }, + "node_modules/node-html-parser": { + "version": "6.1.13", + "resolved": "https://registry.npmjs.org/node-html-parser/-/node-html-parser-6.1.13.tgz", + "integrity": "sha512-qIsTMOY4C/dAa5Q5vsobRpOOvPfC4pB61UVW2uSwZNUp0QU/jCekTal1vMmbO0DgdHeLUJpv/ARmDqErVxA3Sg==", + "license": "MIT", + "dependencies": { + "css-select": "^5.1.0", + "he": "1.2.0" + } + }, + "node_modules/normalize-package-data": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-3.0.3.tgz", + "integrity": "sha512-p2W1sgqij3zMMyRC067Dg16bfzVH+w7hyegmpIvZ4JNjqtGOVAIvLmjBx3yP7YTe9vKJgkoNOPjwQGogDoMXFA==", + "license": "BSD-2-Clause", + "dependencies": { + "hosted-git-info": "^4.0.1", + "is-core-module": "^2.5.0", + "semver": "^7.3.4", + "validate-npm-package-license": "^3.0.1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/nth-check": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz", + "integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==", + "license": "BSD-2-Clause", + "dependencies": { + "boolbase": "^1.0.0" + }, + "funding": { + "url": "https://github.com/fb55/nth-check?sponsor=1" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "license": "ISC", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "license": "MIT", + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "license": "MIT", + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/parse-diff": { + "version": "0.11.1", + "resolved": "https://registry.npmjs.org/parse-diff/-/parse-diff-0.11.1.tgz", + "integrity": "sha512-Oq4j8LAOPOcssanQkIjxosjATBIEJhCxMCxPhMu+Ci4wdNmAEdx0O+a7gzbR2PyKXgKPvRLIN5g224+dJAsKHA==", + "license": "MIT" + }, + "node_modules/parse-github-repo-url": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/parse-github-repo-url/-/parse-github-repo-url-1.4.1.tgz", + "integrity": "sha512-bSWyzBKqcSL4RrncTpGsEKoJ7H8a4L3++ifTAbTFeMHyq2wRV+42DGmQcHIrJIvdcacjIOxEuKH/w4tthF17gg==", + "license": "MIT" + }, + "node_modules/parse-json": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==", + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.0.0", + "error-ex": "^1.3.1", + "json-parse-even-better-errors": "^2.3.0", + "lines-and-columns": "^1.1.6" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "license": "MIT" + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "license": "ISC" + }, + "node_modules/quick-lru": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-4.0.1.tgz", + "integrity": "sha512-ARhCpm70fzdcvNQfPoy49IaanKkTlRWF2JMzqhcJbhSFRZv7nPTvZJdcY7301IPmvW+/p0RgIWnQDLJxifsQ7g==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/read-pkg": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "integrity": "sha512-Ug69mNOpfvKDAc2Q8DRpMjjzdtrnv9HcSMX+4VsZxD1aZ6ZzrIE7rlzXBtWTyhULSMKg076AW6WR5iZpD0JiOg==", + "license": "MIT", + "dependencies": { + "@types/normalize-package-data": "^2.4.0", + "normalize-package-data": "^2.5.0", + "parse-json": "^5.0.0", + "type-fest": "^0.6.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/read-pkg-up": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "integrity": "sha512-zK0TB7Xd6JpCLmlLmufqykGE+/TlOePD6qKClNW7hHDKFh/J7/7gCWGR7joEQEW1bKq3a3yUZSObOoWLFQ4ohg==", + "license": "MIT", + "dependencies": { + "find-up": "^4.1.0", + "read-pkg": "^5.2.0", + "type-fest": "^0.8.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/read-pkg-up/node_modules/type-fest": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=8" + } + }, + "node_modules/read-pkg/node_modules/hosted-git-info": { + "version": "2.8.9", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", + "license": "ISC" + }, + "node_modules/read-pkg/node_modules/normalize-package-data": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==", + "license": "BSD-2-Clause", + "dependencies": { + "hosted-git-info": "^2.1.4", + "resolve": "^1.10.0", + "semver": "2 || 3 || 4 || 5", + "validate-npm-package-license": "^3.0.1" + } + }, + "node_modules/read-pkg/node_modules/semver": { + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", + "license": "ISC", + "bin": { + "semver": "bin/semver" + } + }, + "node_modules/read-pkg/node_modules/type-fest": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "integrity": "sha512-q+MB8nYR1KDLrgr4G5yemftpMC7/QLqVndBmEEdqzmNj5dcFOO4Oo8qlwZE3ULT3+Zim1F8Kq4cBnikNhlCMlg==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=8" + } + }, + "node_modules/redent": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/redent/-/redent-3.0.0.tgz", + "integrity": "sha512-6tDA8g98We0zd0GvVeMT9arEOnTw9qM03L9cJXaCjrip1OO764RDBLBfrB4cwzNGDj5OA5ioymC9GkizgWJDUg==", + "license": "MIT", + "dependencies": { + "indent-string": "^4.0.0", + "strip-indent": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/release-please": { + "version": "17.3.0", + "resolved": "https://registry.npmjs.org/release-please/-/release-please-17.3.0.tgz", + "integrity": "sha512-dB7HsFUpAvU1Wj9RGCINUz8Zi2qQDZiGbDEEVnJ7baNfJmk5XdYhuUFL6RcuDGjReGhp1gzY8Tc2g7vHlM4zpg==", + "license": "Apache-2.0", + "dependencies": { + "@conventional-commits/parser": "^0.4.1", + "@google-automations/git-file-utils": "^3.0.0", + "@iarna/toml": "^3.0.0", + "@octokit/graphql": "^7.1.0", + "@octokit/request": "^8.3.1", + "@octokit/request-error": "^5.1.0", + "@octokit/rest": "^20.1.1", + "@types/npm-package-arg": "^6.1.0", + "@xmldom/xmldom": "^0.8.4", + "chalk": "^4.0.0", + "code-suggester": "^5.0.0", + "conventional-changelog-conventionalcommits": "^6.0.0", + "conventional-changelog-writer": "^6.0.0", + "conventional-commits-filter": "^3.0.0", + "detect-indent": "^6.1.0", + "diff": "^8.0.3", + "figures": "^3.0.0", + "http-proxy-agent": "^7.0.0", + "https-proxy-agent": "^7.0.0", + "js-yaml": "^4.0.0", + "jsonpath-plus": "^10.0.0", + "node-html-parser": "^6.0.0", + "parse-github-repo-url": "^1.4.1", + "semver": "^7.5.3", + "type-fest": "^3.0.0", + "typescript": "^4.6.4", + "unist-util-visit": "^2.0.3", + "unist-util-visit-parents": "^3.1.1", + "xpath": "^0.0.34", + "yaml": "^2.2.2", + "yargs": "^17.0.0" + }, + "bin": { + "release-please": "build/src/bin/release-please.js" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/resolve": { + "version": "1.22.12", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz", + "integrity": "sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "is-core-module": "^2.16.1", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/retry": { + "version": "0.13.1", + "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==", + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/semver": { + "version": "7.8.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz", + "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/spdx-correct": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "integrity": "sha512-kN9dJbvnySHULIluDHy32WHRUu3Og7B9sbY7tsFLctQkIqnMh3hErYgdMjTYuqmcXX+lK5T1lnUt3G7zNswmZA==", + "license": "Apache-2.0", + "dependencies": { + "spdx-expression-parse": "^3.0.0", + "spdx-license-ids": "^3.0.0" + } + }, + "node_modules/spdx-exceptions": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "integrity": "sha512-PiU42r+xO4UbUS1buo3LPJkjlO7430Xn5SVAhdpzzsPHsjbYVflnnFdATgabnLude+Cqu25p6N+g2lw/PFsa4w==", + "license": "CC-BY-3.0" + }, + "node_modules/spdx-expression-parse": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "integrity": "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==", + "license": "MIT", + "dependencies": { + "spdx-exceptions": "^2.1.0", + "spdx-license-ids": "^3.0.0" + } + }, + "node_modules/spdx-license-ids": { + "version": "3.0.23", + "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.23.tgz", + "integrity": "sha512-CWLcCCH7VLu13TgOH+r8p1O/Znwhqv/dbb6lqWy67G+pT1kHmeD/+V36AVb/vq8QMIQwVShJ6Ssl5FPh0fuSdw==", + "license": "CC0-1.0" + }, + "node_modules/split": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/split/-/split-1.0.1.tgz", + "integrity": "sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg==", + "license": "MIT", + "dependencies": { + "through": "2" + }, + "engines": { + "node": "*" + } + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-indent": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "integrity": "sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==", + "license": "MIT", + "dependencies": { + "min-indent": "^1.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/through": { + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==", + "license": "MIT" + }, + "node_modules/trim-newlines": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-3.0.1.tgz", + "integrity": "sha512-c1PTsA3tYrIsLGkJkzHF+w9F2EyxfXGo4UyJc4pFL++FMjnq0HJS69T3M7d//gKrFKwy429bouPescbjecU+Zw==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/type-fest": { + "version": "3.13.1", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-3.13.1.tgz", + "integrity": "sha512-tLq3bSNx+xSpwvAJnzrK0Ep5CLNWjvFTOp71URMaAEWBfRb9nnJiBoUe0tF8bI4ZFO3omgBR6NvnbzVUT3Ly4g==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/typescript": { + "version": "4.9.5", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==", + "license": "Apache-2.0", + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=4.2.0" + } + }, + "node_modules/uglify-js": { + "version": "3.19.3", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.19.3.tgz", + "integrity": "sha512-v3Xu+yuwBXisp6QYTcH4UbH+xYJXqnq2m/LtQVWKWzYc1iehYnLixoQDN9FH6/j9/oybfd6W9Ghwkl8+UMKTKQ==", + "license": "BSD-2-Clause", + "optional": true, + "bin": { + "uglifyjs": "bin/uglifyjs" + }, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/unist-util-is": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-4.1.0.tgz", + "integrity": "sha512-ZOQSsnce92GrxSqlnEEseX0gi7GH9zTJZ0p9dtu87WRb/37mMPO2Ilx1s/t9vBHrFhbgweUwb+t7cIn5dxPhZg==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-visit": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-2.0.3.tgz", + "integrity": "sha512-iJ4/RczbJMkD0712mGktuGpm/U4By4FfDonL7N/9tATGIF4imikjOuagyMY53tnZq3NP6BcmlrHhEKAfGWjh7Q==", + "license": "MIT", + "dependencies": { + "@types/unist": "^2.0.0", + "unist-util-is": "^4.0.0", + "unist-util-visit-parents": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-visit-parents": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-3.1.1.tgz", + "integrity": "sha512-1KROIZWo6bcMrZEwiH2UrXDyalAa0uqzWCxCJj6lPOvTve2WkfgCytoDTPaMnodXh1WrXOq0haVYHj99ynJlsg==", + "license": "MIT", + "dependencies": { + "@types/unist": "^2.0.0", + "unist-util-is": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/universal-user-agent": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.1.tgz", + "integrity": "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ==", + "license": "ISC" + }, + "node_modules/validate-npm-package-license": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==", + "license": "Apache-2.0", + "dependencies": { + "spdx-correct": "^3.0.0", + "spdx-expression-parse": "^3.0.0" + } + }, + "node_modules/wordwrap": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==", + "license": "MIT" + }, + "node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "license": "ISC" + }, + "node_modules/xpath": { + "version": "0.0.34", + "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.34.tgz", + "integrity": "sha512-FxF6+rkr1rNSQrhUNYrAFJpRXNzlDoMxeXN5qI84939ylEv3qqPFKa85Oxr6tDaJKqwW6KKyo2v26TSv3k6LeA==", + "license": "MIT", + "engines": { + "node": ">=0.6.0" + } + }, + "node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "license": "ISC", + "engines": { + "node": ">=10" + } + }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "license": "ISC" + }, + "node_modules/yaml": { + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.9.0.tgz", + "integrity": "sha512-2AvhNX3mb8zd6Zy7INTtSpl1F15HW6Wnqj0srWlkKLcpYl/gMIMJiyuGq2KeI2YFxUPjdlB+3Lc10seMLtL4cA==", + "license": "ISC", + "bin": { + "yaml": "bin.mjs" + }, + "engines": { + "node": ">= 