diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e6e142905110..eddc9a9f5627 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -238,6 +238,7 @@ jobs: include: ${{ fromJSON(needs.artifacts.outputs.testable-packages) }} with: build-artifact-name: ${{ matrix.artifact }} + runs-on: ${{ github.repository == 'hashicorp/vault' && '"ubuntu-latest"' || '["self-hosted","linux","small"]' }} sample-max: 1 sample-name: ${{ matrix.sample }} ssh-key-name: ${{ github.event.repository.name }}-ci-ssh-key diff --git a/.github/workflows/test-run-enos-scenario-matrix.yml b/.github/workflows/test-run-enos-scenario-matrix.yml index 535e971da9c4..ca5f71e0e71b 100644 --- a/.github/workflows/test-run-enos-scenario-matrix.yml +++ b/.github/workflows/test-run-enos-scenario-matrix.yml @@ -44,20 +44,38 @@ on: jobs: metadata: runs-on: ${{ fromJSON(inputs.runs-on) }} + permissions: + id-token: write # vault-auth + contents: read outputs: build-date: ${{ steps.metadata.outputs.build-date }} + is-enterprise: ${{ steps.metadata.outputs.is-enterprise }} sample: ${{ steps.metadata.outputs.sample }} vault-version: ${{ steps.metadata.outputs.vault-version }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.vault-revision }} + - if: inputs.vault-edition != 'ce' + id: vault-auth + name: Vault Authenticate + run: vault-auth + - if: inputs.vault-edition != 'ce' + id: vault-secrets + name: Fetch Vault Secrets + uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 + with: + url: ${{ steps.vault-auth.outputs.addr }} + caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} + token: ${{ steps.vault-auth.outputs.token }} + secrets: | + kv/data/github/${{ github.repository }}/github-token token | ELEVATED_GITHUB_TOKEN; - uses: hashicorp/action-setup-enos@v1 with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} + github-token: ${{ inputs.vault-edition == 'ce' && secrets.ELEVATED_GITHUB_TOKEN || steps.vault-secrets.outputs.ELEVATED_GITHUB_TOKEN }} - uses: ./.github/actions/create-dynamic-config with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} + github-token: ${{ inputs.vault-edition == 'ce' && secrets.ELEVATED_GITHUB_TOKEN || steps.vault-secrets.outputs.ELEVATED_GITHUB_TOKEN }} vault-version: ${{ inputs.vault-version }} vault-edition: ${{ inputs.vault-edition }} - id: metadata @@ -78,9 +96,10 @@ jobs: sample=$(enos scenario sample observe "${{ inputs.sample-name }}" --chdir ./enos --min 1 --max "${{ inputs.sample-max }}" --seed "${sample_seed}" --format json | jq -c ".observation.elements") { echo "build-date=${build_date}" - echo "vault-version=${vault_version}" + echo "is-enterprise=${{ inputs.vault-edition != 'ce' }}" echo "sample=${sample}" echo "sample-seed=${sample_seed}" # This isn't used outside of here but is nice to know for duplicating observations + echo "vault-version=${vault_version}" } | tee -a "$GITHUB_OUTPUT" # Run the Enos test scenario(s) @@ -92,33 +111,99 @@ jobs: matrix: include: ${{ fromJSON(needs.metadata.outputs.sample) }} runs-on: ${{ fromJSON(inputs.runs-on) }} - env: - GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - # Pass in enos variables - ENOS_VAR_aws_region: ${{ matrix.attributes.aws_region }} - ENOS_VAR_aws_ssh_keypair_name: ${{ inputs.ssh-key-name }} - ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem - ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }} - ENOS_VAR_artifactory_username: ${{ secrets.ARTIFACTORY_USER }} - ENOS_VAR_artifactory_token: ${{ secrets.ARTIFACTORY_TOKEN }} - ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache - ENOS_VAR_vault_artifact_path: ./support/downloads/${{ inputs.build-artifact-name }} - ENOS_VAR_vault_build_date: ${{ needs.metadata.outputs.build-date }} - ENOS_VAR_vault_product_version: ${{ needs.metadata.outputs.vault-version }} - ENOS_VAR_vault_revision: ${{ inputs.vault-revision }} - ENOS_VAR_vault_upgrade_initial_version: ${{ matrix.attributes.upgrade_initial_version }} - ENOS_VAR_consul_license_path: ./support/consul.hclic - ENOS_VAR_vault_license_path: ./support/vault.hclic - ENOS_VAR_distro_version_amzz: ${{ matrix.attributes.distro_version_amzn }} - ENOS_VAR_distro_version_leap: ${{ matrix.attributes.distro_version_leap }} - ENOS_VAR_distro_version_rhel: ${{ matrix.attributes.distro_version_rhel }} - ENOS_VAR_distro_version_sles: ${{ matrix.attributes.distro_version_sles }} - ENOS_VAR_distro_version_ubuntu: ${{ matrix.attributes.distro_version_ubuntu }} - ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data + permissions: + id-token: write # vault-auth + contents: read steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.vault-revision }} + - if: needs.metadata.outputs.is-enterprise == 'true' + id: vault-auth + name: Vault Authenticate + run: vault-auth + - if: needs.metadata.outputs.is-enterprise == 'true' + id: vault-secrets + name: Fetch Vault Secrets + uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 + with: + url: ${{ steps.vault-auth.outputs.addr }} + caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} + token: ${{ steps.vault-auth.outputs.token }} + secrets: | + kv/data/github/${{ github.repository }}/artifactory token | ARTIFACTORY_TOKEN; + kv/data/github/${{ github.repository }}/artifactory username | ARTIFACTORY_USER; + kv/data/github/${{ github.repository }}/aws access-key-id | AWS_ACCESS_KEY_ID_CI; + kv/data/github/${{ github.repository }}/aws secret-access-key | AWS_SECRET_ACCESS_KEY_CI; + kv/data/github/${{ github.repository }}/aws role-arn | AWS_ROLE_ARN_CI; + kv/data/github/${{ github.repository }}/consul license | CONSUL_LICENSE; + kv/data/github/${{ github.repository }}/vault-radar license | RADAR_LICENSE; + kv/data/github/${{ github.repository }}/enos slack-webhook-url | SLACK_WEBHOOK_URL; + kv/data/github/${{ github.repository }}/enos ssh-key | SSH_KEY_PRIVATE_CI; + kv/data/github/${{ github.repository }}/license license_1 | VAULT_LICENSE; + kv/data/github/${{ github.repository }}/github-token token | ELEVATED_GITHUB_TOKEN; + - id: secrets + run: | + if [[ "${{ needs.metadata.outputs.is-enterprise }}" != 'true' ]]; then + { + echo "artifactory-user=${{ secrets.ARTIFACTORY_USER }}" + echo "artifactory-token=${{ secrets.ARTIFACTORY_TOKEN }}" + echo "aws-access-key-id=${{ secrets.AWS_ACCESS_KEY_ID_CI }}" + echo "aws-secret-access-key=${{ secrets.AWS_SECRET_ACCESS_KEY_CI }}" + echo "aws-role-arn=${{ secrets.AWS_ROLE_ARN_CI }}" + echo "consul-license=${{ secrets.CONSUL_LICENSE }}" + echo "github-token=${{ secrets.ELEVATED_GITHUB_TOKEN }}" + echo "radar-license=${{ secrets.RADAR_LICENSE }}" + echo "slack-webhook-url=${{ secrets.SLACK_WEBHOOK_URL }}" + echo 'ssh-key< "./enos/support/private_key.pem" + echo "${{ steps.secrets.outputs.ssh-key }}" > "./enos/support/private_key.pem" chmod 600 "./enos/support/private_key.pem" + sha256sum "./enos/support/private_key.pem" + du -h "./enos/support/private_key.pem" echo "debug_data_artifact_name=enos-debug-data_$(echo "${{ matrix.scenario }}" | sed -e 's/ /_/g' | sed -e 's/:/=/g')" >> "$GITHUB_OUTPUT" - if: contains(inputs.sample-name, 'build') uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -154,24 +241,26 @@ jobs: path: ./enos/support/downloads - if: contains(inputs.sample-name, 'ent') name: Configure Vault license - run: echo "${{ secrets.VAULT_LICENSE }}" > ./enos/support/vault.hclic || true + run: echo "${{ steps.secrets.outputs.vault-license }}" > ./enos/support/vault.hclic || true - if: contains(matrix.scenario.id.filter, 'consul_edition:ent') name: Configure Consul license run: | - echo "matrix.scenario.id.filter: ${{ matrix.scenario.id.filter }}" - echo "${{ secrets.CONSUL_LICENSE }}" > ./enos/support/consul.hclic || true + echo "${{ steps.secrets.outputs.consul-license }}" > ./enos/support/consul.hclic || true + - name: Configure Vault Radar license + run: | + echo "${{ steps.secrets.outputs.radar-license }}" > ./enos/support/vault-radar.hclic || true - id: launch name: enos scenario launch ${{ matrix.scenario.id.filter }} # Continue once and retry to handle occasional blips when creating infrastructure. continue-on-error: true - run: enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }} + run: enos scenario launch --timeout 45m0s --chdir ./enos ${{ matrix.scenario.id.filter }} - if: steps.launch.outcome == 'failure' id: launch_retry name: Retry enos scenario launch ${{ matrix.scenario.id.filter }} - run: enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }} + run: enos scenario launch --timeout 45m0s --chdir ./enos ${{ matrix.scenario.id.filter }} - name: Upload Debug Data if: failure() - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: # The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals. name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }} @@ -182,12 +271,12 @@ jobs: id: destroy name: enos scenario destroy ${{ matrix.scenario.id.filter }} continue-on-error: true - run: enos scenario destroy --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }} + run: enos scenario destroy --timeout 10m0s --chdir ./enos ${{ matrix.scenario.id.filter }} - if: steps.destroy.outcome == 'failure' id: destroy_retry name: Retry enos scenario destroy ${{ matrix.scenario.id.filter }} continue-on-error: true - run: enos scenario destroy --timeout 60m0s --chdir ./enos ${{ matrix.scenario.id.filter }} + run: enos scenario destroy --timeout 10m0s --chdir ./enos ${{ matrix.scenario.id.filter }} - name: Clean up Enos runtime directories id: cleanup if: ${{ always() }} @@ -205,25 +294,25 @@ jobs: with: failure-message: "enos scenario launch ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`" status: ${{ steps.launch.outcome }} - slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} + slack-webhook-url: ${{ steps.secrets.outputs.slack-webhook-url }} - if: ${{ always() && ! cancelled() }} name: Notify retry launch failed uses: hashicorp/actions-slack-status@v2.0.1 with: failure-message: "retry enos scenario launch ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`" status: ${{ steps.launch_retry.outcome }} - slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} + slack-webhook-url: ${{ steps.secrets.outputs.slack-webhook-url }} - if: ${{ always() && ! cancelled() }} name: Notify destroy failed uses: hashicorp/actions-slack-status@v2.0.1 with: failure-message: "enos scenario destroy ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`" status: ${{ steps.destroy.outcome }} - slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} + slack-webhook-url: ${{ steps.secrets.outputs.slack-webhook-url }} - if: ${{ always() && ! cancelled() }} name: Notify retry destroy failed uses: hashicorp/actions-slack-status@v2.0.1 with: failure-message: "retry enos scenario destroy ${{ matrix.scenario.id.filter}} failed. \nTriggering event: `${{ github.event_name }}` \nActor: `${{ github.actor }}`" status: ${{ steps.destroy_retry.outcome }} - slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} + slack-webhook-url: ${{ steps.secrets.outputs.slack-webhook-url }} diff --git a/.go-version b/.go-version index 229a27c6f204..ac1df3fce34b 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.8 +1.23.3 diff --git a/CODEOWNERS b/CODEOWNERS index d4282db1147e..4d3ceb295bec 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -28,12 +28,12 @@ /plugins/ @hashicorp/vault-ecosystem /vault/plugin_catalog.go @hashicorp/vault-ecosystem -/website/content/ @hashicorp/vault-education-approvers -/website/content/docs/plugin-portal.mdx @acahn @hashicorp/vault-education-approvers +# Content on developer.hashicorp.com +/website/ @hashicorp/vault-education-approvers # Plugin docs -/website/content/docs/plugins/ @hashicorp/vault-ecosystem @hashicorp/vault-education-approvers -/website/content/docs/upgrading/plugins.mdx @hashicorp/vault-ecosystem @hashicorp/vault-education-approvers +/website/content/docs/plugins/ @hashicorp/vault-ecosystem +/website/content/docs/upgrading/plugins.mdx @hashicorp/vault-ecosystem /ui/ @hashicorp/vault-ui # UI code related to Vault's JWT/OIDC auth method and OIDC provider. diff --git a/builtin/credential/okta/backend.go b/builtin/credential/okta/backend.go index 96507f7879c1..92b30a2c61e4 100644 --- a/builtin/credential/okta/backend.go +++ b/builtin/credential/okta/backend.go @@ -13,7 +13,7 @@ import ( "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/cidrutil" "github.com/hashicorp/vault/sdk/logical" - "github.com/okta/okta-sdk-golang/v2/okta" + "github.com/okta/okta-sdk-golang/v5/okta" "github.com/patrickmn/go-cache" ) @@ -118,6 +118,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username, pas StateToken string `json:"stateToken"` } + // The okta-sdk-golang API says to construct your own requests for auth, and the Request Executor is gone, so authReq, err := shim.NewRequest("POST", "authn", map[string]interface{}{ "username": username, "password": password, @@ -129,9 +130,6 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username, pas var result authResult rsp, err := shim.Do(authReq, &result) if err != nil { - if oe, ok := err.(*okta.Error); ok { - return nil, logical.ErrorResponse("Okta auth failed: %v (code=%v)", err, oe.ErrorCode), nil, nil - } return nil, logical.ErrorResponse(fmt.Sprintf("Okta auth failed: %v", err)), nil, nil } if rsp == nil { @@ -370,23 +368,23 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username, pas return policies, oktaResponse, allGroups, nil } -func (b *backend) getOktaGroups(ctx context.Context, client *okta.Client, user *okta.User) ([]string, error) { - groups, resp, err := client.User.ListUserGroups(ctx, user.Id) +func (b *backend) getOktaGroups(ctx context.Context, client *okta.APIClient, user *okta.User) ([]string, error) { + groups, resp, err := client.UserAPI.ListUserGroups(ctx, user.GetId()).Execute() if err != nil { return nil, err } oktaGroups := make([]string, 0, len(groups)) for _, group := range groups { - oktaGroups = append(oktaGroups, group.Profile.Name) + oktaGroups = append(oktaGroups, group.Profile.GetName()) } for resp.HasNextPage() { var nextGroups []*okta.Group - resp, err = resp.Next(ctx, &nextGroups) + resp, err = resp.Next(&nextGroups) if err != nil { return nil, err } for _, group := range nextGroups { - oktaGroups = append(oktaGroups, group.Profile.Name) + oktaGroups = append(oktaGroups, group.Profile.GetName()) } } if b.Logger().IsDebug() { diff --git a/builtin/credential/okta/backend_test.go b/builtin/credential/okta/backend_test.go index b347524656a8..d50c5b93e6e2 100644 --- a/builtin/credential/okta/backend_test.go +++ b/builtin/credential/okta/backend_test.go @@ -17,8 +17,7 @@ import ( "github.com/hashicorp/vault/sdk/helper/logging" "github.com/hashicorp/vault/sdk/helper/policyutil" "github.com/hashicorp/vault/sdk/logical" - "github.com/okta/okta-sdk-golang/v2/okta" - "github.com/okta/okta-sdk-golang/v2/okta/query" + "github.com/okta/okta-sdk-golang/v5/okta" "github.com/stretchr/testify/require" ) @@ -115,15 +114,15 @@ func TestBackend_Config(t *testing.T) { func createOktaGroups(t *testing.T, username string, token string, org string) []string { orgURL := "https://" + org + "." + previewBaseURL - ctx, client, err := okta.NewClient(context.Background(), okta.WithOrgUrl(orgURL), okta.WithToken(token)) + cfg, err := okta.NewConfiguration(okta.WithOrgUrl(orgURL), okta.WithToken(token)) require.Nil(t, err) + client := okta.NewAPIClient(cfg) + ctx := context.Background() - users, _, err := client.User.ListUsers(ctx, &query.Params{ - Q: username, - }) + users, _, err := client.UserAPI.ListUsers(ctx).Q(username).Execute() require.Nil(t, err) require.Len(t, users, 1) - userID := users[0].Id + userID := users[0].GetId() var groupIDs []string // Verify that login's call to list the groups of the user logging in will page @@ -133,26 +132,24 @@ func createOktaGroups(t *testing.T, username string, token string, org string) [ // only 200 results are returned for most orgs." for i := 0; i < 201; i++ { name := fmt.Sprintf("TestGroup%d", i) - groups, _, err := client.Group.ListGroups(ctx, &query.Params{ - Q: name, - }) + groups, _, err := client.GroupAPI.ListGroups(ctx).Q(name).Execute() require.Nil(t, err) var groupID string if len(groups) == 0 { - group, _, err := client.Group.CreateGroup(ctx, okta.Group{ + group, _, err := client.GroupAPI.CreateGroup(ctx).Group(okta.Group{ Profile: &okta.GroupProfile{ - Name: fmt.Sprintf("TestGroup%d", i), + Name: okta.PtrString(fmt.Sprintf("TestGroup%d", i)), }, - }) + }).Execute() require.Nil(t, err) - groupID = group.Id + groupID = group.GetId() } else { - groupID = groups[0].Id + groupID = groups[0].GetId() } groupIDs = append(groupIDs, groupID) - _, err = client.Group.AddUserToGroup(ctx, groupID, userID) + _, err = client.GroupAPI.AssignUserToGroup(ctx, groupID, userID).Execute() require.Nil(t, err) } return groupIDs @@ -160,11 +157,12 @@ func createOktaGroups(t *testing.T, username string, token string, org string) [ func deleteOktaGroups(t *testing.T, token string, org string, groupIDs []string) { orgURL := "https://" + org + "." + previewBaseURL - ctx, client, err := okta.NewClient(context.Background(), okta.WithOrgUrl(orgURL), okta.WithToken(token)) + cfg, err := okta.NewConfiguration(okta.WithOrgUrl(orgURL), okta.WithToken(token)) require.Nil(t, err) + client := okta.NewAPIClient(cfg) for _, groupID := range groupIDs { - _, err := client.Group.DeleteGroup(ctx, groupID) + _, err := client.GroupAPI.DeleteGroup(context.Background(), groupID).Execute() require.Nil(t, err) } } diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go index 6bdb241b2d2e..db3e9c54ad48 100644 --- a/builtin/credential/okta/path_config.go +++ b/builtin/credential/okta/path_config.go @@ -4,19 +4,24 @@ package okta import ( + "bytes" "context" + "encoding/json" "fmt" + "io" "net/http" "net/url" "strings" "time" + gocache "github.com/patrickmn/go-cache" + oktaold "github.com/chrismalek/oktasdk-go/okta" "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/tokenutil" "github.com/hashicorp/vault/sdk/logical" - oktanew "github.com/okta/okta-sdk-golang/v2/okta" + oktanew "github.com/okta/okta-sdk-golang/v5/okta" ) const ( @@ -290,17 +295,19 @@ func (b *backend) pathConfigExistenceCheck(ctx context.Context, req *logical.Req } type oktaShim interface { - Client() (*oktanew.Client, context.Context) + Client() (*oktanew.APIClient, context.Context) NewRequest(method string, url string, body interface{}) (*http.Request, error) Do(req *http.Request, v interface{}) (interface{}, error) } type oktaShimNew struct { - client *oktanew.Client + cfg *oktanew.Configuration + client *oktanew.APIClient ctx context.Context + cache *gocache.Cache // cache used to hold authorization values created for NewRequests } -func (new *oktaShimNew) Client() (*oktanew.Client, context.Context) { +func (new *oktaShimNew) Client() (*oktanew.APIClient, context.Context) { return new.client, new.ctx } @@ -308,18 +315,113 @@ func (new *oktaShimNew) NewRequest(method string, url string, body interface{}) if !strings.HasPrefix(url, "/") { url = "/api/v1/" + url } - return new.client.GetRequestExecutor().NewRequest(method, url, body) + + // reimplementation of RequestExecutor.NewRequest() in v2 of okta-golang-sdk + var buff io.ReadWriter + if body != nil { + switch v := body.(type) { + case []byte: + buff = bytes.NewBuffer(v) + case *bytes.Buffer: + buff = v + default: + buff = &bytes.Buffer{} + // need to create an encoder specifically to disable html escaping + encoder := json.NewEncoder(buff) + encoder.SetEscapeHTML(false) + err := encoder.Encode(body) + if err != nil { + return nil, err + } + } + } + + url = new.cfg.Okta.Client.OrgUrl + url + req, err := http.NewRequest(method, url, buff) + if err != nil { + return nil, err + } + + // construct an authorization header for the request using our okta config + var auth oktanew.Authorization + // I think the only usage of the shim is in credential/okta/backend.go, and in that case, the + // AuthorizationMode is only ever SSWS (since OktaClient() below never overrides the default authorization + // mode. This function will faithfully replicate the old RequestExecutor code, though. + switch new.cfg.Okta.Client.AuthorizationMode { + case "SSWS": + auth = oktanew.NewSSWSAuth(new.cfg.Okta.Client.Token, req) + case "Bearer": + auth = oktanew.NewBearerAuth(new.cfg.Okta.Client.Token, req) + case "PrivateKey": + auth = oktanew.NewPrivateKeyAuth(oktanew.PrivateKeyAuthConfig{ + TokenCache: new.cache, + HttpClient: new.cfg.HTTPClient, + PrivateKeySigner: new.cfg.PrivateKeySigner, + PrivateKey: new.cfg.Okta.Client.PrivateKey, + PrivateKeyId: new.cfg.Okta.Client.PrivateKeyId, + ClientId: new.cfg.Okta.Client.ClientId, + OrgURL: new.cfg.Okta.Client.OrgUrl, + Scopes: new.cfg.Okta.Client.Scopes, + MaxRetries: new.cfg.Okta.Client.RateLimit.MaxRetries, + MaxBackoff: new.cfg.Okta.Client.RateLimit.MaxBackoff, + Req: req, + }) + case "JWT": + auth = oktanew.NewJWTAuth(oktanew.JWTAuthConfig{ + TokenCache: new.cache, + HttpClient: new.cfg.HTTPClient, + OrgURL: new.cfg.Okta.Client.OrgUrl, + Scopes: new.cfg.Okta.Client.Scopes, + ClientAssertion: new.cfg.Okta.Client.ClientAssertion, + MaxRetries: new.cfg.Okta.Client.RateLimit.MaxRetries, + MaxBackoff: new.cfg.Okta.Client.RateLimit.MaxBackoff, + Req: req, + }) + default: + return nil, fmt.Errorf("unknown authorization mode %v", new.cfg.Okta.Client.AuthorizationMode) + } + + // Authorize adds a header based on the contents of the Authorization struct + err = auth.Authorize("POST", url) + if err != nil { + return nil, err + } + + req.Header.Add("Accept", "application/json") + + if body != nil { + req.Header.Set("Content-Type", "application/json") + } + + return req, nil } func (new *oktaShimNew) Do(req *http.Request, v interface{}) (interface{}, error) { - return new.client.GetRequestExecutor().Do(new.ctx, req, v) + resp, err := new.cfg.HTTPClient.Do(req) + if err != nil { + return nil, err + } + + if resp.Body == nil { + return nil, nil + } + defer resp.Body.Close() + + bt, err := io.ReadAll(resp.Body) + err = json.Unmarshal(bt, v) + if err != nil { + return nil, err + } + + // as far as i can tell, we only use the first return to check if it is nil, and assume that means an error happened. + return resp, nil } type oktaShimOld struct { client *oktaold.Client } -func (new *oktaShimOld) Client() (*oktanew.Client, context.Context) { +func (new *oktaShimOld) Client() (*oktanew.APIClient, context.Context) { return nil, nil } @@ -331,7 +433,25 @@ func (new *oktaShimOld) Do(req *http.Request, v interface{}) (interface{}, error return new.client.Do(req, v) } -// OktaClient creates a basic okta client connection +func (c *ConfigEntry) OktaConfiguration(ctx context.Context) (*oktanew.Configuration, error) { + baseURL := defaultBaseURL + if c.Production != nil { + if !*c.Production { + baseURL = previewBaseURL + } + } + if c.BaseURL != "" { + baseURL = c.BaseURL + } + + cfg, err := oktanew.NewConfiguration(oktanew.WithOrgUrl("https://"+c.Org+"."+baseURL), oktanew.WithToken(c.Token)) + if err != nil { + return nil, err + } + return cfg, nil +} + +// OktaClient returns an OktaShim, based on the presence of a token in the ConfigEntry. func (c *ConfigEntry) OktaClient(ctx context.Context) (oktaShim, error) { baseURL := defaultBaseURL if c.Production != nil { @@ -344,13 +464,18 @@ func (c *ConfigEntry) OktaClient(ctx context.Context) (oktaShim, error) { } if c.Token != "" { - ctx, client, err := oktanew.NewClient(ctx, + cfg, err := oktanew.NewConfiguration( oktanew.WithOrgUrl("https://"+c.Org+"."+baseURL), oktanew.WithToken(c.Token)) if err != nil { return nil, err } - return &oktaShimNew{client, ctx}, nil + return &oktaShimNew{ + cfg: cfg, + client: oktanew.NewAPIClient(cfg), + ctx: ctx, + cache: gocache.New(gocache.DefaultExpiration, 1*time.Second), + }, nil } client, err := oktaold.NewClientWithDomain(cleanhttp.DefaultClient(), c.Org, baseURL, "") if err != nil { diff --git a/builtin/logical/database/path_roles_test.go b/builtin/logical/database/path_roles_test.go index 41a2e99758aa..0ad01efe02bc 100644 --- a/builtin/logical/database/path_roles_test.go +++ b/builtin/logical/database/path_roles_test.go @@ -1087,6 +1087,76 @@ func TestBackend_StaticRole_Role_name_check(t *testing.T) { } } +// TestStaticRole_NewCredentialGeneration verifies that new +// credentials are generated if a retried credential continues +// to fail +func TestStaticRole_NewCredentialGeneration(t *testing.T) { + ctx := context.Background() + b, storage, mockDB := getBackend(t) + defer b.Cleanup(ctx) + configureDBMount(t, storage) + + roleName := "hashicorp" + createRole(t, b, storage, mockDB, "hashicorp") + + t.Run("rotation failures should generate new password on retry", func(t *testing.T) { + // Fail to rotate the role + generateWALFromFailedRotation(t, b, storage, mockDB, roleName) + + // Get WAL + walIDs := requireWALs(t, storage, 1) + wal, err := b.findStaticWAL(ctx, storage, walIDs[0]) + if err != nil || wal == nil { + t.Fatal(err) + } + + // Store password + initialPassword := wal.NewPassword + + // Rotate role manually and fail again #1 with same password + generateWALFromFailedRotation(t, b, storage, mockDB, roleName) + + // Ensure WAL is deleted since retrying password failed + requireWALs(t, storage, 0) + + // Successfully rotate the role + mockDB.On("UpdateUser", mock.Anything, mock.Anything). + Return(v5.UpdateUserResponse{}, nil). + Once() + _, err = b.HandleRequest(context.Background(), &logical.Request{ + Operation: logical.UpdateOperation, + Path: "rotate-role/" + roleName, + Storage: storage, + }) + if err != nil { + t.Fatal(err) + } + + // Ensure WAL is flushed since request was successful + requireWALs(t, storage, 0) + + // Read the credential + data := map[string]interface{}{} + req := &logical.Request{ + Operation: logical.ReadOperation, + Path: "static-creds/" + roleName, + Storage: storage, + Data: data, + } + + resp, err := b.HandleRequest(namespace.RootContext(nil), req) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("err:%s resp:%#v\n", err, resp) + } + + // Confirm successful rotation used new credential + // Assert previous failing credential is not being used + if resp.Data["password"] == initialPassword { + t.Fatalf("expected password to be different after second retry") + } + }) +} + func TestWALsStillTrackedAfterUpdate(t *testing.T) { ctx := context.Background() b, storage, mockDB := getBackend(t) diff --git a/builtin/logical/database/rotation.go b/builtin/logical/database/rotation.go index d4d41cf570b5..3d460915a6c0 100644 --- a/builtin/logical/database/rotation.go +++ b/builtin/logical/database/rotation.go @@ -421,6 +421,7 @@ func (b *databaseBackend) setStaticAccount(ctx context.Context, s logical.Storag // Use credential from input if available. This happens if we're restoring from // a WAL item or processing the rotation queue with an item that has a WAL // associated with it + var usedCredentialFromPreviousRotation bool if output.WALID != "" { wal, err := b.findStaticWAL(ctx, s, output.WALID) if err != nil { @@ -448,6 +449,7 @@ func (b *databaseBackend) setStaticAccount(ctx context.Context, s logical.Storag Statements: statements, } input.Role.StaticAccount.Password = wal.NewPassword + usedCredentialFromPreviousRotation = true case wal.CredentialType == v5.CredentialTypeRSAPrivateKey: // Roll forward by using the credential in the existing WAL entry updateReq.CredentialType = v5.CredentialTypeRSAPrivateKey @@ -456,6 +458,7 @@ func (b *databaseBackend) setStaticAccount(ctx context.Context, s logical.Storag Statements: statements, } input.Role.StaticAccount.PrivateKey = wal.NewPrivateKey + usedCredentialFromPreviousRotation = true } } @@ -530,6 +533,15 @@ func (b *databaseBackend) setStaticAccount(ctx context.Context, s logical.Storag _, err = dbi.database.UpdateUser(ctx, updateReq, false) if err != nil { b.CloseIfShutdown(dbi, err) + if usedCredentialFromPreviousRotation { + b.Logger().Debug("credential stored in WAL failed, deleting WAL", "role", input.RoleName, "WAL ID", output.WALID) + if err := framework.DeleteWAL(ctx, s, output.WALID); err != nil { + b.Logger().Warn("failed to delete WAL", "error", err, "WAL ID", output.WALID) + } + + // Generate a new WAL entry and credential for next attempt + output.WALID = "" + } return output, fmt.Errorf("error setting credentials: %w", err) } modified = true diff --git a/builtin/logical/pki/cert_util_test.go b/builtin/logical/pki/cert_util_test.go index 4f162aeb0946..212d5bda709c 100644 --- a/builtin/logical/pki/cert_util_test.go +++ b/builtin/logical/pki/cert_util_test.go @@ -10,6 +10,7 @@ import ( "fmt" "net" "net/url" + "os" "reflect" "strings" "testing" @@ -275,6 +276,112 @@ type parseCertificateTestCase struct { wantErr bool } +// TestDisableVerifyCertificateEnvVar verifies that env var VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION +// can be used to disable cert verification. +func TestDisableVerifyCertificateEnvVar(t *testing.T) { + caData := map[string]any{ + // Copied from the "full CA" test case of TestParseCertificate, + // with tweaked permitted_dns_domains and ttl + "common_name": "the common name", + "alt_names": "user@example.com,admin@example.com,example.com,www.example.com", + "ip_sans": "1.2.3.4,1.2.3.5", + "uri_sans": "https://example.com,https://www.example.com", + "other_sans": "1.3.6.1.4.1.311.20.2.3;utf8:caadmin@example.com", + "ttl": "3h", + "max_path_length": 2, + "permitted_dns_domains": ".example.com,.www.example.com", + "ou": "unit1, unit2", + "organization": "org1, org2", + "country": "US, CA", + "locality": "locality1, locality2", + "province": "province1, province2", + "street_address": "street_address1, street_address2", + "postal_code": "postal_code1, postal_code2", + "not_before_duration": "45s", + "key_type": "rsa", + "use_pss": true, + "key_bits": 2048, + "signature_bits": 384, + } + + roleData := map[string]any{ + "allow_any_name": true, + "cn_validations": "disabled", + "allow_ip_sans": true, + "allowed_other_sans": "1.3.6.1.4.1.311.20.2.3;utf8:*@example.com", + "allowed_uri_sans": "https://example.com,https://www.example.com", + "allowed_user_ids": "*", + "not_before_duration": "45s", + "signature_bits": 384, + "key_usage": "KeyAgreement", + "ext_key_usage": "ServerAuth", + "ext_key_usage_oids": "1.3.6.1.5.5.7.3.67,1.3.6.1.5.5.7.3.68", + "client_flag": false, + "server_flag": false, + "policy_identifiers": "1.2.3.4.5.6.7.8.9.0", + } + + certData := map[string]any{ + // using the same order as in https://developer.hashicorp.com/vault/api-docs/secret/pki#generate-certificate-and-key + "common_name": "the common name non ca", + "alt_names": "user@example.com,admin@example.com,example.com,www.example.com", + "ip_sans": "1.2.3.4,1.2.3.5", + "uri_sans": "https://example.com,https://www.example.com", + "other_sans": "1.3.6.1.4.1.311.20.2.3;utf8:caadmin@example.com", + "ttl": "2h", + // format + // private_key_format + "exclude_cn_from_sans": true, + // not_after + // remove_roots_from_chain + "user_ids": "humanoid,robot", + } + + defer func() { + os.Unsetenv("VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION") + }() + + b, s := CreateBackendWithStorage(t) + + // Create the CA + resp, err := CBWrite(b, s, "root/generate/internal", caData) + require.NoError(t, err) + require.NotNil(t, resp) + + // Create the role + resp, err = CBWrite(b, s, "roles/test", roleData) + require.NoError(t, err) + require.NotNil(t, resp) + + // Try to create the cert -- should fail verification, since example.com is not allowed + t.Run("no VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION env var", func(t *testing.T) { + resp, err = CBWrite(b, s, "issue/test", certData) + require.ErrorContains(t, err, `DNS name "example.com" is not permitted by any constraint`) + }) + + // Try to create the cert -- should fail verification, since example.com is not allowed + t.Run("VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION=false", func(t *testing.T) { + os.Setenv("VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION", "false") + resp, err = CBWrite(b, s, "issue/test", certData) + require.ErrorContains(t, err, `DNS name "example.com" is not permitted by any constraint`) + }) + + // Create the cert, should succeed with the disable env var set + t.Run("VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION=true", func(t *testing.T) { + os.Setenv("VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION", "true") + resp, err = CBWrite(b, s, "issue/test", certData) + require.NoError(t, err) + require.NotNil(t, resp) + }) + + // Invalid env var + t.Run("invalid VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION", func(t *testing.T) { + os.Setenv("VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION", "invalid") + resp, err = CBWrite(b, s, "issue/test", certData) + require.ErrorContains(t, err, "failed parsing environment variable VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION") + }) +} + func TestParseCertificate(t *testing.T) { t.Parallel() @@ -364,7 +471,7 @@ func TestParseCertificate(t *testing.T) { "other_sans": "1.3.6.1.4.1.311.20.2.3;utf8:caadmin@example.com", "ttl": "2h", "max_path_length": 2, - "permitted_dns_domains": ".example.com,.www.example.com", + "permitted_dns_domains": "example.com,.example.com,.www.example.com", "ou": "unit1, unit2", "organization": "org1, org2", "country": "US, CA", @@ -409,7 +516,7 @@ func TestParseCertificate(t *testing.T) { UsePSS: true, ForceAppendCaChain: false, UseCSRValues: false, - PermittedDNSDomains: []string{".example.com", ".www.example.com"}, + PermittedDNSDomains: []string{"example.com", ".example.com", ".www.example.com"}, URLs: nil, MaxPathLength: 2, NotBeforeDuration: 45 * time.Second, @@ -433,7 +540,7 @@ func TestParseCertificate(t *testing.T) { "serial_number": "", "ttl": "2h0m45s", "max_path_length": 2, - "permitted_dns_domains": ".example.com,.www.example.com", + "permitted_dns_domains": "example.com,.example.com,.www.example.com", "use_pss": true, "key_type": "rsa", "key_bits": 2048, @@ -532,49 +639,50 @@ func TestParseCertificate(t *testing.T) { }, } for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + b, s := CreateBackendWithStorage(t) - b, s := CreateBackendWithStorage(t) + var cert *x509.Certificate + issueTime := time.Now() + if tt.wantParams.IsCA { + resp, err := CBWrite(b, s, "root/generate/internal", tt.data) + require.NoError(t, err) + require.NotNil(t, resp) - var cert *x509.Certificate - issueTime := time.Now() - if tt.wantParams.IsCA { - resp, err := CBWrite(b, s, "root/generate/internal", tt.data) - require.NoError(t, err) - require.NotNil(t, resp) + certData := resp.Data["certificate"].(string) + cert, err = parsing.ParseCertificateFromString(certData) + require.NoError(t, err) + require.NotNil(t, cert) + } else { + // use the "simple CA" data to create the internal CA + caData := tests[1].data + caData["ttl"] = "3h" + resp, err := CBWrite(b, s, "root/generate/internal", caData) + require.NoError(t, err) + require.NotNil(t, resp) - certData := resp.Data["certificate"].(string) - cert, err = parsing.ParseCertificateFromString(certData) - require.NoError(t, err) - require.NotNil(t, cert) - } else { - // use the "simple CA" data to create the internal CA - caData := tests[1].data - caData["ttl"] = "3h" - resp, err := CBWrite(b, s, "root/generate/internal", caData) - require.NoError(t, err) - require.NotNil(t, resp) + // create a role + resp, err = CBWrite(b, s, "roles/test", tt.roleData) + require.NoError(t, err) + require.NotNil(t, resp) - // create a role - resp, err = CBWrite(b, s, "roles/test", tt.roleData) - require.NoError(t, err) - require.NotNil(t, resp) + // create the cert + resp, err = CBWrite(b, s, "issue/test", tt.data) + require.NoError(t, err) + require.NotNil(t, resp) - // create the cert - resp, err = CBWrite(b, s, "issue/test", tt.data) - require.NoError(t, err) - require.NotNil(t, resp) - - certData := resp.Data["certificate"].(string) - cert, err = parsing.ParseCertificateFromString(certData) - require.NoError(t, err) - require.NotNil(t, cert) - } + certData := resp.Data["certificate"].(string) + cert, err = parsing.ParseCertificateFromString(certData) + require.NoError(t, err) + require.NotNil(t, cert) + } - t.Run(tt.name+" parameters", func(t *testing.T) { - testParseCertificateToCreationParameters(t, issueTime, tt, cert) - }) - t.Run(tt.name+" fields", func(t *testing.T) { - testParseCertificateToFields(t, issueTime, tt, cert) + t.Run(tt.name+" parameters", func(t *testing.T) { + testParseCertificateToCreationParameters(t, issueTime, tt, cert) + }) + t.Run(tt.name+" fields", func(t *testing.T) { + testParseCertificateToFields(t, issueTime, tt, cert) + }) }) } } diff --git a/builtin/logical/pki/issuing/cert_verify.go b/builtin/logical/pki/issuing/cert_verify.go new file mode 100644 index 000000000000..0688009cffe0 --- /dev/null +++ b/builtin/logical/pki/issuing/cert_verify.go @@ -0,0 +1,86 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package issuing + +import ( + "fmt" + "os" + "strconv" + "time" + + ctx509 "github.com/google/certificate-transparency-go/x509" + "github.com/hashicorp/vault/sdk/helper/certutil" +) + +// disableVerifyCertificateEnvVar is an environment variable that can be used to disable the +// verification done when issuing or signing certificates that was added by VAULT-22013. It +// is meant as a scape hatch to avoid breaking deployments that the new verification would +// break. +const disableVerifyCertificateEnvVar = "VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION" + +func isCertificateVerificationDisabled() (bool, error) { + disableRaw, ok := os.LookupEnv(disableVerifyCertificateEnvVar) + if !ok { + return false, nil + } + + disable, err := strconv.ParseBool(disableRaw) + if err != nil { + return false, fmt.Errorf("failed parsing environment variable %s: %w", disableVerifyCertificateEnvVar, err) + } + + return disable, nil +} + +func VerifyCertificate(parsedBundle *certutil.ParsedCertBundle) error { + if verificationDisabled, err := isCertificateVerificationDisabled(); err != nil { + return err + } else if verificationDisabled { + return nil + } + + certChainPool := ctx509.NewCertPool() + for _, certificate := range parsedBundle.CAChain { + cert, err := convertCertificate(certificate.Bytes) + if err != nil { + return err + } + certChainPool.AddCert(cert) + } + + // Validation Code, assuming we need to validate the entire chain of constraints + + // Note that we use github.com/google/certificate-transparency-go/x509 to perform certificate verification, + // since that library provides options to disable checks that the standard library does not. + + options := ctx509.VerifyOptions{ + Intermediates: nil, // We aren't verifying the chain here, this would do more work + Roots: certChainPool, + CurrentTime: time.Time{}, + KeyUsages: nil, + MaxConstraintComparisions: 0, // This means infinite + DisableTimeChecks: true, + DisableEKUChecks: true, + DisableCriticalExtensionChecks: false, + DisableNameChecks: false, + DisablePathLenChecks: false, + DisableNameConstraintChecks: false, + } + + certificate, err := convertCertificate(parsedBundle.CertificateBytes) + if err != nil { + return err + } + + _, err = certificate.Verify(options) + return err +} + +func convertCertificate(certBytes []byte) (*ctx509.Certificate, error) { + ret, err := ctx509.ParseCertificate(certBytes) + if err != nil { + return nil, fmt.Errorf("cannot convert certificate for validation: %w", err) + } + return ret, nil +} diff --git a/builtin/logical/pki/path_issue_sign.go b/builtin/logical/pki/path_issue_sign.go index 57ae2caef766..6cf395a81b32 100644 --- a/builtin/logical/pki/path_issue_sign.go +++ b/builtin/logical/pki/path_issue_sign.go @@ -432,6 +432,10 @@ func (b *backend) pathIssueSignCert(ctx context.Context, req *logical.Request, d } } + if err := issuing.VerifyCertificate(parsedBundle); err != nil { + return nil, err + } + generateLease := false if role.GenerateLease != nil && *role.GenerateLease { generateLease = true diff --git a/changelog/28121.txt b/changelog/28121.txt new file mode 100644 index 000000000000..1769ac67c8b2 --- /dev/null +++ b/changelog/28121.txt @@ -0,0 +1,3 @@ +```release-note:improvement +auth/okta: update to okta sdk v5 from v2. Transitively updates go-jose dependency to >=3.0.3 to resolve GO-2024-2631. See https://github.com/okta/okta-sdk-golang/blob/master/MIGRATING.md for details on changes. +``` diff --git a/changelog/28808.txt b/changelog/28808.txt new file mode 100644 index 000000000000..20d4d1ce4e36 --- /dev/null +++ b/changelog/28808.txt @@ -0,0 +1,6 @@ +```release-note:improvement +ui: Replace KVv2 json secret details view with Hds::CodeBlock component allowing users to search the full secret height. +``` +```release-note:bug +ui: Allow users to search the full json object within the json code-editor edit/create view. +``` diff --git a/changelog/28895.txt b/changelog/28895.txt new file mode 100644 index 000000000000..d084c6dfbee5 --- /dev/null +++ b/changelog/28895.txt @@ -0,0 +1,3 @@ +```release-note:improvement +core: Added new `enable_post_unseal_trace` and `post_unseal_trace_directory` config options to generate Go traces during the post-unseal step for debug purposes. +``` diff --git a/changelog/28989.txt b/changelog/28989.txt new file mode 100644 index 000000000000..2e5068baeaa8 --- /dev/null +++ b/changelog/28989.txt @@ -0,0 +1,3 @@ +```release-note:bug +secret/db: Update static role rotation to generate a new password after 2 failed attempts. +``` \ No newline at end of file diff --git a/changelog/29045.txt b/changelog/29045.txt new file mode 100644 index 000000000000..0132732f54d0 --- /dev/null +++ b/changelog/29045.txt @@ -0,0 +1,3 @@ +```release-note:change +secrets/pki: Enforce the issuer constraint extensions (extended key usage, name constraints, issuer name) when issuing or signing leaf certificates. For more information see [PKI considerations](https://developer.hashicorp.com/vault/docs/secrets/pki/considerations#issuer-constraints-enforcement) +``` diff --git a/changelog/29050.txt b/changelog/29050.txt new file mode 100644 index 000000000000..96ecd1e53518 --- /dev/null +++ b/changelog/29050.txt @@ -0,0 +1,4 @@ +```release-note:bug +core: fix bug in seal unwrapper that caused high storage latency in Vault CE. For every storage read request, the +seal unwrapper was performing the read twice, and would also issue an unnecessary storage write. +``` diff --git a/changelog/29082.txt b/changelog/29082.txt new file mode 100644 index 000000000000..94e1ab78af77 --- /dev/null +++ b/changelog/29082.txt @@ -0,0 +1,3 @@ +```release-note:improvement +sdk: Add Vault build date to system view plugin environment response +``` diff --git a/changelog/29091.txt b/changelog/29091.txt new file mode 100644 index 000000000000..409d8ddf4a67 --- /dev/null +++ b/changelog/29091.txt @@ -0,0 +1,3 @@ +```release-note:bug +core/metrics: Fix unlocked mounts read for usage reporting. +``` diff --git a/changelog/29114.txt b/changelog/29114.txt new file mode 100644 index 000000000000..8f0a91133756 --- /dev/null +++ b/changelog/29114.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: Decode `connection_url` to fix database connection updates (i.e. editing connection config, deleting roles) failing when urls include template variables. +``` \ No newline at end of file diff --git a/changelog/29117.txt b/changelog/29117.txt new file mode 100644 index 000000000000..97bcd1e9702e --- /dev/null +++ b/changelog/29117.txt @@ -0,0 +1,3 @@ +```release-note:bug +core/seal (enterprise): Fix problem with nodes unable to join Raft clusters with Seal High Availability enabled. +``` diff --git a/changelog/29128.txt b/changelog/29128.txt new file mode 100644 index 000000000000..ce458a0800ff --- /dev/null +++ b/changelog/29128.txt @@ -0,0 +1,3 @@ +```release-note:bug +vault/diagnose: Fix time to expiration reporting within the TLS verification to not be a month off. +``` diff --git a/changelog/29131.txt b/changelog/29131.txt new file mode 100644 index 000000000000..f19e657a533c --- /dev/null +++ b/changelog/29131.txt @@ -0,0 +1,3 @@ +```release-note:change +secrets/openldap: Update plugin to v0.14.4 +``` diff --git a/changelog/_go-ver-1183.txt b/changelog/_go-ver-1183.txt new file mode 100644 index 000000000000..06f78478a6a2 --- /dev/null +++ b/changelog/_go-ver-1183.txt @@ -0,0 +1,3 @@ +``release-note:change +core: Bump Go version to 1.23.3. +``` diff --git a/changelog/_go-ver-1190.txt b/changelog/_go-ver-1190.txt deleted file mode 100644 index 26003e84db20..000000000000 --- a/changelog/_go-ver-1190.txt +++ /dev/null @@ -1,3 +0,0 @@ -``release-note:change -core: Bump Go version to 1.22.8. -``` diff --git a/command/agentproxyshared/cache/cacheboltdb/bolt.go b/command/agentproxyshared/cache/cacheboltdb/bolt.go index 05d5ad93637a..6100ef896298 100644 --- a/command/agentproxyshared/cache/cacheboltdb/bolt.go +++ b/command/agentproxyshared/cache/cacheboltdb/bolt.go @@ -12,10 +12,10 @@ import ( "time" "github.com/golang/protobuf/proto" - bolt "github.com/hashicorp-forge/bbolt" "github.com/hashicorp/go-hclog" wrapping "github.com/hashicorp/go-kms-wrapping/v2" "github.com/hashicorp/go-multierror" + bolt "go.etcd.io/bbolt" ) const ( diff --git a/command/agentproxyshared/cache/cacheboltdb/bolt_test.go b/command/agentproxyshared/cache/cacheboltdb/bolt_test.go index 06a31780b5ad..dbfafdce7bb4 100644 --- a/command/agentproxyshared/cache/cacheboltdb/bolt_test.go +++ b/command/agentproxyshared/cache/cacheboltdb/bolt_test.go @@ -14,11 +14,11 @@ import ( "time" "github.com/golang/protobuf/proto" - bolt "github.com/hashicorp-forge/bbolt" "github.com/hashicorp/go-hclog" "github.com/hashicorp/vault/command/agentproxyshared/cache/keymanager" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + bolt "go.etcd.io/bbolt" ) func getTestKeyManager(t *testing.T) keymanager.KeyManager { diff --git a/command/operator_diagnose_test.go b/command/operator_diagnose_test.go index 8528637dc2e4..ddbcc204689a 100644 --- a/command/operator_diagnose_test.go +++ b/command/operator_diagnose_test.go @@ -10,11 +10,13 @@ import ( "fmt" "io/ioutil" "os" + "path/filepath" "strings" "testing" "github.com/hashicorp/cli" "github.com/hashicorp/vault/helper/constants" + pkihelper "github.com/hashicorp/vault/helper/testhelpers/pki" "github.com/hashicorp/vault/vault/diagnose" ) @@ -31,8 +33,55 @@ func testOperatorDiagnoseCommand(tb testing.TB) *OperatorDiagnoseCommand { } } +func generateTLSConfigOk(t *testing.T, ca pkihelper.LeafWithIntermediary) string { + t.Helper() + tmpDir := t.TempDir() + configPath := filepath.Join(tmpDir, "tls_config_ok.hcl") + + templateFile := "./server/test-fixtures/tls_config_ok.hcl" + contents, err := os.ReadFile(templateFile) + if err != nil { + t.Fatalf("failed to read file %s: %v", templateFile, err) + } + contents = []byte(strings.ReplaceAll(string(contents), "{REPLACE_LEAF_CERT_FILE}", ca.Leaf.CertFile)) + contents = []byte(strings.ReplaceAll(string(contents), "{REPLACE_LEAF_KEY_FILE}", ca.Leaf.KeyFile)) + + err = os.WriteFile(configPath, contents, 0o644) + if err != nil { + t.Fatalf("failed to write file %s: %v", configPath, err) + } + + return configPath +} + +func generateTransitTLSCheck(t *testing.T, ca pkihelper.LeafWithIntermediary) string { + t.Helper() + tmpDir := t.TempDir() + configPath := filepath.Join(tmpDir, "diagnose_seal_transit_tls_check.hcl") + + templateFile := "./server/test-fixtures/diagnose_seal_transit_tls_check.hcl" + contents, err := os.ReadFile(templateFile) + if err != nil { + t.Fatalf("failed to read file %s: %v", templateFile, err) + } + contents = []byte(strings.ReplaceAll(string(contents), "{REPLACE_LEAF_CERT_FILE}", ca.Leaf.CertFile)) + contents = []byte(strings.ReplaceAll(string(contents), "{REPLACE_LEAF_KEY_FILE}", ca.Leaf.KeyFile)) + contents = []byte(strings.ReplaceAll(string(contents), "{REPLACE_COMBINED_CA_CHAIN_FILE}", ca.CombinedCaFile)) + + err = os.WriteFile(configPath, contents, 0o644) + if err != nil { + t.Fatalf("failed to write file %s: %v", configPath, err) + } + + return configPath +} + func TestOperatorDiagnoseCommand_Run(t *testing.T) { t.Parallel() + testca := pkihelper.GenerateCertWithIntermediaryRoot(t) + tlsConfigOkConfigFile := generateTLSConfigOk(t, testca) + transitTLSCheckConfigFile := generateTransitTLSCheck(t, testca) + cases := []struct { name string args []string @@ -349,7 +398,7 @@ func TestOperatorDiagnoseCommand_Run(t *testing.T) { { "diagnose_listener_config_ok", []string{ - "-config", "./server/test-fixtures/tls_config_ok.hcl", + "-config", tlsConfigOkConfigFile, }, []*diagnose.Result{ { @@ -461,7 +510,7 @@ func TestOperatorDiagnoseCommand_Run(t *testing.T) { { "diagnose_seal_transit_tls_check_fail", []string{ - "-config", "./server/test-fixtures/diagnose_seal_transit_tls_check.hcl", + "-config", transitTLSCheckConfigFile, }, []*diagnose.Result{ { diff --git a/command/server/config.go b/command/server/config.go index 9d31ed67b31e..4c1951c0249a 100644 --- a/command/server/config.go +++ b/command/server/config.go @@ -115,6 +115,9 @@ type Config struct { License string `hcl:"-"` LicensePath string `hcl:"license_path"` DisableSSCTokens bool `hcl:"-"` + + EnablePostUnsealTrace bool `hcl:"enable_post_unseal_trace"` + PostUnsealTraceDir string `hcl:"post_unseal_trace_directory"` } const ( @@ -425,6 +428,16 @@ func (c *Config) Merge(c2 *Config) *Config { result.LicensePath = c2.LicensePath } + result.EnablePostUnsealTrace = c.EnablePostUnsealTrace + if c2.EnablePostUnsealTrace { + result.EnablePostUnsealTrace = c2.EnablePostUnsealTrace + } + + result.PostUnsealTraceDir = c.PostUnsealTraceDir + if c2.PostUnsealTraceDir != "" { + result.PostUnsealTraceDir = c2.PostUnsealTraceDir + } + // Use values from top-level configuration for storage if set if storage := result.Storage; storage != nil { if result.APIAddr != "" { @@ -1150,6 +1163,9 @@ func (c *Config) Sanitized() map[string]interface{} { "detect_deadlocks": c.DetectDeadlocks, "imprecise_lease_role_tracking": c.ImpreciseLeaseRoleTracking, + + "enable_post_unseal_trace": c.EnablePostUnsealTrace, + "post_unseal_trace_directory": c.PostUnsealTraceDir, } for k, v := range sharedResult { result[k] = v diff --git a/command/server/config_test_helpers.go b/command/server/config_test_helpers.go index c017e15ec9d8..258801dbfe4e 100644 --- a/command/server/config_test_helpers.go +++ b/command/server/config_test_helpers.go @@ -854,6 +854,8 @@ func testConfig_Sanitized(t *testing.T) { }, "administrative_namespace_path": "admin/", "imprecise_lease_role_tracking": false, + "enable_post_unseal_trace": true, + "post_unseal_trace_directory": "/tmp", } addExpectedEntSanitizedConfig(expected, []string{"http"}) diff --git a/command/server/test-fixtures/config3.hcl b/command/server/test-fixtures/config3.hcl index 587698b35e9e..1d29c6bbd029 100644 --- a/command/server/test-fixtures/config3.hcl +++ b/command/server/test-fixtures/config3.hcl @@ -58,3 +58,5 @@ raw_storage_endpoint = true disable_sealwrap = true disable_sentinel_trace = true administrative_namespace_path = "admin/" +enable_post_unseal_trace = true +post_unseal_trace_directory = "/tmp" diff --git a/command/server/test-fixtures/diagnose_seal_transit_tls_check.hcl b/command/server/test-fixtures/diagnose_seal_transit_tls_check.hcl index a7007d57313a..de632c152acc 100644 --- a/command/server/test-fixtures/diagnose_seal_transit_tls_check.hcl +++ b/command/server/test-fixtures/diagnose_seal_transit_tls_check.hcl @@ -20,9 +20,9 @@ backend "consul" { seal "transit" { // TLS Configuration - tls_ca_cert = "./../vault/diagnose/test-fixtures/chain.crt.pem" - tls_client_cert = "./../vault/diagnose/test-fixtures/goodcertwithroot.pem" - tls_client_key = "./../vault/diagnose//test-fixtures/goodkey.pem" + tls_ca_cert = "{REPLACE_COMBINED_CA_CHAIN_FILE}" + tls_client_cert = "{REPLACE_LEAF_CERT_FILE}" + tls_client_key = "{REPLACE_LEAF_KEY_FILE}" tls_server_name = "vault" tls_skip_verify = "false" } diff --git a/command/server/test-fixtures/tls_config_ok.hcl b/command/server/test-fixtures/tls_config_ok.hcl index 02a2733d4138..7babfff9ae8f 100644 --- a/command/server/test-fixtures/tls_config_ok.hcl +++ b/command/server/test-fixtures/tls_config_ok.hcl @@ -8,8 +8,8 @@ ui = true listener "tcp" { address = "127.0.0.1:1025" - tls_cert_file = "./../api/test-fixtures/keys/cert.pem" - tls_key_file = "./../api/test-fixtures/keys/key.pem" + tls_cert_file = "{REPLACE_LEAF_CERT_FILE}" + tls_key_file = "{REPLACE_LEAF_KEY_FILE}" } backend "consul" { diff --git a/enos/enos-descriptions.hcl b/enos/enos-descriptions.hcl index 6ec60150ecc8..5d381edd2a5e 100644 --- a/enos/enos-descriptions.hcl +++ b/enos/enos-descriptions.hcl @@ -115,6 +115,10 @@ globals { Vault running in Agent mode uses templates to create log output. EOF + verify_log_secrets = <<-EOF + Verify that the vault audit log and systemd journal do not leak secret values. + EOF + verify_raft_cluster_all_nodes_are_voters = <<-EOF When configured with a 'backend:raft' variant, verify that all nodes in the cluster are healthy and are voters. @@ -198,7 +202,7 @@ globals { EOF verify_billing_start_date = <<-EOF - Verify that the billing start date has successfully rolled over to the latest billing year if needed. + Verify that the billing start date has successfully rolled over to the latest billing year if needed. EOF } diff --git a/enos/enos-modules.hcl b/enos/enos-modules.hcl index 9a11042d5f7b..64f29cab22e1 100644 --- a/enos/enos-modules.hcl +++ b/enos/enos-modules.hcl @@ -350,6 +350,12 @@ module "vault_wait_for_seal_rewrap" { vault_install_dir = var.vault_install_dir } +module "verify_log_secrets" { + source = "./modules/verify_log_secrets" + + radar_license_path = var.vault_radar_license_path != null ? abspath(var.vault_radar_license_path) : null +} + module "verify_seal_type" { source = "./modules/verify_seal_type" @@ -363,4 +369,3 @@ module "vault_verify_billing_start_date" { vault_instance_count = var.vault_instance_count vault_cluster_addr_port = global.ports["vault_cluster"]["port"] } - diff --git a/enos/enos-qualities.hcl b/enos/enos-qualities.hcl index 698ef6a57bc0..36dcd185d382 100644 --- a/enos/enos-qualities.hcl +++ b/enos/enos-qualities.hcl @@ -405,6 +405,10 @@ quality "vault_audit_log" { description = "The Vault audit sub-system is enabled with the log and writes to a log" } +quality "vault_audit_log_secrets" { + description = "The Vault audit sub-system does not output secret values" +} + quality "vault_audit_socket" { description = "The Vault audit sub-system is enabled with the socket and writes to a socket" } @@ -490,6 +494,10 @@ quality "vault_init" { description = "Vault initializes the cluster with the given seal parameters" } +quality "vault_journal_secrets" { + description = "The Vault systemd journal does not output secret values" +} + quality "vault_license_required_ent" { description = "Vault Enterprise requires a license in order to start" } @@ -532,6 +540,14 @@ quality "vault_proxy_cli_access" { EOF } +quality "vault_radar_index_create" { + description = "Vault radar is able to create an index from KVv2 mounts" +} + +quality "vault_radar_scan_file" { + description = "Vault radar is able to scan a file for secrets" +} + quality "vault_raft_voters" { description = global.description.verify_raft_cluster_all_nodes_are_voters } diff --git a/enos/enos-scenario-agent.hcl b/enos/enos-scenario-agent.hcl index 0f362a085f08..034cd1b8df22 100644 --- a/enos/enos-scenario-agent.hcl +++ b/enos/enos-scenario-agent.hcl @@ -564,6 +564,34 @@ scenario "agent" { } } + step "verify_log_secrets" { + skip_step = !var.vault_enable_audit_devices || !var.verify_log_secrets + + description = global.description.verify_log_secrets + module = module.verify_log_secrets + depends_on = [ + step.verify_secrets_engines_read, + ] + + providers = { + enos = local.enos_provider[matrix.distro] + } + + verifies = [ + quality.vault_audit_log_secrets, + quality.vault_journal_secrets, + quality.vault_radar_index_create, + quality.vault_radar_scan_file, + ] + + variables { + audit_log_file_path = step.create_vault_cluster.audit_device_file_path + leader_host = step.get_vault_cluster_ips.leader_host + vault_addr = step.create_vault_cluster.api_addr_localhost + vault_root_token = step.create_vault_cluster.root_token + } + } + step "verify_ui" { description = global.description.verify_ui module = module.vault_verify_ui diff --git a/enos/enos-scenario-autopilot.hcl b/enos/enos-scenario-autopilot.hcl index bac9d9b7aca9..816b0c803603 100644 --- a/enos/enos-scenario-autopilot.hcl +++ b/enos/enos-scenario-autopilot.hcl @@ -572,6 +572,34 @@ scenario "autopilot" { } } + step "verify_log_secrets" { + skip_step = !var.vault_enable_audit_devices || !var.verify_log_secrets + + description = global.description.verify_log_secrets + module = module.verify_log_secrets + depends_on = [ + step.verify_secrets_engines_read, + ] + + providers = { + enos = local.enos_provider[matrix.distro] + } + + verifies = [ + quality.vault_audit_log_secrets, + quality.vault_journal_secrets, + quality.vault_radar_index_create, + quality.vault_radar_scan_file, + ] + + variables { + audit_log_file_path = step.create_vault_cluster.audit_device_file_path + leader_host = step.get_updated_vault_cluster_ips.leader_host + vault_addr = step.upgrade_vault_cluster_with_autopilot.api_addr_localhost + vault_root_token = step.create_vault_cluster.root_token + } + } + step "raft_remove_peers" { description = <<-EOF Remove the nodes that were running the prior version of Vault from the raft cluster diff --git a/enos/enos-scenario-proxy.hcl b/enos/enos-scenario-proxy.hcl index 6865d1b62146..30556da2d19c 100644 --- a/enos/enos-scenario-proxy.hcl +++ b/enos/enos-scenario-proxy.hcl @@ -541,6 +541,34 @@ scenario "proxy" { } } + step "verify_log_secrets" { + skip_step = !var.vault_enable_audit_devices || !var.verify_log_secrets + + description = global.description.verify_log_secrets + module = module.verify_log_secrets + depends_on = [ + step.verify_secrets_engines_read, + ] + + providers = { + enos = local.enos_provider[matrix.distro] + } + + verifies = [ + quality.vault_audit_log_secrets, + quality.vault_journal_secrets, + quality.vault_radar_index_create, + quality.vault_radar_scan_file, + ] + + variables { + audit_log_file_path = step.create_vault_cluster.audit_device_file_path + leader_host = step.get_vault_cluster_ips.leader_host + vault_addr = step.create_vault_cluster.api_addr_localhost + vault_root_token = step.create_vault_cluster.root_token + } + } + step "verify_ui" { description = global.description.verify_ui module = module.vault_verify_ui diff --git a/enos/enos-scenario-seal-ha.hcl b/enos/enos-scenario-seal-ha.hcl index 5478a6a99842..555569e880a8 100644 --- a/enos/enos-scenario-seal-ha.hcl +++ b/enos/enos-scenario-seal-ha.hcl @@ -794,6 +794,34 @@ scenario "seal_ha" { } } + step "verify_log_secrets" { + skip_step = !var.vault_enable_audit_devices || !var.verify_log_secrets + + description = global.description.verify_log_secrets + module = module.verify_log_secrets + depends_on = [ + step.verify_secrets_engines_read, + ] + + providers = { + enos = local.enos_provider[matrix.distro] + } + + verifies = [ + quality.vault_audit_log_secrets, + quality.vault_journal_secrets, + quality.vault_radar_index_create, + quality.vault_radar_scan_file, + ] + + variables { + audit_log_file_path = step.create_vault_cluster.audit_device_file_path + leader_host = step.get_updated_cluster_ips.leader_host + vault_addr = step.create_vault_cluster.api_addr_localhost + vault_root_token = step.create_vault_cluster.root_token + } + } + step "verify_ui" { description = global.description.verify_ui module = module.vault_verify_ui diff --git a/enos/enos-scenario-smoke.hcl b/enos/enos-scenario-smoke.hcl index cfbfe3a07ca2..d883a3ff9572 100644 --- a/enos/enos-scenario-smoke.hcl +++ b/enos/enos-scenario-smoke.hcl @@ -583,6 +583,34 @@ scenario "smoke" { } } + step "verify_log_secrets" { + skip_step = !var.vault_enable_audit_devices || !var.verify_log_secrets + + description = global.description.verify_log_secrets + module = module.verify_log_secrets + depends_on = [ + step.verify_secrets_engines_read, + ] + + providers = { + enos = local.enos_provider[matrix.distro] + } + + verifies = [ + quality.vault_audit_log_secrets, + quality.vault_journal_secrets, + quality.vault_radar_index_create, + quality.vault_radar_scan_file, + ] + + variables { + audit_log_file_path = step.create_vault_cluster.audit_device_file_path + leader_host = step.get_vault_cluster_ips.leader_host + vault_addr = step.create_vault_cluster.api_addr_localhost + vault_root_token = step.create_vault_cluster.root_token + } + } + step "verify_ui" { description = global.description.verify_ui module = module.vault_verify_ui diff --git a/enos/enos-scenario-upgrade.hcl b/enos/enos-scenario-upgrade.hcl index 405cfd47c17e..00eb2204e42e 100644 --- a/enos/enos-scenario-upgrade.hcl +++ b/enos/enos-scenario-upgrade.hcl @@ -649,6 +649,37 @@ scenario "upgrade" { } } + step "verify_log_secrets" { + // Only verify log secrets if the audit devices are turned on and we've enabled the check (as + // it requires a radar license). Some older versions have known issues so we'll skip this step + // in the event that we're upgrading from them, see VAULT-30557 for more information. + skip_step = !var.vault_enable_audit_devices || !var.verify_log_secrets || semverconstraint(var.vault_upgrade_initial_version, "=1.17.3 || =1.17.4 || =1.16.7 || =1.16.8") + + description = global.description.verify_log_secrets + module = module.verify_log_secrets + depends_on = [ + step.verify_secrets_engines_read, + ] + + providers = { + enos = local.enos_provider[matrix.distro] + } + + verifies = [ + quality.vault_audit_log_secrets, + quality.vault_journal_secrets, + quality.vault_radar_index_create, + quality.vault_radar_scan_file, + ] + + variables { + audit_log_file_path = step.create_vault_cluster.audit_device_file_path + leader_host = step.get_updated_vault_cluster_ips.leader_host + vault_addr = step.create_vault_cluster.api_addr_localhost + vault_root_token = step.create_vault_cluster.root_token + } + } + step "verify_raft_auto_join_voter" { description = global.description.verify_raft_cluster_all_nodes_are_voters skip_step = matrix.backend != "raft" diff --git a/enos/enos-variables.hcl b/enos/enos-variables.hcl index 298f295cd378..91402071a979 100644 --- a/enos/enos-variables.hcl +++ b/enos/enos-variables.hcl @@ -188,6 +188,12 @@ variable "vault_product_version" { default = null } +variable "vault_radar_license_path" { + description = "The license for vault-radar which is used to verify the audit log" + type = string + default = null +} + variable "vault_revision" { description = "The git sha of Vault artifact we are testing" type = string @@ -199,3 +205,9 @@ variable "vault_upgrade_initial_version" { type = string default = "1.13.13" } + +variable "verify_log_secrets" { + description = "If true and var.vault_enable_audit_devices is true we'll verify that the audit log does not contain unencrypted secrets. Requires var.vault_radar_license_path to be set to a valid license file." + type = bool + default = false +} diff --git a/enos/modules/build_local/scripts/build.sh b/enos/modules/build_local/scripts/build.sh index 06fc03f39462..b7b095003f2a 100755 --- a/enos/modules/build_local/scripts/build.sh +++ b/enos/modules/build_local/scripts/build.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/generate_failover_secondary_token/scripts/generate-failover-secondary-token.sh b/enos/modules/generate_failover_secondary_token/scripts/generate-failover-secondary-token.sh index e8e0e3094b12..05da4a440749 100644 --- a/enos/modules/generate_failover_secondary_token/scripts/generate-failover-secondary-token.sh +++ b/enos/modules/generate_failover_secondary_token/scripts/generate-failover-secondary-token.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash ## Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/install_packages/scripts/install-packages.sh b/enos/modules/install_packages/scripts/install-packages.sh index 6c6e5dd7dc0e..0b9bfdecf78c 100644 --- a/enos/modules/install_packages/scripts/install-packages.sh +++ b/enos/modules/install_packages/scripts/install-packages.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/softhsm_create_vault_keys/scripts/create-keys.sh b/enos/modules/softhsm_create_vault_keys/scripts/create-keys.sh index aa271cde1dd4..6518779f4087 100644 --- a/enos/modules/softhsm_create_vault_keys/scripts/create-keys.sh +++ b/enos/modules/softhsm_create_vault_keys/scripts/create-keys.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/softhsm_create_vault_keys/scripts/get-keys.sh b/enos/modules/softhsm_create_vault_keys/scripts/get-keys.sh index 6409943f51fd..953880f666fc 100644 --- a/enos/modules/softhsm_create_vault_keys/scripts/get-keys.sh +++ b/enos/modules/softhsm_create_vault_keys/scripts/get-keys.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/softhsm_distribute_vault_keys/scripts/distribute-token.sh b/enos/modules/softhsm_distribute_vault_keys/scripts/distribute-token.sh index 95f896c756d1..34279915c9ff 100644 --- a/enos/modules/softhsm_distribute_vault_keys/scripts/distribute-token.sh +++ b/enos/modules/softhsm_distribute_vault_keys/scripts/distribute-token.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/softhsm_init/scripts/init-softhsm.sh b/enos/modules/softhsm_init/scripts/init-softhsm.sh index c36db5304306..3181d9eb2f20 100644 --- a/enos/modules/softhsm_init/scripts/init-softhsm.sh +++ b/enos/modules/softhsm_init/scripts/init-softhsm.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/softhsm_install/scripts/find-shared-object.sh b/enos/modules/softhsm_install/scripts/find-shared-object.sh index 4afaee8b16b2..52b720d86512 100644 --- a/enos/modules/softhsm_install/scripts/find-shared-object.sh +++ b/enos/modules/softhsm_install/scripts/find-shared-object.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash ## Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/vault_upgrade/scripts/maybe-remove-old-unit-file.sh b/enos/modules/vault_upgrade/scripts/maybe-remove-old-unit-file.sh index 1d584d76d7aa..e5c673a94816 100644 --- a/enos/modules/vault_upgrade/scripts/maybe-remove-old-unit-file.sh +++ b/enos/modules/vault_upgrade/scripts/maybe-remove-old-unit-file.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/vault_upgrade/scripts/restart-vault.sh b/enos/modules/vault_upgrade/scripts/restart-vault.sh index ba067fc88ce1..352199479e92 100644 --- a/enos/modules/vault_upgrade/scripts/restart-vault.sh +++ b/enos/modules/vault_upgrade/scripts/restart-vault.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/vault_verify_autopilot/scripts/smoke-verify-autopilot.sh b/enos/modules/vault_verify_autopilot/scripts/smoke-verify-autopilot.sh index eb0a1a1baf65..6408c760f8ff 100755 --- a/enos/modules/vault_verify_autopilot/scripts/smoke-verify-autopilot.sh +++ b/enos/modules/vault_verify_autopilot/scripts/smoke-verify-autopilot.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/vault_verify_default_lcq/scripts/smoke-verify-default-lcq.sh b/enos/modules/vault_verify_default_lcq/scripts/smoke-verify-default-lcq.sh index 57a943654157..64e8e0f1e7e8 100755 --- a/enos/modules/vault_verify_default_lcq/scripts/smoke-verify-default-lcq.sh +++ b/enos/modules/vault_verify_default_lcq/scripts/smoke-verify-default-lcq.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/vault_verify_undo_logs/scripts/smoke-verify-undo-logs.sh b/enos/modules/vault_verify_undo_logs/scripts/smoke-verify-undo-logs.sh index 99bc7018c7d7..77363317434a 100644 --- a/enos/modules/vault_verify_undo_logs/scripts/smoke-verify-undo-logs.sh +++ b/enos/modules/vault_verify_undo_logs/scripts/smoke-verify-undo-logs.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/verify_log_secrets/main.tf b/enos/modules/verify_log_secrets/main.tf new file mode 100644 index 000000000000..1f40874b69b8 --- /dev/null +++ b/enos/modules/verify_log_secrets/main.tf @@ -0,0 +1,96 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +terraform { + required_providers { + enos = { + source = "registry.terraform.io/hashicorp-forge/enos" + } + } +} + +variable "audit_log_file_path" { + type = string +} + +variable "leader_host" { + type = object({ + ipv6 = string + private_ip = string + public_ip = string + }) + description = "The cluster leader host. Only the leader write to the audit log" +} + +variable "radar_install_dir" { + type = string + description = "The directory where the Vault binary will be installed" + default = "/opt/vault-radar/bin" +} + +variable "radar_license_path" { + description = "The path to a vault-radar license file" +} + +variable "radar_version" { + description = "The version of Vault Radar to install" + default = "0.17.0" # must be >= 0.17.0 + // NOTE: A `semverconstraint` validation condition would be very useful here + // when we get around to exporting our custom enos funcs in the provider. +} + +variable "vault_addr" { + type = string + description = "The local vault API listen address" +} + +variable "vault_root_token" { + type = string + description = "The vault root token" +} + +variable "vault_unit_name" { + type = string + description = "The vault unit name" + default = "vault" +} + +resource "enos_bundle_install" "radar" { + destination = var.radar_install_dir + + release = { + product = "vault-radar" + version = var.radar_version + // Radar doesn't have CE/Ent editions. CE is equivalent to no edition metadata. + edition = "ce" + } + + transport = { + ssh = { + host = var.leader_host.public_ip + } + } +} + +resource "enos_remote_exec" "scan_logs_for_secrets" { + depends_on = [ + enos_bundle_install.radar, + ] + + environment = { + AUDIT_LOG_FILE_PATH = var.audit_log_file_path + VAULT_ADDR = var.vault_addr + VAULT_RADAR_INSTALL_DIR = var.radar_install_dir + VAULT_RADAR_LICENSE = file(var.radar_license_path) + VAULT_TOKEN = var.vault_root_token + VAULT_UNIT_NAME = var.vault_unit_name + } + + scripts = [abspath("${path.module}/scripts/scan_logs_for_secrets.sh")] + + transport = { + ssh = { + host = var.leader_host.public_ip + } + } +} diff --git a/enos/modules/verify_log_secrets/scripts/scan_logs_for_secrets.sh b/enos/modules/verify_log_secrets/scripts/scan_logs_for_secrets.sh new file mode 100644 index 000000000000..7e924d6f292c --- /dev/null +++ b/enos/modules/verify_log_secrets/scripts/scan_logs_for_secrets.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +fail() { + echo "$1" 1>&2 + exit 1 +} + +verify_radar_scan_output_file() { + # Given a file with a radar scan output, filter out tagged false positives and verify that no + # other secrets remain. + if ! jq -eMcn '[inputs] | [.[] | select((.tags == null) or (.tags | contains(["ignore_rule"]) | not ))] | length == 0' < "$2"; then + found=$(jq -eMn '[inputs] | [.[] | select((.tags == null) or (.tags | contains(["ignore_rule"]) | not ))]' < "$2") + fail "failed to radar secrets output: vault radar detected secrets in $1!: $found" + fi +} + +set -e + +[[ -z "$AUDIT_LOG_FILE_PATH" ]] && fail "AUDIT_LOG_FILE_PATH env variable has not been set" +[[ -z "$VAULT_RADAR_INSTALL_DIR" ]] && fail "VAULT_RADAR_INSTALL_DIR env variable has not been set" +# Radar implicitly requires the following for creating the index and running radar itself +[[ -z "$VAULT_RADAR_LICENSE" ]] && fail "VAULT_RADAR_LICENSE env variable has not been set" +[[ -z "$VAULT_ADDR" ]] && fail "VAULT_ADDR env variable has not been set" +[[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set" +[[ -z "$VAULT_UNIT_NAME" ]] && fail "VAULT_UNIT_NAME env variable has not been set" + +radar_bin_path=${VAULT_RADAR_INSTALL_DIR}/vault-radar +test -x "$radar_bin_path" || fail "failed to scan vault audit log: unable to locate radar binary at $radar_bin_path" + +# Make sure our audit log file exists. +if [ ! -f "$AUDIT_LOG_FILE_PATH" ]; then + fail "failed to scan vault audit log: no audit logifile found at $AUDIT_LOG_FILE_PATH" +fi + +# Create a readable copy of the audit log. +if ! sudo cp "$AUDIT_LOG_FILE_PATH" audit.log; then + fail "failed to scan vault audit log: could not copy audit log for scanning" +fi + +if ! sudo chmod +r audit.log; then + fail "failed to scan vault audit log: could not make audit log copy readable" +fi + +# Create a radar index file of our KVv2 secret values. +if ! out=$($radar_bin_path index vault --offline --disable-ui --outfile index.jsonl 2>&1); then + fail "failed to generate vault-radar index of vault cluster: $out" +fi + +# Write our ignore rules to avoid known false positives. +mkdir -p "$HOME/.hashicorp/vault-radar" +cat >> "$HOME/.hashicorp/vault-radar/ignore.yaml" << EOF +- secret_values: + - "hmac-sha256:*" +EOF + +# Scan the audit log for known secrets via the audit log and other secrets using radars built-in +# secret types. +if ! out=$("$radar_bin_path" scan file --offline --disable-ui -p audit.log --index-file index.jsonl -f json -o audit-secrets.json 2>&1); then + fail "failed to scan vault audit log: vault-radar scan file failed: $out" +fi + +verify_radar_scan_output_file vault-audit-log audit-secrets.json + +# Scan the vault journal for known secrets via the audit log and other secrets using radars built-in +# secret types. +if ! out=$(sudo journalctl --no-pager -u "$VAULT_UNIT_NAME" -a | "$radar_bin_path" scan file --offline --disable-ui --index-file index.jsonl -f json -o journal-secrets.json 2>&1); then + fail "failed to scan vault journal: vault-radar scan file failed: $out" +fi + +verify_radar_scan_output_file vault-journal journal-secrets.json diff --git a/enos/modules/verify_seal_type/scripts/verify-seal-type.sh b/enos/modules/verify_seal_type/scripts/verify-seal-type.sh index 73ce06fd9e03..82a79856e1bf 100644 --- a/enos/modules/verify_seal_type/scripts/verify-seal-type.sh +++ b/enos/modules/verify_seal_type/scripts/verify-seal-type.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: BUSL-1.1 diff --git a/enos/modules/verify_secrets_engines/modules/create/kv.tf b/enos/modules/verify_secrets_engines/modules/create/kv.tf index 269f64b73eec..c721718590d6 100644 --- a/enos/modules/verify_secrets_engines/modules/create/kv.tf +++ b/enos/modules/verify_secrets_engines/modules/create/kv.tf @@ -8,6 +8,7 @@ locals { kv_write_policy_name = "kv_writer" # sys/policy/kv_writer kv_test_data_path_prefix = "smoke" kv_test_data_value_prefix = "fire" + kv_version = 2 // Response data identity_group_kv_writers_data = jsondecode(enos_remote_exec.identity_group_kv_writers.stdout).data @@ -17,6 +18,7 @@ locals { reader_group_name = local.group_name_kv_writers writer_policy_name = local.kv_write_policy_name mount = local.kv_mount + version = local.kv_version test = { path_prefix = local.kv_test_data_path_prefix value_prefix = local.kv_test_data_value_prefix @@ -36,6 +38,7 @@ resource "enos_remote_exec" "secrets_enable_kv_secret" { environment = { ENGINE = "kv" MOUNT = local.kv_mount + SECRETS_META = "-version=${local.kv_version}" VAULT_ADDR = var.vault_addr VAULT_TOKEN = var.vault_root_token VAULT_INSTALL_DIR = var.vault_install_dir diff --git a/enos/modules/verify_secrets_engines/modules/read/kv.tf b/enos/modules/verify_secrets_engines/modules/read/kv.tf index cfa4b7829e13..6983e749b3e4 100644 --- a/enos/modules/verify_secrets_engines/modules/read/kv.tf +++ b/enos/modules/verify_secrets_engines/modules/read/kv.tf @@ -8,6 +8,7 @@ resource "enos_remote_exec" "kv_get_verify_test_data" { MOUNT = var.create_state.kv.mount SECRET_PATH = "${var.create_state.kv.test.path_prefix}-${each.key}" KEY = "${var.create_state.kv.test.path_prefix}-${each.key}" + KV_VERSION = var.create_state.kv.version VALUE = "${var.create_state.kv.test.value_prefix}-${each.key}" VAULT_ADDR = var.vault_addr VAULT_TOKEN = local.user_login_data.auth.client_token diff --git a/enos/modules/verify_secrets_engines/scripts/kv-verify-value.sh b/enos/modules/verify_secrets_engines/scripts/kv-verify-value.sh index 72427d869642..64d6f29d8b7e 100644 --- a/enos/modules/verify_secrets_engines/scripts/kv-verify-value.sh +++ b/enos/modules/verify_secrets_engines/scripts/kv-verify-value.sh @@ -21,8 +21,9 @@ binpath=${VAULT_INSTALL_DIR}/vault test -x "$binpath" || fail "unable to locate vault binary at $binpath" export VAULT_FORMAT=json -if res=$("$binpath" kv get "$MOUNT/$SECRET_PATH"); then - if jq -Merc --arg VALUE "$VALUE" --arg KEY "$KEY" '.data[$KEY] == $VALUE' <<< "$res"; then +if res=$("$binpath" kv get -mount="$MOUNT" "$SECRET_PATH"); then + # Note that this expects KVv2 response payloads. KVv1 does not include doubly nested .data + if jq -Merc --arg VALUE "$VALUE" --arg KEY "$KEY" '.data.data[$KEY] == $VALUE' <<< "$res"; then printf "kv %s/%s %s=%s is valid\n" "$MOUNT" "$SECRET_PATH" "$KEY" "$VALUE" exit 0 fi diff --git a/enos/modules/verify_secrets_engines/scripts/secrets-enable.sh b/enos/modules/verify_secrets_engines/scripts/secrets-enable.sh index 7cc957a290bf..0e8174a80ee0 100644 --- a/enos/modules/verify_secrets_engines/scripts/secrets-enable.sh +++ b/enos/modules/verify_secrets_engines/scripts/secrets-enable.sh @@ -19,4 +19,4 @@ binpath=${VAULT_INSTALL_DIR}/vault test -x "$binpath" || fail "unable to locate vault binary at $binpath" export VAULT_FORMAT=json -"$binpath" secrets enable -path="$MOUNT" "$ENGINE" +eval "$binpath" secrets enable -path="$MOUNT" "$SECRETS_META" "$ENGINE" diff --git a/go.mod b/go.mod index 2014348be827..58e0496dbeeb 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ module github.com/hashicorp/vault // semantic related to Go module handling), this comment should be updated to explain that. // // Whenever this value gets updated, sdk/go.mod should be updated to the same value. -go 1.22.5 +go 1.23.3 replace github.com/hashicorp/vault/api => ./api @@ -26,8 +26,8 @@ replace github.com/hashicorp/vault-plugin-secrets-kv => ./plugins/vault-plugin-s require ( cloud.google.com/go/cloudsqlconn v1.4.3 - cloud.google.com/go/monitoring v1.21.0 - cloud.google.com/go/spanner v1.67.0 + cloud.google.com/go/monitoring v1.21.2 + cloud.google.com/go/spanner v1.72.0 cloud.google.com/go/storage v1.43.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 @@ -63,16 +63,16 @@ require ( github.com/go-git/go-git/v5 v5.11.0 github.com/go-jose/go-jose/v3 v3.0.3 github.com/go-ldap/ldap/v3 v3.4.8 - github.com/go-sql-driver/mysql v1.7.1 + github.com/go-sql-driver/mysql v1.8.1 github.com/go-test/deep v1.1.1 github.com/go-zookeeper/zk v1.0.3 github.com/gocql/gocql v1.0.0 - github.com/golang-jwt/jwt/v4 v4.5.0 + github.com/golang-jwt/jwt/v4 v4.5.1 github.com/golang/protobuf v1.5.4 + github.com/google/certificate-transparency-go v1.3.0 github.com/google/go-cmp v0.6.0 github.com/google/go-github v17.0.0+incompatible github.com/google/go-metrics-stackdriver v0.2.0 - github.com/hashicorp-forge/bbolt v1.3.8-hc3 github.com/hashicorp/cap v0.7.0 github.com/hashicorp/cap/ldap v0.0.0-20240403125925-c0418810d10e github.com/hashicorp/cli v1.1.6 @@ -152,7 +152,7 @@ require ( github.com/hashicorp/vault-plugin-secrets-kubernetes v0.9.0 github.com/hashicorp/vault-plugin-secrets-kv v0.20.0 github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.13.0 - github.com/hashicorp/vault-plugin-secrets-openldap v0.14.3 + github.com/hashicorp/vault-plugin-secrets-openldap v0.14.4 github.com/hashicorp/vault-plugin-secrets-terraform v0.10.0 github.com/hashicorp/vault-testing-stepwise v0.3.1 github.com/hashicorp/vault/api v1.15.0 @@ -166,7 +166,7 @@ require ( github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f github.com/jefferai/jsonx v1.0.1 github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f - github.com/klauspost/compress v1.17.8 + github.com/klauspost/compress v1.17.9 github.com/kr/pretty v0.3.1 github.com/kr/text v0.2.0 github.com/mattn/go-colorable v0.1.13 @@ -180,7 +180,7 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 github.com/ncw/swift v1.0.47 github.com/oklog/run v1.1.0 - github.com/okta/okta-sdk-golang/v2 v2.20.0 + github.com/okta/okta-sdk-golang/v5 v5.0.2 github.com/oracle/oci-go-sdk v24.3.0+incompatible github.com/ory/dockertest v3.3.5+incompatible github.com/ory/dockertest/v3 v3.10.0 @@ -189,21 +189,21 @@ require ( github.com/pkg/errors v0.9.1 github.com/posener/complete v1.2.3 github.com/pquerna/otp v1.2.1-0.20191009055518-468c2dd2b58d - github.com/prometheus/client_golang v1.19.1 + github.com/prometheus/client_golang v1.20.5 github.com/prometheus/common v0.55.0 github.com/rboyer/safeio v0.2.1 github.com/robfig/cron/v3 v3.0.1 github.com/ryanuber/columnize v2.1.2+incompatible github.com/ryanuber/go-glob v1.0.0 - github.com/sasha-s/go-deadlock v0.2.0 + github.com/sasha-s/go-deadlock v0.3.5 github.com/sethvargo/go-limiter v0.7.1 github.com/shirou/gopsutil/v3 v3.22.6 github.com/stretchr/testify v1.9.0 github.com/tink-crypto/tink-go/v2 v2.2.0 - go.etcd.io/bbolt v1.3.10 - go.etcd.io/etcd/client/pkg/v3 v3.5.13 - go.etcd.io/etcd/client/v2 v2.305.5 - go.etcd.io/etcd/client/v3 v3.5.13 + go.etcd.io/bbolt v1.4.0-beta.0 + go.etcd.io/etcd/client/pkg/v3 v3.5.17 + go.etcd.io/etcd/client/v2 v2.305.17 + go.etcd.io/etcd/client/v3 v3.5.17 go.mongodb.org/atlas v0.37.0 go.mongodb.org/mongo-driver v1.16.1 go.opentelemetry.io/otel v1.30.0 @@ -211,18 +211,18 @@ require ( go.opentelemetry.io/otel/trace v1.30.0 go.uber.org/atomic v1.11.0 go.uber.org/goleak v1.3.0 - golang.org/x/crypto v0.27.0 + golang.org/x/crypto v0.31.0 golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 - golang.org/x/net v0.29.0 - golang.org/x/oauth2 v0.23.0 - golang.org/x/sync v0.8.0 - golang.org/x/sys v0.25.0 - golang.org/x/term v0.24.0 - golang.org/x/text v0.18.0 - golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d - google.golang.org/api v0.197.0 - google.golang.org/grpc v1.66.1 - google.golang.org/protobuf v1.34.2 + golang.org/x/net v0.31.0 + golang.org/x/oauth2 v0.24.0 + golang.org/x/sync v0.10.0 + golang.org/x/sys v0.28.0 + golang.org/x/term v0.27.0 + golang.org/x/text v0.21.0 + golang.org/x/tools v0.27.0 + google.golang.org/api v0.207.0 + google.golang.org/grpc v1.68.0 + google.golang.org/protobuf v1.35.2 gopkg.in/ory-am/dockertest.v3 v3.3.4 k8s.io/apimachinery v0.31.0 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 @@ -231,25 +231,36 @@ require ( ) require ( - cel.dev/expr v0.15.0 // indirect - cloud.google.com/go/longrunning v0.6.0 // indirect + cel.dev/expr v0.16.1 // indirect + cloud.google.com/go/longrunning v0.6.2 // indirect + filippo.io/edwards25519 v1.1.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 // indirect github.com/containerd/containerd v1.7.20 // indirect + github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/hashicorp/go-secure-stdlib/httputil v0.1.0 // indirect + github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect + github.com/lestrrat-go/blackmagic v1.0.2 // indirect + github.com/lestrrat-go/httpcc v1.0.1 // indirect + github.com/lestrrat-go/iter v1.0.2 // indirect + github.com/lestrrat-go/jwx v1.2.29 // indirect + github.com/lestrrat-go/option v1.0.1 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/x448/float16 v0.8.4 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.29.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.29.0 // indirect golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect ) require ( - cloud.google.com/go v0.115.1 // indirect - cloud.google.com/go/auth v0.9.3 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect - cloud.google.com/go/compute/metadata v0.5.0 // indirect - cloud.google.com/go/iam v1.2.0 // indirect - cloud.google.com/go/kms v1.19.0 // indirect; indirect\ + cloud.google.com/go v0.116.0 // indirect + cloud.google.com/go/auth v0.10.2 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect + cloud.google.com/go/compute/metadata v0.5.2 // indirect + cloud.google.com/go/iam v1.2.2 // indirect + cloud.google.com/go/kms v1.20.1 // indirect; indirect\ dario.cat/mergo v1.0.1 // indirect github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect github.com/99designs/keyring v1.2.2 // indirect @@ -321,12 +332,12 @@ require ( github.com/cjlapao/common-go v0.0.39 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/cloudfoundry-community/go-cfclient v0.0.0-20220930021109-9c4e6c59ccf1 // indirect - github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b // indirect + github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect github.com/containerd/continuity v0.4.3 // indirect github.com/containerd/log v0.1.0 // indirect github.com/coreos/etcd v3.3.27+incompatible // indirect github.com/coreos/go-oidc/v3 v3.11.0 // indirect - github.com/coreos/go-semver v0.3.0 // indirect + github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect github.com/couchbase/gocb/v2 v2.9.1 // indirect @@ -348,8 +359,8 @@ require ( github.com/dvsekhvalnov/jose2go v1.6.0 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/envoyproxy/go-control-plane v0.12.1-0.20240621013728-1eb8caab5155 // indirect - github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect + github.com/envoyproxy/go-control-plane v0.13.0 // indirect + github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/gabriel-vasile/mimetype v1.4.2 // indirect @@ -390,7 +401,7 @@ require ( github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect - github.com/googleapis/gax-go/v2 v2.13.0 // indirect + github.com/googleapis/gax-go/v2 v2.14.0 // indirect github.com/gophercloud/gophercloud v0.1.0 // indirect github.com/gorilla/websocket v1.5.1 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect @@ -418,7 +429,7 @@ require ( github.com/jackc/pgio v1.0.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgproto3/v2 v2.3.3 // indirect - github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9 // indirect + github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect github.com/jackc/pgtype v1.14.3 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jcmturner/aescts/v2 v2.0.0 // indirect @@ -427,7 +438,7 @@ require ( github.com/jcmturner/goidentity/v6 v6.0.1 // indirect github.com/jcmturner/rpc/v2 v2.0.3 // indirect github.com/jeffchao/backoff v0.0.0-20140404060208-9d7fd7aa17f2 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/joshlf/go-acl v0.0.0-20200411065538-eae00ae38531 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -435,7 +446,6 @@ require ( github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/cpuid/v2 v2.2.5 // indirect github.com/kylelemons/godebug v1.1.0 // indirect - github.com/lib/pq v1.10.9 // indirect github.com/linode/linodego v0.7.1 // indirect github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect github.com/mailru/easyjson v0.7.7 // indirect @@ -474,7 +484,7 @@ require ( github.com/oracle/oci-go-sdk/v59 v59.0.0 // indirect github.com/oracle/oci-go-sdk/v60 v60.0.0 // indirect github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c // indirect - github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect + github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7 // indirect github.com/pierrec/lz4 v2.6.1+incompatible // indirect github.com/pierrec/lz4/v4 v4.1.18 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect @@ -486,7 +496,7 @@ require ( github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/segmentio/fasthash v1.0.3 // indirect - github.com/sergi/go-diff v1.1.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.2.1 // indirect @@ -516,18 +526,18 @@ require ( github.com/yusufpapurcu/wmi v1.2.2 // indirect github.com/zclconf/go-cty v1.12.1 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect - go.etcd.io/etcd/api/v3 v3.5.13 // indirect + go.etcd.io/etcd/api/v3 v3.5.17 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect go.opentelemetry.io/otel/metric v1.30.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/mod v0.21.0 // indirect - golang.org/x/time v0.6.0 - google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect; indirect\ + golang.org/x/mod v0.22.0 // indirect + golang.org/x/time v0.8.0 + google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect; indirect\ gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/jcmturner/goidentity.v3 v3.0.0 // indirect diff --git a/go.sum b/go.sum index 540b38a0b789..366d2a74eb0e 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -cel.dev/expr v0.15.0 h1:O1jzfJCQBfL5BFoYktaxwIhuttaQPsVWerH9/EEKx0w= -cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= +cel.dev/expr v0.16.1 h1:NR0+oFYzR1CqLFhTAqg3ql59G9VfN8fKq1TCHJ6gq1g= +cel.dev/expr v0.16.1/go.mod h1:AsGA5zb3WruAEQeQng1RZdGEXmBj0jvMWh6l5SnNuC8= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= @@ -39,8 +39,8 @@ cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRY cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= -cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= -cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= +cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= +cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= @@ -102,10 +102,10 @@ cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVo cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E= -cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= -cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= -cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= -cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= +cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo= +cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= +cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8= @@ -187,8 +187,8 @@ cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZ cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= -cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= +cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= +cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= @@ -322,8 +322,8 @@ cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGE cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= -cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= -cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= +cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= +cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= @@ -343,8 +343,8 @@ cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4 cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= -cloud.google.com/go/kms v1.19.0 h1:x0OVJDl6UH1BSX4THKlMfdcFWoE4ruh90ZHuilZekrU= -cloud.google.com/go/kms v1.19.0/go.mod h1:e4imokuPJUc17Trz2s6lEXFDt8bgDmvpVynH39bdrHM= +cloud.google.com/go/kms v1.20.1 h1:og29Wv59uf2FVaZlesaiDAqHFzHaoUyHI3HYp9VUHVg= +cloud.google.com/go/kms v1.20.1/go.mod h1:LywpNiVCvzYNJWS9JUcGJSVTNSwPwi0vBAotzDqn2nc= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -358,8 +358,8 @@ cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeN cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= -cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI= -cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= +cloud.google.com/go/longrunning v0.6.2 h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc= +cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA= @@ -383,8 +383,8 @@ cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhI cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw= -cloud.google.com/go/monitoring v1.21.0 h1:EMc0tB+d3lUewT2NzKC/hr8cSR9WsUieVywzIHetGro= -cloud.google.com/go/monitoring v1.21.0/go.mod h1:tuJ+KNDdJbetSsbSGTqnaBvbauS5kr3Q/koy3Up6r+4= +cloud.google.com/go/monitoring v1.21.2 h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU= +cloud.google.com/go/monitoring v1.21.2/go.mod h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU= cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= @@ -531,8 +531,8 @@ cloud.google.com/go/shell v1.6.0/go.mod h1:oHO8QACS90luWgxP3N9iZVuEiSF84zNyLytb+ cloud.google.com/go/spanner v1.41.0/go.mod h1:MLYDBJR/dY4Wt7ZaMIQ7rXOTLjYrmxLE/5ve9vFfWos= cloud.google.com/go/spanner v1.44.0/go.mod h1:G8XIgYdOK+Fbcpbs7p2fiprDw4CaZX63whnSMLVBxjk= cloud.google.com/go/spanner v1.45.0/go.mod h1:FIws5LowYz8YAE1J8fOS7DJup8ff7xJeetWEo5REA2M= -cloud.google.com/go/spanner v1.67.0 h1:h8xfobxh5lQu4qJVMPH+wSiyU+ZM6ZTxRNqGeu9iIVA= -cloud.google.com/go/spanner v1.67.0/go.mod h1:Um+TNmxfcCHqNCKid4rmAMvoe/Iu1vdz6UfxJ9GPxRQ= +cloud.google.com/go/spanner v1.72.0 h1:8hOxGVi0gaOWdxzDxyjYL4g/unjVUy2uje1T3okTgiQ= +cloud.google.com/go/spanner v1.72.0/go.mod h1:mw98ua5ggQXVWwp83yjwggqEmW9t8rjs9Po1ohcUGW4= cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM= cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ= cloud.google.com/go/speech v1.8.0/go.mod h1:9bYIl1/tjsAnMgKGHKmBZzXKEkGgtU+MpdDPTE9f7y0= @@ -620,6 +620,8 @@ cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcP dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 h1:/vQbFIOMbk2FiG/kXiLl8BRyzTWDw7gX/Hz7Dd5eDMs= @@ -723,6 +725,8 @@ github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dX github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.0 h1:oVLqHXhnYtUwM89y9T1fXGaK9wTkXHgNp8/ZNMQzUxE= github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.0/go.mod h1:dppbR7CwXD4pgtV9t3wD1812RaLDcBjtblcDF5f1vI0= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 h1:pB2F2JKCj1Znmp2rwxxt1J0Fg0wezTMgWYk5Mpbi1kg= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1/go.mod h1:itPGVDKf9cC/ov4MdvJ2QZ0khw4bfoo9jzwTJlaxy2k= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/Jeffail/gabs/v2 v2.1.0 h1:6dV9GGOjoQgzWTQEltZPXlJdFloxvIq7DwqgxMCbq30= github.com/Jeffail/gabs/v2 v2.1.0/go.mod h1:xCn81vdHKxFUuWWAaD5jCTQDNPBMh5pPs9IJ+NcziBI= @@ -869,8 +873,8 @@ github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs= github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= -github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA= -github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8= +github.com/bufbuild/protocompile v0.10.0 h1:+jW/wnLMLxaCEG8AX9lD0bQ5v9h1RUiMKOBOT5ll9dM= +github.com/bufbuild/protocompile v0.10.0/go.mod h1:G9qQIQo0xZ6Uyj6CMNz0saGmx2so+KONo8/KrELABiY= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= @@ -917,8 +921,8 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b h1:ga8SEFjZ60pxLcmhnThWgvH2wg8376yUJmPhEH4H3kw= -github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/cockroach-go/v2 v2.3.8 h1:53yoUo4+EtrC1NrAEgnnad4AS3ntNvGup1PAXZ7UmpE= @@ -939,13 +943,12 @@ github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8Nz github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= +github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU= github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= @@ -976,6 +979,9 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/denisenkom/go-mssqldb v0.12.3 h1:pBSGx9Tq67pBOTLmxNuirNTeB8Vjmf886Kx+8Y+8shw= github.com/denisenkom/go-mssqldb v0.12.3/go.mod h1:k0mtMFOnU+AihqFxPMiF05rtiDrorD1Vrm1KEz5hxDo= github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= @@ -1031,14 +1037,14 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go. github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q= -github.com/envoyproxy/go-control-plane v0.12.1-0.20240621013728-1eb8caab5155 h1:IgJPqnrlY2Mr4pYB6oaMKvFvwJ9H+X6CCY5x1vCTcpc= -github.com/envoyproxy/go-control-plane v0.12.1-0.20240621013728-1eb8caab5155/go.mod h1:5Wkq+JduFtdAXihLmeTJf+tRYIT4KBc2vPXDhwVo1pA= +github.com/envoyproxy/go-control-plane v0.13.0 h1:HzkeUz1Knt+3bK+8LG1bxOO/jzWZmdxpwC51i202les= +github.com/envoyproxy/go-control-plane v0.13.0/go.mod h1:GRaKG3dwvFoTg4nj7aXdZnvMg4d7nvT/wl9WgVXn3Q8= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= -github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= -github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= +github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM= +github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= @@ -1153,8 +1159,8 @@ github.com/go-ozzo/ozzo-validation v3.6.0+incompatible/go.mod h1:gsEKFIVnabGBt6m github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= github.com/go-pdf/fpdf v0.6.