14.6" + }, + "funding": { + "url": "https://github.com/sponsors/eemeli" + } + }, + "node_modules/yargs": { + "version": "17.7.2", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==", + "license": "MIT", + "dependencies": { + "cliui": "^8.0.1", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.3", + "y18n": "^5.0.5", + "yargs-parser": "^21.1.1" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/yargs-parser": { + "version": "20.2.9", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz", + "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==", + "license": "ISC", + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs/node_modules/yargs-parser": { + "version": "21.1.1", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", + "license": "ISC", + "engines": { + "node": ">=12" + } + } + } +} diff --git a/tests/release-please/package.json b/tests/release-please/package.json new file mode 100644 index 0000000..a3fc150 --- /dev/null +++ b/tests/release-please/package.json @@ -0,0 +1,12 @@ +{ + "private": true, + "name": "cfn-handler-release-please-validator", + "version": "0.0.0", + "description": "Local validator for the release-please uv.lock updater. See README.md.", + "scripts": { + "validate": "node validate-uv-lock-updater.js" + }, + "dependencies": { + "release-please": "17.3.0" + } +} diff --git a/tests/release-please/validate-uv-lock-updater.js b/tests/release-please/validate-uv-lock-updater.js new file mode 100644 index 0000000..f3f5209 --- /dev/null +++ b/tests/release-please/validate-uv-lock-updater.js @@ -0,0 +1,216 @@ +#!/usr/bin/env node +// +// Local validator for release-please's `uv.lock` updater. +// +// Why this exists: +// release-please's TOML updater for the `extra-files` mechanism uses +// jsonpath-plus over an internal AST shape that exposes string nodes as +// `{value, kind}` rather than bare strings. The bare jsonpath +// `@.name=='cfn-handler'` therefore does not match — see +// https://github.com/googleapis/release-please/issues/2455. The working +// form requires `.value`: `@.name.value=='cfn-handler'`. PR #2693 may +// eventually drop this requirement; until then, this script is the +// safety net. +// +// Why local validation matters: +// the `GenericToml` class's docstring says "the parser does reformat +// the document and removes all comments". That is misleading — reading +// `util/toml-edit.js` shows the parser is only used to locate the byte +// range of the target value via a custom TaggedTOMLParser, after which +// the replacement is a surgical `input.slice(0, start) + new + input.slice(end)`. +// If the docstring had been correct, our extra-files approach would be a +// disaster (1872-line uv.lock rewrites every release). It isn't, but +// "trust but verify" — this script keeps that verification automated. +// +// What this checks: +// 1. POSITIVE: our jsonpath (with `.value`) finds the cfn-handler +// self-version entry and only that entry. +// 2. NEGATIVE: the bare jsonpath (without `.value`) finds nothing, +// confirming the workaround is necessary and our spec rationale holds. +// 3. INVARIANT: the updater touches exactly one line and zero non-target +// bytes. If release-please ever changes to re-serialize, this will +// fail loudly. +// +// Version pinning: +// `package.json` pins `release-please` to the exact version bundled in +// the action SHA pinned in `.github/workflows/release.yml`. When you +// bump the action SHA, also bump this pin and re-run this script. +// See README.md for the linkage. +// +// Usage: +// cd tests/release-please && npm install && node validate-uv-lock-updater.js +// + +const fs = require("node:fs"); +const path = require("node:path"); +const process = require("node:process"); + +const { GenericToml } = require("release-please/build/src/updaters/generic-toml.js"); +const { Version } = require("release-please/build/src/version.js"); + +// Repo paths. This script lives at /tests/release-please/. +const SCRIPT_DIR = __dirname; +const REPO_ROOT = path.resolve(SCRIPT_DIR, "..", ".."); +const LOCK_PATH = path.join(REPO_ROOT, "uv.lock"); +const CONFIG_PATH = path.join(REPO_ROOT, "release-please-config.json"); + +// Synthetic version for the dry-run replacement. Same length as common +// real versions so byte-count math stays exact. +const SYNTHETIC_VERSION = "9.9.9"; + +// Silent logger for the negative test (we expect a "no entries modified" +// warning and don't want it printed during normal runs). +const SILENT_LOGGER = { + warn: () => {}, + error: () => {}, + info: () => {}, + debug: () => {}, +}; + +/** + * Apply a jsonpath update against the real uv.lock and return the diff stats. + * @param {string} jsonpath + * @param {{ silent?: boolean }} opts + */ +function tryUpdate(jsonpath, opts = {}) { + const original = fs.readFileSync(LOCK_PATH, "utf8"); + const updater = new GenericToml(jsonpath, Version.parse(SYNTHETIC_VERSION)); + const updated = opts.silent + ? updater.updateContent(original, SILENT_LOGGER) + : updater.updateContent(original); + + const origLines = original.split("\n"); + const newLines = updated.split("\n"); + const lineCountChanged = origLines.length !== newLines.length; + const changedLines = []; + if (!lineCountChanged) { + for (let i = 0; i < origLines.length; i++) { + if (origLines[i] !== newLines[i]) { + changedLines.push({ lineNumber: i + 1, before: origLines[i], after: newLines[i] }); + } + } + } + return { + matched: updated !== original, + lineCountChanged, + changedLines, + byteDelta: updated.length - original.length, + }; +} + +/** + * Read the `extra-files` block for the cfn-handler package out of the + * release-please config so this test stays in lockstep with the real + * config. If the config block is removed or renamed, the test fails + * loudly rather than silently testing a stale path. + */ +function readConfiguredJsonpath() { + const config = JSON.parse(fs.readFileSync(CONFIG_PATH, "utf8")); + const pkg = config.packages?.["."]; + if (!pkg) { + throw new Error(`release-please-config.json: packages["."] not found`); + } + const extraFiles = pkg["extra-files"]; + if (!Array.isArray(extraFiles) || extraFiles.length === 0) { + throw new Error( + `release-please-config.json: packages["."]["extra-files"] missing or empty. ` + + `If you removed the uv.lock sync, also remove this validator.`, + ); + } + const uvLockEntry = extraFiles.find( + (entry) => entry.path === "uv.lock" && entry.type === "toml", + ); + if (!uvLockEntry) { + throw new Error( + `release-please-config.json: no extra-files entry with path="uv.lock" type="toml" found`, + ); + } + if (!uvLockEntry.jsonpath) { + throw new Error(`release-please-config.json: uv.lock extra-files entry missing jsonpath`); + } + return uvLockEntry.jsonpath; +} + +let failures = 0; + +function check(label, predicate, detail) { + const ok = predicate(); + console.log(`${ok ? "PASS" : "FAIL"} ${label}`); + if (!ok) { + failures += 1; + if (detail) console.log(` ${detail}`); + } +} + +// ----------------------------------------------------------------------- +// Positive test: our configured jsonpath updates exactly one line. +// ----------------------------------------------------------------------- + +const configuredJsonpath = readConfiguredJsonpath(); +console.log(`Configured jsonpath: ${configuredJsonpath}`); +console.log(""); + +const positive = tryUpdate(configuredJsonpath); + +console.log("Positive test (our jsonpath SHOULD update uv.lock):"); +check( + " jsonpath matches the cfn-handler self-version entry", + () => positive.matched, + "the configured jsonpath did not match anything in uv.lock; check `release-please-config.json` and the upstream issue list at the top of this script", +); +check( + " line count is preserved (no whole-file rewrite)", + () => !positive.lineCountChanged, + "the updater changed the line count; release-please may have re-serialized the file (check the GenericToml docstring vs. its implementation)", +); +check( + " exactly one line changed", + () => positive.changedLines.length === 1, + `expected 1 changed line, got ${positive.changedLines.length}`, +); +if (positive.changedLines.length === 1) { + const { lineNumber, before, after } = positive.changedLines[0]; + console.log(` Line ${lineNumber}:`); + console.log(` - ${before}`); + console.log(` + ${after}`); + check( + " changed line is the cfn-handler self-version entry", + () => + before.trim().startsWith("version = ") && + after.trim() === `version = "${SYNTHETIC_VERSION}"`, + `got: before=${JSON.stringify(before)}, after=${JSON.stringify(after)}`, + ); +} +check( + " byte delta is consistent with the version-string swap", + () => Math.abs(positive.byteDelta) < 8, + `byte delta was ${positive.byteDelta}; suggests something larger than the version field changed`, +); + +console.log(""); + +// ----------------------------------------------------------------------- +// Negative test: the bare jsonpath (without `.value`) does NOT match. +// This is the bug from googleapis/release-please#2455. If this ever +// starts passing, upstream PR #2693 has likely landed and we can drop +// `.value` from the jsonpath. +// ----------------------------------------------------------------------- + +const bareJsonpath = "$.package[?(@.name=='cfn-handler')].version"; +const negative = tryUpdate(bareJsonpath, { silent: true }); + +console.log("Negative test (bare @.name jsonpath SHOULD fail to match):"); +check( + " bare jsonpath does NOT match (the bug from #2455 is still present)", + () => !negative.matched, + "the bare jsonpath now matches — upstream PR #2693 may have landed. Re-validate the workaround necessity and consider simplifying release-please-config.json.", +); + +console.log(""); +if (failures === 0) { + console.log("All checks passed. release-please will surgically update uv.lock on release."); + process.exit(0); +} else { + console.error(`${failures} check(s) failed. See output above for details.`); + process.exit(1); +} From 7907a0773a4590325dc3403f029e5f9605aee6cc Mon Sep 17 00:00:00 2001 From: Igor Gentil Date: Fri, 22 May 2026 12:10:41 +1000 Subject: [PATCH 4/6] chore(just): wire release-please uv.lock validator into gha-pre-release Adds a new step [3/7] to the gha-pre-release recipe that runs the local Node validator added in the previous commit. The step is fast (~5s including `npm ci --silent`) and gates on the same invariants the validator script asserts: - configured jsonpath matches the cfn-handler self-version entry - release-please does NOT re-serialise uv.lock (surgical edit only) - bare `@.name` jsonpath still doesn't match (workaround necessary) Step renumbering: existing [3a..4] became [4a..5]. Header comment block updated to describe the new step. Adds a `_check-npm` recipe helper following the existing pattern of `_check-act`/`_check-gh-token`/ `_check-docker`. Also updates openspec/changes/release-please-sync-uv-lock/tasks.md: ticks off everything done so far (catch-up commit, release-please config, workflow flips, .envrc update, doc rewrites, validator tooling, all local validation steps), removes the assumption that sections 8-11 require human intervention, and adds explicit section 6 covering the validator scope-creep so future readers see why `tests/release-please/` exists in the archive. --- justfile | 49 ++++++++---- .../release-please-sync-uv-lock/tasks.md | 76 ++++++++++++------- 2 files changed, 83 insertions(+), 42 deletions(-) diff --git a/justfile b/justfile index 4b299bc..7c8e608 100644 --- a/justfile +++ b/justfile @@ -114,9 +114,9 @@ test-matrix-arm64: _check-act # # Sequential, fail-fast, no side effects. Skipped: dependency-review.yml # (needs PR context act can't synthesize). Requires `act`, `gh` (authenticated), -# and `docker`. +# `docker`, and `npm` (for the release-please validator; ships in the Nix flake). # -# Steps (each on a fresh container): +# Steps (each on a fresh container unless noted): # 1. secure-workflows.yml — re-validate SHA pinning of every action # (~5s). Catches tag-pinned bumps. # 2. Docker action manifest probe — for every Docker-based action used @@ -126,13 +126,21 @@ test-matrix-arm64: _check-act # release failure) without invoking release.yml — which would # have real side effects on the repo (release-please-action # authenticated as the user could open or update real release PRs). -# 3a. ci.yml `test` matrix — amd64 + arm64 × 5 Python versions (~3-5 min). -# 3b. ci.yml `lint` job — ruff, ruff-format, mypy strict, pyright strict +# 3. release-please uv.lock validator — runs the local Node validator +# that loads release-please's GenericToml updater and exercises it +# against our uv.lock + the jsonpath in release-please-config.json +# (~5s). Catches: configured jsonpath stops matching the cfn-handler +# entry; release-please starts re-serialising uv.lock (whole-file +# rewrites instead of surgical edits); upstream PR #2693 lands and +# the .value workaround can be dropped. Runs locally, no network +# after the one-time `npm ci`. +# 4a. ci.yml `test` matrix — amd64 + arm64 × 5 Python versions (~3-5 min). +# 4b. ci.yml `lint` job — ruff, ruff-format, mypy strict, pyright strict # (~30s). -# 3c. examples-lint.yml — cfn-lint over examples/**/template.yaml (~30s). -# 4. codeql.yml — Python security-and-quality scan (~1-8 min, slower +# 4c. examples-lint.yml — cfn-lint over examples/**/template.yaml (~30s). +# 5. codeql.yml — Python security-and-quality scan (~1-8 min, slower # on first run while CodeQL bundle downloads). -gha-pre-release: _check-act _check-gh-token _check-docker +gha-pre-release: _check-act _check-gh-token _check-docker _check-npm #!/usr/bin/env bash set -uo pipefail @@ -141,13 +149,13 @@ gha-pre-release: _check-act _check-gh-token _check-docker --secret GITHUB_TOKEN="$(gh auth token)" ) - echo "==> [1/6] secure-workflows.yml — SHA-pin enforcement" + echo "==> [1/7] secure-workflows.yml — SHA-pin enforcement" act pull_request -W .github/workflows/secure-workflows.yml "${common_flags[@]}" \ --action-cache-path /tmp/act-cache-secure-workflows \ || { echo; echo "FAIL: secure-workflows.yml"; exit 1; } echo - echo "==> [2/6] Docker action manifest probe" + echo "==> [2/7] Docker action manifest probe" # Match `uses: /@` in every workflow file, then for any # action that publishes a Docker image at ghcr.io//, verify # the SHA resolves to a real image. Currently this is just @@ -189,24 +197,36 @@ gha-pre-release: _check-act _check-gh-token _check-docker echo " (all Docker action images resolve)" echo - echo "==> [3a/6] ci.yml — test matrix (amd64 + arm64 in parallel)" + echo "==> [3/7] release-please uv.lock validator" + # Loads release-please's GenericToml updater locally and exercises it + # against the real uv.lock + the jsonpath in release-please-config.json. + # `npm ci` is strict-lockfile (matches our uv --locked posture); install + # is ~3s on a small dep tree. See tests/release-please/README.md. + ( + cd tests/release-please \ + && npm ci --silent --no-audit --no-fund \ + && node validate-uv-lock-updater.js + ) || { echo; echo "FAIL: release-please uv.lock validator"; exit 1; } + + echo + echo "==> [4a/7] ci.yml — test matrix (amd64 + arm64 in parallel)" just test-matrix \ || { echo; echo "FAIL: ci.yml test matrix"; exit 1; } echo - echo "==> [3b/6] ci.yml — lint+typecheck job" + echo "==> [4b/7] ci.yml — lint+typecheck job" act pull_request -W .github/workflows/ci.yml "${common_flags[@]}" --job lint \ --action-cache-path /tmp/act-cache-lint \ || { echo; echo "FAIL: ci.yml lint job"; exit 1; } echo - echo "==> [3c/6] examples-lint.yml — cfn-lint over examples" + echo "==> [4c/7] examples-lint.yml — cfn-lint over examples" act pull_request -W .github/workflows/examples-lint.yml "${common_flags[@]}" \ --action-cache-path /tmp/act-cache-examples-lint \ || { echo; echo "FAIL: examples-lint.yml"; exit 1; } echo - echo "==> [4/6] codeql.yml — Python security analysis" + echo "==> [5/7] codeql.yml — Python security analysis" act push -W .github/workflows/codeql.yml "${common_flags[@]}" \ --action-cache-path /tmp/act-cache-codeql \ || { echo; echo "FAIL: codeql.yml"; exit 1; } @@ -250,3 +270,6 @@ _check-gh-token: _check-docker: @command -v docker >/dev/null || { echo 'error: docker not installed. Install Docker Desktop, OrbStack, or Colima.'; exit 1; } @docker info >/dev/null 2>&1 || { echo 'error: docker daemon not running.'; exit 1; } + +_check-npm: + @command -v npm >/dev/null || { echo 'error: npm not installed. Use the Nix dev shell (npm ships via nodejs_20) or install Node 20+.'; exit 1; } diff --git a/openspec/changes/release-please-sync-uv-lock/tasks.md b/openspec/changes/release-please-sync-uv-lock/tasks.md index 8df7299..eac4ffa 100644 --- a/openspec/changes/release-please-sync-uv-lock/tasks.md +++ b/openspec/changes/release-please-sync-uv-lock/tasks.md @@ -8,53 +8,71 @@ ## 2. Release-please configuration -- [ ] 2.1 Edit `release-please-config.json`: under `packages."."`, add an `extra-files` array with one entry: `{"type": "toml", "path": "uv.lock", "jsonpath": "$.package[?(@.name.value=='cfn-handler')].version"}` -- [ ] 2.2 Verify with `cat release-please-config.json | jq .` that the JSON is valid +- [x] 2.1 Edit `release-please-config.json`: under `packages."."`, add an `extra-files` array with one entry: `{"type": "toml", "path": "uv.lock", "jsonpath": "$.package[?(@.name.value=='cfn-handler')].version"}` +- [x] 2.2 Verify with `cat release-please-config.json | jq .` that the JSON is valid ## 3. Workflow flip: `--frozen` → `--locked` -- [ ] 3.1 Edit `.github/workflows/ci.yml` line ~68 (`uv sync --frozen --only-group test` → `uv sync --locked --only-group test`); rewrite the inline comment block above the step to describe the new posture -- [ ] 3.2 Edit `.github/workflows/ci.yml` line ~108 (`uv sync --frozen --only-group lint` → `uv sync --locked --only-group lint`) -- [ ] 3.3 Edit `.github/workflows/examples-lint.yml` line ~59 (`uv sync --frozen --only-group lint` → `uv sync --locked --only-group lint`) +- [x] 3.1 Edit `.github/workflows/ci.yml` line ~68 (`uv sync --frozen --only-group test` → `uv sync --locked --only-group test`); rewrite the inline comment block above the step to describe the new posture +- [x] 3.2 Edit `.github/workflows/ci.yml` line ~108 (`uv sync --frozen --only-group lint` → `uv sync --locked --only-group lint`) +- [x] 3.3 Edit `.github/workflows/examples-lint.yml` line ~59 (`uv sync --frozen --only-group lint` → `uv sync --locked --only-group lint`) ## 4. Local environment -- [ ] 4.1 Edit `.envrc` line 26 (`uv sync --all-groups --frozen --quiet` → `uv sync --all-groups --locked --quiet`) -- [ ] 4.2 Rewrite the comment block at `.envrc` lines 17-24 to describe the new posture (release-please syncs `uv.lock`; `--locked` mirrors CI; contributors see lockfile drift locally before push) +- [x] 4.1 Edit `.envrc` line 26 (`uv sync --all-groups --frozen --quiet` → `uv sync --all-groups --locked --quiet`) +- [x] 4.2 Rewrite the comment block at `.envrc` lines 17-24 to describe the new posture (release-please syncs `uv.lock`; `--locked` mirrors CI; contributors see lockfile drift locally before push) ## 5. Documentation -- [ ] 5.1 Edit `.github/CONTRIBUTING.md` lines ~152-158: replace the "uv sync --frozen" paragraph with a `--locked` paragraph noting the release-please sync -- [ ] 5.2 Edit `docs/CI.md` lines ~279-298: replace the "Lockfile drift and `--frozen`" subsection with a "Lockfile sync via release-please" subsection -- [ ] 5.3 Edit `docs/CI.md` postmortem at "Root cause #2" (lines ~657-672): append a sentence noting the resolution and back-reference the new section +- [x] 5.1 Edit `.github/CONTRIBUTING.md` lines ~152-158: replace the "uv sync --frozen" paragraph with a `--locked` paragraph noting the release-please sync +- [x] 5.2 Edit `docs/CI.md` lines ~279-298: replace the "Lockfile drift and `--frozen`" subsection with a "Lockfile sync via release-please" subsection +- [x] 5.3 Edit `docs/CI.md` postmortem at "Root cause #2" (lines ~657-672): append a sentence noting the resolution and back-reference the new section -## 6. Validation (before push) +## 6. Local validator tooling (added in scope) -- [ ] 6.1 `openspec validate release-please-sync-uv-lock --strict` passes -- [ ] 6.2 `uv sync --locked` succeeds locally — proves the catch-up commit cleared all drift -- [ ] 6.3 `just ci-check` passes (no library changes; should be green) -- [ ] 6.4 `git diff main..HEAD --stat` shows: 2 commits, ~7 files changed; no surprising files +Note: this section was added mid-implementation after a request to validate the +`extra-files` behaviour locally before pushing. It exists to catch silent +regressions in release-please's TOML updater (see the `GenericToml` docstring +gotcha) and to flag when upstream PR #2693 lands so the `.value` workaround can +be dropped. -## 7. Open PR +- [x] 6.1 Create `tests/release-please/validate-uv-lock-updater.js` — Node script that loads release-please's `GenericToml` updater, exercises it against the real `uv.lock` + the configured jsonpath, and asserts the surgical-edit invariants (positive test) plus the bug-still-exists assertion (negative test for the bare `@.name` jsonpath) +- [x] 6.2 Add `tests/release-please/package.json` pinned to the exact `release-please` version bundled in the action SHA in `release.yml` (currently `17.3.0` for action v4.4.1 / SHA `5c625bfb...