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= -github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= +github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= @@ -1186,8 +1192,9 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= +github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= @@ -1242,8 +1249,10 @@ github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/certificate-transparency-go v1.3.0 h1:+UhSNQAyA38Ed4CGfwOZeG4sJ030ELQZE4xtMFOxA7U= +github.com/google/certificate-transparency-go v1.3.0/go.mod h1:/xVlT13jyrOuJOXTW5PjCBCrHBtXUq/jT5UeW40xliQ= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/flatbuffers v23.5.26+incompatible h1:M9dgRyhJemaM4Sw8+66GHBu8ioaQmyPLg1b8VwK5WJg= github.com/google/flatbuffers v23.5.26+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= @@ -1331,8 +1340,8 @@ github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqE github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= -github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= -github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= +github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= +github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= @@ -1361,14 +1370,12 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1/go.mod h1:5SN9VR2LTsRFsrEC6FHgRbTWrTHu6tqPeKxEQv15giM= github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c h1:6rhixN/i8ZofjG1Y75iExal34USq5p+wiN1tpie8IrU= github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c/go.mod h1:NMPJylDgVpX0MLRlPy15sqSwOFv/U1GZ2m21JhFfek0= github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed h1:5upAirOpQc1Q53c0bnx2ufif5kANL7bfZWcc6VJWJd8= github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4= -github.com/hashicorp-forge/bbolt v1.3.8-hc3 h1:iTWR3RDPj0TGChAvJ8QjHFcNFWAUVgNQV73IE6gAX4E= -github.com/hashicorp-forge/bbolt v1.3.8-hc3/go.mod h1:sQBu5UIJ+rcUFU4Fo9rpTHNV935jwmGWS3dQ/MV8810= github.com/hashicorp/cap v0.7.0 h1:atLIEU5lJslYXo1qsv7RtUL1HrJVVxnfkErIT3uxLp0= github.com/hashicorp/cap v0.7.0/go.mod h1:UynhCoGX3pxL0OfVrfMzPWAyjMYp96bk11BNTf2zt8o= github.com/hashicorp/cap/ldap v0.0.0-20240403125925-c0418810d10e h1:IakB/NhT0YtMEGqAf2tViMdBABC2cMAZn3O/mVeg2j4= @@ -1593,8 +1600,8 @@ github.com/hashicorp/vault-plugin-secrets-kv v0.20.0 h1:p1RVmd4x1rgGK0tN8DDu21J2 github.com/hashicorp/vault-plugin-secrets-kv v0.20.0/go.mod h1:bCpMggD3Z0+H+3dOmTCoQjBHC53jA08lPqOLmFrHBi8= github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.13.0 h1:BeDS7luTeOW0braIbtuyairFF8SEz7k3nvi9e+mJ2Ok= github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.13.0/go.mod h1:sprde+S70PBIbgOLUAKDxR+xNF714ksBBVh77O3hnWc= -github.com/hashicorp/vault-plugin-secrets-openldap v0.14.3 h1:HY8q7qVmhtBYiNa5K24wws72jPjwzkSuAt7LwkRcT8Q= -github.com/hashicorp/vault-plugin-secrets-openldap v0.14.3/go.mod h1:wqOf/QJqrrNXjnm0eLUnm5Ju9s/LIZUl6wEKmnFL9Uo= +github.com/hashicorp/vault-plugin-secrets-openldap v0.14.4 h1:BA5gf+itQ4FtEg4gyXvEZW0ioRCSUNnO3+XBrxDNi9A= +github.com/hashicorp/vault-plugin-secrets-openldap v0.14.4/go.mod h1:mdECWDLyILokYVpdBgwvHWkPJ+cEnSTxR6yDT0TBS98= github.com/hashicorp/vault-plugin-secrets-terraform v0.10.0 h1:YzOJrpuDRNrw5SQ4i7IEjedF40I/7ejupQy+gAyQ6Zg= github.com/hashicorp/vault-plugin-secrets-terraform v0.10.0/go.mod h1:j2nbB//xAQMD+5JivVDalwDEyzJY3AWzKIkw6k65xJQ= github.com/hashicorp/vault-testing-stepwise v0.3.1 h1:SqItnMWOOknQfJJR49Fps34ZfBMWSqBFFTx6NoTHzNw= @@ -1653,8 +1660,8 @@ github.com/jackc/pgproto3/v2 v2.3.3 h1:1HLSx5H+tXR9pW3in3zaztoEwQYRC9SQaYUHjTSUO github.com/jackc/pgproto3/v2 v2.3.3/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9 h1:L0QtFUgDarD7Fpv9jeVMgy/+Ec0mtnmYuImjTz6dtDA= -github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= +github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= +github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= @@ -1698,14 +1705,15 @@ github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f/go.mod h1:3J2 github.com/jefferai/jsonx v1.0.1 h1:GvWkLWihoLqDG0BSP45TUQJH9qsINX50PVrFULgpc/I= github.com/jefferai/jsonx v1.0.1/go.mod h1:yFo3l2fcm7cZVHGq3HKLXE+Pd4RWuRjNBDHksM7XekQ= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c= -github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo= +github.com/jhump/protoreflect v1.16.0 h1:54fZg+49widqXYQ0b+usAFHbMkBGR4PpXrsHc8+TBDg= +github.com/jhump/protoreflect v1.16.0/go.mod h1:oYPd7nPvcBw/5wlDfm/AVmU9zH9BgqGCI469pGxfj/8= github.com/jimlambrt/gldap v0.1.13 h1:jxmVQn0lfmFbM9jglueoau5LLF/IGRti0SKf0vB753M= github.com/jimlambrt/gldap v0.1.13/go.mod h1:nlC30c7xVphjImg6etk7vg7ZewHCCvl1dfAhO3ZJzPg= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= -github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY= +github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= @@ -1721,7 +1729,6 @@ github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f/go.mod h1:KDSfL github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -1742,8 +1749,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= -github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= -github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= @@ -1763,6 +1770,19 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A= +github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y= +github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k= +github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= +github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= +github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= +github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= +github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= +github.com/lestrrat-go/jwx v1.2.29 h1:QT0utmUJ4/12rmsVQrJ3u55bycPkKqGYuGT4tyRhxSQ= +github.com/lestrrat-go/jwx v1.2.29/go.mod h1:hU8k2l6WF0ncx20uQdOmik/Gjg6E3/wIRtXSNFeZuB8= +github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= +github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= +github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -1910,8 +1930,8 @@ github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/okta/okta-sdk-golang/v2 v2.20.0 h1:EDKM+uOPfihOMNwgHMdno+NAsIfyXkVnoFAYVPay0YU= -github.com/okta/okta-sdk-golang/v2 v2.20.0/go.mod h1:FMy5hN5G8Rd/VoS0XrfyPPhIfOVo78ZK7lvwiQRS2+U= +github.com/okta/okta-sdk-golang/v5 v5.0.2 h1:eecvycE/XDX56IWTsOVhqfj5txCgqryTXzKy7wKEq78= +github.com/okta/okta-sdk-golang/v5 v5.0.2/go.mod h1:T/vmECtJX33YPZSVD+sorebd8LLhe38Bi/VrFTjgVX0= github.com/olekukonko/tablewriter v0.0.0-20180130162743-b8a9be070da4/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -1960,8 +1980,8 @@ github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaR github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 h1:q2e307iGHPdTGp0hoxKjt1H5pDo6utceo3dQVK3I5XQ= -github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5/go.mod h1:jvVRKCrJTQWu0XVbaOlby/2lO20uSCHEMzzplHXte1o= +github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7 h1:Dx7Ovyv/SFnMFw3fD4oEoeorXc6saIiQ23LrGLth0Gw= +github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7/go.mod h1:pxMtw7cyUw6B2bRH0ZBANSPg+AoSud1I1iyJHI69jH4= github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= @@ -2001,8 +2021,8 @@ github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -2051,8 +2071,8 @@ github.com/ryanuber/columnize v2.1.2+incompatible h1:C89EOx/XBWwIXl8wm8OPJBd7kPF github.com/ryanuber/columnize v2.1.2+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/sasha-s/go-deadlock v0.2.0 h1:lMqc+fUb7RrFS3gQLtoQsJ7/6TV/pAIFvBsqX73DK8Y= -github.com/sasha-s/go-deadlock v0.2.0/go.mod h1:StQn567HiB1fF2yJ44N9au7wOhrPS3iZqiDbRupzT10= +github.com/sasha-s/go-deadlock v0.3.5 h1:tNCOEEDG6tBqrNDOX35j/7hL5FcFViG6awUGROb2NsU= +github.com/sasha-s/go-deadlock v0.3.5/go.mod h1:bugP6EGbdGYObIlx7pUZtWqlvo8k9H6vCBBsiChJQ5U= github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/conswriter v0.0.0-20180208195008-f5ae3917a627/go.mod h1:7zjs06qF79/FKAJpBvFx3P8Ww4UTIMAe+lpNXDHziac= @@ -2061,8 +2081,8 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUt github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM= github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY= -github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sethvargo/go-limiter v0.7.1 h1:wWNhTj0pxjyJ7wuJHpRJpYwJn+bUnjYfw2a85eu5w9U= github.com/sethvargo/go-limiter v0.7.1/go.mod h1:C0kbSFbiriE5k2FFOe18M1YZbAR2Fiwf72uGu0CXCcU= github.com/shirou/gopsutil/v3 v3.22.6 h1:FnHOFOh+cYAM0C30P+zysPISzlknLC5Z1G4EAElznfQ= @@ -2139,6 +2159,7 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tencentcloud/tencentcloud-sdk-go v1.0.162 h1:8fDzz4GuVg4skjY2B0nMN7h6uN61EDVkuLyI2+qGHhI= @@ -2205,18 +2226,16 @@ github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0= -go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ= -go.etcd.io/etcd/api/v3 v3.5.5/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8= -go.etcd.io/etcd/api/v3 v3.5.13 h1:8WXU2/NBge6AUF1K1gOexB6e07NgsN1hXK0rSTtgSp4= -go.etcd.io/etcd/api/v3 v3.5.13/go.mod h1:gBqlqkcMMZMVTMm4NDZloEVJzxQOQIls8splbqBDa0c= -go.etcd.io/etcd/client/pkg/v3 v3.5.5/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ= -go.etcd.io/etcd/client/pkg/v3 v3.5.13 h1:RVZSAnWWWiI5IrYAXjQorajncORbS0zI48LQlE2kQWg= -go.etcd.io/etcd/client/pkg/v3 v3.5.13/go.mod h1:XxHT4u1qU12E2+po+UVPrEeL94Um6zL58ppuJWXSAB8= -go.etcd.io/etcd/client/v2 v2.305.5 h1:DktRP60//JJpnPC0VBymAN/7V71GHMdjDCBt4ZPXDjI= -go.etcd.io/etcd/client/v2 v2.305.5/go.mod h1:zQjKllfqfBVyVStbt4FaosoX2iYd8fV/GRy/PbowgP4= -go.etcd.io/etcd/client/v3 v3.5.13 h1:o0fHTNJLeO0MyVbc7I3fsCf6nrOqn5d+diSarKnB2js= -go.etcd.io/etcd/client/v3 v3.5.13/go.mod h1:cqiAeY8b5DEEcpxvgWKsbLIWNM/8Wy2xJSDMtioMcoI= +go.etcd.io/bbolt v1.4.0-beta.0 h1:U7Y9yH6ZojEo5/BDFMXDXD1RNx9L7iKxudzqR68jLaM= +go.etcd.io/bbolt v1.4.0-beta.0/go.mod h1:Qv5yHB6jkQESXT/uVfxJgUPMqgAyhL0GLxcQaz9bSec= +go.etcd.io/etcd/api/v3 v3.5.17 h1:cQB8eb8bxwuxOilBpMJAEo8fAONyrdXTHUNcMd8yT1w= +go.etcd.io/etcd/api/v3 v3.5.17/go.mod h1:d1hvkRuXkts6PmaYk2Vrgqbv7H4ADfAKhyJqHNLJCB4= +go.etcd.io/etcd/client/pkg/v3 v3.5.17 h1:XxnDXAWq2pnxqx76ljWwiQ9jylbpC4rvkAeRVOUKKVw= +go.etcd.io/etcd/client/pkg/v3 v3.5.17/go.mod h1:4DqK1TKacp/86nJk4FLQqo6Mn2vvQFBmruW3pP14H/w= +go.etcd.io/etcd/client/v2 v2.305.17 h1:ajFukQfI//xY5VuSeuUw4TJ4WnNR2kAFfV/P0pDdPMs= +go.etcd.io/etcd/client/v2 v2.305.17/go.mod h1:EttKgEgvwikmXN+b7pkEWxDZr6sEaYsqCiS3k4fa/Vg= +go.etcd.io/etcd/client/v3 v3.5.17 h1:o48sINNeWz5+pjy/Z0+HKpj/xSnBkuVhVvXkjEXbqZY= +go.etcd.io/etcd/client/v3 v3.5.17/go.mod h1:j2d4eXTHWkT2ClBgnnEPm/Wuu7jsqku41v9DZ3OtjQo= go.mongodb.org/atlas v0.37.0 h1:zQnO1o5+bVP9IotpAYpres4UjMD2F4nwNEFTZhNL4ck= go.mongodb.org/atlas v0.37.0/go.mod h1:DJYtM+vsEpPEMSkQzJnFHrT0sP7ev6cseZc/GGjJYG8= go.mongodb.org/mongo-driver v1.16.1 h1:rIVLL3q0IHM39dvE+z2ulZLp9ENZKThVfuvN/IiN4l8= @@ -2230,6 +2249,8 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/detectors/gcp v1.29.0 h1:TiaiXB4DpGD3sdzNlYQxruQngn5Apwzi1X0DRhuGvDQ= +go.opentelemetry.io/contrib/detectors/gcp v1.29.0/go.mod h1:GW2aWZNwR2ZxDLdv8OyC2G8zkRoQBuURgV7RPQgcPoU= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= @@ -2244,6 +2265,8 @@ go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4Q go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ= go.opentelemetry.io/otel/sdk v1.30.0 h1:cHdik6irO49R5IysVhdn8oaiR9m8XluDaJAs4DfOrYE= go.opentelemetry.io/otel/sdk v1.30.0/go.mod h1:p14X4Ok8S+sygzblytT1nqG98QG2KYKv++HE0LY/mhg= +go.opentelemetry.io/otel/sdk/metric v1.29.0 h1:K2CfmJohnRgvZ9UAj2/FhIf/okdWcNdBwe1m8xFXiSY= +go.opentelemetry.io/otel/sdk/metric v1.29.0/go.mod h1:6zZLdCl2fkauYoZIOn/soQIDSWFmNSRcICarHfuhNJQ= go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc= go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= @@ -2272,7 +2295,6 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= @@ -2309,8 +2331,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2370,8 +2392,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2451,8 +2473,8 @@ golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= -golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190130055435-99b60b757ec1/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2483,8 +2505,8 @@ golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= -golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= -golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2501,8 +2523,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2572,7 +2594,6 @@ golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2622,8 +2643,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2637,8 +2658,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= -golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2658,16 +2679,16 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -2744,8 +2765,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2826,8 +2847,8 @@ google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= -google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= -google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= +google.golang.org/api v0.207.0 h1:Fvt6IGCYjf7YLcQ+GCegeAI2QSQCfIWhRkmrMPj3JRM= +google.golang.org/api v0.207.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2969,12 +2990,12 @@ google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOl google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw= +google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f/go.mod h1:Q5m6g8b5KaFFzsQFIGdJkSJDGeJiybVenoYFMMa3ohI= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -3003,7 +3024,6 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= @@ -3019,8 +3039,8 @@ google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= -google.golang.org/grpc v1.66.1 h1:hO5qAXR19+/Z44hmvIM4dQFMSYX9XcWsByfoxutBpAM= -google.golang.org/grpc v1.66.1/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -3039,8 +3059,8 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/helper/builtinplugins/registry_full.go b/helper/builtinplugins/registry_full.go index ac56d139df39..f2bd087c2e47 100644 --- a/helper/builtinplugins/registry_full.go +++ b/helper/builtinplugins/registry_full.go @@ -99,44 +99,44 @@ func newFullAddonRegistry() *registry { "snowflake-database-plugin": {Factory: dbSnowflake.New}, }, logicalBackends: map[string]logicalBackend{ - "ad": { + pluginconsts.SecretEngineAD: { Factory: logicalAd.Factory, DeprecationStatus: consts.Deprecated, }, - "alicloud": {Factory: logicalAlicloud.Factory}, - "aws": {Factory: logicalAws.Factory}, - "azure": {Factory: logicalAzure.Factory}, - "cassandra": { + pluginconsts.SecretEngineAlicloud: {Factory: logicalAlicloud.Factory}, + pluginconsts.SecretEngineAWS: {Factory: logicalAws.Factory}, + pluginconsts.SecretEngineAzure: {Factory: logicalAzure.Factory}, + pluginconsts.SecretEngineCassandra: { Factory: removedFactory, DeprecationStatus: consts.Removed, }, - "consul": {Factory: logicalConsul.Factory}, - "gcp": {Factory: logicalGcp.Factory}, - "gcpkms": {Factory: logicalGcpKms.Factory}, - "kubernetes": {Factory: logicalKube.Factory}, - "mongodb": { + pluginconsts.SecretEngineConsul: {Factory: logicalConsul.Factory}, + pluginconsts.SecretEngineGCP: {Factory: logicalGcp.Factory}, + pluginconsts.SecretEngineGCPKMS: {Factory: logicalGcpKms.Factory}, + pluginconsts.SecretEngineKubernetes: {Factory: logicalKube.Factory}, + pluginconsts.SecretEngineMongoDB: { Factory: removedFactory, DeprecationStatus: consts.Removed, }, - "mongodbatlas": {Factory: logicalMongoAtlas.Factory}, - "mssql": { + pluginconsts.SecretEngineMongoDBAtlas: {Factory: logicalMongoAtlas.Factory}, + pluginconsts.SecretEngineMSSQL: { Factory: removedFactory, DeprecationStatus: consts.Removed, }, - "mysql": { + pluginconsts.SecretEngineMySQL: { Factory: removedFactory, DeprecationStatus: consts.Removed, }, - "nomad": {Factory: logicalNomad.Factory}, - "openldap": {Factory: logicalLDAP.Factory}, - "ldap": {Factory: logicalLDAP.Factory}, - "postgresql": { + pluginconsts.SecretEngineNomad: {Factory: logicalNomad.Factory}, + pluginconsts.SecretEngineOpenLDAP: {Factory: logicalLDAP.Factory}, + pluginconsts.SecretEngineLDAP: {Factory: logicalLDAP.Factory}, + pluginconsts.SecretEnginePostgresql: { Factory: removedFactory, DeprecationStatus: consts.Removed, }, - "rabbitmq": {Factory: logicalRabbit.Factory}, - "terraform": {Factory: logicalTerraform.Factory}, - "totp": {Factory: logicalTotp.Factory}, + pluginconsts.SecretEngineRabbitMQ: {Factory: logicalRabbit.Factory}, + pluginconsts.SecretEngineTerraform: {Factory: logicalTerraform.Factory}, + pluginconsts.SecretEngineTOTP: {Factory: logicalTotp.Factory}, }, } } diff --git a/helper/pluginconsts/plugin_consts.go b/helper/pluginconsts/plugin_consts.go index 37d1f2b9663b..bce832005d64 100644 --- a/helper/pluginconsts/plugin_consts.go +++ b/helper/pluginconsts/plugin_consts.go @@ -5,25 +5,61 @@ package pluginconsts // These consts live outside the plugin registry files to prevent import cycles. const ( - AuthTypeAliCloud = "alicloud" - AuthTypeAppId = "app-id" - AuthTypeAWS = "aws" - AuthTypeAzure = "azure" - AuthTypeCF = "cf" - AuthTypeGCP = "gcp" - AuthTypeGitHub = "github" - AuthTypeKerberos = "kerberos" - AuthTypeKubernetes = "kubernetes" - AuthTypeLDAP = "ldap" - AuthTypeOCI = "oci" - AuthTypeOkta = "okta" - AuthTypePCF = "pcf" - AuthTypeRadius = "radius" - AuthTypeToken = "token" - AuthTypeCert = "cert" - AuthTypeOIDC = "oidc" - AuthTypeUserpass = "userpass" - AuthTypeSAML = "saml" - AuthTypeApprole = "approle" - AuthTypeJWT = "jwt" + AuthTypeAliCloud = "alicloud" + AuthTypeAppId = "app-id" + AuthTypeAWS = "aws" + AuthTypeAzure = "azure" + AuthTypeCF = "cf" + AuthTypeGCP = "gcp" + AuthTypeGitHub = "github" + AuthTypeKerberos = "kerberos" + AuthTypeKubernetes = "kubernetes" + AuthTypeLDAP = "ldap" + AuthTypeOCI = "oci" + AuthTypeOkta = "okta" + AuthTypePCF = "pcf" + AuthTypeRadius = "radius" + AuthTypeToken = "token" + AuthTypeCert = "cert" + AuthTypeOIDC = "oidc" + AuthTypeUserpass = "userpass" + AuthTypeSAML = "saml" + AuthTypeApprole = "approle" + AuthTypeJWT = "jwt" + SecretEngineAD = "ad" + SecretEngineAlicloud = "alicloud" + SecretEngineAWS = "aws" + SecretEngineAzure = "azure" + SecretEngineCassandra = "cassandra" + SecretEngineConsul = "consul" + SecretEngineGCP = "gcp" + SecretEngineGCPKMS = "gcpkms" + SecretEngineKubernetes = "kubernetes" + SecretEngineMongoDB = "mongodb" + SecretEngineMongoDBAtlas = "mongodbatlas" + SecretEngineMSSQL = "mssql" + SecretEngineMySQL = "mysql" + SecretEngineNomad = "nomad" + SecretEngineOpenLDAP = "openldap" + SecretEngineLDAP = "ldap" + SecretEnginePostgresql = "postgresql" + SecretEngineRabbitMQ = "rabbitmq" + SecretEngineTerraform = "terraform" + SecretEngineTOTP = "totp" + SecretEngineKV = "kv" + SecretEngineTransform = "transform" + SecretEngineKMIP = "kmip" + SecretEngineKeymgmt = "keymgmt" + SecretEnginePki = "pki" + SecretEngineTransit = "transit" + SecretEngineSsh = "ssh" + SecretEngineCubbyhole = "cubbyhole" + SecretEngineIdentity = "identity" + SecretEngineSystem = "system" + // SecretEngineGeneric is a very old and deprecated version of KV, but is left + // for completeness. + SecretEngineGeneric = "generic" + // SecretEngineDatabase is the entry type for all databases, i.e. this is the combined + // database type for every database. + SecretEngineDatabase = "database" ) diff --git a/helper/testhelpers/mssql/mssqlhelper.go b/helper/testhelpers/mssql/mssqlhelper.go index 154caf259843..71c2ea2d654a 100644 --- a/helper/testhelpers/mssql/mssqlhelper.go +++ b/helper/testhelpers/mssql/mssqlhelper.go @@ -12,7 +12,9 @@ import ( "runtime" "strings" "testing" + "time" + "github.com/hashicorp/vault/helper/testhelpers" "github.com/hashicorp/vault/helper/testhelpers/corehelpers" "github.com/hashicorp/vault/sdk/helper/docker" ) @@ -35,25 +37,62 @@ func PrepareMSSQLTestContainer(t *testing.T) (cleanup func(), retURL string) { logger := corehelpers.NewTestLogger(t) - var err error - for i := 0; i < numRetries; i++ { - var svc *docker.Service - var runner *docker.Runner - runner, err = docker.NewServiceRunner(docker.RunOptions{ - ContainerName: "sqlserver", - ImageRepo: "mcr.microsoft.com/mssql/server", - ImageTag: "2022-latest", - Env: []string{"ACCEPT_EULA=Y", "SA_PASSWORD=" + mssqlPassword}, - Ports: []string{"1433/tcp"}, - LogConsumer: func(s string) { - logger.Info(s) - }, - }) + // Workaround for https://github.com/microsoft/mssql-docker/issues/895 and us temporary seeing + // tls: failed to parse certificate from server: x509: negative serial number in test case failures. + containerfile := ` +FROM mcr.microsoft.com/mssql/server:2022-latest +USER root +ENV MSDIR=/var/opt/mssql +RUN mkdir -p $MSDIR \ + && openssl req -x509 -nodes -newkey rsa:2048 -subj '/CN=mssql' -addext "subjectAltName = DNS:mssql" -keyout $MSDIR/mssql.key -out $MSDIR/mssql.pem -days 1 \ + && chmod 400 $MSDIR/mssql.key \ + && chmod 400 $MSDIR/mssql.pem \ + && chown -R mssql $MSDIR + +RUN echo "[network]" > $MSDIR/mssql.conf \ + && echo "tlscert = $MSDIR/mssql.pem" >> $MSDIR/mssql.conf \ + && echo "tlskey = $MSDIR/mssql.key" >> $MSDIR/mssql.conf \ + && echo "tlsprotocols = 1.2" >> $MSDIR/mssql.conf \ + && echo "forceencryption = 1" >> $MSDIR/mssql.conf + +USER mssql +` + bCtx := docker.NewBuildContext() + imageName := "mssql-workaround-895" + imageTag := "latest" + + runner, err := docker.NewServiceRunner(docker.RunOptions{ + ContainerName: "sqlserver", + ImageRepo: imageName, + ImageTag: imageTag, + Env: []string{"ACCEPT_EULA=Y", "SA_PASSWORD=" + mssqlPassword}, + Ports: []string{"1433/tcp"}, + LogConsumer: func(s string) { + logger.Info(s) + }, + }) + if err != nil { + t.Fatalf("Could not provision docker service runner: %s", err) + } + + // Sometimes we see timeouts and issues pulling the zlint code from GitHub + testhelpers.RetryUntil(t, 30*time.Second, func() error { + output, err := runner.BuildImage(context.Background(), containerfile, bCtx, + docker.BuildRemove(true), + docker.BuildForceRemove(true), + docker.BuildPullParent(true), + docker.BuildTags([]string{imageName + ":" + imageTag})) if err != nil { - logger.Error("failed creating new service runner", "error", err.Error()) - continue + return fmt.Errorf("could not build new mssql image: %w", err) } + t.Logf("Image build output: %v", string(output)) + return nil + }) + + for i := 0; i < numRetries; i++ { + var svc *docker.Service + svc, err = runner.StartService(context.Background(), connectMSSQL) if err == nil { return svc.Cleanup, svc.Config.URL().String() diff --git a/helper/testhelpers/pki/pkihelper.go b/helper/testhelpers/pki/pkihelper.go new file mode 100644 index 000000000000..e76d4e54229b --- /dev/null +++ b/helper/testhelpers/pki/pkihelper.go @@ -0,0 +1,224 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package pki + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "math/big" + mathrand2 "math/rand/v2" + "net" + "os" + "path/filepath" + "testing" + "time" +) + +// This file contains helper functions for generating CA hierarchies for testing + +type LeafWithRoot struct { + RootCa GeneratedCert + Leaf GeneratedCert + CombinedLeafCaFile string +} + +type LeafWithIntermediary struct { + RootCa GeneratedCert + IntCa GeneratedCert + Leaf GeneratedCert + CombinedCaFile string +} + +type GeneratedCert struct { + KeyFile string + CertFile string + CertPem *pem.Block + Cert *x509.Certificate + Key *ecdsa.PrivateKey +} + +// GenerateCertWithIntermediaryRoot generates a leaf certificate signed by an intermediary root CA +func GenerateCertWithIntermediaryRoot(t testing.TB) LeafWithIntermediary { + t.Helper() + tempDir := t.TempDir() + template := &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "localhost", + }, + SerialNumber: big.NewInt(mathrand2.Int64()), + DNSNames: []string{"localhost"}, + IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}, + KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, + NotBefore: time.Now().Add(-30 * time.Second), + NotAfter: time.Now().Add(60 * 24 * time.Hour), + } + + ca := GenerateRootCa(t) + caIntTemplate := &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "Intermediary CA", + }, + KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, + SerialNumber: big.NewInt(mathrand2.Int64()), + NotBefore: time.Now().Add(-30 * time.Second), + NotAfter: time.Now().Add(262980 * time.Hour), + BasicConstraintsValid: true, + IsCA: true, + } + caInt := generateCertAndSign(t, caIntTemplate, ca, tempDir, "int_") + leafCert := generateCertAndSign(t, template, caInt, tempDir, "leaf_") + + combinedCasFile := filepath.Join(tempDir, "cas.pem") + err := os.WriteFile(combinedCasFile, append(pem.EncodeToMemory(caInt.CertPem), pem.EncodeToMemory(ca.CertPem)...), 0o644) + if err != nil { + t.Fatal(err) + } + + return LeafWithIntermediary{ + RootCa: ca, + IntCa: caInt, + Leaf: leafCert, + CombinedCaFile: combinedCasFile, + } +} + +// generateCertAndSign generates a certificate and associated key signed by a CA +func generateCertAndSign(t testing.TB, template *x509.Certificate, ca GeneratedCert, tempDir string, filePrefix string) GeneratedCert { + key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + t.Fatal(err) + } + certBytes, err := x509.CreateCertificate(rand.Reader, template, ca.Cert, key.Public(), ca.Key) + if err != nil { + t.Fatal(err) + } + cert, err := x509.ParseCertificate(certBytes) + if err != nil { + t.Fatal(err) + } + certPEMBlock := &pem.Block{ + Type: "CERTIFICATE", + Bytes: certBytes, + } + certFile := filepath.Join(tempDir, filePrefix+"cert.pem") + err = os.WriteFile(certFile, pem.EncodeToMemory(certPEMBlock), 0o644) + if err != nil { + t.Fatal(err) + } + marshaledKey, err := x509.MarshalECPrivateKey(key) + if err != nil { + t.Fatal(err) + } + keyPEMBlock := &pem.Block{ + Type: "EC PRIVATE KEY", + Bytes: marshaledKey, + } + keyFile := filepath.Join(tempDir, filePrefix+"key.pem") + err = os.WriteFile(keyFile, pem.EncodeToMemory(keyPEMBlock), 0o644) + if err != nil { + t.Fatal(err) + } + return GeneratedCert{ + KeyFile: keyFile, + CertFile: certFile, + CertPem: certPEMBlock, + Cert: cert, + Key: key, + } +} + +// GenerateCertWithRoot generates a leaf certificate signed by a root CA +func GenerateCertWithRoot(t testing.TB) LeafWithRoot { + t.Helper() + tempDir := t.TempDir() + leafTemplate := &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "localhost", + }, + SerialNumber: big.NewInt(mathrand2.Int64()), + DNSNames: []string{"localhost"}, + IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}, + KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, + NotBefore: time.Now().Add(-30 * time.Second), + NotAfter: time.Now().Add(60 * 24 * time.Hour), + } + + ca := GenerateRootCa(t) + leafCert := generateCertAndSign(t, leafTemplate, ca, tempDir, "leaf_") + + combinedCaLeafFile := filepath.Join(tempDir, "leaf-ca.pem") + err := os.WriteFile(combinedCaLeafFile, append(pem.EncodeToMemory(leafCert.CertPem), pem.EncodeToMemory(ca.CertPem)...), 0o644) + if err != nil { + t.Fatal(err) + } + + return LeafWithRoot{ + RootCa: ca, + Leaf: leafCert, + CombinedLeafCaFile: combinedCaLeafFile, + } +} + +// GenerateRootCa generates a self-signed root CA certificate and key +func GenerateRootCa(t testing.TB) GeneratedCert { + t.Helper() + tempDir := t.TempDir() + + caCertTemplate := &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "Root CA", + }, + KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, + SerialNumber: big.NewInt(mathrand2.Int64()), + NotBefore: time.Now().Add(-30 * time.Second), + NotAfter: time.Now().Add(262980 * time.Hour), + BasicConstraintsValid: true, + IsCA: true, + } + caKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + t.Fatal(err) + } + caBytes, err := x509.CreateCertificate(rand.Reader, caCertTemplate, caCertTemplate, caKey.Public(), caKey) + if err != nil { + t.Fatal(err) + } + caCert, err := x509.ParseCertificate(caBytes) + if err != nil { + t.Fatal(err) + } + caCertPEMBlock := &pem.Block{ + Type: "CERTIFICATE", + Bytes: caBytes, + } + caFile := filepath.Join(tempDir, "ca_root_cert.pem") + err = os.WriteFile(caFile, pem.EncodeToMemory(caCertPEMBlock), 0o644) + if err != nil { + t.Fatal(err) + } + marshaledCAKey, err := x509.MarshalECPrivateKey(caKey) + if err != nil { + t.Fatal(err) + } + caKeyPEMBlock := &pem.Block{ + Type: "EC PRIVATE KEY", + Bytes: marshaledCAKey, + } + caKeyFile := filepath.Join(tempDir, "ca_root_key.pem") + err = os.WriteFile(caKeyFile, pem.EncodeToMemory(caKeyPEMBlock), 0o644) + if err != nil { + t.Fatal(err) + } + return GeneratedCert{ + CertPem: caCertPEMBlock, + CertFile: caFile, + KeyFile: caKeyFile, + Cert: caCert, + Key: caKey, + } +} diff --git a/helper/trace/debug_trace.go b/helper/trace/debug_trace.go new file mode 100644 index 000000000000..0dca7d7c9e7c --- /dev/null +++ b/helper/trace/debug_trace.go @@ -0,0 +1,63 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package trace + +import ( + "fmt" + "os" + "path/filepath" + "runtime/trace" + "time" +) + +func StartDebugTrace(dir string, filePrefix string) (file string, stop func() error, err error) { + dirMustExist := true + if dir == "" { + dirMustExist = false // if a dir is provided it must exist, otherwise we'll create a default one + dir = filepath.Join(os.TempDir(), "vault-traces") + } + + d, err := os.Stat(dir) + if err != nil && !os.IsNotExist(err) { + return "", nil, fmt.Errorf("failed to stat trace directory %q: %s", dir, err) + } + + if os.IsNotExist(err) && dirMustExist { + return "", nil, fmt.Errorf("trace directory %q does not exist", dir) + } + + if !os.IsNotExist(err) && !d.IsDir() { + return "", nil, fmt.Errorf("trace directory %q is not a directory", dir) + } + + if os.IsNotExist(err) { + if err := os.Mkdir(dir, 0o700); err != nil { + return "", nil, fmt.Errorf("failed to create trace directory %q: %s", dir, err) + } + } + + // would prefer a more human readable time reference in the file name but the column + // character can cause problems in filenames + fileName := fmt.Sprintf("%s-%d.trace", filePrefix, time.Now().Unix()) + traceFile, err := filepath.Abs(filepath.Join(dir, fileName)) + if err != nil { + return "", nil, fmt.Errorf("failed to get absolute path for trace file: %s", err) + } + f, err := os.Create(traceFile) + if err != nil { + return "", nil, fmt.Errorf("failed to create trace file %q: %s", traceFile, err) + } + + if err := trace.Start(f); err != nil { + f.Close() + return "", nil, fmt.Errorf("failed to start trace: %s", err) + } + + stop = func() error { + trace.Stop() + return f.Close() + } + + return f.Name(), stop, nil +} diff --git a/helper/trace/debug_trace_test.go b/helper/trace/debug_trace_test.go new file mode 100644 index 000000000000..c624f81b8b5d --- /dev/null +++ b/helper/trace/debug_trace_test.go @@ -0,0 +1,111 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package trace + +import ( + "os" + "path/filepath" + "runtime" + "testing" + + "github.com/stretchr/testify/require" +) + +// TestStartDebugTrace tests the debug trace functionality creating real +// files and traces. +func TestStartDebugTrace(t *testing.T) { + t.Run("error_on_non_existent_dir", func(t *testing.T) { + _, _, err := StartDebugTrace("non-existent-dir", "filePrefix") + require.Error(t, err) + require.Contains(t, err.Error(), "does not exist") + }) + + t.Run("error_on_non_dir", func(t *testing.T) { + f, err := os.CreateTemp("", "") + require.NoError(t, err) + require.NoError(t, f.Close()) + _, _, err = StartDebugTrace(f.Name(), "") + require.Error(t, err) + require.Contains(t, err.Error(), "is not a directory") + }) + + t.Run("error_on_failed_to_create_trace_file", func(t *testing.T) { + noWriteFolder := filepath.Join(os.TempDir(), "no-write-permissions") + // create folder without write permission + err := os.Mkdir(noWriteFolder, 0o000) + t.Cleanup(func() { + os.RemoveAll(noWriteFolder) + }) + require.NoError(t, err) + _, _, err = StartDebugTrace(noWriteFolder, "") + require.Error(t, err) + require.Contains(t, err.Error(), "failed to create trace file") + }) + + t.Run("error_trying_to_start_second_concurrent_trace", func(t *testing.T) { + dir, err := os.MkdirTemp("", "") + require.NoError(t, err) + t.Cleanup(func() { + os.RemoveAll(dir) + }) + _, stop, err := StartDebugTrace(dir, "filePrefix") + require.NoError(t, err) + _, stopNil, err := StartDebugTrace(dir, "filePrefix") + require.Error(t, err) + require.Contains(t, err.Error(), "failed to start trace") + require.NoError(t, stop()) + require.Nil(t, stopNil) + }) + + t.Run("error_when_stating_tmp_dir_with_restricted_permissions", func(t *testing.T) { + // this test relies on setting TMPDIR so skip it if we're not on a Unix system + if runtime.GOOS == "windows" { + t.Skip("skipping test on Windows") + } + + tmpMissingPermissions := filepath.Join(t.TempDir(), "missing_permissions") + err := os.Mkdir(tmpMissingPermissions, 0o000) + require.NoError(t, err) + t.Setenv("TMPDIR", tmpMissingPermissions) + _, _, err = StartDebugTrace("", "filePrefix") + require.Error(t, err) + require.Contains(t, err.Error(), "failed to stat trace directory") + }) + + t.Run("successful_trace_generates_non_empty_file", func(t *testing.T) { + dir, err := os.MkdirTemp("", "") + require.NoError(t, err) + t.Cleanup(func() { + os.RemoveAll(dir) + }) + file, stop, err := StartDebugTrace(dir, "filePrefix") + require.NoError(t, err) + require.NoError(t, stop()) + f, err := os.Stat(file) + require.NoError(t, err) + require.Greater(t, f.Size(), int64(0)) + }) + + t.Run("successful_creation_of_tmp_dir", func(t *testing.T) { + os.RemoveAll(filepath.Join(os.TempDir(), "vault-traces")) + file, stop, err := StartDebugTrace("", "filePrefix") + require.NoError(t, err) + require.NoError(t, stop()) + require.Contains(t, file, filepath.Join(os.TempDir(), "vault-traces", "filePrefix")) + f, err := os.Stat(file) + require.NoError(t, err) + require.Greater(t, f.Size(), int64(0)) + }) + + t.Run("successful_trace_with_existing_tmp_dir", func(t *testing.T) { + os.Mkdir(filepath.Join(os.TempDir(), "vault-traces"), 0o700) + file, stop, err := StartDebugTrace("", "filePrefix") + require.NoError(t, err) + require.NoError(t, stop()) + require.Contains(t, file, filepath.Join(os.TempDir(), "vault-traces", "filePrefix")) + f, err := os.Stat(file) + require.NoError(t, err) + require.Greater(t, f.Size(), int64(0)) + }) +} diff --git a/http/sys_config_state_test.go b/http/sys_config_state_test.go index 8081aaf642c9..4fb922ef7ed8 100644 --- a/http/sys_config_state_test.go +++ b/http/sys_config_state_test.go @@ -177,6 +177,8 @@ func TestSysConfigState_Sanitized(t *testing.T) { "storage": tc.expectedStorageOutput, "administrative_namespace_path": "", "imprecise_lease_role_tracking": false, + "enable_post_unseal_trace": false, + "post_unseal_trace_directory": "", } if tc.expectedHAStorageOutput != nil { diff --git a/physical/raft/config.go b/physical/raft/config.go index fbd0d5038d61..03cdc14041e2 100644 --- a/physical/raft/config.go +++ b/physical/raft/config.go @@ -11,13 +11,12 @@ import ( "strconv" "time" - bolt "github.com/hashicorp-forge/bbolt" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/go-uuid" goversion "github.com/hashicorp/go-version" autopilot "github.com/hashicorp/raft-autopilot" - etcdbolt "go.etcd.io/bbolt" + bolt "go.etcd.io/bbolt" ) type RaftBackendConfig struct { @@ -282,39 +281,3 @@ func boltOptions(path string) *bolt.Options { return o } - -func etcdboltOptions(path string) *etcdbolt.Options { - o := &etcdbolt.Options{ - Timeout: 1 * time.Second, - FreelistType: etcdbolt.FreelistMapType, - NoFreelistSync: true, - MmapFlags: getMmapFlags(path), - } - - if os.Getenv("VAULT_RAFT_FREELIST_TYPE") == "array" { - o.FreelistType = etcdbolt.FreelistArrayType - } - - if os.Getenv("VAULT_RAFT_FREELIST_SYNC") != "" { - o.NoFreelistSync = false - } - - // By default, we want to set InitialMmapSize to 100GB, but only on 64bit platforms. - // Otherwise, we set it to whatever the value of VAULT_RAFT_INITIAL_MMAP_SIZE - // is, assuming it can be parsed as an int. Bolt itself sets this to 0 by default, - // so if users are wanting to turn this off, they can also set it to 0. Setting it - // to a negative value is the same as not setting it at all. - if os.Getenv("VAULT_RAFT_INITIAL_MMAP_SIZE") == "" { - o.InitialMmapSize = initialMmapSize - } else { - imms, err := strconv.Atoi(os.Getenv("VAULT_RAFT_INITIAL_MMAP_SIZE")) - - // If there's an error here, it means they passed something that's not convertible to - // a number. Rather than fail startup, just ignore it. - if err == nil && imms > 0 { - o.InitialMmapSize = imms - } - } - - return o -} diff --git a/physical/raft/fsm.go b/physical/raft/fsm.go index cfbe8374aaff..7c6dabc8f68c 100644 --- a/physical/raft/fsm.go +++ b/physical/raft/fsm.go @@ -22,7 +22,6 @@ import ( "github.com/armon/go-metrics" "github.com/golang/protobuf/proto" - bolt "github.com/hashicorp-forge/bbolt" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" "github.com/hashicorp/go-raftchunking" @@ -32,6 +31,7 @@ import ( "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/sdk/plugin/pb" + bolt "go.etcd.io/bbolt" ) const ( diff --git a/physical/raft/raft.go b/physical/raft/raft.go index 6202b3734f81..2c45e765d71e 100644 --- a/physical/raft/raft.go +++ b/physical/raft/raft.go @@ -22,7 +22,6 @@ import ( "github.com/armon/go-metrics" "github.com/golang/protobuf/proto" - bolt "github.com/hashicorp-forge/bbolt" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-raftchunking" "github.com/hashicorp/go-secure-stdlib/parseutil" @@ -41,7 +40,7 @@ import ( "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/vault/cluster" "github.com/hashicorp/vault/version" - etcdbolt "go.etcd.io/bbolt" + bolt "go.etcd.io/bbolt" ) const ( @@ -503,7 +502,7 @@ func NewRaftBackend(conf map[string]string, logger log.Logger) (physical.Backend logStore = wal } else { // use the traditional BoltDB setup - opts := etcdboltOptions(dbPath) + opts := boltOptions(dbPath) raftOptions := raftboltdb.Options{ Path: dbPath, BoltOptions: opts, @@ -839,7 +838,7 @@ func makeLogVerifyReportFn(logger log.Logger) verifier.ReportFn { func (b *RaftBackend) CollectMetrics(sink *metricsutil.ClusterMetricSink) { var stats map[string]string - var logStoreStats *etcdbolt.Stats + var logStoreStats *bolt.Stats b.l.RLock() if boltStore, ok := b.stableStore.(*raftboltdb.BoltStore); ok { @@ -855,7 +854,7 @@ func (b *RaftBackend) CollectMetrics(sink *metricsutil.ClusterMetricSink) { b.l.RUnlock() if logStoreStats != nil { - b.collectEtcdBoltMetricsWithStats(*logStoreStats, sink, "logstore") + b.collectMetricsWithStats(*logStoreStats, sink, "logstore") } b.collectMetricsWithStats(fsmStats, sink, "fsm") @@ -899,29 +898,6 @@ func (b *RaftBackend) collectMetricsWithStats(stats bolt.Stats, sink *metricsuti sink.IncrCounterWithLabels([]string{"raft_storage", "bolt", "write", "time"}, float32(txstats.GetWriteTime().Milliseconds()), labels) } -func (b *RaftBackend) collectEtcdBoltMetricsWithStats(stats etcdbolt.Stats, sink *metricsutil.ClusterMetricSink, database string) { - txstats := stats.TxStats - labels := []metricsutil.Label{{"database", database}} - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "freelist", "free_pages"}, float32(stats.FreePageN), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "freelist", "pending_pages"}, float32(stats.PendingPageN), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "freelist", "allocated_bytes"}, float32(stats.FreeAlloc), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "freelist", "used_bytes"}, float32(stats.FreelistInuse), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "transaction", "started_read_transactions"}, float32(stats.TxN), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "transaction", "currently_open_read_transactions"}, float32(stats.OpenTxN), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "page", "count"}, float32(txstats.GetPageCount()), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "page", "bytes_allocated"}, float32(txstats.GetPageAlloc()), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "cursor", "count"}, float32(txstats.GetCursorCount()), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "node", "count"}, float32(txstats.GetNodeCount()), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "node", "dereferences"}, float32(txstats.GetNodeDeref()), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "rebalance", "count"}, float32(txstats.GetRebalance()), labels) - sink.AddSampleWithLabels([]string{"raft_storage", "bolt", "rebalance", "time"}, float32(txstats.GetRebalanceTime().Milliseconds()), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "split", "count"}, float32(txstats.GetSplit()), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "spill", "count"}, float32(txstats.GetSpill()), labels) - sink.AddSampleWithLabels([]string{"raft_storage", "bolt", "spill", "time"}, float32(txstats.GetSpillTime().Milliseconds()), labels) - sink.SetGaugeWithLabels([]string{"raft_storage", "bolt", "write", "count"}, float32(txstats.GetWrite()), labels) - sink.IncrCounterWithLabels([]string{"raft_storage", "bolt", "write", "time"}, float32(txstats.GetWriteTime().Milliseconds()), labels) -} - // RaftServer has information about a server in the Raft configuration type RaftServer struct { // NodeID is the name of the server diff --git a/physical/raft/raft_test.go b/physical/raft/raft_test.go index 112764aa1974..47e7fb9d5400 100644 --- a/physical/raft/raft_test.go +++ b/physical/raft/raft_test.go @@ -20,7 +20,6 @@ import ( "github.com/go-test/deep" "github.com/golang/protobuf/proto" - bolt "github.com/hashicorp-forge/bbolt" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/go-uuid" @@ -28,6 +27,7 @@ import ( "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/physical" "github.com/stretchr/testify/require" + bolt "go.etcd.io/bbolt" ) func testBothRaftBackends(t *testing.T, f func(t *testing.T, raftWALValue string)) { diff --git a/physical/raft/snapshot.go b/physical/raft/snapshot.go index e44769bf6d2a..5a8f881d7b35 100644 --- a/physical/raft/snapshot.go +++ b/physical/raft/snapshot.go @@ -18,11 +18,11 @@ import ( "time" "github.com/golang/protobuf/proto" - bolt "github.com/hashicorp-forge/bbolt" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/raft" "github.com/hashicorp/vault/sdk/plugin/pb" "github.com/rboyer/safeio" + bolt "go.etcd.io/bbolt" "go.uber.org/atomic" ) diff --git a/sdk/go.mod b/sdk/go.mod index 55c541e50bb2..2ec7d65644bc 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/vault/sdk -go 1.22 +go 1.23.0 require ( cloud.google.com/go/cloudsqlconn v1.4.3 diff --git a/sdk/logical/events.go b/sdk/logical/events.go index 5bd9717f7ff1..b9421b1d4513 100644 --- a/sdk/logical/events.go +++ b/sdk/logical/events.go @@ -12,10 +12,17 @@ import ( // common event metadata keys const ( - // EventMetadataDataPath is used in event metadata to show the API path that can be used to fetch any underlying - // data. For example, the KV plugin would set this to `data/mysecret`. The event system will automatically prepend - // the plugin mount to this path, if present, so it would become `secret/data/mysecret`, for example. + // EventMetadataPath is used in event metadata to show the API path the client must have the `subscribe` capability + // on in order to consume the event. It is recommended that the event path metadata field is the API path that was + // invoked in order to generate the event. + // + // For example, the KV plugin would set this to `data/mysecret`. The event system will automatically prepend the + // plugin mount to this path, if present, so it would become `secret/data/mysecret`, for example. // If this is an auth plugin event, this will additionally be prepended with `auth/`. + EventMetadataPath = "path" + // EventMetadataDataPath is used in event metadata to show the API path that can be used to fetch any underlying + // data. Similar to the `path` event metadata, the event system will automatically prepend the plugin mount to the + // `data_path`. EventMetadataDataPath = "data_path" // EventMetadataOperation is used in event metadata to express what operation was performed that generated the // event, e.g., `read` or `write`. diff --git a/sdk/logical/plugin.pb.go b/sdk/logical/plugin.pb.go index 7b8fe8ce723a..431cb9bc5711 100644 --- a/sdk/logical/plugin.pb.go +++ b/sdk/logical/plugin.pb.go @@ -12,6 +12,7 @@ package logical import ( protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + timestamppb "google.golang.org/protobuf/types/known/timestamppb" reflect "reflect" sync "sync" ) @@ -34,6 +35,8 @@ type PluginEnvironment struct { VaultVersionPrerelease string `protobuf:"bytes,2,opt,name=vault_version_prerelease,json=vaultVersionPrerelease,proto3" json:"vault_version_prerelease,omitempty"` // VaultVersionMetadata is the version metadata of the Vault server VaultVersionMetadata string `protobuf:"bytes,3,opt,name=vault_version_metadata,json=vaultVersionMetadata,proto3" json:"vault_version_metadata,omitempty"` + // VaultBuildDate is the build date of the Vault server + VaultBuildDate *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=vault_build_date,json=vaultBuildDate,proto3" json:"vault_build_date,omitempty"` } func (x *PluginEnvironment) Reset() { @@ -89,25 +92,39 @@ func (x *PluginEnvironment) GetVaultVersionMetadata() string { return "" } +func (x *PluginEnvironment) GetVaultBuildDate() *timestamppb.Timestamp { + if x != nil { + return x.VaultBuildDate + } + return nil +} + var File_sdk_logical_plugin_proto protoreflect.FileDescriptor var file_sdk_logical_plugin_proto_rawDesc = []byte{ 0x0a, 0x18, 0x73, 0x64, 0x6b, 0x2f, 0x6c, 0x6f, 0x67, 0x69, 0x63, 0x61, 0x6c, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x07, 0x6c, 0x6f, 0x67, 0x69, - 0x63, 0x61, 0x6c, 0x22, 0xa8, 0x01, 0x0a, 0x11, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x45, 0x6e, - 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x76, 0x61, 0x75, - 0x6c, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0c, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x38, - 0x0a, 0x18, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, - 0x70, 0x72, 0x65, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x16, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, - 0x65, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x76, 0x61, 0x75, 0x6c, - 0x74, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, - 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x56, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x42, 0x28, - 0x5a, 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x2f, 0x73, 0x64, 0x6b, - 0x2f, 0x6c, 0x6f, 0x67, 0x69, 0x63, 0x61, 0x6c, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x63, 0x61, 0x6c, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xee, 0x01, 0x0a, 0x11, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x45, + 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x76, 0x61, + 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0c, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, + 0x38, 0x0a, 0x18, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x5f, 0x70, 0x72, 0x65, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x16, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x50, + 0x72, 0x65, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x76, 0x61, 0x75, + 0x6c, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x76, 0x61, 0x75, 0x6c, 0x74, + 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, + 0x44, 0x0a, 0x10, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x64, + 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0e, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x75, 0x69, 0x6c, + 0x64, 0x44, 0x61, 0x74, 0x65, 0x42, 0x28, 0x5a, 0x26, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x76, 0x61, + 0x75, 0x6c, 0x74, 0x2f, 0x73, 0x64, 0x6b, 0x2f, 0x6c, 0x6f, 0x67, 0x69, 0x63, 0x61, 0x6c, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -124,14 +141,16 @@ func file_sdk_logical_plugin_proto_rawDescGZIP() []byte { var file_sdk_logical_plugin_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_sdk_logical_plugin_proto_goTypes = []any{ - (*PluginEnvironment)(nil), // 0: logical.PluginEnvironment + (*PluginEnvironment)(nil), // 0: logical.PluginEnvironment + (*timestamppb.Timestamp)(nil), // 1: google.protobuf.Timestamp } var file_sdk_logical_plugin_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name + 1, // 0: logical.PluginEnvironment.vault_build_date:type_name -> google.protobuf.Timestamp + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name } func init() { file_sdk_logical_plugin_proto_init() } diff --git a/sdk/logical/plugin.proto b/sdk/logical/plugin.proto index 5e19274ee2cb..e4365f7e256f 100644 --- a/sdk/logical/plugin.proto +++ b/sdk/logical/plugin.proto @@ -5,6 +5,8 @@ syntax = "proto3"; package logical; +import "google/protobuf/timestamp.proto"; + option go_package = "github.com/hashicorp/vault/sdk/logical"; message PluginEnvironment { @@ -16,4 +18,7 @@ message PluginEnvironment { // VaultVersionMetadata is the version metadata of the Vault server string vault_version_metadata = 3; + + // VaultBuildDate is the build date of the Vault server + google.protobuf.Timestamp vault_build_date = 4; } diff --git a/sdk/physical/inmem/inmem_ha.go b/sdk/physical/inmem/inmem_ha.go index 1db26ca7461f..f604a1542def 100644 --- a/sdk/physical/inmem/inmem_ha.go +++ b/sdk/physical/inmem/inmem_ha.go @@ -83,6 +83,13 @@ func (i *InmemHABackend) HAEnabled() bool { return true } +func (i *InmemHABackend) Underlying() *InmemBackend { + if txBackend, ok := i.Backend.(*TransactionalInmemBackend); ok { + return &txBackend.InmemBackend + } + return i.Backend.(*InmemBackend) +} + // InmemLock is an in-memory Lock implementation for the HABackend type InmemLock struct { in *InmemHABackend diff --git a/ui/app/helpers/decode-uri.js b/ui/app/helpers/decode-uri.js deleted file mode 100644 index be4f471770ab..000000000000 --- a/ui/app/helpers/decode-uri.js +++ /dev/null @@ -1,12 +0,0 @@ -/** - * Copyright (c) HashiCorp, Inc. - * SPDX-License-Identifier: BUSL-1.1 - */ - -import { helper as buildHelper } from '@ember/component/helper'; - -export function decodeUri(string) { - return decodeURI(string); -} - -export default buildHelper(decodeUri); diff --git a/ui/app/serializers/database/connection.js b/ui/app/serializers/database/connection.js index 96aaae8a0de9..62e0407dee93 100644 --- a/ui/app/serializers/database/connection.js +++ b/ui/app/serializers/database/connection.js @@ -29,6 +29,16 @@ export default RESTSerializer.extend({ ...payload.data, ...payload.data.connection_details, }; + + // connection_details are spread above into the main body of response so we can remove redundant data + delete response.connection_details; + if (response?.connection_url) { + // this url can include interpolated data, such as: "{{username}}/{{password}}@localhost:1521/OraDoc.localhost" + // these curly brackets are returned by the API encoded: "%7B%7Busername%7D%7D/%7B%7Bpassword%7D%7D@localhost:1521/OraDoc.localhost" + // we decode here so the UI displays and submits the url in the correct format + response.connection_url = decodeURI(response.connection_url); + } + if (payload.data.root_credentials_rotate_statements) { response.root_rotation_statements = payload.data.root_credentials_rotate_statements; } diff --git a/ui/app/templates/components/console/log-json.hbs b/ui/app/templates/components/console/log-json.hbs index 6a1044791aca..f1c64321bbea 100644 --- a/ui/app/templates/components/console/log-json.hbs +++ b/ui/app/templates/components/console/log-json.hbs @@ -8,7 +8,8 @@ @showToolbar={{false}} @value={{stringify this.content}} @readOnly={{true}} - @viewportMargin="Infinity" + {{! ideally we calculate the "height" of the json data, but 100 should cover most cases }} + @viewportMargin="100" @gutters={{false}} @theme="hashi auto-height" /> diff --git a/ui/app/templates/components/control-group-success.hbs b/ui/app/templates/components/control-group-success.hbs index fd79e5ec2d17..b5a913b7a2ee 100644 --- a/ui/app/templates/components/control-group-success.hbs +++ b/ui/app/templates/components/control-group-success.hbs @@ -21,7 +21,8 @@ @showToolbar={{false}} @value={{stringify this.unwrapData}} @readOnly={{true}} - @viewportMargin="Infinity" + {{! ideally we calculate the "height" of the json data, but 100 should cover most cases }} + @viewportMargin="100" @gutters={{false}} @theme="hashi-read-only auto-height" /> diff --git a/ui/app/templates/components/database-connection.hbs b/ui/app/templates/components/database-connection.hbs index c7ef46b3f126..c1bafe8f2d14 100644 --- a/ui/app/templates/components/database-connection.hbs +++ b/ui/app/templates/components/database-connection.hbs @@ -353,7 +353,7 @@ @alwaysRender={{not (is-empty-value (get @model attr.name) hasDefault=defaultDisplay)}} @defaultShown={{defaultDisplay}} @label={{capitalize (or attr.options.label (humanize (dasherize attr.name)))}} - @value={{if (eq attr.name "connection_url") (decode-uri (get @model attr.name)) (get @model attr.name)}} + @value={{get @model attr.name}} /> {{/if}} {{/let}} diff --git a/ui/lib/core/addon/components/json-editor.hbs b/ui/lib/core/addon/components/json-editor.hbs index 28b784a9e439..a7587a0cdffd 100644 --- a/ui/lib/core/addon/components/json-editor.hbs +++ b/ui/lib/core/addon/components/json-editor.hbs @@ -51,7 +51,7 @@ mode=@mode readOnly=@readOnly theme=@theme - viewportMarg=@viewportMargin + viewportMargin=@viewportMargin onSetup=this.onSetup onUpdate=this.onUpdate onFocus=this.onFocus diff --git a/ui/lib/core/addon/components/json-editor.js b/ui/lib/core/addon/components/json-editor.js index 66507a6181cd..88b36ef8ff9b 100644 --- a/ui/lib/core/addon/components/json-editor.js +++ b/ui/lib/core/addon/components/json-editor.js @@ -24,7 +24,7 @@ import { action } from '@ember/object'; * @param {Boolean} [readOnly] - Sets the view to readOnly, allowing for copying but no editing. It also hides the cursor. Defaults to false. * @param {String} [theme] - Specify or customize the look via a named "theme" class in scss. * @param {String} [value] - Value within the display. Generally, a json string. - * @param {String} [viewportMargin] - Size of viewport. Often set to "Infinity" to load/show all text regardless of length. + * @param {String} [viewportMargin] - Specifies the amount of lines rendered on the DOM (this is not the editor display height). The codemirror default is 10 which we set explicity in the code-mirror modifier per the recommendations from the codemirror docs. * @param {string} [example] - Example to show when value is null -- when example is provided a restore action will render in the toolbar to clear the current value and show the example after input * @param {string} [screenReaderLabel] - This label is read by the screen readers when CodeMirror text area is focused. This is helpful for accessibility. * @param {string} [container] - **REQUIRED if rendering within a modal** Selector string or element object of containing element, set the focused element as the container value. This is for the Hds::Copy::Button and to set `autoRefresh=true` so content renders https://hds-website-hashicorp.vercel.app/components/copy/button?tab=code diff --git a/ui/lib/core/addon/modifiers/code-mirror.js b/ui/lib/core/addon/modifiers/code-mirror.js index b9b46900dcc8..8b6c73f66783 100644 --- a/ui/lib/core/addon/modifiers/code-mirror.js +++ b/ui/lib/core/addon/modifiers/code-mirror.js @@ -76,7 +76,7 @@ export default class CodeMirrorModifier extends Modifier { readOnly: namedArgs.readOnly || false, theme: namedArgs.theme || 'hashi', value: namedArgs.content || '', - viewportMargin: namedArgs.viewportMargin || '', + viewportMargin: namedArgs.viewportMargin || 10, autoRefresh: namedArgs.autoRefresh, }); diff --git a/ui/lib/kv/addon/components/kv-data-fields.hbs b/ui/lib/kv/addon/components/kv-data-fields.hbs index e6af5effb985..1b75d56762bc 100644 --- a/ui/lib/kv/addon/components/kv-data-fields.hbs +++ b/ui/lib/kv/addon/components/kv-data-fields.hbs @@ -13,12 +13,27 @@
{{#if @showJson}} - + {{#if (eq @type "details")}} + + + Version data + + + {{else}} + + {{/if}} {{#if (or @modelValidations.secretData.errors this.lintingErrors)}} Reveal subkeys in JSON {{#if this.showSubkeys}} - + {{/if}} \ No newline at end of file diff --git a/ui/lib/kv/addon/components/kv-paths-card.hbs b/ui/lib/kv/addon/components/kv-paths-card.hbs index d7976d92f27c..8e1edceb5a4e 100644 --- a/ui/lib/kv/addon/components/kv-paths-card.hbs +++ b/ui/lib/kv/addon/components/kv-paths-card.hbs @@ -53,7 +53,7 @@ for other CLI commands.

{ + return { + request_id: 'f869f23e-15c0-389b-82ac-84035a2b6079', + lease_id: '', + renewable: false, + lease_duration: 0, + data: { + allowed_roles: ['*'], + connection_details: { + backend: 'database', + connection_url: '%7B%7Busername%7D%7D/%7B%7Bpassword%7D%7D@//localhost:1521/ORCLPDB1', + max_connection_lifetime: '0s', + max_idle_connections: 0, + max_open_connections: 3, + username: 'VAULTADMIN', + }, + password_policy: '', + plugin_name: 'vault-plugin-database-oracle', + plugin_version: '', + root_credentials_rotate_statements: [], + verify_connection: true, + }, + wrap_info: null, + warnings: null, + auth: null, + mount_type: 'database', + }; + }); + + await visit(`/vault/secrets/${this.backend}/show/${connectionName}`); + const decoded = '{{username}}/{{password}}@//localhost:1521/ORCLPDB1'; + assert + .dom('[data-test-row-value="Connection URL"]') + .hasText(decoded, 'connection_url is decoded in display'); + + await connectionPage.edit(); + assert + .dom('[data-test-input="connection_url"]') + .hasValue(decoded, 'connection_url is decoded when editing'); }); test('Can create and delete a connection', async function (assert) { @@ -504,17 +553,17 @@ module('Acceptance | secrets/database/*', function (hooks) { await visit('/vault/secrets'); }); - test('connection_url must be decoded', async function (assert) { + test('connection_url is decoded', async function (assert) { const backend = this.backend; const connection = await newConnection( backend, 'mongodb-database-plugin', - '{{username}}/{{password}}@oracle-xe:1521/XEPDB1' + '{{username}}/{{password}}@mongo:1521/XEPDB1' ); await navToConnection(backend, connection); assert .dom('[data-test-row-value="Connection URL"]') - .hasText('{{username}}/{{password}}@oracle-xe:1521/XEPDB1'); + .hasText('{{username}}/{{password}}@mongo:1521/XEPDB1'); }); test('Role create form', async function (assert) { diff --git a/ui/tests/acceptance/secrets/backend/kv/kv-v2-workflow-edge-cases-test.js b/ui/tests/acceptance/secrets/backend/kv/kv-v2-workflow-edge-cases-test.js index 200b76d48092..9ed16d8f00d7 100644 --- a/ui/tests/acceptance/secrets/backend/kv/kv-v2-workflow-edge-cases-test.js +++ b/ui/tests/acceptance/secrets/backend/kv/kv-v2-workflow-edge-cases-test.js @@ -299,22 +299,34 @@ module('Acceptance | kv-v2 workflow | edge cases', function (hooks) { codemirror().getValue(), `{ \"\": \"\" -}` +}`, + 'JSON editor displays correct empty object' ); codemirror().setValue('{ "foo3": { "name": "bar3" } }'); await click(FORM.saveBtn); // Details view await click(PAGE.secretTab('Secret')); - assert.dom(FORM.toggleJson).isNotDisabled(); - assert.dom(FORM.toggleJson).isChecked(); - assert.false(codemirror().getValue().includes('*'), 'Values are not obscured on details view'); + assert.dom(FORM.toggleJson).isNotDisabled('JSON toggle is not disabled'); + assert.dom(FORM.toggleJson).isChecked("JSON toggle is checked 'on'"); + + assert + .dom(GENERAL.codeBlock('secret-data')) + .hasText('Version data { "foo3": { "name": "bar3" } }', 'Values are displayed in the details view'); // New version view await click(PAGE.detail.createNewVersion); assert.dom(FORM.toggleJson).isNotDisabled(); assert.dom(FORM.toggleJson).isChecked(); - assert.false(codemirror().getValue().includes('*'), 'Values are not obscured on edit view'); + assert.deepEqual( + codemirror().getValue(), + `{ + "foo3": { + "name": "bar3" + } +}`, + 'Values are displayed in the new version view' + ); }); test('on enter the JSON editor cursor goes to the next line', async function (assert) { @@ -359,12 +371,16 @@ module('Acceptance | kv-v2 workflow | edge cases', function (hooks) { await click(PAGE.secretTab('Secret')); await click(PAGE.detail.versionDropdown); await click(`${PAGE.detail.version(1)} a`); - assert.strictEqual(codemirror().getValue(), expectedDataV1, 'Version one data is displayed'); + assert + .dom(GENERAL.codeBlock('secret-data')) + .hasText(`Version data ${expectedDataV1}`, 'Version one data is displayed'); // Navigate back the second version and make sure the secret data is correct await click(PAGE.detail.versionDropdown); await click(`${PAGE.detail.version(2)} a`); - assert.strictEqual(codemirror().getValue(), expectedDataV2, 'Version two data is displayed'); + assert + .dom(GENERAL.codeBlock('secret-data')) + .hasText(`Version data ${expectedDataV2}`, 'Version two data is displayed'); }); test('does not register as advanced when value includes {', async function (assert) { diff --git a/ui/tests/helpers/general-selectors.ts b/ui/tests/helpers/general-selectors.ts index deff4ef53fc3..c9159350d3d4 100644 --- a/ui/tests/helpers/general-selectors.ts +++ b/ui/tests/helpers/general-selectors.ts @@ -94,6 +94,8 @@ export const GENERAL = { navLink: (label: string) => `[data-test-sidebar-nav-link="${label}"]`, cancelButton: '[data-test-cancel]', saveButton: '[data-test-save]', + backButton: '[data-test-back-button]', + codeBlock: (label: string) => `[data-test-code-block="${label}"]`, codemirror: `[data-test-component="code-mirror-modifier"]`, codemirrorTextarea: `[data-test-component="code-mirror-modifier"] textarea`, }; diff --git a/ui/tests/helpers/kv/kv-selectors.js b/ui/tests/helpers/kv/kv-selectors.js index 3c0b4af42c46..67b766fdf9f9 100644 --- a/ui/tests/helpers/kv/kv-selectors.js +++ b/ui/tests/helpers/kv/kv-selectors.js @@ -90,8 +90,8 @@ export const PAGE = { }, paths: { copyButton: (label) => `${PAGE.infoRowValue(label)} button`, - codeSnippet: (section) => `[data-test-commands="${section}"] code`, - snippetCopy: (section) => `[data-test-commands="${section}"] button`, + codeSnippet: (section) => `[data-test-code-block="${section}"] code`, + snippetCopy: (section) => `[data-test-code-block="${section}"] button`, }, }; diff --git a/ui/tests/helpers/secret-engine/secret-engine-helpers.js b/ui/tests/helpers/secret-engine/secret-engine-helpers.js index 2a9c88601c4d..e970bd0afa23 100644 --- a/ui/tests/helpers/secret-engine/secret-engine-helpers.js +++ b/ui/tests/helpers/secret-engine/secret-engine-helpers.js @@ -206,3 +206,49 @@ export const fillInAwsConfig = async (situation = 'withAccess') => { await fillIn(GENERAL.ttl.input('Identity token TTL'), '7200'); } }; + +// Example usage +// createLongJson (2, 3) will create a json object with 2 original keys, each with 3 nested keys +// { +// "key-0": { +// "nested-key-0": { +// "nested-key-1": { +// "nested-key-2": "nested-value" +// } +// } +// }, +// "key-1": { +// "nested-key-0": { +// "nested-key-1": { +// "nested-key-2": "nested-value" +// } +// } +// } +// } + +export function createLongJson(lines = 10, nestLevel = 3) { + const keys = Array.from({ length: nestLevel }, (_, i) => `nested-key-${i}`); + const jsonObject = {}; + + for (let i = 0; i < lines; i++) { + nestLevel > 0 + ? (jsonObject[`key-${i}`] = createNestedObject({}, keys, 'nested-value')) + : (jsonObject[`key-${i}`] = 'non-nested-value'); + } + return jsonObject; +} + +function createNestedObject(obj = {}, keys, value) { + let current = obj; + + for (let i = 0; i < keys.length - 1; i++) { + const key = keys[i]; + if (!current[key]) { + current[key] = {}; + } + current = current[key]; + } + + current[keys[keys.length - 1]] = value; + return obj; +} diff --git a/ui/tests/integration/components/json-editor-test.js b/ui/tests/integration/components/json-editor-test.js index 100b7d8ef9b8..56f4a674f8d9 100644 --- a/ui/tests/integration/components/json-editor-test.js +++ b/ui/tests/integration/components/json-editor-test.js @@ -11,6 +11,7 @@ import hbs from 'htmlbars-inline-precompile'; import jsonEditor from '../../pages/components/json-editor'; import sinon from 'sinon'; import { setRunOptions } from 'ember-a11y-testing/test-support'; +import { createLongJson } from 'vault/tests/helpers/secret-engine/secret-engine-helpers'; const component = create(jsonEditor); @@ -29,6 +30,7 @@ module('Integration | Component | json-editor', function (hooks) { this.set('onFocusOut', sinon.spy()); this.set('json_blob', JSON_BLOB); this.set('bad_json_blob', BAD_JSON_BLOB); + this.set('long_json', JSON.stringify(createLongJson(), null, `\t`)); this.set('hashi-read-only-theme', 'hashi-read-only auto-height'); setRunOptions({ rules: { @@ -36,6 +38,8 @@ module('Integration | Component | json-editor', function (hooks) { label: { enabled: false }, // TODO: investigate and fix Codemirror styling 'color-contrast': { enabled: false }, + // failing on .CodeMirror-scroll + 'scrollable-region-focusable': { enabled: false }, }, }); }); @@ -129,4 +133,31 @@ module('Integration | Component | json-editor', function (hooks) { 'even after hitting enter the value is still set correctly' ); }); + + test('no viewportMargin renders only default 10 lines of data on the DOM', async function (assert) { + await render(hbs` + + `); + assert + .dom('.CodeMirror-code') + .doesNotIncludeText('key-9', 'Without viewportMargin, user cannot search for key-9'); + }); + + test('when viewportMargin is set user is able to search a long secret', async function (assert) { + await render(hbs` + + `); + assert + .dom('.CodeMirror-code') + .containsText('key-9', 'With viewportMargin set, user can search for key-9'); + }); }); diff --git a/ui/tests/integration/components/kv/kv-data-fields-test.js b/ui/tests/integration/components/kv/kv-data-fields-test.js index e9e18d99f368..ac3d5ed8b606 100644 --- a/ui/tests/integration/components/kv/kv-data-fields-test.js +++ b/ui/tests/integration/components/kv/kv-data-fields-test.js @@ -11,6 +11,9 @@ import { hbs } from 'ember-cli-htmlbars'; import { fillIn, render, click } from '@ember/test-helpers'; import codemirror from 'vault/tests/helpers/codemirror'; import { PAGE, FORM } from 'vault/tests/helpers/kv/kv-selectors'; +import { GENERAL } from 'vault/tests/helpers/general-selectors'; +import { setRunOptions } from 'ember-a11y-testing/test-support'; +import { createLongJson } from 'vault/tests/helpers/secret-engine/secret-engine-helpers'; module('Integration | Component | kv-v2 | KvDataFields', function (hooks) { setupRenderingTest(hooks); @@ -22,6 +25,12 @@ module('Integration | Component | kv-v2 | KvDataFields', function (hooks) { this.backend = 'my-kv-engine'; this.path = 'my-secret'; this.secret = this.store.createRecord('kv/data', { backend: this.backend }); + setRunOptions({ + rules: { + // failing on .CodeMirror-scroll + 'scrollable-region-focusable': { enabled: false }, + }, + }); }); test('it updates the secret model', async function (assert) { @@ -88,7 +97,7 @@ module('Integration | Component | kv-v2 | KvDataFields', function (hooks) { assert.dom(PAGE.infoRowValue('foo')).hasText('bar', 'secret value shows after toggle'); }); - test('it shows readonly json editor when viewing secret details of complex secret', async function (assert) { + test('it shows hds codeblock when viewing secret details of complex secret', async function (assert) { this.secret.secretData = { foo: { bar: 'baz', @@ -100,7 +109,24 @@ module('Integration | Component | kv-v2 | KvDataFields', function (hooks) { owner: this.engine, }); assert.dom(PAGE.infoRowValue('foo')).doesNotExist('does not render rows of secret data'); - assert.dom('[data-test-component="code-mirror-modifier"]').hasClass('readonly-codemirror'); - assert.dom('[data-test-component="code-mirror-modifier"]').includesText(`{ "foo": { "bar": "baz" }}`); + assert.dom(GENERAL.codeBlock('secret-data')).exists('hds codeBlock exists'); + assert + .dom(GENERAL.codeBlock('secret-data')) + .hasText(`Version data { "foo": { "bar": "baz" } } `, 'Json data is displayed'); + }); + + test('it defaults to a viewportMargin 10 when there is no secret data', async function (assert) { + await render(hbs``, { owner: this.engine }); + assert.strictEqual(codemirror().options.viewportMargin, 10, 'viewportMargin defaults to 10'); + }); + + test('it calculates viewportMargin based on secret size', async function (assert) { + this.secret.secretData = createLongJson(100); + await render(hbs``, { owner: this.engine }); + assert.strictEqual( + codemirror().options.viewportMargin, + 100, + 'viewportMargin is set to 100 matching the height of the json' + ); }); }); diff --git a/ui/tests/integration/components/kv/kv-patch/editor/form-test.js b/ui/tests/integration/components/kv/kv-patch/editor/form-test.js index 4096feb945be..3cc72291067a 100644 --- a/ui/tests/integration/components/kv/kv-patch/editor/form-test.js +++ b/ui/tests/integration/components/kv/kv-patch/editor/form-test.js @@ -96,14 +96,14 @@ module('Integration | Component | kv | kv-patch/editor/form', function (hooks) { await this.renderComponent(); assert.dom(GENERAL.toggleInput('Reveal subkeys')).isNotChecked('toggle is initially unchecked'); - assert.dom('[data-test-subkeys]').doesNotExist(); + assert.dom(GENERAL.codeBlock('subkeys')).doesNotExist(); await click(GENERAL.toggleInput('Reveal subkeys')); assert.dom(GENERAL.toggleInput('Reveal subkeys')).isChecked(); - assert.dom('[data-test-subkeys]').hasText(JSON.stringify(this.subkeys, null, 2)); + assert.dom(GENERAL.codeBlock('subkeys')).hasText(JSON.stringify(this.subkeys, null, 2)); await click(GENERAL.toggleInput('Reveal subkeys')); assert.dom(GENERAL.toggleInput('Reveal subkeys')).isNotChecked(); - assert.dom('[data-test-subkeys]').doesNotExist('unchecking re-hides subkeys'); + assert.dom(GENERAL.codeBlock('subkeys')).doesNotExist('unchecking re-hides subkeys'); }); test('it enables and disables inputs', async function (assert) { diff --git a/ui/tests/integration/components/kv/kv-patch/json-form-test.js b/ui/tests/integration/components/kv/kv-patch/json-form-test.js index 166ea8d2fa7a..37703e2bd985 100644 --- a/ui/tests/integration/components/kv/kv-patch/json-form-test.js +++ b/ui/tests/integration/components/kv/kv-patch/json-form-test.js @@ -59,14 +59,14 @@ module('Integration | Component | kv | kv-patch/editor/json-form', function (hoo await this.renderComponent(); assert.dom(GENERAL.toggleInput('Reveal subkeys')).isNotChecked('toggle is initially unchecked'); - assert.dom('[data-test-subkeys]').doesNotExist(); + assert.dom(GENERAL.codeBlock('subkeys')).doesNotExist(); await click(GENERAL.toggleInput('Reveal subkeys')); assert.dom(GENERAL.toggleInput('Reveal subkeys')).isChecked(); - assert.dom('[data-test-subkeys]').hasText(JSON.stringify(this.subkeys, null, 2)); + assert.dom(GENERAL.codeBlock('subkeys')).hasText(JSON.stringify(this.subkeys, null, 2)); await click(GENERAL.toggleInput('Reveal subkeys')); assert.dom(GENERAL.toggleInput('Reveal subkeys')).isNotChecked(); - assert.dom('[data-test-subkeys]').doesNotExist('unchecking re-hides subkeys'); + assert.dom(GENERAL.codeBlock('subkeys')).doesNotExist('unchecking re-hides subkeys'); }); test('it renders linting errors', async function (assert) { diff --git a/ui/tests/integration/components/kv/page/kv-page-secret-details-test.js b/ui/tests/integration/components/kv/page/kv-page-secret-details-test.js index 430ff3765f08..298d1fd330a3 100644 --- a/ui/tests/integration/components/kv/page/kv-page-secret-details-test.js +++ b/ui/tests/integration/components/kv/page/kv-page-secret-details-test.js @@ -7,13 +7,14 @@ import { module, test } from 'qunit'; import { setupRenderingTest } from 'ember-qunit'; import { setupEngine } from 'ember-engines/test-support'; import { setupMirage } from 'ember-cli-mirage/test-support'; -import { click, find, render } from '@ember/test-helpers'; +import { click, render } from '@ember/test-helpers'; import { hbs } from 'ember-cli-htmlbars'; import { kvDataPath } from 'vault/utils/kv-path'; -import { FORM, PAGE, parseJsonEditor } from 'vault/tests/helpers/kv/kv-selectors'; +import { FORM, PAGE } from 'vault/tests/helpers/kv/kv-selectors'; import { syncStatusResponse } from 'vault/mirage/handlers/sync'; import { encodePath } from 'vault/utils/path-encoding-helpers'; import { baseSetup } from 'vault/tests/helpers/kv/kv-run-commands'; +import { GENERAL } from 'vault/tests/helpers/general-selectors'; module('Integration | Component | kv-v2 | Page::Secret::Details', function (hooks) { setupRenderingTest(hooks); @@ -126,19 +127,24 @@ module('Integration | Component | kv-v2 | Page::Secret::Details', function (hook await click(FORM.toggleMasked); assert.dom(PAGE.infoRowValue('foo')).hasText('bar', 'renders secret value'); await click(FORM.toggleJson); - assert.propEqual(parseJsonEditor(find), this.secretData, 'json editor renders secret data'); + assert.dom(GENERAL.codeBlock('secret-data')).hasText( + `Version data { + "foo": "bar" +}`, + 'json editor renders secret data' + ); assert .dom(PAGE.detail.versionTimestamp) .includesText(`Version ${this.version} created`, 'renders version and time created'); }); - test('it renders json view when secret is complex', async function (assert) { + test('it renders hds codeblock view when secret is complex', async function (assert) { assert.expect(4); await this.renderComponent(this.modelComplex); assert.dom(PAGE.infoRowValue('foo')).doesNotExist('does not render rows of secret data'); assert.dom(FORM.toggleJson).isChecked(); assert.dom(FORM.toggleJson).isNotDisabled(); - assert.dom('[data-test-component="code-mirror-modifier"]').exists('shows json editor'); + assert.dom(GENERAL.codeBlock('secret-data')).exists('hds codeBlock exists'); }); test('it renders deleted empty state', async function (assert) { diff --git a/ui/tests/unit/serializers/database/connection-test.js b/ui/tests/unit/serializers/database/connection-test.js index 13b73871aa90..90445ea1e016 100644 --- a/ui/tests/unit/serializers/database/connection-test.js +++ b/ui/tests/unit/serializers/database/connection-test.js @@ -79,12 +79,6 @@ module('Unit | Serializer | database/connection', function (hooks) { const expectedResult = { allowed_roles: ['readonly'], backend: 'database', - connection_details: { - backend: 'database', - insecure: false, - url: 'https://localhost:9200', - username: 'root', - }, id: 'elastic-test', insecure: false, name: 'elastic-test', @@ -98,4 +92,111 @@ module('Unit | Serializer | database/connection', function (hooks) { }; assert.deepEqual(normalized, expectedResult, `Normalizes and flattens database response`); }); + + test('it should normalize values for the database type (oracle)', function (assert) { + const serializer = this.owner.lookup('serializer:database/connection'); + const normalized = serializer.normalizeSecrets({ + request_id: 'request-id', + lease_id: '', + renewable: false, + lease_duration: 0, + data: { + allowed_roles: ['*'], + connection_details: { + backend: 'database', + connection_url: '%7B%7Busername%7D%7D/%7B%7Bpassword%7D%7D@//localhost:1521/ORCLPDB1', + max_connection_lifetime: '0s', + max_idle_connections: 0, + max_open_connections: 3, + username: 'VAULTADMIN', + }, + password_policy: '', + plugin_name: 'vault-plugin-database-oracle', + plugin_version: '', + root_credentials_rotate_statements: [], + verify_connection: true, + }, + wrap_info: null, + warnings: null, + auth: null, + mount_type: 'database', + backend: 'database', + id: 'oracle-test', + }); + const expectedResult = { + allowed_roles: ['*'], + backend: 'database', + connection_url: '{{username}}/{{password}}@//localhost:1521/ORCLPDB1', + id: 'oracle-test', + max_connection_lifetime: '0s', + max_idle_connections: 0, + max_open_connections: 3, + name: 'oracle-test', + password_policy: '', + plugin_name: 'vault-plugin-database-oracle', + plugin_version: '', + root_credentials_rotate_statements: [], + root_rotation_statements: [], + username: 'VAULTADMIN', + verify_connection: true, + }; + assert.deepEqual(normalized, expectedResult, `Normalizes and flattens database response`); + }); + + test('it should normalize values if some params do not exist', function (assert) { + const serializer = this.owner.lookup('serializer:database/connection'); + const normalized = serializer.normalizeSecrets({ + request_id: 'request-id', + lease_id: '', + renewable: false, + lease_duration: 0, + data: { + allowed_roles: ['*'], + connection_details: { backend: 'database' }, // no connection_url param intentionally + plugin_name: 'vault-postgres-db', + }, + wrap_info: null, + warnings: null, + auth: null, + mount_type: 'database', + backend: 'database', + id: 'db-test', + }); + const expectedResult = { + allowed_roles: ['*'], + backend: 'database', + id: 'db-test', + name: 'db-test', + plugin_name: 'vault-postgres-db', + }; + assert.deepEqual(normalized, expectedResult, `Normalizes and flattens database response`); + }); + + test('it should fail gracefully if no connection_details', function (assert) { + const serializer = this.owner.lookup('serializer:database/connection'); + const normalized = serializer.normalizeSecrets({ + request_id: 'request-id', + lease_id: '', + renewable: false, + lease_duration: 0, + data: { + allowed_roles: ['*'], + plugin_name: 'vault-postgres-db', + }, + wrap_info: null, + warnings: null, + auth: null, + mount_type: 'database', + backend: 'database', + id: 'db-test', + }); + const expectedResult = { + allowed_roles: ['*'], + backend: 'database', + id: 'db-test', + name: 'db-test', + plugin_name: 'vault-postgres-db', + }; + assert.deepEqual(normalized, expectedResult, `Normalizes and flattens database response`); + }); }); diff --git a/ui/yarn.lock b/ui/yarn.lock index bcf86973735e..251cd6c8f545 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -16,12 +16,12 @@ __metadata: linkType: hard "@babel/cli@npm:^7.24.6": - version: 7.24.8 - resolution: "@babel/cli@npm:7.24.8" + version: 7.25.9 + resolution: "@babel/cli@npm:7.25.9" dependencies: "@jridgewell/trace-mapping": ^0.3.25 "@nicolo-ribaudo/chokidar-2": 2.1.8-no-fsevents.3 - chokidar: ^3.4.0 + chokidar: ^3.6.0 commander: ^6.2.0 convert-source-map: ^2.0.0 fs-readdir-recursive: ^1.1.0 @@ -38,53 +38,54 @@ __metadata: bin: babel: ./bin/babel.js babel-external-helpers: ./bin/babel-external-helpers.js - checksum: 8a1fb83d0c2959b6a83cccab55ac1b0ffd408e1959369609071dadb38c1dc99a501d58751b6e4f0c43b751e595e9868856433b01832a19f592f004dd854a8c1f + checksum: e52fb39df804cf272785ec138c47c0a3cda6bd7099520123e987683fd72c0b8d3665512b01b01d38d351e3263e17be3fc6e8dcf01e417b8f052370375b6419d4 languageName: node linkType: hard -"@babel/code-frame@npm:^7.0.0, @babel/code-frame@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/code-frame@npm:7.24.7" +"@babel/code-frame@npm:^7.0.0, @babel/code-frame@npm:^7.25.9, @babel/code-frame@npm:^7.26.0": + version: 7.26.2 + resolution: "@babel/code-frame@npm:7.26.2" dependencies: - "@babel/highlight": ^7.24.7 + "@babel/helper-validator-identifier": ^7.25.9 + js-tokens: ^4.0.0 picocolors: ^1.0.0 - checksum: 830e62cd38775fdf84d612544251ce773d544a8e63df667728cc9e0126eeef14c6ebda79be0f0bc307e8318316b7f58c27ce86702e0a1f5c321d842eb38ffda4 + checksum: db13f5c42d54b76c1480916485e6900748bbcb0014a8aca87f50a091f70ff4e0d0a6db63cade75eb41fcc3d2b6ba0a7f89e343def4f96f00269b41b8ab8dd7b8 languageName: node linkType: hard -"@babel/compat-data@npm:^7.20.5, @babel/compat-data@npm:^7.22.6, @babel/compat-data@npm:^7.24.8": - version: 7.24.9 - resolution: "@babel/compat-data@npm:7.24.9" - checksum: 3590be0f7028bca0565a83f66752c0f0283b818e9e1bb7fc12912822768e379a6ff84c59d77dc64ba62c140b8500a3828d95c0ce013cd62d254a179bae38709b +"@babel/compat-data@npm:^7.20.5, @babel/compat-data@npm:^7.22.6, @babel/compat-data@npm:^7.25.9, @babel/compat-data@npm:^7.26.0": + version: 7.26.2 + resolution: "@babel/compat-data@npm:7.26.2" + checksum: d52fae9b0dc59b409d6005ae6b172e89329f46d68136130065ebe923a156fc633e0f1c8600b3e319b9e0f99fd948f64991a5419e2e9431d00d9d235d5f7a7618 languageName: node linkType: hard -"@babel/core@npm:^7.0.0, @babel/core@npm:^7.12.0, @babel/core@npm:^7.13.10, @babel/core@npm:^7.16.10, @babel/core@npm:^7.16.7, @babel/core@npm:^7.21.4, @babel/core@npm:^7.22.20, @babel/core@npm:^7.23.2, @babel/core@npm:^7.23.6, @babel/core@npm:^7.24.5, @babel/core@npm:^7.3.4": - version: 7.24.9 - resolution: "@babel/core@npm:7.24.9" +"@babel/core@npm:^7.0.0, @babel/core@npm:^7.12.0, @babel/core@npm:^7.13.10, @babel/core@npm:^7.16.10, @babel/core@npm:^7.16.7, @babel/core@npm:^7.21.4, @babel/core@npm:^7.22.20, @babel/core@npm:^7.23.2, @babel/core@npm:^7.23.6, @babel/core@npm:^7.26.0, @babel/core@npm:^7.3.4": + version: 7.26.0 + resolution: "@babel/core@npm:7.26.0" dependencies: "@ampproject/remapping": ^2.2.0 - "@babel/code-frame": ^7.24.7 - "@babel/generator": ^7.24.9 - "@babel/helper-compilation-targets": ^7.24.8 - "@babel/helper-module-transforms": ^7.24.9 - "@babel/helpers": ^7.24.8 - "@babel/parser": ^7.24.8 - "@babel/template": ^7.24.7 - "@babel/traverse": ^7.24.8 - "@babel/types": ^7.24.9 + "@babel/code-frame": ^7.26.0 + "@babel/generator": ^7.26.0 + "@babel/helper-compilation-targets": ^7.25.9 + "@babel/helper-module-transforms": ^7.26.0 + "@babel/helpers": ^7.26.0 + "@babel/parser": ^7.26.0 + "@babel/template": ^7.25.9 + "@babel/traverse": ^7.25.9 + "@babel/types": ^7.26.0 convert-source-map: ^2.0.0 debug: ^4.1.0 gensync: ^1.0.0-beta.2 json5: ^2.2.3 semver: ^6.3.1 - checksum: eae273bee154d6a059e742a2bb7a58b03438a1f70d7909887a28258b29556dc99bcd5cbd41f13cd4755a20b0baf5e82731acb1d3690e02b7a9300fb6d1950e2c + checksum: b296084cfd818bed8079526af93b5dfa0ba70282532d2132caf71d4060ab190ba26d3184832a45accd82c3c54016985a4109ab9118674347a7e5e9bc464894e6 languageName: node linkType: hard "@babel/eslint-parser@npm:^7.22.15": - version: 7.24.8 - resolution: "@babel/eslint-parser@npm:7.24.8" + version: 7.25.9 + resolution: "@babel/eslint-parser@npm:7.25.9" dependencies: "@nicolo-ribaudo/eslint-scope-5-internals": 5.1.1-v1 eslint-visitor-keys: ^2.1.0 @@ -92,89 +93,88 @@ __metadata: peerDependencies: "@babel/core": ^7.11.0 eslint: ^7.5.0 || ^8.0.0 || ^9.0.0 - checksum: 4ca8845b6b068185af1c5b28217a005f370887cf8489983263bc7aebcc2290774a37ad9b971b78fbc3eca6a3d812306153f892b37525c3fc6be43e79c446d39e + checksum: dd2afa122b62a5b07c1e71d1c23b2cd4d655d96609eb2ba1b1ae3ec6f415f4365b77d6669ff859aa7b75952fb63a1d29c5db6e5811fc4012841491cb2dee36e4 languageName: node linkType: hard -"@babel/generator@npm:^7.24.8, @babel/generator@npm:^7.24.9": - version: 7.24.10 - resolution: "@babel/generator@npm:7.24.10" +"@babel/generator@npm:^7.25.9, @babel/generator@npm:^7.26.0": + version: 7.26.2 + resolution: "@babel/generator@npm:7.26.2" dependencies: - "@babel/types": ^7.24.9 + "@babel/parser": ^7.26.2 + "@babel/types": ^7.26.0 "@jridgewell/gen-mapping": ^0.3.5 "@jridgewell/trace-mapping": ^0.3.25 - jsesc: ^2.5.1 - checksum: eb13806e9eb76932ea5205502a85ea650a991c7a6f757fbe859176f6d9b34b3da5a2c1f52a2c24fdbe0045a90438fe6889077e338cdd6c727619dee925af1ba6 + jsesc: ^3.0.2 + checksum: 6ff850b7d6082619f8c2f518d993cf7254cfbaa20b026282cbef5c9b2197686d076a432b18e36c4d1a42721c016df4f77a8f62c67600775d9683621d534b91b4 languageName: node linkType: hard -"@babel/helper-annotate-as-pure@npm:^7.18.6, @babel/helper-annotate-as-pure@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-annotate-as-pure@npm:7.24.7" +"@babel/helper-annotate-as-pure@npm:^7.18.6, @babel/helper-annotate-as-pure@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-annotate-as-pure@npm:7.25.9" dependencies: - "@babel/types": ^7.24.7 - checksum: 6178566099a6a0657db7a7fa601a54fb4731ca0b8614fbdccfd8e523c210c13963649bc8fdfd53ce7dd14d05e3dda2fb22dea5b30113c488b9eb1a906d60212e + "@babel/types": ^7.25.9 + checksum: 41edda10df1ae106a9b4fe617bf7c6df77db992992afd46192534f5cff29f9e49a303231733782dd65c5f9409714a529f215325569f14282046e9d3b7a1ffb6c languageName: node linkType: hard -"@babel/helper-builder-binary-assignment-operator-visitor@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-builder-binary-assignment-operator-visitor@npm:7.24.7" +"@babel/helper-builder-binary-assignment-operator-visitor@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-builder-binary-assignment-operator-visitor@npm:7.25.9" dependencies: - "@babel/traverse": ^7.24.7 - "@babel/types": ^7.24.7 - checksum: 71a6158a9fdebffb82fdc400d5555ba8f2e370cea81a0d578155877bdc4db7d5252b75c43b2fdf3f72b3f68348891f99bd35ae315542daad1b7ace8322b1abcb + "@babel/traverse": ^7.25.9 + "@babel/types": ^7.25.9 + checksum: e1bb465b3b0155702d82cfef09e3813e87a6d777cdd2c513796861eac14953340491eafea1d4109278bf4ceb48b54074c45758f042c0544d00c498090bee5a6f languageName: node linkType: hard -"@babel/helper-compilation-targets@npm:^7.12.0, @babel/helper-compilation-targets@npm:^7.20.7, @babel/helper-compilation-targets@npm:^7.22.6, @babel/helper-compilation-targets@npm:^7.24.7, @babel/helper-compilation-targets@npm:^7.24.8": - version: 7.24.8 - resolution: "@babel/helper-compilation-targets@npm:7.24.8" +"@babel/helper-compilation-targets@npm:^7.12.0, @babel/helper-compilation-targets@npm:^7.20.7, @babel/helper-compilation-targets@npm:^7.22.6, @babel/helper-compilation-targets@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-compilation-targets@npm:7.25.9" dependencies: - "@babel/compat-data": ^7.24.8 - "@babel/helper-validator-option": ^7.24.8 - browserslist: ^4.23.1 + "@babel/compat-data": ^7.25.9 + "@babel/helper-validator-option": ^7.25.9 + browserslist: ^4.24.0 lru-cache: ^5.1.1 semver: ^6.3.1 - checksum: 40c9e87212fffccca387504b259a629615d7df10fc9080c113da6c51095d3e8b622a1409d9ed09faf2191628449ea28d582179c5148e2e993a3140234076b8da + checksum: 3af536e2db358b38f968abdf7d512d425d1018fef2f485d6f131a57a7bcaed32c606b4e148bb230e1508fa42b5b2ac281855a68eb78270f54698c48a83201b9b languageName: node linkType: hard -"@babel/helper-create-class-features-plugin@npm:^7.18.6, @babel/helper-create-class-features-plugin@npm:^7.21.0, @babel/helper-create-class-features-plugin@npm:^7.24.7, @babel/helper-create-class-features-plugin@npm:^7.24.8, @babel/helper-create-class-features-plugin@npm:^7.5.5": - version: 7.24.8 - resolution: "@babel/helper-create-class-features-plugin@npm:7.24.8" +"@babel/helper-create-class-features-plugin@npm:^7.18.6, @babel/helper-create-class-features-plugin@npm:^7.21.0, @babel/helper-create-class-features-plugin@npm:^7.25.9, @babel/helper-create-class-features-plugin@npm:^7.5.5": + version: 7.25.9 + resolution: "@babel/helper-create-class-features-plugin@npm:7.25.9" dependencies: - "@babel/helper-annotate-as-pure": ^7.24.7 - "@babel/helper-environment-visitor": ^7.24.7 - "@babel/helper-function-name": ^7.24.7 - "@babel/helper-member-expression-to-functions": ^7.24.8 - "@babel/helper-optimise-call-expression": ^7.24.7 - "@babel/helper-replace-supers": ^7.24.7 - "@babel/helper-skip-transparent-expression-wrappers": ^7.24.7 - "@babel/helper-split-export-declaration": ^7.24.7 + "@babel/helper-annotate-as-pure": ^7.25.9 + "@babel/helper-member-expression-to-functions": ^7.25.9 + "@babel/helper-optimise-call-expression": ^7.25.9 + "@babel/helper-replace-supers": ^7.25.9 + "@babel/helper-skip-transparent-expression-wrappers": ^7.25.9 + "@babel/traverse": ^7.25.9 semver: ^6.3.1 peerDependencies: "@babel/core": ^7.0.0 - checksum: b4707e2c4a2cb504d7656168d887bf653db6fbe8ece4502e28e5798f2ec624dc606f2d6bc4820d31b4dc1b80f7d83d98db83516dda321a76c075e5f531abed0b + checksum: 91dd5f203ed04568c70b052e2f26dfaac7c146447196c00b8ecbb6d3d2f3b517abadb985d3321a19d143adaed6fe17f7f79f8f50e0c20e9d8ad83e1027b42424 languageName: node linkType: hard -"@babel/helper-create-regexp-features-plugin@npm:^7.18.6, @babel/helper-create-regexp-features-plugin@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-create-regexp-features-plugin@npm:7.24.7" +"@babel/helper-create-regexp-features-plugin@npm:^7.18.6, @babel/helper-create-regexp-features-plugin@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-create-regexp-features-plugin@npm:7.25.9" dependencies: - "@babel/helper-annotate-as-pure": ^7.24.7 - regexpu-core: ^5.3.1 + "@babel/helper-annotate-as-pure": ^7.25.9 + regexpu-core: ^6.1.1 semver: ^6.3.1 peerDependencies: "@babel/core": ^7.0.0 - checksum: 17c59fa222af50f643946eca940ce1d474ff2da1f4afed2312687ab9d708ebbb8c9372754ddbdf44b6e21ead88b8fc144644f3a7b63ccb886de002458cef3974 + checksum: 563ed361ceed3d7a9d64dd58616bf6f0befcc23620ab22d31dd6d8b751d3f99d6d210487b1a5a1e209ab4594df67bacfab7445cbfa092bfe2b719cd42ae1ba6f languageName: node linkType: hard -"@babel/helper-define-polyfill-provider@npm:^0.6.1, @babel/helper-define-polyfill-provider@npm:^0.6.2": - version: 0.6.2 - resolution: "@babel/helper-define-polyfill-provider@npm:0.6.2" +"@babel/helper-define-polyfill-provider@npm:^0.6.2, @babel/helper-define-polyfill-provider@npm:^0.6.3": + version: 0.6.3 + resolution: "@babel/helper-define-polyfill-provider@npm:0.6.3" dependencies: "@babel/helper-compilation-targets": ^7.22.6 "@babel/helper-plugin-utils": ^7.22.5 @@ -183,253 +183,214 @@ __metadata: resolve: ^1.14.2 peerDependencies: "@babel/core": ^7.4.0 || ^8.0.0-0 <8.0.0 - checksum: 2bba965ea9a4887ddf9c11d51d740ab473bd7597b787d042c325f6a45912dfe908c2d6bb1d837bf82f7e9fa51e6ad5150563c58131d2bb85515e63d971414a9c - languageName: node - linkType: hard - -"@babel/helper-environment-visitor@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-environment-visitor@npm:7.24.7" - dependencies: - "@babel/types": ^7.24.7 - checksum: 079d86e65701b29ebc10baf6ed548d17c19b808a07aa6885cc141b690a78581b180ee92b580d755361dc3b16adf975b2d2058b8ce6c86675fcaf43cf22f2f7c6 - languageName: node - linkType: hard - -"@babel/helper-function-name@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-function-name@npm:7.24.7" - dependencies: - "@babel/template": ^7.24.7 - "@babel/types": ^7.24.7 - checksum: 142ee08922074dfdc0ff358e09ef9f07adf3671ab6eef4fca74dcf7a551f1a43717e7efa358c9e28d7eea84c28d7f177b7a58c70452fc312ae3b1893c5dab2a4 - languageName: node - linkType: hard - -"@babel/helper-hoist-variables@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-hoist-variables@npm:7.24.7" - dependencies: - "@babel/types": ^7.24.7 - checksum: 6cfdcf2289cd12185dcdbdf2435fa8d3447b797ac75851166de9fc8503e2fd0021db6baf8dfbecad3753e582c08e6a3f805c8d00cbed756060a877d705bd8d8d + checksum: 710e6d8a5391736b9f53f09d0494575c2e03de199ad8d1349bc8e514cb85251ea1f1842c2ff44830849d482052ddb42ae931101002a87a263b12f649c2e57c01 languageName: node linkType: hard -"@babel/helper-member-expression-to-functions@npm:^7.24.7, @babel/helper-member-expression-to-functions@npm:^7.24.8": - version: 7.24.8 - resolution: "@babel/helper-member-expression-to-functions@npm:7.24.8" +"@babel/helper-member-expression-to-functions@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-member-expression-to-functions@npm:7.25.9" dependencies: - "@babel/traverse": ^7.24.8 - "@babel/types": ^7.24.8 - checksum: bf923d05d81b06857f4ca4fe9c528c9c447a58db5ea39595bb559eae2fce01a8266173db0fd6a2ec129d7bbbb9bb22f4e90008252f7c66b422c76630a878a4bc + "@babel/traverse": ^7.25.9 + "@babel/types": ^7.25.9 + checksum: 8e2f1979b6d596ac2a8cbf17f2cf709180fefc274ac3331408b48203fe19134ed87800774ef18838d0275c3965130bae22980d90caed756b7493631d4b2cf961 languageName: node linkType: hard -"@babel/helper-module-imports@npm:^7.16.7, @babel/helper-module-imports@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-module-imports@npm:7.24.7" +"@babel/helper-module-imports@npm:^7.16.7, @babel/helper-module-imports@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-module-imports@npm:7.25.9" dependencies: - "@babel/traverse": ^7.24.7 - "@babel/types": ^7.24.7 - checksum: 8ac15d96d262b8940bc469052a048e06430bba1296369be695fabdf6799f201dd0b00151762b56012a218464e706bc033f27c07f6cec20c6f8f5fd6543c67054 + "@babel/traverse": ^7.25.9 + "@babel/types": ^7.25.9 + checksum: 1b411ce4ca825422ef7065dffae7d8acef52023e51ad096351e3e2c05837e9bf9fca2af9ca7f28dc26d596a588863d0fedd40711a88e350b736c619a80e704e6 languageName: node linkType: hard -"@babel/helper-module-transforms@npm:^7.24.7, @babel/helper-module-transforms@npm:^7.24.8, @babel/helper-module-transforms@npm:^7.24.9": - version: 7.24.9 - resolution: "@babel/helper-module-transforms@npm:7.24.9" +"@babel/helper-module-transforms@npm:^7.25.9, @babel/helper-module-transforms@npm:^7.26.0": + version: 7.26.0 + resolution: "@babel/helper-module-transforms@npm:7.26.0" dependencies: - "@babel/helper-environment-visitor": ^7.24.7 - "@babel/helper-module-imports": ^7.24.7 - "@babel/helper-simple-access": ^7.24.7 - "@babel/helper-split-export-declaration": ^7.24.7 - "@babel/helper-validator-identifier": ^7.24.7 + "@babel/helper-module-imports": ^7.25.9 + "@babel/helper-validator-identifier": ^7.25.9 + "@babel/traverse": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0 - checksum: ffcf11b678a8d3e6a243285cb5262c37f4d47d507653420c1f7f0bd27076e88177f2b7158850d1a470fcfe923426a2e6571c554c455a90c9755ff488ac36ac40 + checksum: 942eee3adf2b387443c247a2c190c17c4fd45ba92a23087abab4c804f40541790d51ad5277e4b5b1ed8d5ba5b62de73857446b7742f835c18ebd350384e63917 languageName: node linkType: hard -"@babel/helper-optimise-call-expression@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-optimise-call-expression@npm:7.24.7" +"@babel/helper-optimise-call-expression@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-optimise-call-expression@npm:7.25.9" dependencies: - "@babel/types": ^7.24.7 - checksum: 280654eaf90e92bf383d7eed49019573fb35a98c9e992668f701ad099957246721044be2068cf6840cb2299e0ad393705a1981c88c23a1048096a8d59e5f79a3 + "@babel/types": ^7.25.9 + checksum: f09d0ad60c0715b9a60c31841b3246b47d67650c512ce85bbe24a3124f1a4d66377df793af393273bc6e1015b0a9c799626c48e53747581c1582b99167cc65dc languageName: node linkType: hard -"@babel/helper-plugin-utils@npm:^7.0.0, @babel/helper-plugin-utils@npm:^7.10.4, @babel/helper-plugin-utils@npm:^7.12.13, @babel/helper-plugin-utils@npm:^7.14.5, @babel/helper-plugin-utils@npm:^7.18.6, @babel/helper-plugin-utils@npm:^7.20.2, @babel/helper-plugin-utils@npm:^7.22.5, @babel/helper-plugin-utils@npm:^7.24.7, @babel/helper-plugin-utils@npm:^7.24.8, @babel/helper-plugin-utils@npm:^7.8.0, @babel/helper-plugin-utils@npm:^7.8.3": - version: 7.24.8 - resolution: "@babel/helper-plugin-utils@npm:7.24.8" - checksum: 73b1a83ba8bcee21dc94de2eb7323207391715e4369fd55844bb15cf13e3df6f3d13a40786d990e6370bf0f571d94fc31f70dec96c1d1002058258c35ca3767a +"@babel/helper-plugin-utils@npm:^7.0.0, @babel/helper-plugin-utils@npm:^7.12.13, @babel/helper-plugin-utils@npm:^7.14.5, @babel/helper-plugin-utils@npm:^7.18.6, @babel/helper-plugin-utils@npm:^7.20.2, @babel/helper-plugin-utils@npm:^7.22.5, @babel/helper-plugin-utils@npm:^7.25.9, @babel/helper-plugin-utils@npm:^7.8.0": + version: 7.25.9 + resolution: "@babel/helper-plugin-utils@npm:7.25.9" + checksum: e19ec8acf0b696756e6d84531f532c5fe508dce57aa68c75572a77798bd04587a844a9a6c8ea7d62d673e21fdc174d091c9097fb29aea1c1b49f9c6eaa80f022 languageName: node linkType: hard -"@babel/helper-remap-async-to-generator@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-remap-async-to-generator@npm:7.24.7" +"@babel/helper-remap-async-to-generator@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-remap-async-to-generator@npm:7.25.9" dependencies: - "@babel/helper-annotate-as-pure": ^7.24.7 - "@babel/helper-environment-visitor": ^7.24.7 - "@babel/helper-wrap-function": ^7.24.7 + "@babel/helper-annotate-as-pure": ^7.25.9 + "@babel/helper-wrap-function": ^7.25.9 + "@babel/traverse": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0 - checksum: bab7be178f875350f22a2cb9248f67fe3a8a8128db77a25607096ca7599fd972bc7049fb11ed9e95b45a3f1dd1fac3846a3279f9cbac16f337ecb0e6ca76e1fc + checksum: ea37ad9f8f7bcc27c109963b8ebb9d22bac7a5db2a51de199cb560e251d5593fe721e46aab2ca7d3e7a24b0aa4aff0eaf9c7307af9c2fd3a1d84268579073052 languageName: node linkType: hard -"@babel/helper-replace-supers@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-replace-supers@npm:7.24.7" +"@babel/helper-replace-supers@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-replace-supers@npm:7.25.9" dependencies: - "@babel/helper-environment-visitor": ^7.24.7 - "@babel/helper-member-expression-to-functions": ^7.24.7 - "@babel/helper-optimise-call-expression": ^7.24.7 + "@babel/helper-member-expression-to-functions": ^7.25.9 + "@babel/helper-optimise-call-expression": ^7.25.9 + "@babel/traverse": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0 - checksum: 2bf0d113355c60d86a04e930812d36f5691f26c82d4ec1739e5ec0a4c982c9113dad3167f7c74f888a96328bd5e696372232406d8200e5979e6e0dc2af5e7c76 - languageName: node - linkType: hard - -"@babel/helper-simple-access@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-simple-access@npm:7.24.7" - dependencies: - "@babel/traverse": ^7.24.7 - "@babel/types": ^7.24.7 - checksum: ddbf55f9dea1900213f2a1a8500fabfd21c5a20f44dcfa957e4b0d8638c730f88751c77f678644f754f1a1dc73f4eb8b766c300deb45a9daad000e4247957819 + checksum: 84f40e12520b7023e52d289bf9d569a06284879fe23bbbacad86bec5d978b2669769f11b073fcfeb1567d8c547168323005fda88607a4681ecaeb4a5cdd48bb9 languageName: node linkType: hard -"@babel/helper-skip-transparent-expression-wrappers@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-skip-transparent-expression-wrappers@npm:7.24.7" +"@babel/helper-simple-access@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-simple-access@npm:7.25.9" dependencies: - "@babel/traverse": ^7.24.7 - "@babel/types": ^7.24.7 - checksum: 11b28fe534ce2b1a67c4d8e51a7b5711a2a0a0cae802f74614eee54cca58c744d9a62f6f60103c41759e81c537d270bfd665bf368a6bea214c6052f2094f8407 + "@babel/traverse": ^7.25.9 + "@babel/types": ^7.25.9 + checksum: 6d96c94b88e8288d15e5352c1221486bd4f62de8c7dc7c7b9f5b107ce2c79f67fec5ed71a0476e146f1fefbbbf1d69abe35dc821d80ce01fc7f472286c342421 languageName: node linkType: hard -"@babel/helper-split-export-declaration@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-split-export-declaration@npm:7.24.7" +"@babel/helper-skip-transparent-expression-wrappers@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-skip-transparent-expression-wrappers@npm:7.25.9" dependencies: - "@babel/types": ^7.24.7 - checksum: e3ddc91273e5da67c6953f4aa34154d005a00791dc7afa6f41894e768748540f6ebcac5d16e72541aea0c89bee4b89b4da6a3d65972a0ea8bfd2352eda5b7e22 + "@babel/traverse": ^7.25.9 + "@babel/types": ^7.25.9 + checksum: fdbb5248932198bc26daa6abf0d2ac42cab9c2dbb75b7e9f40d425c8f28f09620b886d40e7f9e4e08ffc7aaa2cefe6fc2c44be7c20e81f7526634702fb615bdc languageName: node linkType: hard -"@babel/helper-string-parser@npm:^7.24.8": - version: 7.24.8 - resolution: "@babel/helper-string-parser@npm:7.24.8" - checksum: 39b03c5119216883878655b149148dc4d2e284791e969b19467a9411fccaa33f7a713add98f4db5ed519535f70ad273cdadfd2eb54d47ebbdeac5083351328ce +"@babel/helper-string-parser@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-string-parser@npm:7.25.9" + checksum: 6435ee0849e101681c1849868278b5aee82686ba2c1e27280e5e8aca6233af6810d39f8e4e693d2f2a44a3728a6ccfd66f72d71826a94105b86b731697cdfa99 languageName: node linkType: hard -"@babel/helper-validator-identifier@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-validator-identifier@npm:7.24.7" - checksum: 6799ab117cefc0ecd35cd0b40ead320c621a298ecac88686a14cffceaac89d80cdb3c178f969861bf5fa5e4f766648f9161ea0752ecfe080d8e89e3147270257 +"@babel/helper-validator-identifier@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-validator-identifier@npm:7.25.9" + checksum: 5b85918cb1a92a7f3f508ea02699e8d2422fe17ea8e82acd445006c0ef7520fbf48e3dbcdaf7b0a1d571fc3a2715a29719e5226636cb6042e15fe6ed2a590944 languageName: node linkType: hard -"@babel/helper-validator-option@npm:^7.24.7, @babel/helper-validator-option@npm:^7.24.8": - version: 7.24.8 - resolution: "@babel/helper-validator-option@npm:7.24.8" - checksum: a52442dfa74be6719c0608fee3225bd0493c4057459f3014681ea1a4643cd38b68ff477fe867c4b356da7330d085f247f0724d300582fa4ab9a02efaf34d107c +"@babel/helper-validator-option@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-validator-option@npm:7.25.9" + checksum: 9491b2755948ebbdd68f87da907283698e663b5af2d2b1b02a2765761974b1120d5d8d49e9175b167f16f72748ffceec8c9cf62acfbee73f4904507b246e2b3d languageName: node linkType: hard -"@babel/helper-wrap-function@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/helper-wrap-function@npm:7.24.7" +"@babel/helper-wrap-function@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/helper-wrap-function@npm:7.25.9" dependencies: - "@babel/helper-function-name": ^7.24.7 - "@babel/template": ^7.24.7 - "@babel/traverse": ^7.24.7 - "@babel/types": ^7.24.7 - checksum: 085bf130ed08670336e3976f5841ae44e3e10001131632e22ef234659341978d2fd37e65785f59b6cb1745481347fc3bce84b33a685cacb0a297afbe1d2b03af + "@babel/template": ^7.25.9 + "@babel/traverse": ^7.25.9 + "@babel/types": ^7.25.9 + checksum: 8ec1701e60ae004415800c4a7a188f5564c73b4e4f3fdf58dd3f34a3feaa9753173f39bbd6d02e7ecc974f48155efc7940e62584435b3092c07728ee46a604ea languageName: node linkType: hard -"@babel/helpers@npm:^7.24.8": - version: 7.24.8 - resolution: "@babel/helpers@npm:7.24.8" +"@babel/helpers@npm:^7.26.0": + version: 7.26.0 + resolution: "@babel/helpers@npm:7.26.0" dependencies: - "@babel/template": ^7.24.7 - "@babel/types": ^7.24.8 - checksum: 2d7301b1b9c91e518c4766bae171230e243d98461c15eabbd44f8f9c83c297fad5c4a64ad80cfec9ca8e90412fc2b41ee86d7eb35dc8a7611c268bcf1317fe46 + "@babel/template": ^7.25.9 + "@babel/types": ^7.26.0 + checksum: d77fe8d45033d6007eadfa440355c1355eed57902d5a302f450827ad3d530343430a21210584d32eef2f216ae463d4591184c6fc60cf205bbf3a884561469200 languageName: node linkType: hard -"@babel/highlight@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/highlight@npm:7.24.7" +"@babel/parser@npm:^7.20.15, @babel/parser@npm:^7.25.9, @babel/parser@npm:^7.26.0, @babel/parser@npm:^7.26.2, @babel/parser@npm:^7.4.5": + version: 7.26.2 + resolution: "@babel/parser@npm:7.26.2" dependencies: - "@babel/helper-validator-identifier": ^7.24.7 - chalk: ^2.4.2 - js-tokens: ^4.0.0 - picocolors: ^1.0.0 - checksum: 5cd3a89f143671c4ac129960024ba678b669e6fc673ce078030f5175002d1d3d52bc10b22c5b916a6faf644b5028e9a4bd2bb264d053d9b05b6a98690f1d46f1 + "@babel/types": ^7.26.0 + bin: + parser: ./bin/babel-parser.js + checksum: c88b5ea0adf357ef909cdc2c31e284a154943edc59f63f6e8a4c20bf773a1b2f3d8c2205e59c09ca7cdad91e7466300114548876529277a80651b6436a48d5d9 languageName: node linkType: hard -"@babel/parser@npm:^7.20.15, @babel/parser@npm:^7.24.7, @babel/parser@npm:^7.24.8, @babel/parser@npm:^7.4.5": - version: 7.24.8 - resolution: "@babel/parser@npm:7.24.8" - bin: - parser: ./bin/babel-parser.js - checksum: 76f866333bfbd53800ac027419ae523bb0137fc63daa968232eb780e4390136bb6e497cb4a2cf6051a2c318aa335c2e6d2adc17079d60691ae7bde89b28c5688 +"@babel/plugin-bugfix-firefox-class-in-computed-class-key@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-bugfix-firefox-class-in-computed-class-key@npm:7.25.9" + dependencies: + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/traverse": ^7.25.9 + peerDependencies: + "@babel/core": ^7.0.0 + checksum: b33d37dacf98a9c74f53959999adc37a258057668b62dba557e6865689433c53764673109eaba9102bf73b2ac4db162f0d9b89a6cca6f1b71d12f5908ec11da9 languageName: node linkType: hard -"@babel/plugin-bugfix-firefox-class-in-computed-class-key@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-bugfix-firefox-class-in-computed-class-key@npm:7.24.7" +"@babel/plugin-bugfix-safari-class-field-initializer-scope@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-bugfix-safari-class-field-initializer-scope@npm:7.25.9" dependencies: - "@babel/helper-environment-visitor": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0 - checksum: 68d315642b53af143aa17a71eb976cf431b51339aee584e29514a462b81c998636dd54219c2713b5f13e1df89eaf130dfab59683f9116825608708c81696b96c + checksum: d3e14ab1cb9cb50246d20cab9539f2fbd1e7ef1ded73980c8ad7c0561b4d5e0b144d362225f0976d47898e04cbd40f2000e208b0913bd788346cf7791b96af91 languageName: node linkType: hard -"@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@npm:7.24.7" +"@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0 - checksum: 7eb4e7ce5e3d6db4b0fdbdfaaa301c2e58f38a7ee39d5a4259a1fda61a612e83d3e4bc90fc36fb0345baf57e1e1a071e0caffeb80218623ad163f2fdc2e53a54 + checksum: a9d1ee3fd100d3eb6799a2f2bbd785296f356c531d75c9369f71541811fa324270258a374db103ce159156d006da2f33370330558d0133e6f7584152c34997ca languageName: node linkType: hard -"@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@npm:7.24.7" +"@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/helper-skip-transparent-expression-wrappers": ^7.24.7 - "@babel/plugin-transform-optional-chaining": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-skip-transparent-expression-wrappers": ^7.25.9 + "@babel/plugin-transform-optional-chaining": ^7.25.9 peerDependencies: "@babel/core": ^7.13.0 - checksum: 07b92878ac58a98ea1fdf6a8b4ec3413ba4fa66924e28b694d63ec5b84463123fbf4d7153b56cf3cedfef4a3482c082fe3243c04f8fb2c041b32b0e29b4a9e21 + checksum: 5b298b28e156f64de51cdb03a2c5b80c7f978815ef1026f3ae8b9fc48d28bf0a83817d8fbecb61ef8fb94a7201f62cca5103cc6e7b9e8f28e38f766d7905b378 languageName: node linkType: hard -"@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@npm:7.24.7" +"@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@npm:7.25.9" dependencies: - "@babel/helper-environment-visitor": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/traverse": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0 - checksum: 8324d458db57060590942c7c2e9603880d07718ccb6450ec935105b8bd3c4393c4b8ada88e178c232258d91f33ffdcf2b1043d54e07a86989e50667ee100a32e + checksum: c684593952ab1b40dfa4e64e98a07e7227c6db175c21bd0e6d71d2ad5d240fef4e4a984d56f05a494876542a022244fe1c1098f4116109fd90d06615e8a269b1 languageName: node linkType: hard @@ -446,15 +407,15 @@ __metadata: linkType: hard "@babel/plugin-proposal-decorators@npm:^7.13.5, @babel/plugin-proposal-decorators@npm:^7.16.7, @babel/plugin-proposal-decorators@npm:^7.20.13, @babel/plugin-proposal-decorators@npm:^7.23.2": - version: 7.24.7 - resolution: "@babel/plugin-proposal-decorators@npm:7.24.7" + version: 7.25.9 + resolution: "@babel/plugin-proposal-decorators@npm:7.25.9" dependencies: - "@babel/helper-create-class-features-plugin": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-decorators": ^7.24.7 + "@babel/helper-create-class-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/plugin-syntax-decorators": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 75aa5ff5537d5ff77f0e52eb161a2f67c7d2bfd8f2000be710dedb1dd238b43ce53d2f734f84bda95b3f013b69de126403f84167f4eddb1d35e8f26257ee07c8 + checksum: ff598127818ac8e704009f1a9a207766ada5f84f6ca74e9de662cb6ce32bcb846c28fd52d6c5df9c55b4eac9a2a3492aa71fbd5cef0569a14b6f12003df22af2 languageName: node linkType: hard @@ -508,157 +469,47 @@ __metadata: languageName: node linkType: hard -"@babel/plugin-syntax-async-generators@npm:^7.8.4": - version: 7.8.4 - resolution: "@babel/plugin-syntax-async-generators@npm:7.8.4" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 7ed1c1d9b9e5b64ef028ea5e755c0be2d4e5e4e3d6cf7df757b9a8c4cfa4193d268176d0f1f7fbecdda6fe722885c7fda681f480f3741d8a2d26854736f05367 - languageName: node - linkType: hard - -"@babel/plugin-syntax-class-properties@npm:^7.12.13": - version: 7.12.13 - resolution: "@babel/plugin-syntax-class-properties@npm:7.12.13" +"@babel/plugin-syntax-decorators@npm:^7.16.7, @babel/plugin-syntax-decorators@npm:^7.23.3, @babel/plugin-syntax-decorators@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-syntax-decorators@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.12.13 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 24f34b196d6342f28d4bad303612d7ff566ab0a013ce89e775d98d6f832969462e7235f3e7eaf17678a533d4be0ba45d3ae34ab4e5a9dcbda5d98d49e5efa2fc - languageName: node - linkType: hard - -"@babel/plugin-syntax-class-static-block@npm:^7.14.5": - version: 7.14.5 - resolution: "@babel/plugin-syntax-class-static-block@npm:7.14.5" - dependencies: - "@babel/helper-plugin-utils": ^7.14.5 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 3e80814b5b6d4fe17826093918680a351c2d34398a914ce6e55d8083d72a9bdde4fbaf6a2dcea0e23a03de26dc2917ae3efd603d27099e2b98380345703bf948 + checksum: aaf58b17e6aa08f41f93897daa93c601a486233a0375b4231799fc5c4e7c98480aaad3c1c44cf391a62e428c5f6546f76488a1023a4036bb87cd61fa79f1173b languageName: node linkType: hard -"@babel/plugin-syntax-decorators@npm:^7.16.7, @babel/plugin-syntax-decorators@npm:^7.23.3, @babel/plugin-syntax-decorators@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-syntax-decorators@npm:7.24.7" +"@babel/plugin-syntax-import-assertions@npm:^7.26.0": + version: 7.26.0 + resolution: "@babel/plugin-syntax-import-assertions@npm:7.26.0" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: dc303bcc1f5df61638f1eddc69dd55e65574bd43d8a4a098d3589f5a742e93a4ca3a173967b34eb95e4eaa994799b4c72bfed8688036e43c634be7f24db01ac5 + checksum: b58f2306df4a690ca90b763d832ec05202c50af787158ff8b50cdf3354359710bce2e1eb2b5135fcabf284756ac8eadf09ca74764aa7e76d12a5cac5f6b21e67 languageName: node linkType: hard -"@babel/plugin-syntax-dynamic-import@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-dynamic-import@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: ce307af83cf433d4ec42932329fad25fa73138ab39c7436882ea28742e1c0066626d224e0ad2988724c82644e41601cef607b36194f695cb78a1fcdc959637bd - languageName: node - linkType: hard - -"@babel/plugin-syntax-export-namespace-from@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-export-namespace-from@npm:7.8.3" +"@babel/plugin-syntax-import-attributes@npm:^7.26.0": + version: 7.26.0 + resolution: "@babel/plugin-syntax-import-attributes@npm:7.26.0" dependencies: - "@babel/helper-plugin-utils": ^7.8.3 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 85740478be5b0de185228e7814451d74ab8ce0a26fcca7613955262a26e99e8e15e9da58f60c754b84515d4c679b590dbd3f2148f0f58025f4ae706f1c5a5d4a + checksum: c122aa577166c80ee67f75aebebeef4150a132c4d3109d25d7fc058bf802946f883e330f20b78c1d3e3a5ada631c8780c263d2d01b5dbaecc69efefeedd42916 languageName: node linkType: hard -"@babel/plugin-syntax-import-assertions@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-syntax-import-assertions@npm:7.24.7" +"@babel/plugin-syntax-jsx@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-syntax-jsx@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: c4d67be4eb1d4637e361477dbe01f5b392b037d17c1f861cfa0faa120030e137aab90a9237931b8040fd31d1e5d159e11866fa1165f78beef7a3be876a391a17 - languageName: node - linkType: hard - -"@babel/plugin-syntax-import-attributes@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-syntax-import-attributes@npm:7.24.7" - dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 590dbb5d1a15264f74670b427b8d18527672c3d6c91d7bae7e65f80fd810edbc83d90e68065088644cbad3f2457ed265a54a9956fb789fcb9a5b521822b3a275 - languageName: node - linkType: hard - -"@babel/plugin-syntax-import-meta@npm:^7.10.4": - version: 7.10.4 - resolution: "@babel/plugin-syntax-import-meta@npm:7.10.4" - dependencies: - "@babel/helper-plugin-utils": ^7.10.4 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 166ac1125d10b9c0c430e4156249a13858c0366d38844883d75d27389621ebe651115cb2ceb6dc011534d5055719fa1727b59f39e1ab3ca97820eef3dcab5b9b - languageName: node - linkType: hard - -"@babel/plugin-syntax-json-strings@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-json-strings@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: bf5aea1f3188c9a507e16efe030efb996853ca3cadd6512c51db7233cc58f3ac89ff8c6bdfb01d30843b161cfe7d321e1bf28da82f7ab8d7e6bc5464666f354a - languageName: node - linkType: hard - -"@babel/plugin-syntax-jsx@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-syntax-jsx@npm:7.24.7" - dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 7a5ca629d8ca1e1ee78705a78e58c12920d07ed8006d7e7232b31296a384ff5e41d7b649bde5561196041037bbb9f9715be1d1c20975df87ca204f34ad15b965 - languageName: node - linkType: hard - -"@babel/plugin-syntax-logical-assignment-operators@npm:^7.10.4": - version: 7.10.4 - resolution: "@babel/plugin-syntax-logical-assignment-operators@npm:7.10.4" - dependencies: - "@babel/helper-plugin-utils": ^7.10.4 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: aff33577037e34e515911255cdbb1fd39efee33658aa00b8a5fd3a4b903585112d037cce1cc9e4632f0487dc554486106b79ccd5ea63a2e00df4363f6d4ff886 - languageName: node - linkType: hard - -"@babel/plugin-syntax-nullish-coalescing-operator@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-nullish-coalescing-operator@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 87aca4918916020d1fedba54c0e232de408df2644a425d153be368313fdde40d96088feed6c4e5ab72aac89be5d07fef2ddf329a15109c5eb65df006bf2580d1 - languageName: node - linkType: hard - -"@babel/plugin-syntax-numeric-separator@npm:^7.10.4": - version: 7.10.4 - resolution: "@babel/plugin-syntax-numeric-separator@npm:7.10.4" - dependencies: - "@babel/helper-plugin-utils": ^7.10.4 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 01ec5547bd0497f76cc903ff4d6b02abc8c05f301c88d2622b6d834e33a5651aa7c7a3d80d8d57656a4588f7276eba357f6b7e006482f5b564b7a6488de493a1 + checksum: bb609d1ffb50b58f0c1bac8810d0e46a4f6c922aa171c458f3a19d66ee545d36e782d3bffbbc1fed0dc65a558bdce1caf5279316583c0fff5a2c1658982a8563 languageName: node linkType: hard @@ -673,28 +524,6 @@ __metadata: languageName: node linkType: hard -"@babel/plugin-syntax-optional-catch-binding@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-optional-catch-binding@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: 910d90e72bc90ea1ce698e89c1027fed8845212d5ab588e35ef91f13b93143845f94e2539d831dc8d8ededc14ec02f04f7bd6a8179edd43a326c784e7ed7f0b9 - languageName: node - linkType: hard - -"@babel/plugin-syntax-optional-chaining@npm:^7.8.3": - version: 7.8.3 - resolution: "@babel/plugin-syntax-optional-chaining@npm:7.8.3" - dependencies: - "@babel/helper-plugin-utils": ^7.8.0 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: eef94d53a1453361553c1f98b68d17782861a04a392840341bc91780838dd4e695209c783631cf0de14c635758beafb6a3a65399846ffa4386bff90639347f30 - languageName: node - linkType: hard - "@babel/plugin-syntax-private-property-in-object@npm:^7.14.5": version: 7.14.5 resolution: "@babel/plugin-syntax-private-property-in-object@npm:7.14.5" @@ -706,25 +535,14 @@ __metadata: languageName: node linkType: hard -"@babel/plugin-syntax-top-level-await@npm:^7.14.5": - version: 7.14.5 - resolution: "@babel/plugin-syntax-top-level-await@npm:7.14.5" - dependencies: - "@babel/helper-plugin-utils": ^7.14.5 - peerDependencies: - "@babel/core": ^7.0.0-0 - checksum: bbd1a56b095be7820029b209677b194db9b1d26691fe999856462e66b25b281f031f3dfd91b1619e9dcf95bebe336211833b854d0fb8780d618e35667c2d0d7e - languageName: node - linkType: hard - -"@babel/plugin-syntax-typescript@npm:^7.2.0, @babel/plugin-syntax-typescript@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-syntax-typescript@npm:7.24.7" +"@babel/plugin-syntax-typescript@npm:^7.2.0, @babel/plugin-syntax-typescript@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-syntax-typescript@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 56fe84f3044ecbf038977281648db6b63bd1301f2fff6595820dc10ee276c1d1586919d48d52a8d497ecae32c958be38f42c1c8d174dc58aad856c516dc5b35a + checksum: 0e9821e8ba7d660c36c919654e4144a70546942ae184e85b8102f2322451eae102cbfadbcadd52ce077a2b44b400ee52394c616feab7b5b9f791b910e933fd33 languageName: node linkType: hard @@ -740,565 +558,576 @@ __metadata: languageName: node linkType: hard -"@babel/plugin-transform-arrow-functions@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-arrow-functions@npm:7.24.7" +"@babel/plugin-transform-arrow-functions@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-arrow-functions@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 707c209b5331c7dc79bd326128c6a6640dbd62a78da1653c844db20c4f36bf7b68454f1bc4d2d051b3fde9136fa291f276ec03a071bb00ee653069ff82f91010 + checksum: c29f081224859483accf55fb4d091db2aac0dcd0d7954bac5ca889030cc498d3f771aa20eb2e9cd8310084ec394d85fa084b97faf09298b6bc9541182b3eb5bb languageName: node linkType: hard -"@babel/plugin-transform-async-generator-functions@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-async-generator-functions@npm:7.24.7" +"@babel/plugin-transform-async-generator-functions@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-async-generator-functions@npm:7.25.9" dependencies: - "@babel/helper-environment-visitor": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/helper-remap-async-to-generator": ^7.24.7 - "@babel/plugin-syntax-async-generators": ^7.8.4 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-remap-async-to-generator": ^7.25.9 + "@babel/traverse": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 112e3b18f9c496ebc01209fc27f0b41a3669c479c7bc44f7249383172b432ebaae1e523caa7c6ecbd2d0d7adcb7e5769fe2798f8cb01c08cd57232d1bb6d8ad4 + checksum: 41e02c18c2a57de9f274fa2c5a1bf81a20ab5f321db29cc3051512b9c5bdf3f1a8c42f1fc282cb62343c6d50849f992eede954d5f7fb5e7df48ae0c59ea7e054 languageName: node linkType: hard -"@babel/plugin-transform-async-to-generator@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-async-to-generator@npm:7.24.7" +"@babel/plugin-transform-async-to-generator@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-async-to-generator@npm:7.25.9" dependencies: - "@babel/helper-module-imports": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/helper-remap-async-to-generator": ^7.24.7 + "@babel/helper-module-imports": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-remap-async-to-generator": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 13704fb3b83effc868db2b71bfb2c77b895c56cb891954fc362e95e200afd523313b0e7cf04ce02f45b05e76017c5b5fa8070c92613727a35131bb542c253a36 + checksum: b3ad50fb93c171644d501864620ed23952a46648c4df10dc9c62cc9ad08031b66bd272cfdd708faeee07c23b6251b16f29ce0350473e4c79f0c32178d38ce3a6 languageName: node linkType: hard -"@babel/plugin-transform-block-scoped-functions@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-block-scoped-functions@npm:7.24.7" +"@babel/plugin-transform-block-scoped-functions@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-block-scoped-functions@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 249cdcbff4e778b177245f9652b014ea4f3cd245d83297f10a7bf6d97790074089aa62bcde8c08eb299c5e68f2faed346b587d3ebac44d625ba9a83a4ee27028 + checksum: bf31896556b33a80f017af3d445ceb532ec0f5ca9d69bc211a963ac92514d172d5c24c5ac319f384d9dfa7f1a4d8dc23032c2fe3e74f98a59467ecd86f7033ae languageName: node linkType: hard -"@babel/plugin-transform-block-scoping@npm:^7.12.1, @babel/plugin-transform-block-scoping@npm:^7.21.0, @babel/plugin-transform-block-scoping@npm:^7.22.5, @babel/plugin-transform-block-scoping@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-block-scoping@npm:7.24.7" +"@babel/plugin-transform-block-scoping@npm:^7.12.1, @babel/plugin-transform-block-scoping@npm:^7.21.0, @babel/plugin-transform-block-scoping@npm:^7.22.5, @babel/plugin-transform-block-scoping@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-block-scoping@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 039206155533600f079f3a455f85888dd7d4970ff7ffa85ef44760f4f5acb9f19c9d848cc1fec1b9bdbc0dfec9e8a080b90d0ab66ad2bdc7138b5ca4ba96e61c + checksum: e869500cfb1995e06e64c9608543b56468639809febfcdd6fcf683bc0bf1be2431cacf2981a168a1a14f4766393e37bc9f7c96d25bc5b5f39a64a8a8ad0bf8e0 languageName: node linkType: hard -"@babel/plugin-transform-class-properties@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-class-properties@npm:7.24.7" +"@babel/plugin-transform-class-properties@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-class-properties@npm:7.25.9" dependencies: - "@babel/helper-create-class-features-plugin": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-create-class-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 1348d7ce74da38ba52ea85b3b4289a6a86913748569ef92ef0cff30702a9eb849e5eaf59f1c6f3517059aa68115fb3067e389735dccacca39add4e2b0c67e291 + checksum: a8d69e2c285486b63f49193cbcf7a15e1d3a5f632c1c07d7a97f65306df7f554b30270b7378dde143f8b557d1f8f6336c643377943dec8ec405e4cd11e90b9ea languageName: node linkType: hard -"@babel/plugin-transform-class-static-block@npm:^7.16.7, @babel/plugin-transform-class-static-block@npm:^7.22.11, @babel/plugin-transform-class-static-block@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-class-static-block@npm:7.24.7" +"@babel/plugin-transform-class-static-block@npm:^7.16.7, @babel/plugin-transform-class-static-block@npm:^7.22.11, @babel/plugin-transform-class-static-block@npm:^7.26.0": + version: 7.26.0 + resolution: "@babel/plugin-transform-class-static-block@npm:7.26.0" dependencies: - "@babel/helper-create-class-features-plugin": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-class-static-block": ^7.14.5 + "@babel/helper-create-class-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.12.0 - checksum: 324049263504f18416f1c3e24033baebfafd05480fdd885c8ebe6f2b415b0fc8e0b98d719360f9e30743cc78ac387fabc0b3c6606d2b54135756ffb92963b382 + checksum: d779d4d3a6f8d363f67fcbd928c15baa72be8d3b86c6d05e0300b50e66e2c4be9e99398b803d13064bc79d90ae36e37a505e3dc8af11904459804dec07660246 languageName: node linkType: hard -"@babel/plugin-transform-classes@npm:^7.24.8": - version: 7.24.8 - resolution: "@babel/plugin-transform-classes@npm:7.24.8" +"@babel/plugin-transform-classes@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-classes@npm:7.25.9" dependencies: - "@babel/helper-annotate-as-pure": ^7.24.7 - "@babel/helper-compilation-targets": ^7.24.8 - "@babel/helper-environment-visitor": ^7.24.7 - "@babel/helper-function-name": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.8 - "@babel/helper-replace-supers": ^7.24.7 - "@babel/helper-split-export-declaration": ^7.24.7 + "@babel/helper-annotate-as-pure": ^7.25.9 + "@babel/helper-compilation-targets": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-replace-supers": ^7.25.9 + "@babel/traverse": ^7.25.9 globals: ^11.1.0 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 9c0f547d67e255b37055461df9c1a578c29bf59c7055bd5b40b07b92e5448af3ca8d853d50056125b7dae9bfe3a4cf1559d61b9ccbc3d2578dd43f15386f12fe + checksum: d12584f72125314cc0fa8c77586ece2888d677788ac75f7393f5da574dfe4e45a556f7e3488fab29c8777ab3e5856d7a2d79f6df02834083aaa9d766440e3c68 languageName: node linkType: hard -"@babel/plugin-transform-computed-properties@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-computed-properties@npm:7.24.7" +"@babel/plugin-transform-computed-properties@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-computed-properties@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/template": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/template": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 0cf8c1b1e4ea57dec8d4612460d84fd4cdbf71a7499bb61ee34632cf89018a59eee818ffca88a8d99ee7057c20a4257044d7d463fda6daef9bf1db9fa81563cb + checksum: f77fa4bc0c1e0031068172df28852388db6b0f91c268d037905f459607cf1e8ebab00015f9f179f4ad96e11c5f381b635cd5dc4e147a48c7ac79d195ae7542de languageName: node linkType: hard -"@babel/plugin-transform-destructuring@npm:^7.24.8": - version: 7.24.8 - resolution: "@babel/plugin-transform-destructuring@npm:7.24.8" +"@babel/plugin-transform-destructuring@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-destructuring@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.8 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 0b4bd3d608979a1e5bd97d9d42acd5ad405c7fffa61efac4c7afd8e86ea6c2d91ab2d94b6a98d63919571363fe76e0b03c4ff161f0f60241b895842596e4a999 + checksum: 965f63077a904828f4adee91393f83644098533442b8217d5a135c23a759a4c252c714074c965676a60d2c33f610f579a4eeb59ffd783724393af61c0ca45fef languageName: node linkType: hard -"@babel/plugin-transform-dotall-regex@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-dotall-regex@npm:7.24.7" +"@babel/plugin-transform-dotall-regex@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-dotall-regex@npm:7.25.9" dependencies: - "@babel/helper-create-regexp-features-plugin": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-create-regexp-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 67b10fc6abb1f61f0e765288eb4c6d63d1d0f9fc0660e69f6f2170c56fa16bc74e49857afc644beda112b41771cd90cf52df0940d11e97e52617c77c7dcff171 + checksum: 8bdf1bb9e6e3a2cc8154ae88a3872faa6dc346d6901994505fb43ac85f858728781f1219f40b67f7bb0687c507450236cb7838ac68d457e65637f98500aa161b languageName: node linkType: hard -"@babel/plugin-transform-duplicate-keys@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-duplicate-keys@npm:7.24.7" +"@babel/plugin-transform-duplicate-keys@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-duplicate-keys@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: d1da2ff85ecb56a63f4ccfd9dc9ae69400d85f0dadf44ecddd9e71c6e5c7a9178e74e3a9637555f415a2bb14551e563f09f98534ab54f53d25e8439fdde6ba2d + checksum: b553eebc328797ead6be5ba5bdaf2f1222cea8a5bd33fb4ed625975d4f9b510bfb0d688d97e314cd4b4a48b279bea7b3634ad68c1b41ee143c3082db0ae74037 languageName: node linkType: hard -"@babel/plugin-transform-dynamic-import@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-dynamic-import@npm:7.24.7" +"@babel/plugin-transform-duplicate-named-capturing-groups-regex@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-duplicate-named-capturing-groups-regex@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-dynamic-import": ^7.8.3 + "@babel/helper-create-regexp-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + peerDependencies: + "@babel/core": ^7.0.0 + checksum: f7233cf596be8c6843d31951afaf2464a62a610cb89c72c818c044765827fab78403ab8a7d3a6386f838c8df574668e2a48f6c206b1d7da965aff9c6886cb8e6 + languageName: node + linkType: hard + +"@babel/plugin-transform-dynamic-import@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-dynamic-import@npm:7.25.9" + dependencies: + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 776509ff62ab40c12be814a342fc56a5cc09b91fb63032b2633414b635875fd7da03734657be0f6db2891fe6e3033b75d5ddb6f2baabd1a02e4443754a785002 + checksum: aaca1ccda819be9b2b85af47ba08ddd2210ff2dbea222f26e4cd33f97ab020884bf81a66197e50872721e9daf36ceb5659502c82199884ea74d5d75ecda5c58b languageName: node linkType: hard -"@babel/plugin-transform-exponentiation-operator@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-exponentiation-operator@npm:7.24.7" +"@babel/plugin-transform-exponentiation-operator@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-exponentiation-operator@npm:7.25.9" dependencies: - "@babel/helper-builder-binary-assignment-operator-visitor": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-builder-binary-assignment-operator-visitor": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 23c84a23eb56589fdd35a3540f9a1190615be069110a2270865223c03aee3ba4e0fc68fe14850800cf36f0712b26e4964d3026235261f58f0405a29fe8dac9b1 + checksum: 57e1bb4135dd16782fe84b49dd360cce8f9bf5f62eb10424dcdaf221e54a8bacdf50f2541c5ac01dea9f833a6c628613d71be915290938a93454389cba4de06b languageName: node linkType: hard -"@babel/plugin-transform-export-namespace-from@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-export-namespace-from@npm:7.24.7" +"@babel/plugin-transform-export-namespace-from@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-export-namespace-from@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-export-namespace-from": ^7.8.3 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 3bd3a10038f10ae0dea1ee42137f3edcf7036b5e9e570a0d1cbd0865f03658990c6c2d84fa2475f87a754e7dc5b46766c16f7ce5c9b32c3040150b6a21233a80 + checksum: 4dfe8df86c5b1d085d591290874bb2d78a9063090d71567ed657a418010ad333c3f48af2c974b865f53bbb718987a065f89828d43279a7751db1a56c9229078d languageName: node linkType: hard -"@babel/plugin-transform-for-of@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-for-of@npm:7.24.7" +"@babel/plugin-transform-for-of@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-for-of@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/helper-skip-transparent-expression-wrappers": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-skip-transparent-expression-wrappers": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: a53b42dc93ab4b7d1ebd3c695b52be22b3d592f6a3dbdb3dc2fea2c8e0a7e1508fe919864c455cde552aec44ce7518625fccbb70c7063373ca228d884f4f49ea + checksum: 41b56e70256a29fc26ed7fb95ece062d7ec2f3b6ea8f0686349ffd004cd4816132085ee21165b89c502ee7161cb7cfb12510961638851357945dc7bc546475b7 languageName: node linkType: hard -"@babel/plugin-transform-function-name@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-function-name@npm:7.24.7" +"@babel/plugin-transform-function-name@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-function-name@npm:7.25.9" dependencies: - "@babel/helper-compilation-targets": ^7.24.7 - "@babel/helper-function-name": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-compilation-targets": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/traverse": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 8eb1a67894a124910b5a67630bed4307757504381f39f0fb5cf82afc7ae8647dbc03b256d13865b73a749b9071b68e9fb8a28cef2369917b4299ebb93fd66146 + checksum: a8d7c8d019a6eb57eab5ca1be3e3236f175557d55b1f3b11f8ad7999e3fbb1cf37905fd8cb3a349bffb4163a558e9f33b63f631597fdc97c858757deac1b2fd7 languageName: node linkType: hard -"@babel/plugin-transform-json-strings@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-json-strings@npm:7.24.7" +"@babel/plugin-transform-json-strings@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-json-strings@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-json-strings": ^7.8.3 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 88874d0b7a1ddea66c097fc0abb68801ffae194468aa44b828dde9a0e20ac5d8647943793de86092eabaa2911c96f67a6b373793d4bb9c932ef81b2711c06c2e + checksum: e2498d84761cfd05aaea53799933d55af309c9d6204e66b38778792d171e4d1311ad34f334259a3aa3407dd0446f6bd3e390a1fcb8ce2e42fe5aabed0e41bee1 languageName: node linkType: hard -"@babel/plugin-transform-literals@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-literals@npm:7.24.7" +"@babel/plugin-transform-literals@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-literals@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 3c075cc093a3dd9e294b8b7d6656e65f889e7ca2179ca27978dcd65b4dc4885ebbfb327408d7d8f483c55547deed00ba840956196f3ac8a3c3d2308a330a8c23 + checksum: 3cca75823a38aab599bc151b0fa4d816b5e1b62d6e49c156aa90436deb6e13649f5505973151a10418b64f3f9d1c3da53e38a186402e0ed7ad98e482e70c0c14 languageName: node linkType: hard -"@babel/plugin-transform-logical-assignment-operators@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-logical-assignment-operators@npm:7.24.7" +"@babel/plugin-transform-logical-assignment-operators@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-logical-assignment-operators@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-logical-assignment-operators": ^7.10.4 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 3367ce0be243704dc6fce23e86a592c4380f01998ee5dd9f94c54b1ef7b971ac6f8a002901eb51599ac6cbdc0d067af8d1a720224fca1c40fde8bb8aab804aac + checksum: 8c6febb4ac53852314d28b5e2c23d5dbbff7bf1e57d61f9672e0d97531ef7778b3f0ad698dcf1179f5486e626c77127508916a65eb846a89e98a92f70ed3537b languageName: node linkType: hard -"@babel/plugin-transform-member-expression-literals@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-member-expression-literals@npm:7.24.7" +"@babel/plugin-transform-member-expression-literals@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-member-expression-literals@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 2720c57aa3bf70576146ba7d6ea03227f4611852122d76d237924f7b008dafc952e6ae61a19e5024f26c665f44384bbd378466f01b6bd1305b3564a3b7fb1a5d + checksum: db92041ae87b8f59f98b50359e0bb172480f6ba22e5e76b13bdfe07122cbf0daa9cd8ad2e78dcb47939938fed88ad57ab5989346f64b3a16953fc73dea3a9b1f languageName: node linkType: hard -"@babel/plugin-transform-modules-amd@npm:^7.13.0, @babel/plugin-transform-modules-amd@npm:^7.20.11, @babel/plugin-transform-modules-amd@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-modules-amd@npm:7.24.7" +"@babel/plugin-transform-modules-amd@npm:^7.13.0, @babel/plugin-transform-modules-amd@npm:^7.20.11, @babel/plugin-transform-modules-amd@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-modules-amd@npm:7.25.9" dependencies: - "@babel/helper-module-transforms": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-module-transforms": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: f1dd0fb2f46c0f8f21076b8c7ccd5b33a85ce6dcb31518ea4c648d9a5bb2474cd4bd87c9b1b752e68591e24b022e334ba0d07631fef2b6b4d8a4b85cf3d581f5 + checksum: baad1f6fd0e0d38e9a9c1086a06abdc014c4c653fd452337cadfe23fb5bd8bf4368d1bc433a5ac8e6421bc0732ebb7c044cf3fb39c1b7ebe967d66e26c4e5cec languageName: node linkType: hard -"@babel/plugin-transform-modules-commonjs@npm:^7.24.7, @babel/plugin-transform-modules-commonjs@npm:^7.24.8": - version: 7.24.8 - resolution: "@babel/plugin-transform-modules-commonjs@npm:7.24.8" +"@babel/plugin-transform-modules-commonjs@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-modules-commonjs@npm:7.25.9" dependencies: - "@babel/helper-module-transforms": ^7.24.8 - "@babel/helper-plugin-utils": ^7.24.8 - "@babel/helper-simple-access": ^7.24.7 + "@babel/helper-module-transforms": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-simple-access": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: a4cf95b1639c33382064b44558f73ee5fac023f2a94d16e549d2bb55ceebd5cbc10fcddd505d08cd5bc97f5a64af9fd155512358b7dcf7b1a0082e8945cf21c5 + checksum: 4f101f0ea4a57d1d27a7976d668c63a7d0bbb0d9c1909d8ac43c785fd1496c31e6552ffd9673730c088873df1bc64f1cc4aad7c3c90413ac5e80b33e336d80e4 languageName: node linkType: hard -"@babel/plugin-transform-modules-systemjs@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-modules-systemjs@npm:7.24.7" +"@babel/plugin-transform-modules-systemjs@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-modules-systemjs@npm:7.25.9" dependencies: - "@babel/helper-hoist-variables": ^7.24.7 - "@babel/helper-module-transforms": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/helper-validator-identifier": ^7.24.7 + "@babel/helper-module-transforms": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-validator-identifier": ^7.25.9 + "@babel/traverse": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 8af7a9db2929991d82cfdf41fb175dee344274d39b39122f8c35f24b5d682f98368e3d8f5130401298bd21412df21d416a7d8b33b59c334fae3d3c762118b1d8 + checksum: bf446202f372ba92dc0db32b24b56225b6e3ad3b227e31074de8b86fdec01c273ae2536873e38dbe3ceb1cd0894209343adeaa37df208e3fa88c0c7dffec7924 languageName: node linkType: hard -"@babel/plugin-transform-modules-umd@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-modules-umd@npm:7.24.7" +"@babel/plugin-transform-modules-umd@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-modules-umd@npm:7.25.9" dependencies: - "@babel/helper-module-transforms": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-module-transforms": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 9ff1c464892efe042952ba778468bda6131b196a2729615bdcc3f24cdc94014f016a4616ee5643c5845bade6ba698f386833e61056d7201314b13a7fd69fac88 + checksum: 946db66be5f04ab9ee56c424b00257276ec094aa2f148508927e6085239f76b00304fa1e33026d29eccdbe312efea15ca3d92e74a12689d7f0cdd9a7ba1a6c54 languageName: node linkType: hard -"@babel/plugin-transform-named-capturing-groups-regex@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-named-capturing-groups-regex@npm:7.24.7" +"@babel/plugin-transform-named-capturing-groups-regex@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-named-capturing-groups-regex@npm:7.25.9" dependencies: - "@babel/helper-create-regexp-features-plugin": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-create-regexp-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0 - checksum: f1c6c7b5d60a86b6d7e4dd098798e1d393d55e993a0b57a73b53640c7a94985b601a96bdacee063f809a9a700bcea3a2ff18e98fa561554484ac56b761d774bd + checksum: 434346ba05cf74e3f4704b3bdd439287b95cd2a8676afcdc607810b8c38b6f4798cd69c1419726b2e4c7204e62e4a04d31b0360e91ca57a930521c9211e07789 languageName: node linkType: hard -"@babel/plugin-transform-new-target@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-new-target@npm:7.24.7" +"@babel/plugin-transform-new-target@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-new-target@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 3cb94cd1076b270f768f91fdcf9dd2f6d487f8dbfff3df7ca8d07b915900b86d02769a35ba1407d16fe49499012c8f055e1741299e2c880798b953d942a8fa1b + checksum: f8113539919aafce52f07b2bd182c771a476fe1d5d96d813460b33a16f173f038929369c595572cadc1f7bd8cb816ce89439d056e007770ddd7b7a0878e7895f languageName: node linkType: hard -"@babel/plugin-transform-nullish-coalescing-operator@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-nullish-coalescing-operator@npm:7.24.7" +"@babel/plugin-transform-nullish-coalescing-operator@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-nullish-coalescing-operator@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-nullish-coalescing-operator": ^7.8.3 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 4a9221356401d87762afbc37a9e8e764afc2daf09c421117537820f8cfbed6876888372ad3a7bcfae2d45c95f026651f050ab4020b777be31d3ffb00908dbdd3 + checksum: 26e03b1c2c0408cc300e46d8f8cb639653ff3a7b03456d0d8afbb53c44f33a89323f51d99991dade3a5676921119bbdf869728bb7911799b5ef99ffafa2cdd24 languageName: node linkType: hard -"@babel/plugin-transform-numeric-separator@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-numeric-separator@npm:7.24.7" +"@babel/plugin-transform-numeric-separator@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-numeric-separator@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-numeric-separator": ^7.10.4 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 561b5f1d08b2c3f92ce849f092751558b5e6cfeb7eb55c79e7375c34dd9c3066dce5e630bb439affef6adcf202b6cbcaaa23870070276fa5bb429c8f5b8c7514 + checksum: 0528ef041ed88e8c3f51624ee87b8182a7f246fe4013f0572788e0727d20795b558f2b82e3989b5dd416cbd339500f0d88857de41b6d3b6fdacb1d5344bcc5b1 languageName: node linkType: hard -"@babel/plugin-transform-object-rest-spread@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-object-rest-spread@npm:7.24.7" +"@babel/plugin-transform-object-rest-spread@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-object-rest-spread@npm:7.25.9" dependencies: - "@babel/helper-compilation-targets": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-object-rest-spread": ^7.8.3 - "@babel/plugin-transform-parameters": ^7.24.7 + "@babel/helper-compilation-targets": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/plugin-transform-parameters": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 169d257b9800c13e1feb4c37fb05dae84f702e58b342bb76e19e82e6692b7b5337c9923ee89e3916a97c0dd04a3375bdeca14f5e126f110bbacbeb46d1886ca2 + checksum: a8ff73e1c46a03056b3a2236bafd6b3a4b83da93afe7ee24a50d0a8088150bf85bc5e5977daa04e66ff5fb7613d02d63ad49b91ebb64cf3f3022598d722e3a7a languageName: node linkType: hard -"@babel/plugin-transform-object-super@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-object-super@npm:7.24.7" +"@babel/plugin-transform-object-super@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-object-super@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/helper-replace-supers": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-replace-supers": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: f71e607a830ee50a22fa1a2686524d3339440cf9dea63032f6efbd865cfe4e35000e1e3f3492459e5c986f7c0c07dc36938bf3ce61fc9ba5f8ab732d0b64ab37 + checksum: 1817b5d8b80e451ae1ad9080cca884f4f16df75880a158947df76a2ed8ab404d567a7dce71dd8051ef95f90fbe3513154086a32aba55cc76027f6cbabfbd7f98 languageName: node linkType: hard -"@babel/plugin-transform-optional-catch-binding@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-optional-catch-binding@npm:7.24.7" +"@babel/plugin-transform-optional-catch-binding@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-optional-catch-binding@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-optional-catch-binding": ^7.8.3 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 7229f3a5a4facaab40f4fdfc7faabc157dc38a67d66bed7936599f4bc509e0bff636f847ac2aa45294881fce9cf8a0a460b85d2a465b7b977de9739fce9b18f6 + checksum: b46a8d1e91829f3db5c252583eb00d05a779b4660abeea5500fda0f8ffa3584fd18299443c22f7fddf0ed9dfdb73c782c43b445dc468d4f89803f2356963b406 languageName: node linkType: hard -"@babel/plugin-transform-optional-chaining@npm:^7.24.7, @babel/plugin-transform-optional-chaining@npm:^7.24.8": - version: 7.24.8 - resolution: "@babel/plugin-transform-optional-chaining@npm:7.24.8" +"@babel/plugin-transform-optional-chaining@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-optional-chaining@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.8 - "@babel/helper-skip-transparent-expression-wrappers": ^7.24.7 - "@babel/plugin-syntax-optional-chaining": ^7.8.3 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-skip-transparent-expression-wrappers": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 45e55e3a2fffb89002d3f89aef59c141610f23b60eee41e047380bffc40290b59f64fc649aa7ec5281f73d41b2065410d788acc6afaad2a9f44cad6e8af04442 + checksum: f1642a7094456067e82b176e1e9fd426fda7ed9df54cb6d10109fc512b622bf4b3c83acc5875125732b8622565107fdbe2d60fe3ec8685e1d1c22c38c1b57782 languageName: node linkType: hard -"@babel/plugin-transform-parameters@npm:^7.20.7, @babel/plugin-transform-parameters@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-parameters@npm:7.24.7" +"@babel/plugin-transform-parameters@npm:^7.20.7, @babel/plugin-transform-parameters@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-parameters@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: ab534b03ac2eff94bc79342b8f39a4584666f5305a6c63c1964afda0b1b004e6b861e49d1683548030defe248e3590d3ff6338ee0552cb90c064f7e1479968c3 + checksum: d7ba2a7d05edbc85aed741289b0ff3d6289a1c25d82ac4be32c565f88a66391f46631aad59ceeed40824037f7eeaa7a0de1998db491f50e65a565cd964f78786 languageName: node linkType: hard -"@babel/plugin-transform-private-methods@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-private-methods@npm:7.24.7" +"@babel/plugin-transform-private-methods@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-private-methods@npm:7.25.9" dependencies: - "@babel/helper-create-class-features-plugin": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-create-class-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: c151548e34909be2adcceb224d8fdd70bafa393bc1559a600906f3f647317575bf40db670470934a360e90ee8084ef36dffa34ec25d387d414afd841e74cf3fe + checksum: 6e3671b352c267847c53a170a1937210fa8151764d70d25005e711ef9b21969aaf422acc14f9f7fb86bc0e4ec43e7aefcc0ad9196ae02d262ec10f509f126a58 languageName: node linkType: hard -"@babel/plugin-transform-private-property-in-object@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-private-property-in-object@npm:7.24.7" +"@babel/plugin-transform-private-property-in-object@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-private-property-in-object@npm:7.25.9" dependencies: - "@babel/helper-annotate-as-pure": ^7.24.7 - "@babel/helper-create-class-features-plugin": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/plugin-syntax-private-property-in-object": ^7.14.5 + "@babel/helper-annotate-as-pure": ^7.25.9 + "@babel/helper-create-class-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 8cee9473095305cc787bb653fd681719b49363281feabf677db8a552e8e41c94441408055d7e5fd5c7d41b315e634fa70b145ad0c7c54456216049df4ed57350 + checksum: 9ce3e983fea9b9ba677c192aa065c0b42ebdc7774be4c02135df09029ad92a55c35b004650c75952cb64d650872ed18f13ab64422c6fc891d06333762caa8a0a languageName: node linkType: hard -"@babel/plugin-transform-property-literals@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-property-literals@npm:7.24.7" +"@babel/plugin-transform-property-literals@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-property-literals@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 9aeefc3aab6c6bf9d1fae1cf3a2d38c7d886fd3c6c81b7c608c477f5758aee2e7abf52f32724310fe861da61af934ee2508b78a5b5f234b9740c9134e1c14437 + checksum: 436046ab07d54a9b44a384eeffec701d4e959a37a7547dda72e069e751ca7ff753d1782a8339e354b97c78a868b49ea97bf41bf5a44c6d7a3c0a05ad40eeb49c languageName: node linkType: hard -"@babel/plugin-transform-regenerator@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-regenerator@npm:7.24.7" +"@babel/plugin-transform-regenerator@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-regenerator@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 regenerator-transform: ^0.15.2 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 20c6c3fb6fc9f407829087316653388d311e8c1816b007609bb09aeef254092a7157adace8b3aaa8f34be752503717cb85c88a5fe482180a9b11bcbd676063be + checksum: 1c09e8087b476c5967282c9790fb8710e065eda77c60f6cb5da541edd59ded9d003d96f8ef640928faab4a0b35bf997673499a194973da4f0c97f0935807a482 languageName: node linkType: hard -"@babel/plugin-transform-reserved-words@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-reserved-words@npm:7.24.7" +"@babel/plugin-transform-regexp-modifiers@npm:^7.26.0": + version: 7.26.0 + resolution: "@babel/plugin-transform-regexp-modifiers@npm:7.26.0" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-create-regexp-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + peerDependencies: + "@babel/core": ^7.0.0 + checksum: 726deca486bbd4b176f8a966eb0f4aabc19d9def3b8dabb8b3a656778eca0df1fda3f3c92b213aa5a184232fdafd5b7bd73b4e24ca4345c498ef6baff2bda4e1 + languageName: node + linkType: hard + +"@babel/plugin-transform-reserved-words@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-reserved-words@npm:7.25.9" + dependencies: + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 3d5876954d5914d7270819479504f30c4bf5452a65c677f44e2dab2db50b3c9d4b47793c45dfad7abf4f377035dd79e4b3f554ae350df9f422201d370ce9f8dd + checksum: 8beda04481b25767acbd1f6b9ef7b3a9c12fbd9dcb24df45a6ad120e1dc4b247c073db60ac742f9093657d6d8c050501fc0606af042f81a3bb6a3ff862cddc47 languageName: node linkType: hard "@babel/plugin-transform-runtime@npm:^7.13.9": - version: 7.24.7 - resolution: "@babel/plugin-transform-runtime@npm:7.24.7" + version: 7.25.9 + resolution: "@babel/plugin-transform-runtime@npm:7.25.9" dependencies: - "@babel/helper-module-imports": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-module-imports": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 babel-plugin-polyfill-corejs2: ^0.4.10 - babel-plugin-polyfill-corejs3: ^0.10.1 + babel-plugin-polyfill-corejs3: ^0.10.6 babel-plugin-polyfill-regenerator: ^0.6.1 semver: ^6.3.1 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 98bcbbdc833d5c451189a6325f88820fe92973e119c59ce74bf28681cf4687c8280decb55b6c47f22e98c3973ae3a13521c4f51855a2b8577b230ecb1b4ca5b4 + checksum: db7f20a7a7324dbfe3b43a09f0095c69dadcf8b08567fa7c7fa6e245d97c66cdcdc330e97733b7589261c0e1046bc5cc36741b932ac5dd7757374495b57e7b02 languageName: node linkType: hard -"@babel/plugin-transform-shorthand-properties@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-shorthand-properties@npm:7.24.7" +"@babel/plugin-transform-shorthand-properties@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-shorthand-properties@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 7b524245814607188212b8eb86d8c850e5974203328455a30881b4a92c364b93353fae14bc2af5b614ef16300b75b8c1d3b8f3a08355985b4794a7feb240adc3 + checksum: f774995d58d4e3a992b732cf3a9b8823552d471040e280264dd15e0735433d51b468fef04d75853d061309389c66bda10ce1b298297ce83999220eb0ad62741d languageName: node linkType: hard -"@babel/plugin-transform-spread@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-spread@npm:7.24.7" +"@babel/plugin-transform-spread@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-spread@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/helper-skip-transparent-expression-wrappers": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-skip-transparent-expression-wrappers": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 4c4254c8b9cceb1a8f975fa9b92257ddb08380a35c0a3721b8f4b9e13a3d82e403af2e0fba577b9f2452dd8f06bc3dea71cc53b1e2c6af595af5db52a13429d6 + checksum: 2403a5d49171b7714d5e5ecb1f598c61575a4dbe5e33e5a5f08c0ea990b75e693ca1ea983b6a96b2e3e5e7da48c8238333f525e47498c53b577c5d094d964c06 languageName: node linkType: hard -"@babel/plugin-transform-sticky-regex@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-sticky-regex@npm:7.24.7" +"@babel/plugin-transform-sticky-regex@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-sticky-regex@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 118fc7a7ebf7c20411b670c8a030535fdfe4a88bc5643bb625a584dbc4c8a468da46430a20e6bf78914246962b0f18f1b9d6a62561a7762c4f34a038a5a77179 + checksum: 7454b00844dbe924030dd15e2b3615b36e196500c4c47e98dabc6b37a054c5b1038ecd437e910aabf0e43bf56b973cb148d3437d50f6e2332d8309568e3e979b languageName: node linkType: hard -"@babel/plugin-transform-template-literals@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-template-literals@npm:7.24.7" +"@babel/plugin-transform-template-literals@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-template-literals@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: ad44e5826f5a98c1575832dbdbd033adfe683cdff195e178528ead62507564bf02f479b282976cfd3caebad8b06d5fd7349c1cdb880dec3c56daea4f1f179619 + checksum: 92eb1d6e2d95bd24abbb74fa7640d02b66ff6214e0bb616d7fda298a7821ce15132a4265d576a3502a347a3c9e94b6c69ed265bb0784664592fa076785a3d16a languageName: node linkType: hard -"@babel/plugin-transform-typeof-symbol@npm:^7.24.8": - version: 7.24.8 - resolution: "@babel/plugin-transform-typeof-symbol@npm:7.24.8" +"@babel/plugin-transform-typeof-symbol@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-typeof-symbol@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.8 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 8663a8e7347cedf181001d99c88cf794b6598c3d82f324098510fe8fb8bd22113995526a77aa35a3cc5d70ffd0617a59dd0d10311a9bf0e1a3a7d3e59b900c00 + checksum: 3f9458840d96f61502f0e9dfaae3efe8325fa0b2151e24ea0d41307f28cdd166905419f5a43447ce0f1ae4bfd001f3906b658839a60269c254168164090b4c73 languageName: node linkType: hard -"@babel/plugin-transform-typescript@npm:^7.13.0, @babel/plugin-transform-typescript@npm:^7.16.8, @babel/plugin-transform-typescript@npm:^7.20.13, @babel/plugin-transform-typescript@npm:^7.24.7": - version: 7.24.8 - resolution: "@babel/plugin-transform-typescript@npm:7.24.8" +"@babel/plugin-transform-typescript@npm:^7.13.0, @babel/plugin-transform-typescript@npm:^7.16.8, @babel/plugin-transform-typescript@npm:^7.20.13, @babel/plugin-transform-typescript@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-typescript@npm:7.25.9" dependencies: - "@babel/helper-annotate-as-pure": ^7.24.7 - "@babel/helper-create-class-features-plugin": ^7.24.8 - "@babel/helper-plugin-utils": ^7.24.8 - "@babel/plugin-syntax-typescript": ^7.24.7 + "@babel/helper-annotate-as-pure": ^7.25.9 + "@babel/helper-create-class-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-skip-transparent-expression-wrappers": ^7.25.9 + "@babel/plugin-syntax-typescript": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 4dcdc0ca2b523ccfb216ad7e68d2954576e42d83956e0e65626ad1ece17da85cb1122b6c350c4746db927996060466c879945d40cde156a94019f30587fef41a + checksum: 6dd1303f1b9f314e22c6c54568a8b9709a081ce97be757d4004f960e3e73d6b819e6b49cee6cf1fc8455511e41127a8b580fa34602de62d17ab8a0b2d0ccf183 languageName: node linkType: hard @@ -1327,50 +1156,50 @@ __metadata: languageName: node linkType: hard -"@babel/plugin-transform-unicode-escapes@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-unicode-escapes@npm:7.24.7" +"@babel/plugin-transform-unicode-escapes@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-unicode-escapes@npm:7.25.9" dependencies: - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 4af0a193e1ddea6ff82b2b15cc2501b872728050bd625740b813c8062fec917d32d530ff6b41de56c15e7296becdf3336a58db81f5ca8e7c445c1306c52f3e01 + checksum: be067e07488d804e3e82d7771f23666539d2ae5af03bf6eb8480406adf3dabd776e60c1fd5c6078dc5714b73cd80bbaca70e71d4f5d154c5c57200581602ca2f languageName: node linkType: hard -"@babel/plugin-transform-unicode-property-regex@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-unicode-property-regex@npm:7.24.7" +"@babel/plugin-transform-unicode-property-regex@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-unicode-property-regex@npm:7.25.9" dependencies: - "@babel/helper-create-regexp-features-plugin": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-create-regexp-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: aae13350c50973f5802ca7906d022a6a0cc0e3aebac9122d0450bbd51e78252d4c2032ad69385e2759fcbdd3aac5d571bd7e26258907f51f8e1a51b53be626c2 + checksum: 201f6f46c1beb399e79aa208b94c5d54412047511795ce1e790edcd189cef73752e6a099fdfc01b3ad12205f139ae344143b62f21f44bbe02338a95e8506a911 languageName: node linkType: hard -"@babel/plugin-transform-unicode-regex@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-unicode-regex@npm:7.24.7" +"@babel/plugin-transform-unicode-regex@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-unicode-regex@npm:7.25.9" dependencies: - "@babel/helper-create-regexp-features-plugin": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-create-regexp-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 1cb4e70678906e431da0a05ac3f8350025fee290304ad7482d9cfaa1ca67b2e898654de537c9268efbdad5b80d3ebadf42b4a88ea84609bd8a4cce7b11b48afd + checksum: e8baae867526e179467c6ef5280d70390fa7388f8763a19a27c21302dd59b121032568be080749514b097097ceb9af716bf4b90638f1b3cf689aa837ba20150f languageName: node linkType: hard -"@babel/plugin-transform-unicode-sets-regex@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/plugin-transform-unicode-sets-regex@npm:7.24.7" +"@babel/plugin-transform-unicode-sets-regex@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/plugin-transform-unicode-sets-regex@npm:7.25.9" dependencies: - "@babel/helper-create-regexp-features-plugin": ^7.24.7 - "@babel/helper-plugin-utils": ^7.24.7 + "@babel/helper-create-regexp-features-plugin": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0 - checksum: 08a2844914f33dacd2ce1ab021ce8c1cc35dc6568521a746d8bf29c21571ee5be78787b454231c4bb3526cbbe280f1893223c82726cec5df2be5dae0a3b51837 + checksum: 4445ef20de687cb4dcc95169742a8d9013d680aa5eee9186d8e25875bbfa7ee5e2de26a91177ccf70b1db518e36886abcd44750d28db5d7a9539f0efa6839f4b languageName: node linkType: hard @@ -1385,93 +1214,81 @@ __metadata: linkType: hard "@babel/preset-env@npm:^7.16.5, @babel/preset-env@npm:^7.16.7, @babel/preset-env@npm:^7.20.2, @babel/preset-env@npm:^7.24.6": - version: 7.24.8 - resolution: "@babel/preset-env@npm:7.24.8" - dependencies: - "@babel/compat-data": ^7.24.8 - "@babel/helper-compilation-targets": ^7.24.8 - "@babel/helper-plugin-utils": ^7.24.8 - "@babel/helper-validator-option": ^7.24.8 - "@babel/plugin-bugfix-firefox-class-in-computed-class-key": ^7.24.7 - "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": ^7.24.7 - "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": ^7.24.7 - "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": ^7.24.7 + version: 7.26.0 + resolution: "@babel/preset-env@npm:7.26.0" + dependencies: + "@babel/compat-data": ^7.26.0 + "@babel/helper-compilation-targets": ^7.25.9 + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-validator-option": ^7.25.9 + "@babel/plugin-bugfix-firefox-class-in-computed-class-key": ^7.25.9 + "@babel/plugin-bugfix-safari-class-field-initializer-scope": ^7.25.9 + "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": ^7.25.9 + "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": ^7.25.9 + "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": ^7.25.9 "@babel/plugin-proposal-private-property-in-object": 7.21.0-placeholder-for-preset-env.2 - "@babel/plugin-syntax-async-generators": ^7.8.4 - "@babel/plugin-syntax-class-properties": ^7.12.13 - "@babel/plugin-syntax-class-static-block": ^7.14.5 - "@babel/plugin-syntax-dynamic-import": ^7.8.3 - "@babel/plugin-syntax-export-namespace-from": ^7.8.3 - "@babel/plugin-syntax-import-assertions": ^7.24.7 - "@babel/plugin-syntax-import-attributes": ^7.24.7 - "@babel/plugin-syntax-import-meta": ^7.10.4 - "@babel/plugin-syntax-json-strings": ^7.8.3 - "@babel/plugin-syntax-logical-assignment-operators": ^7.10.4 - "@babel/plugin-syntax-nullish-coalescing-operator": ^7.8.3 - "@babel/plugin-syntax-numeric-separator": ^7.10.4 - "@babel/plugin-syntax-object-rest-spread": ^7.8.3 - "@babel/plugin-syntax-optional-catch-binding": ^7.8.3 - "@babel/plugin-syntax-optional-chaining": ^7.8.3 - "@babel/plugin-syntax-private-property-in-object": ^7.14.5 - "@babel/plugin-syntax-top-level-await": ^7.14.5 + "@babel/plugin-syntax-import-assertions": ^7.26.0 + "@babel/plugin-syntax-import-attributes": ^7.26.0 "@babel/plugin-syntax-unicode-sets-regex": ^7.18.6 - "@babel/plugin-transform-arrow-functions": ^7.24.7 - "@babel/plugin-transform-async-generator-functions": ^7.24.7 - "@babel/plugin-transform-async-to-generator": ^7.24.7 - "@babel/plugin-transform-block-scoped-functions": ^7.24.7 - "@babel/plugin-transform-block-scoping": ^7.24.7 - "@babel/plugin-transform-class-properties": ^7.24.7 - "@babel/plugin-transform-class-static-block": ^7.24.7 - "@babel/plugin-transform-classes": ^7.24.8 - "@babel/plugin-transform-computed-properties": ^7.24.7 - "@babel/plugin-transform-destructuring": ^7.24.8 - "@babel/plugin-transform-dotall-regex": ^7.24.7 - "@babel/plugin-transform-duplicate-keys": ^7.24.7 - "@babel/plugin-transform-dynamic-import": ^7.24.7 - "@babel/plugin-transform-exponentiation-operator": ^7.24.7 - "@babel/plugin-transform-export-namespace-from": ^7.24.7 - "@babel/plugin-transform-for-of": ^7.24.7 - "@babel/plugin-transform-function-name": ^7.24.7 - "@babel/plugin-transform-json-strings": ^7.24.7 - "@babel/plugin-transform-literals": ^7.24.7 - "@babel/plugin-transform-logical-assignment-operators": ^7.24.7 - "@babel/plugin-transform-member-expression-literals": ^7.24.7 - "@babel/plugin-transform-modules-amd": ^7.24.7 - "@babel/plugin-transform-modules-commonjs": ^7.24.8 - "@babel/plugin-transform-modules-systemjs": ^7.24.7 - "@babel/plugin-transform-modules-umd": ^7.24.7 - "@babel/plugin-transform-named-capturing-groups-regex": ^7.24.7 - "@babel/plugin-transform-new-target": ^7.24.7 - "@babel/plugin-transform-nullish-coalescing-operator": ^7.24.7 - "@babel/plugin-transform-numeric-separator": ^7.24.7 - "@babel/plugin-transform-object-rest-spread": ^7.24.7 - "@babel/plugin-transform-object-super": ^7.24.7 - "@babel/plugin-transform-optional-catch-binding": ^7.24.7 - "@babel/plugin-transform-optional-chaining": ^7.24.8 - "@babel/plugin-transform-parameters": ^7.24.7 - "@babel/plugin-transform-private-methods": ^7.24.7 - "@babel/plugin-transform-private-property-in-object": ^7.24.7 - "@babel/plugin-transform-property-literals": ^7.24.7 - "@babel/plugin-transform-regenerator": ^7.24.7 - "@babel/plugin-transform-reserved-words": ^7.24.7 - "@babel/plugin-transform-shorthand-properties": ^7.24.7 - "@babel/plugin-transform-spread": ^7.24.7 - "@babel/plugin-transform-sticky-regex": ^7.24.7 - "@babel/plugin-transform-template-literals": ^7.24.7 - "@babel/plugin-transform-typeof-symbol": ^7.24.8 - "@babel/plugin-transform-unicode-escapes": ^7.24.7 - "@babel/plugin-transform-unicode-property-regex": ^7.24.7 - "@babel/plugin-transform-unicode-regex": ^7.24.7 - "@babel/plugin-transform-unicode-sets-regex": ^7.24.7 + "@babel/plugin-transform-arrow-functions": ^7.25.9 + "@babel/plugin-transform-async-generator-functions": ^7.25.9 + "@babel/plugin-transform-async-to-generator": ^7.25.9 + "@babel/plugin-transform-block-scoped-functions": ^7.25.9 + "@babel/plugin-transform-block-scoping": ^7.25.9 + "@babel/plugin-transform-class-properties": ^7.25.9 + "@babel/plugin-transform-class-static-block": ^7.26.0 + "@babel/plugin-transform-classes": ^7.25.9 + "@babel/plugin-transform-computed-properties": ^7.25.9 + "@babel/plugin-transform-destructuring": ^7.25.9 + "@babel/plugin-transform-dotall-regex": ^7.25.9 + "@babel/plugin-transform-duplicate-keys": ^7.25.9 + "@babel/plugin-transform-duplicate-named-capturing-groups-regex": ^7.25.9 + "@babel/plugin-transform-dynamic-import": ^7.25.9 + "@babel/plugin-transform-exponentiation-operator": ^7.25.9 + "@babel/plugin-transform-export-namespace-from": ^7.25.9 + "@babel/plugin-transform-for-of": ^7.25.9 + "@babel/plugin-transform-function-name": ^7.25.9 + "@babel/plugin-transform-json-strings": ^7.25.9 + "@babel/plugin-transform-literals": ^7.25.9 + "@babel/plugin-transform-logical-assignment-operators": ^7.25.9 + "@babel/plugin-transform-member-expression-literals": ^7.25.9 + "@babel/plugin-transform-modules-amd": ^7.25.9 + "@babel/plugin-transform-modules-commonjs": ^7.25.9 + "@babel/plugin-transform-modules-systemjs": ^7.25.9 + "@babel/plugin-transform-modules-umd": ^7.25.9 + "@babel/plugin-transform-named-capturing-groups-regex": ^7.25.9 + "@babel/plugin-transform-new-target": ^7.25.9 + "@babel/plugin-transform-nullish-coalescing-operator": ^7.25.9 + "@babel/plugin-transform-numeric-separator": ^7.25.9 + "@babel/plugin-transform-object-rest-spread": ^7.25.9 + "@babel/plugin-transform-object-super": ^7.25.9 + "@babel/plugin-transform-optional-catch-binding": ^7.25.9 + "@babel/plugin-transform-optional-chaining": ^7.25.9 + "@babel/plugin-transform-parameters": ^7.25.9 + "@babel/plugin-transform-private-methods": ^7.25.9 + "@babel/plugin-transform-private-property-in-object": ^7.25.9 + "@babel/plugin-transform-property-literals": ^7.25.9 + "@babel/plugin-transform-regenerator": ^7.25.9 + "@babel/plugin-transform-regexp-modifiers": ^7.26.0 + "@babel/plugin-transform-reserved-words": ^7.25.9 + "@babel/plugin-transform-shorthand-properties": ^7.25.9 + "@babel/plugin-transform-spread": ^7.25.9 + "@babel/plugin-transform-sticky-regex": ^7.25.9 + "@babel/plugin-transform-template-literals": ^7.25.9 + "@babel/plugin-transform-typeof-symbol": ^7.25.9 + "@babel/plugin-transform-unicode-escapes": ^7.25.9 + "@babel/plugin-transform-unicode-property-regex": ^7.25.9 + "@babel/plugin-transform-unicode-regex": ^7.25.9 + "@babel/plugin-transform-unicode-sets-regex": ^7.25.9 "@babel/preset-modules": 0.1.6-no-external-plugins babel-plugin-polyfill-corejs2: ^0.4.10 - babel-plugin-polyfill-corejs3: ^0.10.4 + babel-plugin-polyfill-corejs3: ^0.10.6 babel-plugin-polyfill-regenerator: ^0.6.1 - core-js-compat: ^3.37.1 + core-js-compat: ^3.38.1 semver: ^6.3.1 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: efea0039dbb089c9cc0b792b9ac0eef949699584b4c622e2abea062b44b1a0fbcda6ad25e2263ae36a69586889b4a22439a1096aa8152b366e3fedd921ae66ac + checksum: 0c3e2b3758cc0347dcf5551b5209db702764183dce66ff20bffceff6486c090bef9175f5f7d1e68cfe5584f0d817b2aab25ab5992058a7998f061f244c8caf5f languageName: node linkType: hard @@ -1489,24 +1306,17 @@ __metadata: linkType: hard "@babel/preset-typescript@npm:^7.24.6": - version: 7.24.7 - resolution: "@babel/preset-typescript@npm:7.24.7" - dependencies: - "@babel/helper-plugin-utils": ^7.24.7 - "@babel/helper-validator-option": ^7.24.7 - "@babel/plugin-syntax-jsx": ^7.24.7 - "@babel/plugin-transform-modules-commonjs": ^7.24.7 - "@babel/plugin-transform-typescript": ^7.24.7 + version: 7.26.0 + resolution: "@babel/preset-typescript@npm:7.26.0" + dependencies: + "@babel/helper-plugin-utils": ^7.25.9 + "@babel/helper-validator-option": ^7.25.9 + "@babel/plugin-syntax-jsx": ^7.25.9 + "@babel/plugin-transform-modules-commonjs": ^7.25.9 + "@babel/plugin-transform-typescript": ^7.25.9 peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 12929b24757f3bd6548103475f86478eda4c872bc7cefd920b29591eee8f4a4f350561d888e133d632d0c9402b8615fdcec9138e5127a6567dcb22f804ff207f - languageName: node - linkType: hard - -"@babel/regjsgen@npm:^0.8.0": - version: 0.8.0 - resolution: "@babel/regjsgen@npm:0.8.0" - checksum: 89c338fee774770e5a487382170711014d49a68eb281e74f2b5eac88f38300a4ad545516a7786a8dd5702e9cf009c94c2f582d200f077ac5decd74c56b973730 + checksum: 6d8641fa6efd0e10eec5e8f92cd164b916a06d57131cfa5216c281404289c87d2b4995140a1c1d9c3bad171ff6ef2226be5f0585e09577ffff349706e991ec71 languageName: node linkType: hard @@ -1520,51 +1330,47 @@ __metadata: linkType: hard "@babel/runtime@npm:^7.14.0, @babel/runtime@npm:^7.17.8, @babel/runtime@npm:^7.21.0, @babel/runtime@npm:^7.8.4": - version: 7.24.8 - resolution: "@babel/runtime@npm:7.24.8" + version: 7.26.0 + resolution: "@babel/runtime@npm:7.26.0" dependencies: regenerator-runtime: ^0.14.0 - checksum: 6b1e4230580f67a807ad054720812bbefbb024cc2adc1159d050acbb764c4c81c7ac5f7a042c48f578987c5edc2453c71039268df059058e9501fa6023d764b0 + checksum: c8e2c0504ab271b3467a261a8f119bf2603eb857a0d71e37791f4e3fae00f681365073cc79f141ddaa90c6077c60ba56448004ad5429d07ac73532be9f7cf28a languageName: node linkType: hard -"@babel/template@npm:^7.24.7": - version: 7.24.7 - resolution: "@babel/template@npm:7.24.7" +"@babel/template@npm:^7.25.9": + version: 7.25.9 + resolution: "@babel/template@npm:7.25.9" dependencies: - "@babel/code-frame": ^7.24.7 - "@babel/parser": ^7.24.7 - "@babel/types": ^7.24.7 - checksum: ea90792fae708ddf1632e54c25fe1a86643d8c0132311f81265d2bdbdd42f9f4fac65457056c1b6ca87f7aa0d6a795b549566774bba064bdcea2034ab3960ee9 + "@babel/code-frame": ^7.25.9 + "@babel/parser": ^7.25.9 + "@babel/types": ^7.25.9 + checksum: 103641fea19c7f4e82dc913aa6b6ac157112a96d7c724d513288f538b84bae04fb87b1f1e495ac1736367b1bc30e10f058b30208fb25f66038e1f1eb4e426472 languageName: node linkType: hard -"@babel/traverse@npm:^7.24.7, @babel/traverse@npm:^7.24.8, @babel/traverse@npm:^7.4.5": - version: 7.24.8 - resolution: "@babel/traverse@npm:7.24.8" +"@babel/traverse@npm:^7.25.9, @babel/traverse@npm:^7.4.5": + version: 7.25.9 + resolution: "@babel/traverse@npm:7.25.9" dependencies: - "@babel/code-frame": ^7.24.7 - "@babel/generator": ^7.24.8 - "@babel/helper-environment-visitor": ^7.24.7 - "@babel/helper-function-name": ^7.24.7 - "@babel/helper-hoist-variables": ^7.24.7 - "@babel/helper-split-export-declaration": ^7.24.7 - "@babel/parser": ^7.24.8 - "@babel/types": ^7.24.8 + "@babel/code-frame": ^7.25.9 + "@babel/generator": ^7.25.9 + "@babel/parser": ^7.25.9 + "@babel/template": ^7.25.9 + "@babel/types": ^7.25.9 debug: ^4.3.1 globals: ^11.1.0 - checksum: ee7955476ce031613249f2b0ce9e74a3b7787c9d52e84534fcf39ad61aeb0b811a4cd83edc157608be4886f04c6ecf210861e211ba2a3db4fda729cc2048b5ed + checksum: 901d325662ff1dd9bc51de00862e01055fa6bc374f5297d7e3731f2f0e268bbb1d2141f53fa82860aa308ee44afdcf186a948f16c83153927925804b95a9594d languageName: node linkType: hard -"@babel/types@npm:^7.12.13, @babel/types@npm:^7.24.7, @babel/types@npm:^7.24.8, @babel/types@npm:^7.24.9, @babel/types@npm:^7.4.4, @babel/types@npm:^7.7.2, @babel/types@npm:^7.8.3": - version: 7.24.9 - resolution: "@babel/types@npm:7.24.9" +"@babel/types@npm:^7.12.13, @babel/types@npm:^7.25.9, @babel/types@npm:^7.26.0, @babel/types@npm:^7.4.4, @babel/types@npm:^7.7.2": + version: 7.26.0 + resolution: "@babel/types@npm:7.26.0" dependencies: - "@babel/helper-string-parser": ^7.24.8 - "@babel/helper-validator-identifier": ^7.24.7 - to-fast-properties: ^2.0.0 - checksum: 15cb05c45be5d4c49a749575d3742bd005d0e2e850c13fb462754983a5bc1063fbc8f6566246fc064e3e8b21a5a75a37a948f1b3f27189cc90b236fee93f5e51 + "@babel/helper-string-parser": ^7.25.9 + "@babel/helper-validator-identifier": ^7.25.9 + checksum: a3dd37dabac693018872da96edb8c1843a605c1bfacde6c3f504fba79b972426a6f24df70aa646356c0c1b19bdd2c722c623c684a996c002381071680602280d languageName: node linkType: hard @@ -1949,8 +1755,8 @@ __metadata: linkType: hard "@ember/optional-features@npm:^2.0.0": - version: 2.1.0 - resolution: "@ember/optional-features@npm:2.1.0" + version: 2.2.0 + resolution: "@ember/optional-features@npm:2.2.0" dependencies: chalk: ^4.1.2 ember-cli-version-checker: ^5.1.2 @@ -1958,7 +1764,7 @@ __metadata: inquirer: ^7.3.3 mkdirp: ^1.0.4 silent-error: ^1.1.1 - checksum: b1f1be8179b750de50db70ebc449a77b9590d341230cffc1f03324bc4ae1e24eb71a27f8503da0639096012b65ef4a540cea22b2ec5f8beff3deec56d0c5bd22 + checksum: f4a1e91e9a735b746de830d90388edcffd6034fcb9551e22d8ce8ed1455944e270d31777e83d269c9ad5cf6376efe396de52dc096f8b96d4c31ac8d37f32919c languageName: node linkType: hard @@ -1999,8 +1805,8 @@ __metadata: linkType: hard "@ember/test-helpers@npm:^3.2.0": - version: 3.3.0 - resolution: "@ember/test-helpers@npm:3.3.0" + version: 3.3.1 + resolution: "@ember/test-helpers@npm:3.3.1" dependencies: "@ember/test-waiters": ^3.0.2 "@embroider/macros": ^1.10.0 @@ -2009,11 +1815,11 @@ __metadata: broccoli-funnel: ^3.0.8 dom-element-descriptors: ^0.5.0 ember-auto-import: ^2.6.0 - ember-cli-babel: ^7.26.11 + ember-cli-babel: ^8.2.0 ember-cli-htmlbars: ^6.2.0 peerDependencies: ember-source: ^4.0.0 || ^5.0.0 - checksum: 711a37f143533dd43f0da0d94800feebaf1883a1db64b242f9f9f70cc0c1b6c8c0c00ac26d9e5e0ee800e1646251d19fcc25648f20a4b1a64c775591b86620a9 + checksum: fcb6594814944e1d871f74f5ff4f610484cc9276274383cf9e437bc81c43d1ee3afccf674ae905b0ed71b4d208cde8413e6093f62dac0015956dcc410c0ff26e languageName: node linkType: hard @@ -2029,23 +1835,23 @@ __metadata: languageName: node linkType: hard -"@embroider/addon-shim@npm:^1.0.0, @embroider/addon-shim@npm:^1.2.0, @embroider/addon-shim@npm:^1.6.0, @embroider/addon-shim@npm:^1.8.0, @embroider/addon-shim@npm:^1.8.3, @embroider/addon-shim@npm:^1.8.4, @embroider/addon-shim@npm:^1.8.6, @embroider/addon-shim@npm:^1.8.7, @embroider/addon-shim@npm:^1.8.9": - version: 1.8.9 - resolution: "@embroider/addon-shim@npm:1.8.9" +"@embroider/addon-shim@npm:^1.0.0, @embroider/addon-shim@npm:^1.2.0, @embroider/addon-shim@npm:^1.6.0, @embroider/addon-shim@npm:^1.8.0, @embroider/addon-shim@npm:^1.8.3, @embroider/addon-shim@npm:^1.8.4, @embroider/addon-shim@npm:^1.8.6, @embroider/addon-shim@npm:^1.8.7, @embroider/addon-shim@npm:^1.8.9, @embroider/addon-shim@npm:^1.9.0": + version: 1.9.0 + resolution: "@embroider/addon-shim@npm:1.9.0" dependencies: - "@embroider/shared-internals": ^2.6.0 + "@embroider/shared-internals": ^2.8.1 broccoli-funnel: ^3.0.8 common-ancestor-path: ^1.0.1 semver: ^7.3.8 - checksum: 487bca1e8c7de93427d2c7221cace571ea5d75a5bd6bb838861a2071dc6d06a45e844fe6875cc8fb8c003112df4f7df38ac7f702aa60d79ccf62b2ad73218c28 + checksum: 189c08a9f79ff31baf0c0ae17bca9c5eccb04aaf439c309719f1c8216e96d289d969b2a0b3c4a3e8817bcb8b968a953dbdf9d305ec1d0361b63c8ff4d708a914 languageName: node linkType: hard "@embroider/macros@npm:^1.15.0": - version: 1.16.5 - resolution: "@embroider/macros@npm:1.16.5" + version: 1.16.9 + resolution: "@embroider/macros@npm:1.16.9" dependencies: - "@embroider/shared-internals": 2.6.2 + "@embroider/shared-internals": 2.8.1 assert-never: ^1.2.1 babel-import-util: ^2.0.0 ember-cli-babel: ^7.26.6 @@ -2058,29 +1864,31 @@ __metadata: peerDependenciesMeta: "@glint/template": optional: true - checksum: 9fc4c96c8e1e26f9d0ddc0aef41951e88a0d7266f37ccaf9f45c9303419586ff607f8fc78f9c216152899382d42a07b24105c3014848fb41b4301ae856e3491e + checksum: 116294314d80f08c4d5b2d71bcaf48d761f879b55e3552241c3260e8ec574a3d07090c84af0c3334e653bbc3574ec692716f27c51b81e744bc78629e12c73179 languageName: node linkType: hard -"@embroider/shared-internals@npm:2.6.2, @embroider/shared-internals@npm:^2.0.0, @embroider/shared-internals@npm:^2.6.0": - version: 2.6.2 - resolution: "@embroider/shared-internals@npm:2.6.2" +"@embroider/shared-internals@npm:2.8.1, @embroider/shared-internals@npm:^2.0.0, @embroider/shared-internals@npm:^2.8.1": + version: 2.8.1 + resolution: "@embroider/shared-internals@npm:2.8.1" dependencies: babel-import-util: ^2.0.0 debug: ^4.3.2 ember-rfc176-data: ^0.3.17 fs-extra: ^9.1.0 + is-subdir: ^1.2.0 js-string-escape: ^1.0.1 lodash: ^4.17.21 minimatch: ^3.0.4 + pkg-entry-points: ^1.1.0 resolve-package-path: ^4.0.1 semver: ^7.3.5 typescript-memoize: ^1.0.1 - checksum: 391b4a9fd6aae640533862c50ffdc459083ec891bca294d4487340124de54436d487d2680e7eecde0ae1ff58b8ca61288a2314e15afcf17642b30a63ff835c6f + checksum: ec70adf4a21c93d92b9fd88bf2b988c124021510645185f64d9e30c7cbf5ce4455b0445c783f42e89ef80df02cb4706473de325852e31087e5b8b34c117641a7 languageName: node linkType: hard -"@embroider/util@npm:^1.0.0, @embroider/util@npm:^1.13.1": +"@embroider/util@npm:^1.0.0, @embroider/util@npm:^1.13.2": version: 1.13.2 resolution: "@embroider/util@npm:1.13.2" dependencies: @@ -2101,20 +1909,20 @@ __metadata: linkType: hard "@eslint-community/eslint-utils@npm:^4.1.2, @eslint-community/eslint-utils@npm:^4.2.0, @eslint-community/eslint-utils@npm:^4.4.0": - version: 4.4.0 - resolution: "@eslint-community/eslint-utils@npm:4.4.0" + version: 4.4.1 + resolution: "@eslint-community/eslint-utils@npm:4.4.1" dependencies: - eslint-visitor-keys: ^3.3.0 + eslint-visitor-keys: ^3.4.3 peerDependencies: eslint: ^6.0.0 || ^7.0.0 || >=8.0.0 - checksum: cdfe3ae42b4f572cbfb46d20edafe6f36fc5fb52bf2d90875c58aefe226892b9677fef60820e2832caf864a326fe4fc225714c46e8389ccca04d5f9288aabd22 + checksum: a7ffc838eb6a9ef594cda348458ccf38f34439ac77dc090fa1c120024bcd4eb911dfd74d5ef44d42063e7949fa7c5123ce714a015c4abb917d4124be1bd32bfe languageName: node linkType: hard "@eslint-community/regexpp@npm:^4.11.0, @eslint-community/regexpp@npm:^4.4.0, @eslint-community/regexpp@npm:^4.6.1": - version: 4.11.0 - resolution: "@eslint-community/regexpp@npm:4.11.0" - checksum: 97d2fe46690b69417a551bd19a3dc53b6d9590d2295c43cc4c4e44e64131af541e2f4a44d5c12e87de990403654d3dae9d33600081f3a2f0386b368abc9111ec + version: 4.12.1 + resolution: "@eslint-community/regexpp@npm:4.12.1" + checksum: 0d628680e204bc316d545b4993d3658427ca404ae646ce541fcc65306b8c712c340e5e573e30fb9f85f4855c0c5f6dca9868931f2fcced06417fbe1a0c6cd2d6 languageName: node linkType: hard @@ -2135,36 +1943,36 @@ __metadata: languageName: node linkType: hard -"@eslint/js@npm:8.57.0": - version: 8.57.0 - resolution: "@eslint/js@npm:8.57.0" - checksum: 315dc65b0e9893e2bff139bddace7ea601ad77ed47b4550e73da8c9c2d2766c7a575c3cddf17ef85b8fd6a36ff34f91729d0dcca56e73ca887c10df91a41b0bb +"@eslint/js@npm:8.57.1": + version: 8.57.1 + resolution: "@eslint/js@npm:8.57.1" + checksum: 2afb77454c06e8316793d2e8e79a0154854d35e6782a1217da274ca60b5044d2c69d6091155234ed0551a1e408f86f09dd4ece02752c59568fa403e60611e880 languageName: node linkType: hard "@floating-ui/core@npm:^1.6.0": - version: 1.6.5 - resolution: "@floating-ui/core@npm:1.6.5" + version: 1.6.8 + resolution: "@floating-ui/core@npm:1.6.8" dependencies: - "@floating-ui/utils": ^0.2.5 - checksum: 8e6c62a6e9223fba9afbcaca8afe408788a2bc8ab1b2f5734a26d5b02d4017a2baffc7176a938a610fd243e6a983ada605f259b35c88813e2230dd29906a78fd + "@floating-ui/utils": ^0.2.8 + checksum: 82faa6ea9d57e466779324e51308d6d49c098fb9d184a08d9bb7f4fad83f08cc070fc491f8d56f0cad44a16215fb43f9f829524288413e6c33afcb17303698de languageName: node linkType: hard "@floating-ui/dom@npm:^1.6.3": - version: 1.6.8 - resolution: "@floating-ui/dom@npm:1.6.8" + version: 1.6.12 + resolution: "@floating-ui/dom@npm:1.6.12" dependencies: "@floating-ui/core": ^1.6.0 - "@floating-ui/utils": ^0.2.5 - checksum: bab6954bdde69afeaf8dbbf335818fe710c6eae1c62856ae1e09fa6abdc056bf5995e053638b76fa6661b8384c363ca2af874ab0448c3f6943808f4f8f77f3ea + "@floating-ui/utils": ^0.2.8 + checksum: 956514ed100c0c853e73ace9e3c877b7e535444d7c31326f687a7690d49cb1e59ef457e9c93b76141aea0d280e83ed5a983bb852718b62eea581f755454660f6 languageName: node linkType: hard -"@floating-ui/utils@npm:^0.2.5": - version: 0.2.5 - resolution: "@floating-ui/utils@npm:0.2.5" - checksum: 32834fe0fec5ee89187f8defd0b10813d725dab7dc6ed1545ded6655630bac5d438f0c991d019d675585e118846f12391236fc2886a5c73a57576e7de3eca3f9 +"@floating-ui/utils@npm:^0.2.8": + version: 0.2.8 + resolution: "@floating-ui/utils@npm:0.2.8" + checksum: deb98bba017c4e073c7ad5740d4dec33a4d3e0942d412e677ac0504f3dade15a68fc6fd164d43c93c0bb0bcc5dc5015c1f4080dfb1a6161140fe660624f7c875 languageName: node linkType: hard @@ -2492,9 +2300,9 @@ __metadata: linkType: hard "@hashicorp/design-system-tokens@npm:^2.1.0": - version: 2.2.0 - resolution: "@hashicorp/design-system-tokens@npm:2.2.0" - checksum: 654978be98a94c1f478e472793b9c1b62762bb30f9e0a097c2e1effd4fb2b4619eeef347e39599aea4dd63c451e0f41e698d887827ca2496de83a9e1e1dd8525 + version: 2.2.1 + resolution: "@hashicorp/design-system-tokens@npm:2.2.1" + checksum: 0e4348ab27b2da4725068b5dab83474ad496895d2b422708b2c08cfc39289830f3756a1b352aff6e6095f64e3476ac227034ab02c7d2e0cc49d13a81ef69f6f3 languageName: node linkType: hard @@ -2511,20 +2319,20 @@ __metadata: linkType: hard "@hashicorp/flight-icons@npm:^3.5.0": - version: 3.5.0 - resolution: "@hashicorp/flight-icons@npm:3.5.0" - checksum: a06f6606d4df682d2756eddebf92765b18774cdcc8e2050e440c85cff16126ae72455869b967e2aef15d97a5caf517578d66cf6fc098f1d3564a9deec9a95ebf + version: 3.7.0 + resolution: "@hashicorp/flight-icons@npm:3.7.0" + checksum: 9d043a8df428ce47475a8f2605ad31119a9da766b2310eeba207fd311ae5c0422c19fb91b636b744c590a5c0d19075cb295787961d3e46fdd5e21ef17b2df606 languageName: node linkType: hard -"@humanwhocodes/config-array@npm:^0.11.14": - version: 0.11.14 - resolution: "@humanwhocodes/config-array@npm:0.11.14" +"@humanwhocodes/config-array@npm:^0.13.0": + version: 0.13.0 + resolution: "@humanwhocodes/config-array@npm:0.13.0" dependencies: - "@humanwhocodes/object-schema": ^2.0.2 + "@humanwhocodes/object-schema": ^2.0.3 debug: ^4.3.1 minimatch: ^3.0.5 - checksum: 861ccce9eaea5de19546653bccf75bf09fe878bc39c3aab00aeee2d2a0e654516adad38dd1098aab5e3af0145bbcbf3f309bdf4d964f8dab9dcd5834ae4c02f2 + checksum: eae69ff9134025dd2924f0b430eb324981494be26f0fddd267a33c28711c4db643242cf9fddf7dadb9d16c96b54b2d2c073e60a56477df86e0173149313bd5d6 languageName: node linkType: hard @@ -2535,7 +2343,7 @@ __metadata: languageName: node linkType: hard -"@humanwhocodes/object-schema@npm:^2.0.2": +"@humanwhocodes/object-schema@npm:^2.0.3": version: 2.0.3 resolution: "@humanwhocodes/object-schema@npm:2.0.3" checksum: d3b78f6c5831888c6ecc899df0d03bcc25d46f3ad26a11d7ea52944dc36a35ef543fad965322174238d677a43d5c694434f6607532cff7077062513ad7022631 @@ -2550,9 +2358,9 @@ __metadata: linkType: hard "@inquirer/figures@npm:^1.0.3": - version: 1.0.5 - resolution: "@inquirer/figures@npm:1.0.5" - checksum: 01dc7b95fe7b030b0577d59f45c4fa5c002dccb43ac75ff106d7142825e09dee63a6f9c42b044da2bc964bf38c40229a112a26505a68f3912b15dc8304106bbc + version: 1.0.8 + resolution: "@inquirer/figures@npm:1.0.8" + checksum: 24c5c70f49a5f0e9d38f5552fb6936c258d2fc545f6a4944b17ba357c9ca4a729e8cffd77666971554ebc2a57948cfe5003331271a259c406b3f2de0e9c559b7 languageName: node linkType: hard @@ -2605,7 +2413,7 @@ __metadata: languageName: node linkType: hard -"@jridgewell/sourcemap-codec@npm:^1.4.10, @jridgewell/sourcemap-codec@npm:^1.4.14, @jridgewell/sourcemap-codec@npm:^1.4.15": +"@jridgewell/sourcemap-codec@npm:^1.4.10, @jridgewell/sourcemap-codec@npm:^1.4.14, @jridgewell/sourcemap-codec@npm:^1.5.0": version: 1.5.0 resolution: "@jridgewell/sourcemap-codec@npm:1.5.0" checksum: 05df4f2538b3b0f998ea4c1cd34574d0feba216fa5d4ccaef0187d12abf82eafe6021cec8b49f9bb4d90f2ba4582ccc581e72986a5fcf4176ae0cfeb04cf52ec @@ -2662,15 +2470,15 @@ __metadata: linkType: hard "@mdn/browser-compat-data@npm:^5.2.34, @mdn/browser-compat-data@npm:^5.3.13": - version: 5.5.40 - resolution: "@mdn/browser-compat-data@npm:5.5.40" - checksum: 58030a5b95b4d92aa695e72cfe8319e4605e985d11e52fedf8bb7469ff8496ccb4c0501bcb68ae5caeb3f69439f3422611996c6de9e4f4377dbb0b3af12fe55c + version: 5.6.14 + resolution: "@mdn/browser-compat-data@npm:5.6.14" + checksum: 8990ee469aca8e7d79b3ae79cc0670fe2ba42982ede71c0c70d161a58b445f9a642e3bbe74d2da1db3ef10943e8b9458ee63a7d992fc06bf868f9c452cc5dd52 languageName: node linkType: hard "@messageformat/core@npm:^3.0.1": - version: 3.3.0 - resolution: "@messageformat/core@npm:3.3.0" + version: 3.4.0 + resolution: "@messageformat/core@npm:3.4.0" dependencies: "@messageformat/date-skeleton": ^1.0.0 "@messageformat/number-skeleton": ^1.0.0 @@ -2678,14 +2486,14 @@ __metadata: "@messageformat/runtime": ^3.0.1 make-plural: ^7.0.0 safe-identifier: ^0.4.1 - checksum: 9c4e8cb878567711b132305ba798358751f5db43cdbcd450469dd6bc880fcf7edb313bf3f0eb8ad3e78c86aeaa7c32050b611dfd3b8ec2ae4e58373973082ea0 + checksum: c9b75b510a8b0193a4ee6d600c97f7adacbb98125bd7c0ef60c9ebfb97591d0ecf8247868373919e79adcff1fc6aecd04a905160e212976d2846e4f0dc3d705f languageName: node linkType: hard "@messageformat/date-skeleton@npm:^1.0.0": - version: 1.0.1 - resolution: "@messageformat/date-skeleton@npm:1.0.1" - checksum: 0832029a18ae54c81d4473eaa764cebbabe084d1a3253a6d4975e5802bff7416a51d43522aad9292eb9663735282a7667e2818efc92905c497ca87424d822ceb + version: 1.1.0 + resolution: "@messageformat/date-skeleton@npm:1.1.0" + checksum: 599adc2aba1639b9505420bce61035ce8cbf1a38bf77b39be5de7b9ecb4c4a2290ae3ebc2ee94ba5aabf52d22654b5febb961694dc52d9a4e6fb859d758aaea8 languageName: node linkType: hard @@ -2786,6 +2594,150 @@ __metadata: languageName: node linkType: hard +"@parcel/watcher-android-arm64@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-android-arm64@npm:2.5.0" + conditions: os=android & cpu=arm64 + languageName: node + linkType: hard + +"@parcel/watcher-darwin-arm64@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-darwin-arm64@npm:2.5.0" + conditions: os=darwin & cpu=arm64 + languageName: node + linkType: hard + +"@parcel/watcher-darwin-x64@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-darwin-x64@npm:2.5.0" + conditions: os=darwin & cpu=x64 + languageName: node + linkType: hard + +"@parcel/watcher-freebsd-x64@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-freebsd-x64@npm:2.5.0" + conditions: os=freebsd & cpu=x64 + languageName: node + linkType: hard + +"@parcel/watcher-linux-arm-glibc@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-linux-arm-glibc@npm:2.5.0" + conditions: os=linux & cpu=arm & libc=glibc + languageName: node + linkType: hard + +"@parcel/watcher-linux-arm-musl@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-linux-arm-musl@npm:2.5.0" + conditions: os=linux & cpu=arm & libc=musl + languageName: node + linkType: hard + +"@parcel/watcher-linux-arm64-glibc@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-linux-arm64-glibc@npm:2.5.0" + conditions: os=linux & cpu=arm64 & libc=glibc + languageName: node + linkType: hard + +"@parcel/watcher-linux-arm64-musl@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-linux-arm64-musl@npm:2.5.0" + conditions: os=linux & cpu=arm64 & libc=musl + languageName: node + linkType: hard + +"@parcel/watcher-linux-x64-glibc@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-linux-x64-glibc@npm:2.5.0" + conditions: os=linux & cpu=x64 & libc=glibc + languageName: node + linkType: hard + +"@parcel/watcher-linux-x64-musl@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-linux-x64-musl@npm:2.5.0" + conditions: os=linux & cpu=x64 & libc=musl + languageName: node + linkType: hard + +"@parcel/watcher-win32-arm64@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-win32-arm64@npm:2.5.0" + conditions: os=win32 & cpu=arm64 + languageName: node + linkType: hard + +"@parcel/watcher-win32-ia32@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-win32-ia32@npm:2.5.0" + conditions: os=win32 & cpu=ia32 + languageName: node + linkType: hard + +"@parcel/watcher-win32-x64@npm:2.5.0": + version: 2.5.0 + resolution: "@parcel/watcher-win32-x64@npm:2.5.0" + conditions: os=win32 & cpu=x64 + languageName: node + linkType: hard + +"@parcel/watcher@npm:^2.4.1": + version: 2.5.0 + resolution: "@parcel/watcher@npm:2.5.0" + dependencies: + "@parcel/watcher-android-arm64": 2.5.0 + "@parcel/watcher-darwin-arm64": 2.5.0 + "@parcel/watcher-darwin-x64": 2.5.0 + "@parcel/watcher-freebsd-x64": 2.5.0 + "@parcel/watcher-linux-arm-glibc": 2.5.0 + "@parcel/watcher-linux-arm-musl": 2.5.0 + "@parcel/watcher-linux-arm64-glibc": 2.5.0 + "@parcel/watcher-linux-arm64-musl": 2.5.0 + "@parcel/watcher-linux-x64-glibc": 2.5.0 + "@parcel/watcher-linux-x64-musl": 2.5.0 + "@parcel/watcher-win32-arm64": 2.5.0 + "@parcel/watcher-win32-ia32": 2.5.0 + "@parcel/watcher-win32-x64": 2.5.0 + detect-libc: ^1.0.3 + is-glob: ^4.0.3 + micromatch: ^4.0.5 + node-addon-api: ^7.0.0 + node-gyp: latest + dependenciesMeta: + "@parcel/watcher-android-arm64": + optional: true + "@parcel/watcher-darwin-arm64": + optional: true + "@parcel/watcher-darwin-x64": + optional: true + "@parcel/watcher-freebsd-x64": + optional: true + "@parcel/watcher-linux-arm-glibc": + optional: true + "@parcel/watcher-linux-arm-musl": + optional: true + "@parcel/watcher-linux-arm64-glibc": + optional: true + "@parcel/watcher-linux-arm64-musl": + optional: true + "@parcel/watcher-linux-x64-glibc": + optional: true + "@parcel/watcher-linux-x64-musl": + optional: true + "@parcel/watcher-win32-arm64": + optional: true + "@parcel/watcher-win32-ia32": + optional: true + "@parcel/watcher-win32-x64": + optional: true + checksum: 253f93c5f443dfbb638df58712df077fe46ff7e01e7c78df0c4ceb001e8f5b31db01eb7ddac3ae4159722c4d1525894cd4ce5be49f5e6c14a3a52cbbf9f41cbf + languageName: node + linkType: hard + "@pkgjs/parseargs@npm:^0.11.0": version: 0.11.0 resolution: "@pkgjs/parseargs@npm:0.11.0" @@ -2895,6 +2847,13 @@ __metadata: languageName: node linkType: hard +"@scarf/scarf@npm:=1.4.0": + version: 1.4.0 + resolution: "@scarf/scarf@npm:1.4.0" + checksum: def62aa403f7e63165ccb219efd2c420fc0b7357b0ba43397f635e4aa813ace1cdf3855a93fc559b4619bcc0469ae4767b8cb72af30ea5c0522bf4a2ecb18198 + languageName: node + linkType: hard + "@simple-dom/document@npm:^1.4.0": version: 1.4.0 resolution: "@simple-dom/document@npm:1.4.0" @@ -2918,16 +2877,7 @@ __metadata: languageName: node linkType: hard -"@sinonjs/commons@npm:^2.0.0": - version: 2.0.0 - resolution: "@sinonjs/commons@npm:2.0.0" - dependencies: - type-detect: 4.0.8 - checksum: 5023ba17edf2b85ed58262313b8e9b59e23c6860681a9af0200f239fe939e2b79736d04a260e8270ddd57196851dde3ba754d7230be5c5234e777ae2ca8af137 - languageName: node - linkType: hard - -"@sinonjs/commons@npm:^3.0.0": +"@sinonjs/commons@npm:^3.0.0, @sinonjs/commons@npm:^3.0.1": version: 3.0.1 resolution: "@sinonjs/commons@npm:3.0.1" dependencies: @@ -2937,29 +2887,29 @@ __metadata: linkType: hard "@sinonjs/fake-timers@npm:^11.2.2": - version: 11.2.2 - resolution: "@sinonjs/fake-timers@npm:11.2.2" + version: 11.3.1 + resolution: "@sinonjs/fake-timers@npm:11.3.1" dependencies: - "@sinonjs/commons": ^3.0.0 - checksum: 68c29b0e1856fdc280df03ddbf57c726420b78e9f943a241b471edc018fb14ff36fdc1daafd6026cba08c3c7f50c976fb7ae11b88ff44cd7f609692ca7d25158 + "@sinonjs/commons": ^3.0.1 + checksum: 173376bb02e870467705829b003c996bcac958f34238875458961ac6483c6029cd9623950d20c68b648499635a0e6d04c26aac822e4f5c120cc7c217aeba6553 languageName: node linkType: hard "@sinonjs/samsam@npm:^8.0.0": - version: 8.0.0 - resolution: "@sinonjs/samsam@npm:8.0.0" + version: 8.0.2 + resolution: "@sinonjs/samsam@npm:8.0.2" dependencies: - "@sinonjs/commons": ^2.0.0 + "@sinonjs/commons": ^3.0.1 lodash.get: ^4.4.2 - type-detect: ^4.0.8 - checksum: 95e40d0bb9f7288e27c379bee1b03c3dc51e7e78b9d5ea6aef66a690da7e81efc4715145b561b449cefc5361a171791e3ce30fb1a46ab247d4c0766024c60a60 + type-detect: ^4.1.0 + checksum: 7dc24a388ea108e513c88edaaacf98cf4ebcbda8c715551b02954ce50db0e26d6071d98ba9594e737da7fe750079a2af94633d7d46ff1481cb940383b441f29b languageName: node linkType: hard "@sinonjs/text-encoding@npm:^0.7.2": - version: 0.7.2 - resolution: "@sinonjs/text-encoding@npm:0.7.2" - checksum: fe690002a32ba06906cf87e2e8fe84d1590294586f2a7fd180a65355b53660c155c3273d8011a5f2b77209b819aa7306678ae6e4aea0df014bd7ffd4bbbcf1ab + version: 0.7.3 + resolution: "@sinonjs/text-encoding@npm:0.7.3" + checksum: d53f3a3fc94d872b171f7f0725662f4d863e32bca8b44631be4fe67708f13058925ad7297524f882ea232144d7ab978c7fe62c5f79218fca7544cf91be3d233d languageName: node linkType: hard @@ -3012,11 +2962,11 @@ __metadata: linkType: hard "@types/broccoli-plugin@npm:^3.0.0": - version: 3.0.0 - resolution: "@types/broccoli-plugin@npm:3.0.0" + version: 3.0.4 + resolution: "@types/broccoli-plugin@npm:3.0.4" dependencies: broccoli-plugin: "*" - checksum: c5daf3b3ff689a00fa18c90c08e2998c373b7ee11235fcd63ad5ad03ff5d9b844f2b84fca966682490853a443714db4d2f0b389208478a0c1d4e7666f85ca04f + checksum: ddbd7f772a061a2701db6900e08cb0d8648a0a46bed5da50d5224ef7b7538217908e08dd6473f32972e340913960067d470b20e30955bb7a505d47e4116fddca languageName: node linkType: hard @@ -3029,10 +2979,19 @@ __metadata: languageName: node linkType: hard -"@types/chai@npm:*, @types/chai@npm:^4.2.9": - version: 4.3.16 - resolution: "@types/chai@npm:4.3.16" - checksum: bb5f52d1b70534ed8b4bf74bd248add003ffe1156303802ea367331607c06b494da885ffbc2b674a66b4f90c9ee88759790a5f243879f6759f124f22328f5e95 +"@types/chai@npm:*": + version: 5.0.1 + resolution: "@types/chai@npm:5.0.1" + dependencies: + "@types/deep-eql": "*" + checksum: 53d813cbca3755c025381ad4ac8b51b17897df90316350247f9527bdba3adb48b3b1315308fbd717d9013d8e60375c0ab4bd004dc72330133486ff5db4cb0b2c + languageName: node + linkType: hard + +"@types/chai@npm:^4.2.9": + version: 4.3.20 + resolution: "@types/chai@npm:4.3.20" + checksum: 7c5b0c9148f1a844a8d16cb1e16c64f2e7749cab2b8284155b9e494a6b34054846e22fb2b38df6b290f9bf57e6beebb2e121940c5896bc086ad7bab7ed429f06 languageName: node linkType: hard @@ -3068,52 +3027,39 @@ __metadata: languageName: node linkType: hard -"@types/eslint-scope@npm:^3.7.3": - version: 3.7.7 - resolution: "@types/eslint-scope@npm:3.7.7" - dependencies: - "@types/eslint": "*" - "@types/estree": "*" - checksum: e2889a124aaab0b89af1bab5959847c5bec09809209255de0e63b9f54c629a94781daa04adb66bffcdd742f5e25a17614fb933965093c0eea64aacda4309380e - languageName: node - linkType: hard - -"@types/eslint@npm:*": - version: 9.6.0 - resolution: "@types/eslint@npm:9.6.0" - dependencies: - "@types/estree": "*" - "@types/json-schema": "*" - checksum: 7be4b1d24f3df30b28e9cbaac6a5fa14ec1ceca7c173d9605c0ec6e0d1dcdba0452d326dd695dd980f5c14b42aa09fe41675c4f09ffc82db4f466588d3f837cb +"@types/deep-eql@npm:*": + version: 4.0.2 + resolution: "@types/deep-eql@npm:4.0.2" + checksum: 249a27b0bb22f6aa28461db56afa21ec044fa0e303221a62dff81831b20c8530502175f1a49060f7099e7be06181078548ac47c668de79ff9880241968d43d0c languageName: node linkType: hard "@types/eslint@npm:^8.4.2, @types/eslint@npm:^8.4.9": - version: 8.56.11 - resolution: "@types/eslint@npm:8.56.11" + version: 8.56.12 + resolution: "@types/eslint@npm:8.56.12" dependencies: "@types/estree": "*" "@types/json-schema": "*" - checksum: 181a7f11bdc70523142554e4751b8571fa546f71f25fdc363298744857a01e830c9c009a61e81c1a0fd4f01a46f91d6d7098f582142fec94da8f86b94bb50b7a + checksum: 0f7710ee02a256c499514251f527f84de964bb29487db840408e4cde79283124a38935597636d2265756c34dd1d902e1b00ae78930d4a0b55111909cb7b80d84 languageName: node linkType: hard -"@types/estree@npm:*, @types/estree@npm:^1.0.0": - version: 1.0.5 - resolution: "@types/estree@npm:1.0.5" - checksum: dd8b5bed28e6213b7acd0fb665a84e693554d850b0df423ac8076cc3ad5823a6bc26b0251d080bdc545af83179ede51dd3f6fa78cad2c46ed1f29624ddf3e41a +"@types/estree@npm:*, @types/estree@npm:^1.0.5": + version: 1.0.6 + resolution: "@types/estree@npm:1.0.6" + checksum: 8825d6e729e16445d9a1dd2fb1db2edc5ed400799064cd4d028150701031af012ba30d6d03fe9df40f4d7a437d0de6d2b256020152b7b09bde9f2e420afdffd9 languageName: node linkType: hard "@types/express-serve-static-core@npm:^4.17.33": - version: 4.19.5 - resolution: "@types/express-serve-static-core@npm:4.19.5" + version: 4.19.6 + resolution: "@types/express-serve-static-core@npm:4.19.6" dependencies: "@types/node": "*" "@types/qs": "*" "@types/range-parser": "*" "@types/send": "*" - checksum: 72076c2f8df55e89136d4343fc874050d56c0f4afd885772a8aa506b98c3f4f3ddc7dcba42295a8b931c61000234fd679aec79ef50db15f376bf37d46234939a + checksum: b0576eddc2d25ccdf10e68ba09598b87a4d7b2ad04a81dc847cb39fe56beb0b6a5cc017b1e00aa0060cb3b38e700384ce96d291a116a0f1e54895564a104aae9 languageName: node linkType: hard @@ -3184,11 +3130,11 @@ __metadata: linkType: hard "@types/jquery@npm:^3.5.14": - version: 3.5.30 - resolution: "@types/jquery@npm:3.5.30" + version: 3.5.32 + resolution: "@types/jquery@npm:3.5.32" dependencies: "@types/sizzle": "*" - checksum: 4594d10fa9b347062883d254a23c9259ae814ef5989ce1985f093dcc7ad4475e324ac3343aef10599c478ea4951726f0e7f79d8ed471ab04de394b7e724d6d13 + checksum: 7fe7251bda3fc9d80417ef7c88ad963ccb591706bca2fb84ea5d9600498a8f9911c32302f28fd1910bb212c34193f38f63818757a9833b70e1f46c3a98a17625 languageName: node linkType: hard @@ -3207,12 +3153,12 @@ __metadata: linkType: hard "@types/markdown-it@npm:^14.1.1": - version: 14.1.1 - resolution: "@types/markdown-it@npm:14.1.1" + version: 14.1.2 + resolution: "@types/markdown-it@npm:14.1.2" dependencies: "@types/linkify-it": ^5 "@types/mdurl": ^2 - checksum: 48279558c7c8a836d2cc598e90937a23a43516716005b4697374d320cea80ad37950d8b378839b8d449f70c296e7377db60c118deda3aaae551474617d350d15 + checksum: ad66e0b377d6af09a155bb65f675d1e2cb27d20a3d407377fe4508eb29cde1e765430b99d5129f89012e2524abb5525d629f7057a59ff9fd0967e1ff645b9ec6 languageName: node linkType: hard @@ -3261,11 +3207,11 @@ __metadata: linkType: hard "@types/node@npm:*, @types/node@npm:>=10.0.0": - version: 20.14.11 - resolution: "@types/node@npm:20.14.11" + version: 22.10.1 + resolution: "@types/node@npm:22.10.1" dependencies: - undici-types: ~5.26.4 - checksum: 24396dea2bc803c2d2ebfdd31a3e6e93818ba1a5933d63cd0f64fad1e2955a8280ba09338a48ffe68cd84748eec8bee27135045f15661aa389656f67fe0b0924 + undici-types: ~6.20.0 + checksum: 5a9b81500f288a8fb757b61bd939f99f72b6cb59347a5bae52dd1c2c87100ebbaa9da4256ef3cb9add2090e8704cda1d9a1ffc14ccd5db47a6466c8bae10ebcb languageName: node linkType: hard @@ -3298,16 +3244,16 @@ __metadata: linkType: hard "@types/qs@npm:*": - version: 6.9.15 - resolution: "@types/qs@npm:6.9.15" - checksum: 97d8208c2b82013b618e7a9fc14df6bd40a73e1385ac479b6896bafc7949a46201c15f42afd06e86a05e914f146f495f606b6fb65610cc60cf2e0ff743ec38a2 + version: 6.9.17 + resolution: "@types/qs@npm:6.9.17" + checksum: fc3beda0be70e820ddabaa361e8dfec5e09b482b8f6cf1515615479a027dd06cd5ba0ffbd612b654c2605523f45f484c8905a475623d6cd0c4cadcf5d0c517f5 languageName: node linkType: hard "@types/qunit@npm:^2.19.4": - version: 2.19.10 - resolution: "@types/qunit@npm:2.19.10" - checksum: 039d53d6397361da440616215202b42d4595d22ee9907c96d3ab9c10d01b78d5efaaf788f2d3d7e36f80bc8d3a3bc78e8d169861efad501d64c0d1c287bcfa6e + version: 2.19.12 + resolution: "@types/qunit@npm:2.19.12" + checksum: 00f29247692f3a59977d272474e7d3682d0149cbd4c26abe31025e51763f7cae0918e20545a1dad76c213fe6187473fbb41457c052c358fdde9ec4c002544b3e languageName: node linkType: hard @@ -3387,9 +3333,9 @@ __metadata: linkType: hard "@types/sizzle@npm:*": - version: 2.3.8 - resolution: "@types/sizzle@npm:2.3.8" - checksum: 2ac62443dc917f5f903cbd9afc51c7d6cc1c6569b4e1a15faf04aea5b13b486e7f208650014c3dc4fed34653eded3e00fe5abffe0e6300cbf0e8a01beebf11a6 + version: 2.3.9 + resolution: "@types/sizzle@npm:2.3.9" + checksum: 413811a79e7e9f1d8f47e6047ae0aea1530449d612304cdda1c30018e3d053b8544861ec2c70bdeca75a0a010192e6bb78efc6fb4caaafdd65c4eee90066686a languageName: node linkType: hard @@ -3407,10 +3353,17 @@ __metadata: languageName: node linkType: hard +"@types/trusted-types@npm:^2.0.7": + version: 2.0.7 + resolution: "@types/trusted-types@npm:2.0.7" + checksum: 8e4202766a65877efcf5d5a41b7dd458480b36195e580a3b1085ad21e948bc417d55d6f8af1fd2a7ad008015d4117d5fdfe432731157da3c68678487174e4ba3 + languageName: node + linkType: hard + "@types/unist@npm:^2, @types/unist@npm:^2.0.0, @types/unist@npm:^2.0.2, @types/unist@npm:^2.0.3": - version: 2.0.10 - resolution: "@types/unist@npm:2.0.10" - checksum: e2924e18dedf45f68a5c6ccd6015cd62f1643b1b43baac1854efa21ae9e70505db94290434a23da1137d9e31eb58e54ca175982005698ac37300a1c889f6c4aa + version: 2.0.11 + resolution: "@types/unist@npm:2.0.11" + checksum: 6d436e832bc35c6dde9f056ac515ebf2b3384a1d7f63679d12358766f9b313368077402e9c1126a14d827f10370a5485e628bf61aa91117cf4fc882423191a4e languageName: node linkType: hard @@ -3542,154 +3495,154 @@ __metadata: languageName: node linkType: hard -"@webassemblyjs/ast@npm:1.12.1, @webassemblyjs/ast@npm:^1.11.5": - version: 1.12.1 - resolution: "@webassemblyjs/ast@npm:1.12.1" +"@webassemblyjs/ast@npm:1.14.1, @webassemblyjs/ast@npm:^1.12.1": + version: 1.14.1 + resolution: "@webassemblyjs/ast@npm:1.14.1" dependencies: - "@webassemblyjs/helper-numbers": 1.11.6 - "@webassemblyjs/helper-wasm-bytecode": 1.11.6 - checksum: 31bcc64147236bd7b1b6d29d1f419c1f5845c785e1e42dc9e3f8ca2e05a029e9393a271b84f3a5bff2a32d35f51ff59e2181a6e5f953fe88576acd6750506202 + "@webassemblyjs/helper-numbers": 1.13.2 + "@webassemblyjs/helper-wasm-bytecode": 1.13.2 + checksum: f9154ad9ea14f6f2374ebe918c221fd69a4d4514126a1acc6fa4966e8d27ab28cb550a5e6880032cf620e19640578658a7e5a55bd2aad1e3db4e9d598b8f2099 languageName: node linkType: hard -"@webassemblyjs/floating-point-hex-parser@npm:1.11.6": - version: 1.11.6 - resolution: "@webassemblyjs/floating-point-hex-parser@npm:1.11.6" - checksum: 29b08758841fd8b299c7152eda36b9eb4921e9c584eb4594437b5cd90ed6b920523606eae7316175f89c20628da14326801090167cc7fbffc77af448ac84b7e2 +"@webassemblyjs/floating-point-hex-parser@npm:1.13.2": + version: 1.13.2 + resolution: "@webassemblyjs/floating-point-hex-parser@npm:1.13.2" + checksum: e866ec8433f4a70baa511df5e8f2ebcd6c24f4e2cc6274c7c5aabe2bcce3459ea4680e0f35d450e1f3602acf3913b6b8e4f15069c8cfd34ae8609fb9a7d01795 languageName: node linkType: hard -"@webassemblyjs/helper-api-error@npm:1.11.6": - version: 1.11.6 - resolution: "@webassemblyjs/helper-api-error@npm:1.11.6" - checksum: e8563df85161096343008f9161adb138a6e8f3c2cc338d6a36011aa55eabb32f2fd138ffe63bc278d009ada001cc41d263dadd1c0be01be6c2ed99076103689f +"@webassemblyjs/helper-api-error@npm:1.13.2": + version: 1.13.2 + resolution: "@webassemblyjs/helper-api-error@npm:1.13.2" + checksum: 48b5df7fd3095bb252f59a139fe2cbd999a62ac9b488123e9a0da3906ad8a2f2da7b2eb21d328c01a90da987380928706395c2897d1f3ed9e2125b6d75a920d0 languageName: node linkType: hard -"@webassemblyjs/helper-buffer@npm:1.12.1": - version: 1.12.1 - resolution: "@webassemblyjs/helper-buffer@npm:1.12.1" - checksum: c3ffb723024130308db608e86e2bdccd4868bbb62dffb0a9a1530606496f79c87f8565bd8e02805ce64912b71f1a70ee5fb00307258b0c082c3abf961d097eca +"@webassemblyjs/helper-buffer@npm:1.14.1": + version: 1.14.1 + resolution: "@webassemblyjs/helper-buffer@npm:1.14.1" + checksum: b611e981dfd6a797c3d8fc3a772de29a6e55033737c2c09c31bb66c613bdbb2d25f915df1dee62a602c6acc057ca71128432fa8c3e22a893e1219dc454f14ede languageName: node linkType: hard -"@webassemblyjs/helper-numbers@npm:1.11.6": - version: 1.11.6 - resolution: "@webassemblyjs/helper-numbers@npm:1.11.6" +"@webassemblyjs/helper-numbers@npm:1.13.2": + version: 1.13.2 + resolution: "@webassemblyjs/helper-numbers@npm:1.13.2" dependencies: - "@webassemblyjs/floating-point-hex-parser": 1.11.6 - "@webassemblyjs/helper-api-error": 1.11.6 + "@webassemblyjs/floating-point-hex-parser": 1.13.2 + "@webassemblyjs/helper-api-error": 1.13.2 "@xtuc/long": 4.2.2 - checksum: f4b562fa219f84368528339e0f8d273ad44e047a07641ffcaaec6f93e5b76fd86490a009aa91a294584e1436d74b0a01fa9fde45e333a4c657b58168b04da424 + checksum: 49e2c9bf9b66997e480f6b44d80f895b3cde4de52ac135921d28e144565edca6903a519f627f4089b5509de1d7f9e5023f0e1a94ff78a36c9e2eb30e7c18ffd2 languageName: node linkType: hard -"@webassemblyjs/helper-wasm-bytecode@npm:1.11.6": - version: 1.11.6 - resolution: "@webassemblyjs/helper-wasm-bytecode@npm:1.11.6" - checksum: 3535ef4f1fba38de3475e383b3980f4bbf3de72bbb631c2b6584c7df45be4eccd62c6ff48b5edd3f1bcff275cfd605a37679ec199fc91fd0a7705d7f1e3972dc +"@webassemblyjs/helper-wasm-bytecode@npm:1.13.2": + version: 1.13.2 + resolution: "@webassemblyjs/helper-wasm-bytecode@npm:1.13.2" + checksum: 8e059e1c1f0294f4fc3df8e4eaff3c5ef6e2e1358f34ebc118eaf5070ed59e56ed7fc92b28be734ebde17c8d662d5d27e06ade686c282445135da083ae11c128 languageName: node linkType: hard -"@webassemblyjs/helper-wasm-section@npm:1.12.1": - version: 1.12.1 - resolution: "@webassemblyjs/helper-wasm-section@npm:1.12.1" +"@webassemblyjs/helper-wasm-section@npm:1.14.1": + version: 1.14.1 + resolution: "@webassemblyjs/helper-wasm-section@npm:1.14.1" dependencies: - "@webassemblyjs/ast": 1.12.1 - "@webassemblyjs/helper-buffer": 1.12.1 - "@webassemblyjs/helper-wasm-bytecode": 1.11.6 - "@webassemblyjs/wasm-gen": 1.12.1 - checksum: c19810cdd2c90ff574139b6d8c0dda254d42d168a9e5b3d353d1bc085f1d7164ccd1b3c05592a45a939c47f7e403dc8d03572bb686642f06a3d02932f6f0bc8f + "@webassemblyjs/ast": 1.14.1 + "@webassemblyjs/helper-buffer": 1.14.1 + "@webassemblyjs/helper-wasm-bytecode": 1.13.2 + "@webassemblyjs/wasm-gen": 1.14.1 + checksum: 0a08d454a63192cd66abf91b6f060ac4b466cef341262246e9dcc828dd4c8536195dea9b46a1244b1eac65b59b8b502164a771a190052a92ff0a0a2ded0f8f53 languageName: node linkType: hard -"@webassemblyjs/ieee754@npm:1.11.6": - version: 1.11.6 - resolution: "@webassemblyjs/ieee754@npm:1.11.6" +"@webassemblyjs/ieee754@npm:1.13.2": + version: 1.13.2 + resolution: "@webassemblyjs/ieee754@npm:1.13.2" dependencies: "@xtuc/ieee754": ^1.2.0 - checksum: 13574b8e41f6ca39b700e292d7edf102577db5650fe8add7066a320aa4b7a7c09a5056feccac7a74eb68c10dea9546d4461412af351f13f6b24b5f32379b49de + checksum: d7e3520baa37a7309fa7db4d73d69fb869878853b1ebd4b168821bd03fcc4c0e1669c06231315b0039035d9a7a462e53de3ad982da4a426a4b0743b5888e8673 languageName: node linkType: hard -"@webassemblyjs/leb128@npm:1.11.6": - version: 1.11.6 - resolution: "@webassemblyjs/leb128@npm:1.11.6" +"@webassemblyjs/leb128@npm:1.13.2": + version: 1.13.2 + resolution: "@webassemblyjs/leb128@npm:1.13.2" dependencies: "@xtuc/long": 4.2.2 - checksum: 7ea942dc9777d4b18a5ebfa3a937b30ae9e1d2ce1fee637583ed7f376334dd1d4274f813d2e250056cca803e0952def4b954913f1a3c9068bcd4ab4ee5143bf0 + checksum: 64083507f7cff477a6d71a9e325d95665cea78ec8df99ca7c050e1cfbe300fbcf0842ca3dcf3b4fa55028350135588a4f879398d3dd2b6a8de9913ce7faf5333 languageName: node linkType: hard -"@webassemblyjs/utf8@npm:1.11.6": - version: 1.11.6 - resolution: "@webassemblyjs/utf8@npm:1.11.6" - checksum: 807fe5b5ce10c390cfdd93e0fb92abda8aebabb5199980681e7c3743ee3306a75729bcd1e56a3903980e96c885ee53ef901fcbaac8efdfa480f9c0dae1d08713 +"@webassemblyjs/utf8@npm:1.13.2": + version: 1.13.2 + resolution: "@webassemblyjs/utf8@npm:1.13.2" + checksum: 95ec6052f30eefa8d50c9b2a3394d08b17d53a4aa52821451d41d774c126fa8f39b988fbf5bff56da86852a87c16d676e576775a4071e5e5ccf020cc85a4b281 languageName: node linkType: hard -"@webassemblyjs/wasm-edit@npm:^1.11.5": - version: 1.12.1 - resolution: "@webassemblyjs/wasm-edit@npm:1.12.1" +"@webassemblyjs/wasm-edit@npm:^1.12.1": + version: 1.14.1 + resolution: "@webassemblyjs/wasm-edit@npm:1.14.1" dependencies: - "@webassemblyjs/ast": 1.12.1 - "@webassemblyjs/helper-buffer": 1.12.1 - "@webassemblyjs/helper-wasm-bytecode": 1.11.6 - "@webassemblyjs/helper-wasm-section": 1.12.1 - "@webassemblyjs/wasm-gen": 1.12.1 - "@webassemblyjs/wasm-opt": 1.12.1 - "@webassemblyjs/wasm-parser": 1.12.1 - "@webassemblyjs/wast-printer": 1.12.1 - checksum: ae23642303f030af888d30c4ef37b08dfec7eab6851a9575a616e65d1219f880d9223913a39056dd654e49049d76e97555b285d1f7e56935047abf578cce0692 + "@webassemblyjs/ast": 1.14.1 + "@webassemblyjs/helper-buffer": 1.14.1 + "@webassemblyjs/helper-wasm-bytecode": 1.13.2 + "@webassemblyjs/helper-wasm-section": 1.14.1 + "@webassemblyjs/wasm-gen": 1.14.1 + "@webassemblyjs/wasm-opt": 1.14.1 + "@webassemblyjs/wasm-parser": 1.14.1 + "@webassemblyjs/wast-printer": 1.14.1 + checksum: 9341c3146bb1b7863f03d6050c2a66990f20384ca137388047bbe1feffacb599e94fca7b7c18287d17e2449ffb4005fdc7f41f674a6975af9ad8522756f8ffff languageName: node linkType: hard -"@webassemblyjs/wasm-gen@npm:1.12.1": - version: 1.12.1 - resolution: "@webassemblyjs/wasm-gen@npm:1.12.1" +"@webassemblyjs/wasm-gen@npm:1.14.1": + version: 1.14.1 + resolution: "@webassemblyjs/wasm-gen@npm:1.14.1" dependencies: - "@webassemblyjs/ast": 1.12.1 - "@webassemblyjs/helper-wasm-bytecode": 1.11.6 - "@webassemblyjs/ieee754": 1.11.6 - "@webassemblyjs/leb128": 1.11.6 - "@webassemblyjs/utf8": 1.11.6 - checksum: 5787626bb7f0b033044471ddd00ce0c9fe1ee4584e8b73e232051e3a4c99ba1a102700d75337151c8b6055bae77eefa4548960c610a5e4a504e356bd872138ff + "@webassemblyjs/ast": 1.14.1 + "@webassemblyjs/helper-wasm-bytecode": 1.13.2 + "@webassemblyjs/ieee754": 1.13.2 + "@webassemblyjs/leb128": 1.13.2 + "@webassemblyjs/utf8": 1.13.2 + checksum: 401b12bec7431c4fc29d9414bbe40d3c6dc5be04d25a116657c42329f5481f0129f3b5834c293f26f0e42681ceac9157bf078ce9bdb6a7f78037c650373f98b2 languageName: node linkType: hard -"@webassemblyjs/wasm-opt@npm:1.12.1": - version: 1.12.1 - resolution: "@webassemblyjs/wasm-opt@npm:1.12.1" +"@webassemblyjs/wasm-opt@npm:1.14.1": + version: 1.14.1 + resolution: "@webassemblyjs/wasm-opt@npm:1.14.1" dependencies: - "@webassemblyjs/ast": 1.12.1 - "@webassemblyjs/helper-buffer": 1.12.1 - "@webassemblyjs/wasm-gen": 1.12.1 - "@webassemblyjs/wasm-parser": 1.12.1 - checksum: 0e8fa8a0645304a1e18ff40d3db5a2e9233ebaa169b19fcc651d6fc9fe2cac0ce092ddee927318015ae735d9cd9c5d97c0cafb6a51dcd2932ac73587b62df991 + "@webassemblyjs/ast": 1.14.1 + "@webassemblyjs/helper-buffer": 1.14.1 + "@webassemblyjs/wasm-gen": 1.14.1 + "@webassemblyjs/wasm-parser": 1.14.1 + checksum: 60c697a9e9129d8d23573856df0791ba33cea4a3bc2339044cae73128c0983802e5e50a42157b990eeafe1237eb8e7653db6de5f02b54a0ae7b81b02dcdf2ae9 languageName: node linkType: hard -"@webassemblyjs/wasm-parser@npm:1.12.1, @webassemblyjs/wasm-parser@npm:^1.11.5": - version: 1.12.1 - resolution: "@webassemblyjs/wasm-parser@npm:1.12.1" +"@webassemblyjs/wasm-parser@npm:1.14.1, @webassemblyjs/wasm-parser@npm:^1.12.1": + version: 1.14.1 + resolution: "@webassemblyjs/wasm-parser@npm:1.14.1" dependencies: - "@webassemblyjs/ast": 1.12.1 - "@webassemblyjs/helper-api-error": 1.11.6 - "@webassemblyjs/helper-wasm-bytecode": 1.11.6 - "@webassemblyjs/ieee754": 1.11.6 - "@webassemblyjs/leb128": 1.11.6 - "@webassemblyjs/utf8": 1.11.6 - checksum: 176015de3551ac068cd4505d837414f258d9ade7442bd71efb1232fa26c9f6d7d4e11a5c816caeed389943f409af7ebff6899289a992d7a70343cb47009d21a8 + "@webassemblyjs/ast": 1.14.1 + "@webassemblyjs/helper-api-error": 1.13.2 + "@webassemblyjs/helper-wasm-bytecode": 1.13.2 + "@webassemblyjs/ieee754": 1.13.2 + "@webassemblyjs/leb128": 1.13.2 + "@webassemblyjs/utf8": 1.13.2 + checksum: 93f1fe2676da465b4e824419d9812a3d7218de4c3addd4e916c04bc86055fa134416c1b67e4b7cbde8d728c0dce2721d06cc0bfe7a7db7c093a0898009937405 languageName: node linkType: hard -"@webassemblyjs/wast-printer@npm:1.12.1": - version: 1.12.1 - resolution: "@webassemblyjs/wast-printer@npm:1.12.1" +"@webassemblyjs/wast-printer@npm:1.14.1": + version: 1.14.1 + resolution: "@webassemblyjs/wast-printer@npm:1.14.1" dependencies: - "@webassemblyjs/ast": 1.12.1 + "@webassemblyjs/ast": 1.14.1 "@xtuc/long": 4.2.2 - checksum: 2974b5dda8d769145ba0efd886ea94a601e61fb37114c14f9a9a7606afc23456799af652ac3052f284909bd42edc3665a76bc9b50f95f0794c053a8a1757b713 + checksum: 517881a0554debe6945de719d100b2d8883a2d24ddf47552cdeda866341e2bb153cd824a864bc7e2a61190a4b66b18f9899907e0074e9e820d2912ac0789ea60 languageName: node linkType: hard @@ -3735,7 +3688,7 @@ __metadata: languageName: node linkType: hard -"accepts@npm:~1.3.4, accepts@npm:~1.3.5, accepts@npm:~1.3.7, accepts@npm:~1.3.8": +"accepts@npm:~1.3.4, accepts@npm:~1.3.7, accepts@npm:~1.3.8": version: 1.3.8 resolution: "accepts@npm:1.3.8" dependencies: @@ -3745,12 +3698,12 @@ __metadata: languageName: node linkType: hard -"acorn-import-assertions@npm:^1.9.0": - version: 1.9.0 - resolution: "acorn-import-assertions@npm:1.9.0" +"acorn-import-attributes@npm:^1.9.5": + version: 1.9.5 + resolution: "acorn-import-attributes@npm:1.9.5" peerDependencies: acorn: ^8 - checksum: 944fb2659d0845c467066bdcda2e20c05abe3aaf11972116df457ce2627628a81764d800dd55031ba19de513ee0d43bb771bc679cc0eda66dc8b4fade143bc0c + checksum: 1c0c49b6a244503964ae46ae850baccf306e84caf99bc2010ed6103c69a423987b07b520a6c619f075d215388bd4923eccac995886a54309eda049ab78a4be95 languageName: node linkType: hard @@ -3773,11 +3726,11 @@ __metadata: linkType: hard "acorn@npm:^8.5.0, acorn@npm:^8.7.1, acorn@npm:^8.8.2, acorn@npm:^8.9.0": - version: 8.12.1 - resolution: "acorn@npm:8.12.1" + version: 8.14.0 + resolution: "acorn@npm:8.14.0" bin: acorn: bin/acorn - checksum: 677880034aee5bdf7434cc2d25b641d7bedb0b5ef47868a78dadabedccf58e1c5457526d9d8249cd253f2df087e081c3fe7d903b448d8e19e5131a3065b83c07 + checksum: 8755074ba55fff94e84e81c72f1013c2d9c78e973c31231c8ae505a5f966859baf654bddd75046bffd73ce816b149298977fff5077a3033dedba0ae2aad152d4 languageName: node linkType: hard @@ -3972,9 +3925,9 @@ __metadata: linkType: hard "ansi-regex@npm:^6.0.1": - version: 6.0.1 - resolution: "ansi-regex@npm:6.0.1" - checksum: 1ff8b7667cded1de4fa2c9ae283e979fc87036864317da86a2e546725f96406746411d0d85e87a2d12fa5abd715d90006de7fa4fa0477c92321ad3b4c7d4e169 + version: 6.1.0 + resolution: "ansi-regex@npm:6.1.0" + checksum: 495834a53b0856c02acd40446f7130cb0f8284f4a39afdab20d5dc42b2e198b1196119fe887beed8f9055c4ff2055e3b2f6d4641d0be018cdfb64fedf6fc1aac languageName: node linkType: hard @@ -4096,25 +4049,9 @@ __metadata: linkType: hard "aria-query@npm:^5.3.0": - version: 5.3.0 - resolution: "aria-query@npm:5.3.0" - dependencies: - dequal: ^2.0.3 - checksum: 305bd73c76756117b59aba121d08f413c7ff5e80fa1b98e217a3443fcddb9a232ee790e24e432b59ae7625aebcf4c47cb01c2cac872994f0b426f5bdfcd96ba9 - languageName: node - linkType: hard - -"arr-diff@npm:^4.0.0": - version: 4.0.0 - resolution: "arr-diff@npm:4.0.0" - checksum: ea7c8834842ad3869297f7915689bef3494fd5b102ac678c13ffccab672d3d1f35802b79e90c4cfec2f424af3392e44112d1ccf65da34562ed75e049597276a0 - languageName: node - linkType: hard - -"arr-union@npm:^3.1.0": - version: 3.1.0 - resolution: "arr-union@npm:3.1.0" - checksum: b5b0408c6eb7591143c394f3be082fee690ddd21f0fdde0a0a01106799e847f67fcae1b7e56b0a0c173290e29c6aca9562e82b300708a268bc8f88f3d6613cb9 + version: 5.3.2 + resolution: "aria-query@npm:5.3.2" + checksum: d971175c85c10df0f6d14adfe6f1292409196114ab3c62f238e208b53103686f46cc70695a4f775b73bc65f6a09b6a092fd963c4f3a5a7d690c8fc5094925717 languageName: node linkType: hard @@ -4211,13 +4148,6 @@ __metadata: languageName: node linkType: hard -"array-unique@npm:^0.3.2": - version: 0.3.2 - resolution: "array-unique@npm:0.3.2" - checksum: da344b89cfa6b0a5c221f965c21638bfb76b57b45184a01135382186924f55973cd9b171d4dad6bf606c6d9d36b0d721d091afdc9791535ead97ccbe78f8a888 - languageName: node - linkType: hard - "array.prototype.reduce@npm:^1.0.6": version: 1.0.7 resolution: "array.prototype.reduce@npm:1.0.7" @@ -4290,13 +4220,6 @@ __metadata: languageName: node linkType: hard -"assign-symbols@npm:^1.0.0": - version: 1.0.0 - resolution: "assign-symbols@npm:1.0.0" - checksum: c0eb895911d05b6b2d245154f70461c5e42c107457972e5ebba38d48967870dee53bcdf6c7047990586daa80fab8dab3cc6300800fbd47b454247fdedd859a2c - languageName: node - linkType: hard - "ast-metadata-inferer@npm:^0.8.0": version: 0.8.0 resolution: "ast-metadata-inferer@npm:0.8.0" @@ -4376,15 +4299,6 @@ __metadata: languageName: node linkType: hard -"atob@npm:^2.1.2": - version: 2.1.2 - resolution: "atob@npm:2.1.2" - bin: - atob: bin/atob.js - checksum: dfeeeb70090c5ebea7be4b9f787f866686c645d9f39a0d184c817252d0cf08455ed25267d79c03254d3be1f03ac399992a792edcd5ffb9c91e097ab5ef42833a - languageName: node - linkType: hard - "autosize@npm:^4.0.0": version: 4.0.4 resolution: "autosize@npm:4.0.4" @@ -4402,9 +4316,9 @@ __metadata: linkType: hard "axe-core@npm:^4.6.3": - version: 4.9.1 - resolution: "axe-core@npm:4.9.1" - checksum: 41d9227871781f96c2952e2a777fca73624959dd0e98864f6d82806a77602f82b4fc490852082a7e524d8cd864e50d8b4d9931819b4a150112981d8c932110c5 + version: 4.10.2 + resolution: "axe-core@npm:4.10.2" + checksum: 2b9b1c93ea73ea9f206604e4e17bd771d2d835f077bde54517d73028b8865c69b209460e73d5b109968cbdb39ab3d28943efa5695189bd79e16421ce1706719e languageName: node linkType: hard @@ -4437,17 +4351,17 @@ __metadata: linkType: hard "babel-loader@npm:^8.0.6": - version: 8.3.0 - resolution: "babel-loader@npm:8.3.0" + version: 8.4.1 + resolution: "babel-loader@npm:8.4.1" dependencies: find-cache-dir: ^3.3.1 - loader-utils: ^2.0.0 + loader-utils: ^2.0.4 make-dir: ^3.1.0 schema-utils: ^2.6.5 peerDependencies: "@babel/core": ^7.0.0 webpack: ">=2" - checksum: d48bcf9e030e598656ad3ff5fb85967db2eaaf38af5b4a4b99d25618a2057f9f100e6b231af2a46c1913206db506115ca7a8cbdf52c9c73d767070dae4352ab5 + checksum: fa02db1a7d3ebb7b4aab83e926fb51e627a00427943c9dd1b3302c8099c67fa6a242a2adeed37d95abcd39ba619edf558a1dec369ce0849c5a87dc290c90fe2f languageName: node linkType: hard @@ -4499,12 +4413,12 @@ __metadata: linkType: hard "babel-plugin-ember-template-compilation@npm:^2.0.0, babel-plugin-ember-template-compilation@npm:^2.0.1": - version: 2.2.5 - resolution: "babel-plugin-ember-template-compilation@npm:2.2.5" + version: 2.3.0 + resolution: "babel-plugin-ember-template-compilation@npm:2.3.0" dependencies: "@glimmer/syntax": ^0.84.3 babel-import-util: ^3.0.0 - checksum: 6f2ca068c53cf7ef97f9935c7dc239b99c8c23fba855630f7f2822df82574cc0140430738b48b0571ed4cf2e80658101e45cc557c3e478efacab52deed1f8f10 + checksum: f6045a8b91823a8fe12a016f49367dab986e3b75f1bade5fc709d04f02d3b1a632596247cbccff034882e3c65ae4f3e1029e3b19aa5d92cdec46b977c1878da9 languageName: node linkType: hard @@ -4567,38 +4481,38 @@ __metadata: linkType: hard "babel-plugin-polyfill-corejs2@npm:^0.4.10": - version: 0.4.11 - resolution: "babel-plugin-polyfill-corejs2@npm:0.4.11" + version: 0.4.12 + resolution: "babel-plugin-polyfill-corejs2@npm:0.4.12" dependencies: "@babel/compat-data": ^7.22.6 - "@babel/helper-define-polyfill-provider": ^0.6.2 + "@babel/helper-define-polyfill-provider": ^0.6.3 semver: ^6.3.1 peerDependencies: "@babel/core": ^7.4.0 || ^8.0.0-0 <8.0.0 - checksum: f098353ce7c7dde1a1d2710858e01b471e85689110c9e37813e009072347eb8c55d5f84d20d3bf1cab31755f20078ba90f8855fdc4686a9daa826a95ff280bd7 + checksum: 6e6e6a8b85fec80a310ded2f5c151385e4ac59118909dd6a952e1025e4a478eb79dda45a5a6322cc2e598fd696eb07d4e2fa52418b4101f3dc370bdf8c8939ba languageName: node linkType: hard -"babel-plugin-polyfill-corejs3@npm:^0.10.1, babel-plugin-polyfill-corejs3@npm:^0.10.4": - version: 0.10.4 - resolution: "babel-plugin-polyfill-corejs3@npm:0.10.4" +"babel-plugin-polyfill-corejs3@npm:^0.10.6": + version: 0.10.6 + resolution: "babel-plugin-polyfill-corejs3@npm:0.10.6" dependencies: - "@babel/helper-define-polyfill-provider": ^0.6.1 - core-js-compat: ^3.36.1 + "@babel/helper-define-polyfill-provider": ^0.6.2 + core-js-compat: ^3.38.0 peerDependencies: "@babel/core": ^7.4.0 || ^8.0.0-0 <8.0.0 - checksum: b96a54495f7cc8b3797251c8c15f5ed015edddc3110fc122f6b32c94bec33af1e8bc56fa99091808f500bde0cccaaa266889cdc5935d9e6e9cf09898214f02dd + checksum: f762f29f7acca576897c63149c850f0a72babd3fb9ea436a2e36f0c339161c4b912a77828541d8188ce8a91e50965c6687120cf36071eabb1b7aa92f279e2164 languageName: node linkType: hard "babel-plugin-polyfill-regenerator@npm:^0.6.1": - version: 0.6.2 - resolution: "babel-plugin-polyfill-regenerator@npm:0.6.2" + version: 0.6.3 + resolution: "babel-plugin-polyfill-regenerator@npm:0.6.3" dependencies: - "@babel/helper-define-polyfill-provider": ^0.6.2 + "@babel/helper-define-polyfill-provider": ^0.6.3 peerDependencies: "@babel/core": ^7.4.0 || ^8.0.0-0 <8.0.0 - checksum: 150233571072b6b3dfe946242da39cba8587b7f908d1c006f7545fc88b0e3c3018d445739beb61e7a75835f0c2751dbe884a94ff9b245ec42369d9267e0e1b3f + checksum: d12696e6b3f280eb78fac551619ca4389262db62c7352cd54bf679d830df8b35596eef2de77cf00db6648eada1c99d49c4f40636dbc9c335a1e5420cfef96750 languageName: node linkType: hard @@ -4667,21 +4581,6 @@ __metadata: languageName: node linkType: hard -"base@npm:^0.11.1": - version: 0.11.2 - resolution: "base@npm:0.11.2" - dependencies: - cache-base: ^1.0.1 - class-utils: ^0.3.5 - component-emitter: ^1.2.1 - define-property: ^1.0.0 - isobject: ^3.0.1 - mixin-deep: ^1.2.0 - pascalcase: ^0.1.1 - checksum: a4a146b912e27eea8f66d09cb0c9eab666f32ce27859a7dfd50f38cd069a2557b39f16dba1bc2aecb3b44bf096738dd207b7970d99b0318423285ab1b1994edd - languageName: node - linkType: hard - "basic-auth@npm:~2.0.1": version: 2.0.1 resolution: "basic-auth@npm:2.0.1" @@ -4691,6 +4590,15 @@ __metadata: languageName: node linkType: hard +"better-path-resolve@npm:1.0.0": + version: 1.0.0 + resolution: "better-path-resolve@npm:1.0.0" + dependencies: + is-windows: ^1.0.0 + checksum: 5392dbe04e7fe68b944eb37961d9dfa147aaac3ee9ee3f6e13d42e2c9fbe949e68d16e896c14ee9016fa5f8e6e53ec7fd8b5f01b50a32067a7d94ac9cfb9a050 + languageName: node + linkType: hard + "big.js@npm:^5.2.2": version: 5.2.2 resolution: "big.js@npm:5.2.2" @@ -5333,13 +5241,13 @@ __metadata: linkType: hard "broccoli-sass-source-maps@npm:^4.0.0": - version: 4.2.4 - resolution: "broccoli-sass-source-maps@npm:4.2.4" + version: 4.3.0 + resolution: "broccoli-sass-source-maps@npm:4.3.0" dependencies: broccoli-caching-writer: ^3.0.3 include-path-searcher: ^0.1.0 rsvp: ^4.8.5 - checksum: 8a6d3190e09bb19a7953792ebc2f147ec39b8ee263d8e9ffd63f9c59e91e072928ed0e058ff91f275dc43c2d752c663f9bcd5cfd18645be815acb8ff8e1f59ab + checksum: a1ccdedd39a3a07891f8162984fa70dda890b8f9cd5b22e99b6d2341659438926dce31a3cd0d74019a583fe81797265f327786374eb8c0a3c790d8c54cf9e5ff languageName: node linkType: hard @@ -5554,17 +5462,17 @@ __metadata: languageName: node linkType: hard -"browserslist@npm:^4.14.5, browserslist@npm:^4.21.10, browserslist@npm:^4.23.0, browserslist@npm:^4.23.1": - version: 4.23.2 - resolution: "browserslist@npm:4.23.2" +"browserslist@npm:^4.21.10, browserslist@npm:^4.24.0, browserslist@npm:^4.24.2": + version: 4.24.2 + resolution: "browserslist@npm:4.24.2" dependencies: - caniuse-lite: ^1.0.30001640 - electron-to-chromium: ^1.4.820 - node-releases: ^2.0.14 - update-browserslist-db: ^1.1.0 + caniuse-lite: ^1.0.30001669 + electron-to-chromium: ^1.5.41 + node-releases: ^2.0.18 + update-browserslist-db: ^1.1.1 bin: browserslist: cli.js - checksum: 8212af37f6ca6355da191cf2d4ad49bd0b82854888b9a7e103638fada70d38cbe36d28feeeaa98344cb15d9128f9f74bcc8ce1bfc9011b5fd14381c1c6fb542c + checksum: cf64085f12132d38638f38937a255edb82c7551b164a98577b055dd79719187a816112f7b97b9739e400c4954cd66479c0d7a843cb816e346f4795dc24fd5d97 languageName: node linkType: hard @@ -5617,13 +5525,6 @@ __metadata: languageName: node linkType: hard -"bytes@npm:3.0.0": - version: 3.0.0 - resolution: "bytes@npm:3.0.0" - checksum: a2b386dd8188849a5325f58eef69c3b73c51801c08ffc6963eddc9be244089ba32d19347caf6d145c86f315ae1b1fc7061a32b0c1aa6379e6a719090287ed101 - languageName: node - linkType: hard - "bytes@npm:3.1.2": version: 3.1.2 resolution: "bytes@npm:3.1.2" @@ -5658,23 +5559,6 @@ __metadata: languageName: node linkType: hard -"cache-base@npm:^1.0.1": - version: 1.0.1 - resolution: "cache-base@npm:1.0.1" - dependencies: - collection-visit: ^1.0.0 - component-emitter: ^1.2.1 - get-value: ^2.0.6 - has-value: ^1.0.0 - isobject: ^3.0.1 - set-value: ^2.0.0 - to-object-path: ^0.3.0 - union-value: ^1.0.0 - unset-value: ^1.0.0 - checksum: 9114b8654fe2366eedc390bad0bcf534e2f01b239a888894e2928cb58cdc1e6ea23a73c6f3450dcfd2058aa73a8a981e723cd1e7c670c047bf11afdc65880107 - languageName: node - linkType: hard - "cache-point@npm:^2.0.0": version: 2.0.0 resolution: "cache-point@npm:2.0.0" @@ -5759,10 +5643,10 @@ __metadata: languageName: node linkType: hard -"caniuse-lite@npm:^1.0.30001524, caniuse-lite@npm:^1.0.30001640": - version: 1.0.30001643 - resolution: "caniuse-lite@npm:1.0.30001643" - checksum: e39991c13a0fd8f5c2aa99c9128188e4c4e9d6a203c3da6270c36285460ef152c5e9410ee4db560aa723904668946afe50541dce9636ab5e61434ba71dc22955 +"caniuse-lite@npm:^1.0.30001524, caniuse-lite@npm:^1.0.30001669": + version: 1.0.30001685 + resolution: "caniuse-lite@npm:1.0.30001685" + checksum: 5926f672d985b43b62825e971a12881c33ca1989d1b26fe3c0daf5a834b63c2470f7dd78b883fbd334b4b69c6a56e9893e14b58b86028a3de7a452a1ea6a58e4 languageName: node linkType: hard @@ -5913,22 +5797,26 @@ __metadata: languageName: node linkType: hard -"cheerio@npm:^1.0.0-rc.12": - version: 1.0.0-rc.12 - resolution: "cheerio@npm:1.0.0-rc.12" +"cheerio@npm:^1.0.0": + version: 1.0.0 + resolution: "cheerio@npm:1.0.0" dependencies: cheerio-select: ^2.1.0 dom-serializer: ^2.0.0 domhandler: ^5.0.3 - domutils: ^3.0.1 - htmlparser2: ^8.0.1 - parse5: ^7.0.0 + domutils: ^3.1.0 + encoding-sniffer: ^0.2.0 + htmlparser2: ^9.1.0 + parse5: ^7.1.2 parse5-htmlparser2-tree-adapter: ^7.0.0 - checksum: 5d4c1b7a53cf22d3a2eddc0aff70cf23cbb30d01a4c79013e703a012475c02461aa1fcd99127e8d83a02216386ed6942b2c8103845fd0812300dd199e6e7e054 + parse5-parser-stream: ^7.1.2 + undici: ^6.19.5 + whatwg-mimetype: ^4.0.0 + checksum: ade4344811dcad5b5d78392506ef6bab1900c13a65222c869e745a38370d287f4b94838ac6d752883a84d937edb62b5bd0deaf70e6f38054acbfe3da4881574a languageName: node linkType: hard -"chokidar@npm:>=3.0.0 <4.0.0, chokidar@npm:^3.4.0": +"chokidar@npm:^3.6.0": version: 3.6.0 resolution: "chokidar@npm:3.6.0" dependencies: @@ -5947,6 +5835,15 @@ __metadata: languageName: node linkType: hard +"chokidar@npm:^4.0.0": + version: 4.0.1 + resolution: "chokidar@npm:4.0.1" + dependencies: + readdirp: ^4.0.1 + checksum: 193da9786b0422a895d59c7552195d15c6c636e6a2293ae43d09e34e243e24ccd02d693f007c767846a65abbeae5fea6bfacb8fc2ddec4ea4d397620d552010d + languageName: node + linkType: hard + "chownr@npm:^2.0.0": version: 2.0.0 resolution: "chownr@npm:2.0.0" @@ -5969,21 +5866,9 @@ __metadata: linkType: hard "ci-info@npm:^4.0.0": - version: 4.0.0 - resolution: "ci-info@npm:4.0.0" - checksum: 122fe41c5eb8d0b5fa0ab6fd674c5ddcf2dc59766528b062a0144ff0d913cfb210ef925ec52110e7c2a7f4e603d5f0e8b91cfe68867e196e9212fa0b94d0a08a - languageName: node - linkType: hard - -"class-utils@npm:^0.3.5": - version: 0.3.6 - resolution: "class-utils@npm:0.3.6" - dependencies: - arr-union: ^3.1.0 - define-property: ^0.2.5 - isobject: ^3.0.0 - static-extend: ^0.1.1 - checksum: be108900801e639e50f96a7e4bfa8867c753a7750a7603879f3981f8b0a89cba657497a2d5f40cd4ea557ff15d535a100818bb486baf6e26fe5d7872e75f1078 + version: 4.1.0 + resolution: "ci-info@npm:4.1.0" + checksum: dcf286abdc1bb1c4218b91e4a617b49781b282282089b7188e1417397ea00c6b967848e2360fb9a6b10021bf18a627f20ef698f47c2c9c875aeffd1d2ea51d1e languageName: node linkType: hard @@ -6166,9 +6051,9 @@ __metadata: linkType: hard "codemirror@npm:^5.58.2": - version: 5.65.17 - resolution: "codemirror@npm:5.65.17" - checksum: 8bc853524c6416826364d776b012f488b3f4736899e5c8026062f43927e09de773051dd1b34e8cfd25642d7e358679ca5b113f0034fdd6a295f4193b04f8c528 + version: 5.65.18 + resolution: "codemirror@npm:5.65.18" + checksum: 950015d587e0790cceae157423bbc70bf1da8256050c8f6739fe967045b050e22c63b332de6388ed6d9526d253a834806ace76c875006fc8078e2c15c9f275a7 languageName: node linkType: hard @@ -6182,16 +6067,6 @@ __metadata: languageName: node linkType: hard -"collection-visit@npm:^1.0.0": - version: 1.0.0 - resolution: "collection-visit@npm:1.0.0" - dependencies: - map-visit: ^1.0.0 - object-visit: ^1.0.0 - checksum: 15d9658fe6eb23594728346adad5433b86bb7a04fd51bbab337755158722f9313a5376ef479de5b35fbc54140764d0d39de89c339f5d25b959ed221466981da9 - languageName: node - linkType: hard - "color-convert@npm:^1.9.0": version: 1.9.3 resolution: "color-convert@npm:1.9.3" @@ -6387,14 +6262,7 @@ __metadata: languageName: node linkType: hard -"component-emitter@npm:^1.2.1": - version: 1.3.1 - resolution: "component-emitter@npm:1.3.1" - checksum: 94550aa462c7bd5a61c1bc480e28554aa306066930152d1b1844a0dd3845d4e5db7e261ddec62ae184913b3e59b55a2ad84093b9d3596a8f17c341514d6c483d - languageName: node - linkType: hard - -"compressible@npm:~2.0.16": +"compressible@npm:~2.0.18": version: 2.0.18 resolution: "compressible@npm:2.0.18" dependencies: @@ -6404,17 +6272,17 @@ __metadata: linkType: hard "compression@npm:^1.7.4": - version: 1.7.4 - resolution: "compression@npm:1.7.4" + version: 1.7.5 + resolution: "compression@npm:1.7.5" dependencies: - accepts: ~1.3.5 - bytes: 3.0.0 - compressible: ~2.0.16 + bytes: 3.1.2 + compressible: ~2.0.18 debug: 2.6.9 + negotiator: ~0.6.4 on-headers: ~1.0.2 - safe-buffer: 5.1.2 + safe-buffer: 5.2.1 vary: ~1.1.2 - checksum: 35c0f2eb1f28418978615dc1bc02075b34b1568f7f56c62d60f4214d4b7cc00d0f6d282b5f8a954f59872396bd770b6b15ffd8aa94c67d4bce9b8887b906999b + checksum: d624b5562492518eee82c4f1381ea36f69f1f10b4283bfc2dcafd7d4d7eeed17c3f0e8f2951798594b7064db7ac5a6198df34816bde2d56bb7c75ce1570880e9 languageName: node linkType: hard @@ -6546,17 +6414,17 @@ __metadata: languageName: node linkType: hard -"cookie@npm:0.6.0": - version: 0.6.0 - resolution: "cookie@npm:0.6.0" - checksum: f56a7d32a07db5458e79c726b77e3c2eff655c36792f2b6c58d351fb5f61531e5b1ab7f46987150136e366c65213cbe31729e02a3eaed630c3bf7334635fb410 +"cookie@npm:0.7.1": + version: 0.7.1 + resolution: "cookie@npm:0.7.1" + checksum: cec5e425549b3650eb5c3498a9ba3cde0b9cd419e3b36e4b92739d30b4d89e0b678b98c1ddc209ce7cf958cd3215671fd6ac47aec21f10c2a0cc68abd399d8a7 languageName: node linkType: hard -"cookie@npm:~0.4.1": - version: 0.4.2 - resolution: "cookie@npm:0.4.2" - checksum: a00833c998bedf8e787b4c342defe5fa419abd96b32f4464f718b91022586b8f1bafbddd499288e75c037642493c83083da426c6a9080d309e3bd90fd11baa9b +"cookie@npm:~0.7.2": + version: 0.7.2 + resolution: "cookie@npm:0.7.2" + checksum: 9bf8555e33530affd571ea37b615ccad9b9a34febbf2c950c86787088eb00a8973690833b0f8ebd6b69b753c62669ea60cec89178c1fb007bf0749abed74f93e languageName: node linkType: hard @@ -6567,19 +6435,12 @@ __metadata: languageName: node linkType: hard -"copy-descriptor@npm:^0.1.0": - version: 0.1.1 - resolution: "copy-descriptor@npm:0.1.1" - checksum: d4b7b57b14f1d256bb9aa0b479241048afd7f5bcf22035fc7b94e8af757adeae247ea23c1a774fe44869fd5694efba4a969b88d966766c5245fdee59837fe45b - languageName: node - linkType: hard - -"core-js-compat@npm:^3.36.1, core-js-compat@npm:^3.37.1": - version: 3.37.1 - resolution: "core-js-compat@npm:3.37.1" +"core-js-compat@npm:^3.38.0, core-js-compat@npm:^3.38.1": + version: 3.39.0 + resolution: "core-js-compat@npm:3.39.0" dependencies: - browserslist: ^4.23.0 - checksum: 5e7430329358bced08c30950512d2081aea0a5652b4c5892cbb3c4a6db05b0d3893a191a955162a07fdb5f4fe74e61b6429fdb503f54e062336d76e43c9555d9 + browserslist: ^4.24.2 + checksum: 2d7d087c3271d711d03a55203d4756f6288317a1ce35cdc8bafaf1833ef21fd67a92a50cff8dcf7df1325ac63720906ab3cf514c85b238c95f65fca1040f6ad6 languageName: node linkType: hard @@ -6591,9 +6452,9 @@ __metadata: linkType: hard "core-js@npm:^3.24.1": - version: 3.37.1 - resolution: "core-js@npm:3.37.1" - checksum: 2d58a5c599f05c3e04abc8bc5e64b88eb17d914c0f552f670fb800afa74ec54b4fcc7f231ad6bd45badaf62c0fb0ce30e6fe89cedb6bb6d54e6f19115c3c17ff + version: 3.39.0 + resolution: "core-js@npm:3.39.0" + checksum: 7a3670e9a2a89e0a049daa288d742d09f6e16d27a8945c5e2ef6fc45dc57e5c4bc5db589da05947486f54ae978d14cf27bd3fb1db0b9907000a611e8af37355b languageName: node linkType: hard @@ -6654,26 +6515,26 @@ __metadata: linkType: hard "cross-spawn@npm:^6.0.0": - version: 6.0.5 - resolution: "cross-spawn@npm:6.0.5" + version: 6.0.6 + resolution: "cross-spawn@npm:6.0.6" dependencies: nice-try: ^1.0.4 path-key: ^2.0.1 semver: ^5.5.0 shebang-command: ^1.2.0 which: ^1.2.9 - checksum: f893bb0d96cd3d5751d04e67145bdddf25f99449531a72e82dcbbd42796bbc8268c1076c6b3ea51d4d455839902804b94bc45dfb37ecbb32ea8e54a6741c3ab9 + checksum: a6e2e5b04a0e0f806c1df45f92cd079b65f95fbe5a7650ee1ab60318c33a6c156a8a2f8b6898f57764f7363ec599a0625e9855dfa78d52d2d73dbd32eb11c25e languageName: node linkType: hard "cross-spawn@npm:^7.0.0, cross-spawn@npm:^7.0.2, cross-spawn@npm:^7.0.3": - version: 7.0.3 - resolution: "cross-spawn@npm:7.0.3" + version: 7.0.6 + resolution: "cross-spawn@npm:7.0.6" dependencies: path-key: ^3.1.0 shebang-command: ^2.0.0 which: ^2.0.1 - checksum: 671cc7c7288c3a8406f3c69a3ae2fc85555c04169e9d611def9a675635472614f1c0ed0ef80955d5b6d4e724f6ced67f0ad1bb006c2ea643488fcfef994d7f52 + checksum: 8d306efacaf6f3f60e0224c287664093fa9185680b2d195852ba9a863f85d02dcc737094c6e512175f8ee0161f9b87c73c6826034c2422e39de7d6569cf4503b languageName: node linkType: hard @@ -6685,9 +6546,9 @@ __metadata: linkType: hard "css-functions-list@npm:^3.2.1": - version: 3.2.2 - resolution: "css-functions-list@npm:3.2.2" - checksum: b8a564118b93b87b63236a57132a3ef581416896a70c1d0df73360a9ec43dc582f7c2a586b578feb8476179518e557c6657570a8b6185b16300c7232a84d43e3 + version: 3.2.3 + resolution: "css-functions-list@npm:3.2.3" + checksum: 25f12fb0ef1384b1cf45a6e7e0afd596a19bee90b90316d9e50f7820888f4a8f265be7a6a96b10a5c81e403bd7a5ff8010fa936144f84959d9d91c9350cda0d4 languageName: node linkType: hard @@ -6970,7 +6831,7 @@ __metadata: languageName: node linkType: hard -"debug@npm:2.6.9, debug@npm:^2.1.1, debug@npm:^2.1.3, debug@npm:^2.2.0, debug@npm:^2.3.3, debug@npm:^2.6.8": +"debug@npm:2.6.9, debug@npm:^2.1.1, debug@npm:^2.1.3, debug@npm:^2.2.0, debug@npm:^2.6.8": version: 2.6.9 resolution: "debug@npm:2.6.9" dependencies: @@ -6989,14 +6850,14 @@ __metadata: linkType: hard "debug@npm:^4.0.0, debug@npm:^4.1.0, debug@npm:^4.1.1, debug@npm:^4.2.0, debug@npm:^4.3.1, debug@npm:^4.3.2, debug@npm:^4.3.3, debug@npm:^4.3.4, debug@npm:~4.3.1, debug@npm:~4.3.2, debug@npm:~4.3.4": - version: 4.3.5 - resolution: "debug@npm:4.3.5" + version: 4.3.7 + resolution: "debug@npm:4.3.7" dependencies: - ms: 2.1.2 + ms: ^2.1.3 peerDependenciesMeta: supports-color: optional: true - checksum: 7c002b51e256257f936dda09eb37167df952758c57badf6bf44bdc40b89a4bcb8e5a0a2e4c7b53f97c69e2970dd5272d33a757378a12c8f8e64ea7bf99e8e86e + checksum: 822d74e209cd910ef0802d261b150314bbcf36c582ccdbb3e70f0894823c17e49a50d3e66d96b633524263975ca16b6a833f3e3b7e030c157169a5fabac63160 languageName: node linkType: hard @@ -7033,13 +6894,6 @@ __metadata: languageName: node linkType: hard -"decode-uri-component@npm:^0.2.0": - version: 0.2.2 - resolution: "decode-uri-component@npm:0.2.2" - checksum: 95476a7d28f267292ce745eac3524a9079058bbb35767b76e3ee87d42e34cd0275d2eb19d9d08c3e167f97556e8a2872747f5e65cbebcac8b0c98d83e285f139 - languageName: node - linkType: hard - "decorator-transforms@npm:^1.0.1, decorator-transforms@npm:^1.1.0": version: 1.2.1 resolution: "decorator-transforms@npm:1.2.1" @@ -7050,13 +6904,13 @@ __metadata: languageName: node linkType: hard -"decorator-transforms@npm:^2.0.0": - version: 2.0.0 - resolution: "decorator-transforms@npm:2.0.0" +"decorator-transforms@npm:^2.0.0, decorator-transforms@npm:^2.3.0": + version: 2.3.0 + resolution: "decorator-transforms@npm:2.3.0" dependencies: "@babel/plugin-syntax-decorators": ^7.23.3 babel-import-util: ^3.0.0 - checksum: 1736a83181be2484e7eb5f1e7b60543712b6cbf25711dfc55e4a948ea4d10a7be8aef3d8011fb3f733ae61e983446ffa7ae88b02ae445c113406527097c70e1a + checksum: 00f9755366cede42cdb41e177e134492d24edbda624aadac28057c10480e7b2c4b3b6a8b362c8aac7e595f64b01c2e2264f8ca779f1d12677391e86fee3f51c6 languageName: node linkType: hard @@ -7119,34 +6973,6 @@ __metadata: languageName: node linkType: hard -"define-property@npm:^0.2.5": - version: 0.2.5 - resolution: "define-property@npm:0.2.5" - dependencies: - is-descriptor: ^0.1.0 - checksum: 85af107072b04973b13f9e4128ab74ddfda48ec7ad2e54b193c0ffb57067c4ce5b7786a7b4ae1f24bd03e87c5d18766b094571810b314d7540f86d4354dbd394 - languageName: node - linkType: hard - -"define-property@npm:^1.0.0": - version: 1.0.0 - resolution: "define-property@npm:1.0.0" - dependencies: - is-descriptor: ^1.0.0 - checksum: 5fbed11dace44dd22914035ba9ae83ad06008532ca814d7936a53a09e897838acdad5b108dd0688cc8d2a7cf0681acbe00ee4136cf36743f680d10517379350a - languageName: node - linkType: hard - -"define-property@npm:^2.0.2": - version: 2.0.2 - resolution: "define-property@npm:2.0.2" - dependencies: - is-descriptor: ^1.0.2 - isobject: ^3.0.1 - checksum: 3217ed53fc9eed06ba8da6f4d33e28c68a82e2f2a8ab4d562c4920d8169a166fe7271453675e6c69301466f36a65d7f47edf0cf7f474b9aa52a5ead9c1b13c99 - languageName: node - linkType: hard - "delegates@npm:^1.0.0": version: 1.0.0 resolution: "delegates@npm:1.0.0" @@ -7168,13 +6994,6 @@ __metadata: languageName: node linkType: hard -"dequal@npm:^2.0.3": - version: 2.0.3 - resolution: "dequal@npm:2.0.3" - checksum: 8679b850e1a3d0ebbc46ee780d5df7b478c23f335887464023a631d1b9af051ad4a6595a44220f9ff8ff95a8ddccf019b5ad778a976fd7bbf77383d36f412f90 - languageName: node - linkType: hard - "destroy@npm:1.2.0": version: 1.2.0 resolution: "destroy@npm:1.2.0" @@ -7196,6 +7015,15 @@ __metadata: languageName: node linkType: hard +"detect-libc@npm:^1.0.3": + version: 1.0.3 + resolution: "detect-libc@npm:1.0.3" + bin: + detect-libc: ./bin/detect-libc.js + checksum: daaaed925ffa7889bd91d56e9624e6c8033911bb60f3a50a74a87500680652969dbaab9526d1e200a4c94acf80fc862a22131841145a0a8482d60a99c24f4a3e + languageName: node + linkType: hard + "detect-newline@npm:3.1.0": version: 3.1.0 resolution: "detect-newline@npm:3.1.0" @@ -7233,14 +7061,14 @@ __metadata: languageName: node linkType: hard -"dmd@npm:^6.2.1": - version: 6.2.2 - resolution: "dmd@npm:6.2.2" +"dmd@npm:^6.2.3": + version: 6.2.3 + resolution: "dmd@npm:6.2.3" dependencies: array-back: ^6.2.2 cache-point: ^2.0.0 common-sequence: ^2.0.2 - fast-glob: ^3.3.2 + file-set: ^4.0.2 handlebars: ^4.7.8 marked: ^4.3.0 object-get: ^2.1.1 @@ -7249,7 +7077,7 @@ __metadata: reduce-without: ^1.0.1 test-value: ^3.0.0 walk-back: ^5.1.0 - checksum: 4e84d3a0d3fcee163d8705f09d0607a022af177e0655eef41d16e325f9fab809d6d96340b73e7979ce94aed3e6889552cb9e446dbb2b2857c59f3f325c69c9bd + checksum: e3cdb5731361ab2b20eb1bb4476a50158c90ae35d46868d48ab50e31f60c2510fe57c120eed2fc0225d7863b5d80c18dcf7bc363cfbf05ae4b3bdb83c5c471b0 languageName: node linkType: hard @@ -7350,9 +7178,14 @@ __metadata: linkType: hard "dompurify@npm:^3.0.2": - version: 3.1.6 - resolution: "dompurify@npm:3.1.6" - checksum: cc4fc4ccd9261fbceb2a1627a985c70af231274a26ddd3f643fd0616a0a44099bd9e4480940ce3655612063be4a1fe9f5e9309967526f8c0a99f931602323866 + version: 3.2.2 + resolution: "dompurify@npm:3.2.2" + dependencies: + "@types/trusted-types": ^2.0.7 + dependenciesMeta: + "@types/trusted-types": + optional: true + checksum: e4831baa447cc7ed4350ede29f7ec4d2614a59287b6916f3691d287dd4a1c45eb3ce9cb26058edf37b3f2648bbf0a3ca5fb3b74c2f78bdcf6ebb7716c2f14252 languageName: node linkType: hard @@ -7377,7 +7210,7 @@ __metadata: languageName: node linkType: hard -"domutils@npm:^3.0.1": +"domutils@npm:^3.0.1, domutils@npm:^3.1.0": version: 3.1.0 resolution: "domutils@npm:3.1.0" dependencies: @@ -7438,26 +7271,26 @@ __metadata: languageName: node linkType: hard -"electron-to-chromium@npm:^1.4.820": - version: 1.4.832 - resolution: "electron-to-chromium@npm:1.4.832" - checksum: a1f71cf7665441d28cfe5ff31415d7a64036d83226c40322c1412de118091ad5010fd0da831dc04de115d978e91074756b7fbc9e7788e4f98888f0e194b5bdac +"electron-to-chromium@npm:^1.5.41": + version: 1.5.68 + resolution: "electron-to-chromium@npm:1.5.68" + checksum: c2851bdd9aab164de4590d3a114a794b01afebc9ef86e61c1d665b132ede3668399abc11451742bf660cecda70e5516765ad2dfc6d23ba4d396734ab701bf393 languageName: node linkType: hard "ember-a11y-refocus@npm:^4.1.0": - version: 4.1.1 - resolution: "ember-a11y-refocus@npm:4.1.1" + version: 4.1.4 + resolution: "ember-a11y-refocus@npm:4.1.4" dependencies: ember-cli-babel: ^7.26.11 ember-cli-htmlbars: ^6.0.1 - checksum: b9f861f1359e8c720bf844161da3eecbe2218149739211961d216b6fcaec5e78dfd51debe5ec2707ae0d31fdbbd9cf692349e3f0f5b47d1f12bd963c021494ac + checksum: c1a79f9b7792f3bac674e010b231561da4ca5fc2f3f6a9a6e2263908a6c781546e1baccdb84838f367ac9104e2c76b7f688a57f06f0bd6c194a6f1a71910e422 languageName: node linkType: hard "ember-a11y-testing@npm:^7.0.1": - version: 7.0.1 - resolution: "ember-a11y-testing@npm:7.0.1" + version: 7.0.2 + resolution: "ember-a11y-testing@npm:7.0.2" dependencies: "@ember/test-waiters": ^2.4.3 || ^3.0.0 "@scalvert/ember-setup-middleware-reporter": ^0.1.1 @@ -7477,7 +7310,7 @@ __metadata: peerDependenciesMeta: qunit: optional: true - checksum: d546eecd628c34161b435a7fe877a5c5e15b98d2635d4b5215510832d687e41a3bdcfdd0e56ff9dd54f574d0a679431a45b29004482a4f9dbbac1c22f715aba0 + checksum: 3d8bd7ced90d69a93ec4fd6b2484da33dbbc67cbf2b41752ea21604a83778d22939de498528d9b8516a5faa833818c9382250e57bc9a4e4a36bdd9bf30101f0a languageName: node linkType: hard @@ -7508,8 +7341,8 @@ __metadata: linkType: hard "ember-auto-import@npm:^2.2.4, ember-auto-import@npm:^2.4.1, ember-auto-import@npm:^2.5.0, ember-auto-import@npm:^2.6.0, ember-auto-import@npm:^2.6.1, ember-auto-import@npm:^2.6.3, ember-auto-import@npm:^2.7.0, ember-auto-import@npm:^2.7.2": - version: 2.7.4 - resolution: "ember-auto-import@npm:2.7.4" + version: 2.10.0 + resolution: "ember-auto-import@npm:2.10.0" dependencies: "@babel/core": ^7.16.7 "@babel/plugin-proposal-class-properties": ^7.16.7 @@ -7534,41 +7367,43 @@ __metadata: fs-extra: ^10.0.0 fs-tree-diff: ^2.0.0 handlebars: ^4.3.1 + is-subdir: ^1.2.0 js-string-escape: ^1.0.1 lodash: ^4.17.19 mini-css-extract-plugin: ^2.5.2 minimatch: ^3.0.0 parse5: ^6.0.1 + pkg-entry-points: ^1.1.0 resolve: ^1.20.0 resolve-package-path: ^4.0.3 semver: ^7.3.4 style-loader: ^2.0.0 typescript-memoize: ^1.0.0-alpha.3 walk-sync: ^3.0.0 - checksum: fe214cf2c28328cc573c70ea278a92798b785e5f26aeabe1b9451e782676632dda566d03cdd467796ceb26c66626ac5401deded4819ea4397399c6d07ebdea10 + checksum: f122f7e42bd9c4cfd39e951d79531d23a5b03278bba762d7638951d017d9fe0ce32d2852284ea5761233cd4a66555b9e3dcadaa8c6370fc00581795f28c20f79 languageName: node linkType: hard "ember-basic-dropdown@npm:^8.0.4": - version: 8.1.0 - resolution: "ember-basic-dropdown@npm:8.1.0" - dependencies: - "@babel/core": ^7.24.5 - "@embroider/addon-shim": ^1.8.7 - "@embroider/macros": ^1.16.1 - "@embroider/util": ^1.13.1 - decorator-transforms: ^1.1.0 + version: 8.4.0 + resolution: "ember-basic-dropdown@npm:8.4.0" + dependencies: + "@babel/core": ^7.26.0 + "@embroider/addon-shim": ^1.9.0 + "@embroider/macros": ^1.16.9 + "@embroider/util": ^1.13.2 + decorator-transforms: ^2.3.0 ember-element-helper: ^0.8.6 ember-lifeline: ^7.0.0 - ember-modifier: ^4.1.0 - ember-style-modifier: ^4.3.1 + ember-modifier: ^4.2.0 + ember-style-modifier: ^4.4.0 ember-truth-helpers: ^4.0.3 peerDependencies: - "@ember/test-helpers": ^2.9.4 || ^3.2.1 - "@glimmer/component": ^1.1.2 + "@ember/test-helpers": ^2.9.4 || ^3.2.1 || ^4.0.2 + "@glimmer/component": ^1.1.2 || ^2.0.0 "@glimmer/tracking": ^1.1.2 ember-source: ^3.28.0 || ^4.0.0 || >=5.0.0 - checksum: e3c84f18634af3a166ee0a05dfc27913489b2dad4fdea0c077a7b97ce4e9931af8b750994cce8e223f6a4db0580800ee5592b5dc338f42ffa013d924751f8d00 + checksum: 8a29b76e2138ae20165b031a3ca49adabb637fd8a074d4714604f19bc3b349bc99f3c7c3efb5a47dabd2556a32f2e6bf8bd8478e418ae03163df164313e565ad languageName: node linkType: hard @@ -7707,17 +7542,17 @@ __metadata: linkType: hard "ember-cli-dependency-checker@npm:^3.3.2": - version: 3.3.2 - resolution: "ember-cli-dependency-checker@npm:3.3.2" + version: 3.3.3 + resolution: "ember-cli-dependency-checker@npm:3.3.3" dependencies: chalk: ^2.4.2 - find-yarn-workspace-root: ^1.2.1 + find-yarn-workspace-root: ^2.0.0 is-git-url: ^1.0.0 resolve: ^1.22.0 semver: ^5.7.1 peerDependencies: ember-cli: ^3.2.0 || >=4.0.0 - checksum: e408f6a1cb6ed4126d966b785e9023799cab5d0d857ff7ec2edc1175a5456f8ac878b5da8b0a197c3db02a38fed643090df8c260018263a993ef50ddb0a48d63 + checksum: cd14ef579efeba3fcfdc6639069f8492a35469e75148f86b9f462112922d2c063f7af8608d9d35b3d8936758edb2e21fb2485cf833c55644f767ab7fbea7b9e5 languageName: node linkType: hard @@ -7825,8 +7660,8 @@ __metadata: linkType: hard "ember-cli-mirage@npm:^3.0.3": - version: 3.0.3 - resolution: "ember-cli-mirage@npm:3.0.3" + version: 3.0.4 + resolution: "ember-cli-mirage@npm:3.0.4" dependencies: "@babel/core": ^7.22.20 "@embroider/macros": ^1.13.2 @@ -7836,7 +7671,7 @@ __metadata: ember-auto-import: ^2.6.3 ember-cli-babel: ^8.0.0 ember-get-config: 0.2.4 - 0.5.0 || ^1.0.0 || ^2.1.1 - ember-inflector: ^2.0.0 || ^3.0.0 || ^4.0.2 + ember-inflector: ^2.0.0 || ^3.0.0 || ^4.0.2 || ^5.0.0 peerDependencies: "@ember-data/model": "*" "@ember/test-helpers": "*" @@ -7853,7 +7688,7 @@ __metadata: optional: true ember-qunit: optional: true - checksum: 2d198315def0dd3634a9a11f0ba2bbe4a17a702384e8dd3fca2783670d9bfa524c5cb4e779b00c36102b0f2b5b28ff4be3ce7f3ee4956d6dd5c3bf021c009eac + checksum: 09abad623b3cc9f6104d7ef22948080ab3f75ae58f2b0d6d5f16d0e9d2963f5a11f2186a3d7497b69a0b8d729427006dfcec98a2ac2d3010b19467609ed306f0 languageName: node linkType: hard @@ -7867,8 +7702,8 @@ __metadata: linkType: hard "ember-cli-page-object@npm:^2.3.0": - version: 2.3.0 - resolution: "ember-cli-page-object@npm:2.3.0" + version: 2.3.1 + resolution: "ember-cli-page-object@npm:2.3.1" dependencies: "@embroider/addon-shim": ^1.8.0 "@ro0gr/ceibo": ^2.2.0 @@ -7880,7 +7715,7 @@ __metadata: peerDependenciesMeta: "@ember/jquery": optional: true - checksum: 665fe48e5398fd30b003c808fd764fd69753cdebc1ea21810e43633c8143e624f0a73888b39630949d14d303a6ddd75212a16302210cf712048fd0318130894a + checksum: d688fb4dd8924345f91e0a34d9adc00adfe7932fdfd0e870eac782f8b5e183024f0795b2133d96433f93c49b752a32d41573d79ff5436fced60b496f88d714e8 languageName: node linkType: hard @@ -8361,14 +8196,14 @@ __metadata: linkType: hard "ember-focus-trap@npm:^1.1.0": - version: 1.1.0 - resolution: "ember-focus-trap@npm:1.1.0" + version: 1.1.1 + resolution: "ember-focus-trap@npm:1.1.1" dependencies: "@embroider/addon-shim": ^1.0.0 focus-trap: ^6.7.1 peerDependencies: - ember-source: ^4.0.0 || ^5.0.0 - checksum: 1f19c50b92c56f04681cd59ac3a88a520a53403278105aab2f4edc64df6ce3d0ceb53409e3309822bd4ced60063d9e8657117c708f90da9038c8140737e8d831 + ember-source: ">= 4.0.0" + checksum: a6119da9c0985d46dc28fff43b94f4d4a9e0865822eebce883de69e29fc199022a4f3fa74f9ae1564b63a504a12beb840dc334fdd0ebadd1d5e2263185a33224 languageName: node linkType: hard @@ -8414,7 +8249,17 @@ __metadata: languageName: node linkType: hard -"ember-inflector@npm:^2.0.0 || ^3.0.0 || ^4.0.2, ember-inflector@npm:^4.0.2": +"ember-inflector@npm:^2.0.0 || ^3.0.0 || ^4.0.2 || ^5.0.0": + version: 5.0.2 + resolution: "ember-inflector@npm:5.0.2" + dependencies: + "@embroider/addon-shim": ^1.8.7 + decorator-transforms: ^2.0.0 + checksum: 7bdc8a30559a514df0d423aa9155bee9a6be308d40a2644202a66d2aef916fc40ada329e3cbd2357e0aff719e87a650a0731dc6db5275852707faa625a0e0d90 + languageName: node + linkType: hard + +"ember-inflector@npm:^4.0.2": version: 4.0.3 resolution: "ember-inflector@npm:4.0.3" dependencies: @@ -8497,7 +8342,7 @@ __metadata: languageName: node linkType: hard -"ember-modifier@npm:^2.1.2 || ^3.1.0 || ^4.0.0, ember-modifier@npm:^3.2.7 || ^4.0.0, ember-modifier@npm:^4.1.0": +"ember-modifier@npm:^2.1.2 || ^3.1.0 || ^4.0.0, ember-modifier@npm:^3.2.7 || ^4.0.0, ember-modifier@npm:^4.1.0, ember-modifier@npm:^4.2.0": version: 4.2.0 resolution: "ember-modifier@npm:4.2.0" dependencies: @@ -8540,24 +8385,24 @@ __metadata: linkType: hard "ember-power-select@npm:^8.1.0, ember-power-select@npm:^8.2.0": - version: 8.2.0 - resolution: "ember-power-select@npm:8.2.0" + version: 8.4.0 + resolution: "ember-power-select@npm:8.4.0" dependencies: - "@embroider/addon-shim": ^1.8.7 - "@embroider/util": ^1.13.1 - decorator-transforms: ^1.1.0 + "@embroider/addon-shim": ^1.9.0 + "@embroider/util": ^1.13.2 + decorator-transforms: ^2.3.0 ember-assign-helper: ^0.5.0 ember-lifeline: ^7.0.0 - ember-modifier: ^4.1.0 + ember-modifier: ^4.2.0 ember-truth-helpers: ^4.0.3 peerDependencies: - "@ember/test-helpers": ^2.9.4 || ^3.2.1 - "@glimmer/component": ^1.1.2 + "@ember/test-helpers": ^2.9.4 || ^3.2.1 || ^4.0.2 + "@glimmer/component": ^1.1.2 || ^2.0.0 "@glimmer/tracking": ^1.1.2 - ember-basic-dropdown: ^8.1.0 + ember-basic-dropdown: ^8.2.0 ember-concurrency: ^4.0.2 ember-source: ^3.28.0 || ^4.0.0 || >=5.0.0 - checksum: 9251606e71a0c789ceb106a661e820c10a2ead2a7936c111d93b5474f4ffaffaeb842e3a61c78f51cf7b36bfccc2336e4301c802dc24671aa3981726d153d25a + checksum: 0f0486516271f53b3bb14a2af1e911366783806c9dd05589eeeaae784b8bd0285b35ad216b4b311bb1fe06e9f757f337dc2af1eeefad23617e82d55d72122a84 languageName: node linkType: hard @@ -8571,8 +8416,8 @@ __metadata: linkType: hard "ember-qunit@npm:^8.0.1": - version: 8.1.0 - resolution: "ember-qunit@npm:8.1.0" + version: 8.1.1 + resolution: "ember-qunit@npm:8.1.1" dependencies: "@embroider/addon-shim": ^1.8.6 "@embroider/macros": ^1.13.1 @@ -8582,7 +8427,7 @@ __metadata: "@ember/test-helpers": ">=3.0.3" ember-source: ">=4.0.0" qunit: ^2.13.0 - checksum: ec388ff38f4b299066093b14271ed7c1ff7236140b59a73d99cfc88a0a8638b69b413e38260a98a529ab51ac14469c628d43d70a4168ea7bc37f333abb4965fc + checksum: 9cacb25e1d26d04b469b2d5eddacb2970ecd038e74c517f0a0d02f6b6b4f386624eb3a44b27c414ac62107866ebae7bcd549de53e7b0bc91148fe80cf3bc2aa2 languageName: node linkType: hard @@ -8788,7 +8633,7 @@ __metadata: languageName: node linkType: hard -"ember-style-modifier@npm:^4.1.0, ember-style-modifier@npm:^4.3.1": +"ember-style-modifier@npm:^4.1.0, ember-style-modifier@npm:^4.4.0": version: 4.4.0 resolution: "ember-style-modifier@npm:4.4.0" dependencies: @@ -8803,9 +8648,9 @@ __metadata: languageName: node linkType: hard -"ember-svg-jar@npm:2.4.4": - version: 2.4.4 - resolution: "ember-svg-jar@npm:2.4.4" +"ember-svg-jar@npm:2.6.0": + version: 2.6.0 + resolution: "ember-svg-jar@npm:2.6.0" dependencies: "@embroider/macros": ^1.12.2 broccoli-caching-writer: ^3.0.3 @@ -8816,13 +8661,13 @@ __metadata: broccoli-plugin: ^4.0.7 broccoli-string-replace: ^0.1.2 broccoli-svg-optimizer: ^2.1.0 - cheerio: ^1.0.0-rc.12 + cheerio: ^1.0.0 console-ui: ^3.1.1 ember-cli-babel: ^7.26.6 ember-cli-htmlbars: ^5.7.1 lodash: ^4.17.15 safe-stable-stringify: ^2.2.0 - checksum: e50efb0d503cebd5c85b620fd73866725e1a6804a119318835c07a24b60f9d7684fc86e853c693beb72b1386ea9f1124f2e49c4ae5de9e7505c2d06180c4e980 + checksum: 2848b112898d37f72593ef4d1319d2a4f883f7a6fc9c4115d13669fb2ff5b42d9b954339ab666cb6bf8f71de71ab5f59df1789ebbb53046e0a5705df744ad3fb languageName: node linkType: hard @@ -8885,8 +8730,8 @@ __metadata: linkType: hard "ember-template-recast@npm:^6.1.4": - version: 6.1.4 - resolution: "ember-template-recast@npm:6.1.4" + version: 6.1.5 + resolution: "ember-template-recast@npm:6.1.5" dependencies: "@glimmer/reference": ^0.84.3 "@glimmer/syntax": ^0.84.3 @@ -8901,7 +8746,7 @@ __metadata: workerpool: ^6.4.0 bin: ember-template-recast: lib/bin.js - checksum: a492e19c99080e0808fb7b4e3e3e9af47906a4a0b628c1c317414725e82b0c984fe327e1b7265718dc06e3f57b759bf432ef5b7a857cd68b571a7ed1d73d0225 + checksum: 4473f1edf2b849706478d8807f414937eb1d04f5f37f8584ea93e6225211bc8c9ddf8df6ce1d58cd3d56e5b5ae8754ccc6804893dd5df310f8a033e1a67d43fd languageName: node linkType: hard @@ -9014,6 +8859,23 @@ __metadata: languageName: node linkType: hard +"encodeurl@npm:~2.0.0": + version: 2.0.0 + resolution: "encodeurl@npm:2.0.0" + checksum: abf5cd51b78082cf8af7be6785813c33b6df2068ce5191a40ca8b1afe6a86f9230af9a9ce694a5ce4665955e5c1120871826df9c128a642e09c58d592e2807fe + languageName: node + linkType: hard + +"encoding-sniffer@npm:^0.2.0": + version: 0.2.0 + resolution: "encoding-sniffer@npm:0.2.0" + dependencies: + iconv-lite: ^0.6.3 + whatwg-encoding: ^3.1.1 + checksum: 05ad76b674066e62abc80427eb9e89ecf5ed50f4d20c392f7465992d309215687e3ae1ae8b5d5694fb258f4517c759694c3b413d6c724e1024e1cf98750390eb + languageName: node + linkType: hard + "encoding@npm:^0.1.13": version: 0.1.13 resolution: "encoding@npm:0.1.13" @@ -9039,31 +8901,31 @@ __metadata: languageName: node linkType: hard -"engine.io@npm:~6.5.2": - version: 6.5.5 - resolution: "engine.io@npm:6.5.5" +"engine.io@npm:~6.6.0": + version: 6.6.2 + resolution: "engine.io@npm:6.6.2" dependencies: "@types/cookie": ^0.4.1 "@types/cors": ^2.8.12 "@types/node": ">=10.0.0" accepts: ~1.3.4 base64id: 2.0.0 - cookie: ~0.4.1 + cookie: ~0.7.2 cors: ~2.8.5 debug: ~4.3.1 engine.io-parser: ~5.2.1 ws: ~8.17.1 - checksum: 358d337dd007b81cd6d7f39d0161ec8ec3a86097f0fbb0e10240eace51f836741f93c3e6bd69322b9ce0ad0fd89253a41e09335b6eb412d13e5357a054a90c4a + checksum: c474feff30fe8c816cccf1642b2f4980cacbff51afcda53c522cbeec4d0ed4047dfbcbeaff694bd88a5de51b3df832fbfb58293bbbf8ddba85459cb45be5f9da languageName: node linkType: hard -"enhanced-resolve@npm:^5.15.0": - version: 5.17.0 - resolution: "enhanced-resolve@npm:5.17.0" +"enhanced-resolve@npm:^5.17.1": + version: 5.17.1 + resolution: "enhanced-resolve@npm:5.17.1" dependencies: graceful-fs: ^4.2.4 tapable: ^2.2.0 - checksum: 1066000454da6a7aeabdbe1f433d912d1e39e6892142a78a37b6577aab27e0436091fa1399d857ad87085b1c3b73a0f811c8874da3dbdc40fbd5ebe89a5568e6 + checksum: 4bc38cf1cea96456f97503db7280394177d1bc46f8f87c267297d04f795ac5efa81e48115a2f5b6273c781027b5b6bfc5f62b54df629e4d25fa7001a86624f59 languageName: node linkType: hard @@ -9098,7 +8960,7 @@ __metadata: languageName: node linkType: hard -"entities@npm:^4.2.0, entities@npm:^4.4.0": +"entities@npm:^4.2.0, entities@npm:^4.4.0, entities@npm:^4.5.0": version: 4.5.0 resolution: "entities@npm:4.5.0" checksum: 853f8ebd5b425d350bffa97dd6958143179a5938352ccae092c62d1267c4e392a039be1bae7d51b6e4ffad25f51f9617531fedf5237f15df302ccfb452cbf2d7 @@ -9154,9 +9016,9 @@ __metadata: languageName: node linkType: hard -"es-abstract@npm:^1.17.2, es-abstract@npm:^1.22.1, es-abstract@npm:^1.22.3, es-abstract@npm:^1.23.0, es-abstract@npm:^1.23.2": - version: 1.23.3 - resolution: "es-abstract@npm:1.23.3" +"es-abstract@npm:^1.17.2, es-abstract@npm:^1.22.1, es-abstract@npm:^1.22.3, es-abstract@npm:^1.23.0, es-abstract@npm:^1.23.2, es-abstract@npm:^1.23.5": + version: 1.23.5 + resolution: "es-abstract@npm:1.23.5" dependencies: array-buffer-byte-length: ^1.0.1 arraybuffer.prototype.slice: ^1.0.3 @@ -9173,7 +9035,7 @@ __metadata: function.prototype.name: ^1.1.6 get-intrinsic: ^1.2.4 get-symbol-description: ^1.0.2 - globalthis: ^1.0.3 + globalthis: ^1.0.4 gopd: ^1.0.1 has-property-descriptors: ^1.0.2 has-proto: ^1.0.3 @@ -9189,10 +9051,10 @@ __metadata: is-string: ^1.0.7 is-typed-array: ^1.1.13 is-weakref: ^1.0.2 - object-inspect: ^1.13.1 + object-inspect: ^1.13.3 object-keys: ^1.1.1 object.assign: ^4.1.5 - regexp.prototype.flags: ^1.5.2 + regexp.prototype.flags: ^1.5.3 safe-array-concat: ^1.1.2 safe-regex-test: ^1.0.3 string.prototype.trim: ^1.2.9 @@ -9204,7 +9066,7 @@ __metadata: typed-array-length: ^1.0.6 unbox-primitive: ^1.0.2 which-typed-array: ^1.1.15 - checksum: f840cf161224252512f9527306b57117192696571e07920f777cb893454e32999206198b4f075516112af6459daca282826d1735c450528470356d09eff3a9ae + checksum: 17c81f8a42f0322fd11e0025d3c2229ecfd7923560c710906b8e68660e19c42322750dcedf8ba5cf28bae50d5befd8174d3903ac50dbabb336d3efc3aabed2ee languageName: node linkType: hard @@ -9259,13 +9121,13 @@ __metadata: linkType: hard "es-to-primitive@npm:^1.2.1": - version: 1.2.1 - resolution: "es-to-primitive@npm:1.2.1" + version: 1.3.0 + resolution: "es-to-primitive@npm:1.3.0" dependencies: - is-callable: ^1.1.4 - is-date-object: ^1.0.1 - is-symbol: ^1.0.2 - checksum: 4ead6671a2c1402619bdd77f3503991232ca15e17e46222b0a41a5d81aebc8740a77822f5b3c965008e631153e9ef0580540007744521e72de8e33599fca2eed + is-callable: ^1.2.7 + is-date-object: ^1.0.5 + is-symbol: ^1.0.4 + checksum: 966965880356486cd4d1fe9a523deda2084c81b3702d951212c098f5f2ee93605d1b7c1840062efb48a07d892641c7ed1bc194db563645c0dd2b919cb6d65b93 languageName: node linkType: hard @@ -9285,10 +9147,10 @@ __metadata: languageName: node linkType: hard -"escalade@npm:^3.1.1, escalade@npm:^3.1.2": - version: 3.1.2 - resolution: "escalade@npm:3.1.2" - checksum: 1ec0977aa2772075493002bdbd549d595ff6e9393b1cb0d7d6fcaf78c750da0c158f180938365486f75cb69fba20294351caddfce1b46552a7b6c3cde52eaa02 +"escalade@npm:^3.1.1, escalade@npm:^3.2.0": + version: 3.2.0 + resolution: "escalade@npm:3.2.0" + checksum: 47b029c83de01b0d17ad99ed766347b974b0d628e848de404018f3abee728e987da0d2d370ad4574aa3d5b5bfc368754fd085d69a30f8e75903486ec4b5b709e languageName: node linkType: hard @@ -9444,12 +9306,12 @@ __metadata: linkType: hard "eslint-plugin-qunit@npm:^8.0.1": - version: 8.1.1 - resolution: "eslint-plugin-qunit@npm:8.1.1" + version: 8.1.2 + resolution: "eslint-plugin-qunit@npm:8.1.2" dependencies: eslint-utils: ^3.0.0 requireindex: ^1.2.0 - checksum: ba71971ebdcc15c1ce7a164d265fe79ec006b9598368006575e6bf14cd1b5d2630d8c4f86cc1dce2e14cfa3faae19c54e96df51fd3086d0bdd1088020ffc7d87 + checksum: a908a585e56c1de5e4de10e3d8386574a22102a550d63bbb97ddbad4599fdacf02a00038cb303f81687db83a7632b50204f50320bb7a0fb8e2bf178b00a1e92f languageName: node linkType: hard @@ -9504,14 +9366,14 @@ __metadata: linkType: hard "eslint@npm:^8.21.0, eslint@npm:^8.52.0, eslint@npm:^8.7.0": - version: 8.57.0 - resolution: "eslint@npm:8.57.0" + version: 8.57.1 + resolution: "eslint@npm:8.57.1" dependencies: "@eslint-community/eslint-utils": ^4.2.0 "@eslint-community/regexpp": ^4.6.1 "@eslint/eslintrc": ^2.1.4 - "@eslint/js": 8.57.0 - "@humanwhocodes/config-array": ^0.11.14 + "@eslint/js": 8.57.1 + "@humanwhocodes/config-array": ^0.13.0 "@humanwhocodes/module-importer": ^1.0.1 "@nodelib/fs.walk": ^1.2.8 "@ungap/structured-clone": ^1.2.0 @@ -9547,7 +9409,7 @@ __metadata: text-table: ^0.2.0 bin: eslint: bin/eslint.js - checksum: 3a48d7ff85ab420a8447e9810d8087aea5b1df9ef68c9151732b478de698389ee656fd895635b5f2871c89ee5a2652b3f343d11e9db6f8486880374ebc74a2d9 + checksum: e2489bb7f86dd2011967759a09164e65744ef7688c310bc990612fc26953f34cc391872807486b15c06833bdff737726a23e9b4cdba5de144c311377dc41d91b languageName: node linkType: hard @@ -9760,21 +9622,6 @@ __metadata: languageName: node linkType: hard -"expand-brackets@npm:^2.1.4": - version: 2.1.4 - resolution: "expand-brackets@npm:2.1.4" - dependencies: - debug: ^2.3.3 - define-property: ^0.2.5 - extend-shallow: ^2.0.1 - posix-character-classes: ^0.1.0 - regex-not: ^1.0.0 - snapdragon: ^0.8.1 - to-regex: ^3.0.1 - checksum: 1781d422e7edfa20009e2abda673cadb040a6037f0bd30fcd7357304f4f0c284afd420d7622722ca4a016f39b6d091841ab57b401c1f7e2e5131ac65b9f14fa1 - languageName: node - linkType: hard - "expand-tilde@npm:^2.0.0, expand-tilde@npm:^2.0.2": version: 2.0.2 resolution: "expand-tilde@npm:2.0.2" @@ -9792,60 +9639,41 @@ __metadata: linkType: hard "express@npm:^4.10.7, express@npm:^4.18.1": - version: 4.19.2 - resolution: "express@npm:4.19.2" + version: 4.21.1 + resolution: "express@npm:4.21.1" dependencies: accepts: ~1.3.8 array-flatten: 1.1.1 - body-parser: 1.20.2 + body-parser: 1.20.3 content-disposition: 0.5.4 content-type: ~1.0.4 - cookie: 0.6.0 + cookie: 0.7.1 cookie-signature: 1.0.6 debug: 2.6.9 depd: 2.0.0 - encodeurl: ~1.0.2 + encodeurl: ~2.0.0 escape-html: ~1.0.3 etag: ~1.8.1 - finalhandler: 1.2.0 + finalhandler: 1.3.1 fresh: 0.5.2 http-errors: 2.0.0 - merge-descriptors: 1.0.1 + merge-descriptors: 1.0.3 methods: ~1.1.2 on-finished: 2.4.1 parseurl: ~1.3.3 - path-to-regexp: 0.1.7 + path-to-regexp: 0.1.10 proxy-addr: ~2.0.7 - qs: 6.11.0 + qs: 6.13.0 range-parser: ~1.2.1 safe-buffer: 5.2.1 - send: 0.18.0 - serve-static: 1.15.0 + send: 0.19.0 + serve-static: 1.16.2 setprototypeof: 1.2.0 statuses: 2.0.1 type-is: ~1.6.18 utils-merge: 1.0.1 vary: ~1.1.2 - checksum: 212dbd6c2c222a96a61bc927639c95970a53b06257080bb9e2838adb3bffdb966856551fdad1ab5dd654a217c35db94f987d0aa88d48fb04d306340f5f34dca5 - languageName: node - linkType: hard - -"extend-shallow@npm:^2.0.1": - version: 2.0.1 - resolution: "extend-shallow@npm:2.0.1" - dependencies: - is-extendable: ^0.1.0 - checksum: 8fb58d9d7a511f4baf78d383e637bd7d2e80843bd9cd0853649108ea835208fb614da502a553acc30208e1325240bb7cc4a68473021612496bb89725483656d8 - languageName: node - linkType: hard - -"extend-shallow@npm:^3.0.0, extend-shallow@npm:^3.0.2": - version: 3.0.2 - resolution: "extend-shallow@npm:3.0.2" - dependencies: - assign-symbols: ^1.0.0 - is-extendable: ^1.0.1 - checksum: a920b0cd5838a9995ace31dfd11ab5e79bf6e295aa566910ce53dff19f4b1c0fda2ef21f26b28586c7a2450ca2b42d97bd8c0f5cec9351a819222bf861e02461 + checksum: 5ac2b26d8aeddda5564fc0907227d29c100f90c0ead2ead9d474dc5108e8fb306c2de2083c4e3ba326e0906466f2b73417dbac16961f4075ff9f03785fd940fe languageName: node linkType: hard @@ -9867,22 +9695,6 @@ __metadata: languageName: node linkType: hard -"extglob@npm:^2.0.4": - version: 2.0.4 - resolution: "extglob@npm:2.0.4" - dependencies: - array-unique: ^0.3.2 - define-property: ^1.0.0 - expand-brackets: ^2.1.4 - extend-shallow: ^2.0.1 - fragment-cache: ^0.2.1 - regex-not: ^1.0.0 - snapdragon: ^0.8.1 - to-regex: ^3.0.1 - checksum: a41531b8934735b684cef5e8c5a01d0f298d7d384500ceca38793a9ce098125aab04ee73e2d75d5b2901bc5dddd2b64e1b5e3bf19139ea48bac52af4a92f1d00 - languageName: node - linkType: hard - "extract-stack@npm:^2.0.0": version: 2.0.0 resolution: "extract-stack@npm:2.0.0" @@ -9963,9 +9775,9 @@ __metadata: linkType: hard "fast-uri@npm:^3.0.1": - version: 3.0.1 - resolution: "fast-uri@npm:3.0.1" - checksum: 106143ff83705995225dcc559411288f3337e732bb2e264e79788f1914b6bd8f8bc3683102de60b15ba00e6ebb443633cabac77d4ebc5cb228c47cf955e199ff + version: 3.0.3 + resolution: "fast-uri@npm:3.0.3" + checksum: c52e6c86465f5c240e84a4485fb001088cc743d261a4b54b0050ce4758b1648bdbe53da1328ef9620149dca1435e3de64184f226d7c0a3656cb5837b3491e149 languageName: node linkType: hard @@ -10048,10 +9860,20 @@ __metadata: languageName: node linkType: hard +"file-set@npm:^4.0.2": + version: 4.0.2 + resolution: "file-set@npm:4.0.2" + dependencies: + array-back: ^5.0.0 + glob: ^7.1.6 + checksum: 6eacb9df4a0a95fbfb09e8ccdf8c3ef7f30de8c0b5043ff0530a79c0c0003550a0725eba517a5c7fe1c452df57c3b4d506e91859ccc248aebb2f038790eb66e6 + languageName: node + linkType: hard + "filesize@npm:^10.0.8": - version: 10.1.4 - resolution: "filesize@npm:10.1.4" - checksum: b54949fb1a2ecf2407afeb08f943f59a81da382a83ad2b8472ca2a64ba08345ecd489cb44914f44e48dd125c3658f19687d2d4920ae4505e6356f1054c139dcf + version: 10.1.6 + resolution: "filesize@npm:10.1.6" + checksum: a797a9d41c8f27a9ae334d23f99fc5d903eac5d03c82190dc163901205435b56626fe1260c779ba3e87a2a34d426f19ff264c3f7d956e00f2d3ac69760b52e33 languageName: node linkType: hard @@ -10086,18 +9908,18 @@ __metadata: languageName: node linkType: hard -"finalhandler@npm:1.2.0": - version: 1.2.0 - resolution: "finalhandler@npm:1.2.0" +"finalhandler@npm:1.3.1": + version: 1.3.1 + resolution: "finalhandler@npm:1.3.1" dependencies: debug: 2.6.9 - encodeurl: ~1.0.2 + encodeurl: ~2.0.0 escape-html: ~1.0.3 on-finished: 2.4.1 parseurl: ~1.3.3 statuses: 2.0.1 unpipe: ~1.0.0 - checksum: 92effbfd32e22a7dff2994acedbd9bcc3aa646a3e919ea6a53238090e87097f8ef07cced90aa2cc421abdf993aefbdd5b00104d55c7c5479a8d00ed105b45716 + checksum: a8c58cd97c9cd47679a870f6833a7b417043f5a288cd6af6d0f49b476c874a506100303a128b6d3b654c3d74fa4ff2ffed68a48a27e8630cda5c918f2977dcf4 languageName: node linkType: hard @@ -10112,12 +9934,11 @@ __metadata: linkType: hard "find-babel-config@npm:^2.1.1": - version: 2.1.1 - resolution: "find-babel-config@npm:2.1.1" + version: 2.1.2 + resolution: "find-babel-config@npm:2.1.2" dependencies: json5: ^2.2.3 - path-exists: ^4.0.0 - checksum: 4be54397339520e0cd49870acb10366684ffc001fd0b7bffedd0fe9d3e1d82234692d3cb4e5ba95280a35887238ba6f82dc79569a13a3749ae3931c23e0b3a99 + checksum: 268f29cb38ee086b0f953c89f762dcea30b5b0e14abee2b39516410c00b49baa6821f598bd50346c93584e5625c5740f5c8b7e34993f568787a068f84dacc8c2 languageName: node linkType: hard @@ -10148,6 +9969,18 @@ __metadata: languageName: node linkType: hard +"find-replace@npm:^5.0.1": + version: 5.0.2 + resolution: "find-replace@npm:5.0.2" + peerDependencies: + "@75lb/nature": "*" + peerDependenciesMeta: + "@75lb/nature": + optional: true + checksum: 964fb76cf084638c4202628c65c03763fd8627b84b18c0948470b429371d18c5a0340167097961222d4decbcc4502880d776c57c1c3ef5f3d0081b8fde0e17ea + languageName: node + linkType: hard + "find-up@npm:^2.1.0": version: 2.1.0 resolution: "find-up@npm:2.1.0" @@ -10197,16 +10030,6 @@ __metadata: languageName: node linkType: hard -"find-yarn-workspace-root@npm:^1.2.1": - version: 1.2.1 - resolution: "find-yarn-workspace-root@npm:1.2.1" - dependencies: - fs-extra: ^4.0.3 - micromatch: ^3.1.4 - checksum: a8f4565fb1ead6122acc0d324fa3257c20f7b0c91b7b266dab9eee7251fb5558fcff5b35dbfd301bfd1cbb91c1cdd1799b28ffa5b9a92efd8c7ded3663652bbe - languageName: node - linkType: hard - "find-yarn-workspace-root@npm:^2.0.0": version: 2.0.0 resolution: "find-yarn-workspace-root@npm:2.0.0" @@ -10332,9 +10155,9 @@ __metadata: linkType: hard "flatted@npm:^3.2.9": - version: 3.3.1 - resolution: "flatted@npm:3.3.1" - checksum: 85ae7181650bb728c221e7644cbc9f4bf28bc556f2fc89bb21266962bdf0ce1029cc7acc44bb646cd469d9baac7c317f64e841c4c4c00516afa97320cdac7f94 + version: 3.3.2 + resolution: "flatted@npm:3.3.2" + checksum: ac3c159742e01d0e860a861164bcfd35bb567ccbebb8a0dd041e61cf3c64a435b917dd1e7ed1c380c2ebca85735fb16644485ec33665bc6aafc3b316aa1eed44 languageName: node linkType: hard @@ -10348,12 +10171,12 @@ __metadata: linkType: hard "follow-redirects@npm:^1.0.0": - version: 1.15.6 - resolution: "follow-redirects@npm:1.15.6" + version: 1.15.9 + resolution: "follow-redirects@npm:1.15.9" peerDependenciesMeta: debug: optional: true - checksum: a62c378dfc8c00f60b9c80cab158ba54e99ba0239a5dd7c81245e5a5b39d10f0c35e249c3379eae719ff0285fff88c365dd446fab19dee771f1d76252df1bbf5 + checksum: 859e2bacc7a54506f2bf9aacb10d165df78c8c1b0ceb8023f966621b233717dab56e8d08baadc3ad3b9db58af290413d585c999694b7c146aaf2616340c3d2a6 languageName: node linkType: hard @@ -10362,24 +10185,17 @@ __metadata: resolution: "for-each@npm:0.3.3" dependencies: is-callable: ^1.1.3 - checksum: 6c48ff2bc63362319c65e2edca4a8e1e3483a2fabc72fbe7feaf8c73db94fc7861bd53bc02c8a66a0c1dd709da6b04eec42e0abdd6b40ce47305ae92a25e5d28 - languageName: node - linkType: hard - -"for-in@npm:^1.0.2": - version: 1.0.2 - resolution: "for-in@npm:1.0.2" - checksum: 09f4ae93ce785d253ac963d94c7f3432d89398bf25ac7a24ed034ca393bf74380bdeccc40e0f2d721a895e54211b07c8fad7132e8157827f6f7f059b70b4043d + checksum: 6c48ff2bc63362319c65e2edca4a8e1e3483a2fabc72fbe7feaf8c73db94fc7861bd53bc02c8a66a0c1dd709da6b04eec42e0abdd6b40ce47305ae92a25e5d28 languageName: node linkType: hard "foreground-child@npm:^3.1.0": - version: 3.2.1 - resolution: "foreground-child@npm:3.2.1" + version: 3.3.0 + resolution: "foreground-child@npm:3.3.0" dependencies: cross-spawn: ^7.0.0 signal-exit: ^4.0.1 - checksum: 3e2e844d6003c96d70affe8ae98d7eaaba269a868c14d997620c088340a8775cd5d2d9043e6ceebae1928d8d9a874911c4d664b9a267e8995945df20337aebc0 + checksum: 1989698488f725b05b26bc9afc8a08f08ec41807cd7b92ad85d96004ddf8243fd3e79486b8348c64a3011ae5cc2c9f0936af989e1f28339805d8bc178a75b451 languageName: node linkType: hard @@ -10397,15 +10213,6 @@ __metadata: languageName: node linkType: hard -"fragment-cache@npm:^0.2.1": - version: 0.2.1 - resolution: "fragment-cache@npm:0.2.1" - dependencies: - map-cache: ^0.2.2 - checksum: 1cbbd0b0116b67d5790175de0038a11df23c1cd2e8dcdbade58ebba5594c2d641dade6b4f126d82a7b4a6ffc2ea12e3d387dbb64ea2ae97cf02847d436f60fdc - languageName: node - linkType: hard - "fresh@npm:0.5.2": version: 0.5.2 resolution: "fresh@npm:0.5.2" @@ -10471,7 +10278,7 @@ __metadata: languageName: node linkType: hard -"fs-extra@npm:^4.0.2, fs-extra@npm:^4.0.3": +"fs-extra@npm:^4.0.2": version: 4.0.3 resolution: "fs-extra@npm:4.0.3" dependencies: @@ -10715,7 +10522,7 @@ __metadata: languageName: node linkType: hard -"get-intrinsic@npm:^1.1.3, get-intrinsic@npm:^1.2.1, get-intrinsic@npm:^1.2.3, get-intrinsic@npm:^1.2.4": +"get-intrinsic@npm:^1.2.1, get-intrinsic@npm:^1.2.3, get-intrinsic@npm:^1.2.4": version: 1.2.4 resolution: "get-intrinsic@npm:1.2.4" dependencies: @@ -10800,18 +10607,11 @@ __metadata: linkType: hard "get-tsconfig@npm:^4.7.0": - version: 4.7.6 - resolution: "get-tsconfig@npm:4.7.6" + version: 4.8.1 + resolution: "get-tsconfig@npm:4.8.1" dependencies: resolve-pkg-maps: ^1.0.0 - checksum: ebfd86f0b356cde98e2a7afe63b58d92e02b8e413ff95551933d277702bf725386ee82c5c0092fe45fb2ba60002340c94ee70777b3220bbfeca83ab45dda1544 - languageName: node - linkType: hard - -"get-value@npm:^2.0.3, get-value@npm:^2.0.6": - version: 2.0.6 - resolution: "get-value@npm:2.0.6" - checksum: 5c3b99cb5398ea8016bf46ff17afc5d1d286874d2ad38ca5edb6e87d75c0965b0094cb9a9dddef2c59c23d250702323539a7fbdd870620db38c7e7d7ec87c1eb + checksum: 12df01672e691d2ff6db8cf7fed1ddfef90ed94a5f3d822c63c147a26742026d582acd86afcd6f65db67d809625d17dd7f9d34f4d3f38f69bc2f48e19b2bdd5b languageName: node linkType: hard @@ -10989,7 +10789,7 @@ __metadata: languageName: node linkType: hard -"globalthis@npm:^1.0.3": +"globalthis@npm:^1.0.4": version: 1.0.4 resolution: "globalthis@npm:1.0.4" dependencies: @@ -11064,16 +10864,16 @@ __metadata: languageName: node linkType: hard -"gopd@npm:^1.0.1": - version: 1.0.1 - resolution: "gopd@npm:1.0.1" +"gopd@npm:^1.0.1, gopd@npm:^1.1.0": + version: 1.1.0 + resolution: "gopd@npm:1.1.0" dependencies: - get-intrinsic: ^1.1.3 - checksum: a5ccfb8806e0917a94e0b3de2af2ea4979c1da920bc381667c260e00e7cafdbe844e2cb9c5bcfef4e5412e8bf73bab837285bc35c7ba73aaaf0134d4583393a6 + get-intrinsic: ^1.2.4 + checksum: ed09ffe54ef841e9de35a56f9d249495c1149dc611f05a242c476cc538f13b2228ac1ee3970f9bfca2cadd6f9785efe854419eeef6050e7de3f02fbee9292ad4 languageName: node linkType: hard -"graceful-fs@npm:^4.1.2, graceful-fs@npm:^4.1.6, graceful-fs@npm:^4.1.9, graceful-fs@npm:^4.2.0, graceful-fs@npm:^4.2.4, graceful-fs@npm:^4.2.6, graceful-fs@npm:^4.2.9": +"graceful-fs@npm:^4.1.2, graceful-fs@npm:^4.1.6, graceful-fs@npm:^4.1.9, graceful-fs@npm:^4.2.0, graceful-fs@npm:^4.2.11, graceful-fs@npm:^4.2.4, graceful-fs@npm:^4.2.6": version: 4.2.11 resolution: "graceful-fs@npm:4.2.11" checksum: ac85f94da92d8eb6b7f5a8b20ce65e43d66761c55ce85ac96df6865308390da45a8d3f0296dd3a663de65d30ba497bd46c696cc1e248c72b13d6d567138a4fc7 @@ -11162,7 +10962,7 @@ __metadata: languageName: node linkType: hard -"has-bigints@npm:^1.0.1, has-bigints@npm:^1.0.2": +"has-bigints@npm:^1.0.2": version: 1.0.2 resolution: "has-bigints@npm:1.0.2" checksum: 390e31e7be7e5c6fe68b81babb73dfc35d413604d7ee5f56da101417027a4b4ce6a27e46eff97ad040c835b5d228676eae99a9b5c3bc0e23c8e81a49241ff45b @@ -11200,16 +11000,18 @@ __metadata: linkType: hard "has-proto@npm:^1.0.1, has-proto@npm:^1.0.3": - version: 1.0.3 - resolution: "has-proto@npm:1.0.3" - checksum: fe7c3d50b33f50f3933a04413ed1f69441d21d2d2944f81036276d30635cad9279f6b43bc8f32036c31ebdfcf6e731150f46c1907ad90c669ffe9b066c3ba5c4 + version: 1.1.0 + resolution: "has-proto@npm:1.1.0" + dependencies: + call-bind: ^1.0.7 + checksum: 0335b8acd01a0de9bb6f7f89c4ef4f1512b48cec25f1c23e847a68d65afb8c579f168907e79969b01dc7025d707b48c71d481bca140579a40d735b071b2cc1bc languageName: node linkType: hard -"has-symbols@npm:^1.0.1, has-symbols@npm:^1.0.2, has-symbols@npm:^1.0.3": - version: 1.0.3 - resolution: "has-symbols@npm:1.0.3" - checksum: a054c40c631c0d5741a8285010a0777ea0c068f99ed43e5d6eb12972da223f8af553a455132fdb0801bdcfa0e0f443c0c03a68d8555aa529b3144b446c3f2410 +"has-symbols@npm:^1.0.1, has-symbols@npm:^1.0.3": + version: 1.1.0 + resolution: "has-symbols@npm:1.1.0" + checksum: b2316c7302a0e8ba3aaba215f834e96c22c86f192e7310bdf689dd0e6999510c89b00fbc5742571507cebf25764d68c988b3a0da217369a73596191ac0ce694b languageName: node linkType: hard @@ -11229,45 +11031,6 @@ __metadata: languageName: node linkType: hard -"has-value@npm:^0.3.1": - version: 0.3.1 - resolution: "has-value@npm:0.3.1" - dependencies: - get-value: ^2.0.3 - has-values: ^0.1.4 - isobject: ^2.0.0 - checksum: 29e2a1e6571dad83451b769c7ce032fce6009f65bccace07c2962d3ad4d5530b6743d8f3229e4ecf3ea8e905d23a752c5f7089100c1f3162039fa6dc3976558f - languageName: node - linkType: hard - -"has-value@npm:^1.0.0": - version: 1.0.0 - resolution: "has-value@npm:1.0.0" - dependencies: - get-value: ^2.0.6 - has-values: ^1.0.0 - isobject: ^3.0.0 - checksum: b9421d354e44f03d3272ac39fd49f804f19bc1e4fa3ceef7745df43d6b402053f828445c03226b21d7d934a21ac9cf4bc569396dc312f496ddff873197bbd847 - languageName: node - linkType: hard - -"has-values@npm:^0.1.4": - version: 0.1.4 - resolution: "has-values@npm:0.1.4" - checksum: ab1c4bcaf811ccd1856c11cfe90e62fca9e2b026ebe474233a3d282d8d67e3b59ed85b622c7673bac3db198cb98bd1da2b39300a2f98e453729b115350af49bc - languageName: node - linkType: hard - -"has-values@npm:^1.0.0": - version: 1.0.0 - resolution: "has-values@npm:1.0.0" - dependencies: - is-number: ^3.0.0 - kind-of: ^4.0.0 - checksum: 77e6693f732b5e4cf6c38dfe85fdcefad0fab011af74995c3e83863fabf5e3a836f406d83565816baa0bc0a523c9410db8b990fe977074d61aeb6d8f4fcffa11 - languageName: node - linkType: hard - "hash-for-dep@npm:^1.0.2, hash-for-dep@npm:^1.4.7, hash-for-dep@npm:^1.5.0, hash-for-dep@npm:^1.5.1": version: 1.5.1 resolution: "hash-for-dep@npm:1.5.1" @@ -11397,11 +11160,11 @@ __metadata: linkType: hard "hosted-git-info@npm:^6.0.0": - version: 6.1.1 - resolution: "hosted-git-info@npm:6.1.1" + version: 6.1.3 + resolution: "hosted-git-info@npm:6.1.3" dependencies: lru-cache: ^7.5.1 - checksum: fcd3ca2eaa05f3201425ccbb8aa47f88cdda4a3a6d79453f8e269f7171356278bd1db08f059d8439eb5eaa91c6a8a20800fc49cca6e9e4e899b202a332d5ba6b + checksum: 7a0fc89c98afd07a2a566139fd18136e6a23002a5af3fdf7e36ad2f5fda31e8c5f2e1814fd9daaf385ae5c1f20e34841b4b2b2b63ab10c98c92992c571c3b993 languageName: node linkType: hard @@ -11431,15 +11194,15 @@ __metadata: languageName: node linkType: hard -"htmlparser2@npm:^8.0.1": - version: 8.0.2 - resolution: "htmlparser2@npm:8.0.2" +"htmlparser2@npm:^9.1.0": + version: 9.1.0 + resolution: "htmlparser2@npm:9.1.0" dependencies: domelementtype: ^2.3.0 domhandler: ^5.0.3 - domutils: ^3.0.1 - entities: ^4.4.0 - checksum: 29167a0f9282f181da8a6d0311b76820c8a59bc9e3c87009e21968264c2987d2723d6fde5a964d4b7b6cba663fca96ffb373c06d8223a85f52a6089ced942700 + domutils: ^3.1.0 + entities: ^4.5.0 + checksum: e5f8d5193967e4a500226f37bdf2c0f858cecb39dde14d0439f24bf2c461a4342778740d988fbaba652b0e4cb6052f7f2e99e69fc1a329a86c629032bb76e7c8 languageName: node linkType: hard @@ -11550,7 +11313,7 @@ __metadata: languageName: node linkType: hard -"iconv-lite@npm:^0.6.2": +"iconv-lite@npm:0.6.3, iconv-lite@npm:^0.6.2, iconv-lite@npm:^0.6.3": version: 0.6.3 resolution: "iconv-lite@npm:0.6.3" dependencies: @@ -11576,16 +11339,16 @@ __metadata: linkType: hard "ignore@npm:^5.1.1, ignore@npm:^5.2.0, ignore@npm:^5.2.4": - version: 5.3.1 - resolution: "ignore@npm:5.3.1" - checksum: 71d7bb4c1dbe020f915fd881108cbe85a0db3d636a0ea3ba911393c53946711d13a9b1143c7e70db06d571a5822c0a324a6bcde5c9904e7ca5047f01f1bf8cd3 + version: 5.3.2 + resolution: "ignore@npm:5.3.2" + checksum: 2acfd32a573260ea522ea0bfeff880af426d68f6831f973129e2ba7363f422923cf53aab62f8369cbf4667c7b25b6f8a3761b34ecdb284ea18e87a5262a865be languageName: node linkType: hard -"immutable@npm:^4.0.0": - version: 4.3.7 - resolution: "immutable@npm:4.3.7" - checksum: 1c50eb053bb300796551604afff554066f041aa8e15926cf98f6d11d9736b62ad12531c06515dd96375258653878b4736f8051cd20b640f5f976d09fa640e3ec +"immutable@npm:^5.0.2": + version: 5.0.3 + resolution: "immutable@npm:5.0.3" + checksum: b2fcfc75aff29634babfcf6afb102111d7bc3858bfc55c17c5ad5eedf11085fe8b72d59fac883c6cfe9b2ec6e72cc184dec88782d5375ab17dc4eb25e3a665ed languageName: node linkType: hard @@ -11737,8 +11500,8 @@ __metadata: linkType: hard "inquirer@npm:^9.1.5": - version: 9.3.6 - resolution: "inquirer@npm:9.3.6" + version: 9.3.7 + resolution: "inquirer@npm:9.3.7" dependencies: "@inquirer/figures": ^1.0.3 ansi-escapes: ^4.3.2 @@ -11752,7 +11515,7 @@ __metadata: strip-ansi: ^6.0.1 wrap-ansi: ^6.2.0 yoctocolors-cjs: ^2.1.2 - checksum: f1fd086585e301ec17ce016355e9eb6eb87329c6de578cde35b10d5e4b57443b9f8f1f304d3ab570e5dad2cbc55851c476480296e15793f76836c0c33cf2e713 + checksum: 4d6e2f51b80051a6b9cc583ed5143e0a2c5e51938ffc0e91bbf8038216090566990f36ccb7856038390891fa69ea8d43ec389c70dcd097b67d351dc365dfc345 languageName: node linkType: hard @@ -11798,15 +11561,6 @@ __metadata: languageName: node linkType: hard -"is-accessor-descriptor@npm:^1.0.1": - version: 1.0.1 - resolution: "is-accessor-descriptor@npm:1.0.1" - dependencies: - hasown: ^2.0.0 - checksum: 8db44c02230a5e9b9dec390a343178791f073d5d5556a400527d2fd67a72d93b226abab2bd4123305c268f5dc22831bfdbd38430441fda82ea9e0b95ddc6b267 - languageName: node - linkType: hard - "is-alphabetical@npm:^1.0.0": version: 1.0.4 resolution: "is-alphabetical@npm:1.0.4" @@ -11841,12 +11595,21 @@ __metadata: languageName: node linkType: hard -"is-bigint@npm:^1.0.1": - version: 1.0.4 - resolution: "is-bigint@npm:1.0.4" +"is-async-function@npm:^2.0.0": + version: 2.0.0 + resolution: "is-async-function@npm:2.0.0" + dependencies: + has-tostringtag: ^1.0.0 + checksum: e3471d95e6c014bf37cad8a93f2f4b6aac962178e0a5041e8903147166964fdc1c5c1d2ef87e86d77322c370ca18f2ea004fa7420581fa747bcaf7c223069dbd + languageName: node + linkType: hard + +"is-bigint@npm:^1.1.0": + version: 1.1.0 + resolution: "is-bigint@npm:1.1.0" dependencies: - has-bigints: ^1.0.1 - checksum: c56edfe09b1154f8668e53ebe8252b6f185ee852a50f9b41e8d921cb2bed425652049fbe438723f6cb48a63ca1aa051e948e7e401e093477c99c84eba244f666 + has-bigints: ^1.0.2 + checksum: ee1544f0e664f253306786ed1dce494b8cf242ef415d6375d8545b4d8816b0f054bd9f948a8988ae2c6325d1c28260dd02978236b2f7b8fb70dfc4838a6c9fa7 languageName: node linkType: hard @@ -11859,13 +11622,13 @@ __metadata: languageName: node linkType: hard -"is-boolean-object@npm:^1.1.0": - version: 1.1.2 - resolution: "is-boolean-object@npm:1.1.2" +"is-boolean-object@npm:^1.2.0": + version: 1.2.0 + resolution: "is-boolean-object@npm:1.2.0" dependencies: - call-bind: ^1.0.2 - has-tostringtag: ^1.0.0 - checksum: c03b23dbaacadc18940defb12c1c0e3aaece7553ef58b162a0f6bba0c2a7e1551b59f365b91e00d2dbac0522392d576ef322628cb1d036a0fe51eb466db67222 + call-bind: ^1.0.7 + has-tostringtag: ^1.0.2 + checksum: cebc780cc3881dfb0c6c933e308f6a8eccf07ef92a7ea533fb2ee4fb7d704473b476f0b345fea4f2f45fe70937ef568a2f450eb6000d08b99350d87280927ff8 languageName: node linkType: hard @@ -11885,7 +11648,7 @@ __metadata: languageName: node linkType: hard -"is-callable@npm:^1.1.3, is-callable@npm:^1.1.4, is-callable@npm:^1.2.7": +"is-callable@npm:^1.1.3, is-callable@npm:^1.2.7": version: 1.2.7 resolution: "is-callable@npm:1.2.7" checksum: 61fd57d03b0d984e2ed3720fb1c7a897827ea174bd44402878e059542ea8c4aeedee0ea0985998aa5cc2736b2fa6e271c08587addb5b3959ac52cf665173d1ac @@ -11893,20 +11656,11 @@ __metadata: linkType: hard "is-core-module@npm:^2.12.1, is-core-module@npm:^2.13.0, is-core-module@npm:^2.5.0": - version: 2.15.0 - resolution: "is-core-module@npm:2.15.0" + version: 2.15.1 + resolution: "is-core-module@npm:2.15.1" dependencies: hasown: ^2.0.2 - checksum: a9f7a52707c9b59d7164094d183bda892514fc3ba3139f245219c7abe7f6e8d3e2cdcf861f52a891a467f785f1dfa5d549f73b0ee715f4ba56e8882d335ea585 - languageName: node - linkType: hard - -"is-data-descriptor@npm:^1.0.1": - version: 1.0.1 - resolution: "is-data-descriptor@npm:1.0.1" - dependencies: - hasown: ^2.0.0 - checksum: fc6da5be5177149d554c5612cc382e9549418ed72f2d3ed5a3e6511b03dd119ae1b2258320ca94931df50b7e9ee012894eccd4ca45bbcadf0d5b27da6faeb15a + checksum: df134c168115690724b62018c37b2f5bba0d5745fa16960b329c5a00883a8bea6a5632fdb1e3efcce237c201826ba09f93197b7cd95577ea56b0df335be23633 languageName: node linkType: hard @@ -11919,7 +11673,7 @@ __metadata: languageName: node linkType: hard -"is-date-object@npm:^1.0.1": +"is-date-object@npm:^1.0.5": version: 1.0.5 resolution: "is-date-object@npm:1.0.5" dependencies: @@ -11935,26 +11689,6 @@ __metadata: languageName: node linkType: hard -"is-descriptor@npm:^0.1.0": - version: 0.1.7 - resolution: "is-descriptor@npm:0.1.7" - dependencies: - is-accessor-descriptor: ^1.0.1 - is-data-descriptor: ^1.0.1 - checksum: 45743109f0bb03f9fa989c34d31ece87cc15792649f147b896a7c4db2906a02fca685867619f4d312e024d7bbd53b945a47c6830d01f5e73efcc6388ac211963 - languageName: node - linkType: hard - -"is-descriptor@npm:^1.0.0, is-descriptor@npm:^1.0.2": - version: 1.0.3 - resolution: "is-descriptor@npm:1.0.3" - dependencies: - is-accessor-descriptor: ^1.0.1 - is-data-descriptor: ^1.0.1 - checksum: 316153b2fd86ac23b0a2f28b77744ae0a4e3c7a54fe52fa70b125d0971eb0a3bcfb562fa8e74537af0dad5bc405cc606726eb501fc748a241c10910deea89cfb - languageName: node - linkType: hard - "is-docker@npm:^2.0.0": version: 2.2.1 resolution: "is-docker@npm:2.2.1" @@ -11964,22 +11698,6 @@ __metadata: languageName: node linkType: hard -"is-extendable@npm:^0.1.0, is-extendable@npm:^0.1.1": - version: 0.1.1 - resolution: "is-extendable@npm:0.1.1" - checksum: 3875571d20a7563772ecc7a5f36cb03167e9be31ad259041b4a8f73f33f885441f778cee1f1fe0085eb4bc71679b9d8c923690003a36a6a5fdf8023e6e3f0672 - languageName: node - linkType: hard - -"is-extendable@npm:^1.0.1": - version: 1.0.1 - resolution: "is-extendable@npm:1.0.1" - dependencies: - is-plain-object: ^2.0.4 - checksum: db07bc1e9de6170de70eff7001943691f05b9d1547730b11be01c0ebfe67362912ba743cf4be6fd20a5e03b4180c685dad80b7c509fe717037e3eee30ad8e84f - languageName: node - linkType: hard - "is-extglob@npm:^2.1.0, is-extglob@npm:^2.1.1": version: 2.1.1 resolution: "is-extglob@npm:2.1.1" @@ -11987,6 +11705,15 @@ __metadata: languageName: node linkType: hard +"is-finalizationregistry@npm:^1.1.0": + version: 1.1.0 + resolution: "is-finalizationregistry@npm:1.1.0" + dependencies: + call-bind: ^1.0.7 + checksum: 480818ab86e112a00444410a2fd551a5363bca0c39c7bc66e29df665b1e47c803ba107227c1db86d67264a3f020779fab257061463ce02b01b6abbe5966e33b8 + languageName: node + linkType: hard + "is-fullwidth-code-point@npm:^2.0.0": version: 2.0.0 resolution: "is-fullwidth-code-point@npm:2.0.0" @@ -12001,6 +11728,15 @@ __metadata: languageName: node linkType: hard +"is-generator-function@npm:^1.0.10": + version: 1.0.10 + resolution: "is-generator-function@npm:1.0.10" + dependencies: + has-tostringtag: ^1.0.0 + checksum: d54644e7dbaccef15ceb1e5d91d680eb5068c9ee9f9eb0a9e04173eb5542c9b51b5ab52c5537f5703e48d5fddfd376817c1ca07a84a407b7115b769d4bdde72b + languageName: node + linkType: hard + "is-git-url@npm:^1.0.0": version: 1.0.0 resolution: "is-git-url@npm:1.0.0" @@ -12056,28 +11792,27 @@ __metadata: languageName: node linkType: hard -"is-negative-zero@npm:^2.0.3": +"is-map@npm:^2.0.3": version: 2.0.3 - resolution: "is-negative-zero@npm:2.0.3" - checksum: c1e6b23d2070c0539d7b36022d5a94407132411d01aba39ec549af824231f3804b1aea90b5e4e58e807a65d23ceb538ed6e355ce76b267bdd86edb757ffcbdcd + resolution: "is-map@npm:2.0.3" + checksum: e6ce5f6380f32b141b3153e6ba9074892bbbbd655e92e7ba5ff195239777e767a976dcd4e22f864accaf30e53ebf961ab1995424aef91af68788f0591b7396cc languageName: node linkType: hard -"is-number-object@npm:^1.0.4": - version: 1.0.7 - resolution: "is-number-object@npm:1.0.7" - dependencies: - has-tostringtag: ^1.0.0 - checksum: d1e8d01bb0a7134c74649c4e62da0c6118a0bfc6771ea3c560914d52a627873e6920dd0fd0ebc0e12ad2ff4687eac4c308f7e80320b973b2c8a2c8f97a7524f7 +"is-negative-zero@npm:^2.0.3": + version: 2.0.3 + resolution: "is-negative-zero@npm:2.0.3" + checksum: c1e6b23d2070c0539d7b36022d5a94407132411d01aba39ec549af824231f3804b1aea90b5e4e58e807a65d23ceb538ed6e355ce76b267bdd86edb757ffcbdcd languageName: node linkType: hard -"is-number@npm:^3.0.0": - version: 3.0.0 - resolution: "is-number@npm:3.0.0" +"is-number-object@npm:^1.1.0": + version: 1.1.0 + resolution: "is-number-object@npm:1.1.0" dependencies: - kind-of: ^3.0.2 - checksum: 0c62bf8e9d72c4dd203a74d8cfc751c746e75513380fef420cda8237e619a988ee43e678ddb23c87ac24d91ac0fe9f22e4ffb1301a50310c697e9d73ca3994e9 + call-bind: ^1.0.7 + has-tostringtag: ^1.0.2 + checksum: 965f91493e5c02a44bb9c5d8dd4ae40da20bd9bd1cff9cd92e2f2e66a486935a0a01f8a4744eab033c450888f01a4ec3226e1c75bbcff973ce12d06ed79eb17b languageName: node linkType: hard @@ -12123,15 +11858,6 @@ __metadata: languageName: node linkType: hard -"is-plain-object@npm:^2.0.3, is-plain-object@npm:^2.0.4": - version: 2.0.4 - resolution: "is-plain-object@npm:2.0.4" - dependencies: - isobject: ^3.0.1 - checksum: 2a401140cfd86cabe25214956ae2cfee6fbd8186809555cd0e84574f88de7b17abacb2e477a6a658fa54c6083ecbda1e6ae404c7720244cd198903848fca70ca - languageName: node - linkType: hard - "is-plain-object@npm:^5.0.0": version: 5.0.0 resolution: "is-plain-object@npm:5.0.0" @@ -12140,12 +11866,14 @@ __metadata: linkType: hard "is-regex@npm:^1.1.4": - version: 1.1.4 - resolution: "is-regex@npm:1.1.4" + version: 1.2.0 + resolution: "is-regex@npm:1.2.0" dependencies: - call-bind: ^1.0.2 - has-tostringtag: ^1.0.0 - checksum: 362399b33535bc8f386d96c45c9feb04cf7f8b41c182f54174c1a45c9abbbe5e31290bbad09a458583ff6bf3b2048672cdb1881b13289569a7c548370856a652 + call-bind: ^1.0.7 + gopd: ^1.1.0 + has-tostringtag: ^1.0.2 + hasown: ^2.0.2 + checksum: dd2693d71866850d1276815204a2629d28dc1d24bd56b734e57a39f56b777cd87030d57552e7093d91a2ac331d99af9dba49a0a641fa4e4435d40e944d4dde12 languageName: node linkType: hard @@ -12156,6 +11884,13 @@ __metadata: languageName: node linkType: hard +"is-set@npm:^2.0.3": + version: 2.0.3 + resolution: "is-set@npm:2.0.3" + checksum: 36e3f8c44bdbe9496c9689762cc4110f6a6a12b767c5d74c0398176aa2678d4467e3bf07595556f2dba897751bde1422480212b97d973c7b08a343100b0c0dfe + languageName: node + linkType: hard + "is-shared-array-buffer@npm:^1.0.2, is-shared-array-buffer@npm:^1.0.3": version: 1.0.3 resolution: "is-shared-array-buffer@npm:1.0.3" @@ -12186,21 +11921,33 @@ __metadata: languageName: node linkType: hard -"is-string@npm:^1.0.5, is-string@npm:^1.0.7": - version: 1.0.7 - resolution: "is-string@npm:1.0.7" +"is-string@npm:^1.0.7, is-string@npm:^1.1.0": + version: 1.1.0 + resolution: "is-string@npm:1.1.0" dependencies: - has-tostringtag: ^1.0.0 - checksum: 323b3d04622f78d45077cf89aab783b2f49d24dc641aa89b5ad1a72114cfeff2585efc8c12ef42466dff32bde93d839ad321b26884cf75e5a7892a938b089989 + call-bind: ^1.0.7 + has-tostringtag: ^1.0.2 + checksum: 1e330e9fe0984cdf37371f704f9babf9b56d50b1e9d2e6c19b8b78443be3e9771c33309b4aadde9ba2a8870769374538681e01f54113a335dd393c80a72e7d11 languageName: node linkType: hard -"is-symbol@npm:^1.0.2, is-symbol@npm:^1.0.3": - version: 1.0.4 - resolution: "is-symbol@npm:1.0.4" +"is-subdir@npm:^1.2.0": + version: 1.2.0 + resolution: "is-subdir@npm:1.2.0" + dependencies: + better-path-resolve: 1.0.0 + checksum: 31029a383972bff4cc4f1bd1463fd04dde017e0a04ae3a6f6e08124a90c6c4656312d593101b0f38805fa3f3c8f6bc4583524bbf72c50784fa5ca0d3e5a76279 + languageName: node + linkType: hard + +"is-symbol@npm:^1.0.4, is-symbol@npm:^1.1.0": + version: 1.1.0 + resolution: "is-symbol@npm:1.1.0" dependencies: - has-symbols: ^1.0.2 - checksum: 92805812ef590738d9de49d677cd17dfd486794773fb6fa0032d16452af46e9b91bb43ffe82c983570f015b37136f4b53b28b8523bfb10b0ece7a66c31a54510 + call-bind: ^1.0.7 + has-symbols: ^1.0.3 + safe-regex-test: ^1.0.3 + checksum: 3623c934c8e61ddd6ef0927a17eb3da3cb9a9894f2fb8a96d447887d085d43e5d8bb59a8f97e46b54a919fc3f8845df29686672ad693d028570627bc661bcb6c languageName: node linkType: hard @@ -12236,6 +11983,13 @@ __metadata: languageName: node linkType: hard +"is-weakmap@npm:^2.0.2": + version: 2.0.2 + resolution: "is-weakmap@npm:2.0.2" + checksum: f36aef758b46990e0d3c37269619c0a08c5b29428c0bb11ecba7f75203442d6c7801239c2f31314bc79199217ef08263787f3837d9e22610ad1da62970d6616d + languageName: node + linkType: hard + "is-weakref@npm:^1.0.2": version: 1.0.2 resolution: "is-weakref@npm:1.0.2" @@ -12245,7 +11999,17 @@ __metadata: languageName: node linkType: hard -"is-windows@npm:^1.0.1, is-windows@npm:^1.0.2": +"is-weakset@npm:^2.0.3": + version: 2.0.3 + resolution: "is-weakset@npm:2.0.3" + dependencies: + call-bind: ^1.0.7 + get-intrinsic: ^1.2.4 + checksum: 8b6a20ee9f844613ff8f10962cfee49d981d584525f2357fee0a04dfbcde9fd607ed60cb6dab626dbcc470018ae6392e1ff74c0c1aced2d487271411ad9d85ae + languageName: node + linkType: hard + +"is-windows@npm:^1.0.0, is-windows@npm:^1.0.1": version: 1.0.2 resolution: "is-windows@npm:1.0.2" checksum: 438b7e52656fe3b9b293b180defb4e448088e7023a523ec21a91a80b9ff8cdb3377ddb5b6e60f7c7de4fa8b63ab56e121b6705fe081b3cf1b828b0a380009ad7 @@ -12283,9 +12047,9 @@ __metadata: linkType: hard "isbinaryfile@npm:^5.0.0": - version: 5.0.2 - resolution: "isbinaryfile@npm:5.0.2" - checksum: 5e3e9d31b016eefb7e93bd0ab7d088489882eeb9018bf71303f2ce5d9ad02dbb127663d065ce2519913c3c9135a99002e989d6b1786a0fcc0b3c3d2defb1f7d0 + version: 5.0.4 + resolution: "isbinaryfile@npm:5.0.4" + checksum: d88982a889369d83a5937b4b4d2288ed3b3dbbcee8fc74db40058f3c089a2c7beb9e5305b7177e82d87ff38fb62be8d60960f7a2d669ca08240ef31c1435b884 languageName: node linkType: hard @@ -12312,13 +12076,6 @@ __metadata: languageName: node linkType: hard -"isobject@npm:^3.0.0, isobject@npm:^3.0.1": - version: 3.0.1 - resolution: "isobject@npm:3.0.1" - checksum: db85c4c970ce30693676487cca0e61da2ca34e8d4967c2e1309143ff910c207133a969f9e4ddb2dc6aba670aabce4e0e307146c310350b298e74a31f7d464703 - languageName: node - linkType: hard - "istextorbinary@npm:2.1.0": version: 2.1.0 resolution: "istextorbinary@npm:2.1.0" @@ -12425,19 +12182,20 @@ __metadata: languageName: node linkType: hard -"jsdoc-api@npm:^8.1.0": - version: 8.1.0 - resolution: "jsdoc-api@npm:8.1.0" +"jsdoc-api@npm:^8.1.1": + version: 8.1.1 + resolution: "jsdoc-api@npm:8.1.1" dependencies: array-back: ^6.2.2 cache-point: ^2.0.0 collect-all: ^1.0.4 + file-set: ^4.0.2 fs-then-native: ^2.0.0 jsdoc: ^4.0.3 object-to-spawn-args: ^2.0.1 temp-path: ^1.0.0 walk-back: ^5.1.0 - checksum: 1c87990b12899e9f491cc66a0a02579b0d9864e17b63e94b1d2590658e4f58a09c7a7017c461cc9692b97a1345e4c700b3fade6b8ca7aab2084b94412e164b57 + checksum: 862aff98c438a2ead5693425eabb15262b5af5ddb0b162600491739746193b41e941b48a5dc7577652667fa977354e47471f20c466f5e86e729fcb0fb15d376d languageName: node linkType: hard @@ -12454,15 +12212,14 @@ __metadata: linkType: hard "jsdoc-parse@npm:^6.2.1": - version: 6.2.1 - resolution: "jsdoc-parse@npm:6.2.1" + version: 6.2.4 + resolution: "jsdoc-parse@npm:6.2.4" dependencies: array-back: ^6.2.2 + find-replace: ^5.0.1 lodash.omit: ^4.5.0 - reduce-extract: ^1.0.0 - sort-array: ^4.1.5 - test-value: ^3.0.0 - checksum: 44470e5b84f4a7601a99128ac01b0c3c596db91770592a7385d92b422f97b609fd0e2e9b025e8bb22ebca297cf8f217d9a6d6bf9ed8394e299a41ba0e507afa6 + sort-array: ^5.0.0 + checksum: ddc45c25468eff1ffe47a8295d8195f55007c254bc6a4a74de33aad21ec6e72bcd5a4c6f40f8f9d991005b6f55a82179d008694a70b4edceb31473cc5247b867 languageName: node linkType: hard @@ -12474,25 +12231,25 @@ __metadata: linkType: hard "jsdoc-to-markdown@npm:^8.0.1": - version: 8.0.2 - resolution: "jsdoc-to-markdown@npm:8.0.2" + version: 8.0.3 + resolution: "jsdoc-to-markdown@npm:8.0.3" dependencies: array-back: ^6.2.2 command-line-tool: ^0.8.0 config-master: ^3.1.0 - dmd: ^6.2.1 - jsdoc-api: ^8.1.0 + dmd: ^6.2.3 + jsdoc-api: ^8.1.1 jsdoc-parse: ^6.2.1 walk-back: ^5.1.0 bin: jsdoc2md: bin/cli.js - checksum: 92e110fcfb48807182cd2ce7d19c7523549b332970bdcff13feb10d2d72d45f062f3e178e02c22c2628dbde79783ed7e41a77671eeaa84cd5942d4f6abf8f3bb + checksum: df3e130b69a53878f514df0a25f0a6f1871817d8024e2f3721aac0ff551b8fb5d08621d78dafcaf2e303a539758cced33222597fe32d688e5f0361ce903c640f languageName: node linkType: hard "jsdoc@npm:^4.0.3": - version: 4.0.3 - resolution: "jsdoc@npm:4.0.3" + version: 4.0.4 + resolution: "jsdoc@npm:4.0.4" dependencies: "@babel/parser": ^7.20.15 "@jsdoc/salty": ^0.2.1 @@ -12511,25 +12268,16 @@ __metadata: underscore: ~1.13.2 bin: jsdoc: ./jsdoc.js - checksum: 92b3c1e1c79759d5deb89d4f1d47e11e54f85e0b8c5d972b2415471659c01f50909cbf31cd0666f436e3522a20888bfeb81ba906ed1c2fd6c29d6026702c8018 - languageName: node - linkType: hard - -"jsesc@npm:^2.5.1": - version: 2.5.2 - resolution: "jsesc@npm:2.5.2" - bin: - jsesc: bin/jsesc - checksum: 4dc190771129e12023f729ce20e1e0bfceac84d73a85bc3119f7f938843fe25a4aeccb54b6494dce26fcf263d815f5f31acdefac7cc9329efb8422a4f4d9fa9d + checksum: f4372a15a262ffd5abfe71315bbf9ad0fd3dd633ca04298702c0b0d3bacd615a35e9f11877bd7aa4e1bb04adb731a55fb15c3e14e69a8e740e86c45548ad39b6 languageName: node linkType: hard -"jsesc@npm:~0.5.0": - version: 0.5.0 - resolution: "jsesc@npm:0.5.0" +"jsesc@npm:^3.0.2, jsesc@npm:~3.0.2": + version: 3.0.2 + resolution: "jsesc@npm:3.0.2" bin: jsesc: bin/jsesc - checksum: b8b44cbfc92f198ad972fba706ee6a1dfa7485321ee8c0b25f5cedd538dcb20cde3197de16a7265430fce8277a12db066219369e3d51055038946039f6e20e17 + checksum: a36d3ca40574a974d9c2063bf68c2b6141c20da8f2a36bd3279fc802563f35f0527a6c828801295bdfb2803952cf2cf387786c2c90ed564f88d5782475abfe3c languageName: node linkType: hard @@ -12852,7 +12600,7 @@ __metadata: languageName: node linkType: hard -"loader-utils@npm:^2.0.0": +"loader-utils@npm:^2.0.0, loader-utils@npm:^2.0.4": version: 2.0.4 resolution: "loader-utils@npm:2.0.4" dependencies: @@ -12941,13 +12689,6 @@ __metadata: languageName: node linkType: hard -"lodash.assignin@npm:^4.1.0": - version: 4.2.0 - resolution: "lodash.assignin@npm:4.2.0" - checksum: 4b55bc1d65ccd7648fdba8a4316d10546929bf0beb5950830d86c559948cf170f0e65b77c95e66b45b511b85a31161714de8b2008d2537627ef3c7759afe36a6 - languageName: node - linkType: hard - "lodash.camelcase@npm:^4.1.1, lodash.camelcase@npm:^4.3.0": version: 4.3.0 resolution: "lodash.camelcase@npm:4.3.0" @@ -12955,20 +12696,6 @@ __metadata: languageName: node linkType: hard -"lodash.castarray@npm:^4.4.0": - version: 4.4.0 - resolution: "lodash.castarray@npm:4.4.0" - checksum: fca8c7047e0ae2738b0b2503fb00157ae0ff6d8a1b716f87ed715b22560e09de438c75b65e01a7e44ceb41c5b31dce2eb576e46db04beb9c699c498e03cbd00f - languageName: node - linkType: hard - -"lodash.clonedeep@npm:^4.4.1": - version: 4.5.0 - resolution: "lodash.clonedeep@npm:4.5.0" - checksum: 92c46f094b064e876a23c97f57f81fbffd5d760bf2d8a1c61d85db6d1e488c66b0384c943abee4f6af7debf5ad4e4282e74ff83177c9e63d8ff081a4837c3489 - languageName: node - linkType: hard - "lodash.debounce@npm:^3.1.1": version: 3.1.1 resolution: "lodash.debounce@npm:3.1.1" @@ -12992,13 +12719,6 @@ __metadata: languageName: node linkType: hard -"lodash.find@npm:^4.5.1": - version: 4.6.0 - resolution: "lodash.find@npm:4.6.0" - checksum: b737f849a4fe36f5c3664ea636780dda2fde18335021faf80cdfdcb300ed75441da6f55cfd6de119092d8bb2ddbc4433f4a8de4b99c0b9c8640465b0901c717c - languageName: node - linkType: hard - "lodash.flatten@npm:^3.0.2": version: 3.0.2 resolution: "lodash.flatten@npm:3.0.2" @@ -13086,13 +12806,6 @@ __metadata: languageName: node linkType: hard -"lodash.uniqby@npm:^4.7.0": - version: 4.7.0 - resolution: "lodash.uniqby@npm:4.7.0" - checksum: 659264545a95726d1493123345aad8cbf56e17810fa9a0b029852c6d42bc80517696af09d99b23bef1845d10d95e01b8b4a1da578f22aeba7a30d3e0022a4938 - languageName: node - linkType: hard - "lodash@npm:^4.0.0, lodash@npm:^4.17.10, lodash@npm:^4.17.11, lodash@npm:^4.17.12, lodash@npm:^4.17.14, lodash@npm:^4.17.15, lodash@npm:^4.17.19, lodash@npm:^4.17.21": version: 4.17.21 resolution: "lodash@npm:4.17.21" @@ -13142,9 +12855,9 @@ __metadata: linkType: hard "loglevel@npm:^1.4.1": - version: 1.9.1 - resolution: "loglevel@npm:1.9.1" - checksum: e1c8586108c4d566122e91f8a79c8df728920e3a714875affa5120566761a24077ec8ec9e5fc388b022e39fc411ec6e090cde1b5775871241b045139771eeb06 + version: 1.9.2 + resolution: "loglevel@npm:1.9.2" + checksum: 896c67b90a507bfcfc1e9a4daa7bf789a441dd70d95cd13b998d6dd46233a3bfadfb8fadb07250432bbfb53bf61e95f2520f9b11f9d3175cc460e5c251eca0af languageName: node linkType: hard @@ -13206,11 +12919,11 @@ __metadata: linkType: hard "magic-string@npm:^0.30.0": - version: 0.30.10 - resolution: "magic-string@npm:0.30.10" + version: 0.30.14 + resolution: "magic-string@npm:0.30.14" dependencies: - "@jridgewell/sourcemap-codec": ^1.4.15 - checksum: 456fd47c39b296c47dff967e1965121ace35417eab7f45a99e681e725b8661b48e1573c366ee67a27715025b3740773c46b088f115421c7365ea4ea6fa10d399 + "@jridgewell/sourcemap-codec": ^1.5.0 + checksum: 67b3b2d817a7c4e94cb63e2dcaffbeee3b76ff0798eeaee8159a6ff4faee30db824375b2cadbf43807b56c6802fe6373b40d02567d489593017012d74ec0b719 languageName: node linkType: hard @@ -13278,13 +12991,6 @@ __metadata: languageName: node linkType: hard -"map-cache@npm:^0.2.2": - version: 0.2.2 - resolution: "map-cache@npm:0.2.2" - checksum: 3067cea54285c43848bb4539f978a15dedc63c03022abeec6ef05c8cb6829f920f13b94bcaf04142fc6a088318e564c4785704072910d120d55dbc2e0c421969 - languageName: node - linkType: hard - "map-obj@npm:^1.0.0": version: 1.0.1 resolution: "map-obj@npm:1.0.1" @@ -13299,15 +13005,6 @@ __metadata: languageName: node linkType: hard -"map-visit@npm:^1.0.0": - version: 1.0.0 - resolution: "map-visit@npm:1.0.0" - dependencies: - object-visit: ^1.0.0 - checksum: c27045a5021c344fc19b9132eb30313e441863b2951029f8f8b66f79d3d8c1e7e5091578075a996f74e417479506fe9ede28c44ca7bc351a61c9d8073daec36a - languageName: node - linkType: hard - "markdown-it-anchor@npm:^8.6.7": version: 8.6.7 resolution: "markdown-it-anchor@npm:8.6.7" @@ -13661,10 +13358,10 @@ __metadata: languageName: node linkType: hard -"merge-descriptors@npm:1.0.1": - version: 1.0.1 - resolution: "merge-descriptors@npm:1.0.1" - checksum: 5abc259d2ae25bb06d19ce2b94a21632583c74e2a9109ee1ba7fd147aa7362b380d971e0251069f8b3eb7d48c21ac839e21fa177b335e82c76ec172e30c31a26 +"merge-descriptors@npm:1.0.3": + version: 1.0.3 + resolution: "merge-descriptors@npm:1.0.3" + checksum: 52117adbe0313d5defa771c9993fe081e2d2df9b840597e966aadafde04ae8d0e3da46bac7ca4efc37d4d2b839436582659cd49c6a43eacb3fe3050896a105d1 languageName: node linkType: hard @@ -13784,34 +13481,13 @@ __metadata: languageName: node linkType: hard -"micromatch@npm:^3.0.4, micromatch@npm:^3.1.4": - version: 3.1.10 - resolution: "micromatch@npm:3.1.10" - dependencies: - arr-diff: ^4.0.0 - array-unique: ^0.3.2 - braces: ^2.3.1 - define-property: ^2.0.2 - extend-shallow: ^3.0.2 - extglob: ^2.0.4 - fragment-cache: ^0.2.1 - kind-of: ^6.0.2 - nanomatch: ^1.2.9 - object.pick: ^1.3.0 - regex-not: ^1.0.0 - snapdragon: ^0.8.1 - to-regex: ^3.0.2 - checksum: ad226cba4daa95b4eaf47b2ca331c8d2e038d7b41ae7ed0697cde27f3f1d6142881ab03d4da51b65d9d315eceb5e4cdddb3fbb55f5f72cfa19cf3ea469d054dc - languageName: node - linkType: hard - -"micromatch@npm:^4.0.2, micromatch@npm:^4.0.4, micromatch@npm:^4.0.5": - version: 4.0.7 - resolution: "micromatch@npm:4.0.7" +"micromatch@npm:~4.0.8": + version: 4.0.8 + resolution: "micromatch@npm:4.0.8" dependencies: braces: ^3.0.3 picomatch: ^2.3.1 - checksum: 3cde047d70ad80cf60c787b77198d680db3b8c25b23feb01de5e2652205d9c19f43bd81882f69a0fd1f0cde6a7a122d774998aad3271ddb1b8accf8a0f480cf7 + checksum: 79920eb634e6f400b464a954fcfa589c4e7c7143209488e44baf627f9affc8b1e306f41f4f0deedde97e69cb725920879462d3e750ab3bd3c1aed675bb3a8966 languageName: node linkType: hard @@ -13876,14 +13552,14 @@ __metadata: linkType: hard "mini-css-extract-plugin@npm:^2.5.2": - version: 2.9.0 - resolution: "mini-css-extract-plugin@npm:2.9.0" + version: 2.9.2 + resolution: "mini-css-extract-plugin@npm:2.9.2" dependencies: schema-utils: ^4.0.0 tapable: ^2.2.1 peerDependencies: webpack: ^5.0.0 - checksum: ae192c67ba85ac8bffeab66774635bf90181f00d5dd6cf95412426192599ddf5506fb4b1550acbd7a5476476e39db53c770dd40f8378f7baf5de96e3fec4e6e9 + checksum: 67a1f75359371a7776108999d472ae0942ccd904401e364e3a2c710d4b6fec61c4f53288594fcac35891f009e6df8825a00dfd3bfe4bcec0f862081d1f7cad50 languageName: node linkType: hard @@ -14063,16 +13739,6 @@ __metadata: languageName: node linkType: hard -"mixin-deep@npm:^1.2.0": - version: 1.3.2 - resolution: "mixin-deep@npm:1.3.2" - dependencies: - for-in: ^1.0.2 - is-extendable: ^1.0.1 - checksum: 820d5a51fcb7479f2926b97f2c3bb223546bc915e6b3a3eb5d906dda871bba569863595424a76682f2b15718252954644f3891437cb7e3f220949bed54b1750d - languageName: node - linkType: hard - "mkdirp2@npm:^1.0.4": version: 1.0.5 resolution: "mkdirp2@npm:1.0.5" @@ -14154,14 +13820,7 @@ __metadata: languageName: node linkType: hard -"ms@npm:2.1.2": - version: 2.1.2 - resolution: "ms@npm:2.1.2" - checksum: 673cdb2c3133eb050c745908d8ce632ed2c02d85640e2edb3ace856a2266a813b30c613569bf3354fdf4ea7d1a1494add3bfa95e2713baa27d0c2c71fc44f58f - languageName: node - linkType: hard - -"ms@npm:2.1.3, ms@npm:^2.1.1": +"ms@npm:2.1.3, ms@npm:^2.1.1, ms@npm:^2.1.3": version: 2.1.3 resolution: "ms@npm:2.1.3" checksum: aa92de608021b242401676e35cfa5aa42dd70cbdc082b916da7fb925c542173e36bce97ea3e804923fe92c0ad991434e4a38327e15a1b5b5f945d66df615ae6d @@ -14199,30 +13858,11 @@ __metadata: linkType: hard "nanoid@npm:^3.3.7": - version: 3.3.7 - resolution: "nanoid@npm:3.3.7" + version: 3.3.8 + resolution: "nanoid@npm:3.3.8" bin: nanoid: bin/nanoid.cjs - checksum: d36c427e530713e4ac6567d488b489a36582ef89da1d6d4e3b87eded11eb10d7042a877958c6f104929809b2ab0bafa17652b076cdf84324aa75b30b722204f2 - languageName: node - linkType: hard - -"nanomatch@npm:^1.2.9": - version: 1.2.13 - resolution: "nanomatch@npm:1.2.13" - dependencies: - arr-diff: ^4.0.0 - array-unique: ^0.3.2 - define-property: ^2.0.2 - extend-shallow: ^3.0.2 - fragment-cache: ^0.2.1 - is-windows: ^1.0.2 - kind-of: ^6.0.2 - object.pick: ^1.3.0 - regex-not: ^1.0.0 - snapdragon: ^0.8.1 - to-regex: ^3.0.1 - checksum: 54d4166d6ef08db41252eb4e96d4109ebcb8029f0374f9db873bd91a1f896c32ec780d2a2ea65c0b2d7caf1f28d5e1ea33746a470f32146ac8bba821d80d38d8 + checksum: dfe0adbc0c77e9655b550c333075f51bb28cfc7568afbf3237249904f9c86c9aaaed1f113f0fddddba75673ee31c758c30c43d4414f014a52a7a626efc5958c9 languageName: node linkType: hard @@ -14240,13 +13880,20 @@ __metadata: languageName: node linkType: hard -"negotiator@npm:0.6.3, negotiator@npm:^0.6.3": +"negotiator@npm:0.6.3": version: 0.6.3 resolution: "negotiator@npm:0.6.3" checksum: b8ffeb1e262eff7968fc90a2b6767b04cfd9842582a9d0ece0af7049537266e7b2506dfb1d107a32f06dd849ab2aea834d5830f7f4d0e5cb7d36e1ae55d021d9 languageName: node linkType: hard +"negotiator@npm:^0.6.3, negotiator@npm:~0.6.4": + version: 0.6.4 + resolution: "negotiator@npm:0.6.4" + checksum: 7ded10aa02a0707d1d12a9973fdb5954f98547ca7beb60e31cb3a403cc6e8f11138db7a3b0128425cf836fc85d145ec4ce983b2bdf83dca436af879c2d683510 + languageName: node + linkType: hard + "neo-async@npm:^2.6.0, neo-async@npm:^2.6.2": version: 2.6.2 resolution: "neo-async@npm:2.6.2" @@ -14284,9 +13931,18 @@ __metadata: languageName: node linkType: hard +"node-addon-api@npm:^7.0.0": + version: 7.1.1 + resolution: "node-addon-api@npm:7.1.1" + dependencies: + node-gyp: latest + checksum: 46051999e3289f205799dfaf6bcb017055d7569090f0004811110312e2db94cb4f8654602c7eb77a60a1a05142cc2b96e1b5c56ca4622c41a5c6370787faaf30 + languageName: node + linkType: hard + "node-gyp@npm:latest": - version: 10.2.0 - resolution: "node-gyp@npm:10.2.0" + version: 10.3.1 + resolution: "node-gyp@npm:10.3.1" dependencies: env-paths: ^2.2.0 exponential-backoff: ^3.1.1 @@ -14300,7 +13956,7 @@ __metadata: which: ^4.0.0 bin: node-gyp: bin/node-gyp.js - checksum: 0233759d8c19765f7fdc259a35eb046ad86c3d09e22f7384613ae2b89647dd27fcf833fdf5293d9335041e91f9b1c539494225959cdb312a5c8080b7534b926f + checksum: 91b0690ab504fe051ad66863226dc5ecac72b8471f85e8428e4d5ca3217d3a2adfffae48cd555e8d009a4164689fff558b88d2bc9bfd246452a3336ab308cf99 languageName: node linkType: hard @@ -14332,7 +13988,7 @@ __metadata: languageName: node linkType: hard -"node-releases@npm:^2.0.14": +"node-releases@npm:^2.0.18": version: 2.0.18 resolution: "node-releases@npm:2.0.18" checksum: ef55a3d853e1269a6d6279b7692cd6ff3e40bc74947945101138745bfdc9a5edabfe72cb19a31a8e45752e1910c4c65c77d931866af6357f242b172b7283f5b3 @@ -14508,17 +14164,6 @@ __metadata: languageName: node linkType: hard -"object-copy@npm:^0.1.0": - version: 0.1.0 - resolution: "object-copy@npm:0.1.0" - dependencies: - copy-descriptor: ^0.1.0 - define-property: ^0.2.5 - kind-of: ^3.0.3 - checksum: a9e35f07e3a2c882a7e979090360d1a20ab51d1fa19dfdac3aa8873b328a7c4c7683946ee97c824ae40079d848d6740a3788fa14f2185155dab7ed970a72c783 - languageName: node - linkType: hard - "object-get@npm:^2.1.1": version: 2.1.1 resolution: "object-get@npm:2.1.1" @@ -14533,10 +14178,10 @@ __metadata: languageName: node linkType: hard -"object-inspect@npm:^1.13.1": - version: 1.13.2 - resolution: "object-inspect@npm:1.13.2" - checksum: 9f850b3c045db60e0e97746e809ee4090d6ce62195af17dd1e9438ac761394a7d8ec4f7906559aea5424eaf61e35d3e53feded2ccd5f62fcc7d9670d3c8eb353 +"object-inspect@npm:^1.13.1, object-inspect@npm:^1.13.3": + version: 1.13.3 + resolution: "object-inspect@npm:1.13.3" + checksum: 8c962102117241e18ea403b84d2521f78291b774b03a29ee80a9863621d88265ffd11d0d7e435c4c2cea0dc2a2fbf8bbc92255737a05536590f2df2e8756f297 languageName: node linkType: hard @@ -14554,15 +14199,6 @@ __metadata: languageName: node linkType: hard -"object-visit@npm:^1.0.0": - version: 1.0.1 - resolution: "object-visit@npm:1.0.1" - dependencies: - isobject: ^3.0.0 - checksum: b0ee07f5bf3bb881b881ff53b467ebbde2b37ebb38649d6944a6cd7681b32eedd99da9bd1e01c55facf81f54ed06b13af61aba6ad87f0052982995e09333f790 - languageName: node - linkType: hard - "object.assign@npm:^4.1.5": version: 4.1.5 resolution: "object.assign@npm:4.1.5" @@ -14590,15 +14226,6 @@ __metadata: languageName: node linkType: hard -"object.pick@npm:^1.3.0": - version: 1.3.0 - resolution: "object.pick@npm:1.3.0" - dependencies: - isobject: ^3.0.1 - checksum: 77fb6eed57c67adf75e9901187e37af39f052ef601cb4480386436561357eb9e459e820762f01fd02c5c1b42ece839ad393717a6d1850d848ee11fbabb3e580a - languageName: node - linkType: hard - "object.values@npm:^1.1.0": version: 1.2.0 resolution: "object.values@npm:1.2.0" @@ -14874,9 +14501,9 @@ __metadata: linkType: hard "package-json-from-dist@npm:^1.0.0": - version: 1.0.0 - resolution: "package-json-from-dist@npm:1.0.0" - checksum: ac706ec856a5a03f5261e4e48fa974f24feb044d51f84f8332e2af0af04fbdbdd5bbbfb9cbbe354190409bc8307c83a9e38c6672c3c8855f709afb0006a009ea + version: 1.0.1 + resolution: "package-json-from-dist@npm:1.0.1" + checksum: 58ee9538f2f762988433da00e26acc788036914d57c71c246bf0be1b60cdbd77dd60b6a3e1a30465f0b248aeb80079e0b34cb6050b1dfa18c06953bb1cbc7602 languageName: node linkType: hard @@ -14930,12 +14557,21 @@ __metadata: linkType: hard "parse5-htmlparser2-tree-adapter@npm:^7.0.0": - version: 7.0.0 - resolution: "parse5-htmlparser2-tree-adapter@npm:7.0.0" + version: 7.1.0 + resolution: "parse5-htmlparser2-tree-adapter@npm:7.1.0" dependencies: - domhandler: ^5.0.2 + domhandler: ^5.0.3 parse5: ^7.0.0 - checksum: fc5d01e07733142a1baf81de5c2a9c41426c04b7ab29dd218acb80cd34a63177c90aff4a4aee66cf9f1d0aeecff1389adb7452ad6f8af0a5888e3e9ad6ef733d + checksum: 98326fc5443e2149e10695adbfd0b0b3383c54398799f858b4ac2914adb199af8fcc90c2143aa5f7fd5f9482338f26ef253b468722f34d50bb215ec075d89fe9 + languageName: node + linkType: hard + +"parse5-parser-stream@npm:^7.1.2": + version: 7.1.2 + resolution: "parse5-parser-stream@npm:7.1.2" + dependencies: + parse5: ^7.0.0 + checksum: 75b232d460bce6bd0e35012750a78ef034f40ccf550b7c6cec3122395af6b4553202ad3663ad468cf537ead5a2e13b6727670395fd0ff548faccad1dc2dc93cf languageName: node linkType: hard @@ -14946,12 +14582,12 @@ __metadata: languageName: node linkType: hard -"parse5@npm:^7.0.0": - version: 7.1.2 - resolution: "parse5@npm:7.1.2" +"parse5@npm:^7.0.0, parse5@npm:^7.1.2": + version: 7.2.1 + resolution: "parse5@npm:7.2.1" dependencies: - entities: ^4.4.0 - checksum: 59465dd05eb4c5ec87b76173d1c596e152a10e290b7abcda1aecf0f33be49646ea74840c69af975d7887543ea45564801736356c568d6b5e71792fd0f4055713 + entities: ^4.5.0 + checksum: 11253cf8aa2e7fc41c004c64cba6f2c255f809663365db65bd7ad0e8cf7b89e436a563c20059346371cc543a6c1b567032088883ca6a2cbc88276c666b68236d languageName: node linkType: hard @@ -14962,13 +14598,6 @@ __metadata: languageName: node linkType: hard -"pascalcase@npm:^0.1.1": - version: 0.1.1 - resolution: "pascalcase@npm:0.1.1" - checksum: f83681c3c8ff75fa473a2bb2b113289952f802ff895d435edd717e7cb898b0408cbdb247117a938edcbc5d141020909846cc2b92c47213d764e2a94d2ad2b925 - languageName: node - linkType: hard - "path-exists@npm:^3.0.0": version: 3.0.0 resolution: "path-exists@npm:3.0.0" @@ -15058,17 +14687,17 @@ __metadata: languageName: node linkType: hard -"path-to-regexp@npm:0.1.7": - version: 0.1.7 - resolution: "path-to-regexp@npm:0.1.7" - checksum: 69a14ea24db543e8b0f4353305c5eac6907917031340e5a8b37df688e52accd09e3cebfe1660b70d76b6bd89152f52183f28c74813dbf454ba1a01c82a38abce +"path-to-regexp@npm:0.1.10": + version: 0.1.10 + resolution: "path-to-regexp@npm:0.1.10" + checksum: ab7a3b7a0b914476d44030340b0a65d69851af2a0f33427df1476100ccb87d409c39e2182837a96b98fb38c4ef2ba6b87bdad62bb70a2c153876b8061760583c languageName: node linkType: hard "path-to-regexp@npm:^6.2.1": - version: 6.2.2 - resolution: "path-to-regexp@npm:6.2.2" - checksum: b7b0005c36f5099f9ed1fb20a820d2e4ed1297ffe683ea1d678f5e976eb9544f01debb281369dabdc26da82e6453901bf71acf2c7ed14b9243536c2a45286c33 + version: 6.3.0 + resolution: "path-to-regexp@npm:6.3.0" + checksum: eca78602e6434a1b6799d511d375ec044e8d7e28f5a48aa5c28d57d8152fb52f3fc62fb1cfc5dfa2198e1f041c2a82ed14043d75740a2fe60e91b5089a153250 languageName: node linkType: hard @@ -15086,10 +14715,10 @@ __metadata: languageName: node linkType: hard -"picocolors@npm:^1.0.0, picocolors@npm:^1.0.1": - version: 1.0.1 - resolution: "picocolors@npm:1.0.1" - checksum: fa68166d1f56009fc02a34cdfd112b0dd3cf1ef57667ac57281f714065558c01828cdf4f18600ad6851cbe0093952ed0660b1e0156bddf2184b6aaf5817553a5 +"picocolors@npm:^1.0.0, picocolors@npm:^1.1.0, picocolors@npm:^1.1.1": + version: 1.1.1 + resolution: "picocolors@npm:1.1.1" + checksum: e1cf46bf84886c79055fdfa9dcb3e4711ad259949e3565154b004b260cd356c5d54b31a1437ce9782624bf766272fe6b0154f5f0c744fb7af5d454d2b60db045 languageName: node linkType: hard @@ -15132,6 +14761,13 @@ __metadata: languageName: node linkType: hard +"pkg-entry-points@npm:^1.1.0": + version: 1.1.1 + resolution: "pkg-entry-points@npm:1.1.1" + checksum: cf122530c2d05b8e14c202fcbd4c17f6f10ba3d16421bf9cf43fa7361f2205af4521278d70c3fef3a99cf04122a88daf21bec5f6eca3a067b762c2aa67dafdcd + languageName: node + linkType: hard + "pkg-up@npm:^2.0.0": version: 2.0.0 resolution: "pkg-up@npm:2.0.0" @@ -15181,13 +14817,6 @@ __metadata: languageName: node linkType: hard -"posix-character-classes@npm:^0.1.0": - version: 0.1.1 - resolution: "posix-character-classes@npm:0.1.1" - checksum: dedb99913c60625a16050cfed2fb5c017648fc075be41ac18474e1c6c3549ef4ada201c8bd9bd006d36827e289c571b6092e1ef6e756cdbab2fd7046b25c6442 - languageName: node - linkType: hard - "possible-typed-array-names@npm:^1.0.0": version: 1.0.0 resolution: "possible-typed-array-names@npm:1.0.0" @@ -15205,26 +14834,26 @@ __metadata: linkType: hard "postcss-modules-local-by-default@npm:^4.0.0": - version: 4.0.5 - resolution: "postcss-modules-local-by-default@npm:4.0.5" + version: 4.1.0 + resolution: "postcss-modules-local-by-default@npm:4.1.0" dependencies: icss-utils: ^5.0.0 - postcss-selector-parser: ^6.0.2 + postcss-selector-parser: ^7.0.0 postcss-value-parser: ^4.1.0 peerDependencies: postcss: ^8.1.0 - checksum: ca9b01f4a0a3dfb33e016299e2dfb7e85c3123292f7aec2efc0c6771b9955648598bfb4c1561f7ee9732fb27fb073681233661b32eef98baab43743f96735452 + checksum: 64ac4803c21dd82e227179cf0a8489c645ea99a8c514475da028c9afe5d5b915485d00d8efbe94295d688a23a172965cc15f20d550168d1fed272dbdbbe053f0 languageName: node linkType: hard "postcss-modules-scope@npm:^3.0.0": - version: 3.2.0 - resolution: "postcss-modules-scope@npm:3.2.0" + version: 3.2.1 + resolution: "postcss-modules-scope@npm:3.2.1" dependencies: - postcss-selector-parser: ^6.0.4 + postcss-selector-parser: ^7.0.0 peerDependencies: postcss: ^8.1.0 - checksum: 2ffe7e98c1fa993192a39c8dd8ade93fc4f59fbd1336ce34fcedaee0ee3bafb29e2e23fb49189256895b30e4f21af661c6a6a16ef7b17ae2c859301e4a4459ae + checksum: 085f65863bb7d8bf08209a979ceb22b2b07bb466574e0e698d34aaad832d614957bb05f2418348a14e4035f65e23b2be2951369d26ea429dd5762c6a020f0f7c languageName: node linkType: hard @@ -15240,9 +14869,9 @@ __metadata: linkType: hard "postcss-resolve-nested-selector@npm:^0.1.1": - version: 0.1.1 - resolution: "postcss-resolve-nested-selector@npm:0.1.1" - checksum: b08fb76ab092a09ee01328bad620a01dcb445ac5eb02dd0ed9ed75217c2f779ecb3bf99a361c46e695689309c08c09f1a1ad7354c8d58c2c2c40d364657fcb08 + version: 0.1.6 + resolution: "postcss-resolve-nested-selector@npm:0.1.6" + checksum: 85453901afe2a4db497b4e0d2c9cf2a097a08fa5d45bc646547025176217050334e423475519a1e6c74a1f31ade819d16bb37a39914e5321e250695ee3feea14 languageName: node linkType: hard @@ -15255,13 +14884,23 @@ __metadata: languageName: node linkType: hard -"postcss-selector-parser@npm:^6.0.13, postcss-selector-parser@npm:^6.0.2, postcss-selector-parser@npm:^6.0.4": - version: 6.1.1 - resolution: "postcss-selector-parser@npm:6.1.1" +"postcss-selector-parser@npm:^6.0.13": + version: 6.1.2 + resolution: "postcss-selector-parser@npm:6.1.2" + dependencies: + cssesc: ^3.0.0 + util-deprecate: ^1.0.2 + checksum: ce9440fc42a5419d103f4c7c1847cb75488f3ac9cbe81093b408ee9701193a509f664b4d10a2b4d82c694ee7495e022f8f482d254f92b7ffd9ed9dea696c6f84 + languageName: node + linkType: hard + +"postcss-selector-parser@npm:^7.0.0": + version: 7.0.0 + resolution: "postcss-selector-parser@npm:7.0.0" dependencies: cssesc: ^3.0.0 util-deprecate: ^1.0.2 - checksum: 1c6a5adfc3c19c6e1e7d94f8addb89a5166fcca72c41f11713043d381ecbe82ce66360c5524e904e17b54f7fc9e6a077994ff31238a456bc7320c3e02e88d92e + checksum: f906b7449fcbe9fa6ae739b6fc324ee3c6201aaf5224f26da27de64ccba68d878d734dd182a467881e463f7ede08972d0129b0cc4d6b671d78c6492cddcef154 languageName: node linkType: hard @@ -15273,13 +14912,13 @@ __metadata: linkType: hard "postcss@npm:^8.2.15, postcss@npm:^8.4.28": - version: 8.4.39 - resolution: "postcss@npm:8.4.39" + version: 8.4.49 + resolution: "postcss@npm:8.4.49" dependencies: nanoid: ^3.3.7 - picocolors: ^1.0.1 - source-map-js: ^1.2.0 - checksum: 14b130c90f165961772bdaf99c67f907f3d16494adf0868e57ef68baa67e0d1f6762db9d41ab0f4d09bab6fb7888588dba3596afd1a235fd5c2d43fba7006ac6 + picocolors: ^1.1.1 + source-map-js: ^1.2.1 + checksum: eb5d6cbdca24f50399aafa5d2bea489e4caee4c563ea1edd5a2485bc5f84e9ceef3febf170272bc83a99c31d23a316ad179213e853f34c2a7a8ffa534559d63a languageName: node linkType: hard @@ -15491,12 +15130,12 @@ __metadata: linkType: hard "pump@npm:^3.0.0": - version: 3.0.0 - resolution: "pump@npm:3.0.0" + version: 3.0.2 + resolution: "pump@npm:3.0.2" dependencies: end-of-stream: ^1.1.0 once: ^1.3.1 - checksum: e42e9229fba14732593a718b04cb5e1cfef8254544870997e0ecd9732b189a48e1256e4e5478148ecb47c8511dca2b09eae56b4d0aad8009e6fac8072923cfc9 + checksum: e0c4216874b96bd25ddf31a0b61a5613e26cc7afa32379217cf39d3915b0509def3565f5f6968fafdad2894c8bbdbd67d340e84f3634b2a29b950cffb6442d9f languageName: node linkType: hard @@ -15515,11 +15154,11 @@ __metadata: linkType: hard "pvtsutils@npm:^1.3.2": - version: 1.3.5 - resolution: "pvtsutils@npm:1.3.5" + version: 1.3.6 + resolution: "pvtsutils@npm:1.3.6" dependencies: - tslib: ^2.6.1 - checksum: e734516b3cb26086c18bd9c012fefe818928a5073178842ab7e62885a090f1dd7bda9c7bb8cd317167502cb8ec86c0b1b0ccd71dac7ab469382a4518157b0d12 + tslib: ^2.8.1 + checksum: 97b023b46d7b95bff004f8340efc465c1d995f35d7e97a2ef2e28d5e160f5ca47b48f42463b6be92b4341452a6b8c555feb2b1eb59ee90b97bd5d6fc86ffb186 languageName: node linkType: hard @@ -15537,15 +15176,6 @@ __metadata: languageName: node linkType: hard -"qs@npm:6.11.0": - version: 6.11.0 - resolution: "qs@npm:6.11.0" - dependencies: - side-channel: ^1.0.4 - checksum: 6e1f29dd5385f7488ec74ac7b6c92f4d09a90408882d0c208414a34dd33badc1a621019d4c799a3df15ab9b1d0292f97c1dd71dc7c045e69f81a8064e5af7297 - languageName: node - linkType: hard - "qs@npm:6.13.0": version: 6.13.0 resolution: "qs@npm:6.13.0" @@ -15556,11 +15186,11 @@ __metadata: linkType: hard "qs@npm:^6.4.0": - version: 6.12.3 - resolution: "qs@npm:6.12.3" + version: 6.13.1 + resolution: "qs@npm:6.13.1" dependencies: side-channel: ^1.0.6 - checksum: 9a9228a623bc36d41648237667d7342fb8d64d1cfeb29e474b0c44591ba06ac507e2d726f60eca5af8dc420e5dd23370af408ef8c28e0405675c7187b736a693 + checksum: 86c5059146955fab76624e95771031541328c171b1d63d48a7ac3b1fdffe262faf8bc5fcadc1684e6f3da3ec87a8dedc8c0009792aceb20c5e94dc34cf468bb9 languageName: node linkType: hard @@ -15609,15 +15239,15 @@ __metadata: linkType: hard "qunit@npm:^2.20.0": - version: 2.21.1 - resolution: "qunit@npm:2.21.1" + version: 2.22.0 + resolution: "qunit@npm:2.22.0" dependencies: commander: 7.2.0 node-watch: 0.7.3 tiny-glob: 0.2.9 bin: qunit: bin/qunit.js - checksum: 51d7c323ef858847cb4fb8b3466e1a26635cbd1b5dbce69e910bf5c1e6a75710d62e4021bb6dbcc787d955522020e4c54c1a8853bc8dc9e9ef8a4c8cf4b76a07 + checksum: 6f659ccdc208418e52cd15ab775e203987fc53e5d2b55ce8071d73ae809f6ebec5fdeb174dadfb4800b7f7f64a27727de3e5783c5188aad5056b793b7323f1d9 languageName: node linkType: hard @@ -15705,6 +15335,13 @@ __metadata: languageName: node linkType: hard +"readdirp@npm:^4.0.1": + version: 4.0.2 + resolution: "readdirp@npm:4.0.2" + checksum: 309376e717f94fb7eb61bec21e2603243a9e2420cd2e9bf94ddf026aefea0d7377ed1a62f016d33265682e44908049a55c3cfc2307450a1421654ea008489b39 + languageName: node + linkType: hard + "readdirp@npm:~3.6.0": version: 3.6.0 resolution: "readdirp@npm:3.6.0" @@ -15745,15 +15382,6 @@ __metadata: languageName: node linkType: hard -"reduce-extract@npm:^1.0.0": - version: 1.0.0 - resolution: "reduce-extract@npm:1.0.0" - dependencies: - test-value: ^1.0.1 - checksum: 1f36cd01617d2ca2d1b077e75ba6521b5303a35d0b6b9a05ad610321cb6df32f20b740d4686d2de7e12e0564dd650bf4b5784c5dec45f8bead04b58c7a14ae31 - languageName: node - linkType: hard - "reduce-flatten@npm:^1.0.1": version: 1.0.1 resolution: "reduce-flatten@npm:1.0.1" @@ -15784,12 +15412,27 @@ __metadata: languageName: node linkType: hard -"regenerate-unicode-properties@npm:^10.1.0": - version: 10.1.1 - resolution: "regenerate-unicode-properties@npm:10.1.1" +"reflect.getprototypeof@npm:^1.0.6": + version: 1.0.7 + resolution: "reflect.getprototypeof@npm:1.0.7" + dependencies: + call-bind: ^1.0.7 + define-properties: ^1.2.1 + es-abstract: ^1.23.5 + es-errors: ^1.3.0 + get-intrinsic: ^1.2.4 + gopd: ^1.0.1 + which-builtin-type: ^1.1.4 + checksum: e023846d4d9631b46476a2315f5cdebb1f98782e145e807d985b47df8314776220b0d82244c9f3e51718acb09da79149f406afa9872e4fb4ca473dcc4e980598 + languageName: node + linkType: hard + +"regenerate-unicode-properties@npm:^10.2.0": + version: 10.2.0 + resolution: "regenerate-unicode-properties@npm:10.2.0" dependencies: regenerate: ^1.4.2 - checksum: b80958ef40f125275824c2c47d5081dfaefebd80bff26c76761e9236767c748a4a95a69c053fe29d2df881177f2ca85df4a71fe70a82360388b31159ef19adcf + checksum: d5c5fc13f8b8d7e16e791637a4bfef741f8d70e267d51845ee7d5404a32fa14c75b181c4efba33e4bff8b0000a2f13e9773593713dfe5b66597df4259275ce63 languageName: node linkType: hard @@ -15823,50 +15466,47 @@ __metadata: languageName: node linkType: hard -"regex-not@npm:^1.0.0, regex-not@npm:^1.0.2": - version: 1.0.2 - resolution: "regex-not@npm:1.0.2" - dependencies: - extend-shallow: ^3.0.2 - safe-regex: ^1.1.0 - checksum: 3081403de79559387a35ef9d033740e41818a559512668cef3d12da4e8a29ef34ee13c8ed1256b07e27ae392790172e8a15c8a06b72962fd4550476cde3d8f77 - languageName: node - linkType: hard - -"regexp.prototype.flags@npm:^1.5.2": - version: 1.5.2 - resolution: "regexp.prototype.flags@npm:1.5.2" +"regexp.prototype.flags@npm:^1.5.2, regexp.prototype.flags@npm:^1.5.3": + version: 1.5.3 + resolution: "regexp.prototype.flags@npm:1.5.3" dependencies: - call-bind: ^1.0.6 + call-bind: ^1.0.7 define-properties: ^1.2.1 es-errors: ^1.3.0 - set-function-name: ^2.0.1 - checksum: d7f333667d5c564e2d7a97c56c3075d64c722c9bb51b2b4df6822b2e8096d623a5e63088fb4c83df919b6951ef8113841de8b47de7224872fa6838bc5d8a7d64 + set-function-name: ^2.0.2 + checksum: 83ff0705b837f7cb6d664010a11642250f36d3f642263dd0f3bdfe8f150261aa7b26b50ee97f21c1da30ef82a580bb5afedbef5f45639d69edaafbeac9bbb0ed languageName: node linkType: hard -"regexpu-core@npm:^5.3.1": - version: 5.3.2 - resolution: "regexpu-core@npm:5.3.2" +"regexpu-core@npm:^6.1.1": + version: 6.2.0 + resolution: "regexpu-core@npm:6.2.0" dependencies: - "@babel/regjsgen": ^0.8.0 regenerate: ^1.4.2 - regenerate-unicode-properties: ^10.1.0 - regjsparser: ^0.9.1 + regenerate-unicode-properties: ^10.2.0 + regjsgen: ^0.8.0 + regjsparser: ^0.12.0 unicode-match-property-ecmascript: ^2.0.0 unicode-match-property-value-ecmascript: ^2.1.0 - checksum: 95bb97088419f5396e07769b7de96f995f58137ad75fac5811fb5fe53737766dfff35d66a0ee66babb1eb55386ef981feaef392f9df6d671f3c124812ba24da2 + checksum: 67d3c4a3f6c99bc80b5d690074a27e6f675be1c1739f8a9acf028fbc36f1a468472574ea65e331e217995198ba4404d7878f3cb3739a73552dd3c70d3fb7f8e6 + languageName: node + linkType: hard + +"regjsgen@npm:^0.8.0": + version: 0.8.0 + resolution: "regjsgen@npm:0.8.0" + checksum: a1d925ff14a4b2be774e45775ee6b33b256f89c42d480e6d85152d2133f18bd3d6af662161b226fa57466f7efec367eaf7ccd2a58c0ec2a1306667ba2ad07b0d languageName: node linkType: hard -"regjsparser@npm:^0.9.1": - version: 0.9.1 - resolution: "regjsparser@npm:0.9.1" +"regjsparser@npm:^0.12.0": + version: 0.12.0 + resolution: "regjsparser@npm:0.12.0" dependencies: - jsesc: ~0.5.0 + jsesc: ~3.0.2 bin: regjsparser: bin/parser - checksum: 5e1b76afe8f1d03c3beaf9e0d935dd467589c3625f6d65fb8ffa14f224d783a0fed4bf49c2c1b8211043ef92b6117313419edf055a098ed8342e340586741afc + checksum: 094b55b0ab3e1fd58f8ce5132a1d44dab08d91f7b0eea4132b0157b303ebb8ded20a9cbd893d25402d2aeddb23fac1f428ab4947b295d6fa51dd1c334a9e76f0 languageName: node linkType: hard @@ -16135,13 +15775,6 @@ __metadata: languageName: node linkType: hard -"resolve-url@npm:^0.2.1": - version: 0.2.1 - resolution: "resolve-url@npm:0.2.1" - checksum: 7b7035b9ed6e7bc7d289e90aef1eab5a43834539695dac6416ca6e91f1a94132ae4796bbd173cdacfdc2ade90b5f38a3fb6186bebc1b221cd157777a23b9ad14 - languageName: node - linkType: hard - "resolve@npm:^1.10.0, resolve@npm:^1.11.1, resolve@npm:^1.13.1, resolve@npm:^1.14.2, resolve@npm:^1.17.0, resolve@npm:^1.20.0, resolve@npm:^1.22.0, resolve@npm:^1.22.1, resolve@npm:^1.22.2, resolve@npm:^1.22.3, resolve@npm:^1.22.8, resolve@npm:^1.3.3, resolve@npm:^1.4.0, resolve@npm:^1.5.0": version: 1.22.8 resolution: "resolve@npm:1.22.8" @@ -16188,13 +15821,6 @@ __metadata: languageName: node linkType: hard -"ret@npm:~0.1.10": - version: 0.1.15 - resolution: "ret@npm:0.1.15" - checksum: d76a9159eb8c946586567bd934358dfc08a36367b3257f7a3d7255fdd7b56597235af23c6afa0d7f0254159e8051f93c918809962ebd6df24ca2a83dbe4d4151 - languageName: node - linkType: hard - "retry@npm:^0.12.0": version: 0.12.0 resolution: "retry@npm:0.12.0" @@ -16239,13 +15865,13 @@ __metadata: linkType: hard "rimraf@npm:^5.0.0": - version: 5.0.9 - resolution: "rimraf@npm:5.0.9" + version: 5.0.10 + resolution: "rimraf@npm:5.0.10" dependencies: glob: ^10.3.7 bin: rimraf: dist/esm/bin.mjs - checksum: e6dd5007e34181e1fa732437499d798035b2f3313887435cb855c5c9055bf9646795fc1c63ef843de830df8577cd9862df2dabf913fe08dcc1758c96de4a4fdb + checksum: 50e27388dd2b3fa6677385fc1e2966e9157c89c86853b96d02e6915663a96b7ff4d590e14f6f70e90f9b554093aa5dbc05ac3012876be558c06a65437337bc05 languageName: node linkType: hard @@ -16291,14 +15917,14 @@ __metadata: linkType: hard "router_js@npm:^8.0.3": - version: 8.0.5 - resolution: "router_js@npm:8.0.5" + version: 8.0.6 + resolution: "router_js@npm:8.0.6" dependencies: "@glimmer/env": ^0.1.7 peerDependencies: route-recognizer: ^0.3.4 rsvp: ^4.8.5 - checksum: f232e86768ce28b4638a2006f6134099c393ead0f3faf60d5fad19917166866a4903d8cb31670154fd7a623f73b050f28a54b817c558f806cc411f0044ef6b99 + checksum: b2c32cf7a1606c27438b851c5597b2a87f0f64ff98a3217109e12c36136879fe7f7b137d293c128fb4f3fd02a46ef71fadef411eae883e1af477319904b6ac17 languageName: node linkType: hard @@ -16415,19 +16041,10 @@ __metadata: languageName: node linkType: hard -"safe-regex@npm:^1.1.0": - version: 1.1.0 - resolution: "safe-regex@npm:1.1.0" - dependencies: - ret: ~0.1.10 - checksum: 9a8bba57c87a841f7997b3b951e8e403b1128c1a4fd1182f40cc1a20e2d490593d7c2a21030fadfea320c8e859219019e136f678c6689ed5960b391b822f01d5 - languageName: node - linkType: hard - "safe-stable-stringify@npm:^2.2.0, safe-stable-stringify@npm:^2.4.3": - version: 2.4.3 - resolution: "safe-stable-stringify@npm:2.4.3" - checksum: 3aeb64449706ee1f5ad2459fc99648b131d48e7a1fbb608d7c628020177512dc9d94108a5cb61bbc953985d313d0afea6566d243237743e02870490afef04b43 + version: 2.5.0 + resolution: "safe-stable-stringify@npm:2.5.0" + checksum: d3ce103ed43c6c2f523e39607208bfb1c73aa48179fc5be53c3aa97c118390bffd4d55e012f5393b982b65eb3e0ee954dd57b547930d3f242b0053dcdb923d17 languageName: node linkType: hard @@ -16477,15 +16094,19 @@ __metadata: linkType: hard "sass@npm:^1.66.3, sass@npm:^1.69.5": - version: 1.77.8 - resolution: "sass@npm:1.77.8" + version: 1.81.0 + resolution: "sass@npm:1.81.0" dependencies: - chokidar: ">=3.0.0 <4.0.0" - immutable: ^4.0.0 + "@parcel/watcher": ^2.4.1 + chokidar: ^4.0.0 + immutable: ^5.0.2 source-map-js: ">=0.6.2 <2.0.0" + dependenciesMeta: + "@parcel/watcher": + optional: true bin: sass: sass.js - checksum: 6b5dce17faa1bd1e349b4825bf7f76559a32f3f95d789cd2847623c88ee9635e1485d3458532a05fa5b9134cfbce79a4bad3f13dc63c2433632347674db0abae + checksum: 93db5b342c3b0449af2b08123ed4c0793643bd3a30f78e4e0686a1aa991ad640e0d9bc8da09aa5d7ff313bbd317b3be9c827cca60fb33b07d9f4b14b001eccfe languageName: node linkType: hard @@ -16564,9 +16185,9 @@ __metadata: languageName: node linkType: hard -"send@npm:0.18.0": - version: 0.18.0 - resolution: "send@npm:0.18.0" +"send@npm:0.19.0": + version: 0.19.0 + resolution: "send@npm:0.19.0" dependencies: debug: 2.6.9 depd: 2.0.0 @@ -16581,7 +16202,7 @@ __metadata: on-finished: 2.4.1 range-parser: ~1.2.1 statuses: 2.0.1 - checksum: 74fc07ebb58566b87b078ec63e5a3e41ecd987e4272ba67b7467e86c6ad51bc6b0b0154133b6d8b08a2ddda360464f71382f7ef864700f34844a76c8027817a8 + checksum: 5ae11bd900c1c2575525e2aa622e856804e2f96a09281ec1e39610d089f53aa69e13fd8db84b52f001d0318cf4bb0b3b904ad532fc4c0014eb90d32db0cff55f languageName: node linkType: hard @@ -16594,15 +16215,15 @@ __metadata: languageName: node linkType: hard -"serve-static@npm:1.15.0": - version: 1.15.0 - resolution: "serve-static@npm:1.15.0" +"serve-static@npm:1.16.2": + version: 1.16.2 + resolution: "serve-static@npm:1.16.2" dependencies: - encodeurl: ~1.0.2 + encodeurl: ~2.0.0 escape-html: ~1.0.3 parseurl: ~1.3.3 - send: 0.18.0 - checksum: af57fc13be40d90a12562e98c0b7855cf6e8bd4c107fe9a45c212bf023058d54a1871b1c89511c3958f70626fff47faeb795f5d83f8cf88514dbaeb2b724464d + send: 0.19.0 + checksum: dffc52feb4cc5c68e66d0c7f3c1824d4e989f71050aefc9bd5f822a42c54c9b814f595fc5f2b717f4c7cc05396145f3e90422af31186a93f76cf15f707019759 languageName: node linkType: hard @@ -16639,18 +16260,6 @@ __metadata: languageName: node linkType: hard -"set-value@npm:^2.0.0, set-value@npm:^2.0.1": - version: 2.0.1 - resolution: "set-value@npm:2.0.1" - dependencies: - extend-shallow: ^2.0.1 - is-extendable: ^0.1.1 - is-plain-object: ^2.0.3 - split-string: ^3.0.1 - checksum: 09a4bc72c94641aeae950eb60dc2755943b863780fcc32e441eda964b64df5e3f50603d5ebdd33394ede722528bd55ed43aae26e9df469b4d32e2292b427b601 - languageName: node - linkType: hard - "setprototypeof@npm:1.1.0": version: 1.1.0 resolution: "setprototypeof@npm:1.1.0" @@ -16698,9 +16307,9 @@ __metadata: linkType: hard "shell-quote@npm:^1.8.1": - version: 1.8.1 - resolution: "shell-quote@npm:1.8.1" - checksum: 5f01201f4ef504d4c6a9d0d283fa17075f6770bfbe4c5850b074974c68062f37929ca61700d95ad2ac8822e14e8c4b990ca0e6e9272e64befd74ce5e19f0736b + version: 1.8.2 + resolution: "shell-quote@npm:1.8.2" + checksum: 1e97b62ced1c4c5135015978ebf273bed1f425a68cf84163e83fbb0f34b3ff9471e656720dab2b7cbb4ae0f58998e686d17d166c28dfb3662acd009e8bd7faed languageName: node linkType: hard @@ -16827,22 +16436,6 @@ __metadata: languageName: node linkType: hard -"snapdragon@npm:^0.8.1": - version: 0.8.2 - resolution: "snapdragon@npm:0.8.2" - dependencies: - base: ^0.11.1 - debug: ^2.2.0 - define-property: ^0.2.5 - extend-shallow: ^2.0.1 - map-cache: ^0.2.2 - source-map: ^0.5.6 - source-map-resolve: ^0.5.0 - use: ^3.1.0 - checksum: a197f242a8f48b11036563065b2487e9b7068f50a20dd81d9161eca6af422174fc158b8beeadbe59ce5ef172aa5718143312b3aebaae551c124b7824387c8312 - languageName: node - linkType: hard - "socket.io-adapter@npm:~2.5.2": version: 2.5.5 resolution: "socket.io-adapter@npm:2.5.5" @@ -16864,17 +16457,17 @@ __metadata: linkType: hard "socket.io@npm:^4.6.2": - version: 4.7.5 - resolution: "socket.io@npm:4.7.5" + version: 4.8.1 + resolution: "socket.io@npm:4.8.1" dependencies: accepts: ~1.3.4 base64id: ~2.0.0 cors: ~2.8.5 debug: ~4.3.2 - engine.io: ~6.5.2 + engine.io: ~6.6.0 socket.io-adapter: ~2.5.2 socket.io-parser: ~4.2.4 - checksum: b8b57216152cf230bdcb77b5450e124ebe1fee7482eeb50a6ef760b69f2f5a064e9b8640ce9c1efc5c9e081f5d797d3f6ff3f81606e19ddaf5d4114aad9ec7d3 + checksum: d5e4d7eabba7a04c0d130a7b34c57050a1b4694e5b9eb9bd0a40dd07c1d635f3d5cacc15442f6135be8b2ecdad55dad08ee576b5c74864508890ff67329722fa languageName: node linkType: hard @@ -16899,13 +16492,18 @@ __metadata: languageName: node linkType: hard -"sort-array@npm:^4.1.5": - version: 4.1.5 - resolution: "sort-array@npm:4.1.5" +"sort-array@npm:^5.0.0": + version: 5.0.0 + resolution: "sort-array@npm:5.0.0" dependencies: - array-back: ^5.0.0 - typical: ^6.0.1 - checksum: ffaf7c255988af15ec08d78347743d7414ad495b94cd32d201be887b63258b453c9bda240d1c388bd71b46922db307ff7dbc988e717d3ded7eb20513698ea178 + array-back: ^6.2.2 + typical: ^7.1.1 + peerDependencies: + "@75lb/nature": ^0.1.1 + peerDependenciesMeta: + "@75lb/nature": + optional: true + checksum: b14748cfa091143432e9a84e2bb1478235a63ba38fa3b5d8da31441b0d7183588f2d61454428a4349fb5f912c189c712d5eecebf3b7101da03ecd6383dc2c5c7 languageName: node linkType: hard @@ -16932,23 +16530,10 @@ __metadata: languageName: node linkType: hard -"source-map-js@npm:>=0.6.2 <2.0.0, source-map-js@npm:^1.0.1, source-map-js@npm:^1.2.0": - version: 1.2.0 - resolution: "source-map-js@npm:1.2.0" - checksum: 791a43306d9223792e84293b00458bf102a8946e7188f3db0e4e22d8d530b5f80a4ce468eb5ec0bf585443ad55ebbd630bf379c98db0b1f317fd902500217f97 - languageName: node - linkType: hard - -"source-map-resolve@npm:^0.5.0": - version: 0.5.3 - resolution: "source-map-resolve@npm:0.5.3" - dependencies: - atob: ^2.1.2 - decode-uri-component: ^0.2.0 - resolve-url: ^0.2.1 - source-map-url: ^0.4.0 - urix: ^0.1.0 - checksum: c73fa44ac00783f025f6ad9e038ab1a2e007cd6a6b86f47fe717c3d0765b4a08d264f6966f3bd7cd9dbcd69e4832783d5472e43247775b2a550d6f2155d24bae +"source-map-js@npm:>=0.6.2 <2.0.0, source-map-js@npm:^1.0.1, source-map-js@npm:^1.2.1": + version: 1.2.1 + resolution: "source-map-js@npm:1.2.1" + checksum: 4eb0cd997cdf228bc253bcaff9340afeb706176e64868ecd20efbe6efea931465f43955612346d6b7318789e5265bdc419bc7669c1cebe3db0eb255f57efa76b languageName: node linkType: hard @@ -16985,7 +16570,7 @@ __metadata: languageName: node linkType: hard -"source-map@npm:^0.5.3, source-map@npm:^0.5.6": +"source-map@npm:^0.5.3": version: 0.5.7 resolution: "source-map@npm:0.5.7" checksum: 5dc2043b93d2f194142c7f38f74a24670cd7a0063acdaf4bf01d2964b402257ae843c2a8fa822ad5b71013b5fcafa55af7421383da919752f22ff488bc553f4d @@ -17055,18 +16640,9 @@ __metadata: linkType: hard "spdx-license-ids@npm:^3.0.0": - version: 3.0.18 - resolution: "spdx-license-ids@npm:3.0.18" - checksum: 457825df5dd1fc0135b0bb848c896143f70945cc2da148afc71c73ed0837d1d651f809006e406d82109c9dd71a8cb39785a3604815fe46bc0548e9d3976f6b69 - languageName: node - linkType: hard - -"split-string@npm:^3.0.1": - version: 3.1.0 - resolution: "split-string@npm:3.1.0" - dependencies: - extend-shallow: ^3.0.0 - checksum: ae5af5c91bdc3633628821bde92fdf9492fa0e8a63cf6a0376ed6afde93c701422a1610916f59be61972717070119e848d10dfbbd5024b7729d6a71972d2a84c + version: 3.0.20 + resolution: "spdx-license-ids@npm:3.0.20" + checksum: 0c57750bedbcff48f3d0e266fbbdaf0aab54217e182f669542ffe0b5a902dce69e8cdfa126a131e1ddd39a9bef4662e357b2b41315d7240b4a28c0a7e782bb40 languageName: node linkType: hard @@ -17116,16 +16692,6 @@ __metadata: languageName: node linkType: hard -"static-extend@npm:^0.1.1": - version: 0.1.2 - resolution: "static-extend@npm:0.1.2" - dependencies: - define-property: ^0.2.5 - object-copy: ^0.1.0 - checksum: 8657485b831f79e388a437260baf22784540417a9b29e11572c87735df24c22b84eda42107403a64b30861b2faf13df9f7fc5525d51f9d1d2303aba5cbf4e12c - languageName: node - linkType: hard - "statuses@npm:2.0.1": version: 2.0.1 resolution: "statuses@npm:2.0.1" @@ -17569,12 +17135,12 @@ __metadata: linkType: hard "supports-hyperlinks@npm:^3.0.0": - version: 3.0.0 - resolution: "supports-hyperlinks@npm:3.0.0" + version: 3.1.0 + resolution: "supports-hyperlinks@npm:3.1.0" dependencies: has-flag: ^4.0.0 supports-color: ^7.0.0 - checksum: 41021305de5255b10d821bf93c7a781f783e1693d0faec293d7fc7ccf17011b90bde84b0295fa92ba75c6c390351fe84fdd18848cad4bf656e464a958243c3e7 + checksum: 051ffc31ae0d3334502decb6a17170ff89d870094d6835d93dfb2cda03e2a4504bf861a0954942af5e65fdd038b81cef5998696d0f4f4ff5f5bd3e40c7981874 languageName: node linkType: hard @@ -17616,9 +17182,11 @@ __metadata: linkType: hard "swagger-ui-dist@npm:^5.9.0": - version: 5.17.14 - resolution: "swagger-ui-dist@npm:5.17.14" - checksum: e10f8068e370fb17cf6882c8d8b925044862ea74b67296c6d97eef42a904eed3e9ed21867cc0458cbf0de7bd2a49e79282a1a3b7e6a1ccdbba1b650d86b528bb + version: 5.18.2 + resolution: "swagger-ui-dist@npm:5.18.2" + dependencies: + "@scarf/scarf": =1.4.0 + checksum: 4e8f3e4669276f421f91ce6214f9df09a5b0f9aa1b636e9044076af4f3a02b093d1eb43ed1b3962aba08be803692e71dfc1ce0c28c2057b9eb0c35b166d7ef42 languageName: node linkType: hard @@ -17656,12 +17224,12 @@ __metadata: linkType: hard "synckit@npm:^0.9.1": - version: 0.9.1 - resolution: "synckit@npm:0.9.1" + version: 0.9.2 + resolution: "synckit@npm:0.9.2" dependencies: "@pkgr/core": ^0.1.0 tslib: ^2.6.2 - checksum: 4042941a4d939675f1d7b01124b8405b6ac616f3e3f396d00e46c67f38d0d5b7f9a1de05bc7ceea4ce80d967b450cfa2460e5f6aca81f7cea8f1a28be9392985 + checksum: 3a30e828efbdcf3b50fccab4da6e90ea7ca24d8c5c2ad3ffe98e07d7c492df121e0f75227c6e510f96f976aae76f1fa4710cb7b1d69db881caf66ef9de89360e languageName: node linkType: hard @@ -17749,7 +17317,7 @@ __metadata: languageName: node linkType: hard -"terser-webpack-plugin@npm:^5.3.7": +"terser-webpack-plugin@npm:^5.3.10": version: 5.3.10 resolution: "terser-webpack-plugin@npm:5.3.10" dependencies: @@ -17785,8 +17353,8 @@ __metadata: linkType: hard "terser@npm:^5.26.0, terser@npm:^5.7.0": - version: 5.31.3 - resolution: "terser@npm:5.31.3" + version: 5.36.0 + resolution: "terser@npm:5.36.0" dependencies: "@jridgewell/source-map": ^0.3.3 acorn: ^8.8.2 @@ -17794,17 +17362,7 @@ __metadata: source-map-support: ~0.5.20 bin: terser: bin/terser - checksum: cb4ccd5cb42c719272959dcae63d41e4696fb304123392943282caa6dfcdc49f94e7c48353af8bcd4fbc34457b240b7f843db7fec21bb2bdc18e01d4f45b035e - languageName: node - linkType: hard - -"test-value@npm:^1.0.1": - version: 1.1.0 - resolution: "test-value@npm:1.1.0" - dependencies: - array-back: ^1.0.2 - typical: ^2.4.2 - checksum: 7c02d5228057e8a62fdca9e67f370b4d57aebfb01bbb92cc6a2a108b9a97528d15f8c76faf9c8c7ce4e152e2c30832ebb1067ebeeadd89fb2f65b384dbf1a881 + checksum: 489afd31901a2b170f7766948a3aa0e25da0acb41e9e35bd9f9b4751dfa2fc846e485f6fb9d34f0839a96af77f675b5fbf0a20c9aa54e0b8d7c219cf0b55e508 languageName: node linkType: hard @@ -17829,8 +17387,8 @@ __metadata: linkType: hard "testem@npm:^3.10.1": - version: 3.15.0 - resolution: "testem@npm:3.15.0" + version: 3.15.2 + resolution: "testem@npm:3.15.2" dependencies: "@xmldom/xmldom": ^0.8.0 backbone: ^1.1.2 @@ -17845,11 +17403,7 @@ __metadata: glob: ^7.0.4 http-proxy: ^1.13.1 js-yaml: ^3.2.5 - lodash.assignin: ^4.1.0 - lodash.castarray: ^4.4.0 - lodash.clonedeep: ^4.4.1 - lodash.find: ^4.5.1 - lodash.uniqby: ^4.7.0 + lodash: ^4.17.21 mkdirp: ^3.0.1 mustache: ^4.2.0 node-notifier: ^10.0.0 @@ -17863,7 +17417,7 @@ __metadata: tmp: 0.0.33 bin: testem: testem.js - checksum: 46f348a71f07b27c61ef910c4800472c0c1fd2caafc49948b851bea18fef88a1a919916d7352972b7618fdfbe2f829f4d9225f665c80085c996595f8f30c1c47 + checksum: 7fec8b3df50907a5d600cd12f23803147e62dbb3370560fe73114e0398bb0ff41c6b863b01da868d2a28c1700d5f7c3fef9ff66d04dd4aed1b30b0ec19c1e096 languageName: node linkType: hard @@ -17986,22 +17540,6 @@ __metadata: languageName: node linkType: hard -"to-fast-properties@npm:^2.0.0": - version: 2.0.0 - resolution: "to-fast-properties@npm:2.0.0" - checksum: be2de62fe58ead94e3e592680052683b1ec986c72d589e7b21e5697f8744cdbf48c266fa72f6c15932894c10187b5f54573a3bcf7da0bfd964d5caf23d436168 - languageName: node - linkType: hard - -"to-object-path@npm:^0.3.0": - version: 0.3.0 - resolution: "to-object-path@npm:0.3.0" - dependencies: - kind-of: ^3.0.2 - checksum: 9425effee5b43e61d720940fa2b889623f77473d459c2ce3d4a580a4405df4403eec7be6b857455908070566352f9e2417304641ed158dda6f6a365fe3e66d70 - languageName: node - linkType: hard - "to-regex-range@npm:^5.0.1": version: 5.0.1 resolution: "to-regex-range@npm:5.0.1" @@ -18011,18 +17549,6 @@ __metadata: languageName: node linkType: hard -"to-regex@npm:^3.0.1, to-regex@npm:^3.0.2": - version: 3.0.2 - resolution: "to-regex@npm:3.0.2" - dependencies: - define-property: ^2.0.2 - extend-shallow: ^3.0.2 - regex-not: ^1.0.2 - safe-regex: ^1.1.0 - checksum: 4ed4a619059b64e204aad84e4e5f3ea82d97410988bcece7cf6cbfdbf193d11bff48cf53842d88b8bb00b1bfc0d048f61f20f0709e6f393fd8fe0122662d9db4 - languageName: node - linkType: hard - "to-vfile@npm:^6.1.0": version: 6.1.0 resolution: "to-vfile@npm:6.1.0" @@ -18041,12 +17567,13 @@ __metadata: linkType: hard "tracked-built-ins@npm:^3.3.0": - version: 3.3.0 - resolution: "tracked-built-ins@npm:3.3.0" + version: 3.4.0 + resolution: "tracked-built-ins@npm:3.4.0" dependencies: - "@embroider/addon-shim": ^1.8.3 + "@embroider/addon-shim": ^1.8.7 + decorator-transforms: ^2.0.0 ember-tracked-storage-polyfill: ^1.0.0 - checksum: 3f50b98b26f32d96adeed7611f83566d27086b3ea9402bfdbe66dd4a5f4fc86d1acf5f55870568be7442e0b51dde4a3617c7d465cbfcc640c0a1e702f67b5190 + checksum: 4b65ebfa9f395d72733c1e29f88e09e125bb493c36151a2c56e4a5fc427690113dd0baf86ee0ac5094bfb58c2ea7983027e2def7e2014c120defbe80ccd2fed5 languageName: node linkType: hard @@ -18063,13 +17590,13 @@ __metadata: linkType: hard "traverse@npm:^0.6.7": - version: 0.6.9 - resolution: "traverse@npm:0.6.9" + version: 0.6.10 + resolution: "traverse@npm:0.6.10" dependencies: gopd: ^1.0.1 typedarray.prototype.slice: ^1.0.3 which-typed-array: ^1.1.15 - checksum: e2f4b46caf849b6ea9006230995edc7376c1361f33c2110f425339a814b71b968f5c84a130ae21b4300d1849fff42cec6117c2aebde8a68d33c6871e9621a80f + checksum: ff25d30726db4867c01ff1f1bd8a5e3356b920c4d674ddf6c3764179bb54766cf1ad0158bbd65667e1f5fbde2d4efbd814d7b24d44149cc31255f0cfe2ab2095 languageName: node linkType: hard @@ -18129,10 +17656,10 @@ __metadata: languageName: node linkType: hard -"tslib@npm:^2.0.3, tslib@npm:^2.1.0, tslib@npm:^2.4.0, tslib@npm:^2.4.1, tslib@npm:^2.6.1, tslib@npm:^2.6.2": - version: 2.6.3 - resolution: "tslib@npm:2.6.3" - checksum: 74fce0e100f1ebd95b8995fbbd0e6c91bdd8f4c35c00d4da62e285a3363aaa534de40a80db30ecfd388ed7c313c42d930ee0eaf108e8114214b180eec3dbe6f5 +"tslib@npm:^2.0.3, tslib@npm:^2.1.0, tslib@npm:^2.4.0, tslib@npm:^2.4.1, tslib@npm:^2.6.2, tslib@npm:^2.8.1": + version: 2.8.1 + resolution: "tslib@npm:2.8.1" + checksum: e4aba30e632b8c8902b47587fd13345e2827fa639e7c3121074d5ee0880723282411a8838f830b55100cbe4517672f84a2472667d355b81e8af165a55dc6203a languageName: node linkType: hard @@ -18156,13 +17683,20 @@ __metadata: languageName: node linkType: hard -"type-detect@npm:4.0.8, type-detect@npm:^4.0.8": +"type-detect@npm:4.0.8": version: 4.0.8 resolution: "type-detect@npm:4.0.8" checksum: 62b5628bff67c0eb0b66afa371bd73e230399a8d2ad30d852716efcc4656a7516904570cd8631a49a3ce57c10225adf5d0cbdcb47f6b0255fe6557c453925a15 languageName: node linkType: hard +"type-detect@npm:^4.1.0": + version: 4.1.0 + resolution: "type-detect@npm:4.1.0" + checksum: 3b32f873cd02bc7001b00a61502b7ddc4b49278aabe68d652f732e1b5d768c072de0bc734b427abf59d0520a5f19a2e07309ab921ef02018fa1cb4af155cdb37 + languageName: node + linkType: hard + "type-fest@npm:^0.11.0": version: 0.11.0 resolution: "type-fest@npm:0.11.0" @@ -18226,8 +17760,8 @@ __metadata: linkType: hard "typed-array-byte-offset@npm:^1.0.2": - version: 1.0.2 - resolution: "typed-array-byte-offset@npm:1.0.2" + version: 1.0.3 + resolution: "typed-array-byte-offset@npm:1.0.3" dependencies: available-typed-arrays: ^1.0.7 call-bind: ^1.0.7 @@ -18235,21 +17769,22 @@ __metadata: gopd: ^1.0.1 has-proto: ^1.0.3 is-typed-array: ^1.1.13 - checksum: c8645c8794a621a0adcc142e0e2c57b1823bbfa4d590ad2c76b266aa3823895cf7afb9a893bf6685e18454ab1b0241e1a8d885a2d1340948efa4b56add4b5f67 + reflect.getprototypeof: ^1.0.6 + checksum: 36728daa80d49a9fa51cd3f0f2b037613f4574666fd4473bd37ac123d7f6f81ea68ff45424c1e2673257964e10bedeb3ebfce73532672913ebbe446999912303 languageName: node linkType: hard "typed-array-length@npm:^1.0.6": - version: 1.0.6 - resolution: "typed-array-length@npm:1.0.6" + version: 1.0.7 + resolution: "typed-array-length@npm:1.0.7" dependencies: call-bind: ^1.0.7 for-each: ^0.3.3 gopd: ^1.0.1 - has-proto: ^1.0.3 is-typed-array: ^1.1.13 possible-typed-array-names: ^1.0.0 - checksum: f0315e5b8f0168c29d390ff410ad13e4d511c78e6006df4a104576844812ee447fcc32daab1f3a76c9ef4f64eff808e134528b5b2439de335586b392e9750e5c + reflect.getprototypeof: ^1.0.6 + checksum: deb1a4ffdb27cd930b02c7030cb3e8e0993084c643208e52696e18ea6dd3953dfc37b939df06ff78170423d353dc8b10d5bae5796f3711c1b3abe52872b3774c languageName: node linkType: hard @@ -18294,12 +17829,12 @@ __metadata: linkType: hard "typescript@npm:^5.4.5": - version: 5.5.3 - resolution: "typescript@npm:5.5.3" + version: 5.7.2 + resolution: "typescript@npm:5.7.2" bin: tsc: bin/tsc tsserver: bin/tsserver - checksum: 4b4f14313484d5c86064d04ba892544801fa551f5cf72719b540b498056fec7fc192d0bbdb2ba1448e759b1548769956da9e43e7c16781e8d8856787b0575004 + checksum: b55300c4cefee8ee380d14fa9359ccb41ff8b54c719f6bc49b424899d662a5ce62ece390ce769568c7f4d14af844085255e63788740084444eb12ef423b13433 languageName: node linkType: hard @@ -18314,16 +17849,16 @@ __metadata: linkType: hard "typescript@patch:typescript@^5.4.5#~builtin": - version: 5.5.3 - resolution: "typescript@patch:typescript@npm%3A5.5.3#~builtin::version=5.5.3&hash=85af82" + version: 5.7.2 + resolution: "typescript@patch:typescript@npm%3A5.7.2#~builtin::version=5.7.2&hash=85af82" bin: tsc: bin/tsc tsserver: bin/tsserver - checksum: 6853be4607706cc1ad2f16047cf1cd72d39f79acd5f9716e1d23bc0e462c7f59be7458fe58a21665e7657a05433d7ab8419d093a5a4bd5f3a33f879b35d2769b + checksum: 803430c6da2ba73c25a21880d8d4f08a56d9d2444e6db2ea949ac4abceeece8e4a442b7b9b585db7d8a0b47ebda2060e45fe8ee8b8aca23e27ec1d4844987ee6 languageName: node linkType: hard -"typical@npm:^2.4.2, typical@npm:^2.6.0, typical@npm:^2.6.1": +"typical@npm:^2.6.0, typical@npm:^2.6.1": version: 2.6.1 resolution: "typical@npm:2.6.1" checksum: 6af04fefe50d90d3471f058b2cdc0f49b7436bdd605cd00acea7965926ff388a5a7d692ef144f45fccee6f8e896c065702ecc44b69057e2ce88c09e897c7d3a4 @@ -18337,10 +17872,10 @@ __metadata: languageName: node linkType: hard -"typical@npm:^6.0.1": - version: 6.0.1 - resolution: "typical@npm:6.0.1" - checksum: 4eae0d3a964150a09f709b8ceed2e2800f10525f66e58212555aadf0339b16c524e6d0c4b259541ac10e8a21f5135b5a2e99a2a39be755122b19a4ecf9fa8f8c +"typical@npm:^7.1.1": + version: 7.3.0 + resolution: "typical@npm:7.3.0" + checksum: edbb9beed7ffb355806d434d1dd0d41a2b78be0a41d9f1684fabbd4fb512ee220989b5ff91b04c79d19b850d6025d6c07417d63b8e7c9a3b2229a4a0676e17da languageName: node linkType: hard @@ -18359,11 +17894,11 @@ __metadata: linkType: hard "uglify-js@npm:^3.1.4": - version: 3.19.0 - resolution: "uglify-js@npm:3.19.0" + version: 3.19.3 + resolution: "uglify-js@npm:3.19.3" bin: uglifyjs: bin/uglifyjs - checksum: 23dc4778a9c5b5252888f3871e34b4a5e69ccc92e0febd9598c82cb559a7d550244ebc3f10eb0af0586c7cc34afe8be99d1581d9fcd36e3bed219d28d0fd3452 + checksum: 7ed6272fba562eb6a3149cfd13cda662f115847865c03099e3995a0e7a910eba37b82d4fccf9e88271bb2bcbe505bb374967450f433c17fa27aa36d94a8d0553 languageName: node linkType: hard @@ -18390,23 +17925,30 @@ __metadata: linkType: hard "underscore@npm:^1.12.1": - version: 1.13.6 - resolution: "underscore@npm:1.13.6" - checksum: d5cedd14a9d0d91dd38c1ce6169e4455bb931f0aaf354108e47bd46d3f2da7464d49b2171a5cf786d61963204a42d01ea1332a903b7342ad428deaafaf70ec36 + version: 1.13.7 + resolution: "underscore@npm:1.13.7" + checksum: 174b011af29e4fbe2c70eb2baa8bfab0d0336cf2f5654f364484967bc6264a86224d0134b9176e4235c8cceae00d11839f0fd4824268de04b11c78aca1241684 languageName: node linkType: hard -"undici-types@npm:~5.26.4": - version: 5.26.5 - resolution: "undici-types@npm:5.26.5" - checksum: 3192ef6f3fd5df652f2dc1cd782b49d6ff14dc98e5dced492aa8a8c65425227da5da6aafe22523c67f035a272c599bb89cfe803c1db6311e44bed3042fc25487 +"undici-types@npm:~6.20.0": + version: 6.20.0 + resolution: "undici-types@npm:6.20.0" + checksum: b7bc50f012dc6afbcce56c9fd62d7e86b20a62ff21f12b7b5cbf1973b9578d90f22a9c7fe50e638e96905d33893bf2f9f16d98929c4673c2480de05c6c96ea8b + languageName: node + linkType: hard + +"undici@npm:^6.19.5": + version: 6.21.0 + resolution: "undici@npm:6.21.0" + checksum: bc2eb26c4b010a4f816314d48d4529f62b1116405097b2c5f0ac68247c56049a857d11a9f05b237818f04ce4f51d6f5e8d6fcc6aae2ab816c2b7318a9706727c languageName: node linkType: hard "unicode-canonical-property-names-ecmascript@npm:^2.0.0": - version: 2.0.0 - resolution: "unicode-canonical-property-names-ecmascript@npm:2.0.0" - checksum: 39be078afd014c14dcd957a7a46a60061bc37c4508ba146517f85f60361acf4c7539552645ece25de840e17e293baa5556268d091ca6762747fdd0c705001a45 + version: 2.0.1 + resolution: "unicode-canonical-property-names-ecmascript@npm:2.0.1" + checksum: 3c3dabdb1d22aef4904399f9e810d0b71c0b12b3815169d96fac97e56d5642840c6071cf709adcace2252bc6bb80242396c2ec74b37224eb015c5f7aca40bad7 languageName: node linkType: hard @@ -18421,9 +17963,9 @@ __metadata: linkType: hard "unicode-match-property-value-ecmascript@npm:^2.1.0": - version: 2.1.0 - resolution: "unicode-match-property-value-ecmascript@npm:2.1.0" - checksum: 8d6f5f586b9ce1ed0e84a37df6b42fdba1317a05b5df0c249962bd5da89528771e2d149837cad11aa26bcb84c35355cb9f58a10c3d41fa3b899181ece6c85220 + version: 2.2.0 + resolution: "unicode-match-property-value-ecmascript@npm:2.2.0" + checksum: 9e3151e1d0bc6be35c4cef105e317c04090364173e8462005b5cde08a1e7c858b6586486cfebac39dc2c6c8c9ee24afb245de6d527604866edfa454fe2a35fae languageName: node linkType: hard @@ -18455,18 +17997,6 @@ __metadata: languageName: node linkType: hard -"union-value@npm:^1.0.0": - version: 1.0.1 - resolution: "union-value@npm:1.0.1" - dependencies: - arr-union: ^3.1.0 - get-value: ^2.0.6 - is-extendable: ^0.1.1 - set-value: ^2.0.1 - checksum: a3464097d3f27f6aa90cf103ed9387541bccfc006517559381a10e0dffa62f465a9d9a09c9b9c3d26d0f4cbe61d4d010e2fbd710fd4bf1267a768ba8a774b0ba - languageName: node - linkType: hard - "unique-filename@npm:^3.0.0": version: 3.0.0 resolution: "unique-filename@npm:3.0.0" @@ -18590,16 +18120,6 @@ __metadata: languageName: node linkType: hard -"unset-value@npm:^1.0.0": - version: 1.0.0 - resolution: "unset-value@npm:1.0.0" - dependencies: - has-value: ^0.3.1 - isobject: ^3.0.0 - checksum: 5990ecf660672be2781fc9fb322543c4aa592b68ed9a3312fa4df0e9ba709d42e823af090fc8f95775b4cd2c9a5169f7388f0cec39238b6d0d55a69fc2ab6b29 - languageName: node - linkType: hard - "upath@npm:^2.0.1": version: 2.0.1 resolution: "upath@npm:2.0.1" @@ -18607,17 +18127,17 @@ __metadata: languageName: node linkType: hard -"update-browserslist-db@npm:^1.1.0": - version: 1.1.0 - resolution: "update-browserslist-db@npm:1.1.0" +"update-browserslist-db@npm:^1.1.1": + version: 1.1.1 + resolution: "update-browserslist-db@npm:1.1.1" dependencies: - escalade: ^3.1.2 - picocolors: ^1.0.1 + escalade: ^3.2.0 + picocolors: ^1.1.0 peerDependencies: browserslist: ">= 4.21.0" bin: update-browserslist-db: cli.js - checksum: 7b74694d96f0c360f01b702e72353dc5a49df4fe6663d3ee4e5c628f061576cddf56af35a3a886238c01dd3d8f231b7a86a8ceaa31e7a9220ae31c1c1238e562 + checksum: 2ea11bd2562122162c3e438d83a1f9125238c0844b6d16d366e3276d0c0acac6036822dc7df65fc5a89c699cdf9f174acf439c39bedf3f9a2f3983976e4b4c3e languageName: node linkType: hard @@ -18637,20 +18157,6 @@ __metadata: languageName: node linkType: hard -"urix@npm:^0.1.0": - version: 0.1.0 - resolution: "urix@npm:0.1.0" - checksum: 4c076ecfbf3411e888547fe844e52378ab5ada2d2f27625139011eada79925e77f7fbf0e4016d45e6a9e9adb6b7e64981bd49b22700c7c401c5fc15f423303b3 - languageName: node - linkType: hard - -"use@npm:^3.1.0": - version: 3.1.1 - resolution: "use@npm:3.1.1" - checksum: 08a130289f5238fcbf8f59a18951286a6e660d17acccc9d58d9b69dfa0ee19aa038e8f95721b00b432c36d1629a9e32a464bf2e7e0ae6a244c42ddb30bdd8b33 - languageName: node - linkType: hard - "username-sync@npm:^1.0.2": version: 1.0.3 resolution: "username-sync@npm:1.0.3" @@ -18845,7 +18351,7 @@ __metadata: ember-sinon-qunit: ^7.4.0 ember-source: ~5.4.0 ember-style-modifier: ^4.1.0 - ember-svg-jar: 2.4.4 + ember-svg-jar: 2.6.0 ember-template-lint: ^6.0.0 ember-template-lint-plugin-prettier: ^5.0.0 ember-test-selectors: 6.0.0 @@ -18892,7 +18398,7 @@ __metadata: typescript: ^5.4.5 uuid: ^9.0.0 walk-sync: ^2.0.2 - webpack: 5.89.0 + webpack: 5.94.0 languageName: unknown linkType: soft @@ -18943,9 +18449,9 @@ __metadata: linkType: hard "walk-back@npm:^5.1.0": - version: 5.1.0 - resolution: "walk-back@npm:5.1.0" - checksum: b0e9acdac22dcd281d24fb857af52f39ca4e8f3b18921106b676b0baa96fb7f97c55630d9df0814207a194e6a75f175d8c8282648914458fd949eae901b276f5 + version: 5.1.1 + resolution: "walk-back@npm:5.1.1" + checksum: c976482ff419cd9b2ae256d6eec4a9d9c131656c6cbf316acbe3372feee79bd7c8c82122434af02f301071fe08865804e0d929a80eb44c42f9ad26edbe9a85a1 languageName: node linkType: hard @@ -19037,13 +18543,13 @@ __metadata: languageName: node linkType: hard -"watchpack@npm:^2.4.0": - version: 2.4.1 - resolution: "watchpack@npm:2.4.1" +"watchpack@npm:^2.4.1": + version: 2.4.2 + resolution: "watchpack@npm:2.4.2" dependencies: glob-to-regexp: ^0.4.1 graceful-fs: ^4.1.2 - checksum: 5b0179348655dcdf19cac7cb4ff923fdc024d630650c0bf6bec8899cf47c60e19d4f810a88dba692ed0e7f684cf0fcffea86efdbf6c35d81f031e328043b7fab + checksum: 92d9d52ce3d16fd83ed6994d1dd66a4d146998882f4c362d37adfea9ab77748a5b4d1e0c65fa104797928b2d40f635efa8f9b925a6265428a69f1e1852ca3441 languageName: node linkType: hard @@ -19063,40 +18569,39 @@ __metadata: languageName: node linkType: hard -"webpack@npm:5.89.0": - version: 5.89.0 - resolution: "webpack@npm:5.89.0" +"webpack@npm:5.94.0": + version: 5.94.0 + resolution: "webpack@npm:5.94.0" dependencies: - "@types/eslint-scope": ^3.7.3 - "@types/estree": ^1.0.0 - "@webassemblyjs/ast": ^1.11.5 - "@webassemblyjs/wasm-edit": ^1.11.5 - "@webassemblyjs/wasm-parser": ^1.11.5 + "@types/estree": ^1.0.5 + "@webassemblyjs/ast": ^1.12.1 + "@webassemblyjs/wasm-edit": ^1.12.1 + "@webassemblyjs/wasm-parser": ^1.12.1 acorn: ^8.7.1 - acorn-import-assertions: ^1.9.0 - browserslist: ^4.14.5 + acorn-import-attributes: ^1.9.5 + browserslist: ^4.21.10 chrome-trace-event: ^1.0.2 - enhanced-resolve: ^5.15.0 + enhanced-resolve: ^5.17.1 es-module-lexer: ^1.2.1 eslint-scope: 5.1.1 events: ^3.2.0 glob-to-regexp: ^0.4.1 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.11 json-parse-even-better-errors: ^2.3.1 loader-runner: ^4.2.0 mime-types: ^2.1.27 neo-async: ^2.6.2 schema-utils: ^3.2.0 tapable: ^2.1.1 - terser-webpack-plugin: ^5.3.7 - watchpack: ^2.4.0 + terser-webpack-plugin: ^5.3.10 + watchpack: ^2.4.1 webpack-sources: ^3.2.3 peerDependenciesMeta: webpack-cli: optional: true bin: webpack: bin/webpack.js - checksum: 43fe0dbc30e168a685ef5a86759d5016a705f6563b39a240aa00826a80637d4a3deeb8062e709d6a4b05c63e796278244c84b04174704dc4a37bedb0f565c5ed + checksum: 6a3d667be304a69cd6dcb8d676bc29f47642c0d389af514cfcd646eaaa809961bc6989fc4b2621a717dfc461130f29c6e20006d62a32e012dafaa9517813a4e6 languageName: node linkType: hard @@ -19118,16 +18623,65 @@ __metadata: languageName: node linkType: hard +"whatwg-encoding@npm:^3.1.1": + version: 3.1.1 + resolution: "whatwg-encoding@npm:3.1.1" + dependencies: + iconv-lite: 0.6.3 + checksum: f75a61422421d991e4aec775645705beaf99a16a88294d68404866f65e92441698a4f5b9fa11dd609017b132d7b286c3c1534e2de5b3e800333856325b549e3c + languageName: node + linkType: hard + +"whatwg-mimetype@npm:^4.0.0": + version: 4.0.0 + resolution: "whatwg-mimetype@npm:4.0.0" + checksum: f97edd4b4ee7e46a379f3fb0e745de29fe8b839307cc774300fd49059fcdd560d38cb8fe21eae5575b8f39b022f23477cc66e40b0355c2851ce84760339cef30 + languageName: node + linkType: hard + "which-boxed-primitive@npm:^1.0.2": + version: 1.1.0 + resolution: "which-boxed-primitive@npm:1.1.0" + dependencies: + is-bigint: ^1.1.0 + is-boolean-object: ^1.2.0 + is-number-object: ^1.1.0 + is-string: ^1.1.0 + is-symbol: ^1.1.0 + checksum: 49ebec9693ed21ee8183b9e353ee7134a03722776c84624019964124885a4a940f469af3d1508ad83022a68cc515aecbef70fb1256ace57a871c43d24d050304 + languageName: node + linkType: hard + +"which-builtin-type@npm:^1.1.4": + version: 1.2.0 + resolution: "which-builtin-type@npm:1.2.0" + dependencies: + call-bind: ^1.0.7 + function.prototype.name: ^1.1.6 + has-tostringtag: ^1.0.2 + is-async-function: ^2.0.0 + is-date-object: ^1.0.5 + is-finalizationregistry: ^1.1.0 + is-generator-function: ^1.0.10 + is-regex: ^1.1.4 + is-weakref: ^1.0.2 + isarray: ^2.0.5 + which-boxed-primitive: ^1.0.2 + which-collection: ^1.0.2 + which-typed-array: ^1.1.15 + checksum: 6d40ecdf33a28c3fdeab13e7e3b4289fb51f7ebd0983e628d50fa42e113d8be1bc7dd0e6eb23c6b6a0c2c0c7667763eca3a2af1f6d768e48efba8073870eb568 + languageName: node + linkType: hard + +"which-collection@npm:^1.0.2": version: 1.0.2 - resolution: "which-boxed-primitive@npm:1.0.2" + resolution: "which-collection@npm:1.0.2" dependencies: - is-bigint: ^1.0.1 - is-boolean-object: ^1.1.0 - is-number-object: ^1.0.4 - is-string: ^1.0.5 - is-symbol: ^1.0.3 - checksum: 53ce774c7379071729533922adcca47220228405e1895f26673bbd71bdf7fb09bee38c1d6399395927c6289476b5ae0629863427fd151491b71c4b6cb04f3a5e + is-map: ^2.0.3 + is-set: ^2.0.3 + is-weakmap: ^2.0.2 + is-weakset: ^2.0.3 + checksum: c51821a331624c8197916598a738fc5aeb9a857f1e00d89f5e4c03dc7c60b4032822b8ec5696d28268bb83326456a8b8216344fb84270d18ff1d7628051879d9 languageName: node linkType: hard @@ -19139,15 +18693,15 @@ __metadata: linkType: hard "which-typed-array@npm:^1.1.14, which-typed-array@npm:^1.1.15": - version: 1.1.15 - resolution: "which-typed-array@npm:1.1.15" + version: 1.1.16 + resolution: "which-typed-array@npm:1.1.16" dependencies: available-typed-arrays: ^1.0.7 call-bind: ^1.0.7 for-each: ^0.3.3 gopd: ^1.0.1 has-tostringtag: ^1.0.2 - checksum: 65227dcbfadf5677aacc43ec84356d17b5500cb8b8753059bb4397de5cd0c2de681d24e1a7bd575633f976a95f88233abfd6549c2105ef4ebd58af8aa1807c75 + checksum: 903d398ec234d608011e1df09af6c004e66965bb24d5e1a82856cba0495fa6389ae393d1c9d5411498a9cba8e61b2e39a8e8be7b3005cbeadd317f772b1bdaef languageName: node linkType: hard @@ -19397,11 +18951,11 @@ __metadata: linkType: hard "yaml@npm:^2.2.2": - version: 2.4.5 - resolution: "yaml@npm:2.4.5" + version: 2.6.1 + resolution: "yaml@npm:2.6.1" bin: yaml: bin.mjs - checksum: f8efd407c07e095f00f3031108c9960b2b12971d10162b1ec19007200f6c987d2e28f73283f4731119aa610f177a3ea03d4a8fcf640600a25de1b74d00c69b3d + checksum: 5cf2627f121dcf04ccdebce8e6cbac7c9983d465c4eab314f6fbdc13cda8a07f4e8f9c2252a382b30bcabe05ee3c683647293afd52eb37cbcefbdc7b6ebde9ee languageName: node linkType: hard diff --git a/vault/core.go b/vault/core.go index 981d2a2fe706..998fb5edcab2 100644 --- a/vault/core.go +++ b/vault/core.go @@ -50,6 +50,7 @@ import ( "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/osutil" + "github.com/hashicorp/vault/helper/trace" "github.com/hashicorp/vault/physical/raft" "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/consts" @@ -233,7 +234,8 @@ type unlockInformation struct { } type raftInformation struct { - challenge *wrapping.BlobInfo + // challenge is in ciphertext + challenge []byte leaderClient *api.Client leaderBarrierConfig *SealConfig nonVoter bool @@ -2704,6 +2706,10 @@ func (c *Core) runUnsealSetupForPrimary(ctx context.Context, logger log.Logger) // requires the Vault to be unsealed such as mount tables, logical backends, // credential stores, etc. func (c *Core) postUnseal(ctx context.Context, ctxCancelFunc context.CancelFunc, unsealer UnsealStrategy) (retErr error) { + if stopTrace := c.tracePostUnsealIfEnabled(); stopTrace != nil { + defer stopTrace() + } + defer metrics.MeasureSince([]string{"core", "post_unseal"}, time.Now()) // Clear any out @@ -2819,6 +2825,41 @@ func (c *Core) postUnseal(ctx context.Context, ctxCancelFunc context.CancelFunc, return nil } +// tracePostUnsealIfEnabled checks if post-unseal tracing is enabled in the server +// config and starts a go trace if it is, returning a stop function to be called once +// the post-unseal process is complete. +func (c *Core) tracePostUnsealIfEnabled() (stop func()) { + // use rawConfig to allow config hot-reload of EnablePostUnsealTrace via SIGHUP + conf := c.rawConfig.Load() + if conf == nil { + c.logger.Warn("failed to get raw config to check enable_post_unseal_trace") + return nil + } + + if !conf.(*server.Config).EnablePostUnsealTrace { + return nil + } + + dir := conf.(*server.Config).PostUnsealTraceDir + + traceFile, stopTrace, err := trace.StartDebugTrace(dir, "post-unseal") + if err != nil { + c.logger.Warn("failed to start post-unseal trace", "error", err) + return nil + } + + c.logger.Info("post-unseal trace started", "file", traceFile) + + return func() { + err := stopTrace() + if err != nil { + c.logger.Warn("failure when stopping post-unseal trace", "error", err) + return + } + c.logger.Info("post-unseal trace completed", "file", traceFile) + } +} + // preSeal is invoked before the barrier is sealed, allowing // for any state teardown required. func (c *Core) preSeal() error { @@ -2855,14 +2896,17 @@ func (c *Core) preSeal() error { if err := c.teardownAudits(); err != nil { result = multierror.Append(result, fmt.Errorf("error tearing down audits: %w", err)) } - if err := c.stopExpiration(); err != nil { - result = multierror.Append(result, fmt.Errorf("error stopping expiration: %w", err)) - } + // Ensure that the ActivityLog and CensusManager are both completely torn + // down before stopping the ExpirationManager. This ordering is critical, + // due to a tight coupling between the ActivityLog, CensusManager, and + // ExpirationManager for product usage reporting. c.stopActivityLog() - // Clean up census on seal if err := c.teardownCensusManager(); err != nil { result = multierror.Append(result, fmt.Errorf("error tearing down reporting agent: %w", err)) } + if err := c.stopExpiration(); err != nil { + result = multierror.Append(result, fmt.Errorf("error stopping expiration: %w", err)) + } if err := c.teardownCredentials(context.Background()); err != nil { result = multierror.Append(result, fmt.Errorf("error tearing down credentials: %w", err)) } diff --git a/vault/core_metrics.go b/vault/core_metrics.go index fd249f9a7de6..c302099953a7 100644 --- a/vault/core_metrics.go +++ b/vault/core_metrics.go @@ -14,6 +14,7 @@ import ( "github.com/armon/go-metrics" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" + "github.com/hashicorp/vault/helper/pluginconsts" "github.com/hashicorp/vault/limits" "github.com/hashicorp/vault/physical/raft" "github.com/hashicorp/vault/sdk/helper/consts" @@ -402,7 +403,7 @@ func (c *Core) findKvMounts() []*kvMount { } for _, entry := range c.mounts.Entries { - if entry.Type == "kv" || entry.Type == "generic" { + if entry.Type == pluginconsts.SecretEngineKV || entry.Type == pluginconsts.SecretEngineGeneric { version, ok := entry.Options["version"] if !ok || version == "" { version = "1" @@ -490,6 +491,68 @@ func (c *Core) walkKvMountSecrets(ctx context.Context, m *kvMount) { } } +// GetTotalPkiRoles returns the total roles across all PKI mounts in Vault +func (c *Core) GetTotalPkiRoles(ctx context.Context) int { + c.mountsLock.RLock() + defer c.mountsLock.RUnlock() + + numRoles := 0 + + for _, entry := range c.mounts.Entries { + secretType := entry.Type + if secretType == pluginconsts.SecretEnginePki { + listRequest := &logical.Request{ + Operation: logical.ListOperation, + Path: entry.namespace.Path + entry.Path + "roles", + } + resp, err := c.router.Route(ctx, listRequest) + if err != nil || resp == nil { + continue + } + rawKeys, ok := resp.Data["keys"] + if !ok { + continue + } + keys, ok := rawKeys.([]string) + if ok { + numRoles += len(keys) + } + } + } + return numRoles +} + +// GetTotalPkiIssuers returns the total issuers across all PKI mounts in Vault +func (c *Core) GetTotalPkiIssuers(ctx context.Context) int { + c.mountsLock.RLock() + defer c.mountsLock.RUnlock() + + numRoles := 0 + + for _, entry := range c.mounts.Entries { + secretType := entry.Type + if secretType == pluginconsts.SecretEnginePki { + listRequest := &logical.Request{ + Operation: logical.ListOperation, + Path: entry.namespace.Path + entry.Path + "issuers", + } + resp, err := c.router.Route(ctx, listRequest) + if err != nil || resp == nil { + continue + } + rawKeys, ok := resp.Data["keys"] + if !ok { + continue + } + keys, ok := rawKeys.([]string) + if ok { + numRoles += len(keys) + } + } + } + return numRoles +} + // getMinNamespaceSecrets is expected to be called on the output // of GetKvUsageMetrics to get the min number of secrets in a single namespace. func getMinNamespaceSecrets(mapOfNamespacesToSecrets map[string]int) int { @@ -535,6 +598,24 @@ func getMeanNamespaceSecrets(mapOfNamespacesToSecrets map[string]int) int { return getTotalSecretsAcrossAllNamespaces(mapOfNamespacesToSecrets) / length } +// GetSecretEngineUsageMetrics returns a map of secret engine mount types to the number of those mounts that exist. +func (c *Core) GetSecretEngineUsageMetrics() map[string]int { + mounts := make(map[string]int) + + c.mountsLock.RLock() + defer c.mountsLock.RUnlock() + + for _, entry := range c.mounts.Entries { + mountType := entry.Type + if _, ok := mounts[mountType]; !ok { + mounts[mountType] = 1 + } else { + mounts[mountType] += 1 + } + } + return mounts +} + // GetAuthMethodUsageMetrics returns a map of auth mount types to the number of those mounts that exist. func (c *Core) GetAuthMethodUsageMetrics() map[string]int { mounts := make(map[string]int) @@ -542,13 +623,6 @@ func (c *Core) GetAuthMethodUsageMetrics() map[string]int { c.authLock.RLock() defer c.authLock.RUnlock() - // we don't grab the statelock, so this code might run during or after the seal process. - // Therefore, we need to check if c.auth is nil. If we do not, this will panic when - // run after seal. - if c.auth == nil { - return mounts - } - for _, entry := range c.auth.Entries { authType := entry.Type if _, ok := mounts[authType]; !ok { diff --git a/vault/core_stubs_oss.go b/vault/core_stubs_oss.go index 75fb38b40655..5758a00a87db 100644 --- a/vault/core_stubs_oss.go +++ b/vault/core_stubs_oss.go @@ -31,6 +31,10 @@ func (c *Core) EntGetLicenseState() (*LicenseState, error) { return nil, nil } +func (c *Core) EntGetLicense() (string, error) { + return "", nil +} + func (c *Core) EntReloadLicense() error { return nil } diff --git a/vault/core_test.go b/vault/core_test.go index 350657405121..e3d701520130 100644 --- a/vault/core_test.go +++ b/vault/core_test.go @@ -3400,15 +3400,11 @@ func TestDefaultDeadlock(t *testing.T) { InduceDeadlock(t, testCore, 0) } -func RestoreDeadlockOpts() func() { - opts := deadlock.Opts - return func() { - deadlock.Opts = opts - } -} - func InduceDeadlock(t *testing.T, vaultcore *Core, expected uint32) { - defer RestoreDeadlockOpts()() + priorDeadlockFunc := deadlock.Opts.OnPotentialDeadlock + defer func() { + deadlock.Opts.OnPotentialDeadlock = priorDeadlockFunc + }() var deadlocks uint32 deadlock.Opts.OnPotentialDeadlock = func() { atomic.AddUint32(&deadlocks, 1) diff --git a/vault/diagnose/test-fixtures/goodcertwithroot.pem b/vault/diagnose/test-fixtures/goodcertwithroot.pem deleted file mode 100644 index 6e4baf613a39..000000000000 --- a/vault/diagnose/test-fixtures/goodcertwithroot.