`) +- [x] 6.3 Generate and commit `tests/release-please/package-lock.json` for reproducibility +- [x] 6.4 Add `tests/release-please/README.md`: purpose, usage, version-pin policy +- [x] 6.5 Add `node_modules/` to `.gitignore` +- [x] 6.6 Verify pytest does not collect anything from the new directory (`uv run pytest --collect-only` still reports 103 tests); ruff still passes +- [x] 6.7 Wire the validator into `just gha-pre-release` as step `[3/7]` (between Docker manifest probe and the CI matrix); renumber subsequent steps to `[4a/7]…[5/7]`. Add `_check-npm` helper. -- [ ] 7.1 Push the branch `ci/release-please-sync-uv-lock` to origin -- [ ] 7.2 `gh pr create` against `main`. Title: `ci(release): sync uv.lock from release-please and flip CI to --locked`. Body links to the proposal and the three upstream issues (#2561, #2455, #2693) +## 7. Validation (before push) -## 8. Cloud CI on the PR +- [x] 7.1 `openspec validate release-please-sync-uv-lock --strict` passes +- [x] 7.2 `just openspec-validate` passes for all changes (regression check on the existing in-flight `ci-release-please-app-auth` change) +- [x] 7.3 `uv sync --locked` succeeds locally — proves the catch-up commit cleared all drift +- [x] 7.4 `just ci-check` passes (lint + typecheck + test-cov; 103 tests, 99.48% coverage) +- [x] 7.5 `cd tests/release-please && npm ci && node validate-uv-lock-updater.js` passes (positive + negative tests; proves release-please will surgically update `uv.lock`) +- [x] 7.6 `git log --oneline main..HEAD` shows 4 commits in the expected order (catch-up → ci(release) → chore(test) validator → chore(just) wiring); `git diff main..HEAD --stat` shows ~17 files changed, no surprises -- [ ] 8.1 `secure-workflows.yml` re-validates SHA-pins; reports SUCCESS (no SHA changes) -- [ ] 8.2 `ci.yml` matrix + lint pass under the new `--locked` install (proves the catch-up worked end-to-end) -- [ ] 8.3 `examples-lint.yml` does not trigger (no examples changes); not required for merge -- [ ] 8.4 `analyze (python)` and `review dependencies` complete +## 8. Open PR -## 9. Merge + first post-merge release +- [ ] 8.1 Push the branch `ci/release-please-sync-uv-lock` to origin: `git push -u origin ci/release-please-sync-uv-lock` +- [ ] 8.2 Open the PR via `gh pr create` against `main`. Title: `ci(release): sync uv.lock from release-please and flip CI to --locked`. Body links to the proposal and the three upstream issues (#2561, #2455, #2693) -- [ ] 9.1 Squash-merge with title `ci(release): sync uv.lock from release-please and flip CI to --locked`. The `ci:` prefix produces no version bump -- [ ] 9.2 The merge does NOT itself trigger a release. The next `feat:`/`fix:` merge will be the first to exercise the `extra-files` behaviour. Watch that release-please run end-to-end: +## 9. Cloud CI on the PR + +- [ ] 9.1 Verify `secure-workflows.yml` re-validates SHA-pins and reports SUCCESS (no SHA changes in this PR) +- [ ] 9.2 Verify `ci.yml` matrix + lint pass under the new `--locked` install (proves the catch-up worked end-to-end) +- [ ] 9.3 Confirm `examples-lint.yml` does not trigger (no examples changes); not required for merge anyway +- [ ] 9.4 Verify `analyze (python)` and `review dependencies` complete + +## 10. Merge + first post-merge release + +- [ ] 10.1 Squash-merge with title `ci(release): sync uv.lock from release-please and flip CI to --locked`. The `ci:` prefix produces no version bump +- [ ] 10.2 The merge does NOT itself trigger a release. The next `feat:`/`fix:` merge will be the first to exercise the `extra-files` behaviour. Watch that release-please run end-to-end: - The release PR diff includes the `uv.lock` self-version line (`cfn-handler` `[[package]]` block, `version = "X.Y.Z"`) - Squash-merging the release PR triggers the full downstream pipeline AND the post-merge `ci.yml` on `main` passes under `--locked` (proves the source-of-drift fix is correct) -## 10. Archive +## 11. Archive -- [ ] 10.1 After step 9.2 confirms in production, run `openspec archive release-please-sync-uv-lock` -- [ ] 10.2 Verify the MODIFIED requirement merges into `openspec/specs/ci-infrastructure/spec.md` correctly (replaces the old `--frozen` requirement) +- [ ] 11.1 After step 10.2 confirms in production, run `openspec archive release-please-sync-uv-lock` +- [ ] 11.2 Verify the MODIFIED requirement merges into `openspec/specs/ci-infrastructure/spec.md` correctly (replaces the old `--frozen` requirement) From b44032bb503d704ce74fd4045b73746937d24952 Mon Sep 17 00:00:00 2001 From: Igor Gentil Date: Fri, 22 May 2026 12:15:59 +1000 Subject: [PATCH 5/6] fix(test): scope release-please as devDependency; tick off PR-open tasks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The dependency-review-action on PR #21 failed because release-please's transitive deps include packages with licenses outside the allowlist (BlueOak-1.0.0, CC-BY-3.0). Those are unavoidable in the release- please dep tree, but they don't matter here: this is a development-only local validator, never installed at runtime. The workflow's 'fail-on-scopes: runtime' setting correctly gates only runtime deps; the bug was on my side — release-please was declared under 'dependencies' (which dependency-review-action treats as runtime) instead of 'devDependencies'. Moves the pin to devDependencies; npm regenerates the lockfile with 'dev: true' markers on every transitive entry. Same exact resolved tree, same hashes; only metadata for dependency-review-action's scope filter. Also updates README.md ('dependencies.release-please' → 'devDependencies.release-please' in the version-pin policy walkthrough) and ticks off the section 8 tasks in the OpenSpec change since the PR is now open. --- .../release-please-sync-uv-lock/tasks.md | 4 +- tests/release-please/README.md | 2 +- tests/release-please/package-lock.json | 179 +++++++++++++++++- tests/release-please/package.json | 2 +- 4 files changed, 182 insertions(+), 5 deletions(-) diff --git a/openspec/changes/release-please-sync-uv-lock/tasks.md b/openspec/changes/release-please-sync-uv-lock/tasks.md index eac4ffa..3ce0674 100644 --- a/openspec/changes/release-please-sync-uv-lock/tasks.md +++ b/openspec/changes/release-please-sync-uv-lock/tasks.md @@ -55,8 +55,8 @@ be dropped. ## 8. Open PR -- [ ] 8.1 Push the branch `ci/release-please-sync-uv-lock` to origin: `git push -u origin ci/release-please-sync-uv-lock` -- [ ] 8.2 Open the PR via `gh pr create` against `main`. Title: `ci(release): sync uv.lock from release-please and flip CI to --locked`. Body links to the proposal and the three upstream issues (#2561, #2455, #2693) +- [x] 8.1 Push the branch `ci/release-please-sync-uv-lock` to origin: `git push -u origin ci/release-please-sync-uv-lock` +- [x] 8.2 Open the PR via `gh pr create` against `main`. PR [#21](https://github.com/igorlg/cfn-handler/pull/21). Title: `ci(release): sync uv.lock from release-please and flip CI to --locked`. Body links to the proposal and the three upstream issues (#2561, #2455, #2693) ## 9. Cloud CI on the PR diff --git a/tests/release-please/README.md b/tests/release-please/README.md index 20295eb..75ced88 100644 --- a/tests/release-please/README.md +++ b/tests/release-please/README.md @@ -80,7 +80,7 @@ When you bump `googleapis/release-please-action` in `release.yml`: `package.json` declares it; e.g. action v4.4.1's `package.json` pinned `release-please` to `^17.1.3` and shipped with `17.3.0` in the action's `package-lock.json`. -2. Update `dependencies.release-please` here to match. +2. Update `devDependencies.release-please` here to match. 3. Re-run `npm install`; commit the updated `package-lock.json`. 