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIUf+jhKTFBnqSs34II0WS1L4QsbbAwDQYJKoZIhvcNAQEL -BQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYwMjI5MDIyNzQxWhcNMjUw -MTA1MTAyODExWjAbMRkwFwYDVQQDExBjZXJ0LmV4YW1wbGUuY29tMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZx0Svr82YJpFpIy4fJNW5fKA6B8mhxS -TRAVnygAftetT8puHflY0ss7Y6X2OXjsU0PRn+1PswtivhKi+eLtgWkUF9cFYFGn -SgMld6ZWRhNheZhA6ZfQmeM/BF2pa5HK2SDF36ljgjL9T+nWrru2Uv0BCoHzLAmi -YYMiIWplidMmMO5NTRG3k+3AN0TkfakB6JVzjLGhTcXdOcVEMXkeQVqJMAuGouU5 -donyqtnaHuIJGuUdy54YDnX86txhOQhAv6r7dHXzZxS4pmLvw8UI1rsSf/GLcUVG -B+5+AAGF5iuHC3N2DTl4xz3FcN4Cb4w9pbaQ7+mCzz+anqiJfyr2nwIDAQABo4H1 -MIHyMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUm++e -HpyM3p708bgZJuRYEdX1o+UwHwYDVR0jBBgwFoAUncSzT/6HMexyuiU9/7EgHu+o -k5swOwYIKwYBBQUHAQEELzAtMCsGCCsGAQUFBzAChh9odHRwOi8vMTI3LjAuMC4x -OjgyMDAvdjEvcGtpL2NhMCEGA1UdEQQaMBiCEGNlcnQuZXhhbXBsZS5jb22HBH8A -AAEwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovLzEyNy4wLjAuMTo4MjAwL3YxL3Br -aS9jcmwwDQYJKoZIhvcNAQELBQADggEBABsuvmPSNjjKTVN6itWzdQy+SgMIrwfs -X1Yb9Lefkkwmp9ovKFNQxa4DucuCuzXcQrbKwWTfHGgR8ct4rf30xCRoA7dbQWq4 -aYqNKFWrRaBRAaaYZ/O1ApRTOrXqRx9Eqr0H1BXLsoAq+mWassL8sf6siae+CpwA -KqBko5G0dNXq5T4i2LQbmoQSVetIrCJEeMrU+idkuqfV2h1BQKgSEhFDABjFdTCN -QDAHsEHsi2M4/jRW9fqEuhHSDfl2n7tkFUI8wTHUUCl7gXwweJ4qtaSXIwKXYzNj -xqKHA8Purc1Yfybz4iE1JCROi9fInKlzr5xABq8nb9Qc/J9DIQM+Xmk= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDPDCCAiSgAwIBAgIUb5id+GcaMeMnYBv3MvdTGWigyJ0wDQYJKoZIhvcNAQEL -BQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYwMjI5MDIyNzI5WhcNMjYw -MjI2MDIyNzU5WjAWMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAOxTMvhTuIRc2YhxZpmPwegP86cgnqfT1mXxi1A7 -Q7qax24Nqbf00I3oDMQtAJlj2RB3hvRSCb0/lkF7i1Bub+TGxuM7NtZqp2F8FgG0 -z2md+W6adwW26rlxbQKjmRvMn66G9YPTkoJmPmxt2Tccb9+apmwW7lslL5j8H48x -AHJTMb+PMP9kbOHV5Abr3PT4jXUPUr/mWBvBiKiHG0Xd/HEmlyOEPeAThxK+I5tb -6m+eB+7cL9BsvQpy135+2bRAxUphvFi5NhryJ2vlAvoJ8UqigsNK3E28ut60FAoH -SWRfFUFFYtfPgTDS1yOKU/z/XMU2giQv2HrleWt0mp4jqBUCAwEAAaOBgTB/MA4G -A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSdxLNP/ocx -7HK6JT3/sSAe76iTmzAfBgNVHSMEGDAWgBSdxLNP/ocx7HK6JT3/sSAe76iTmzAc -BgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA -wHThDRsXJunKbAapxmQ6bDxSvTvkLA6m97TXlsFgL+Q3Jrg9HoJCNowJ0pUTwhP2 -U946dCnSCkZck0fqkwVi4vJ5EQnkvyEbfN4W5qVsQKOFaFVzep6Qid4rZT6owWPa -cNNzNcXAee3/j6hgr6OQ/i3J6fYR4YouYxYkjojYyg+CMdn6q8BoV0BTsHdnw1/N -ScbnBHQIvIZMBDAmQueQZolgJcdOuBLYHe/kRy167z8nGg+PUFKIYOL8NaOU1+CJ -t2YaEibVq5MRqCbRgnd9a2vG0jr5a3Mn4CUUYv+5qIjP3hUusYenW1/EWtn1s/gk -zehNe5dFTjFpylg1o6b8Ow== ------END CERTIFICATE----- diff --git a/vault/diagnose/tls_verification.go b/vault/diagnose/tls_verification.go index 7632e69d522f..be5603fcd614 100644 --- a/vault/diagnose/tls_verification.go +++ b/vault/diagnose/tls_verification.go @@ -270,15 +270,17 @@ func TLSFileWarningChecks(leafCerts, interCerts, rootCerts []*x509.Certificate) return warnings, nil } -// NearExpiration returns a true if a certficate will expire in a month and false otherwise +// NearExpiration returns a true if a certificate will expire in a month +// and false otherwise, along with the duration until the certificate expires +// which can be a negative duration if the certificate has already expired. func NearExpiration(c *x509.Certificate) (bool, time.Duration) { - oneMonthFromNow := time.Now().Add(30 * 24 * time.Hour) - var timeToExpiry time.Duration - if oneMonthFromNow.After(c.NotAfter) { - timeToExpiry := oneMonthFromNow.Sub(c.NotAfter) - return true, timeToExpiry - } - return false, timeToExpiry + now := time.Now() + timeToExpiry := c.NotAfter.Sub(now) + + oneMonthFromNow := now.Add(30 * 24 * time.Hour) + isNearExpiration := oneMonthFromNow.After(c.NotAfter) + + return isNearExpiration, timeToExpiry } // TLSMutualExclusionCertCheck returns error if both TLSDisableClientCerts and TLSRequireAndVerifyClientCert are set diff --git a/vault/diagnose/tls_verification_test.go b/vault/diagnose/tls_verification_test.go index 70f506c9377a..769330fb776d 100644 --- a/vault/diagnose/tls_verification_test.go +++ b/vault/diagnose/tls_verification_test.go @@ -5,23 +5,29 @@ package diagnose import ( "context" + "encoding/pem" "fmt" + "os" + "path/filepath" "strings" "testing" + pkihelper "github.com/hashicorp/vault/helper/testhelpers/pki" "github.com/hashicorp/vault/internalshared/configutil" ) // TestTLSValidCert is the positive test case to show that specifying a valid cert and key // passes all checks. func TestTLSValidCert(t *testing.T) { + tlsFiles := pkihelper.GenerateCertWithRoot(t) + listeners := []*configutil.Listener{ { Type: "tcp", Address: "127.0.0.1:443", ClusterAddress: "127.0.0.1:8201", - TLSCertFile: "./test-fixtures/goodcertwithroot.pem", - TLSKeyFile: "./test-fixtures/goodkey.pem", + TLSCertFile: tlsFiles.CombinedLeafCaFile, + TLSKeyFile: tlsFiles.Leaf.KeyFile, TLSMinVersion: "tls10", TLSDisableClientCerts: true, }, @@ -390,14 +396,15 @@ func TestTLSClientCAVerfiyMutualExclusion(t *testing.T) { // TestTLSClientCAVerfiy checks that a listener which has TLS client certs checks enabled works as expected func TestTLSClientCAFileCheck(t *testing.T) { + testCaFiles := pkihelper.GenerateCertWithRoot(t) listeners := []*configutil.Listener{ { Type: "tcp", Address: "127.0.0.1:443", ClusterAddress: "127.0.0.1:8201", - TLSCertFile: "./../../api/test-fixtures/keys/cert.pem", - TLSKeyFile: "./../../api/test-fixtures/keys/key.pem", - TLSClientCAFile: "./../../api/test-fixtures/root/rootcacert.pem", + TLSCertFile: testCaFiles.Leaf.CertFile, + TLSKeyFile: testCaFiles.Leaf.KeyFile, + TLSClientCAFile: testCaFiles.RootCa.CertFile, TLSMaxVersion: "tls10", TLSRequireAndVerifyClientCert: true, TLSDisableClientCerts: false, @@ -414,14 +421,25 @@ func TestTLSClientCAFileCheck(t *testing.T) { // TestTLSLeafCertInClientCAFile checks if a leafCert exist in TLSClientCAFile func TestTLSLeafCertInClientCAFile(t *testing.T) { + testCaFiles := pkihelper.GenerateCertWithRoot(t) + + tempDir := t.TempDir() + + otherRoot := pkihelper.GenerateRootCa(t) + mixedLeafWithRoot := filepath.Join(tempDir, "goodcertbadroot.pem") + err := os.WriteFile(mixedLeafWithRoot, append(pem.EncodeToMemory(testCaFiles.Leaf.CertPem), pem.EncodeToMemory(otherRoot.CertPem)...), 0o644) + if err != nil { + t.Fatalf("Failed to write file %s: %v", mixedLeafWithRoot, err) + } + listeners := []*configutil.Listener{ { Type: "tcp", Address: "127.0.0.1:443", ClusterAddress: "127.0.0.1:8201", - TLSCertFile: "./../../api/test-fixtures/keys/cert.pem", - TLSKeyFile: "./../../api/test-fixtures/keys/key.pem", - TLSClientCAFile: "./test-fixtures/goodcertbadroot.pem", + TLSCertFile: testCaFiles.CombinedLeafCaFile, + TLSKeyFile: testCaFiles.Leaf.KeyFile, + TLSClientCAFile: mixedLeafWithRoot, TLSMaxVersion: "tls10", TLSRequireAndVerifyClientCert: true, TLSDisableClientCerts: false, @@ -430,10 +448,10 @@ func TestTLSLeafCertInClientCAFile(t *testing.T) { warnings, errs := ListenerChecks(context.Background(), listeners) fmt.Println(warnings) if errs == nil || len(errs) != 1 { - t.Fatalf("TLS Config check on bad ClientCAFile certificate should fail once") + t.Fatalf("TLS Config check on bad ClientCAFile certificate should fail once: got %v", errs) } if warnings == nil || len(warnings) != 1 { - t.Fatalf("TLS Config check on bad ClientCAFile certificate should warn once") + t.Fatalf("TLS Config check on bad ClientCAFile certificate should warn once: got %v", warnings) } if !strings.Contains(warnings[0], "Found at least one leaf certificate in the CA certificate file.") { t.Fatalf("Bad error message: %s", warnings[0]) @@ -445,14 +463,15 @@ func TestTLSLeafCertInClientCAFile(t *testing.T) { // TestTLSNoRootInClientCAFile checks if no Root cert exist in TLSClientCAFile func TestTLSNoRootInClientCAFile(t *testing.T) { + testCa := pkihelper.GenerateCertWithIntermediaryRoot(t) listeners := []*configutil.Listener{ { Type: "tcp", Address: "127.0.0.1:443", ClusterAddress: "127.0.0.1:8201", - TLSCertFile: "./../../api/test-fixtures/keys/cert.pem", - TLSKeyFile: "./../../api/test-fixtures/keys/key.pem", - TLSClientCAFile: "./test-fixtures/intermediateCert.pem", + TLSCertFile: testCa.Leaf.CertFile, + TLSKeyFile: testCa.Leaf.KeyFile, + TLSClientCAFile: testCa.IntCa.CertFile, TLSMaxVersion: "tls10", TLSRequireAndVerifyClientCert: true, TLSDisableClientCerts: false, @@ -469,14 +488,15 @@ func TestTLSNoRootInClientCAFile(t *testing.T) { // TestTLSIntermediateCertInClientCAFile checks if an intermediate cert is included in TLSClientCAFile func TestTLSIntermediateCertInClientCAFile(t *testing.T) { + testCa := pkihelper.GenerateCertWithIntermediaryRoot(t) listeners := []*configutil.Listener{ { Type: "tcp", Address: "127.0.0.1:443", ClusterAddress: "127.0.0.1:8201", - TLSCertFile: "./../../api/test-fixtures/keys/cert.pem", - TLSKeyFile: "./../../api/test-fixtures/keys/key.pem", - TLSClientCAFile: "./test-fixtures/chain.crt.pem", + TLSCertFile: testCa.Leaf.CertFile, + TLSKeyFile: testCa.Leaf.KeyFile, + TLSClientCAFile: testCa.CombinedCaFile, TLSMaxVersion: "tls10", TLSRequireAndVerifyClientCert: true, TLSDisableClientCerts: false, @@ -491,16 +511,25 @@ func TestTLSIntermediateCertInClientCAFile(t *testing.T) { } } -// TestTLSMultipleRootInClietCACert checks if multiple roots included in TLSClientCAFile -func TestTLSMultipleRootInClietCACert(t *testing.T) { +// TestTLSMultipleRootInClientCACert checks if multiple roots included in TLSClientCAFile +func TestTLSMultipleRootInClientCACert(t *testing.T) { + testCa := pkihelper.GenerateCertWithRoot(t) + otherRoot := pkihelper.GenerateRootCa(t) + tempDir := t.TempDir() + mixedRoots := filepath.Join(tempDir, "twoRootCA.pem") + err := os.WriteFile(mixedRoots, append(pem.EncodeToMemory(testCa.RootCa.CertPem), pem.EncodeToMemory(otherRoot.CertPem)...), 0o644) + if err != nil { + t.Fatalf("Failed to write file %s: %v", mixedRoots, err) + } + listeners := []*configutil.Listener{ { Type: "tcp", Address: "127.0.0.1:443", ClusterAddress: "127.0.0.1:8201", - TLSCertFile: "./../../api/test-fixtures/keys/cert.pem", - TLSKeyFile: "./../../api/test-fixtures/keys/key.pem", - TLSClientCAFile: "./test-fixtures/twoRootCA.pem", + TLSCertFile: testCa.Leaf.CertFile, + TLSKeyFile: testCa.Leaf.KeyFile, + TLSClientCAFile: mixedRoots, TLSMinVersion: "tls10", TLSRequireAndVerifyClientCert: true, TLSDisableClientCerts: false, @@ -508,7 +537,7 @@ func TestTLSMultipleRootInClietCACert(t *testing.T) { } warnings, errs := ListenerChecks(context.Background(), listeners) if errs != nil { - t.Fatalf("TLS Config check on valid certificate should not fail") + t.Fatalf("TLS Config check on valid certificate should not fail got: %v", errs) } if warnings == nil { t.Fatalf("TLS Config check on valid but bad certificate should warn") diff --git a/vault/dynamic_system_view.go b/vault/dynamic_system_view.go index f95dbd7ed963..3c161ec5abc8 100644 --- a/vault/dynamic_system_view.go +++ b/vault/dynamic_system_view.go @@ -18,6 +18,7 @@ import ( "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault/plugincatalog" "github.com/hashicorp/vault/version" + "google.golang.org/protobuf/types/known/timestamppb" ) type ctxKeyForwardedRequestMountAccessor struct{} @@ -407,10 +408,17 @@ func (d dynamicSystemView) GroupsForEntity(entityID string) ([]*logical.Group, e func (d dynamicSystemView) PluginEnv(_ context.Context) (*logical.PluginEnvironment, error) { v := version.GetVersion() + + buildDate, err := version.GetVaultBuildDate() + if err != nil { + return nil, err + } + return &logical.PluginEnvironment{ VaultVersion: v.Version, VaultVersionPrerelease: v.VersionPrerelease, VaultVersionMetadata: v.VersionMetadata, + VaultBuildDate: timestamppb.New(buildDate), }, nil } diff --git a/vault/dynamic_system_view_test.go b/vault/dynamic_system_view_test.go index bf7d82e02d1c..a042ff424403 100644 --- a/vault/dynamic_system_view_test.go +++ b/vault/dynamic_system_view_test.go @@ -16,6 +16,8 @@ import ( "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" + "github.com/hashicorp/vault/version" + "google.golang.org/protobuf/types/known/timestamppb" ) var ( @@ -286,6 +288,50 @@ func TestDynamicSystemView_GeneratePasswordFromPolicy_failed(t *testing.T) { } } +// TestDynamicSystemView_PluginEnv_successful checks that the PluginEnv method returns the expected values in a successful case. +func TestDynamicSystemView_PluginEnv_successful(t *testing.T) { + coreConfig := &CoreConfig{ + CredentialBackends: map[string]logical.Factory{}, + } + + cluster := NewTestCluster(t, coreConfig, &TestClusterOptions{}) + + cluster.Start() + defer cluster.Cleanup() + + core := cluster.Cores[0].Core + TestWaitActive(t, core) + + ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second) + defer cancel() + + ctx = namespace.RootContext(ctx) + dsv := TestDynamicSystemView(cluster.Cores[0].Core, nil) + + pluginEnv, err := dsv.PluginEnv(ctx) + if err != nil { + t.Fatalf("no error expected, but got: %s", err) + } + + expectedVersionInfo := version.GetVersion() + + expectedBuildDate, err := version.GetVaultBuildDate() + if err != nil { + t.Fatalf("failed to set up expectedBuildDate: %v", err) + } + + expectedPluginEnv := &logical.PluginEnvironment{ + VaultVersion: expectedVersionInfo.Version, + VaultVersionPrerelease: expectedVersionInfo.VersionPrerelease, + VaultVersionMetadata: expectedVersionInfo.VersionMetadata, + VaultBuildDate: timestamppb.New(expectedBuildDate), + } + + if !reflect.DeepEqual(pluginEnv, expectedPluginEnv) { + t.Fatalf("got %q, expected %q", pluginEnv, expectedPluginEnv) + } +} + type runes []rune func (r runes) Len() int { return len(r) } diff --git a/vault/eventbus/bus.go b/vault/eventbus/bus.go index 8f8b174a5245..b9a96a41ef16 100644 --- a/vault/eventbus/bus.go +++ b/vault/eventbus/bus.go @@ -40,7 +40,7 @@ var ( // these metadata fields will have the plugin mount path prepended to them metadataPrependPathFields = []string{ - "path", + logical.EventMetadataPath, logical.EventMetadataDataPath, } ) diff --git a/vault/expiration.go b/vault/expiration.go index c2f652020ce2..37cb26c559f3 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -435,8 +435,11 @@ func (c *Core) setupExpiration(e ExpireLeaseStrategy) error { return nil } -// stopExpiration is used to stop the expiration manager before -// sealing the Vault. +// stopExpiration is used to stop the expiration manager before sealing Vault. +// This *must* be called after shutting down the ActivityLog and +// CensusManager to prevent Core's expirationManager reference from +// changing while being accessed by product usage reporting. This is +// an unfortunate side-effect of tight coupling between ActivityLog and Core. func (c *Core) stopExpiration() error { if c.expiration != nil { if err := c.expiration.Stop(); err != nil { diff --git a/vault/expiration_test.go b/vault/expiration_test.go index 9e0da07bdb5e..2ef631562596 100644 --- a/vault/expiration_test.go +++ b/vault/expiration_test.go @@ -855,10 +855,7 @@ func TestExpiration_Restore(t *testing.T) { } // Stop everything - err = c.stopExpiration() - if err != nil { - t.Fatalf("err: %v", err) - } + stopExpiration(t, c) if exp.leaseCount != 0 { t.Fatalf("expected %v leases, got %v", 0, exp.leaseCount) @@ -3008,6 +3005,23 @@ func registerOneLease(t *testing.T, ctx context.Context, exp *ExpirationManager) return leaseID } +// stopExpiration is a test helper which allows us to safely teardown the +// expiration manager. This preserves the shutdown order of Core for these few +// outlier tests that (previously) directly called [Core].stopExpiration(). +func stopExpiration(t *testing.T, core *Core) { + t.Helper() + core.stopActivityLog() + err := core.teardownCensusManager() + if err != nil { + t.Fatalf("error stopping census manager: %v", err) + } + + err = core.stopExpiration() + if err != nil { + t.Fatalf("error stopping expiration manager: %v", err) + } +} + func TestExpiration_MarkIrrevocable(t *testing.T) { c, _, _ := TestCoreUnsealed(t) exp := c.expiration @@ -3060,10 +3074,7 @@ func TestExpiration_MarkIrrevocable(t *testing.T) { } // stop and restore to verify that irrevocable leases are properly loaded from storage - err = c.stopExpiration() - if err != nil { - t.Fatalf("error stopping expiration manager: %v", err) - } + stopExpiration(t, c) err = exp.Restore(nil) if err != nil { @@ -3153,10 +3164,7 @@ func TestExpiration_StopClearsIrrevocableCache(t *testing.T) { exp.markLeaseIrrevocable(ctx, le, fmt.Errorf("test irrevocable error")) exp.pendingLock.Unlock() - err = c.stopExpiration() - if err != nil { - t.Fatalf("error stopping expiration manager: %v", err) - } + stopExpiration(t, c) if _, ok := exp.irrevocable.Load(leaseID); ok { t.Error("expiration manager irrevocable cache should be cleared on stop") diff --git a/vault/external_tests/pprof/pprof_test.go b/vault/external_tests/pprof/pprof_test.go index dff92030122a..c0b5c95dd040 100644 --- a/vault/external_tests/pprof/pprof_test.go +++ b/vault/external_tests/pprof/pprof_test.go @@ -7,20 +7,33 @@ import ( "encoding/json" "io" "net/http" + "os" "strconv" "strings" "testing" "github.com/hashicorp/go-cleanhttp" + "github.com/hashicorp/vault/command/server" vaulthttp "github.com/hashicorp/vault/http" "github.com/hashicorp/vault/sdk/helper/testhelpers/schema" "github.com/hashicorp/vault/vault" + "github.com/stretchr/testify/require" "golang.org/x/net/http2" ) func TestSysPprof(t *testing.T) { t.Parallel() - cluster := vault.NewTestCluster(t, nil, &vault.TestClusterOptions{ + + // trace test setup + dir, err := os.MkdirTemp("", "vault-trace-test") + require.NoError(t, err) + + cluster := vault.NewTestCluster(t, &vault.CoreConfig{ + RawConfig: &server.Config{ + EnablePostUnsealTrace: true, + PostUnsealTraceDir: dir, + }, + }, &vault.TestClusterOptions{ HandlerFunc: vaulthttp.Handler, RequestResponseCallback: schema.ResponseValidatingCallback(t), }) @@ -30,6 +43,14 @@ func TestSysPprof(t *testing.T) { core := cluster.Cores[0].Core vault.TestWaitActive(t, core) SysPprof_Test(t, cluster) + + // draft trace test onto pprof one to avoid increasing test runtime with additional clusters + files, err := os.ReadDir(dir) + require.NoError(t, err) + require.Greater(t, len(files), 0) + traceFile, err := files[0].Info() + require.NoError(t, err) + require.Greater(t, traceFile.Size(), int64(0)) } func TestSysPprof_MaxRequestDuration(t *testing.T) { diff --git a/vault/login_mfa.go b/vault/login_mfa.go index 56500d95a121..3eb4994480b1 100644 --- a/vault/login_mfa.go +++ b/vault/login_mfa.go @@ -13,6 +13,7 @@ import ( "io" "net/http" "net/url" + "regexp" "strings" "sync" "time" @@ -38,8 +39,7 @@ import ( "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault/quotas" "github.com/mitchellh/mapstructure" - "github.com/okta/okta-sdk-golang/v2/okta" - "github.com/okta/okta-sdk-golang/v2/okta/query" + "github.com/okta/okta-sdk-golang/v5/okta" "github.com/patrickmn/go-cache" otplib "github.com/pquerna/otp" totplib "github.com/pquerna/otp/totp" @@ -1990,7 +1990,7 @@ func (c *Core) validateOkta(ctx context.Context, mConfig *mfa.Config, username s return err } - ctx, client, err := okta.NewClient(ctx, + cfg, err := okta.NewConfiguration( okta.WithToken(oktaConfig.APIToken), okta.WithOrgUrl(orgURL.String()), // Do not use cache or polling MFA will not refresh @@ -1999,15 +1999,15 @@ func (c *Core) validateOkta(ctx context.Context, mConfig *mfa.Config, username s if err != nil { return fmt.Errorf("error creating client: %s", err) } + client := okta.NewAPIClient(cfg) filterField := "profile.login" if oktaConfig.PrimaryEmail { filterField = "profile.email" } filterQuery := fmt.Sprintf("%s eq %q", filterField, username) - filter := query.NewQueryParams(query.WithFilter(filterQuery)) - users, _, err := client.User.ListUsers(ctx, filter) + users, _, err := client.UserAPI.ListUsers(client.GetConfig().Context).Filter(filterQuery).Execute() if err != nil { return err } @@ -2020,7 +2020,7 @@ func (c *Core) validateOkta(ctx context.Context, mConfig *mfa.Config, username s user := users[0] - factors, _, err := client.UserFactor.ListFactors(ctx, user.Id) + factors, _, err := client.UserFactorAPI.ListFactors(ctx, user.GetId()).Execute() if err != nil { return err } @@ -2030,14 +2030,12 @@ func (c *Core) validateOkta(ctx context.Context, mConfig *mfa.Config, username s } var factorFound bool - var userFactor *okta.UserFactor + var userFactor *okta.UserFactorPush for _, factor := range factors { - if factor.IsUserFactorInstance() { - userFactor = factor.(*okta.UserFactor) - if userFactor.FactorType == "push" { - factorFound = true - break - } + if factor.UserFactorPush != nil { + userFactor = factor.UserFactorPush + factorFound = true + break } } @@ -2045,13 +2043,13 @@ func (c *Core) validateOkta(ctx context.Context, mConfig *mfa.Config, username s return fmt.Errorf("no push-type MFA factor found for user") } - result, _, err := client.UserFactor.VerifyFactor(ctx, user.Id, userFactor.Id, okta.VerifyFactorRequest{}, userFactor, nil) + result, _, err := client.UserFactorAPI.VerifyFactor(ctx, user.GetId(), userFactor.GetId()).Execute() if err != nil { return err } - if result.FactorResult != "WAITING" { - return fmt.Errorf("expected WAITING status for push status, got %q", result.FactorResult) + if result.GetFactorResult() != "WAITING" { + return fmt.Errorf("expected WAITING status for push status, got %q", result.GetFactorResult()) } // Parse links to get polling link @@ -2070,27 +2068,33 @@ func (c *Core) validateOkta(ctx context.Context, mConfig *mfa.Config, username s return err } + // Okta doesn't return the transactionID as a parameter in the response, but it's encoded in the URL + // this approach comes from: https://github.com/okta/okta-sdk-golang/issues/300, but it's not ideal. + // It is, however, what the dotnet library by Okta themselves does. + txRx := regexp.MustCompile("^.*/transactions/(.*)$") + matches := txRx.FindStringSubmatch(url.Path) + if len(matches) != 2 { + return fmt.Errorf("couldn't determine transaction id from url") + } + transactionID := matches[1] + + // poll verifyfactor until termination (e.g., the user responds to the push factor) for { - // Okta provides an SDK method `GetFactorTransactionStatus` but does not provide the transaction id in - // the VerifyFactor respone. This code effectively reimplements that method. - rq := client.CloneRequestExecutor() - req, err := rq.WithAccept("application/json").WithContentType("application/json").NewRequest("GET", url.String(), nil) - if err != nil { - return err - } - var result *okta.VerifyUserFactorResponse - _, err = rq.Do(ctx, req, &result) + result, _, err := client.UserFactorAPI.GetFactorTransactionStatus(client.GetConfig().Context, user.GetId(), userFactor.GetId(), transactionID).Execute() if err != nil { return err } - switch result.FactorResult { - case "WAITING": - case "SUCCESS": + // the transaction status returns an inner object set based on what the factor status is. + // the other ones are nil. This is (probably) because the structure of the returned JSON + // varies based on what the factor status is. + switch { + case result.UserFactorPushTransactionWaiting != nil: + case result.UserFactorPushTransaction != nil: return nil - case "REJECTED": + case result.UserFactorPushTransactionRejected != nil: return fmt.Errorf("push verification explicitly rejected") - case "TIMEOUT": + case result.UserFactorPushTransactionTimeout != nil: return fmt.Errorf("push verification timed out") default: return fmt.Errorf("unknown status code") diff --git a/vault/mount_test.go b/vault/mount_test.go index 77863f77365c..f2d87cb7bfce 100644 --- a/vault/mount_test.go +++ b/vault/mount_test.go @@ -14,6 +14,7 @@ import ( "github.com/armon/go-metrics" "github.com/go-test/deep" "github.com/hashicorp/vault/audit" + "github.com/hashicorp/vault/helper/locking" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/testhelpers/corehelpers" @@ -115,7 +116,7 @@ func TestLogicalMountMetrics(t *testing.T) { func TestCore_DefaultMountTable(t *testing.T) { c, keys, _ := TestCoreUnsealed(t) - verifyDefaultTable(t, c.mounts, 4) + verifyDefaultTable(t, c.mounts, 4, c.mountsLock) // Start a second core with same physical inmemSink := metrics.NewInmemSink(1000000*time.Hour, 2000000*time.Hour) @@ -141,6 +142,10 @@ func TestCore_DefaultMountTable(t *testing.T) { } } + c.mountsLock.Lock() + defer c.mountsLock.Unlock() + c2.mountsLock.Lock() + defer c2.mountsLock.Unlock() if diff := deep.Equal(c.mounts.sortEntriesByPath(), c2.mounts.sortEntriesByPath()); len(diff) > 0 { t.Fatalf("mismatch: %v", diff) } @@ -187,6 +192,10 @@ func TestCore_Mount(t *testing.T) { } // Verify matching mount tables + c.mountsLock.Lock() + defer c.mountsLock.Unlock() + c2.mountsLock.Lock() + defer c2.mountsLock.Unlock() if diff := deep.Equal(c.mounts.sortEntriesByPath(), c2.mounts.sortEntriesByPath()); len(diff) > 0 { t.Fatalf("mismatch: %v", diff) } @@ -259,6 +268,10 @@ func TestCore_Mount_kv_generic(t *testing.T) { } // Verify matching mount tables + c.mountsLock.Lock() + defer c.mountsLock.Unlock() + c2.mountsLock.Lock() + defer c2.mountsLock.Unlock() if diff := deep.Equal(c.mounts.sortEntriesByPath(), c2.mounts.sortEntriesByPath()); len(diff) > 0 { t.Fatalf("mismatch: %v", diff) } @@ -717,7 +730,7 @@ func TestCore_Remount_Protected(t *testing.T) { func TestDefaultMountTable(t *testing.T) { c, _, _ := TestCoreUnsealed(t) table := c.defaultMountTable() - verifyDefaultTable(t, table, 3) + verifyDefaultTable(t, table, 3, c.mountsLock) } func TestCore_MountTable_UpgradeToTyped(t *testing.T) { @@ -886,7 +899,9 @@ func testCore_MountTable_UpgradeToTyped_Common( } } -func verifyDefaultTable(t *testing.T, table *MountTable, expected int) { +func verifyDefaultTable(t *testing.T, table *MountTable, expected int, mountsLock locking.RWMutex) { + mountsLock.Lock() + defer mountsLock.Unlock() if len(table.Entries) != expected { t.Fatalf("bad: %v", table.Entries) } diff --git a/vault/raft.go b/vault/raft.go index 746cbbde0038..f29e1cbe0f89 100644 --- a/vault/raft.go +++ b/vault/raft.go @@ -16,12 +16,10 @@ import ( "sync/atomic" "time" - "github.com/golang/protobuf/proto" "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-discover" discoverk8s "github.com/hashicorp/go-discover/provider/k8s" "github.com/hashicorp/go-hclog" - wrapping "github.com/hashicorp/go-kms-wrapping/v2" "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/go-uuid" goversion "github.com/hashicorp/go-version" @@ -1023,13 +1021,8 @@ func (c *Core) getRaftChallenge(leaderInfo *raft.LeaderJoinInfo) (*raftInformati return nil, fmt.Errorf("error decoding raft bootstrap challenge: %w", err) } - eBlob := &wrapping.BlobInfo{} - if err := proto.Unmarshal(challengeRaw, eBlob); err != nil { - return nil, fmt.Errorf("error decoding raft bootstrap challenge: %w", err) - } - return &raftInformation{ - challenge: eBlob, + challenge: challengeRaw, leaderClient: apiClient, leaderBarrierConfig: &sealConfig, }, nil @@ -1347,15 +1340,6 @@ func (c *Core) joinRaftSendAnswer(ctx context.Context, sealAccess seal.Access, r return errors.New("raft is already initialized") } - multiWrapValue := &seal.MultiWrapValue{ - Generation: sealAccess.Generation(), - Slots: []*wrapping.BlobInfo{raftInfo.challenge}, - } - plaintext, _, err := sealAccess.Decrypt(ctx, multiWrapValue, nil) - if err != nil { - return fmt.Errorf("error decrypting challenge: %w", err) - } - parsedClusterAddr, err := url.Parse(c.ClusterAddr()) if err != nil { return fmt.Errorf("error parsing cluster address: %w", err) @@ -1371,6 +1355,12 @@ func (c *Core) joinRaftSendAnswer(ctx context.Context, sealAccess seal.Access, r } } + sealer := NewSealAccessSealer(sealAccess, c.logger, "bootstrap_challenge_read") + plaintext, err := sealer.Open(context.Background(), raftInfo.challenge) + if err != nil { + return fmt.Errorf("error decrypting challenge: %w", err) + } + answerReq := raftInfo.leaderClient.NewRequest("PUT", "/v1/sys/storage/raft/bootstrap/answer") if err := answerReq.SetJSONBody(map[string]interface{}{ "answer": base64.StdEncoding.EncodeToString(plaintext), diff --git a/vault/sealunwrapper.go b/vault/sealunwrapper.go index 27f4cd482703..79b1436c50d8 100644 --- a/vault/sealunwrapper.go +++ b/vault/sealunwrapper.go @@ -18,10 +18,9 @@ import ( // NewSealUnwrapper creates a new seal unwrapper func NewSealUnwrapper(underlying physical.Backend, logger log.Logger) physical.Backend { ret := &sealUnwrapper{ - underlying: underlying, - logger: logger, - locks: locksutil.CreateLocks(), - allowUnwraps: new(uint32), + underlying: underlying, + logger: logger, + locks: locksutil.CreateLocks(), } if underTxn, ok := underlying.(physical.Transactional); ok { @@ -43,7 +42,7 @@ type sealUnwrapper struct { underlying physical.Backend logger log.Logger locks []*locksutil.LockEntry - allowUnwraps *uint32 + allowUnwraps atomic.Bool } // transactionalSealUnwrapper is a seal unwrapper that wraps a physical that is transactional @@ -63,63 +62,70 @@ func (d *sealUnwrapper) Put(ctx context.Context, entry *physical.Entry) error { return d.underlying.Put(ctx, entry) } -// unwrap gets an entry from underlying storage and tries to unwrap it. If the entry was not wrapped, return -// value unwrappedEntry will be nil. If the entry is wrapped and encrypted, an error is returned. -func (d *sealUnwrapper) unwrap(ctx context.Context, key string) (entry, unwrappedEntry *physical.Entry, err error) { - entry, err = d.underlying.Get(ctx, key) +// unwrap gets an entry from underlying storage and tries to unwrap it. +// - If the entry is not wrapped: the entry will be returned unchanged and wasWrapped will be false +// - If the entry is wrapped and encrypted: an error is returned. +// - If the entry is wrapped but not encrypted: the entry will be unwrapped and returned. wasWrapped will be true. +func (d *sealUnwrapper) unwrap(ctx context.Context, key string) (unwrappedEntry *physical.Entry, wasWrapped bool, err error) { + entry, err := d.underlying.Get(ctx, key) if err != nil { - return nil, nil, err + return nil, false, err } if entry == nil { - return nil, nil, err + return nil, false, nil } wrappedEntryValue, unmarshaled := UnmarshalSealWrappedValueWithCanary(entry.Value) switch { case !unmarshaled: - unwrappedEntry = entry + // Entry is not wrapped + return entry, false, nil case wrappedEntryValue.isEncrypted(): - return nil, nil, fmt.Errorf("cannot decode sealwrapped storage entry %q", entry.Key) + // Entry is wrapped and encrypted + return nil, true, fmt.Errorf("cannot decode sealwrapped storage entry %q", entry.Key) default: + // Entry is wrapped and not encrypted pt, err := wrappedEntryValue.getPlaintextValue() if err != nil { - return nil, nil, err + return nil, true, err } - unwrappedEntry = &physical.Entry{ + return &physical.Entry{ Key: entry.Key, Value: pt, - } + }, true, nil } - - return entry, unwrappedEntry, nil } func (d *sealUnwrapper) Get(ctx context.Context, key string) (*physical.Entry, error) { - entry, unwrappedEntry, err := d.unwrap(ctx, key) + entry, wasWrapped, err := d.unwrap(ctx, key) switch { - case err != nil: + case err != nil: // Failed to get entry return nil, err - case entry == nil: + case entry == nil: // Entry doesn't exist return nil, nil - case atomic.LoadUint32(d.allowUnwraps) != 1: - return unwrappedEntry, nil + case !wasWrapped || !d.allowUnwraps.Load(): // Entry was not wrapped or unwrapping not allowed + return entry, nil } + // Entry was wrapped, we need to replace it with the unwrapped value + + // Grab locks because we are performing a write locksutil.LockForKey(d.locks, key).Lock() defer locksutil.LockForKey(d.locks, key).Unlock() - // At this point we need to re-read and re-check - entry, unwrappedEntry, err = d.unwrap(ctx, key) + // Read entry again in case it was changed while we were waiting for the lock + entry, wasWrapped, err = d.unwrap(ctx, key) switch { - case err != nil: + case err != nil: // Failed to get entry return nil, err - case entry == nil: + case entry == nil: // Entry doesn't exist return nil, nil - case atomic.LoadUint32(d.allowUnwraps) != 1: - return unwrappedEntry, nil + case !wasWrapped || !d.allowUnwraps.Load(): // Entry was not wrapped or unwrapping not allowed + return entry, nil } - return unwrappedEntry, d.underlying.Put(ctx, unwrappedEntry) + // Write out the unwrapped value + return entry, d.underlying.Put(ctx, entry) } func (d *sealUnwrapper) Delete(ctx context.Context, key string) error { @@ -155,12 +161,12 @@ func (d *transactionalSealUnwrapper) Transaction(ctx context.Context, txns []*ph // This should only run during preSeal which ensures that it can't be run // concurrently and that it will be run only by the active node func (d *sealUnwrapper) stopUnwraps() { - atomic.StoreUint32(d.allowUnwraps, 0) + d.allowUnwraps.Store(false) } func (d *sealUnwrapper) runUnwraps() { // Allow key unwraps on key gets. This gets set only when running on the // active node to prevent standbys from changing data underneath the // primary - atomic.StoreUint32(d.allowUnwraps, 1) + d.allowUnwraps.Store(true) } diff --git a/vault/sealunwrapper_test.go b/vault/sealunwrapper_test.go index 023ae49ded67..e4cb73de99bb 100644 --- a/vault/sealunwrapper_test.go +++ b/vault/sealunwrapper_test.go @@ -21,25 +21,29 @@ import ( func TestSealUnwrapper(t *testing.T) { logger := corehelpers.NewTestLogger(t) - // Test without transactions - phys, err := inmem.NewInmemHA(nil, logger) - if err != nil { - t.Fatal(err) - } - performTestSealUnwrapper(t, phys, logger) + // Test with both cache enabled and disabled + for _, disableCache := range []bool{true, false} { + // Test without transactions + phys, err := inmem.NewInmemHA(nil, logger) + if err != nil { + t.Fatal(err) + } + performTestSealUnwrapper(t, phys, logger, disableCache) - // Test with transactions - tPhys, err := inmem.NewTransactionalInmemHA(nil, logger) - if err != nil { - t.Fatal(err) + // Test with transactions + tPhys, err := inmem.NewTransactionalInmemHA(nil, logger) + if err != nil { + t.Fatal(err) + } + performTestSealUnwrapper(t, tPhys, logger, disableCache) } - performTestSealUnwrapper(t, tPhys, logger) } -func performTestSealUnwrapper(t *testing.T, phys physical.Backend, logger log.Logger) { +func performTestSealUnwrapper(t *testing.T, phys physical.Backend, logger log.Logger, disableCache bool) { ctx := context.Background() base := &CoreConfig{ - Physical: phys, + Physical: phys, + DisableCache: disableCache, } cluster := NewTestCluster(t, base, &TestClusterOptions{ Logger: logger, @@ -47,6 +51,8 @@ func performTestSealUnwrapper(t *testing.T, phys physical.Backend, logger log.Lo cluster.Start() defer cluster.Cleanup() + physImem := phys.(interface{ Underlying() *inmem.InmemBackend }).Underlying() + // Read a value and then save it back in a proto message entry, err := phys.Get(ctx, "core/master") if err != nil { @@ -78,7 +84,15 @@ func performTestSealUnwrapper(t *testing.T, phys physical.Backend, logger log.Lo // successfully decode it, but be able to unmarshal it when read back from // the underlying physical store. When we read from active, it should both // successfully decode it and persist it back. - checkValue := func(core *Core, wrapped bool) { + checkValue := func(core *Core, wrapped bool, ro bool) { + if ro { + physImem.FailPut(true) + physImem.FailDelete(true) + defer func() { + physImem.FailPut(false) + physImem.FailDelete(false) + }() + } entry, err := core.physical.Get(ctx, "core/master") if err != nil { t.Fatal(err) @@ -106,7 +120,12 @@ func performTestSealUnwrapper(t *testing.T, phys physical.Backend, logger log.Lo } TestWaitActive(t, cluster.Cores[0].Core) - checkValue(cluster.Cores[2].Core, true) - checkValue(cluster.Cores[1].Core, true) - checkValue(cluster.Cores[0].Core, false) + checkValue(cluster.Cores[2].Core, true, true) + checkValue(cluster.Cores[1].Core, true, true) + checkValue(cluster.Cores[0].Core, false, false) + + // The storage entry should now be unwrapped, so there should be no more writes to storage when we read it + checkValue(cluster.Cores[2].Core, false, true) + checkValue(cluster.Cores[1].Core, false, true) + checkValue(cluster.Cores[0].Core, false, true) } diff --git a/vault/testing_util.go b/vault/testing_util.go index 0aff91c60c04..980b214619d4 100644 --- a/vault/testing_util.go +++ b/vault/testing_util.go @@ -1,19 +1,20 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: BUSL-1.1 -//go:build !enterprise - package vault import ( - "crypto/ed25519" - "testing" + "time" + + "github.com/hashicorp/vault/version" ) -func GenerateTestLicenseKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil } -func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig { return &LicensingConfig{} } -func testExtraTestCoreSetup(testing.TB, ed25519.PrivateKey, *TestClusterCore) {} -func testAdjustUnderlyingStorage(tcc *TestClusterCore) { - tcc.UnderlyingStorage = tcc.physical +func init() { + // The BuildDate is set as part of the build process in CI so we need to + // initialize it for testing. By setting it to now minus one year we + // provide some headroom to ensure that test license expiration (for enterprise) + // does not exceed the BuildDate as that is invalid. + if version.BuildDate == "" { + version.BuildDate = time.Now().UTC().AddDate(-1, 0, 0).Format(time.RFC3339) + } } -func testApplyEntBaseConfig(coreConfig, base *CoreConfig) {} diff --git a/vault/testing_util_stubs_oss.go b/vault/testing_util_stubs_oss.go new file mode 100644 index 000000000000..03986cccc3c3 --- /dev/null +++ b/vault/testing_util_stubs_oss.go @@ -0,0 +1,21 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build !enterprise + +package vault + +import ( + "crypto/ed25519" + "testing" +) + +//go:generate go run github.com/hashicorp/vault/tools/stubmaker + +func GenerateTestLicenseKeys() (ed25519.PublicKey, ed25519.PrivateKey, error) { return nil, nil, nil } +func testGetLicensingConfig(key ed25519.PublicKey) *LicensingConfig { return &LicensingConfig{} } +func testExtraTestCoreSetup(testing.TB, ed25519.PrivateKey, *TestClusterCore) {} +func testAdjustUnderlyingStorage(tcc *TestClusterCore) { + tcc.UnderlyingStorage = tcc.physical +} +func testApplyEntBaseConfig(coreConfig, base *CoreConfig) {} diff --git a/vault/token_store_test.go b/vault/token_store_test.go index 8223108e9876..6d58616966f9 100644 --- a/vault/token_store_test.go +++ b/vault/token_store_test.go @@ -1170,10 +1170,7 @@ func TestTokenStore_CreateLookup_ExpirationInRestoreMode(t *testing.T) { t.Fatalf("err: %v", err) } - err = c.stopExpiration() - if err != nil { - t.Fatal(err) - } + stopExpiration(t, c) // Reset expiration manager to restore mode ts.expiration.restoreModeLock.Lock() diff --git a/version/VERSION b/version/VERSION index 753029c3a5ec..72582753e347 100644 --- a/version/VERSION +++ b/version/VERSION @@ -1 +1 @@ -1.18.2 \ No newline at end of file +1.18.3 \ No newline at end of file diff --git a/version/version.go b/version/version.go index eb63e7418021..6cacced9a9c5 100644 --- a/version/version.go +++ b/version/version.go @@ -6,6 +6,7 @@ package version import ( "bytes" "fmt" + "time" ) type VersionInfo struct { @@ -33,6 +34,14 @@ func GetVersion() *VersionInfo { } } +func GetVaultBuildDate() (time.Time, error) { + buildDate, err := time.Parse(time.RFC3339, BuildDate) + if err != nil { + return time.Time{}, fmt.Errorf("failed to parse build date based on RFC3339: %w", err) + } + return buildDate, nil +} + func (c *VersionInfo) VersionNumber() string { if Version == "unknown" && VersionPrerelease == "unknown" { return "(version unknown)" diff --git a/website/content/api-docs/auth/cert.mdx b/website/content/api-docs/auth/cert.mdx index a838e27e63e5..25deca159e15 100644 --- a/website/content/api-docs/auth/cert.mdx +++ b/website/content/api-docs/auth/cert.mdx @@ -69,7 +69,7 @@ Sets a CA cert and associated parameters in a role name. by a dash (-) instead of a dot (.) to allow usage in ACL templates. - `ocsp_enabled` `(bool: false)` - If enabled, validate certificates' revocation status using OCSP. -- `ocsp_ca_certificates` `(string: "")` Any additional CA certificates needed to +- `ocsp_ca_certificates` `(string: "")` Any additional OCSP responder certificates needed to verify OCSP responses. Provided as base64 encoded PEM data. - `ocsp_servers_override` `(array: [])`: A comma-separated list of OCSP server addresses. If unset, the OCSP server is determined from the AuthorityInformationAccess diff --git a/website/content/api-docs/secret/pki/index.mdx b/website/content/api-docs/secret/pki/index.mdx index 76ca0bec63fd..c706115eccd9 100644 --- a/website/content/api-docs/secret/pki/index.mdx +++ b/website/content/api-docs/secret/pki/index.mdx @@ -87,6 +87,9 @@ update your API calls accordingly. - [Tidy Status](#tidy-status) - [Cancel Tidy](#cancel-tidy) - [Certificate Issuance Protocols](/vault/api-docs/secret/pki/issuance) + - [ACME - Automatic Certificate Management Environment](/vault/api-docs/secret/pki/issuance#acme-certificate-issuance) + - [EST - Enrollment over Secure Transport ](/vault/api-docs/secret/pki/issuance#est-certificate-issuance) + - [CMPv2 - Certificate Management Protocol (v2) ](/vault/api-docs/secret/pki/issuance#cmpv2-certificate-issuance) - [Cluster Scalability](#cluster-scalability) - [Managed Key](#managed-keys) (Enterprise Only) - [Vault CLI with DER/PEM responses](#vault-cli-with-der-pem-responses) @@ -2183,7 +2186,9 @@ use the values set via `config/urls`. `YYYY-MM-ddTHH:MM:SSZ`. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, `9999-12-31T23:59:59Z`. -* ~> Note: Keys of type `rsa` currently only support PKCS#1 v1.5 signatures. +- `use_pss` `(bool: false)` - Specifies whether or not to use PSS signatures + over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for + ECDSA/Ed25519 issuers. #### Managed keys parameters diff --git a/website/content/docs/agent-and-proxy/agent/apiproxy.mdx b/website/content/docs/agent-and-proxy/agent/apiproxy.mdx index 636b99167477..9ed6eea006a4 100644 --- a/website/content/docs/agent-and-proxy/agent/apiproxy.mdx +++ b/website/content/docs/agent-and-proxy/agent/apiproxy.mdx @@ -1,20 +1,18 @@ --- layout: docs -page_title: Vault Agent API Proxy +page_title: Use Vault Agent as an API proxy description: >- - Vault Agent's API Proxy functionality allows you to use Vault Agent's API as a proxy - for Vault's API. + Use auto-authentication and configure Vault Agent as a proxy for the Vault API. --- -# Vault Agent API proxy +# Use Vault Agent as an API proxy + +@include 'alerts/deprecated.mdx' Vault Agent's API Proxy functionality allows you to use Vault Agent's API as a proxy for Vault's API. -~> Note: This functionality will be deprecated in a future release. Please -switch to using [Vault Proxy](/vault/docs/agent-and-proxy/proxy) for API proxying purposes, instead. - - + [Static secret caching](/vault/docs/agent-and-proxy/proxy/caching/static-secret-caching) (KVv1 and KVv2) with API proxy minimizes the number of requests forwarded to @@ -22,7 +20,7 @@ switch to using [Vault Proxy](/vault/docs/agent-and-proxy/proxy) for API proxyin recommend using [Vault Proxy](/vault/docs/agent-and-proxy/proxy) for API Proxy related workflows. - + ## Functionality diff --git a/website/content/docs/agent-and-proxy/agent/caching/index.mdx b/website/content/docs/agent-and-proxy/agent/caching/index.mdx index 6d8e49fe862f..db58a1898c48 100644 --- a/website/content/docs/agent-and-proxy/agent/caching/index.mdx +++ b/website/content/docs/agent-and-proxy/agent/caching/index.mdx @@ -1,13 +1,12 @@ --- layout: docs -page_title: Vault Agent Caching -description: |- - Vault Agent Caching allows client-side caching of responses containing newly - created tokens and responses containing leased secrets generated off of these - newly created tokens. +page_title: Vault Agent caching overview +description: >- + Use client-side caching with Vault Agent for responses with newly + created tokens or leased secrets generated from a newly created token. --- -# Vault Agent caching +# Vault Agent caching overview diff --git a/website/content/docs/agent-and-proxy/agent/caching/persistent-caches/index.mdx b/website/content/docs/agent-and-proxy/agent/caching/persistent-caches/index.mdx index 9ae86cadb266..c889765df0bb 100644 --- a/website/content/docs/agent-and-proxy/agent/caching/persistent-caches/index.mdx +++ b/website/content/docs/agent-and-proxy/agent/caching/persistent-caches/index.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Agent Persistent Caching -description: Vault Agent Caching +page_title: Use built-in persistent caching - Vault Agent +description: >- + Use persistent caching with Vault Agent --- -# Vault Agent persistent caching +# Use built-in persistent caching Vault Agent can restore tokens and leases from a persistent cache file created by a previous Vault Agent process. The persistent cache is a BoltDB file that diff --git a/website/content/docs/agent-and-proxy/agent/caching/persistent-caches/kubernetes.mdx b/website/content/docs/agent-and-proxy/agent/caching/persistent-caches/kubernetes.mdx index 46fdad01f82a..f773dc665ef3 100644 --- a/website/content/docs/agent-and-proxy/agent/caching/persistent-caches/kubernetes.mdx +++ b/website/content/docs/agent-and-proxy/agent/caching/persistent-caches/kubernetes.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Kubernetes - Vault Agent Persistent Cache -description: Kubernetes Persistent Cache for Vault Agent Caching +page_title: Use Kubernetes persistent cache - Vault Agent +description: >- + Configure Vault Agent to use Kubernetes for persistent cache --- -# Vault Agent Kubernetes persistent cache +# Use Kubernetes persistent cache When `kubernetes` is configured for the persistent cache type, Vault Agent will optimize the persistent cache specifically for Kubernetes. This type of persistent cache requires a Kubernetes diff --git a/website/content/docs/agent-and-proxy/agent/generate-config.mdx b/website/content/docs/agent-and-proxy/agent/generate-config.mdx new file mode 100644 index 000000000000..96a226e07297 --- /dev/null +++ b/website/content/docs/agent-and-proxy/agent/generate-config.mdx @@ -0,0 +1,124 @@ +--- +layout: docs +page_title: Generate a development configuration file +description: >- + Use the Vault CLI to create a basic development configuration file to run + Vault Agent in process supervisor mode. +--- + +# Generate a Vault Agent development configuration file + +Use the Vault CLI to create a basic development configuration file to run Vault +Agent in process supervisor mode. + +Development configuration files include an `auto_auth` section that reference a +token file based on the Vault token used to authenticate the CLI command. Token +files are convenient for local testing but **are not** appropriate for in +production. **Always use a robust +[auto-authentication method](/vault/docs/agent-and-proxy/autoauth/methods) in +production**. + + + +- You have [set up a `kv` v2 plugin](/vault/docs/secrets/kv/kv-v2/setup). +- Your authentication token has `read` permissions for the `kv` v2 plugin. + + + +Use [`vault agent generate-config`](/vault/docs/commands/agent/generate-config) +to create a development configuration file with environment variable templates: + +```shell-session +$ vault agent generate-config + -type "env-template" \ + -exec " " \ + -namespace "" \ + -path "" \ + -path "" \ + ... + -path "" \ + +``` + +For example: + + + +```shell-session +$ vault agent generate-config \ + -type="env-template" \ + -exec="./payment-app 'wf-test'" \ + -namespace="testing" \ + -path="shared/dev/*" \ + -path="private/ci/integration" \ + agent-config.hcl + +Successfully generated "agent-config.hcl" configuration file! +Warning: the generated file uses 'token_file' authentication method, which is not suitable for production environments. +``` + + + +The configuration file includes `env_template` entries for each key stored at +the explicit paths and any key encountered while recursing through paths ending +with `/*`. Template keys have the form `_`. + +For example: + + + +```hcl +auto_auth { + + method { + type = "token_file" + + config { + token_file_path = "/home//.vault-token" + } + } +} + +template_config { + static_secret_render_interval = "5m" + exit_on_retry_failure = true + max_connections_per_host = 10 +} + +vault { + address = "http://192.168.0.1:8200" +} + +env_template "SQUARE_API_PROD" { + contents = "{{ with secret \"shared/data/dev/square-api\" }}{{ .Data.data.prod }}{{ end }}" + error_on_missing_key = true +} +env_template "SQUARE_API_SANDBOX" { + contents = "{{ with secret \"shared/data/dev/square-api\" }}{{ .Data.data.sandbox }}{{ end }}" + error_on_missing_key = true +} +env_template "SQUARE_API_SMOKE" { + contents = "{{ with secret \"shared/data/dev/square-api\" }}{{ .Data.data.smoke }}{{ end }}" + error_on_missing_key = true +} +env_template "SEEDS_SEED1" { + contents = "{{ with secret \"shared/data/dev/seeds\" }}{{ .Data.data.seed1 }}{{ end }}" + error_on_missing_key = true +} +env_template "SEEDS_SEED2" { + contents = "{{ with secret \"shared/data/dev/seeds\" }}{{ .Data.data.seed2 }}{{ end }}" + error_on_missing_key = true +} +env_template "DEV_POSTMAN" { + contents = "{{ with secret \"private/data/ci/integration\" }}{{ .Data.data.postman }}{{ end }}" + error_on_missing_key = true +} + +exec { + command = ["./payment-app", "'wf-test'"] + restart_on_secret_changes = "always" + restart_stop_signal = "SIGTERM" +} +``` + + diff --git a/website/content/docs/agent-and-proxy/agent/generate-config/index.mdx b/website/content/docs/agent-and-proxy/agent/generate-config/index.mdx deleted file mode 100644 index 4f66f5f6aa2f..000000000000 --- a/website/content/docs/agent-and-proxy/agent/generate-config/index.mdx +++ /dev/null @@ -1,129 +0,0 @@ ---- -layout: docs -page_title: agent generate-config - Command -description: |- - Generates a simple Vault Agent configuration file from the given parameters. ---- - -# agent generate-config - -Generates a simple Vault Agent configuration file from the given parameters. - -Currently, the only supported configuration type is `env-template`, which -helps you generate a configuration file with environment variable templates -for running Vault Agent in -[process supervisor](/vault/docs/agent-and-proxy/agent/process-supervisor) -mode. - -For every specified secret `-path`, the command will attempt to generate one or -multiple `env_template` entries based on the `JSON` key(s) stored in the -specified secret. If the secret `-path` ends with `/*`, the command will -attempt to recurse through the secrets tree rooted at the given path, -generating `env_template` entries for each encountered secret. Currently, -only [kv-v1](/vault/docs/secrets/kv/kv-v1) and -[kv-v2](/vault/docs/secrets/kv/kv-v2) paths are supported. - -The command specified in the `-exec` option will be used to generate an -`exec` entry, which will tell Vault Agent which child process to run. - -In addition to the `env_template` entries, the command generates an `auto_auth` -section with `token_file` authentication method. While this method is very -convenient for local testing, it should **NOT** be used in production. In a -production environment, please use any other -[Auto-Auth method](/vault/docs/agent-and-proxy/autoauth/methods) instead. - -By default, the file will be generated in the local directory as `agent.hcl` -unless a path is specified as an argument. - -## Example - -Before generating a configuration file, let's insert a secret `foo`: - -```shell-session -$ vault kv put -mount=secret foo user="admin" password="s3cr3t" -``` - -Generate an agent configuration file which will reference `secret/foo`: - -```shell-session -$ vault agent generate-config \ - -type="env-template" \ - -exec="./my-app arg1 arg2" \ - -namespace="my/ns/" \ - -path="secret/foo" \ - my-config.hcl -``` - -**Expected output:** - - - -```plaintext -Successfully generated "my-config.hcl" configuration file! -Warning: the generated file uses 'token_file' authentication method, which is not suitable for production environments. -``` - - - -This will produce `my-config.hcl` file in the current directory with contents -similar to the following: - -```hcl -auto_auth { - - method { - type = "token_file" - - config { - token_file_path = "/Users/avean/.vault-token" - } - } -} - -template_config { - static_secret_render_interval = "5m" - exit_on_retry_failure = true - max_connections_per_host = 10 -} - -vault { - address = "http://localhost:8200" -} - -env_template "FOO_PASSWORD" { - contents = "{{ with secret \"secret/data/foo\" }}{{ .Data.data.password }}{{ end }}" - error_on_missing_key = true -} -env_template "FOO_USER" { - contents = "{{ with secret \"secret/data/foo\" }}{{ .Data.data.user }}{{ end }}" - error_on_missing_key = true -} - -exec { - command = ["./my-app", "arg1", "arg2"] - restart_on_secret_changes = "always" - restart_stop_signal = "SIGTERM" -} -``` - -## Usage - -The following flags are available in addition to the [standard set of -flags](/vault/docs/commands) included in all commands. - -- `type` `(string: )` - The type of configuration file to generate; - currently, only `env-template` is supported. - -- `path` `(string: "")` - Path to a kv-v1 or kv-v2 secret - (e.g. `secret/data/foo`, `kv-v2/my-app/*`); multiple secrets and tail `*` - wildcards are allowed. - -- `-exec` `(string: "env")` - The command to execute in agent process - supervisor mode. - - -## Tutorial - -Refer to the [Vault Agent - secrets as environment -variables](/vault/tutorials/vault-agent/agent-env-vars) tutorial for an -end-to-end example. diff --git a/website/content/docs/agent-and-proxy/agent/index.mdx b/website/content/docs/agent-and-proxy/agent/index.mdx index 48855f7ebe83..4b6cdbcb3fcc 100644 --- a/website/content/docs/agent-and-proxy/agent/index.mdx +++ b/website/content/docs/agent-and-proxy/agent/index.mdx @@ -1,9 +1,9 @@ --- layout: docs -page_title: Vault Agent -description: |- - Vault Agent is a client-side daemon that can be used to perform some Vault - functionality automatically. +page_title: What is Vault Agent? +description: >- + Vault Agent is a client-side daemon that securely extracts secrets from Vault + for clients without the complexity of API calls. --- # What is Vault Agent? @@ -298,6 +298,18 @@ runtime metrics about its performance, the auto-auth and the cache status: | `vault.agent.cache.hit` | Number of cache hits | counter | | `vault.agent.cache.miss` | Number of cache misses | counter | +### IMPORTANT: `VAULT_ADDR` usage + +If you export the `VAULT_ADDR` environment variable on the Vault Agent instance, that value takes precedence over the value in the configuration file. The Vault Agent uses that to connect to Vault and this can create an infinite loop where the value of `VAULT_ADDR` is used to make a connection, and the Vault Agent ends up trying to connect to itself instead of the server. + +When the connection fails, the Vault Agent increments the port and tries again. The agent repeats these attempts, which leads to port exhaustion. + +This problem is a result of the precedence order of the 3 different ways to configure the Vault address. They are, in increasing order of priority: + +1. Configuration files +1. Environment variables +1. CLI flags + ## Start Vault Agent To run Vault Agent: diff --git a/website/content/docs/agent-and-proxy/agent/process-supervisor.mdx b/website/content/docs/agent-and-proxy/agent/process-supervisor.mdx index 210967aeb0e7..359628e4c965 100644 --- a/website/content/docs/agent-and-proxy/agent/process-supervisor.mdx +++ b/website/content/docs/agent-and-proxy/agent/process-supervisor.mdx @@ -1,12 +1,13 @@ --- layout: docs -page_title: Vault Agent's Process Supervisor Mode +page_title: Run Vault Agent in process supervisor mode description: >- - Vault Agent's Process Supervisor Mode allows Vault secrets to be injected - into a process via environment variables using Consul Template markup. + Run Vault Agent in process supervisor mode to write Vault secrets to + environment variables for use in external processes. + --- -# Vault Agent's Process Supervisor mode +# Run Vault Agent in process supervisor mode Vault Agent's Process Supervisor Mode allows Vault secrets to be injected into a process via environment variables using diff --git a/website/content/docs/agent-and-proxy/agent/template.mdx b/website/content/docs/agent-and-proxy/agent/template.mdx index 4a003e057a0b..eb91b8782fce 100644 --- a/website/content/docs/agent-and-proxy/agent/template.mdx +++ b/website/content/docs/agent-and-proxy/agent/template.mdx @@ -1,12 +1,12 @@ --- layout: docs -page_title: Vault Agent Template +page_title: Use Vault Agent templates description: >- - Vault Agent's Template functionality allows Vault secrets to be rendered to - files using Consul Template markup. + Use templates with Vault Agent to write Vault secrets files with Consul + Template markup. --- -# Vault Agent templates +# Use Vault Agent templates Vault Agent's Template functionality allows Vault secrets to be rendered to files or environment variables (via the [Process Supervisor Mode](/vault/docs/agent-and-proxy/agent/process-supervisor)) diff --git a/website/content/docs/agent-and-proxy/agent/versions.mdx b/website/content/docs/agent-and-proxy/agent/versions.mdx index 9d8e6a64cffc..6c727e0d9ee5 100644 --- a/website/content/docs/agent-and-proxy/agent/versions.mdx +++ b/website/content/docs/agent-and-proxy/agent/versions.mdx @@ -1,11 +1,12 @@ --- layout: docs -page_title: Vault Agent Version Compatibility -description: |- - Guidelines for running different versions of Agent and Vault server +page_title: Risks of using inconsistent versions of Agent and Vault +description: >- + Using different versions of Vault Agent and Vault is possible but limits the + available functionality. --- -# Running different versions of Agent and Vault server +# Understand the risks of using inconsistent versions of Agent and Vault There is no requirement to run identical versions of Vault Agent and Vault server. It is safe to run different versions. However, you may not be able to take diff --git a/website/content/docs/agent-and-proxy/agent/winsvc.mdx b/website/content/docs/agent-and-proxy/agent/winsvc.mdx index 3abce12a48a2..1dbf9853188f 100644 --- a/website/content/docs/agent-and-proxy/agent/winsvc.mdx +++ b/website/content/docs/agent-and-proxy/agent/winsvc.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Vault Agent Windows Service +page_title: Run Vault Agent as a Windows service description: >- - Vault Agent can be run as a Windows service. + Register Vault Agent with sc.exe and run Agent as a Windows service. --- -# Vault Agent Windows service +# Run Vault Agent as a Windows service Vault Agent can be run as a Windows service. In order to do this, you need to register Vault Agent with the Windows Service Control Manager. After Vault Agent is registered, it can be started like any other Windows diff --git a/website/content/docs/agent-and-proxy/autoauth/index.mdx b/website/content/docs/agent-and-proxy/autoauth/index.mdx index 3bee8a43df31..1b81a6e653d9 100644 --- a/website/content/docs/agent-and-proxy/autoauth/index.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/index.mdx @@ -1,32 +1,42 @@ --- layout: docs -page_title: Vault Agent and Vault Proxy Auto-Auth -description: |- - Vault Agent and Vault Proxy's Auto-Auth functionality allows easy and automatic +page_title: What is Auto-authentication? +description: >- + Use auto-authentication with Vault Agent or Vault Proxy to simplify client authentication to Vault in a variety of environments. --- -# Vault Agent and Vault Proxy Auto-Auth +# What is Auto-authentication? -The Auto-Auth functionality of Vault Agent and Vault Proxy allow for -easy authentication in a wide variety of environments. +Auto-authentication simplifies client authentication in a wide variety of +environments. The following Vault tools come with auto-authentication built in: -## Functionality +- Vault Agent +- Vault Proxy -Auto-Auth consists of two parts: a Method, which is the authentication method -that should be used in the current environment; and any number of Sinks, which -are locations where the agent should write a token any time the current token -value has changed. +## Methods and sinks -When Vault Agent or Vault Proxy are started with Auto-Auth enabled, it will attempt to acquire a -Vault token using the configured Method. On failure, it will exponentially back -off and then retry. On success, unless the auth method is configured to wrap -the tokens, it will keep the resulting token renewed until renewal is no longer -allowed. If renewal fails, the token has been revoked, the token has exceeded the maximum number of uses, -or the token is an otherwise invalid value, it will attempt to reauthenticate. +Auto-auth consists of two parts: -Every time an authentication is successful, the token is written to the -configured Sinks, subject to their configuration. +- a **method** - the desired authentication method for the current environment +- a **sink** - the location where tools save tokens when the token value changes + +When a supported tool starts with auto-auth enabled, the tool requests a Vault +token using the configured method. If the request fails, the tool retries the +request with an exponential back off. + +Once the request succeeds, the auth-auth renews unwrapped authentication tokens +automatically until Vault denies the renewal. If the authentication method wraps +tokens, auto-authentication cannot renew the token automatically. + +Vault typically denies renewal if the token: + +- the token was revoked. +- the token has exceeded the maximum number of uses. +- the token is otherwise invalid. + +Every time authentication succeeds, auto-auth writes the token to any +appropriately configured sink. ## Advanced functionality @@ -205,7 +215,7 @@ These configuration values are common to all Sinks: ### Auto auth examples -Auto-Auth configuration objects take two separate forms when specified in HCL +Auto-auth configuration objects take two separate forms when specified in HCL and JSON. The following examples are meant to clarify the differences between the two formats. diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/alicloud.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/alicloud.mdx index 87b0ff34498c..0d202e9f2037 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/alicloud.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/alicloud.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Auto-Auth AliCloud Method -description: AliCloud Method for Vault Auto-Auth +page_title: Auto-auth with AliCloud +description: >- + Use AliCloud for auto-authentication with Vault Agent or Vault Proxy. --- -# Vault agent Auto-Auth AliCloud method +# Auto-auth method: AliCloud The `alicloud` method performs authentication against the [AliCloud Auth method](/vault/docs/auth/alicloud). diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/approle.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/approle.mdx index 348985d80649..0318e28c91a5 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/approle.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/approle.mdx @@ -1,10 +1,12 @@ --- layout: docs -page_title: Vault Auto-Auth AppRole Method -description: AppRole Method for Vault Auto-Auth +page_title: Auto-auth with AppRole +description: >- + Use application roles for auto-authentication with Vault Agent or + Vault Proxy. --- -# Vault Auto-Auth AppRole method +# Auto-auth method: application roles (AppRole) The `approle` method reads in a role ID and a secret ID from files and sends the values to the [AppRole Auth diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/aws.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/aws.mdx index 8f3d8280a317..db03569430fc 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/aws.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/aws.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Auto-Auth AWS Method -description: AWS Method for Vault Auto-Auth +page_title: Auto-auth with AWS +description: >- + Use AWS for auto-authentication with Vault Agent or Vault Proxy. --- -# Vault Auto-Auth AWS method +# Auto-auth method: AWS The `aws` method performs authentication against the [AWS Auth method](/vault/docs/auth/aws). Both `ec2` and `iam` diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/azure.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/azure.mdx index 541dc9a41698..bfba388d9cc3 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/azure.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/azure.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Auto-Auth Azure Method -description: Azure Method for Vault Auto-Auth +page_title: Auto-auth with Azure +description: >- + Use Azure for auto-authentication with Vault Agent or Vault Proxy. --- -# Vault Auto-Auth Azure method +# Auto-auth method: Azure The `azure` method reads in Azure instance credentials and uses them to authenticate with the [Azure Auth diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/cert.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/cert.mdx index 8a04bac8b5ff..9d1a5015cdc2 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/cert.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/cert.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Auto-Auth Cert Method -description: Cert Method for Vault Auto-Auth +page_title: Auto-auth with TLS certificates +description: >- + Use TLS certificates for auto-authentication with Vault Agent or Vault Proxy. --- -# Vault Auto-Auth cert method +# Auto-auth method: TLS certificates The `cert` method uses the configured TLS certificates from the `vault` stanza of the agent configuration and takes an optional `name` parameter. There is no option diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/cf.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/cf.mdx index b6aa3dd48318..cfe0164bdf86 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/cf.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/cf.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Auto-Auth CF Method -description: CF Method for Vault Auto-Auth +page_title: Auto-auth with Cloud Foundry +description: >- + Use Cloud Foundry (CF) for auto-authentication with Vault Agent or Vault Proxy. --- -# Vault agent Auto-Auth CF method +# Auto-auth method: Cloud Foundry (CF) The `cf` method performs authentication against the [CF Auth method](/vault/docs/auth/cf). diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/gcp.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/gcp.mdx index 51b1692d845e..b41113ce8f75 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/gcp.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/gcp.mdx @@ -1,10 +1,12 @@ --- layout: docs -page_title: Vault Auto-Auth GCP Method -description: GCP Method for Vault Auto-Auth +page_title: Auto-auth with GCP +description: >- + Use Google Cloud Platform (GCP) for auto-authentication with Vault Agent or + Vault Proxy. --- -# Vault Auto-Auth GCP method +# Auto-auth method: Google Cloud Platform (GCP) The `gcp` method performs authentication against the [GCP Auth method](/vault/docs/auth/gcp). Both `gce` and `iam` diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/index.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/index.mdx deleted file mode 100644 index c9e7645e88a1..000000000000 --- a/website/content/docs/agent-and-proxy/autoauth/methods/index.mdx +++ /dev/null @@ -1,12 +0,0 @@ ---- -layout: docs -page_title: Vault Auto-Auth Methods -description: Methods for Vault Auto-Auth ---- - -# Vault Auto-Auth methods - -Auto-auth is a mechanism used by Vault Agent and Vault Proxy to authenticate -to Vault in an automatic manner, given a set of parameters allowing the -authentication. Please see the sidebar for available methods and their -usage/configuration. diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/jwt.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/jwt.mdx index febb3c65da4d..71336ee010b6 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/jwt.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/jwt.mdx @@ -1,10 +1,12 @@ --- layout: docs -page_title: Vault Auto-Auth JWT Method -description: JWT Method for Vault Auto-Auth +page_title: Auto-auth with JSW +description: >- + Use JSON web tokens (JSW) for auto-authentication with Vault Agent or Vault + Proxy. --- -# Vault Auto-Auth JWT method +# Auto-auth method: JSON web tokens (JSW) The `jwt` method reads in a JWT from a file and sends it to the [JWT Auth method](/vault/docs/auth/jwt). diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/kerberos.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/kerberos.mdx index d2f9979f58d6..eaabe6cdbf9a 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/kerberos.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/kerberos.mdx @@ -1,12 +1,11 @@ --- -layout: 'docs' -page_title: 'Vault Auto-Auth Kerberos Method' -sidebar_current: 'docs-agent-and-proxy-autoauth-methods-kerberos' -description: |- - Kerberos Method for Vault Auto-Auth +layout: docs +page_title: Auto-auth with Kerberos +description: >- + Use Kerberos for auto-authentication with Vault Agent or Vault Proxy. --- -# Vault Auto-Auth Kerberos method +# Auto-auth method: Kerberos The `kerberos` auto-auth method provides an automated mechanism to retrieve a Vault token for Kerberos entities. It reads in configuration and diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/kubernetes.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/kubernetes.mdx index 57e03ec65a7d..af5599b0cdab 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/kubernetes.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/kubernetes.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Auto-Auth Kubernetes Method -description: Kubernetes Method for Vault Auto-Auth +page_title: Auto-auth with Kubernetes +description: >- + Use Kubernetes for auto-authentication with Vault Agent or Vault Proxy. --- -# Vault Auto-Auth kubernetes method +# Auto-auth method: Kubernetes The `kubernetes` method reads in a Kubernetes service account token from the running pod (via `/var/run/secrets/kubernetes.io/serviceaccount/token`) and diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/ldap.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/ldap.mdx index f2569e378fd7..e8a600b4fbc2 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/ldap.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/ldap.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Auto-Auth LDAP Method -description: LDAP Method for Vault Auto-Auth +page_title: Auto-auth with LDAP +description: >- + Use LDAP for auto-authentication with Vault Agent or Vault Proxy. --- -# Vault Auto-Auth LDAP Method +# Auto-auth method: LDAP The `ldap` method reads in a password from a file and sends it to the [LDAP Auth method](/vault/docs/auth/ldap). diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/oci.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/oci.mdx index 643ad08b4da6..e477f8318425 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/oci.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/oci.mdx @@ -1,10 +1,12 @@ --- layout: docs -page_title: Vault Auto-Auth OCI (Oracle Cloud Infrastructure) Method -description: OCI (Oracle Cloud Infrastructure) Method for Vault Auto-Auth +page_title: Auto-auth with OCI +description: >- + Use Oracle Cloud Infrastructure (OCI) for auto-authentication with Vault Agent + or Vault Proxy. --- -# Vault Auto-Auth OCI (Oracle Cloud infrastructure) method +# Auto-auth method: Oracle Cloud Infrastructure (OCI) The `oci` method performs authentication against the [OCI Auth method](/vault/docs/auth/oci). diff --git a/website/content/docs/agent-and-proxy/autoauth/methods/token_file.mdx b/website/content/docs/agent-and-proxy/autoauth/methods/token_file.mdx index 69645d2c62d7..c1225f9551b7 100644 --- a/website/content/docs/agent-and-proxy/autoauth/methods/token_file.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/methods/token_file.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Auto-Auth Token File Method -description: Token File Method for Vault Auto-Auth +page_title: Auto-auth with token files +description: >- + Use token files for auto-authentication with Vault Agent or Vault Proxy. --- -# Vault Auto-Auth token file method +# Auto-auth method: token file ~> Note: This authentication method is tailored for the development experience, and to facilitate getting started with Vault Agent and Vault Proxy. Vault Agent and diff --git a/website/content/docs/agent-and-proxy/autoauth/sinks/file.mdx b/website/content/docs/agent-and-proxy/autoauth/sinks/file.mdx index 2ed451cbb3b2..0ab456dd06a9 100644 --- a/website/content/docs/agent-and-proxy/autoauth/sinks/file.mdx +++ b/website/content/docs/agent-and-proxy/autoauth/sinks/file.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Agent and Vault Proxy Auto-Auth File Sink -description: File sink for Auto-Auth +page_title: Auto-auth with file sinks +description: >- + Use file sinks for auto-authentication with Vault Agent or Vault Proxy. --- -# Vault agent and Vault proxy Auto-Auth file sink +# Auto-auth sink: File The `file` sink writes tokens, optionally response-wrapped and/or encrypted, to a file. This may be a local file or a file mapped via some other process (NFS, diff --git a/website/content/docs/agent-and-proxy/autoauth/sinks/index.mdx b/website/content/docs/agent-and-proxy/autoauth/sinks/index.mdx deleted file mode 100644 index 55a12d6b73a9..000000000000 --- a/website/content/docs/agent-and-proxy/autoauth/sinks/index.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -layout: docs -page_title: Vault Agent and Vault Proxy Auto-Auth Sinks -description: Sinks for Auto-Auth ---- - -# Vault agent and Vault proxy Auto-Auth sinks - -Every time an auto-auth authentication is successful, the token is written to the -enabled Sinks, subject to their configuration. Today, we only support one -type of sink, [file sink](/vault/docs/agent-and-proxy/autoauth/sinks/file). diff --git a/website/content/docs/agent-and-proxy/index.mdx b/website/content/docs/agent-and-proxy/index.mdx index c9a29b665294..d74952a5fbb0 100644 --- a/website/content/docs/agent-and-proxy/index.mdx +++ b/website/content/docs/agent-and-proxy/index.mdx @@ -1,12 +1,12 @@ --- layout: docs -page_title: Vault Agent and Vault Proxy -description: |- - Vault Agent and Vault Proxy are daemons that can be used to perform some Vault - functionality automatically. +page_title: Why use Agent or Proxy? +description: >- + Use Vault tools like Agent and Proxy to simplify secret fetching and add Vault + to your development environment with minimal client code updates. --- -# Vault Agent and Vault Proxy +# Why use Agent or Proxy? A valid client token must accompany most requests to Vault. This includes all API requests, as well as via the Vault CLI and other libraries. diff --git a/website/content/docs/agent-and-proxy/proxy/apiproxy.mdx b/website/content/docs/agent-and-proxy/proxy/apiproxy.mdx index 3017694a1d9a..20cf68102a94 100644 --- a/website/content/docs/agent-and-proxy/proxy/apiproxy.mdx +++ b/website/content/docs/agent-and-proxy/proxy/apiproxy.mdx @@ -1,12 +1,11 @@ --- layout: docs -page_title: Vault Proxy API Proxy +page_title: Use Vault Proxy as an API proxy description: >- - Vault Proxy's API Proxy functionality allows you to use Vault Proxy's API as a proxy - for Vault's API. + Use auto-authentication and configure Vault Proxy as a proxy for the Vault API. --- -# Vault Proxy API proxy +# Use Vault Proxy as an API proxy Vault Proxy's API Proxy functionality allows you to use Vault Proxy's API as a proxy for Vault's API. diff --git a/website/content/docs/agent-and-proxy/proxy/caching/index.mdx b/website/content/docs/agent-and-proxy/proxy/caching/index.mdx index 5ad628c5a7a3..1ea2bd1fd5b5 100644 --- a/website/content/docs/agent-and-proxy/proxy/caching/index.mdx +++ b/website/content/docs/agent-and-proxy/proxy/caching/index.mdx @@ -1,13 +1,12 @@ --- layout: docs -page_title: Vault Proxy Caching -description: |- - Vault Proxy Caching allows client-side caching of responses containing newly - created tokens and responses containing leased secrets generated off of these - newly created tokens. +page_title: Vault Proxy caching overview +description: >- + Use client-side caching with Vault Proxy for responses with newly + created tokens or leased secrets generated from a newly created token. --- -# Vault Proxy caching +# Vault Proxy caching overview Vault Proxy caching allows client-side caching of responses containing newly created tokens and responses containing leased secrets generated off of these diff --git a/website/content/docs/agent-and-proxy/proxy/caching/persistent-caches/index.mdx b/website/content/docs/agent-and-proxy/proxy/caching/persistent-caches/index.mdx index 5c7fd7698ea2..28b4c94e1267 100644 --- a/website/content/docs/agent-and-proxy/proxy/caching/persistent-caches/index.mdx +++ b/website/content/docs/agent-and-proxy/proxy/caching/persistent-caches/index.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vault Proxy Persistent Caching -description: Vault Proxy Caching +page_title: Use built-in persistent caching - Vault Proxy +description: >- + Use built-in persistent caching with Vault Proxy --- -# Vault Proxy persistent caching +# Use Vault Proxy built-in persistent caching Vault Proxy can restore tokens and leases from a persistent cache file created by a previous Vault Proxy process. The persistent cache is a BoltDB file that diff --git a/website/content/docs/agent-and-proxy/proxy/caching/persistent-caches/kubernetes.mdx b/website/content/docs/agent-and-proxy/proxy/caching/persistent-caches/kubernetes.mdx index 4ea3af7c2f42..deb354a5340d 100644 --- a/website/content/docs/agent-and-proxy/proxy/caching/persistent-caches/kubernetes.mdx +++ b/website/content/docs/agent-and-proxy/proxy/caching/persistent-caches/kubernetes.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Kubernetes - Vault Proxy Persistent Cache -description: Kubernetes Persistent Cache for Vault Proxy Caching +page_title: Use Kubernetes persistent cache - Vault Proxy +description: >- + Configure Vault Proxy to use Kubernetes for persistent cache. --- -# Vault Proxy kubernetes persistent cache +# Use Kubernetes persistent cache When `kubernetes` is configured for the persistent cache type, Vault Proxy will optimize the persistent cache specifically for Kubernetes. This type of persistent cache requires a Kubernetes diff --git a/website/content/docs/agent-and-proxy/proxy/caching/static-secret-caching.mdx b/website/content/docs/agent-and-proxy/proxy/caching/static-secret-caching.mdx index c080c3da9f94..61be100b108e 100644 --- a/website/content/docs/agent-and-proxy/proxy/caching/static-secret-caching.mdx +++ b/website/content/docs/agent-and-proxy/proxy/caching/static-secret-caching.mdx @@ -1,12 +1,12 @@ --- layout: docs -page_title: Vault Proxy Static Secret Caching -description: |- - Vault Proxy's static secret caching functionality allows you to cache KVv1 and KVv2 secrets for calling clients. - The secrets will be automatically updated by Proxy, minimizing requests made to Vault, and offering resiliency. +page_title: Improve Vault traffic resiliency +description: >- + Use static secret caching with Vault Proxy to cache key/value data in Vault, + handle updates, and reduce direct requests to Vault from clients. --- -# Vault Proxy static secret caching +# Improve Vault traffic resiliency with Vault Proxy @include 'alerts/enterprise-only.mdx' diff --git a/website/content/docs/agent-and-proxy/proxy/index.mdx b/website/content/docs/agent-and-proxy/proxy/index.mdx index 3893d4b4056c..f60587182a59 100644 --- a/website/content/docs/agent-and-proxy/proxy/index.mdx +++ b/website/content/docs/agent-and-proxy/proxy/index.mdx @@ -1,9 +1,9 @@ --- layout: docs -page_title: Vault Proxy -description: |- - Vault Proxy is a daemon that can be used to perform some Vault - functionality automatically, and act as a proxy for Vault's APIs. +page_title: What is Vault Proxy? +description: >- + Vault Proxy is a server-side daemon with caching and auto-authentication that + acts as load-balancer and API proxy for Vault. --- # What is Vault Proxy? diff --git a/website/content/docs/agent-and-proxy/proxy/versions.mdx b/website/content/docs/agent-and-proxy/proxy/versions.mdx index 1c177ec3069e..3d7c8190d0eb 100644 --- a/website/content/docs/agent-and-proxy/proxy/versions.mdx +++ b/website/content/docs/agent-and-proxy/proxy/versions.mdx @@ -1,11 +1,13 @@ --- layout: docs -page_title: Vault Proxy Version Compatibility -description: |- - Guidelines for running different versions of Proxy and Vault server +page_title: Risks of using inconsistent versions of Proxy and Vault +description: >- + Using different versions of Vault Proxy and Vault is possible but limits the + available functionality. --- -# Running different versions of Proxy and Vault server + +# Understand the risks of using inconsistent versions of Proxy and Vault There is no requirement to run identical versions of Vault Proxy and Vault server. It is safe to run different versions. However, you may not be able to take diff --git a/website/content/docs/auth/approle/approle-pattern.mdx b/website/content/docs/auth/approle/approle-pattern.mdx index 52e50bdcead1..048d71c37709 100644 --- a/website/content/docs/auth/approle/approle-pattern.mdx +++ b/website/content/docs/auth/approle/approle-pattern.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: AppRole recommended pattern +page_title: AppRole recommended pattern and best practices description: >- The recommended pattern and best practices when you are using AppRole auth method to validate the identity of your application workloads. --- -# AppRole recommended pattern +# AppRole recommended pattern and best practices At the core of Vault's usage is authentication and authorization. Understanding the methods that Vault surfaces these to the client is the key to understanding how to configure and manage Vault. @@ -15,10 +15,6 @@ At the core of Vault's usage is authentication and authorization. Understanding Vault provides several internal and external authentication methods. External methods are called _trusted third-party authenticators_ such as AWS, LDAP, GitHub, and so on. A trusted third-party authenticator is not available in some situations, so Vault has an alternate approach which is **AppRole**. If another platform method of authentication is available via a trusted third-party authenticator, the best practice is to use that instead of AppRole. -This guide will detail the high-level concepts of AppRole and outline two detailed uses following the recommended patterns explored in the high-level concepts. This guide will also detail anti-patterns to help readers avoid insecure use of this feature. - -## Vault best practice - This guide relies heavily on two fundamental principles for Vault: limiting both the blast-radius of an identity and the duration of authentication. ### Blast-radius of an identity @@ -29,21 +25,21 @@ Vault is an identity-based secrets management solution, where access to a secret When Vault verifies an entity's identity, Vault then provides that entity with a [token](/vault/docs/concepts/tokens). The client uses this token for all subsequent interactions with Vault to prove authentication, so this token should be both handled securely and have a limited lifetime. A token should only live for as long as access to the secrets it authorizes access to are needed. -## Glossary +## Glossary of terms - **Authentication** - The process of confirming identity. Often abbreviated to _AuthN_ - **Authorization** - The process of verifying what an entity has access to and at what level. Often abbreviated to _AuthZ_ -- **RoleID** - The semi-secret identifier for the role that will authenticate to Vault. Think of this as the username portion of an authentication pair. -- **SecretID** - The secret identifier for the role that will authenticate to Vault. Think of this as the password portion of an authentication pair. +- **RoleID** - The semi-secret identifier for the role that will authenticate to Vault. Think of this as the _username_ portion of an authentication pair. +- **SecretID** - The secret identifier for the role that will authenticate to Vault. Think of this as the _password_ portion of an authentication pair. - **AppRole role** - The role configured in Vault that contains the authorization and usage parameters for the authentication. -## AppRole auth method overview +## What is AppRole auth method? The AppRole authentication method is for machine authentication to Vault. Because AppRole is designed to be flexible, it has many ways to be configured. The burden of security is on the configurator rather than a trusted third party, as is the case in other Vault auth methods. AppRole is not a trusted third-party authenticator, but a _trusted broker_ method. The difference is that in AppRole authentication, the onus of trust rests in a securely-managed broker system that brokers authentication between clients and Vault. -The central tenet of this security is that during the brokering of the authentication to Vault, the RoleID and SecretID are only ever together on the end-user system that needs to consume the secret. +The central tenet of this security is that during the brokering of the authentication to Vault, the **RoleID** and **SecretID** are only ever together on the end-user system that needs to consume the secret. In an AppRole authentication, there are three players: @@ -51,16 +47,146 @@ In an AppRole authentication, there are three players: - **The broker** - This is the trusted and secured system that brokers the authentication. - **The secret consumer** - This is the final consumer of the secret from Vault. -## AppRole in a CI pipeline -In this scenario, the CI needs to run a job requiring some data classified as secret and stored in Vault. The CI has a master and a worker node (such as Jenkins). The worker node runs jobs on spawned container runners that are short-lived. The process here should be: +## Platform credential delivery method + +To prevent any one system, other than the target client, from obtaining the complete set of credentials (RoleID and SecretID), the recommended implementation is to deliver those values separately through two different channels. This enables you to provide narrowly-scoped tokens to each trusted orchestrator to access either RoleID or SecretID, but never both. + +### RoleID delivery best practices + +RoleID is an identifier that selects the AppRole against which the other credentials are evaluated. Think of it as a username for an application; therefore, RoleID is not a secret value. It's a static UUID that identifies a specific role configuration. Generally, you create a role per application to ensure that each application will have a unique RoleID. + +Because it is not a secret, you can embed the RoleID value into a machine image or container as a text file or environment variable. + +For example: + +- Build an image with [Packer](/packer/tutorials/) with RoleID stored as an environment variable. +- Use [Terraform](/terraform/tutorials/) to provision a machine embedded with RoleID. + +There are a number of different patterns through which this value can be delivered. + +The application running on the machine or container will read the RoleID from the file or environment variable to authenticate with Vault. + +#### Policy requirement + +An appropriate policy is required to read RoleID from Vault. For example, to get the RoleID for a role named, "jenkins", the policy should look as below. + +```hcl +# Grant 'read' permission on the 'auth/approle/role//role-id' path +path "auth/approle/role/jenkins/role-id" { + capabilities = [ "read" ] +} +``` + +### SecretID delivery best practices + +SecretID is a credential that is required by default for any login and is intended to always be secret. While RoleID is similar to a username, SecretID is equivalent to a password for its corresponding RoleID. + +There are two additional considerations when distributing the SecretID, since it is a secret and should be secured so that only the intended recipient is able to read it. + +1. Binding CIDRs +1. AppRole response wrapping + +#### Binding CIDRs + +When defining an AppRole, you can use the [`secretid_bound_cidrs`](/vault/api-docs/auth/approle#secret_id_bound_cidrs) parameter to specify blocks of IP addresses which can perform the login operation for this role. You can further limit the IP range per token using [`token_bound_cidrs`](/vault/api-docs/auth/approle#token_bound_cidrs). + +**Example:** + +```shell-session +$ vault write auth/approle/role/jenkins \ + secret_id_bound_cidrs="0.0.0.0/0","127.0.0.1/32" \ + secret_id_ttl=60m \ + secret_id_num_uses=5 \ + enable_local_secret_ids=false \ + token_bound_cidrs="0.0.0.0/0","127.0.0.1/32" \ + token_num_uses=10 \ + token_ttl=1h \ + token_max_ttl=3h \ + token_type=default \ + period="" \ + policies="default","test" +``` + + + +While there is no hard limit to how many CIDR blocks you can set using the +`token_bound_cidrs` parameter, there are limiting factors. One is the amount of +time it takes for the Vault to compare an IP with the list provided. Another is +the maximum request size of the HTTP when you create the list. + + + +#### AppRole response wrapping + +To guarantee confidentiality, integrity, and non-repudiation of SecretID, you can use the `-wrap-ttl` flag when generating the SecretID. Instead of providing the SecretID in plaintext, it puts it into a new token’s Cubbyhole with a token use count of 1. When the application attempts to read the SecretID, we can guarantee that only this application can read it. + +**Example:** The following CLI command retrieves the SecretID for a role named, "jenkins". The generated SecretID is wrapped in a token which is valid for 60 seconds to unwrap. + +```shell-session +$ vault write -wrap-ttl=60s -force auth/approle/role/jenkins/secret-id + +Key Value +--- ----- +wrapping_token: s.yzbznr9NlZNzsgEtz3SI56pX +wrapping_accessor: Smi4CO0Sdhn8FJvL8XvOT30y +wrapping_token_ttl: 1m +wrapping_token_creation_time: 2021-06-07 20:02:01.019838 -0700 PDT +wrapping_token_creation_path: auth/approle/role/jenkins/secret-id +``` + +Finally, you can monitor your audit logs for attempted read access of your SecretID. If Vault throws a use-limit error when an application tries to read the SecretID, you know that someone else has read the SecretID and alert on that. The audit logs will indicate where the SecretID read attempt originated. + +#### Policy requirement + +An appropriate policy is required to read SecretID from Vault. For example, to get the SecretID for a role named, "jenkins", the policy should look as below. + +```hcl +# Grant 'update' permission on the 'auth/approle/role//secret-id' path +path "auth/approle/role/jenkins/secret-id" { + capabilities = [ "update" ] +} +``` + +## Token lifetime considerations + +Tokens must be maintained client side and upon expiration can be renewed. For short lived workflows, traditionally tokens would be created with a lifetime that would match the average deploy time and left to expire, securing new tokens with each deployment. + +A long token time-to-live (TTL) can cause out of memory when trying to purge millions of AppRole leases. To avoid this, we recommend that you reduce TTLs for AppRole tokens and implement token renewal where possible. You can increase the memory on the Vault server; however, it won't be a long-term solution. + +In general, with any auth method, it's preferable for applications to keep using the same Vault token to fetch secrets repeatedly instead of a new authentication each time. Authentication is an expensive operation and results in a token that Vault must keep track of. If high authentication throughput, 1000s of authentications per second, are expected we recommend using batch tokens which are issued from memory and do not consume storage. + +### Vault Agent + +Consider running [Vault Agent](/vault/docs/agent-and-proxy/agent) on the client host, and let the agent manage the token's lifecycle. Vault Agent reduces the number of tokens used by the client applications. In addition, it eliminates the need to implement the Vault APIs to authenticate with Vault and renew the token TTL if necessary. + +To learn more about Vault Agent, read the following tutorials: + +- [Vault Agent with AWS](/vault/tutorials/vault-agent/agent-aws) +- [Vault Agent with Kubernetes](/vault/tutorials/kubernetes/agent-kubernetes) +- [Vault Agent Templates](/vault/tutorials/vault-agent/agent-templates) +- [Vault Agent Caching](/vault/tutorials/vault-agent/agent-caching) + +## Jenkins CI/CD + +When you are using Jenkins as a CI tool, Jenkins itself will need an identity; however, you should never have Jenkins log into Vault and pass a client token to the application via workflow. Jenkins needs to give the application its own identity so that the application gets its own secret. The best practice is to use the Vault Agent as much as possible with Jenkins so that Vault token is not managed by Jenkins. You can deliver a SecretID every morning or before every run for x number of uses. Let Vault Agent authenticate with Vault and get the token for Jenkins. Then, Jenkins uses that token for x number of operations against Vault. + +A key benefit of AppRole for applications is that it enables you to more easily migrate the application between platforms. + +When you use an AppRole for the application, the best practice is to obscure the RoleID from Jenkins but allow Jenkins to deliver a wrapped SecretID to the application. + +### Usage workflow + +Jenkins needs to run a job requiring some data classified as secret and stored in Vault. It has a master and a worker node where the worker node runs jobs on spawned container runners that are short-lived. + +The process would look like: -1. CI Worker authenticates to Vault +1. Jenkins worker authenticates to Vault 2. Vault returns a token -3. Worker uses token to retrieve a wrapped secretID for the **role** of the job it will spawn -4. Wrapped secretID returned by Vault -5. Worker spawns job runner and passes wrapped secretID as a variable to the job -6. Runner container requests unwrap of secretID +3. Worker uses token to retrieve a wrapped SecretID for the **role** of the job it will spawn +4. Wrapped SecretID returned by Vault +5. Worker spawns job runner and passes wrapped SecretID as a variable to the job +6. Runner container requests unwrap of SecretID 7. Vault returns SecretID 8. Runner uses RoleID and SecretID to authenticate to Vault 9. Vault returns a token with policies that allow read of the required secrets @@ -72,7 +198,7 @@ Here are more details on the more complicated steps of that process. -If you are unfamiliar with secrets wrapping, refer to the [response wraping](/vault/docs/concepts/response-wrapping) documentation and the [Cubbyhole response wrapping](/vault/tutorials/secrets-management/cubbyhole-response-wrapping) tutorial. +If you are unfamiliar with secrets wrapping, refer to the [response wraping](/vault/docs/concepts/response-wrapping) documentation. @@ -181,8 +307,6 @@ In both cases, this shows that the trusted-broker workflow has likely been compr ## Reference materials - [How (and Why) to Use AppRole Correctly in HashiCorp Vault](https://www.hashicorp.com/blog/how-and-why-to-use-approle-correctly-in-hashicorp-vault) -- [AppRole pull authentication](/vault/tutorials/auth-methods/approle) tutorial - [Response wrapping concept](/vault/docs/concepts/response-wrapping) -- [Cubbyhole response wrapping](/vault/tutorials/secrets-management/cubbyhole-response-wrapping) tutorial -- [ACL policies](/vault/tutorials/policies/policies) +- [ACL policies](/vault/docs/concepts/policies) - [Token periods and TTLs](/vault/docs/concepts/tokens#token-time-to-live-periodic-tokens-and-explicit-max-ttls) diff --git a/website/content/docs/auth/login-mfa/index.mdx b/website/content/docs/auth/login-mfa/index.mdx index f1dcd0f66bb0..3378a144eaeb 100644 --- a/website/content/docs/auth/login-mfa/index.mdx +++ b/website/content/docs/auth/login-mfa/index.mdx @@ -228,8 +228,73 @@ $ vault write -non-interactive sys/mfa/validate -format=json @payload.json To get started with Login MFA, refer to the [Login MFA](/vault/tutorials/auth-methods/multi-factor-authentication) tutorial. +### Time-based One-time Password (TOTP) -### TOTP passcode validation rate limit +Enable a Login MFA method to enforce TOTP on the LDAP auth method. + + + + Authenticator applications are not consistent in their support of encryption algorithms. You should research the algorithms supported by your preferred authenticator app. The [Configure TOTP MFA Method documentation](/vault/api-docs/secret/identity/mfa/totp#algorithm) lists algorithms supported by the Login MFA TOTP method. Google Authenticator supports SHA256. + + + +Configure the Login MFA TOTP method and note down the resulting `method_id`. + +```shell-session +$ vault write identity/mfa/method/totp \ + generate=true \ + issuer=Vault \ + period=30 \ + key_size=30 \ + algorithm=SHA256 \ + digits=6 +``` + +Using the TOTP `method_id` and an `entity_id` from after a sucessful MFA login. Use these to generate a QR code. + +```shell-session +$ vault write -field=barcode \ + /identity/mfa/method/totp/admin-generate \ + method_id=$TOTP_METHOD_ID entity_id=$ENTITY_ID \ + | base64 -d > qr-code.png +``` + +#### Create login MFA enforcement + +Capture the LDAP auth method accessor for use in creating a Login MFA enforcement. + +```shell-session +$ vault auth list -format=json --detailed +``` + +Using the accessor from the previous step and a `method_id` apply the enforcement. + +```shell-session +$ VAULT_TOKEN=root vault write /identity/mfa/login-enforcement/adtotp \ + mfa_method_ids=$TOTP_METHOD_ID \ + auth_method_accessors=$ACCESSOR +``` + +**Successful output example:** + + + +```plaintext +Success! Data written to: identity/mfa/login-enforcement/adtotp +``` + + + +#### Login with LDAP auth method + +Logging in with MFA enforcement will resemble the following: + +```shell-session +$ vault login -method=ldap username=alice password='password!' +Enter the passphrase for methodID "01194a79-e2d9-c038-029d-79b0091cafd0" of type "totp": +``` + +#### TOTP passcode validation rate limit Rate limiting of Login MFA paths are enforced by default in Vault 1.10.1 and above. By default, Vault allows for 5 consecutive failed TOTP passcode validation. diff --git a/website/content/docs/auth/saml/adfs.mdx b/website/content/docs/auth/saml/adfs.mdx index 5d2172109257..425dc8571d2e 100644 --- a/website/content/docs/auth/saml/adfs.mdx +++ b/website/content/docs/auth/saml/adfs.mdx @@ -56,7 +56,7 @@ Configure your Vault instance to work with Active Directory Federation Services -@include 'gui-page-instructions/enable-authn-plugin.mdx' +@include 'gui-instructions/enable-authn-plugin.mdx' - Enable the SAML plugin: diff --git a/website/content/docs/auth/saml/link-vault-group-to-ad.mdx b/website/content/docs/auth/saml/link-vault-group-to-ad.mdx index 962d3dae740a..a2f707295082 100644 --- a/website/content/docs/auth/saml/link-vault-group-to-ad.mdx +++ b/website/content/docs/auth/saml/link-vault-group-to-ad.mdx @@ -52,7 +52,7 @@ $ vault secrets enable -path=adfs-kv kv-v2 -@include 'gui-page-instructions/enable-secrets-plugin.mdx' +@include 'gui-instructions/enable-secrets-plugin.mdx' - Enable the KV plugin: @@ -102,7 +102,7 @@ EOF -@include 'gui-page-instructions/create-acl-policy.mdx' +@include 'gui-instructions/create-acl-policy.mdx' - Set the policy details and click **Create policy**: @@ -161,7 +161,7 @@ EOF -@include 'gui-page-instructions/create-group.mdx' +@include 'gui-instructions/create-group.mdx' - Follow the prompts to create an external group with the following information: diff --git a/website/content/docs/commands/server.mdx b/website/content/docs/commands/server.mdx index ce0b987534ad..85cc07f062ff 100644 --- a/website/content/docs/commands/server.mdx +++ b/website/content/docs/commands/server.mdx @@ -69,7 +69,7 @@ flags](/vault/docs/commands) included on all commands. | `log-file` | Full log file | Rotated log file | |-------------------------|-------------------------|-------------------------------------| - | `/var/log` | `/var/log/vault.log` | `/var/log/vault-{timestamp}.log` | + | `/var/log/` | `/var/log/vault.log` | `/var/log/vault-{timestamp}.log` | | `/var/log/my-diary` | `/var/log/my-diary.log` | `/var/log/my-diary-{timestamp}.log` | | `/var/log/my-diary.txt` | `/var/log/my-diary.txt` | `/var/log/my-diary-{timestamp}.txt` | diff --git a/website/content/docs/concepts/events.mdx b/website/content/docs/concepts/events.mdx index e8c5d7e6ce3c..6506a6bdb609 100644 --- a/website/content/docs/concepts/events.mdx +++ b/website/content/docs/concepts/events.mdx @@ -17,6 +17,12 @@ and subscribers (Vault components and external users via the API). + + +Event types without the `data_path` metadata field require a root token in order to be consumed from the `/v1/sys/events/subscribe/{eventType}` API endpoint. + + + Internal components of Vault as well as external plugins can generate event notifications. These are published to "event types", sometimes called "topics" in other event systems. All event notifications of a specific event type will have the same format for their @@ -131,6 +137,17 @@ Here is an example event notification in JSON format: ## Subscribing to event notifications + + +For multi-node Vault deployments, Vault only accepts subscriptions on the active node. If a client attempts to subscribe to events on a standby node, +Vault will respond with a redirect to the active node. Vault uses the [`api_addr`](/vault/docs/configuration#api_addr) of the active node's configuration to route the redirect. + +Vault deployments with performance replication must subscribe to events on the +primary performance cluster. Vault ignores subscriptions made from secondary +clusters. + + + Vault has an API endpoint, `/v1/sys/events/subscribe/{eventType}`, that allows users to subscribe to event notifications via a WebSocket stream. This endpoint supports the standard authentication and authorization workflows used by other Vault endpoints. diff --git a/website/content/docs/concepts/integrated-storage/migration-checklist.mdx b/website/content/docs/concepts/integrated-storage/migration-checklist.mdx new file mode 100644 index 000000000000..399fff63e2bb --- /dev/null +++ b/website/content/docs/concepts/integrated-storage/migration-checklist.mdx @@ -0,0 +1,180 @@ +--- +layout: docs +page_title: Migration checklist +description: Use this checklist for decision making related to migrating your Vault deployment to Integrated Storage. +--- + +# Migration checklist + + + +The purpose of this checklist is not to walk you through the storage +migration steps. This content provides a quick self-check whether it is your +best interest to migrate your Vault storage from an external system to +Integrated Storage. + + + +## Who should use this checklist? + +Integrated Storage is a recommended storage option, made available in +Vault 1.4. Vault continues to also support other storage solutions +like Consul. + +You should use this checklist if you are operating a Vault deployment backed +by external storage like Consul, and you are considering migration to +Integrated Storage. + +## Understand architectural differences + +It is important that you understand the differences between operating Vault +with external storage and operating with Integrated Storage. The following +sections detail key differences in architecture between Vault with Consul +storage, and Vault with Integrated Storage to help inform your decision. + +### Reference architecture with Consul + +The recommended number of Vault instances is **3** in a cluster which connects +to a Consul cluster which may have **5** or more nodes as shown in the diagram. + +A total of 8 virtual machines hosts this Vault highly available architecture. + + + +![Reference Diagram](/img/diagram-vault-ra-3-az.png) + + + +The processing requirements depend on the encryption and messaging workloads. +Memory requirements are dependant on the total size of secrets stored in +memory. The Vault server itself has minimal storage requirements, but +the Consul nodes should have a high-performance physical storage system. + +### Reference architecture with Integrated Storage + +The recommended number of Vault instances is **5** in a cluster. In a single HA +cluster, all Vault nodes share the data while an active node holds the lock; +therefore, only the active node has write access. To achieve n-2 redundancy, +(meaning that the cluster can still function after losing 2 nodes), +an ideal size for a Vault HA cluster is 5 nodes. + + + +Refer to the [Integrated +Storage](/vault/docs/internals/integrated-storage#deployment-table) +documentation for more deployment details. + + + + + +![Reference Diagram Details](/img/diagram-vault-integrated-ra-3_az.png) + + + +Because the data gets persisted on the same host, the Vault server should be +hosted on a relatively high-performance hard disk system. + +## Consul vs. Integrated Storage + +The Integrated Storage eliminates the need for external storage; therefore, +Vault is the only software you need to stand up a cluster. This indicates that +the host machine must have disk capacity in an amount equal or +greater to that of the existing external storage backend. + +### System requirements comparison + +The fundamental difference between Vault's Integrated Storage and Consul is +that the Integrated Storage stores everything on disk while [Consul +KV](/consul/docs/dynamic-app-config/kv) stores everything in its memory +which impacts the host's RAM. + +#### Machine sizes for Vault - Consul as its storage backend + +It is recommended to avoid hosting Consul on an instance with burstable CPU. + +| Size | CPU | Memory | Disk | Typical Cloud Instance Types | +| ----- | -------- | ------------ | ----- | ----------------------------------------- | +| Small | 2 core | 4-8 GB RAM | 25 GB | **AWS:** m5.large | +| | | | | **Azure:** Standard_D2_v3 | +| | | | | **GCE:** n1-standard-2, n1-standard-4 | +| Large | 4-8 core | 16-32 GB RAM | 50 GB | **AWS:** m5.xlarge, m5.2xlarge | +| | | | | **Azure:** Standard_D4_v3, Standard_D8_v3 | +| | | | | **GCE:** n1-standard-8, n1-standard-16 | + +#### Machine sizes for Vault with Integrated Storage + +| Size | CPU | Memory | Disk | Typical Cloud Instance Types | +| ----- | -------- | ------------ | ------ | ------------------------------------------ | +| Small | 2 core | 8-16 GB RAM | 100 GB | **AWS:** m5.large, m5.xlarge | +| | | | | **Azure:** Standard_D2_v3, Standard_D4_v3 | +| | | | | **GCE:** n2-standard-2, n2-standard-4 | +| Large | 4-8 core | 32-64 GB RAM | 200 GB | **AWS:** m5.2xlarge, m5.4xlarge | +| | | | | **Azure:** Standard_D8_v3, Standard_D16_v3 | +| | | | | **GCE:** n2-standard-8, n2-standard-16 | + +If many secrets are being generated or rotated frequently, this information will +need to be flushed to the disk often. Therefore, the infrastructure should have +a relatively high-performance hard disk system when using the integrated +storage. + + + + Vault's Integrated Storage is disk-bound; therefore, care should be taken when planning storage volume size and performance. For cloud providers, IOPS can be dependent on volume size and/or provisioned IOPS. It is recommended to provision IOPS and avoid burstable IOPS. Monitoring of IOPS performance should be implemented in order to tune the storage volume to the IOPS load. + + + +### Performance considerations + +Because Consul KV is memory-bound, it is necessary to take a snapshot frequently. +However, Vault's Integrated Storage persists everything on the disk which eliminates +the need for such frequent snapshot operations. Take snapshots to back up the data +so that you can restore them in case of data loss. This reduces the performance cost +introduced by the frequent snapshot operations. + +In considering disk performance, since Vault data changes are immediately written to disk, +rather than in batched snapshots as Consul does, it is important to monitor IOPS as well +as disk queues to limit storage bottlenecks. + + +### Inspect Vault data + +Inspection of Vault data differs considerably from the `consul kv` commands used +to inspect Consul's KV store. +Consult the [Inspect Data in Integrated Storage](/vault/tutorials/monitoring/inspect-data-integrated-storage) +tutorial to learn more about querying Integrated Storage data. + +### Summary + +The table below highlights the differences between Consul and integrated +storage. + +| Consideration | Consul as storage backend | Vault Integrated Storage | +| ------------------- | -------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- | +| System requirement | Memory optimized machine | Storage optimized high IOPS machine | +| Data snapshot | Frequent snapshots | Normal data backup strategy | +| Snapshot automation | Snapshot agent (**Consul Enterprise only**) | Automatic snapshot (**Vault Enterprise v1.6.0 and later**) | +| Data inspection | [Online, use `consul kv` command](/vault/tutorials/monitoring/inspecting-data-consul) | [Offline, requires using recovery mode](/vault/tutorials/monitoring/inspect-data-integrated-storage) | +| Autopilot | Supported | Supported (**Vault 1.7.0 and later**) | + +## Self-check questions + +- [ ] Where is the product expertise? + - [ ] Do you already have Consul expertise? + - [ ] Are you concerned about lack of Consul knowledge? +- [ ] Do you experience any technical issues with Consul? +- [ ] What motivates the data migration from the current storage to Integrated Storage? + - [ ] Reduce the operational overhead? + - [ ] Reduce the number of machines to run? + - [ ] Reduce the cloud infrastructure cost? +- [ ] Do you have a staging environment where you can run production loads and verify that everything works as you expect? +- [ ] Have you thought through the storage backup process or workflow after migrating to the Integrated Storage? +- [ ] Do you currently rely heavily on using Consul to inspect Vault data? + +## Tutorials + +If you are ready to migrate the current storage backend to Integrated Storage, +refer to the [Storage Migration Tutorial - Consul to Integrated Storage](/vault/tutorials/raft/raft-migration). + +To deploy a new cluster with Integrated Storage, refer to the [Vault HA Cluster +with Integrated Storage](/vault/tutorials/raft/raft-storage) tutorial. diff --git a/website/content/docs/concepts/production-hardening.mdx b/website/content/docs/concepts/production-hardening.mdx new file mode 100644 index 000000000000..532bd2b7200d --- /dev/null +++ b/website/content/docs/concepts/production-hardening.mdx @@ -0,0 +1,215 @@ +--- +layout: docs +page_title: Production hardening +description: >- + Harden your Vault deployments for production operations. +--- + +# Production hardening + +You can use the best practices in this document to harden Vault when planning +your production deployment. These recommendations follow the +[Vault security model](/vault/docs/internals/security), and focus on defense +in depth. + +You should follow the **baseline recommendations** if at all possible for any +production Vault deployment. The **extended recommendations** detail extra +layers of security which may require more administrative overhead, and might +not be suitable for every deployment. + +## Baseline recommendations + +- **Do not run as root**. Use a dedicated, unprivileged service account to run + Vault, rather than running as the root or Administrator account. Vault is + designed to run as an unprivileged user, and doing so adds significant + defense against various privilege-escalation attacks. + +- **Allow minimal write privileges**. The unprivileged Vault service account + should not have access to overwrite its executable binary or any Vault + configuration files. Limit what is writable by the Vault user to just + directories and files for local Vault storage (for example, Integrated + Storage) or file audit device logs. + +- **Use end-to-end TLS**. You should always use Vault with TLS in production. + If you use intermediate load balancers or reverse proxies to front Vault, + you should enable TLS for all network connections between every part of the + system (including external storage) to ensure encryption of all traffic in + transit to and from Vault. When possible, you should set the HTTP Strict + Transport Security (HSTS) header using Vault's [custom response headers](/vault/docs/configuration/listener/tcp#configuring-custom-http-response-headers) feature. + +- **Disable swap**. Vault encrypts data in transit and at rest, however it must + still have sensitive data in memory to function. Risk of exposure should be + minimized by disabling swap to prevent the operating system from paging + sensitive data to disk. Disabling swap is even more critical when your + Vault deployment uses Integrated Storage. + +- **Disable core dumps**. A user or administrator that can force a core dump + and has access to the resulting file can potentially access Vault encryption + keys. Preventing core dumps is a platform-specific process; on Linux setting + the resource limit `RLIMIT_CORE` to `0` disables core dumps. In the systemd + service unit file, setting `LimitCORE=0` will enforce this setting for the + Vault service. + +- **Use single tenancy**. Vault should be the sole user process running on a + machine. This reduces the risk that another process running on the same + machine gets compromised and gains the ability to interact with the Vault + process. Similarly, you should prefer running Vault on bare metal instead + of a virtual machine, and you prefer running in a virtual machine instead + of running in a containerized environment. + +- **Firewall traffic**. Use a local firewall or network security features of + your cloud provider to restrict incoming and outgoing traffic to Vault and + essential system services like NTP. This includes restricting incoming + traffic to permitted sub-networks and outgoing traffic to services Vault + needs to connect to, such as databases. + +- **Avoid root tokens**. When you initialize Vault, it emits an initial + root token. You should use this token just to perform initial setup, + such as enabling auth methods so that users can authenticate. You should + treat Vault [configuration as + code](https://www.hashicorp.com/blog/codifying-vault-policies-and-configuration/), + and use version control to manage policies. Once you complete initial Vault + setup, you should revoke the initial root token to reduce risk of exposure. Root tokens can be + [generated when needed](/vault/docs/commands/operator/generate-root), and should be + revoked when no longer needed. + +- **Configure user lockout**. Vault provides a [user lockout](/vault/docs/concepts/user-lockout) function + for the [approle](/vault/docs/auth/approle), [ldap](/vault/docs/auth/ldap) and [userpass](/vault/docs/auth/userpass) + auth methods. **Vault enables user lockout by default**. Verify the lockout threshold, and lockout duration matches your organizations security policies. + +- **Enable audit device logs**. Vault supports several [audit + devices](/vault/docs/audit). When you enable audit device logs, you gain + a detailed history of all operations performed by Vault, and a forensics + trail in the case of misuse or compromise. Audit logs [securely + hash](/vault/docs/audit#sensitive-information) + sensitive data, but you should still restrict access to prevent any + unintended information disclosure. + +- **Disable shell command history**. You may want the `vault` command itself to + not appear in history at all. + +- **Keep a frequent upgrade cadence**. Vault is actively developed, and you + should upgrade Vault often to incorporate security fixes and any changes in + default settings such as key lengths or cipher suites. Subscribe to the + [HashiCorp Announcement mailing list](https://groups.google.com/g/hashicorp-announce) + to receive announcements of new releases and visit the [Vault + CHANGELOG](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) for + details on the changes made in each release. + +- **Synchronize clocks**. Use NTP or whatever mechanism is appropriate for your + environment to ensure that all the Vault nodes agree about what time it is. + Vault uses the clock for things like enforcing TTLs and setting dates in PKI + certificates, and if the nodes have significant clock skew, a failover can wreak havoc. + +- **Restrict storage access**. Vault encrypts all data at rest, regardless of + which storage type it uses. Although Vault encrypts the data, an [attacker + with arbitrary + control](/vault/docs/internals/security) can cause + data corruption or loss by modifying or deleting keys. You should restrict + storage access outside of Vault to avoid unauthorized access or operations. + +- **Do not use clear text credentials**. The Vault configuration [`seal` + stanza](/vault/docs/configuration/seal) configures the seal type to use for + extra data protection such as using HSM or Cloud KMS solutions to encrypt and + decrypt the root key. **DO NOT** store your cloud credentials or HSM pin in + clear text within the `seal` stanza. If you host the Vault server on the same + cloud platform as the KMS service, use the platform-specific identity + solutions. For example: + + - [Resource Access Management (RAM) on AliCloud](/vault/docs/configuration/seal/alicloudkms#authentication) + - [Instance Profiles on AWS](/vault/docs/configuration/seal/awskms#authentication) + - [Managed Service Identities (MSI) on Azure](/vault/docs/configuration/seal/azurekeyvault#authentication) + - [Service Account on Google Cloud Platform](/vault/docs/configuration/seal/gcpckms#authentication-permissions) + + When using platform-specific identity solutions, you should be mindful of auth + method and secret engine configuration within namespaces. You can share + platform identity across Vault namespaces, as these provider features + generally offer host-based identity solutions. + + If that is not applicable, set the credentials as environment variables + (for example, `VAULT_HSM_PIN`). + +- **Use the safest algorithms available**. [Vault's TLS listener](/vault/docs/configuration/listener/tcp#tls_cipher_suites) + supports a variety of legacy algorithms for backwards compatibility. While + these algorithms are available, they are not recommended for use when + a stronger alternative is available. If possible, use TLS 1.3 to ensure + that modern encryption algorithms encrypt data in transit and offer + forward secrecy. + +- **Follow best practices for plugins**. While HashiCorp-developed plugins + generally default to a safe configuration, you should be mindful of + misconfigured or malicious Vault plugins. These plugin issues can harm the + security posture of your Vault deployment. + +- **Be aware of non-deterministic configuration file merging**. Vault's + configuration file merging is non-deterministic, and inconsistencies in + settings between files can lead to inconsistencies in Vault settings. + Ensure set configurations are consistent across all files (and any files merged together get denoted by a `-config` flag). + +- **Use correct filesystem permissions**. Always ensure appropriate permissions + get applied to files before starting Vault. This is even more critical for files which contain sensitive information. + +- **Use standard input for vault secrets**. [Vault login](/vault/docs/commands/login) + and [Vault unseal](/vault/api-docs/system/unseal#key) allow operators to + give secret values from either standard input or with command-line arguments. + Command-line arguments can persisted in shell history, and are readable by other unprivileged users on the same host. + +- **Develop an off-boarding process**. Removing accounts in Vault or associated + identity providers may not immediately revoke [token-based access](/vault/docs/concepts/tokens#user-management-considerations). + Depending on how you manage access to Vault, operators should consider: + + - Removing the entity from groups granting access to resources. + - [Revoking](/vault/docs/concepts/lease#prefix-based-revocation) the active leases for a given user account. + - Deleting the canonical entity of the user after removing accounts in Vault or associated identity providers. + Deleting the canonical entity alone is insufficient as one is automatically created on successful login if it does not exist. + - [Disabling](/vault/docs/commands/auth/disable) auth methods instead of deleting them, which revokes all + tokens generated by this auth method. + +- **Use short TTLs** When possible, credentials issued from Vault (for example + tokens, X.509 certificates) should be short-lived, as to guard against their potential compromise, and reduce the need to use revocation methods. + +## Extended recommendations + +- **Disable SSH / remote desktop**. When running a Vault as a single tenant + application, users should never access the machine directly. Instead, they + should access Vault through its API over the network. Use a centralized + logging and telemetry solution for debugging. Be sure to restrict access to + logs as need to know. + +- **Use systemd security features**. Systemd provides a number of features + that you can use to lock down access to the filesystem and to + administrative capabilities. The service unit file provided with the + official Vault Linux packages sets a number of these by default, including: + + ```plaintext + ProtectSystem=full + PrivateTmp=yes + CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK + AmbientCapabilities=CAP_IPC_LOCK + ProtectHome=read-only + PrivateDevices=yes + NoNewPrivileges=yes + ``` + + See the [systemd.exec manual page](https://www.freedesktop.org/software/systemd/man/systemd.exec.html) for more details. + +- **Perform immutable upgrades**. Vault relies on external storage for + persistence, and this decoupling allows the servers running Vault to be + immutably managed. When you upgrade to a new version, you can bring new + servers with the upgraded version of Vault online. You can attach the new + servers to the same shared storage and unseal them. Then you can destroy the + older version servers. This reduces the need for remote access and upgrade orchestration which may introduce security gaps. + +- **Configure SELinux / AppArmor**. Using mechanisms like + [SELinux](https://github.com/hashicorp/vault-selinux-policies) + and AppArmor can help you gain layers of security when using Vault. + While Vault can run on several popular operating systems, Linux is + recommended due to the various security primitives mentioned here. + +- **Adjust user limits**. It is possible that your Linux distribution enforces + strict process user limits (`ulimits`). Consider a review of `ulimits` for maximum amount of open files, connections, etc. before going into production. You might need to increase the default values to avoid errors about too + many open files. + +- **Be aware of special container considerations**. To use memory locking + (mlock) inside a Vault container, you need to use the `overlayfs2` or another + supporting driver. diff --git a/website/content/docs/concepts/tune-server-performance.mdx b/website/content/docs/concepts/tune-server-performance.mdx new file mode 100644 index 000000000000..121acbb5808b --- /dev/null +++ b/website/content/docs/concepts/tune-server-performance.mdx @@ -0,0 +1,948 @@ +--- +layout: docs +page_title: Tune server performance +description: >- + Understand the configuration and settings you can tune to gain increased server performance. +--- + +# Tune server performance + +Vault is a high-performance secrets management and data protection solution capable of handling enterprise-scale workloads. As you scale your usage and adopt broader use cases, you can tune Vault, its underlying operating system, and storage for optimal performance. + +These guidelines and best practices can help you tune the Vault environment to achieve optimal performance, but they are not for documenting requirements. These are best practice recommendations you should apply based on your specific environment and requirements. The guidance also includes important Vault resource limitations to consider with regards to performance. + + + +This guidance focuses on tuning your Vault environment for optimal performance. +Refer to [Vault limits and maximums](/vault/docs/internals/limits) for known +upper limits on the size of certain fields and objects, and configurable limits +on others. + + + +You can focus on a limited range of tunable parameters grouped as follows: + +- **Operating system tuning** covers critical OS configuration items for ideal operations. +- **Vault tuning** details the configuration tuning for Vault itself. +- **Storage tuning** has items of note which are specific to storage. + +If your aim is to use what you learn here to tune production systems, then you should first become familiar with guidance from the [Reference Architecture](/vault/tutorials/raft/raft-reference-architecture) and [Deployment Guide](/vault/tutorials/day-one-raft/raft-deployment-guide). Ensure that your Vault cluster deployment aligns with guidance in those resources before proceeding with this guidance. [Production hardening](/vault/docs/concepts/production-hardening) is also a useful resource to learn about hardening your clusters for production. + +## Performance investigation + +Part of performance tuning involves investigation by observation and measuring current system characteristics. You can use a range of techniques and tools to investigate performance. One such method for analyzing the performance of a system is the [Utilization Saturation and Errors](http://www.brendangregg.com/usemethod.html) (USE) method. + +This method proposes a technique to use in performance investigation that involves checking the following characteristics for each relevant resource under investigation: + +- **Utilization** - did you get an alert about low storage capacity or notice out of memory errors, for example? + +- **Saturation** - are there signs that the storage IOPS are at their allowed maximum, for example? + +- **Errors** - are there errors in the application logs or Vault logs, for example? Are they persistent while performance degrades? + +You can apply the USE method to Vault cluster system resources and gain deeper understanding of existing bottlenecks or issues as part of your performance investigation. + +This guidance uses elements of the USE method throughout. For example, when investigating the performance of failover in a highly available cluster, errors (the 'E' in USE) can inform you about which resources need tuning. + +Likewise, you can use features like [telemetry](/vault/docs/configuration/telemetry) to gather [metrics](/vault/docs/internals/telemetry) and measure the utilization and saturation of resources in your Vault cluster. + +Review [Monitor telemetry & audit device log data](/vault/tutorials/monitoring/monitor-telemetry-audit-splunk) to learn more about using Vault telemetry and audit device metrics with an aggregation stack based on Fluentd, Telegraf, and Splunk. + + + + When you are able to gather, investigate, and measure data from Vault cluster environments you can also more accurately inform your performance tuning decisions. + + + +### Performance investigation tools + +The USE Method provides a comprehensive [checklist for Linux](http://www.brendangregg.com/USEmethod/use-linux.html) systems that is great for investigating system level performance. The USE method also details tools you can use for investigating utilization and saturation aspects of each resource. + +The most common tools you can use to help with performance investigation at the physical system or virtual machine level are also listed here for your reference. + +| Component | Tools | Notes | +| ----------- | ------------------------------------ | --------------------------------------------------------------------------------------------------------- | +| **CPU** | dstat, htop, lscpu, sar, top, vmstat | dstat does not have a Python 3 implementation; Red Hat users can emulate dstat with Performance Co-Pilot. | +| **Memory** | free, sar, vmstat | | +| **Storage** | df, iostat, sar, swapon | | +| **Network** | ifconfig, netstat | | + +For users in containerized environments like Docker and Kubernetes, there exists a range of higher level tools to better serve the specific troubleshooting challenges of those environments. + +Some solutions in common use include: + +- [Datadog Real-Time Container Monitoring](https://www.datadoghq.com/dg/monitor/containers/) + +- [Dynatrace](https://www.dynatrace.com/) + +- [Sysdig Inspect](https://github.com/draios/sysdig-inspect) is a powerful open source interface for container troubleshooting. + +## Linux operating system tuning + +Your deployments can benefit from smooth Vault operations by properly configuring and tuning the underlying operating system. In this section, you learn about Linux OS tunable configuration for ideal Vault operations. + +### User limits + +The Linux kernel can impose **user limits** (known also as `ulimit` values) on a per-user, per-process, or system-wide basis. These limits were historically designed to help prevent any one user or process from consuming available resources on multi-user and multi-process systems. + +On a contemporary Linux system, these limits are typically controlled by [systemd process properties](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Process%20Properties). + +For Vault servers, which host a minimum number of running processes and no multi-user interactive sessions, the default limits can be too low and cause issues. + +You can read the active limits for a running vault process from the kernel process table under the relevant process ID (PID). This example shows use of the `pidof` command to dynamically get the vault PID and insert it into the path to retrieve the correct values. + +```shell-session +$ cat /proc/$(pidof vault)/limits +``` + +**Example output:** + + + + +```plaintext +Limit Soft Limit Hard Limit Units +Max cpu time unlimited unlimited seconds +Max file size unlimited unlimited bytes +Max data size unlimited unlimited bytes +Max stack size 8388608 unlimited bytes +Max core file size 0 unlimited bytes +Max resident set unlimited unlimited bytes +Max processes 7724 7724 processes +Max open files 1024 4096 files +Max locked memory 16777216 16777216 bytes +Max address space unlimited unlimited bytes +Max file locks unlimited unlimited locks +Max pending signals 7724 7724 signals +Max msgqueue size 819200 819200 bytes +Max nice priority 0 0 +Max realtime priority 0 0 +Max realtime timeout unlimited unlimited us +``` + + + +The output shows the limit name and three values: + +- **Soft Limit** is a user configurable value the kernel will enforce that cannot exceed the hard limit. +- **Hard Limit** is a root user configurable value the kernel will enforce that cannot exceed the system-wide limit +- **Units** represent the measurement type for the limit + +While there are 16 distinct limits shown in the output, this guidance focuses on 2 of them in detail: **Max open files** and **Max processes**. + + + + Be cautious when using approaches such as `ulimit -a` to get user limit values. The limits output from that command are for the _current user_, and do not necessarily match those of the user ID under which your Vault process executed. + + + +#### Max open files + +An operating Vault consumes file descriptors for both use in accessing files on a filesystem and for representing socket connections established to other network hosts. + +The value of maximum open files allowed to the Vault process is a critical user limit that you should appropriately tune for ideal performance. + +**How to measure usage?** + +To inspect the current maximum open files values for the vault process, read them from the kernel process table. + +```shell-session +$ cat /proc/$(pidof vault)/limits | awk 'NR==1; /Max open files/' +``` + +**Example output:** + + + +```plaintext +Limit Soft Limit Hard Limit Units +Max open files 1024 4096 files +``` + + + +You can also use `lsof` to get detailed output on open files, like this: + +```shell-session +$ sudo lsof -p $(pidof vault) +``` + +**Example output:** + + + +```plaintext +COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME +vault 14810 vault cwd DIR 253,0 4096 2 / +vault 14810 vault rtd DIR 253,0 4096 2 / +vault 14810 vault txt REG 253,0 138377265 131086 /usr/local/bin/vault +vault 14810 vault 0r CHR 1,3 0t0 6 /dev/null +vault 14810 vault 1u unix 0xffff89e6347f9c00 0t0 41148 type=STREAM +vault 14810 vault 2u unix 0xffff89e6347f9c00 0t0 41148 type=STREAM +vault 14810 vault 3u unix 0xffff89e6347f8800 0t0 41208 type=DGRAM +vault 14810 vault 4u a_inode 0,13 0 9583 [eventpoll] +vault 14810 vault 6u IPv4 40467 0t0 TCP *:8200 (LISTEN) +vault 14810 vault 7u IPv4 41227 0t0 TCP localhost:53766->localhost:8500 (ESTABLISHED) +``` + + + +This is a minimal example taken from a newly unsealed Vault. You can expect much more output in a production Vault with several use cases. The output is helpful for spotting the specific source of open connections, such as socket connections to a database secrets engine, for example. + +Here, you can observe that the last 2 lines relate to 2 open sockets. + +First is file descriptor number 6, open with read and write permission (u), is of type IPv4, is a TCP node bound to port 8200 on all network interfaces. + +Second, file descriptor 7 represents the same kind of socket, except as an outbound ephemeral port connection. The outbound connection originates from Vault on TCP/53766 to the Consul client agent on localhost that is listening on port 8500. + +**What are common errors?** + +When the value for maximum open files is too low, Vault emits errors to its operational logging in the format of this example: + + + +```plaintext +http: Accept error: accept tcp4 0.0.0.0:8200: accept4: too many open files; retrying in 1s +``` + + + +Key parts to this log line: + +- The error source is Vault's HTTP subsystem (`http:`). + +- Since the error originates from `http`, the error also relates to exhausting file descriptors in the context of network sockets, not regular files (note `accept4()` instead of `open()`). + +- The most critical piece of the error, and one that explains the immediate cause of this issue is **too many open files**. If maximum open files are not tuned on this Vault server, then tuning the value would be a reasonable starting point towards resolving the error. + + + +This error is a both red alert that there are insufficient file descriptors, and that something within or outside Vault might be excessively consuming them. + + + +You should remedy the issue by increasing the maximum open files limit and restarting the Vault service for each affected cluster peer. There are implications and limitations around raising the value that you should be aware of before doing so. + +First, there is a system-wide maximum open files limit that the kernel enforces and that user programs like Vault can't exceed. Note that this value is dynamically set at boot time and varies depending on the physical computer system characteristics, such as available physical memory. + +To check the current system-wide maximum open files value for a given system, read it from the kernel process table. + +```shell-session +$ cat /proc/sys/fs/file-max +``` + +**Example output:** + + + +```plaintext +197073 +``` + + + +On this example system, it will not be possible to specify a maximum open file limit that exceeds 197073. + +**Increase limits** + +In the earlier example output, you observed that the maximum open files for the Vault process had a soft limit of 1024 and a hard limit of 4096. These are often the default values for some Linux distributions, and you should always increase the value beyond such defaults for using Vault in production. + +Once you learn the system-wide limit, you can appropriately increase the limit for Vault processes. With a contemporary systemd based Linux, you can do so by editing the Vault systemd service unit file, and specifying a value for the **LimitNOFILE** [process property](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Process%20Properties). + +The systemd unit file name can vary, but often it's name is `vault.service`, and you can find the file located at `/lib/systemd/system/vault.service` or `/etc/systemd/system/vault.service`. + +Edit the file as the system super user: + +```shell-session +$ sudo $EDITOR /etc/systemd/system/vault.service +``` + +Either add the `LimitNOFILE` process property under **[Service]** or edit its value if it already exists to increase the soft and hard limits to a reasonable baseline value of **65536**. + + + +```plaintext +LimitNOFILE=65536 +``` + + + +Save the file, exit your editor. + +Any change to the unit requires a daemon reload; go ahead and do that now. + +```shell-session +$ sudo systemctl daemon-reload +``` + +This command produces no output when the reload occurs without issue. + +The next time you restart the vault service, the new maximum open files limits will be in effect. + +You can restart the service, then examine the process table again to confirm your changes are in place. + + + + You should be careful about this step in production systems as it can trigger a cluster leadership change. Depending on your Vault seal type, restarting the service can mean that you also need to unseal Vault if not using an auto seal type. Prepare to unseal Vault after reloading the configuration if not using an auto seal. + + + +Restart the vault service. + +```shell-session +$ sudo systemctl restart vault +``` + +After Vault restarts, check the process table for the new vault process: + +```shell-session +$ cat /proc/$(pidof vault)/limits | awk 'NR==1; /Max open files/' +``` + +**Example output:** + + + +```plaintext +Limit Soft Limit Hard Limit Units +Max open files 65536 65536 files +``` + + + + + + For an example Vault systemd unit file that also includes this process property, refer to [enable and start the service](/vault/tutorials/day-one-raft/raft-deployment-guide#enable-and-start-the-vault-service) in the [Vault Deployment Guide](/vault/tutorials/day-one-raft/raft-deployment-guide). + + + +### A note about CPU scaling + +You might expect that Vault will scale linearly up to 100% CPU usage when tuning specific workloads, such as the Transit or Transform Secrets engine encryption. That is typically an unrealistic expectation. + +HashiCorp builds Vault with the Go programming language, and part of this relates to its performance characteristics. Go has the notion of [goroutines](https://golang.org/doc/effective_go.html?h=goroutine#goroutines), which are functions or methods that run concurrently with other functions or methods. + + The more goroutines that are simultaneously scheduled, the more context switching the system performs, the more interrupts by the network interface, etc. + +This behavior may not represent a large toll on the CPU in terms of real CPU utilization, but it can impair I/O. Each time a goroutine blocks for I/O (or gets preempted due to an interrupt) it can take longer each time before that goroutine is back in service. + +You should keep this in mind whenever tuning CPU heavy workloads in Vault. + +## Vault tuning + +The following sections relate to tuning of the Vault software itself through the use of available configuration parameters, features, or functionality. + +These sections share guidance and examples wherever possible. + +### Cache size + +Vault uses a [Least Recently Used (LRU)](https://en.wikipedia.org/wiki/Cache_replacement_policies#Least_recently_used_.28LRU.29) read cache for the physical storage subsystem with a tunable value, [cache_size](/vault/docs/configuration#cache_size). The value is the number of entries and the default value is **131072**. + +The total cache size depends on the size of stored entries. + + + + LIST operations are not cached. + + + +### Maximum request duration + +Vault provides two parameters you can tune that will limit the maximum allowed duration of a request. You can use this for deployments with strict service level agreements around the duration of requests, or for enforcing a request duration of specific length. + +At the server-wide level, there is [default_max_request_duration](/vault/docs/configuration#default_max_request_duration) with a default value of 90 seconds (90s). Again, tuning of this value is for specific use cases and affects _every request made against the entire node_, so do keep this in mind. + +Here is an example minimal Vault configuration that shows the use of an explicit `default_max_request_duration` setting. + +```hcl +api_addr = "https://127.0.0.8200" + +default_max_request_duration = "30s" + +listener "tcp" { + address = "127.0.0.1:8200" + tls_cert_file = "/etc/pki/vault-server.crt" + tls_key_file = "/etc/pki/vault-server.key" +} + +storage "consul" { + address = "127.0.0.1:8500" + path = "vault" +} +``` + +The second option is to set a similar maximum at the listener level. You can configure Vault to use more than one listener by adding more listener stanzas. To gain some granularity on the request restriction, you can set [max_request_duration](/vault/docs/configuration/listener/tcp#max_request_duration) within the scope of the `listener` stanza. The default value is also 90 seconds (90s). + +Here is an example minimal Vault configuration that shows the use of an explicit `max_request_duration` setting in the TCP listener. + +```hcl +api_addr = "https://127.0.0.8200" + +listener "tcp" { + address = "127.0.0.1:8200" + tls_cert_file = "/etc/pki/vault-server.crt" + tls_key_file = "/etc/pki/vault-server.key" + max_request_duration = "15s" +} + +storage "consul" { + address = "127.0.0.1:8500" + path = "vault" +} +``` + + + + When you set **max_request_duration** in the TCP listener stanza, the value overrides that of **default_max_request_duration**. + + + +### Maximum request size + +Vault enables control of the global hard maximum allowed request size in bytes on a listener through the [max_request_size](/vault/docs/configuration/listener/tcp#max_request_size) parameter. + +The default value is **33554432** bytes (32 MB). + +Specifying a number less than or equal to 0 turns off request size limiting altogether. + +### HTTP timeouts + +Each Vault TCP listener can define four HTTP timeouts, which directly map to underlying Go http server parameters as defined in [Package http](https://golang.org/pkg/net/http/). + +#### http_idle_timeout + +Use the [http_idle_timeout](/vault/docs/configuration/listener/tcp#http_idle_timeout) parameter to configure the maximum amount of time to wait for the next request when using keep-alives. If the value of this parameter is 0, Vault uses the value of **http_read_timeout**. If both have a 0 value, there is no timeout. + +Default value: **5m** (5 minutes) + +#### http_read_header_timeout + +You can use the [http_read_header_timeout](/vault/docs/configuration/listener/tcp#http_read_header_timeout) parameter to configure the amount of time allowed to read request headers. If the value of **http_read_header_timeout** is 0, Vault uses the value of **http_read_timeout**. If both values are 0, there is no timeout. + +Default value: **10s** (10 seconds) + +#### http_read_timeout + +You can use the [http_read_timeout](/vault/docs/configuration/listener/tcp#http_read_timeout) parameter to configure the maximum duration for reading the entire HTTP request, including the body. + +Default value: **30s** (30 seconds) + +#### http_write_timeout + +You can use the [http_write_timeout](/vault/docs/configuration/listener/tcp#http_write_timeout) parameter to configure the maximum duration before timing out writes of the response. + +Default value: **0** (zero) + +### Lease expiration and TTL values + +Vault maintains [leases](/vault/docs/concepts/lease) for all dynamic secrets and service type authentication [tokens](/vault/docs/concepts/tokens). + +These leases represent a commitment to do future work in the form of revocation, which involves connecting to external hosts to revoke the credential there as well. In addition, Vault has internal maintenance to perform in the form of deleting (potentially recursively) expired tokens and leases. + +It is important to keep the growth of leases in a production Vault cluster in check. Unbounded lease growth can eventually cause serious issues with the underlying storage, and eventually to Vault itself. + +By default, Vault will use a time-to-live (TTL) value of 32 days on all leases. You need to be aware of this when defining use cases and try to select the shortest possible TTL value that your use can tolerate. + + + + If you deploy Vault without specifying explicit TTL and maximum TTL values, you run the risk of generating excessive leases as the default TTL allows them to readily accumulate. Doing bulk or load generation and testing amplifies this effect. This is a common pitfall with new Vault users. Review [Token Time-To-Live, Periodic Tokens, and Explicit Max TTLs](/vault/docs/concepts/tokens#token-time-to-live-periodic-tokens-and-explicit-max-ttls) to learn more. + + + +#### Short TTLs are good + +**Good for security** + +- A leaked token with a short lease expires sooner. +- A failed or destroyed service instance whose token is not revoked soon after use is not a big deal if it has a short TTL anyway. + +**Good for performance** + +Short TTLs have a load smoothing effect. It is better to have a lot of small writes spaced out over time, than having a big backlog of expired leases all at once. + +#### What to look for? + +With respect to usage and saturation, you can identify issues by monitoring the [vault.expire.num_leases metric](/vault/docs/internals/telemetry#policy-and-token-metrics), which represents the number of all leases which are eligible for eventual expiry. + +You can also monitor storage capacity for signs of lease saturation. Specifically you can examine the paths in storage which hold leases. Review the [Inspecting Data in Consul Storage](/vault/tutorials/monitoring/inspecting-data-consul) or [Inspect Data in Integrated Storage](/vault/tutorials/monitoring/inspect-data-integrated-storage) tutorials to learn more about the paths where you can expect to find lease data. + +### Namespaces + + + + [Namespaces](/vault/docs/enterprise/namespaces) are a Vault Enterprise Platform feature. + + + +The hierarchy of namespaces is purely logical and Vault handles internal routing at just one level. As a result, there aren't any performance considerations or general limitations for the use of namespaces themselves whether implemented as flat hierarchies or in a deeply nested configuration. + +### Performance Standbys + + + + [Performance Standbys](/vault/docs/enterprise/performance-standby) are a feature of Vault Enterprise with the Multi-Datacenter & Scale Module. + + + +Vault Enterprise features High Availability functionality that enables servers to service requests which do not change Vault's storage (read-only requests) on the local standby node versus forwarding them to the active node. This is the Performance Standby feature, and Vault Enterprise enables the feature by default. Read the [Performance Standby Nodes](/vault/tutorials/enterprise/performance-standbys) tutorial to learn more. + +While there are no tunable parameters available for performance standby functionality, some use cases can require that they be entirely deactivate. If necessary, you can use the [disable_performance_standby](/vault/docs/configuration#disable_performance_standby) configuration parameter to deactivate performance standbys with the. + +### Enterprise Replication + +[Vault enterprise replication](/vault/docs/enterprise) uses a component called the _log shipper_ to track recent updates written to Vault storage and stream them to replication secondaries. + +Vault version 1.7 introduced new performance related configuration for [Enterprise Replication](/vault/docs/enterprise/replication) functionality. + +If you are a Vault Enterprise user with version 1.7 or higher, use the information in this section to understand and adjust the replication performance configuration for your use case and workload. + +Tuning the replication configuration is most useful when replicating large numbers (thousands to tens of thousands) of items such as namespaces. This is most helpful when your use cases create and delete namespaces often. + +You can tune both the length and size of the log shipper buffer to make the most use of available system resources, while also preventing unbounded buffer growth. + +The configuration goes in a [`replication`](/vault/docs/configuration/replication) stanza that should be in the global configuration scope. Here is an example configuration snippet containing all available options for the `replication` stanza. + +```hcl +replication { + resolver_discover_servers = true + logshipper_buffer_length = 1000 + logshipper_buffer_size = "5gb" +} +``` + +Detailed information about each configuration option follows. + +- `resolver_discover_servers` controls whether the log shipper's resolver should discover other Vault servers; the option accepts a boolean value, and the default value is true; + +- `logshipper_buffer_length` sets the maximum number of entries that the log shipper buffer holds as an integer value; the default value is zero (0). In the example configuration, the value is 1000 entries. + +- `logshipper_buffer_size` sets the maximum size that the log shipper buffer can grow to, expressed as an integer indicating the number of bytes or as a capacity string. Valid capacity strings are `kb, kib, mb, mib, gb, gib, tb, tib`; there is no default value. In the example configuration, the value is 5 gigabytes. + +If you do not explicitly define values for `logshipper_buffer_length` or `logshipper_buffer_size`, then Vault calculates default values based on available memory. + +On startup, Vault attempts to access the amount of host memory, if it is successful, it allocates 10% of the available memory to the log shipper. For example, if your Vault server has 16GB of memory, the log shipper will have access to 1.6GB. + +If Vault fails to read the host memory, it uses the default value of 1GB for `logshipper_buffer_size`. + + + + Refer to [Vault limits and maximums](/vault/docs/internals/limits) to learn more about specific limits and maximum sizes for Vault resources. + + + +#### What to look for? + +Observe memory utilization for the Vault processes; if you replicate several enterprise namespaces, and memory is not released upon namespace deletion, you should investigate. + +You can then decide whether to implement changes to the replication configuration that match your available server memory resources and namespace usage based on your investigation of current memory usage behavior. + +#### How to improve performance? + +You must first ensure that your Vault servers meet the requirements outlined in the [Reference Architecture](/vault/tutorials/raft/raft-reference-architecture). Tuning these configuration values requires that the underlying memory resources are present on each server in the Vault cluster. + +If you intend to increase memory resources in your Vault servers, you can then increase the `logshipper_buffer_size` value. + +You can adjust the `logshipper_buffer_length` value to handle anticipated increases in namespace usage. For example, if your deployment uses several hundred namespaces, but your plans are to soon expand to 3000 namespaces, then you should increase `logshipper_buffer_length` to meet this increase. + + + + Keep in mind that the practical limit for enterprise namespaces in a single cluster is dependent on the storage in use. The [Namespace limits](/vault/docs/internals/limits#namespace-limits) section of the Vault Limits and Maximums documentation explains the current limits. + + + +### PKI certificates & certificate revocation lists + +Users of the [PKI Secrets Engine](/vault/docs/secrets/pki), should be aware of the performance considerations and best practices specific to this secrets engine. + +One thing to consider If you are aiming for maximum performance with this secrets engine: performance bounds depend on available entropy on the Vault server and the high CPU requirements for computing key pairs. If your use case has Vault issuing the certificates and keys instead of signing Certificate Signing Requests (CSR). + +This can cause linear scaling. The most general-purpose way to avoid this is to have clients generate CSRs and submit them to Vault for signing instead of having Vault return a certificate/key pair. + +The two most common performance pitfalls users find with the PKI secrets engine relate to one another, and can result in severe performance issues. In extreme cases, these problems can cause a complete Vault outage. + +The first problem is in choosing unrealistically long certificate lifetimes. + +Vault champions a philosophy of keeping all secret lifetimes as short as practically possible. While this is fantastic for security posture, it can add a bit of challenge to selecting the ideal certificate expiration values. + +It is still critical that you reason about each use case thoroughly and work out the ideal shortest lifetimes for your Vault secrets, including PKI certificates generated by Vault. Review the PKI secrets engine documentation, focusing on the section [Keep certificate lifetimes short, for CRL's sake](/vault/docs/secrets/pki#keep-certificate-lifetimes-short-for-crl-s-sake) to learn more. + + + + If your certificate lifetimes are somewhat longer than required, it is critical that you ensure that applications are reusing the certificates they get from Vault until they near expiry before requesting new ones, and are not often requesting new ones on a regular basis. Long lived certificates often generated cause rapid CRL growth. + + + +The second issue is a symptom of the first, in that creation of several certificates with long lifetimes causes rapid growth of the Certificate Revocation List (CRL). This list is internally represented as one key in the key/value store. If your Vault servers use Consul storage, it ships with a default maximum value size of **512KB**. The CRL can saturate this value in time with enough improper usage and frequent requesting of long lived certificates. + +**What are common errors?** + +When the PKI secrets engine CRL has grown to be larger than allowed by the default Consul key value maximum size, you can expect to meet with errors about lease revocation in the Vault operational log that resemble this example: + + + + +```plaintext +[ERROR] expiration: failed to revoke lease: lease_id=pki/issue/prod/7XXYS4FkmFq8PO05En6rvm6m error="failed to revoke entry: resp: (*logical.Response)(nil) err: error encountered during CRL building: error storing CRL: Failed request: Request body too large, max size: 524288 bytes" +``` + + + + +If you are trying to gain increased performance with the PKI secrets engine and do not require a CRL, you should define your roles to use the [no_store](/vault/api-docs/secret/pki#no_store) parameter. + + + + Vault cannot list or revoke certificates generated from roles that define the `no_store` parameter. + + + +### ACLs in policies + +If your goal is to optimize Vault performance as much as possible, you should analyze your ACL policies and policy paths to minimize the complexity of paths which use templating and special operators. + +#### How to improve performance? + +- Try to minimize use of [templating in policy paths](/vault/tutorials/policies/policy-templating) when possible +- Try to minimize use of the `+` and `*` path segment designators in your policy path syntax. + +### Audit devices + +Ensure that your audit devices can write without obstruction, but also be sure to tune the target of the device. For example, you should tune the storage used by a file audit device so that it can perform at its maximum potential. + +As of Vault Enterprise 1.18.0, you can also enable exclusion of specific fields from audit device output. Depending on the fields required by your use case, excluding fields can represent significant audit device performance gains. + +Review the [audit exclusion](/vault/docs/enterprise/audit/exclusion) documentation to learn more about how audit device exclusion works. + +### Policy evaluation + +Vault Enterprise users can have [Access Control List (ACL) policies](/vault/docs/concepts/policies), [Endpoint Governing Policies (EGP)](/vault/docs/enterprise/sentinel#endpoint-governing-policies-egps), and [Role Governing Policies (RGP)](/vault/docs/enterprise/sentinel#role-governing-policies-rgps) in use. + +For your reference, here is a diagram and description of the Vault policy evaluation process for ACL, EGP, and RGP. + +![A diagram that explains Vault policy request evaluation](/img/vault-policy-evaluation.png) + +If the request was an unauthenticated request (for example "vault login"), there is no token; therefore, Vault evaluates EGPs associated with the request endpoint. + +If the request has a token, the ACL policies attached to the token get evaluated. If the token has an appropriate capability to operate on the path, Vault evaluates RGPs next. + +Vault then evaluates EGPs set on the request endpoint. + +If at any point, the policy evaluation fails, then Vault denies the request. + +### Sentinel policies + +Enterprise users of Vault Sentinel policies should be aware that these policies are generally more computationally intensive by nature. + +What are the performance implications of Sentinel policies? + +- Generally, the more complex a policy and the more that it pertains to a specific request, the more expensive it will be. +- [Templated policy paths](/vault/tutorials/policies/policy-templating) also add extra cost to the policy as well. +- A larger number of Sentinel policies that apply to specific requests will have more performance negative performance effects than a similar number of policies which are not as specific about the request. + +The new [HTTP import](https://docs.hashicorp.com/sentinel/imports/http) introduced in Vault version 1.5 provides a flexible means of policy workflow to use external HTTP endpoints. If you use this module, you should be aware that in addition to the internal latency involved in processing the logic for the Sentinel policy, there is now an external latency and you must combine these two latencies to properly reason about overall performance. + +### Tokens + +Vault requires valid [tokens](/vault/docs/concepts/tokens) for all authenticated requests, which include the majority of API endpoints. + +They typically have a finite lifetime in the form of a [lease](/vault/docs/concepts/lease) or time-to-live (TTL) value. + +The common interactions for tokens involve login requests and revocation. Those interactions with Vault result in the following operations. + +| Interaction | Vault operations | +| ---------------------------------- | ------------------------------------------------------------------------------ | +| Login request | Write new token to the Token Store
Write new lease to the Lease Store | +| Revoke token (or token expiration) | Delete token
Delete token lease
Delete all child tokens and leases | + +[Batch tokens](/vault/docs/concepts/tokens#batch-tokens) are encrypted blobs that carry enough information for Vault to use them for actions, but require no storage on disk like service tokens. + +There are some trade-offs to be aware of when using batch tokens and you should use them with care. + +#### Less secure than service tokens + +- Vault cannot revoke or renew batch tokens. + +- You must set the TTL value in advance, and often the value is higher than ideal as a result. + +#### Better performing + +- Batch tokens are amazingly inexpensive to use since they do not touch the disk. +- They are often an acceptable trade-off when the alternative is unmanageable login request rates. + +### Seal Wrap + + + + [Seal Wrap](/vault/docs/enterprise/sealwrap) is a feature of Vault Enterprise with Governance & Policy Module. + + + +When integrating Vault Enterprise with HSM, seal wrapping is always enabled with a supported seal. This includes the recovery key, any stored key shares, the root key, the keyring, and more- essentially, any critical security parameter (CSP) within the Vault core. + +Anything that is seal-wrapped will be considerably slower to read and write since the requests will use the HSM for encryption and decryption. In general, communicating to the HSM adds latency that you will need to factor into overall performance. + +This applies even to cached items since Vault caches the encrypted data. Even if the read from storage is free, the request still needs to talk to the seal to use the data. + +## Storage tuning + +Vault request latency is primarily limited by the configured storage type, and storage writes are much more expensive than reads. + +The majority of Vault write operations relate to these events: + +- Logins and token creation +- Dynamic secret creation +- Renewals +- Revocations + +There are a number of similar tunable parameters for the supported [storage](/vault/docs/configuration/storage). This tutorial covers the parameters for Integrated Storage (Raft) and Consul storage. + +There are some operational characteristics and trade-offs around how the different storage engines handle memory, persistence, and networking that you should familiarize yourself with. + +Consul storage characteristics: + +| Storage | Notes | +| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Consul | Consul storage has better disk write performance than Integrated Storage. | +| Pros | Working set contained in memory, so it is highly performant. | +| Cons | Operationally complex
Harder to debug and troubleshoot
Network hop involved, theoretically higher network latency
More frequent snapshots results in negative performance impact
Memory bound with higher probability of out-of-memory conditions | + +Integrated Storage (Raft) characteristics: + +| Storage | Notes | +| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Raft | Integrated Storage (Raft) has better network performance than Consul storage. | +| Pros | Operationally simpler
Less frequent snapshots since data persists to disk
No network hop (trade off is an extra `fsync()` writing to BoltDB in the finite state manager) | +| Cons | Data persisted to disk, so theoretically somewhat less performant
Write performance slightly lower than with Consul | + +With this information in mind, review details on specific tunable parameters for the storage that you are most interested in. + +### Consul + +When using Consul for storage, most of the disk I/O work falls on Consul servers, and Vault itself has much lower disk I/O usage in comparison. Consul keeps its working set in memory. As a general rule of thumb, the Consul server should have physical memory equal to about 3x the working data set size of the key/value store containing Vault data. Sustaining good Input/Output Operations Per Second (IOPS) performance for the Consul storage is of utmost importance. Review the [Consul reference architecture](/consul/tutorials/production-deploy/reference-architecture) and [Consul deployment guide](/consul/tutorials/production-deploy/deployment-guide) for more details. + +#### What are common errors? + +If you observe extreme performance degradation in Vault while using Consul for storage, a first look at Consul server memory usage and errors is helpful. For example, check the Consul server operating system kernel ring buffer or syslog for signs of out of memory (OOM) conditions. + +```shell-session +$ grep 'Out of memory' /var/log/messages +``` + +If there are results, they will resemble this example. + + + + +```plaintext +kernel: [16909.873984] Out of memory: Kill process 10742 (consul) score 422 or sacrifice child +kernel: [16909.874486] Killed process 10742 (consul) total-vm:242812kB, anon-rss:142081kB, file-rss:68768kB +``` + + + + +Reduced IOPS on the Consul servers is another common cause of issues. This condition can manifest itself in Vault as errors related to canceled context, such as in the following examples. + + + + +```plaintext +[ERROR] core: failed to create token: error="failed to persist entry: context canceled" + +[ERROR] core: failed to register token lease: request_path=auth/approle/login error="failed to persist lease entry: context canceled" + +[ERROR] core: failed to create token: error="failed to persist accessor index entry: context canceled" +``` + + + + +The key clue here is the "context canceled" message. This issue will cause intermittent Vault availability to all users, and you should try to remedy the issue by increasing the available IOPS for the Consul servers. + +--- + +The following are some important performance related configuration settings that you should become aware of when using Consul for Vault storage. + +#### kv_max_value_size + +One common performance constraint that you can find when using Consul for Vault storage is the size of data Vault can write as a value to one key in the Consul key/value store. + +As of Consul [version 1.7.2](https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#172-march-16-2020) you can explicitly specify this value in bytes with the configuration parameter [kv_max_value_size](/consul/docs/agent/config/config-files#kv_max_value_size). + +Default value: **512KB** + +Here is an example Consul server configuration snippet that increases this value to **1024KB**. + + + + +```plaintext + "limits": { + "kv_max_value_size": 1024000 + } +``` + + + + +**What are common errors?** + +Vault returns the following error to a client that attempts to exceed the maximum value size. + + + + +```plaintext +Error writing data to kv/data/foo: Error making API request. + +URL: PUT http://127.0.0.1:8200/v1/kv/data/foo +Code: 413. Errors: + +* failed to parse JSON input: http: request body too large +``` + + + + + + + Tuning this improperly can cause Consul to fail in unexpected ways, it may potentially affect leadership stability and prevent regular heartbeat signals by increasing RPC IO duration. + + + +#### txn_max_req_len + +This parameter configures the maximum number of bytes for a transaction request body to the Consul `/v1/txn` endpoint. In situations where you set both `txn_max_req_len` and `kv_max_value_size`, the higher value takes precedence for both settings. + + + +Tuning this improperly can cause Consul to fail in unexpected ways, it may potentially affect leadership stability and prevent regular heartbeat signals by increasing RPC IO duration. + + + +#### max_parallel + +Another parameter that can sometimes benefit from tuning depending on the specific environment and configuration is the [max_parallel](/vault/docs/configuration/storage/consul#max_parallel) parameter, which specifies the maximum number of parallel requests Vault can make to Consul. + +The default value is **128**. + +This value is not typically increased to increase performance, rather it is most often called upon to reduce the load on an overwhelmed Consul cluster by dialing down the default value. + +#### consistency_mode + +Vault supports using 2 of the 3 Consul [Consistency Modes](/consul/api-docs/features/consistency). By default it uses the [default mode](/consul/api-docs/features/consistency#default), which the Consul documentation describes as follows: + +> If not specified, the default is strongly consistent in most cases. However, there is a small window when Vault may elect a new leader during which the old leader may service stale values. The trade-off is fast reads but potentially stale values. The condition resulting in stale reads is hard to trigger, and most clients should not need to worry about this case. Also, note that this race condition applies to reads, but not to writes. + +This mode is suitable for the majority of use cases and you should be aware that changing the mode to **strong** in Vault maps to the [consistent](/consul/api-docs/features/consistency#consistent) mode in Consul. This mode comes with more performance implications, and most use cases should not need this mode unless they cannot tolerate a stale read. The Consul documentation states the following about **consistent** mode: + +> This mode is strongly consistent without caveats. It requires that a leader verify with a quorum of peers that it is still the leader. This introduces an extra round-trip to all servers. Increased latency is the tradeoff due to an extra round trip. Most clients should not use this unless they cannot tolerate a stale read. + +### Integrated Storage (Raft) + +Vault version 1.4.0 introduced a new Integrated Storage capability that uses [Raft Storage](/vault/docs/configuration/storage/raft). Integrated Storage is quite similar to Consul key/value storage in its behavior and feature-set. It replicates Vault data to all servers using the [Raft consensus algorithm](https://raft.github.io/). + +If you have not already, review the [Migration checklist](/vault/docs/concepts/integrated-storage/migration-checklist) for more information about Integrated Storage. + +The following are tunable configuration items for Integrated Storage. + +#### mlock() + + + +Deactivate `mlock()` if your Vault deployment uses Integrated Storage. Integrated storage does not interact well with memory mapped files such as those created by BoltDB, which Raft uses to track state. + + + +When using `mlock()`, memory-mapped files get loaded into resident memory, which results in the complete Vault dataset loading into memory, and this can result in out-of-memory conditions if Vault data becomes larger than the available physical memory. + +#### Recommendation + +Although Vault data within BoltDB remains encrypted at rest, you're encouraged to use the instructions for your OS to deactivate swap on your Vault servers which use Integrated Storage to prevent the OS from writing sensitive in-memory Vault data to disk. + +#### What are common errors? + +If you're operating a Vault cluster with Integrated Storage, and you haven't deactivated `mlock()` for the vault binary (and potentially any external plugins), then you can observe errors like this example when the Vault data exceeds the available memory. + + + + +```plaintext +kernel: [12209.426991] Out of memory: Kill process 23847 (vault) score 444 or sacrifice child +kernel: [12209.427473] Killed process 23847 (vault) total-vm:1897491kB, anon-rss:948745kB, file-rss:474372kB +``` + + + + +#### performance_multiplier + +If you have experience configuring and tuning Consul, you might already be familiar with its **performance_multiplier** configuration parameter. Vault uses it in the same way in the context of the Integrated Storage to scale key Raft algorithm timing parameters. + +The default value is **0**. + +Tuning this affects the time it takes Vault to detect leader failures and to perform leader elections, at the expense of requiring more network and CPU resources for better performance. + +By default, Vault will use a lower-performance timing that is suitable for Vault servers with modest resources. The default setting is equal to setting this to a value of 5. Setting this to a value of 1 configures Raft to its highest-performance mode recommended for production Vault servers. The maximum allowed value is 10. + + + +This default may change in future versions of Vault if the target minimum server profile changes. + + + +#### snapshot_threshold + + + + This is a low-level parameter that should rarely need tuning. + + + +Again, the [snapshot_threshold](/vault/docs/configuration/storage/raft#snapshot_threshold) parameter is similar to one you may have experience with in Consul deployments. If you're unfamiliar with Consul, it automatically takes snapshots of raft commit data. The `snapshot_threshold` parameter controls the minimum number of raft commit entries between snapshots saved to disk. + +The documentation further states the following about adjusting this value: + +> Busy clusters experiencing excessive disk IO may increase this value to reduce disk IO and minimize the chances of all servers taking snapshots at the same time. Increasing this trades off disk IO for disk space since the log will grow much larger and Vault can't reclaim the space in the `raft.db` until the next snapshot. Servers may take longer to recover from crashes or failover if you increase this value, as Vault must replay more logs. + +## Resource limits & maximums + +This section serves as a reference to the most common resource limitations and maximum values that you should be aware of when tuning Vault for performance. + +### Maximum number of secrets engines + +There is no specific limit for the number of enabled secrets engines. + +Depending on the storage type in use, with several thousands (potentially tens of thousands) of enabled secrets engines, Vault can push to a maximum value size limit (for example). + +### Maximum value size with Consul storage + +The default maximum value size for a key in Consul key/value storage is the Raft suggested maximum size of **512KB**. As of Consul [version 1.7.2](https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#172-march-16-2020), you can change this limit with [kv_max_value_size](/consul/docs/agent/config/config-files#kv_max_value_size). + +### Maximum value size with Integrated Storage + +Unlike Consul storage, Integrated Storage does not impose a maximum key value size. This means you should be cautious when deploying use cases on Integrated Storage that have the potential to create unbounded growth in a value. + +Integrated Storage isn't as reliant on memory and subject to memory pressure due to how Vault persists data to disk. That said, using overly large values for keys can have adverse effects on network coordination, voting, and leadership election. Keep in mind that Vault Integrated Storage is not designed to perform as a general purpose key/value database. If you use keys with unreasonably large values (several times larger than the default), you might meet with problems, depending on your use case and environment. + +## Help and reference + +- [Reference Architecture](/vault/tutorials/raft/raft-reference-architecture) +- [Deployment Guide](/vault/tutorials/day-one-raft/raft-deployment-guide) +- [Production hardening documentation](/vault/docs/concepts/production-hardening) +- [Utilization Saturation and Errors](http://www.brendangregg.com/usemethod.html) +- [telemetry](/vault/docs/configuration/telemetry) +- [systemd process properties](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Process%20Properties) +- [Vault Enterprise Namespaces](/vault/docs/enterprise/namespaces) +- [Least Recently Used (LRU) cache](https://en.wikipedia.org/wiki/Cache_replacement_policies#Least_recently_used_.28LRU.29) +- [dstat documentation](http://dag.wieers.com/home-made/dstat/#) +- [Implementing Dstat with Performance Co-Pilot](https://www.redhat.com/en/blog/implementing-dstat-performance-co-pilot) +- [perf: Linux profiling with performance counters](https://perf.wiki.kernel.org/) +- [The Go Memory Model](https://golang.org/ref/mem) +- [Package runtime](https://golang.org/pkg/runtime/) +- [Goroutines](https://golang.org/doc/effective_go.html?h=goroutine#goroutines) +- [vault.expire.num_leases metric](/vault/docs/internals/telemetry#policy-and-token-metrics) +- [snapshot_threshold](/vault/docs/configuration/storage/raft#snapshot_threshold) +- [mlock(2)](https://linux.die.net/man/2/mlock) +- [Keep certificate lifetimes short, for CRL's sake](/vault/docs/secrets/pki#keep-certificate-lifetimes-short-for-crl-s-sake) +- [Policies](/vault/docs/concepts/policies) diff --git a/website/content/docs/configuration/index.mdx b/website/content/docs/configuration/index.mdx index b32a6665d15f..edf1907a2c7c 100644 --- a/website/content/docs/configuration/index.mdx +++ b/website/content/docs/configuration/index.mdx @@ -260,6 +260,17 @@ can have a negative effect on performance due to the tracking of each lock attem When `imprecise_lease_role_tracking` is set to true and a new role-based quota is enabled, subsequent lease counts start from 0. `imprecise_lease_role_tracking` affects role-based lease count quotas, but reduces latencies when not using role based quotas. +- `enable_post_unseal_trace` `(bool: false)` - Enables the server to generate a Go trace during the execution of the + `core.postUnseal` function for debug purposes. The resulting trace can be viewed with the `go tool trace` command. The output + directory can be specified with the `post_unseal_trace_directory` parameter. This should only be enabled temporarily for + debugging purposes as it can have a significant performance impact. This can be updated on a running Vault process with a + SIGHUP signal. + +- `post_unseal_trace_directory` `(string: "")` - Specifies the directory where the trace file will be written, which must exist + and be writable by the Vault process. If not specified it will create a subdirectory `vault-traces` under the result from + [os.TempDir()](https://pkg.go.dev/os#TempDir) (usually `/tmp` on Unix systems). This can be updated on a running Vault process + with a SIGHUP signal. + ### High availability parameters The following parameters are used on backends that support [high availability][high-availability]. diff --git a/website/content/docs/configuration/service-registration/kubernetes.mdx b/website/content/docs/configuration/service-registration/kubernetes.mdx index c5d42b729005..e34742893ebc 100644 --- a/website/content/docs/configuration/service-registration/kubernetes.mdx +++ b/website/content/docs/configuration/service-registration/kubernetes.mdx @@ -118,7 +118,7 @@ metadata: labels: app.kubernetes.io/instance: vault app.kubernetes.io/name: vault - helm.sh/chart: vault-0.29.0 + helm.sh/chart: vault-0.29.1 name: vault-active-us-east namespace: default spec: diff --git a/website/content/docs/enterprise/entropy-augmentation.mdx b/website/content/docs/enterprise/entropy-augmentation.mdx index f0c0bcb00cb7..e3ae7a6d20fc 100644 --- a/website/content/docs/enterprise/entropy-augmentation.mdx +++ b/website/content/docs/enterprise/entropy-augmentation.mdx @@ -21,6 +21,34 @@ interface. While the system entropy used by Vault is more than capable of operating in most threat models, there are some situations where additional entropy from hardware-based random number generators is desirable. +With Entropy Augmentation enabled, the following keys and tokens leverage the +configured external entropy source. + +| Operation | Description | +| ------------------------ | ------------------------------------------------------------------------------------ | +| Root Key | AES key that is encrypted by the seal mechanism. This encrypts the key ring. | +| Key Ring Encryption Keys | The keys embedded in Vault's keyring which encrypt all of Vault's storage. | +| Recovery Key | With auto-unseal, use the recovery keys to regenerate root token, key rotation, etc. | +| TLS Private Keys | For HA leader, Raft and Enterprise Replications. | +| MFA TOTP Keys | The keys used for TOTP in Vault Enterprise MFA | +| JWT Signing Keys | The keys used to sign wrapping token JWTs. | +| Root Tokens | Superuser tokens granting access to all operations in Vault. | +| DR Operation Tokens | Token that allows certain actions to be performed on a DR secondary. | + +The [transit secrets engine](/vault/docs/secrets/transit) manages a number of +different key types and leverages the +[`keysutil`](https://godoc.org/github.com/hashicorp/vault/sdk/helper/keysutil) +package to generate keys. It will use the external entropy source for key +generation. + + + +When you enable the external entropy source, Vault requires connectivity to the +HSM. If the HSM becomes unreachable for any reason, the transit secrets engine +can't generate new keys or rotate existing keys. + + + To use this feature, you must have an active or trial license for Vault Enterprise. To start a trial, contact [HashiCorp sales](mailto:sales@hashicorp.com). @@ -38,7 +66,7 @@ These CSPs have been selected from our previous work in [evaluating Vault for co FIPS 140-2 guidelines for key storage and key transport](https://www.datocms-assets.com/2885/1510600487-vault_compliance_letter_fips_140-2.pdf) and include (but not limited to) the following: -- Vault’s root key +- Vault's root key - Keyring encryption keys - Auto Unseal recovery keys - TLS private keys for inter-node and inter cluster communication (HA leader, raft, and replication) @@ -62,8 +90,3 @@ Entropy augmentation is disabled by default. To enable entropy augmentation Vaul for a supported seal type. [configuration]: /vault/docs/configuration - -## Tutorial - -Refer to the [HSM Integration - Entropy Augmentation](/vault/tutorials/enterprise/hsm-entropy) tutorial -to learn how to use the Entropy Augmentation function to leverage an external Hardware Security Module to augment system entropy. diff --git a/website/content/docs/enterprise/license/product-usage-reporting.mdx b/website/content/docs/enterprise/license/product-usage-reporting.mdx index b7b048a607f8..cc6331f43f44 100644 --- a/website/content/docs/enterprise/license/product-usage-reporting.mdx +++ b/website/content/docs/enterprise/license/product-usage-reporting.mdx @@ -106,42 +106,82 @@ HashiCorp collects the following product usage metrics as part of the `metrics` [JSON payload that it collects for licence utilization](/vault/docs/enterprise/license/utilization-reporting#example-payloads). All of these metrics are numerical, and contain no sensitive values or additional metadata: -| Metric Name | Description | -|--------------------------------------------|--------------------------------------------------------------------------| -| `vault.namespaces.count` | Total number of namespaces. | -| `vault.leases.count` | Total number of leases within Vault. | -| `vault.quotas.ratelimit.count` | Total number of rate limit quotas within Vault. | -| `vault.quotas.leasecount.count` | Total number of lease count quotas within Vault. | -| `vault.kv.version1.secrets.count` | Total number of KVv1 secrets within Vault. | -| `vault.kv.version2.secrets.count` | Total number of KVv2 secrets within Vault. | -| `vault.kv.version1.secrets.namespace.max` | The highest number of KVv1 secrets in a namespace in Vault, e.g. `1000`. | -| `vault.kv.version2.secrets.namespace.max` | The highest number of KVv2 secrets in a namespace in Vault, e.g. `1000`. | -| `vault.kv.version1.secrets.namespace.min` | The lowest number of KVv1 secrets in a namespace in Vault, e.g. `2`. | -| `vault.kv.version2.secrets.namespace.min` | The highest number of KVv2 secrets in a namespace in Vault, e.g. `1000`. | -| `vault.kv.version1.secrets.namespace.mean` | The mean number of KVv1 secrets in namespaces in Vault, e.g. `52.8`. | -| `vault.kv.version2.secrets.namespace.mean` | The mean number of KVv2 secrets in namespaces in Vault, e.g. `52.8`. | -| `vault.auth.method.approle.count` | The total number of Approle auth mounts in Vault. | -| `vault.auth.method.alicloud.count` | The total number of Alicloud auth mounts in Vault. | -| `vault.auth.method.aws.count` | The total number of AWS auth mounts in Vault. | -| `vault.auth.method.appid.count` | The total number of App ID auth mounts in Vault. | -| `vault.auth.method.azure.count` | The total number of Azure auth mounts in Vault. | -| `vault.auth.method.cloudfoundry.count` | The total number of Cloud Foundry auth mounts in Vault. | -| `vault.auth.method.github.count` | The total number of GitHub auth mounts in Vault. | -| `vault.auth.method.gcp.count` | The total number of GCP auth mounts in Vault. | -| `vault.auth.method.jwt.count` | The total number of JWT auth mounts in Vault. | -| `vault.auth.method.kerberos.count` | The total number of Kerberos auth mounts in Vault. | -| `vault.auth.method.kubernetes.count` | The total number of kubernetes auth mounts in Vault. | -| `vault.auth.method.ldap.count` | The total number of LDAP auth mounts in Vault. | -| `vault.auth.method.oci.count` | The total number of OCI auth mounts in Vault. | -| `vault.auth.method.okta.count` | The total number of Okta auth mounts in Vault. | -| `vault.auth.method.pcf.count` | The total number of PCF auth mounts in Vault. | -| `vault.auth.method.radius.count` | The total number of Radius auth mounts in Vault. | -| `vault.auth.method.saml.count` | The total number of SAML auth mounts in Vault. | -| `vault.auth.method.cert.count` | The total number of Cert auth mounts in Vault. | -| `vault.auth.method.oidc.count` | The total number of OIDC auth mounts in Vault. | -| `vault.auth.method.token.count` | The total number of Token auth mounts in Vault. | -| `vault.auth.method.userpass.count` | The total number of Userpass auth mounts in Vault. | -| `vault.auth.method.plugin.count` | The total number of custom plugin auth mounts in Vault. | +| Metric Name | Description | +|------------------------------------------------------|------------------------------------------------------------------------------------| +| `vault.namespaces.count` | Total number of namespaces. | +| `vault.leases.count` | Total number of leases within Vault. | +| `vault.quotas.ratelimit.count` | Total number of rate limit quotas within Vault. | +| `vault.quotas.leasecount.count` | Total number of lease count quotas within Vault. | +| `vault.kv.version1.secrets.count` | Total number of KVv1 secrets within Vault. | +| `vault.kv.version2.secrets.count` | Total number of KVv2 secrets within Vault. | +| `vault.kv.version1.secrets.namespace.max` | The highest number of KVv1 secrets in a namespace in Vault, e.g. `1000`. | +| `vault.kv.version2.secrets.namespace.max` | The highest number of KVv2 secrets in a namespace in Vault, e.g. `1000`. | +| `vault.kv.version1.secrets.namespace.min` | The lowest number of KVv1 secrets in a namespace in Vault, e.g. `2`. | +| `vault.kv.version2.secrets.namespace.min` | The highest number of KVv2 secrets in a namespace in Vault, e.g. `1000`. | +| `vault.kv.version1.secrets.namespace.mean` | The mean number of KVv1 secrets in namespaces in Vault, e.g. `52.8`. | +| `vault.kv.version2.secrets.namespace.mean` | The mean number of KVv2 secrets in namespaces in Vault, e.g. `52.8`. | +| `vault.auth.method.approle.count` | The total number of Approle auth mounts in Vault. | +| `vault.auth.method.alicloud.count` | The total number of Alicloud auth mounts in Vault. | +| `vault.auth.method.aws.count` | The total number of AWS auth mounts in Vault. | +| `vault.auth.method.appid.count` | The total number of App ID auth mounts in Vault. | +| `vault.auth.method.azure.count` | The total number of Azure auth mounts in Vault. | +| `vault.auth.method.cloudfoundry.count` | The total number of Cloud Foundry auth mounts in Vault. | +| `vault.auth.method.github.count` | The total number of GitHub auth mounts in Vault. | +| `vault.auth.method.gcp.count` | The total number of GCP auth mounts in Vault. | +| `vault.auth.method.jwt.count` | The total number of JWT auth mounts in Vault. | +| `vault.auth.method.kerberos.count` | The total number of Kerberos auth mounts in Vault. | +| `vault.auth.method.kubernetes.count` | The total number of Kubernetes auth mounts in Vault. | +| `vault.auth.method.ldap.count` | The total number of LDAP auth mounts in Vault. | +| `vault.auth.method.oci.count` | The total number of OCI auth mounts in Vault. | +| `vault.auth.method.okta.count` | The total number of Okta auth mounts in Vault. | +| `vault.auth.method.pcf.count` | The total number of PCF auth mounts in Vault. | +| `vault.auth.method.radius.count` | The total number of Radius auth mounts in Vault. | +| `vault.auth.method.saml.count` | The total number of SAML auth mounts in Vault. | +| `vault.auth.method.cert.count` | The total number of Cert auth mounts in Vault. | +| `vault.auth.method.oidc.count` | The total number of OIDC auth mounts in Vault. | +| `vault.auth.method.token.count` | The total number of Token auth mounts in Vault. | +| `vault.auth.method.userpass.count` | The total number of Userpass auth mounts in Vault. | +| `vault.auth.method.plugin.count` | The total number of custom plugin auth mounts in Vault. | +| `vault.secret.engine.activedirectory.count` | The total number of Active Directory secret engines in Vault. | +| `vault.secret.engine.alicloud.count` | The total number of Alicloud secret engines in Vault. | +| `vault.secret.engine.aws.count` | The total number of AWS secret engines in Vault. | +| `vault.secret.engine.azure.count` | The total number of Azure secret engines in Vault. | +| `vault.secret.engine.consul.count` | The total number of Consul secret engines in Vault. | +| `vault.secret.engine.gcp.count` | The total number of GCP secret engines in Vault. | +| `vault.secret.engine.gcpkms.count` | The total number of GCPKMS secret engines in Vault. | +| `vault.secret.engine.kubernetes.count` | The total number of Kubernetes secret engines in Vault. | +| `vault.secret.engine.cassandra.count` | The total number of Cassandra secret engines in Vault. | +| `vault.secret.engine.keymgmt.count` | The total number of Keymgmt secret engines in Vault. | +| `vault.secret.engine.kv.count` | The total number of KV secret engines in Vault. | +| `vault.secret.engine.kmip.count` | The total number of KMIP secret engines in Vault. | +| `vault.secret.engine.mongodb.count` | The total number of MongoDB secret engines in Vault. | +| `vault.secret.engine.mongodbatlas.count` | The total number of MongoDBAtlas secret engines in Vault. | +| `vault.secret.engine.mssql.count` | The total number of MSSql secret engines in Vault. | +| `vault.secret.engine.postgresql.count` | The total number of Postgresql secret engines in Vault. | +| `vault.secret.engine.nomad.count` | The total number of Nomad secret engines in Vault. | +| `vault.secret.engine.ldap.count` | The total number of LDAP secret engines in Vault. | +| `vault.secret.engine.openldap.count` | The total number of OpenLDAP secret engines in Vault. | +| `vault.secret.engine.pki.count` | The total number of PKI secret engines in Vault. | +| `vault.secret.engine.rabbitmq.count` | The total number of RabbitMQ secret engines in Vault. | +| `vault.secret.engine.ssh.count` | The total number of SSH secret engines in Vault. | +| `vault.secret.engine.terraform.count` | The total number of Terraform secret engines in Vault. | +| `vault.secret.engine.totp.count` | The total number of TOTP secret engines in Vault. | +| `vault.secret.engine.transform.count` | The total number of Transform secret engines in Vault. | +| `vault.secret.engine.transit.count` | The total number of Transit secret engines in Vault. | +| `vault.secret.engine.database.count` | The total number of Database secret engines in Vault. | +| `vault.secret.engine.plugin.count` | The total number of custom plugin secret engines in Vault. | +| `vault.secretsync.sources.count` | The total number of secret sources configured for secret sync. | +| `vault.secretsync.destinations.count` | The total number of secret destinations configured for secret sync. | +| `vault.secretsync.destinations.aws-sm.count` | The total number of AWS-SM secret destinations configured for secret sync. | +| `vault.secretsync.destinations.azure-kv.count` | The total number of Azure-KV secret destinations configured for secret sync. | +| `vault.secretsync.destinations.gh.count` | The total number of GH secret destinations configured for secret sync. | +| `vault.secretsync.destinations.vault.count` | The total number of Vault secret destinations configured for secret sync. | +| `vault.secretsync.destinations.vercel-project.count` | The total number of Vercel Project secret destinations configured for secret sync. | +| `vault.secretsync.destinations.terraform.count` | The total number of Terraform secret destinations configured for secret sync. | +| `vault.secretsync.destinations.gitlab.count` | The total number of GitLab secret destinations configured for secret sync. | +| `vault.secretsync.destinations.inmem.count` | The total number of InMem secret destinations configured for secret sync. | +| `vault.pki.roles.count` | The total roles in all PKI mounts across all namespaces. | +| `vault.pki.issuers.count` | The total issuers from all PKI mounts across all namespaces. | ## Usage metadata list diff --git a/website/content/docs/enterprise/lts.mdx b/website/content/docs/enterprise/lts.mdx index 33d4bae8b0d6..47da7a2e2a6e 100644 --- a/website/content/docs/enterprise/lts.mdx +++ b/website/content/docs/enterprise/lts.mdx @@ -117,7 +117,6 @@ may cause outages and critical vulnerabilities and exposures (CVEs). Maintenance updates | Standard maintenance | Extended maintenance --------------------------------- | -------------------- | -------------------- Performance improvements | YES | NO -Feature updates and improvements | YES | NO Bug fixes | YES | OUTAGE-RISK ONLY Security patches | YES | HIGH-RISK ONLY CVE patches | YES | YES diff --git a/website/content/docs/interoperability-matrix.mdx b/website/content/docs/interoperability-matrix.mdx index c2fcc194add2..b90d4b848771 100644 --- a/website/content/docs/interoperability-matrix.mdx +++ b/website/content/docs/interoperability-matrix.mdx @@ -92,6 +92,7 @@ functionality. | AliCloud | AliCloud KMS | Yes | **No** | Yes | **No** | 0.11.2+ | Atos | Trustway Proteccio HSM | Yes | Yes | Yes | **No** | 1.9+ | AWS | AWS KMS | Yes | Yes | Yes | Yes | 0.9+ +| Blockdaemon | Blockdaemon Builder Vault | Yes | **No** | Yes | **No** | 1.17.5+ | Crypto4a | QxEDGE&tm; HSP | Yes | Yes | Yes | Yes | 1.9+ | Entrust | nShield HSM | Yes | Yes | Yes | Yes | 1.3+ | Fortanix | FX2200 Series | Yes | Yes | Yes | **No** | 0.10+ diff --git a/website/content/docs/platform/k8s/helm/run.mdx b/website/content/docs/platform/k8s/helm/run.mdx index 0c12570802b0..d303fa1b36c9 100644 --- a/website/content/docs/platform/k8s/helm/run.mdx +++ b/website/content/docs/platform/k8s/helm/run.mdx @@ -409,14 +409,14 @@ Next, list the Helm versions and choose the desired version to install. ```bash $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.29.0 1.18.1 Official HashiCorp Vault Chart +hashicorp/vault 0.29.1 1.18.1 Official HashiCorp Vault Chart ``` Next, test the upgrade with `--dry-run` first to verify the changes sent to the Kubernetes cluster. ```shell-session -$ helm upgrade vault hashicorp/vault --version=0.29.0 \ +$ helm upgrade vault hashicorp/vault --version=0.29.1 \ --set='server.image.repository=vault' \ --set='server.image.tag=123.456' \ --dry-run diff --git a/website/content/docs/platform/k8s/vso/helm.mdx b/website/content/docs/platform/k8s/vso/helm.mdx index 0fbe337b83a4..383099ad42e8 100644 --- a/website/content/docs/platform/k8s/vso/helm.mdx +++ b/website/content/docs/platform/k8s/vso/helm.mdx @@ -6,7 +6,7 @@ description: >- --- @@ -179,7 +179,7 @@ Use these links to navigate to a particular top-level stanza. - `repository` ((#v-controller-manager-image-repository)) (`string: hashicorp/vault-secrets-operator`) - - `tag` ((#v-controller-manager-image-tag)) (`string: 0.9.0`) + - `tag` ((#v-controller-manager-image-tag)) (`string: 0.9.1`) - `logging` ((#v-controller-manager-logging)) - logging @@ -265,6 +265,16 @@ Use these links to navigate to a particular top-level stanza. default: 10000 + - `numLocks` ((#v-controller-manager-clientcache-numlocks)) (`integer: ""`) - Defines the number of locks to use for the Vault client cache controller. + May also be set via the `VSO_CLIENT_CACHE_NUM_LOCKS` environment variable. + + Setting this value less than 1 will cause the manager to set the number of locks equal + to the number of logical CPUs of the run host. + + See the VSO help output for more information. + + default: 100 + - `storageEncryption` ((#v-controller-manager-clientcache-storageencryption)) - StorageEncryption provides the necessary configuration to encrypt the client storage cache within Kubernetes objects using (required) Vault Transit Engine. This should only be configured when client cache persistence with encryption is enabled and diff --git a/website/content/docs/platform/k8s/vso/installation.mdx b/website/content/docs/platform/k8s/vso/installation.mdx index 25d9e5148c3e..f79b24700382 100644 --- a/website/content/docs/platform/k8s/vso/installation.mdx +++ b/website/content/docs/platform/k8s/vso/installation.mdx @@ -32,15 +32,25 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com ```shell-session $ helm search repo hashicorp/vault-secrets-operator NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault-secrets-operator 0.9.0 0.9.0 Official HashiCorp Vault Secrets Operator Chart +hashicorp/vault-secrets-operator 0.9.1 0.9.1 Official HashiCorp Vault Secrets Operator Chart ``` Then install the Operator: ```shell-session -$ helm install --version 0.9.0 --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator +$ helm install --version 0.9.1 --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator ``` +## Updating CRDs when using Helm + + + + As of VSO 0.8.0, VSO will automatically update its CRDs. + The manual upgrade step [Updating CRDs](#updating-crds-when-using-helm-prior-to-vso-0-8-0) below is no longer + required before upgrading to VSO 0.8.0+. + + + ## Upgrading using Helm You can upgrade an existing installation with the `helm upgrade` command. @@ -55,15 +65,15 @@ Hang tight while we grab the latest from your chart repositories... Update Complete. ⎈Happy Helming!