4. Re-run this validator. If anything in the output changes (especially the negative test going from FAIL→PASS, suggesting #2693 has diff --git a/tests/release-please/package-lock.json b/tests/release-please/package-lock.json index 65cc242..a08a1ad 100644 --- a/tests/release-please/package-lock.json +++ b/tests/release-please/package-lock.json @@ -7,7 +7,7 @@ "": { "name": "cfn-handler-release-please-validator", "version": "0.0.0", - "dependencies": { + "devDependencies": { "release-please": "17.3.0" } }, @@ -15,6 +15,7 @@ "version": "7.29.0", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz", "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==", + "dev": true, "license": "MIT", "dependencies": { "@babel/helper-validator-identifier": "^7.28.5", @@ -29,6 +30,7 @@ "version": "7.28.5", "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz", "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==", + "dev": true, "license": "MIT", "engines": { "node": ">=6.9.0" @@ -38,6 +40,7 @@ "version": "0.4.1", "resolved": "https://registry.npmjs.org/@conventional-commits/parser/-/parser-0.4.1.tgz", "integrity": "sha512-H2ZmUVt6q+KBccXfMBhbBF14NlANeqHTXL4qCL6QGbMzrc4HDXyzWuxPxPNbz71f/5UkR5DrycP5VO9u7crahg==", + "dev": true, "license": "ISC", "dependencies": { "unist-util-visit": "^2.0.3", @@ -48,6 +51,7 @@ "version": "3.0.1", "resolved": "https://registry.npmjs.org/@google-automations/git-file-utils/-/git-file-utils-3.0.1.tgz", "integrity": "sha512-vlQZ8DlBcippB5zTY0M5Rib8tKT4yQ7oBKbs6kcWAzp70oyillKinXLZwlIgNTmfzzZx1J6cez3M0EmrpXFRcw==", + "dev": true, "license": "Apache-2.0", "dependencies": { "@octokit/rest": "^20.1.1", @@ -63,12 +67,14 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/@iarna/toml/-/toml-3.0.0.tgz", "integrity": "sha512-td6ZUkz2oS3VeleBcN+m//Q6HlCFCPrnI0FZhrt/h4XqLEdOyYp2u21nd8MdsR+WJy5r9PTDaHTDDfhf4H4l6Q==", + "dev": true, "license": "ISC" }, "node_modules/@jsep-plugin/assignment": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/@jsep-plugin/assignment/-/assignment-1.3.0.tgz", "integrity": "sha512-VVgV+CXrhbMI3aSusQyclHkenWSAm95WaiKrMxRFam3JSUiIaQjoMIw2sEs/OX4XifnqeQUN4DYbJjlA8EfktQ==", + "dev": true, "license": "MIT", "engines": { "node": ">= 10.16.0" @@ -81,6 +87,7 @@ "version": "1.0.4", "resolved": "https://registry.npmjs.org/@jsep-plugin/regex/-/regex-1.0.4.tgz", "integrity": "sha512-q7qL4Mgjs1vByCaTnDFcBnV9HS7GVPJX5vyVoCgZHNSC9rjwIlmbXG5sUuorR5ndfHAIlJ8pVStxvjXHbNvtUg==", + "dev": true, "license": "MIT", "engines": { "node": ">= 10.16.0" @@ -93,6 +100,7 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-4.0.0.tgz", "integrity": "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA==", + "dev": true, "license": "MIT", "engines": { "node": ">= 18" @@ -102,6 +110,7 @@ "version": "5.2.2", "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.2.2.tgz", "integrity": "sha512-/g2d4sW9nUDJOMz3mabVQvOGhVa4e/BN/Um7yca9Bb2XTzPPnfTWHWQg+IsEYO7M3Vx+EXvaM/I2pJWIMun1bg==", + "dev": true, "license": "MIT", "dependencies": { "@octokit/auth-token": "^4.0.0", @@ -120,6 +129,7 @@ "version": "9.0.6", "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.6.tgz", "integrity": "sha512-H1fNTMA57HbkFESSt3Y9+FBICv+0jFceJFPWDePYlR/iMGrwM5ph+Dd4XRQs+8X+PUFURLQgX9ChPfhJ/1uNQw==", + "dev": true, "license": "MIT", "dependencies": { "@octokit/types": "^13.1.0", @@ -133,6 +143,7 @@ "version": "7.1.1", "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-7.1.1.tgz", "integrity": "sha512-3mkDltSfcDUoa176nlGoA32RGjeWjl3K7F/BwHwRMJUW/IteSa4bnSV8p2ThNkcIcZU2umkZWxwETSSCJf2Q7g==", + "dev": true, "license": "MIT", "dependencies": { "@octokit/request": "^8.4.1", @@ -147,12 +158,14 @@ "version": "24.2.0", "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-24.2.0.tgz", "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg==", + "dev": true, "license": "MIT" }, "node_modules/@octokit/plugin-paginate-rest": { "version": "11.4.4-cjs.2", "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-11.4.4-cjs.2.tgz", "integrity": "sha512-2dK6z8fhs8lla5PaOTgqfCGBxgAv/le+EhPs27KklPhm1bKObpu6lXzwfUEQ16ajXzqNrKMujsFyo9K2eaoISw==", + "dev": true, "license": "MIT", "dependencies": { "@octokit/types": "^13.7.0" @@ -168,6 +181,7 @@ "version": "4.0.1", "resolved": "https://registry.npmjs.org/@octokit/plugin-request-log/-/plugin-request-log-4.0.1.tgz", "integrity": "sha512-GihNqNpGHorUrO7Qa9JbAl0dbLnqJVrV8OXe2Zm5/Y4wFkZQDfTreBzVmiRfJVfE4mClXdihHnbpyyO9FSX4HA==", + "dev": true, "license": "MIT", "engines": { "node": ">= 18" @@ -180,6 +194,7 @@ "version": "13.3.2-cjs.1", "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-13.3.2-cjs.1.tgz", "integrity": "sha512-VUjIjOOvF2oELQmiFpWA1aOPdawpyaCUqcEBc/UOUnj3Xp6DJGrJ1+bjUIIDzdHjnFNO6q57ODMfdEZnoBkCwQ==", + "dev": true, "license": "MIT", "dependencies": { "@octokit/types": "^13.8.0" @@ -195,6 +210,7 @@ "version": "8.4.1", "resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.4.1.tgz", "integrity": "sha512-qnB2+SY3hkCmBxZsR/MPCybNmbJe4KAlfWErXq+rBKkQJlbjdJeS85VI9r8UqeLYLvnAenU8Q1okM/0MBsAGXw==", + "dev": true, "license": "MIT", "dependencies": { "@octokit/endpoint": "^9.0.6", @@ -210,6 +226,7 @@ "version": "5.1.1", "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.1.tgz", "integrity": "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g==", + "dev": true, "license": "MIT", "dependencies": { "@octokit/types": "^13.1.0", @@ -224,6 +241,7 @@ "version": "20.1.2", "resolved": "https://registry.npmjs.org/@octokit/rest/-/rest-20.1.2.tgz", "integrity": "sha512-GmYiltypkHHtihFwPRxlaorG5R9VAHuk/vbszVoRTGXnAsY60wYLkh/E2XiFmdZmqrisw+9FaazS1i5SbdWYgA==", + "dev": true, "license": "MIT", "dependencies": { "@octokit/core": "^5.0.2", @@ -239,6 +257,7 @@ "version": "13.10.0", "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.10.0.tgz", "integrity": "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA==", + "dev": true, "license": "MIT", "dependencies": { "@octokit/openapi-types": "^24.2.0" @@ -248,30 +267,35 @@ "version": "1.2.5", "resolved": "https://registry.npmjs.org/@types/minimist/-/minimist-1.2.5.tgz", "integrity": "sha512-hov8bUuiLiyFPGyFPE1lwWhmzYbirOXQNNo40+y3zow8aFVTeyn3VWL0VFFfdNddA8S4Vf0Tc062rzyNr7Paag==", + "dev": true, "license": "MIT" }, "node_modules/@types/normalize-package-data": { "version": "2.4.4", "resolved": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", "integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==", + "dev": true, "license": "MIT" }, "node_modules/@types/npm-package-arg": { "version": "6.1.4", "resolved": "https://registry.npmjs.org/@types/npm-package-arg/-/npm-package-arg-6.1.4.tgz", "integrity": "sha512-vDgdbMy2QXHnAruzlv68pUtXCjmqUk3WrBAsRboRovsOmxbfn/WiYCjmecyKjGztnMps5dWp4Uq2prp+Ilo17Q==", + "dev": true, "license": "MIT" }, "node_modules/@types/unist": { "version": "2.0.11", "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz", "integrity": "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==", + "dev": true, "license": "MIT" }, "node_modules/@types/yargs": { "version": "16.0.11", "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.11.tgz", "integrity": "sha512-sbtvk8wDN+JvEdabmZExoW/HNr1cB7D/j4LT08rMiuikfA7m/JNJg7ATQcgzs34zHnoScDkY0ZRSl29Fkmk36g==", + "dev": true, "license": "MIT", "dependencies": { "@types/yargs-parser": "*" @@ -281,12 +305,14 @@ "version": "21.0.3", "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", "integrity": "sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ==", + "dev": true, "license": "MIT" }, "node_modules/@xmldom/xmldom": { "version": "0.8.13", "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.13.tgz", "integrity": "sha512-KRYzxepc14G/CEpEGc3Yn+JKaAeT63smlDr+vjB8jRfgTBBI9wRj/nkQEO+ucV8p8I9bfKLWp37uHgFrbntPvw==", + "dev": true, "license": "MIT", "engines": { "node": ">=10.0.0" @@ -296,6 +322,7 @@ "version": "7.1.4", "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz", "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==", + "dev": true, "license": "MIT", "engines": { "node": ">= 14" @@ -305,6 +332,7 @@ "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -314,6 +342,7 @@ "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, "license": "MIT", "dependencies": { "color-convert": "^2.0.1" @@ -329,18 +358,21 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true, "license": "Python-2.0" }, "node_modules/array-ify": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/array-ify/-/array-ify-1.0.0.tgz", "integrity": "sha512-c5AMf34bKdvPhQ7tBGhqkgKNUzMr4WUs+WDtC2ZUGOUncbxKMTvqxYctiseW3+L4bA8ec+GcZ6/A/FW4m8ukng==", + "dev": true, "license": "MIT" }, "node_modules/arrify": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", "integrity": "sha512-3CYzex9M9FGQjCGMGyi6/31c8GJbgb0qGyrx5HWxPd0aCwh4cB2YjMb2Xf9UuoogrMrlO9cTqnB5rI5GHZTcUA==", + "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" @@ -350,6 +382,7 @@ "version": "1.3.3", "resolved": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", "integrity": "sha512-wfr/jstw9xNi/0teMHrRW7dsz3Lt5ARhYNZ2ewpadnhaIp5mbALhOAP+EAdsC7t4Z6wqsDVv9+W6gm1Dk9mEyw==", + "dev": true, "license": "MIT", "dependencies": { "retry": "0.13.1" @@ -359,6 +392,7 @@ "version": "4.0.4", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "dev": true, "license": "MIT", "engines": { "node": "18 || 20 || >=22" @@ -368,18 +402,21 @@ "version": "2.2.3", "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz", "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==", + "dev": true, "license": "Apache-2.0" }, "node_modules/boolbase": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==", + "dev": true, "license": "ISC" }, "node_modules/brace-expansion": { "version": "5.0.6", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz", "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==", + "dev": true, "license": "MIT", "dependencies": { "balanced-match": "^4.0.2" @@ -392,6 +429,7 @@ "version": "5.3.1", "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "dev": true, "license": "MIT", "engines": { "node": ">=6" @@ -401,6 +439,7 @@ "version": "6.2.2", "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-6.2.2.tgz", "integrity": "sha512-YrwaA0vEKazPBkn0ipTiMpSajYDSe+KjQfrjhcBMxJt/znbvlHd8Pw/Vamaz5EB4Wfhs3SUR3Z9mwRu/P3s3Yg==", + "dev": true, "license": "MIT", "dependencies": { "camelcase": "^5.3.1", @@ -418,6 +457,7 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, "license": "MIT", "dependencies": { "ansi-styles": "^4.1.0", @@ -434,6 +474,7 @@ "version": "8.0.1", "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==", + "dev": true, "license": "ISC", "dependencies": { "string-width": "^4.2.0", @@ -448,6 +489,7 @@ "version": "5.0.1", "resolved": "https://registry.npmjs.org/code-suggester/-/code-suggester-5.0.1.tgz", "integrity": "sha512-8qJiiSCfkbPNWvjEFzdG1UW3axL+Bs0ldV1/TdlBKmF9I/a/WooSQZQCi9M44HoXbVTQesn/IQr6+nIWNnVIWA==", + "dev": true, "license": "Apache-2.0", "dependencies": { "@octokit/rest": "^20.1.2", @@ -469,6 +511,7 @@ "version": "7.0.4", "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dev": true, "license": "ISC", "dependencies": { "string-width": "^4.2.0", @@ -480,6 +523,7 @@ "version": "16.2.0", "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "dev": true, "license": "MIT", "dependencies": { "cliui": "^7.0.2", @@ -498,6 +542,7 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, "license": "MIT", "dependencies": { "color-name": "~1.1.4" @@ -510,12 +555,14 @@ "version": "1.1.4", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true, "license": "MIT" }, "node_modules/compare-func": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/compare-func/-/compare-func-2.0.0.tgz", "integrity": "sha512-zHig5N+tPWARooBnb0Zx1MFcdfpyJrfTJ3Y5L+IFvUm8rM74hHz66z0gw0x4tijh5CorKkKUCnW82R2vmpeCRA==", + "dev": true, "license": "MIT", "dependencies": { "array-ify": "^1.0.0", @@ -526,12 +573,14 @@ "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true, "license": "MIT" }, "node_modules/conventional-changelog-conventionalcommits": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/conventional-changelog-conventionalcommits/-/conventional-changelog-conventionalcommits-6.1.0.tgz", "integrity": "sha512-3cS3GEtR78zTfMzk0AizXKKIdN4OvSh7ibNz6/DPbhWWQu7LqE/8+/GqSodV+sywUR2gpJAdP/1JFf4XtN7Zpw==", + "dev": true, "license": "ISC", "dependencies": { "compare-func": "^2.0.0" @@ -544,6 +593,7 @@ "version": "6.0.1", "resolved": "https://registry.npmjs.org/conventional-changelog-writer/-/conventional-changelog-writer-6.0.1.tgz", "integrity": "sha512-359t9aHorPw+U+nHzUXHS5ZnPBOizRxfQsWT5ZDHBfvfxQOAik+yfuhKXG66CN5LEWPpMNnIMHUTCKeYNprvHQ==", + "dev": true, "license": "MIT", "dependencies": { "conventional-commits-filter": "^3.0.0", @@ -565,6 +615,7 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/conventional-commits-filter/-/conventional-commits-filter-3.0.0.tgz", "integrity": "sha512-1ymej8b5LouPx9Ox0Dw/qAO2dVdfpRFq28e5Y0jJEU8ZrLdy0vOSkkIInwmxErFGhg6SALro60ZrwYFVTUDo4Q==", + "dev": true, "license": "MIT", "dependencies": { "lodash.ismatch": "^4.4.0", @@ -578,6 +629,7 @@ "version": "5.2.2", "resolved": "https://registry.npmjs.org/css-select/-/css-select-5.2.2.tgz", "integrity": "sha512-TizTzUddG/xYLA3NXodFM0fSbNizXjOKhqiQQwvhlspadZokn1KDy0NZFS0wuEubIYAV5/c1/lAr0TaaFXEXzw==", + "dev": true, "license": "BSD-2-Clause", "dependencies": { "boolbase": "^1.0.0", @@ -594,6 +646,7 @@ "version": "6.2.2", "resolved": "https://registry.npmjs.org/css-what/-/css-what-6.2.2.tgz", "integrity": "sha512-u/O3vwbptzhMs3L1fQE82ZSLHQQfto5gyZzwteVIEyeaY5Fc7R4dapF/BvRoSYFeqfBk4m0V1Vafq5Pjv25wvA==", + "dev": true, "license": "BSD-2-Clause", "engines": { "node": ">= 6" @@ -606,6 +659,7 @@ "version": "3.0.3", "resolved": "https://registry.npmjs.org/dateformat/-/dateformat-3.0.3.tgz", "integrity": "sha512-jyCETtSl3VMZMWeRo7iY1FL19ges1t55hMo5yaam4Jrsm5EPL89UQkoQRyiI+Yf4k8r2ZpdngkV8hr1lIdjb3Q==", + "dev": true, "license": "MIT", "engines": { "node": "*" @@ -615,6 +669,7 @@ "version": "4.4.3", "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "dev": true, "license": "MIT", "dependencies": { "ms": "^2.1.3" @@ -632,6 +687,7 @@ "version": "1.2.0", "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==", + "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" @@ -641,6 +697,7 @@ "version": "1.1.1", "resolved": "https://registry.npmjs.org/decamelize-keys/-/decamelize-keys-1.1.1.tgz", "integrity": "sha512-WiPxgEirIV0/eIOMcnFBA3/IJZAZqKnwAwWyvvdi4lsr1WCN22nhdf/3db3DoZcUjTV2SqfzIwNyp6y2xs3nmg==", + "dev": true, "license": "MIT", "dependencies": { "decamelize": "^1.1.0", @@ -657,6 +714,7 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz", "integrity": "sha512-7N/q3lyZ+LVCp7PzuxrJr4KMbBE2hW7BT7YNia330OFxIf4d3r5zVpicP2650l7CPN6RM9zOJRl3NGpqSiw3Eg==", + "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" @@ -666,12 +724,14 @@ "version": "2.3.1", "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==", + "dev": true, "license": "ISC" }, "node_modules/detect-indent": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/detect-indent/-/detect-indent-6.1.0.tgz", "integrity": "sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA==", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -681,6 +741,7 @@ "version": "8.0.4", "resolved": "https://registry.npmjs.org/diff/-/diff-8.0.4.tgz", "integrity": "sha512-DPi0FmjiSU5EvQV0++GFDOJ9ASQUVFh5kD+OzOnYdi7n3Wpm9hWWGfB/O2blfHcMVTL5WkQXSnRiK9makhrcnw==", + "dev": true, "license": "BSD-3-Clause", "engines": { "node": ">=0.3.1" @@ -690,6 +751,7 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==", + "dev": true, "license": "MIT", "dependencies": { "domelementtype": "^2.3.0", @@ -704,6 +766,7 @@ "version": "2.3.0", "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==", + "dev": true, "funding": [ { "type": "github", @@ -716,6 +779,7 @@ "version": "5.0.3", "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==", + "dev": true, "license": "BSD-2-Clause", "dependencies": { "domelementtype": "^2.3.0" @@ -731,6 +795,7 @@ "version": "3.2.2", "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz", "integrity": "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==", + "dev": true, "license": "BSD-2-Clause", "dependencies": { "dom-serializer": "^2.0.0", @@ -745,6 +810,7 @@ "version": "5.3.0", "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-5.3.0.tgz", "integrity": "sha512-QM8q3zDe58hqUqjraQOmzZ1LIH9SWQJTlEKCH4kJ2oQvLZk7RbQXvtDM2XEq3fwkV9CCvvH4LA0AV+ogFsBM2Q==", + "dev": true, "license": "MIT", "dependencies": { "is-obj": "^2.0.0" @@ -757,12 +823,14 @@ "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true, "license": "MIT" }, "node_modules/entities": { "version": "4.5.0", "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", + "dev": true, "license": "BSD-2-Clause", "engines": { "node": ">=0.12" @@ -775,6 +843,7 @@ "version": "1.3.4", "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.4.tgz", "integrity": "sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ==", + "dev": true, "license": "MIT", "dependencies": { "is-arrayish": "^0.2.1" @@ -784,6 +853,7 @@ "version": "1.3.0", "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "dev": true, "license": "MIT", "engines": { "node": ">= 0.4" @@ -793,6 +863,7 @@ "version": "3.2.0", "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", + "dev": true, "license": "MIT", "engines": { "node": ">=6" @@ -802,6 +873,7 @@ "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", + "dev": true, "license": "MIT", "engines": { "node": ">=0.8.0" @@ -811,6 +883,7 @@ "version": "3.2.0", "resolved": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", "integrity": "sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==", + "dev": true, "license": "MIT", "dependencies": { "escape-string-regexp": "^1.0.5" @@ -826,6 +899,7 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, "license": "MIT", "dependencies": { "locate-path": "^5.0.0", @@ -839,12 +913,14 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", + "dev": true, "license": "ISC" }, "node_modules/function-bind": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "dev": true, "license": "MIT", "funding": { "url": "https://github.com/sponsors/ljharb" @@ -854,6 +930,7 @@ "version": "2.0.5", "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "dev": true, "license": "ISC", "engines": { "node": "6.* || 8.* || >= 10.*" @@ -864,6 +941,7 @@ "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me", + "dev": true, "license": "ISC", "dependencies": { "fs.realpath": "^1.0.0", @@ -884,12 +962,14 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true, "license": "MIT" }, "node_modules/glob/node_modules/brace-expansion": { "version": "1.1.14", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz", "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==", + "dev": true, "license": "MIT", "dependencies": { "balanced-match": "^1.0.0", @@ -900,6 +980,7 @@ "version": "3.1.5", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz", "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==", + "dev": true, "license": "ISC", "dependencies": { "brace-expansion": "^1.1.7" @@ -912,6 +993,7 @@ "version": "4.7.9", "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz", "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==", + "dev": true, "license": "MIT", "dependencies": { "minimist": "^1.2.5", @@ -933,6 +1015,7 @@ "version": "2.1.0", "resolved": "https://registry.npmjs.org/hard-rejection/-/hard-rejection-2.1.0.tgz", "integrity": "sha512-VIZB+ibDhx7ObhAe7OVtoEbuP4h/MuOTHJ+J8h/eBXotJYl0fBgR72xDFCKgIh22OJZIOVNxBMWuhAr10r8HdA==", + "dev": true, "license": "MIT", "engines": { "node": ">=6" @@ -942,6 +1025,7 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -951,6 +1035,7 @@ "version": "2.0.3", "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz", "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==", + "dev": true, "license": "MIT", "dependencies": { "function-bind": "^1.1.2" @@ -963,6 +1048,7 @@ "version": "1.2.0", "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "dev": true, "license": "MIT", "bin": { "he": "bin/he" @@ -972,6 +1058,7 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.1.0.tgz", "integrity": "sha512-kyCuEOWjJqZuDbRHzL8V93NzQhwIB71oFWSyzVo+KPZI+pnQPPxucdkrOZvkLRnrf5URsQM+IJ09Dw29cRALIA==", + "dev": true, "license": "ISC", "dependencies": { "lru-cache": "^6.0.0" @@ -984,6 +1071,7 @@ "version": "7.0.2", "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz", "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==", + "dev": true, "license": "MIT", "dependencies": { "agent-base": "^7.1.0", @@ -997,6 +1085,7 @@ "version": "7.0.6", "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz", "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==", + "dev": true, "license": "MIT", "dependencies": { "agent-base": "^7.1.2", @@ -1010,6 +1099,7 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -1020,6 +1110,7 @@ "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.", + "dev": true, "license": "ISC", "dependencies": { "once": "^1.3.0", @@ -1030,18 +1121,21 @@ "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true, "license": "ISC" }, "node_modules/is-arrayish": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg==", + "dev": true, "license": "MIT" }, "node_modules/is-core-module": { "version": "2.16.2", "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.2.tgz", "integrity": "sha512-evOr8xfXKxE6qSR0hSXL2r3sd7ALj8+7jQEUvPYcm5sgZFdJ+AYzT6yNmJenvIYQBgIGwfwz08sL8zoL7yq2BA==", + "dev": true, "license": "MIT", "dependencies": { "hasown": "^2.0.3" @@ -1057,6 +1151,7 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -1066,6 +1161,7 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-2.0.0.tgz", "integrity": "sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w==", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -1075,6 +1171,7 @@ "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", "integrity": "sha512-yvkRyxmFKEOQ4pNXCmJG5AEQNlXJS5LaONXo5/cLdTZdWvsZ1ioJEonLGAosKlMWE8lwUy/bJzMjcw8az73+Fg==", + "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" @@ -1084,12 +1181,14 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "dev": true, "license": "MIT" }, "node_modules/js-yaml": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", + "dev": true, "license": "MIT", "dependencies": { "argparse": "^2.0.1" @@ -1102,6 +1201,7 @@ "version": "1.4.0", "resolved": "https://registry.npmjs.org/jsep/-/jsep-1.4.0.tgz", "integrity": "sha512-B7qPcEVE3NVkmSJbaYxvv4cHkVW7DQsZz13pUMrfS8z8Q/BuShN+gcTXrUlPiGqM2/t/EEaI030bpxMqY8gMlw==", + "dev": true, "license": "MIT", "engines": { "node": ">= 10.16.0" @@ -1111,18 +1211,21 @@ "version": "2.3.1", "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", + "dev": true, "license": "MIT" }, "node_modules/json-stringify-safe": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", + "dev": true, "license": "ISC" }, "node_modules/jsonpath-plus": { "version": "10.4.0", "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.4.0.tgz", "integrity": "sha512-T92WWatJXmhBbKsgH/0hl+jxjdXrifi5IKeMY02DWggRxX0UElcbVzPlmgLTbvsPeW1PasQ6xE2Q75stkhGbsA==", + "dev": true, "license": "MIT", "dependencies": { "@jsep-plugin/assignment": "^1.3.0", @@ -1141,6 +1244,7 @@ "version": "6.0.3", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" @@ -1150,12 +1254,14 @@ "version": "1.2.4", "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", + "dev": true, "license": "MIT" }, "node_modules/locate-path": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, "license": "MIT", "dependencies": { "p-locate": "^4.1.0" @@ -1168,12 +1274,14 @@ "version": "4.4.0", "resolved": "https://registry.npmjs.org/lodash.ismatch/-/lodash.ismatch-4.4.0.tgz", "integrity": "sha512-fPMfXjGQEV9Xsq/8MTSgUf255gawYRbjwMyDbcvDhXgV7enSZA0hynz6vMPnpAb5iONEzBHBPsT+0zes5Z301g==", + "dev": true, "license": "MIT" }, "node_modules/lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dev": true, "license": "ISC", "dependencies": { "yallist": "^4.0.0" @@ -1186,6 +1294,7 @@ "version": "4.3.0", "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-4.3.0.tgz", "integrity": "sha512-hdN1wVrZbb29eBGiGjJbeP8JbKjq1urkHJ/LIP/NY48MZ1QVXUsQBV1G1zvYFHn1XE06cwjBsOI2K3Ulnj1YXQ==", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -1198,6 +1307,7 @@ "version": "8.1.2", "resolved": "https://registry.npmjs.org/meow/-/meow-8.1.2.tgz", "integrity": "sha512-r85E3NdZ+mpYk1C6RjPFEMSE+s1iZMuHtsHAqY0DT3jZczl0diWUZ8g6oU7h0M9cD2EL+PzaYghhCLzR0ZNn5Q==", + "dev": true, "license": "MIT", "dependencies": { "@types/minimist": "^1.2.0", @@ -1223,6 +1333,7 @@ "version": "0.18.1", "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.18.1.tgz", "integrity": "sha512-OIAYXk8+ISY+qTOwkHtKqzAuxchoMiD9Udx+FSGQDuiRR+PJKJHc2NJAXlbhkGwTt/4/nKZxELY1w3ReWOL8mw==", + "dev": true, "license": "(MIT OR CC0-1.0)", "engines": { "node": ">=10" @@ -1235,6 +1346,7 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==", + "dev": true, "license": "MIT", "engines": { "node": ">=4" @@ -1244,6 +1356,7 @@ "version": "10.2.5", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz", "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==", + "dev": true, "license": "BlueOak-1.0.0", "dependencies": { "brace-expansion": "^5.0.5" @@ -1259,6 +1372,7 @@ "version": "1.2.8", "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "dev": true, "license": "MIT", "funding": { "url": "https://github.com/sponsors/ljharb" @@ -1268,6 +1382,7 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/minimist-options/-/minimist-options-4.1.0.tgz", "integrity": "sha512-Q4r8ghd80yhO/0j1O3B2BjweX3fiHg9cdOwjJd2J76Q135c+NDxGCqdYKQ1SKBuFfgWbAUzBfvYjPUEeNgqN1A==", + "dev": true, "license": "MIT", "dependencies": { "arrify": "^1.0.1", @@ -1282,6 +1397,7 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/modify-values/-/modify-values-1.0.1.tgz", "integrity": "sha512-xV2bxeN6F7oYjZWTe/YPAy6MN2M+sL4u/Rlm2AHCIVGfo2p1yGmBHQ6vHehl4bRTZBdHu3TSkWdYgkwpYzAGSw==", + "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" @@ -1291,18 +1407,21 @@ "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true, "license": "MIT" }, "node_modules/neo-async": { "version": "2.6.2", "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==", + "dev": true, "license": "MIT" }, "node_modules/node-html-parser": { "version": "6.1.13", "resolved": "https://registry.npmjs.org/node-html-parser/-/node-html-parser-6.1.13.tgz", "integrity": "sha512-qIsTMOY4C/dAa5Q5vsobRpOOvPfC4pB61UVW2uSwZNUp0QU/jCekTal1vMmbO0DgdHeLUJpv/ARmDqErVxA3Sg==", + "dev": true, "license": "MIT", "dependencies": { "css-select": "^5.1.0", @@ -1313,6 +1432,7 @@ "version": "3.0.3", "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-3.0.3.tgz", "integrity": "sha512-p2W1sgqij3zMMyRC067Dg16bfzVH+w7hyegmpIvZ4JNjqtGOVAIvLmjBx3yP7YTe9vKJgkoNOPjwQGogDoMXFA==", + "dev": true, "license": "BSD-2-Clause", "dependencies": { "hosted-git-info": "^4.0.1", @@ -1328,6 +1448,7 @@ "version": "2.1.1", "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz", "integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==", + "dev": true, "license": "BSD-2-Clause", "dependencies": { "boolbase": "^1.0.0" @@ -1340,6 +1461,7 @@ "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dev": true, "license": "ISC", "dependencies": { "wrappy": "1" @@ -1349,6 +1471,7 @@ "version": "2.3.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, "license": "MIT", "dependencies": { "p-try": "^2.0.0" @@ -1364,6 +1487,7 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, "license": "MIT", "dependencies": { "p-limit": "^2.2.0" @@ -1376,6 +1500,7 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, "license": "MIT", "engines": { "node": ">=6" @@ -1385,18 +1510,21 @@ "version": "0.11.1", "resolved": "https://registry.npmjs.org/parse-diff/-/parse-diff-0.11.1.tgz", "integrity": "sha512-Oq4j8LAOPOcssanQkIjxosjATBIEJhCxMCxPhMu+Ci4wdNmAEdx0O+a7gzbR2PyKXgKPvRLIN5g224+dJAsKHA==", + "dev": true, "license": "MIT" }, "node_modules/parse-github-repo-url": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/parse-github-repo-url/-/parse-github-repo-url-1.4.1.tgz", "integrity": "sha512-bSWyzBKqcSL4RrncTpGsEKoJ7H8a4L3++ifTAbTFeMHyq2wRV+42DGmQcHIrJIvdcacjIOxEuKH/w4tthF17gg==", + "dev": true, "license": "MIT" }, "node_modules/parse-json": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==", + "dev": true, "license": "MIT", "dependencies": { "@babel/code-frame": "^7.0.0", @@ -1415,6 +1543,7 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -1424,6 +1553,7 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", + "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" @@ -1433,18 +1563,21 @@ "version": "1.0.7", "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "dev": true, "license": "MIT" }, "node_modules/picocolors": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "dev": true, "license": "ISC" }, "node_modules/quick-lru": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-4.0.1.tgz", "integrity": "sha512-ARhCpm70fzdcvNQfPoy49IaanKkTlRWF2JMzqhcJbhSFRZv7nPTvZJdcY7301IPmvW+/p0RgIWnQDLJxifsQ7g==", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -1454,6 +1587,7 @@ "version": "5.2.0", "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", "integrity": "sha512-Ug69mNOpfvKDAc2Q8DRpMjjzdtrnv9HcSMX+4VsZxD1aZ6ZzrIE7rlzXBtWTyhULSMKg076AW6WR5iZpD0JiOg==", + "dev": true, "license": "MIT", "dependencies": { "@types/normalize-package-data": "^2.4.0", @@ -1469,6 +1603,7 @@ "version": "7.0.1", "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", "integrity": "sha512-zK0TB7Xd6JpCLmlLmufqykGE+/TlOePD6qKClNW7hHDKFh/J7/7gCWGR7joEQEW1bKq3a3yUZSObOoWLFQ4ohg==", + "dev": true, "license": "MIT", "dependencies": { "find-up": "^4.1.0", @@ -1486,6 +1621,7 @@ "version": "0.8.1", "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==", + "dev": true, "license": "(MIT OR CC0-1.0)", "engines": { "node": ">=8" @@ -1495,12 +1631,14 @@ "version": "2.8.9", "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", + "dev": true, "license": "ISC" }, "node_modules/read-pkg/node_modules/normalize-package-data": { "version": "2.5.0", "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==", + "dev": true, "license": "BSD-2-Clause", "dependencies": { "hosted-git-info": "^2.1.4", @@ -1513,6 +1651,7 @@ "version": "5.7.2", "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", + "dev": true, "license": "ISC", "bin": { "semver": "bin/semver" @@ -1522,6 +1661,7 @@ "version": "0.6.0", "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", "integrity": "sha512-q+MB8nYR1KDLrgr4G5yemftpMC7/QLqVndBmEEdqzmNj5dcFOO4Oo8qlwZE3ULT3+Zim1F8Kq4cBnikNhlCMlg==", + "dev": true, "license": "(MIT OR CC0-1.0)", "engines": { "node": ">=8" @@ -1531,6 +1671,7 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/redent/-/redent-3.0.0.tgz", "integrity": "sha512-6tDA8g98We0zd0GvVeMT9arEOnTw9qM03L9cJXaCjrip1OO764RDBLBfrB4cwzNGDj5OA5ioymC9GkizgWJDUg==", + "dev": true, "license": "MIT", "dependencies": { "indent-string": "^4.0.0", @@ -1544,6 +1685,7 @@ "version": "17.3.0", "resolved": "https://registry.npmjs.org/release-please/-/release-please-17.3.0.tgz", "integrity": "sha512-dB7HsFUpAvU1Wj9RGCINUz8Zi2qQDZiGbDEEVnJ7baNfJmk5XdYhuUFL6RcuDGjReGhp1gzY8Tc2g7vHlM4zpg==", + "dev": true, "license": "Apache-2.0", "dependencies": { "@conventional-commits/parser": "^0.4.1", @@ -1589,6 +1731,7 @@ "version": "2.1.1", "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", + "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" @@ -1598,6 +1741,7 @@ "version": "1.22.12", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz", "integrity": "sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==", + "dev": true, "license": "MIT", "dependencies": { "es-errors": "^1.3.0", @@ -1619,6 +1763,7 @@ "version": "0.13.1", "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==", + "dev": true, "license": "MIT", "engines": { "node": ">= 4" @@ -1628,6 +1773,7 @@ "version": "7.8.1", "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz", "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==", + "dev": true, "license": "ISC", "bin": { "semver": "bin/semver.js" @@ -1640,6 +1786,7 @@ "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, "license": "BSD-3-Clause", "engines": { "node": ">=0.10.0" @@ -1649,6 +1796,7 @@ "version": "3.2.0", "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", "integrity": "sha512-kN9dJbvnySHULIluDHy32WHRUu3Og7B9sbY7tsFLctQkIqnMh3hErYgdMjTYuqmcXX+lK5T1lnUt3G7zNswmZA==", + "dev": true, "license": "Apache-2.0", "dependencies": { "spdx-expression-parse": "^3.0.0", @@ -1659,12 +1807,14 @@ "version": "2.5.0", "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", "integrity": "sha512-PiU42r+xO4UbUS1buo3LPJkjlO7430Xn5SVAhdpzzsPHsjbYVflnnFdATgabnLude+Cqu25p6N+g2lw/PFsa4w==", + "dev": true, "license": "CC-BY-3.0" }, "node_modules/spdx-expression-parse": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", "integrity": "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==", + "dev": true, "license": "MIT", "dependencies": { "spdx-exceptions": "^2.1.0", @@ -1675,12 +1825,14 @@ "version": "3.0.23", "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.23.tgz", "integrity": "sha512-CWLcCCH7VLu13TgOH+r8p1O/Znwhqv/dbb6lqWy67G+pT1kHmeD/+V36AVb/vq8QMIQwVShJ6Ssl5FPh0fuSdw==", + "dev": true, "license": "CC0-1.0" }, "node_modules/split": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/split/-/split-1.0.1.tgz", "integrity": "sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg==", + "dev": true, "license": "MIT", "dependencies": { "through": "2" @@ -1693,6 +1845,7 @@ "version": "4.2.3", "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, "license": "MIT", "dependencies": { "emoji-regex": "^8.0.0", @@ -1707,6 +1860,7 @@ "version": "6.0.1", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, "license": "MIT", "dependencies": { "ansi-regex": "^5.0.1" @@ -1719,6 +1873,7 @@ "version": "3.0.0", "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", "integrity": "sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==", + "dev": true, "license": "MIT", "dependencies": { "min-indent": "^1.0.0" @@ -1731,6 +1886,7 @@ "version": "7.2.