⎈ ``` -## Updating CRDs when using Helm - - - - As of VSO 0.8.0, VSO will automatically update its CRDs. - The manual upgrade step [Updating CRDs](#updating-crds-when-using-helm-prior-to-vso-0-8-0) below is no longer required when - upgrading to VSO 0.8.0+. +To upgrade your VSO release, replace `` with the VSO version you are upgrading to: +```shell-session +$ helm upgrade --version --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator +``` - +For example, if you are upgrading to VSO 0.9.1: +```shell-session +$ helm upgrade --version 0.9.1 --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator +``` The VSO Helm chart will automatically upgrade the CRDs to match the VSO version being deployed. There should be no need to manually update the CRDs prior to upgrading VSO using Helm. @@ -78,9 +88,9 @@ You can install and update your installation using `kustomize` which allows you To install using Kustomize, download and untar/unzip the latest release from the [Releases Page](https://github.com/hashicorp/vault-secrets-operator/releases). ```shell-session -$ wget -q https://github.com/hashicorp/vault-secrets-operator/archive/refs/tags/v0.9.0.tar.gz -$ tar -zxf v0.9.0.tar.gz -$ cd vault-secrets-operator-0.9.0/ +$ wget -q https://github.com/hashicorp/vault-secrets-operator/archive/refs/tags/v0.9.1.tar.gz +$ tar -zxf v0.9.1.tar.gz +$ cd vault-secrets-operator-0.9.1/ ``` Next install using `kustomize build`: diff --git a/website/content/docs/platform/k8s/vso/openshift.mdx b/website/content/docs/platform/k8s/vso/openshift.mdx index b2a02ff21150..bdf3c6f176de 100644 --- a/website/content/docs/platform/k8s/vso/openshift.mdx +++ b/website/content/docs/platform/k8s/vso/openshift.mdx @@ -32,7 +32,7 @@ The Vault Secrets Operator may also be installed in OpenShift using the Helm cha $ helm install vault-secrets-operator hashicorp/vault-secrets-operator \ --create-namespace \ --namespace vault-secrets-operator \ - --version 0.9.0 \ + --version 0.9.1 \ --values values.yaml ``` @@ -65,7 +65,7 @@ controller: manager: image: repository: registry.connect.redhat.com/hashicorp/vault-secrets-operator - tag: 0.9.0-ubi + tag: 0.9.1-ubi resources: limits: memory: 256Mi diff --git a/website/content/docs/platform/k8s/vso/secret-transformation.mdx b/website/content/docs/platform/k8s/vso/secret-transformation.mdx index 7121d2b4459e..9d7de9291f19 100644 --- a/website/content/docs/platform/k8s/vso/secret-transformation.mdx +++ b/website/content/docs/platform/k8s/vso/secret-transformation.mdx @@ -207,7 +207,7 @@ url: postgresql://v-postgres-user:XUpah-password@postgres-postgresql.postgres.sv ### Template functions All template functions are provided by the [sprig](http://masterminds.github.io/sprig) library. Some common functions are mentioned below. -For the complete list of functions see [allowedSprigFuncs](https://github.com/hashicorp/vault-secrets-operator/blob/main/internal/template/funcs.go#L26) +For the complete list of functions see [allowedSprigFuncs](https://github.com/hashicorp/vault-secrets-operator/blob/main/template/funcs.go#L26) ### String functions diff --git a/website/content/docs/secrets/ad/index.mdx b/website/content/docs/secrets/ad/index.mdx index f17e7964729b..737e7eb8cc5b 100644 --- a/website/content/docs/secrets/ad/index.mdx +++ b/website/content/docs/secrets/ad/index.mdx @@ -1,11 +1,11 @@ --- layout: docs -page_title: Active Directory - Secrets Engines +page_title: Active Directory secrets engine description: >- - The Active Directory secrets engine allowing Vault to generate dynamic credentials. + Dynamically generate Active Directory (AD) credentials with the Active Directory secrets engine plugin. --- -# Active directory secrets engine +# Active Directory secrets engine @include 'ad-secrets-deprecation.mdx' diff --git a/website/content/docs/secrets/ad/migration-guide.mdx b/website/content/docs/secrets/ad/migration-guide.mdx index 2c5a9a50e51e..09876a23b323 100644 --- a/website/content/docs/secrets/ad/migration-guide.mdx +++ b/website/content/docs/secrets/ad/migration-guide.mdx @@ -1,6 +1,6 @@ --- layout: docs -page_title: Migration Guide - Active Directory - Secrets Engines +page_title: Migration guide - Active Directory secrets engine description: >- The guide for migrating from the Active Directory secrets engine to the LDAP secrets engine. --- diff --git a/website/content/docs/secrets/aws.mdx b/website/content/docs/secrets/aws.mdx index 2f5ea0125d3e..49b8ba0026cf 100644 --- a/website/content/docs/secrets/aws.mdx +++ b/website/content/docs/secrets/aws.mdx @@ -14,7 +14,7 @@ involve clicking in the web UI. Additionally, the process is codified and mapped to internal auth methods (such as LDAP). The AWS IAM credentials are time-based and are automatically revoked when the Vault lease expires. -Vault supports three different types of credentials to retrieve from AWS: +Vault supports four different types of credentials to retrieve from AWS: 1. `iam_user`: Vault will create an IAM user for each lease, attach the managed and inline IAM policies as specified in the role to the user, and if a diff --git a/website/content/docs/secrets/databases/cassandra.mdx b/website/content/docs/secrets/databases/cassandra.mdx index 8f98fd286d17..328f8faa34c7 100644 --- a/website/content/docs/secrets/databases/cassandra.mdx +++ b/website/content/docs/secrets/databases/cassandra.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: Cassandra - Database - Secrets Engines -description: |- +page_title: Cassandra database secrets engine +description: >- Cassandra is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the Cassandra database. diff --git a/website/content/docs/secrets/databases/couchbase.mdx b/website/content/docs/secrets/databases/couchbase.mdx index a009cd91930f..21796992dd00 100644 --- a/website/content/docs/secrets/databases/couchbase.mdx +++ b/website/content/docs/secrets/databases/couchbase.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: Couchbase - Database - Secrets Engines -description: |- +page_title: Couchbase database secrets engine +description: >- Couchbase is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the Couchbase database. diff --git a/website/content/docs/secrets/databases/custom.mdx b/website/content/docs/secrets/databases/custom.mdx index 3f1b7c770aa9..0c782ed0ff67 100644 --- a/website/content/docs/secrets/databases/custom.mdx +++ b/website/content/docs/secrets/databases/custom.mdx @@ -1,12 +1,8 @@ --- layout: docs -page_title: Custom - Database - Secrets Engines -description: |- - The database secrets engine allows new functionality to be added through a - plugin interface without needing to modify Vault's core code. This allows you - write your own code to generate credentials in any database you wish. It also - allows databases that require dynamically linked libraries to be used as - plugins while keeping Vault itself statically linked. +page_title: Custom database secrets engines +description: >- + Write your own code to generate credentials in any database through a plugin interface without needing to modify Vault's core code. --- # Custom database secrets engines diff --git a/website/content/docs/secrets/databases/db2.mdx b/website/content/docs/secrets/databases/db2.mdx index 254de174b10f..db0db0d6edde 100644 --- a/website/content/docs/secrets/databases/db2.mdx +++ b/website/content/docs/secrets/databases/db2.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: IBM Db2 - Database - Credentials -description: |- +page_title: IBM Db2 +description: >- Manage credentials for IBM Db2 using Vault's LDAP secrets engine. --- diff --git a/website/content/docs/secrets/databases/hanadb.mdx b/website/content/docs/secrets/databases/hanadb.mdx index 59da79f91f50..026a9782c596 100644 --- a/website/content/docs/secrets/databases/hanadb.mdx +++ b/website/content/docs/secrets/databases/hanadb.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: HANA - Database - Secrets Engines -description: |- +page_title: HANA database secrets engine +description: >- HANA is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the HANA database. diff --git a/website/content/docs/secrets/databases/index.mdx b/website/content/docs/secrets/databases/index.mdx index 223c0a531c02..9b682ed7624b 100644 --- a/website/content/docs/secrets/databases/index.mdx +++ b/website/content/docs/secrets/databases/index.mdx @@ -1,14 +1,11 @@ --- layout: docs -page_title: Database - Secrets Engines -description: |- - The database secrets engine generates database credentials dynamically based - on configured roles. It works with a number of different databases through a - plugin interface. There are a number of built-in database types and an exposed - framework for running custom database types for extendability. +page_title: Database secrets engine +description: >- + Dynamically generate database credentials based on configured roles with the database secrets engine through a plugin interface to a number of different databases. --- -# Databases +# Database secrets engine The database secrets engine generates database credentials dynamically based on configured roles. It works with a number of different databases through a plugin diff --git a/website/content/docs/secrets/databases/influxdb.mdx b/website/content/docs/secrets/databases/influxdb.mdx index 5ad221238592..e170b231b716 100644 --- a/website/content/docs/secrets/databases/influxdb.mdx +++ b/website/content/docs/secrets/databases/influxdb.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: InfluxDB - Database - Secrets Engines -description: |- +page_title: InfluxDB database secrets engine +description: >- InfluxDB is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the InfluxDB database. diff --git a/website/content/docs/secrets/databases/mongodb.mdx b/website/content/docs/secrets/databases/mongodb.mdx index 937c3d35fe8a..ce58e2aecde4 100644 --- a/website/content/docs/secrets/databases/mongodb.mdx +++ b/website/content/docs/secrets/databases/mongodb.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: MongoDB - Database - Secrets Engines -description: |- +page_title: MongoDB database secrets engine +description: >- MongoDB is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the MongoDB database. diff --git a/website/content/docs/secrets/databases/mongodbatlas.mdx b/website/content/docs/secrets/databases/mongodbatlas.mdx index 25741aff20d0..b2e36cd4ebe4 100644 --- a/website/content/docs/secrets/databases/mongodbatlas.mdx +++ b/website/content/docs/secrets/databases/mongodbatlas.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: MongoDB Atlas- Database - Secrets Engines -description: |- +page_title: MongoDB Atlas database secrets engine +description: >- MongoDB Atlas is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for MongoDB Atlas databases. diff --git a/website/content/docs/secrets/databases/mssql.mdx b/website/content/docs/secrets/databases/mssql.mdx index adc005492e8b..57d46e1a47b9 100644 --- a/website/content/docs/secrets/databases/mssql.mdx +++ b/website/content/docs/secrets/databases/mssql.mdx @@ -1,8 +1,7 @@ --- layout: docs -page_title: MSSQL - Database - Secrets Engines -description: |- - +page_title: MSSQL database secrets engine +description: >- MSSQL is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the MSSQL database. diff --git a/website/content/docs/secrets/databases/mysql-maria.mdx b/website/content/docs/secrets/databases/mysql-maria.mdx index 02c29d0b9c65..d1dc3c5c7dcd 100644 --- a/website/content/docs/secrets/databases/mysql-maria.mdx +++ b/website/content/docs/secrets/databases/mysql-maria.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: MySQL/MariaDB - Database - Secrets Engines -description: |- +page_title: MySQL/MariaDB database secrets engine +description: >- MySQL is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the MySQL database. diff --git a/website/content/docs/secrets/databases/oracle.mdx b/website/content/docs/secrets/databases/oracle.mdx index 0629232a876d..709adcec57ef 100644 --- a/website/content/docs/secrets/databases/oracle.mdx +++ b/website/content/docs/secrets/databases/oracle.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: Oracle - database - secrets engines -description: |- +page_title: Oracle database secrets engine +description: >- Oracle is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the Oracle database. diff --git a/website/content/docs/secrets/databases/postgresql.mdx b/website/content/docs/secrets/databases/postgresql.mdx index 2193ffc39953..fd84de5ab613 100644 --- a/website/content/docs/secrets/databases/postgresql.mdx +++ b/website/content/docs/secrets/databases/postgresql.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: PostgreSQL - Database - Secrets Engines -description: |- +page_title: PostgreSQL database secrets engine +description: >- PostgreSQL is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the PostgreSQL database. diff --git a/website/content/docs/secrets/databases/redis.mdx b/website/content/docs/secrets/databases/redis.mdx index 90ccd58d425a..7f83711b7b31 100644 --- a/website/content/docs/secrets/databases/redis.mdx +++ b/website/content/docs/secrets/databases/redis.mdx @@ -1,17 +1,17 @@ --- layout: docs -page_title: Redis - Database - Secrets Engines -description: |- +page_title: Redis database secrets engine +description: >- Redis is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured - roles for the Redis database, and also supports [Static Roles](/vault/docs/secrets/databases#static-roles). + roles for the Redis database. --- # Redis database secrets engine Redis is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for -the Redis database. +the Redis database, and also supports [Static Roles](/vault/docs/secrets/databases#static-roles). See the [database secrets engine](/vault/docs/secrets/databases) docs for more information about setting up the database secrets engine. diff --git a/website/content/docs/secrets/databases/rediselasticache.mdx b/website/content/docs/secrets/databases/rediselasticache.mdx index b8f624b76569..2caa3254a8b8 100644 --- a/website/content/docs/secrets/databases/rediselasticache.mdx +++ b/website/content/docs/secrets/databases/rediselasticache.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: Redis ElastiCache - Database - Secrets Engines -description: |- +page_title: Redis ElastiCache database secrets engine +description: >- Redis ElastiCache is one of the supported plugins for the database secrets engine. This plugin generates static credentials for existing managed roles. --- diff --git a/website/content/docs/secrets/databases/redshift.mdx b/website/content/docs/secrets/databases/redshift.mdx index 1dab02ad79e5..ae26e71c8db8 100644 --- a/website/content/docs/secrets/databases/redshift.mdx +++ b/website/content/docs/secrets/databases/redshift.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: Redshift - Database - Secrets Engines -description: |- +page_title: Redshift database secrets engine +description: >- Redshift is a supported plugin for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for the AWS Redshift database service. diff --git a/website/content/docs/secrets/databases/snowflake.mdx b/website/content/docs/secrets/databases/snowflake.mdx index bddbee649894..86325b7101ae 100644 --- a/website/content/docs/secrets/databases/snowflake.mdx +++ b/website/content/docs/secrets/databases/snowflake.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: Snowflake - Database - Secrets Engines -description: |- +page_title: Snowflake database secrets engine +description: >- Snowflake is one of the supported plugins for the database secrets engine. This plugin generates database credentials dynamically based on configured roles for Snowflake hosted databases. diff --git a/website/content/docs/secrets/identity/identity-token.mdx b/website/content/docs/secrets/identity/identity-token.mdx index 8e14200e71d1..2d275deea38d 100644 --- a/website/content/docs/secrets/identity/identity-token.mdx +++ b/website/content/docs/secrets/identity/identity-token.mdx @@ -1,13 +1,12 @@ --- layout: docs -page_title: Identity Tokens -description: Details and best practices for identity tokens. +page_title: Identity tokens +description: >- + Understand the roles and keys associated with identity tokens, and configure per-role templates that allow entity information to be added to the token. --- # Identity tokens -## Introduction - Identity information is used throughout Vault, but it can also be exported for use by other applications. An authorized user/application can request a token that encapsulates identity information for their associated entity. These diff --git a/website/content/docs/secrets/identity/index.mdx b/website/content/docs/secrets/identity/index.mdx index adad33220de9..3cbcf0665076 100644 --- a/website/content/docs/secrets/identity/index.mdx +++ b/website/content/docs/secrets/identity/index.mdx @@ -1,14 +1,13 @@ --- layout: docs -page_title: Identity - Secrets Engines -description: The Identity secrets engine for Vault manages client identities. +page_title: Identity secrets engine +description: >- + Manage Vault client identities with the identity secrets engine. An entity represents a unique client which can have multiple aliases tied back to it. --- # Identity secrets engine -Name: `identity` - -The Identity secrets engine is the identity management solution for Vault. It +The identity secrets engine is the identity management solution for Vault. It internally maintains the clients who are recognized by Vault. Each client is internally termed as an `Entity`. An entity can have multiple `Aliases`. For example, a single user who has accounts in both GitHub and LDAP, can be mapped diff --git a/website/content/docs/secrets/identity/oidc-provider.mdx b/website/content/docs/secrets/identity/oidc-provider.mdx index 01445d70b27e..880d5e9794cf 100644 --- a/website/content/docs/secrets/identity/oidc-provider.mdx +++ b/website/content/docs/secrets/identity/oidc-provider.mdx @@ -1,6 +1,6 @@ --- layout: docs -page_title: OIDC Identity Provider +page_title: OIDC identity provider description: >- Setup and configuration for Vault as an OpenID Connect (OIDC) identity provider. --- diff --git a/website/content/docs/secrets/key-management/awskms.mdx b/website/content/docs/secrets/key-management/awskms.mdx index b75c69c515c4..8714153ac77c 100644 --- a/website/content/docs/secrets/key-management/awskms.mdx +++ b/website/content/docs/secrets/key-management/awskms.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: AWS KMS - Key Management - Secrets Engines -description: AWS KMS is a supported KMS provider of the Key Management secrets engine. +page_title: AWS KMS +description: Manage the lifecycle of keys in AWS KMS with the Key Management secrets engine plugin. --- # AWS KMS diff --git a/website/content/docs/secrets/key-management/azurekeyvault/index.mdx b/website/content/docs/secrets/key-management/azurekeyvault/index.mdx index 8e86c1645d9d..29eeddb8f061 100644 --- a/website/content/docs/secrets/key-management/azurekeyvault/index.mdx +++ b/website/content/docs/secrets/key-management/azurekeyvault/index.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: Azure Key Vault - Key Management - Secrets Engines -description: Key management secrets engine supports lifecycle management of keys in Azure Key Vault instances. +page_title: Azure Key Vault +description: Manage the lifecycle of keys in Azure Key Vault instances with the Key Management secrets engine plugin. --- # Azure Key Vault diff --git a/website/content/docs/secrets/key-management/azurekeyvault/setup.mdx b/website/content/docs/secrets/key-management/azurekeyvault/setup.mdx index 99e439ec4cfa..0284025425f9 100644 --- a/website/content/docs/secrets/key-management/azurekeyvault/setup.mdx +++ b/website/content/docs/secrets/key-management/azurekeyvault/setup.mdx @@ -1,6 +1,6 @@ --- layout: docs -page_title: Azure Key Vault setup guide +page_title: Setup guide - Azure Key Vault description: Configure the key management secrets engine, and distribute the Vault-managed keys to the target Azure Key Vault instance. --- diff --git a/website/content/docs/secrets/key-management/gcpkms/index.mdx b/website/content/docs/secrets/key-management/gcpkms/index.mdx index a5931faf98b8..889173777f3d 100644 --- a/website/content/docs/secrets/key-management/gcpkms/index.mdx +++ b/website/content/docs/secrets/key-management/gcpkms/index.mdx @@ -1,7 +1,7 @@ --- layout: docs -page_title: GCP Cloud KMS - Key Management - Secrets Engines -description: Key management secrets engine supports lifecycle management of keys in GCP Cloud KMS key rings. +page_title: GCP Cloud KMS +description: Manage the lifecycle of keys in GCP Cloud KMS key rings with the Key Management secrets engine plugin. --- # GCP Cloud KMS diff --git a/website/content/docs/secrets/key-management/gcpkms/setup.mdx b/website/content/docs/secrets/key-management/gcpkms/setup.mdx index 1e1d855952fe..dc015bbd9b31 100644 --- a/website/content/docs/secrets/key-management/gcpkms/setup.mdx +++ b/website/content/docs/secrets/key-management/gcpkms/setup.mdx @@ -1,6 +1,6 @@ --- layout: docs -page_title: GCP Cloud KMS - Key Management - Secrets Engines +page_title: Setup guide - GCP Cloud KMS description: Configure the key management secrets engine, and distribute the Vault-managed keys to the target GCP Cloud KMS. --- diff --git a/website/content/docs/secrets/key-management/index.mdx b/website/content/docs/secrets/key-management/index.mdx index fd0fd645c385..183518676730 100644 --- a/website/content/docs/secrets/key-management/index.mdx +++ b/website/content/docs/secrets/key-management/index.mdx @@ -1,9 +1,8 @@ --- layout: docs -page_title: Key Management - Secrets Engines +page_title: Key management secrets engine description: >- - The key management secrets engine provides a consistent workflow for distribution and lifecycle - management of cryptographic keys in various key management service (KMS) providers. + Create a consistent workflow for distribution and lifecycle management of cryptographic keys in various key management service (KMS) providers. --- # Key management secrets engine diff --git a/website/content/docs/secrets/kv/index.mdx b/website/content/docs/secrets/kv/index.mdx index c01602f72e3f..3e135121c1ac 100644 --- a/website/content/docs/secrets/kv/index.mdx +++ b/website/content/docs/secrets/kv/index.mdx @@ -6,7 +6,7 @@ description: The KV secrets engine can store arbitrary secrets. # KV secrets engine -The `kv` secrets engine is a generic Key-Value store used to store arbitrary +The `kv` secrets engine is a generic key-value store used to store arbitrary secrets within the configured physical storage for Vault. This secrets engine can run in one of two modes; store a single value for a key, or store a number of versions for each key and maintain the record of them. diff --git a/website/content/docs/secrets/kv/kv-v2/cookbook/custom-metadata.mdx b/website/content/docs/secrets/kv/kv-v2/cookbook/custom-metadata.mdx index 849a6277e583..0aae6bca0ee0 100644 --- a/website/content/docs/secrets/kv/kv-v2/cookbook/custom-metadata.mdx +++ b/website/content/docs/secrets/kv/kv-v2/cookbook/custom-metadata.mdx @@ -85,9 +85,8 @@ destroyed false -@include 'gui-page-instructions/select-kv-mount.mdx' +@include 'gui-instructions/plugins/kv/open-overview.mdx' -- Click through the path segments to select the relevant secret path. - Select the **Metadata** tab. - Click **Edit metadata >**. - Set a new key name and value under **Custom metadata**. diff --git a/website/content/docs/secrets/kv/kv-v2/cookbook/delete-data.mdx b/website/content/docs/secrets/kv/kv-v2/cookbook/delete-data.mdx index d2819d304b0d..2a2907e7e745 100644 --- a/website/content/docs/secrets/kv/kv-v2/cookbook/delete-data.mdx +++ b/website/content/docs/secrets/kv/kv-v2/cookbook/delete-data.mdx @@ -95,9 +95,9 @@ destroyed false -@include 'gui-page-instructions/select-kv-mount.mdx' +@include 'gui-instructions/plugins/kv/open-overview.mdx' -- Click through the path segments to select the relevant secret path. +- Select the **Secret** tab. - Select the appropriate data version from the **Version** dropdown. - Click **Delete**. - Select **Delete this version** to delete the selected version or diff --git a/website/content/docs/secrets/kv/kv-v2/cookbook/destroy-data.mdx b/website/content/docs/secrets/kv/kv-v2/cookbook/destroy-data.mdx index 8bcd2b4052f1..c0dc4be39b98 100644 --- a/website/content/docs/secrets/kv/kv-v2/cookbook/destroy-data.mdx +++ b/website/content/docs/secrets/kv/kv-v2/cookbook/destroy-data.mdx @@ -92,9 +92,9 @@ destroyed true -@include 'gui-page-instructions/select-kv-mount.mdx' +@include 'gui-instructions/plugins/kv/open-overview.mdx' -- Click through the path segments to select the relevant secret path. +- Select the **Secret** tab. - Select the appropriate data version from the **Version** dropdown. - Click **Destroy**. - Click **Confirm**. diff --git a/website/content/docs/secrets/kv/kv-v2/cookbook/max-versions.mdx b/website/content/docs/secrets/kv/kv-v2/cookbook/max-versions.mdx index f7763f94db4a..81c50158a50c 100644 --- a/website/content/docs/secrets/kv/kv-v2/cookbook/max-versions.mdx +++ b/website/content/docs/secrets/kv/kv-v2/cookbook/max-versions.mdx @@ -84,9 +84,8 @@ destroyed false -@include 'gui-page-instructions/select-kv-mount.mdx' +@include 'gui-instructions/plugins/kv/open-overview.mdx' -- Click through the path segments to select the relevant secret path. - Select the **Metadata** tab. - Click **Edit metadata >**. - Update the **Maximum number of versions** field. diff --git a/website/content/docs/secrets/kv/kv-v2/cookbook/patch-data.mdx b/website/content/docs/secrets/kv/kv-v2/cookbook/patch-data.mdx index 1e746acbe588..bf3e1ce3d4cb 100644 --- a/website/content/docs/secrets/kv/kv-v2/cookbook/patch-data.mdx +++ b/website/content/docs/secrets/kv/kv-v2/cookbook/patch-data.mdx @@ -15,8 +15,10 @@ an existing data path in the `kv` v2 plugin. - You have [set up a `kv` v2 plugin](/vault/docs/secrets/kv/kv-v2/setup). - Your authentication token has appropriate permissions for the `kv` v2 plugin: - **`patch`** permission to make direct updates with `PATCH` actions. - - **`create`**+**`update`** permission to make indirect updates by combining - `GET` and `POST` actions. + - **`create`**+**`update`** permission if you want to make indirect + updates with the Vault CLI by combining `GET` and `POST` actions. +- You know the keys or [subkeys](/vault/docs/secrets/kv/kv-v2/cookbook/read-subkey) + you want to patch. @@ -25,7 +27,7 @@ an existing data path in the `kv` v2 plugin. -Use the [`vault kv patch`](/vault/docs/command/kv/patch) command and set the +Use the [`vault kv patch`](/vault/docs/commands/kv/patch) command and set the `-cas` flag to the expected data version to perform a check-and-set operation before applying the patch: @@ -43,7 +45,11 @@ For example: ```shell-session -$ vault kv patch -cas 2 -mount shared dev/square-api prod=5678 +$ vault kv patch \ + -cas 2 \ + -mount shared \ + dev/square-api \ + prod=5678 ======= Secret Path ======= shared/data/dev/square-api @@ -106,10 +112,12 @@ push the update to the plugin. -@include 'gui-page-instructions/select-kv-mount.mdx' +@include 'alerts/enterprise-only.mdx' -- Click through the path segments to select the relevant secret path. -- Click **Create new version +** on the key/value page. +@include 'gui-instructions/plugins/kv/open-overview.mdx' + +- Select the **Secret** tab. +- Click **Patch latest version +**. - Edit the values you want to update. - Click **Save**. diff --git a/website/content/docs/secrets/kv/kv-v2/cookbook/read-data.mdx b/website/content/docs/secrets/kv/kv-v2/cookbook/read-data.mdx index 19763bd7f077..161cecb12685 100644 --- a/website/content/docs/secrets/kv/kv-v2/cookbook/read-data.mdx +++ b/website/content/docs/secrets/kv/kv-v2/cookbook/read-data.mdx @@ -82,9 +82,9 @@ $ vault kv get -mount shared -field prod dev/square-api -@include 'gui-page-instructions/select-kv-mount.mdx' +@include 'gui-instructions/plugins/kv/open-overview.mdx' -- Click through the path segments to select the relevant secret path. +- Select the **Secret** tab. - Click the eye icon to view the desired key value. ![Partial screenshot of the Vault GUI showing two key/value pairs at the path dev/square-api. The "prod" key is visible](/img/gui/kv/read-data.png) diff --git a/website/content/docs/secrets/kv/kv-v2/cookbook/read-subkey.mdx b/website/content/docs/secrets/kv/kv-v2/cookbook/read-subkey.mdx new file mode 100644 index 000000000000..3708c48a5cf1 --- /dev/null +++ b/website/content/docs/secrets/kv/kv-v2/cookbook/read-subkey.mdx @@ -0,0 +1,119 @@ +--- +layout: docs +page_title: Read subkeys +description: >- + Read the available subkeys on a given path from the kv v2 plugin +--- + +# Read subkeys for a key/value data path + +Read the available subkeys on an existing data path in the `kv` v2 plugin. + + + +- You have [set up a `kv` v2 plugin](/vault/docs/secrets/kv/kv-v2/setup). +- Your authentication token has `read` permissions for subkeys on the target + secret path. + + + + + + + +Use `vault read` with the `/subkeys` path to retrieve a list of secret data +subkeys at the given path. + +```shell-session +$ vault read /subkeys/ +``` + +Vault retrieves secrets at the given path but replaces the underlying values of +non-map keys and map keys with no underlying subkeys (leaf keys) with `nil`. + +For example: + + + +```shell-session +$ vault read shared/subkeys/dev/square-api + +Key Value +--- ----- +metadata map[created_time:2024-11-20T20:00:13.385182722Z custom_metadata: deletion_time: destroyed:false version:1] +subkeys map[prod: sandbox: smoke:] +``` + + + + + + + +@include 'alerts/enterprise-only.mdx' + +@include 'gui-instructions/plugins/kv/open-overview.mdx' + +You can read a list of available subkeys for the target path in the **Subkeys** +card. + +![Partial screenshot of the Vault GUI showing subkeys "prod" and "sandbox" for secret data at path dev/square-api.](/img/gui/kv/overview-page.png) + + + + + +Call the [`/{plugin_mount_path}/subkeys/{secret_path}`](/vault/api-docs/secret/kv/kv-v2#read-secret-subkeys) +endpoint to fetch a list of available subkeys on the given path: + +```shell-session +$ curl \ + --request GET \ + --header "X-Vault-Token: ${VAULT_TOKEN}" \ + ${VAULT_ADDR}/v1//subkeys/ +``` + +Vault retrieves secrets at the given path but replaces the underlying values of +non-map keys and map keys with no underlying subkeys (leaf keys) with `null`. + +For example: + + + +```shell-session +$ curl \ + --request GET \ + --header "X-Vault-Token: ${VAULT_TOKEN}" \ + ${VAULT_ADDR}/v1/shared/subkeys/dev/square-api | jq + +{ + "request_id": "bfeac3c5-f4dc-37b2-8909-3b15121cfd20", + "lease_id": "", + "renewable": false, + "lease_duration": 0, + "data": { + "metadata": { + "created_time": "2024-11-20T20:00:13.385182722Z", + "custom_metadata": null, + "deletion_time": "", + "destroyed": false, + "version": 11 + }, + "subkeys": { + "prod": null, + "sandbox": null, + "smoke": null + } + }, + "wrap_info": null, + "warnings": null, + "auth": null, + "mount_type": "kv" +} +``` + + + + + + diff --git a/website/content/docs/secrets/kv/kv-v2/cookbook/undelete-data.mdx b/website/content/docs/secrets/kv/kv-v2/cookbook/undelete-data.mdx index 176eea4deb4a..c8954e7899b0 100644 --- a/website/content/docs/secrets/kv/kv-v2/cookbook/undelete-data.mdx +++ b/website/content/docs/secrets/kv/kv-v2/cookbook/undelete-data.mdx @@ -90,9 +90,9 @@ destroyed false -@include 'gui-page-instructions/select-kv-mount.mdx' +@include 'gui-instructions/plugins/kv/open-overview.mdx' -- Click through the path segments to select the relevant secret path. +- Select the **Secret** tab. - Select the appropriate data version from the **Version** dropdown. - Click **Undelete**. diff --git a/website/content/docs/secrets/kv/kv-v2/cookbook/write-data.mdx b/website/content/docs/secrets/kv/kv-v2/cookbook/write-data.mdx index 1250f25f171d..b84c2392abf5 100644 --- a/website/content/docs/secrets/kv/kv-v2/cookbook/write-data.mdx +++ b/website/content/docs/secrets/kv/kv-v2/cookbook/write-data.mdx @@ -72,10 +72,11 @@ The Vault GUI forcibly converts non-string keys to strings before writing data. To preserve non-string values, use the JSON toggle to write your key/value data as JSON. -@include 'gui-page-instructions/select-kv-mount.mdx' +@include 'gui-instructions/plugins/kv/open-overview.mdx' -- Click through the path segments to select the relevant secret path. -- Click **Create new version +**. +- Click **Create new +** from one of the following tabs: + - **Overview** tab: in the "Current version" card. + - **Secret** tab: in the toolbar. - Set a new key name and value. - Use the **Add** button to set additional key/value pairs. - Click **Save** to write the new version data. diff --git a/website/content/docs/secrets/kv/kv-v2/index.mdx b/website/content/docs/secrets/kv/kv-v2/index.mdx index 19c292478cb5..974ce55f4249 100644 --- a/website/content/docs/secrets/kv/kv-v2/index.mdx +++ b/website/content/docs/secrets/kv/kv-v2/index.mdx @@ -35,6 +35,7 @@ Basic examples: - [Set max data versions](/vault/docs/secrets/kv/kv-v2/cookbook/max-versions) - [Write data](/vault/docs/secrets/kv/kv-v2/cookbook/write-data) - [Patch and update data](/vault/docs/secrets/kv/kv-v2/cookbook/patch-data) +- [Read subkeys](/vault/docs/secrets/kv/kv-v2/cookbook/read-subkey) - [Soft delete data](/vault/docs/secrets/kv/kv-v2/cookbook/delete-data) - [Restore soft deleted data](/vault/docs/secrets/kv/kv-v2/cookbook/undelete-data) - [Destroy data](/vault/docs/secrets/kv/kv-v2/cookbook/destroy-data) diff --git a/website/content/docs/secrets/kv/kv-v2/random-string.mdx b/website/content/docs/secrets/kv/kv-v2/random-string.mdx index 858ae231c00c..6f9a79fbb5fc 100644 --- a/website/content/docs/secrets/kv/kv-v2/random-string.mdx +++ b/website/content/docs/secrets/kv/kv-v2/random-string.mdx @@ -268,9 +268,10 @@ g0bc0b6W3ii^SXa@*ie5 -@include 'gui-page-instructions/select-kv-mount.mdx' +@include 'gui-instructions/plugins/kv/open-overview.mdx' + +- Select the **Secret** tab. -- Click through the path segments to select the relevant secret path. - Click the eye icon to view the desired key value. ![Partial screenshot of the Vault GUI showing the randomized string stored at the path dev/seeds.](/img/gui/kv/random-string.png) diff --git a/website/content/docs/secrets/kv/kv-v2/setup.mdx b/website/content/docs/secrets/kv/kv-v2/setup.mdx index 1d386496450a..1d7e2c7d1fd8 100644 --- a/website/content/docs/secrets/kv/kv-v2/setup.mdx +++ b/website/content/docs/secrets/kv/kv-v2/setup.mdx @@ -52,7 +52,7 @@ $ vault secrets enable -path kv-v2 -@include 'gui-page-instructions/enable-secrets-plugin.mdx' +@include 'gui-instructions/enable-secrets-plugin.mdx' - Select the "KV" plugin. @@ -221,7 +221,7 @@ $ vault policy write "KV-access-policy" ./kv-policy.hcl -@include 'gui-page-instructions/create-acl-policy.mdx' +@include 'gui-instructions/create-acl-policy.mdx' - Provide a name for the policy and upload the policy definition file. diff --git a/website/content/docs/secrets/pki/considerations.mdx b/website/content/docs/secrets/pki/considerations.mdx index 2fc8764b83aa..e71377726492 100644 --- a/website/content/docs/secrets/pki/considerations.mdx +++ b/website/content/docs/secrets/pki/considerations.mdx @@ -49,6 +49,9 @@ generating the CA to use with this secrets engine. - [Cluster Scalability](#cluster-scalability) - [PSS Support](#pss-support) - [Issuer Storage Migration Issues](#issuer-storage-migration-issues) + - [Issuer Constraints Enforcement](#issuer-constraints-enforcement) + - [Tutorial](#tutorial) + - [API](#api) ## Be careful with root CAs @@ -1013,6 +1016,25 @@ refresh of the `ca_chain` field on the issuer, and can be verified with: vault read pki/issuer/default ``` +## Issuer Constraints Enforcement + +Starting with versions 1.18.3, 1.18.3+ent, 1.17.10+ent and 1.16.14+ent, Vault +performs additional verifications when creating or signing leaf certificates for +issuers that have constraints extensions. This verification includes validating +extended key usage, name constraints, and correct copying of the issuer name +onto the certificate. Certificates issued without this verification might not be +accepted by end user applications. + +Problems with issuance arising from this validation should be fixed by changing +the issuer certificate itself, to avoid more problems down the line. + +It is possible to completely disable verification by setting environment +variable `VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION` to `true`. + +~> **Warning**: The use of environment variable `VAULT_DISABLE_PKI_CONSTRAINTS_VERIFICATION` +should be considered as a last resort. + + ## Tutorial Refer to the [Build Your Own Certificate Authority (CA)](/vault/tutorials/secrets-management/pki-engine) diff --git a/website/content/docs/sync/awssm.mdx b/website/content/docs/sync/awssm.mdx index 3bae604e591f..c32873a36ede 100644 --- a/website/content/docs/sync/awssm.mdx +++ b/website/content/docs/sync/awssm.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: AWS Secrets Manager - Secrets Sync Destination -description: The AWS Secrets Manager destination syncs secrets from Vault to AWS. +page_title: Sync secrets from Vault to AWS Secrets Manager +description: >- + Automatically sync and unsync the secrets from Vault to AWS Secrets Manager to centralize visibility and control of secrets lifecycle management. --- -# AWS Secrets Manager +# Sync secrets from Vault to AWS Secrets Manager The AWS Secrets Manager destination enables Vault to sync and unsync secrets of your choosing into an external AWS account. When configured, Vault will actively maintain the state of each externally-synced diff --git a/website/content/docs/sync/azurekv.mdx b/website/content/docs/sync/azurekv.mdx index 943700b01c8f..affc3f1e80c1 100644 --- a/website/content/docs/sync/azurekv.mdx +++ b/website/content/docs/sync/azurekv.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Azure Key Vault - Secrets Sync Destination -description: The Azure Key Vault destination syncs secrets from Vault to Azure. +page_title: Sync secrets from Vault to Azure Key Vault +description: >- + Automatically sync and unsync the secrets from Vault to Azure Key Vault to centralize visibility and control of secrets lifecycle management. --- -# Azure Key Vault +# Sync secrets from Vault to Azure Key Vault The Azure Key Vault destination enables Vault to sync and unsync secrets of your choosing into an external Azure account. When configured, Vault will actively maintain the state of each externally-synced diff --git a/website/content/docs/sync/gcpsm.mdx b/website/content/docs/sync/gcpsm.mdx index e5df04026c8b..f153194f026b 100644 --- a/website/content/docs/sync/gcpsm.mdx +++ b/website/content/docs/sync/gcpsm.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Google Cloud Platform Secret Manager - Secrets Sync Destination -description: The Google Cloud Platform Secret Manager destination syncs secrets from Vault to GCP. +page_title: Sync secrets from Vault to GCP Secret Manager +description: >- + Automatically sync and unsync the secrets from Vault to GCP Secret Manager to centralize visibility and control of secrets lifecycle management. --- -# Google Cloud Platform Secret Manager +# Sync secrets from Vault to GCP Secret Manager The Google Cloud Platform (GCP) Secret Manager sync destination allows Vault to safely synchronize secrets to your GCP projects. This is a low footprint option that enables your applications to benefit from Vault-managed secrets without requiring them diff --git a/website/content/docs/sync/github.mdx b/website/content/docs/sync/github.mdx index 174dbf6e5d89..29aa9610e505 100644 --- a/website/content/docs/sync/github.mdx +++ b/website/content/docs/sync/github.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: GitHub - Secrets Sync Destination -description: The GitHub destination syncs secrets from Vault to GitHub. +page_title: Sync secrets from Vault to GitHub +description: >- + Automatically sync and unsync the secrets from Vault to GitHub to centralize visibility and control of secrets lifecycle management. --- -# GitHub actions secrets +# Sync secrets from Vault to GitHub The GitHub actions sync destination allows Vault to safely synchronize secrets as GitHub organization, repository, or environment secrets. This is a low footprint option that enables your applications to benefit from Vault-managed secrets without requiring them @@ -23,8 +24,10 @@ Prerequisites: + Access tokens are tied to a user account and can be revoked at any time, causing disruptions to the sync process. GitHub applications are long-lived and do not expire. Using a GitHub application for authentication is preferred over using a personal access token. + ### Repositories diff --git a/website/content/docs/sync/index.mdx b/website/content/docs/sync/index.mdx index dd53d8631528..1b57ab9ac296 100644 --- a/website/content/docs/sync/index.mdx +++ b/website/content/docs/sync/index.mdx @@ -1,10 +1,10 @@ --- layout: docs page_title: Secrets sync -description: Secrets sync allows you to safely sync Vault-managed secrets with external destinations. +description: >- + Use secrets sync feature to automatically sync Vault-managed secrets with external destinations to centralize secrets lifecycle management. --- - # Secrets sync diff --git a/website/content/docs/sync/vercelproject.mdx b/website/content/docs/sync/vercelproject.mdx index 0e22eb78d2db..8ec3121f7589 100644 --- a/website/content/docs/sync/vercelproject.mdx +++ b/website/content/docs/sync/vercelproject.mdx @@ -1,10 +1,11 @@ --- layout: docs -page_title: Vercel Project - Secrets Sync Destination -description: The Vercel Project destination syncs secrets from Vault to Vercel. +page_title: Sync secrets from Vault to Vercel Project +description: >- + Automatically sync and unsync the secrets from Vault to a Vercel project to centralize visibility and control of secrets lifecycle management. --- -# Vercel Project environment variables +# Sync secrets from Vault to Vercel Project The Vercel Project sync destination allows Vault to safely synchronize secrets as Vercel environment variables. This is a low footprint option that enables your applications to benefit from Vault-managed secrets without requiring them diff --git a/website/content/docs/upgrading/upgrade-to-1.17.x.mdx b/website/content/docs/upgrading/upgrade-to-1.17.x.mdx index 60b0ba1d3e3d..b034b6b36280 100644 --- a/website/content/docs/upgrading/upgrade-to-1.17.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.17.x.mdx @@ -199,3 +199,5 @@ more details, and information about opt-out. @include 'known-issues/duplicate-identity-groups.mdx' @include 'known-issues/manual-entity-merge-does-not-persist.mdx' + +@include 'known-issues/1_17_secrets-sync-ssrf-private-endpoints.mdx' \ No newline at end of file diff --git a/website/content/partials/cli/README.md b/website/content/partials/cli/README.md index 74329cd15886..a73c7fc597ab 100644 --- a/website/content/partials/cli/README.md +++ b/website/content/partials/cli/README.md @@ -1,22 +1,101 @@ +## Terminology + +non-runnable a command with no side-effects other than printing help text. +command tree a hierarchical graph of CLI commands where internal nodes are + non-runnable and leaf nodes represent runnable CLI commands. +root command the root node in a tree or subtree of CLI commands. For example, + `plugin` is the root node for all plugin commands and + `plugin runtime` is the root node for runtime commands. +command family - the top-most root command for a collection of CLI commands. + For example `audit` or `plugin`. + +### Exceptions :( + +The `agent` family of commands is malformed. Rather than having a root node +(`agent`) with two subcommands (`agent start` and `agent generate-config`), the +root command is runnable. + + + +## Why partials? We document CLI command arguments, options, and flags as partials: - as a first step toward templatizing and autogenerating the CLI command pages. -- to make it easier to include and maintain elements shared across commands in +- to make it easier to include and maintain parameters shared across commands in the same family. -- to make it easier to include and maintain elements shared across command +- to make it easier to include and maintain parameters shared across command families. - to make it easier to include information about standard flags on the command pages. -Partial template for CLI elements (required elements use in place of -a default value): +## Directory structure + +partials/cli/ partials specific to a command family +partials/cli//args command-family arguments +partials/cli//flags command-family flags +partials/cli//options command-family options + +partials/cli/shared partials for parameters shared across some, but not all, command families +partials/cli/shared/args shared arguments (does not exist yet) +partials/cli/shared/flags shared flags +partials/cli/shared/options shared options (does not exist yet) + +partials/global-settings partials for standard/global parameters +partials/global-settings/flags global flags (e.g., `-header`) +partials/global-settings/env global environment variables (e.g., `VAULT_LICENSE`) +partials/global-settings/both parameters that exits as flags and variables + +## Partial templates + +- Use the parameter name as the file name and "NAME" in the anchor definition, + even if the use of dashes or underscores is inconsistent with other parameters + or partial names. For example, if the flag is `-my_weird_flag`, make the + partial filename `my_weird_flag.mdx` and the anchor ID + `COMMAND-flag-my_weird_flag`. +- If the parameter is shared across command families, but not applicable to **all** + command families, it belongs under `partials/cli/shared` +- If the parameter is a flag with a cooresponding environment variable but + **does not** apply to all commands, talk with a technical writer before + creating your partials. +- If the parameter is required, use `` for the default entry. +- Include `-` as part of the name for flag names **except for anchor IDs**. +- Use `=` in example text for options +- Omit `=` in example text for flags + +### Template 1 - command-specific parameters + +Use the following template for parameters that exist as command-exclusively +arguments, flags, or options. + +-- Template (start) -- - + -**`-NAME (TYPE : DEFAULT)`** + +**`NAME (TYPE : DEFAULT)`** DESCRIPTION **Example**: `EXAMPLE_OF_VALID_USE` + +-- Template (end) -- + + +### Template 2 - shared parameters + +Use the following template for parameters that exist as arguments, flags, or +options that are not global but are shared across more than one command family. + +-- Template (start) -- + + + +**`NAME (TYPE : DEFAULT)`** + +DESCRIPTION + +**Example**: `EXAMPLE_OF_VALID_USE` + +-- Template (end) -- diff --git a/website/content/partials/cli/agent/args/file_path.mdx b/website/content/partials/cli/agent/args/file_path.mdx index bfd554bcdf0f..c97f1cd0c5d2 100644 --- a/website/content/partials/cli/agent/args/file_path.mdx +++ b/website/content/partials/cli/agent/args/file_path.mdx @@ -4,4 +4,4 @@ The path where Vault should save the generated configuration file. -**Example**: `"./agent/custom-config.hcl"` \ No newline at end of file +**Example**: `"./agent/custom-config.hcl"` diff --git a/website/content/partials/cli/agent/flags/config.mdx b/website/content/partials/cli/agent/flags/config.mdx index f339548d3b30..27b0f1775761 100644 --- a/website/content/partials/cli/agent/flags/config.mdx +++ b/website/content/partials/cli/agent/flags/config.mdx @@ -9,4 +9,4 @@ flag as needed to specify more than one discrete configuration file. If you specify more than one configuration file, Agent composes the source files into a single configuration file at runtime. -**Example**: `-config /path/to/file.hcl` \ No newline at end of file +**Example**: `-config /path/to/file.hcl` diff --git a/website/content/partials/cli/agent/flags/exit-after-auth.mdx b/website/content/partials/cli/agent/flags/exit-after-auth.mdx index 4f3c1a2a3689..75e6874ea560 100644 --- a/website/content/partials/cli/agent/flags/exit-after-auth.mdx +++ b/website/content/partials/cli/agent/flags/exit-after-auth.mdx @@ -5,4 +5,4 @@ Exit with code `0` after a single successful auth. Success indicates successful token retrieval and write to sink. -**Example**: `-exit-after-auth` \ No newline at end of file +**Example**: `-exit-after-auth` diff --git a/website/content/partials/cli/agent/flags/type.mdx b/website/content/partials/cli/agent/flags/type.mdx index 216a84c92ebc..de7363841055 100644 --- a/website/content/partials/cli/agent/flags/type.mdx +++ b/website/content/partials/cli/agent/flags/type.mdx @@ -8,4 +8,4 @@ Enum | Description -------------- | ----------- `env-template` | Create environment variable templates from JSON keys in `kv` plugins -**Example**: `-type env-template` \ No newline at end of file +**Example**: `-type env-template` diff --git a/website/content/partials/cli/audit/args/device_path.mdx b/website/content/partials/cli/audit/args/device_path.mdx index 6d2160586f3a..134f7d8727c1 100644 --- a/website/content/partials/cli/audit/args/device_path.mdx +++ b/website/content/partials/cli/audit/args/device_path.mdx @@ -1,4 +1,4 @@ - + **`device_path (string : )`** diff --git a/website/content/partials/cli/audit/args/device_type.mdx b/website/content/partials/cli/audit/args/device_type.mdx index 3a8a75cbeb9e..0e0bc6063e5d 100644 --- a/website/content/partials/cli/audit/args/device_type.mdx +++ b/website/content/partials/cli/audit/args/device_type.mdx @@ -1,4 +1,4 @@ - + **`device_type (enum : )`** @@ -8,4 +8,4 @@ Enum | Description -------- | ----------- `file` | Write log entries to a file on the Vault server. `socket` | Write log entries to an existing TCP, UDP, or UNIX socket. -`syslog` | Write log entries using the existing system logging protocol. \ No newline at end of file +`syslog` | Write log entries using the existing system logging protocol. diff --git a/website/content/partials/cli/audit/args/file/file_path.mdx b/website/content/partials/cli/audit/args/file/file_path.mdx index bd0f45a4c0e7..964e281a842b 100644 --- a/website/content/partials/cli/audit/args/file/file_path.mdx +++ b/website/content/partials/cli/audit/args/file/file_path.mdx @@ -1,4 +1,4 @@ - + **`file_path (string : )`** diff --git a/website/content/partials/cli/audit/args/file/mode.mdx b/website/content/partials/cli/audit/args/file/mode.mdx index fbd575bb166e..d285751b46cb 100644 --- a/website/content/partials/cli/audit/args/file/mode.mdx +++ b/website/content/partials/cli/audit/args/file/mode.mdx @@ -1,9 +1,9 @@ - + **`mode (string : "0600")`** The `chmod`-style octal permissions for the audit file. Set `mode` to "0000" to -prevent Vault from modifying the file mode. +prevent Vault from modifying the file mode. **Example**: `mode="0755"` diff --git a/website/content/partials/cli/audit/args/socket/address.mdx b/website/content/partials/cli/audit/args/socket/address.mdx index ef764ddf227e..8d4083e7a497 100644 --- a/website/content/partials/cli/audit/args/socket/address.mdx +++ b/website/content/partials/cli/audit/args/socket/address.mdx @@ -1,4 +1,4 @@ - + **`address (string : "")`** diff --git a/website/content/partials/cli/audit/args/socket/socket_type.mdx b/website/content/partials/cli/audit/args/socket/socket_type.mdx index ee2e8a3e6ddf..051f37083236 100644 --- a/website/content/partials/cli/audit/args/socket/socket_type.mdx +++ b/website/content/partials/cli/audit/args/socket/socket_type.mdx @@ -1,4 +1,4 @@ - + **`socket_type (string : "tcp")`** diff --git a/website/content/partials/cli/audit/args/socket/write_timeout.mdx b/website/content/partials/cli/audit/args/socket/write_timeout.mdx index 205fe62bbcc0..f5921bf9b85b 100644 --- a/website/content/partials/cli/audit/args/socket/write_timeout.mdx +++ b/website/content/partials/cli/audit/args/socket/write_timeout.mdx @@ -1,4 +1,4 @@ - + **`write_timeout (string : "2s")`** diff --git a/website/content/partials/cli/audit/args/syslog/facility.mdx b/website/content/partials/cli/audit/args/syslog/facility.mdx index 18e22048441b..8c923ed9be72 100644 --- a/website/content/partials/cli/audit/args/syslog/facility.mdx +++ b/website/content/partials/cli/audit/args/syslog/facility.mdx @@ -1,4 +1,4 @@ - + **`facility (string : "AUTH")`** diff --git a/website/content/partials/cli/audit/args/syslog/tag.mdx b/website/content/partials/cli/audit/args/syslog/tag.mdx index 66024e304244..de7cfc6dd54a 100644 --- a/website/content/partials/cli/audit/args/syslog/tag.mdx +++ b/website/content/partials/cli/audit/args/syslog/tag.mdx @@ -1,4 +1,4 @@ - + **`tag (string : "vault")`** diff --git a/website/content/partials/cli/audit/flags/detailed.mdx b/website/content/partials/cli/audit/flags/detailed.mdx index 267458dff44e..3584a9e37744 100644 --- a/website/content/partials/cli/audit/flags/detailed.mdx +++ b/website/content/partials/cli/audit/flags/detailed.mdx @@ -5,4 +5,4 @@ Print detailed information such as options and replication status about each audit device. -**Example**: `-detailed` \ No newline at end of file +**Example**: `-detailed` diff --git a/website/content/partials/cli/audit/flags/local.mdx b/website/content/partials/cli/audit/flags/local.mdx index 9c8cbe4a2ba2..110cdf430c49 100644 --- a/website/content/partials/cli/audit/flags/local.mdx +++ b/website/content/partials/cli/audit/flags/local.mdx @@ -5,4 +5,4 @@ Indicates that the audit device is local to the Vault server and ignored by replication. -**Example**: `-local` +**Example**: `-local` \ No newline at end of file diff --git a/website/content/partials/cli/audit/options/elide_list_responses.mdx b/website/content/partials/cli/audit/options/elide_list_responses.mdx index 0aeec756a4a4..51170a7bcc22 100644 --- a/website/content/partials/cli/audit/options/elide_list_responses.mdx +++ b/website/content/partials/cli/audit/options/elide_list_responses.mdx @@ -1,4 +1,4 @@ - + **`elide_list_responses (bool : false)`** diff --git a/website/content/partials/cli/audit/options/exclude.mdx b/website/content/partials/cli/audit/options/exclude.mdx index 6e1ee3910f49..ccb6caf6e7c7 100644 --- a/website/content/partials/cli/audit/options/exclude.mdx +++ b/website/content/partials/cli/audit/options/exclude.mdx @@ -1,4 +1,4 @@ - + **`exclude (string : "")`** @@ -14,8 +14,9 @@ audit entry before writing to the audit device. definitions to `exclude`: ``` - $ vault audit enable exclude=@rules.json file file_path="/var/logs/vault/audit.log"' + $ vault audit enable \ + exclude=@rules.json \ + file file_path="/var/logs/vault/audit.log"' ``` - diff --git a/website/content/partials/cli/audit/options/fallback.mdx b/website/content/partials/cli/audit/options/fallback.mdx index 6cec7108bab7..31c6453c4331 100644 --- a/website/content/partials/cli/audit/options/fallback.mdx +++ b/website/content/partials/cli/audit/options/fallback.mdx @@ -1,6 +1,6 @@ - + -**`fallback (bool : false)`** +**`fallback (bool : false)`** The audit device is the fallback for filtering purposes. **Vault only supports one fallback audit device at a time**. diff --git a/website/content/partials/cli/audit/options/filter.mdx b/website/content/partials/cli/audit/options/filter.mdx index 431c3e648263..1721fe9874ae 100644 --- a/website/content/partials/cli/audit/options/filter.mdx +++ b/website/content/partials/cli/audit/options/filter.mdx @@ -1,4 +1,4 @@ - + **`filter (string : "")`** diff --git a/website/content/partials/cli/audit/options/format.mdx b/website/content/partials/cli/audit/options/format.mdx index 1218ec0191f2..b39bd5e0efd3 100644 --- a/website/content/partials/cli/audit/options/format.mdx +++ b/website/content/partials/cli/audit/options/format.mdx @@ -1,4 +1,4 @@ - + **`format (enum : json)`** diff --git a/website/content/partials/cli/audit/options/hmac_accessor.mdx b/website/content/partials/cli/audit/options/hmac_accessor.mdx index fe4a88421f57..e7ff746bce54 100644 --- a/website/content/partials/cli/audit/options/hmac_accessor.mdx +++ b/website/content/partials/cli/audit/options/hmac_accessor.mdx @@ -1,4 +1,4 @@ - + **`hmac_accessor (bool : true)`** diff --git a/website/content/partials/cli/audit/options/log_raw.mdx b/website/content/partials/cli/audit/options/log_raw.mdx index 69870db3228d..176cbb9317b6 100644 --- a/website/content/partials/cli/audit/options/log_raw.mdx +++ b/website/content/partials/cli/audit/options/log_raw.mdx @@ -1,4 +1,4 @@ - + **`log_raw (bool : false)`** diff --git a/website/content/partials/cli/audit/options/prefix.mdx b/website/content/partials/cli/audit/options/prefix.mdx index bb6d812116ca..77822d0e4e62 100644 --- a/website/content/partials/cli/audit/options/prefix.mdx +++ b/website/content/partials/cli/audit/options/prefix.mdx @@ -1,4 +1,4 @@ - + **`prefix (string : "")`** diff --git a/website/content/partials/cli/shared/flags/log-file.mdx b/website/content/partials/cli/shared/flags/log-file.mdx index 7e75bfd6e87f..465716eba8fc 100644 --- a/website/content/partials/cli/shared/flags/log-file.mdx +++ b/website/content/partials/cli/shared/flags/log-file.mdx @@ -9,4 +9,4 @@ Absolute path where Vault Agent saves logging data. - Paths ending with a name but not an extension use the `.log` extension. - Paths ending with a name and extension use the provided file name. -**Example**: `-log-file "/var/log/vault-logs/"` \ No newline at end of file +**Example**: `-log-file "/var/log/vault-logs/"` diff --git a/website/content/partials/cli/shared/flags/log-rotate-bytes.mdx b/website/content/partials/cli/shared/flags/log-rotate-bytes.mdx index 37b5a1d5de2f..c871442eb11d 100644 --- a/website/content/partials/cli/shared/flags/log-rotate-bytes.mdx +++ b/website/content/partials/cli/shared/flags/log-rotate-bytes.mdx @@ -5,4 +5,4 @@ File size, in bytes, after which log files must rotate. Leave `log-rotate-bytes` unset if you prefer not to limit log file size. -**Example**: `-log-rotate-bytes 1000000` \ No newline at end of file +**Example**: `-log-rotate-bytes 1000000` diff --git a/website/content/partials/cli/shared/flags/log-rotate-max-files.mdx b/website/content/partials/cli/shared/flags/log-rotate-max-files.mdx index 1e3b6cc122fe..e0294617d036 100644 --- a/website/content/partials/cli/shared/flags/log-rotate-max-files.mdx +++ b/website/content/partials/cli/shared/flags/log-rotate-max-files.mdx @@ -1,4 +1,4 @@ - + **`-log-rotate-max-files (int : 0)`** diff --git a/website/content/partials/global-settings/both/address.mdx b/website/content/partials/global-settings/both/address.mdx index d8417909b634..86dbdf5a8d6e 100644 --- a/website/content/partials/global-settings/both/address.mdx +++ b/website/content/partials/global-settings/both/address.mdx @@ -8,4 +8,3 @@ Address of the Vault server. - CLI flag: `-address "https://mydomain/vault:8200"` - Environment variable: `export VAULT_ADDR="https://mydomain/vault:8200"` - diff --git a/website/content/partials/global-settings/both/agent-address.mdx b/website/content/partials/global-settings/both/agent-address.mdx index 7e27fedb28d9..ba5f8de3dda9 100644 --- a/website/content/partials/global-settings/both/agent-address.mdx +++ b/website/content/partials/global-settings/both/agent-address.mdx @@ -8,4 +8,3 @@ Address of the Vault Agent, if used. - CLI flag: `-agent-address "https://mydomain/vault-agent:8200"` - Environment variable: `export VAULT_AGENT_ADDR="https://mydomain/vault-agent:8200"` - diff --git a/website/content/partials/global-settings/both/ca-cert.mdx b/website/content/partials/global-settings/both/ca-cert.mdx index b98ecfca4347..d23ccb2345e9 100644 --- a/website/content/partials/global-settings/both/ca-cert.mdx +++ b/website/content/partials/global-settings/both/ca-cert.mdx @@ -9,4 +9,3 @@ certificates for the server. **Takes precedence over `-ca_path`**. - CLI flag: `-ca-cert "/path/to/certs/mycert.pem"` - Environment variable: `export VAULT_CACERT="/path/to/certs/mycert.pem"` - diff --git a/website/content/partials/global-settings/both/ca-path.mdx b/website/content/partials/global-settings/both/ca-path.mdx index cb8d1dfada99..e7efd349f3c8 100644 --- a/website/content/partials/global-settings/both/ca-path.mdx +++ b/website/content/partials/global-settings/both/ca-path.mdx @@ -9,4 +9,3 @@ Used to verify SSL certificates for the server. - CLI flag: `-ca-path "/path/to/certs/dir"` - Environment variable: `export VAULT_CAPATH="/path/to/certs/dir"` - diff --git a/website/content/partials/global-settings/both/client-cert.mdx b/website/content/partials/global-settings/both/client-cert.mdx index dbde772483bc..049d48462352 100644 --- a/website/content/partials/global-settings/both/client-cert.mdx +++ b/website/content/partials/global-settings/both/client-cert.mdx @@ -10,4 +10,3 @@ private key specified with `-client-cert`**. - CLI flag: `-client-cert "/path/to/certs/mycert.pem"` - Environment variable: `export VAULT_CLIENT_CERT="/path/to/certs/mycert.pem"` - diff --git a/website/content/partials/global-settings/both/client-key.mdx b/website/content/partials/global-settings/both/client-key.mdx index 12b574fb641c..e3389874ea11 100644 --- a/website/content/partials/global-settings/both/client-key.mdx +++ b/website/content/partials/global-settings/both/client-key.mdx @@ -9,4 +9,3 @@ Path to a PEM-encoded private key that matches the client certificate set with - CLI flag: `-client-key "/path/to/keys/myprivatekey.pem"` - Environment variable: `export VAULT_CLIENT_KEY="/path/to/keys/myprivatekey.pem"` - diff --git a/website/content/partials/global-settings/both/disable-redirects.mdx b/website/content/partials/global-settings/both/disable-redirects.mdx index 815de5818cae..a9225e79e4e5 100644 --- a/website/content/partials/global-settings/both/disable-redirects.mdx +++ b/website/content/partials/global-settings/both/disable-redirects.mdx @@ -18,4 +18,3 @@ chain. misbehave. - diff --git a/website/content/partials/global-settings/both/format.mdx b/website/content/partials/global-settings/both/format.mdx index c0d437e482ec..3912e0458f50 100644 --- a/website/content/partials/global-settings/both/format.mdx +++ b/website/content/partials/global-settings/both/format.mdx @@ -1,6 +1,6 @@ -**`[-format | VAULT_FORMAT] (enum: json)`** +**`[-format | VAULT_FORMAT] (enum: table)`** Set the CLI output format. @@ -13,6 +13,5 @@ Value | Description **Examples**: -- CLI flag: `-format table` -- Environment variable: `export VAULT_FORMAT=table` - +- CLI flag: `-format json` +- Environment variable: `export VAULT_FORMAT=json` diff --git a/website/content/partials/global-settings/both/log-format.mdx b/website/content/partials/global-settings/both/log-format.mdx index ab7c74f03ecd..8f960d7568b9 100644 --- a/website/content/partials/global-settings/both/log-format.mdx +++ b/website/content/partials/global-settings/both/log-format.mdx @@ -10,4 +10,4 @@ Format of log data: **Examples**: - CLI flag: `-log-format json` -- Environment variable: `export VAULT_LOG_FORMAT=json` \ No newline at end of file +- Environment variable: `export VAULT_LOG_FORMAT=json` diff --git a/website/content/partials/global-settings/both/log-level.mdx b/website/content/partials/global-settings/both/log-level.mdx index c21109153977..8f5300cd30c6 100644 --- a/website/content/partials/global-settings/both/log-level.mdx +++ b/website/content/partials/global-settings/both/log-level.mdx @@ -1,4 +1,4 @@ - + **`[-log-level | VAULT_LOG_LEVEL] (enum : info)`** @@ -16,4 +16,3 @@ Enum | Logging behavior - CLI flag: `-log-level debug` - Environment variable: `export VAULT_LOG_LEVEL=debug` - diff --git a/website/content/partials/global-settings/both/mfa.mdx b/website/content/partials/global-settings/both/mfa.mdx index a3eb933d8f14..bd0bf79b74f6 100644 --- a/website/content/partials/global-settings/both/mfa.mdx +++ b/website/content/partials/global-settings/both/mfa.mdx @@ -19,5 +19,3 @@ underlying API endpoint. MFA methods, use the `-mfa` CLI flag and repeat the flag as needed. - - diff --git a/website/content/partials/global-settings/both/namespace.mdx b/website/content/partials/global-settings/both/namespace.mdx index 05c87c15480e..e5d463560cc1 100644 --- a/website/content/partials/global-settings/both/namespace.mdx +++ b/website/content/partials/global-settings/both/namespace.mdx @@ -9,4 +9,3 @@ mount paths. - CLI flag: `-namespace "admin"` - Environment variable: `export VAULT_NAMESPACE="admin"` - diff --git a/website/content/partials/global-settings/both/tls-server-name.mdx b/website/content/partials/global-settings/both/tls-server-name.mdx index 5adc392b3701..edafe1378165 100644 --- a/website/content/partials/global-settings/both/tls-server-name.mdx +++ b/website/content/partials/global-settings/both/tls-server-name.mdx @@ -8,4 +8,3 @@ Name of the SNI host for TLS handshake resolution for TLS connections to Vault. - CLI flag: `-tls-server-name "hostname.domain"` - Environment variable: `export VAULT_TLS_SERVER_NAME="hostname.domain"` - diff --git a/website/content/partials/global-settings/both/tls-skip-verify.mdx b/website/content/partials/global-settings/both/tls-skip-verify.mdx index c2a1f510f35f..be3a2c1f37e1 100644 --- a/website/content/partials/global-settings/both/tls-skip-verify.mdx +++ b/website/content/partials/global-settings/both/tls-skip-verify.mdx @@ -10,4 +10,3 @@ from the Vault server. - CLI flag: `-tls-skip-verify` - Environment variable: `export VAULT_SKIP_VERIFY=1` - diff --git a/website/content/partials/global-settings/both/wrap-ttl.mdx b/website/content/partials/global-settings/both/wrap-ttl.mdx index d90b32455b17..ac2104fedccc 100644 --- a/website/content/partials/global-settings/both/wrap-ttl.mdx +++ b/website/content/partials/global-settings/both/wrap-ttl.mdx @@ -10,4 +10,3 @@ the duration expires. Leave `wrap_ttl` unset to leave CLI responses unwrapped. - CLI flag: `-wrap-ttl "5m"` - Environment variable: `export VAULT_WRAP_TTL="5m"` - diff --git a/website/content/partials/global-settings/env/cli_no_color.mdx b/website/content/partials/global-settings/env/cli_no_color.mdx index c2b934925ac9..e840e5490aa5 100644 --- a/website/content/partials/global-settings/env/cli_no_color.mdx +++ b/website/content/partials/global-settings/env/cli_no_color.mdx @@ -1,9 +1,7 @@ - + **`VAULT_CLI_NO_COLOR (bool : true)`** Exclude ANSI color escape sequence characters from the CLI output. **Example**: `export VAULT_CLI_NO_COLOR=0` - - diff --git a/website/content/partials/global-settings/env/client_timeout.mdx b/website/content/partials/global-settings/env/client_timeout.mdx index de3443260594..1fb2f6a1becd 100644 --- a/website/content/partials/global-settings/env/client_timeout.mdx +++ b/website/content/partials/global-settings/env/client_timeout.mdx @@ -1,4 +1,4 @@ - + **`VAULT_CLIENT_TIMEOUT (string : "60s")`** @@ -6,4 +6,3 @@ Amount of time, in `[s|m|h|d]` format, the CLI should wait on a response from Vault. **Example**: `export VAULT_CLIENT_TIMEOUT="2m"` - diff --git a/website/content/partials/global-settings/env/cluster_addr.mdx b/website/content/partials/global-settings/env/cluster_addr.mdx index 239cdd77c979..2bdbebeb7018 100644 --- a/website/content/partials/global-settings/env/cluster_addr.mdx +++ b/website/content/partials/global-settings/env/cluster_addr.mdx @@ -6,4 +6,3 @@ Address of the local Vault node. Vault uses cluster addresses for cluster-to-cluster communication when running in high-availability mode. **Example**: `export VAULT_CLUSTER_ADDR="https://127.0.0.1:8201"` - diff --git a/website/content/partials/global-settings/env/http_proxy.mdx b/website/content/partials/global-settings/env/http_proxy.mdx index 8617d0c0923f..5d5de6f53d2c 100644 --- a/website/content/partials/global-settings/env/http_proxy.mdx +++ b/website/content/partials/global-settings/env/http_proxy.mdx @@ -3,5 +3,3 @@ **`VAULT_HTTP_PROXY (string : "")`** Legacy alias for `VAULT_PROXY_ADDR`. - - diff --git a/website/content/partials/global-settings/env/license.mdx b/website/content/partials/global-settings/env/license.mdx index 8e8477d178d9..6c66d400b9e4 100644 --- a/website/content/partials/global-settings/env/license.mdx +++ b/website/content/partials/global-settings/env/license.mdx @@ -7,8 +7,3 @@ takes precedence over `VAULT_LICENSE_PATH` **and** the `license_path` parameter in the Vault configuration file. **Example**: `export VAULT_LICENSE="02MV4UU43BK5..."` - - - - - diff --git a/website/content/partials/global-settings/env/skip_verify.mdx b/website/content/partials/global-settings/env/skip_verify.mdx index fb79ae2ebcad..86e7ec929527 100644 --- a/website/content/partials/global-settings/env/skip_verify.mdx +++ b/website/content/partials/global-settings/env/skip_verify.mdx @@ -10,7 +10,7 @@ authentication certificate presented by Vault. Do not use `VAULT_SKIP_VERIFY` in production. Skipping certificate - verification violates the Vault security model and voids any associated + verification violates the Vault security model and voids any associated security guarantees. diff --git a/website/content/partials/global-settings/flags/policy-override.mdx b/website/content/partials/global-settings/flags/policy-override.mdx index af33f609c99c..1d129e16c783 100644 --- a/website/content/partials/global-settings/flags/policy-override.mdx +++ b/website/content/partials/global-settings/flags/policy-override.mdx @@ -5,4 +5,3 @@ Overrides any Sentinel policy where `enforcement_level` is "soft-mandatory". **Example**: `-policy-override` - diff --git a/website/content/partials/gui-page-instructions/create-acl-policy.mdx b/website/content/partials/gui-instructions/create-acl-policy.mdx similarity index 100% rename from website/content/partials/gui-page-instructions/create-acl-policy.mdx rename to website/content/partials/gui-instructions/create-acl-policy.mdx diff --git a/website/content/partials/gui-page-instructions/create-group.mdx b/website/content/partials/gui-instructions/create-group.mdx similarity index 100% rename from website/content/partials/gui-page-instructions/create-group.mdx rename to website/content/partials/gui-instructions/create-group.mdx diff --git a/website/content/partials/gui-page-instructions/enable-authn-plugin.mdx b/website/content/partials/gui-instructions/enable-authn-plugin.mdx similarity index 100% rename from website/content/partials/gui-page-instructions/enable-authn-plugin.mdx rename to website/content/partials/gui-instructions/enable-authn-plugin.mdx diff --git a/website/content/partials/gui-page-instructions/enable-secrets-plugin.mdx b/website/content/partials/gui-instructions/enable-secrets-plugin.mdx similarity index 100% rename from website/content/partials/gui-page-instructions/enable-secrets-plugin.mdx rename to website/content/partials/gui-instructions/enable-secrets-plugin.mdx diff --git a/website/content/partials/gui-page-instructions/select-kv-mount.mdx b/website/content/partials/gui-instructions/plugins/kv/open-overview.mdx similarity index 59% rename from website/content/partials/gui-page-instructions/select-kv-mount.mdx rename to website/content/partials/gui-instructions/plugins/kv/open-overview.mdx index aa162c153fb4..b45917a0b93a 100644 --- a/website/content/partials/gui-page-instructions/select-kv-mount.mdx +++ b/website/content/partials/gui-instructions/plugins/kv/open-overview.mdx @@ -1,4 +1,4 @@ -- Open the data page for your `kv` plugin: +- Open the **Overview** screen for your secret path: 1. Open the GUI for your Vault instance. @@ -7,4 +7,6 @@ 1. Select **Secrets Engines** from the left-hand menu. - 1. Select the mount path for your `kv` plugin. \ No newline at end of file + 1. Select the mount path for your `kv` plugin. + + 1. Click through the path segments to select the relevant secret path. \ No newline at end of file diff --git a/website/content/partials/helm/install.mdx b/website/content/partials/helm/install.mdx index 5084bb1d2b83..219ecbb979b3 100644 --- a/website/content/partials/helm/install.mdx +++ b/website/content/partials/helm/install.mdx @@ -2,6 +2,7 @@ # List the available releases $ helm search repo hashicorp/vault -l NAME CHART VERSION APP VERSION DESCRIPTION +hashicorp/vault 0.29.1 1.18.1 Official HashiCorp Vault Chart hashicorp/vault 0.29.0 1.18.1 Official HashiCorp Vault Chart hashicorp/vault 0.28.1 1.17.2 Official HashiCorp Vault Chart hashicorp/vault 0.28.0 1.16.1 Official HashiCorp Vault Chart @@ -9,9 +10,8 @@ hashicorp/vault 0.27.0 1.15.2 Official HashiCorp Vault Chart hashicorp/vault 0.26.1 1.15.1 Official HashiCorp Vault Chart hashicorp/vault 0.26.0 1.15.1 Official HashiCorp Vault Chart hashicorp/vault 0.25.0 1.14.0 Official HashiCorp Vault Chart -hashicorp/vault 0.24.0 1.13.1 Official HashiCorp Vault Chart ... -# Install version 0.29.0 -$ helm install vault hashicorp/vault --version 0.29.0 +# Install version 0.29.1 +$ helm install vault hashicorp/vault --version 0.29.1 ``` diff --git a/website/content/partials/helm/repo.mdx b/website/content/partials/helm/repo.mdx index aafc36dd8b72..0fd539892737 100644 --- a/website/content/partials/helm/repo.mdx +++ b/website/content/partials/helm/repo.mdx @@ -4,5 +4,5 @@ $ helm repo add hashicorp https://helm.releases.hashicorp.com $ helm search repo hashicorp/vault NAME CHART VERSION APP VERSION DESCRIPTION -hashicorp/vault 0.29.0 1.18.1 Official HashiCorp Vault Chart +hashicorp/vault 0.29.1 1.18.1 Official HashiCorp Vault Chart ``` diff --git a/website/content/partials/known-issues/1_17_secrets-sync-ssrf-private-endpoints.mdx b/website/content/partials/known-issues/1_17_secrets-sync-ssrf-private-endpoints.mdx new file mode 100644 index 000000000000..dc0408fc3997 --- /dev/null +++ b/website/content/partials/known-issues/1_17_secrets-sync-ssrf-private-endpoints.mdx @@ -0,0 +1,21 @@ +### Secrets Sync SSRF Protection May Block Private Endpoints + +As of version 1.17.3, Vault's Secrets Sync includes additional Server-Side Request Forgery (SSRF) protection measures. This security enhancement prevents sync operations to certain IP ranges by introducing a new SSRF-safe HTTP client. The client specifically blocks requests to private IP ranges (such as 10.0.0.0/8), which affects users accessing cloud provider secret stores through private endpoints. + +**Impact:** +- Secrets Sync operations to private IP ranges will be blocked +- Affects all destinations when accessed via private endpoints + +**Example error message:** + + + +```plaintext +couldn't sync secret with store: failed to publish event: dial tcp [IP]: prohibited IP address: [IP] is not a permitted destination (denied by: 10.0.0.0/8) +``` + + + +**Current Workaround:** +1. Remain on Vault version 1.17.2 or earlier if you require Secrets Sync with private endpoints +2. Use public endpoints for your secret store services diff --git a/website/content/partials/kubernetes-supported-versions.mdx b/website/content/partials/kubernetes-supported-versions.mdx index 4913216a104d..d4f8a83c7160 100644 --- a/website/content/partials/kubernetes-supported-versions.mdx +++ b/website/content/partials/kubernetes-supported-versions.mdx @@ -4,10 +4,10 @@ The following [Kubernetes minor releases][k8s-releases] are currently supported. The latest version is tested against each Kubernetes version. It may work with other versions of Kubernetes, but those are not supported. +* 1.31 * 1.30 * 1.29 * 1.28 * 1.27 -* 1.26 [k8s-releases]: https://kubernetes.io/releases/ diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 876108b7fd23..b63a60186a04 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -233,10 +233,18 @@ "title": "High Availability", "path": "concepts/ha" }, + { + "title": "Production hardening", + "path": "concepts/production-hardening" + }, { "title": "Storage", "path": "concepts/storage" }, + { + "title": "Tune server performance", + "path": "concepts/tune-server-performance" + }, { "title": "Cloud access management", "path": "concepts/cloud-access-management" @@ -251,6 +259,10 @@ { "title": "Autopilot", "path": "concepts/integrated-storage/autopilot" + }, + { + "title": "Migration checklist", + "path": "concepts/integrated-storage/migration-checklist" } ] }, @@ -1189,26 +1201,22 @@ ] }, { - "title": "Vault Agent and Vault Proxy", + "title": "Vault tools: Agent and Proxy", "routes": [ { - "title": "Overview", + "title": "Why use Agent or Proxy?", "path": "agent-and-proxy" }, { - "title": "Auto-Auth", + "title": "Auto-authentication", "routes": [ { - "title": "Overview", + "title": "What is auto-authentication?", "path": "agent-and-proxy/autoauth" }, { - "title": "Methods", + "title": "Auto-auth methods", "routes": [ - { - "title": "Overview", - "path": "agent-and-proxy/autoauth/methods" - }, { "title": "AliCloud", "path": "agent-and-proxy/autoauth/methods/alicloud" @@ -1226,11 +1234,11 @@ "path": "agent-and-proxy/autoauth/methods/azure" }, { - "title": "Cert", + "title": "TLS certificates", "path": "agent-and-proxy/autoauth/methods/cert" }, { - "title": "CF", + "title": "Cloud Foundry (CF)", "path": "agent-and-proxy/autoauth/methods/cf" }, { @@ -1254,11 +1262,11 @@ "path": "agent-and-proxy/autoauth/methods/kubernetes" }, { - "title": "Oracle Cloud Infrastructure", + "title": "Oracle Cloud Infrastructure (OCI", "path": "agent-and-proxy/autoauth/methods/oci" }, { - "title": "Token File", + "title": "Token file", "path": "agent-and-proxy/autoauth/methods/token_file" } ] @@ -1266,10 +1274,6 @@ { "title": "Sinks", "routes": [ - { - "title": "Overview", - "path": "agent-and-proxy/autoauth/sinks" - }, { "title": "File", "path": "agent-and-proxy/autoauth/sinks/file" @@ -1282,22 +1286,22 @@ "title": "Vault Proxy", "routes": [ { - "title": "Overview", + "title": "What is Vault Proxy?", "path": "agent-and-proxy/proxy" }, { - "title": "API Proxy", + "title": "Vault Proxy as Vault API proxy", "path": "agent-and-proxy/proxy/apiproxy" }, { - "title": "Caching", + "title": "Vault Proxy caching", "routes": [ { "title": "Overview", "path": "agent-and-proxy/proxy/caching" }, { - "title": "Static Secret Caching", + "title": "Improve Vault traffic resiliency", "path": "agent-and-proxy/proxy/caching/static-secret-caching", "badge": { "text": "ENTERPRISE", @@ -1309,11 +1313,11 @@ "title": "Persistent Caching", "routes": [ { - "title": "Overview", + "title": "Use built-in persistent caching", "path": "agent-and-proxy/proxy/caching/persistent-caches" }, { - "title": "Kubernetes", + "title": "Use Kubernetes persistent cache", "path": "agent-and-proxy/proxy/caching/persistent-caches/kubernetes" } ] @@ -1321,7 +1325,7 @@ ] }, { - "title": "Version compatibility", + "title": "Risks of inconsistent Proxy and Vault versions", "path": "agent-and-proxy/proxy/versions" } ] @@ -1330,29 +1334,29 @@ "title": "Vault Agent", "routes": [ { - "title": "Overview", + "title": "What is Vault Agent?", "path": "agent-and-proxy/agent" }, { - "title": "API Proxy", + "title": "Vault Agent as Vault API proxy", "path": "agent-and-proxy/agent/apiproxy" }, { - "title": "Caching", + "title": "Vault Agent caching", "routes": [ { "title": "Overview", "path": "agent-and-proxy/agent/caching" }, { - "title": "Persistent Caching", + "title": "Persistent caching", "routes": [ { - "title": "Overview", + "title": "Use built-in persistent caching", "path": "agent-and-proxy/agent/caching/persistent-caches" }, { - "title": "Kubernetes", + "title": "Use Kubernetes persistent cache", "path": "agent-and-proxy/agent/caching/persistent-caches/kubernetes" } ] @@ -1360,23 +1364,23 @@ ] }, { - "title": "generate-config", + "title": "Generate a development config file", "path": "agent-and-proxy/agent/generate-config" }, { - "title": "Process Supervisor Mode", + "title": "Run in process supervisor mode", "path": "agent-and-proxy/agent/process-supervisor" }, { - "title": "Templates", + "title": "Use Vault Agent templates", "path": "agent-and-proxy/agent/template" }, { - "title": "Windows service", + "title": "Run Vault Agent as a Windows service", "path": "agent-and-proxy/agent/winsvc" }, { - "title": "Version compatibility", + "title": "Risks of inconsistent Agent and Vault versions", "path": "agent-and-proxy/agent/versions" } ] @@ -1585,8 +1589,7 @@ }, { "title": "KV version 2", - "routes": - [ + "routes": [ { "title": "Overview", "path": "secrets/kv/kv-v2" @@ -1610,6 +1613,10 @@ "title": "Read data", "path": "secrets/kv/kv-v2/cookbook/read-data" }, + { + "title": "Read subkeys", + "path": "secrets/kv/kv-v2/cookbook/read-subkey" + }, { "title": "Set max data versions", "path": "secrets/kv/kv-v2/cookbook/max-versions" @@ -1823,23 +1830,23 @@ "path": "sync" }, { - "title": "AWS Secrets Manager", + "title": "Sync to AWS Secrets Manager", "path": "sync/awssm" }, { - "title": "Azure Key Vault", + "title": "Sync to Azure Key Vault", "path": "sync/azurekv" }, { - "title": "GCP Secret Manager", + "title": "Sync to GCP Secret Manager", "path": "sync/gcpsm" }, { - "title": "GitHub", + "title": "Sync to GitHub", "path": "sync/github" }, { - "title": "Vercel Project", + "title": "Sync to Vercel Project", "path": "sync/vercelproject" } ] diff --git a/website/public/img/diagram-vault-integrated-ra-3_az.png b/website/public/img/diagram-vault-integrated-ra-3_az.png new file mode 100644 index 000000000000..1c6426245304 Binary files /dev/null and b/website/public/img/diagram-vault-integrated-ra-3_az.png differ diff --git a/website/public/img/diagram-vault-ra-3-az.png b/website/public/img/diagram-vault-ra-3-az.png new file mode 100755 index 000000000000..09de7a0d3ee1 Binary files /dev/null and b/website/public/img/diagram-vault-ra-3-az.png differ diff --git a/website/public/img/gui/kv/overview-page.png b/website/public/img/gui/kv/overview-page.png new file mode 100644 index 000000000000..cc2b09eaf52e Binary files /dev/null and b/website/public/img/gui/kv/overview-page.png differ diff --git a/website/public/img/gui/kv/patch-data.png b/website/public/img/gui/kv/patch-data.png index 38cbe953598f..dffc8bbaef89 100644 Binary files a/website/public/img/gui/kv/patch-data.png and b/website/public/img/gui/kv/patch-data.png differ diff --git a/website/public/img/gui/kv/patch-reveal-subkeys.png b/website/public/img/gui/kv/patch-reveal-subkeys.png new file mode 100644 index 000000000000..e75b73e4c97f Binary files /dev/null and b/website/public/img/gui/kv/patch-reveal-subkeys.png differ diff --git a/website/public/img/gui/kv/random-string.png b/website/public/img/gui/kv/random-string.png index e14d7553282b..ae11ad8a3167 100644 Binary files a/website/public/img/gui/kv/random-string.png and b/website/public/img/gui/kv/random-string.png differ diff --git a/website/public/img/gui/kv/read-data.png b/website/public/img/gui/kv/read-data.png index a6b397c0b0a6..897377779ec5 100644 Binary files a/website/public/img/gui/kv/read-data.png and b/website/public/img/gui/kv/read-data.png differ diff --git a/website/public/img/gui/kv/undelete-data.png b/website/public/img/gui/kv/undelete-data.png index 432afa47fc7c..a89c65fedb60 100644 Binary files a/website/public/img/gui/kv/undelete-data.png and b/website/public/img/gui/kv/undelete-data.png differ diff --git a/website/templates/cli-page.mdx b/website/templates/cli-page.mdx new file mode 100644 index 000000000000..596b69346e50 --- /dev/null +++ b/website/templates/cli-page.mdx @@ -0,0 +1,104 @@ +--- +layout: docs +page_title: "COMMAND_NAME - Vault CLI" +description: >- + DESCRIPTION +--- + +# `COMMAND_NAME` + +TLDR_SUMMARY + + + +```shell-session +$ vault COMMAND_NAME SYNTAX_STRING + +$ vault COMMAND_NAME [-help | -h] +``` + + + +## Description + +`COMMAND_NAME` does a thing.... (full description here) + + + + ENDPOINT_NAME - [`HTTP_VERB:ENDPOINT_PATH`](API_DOC_URL) + + + +### Limitations and warnings (omit if not needed) + +List and explicit limitations/warning users should be aware of with the command + + +## Command arguments + +None. + +-- OR -- + +@include 'PATH_TO_ARGUMENT_PARTIAL_1' + +

+ +@include 'PATH_TO_ARGUMENT_PARTIAL_2' + +

+ +@include 'PATH_TO_ARGUMENT_PARTIAL_N' + + + +## Command options + +None. + +-- OR -- + +@include 'PATH_TO_OPTION_PARTIAL_1' + +

+ +@include 'PATH_TO_OPTION_PARTIAL_1' + +

+ +@include 'PATH_TO_OPTION_PARTIAL_1' + + +## Command flags + +None. + +-- OR -- + +@include 'PATH_TO_FLAG_PARTIAL_1' + +

+ +@include 'PATH_TO_FLAG_PARTIAL_2' + +

+ +@include 'PATH_TO_FLAG_PARTIAL_N' + + + +## Global flags + +
+ +@include 'cli/standard-settings/all-standard-flags-but-format.mdx' + +- OR - + +@include 'cli/standard-settings/all-standard-flags-but-format.mdx' + + + +## Examples + +LIST_OF_USEFUL_EXAMPLES \ No newline at end of file