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, "license": "MIT", "dependencies": { "has-flag": "^4.0.0" @@ -1743,6 +1899,7 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "dev": true, "license": "MIT", "engines": { "node": ">= 0.4" @@ -1755,12 +1912,14 @@ "version": "2.3.8", "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", "integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==", + "dev": true, "license": "MIT" }, "node_modules/trim-newlines": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-3.0.1.tgz", "integrity": "sha512-c1PTsA3tYrIsLGkJkzHF+w9F2EyxfXGo4UyJc4pFL++FMjnq0HJS69T3M7d//gKrFKwy429bouPescbjecU+Zw==", + "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -1770,6 +1929,7 @@ "version": "3.13.1", "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-3.13.1.tgz", "integrity": "sha512-tLq3bSNx+xSpwvAJnzrK0Ep5CLNWjvFTOp71URMaAEWBfRb9nnJiBoUe0tF8bI4ZFO3omgBR6NvnbzVUT3Ly4g==", + "dev": true, "license": "(MIT OR CC0-1.0)", "engines": { "node": ">=14.16" @@ -1782,6 +1942,7 @@ "version": "4.9.5", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", "integrity": "sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==", + "dev": true, "license": "Apache-2.0", "bin": { "tsc": "bin/tsc", @@ -1795,6 +1956,7 @@ "version": "3.19.3", "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.19.3.tgz", "integrity": "sha512-v3Xu+yuwBXisp6QYTcH4UbH+xYJXqnq2m/LtQVWKWzYc1iehYnLixoQDN9FH6/j9/oybfd6W9Ghwkl8+UMKTKQ==", + "dev": true, "license": "BSD-2-Clause", "optional": true, "bin": { @@ -1808,6 +1970,7 @@ "version": "4.1.0", "resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-4.1.0.tgz", "integrity": "sha512-ZOQSsnce92GrxSqlnEEseX0gi7GH9zTJZ0p9dtu87WRb/37mMPO2Ilx1s/t9vBHrFhbgweUwb+t7cIn5dxPhZg==", + "dev": true, "license": "MIT", "funding": { "type": "opencollective", @@ -1818,6 +1981,7 @@ "version": "2.0.3", "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-2.0.3.tgz", "integrity": "sha512-iJ4/RczbJMkD0712mGktuGpm/U4By4FfDonL7N/9tATGIF4imikjOuagyMY53tnZq3NP6BcmlrHhEKAfGWjh7Q==", + "dev": true, "license": "MIT", "dependencies": { "@types/unist": "^2.0.0", @@ -1833,6 +1997,7 @@ "version": "3.1.1", "resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-3.1.1.tgz", "integrity": "sha512-1KROIZWo6bcMrZEwiH2UrXDyalAa0uqzWCxCJj6lPOvTve2WkfgCytoDTPaMnodXh1WrXOq0haVYHj99ynJlsg==", + "dev": true, "license": "MIT", "dependencies": { "@types/unist": "^2.0.0", @@ -1847,12 +2012,14 @@ "version": "6.0.1", "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.1.tgz", "integrity": "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ==", + "dev": true, "license": "ISC" }, "node_modules/validate-npm-package-license": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==", + "dev": true, "license": "Apache-2.0", "dependencies": { "spdx-correct": "^3.0.0", @@ -1863,12 +2030,14 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==", + "dev": true, "license": "MIT" }, "node_modules/wrap-ansi": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, "license": "MIT", "dependencies": { "ansi-styles": "^4.0.0", @@ -1886,12 +2055,14 @@ "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "dev": true, "license": "ISC" }, "node_modules/xpath": { "version": "0.0.34", "resolved": "https://registry.npmjs.org/xpath/-/xpath-0.0.34.tgz", "integrity": "sha512-FxF6+rkr1rNSQrhUNYrAFJpRXNzlDoMxeXN5qI84939ylEv3qqPFKa85Oxr6tDaJKqwW6KKyo2v26TSv3k6LeA==", + "dev": true, "license": "MIT", "engines": { "node": ">=0.6.0" @@ -1901,6 +2072,7 @@ "version": "5.0.8", "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true, "license": "ISC", "engines": { "node": ">=10" @@ -1910,12 +2082,14 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "dev": true, "license": "ISC" }, "node_modules/yaml": { "version": "2.9.0", "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.9.0.tgz", "integrity": "sha512-2AvhNX3mb8zd6Zy7INTtSpl1F15HW6Wnqj0srWlkKLcpYl/gMIMJiyuGq2KeI2YFxUPjdlB+3Lc10seMLtL4cA==", + "dev": true, "license": "ISC", "bin": { "yaml": "bin.mjs" @@ -1931,6 +2105,7 @@ "version": "17.7.2", "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==", + "dev": true, "license": "MIT", "dependencies": { "cliui": "^8.0.1", @@ -1949,6 +2124,7 @@ "version": "20.2.9", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz", "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==", + "dev": true, "license": "ISC", "engines": { "node": ">=10" @@ -1958,6 +2134,7 @@ "version": "21.1.1", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", + "dev": true, "license": "ISC", "engines": { "node": ">=12" diff --git a/tests/release-please/package.json b/tests/release-please/package.json index a3fc150..a622504 100644 --- a/tests/release-please/package.json +++ b/tests/release-please/package.json @@ -6,7 +6,7 @@ "scripts": { "validate": "node validate-uv-lock-updater.js" }, - "dependencies": { + "devDependencies": { "release-please": "17.3.0" } } From 0cc47c1fc94e6bfd71d58d35b01a45e5fb042aed Mon Sep 17 00:00:00 2001 From: Igor Gentil Date: Fri, 22 May 2026 12:20:01 +1000 Subject: [PATCH 6/6] chore(openspec): tick off section 9; mark 10.2/11.x as deferred MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI is green on PR #21: - secure-workflows.yml pass - ci.yml matrix (10 entries) pass — proves --locked works post-fix - lint + typecheck pass - cfn-lint over examples pass - review dependencies pass (after the devDependencies fix) - analyze (python) pass 10.2 (validate the extra-files behaviour against a real release- please PR) and 11.x (archive the change) are deferred: they require the next feat:/fix: merge to actually exercise release-please's release-PR generation. This PR's commit prefix (ci:) does not trigger a release. Annotates each deferred task with the explicit blocker so a future reader doesn't think they're outstanding. --- .../changes/release-please-sync-uv-lock/tasks.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/openspec/changes/release-please-sync-uv-lock/tasks.md b/openspec/changes/release-please-sync-uv-lock/tasks.md index 3ce0674..ca00b98 100644 --- a/openspec/changes/release-please-sync-uv-lock/tasks.md +++ b/openspec/changes/release-please-sync-uv-lock/tasks.md @@ -60,19 +60,19 @@ be dropped. ## 9. Cloud CI on the PR -- [ ] 9.1 Verify `secure-workflows.yml` re-validates SHA-pins and reports SUCCESS (no SHA changes in this PR) -- [ ] 9.2 Verify `ci.yml` matrix + lint pass under the new `--locked` install (proves the catch-up worked end-to-end) -- [ ] 9.3 Confirm `examples-lint.yml` does not trigger (no examples changes); not required for merge anyway -- [ ] 9.4 Verify `analyze (python)` and `review dependencies` complete +- [x] 9.1 Verify `secure-workflows.yml` re-validates SHA-pins and reports SUCCESS (no SHA changes in this PR) +- [x] 9.2 Verify `ci.yml` matrix + lint pass under the new `--locked` install (proves the catch-up worked end-to-end). All 10 matrix entries (5 Python × 2 architectures) pass. +- [x] 9.3 Confirm `examples-lint.yml` does not trigger (no examples changes); not required for merge anyway. **Note**: actually triggered on this PR (the workflow has no path filter on PRs that don't touch examples — it always runs and reports green when there's nothing to lint). Reported `pass` regardless. +- [x] 9.4 Verify `analyze (python)` and `review dependencies` complete. **Note**: the first run of `review dependencies` failed because `release-please` was declared under `dependencies` (which the action treats as runtime-scoped). Fixed in commit `b44032b` by moving it to `devDependencies`; second run passed. ## 10. Merge + first post-merge release -- [ ] 10.1 Squash-merge with title `ci(release): sync uv.lock from release-please and flip CI to --locked`. The `ci:` prefix produces no version bump -- [ ] 10.2 The merge does NOT itself trigger a release. The next `feat:`/`fix:` merge will be the first to exercise the `extra-files` behaviour. Watch that release-please run end-to-end: +- [x] 10.1 Squash-merge with title `ci(release): sync uv.lock from release-please and flip CI to --locked`. The `ci:` prefix produces no version bump +- [ ] 10.2 **Deferred — blocked on the next `feat:`/`fix:` merge.** This change is a `ci:` commit, so release-please will not open a release PR purely from this merge. The first post-merge `feat:`/`fix:` will be the first to exercise the `extra-files` behaviour. Watch that release-please run end-to-end: - The release PR diff includes the `uv.lock` self-version line (`cfn-handler` `[[package]]` block, `version = "X.Y.Z"`) - Squash-merging the release PR triggers the full downstream pipeline AND the post-merge `ci.yml` on `main` passes under `--locked` (proves the source-of-drift fix is correct) ## 11. Archive -- [ ] 11.1 After step 10.2 confirms in production, run `openspec archive release-please-sync-uv-lock` -- [ ] 11.2 Verify the MODIFIED requirement merges into `openspec/specs/ci-infrastructure/spec.md` correctly (replaces the old `--frozen` requirement) +- [ ] 11.1 **Deferred — blocked on 10.2.** After step 10.2 confirms in production, run `openspec archive release-please-sync-uv-lock` +- [ ] 11.2 **Deferred — blocked on 10.2.** Verify the MODIFIED requirement merges into `openspec/specs/ci-infrastructure/spec.md` correctly (replaces the old `--frozen` requirement)