From d039c7c3ce9b2cc9422885ce7528c579c75fd0da Mon Sep 17 00:00:00 2001 From: Cristian Florin Calina Date: Wed, 13 May 2026 14:38:37 -0700 Subject: [PATCH 1/5] chore(repo): proper scoped tokens with their own responsabilities --- .github/workflows/dev-cleanup.yml | 2 +- .github/workflows/dev-publish.yml | 4 ++-- .github/workflows/release.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dev-cleanup.yml b/.github/workflows/dev-cleanup.yml index 4c4c76405..760489bee 100644 --- a/.github/workflows/dev-cleanup.yml +++ b/.github/workflows/dev-cleanup.yml @@ -68,7 +68,7 @@ jobs: if: steps.packages.outputs.packages != '' env: PACKAGES: ${{ steps.packages.outputs.packages }} - GH_NPM_REGISTRY_TOKEN: ${{ secrets.GH_NPM_REGISTRY_TOKEN }} + GH_NPM_REGISTRY_TOKEN: ${{ secrets.RELEASE_TOKEN }} NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} run: | echo "Cleaning up dev packages..." diff --git a/.github/workflows/dev-publish.yml b/.github/workflows/dev-publish.yml index 3e9e89a6f..d15c0af60 100644 --- a/.github/workflows/dev-publish.yml +++ b/.github/workflows/dev-publish.yml @@ -174,7 +174,7 @@ jobs: - name: Cleanup previous version env: PACKAGE_VERSION: ${{ matrix.package_version }} - GH_NPM_REGISTRY_TOKEN: ${{ secrets.GH_NPM_REGISTRY_TOKEN }} + GH_NPM_REGISTRY_TOKEN: ${{ secrets.RELEASE_TOKEN }} NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} run: | if ! [[ "$PACKAGE_VERSION" =~ ^@uipath/[a-z0-9-]+@[0-9.]+-pr[0-9]+(\.[a-z0-9]+)?$ ]]; then @@ -250,7 +250,7 @@ jobs: env: PACKAGE: ${{ matrix.package }} PR_NUMBER: ${{ github.event.pull_request.number }} - GH_NPM_REGISTRY_TOKEN: ${{ secrets.GH_NPM_REGISTRY_TOKEN }} + GH_NPM_REGISTRY_TOKEN: ${{ secrets.RELEASE_TOKEN }} NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} run: | SHORT_SHA="${GITHUB_SHA:0:7}" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 547b71be9..c9e52afad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -66,7 +66,7 @@ jobs: NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} - GH_NPM_REGISTRY_TOKEN: ${{ secrets.GH_NPM_REGISTRY_TOKEN }} + GH_NPM_REGISTRY_TOKEN: ${{ secrets.RELEASE_TOKEN }} HUSKY: 0 run: pnpm release From 3d372f08c7c7f82acaacf8a95808901d243cb962 Mon Sep 17 00:00:00 2001 From: Cristian Florin Calina Date: Wed, 13 May 2026 15:39:15 -0700 Subject: [PATCH 2/5] chore(repo): copilot review, npm publishes with verify, SBOM, pipelines harden --- .github/copilot-instructions.md | 430 ++++++------------ .github/workflows/codeql.yml | 7 + .github/workflows/dependency-review.yml | 2 +- .github/workflows/dev-cleanup.yml | 5 +- .github/workflows/dev-publish.yml | 8 +- .github/workflows/monitor-npm-publishes.yml | 119 +++++ .../prune-release-age-exemptions.yml | 5 +- .github/workflows/release.yml | 24 +- .github/workflows/support-branch-scope.yml | 4 +- .github/workflows/vercel-deploy.yml | 9 +- 10 files changed, 314 insertions(+), 299 deletions(-) create mode 100644 .github/workflows/monitor-npm-publishes.yml diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 0f8c1f008..365b43683 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -1,367 +1,239 @@ -# Apollo UI - Copilot Instructions +# Apollo UI — Copilot Instructions ## Project Overview -Apollo v.4 is UiPath's open-source design system for building consistent user experiences across all UiPath products. It's a multi-framework component library (React, Web Components) with shared design tokens, built as a monorepo with Turborepo and pnpm. - -**Target Audience**: Internal UiPath developers and external consumers using the design system. - -**Key Features**: 1300+ icons, comprehensive design tokens, Material UI theming, TypeScript support, Storybook documentation. - -## Tech Stack - -**Build & Tooling:** -- Monorepo: Turborepo + pnpm workspaces -- Language: TypeScript (strict mode) -- Linter/Formatter: Biome -- Testing: Vitest, React Testing Library, Playwright (visual regression) -- Documentation: Storybook 10 -- CI/CD: GitHub Actions -- Release: semantic-release - -**Frameworks:** -- React 18+ with Material UI 5.x -- Tailwind CSS with shadcn/ui -- Web Components (Custom Elements) - -**Dependencies:** -- Package manager: pnpm >= 10 -- Node.js: >= 22 -- Build: Rslib/Rsbuild (packages), Vite (Storybook builder) +Apollo v.4 is UiPath's open-source design system. Monorepo with Turborepo + pnpm workspaces, TypeScript strict mode, Biome for linting/formatting, Vitest + Playwright for testing, Storybook 10 for docs, semantic-release for publishing. ## Project Structure ``` -apollo-ui/ -├── .github/ # GitHub workflows, issue templates -├── packages/ # Core + framework packages (REQUIRE TESTS) -│ ├── apollo-core/ # Design tokens, 1300+ icons, fonts -│ ├── apollo-react/ # React components + Material UI theme -│ └── apollo-wind/ # Tailwind CSS + shadcn/ui -├── web-packages/ # Cross-framework web components (REQUIRE TESTS) -│ ├── ap-chat/ # Chat web component -└── apps/ # Development/demo apps (NO TESTS NEEDED) - ├── storybook/ # Component documentation - ├── react-playground/ # React demo app +packages/ # apollo-core (tokens/icons), apollo-react (React+MUI), apollo-wind (Tailwind+shadcn) — REQUIRE TESTS +web-packages/ # ap-chat (web component) — REQUIRE TESTS +apps/ # storybook, react-playground — NO TESTS NEEDED +.github/ # workflows, actions, scripts ``` -**Package Dependencies:** -- All packages depend on `apollo-core` (design tokens) -- Web components depend on framework packages +All packages depend on `apollo-core`. Node ≥ 22, pnpm ≥ 10. Build: Rslib/Rsbuild (packages), Vite (Storybook). ## General Guidelines -- **Think critically**: When asked "does this make sense?" or given a plan, analyze it before agreeing. Push back on mistakes. -- **Plan before acting**: For major changes (refactors, new features, behavior changes), propose what you'll change and why before writing code. -- **Do not gold-plate**: Complete the task; do not add unrequested features, files, or abstractions. -- **No documentation files**: Do not create `*.md` files unless the user explicitly requests them. +- **Think critically** — analyze before agreeing; push back on mistakes. +- **Plan before acting** — for major changes propose what + why before writing code. +- **Do not gold-plate** — complete the task, no unrequested features or abstractions. +- **No docs files** — do not create `*.md` files unless explicitly asked. --- ## GitHub Actions Security -Flag these issues immediately when editing or reviewing any `.github/workflows/*.yml` or `.github/actions/*/action.yml` file. +Rules apply whenever any `.github/` file is touched. ### Permissions -**Safe at workflow level** (read-only, no supply-chain risk): -`contents: read`, `pull-requests: read`, `issues: read`, `packages: read`, `checks: read`, `actions: read` +`permissions: {}` at workflow level on any workflow with a write-capable job. Per-job grants only. + +**Must be job-scoped — never workflow-level:** -**Must be job-scoped** — never at workflow level: | Permission | Risk | |---|---| -| `contents: write` | Can push code / create releases | -| `packages: write` | Can publish to registries — supply chain critical | -| `id-token: write` | OIDC token; can impersonate workflow to cloud providers | -| `deployments: write` | Can trigger production deployments | -| `pull-requests: write` | Can merge PRs, bypass branch protections | -| `statuses: write` | Can fake commit status checks | -| `issues: write` | Can close/modify issues | -| `checks: write` | Can fake CI check results | -| `security-events: write` | Can upload SARIF; keep job-scoped unless the whole workflow is a dedicated security scanner | - -**Pattern:** -- Workflows with any write-capable job → `permissions: {}` at workflow level + explicit per-job grants -- Purely read-only workflows → `permissions: contents: read` at workflow level is sufficient - -```yaml -# Workflow with mixed jobs — deny-all + per-job grants -permissions: {} - -jobs: - lint: - permissions: - contents: read - publish: - permissions: - contents: write # push version bump - packages: write # publish to GHP - id-token: write # npm provenance — only ever on the publish job -``` - -Flag: missing `permissions:` block, `write-all`, `read-all`, or any of the must-be-job-scoped permissions at workflow level. - -### Action Pinning — Full Commit SHA Required +| `contents: write` | Push code / create releases | +| `packages: write` | Publish to registries — supply chain critical | +| `id-token: write` | OIDC — only on jobs that call `--provenance` or use OIDC directly | +| `deployments: write` | Production deployments | +| `pull-requests: write` | Merge PRs | +| `statuses: write` | Fake commit status checks | +| `issues: write` | Close/modify issues | +| `checks: write` | Fake CI check results | -All third-party `uses:` must be pinned to a full 40-character SHA with a human-readable version comment. - -```yaml -# Correct -uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - -# Wrong — flag these -uses: actions/checkout@v4 -uses: actions/checkout@latest -uses: actions/checkout@main -``` +### Action SHA Reference -Known-good SHAs in use in this repo: +All `uses:` pinned to a full 40-character SHA with a `# vX` comment. No `@v*`, `@latest`, `@main`. | Action | SHA | Version | -|--------|-----|---------| +|---|---|---| | `actions/checkout` | `34e114876b0b11c390a56381ad16ebd13914f8d5` | v4 | | `actions/setup-node` | `49933ea5288caeca8642d1e84afbd3f7d6820020` | v4 | | `actions/cache` | `0057852bfaa89a56745cba8c7296529d2fc39830` | v4 | | `actions/upload-artifact` | `ea165f8d65b6e75b540449e92b4886f43607fa02` | v4 | -| `actions/github-script` | `f28e40c7f34bde8b3046d885e986cb6290c5673b` | v7 | +| `actions/download-artifact` | `d3f86a106a0bac45b974a628896c90dbdf5c8093` | v4 | +| `actions/github-script` | `ed597411d8f924073f98dfc5c65a23a2325f34cd` | v8 | +| `actions/dependency-review-action` | `a1d282b36b6f3519aa1f3fc636f609c47dddb294` | v5.0.0 | +| `actions/attest-sbom` | `c604332985a26aa8cf1bdc465b92731239ec6b9e` | v4.1.0 | | `pnpm/action-setup` | `b906affcce14559ad1aafd4ab0e942779e9f58b1` | v4 | +| `zizmorcore/zizmor-action` | `135698455da5c3b3e55f73f4419e481ab68cdd95` | v0.4.1 | +| `reviewdog/action-actionlint` | `6fb7acc99f4a1008869fa8a0f09cfca740837d9d` | v1.72.0 | +| `advanced-security/dismiss-alerts` | `3478381bd53e9f9a9ea1c23bd25ef0ec236e0d06` | v2 | +| `github/codeql-action/init` | `45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2` | v4.32.2 | +| `github/codeql-action/analyze` | `45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2` | v4.32.2 | -First-party composite actions (`./.github/actions/*`) are referenced by path — no SHA needed. +First-party composite actions (`./.github/actions/*`) referenced by path — no SHA needed. -### Checkout — `persist-credentials: false` +### PR Review Checklist -Always set `persist-credentials: false` on `actions/checkout` unless the job explicitly pushes commits (e.g., the release job). +When any PR touches `.github/workflows/`, `.github/actions/`, `.npmrc`, `pnpm-workspace.yaml`, `pnpm-lock.yaml`, or `scripts/`: -```yaml -# Correct for read-only jobs -- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - with: - persist-credentials: false +**Action pinning** +- [ ] All `uses:` are full 40-char SHAs with `# vX` comment — no tags, branches, or partial SHAs +- [ ] New actions verified against the action's releases page before adding -# Release job exception — must document with zizmor suppress comment -# zizmor: ignore[artipacked] -# Credentials needed for semantic-release to push version bumps -- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - with: - token: ${{ secrets.RELEASE_TOKEN }} -``` - -Flag: `actions/checkout` without `persist-credentials: false` on jobs that do not push. - -### Secrets — Step-Scoped Only +**Permissions** +- [ ] `permissions: {}` at workflow level when any job needs write access +- [ ] `id-token: write` only on the publish job (provenance/OIDC) +- [ ] `contents: write` only on jobs that push commits (release, prune-release-age-exemptions) -Never put secrets in workflow-level or job-level `env:` blocks. Always scope to the specific step that needs them. +**Secrets** +- [ ] No `${{ secrets.* }}` in workflow-level or job-level `env:` — step-scoped only +- [ ] `persist-credentials: false` on all checkouts that don't push +- [ ] Jobs that must push inject credentials via `git remote set-url` immediately before the push, not at checkout +- [ ] Secrets appearing in command output are redacted before `$GITHUB_OUTPUT`, step summaries, or PR comments -```yaml -# Wrong — flag this -env: - NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} +**Fork safety** +- [ ] Every job using secrets or publishing has `if: github.event.pull_request.head.repo.fork == false` +- [ ] No `pull_request_target` trigger — use `pull_request` (see Supply Chain §3) +- [ ] PR comment parsing filters by `select(.user.type == "Bot" or .user.login == "github-actions[bot]")` -# Correct -- name: Publish - env: - NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} - run: pnpm publish:dev ... -``` - -Flag: `${{ secrets.* }}` appearing in a workflow-level or job-level `env:` block. +**Install safety** +- [ ] Every `pnpm install` uses `--frozen-lockfile` — use `./.github/actions/install-node-deps`, never call pnpm directly +- [ ] No bare `pnpm dlx ` / `npx -y ` without exact version pin +- [ ] Approved pinned `pnpm dlx` versions: `shadcn@4.4.0`, `serve@14.2.6`, `tsx@4.20.6` — changes require same review bar as dependency updates +- [ ] New `minimumReleaseAgeExclude` entries in `pnpm-workspace.yaml` include exact version + reason: `- 'pkg' # x.y.z — reason` -### Fork PR Protection +**Cache** +- [ ] Cache keys include `github.sha`; Turbo pattern: `${{ runner.os }}-turbo-${{ github.ref_name }}-${{ github.sha }}` +- [ ] `restore-keys` scoped to same branch first — never broad enough to match entries from unrelated branches -Any job that uses secrets, publishes packages, or modifies shared state must include a fork guard: +**Injection** +- [ ] No `${{ github.event.* }}` or `${{ github.head_ref }}` interpolated directly in `run:` — pass through `env:` +- [ ] `GITHUB_OUTPUT` heredoc delimiters use `openssl rand -hex 8`, not the literal string `EOF` -```yaml -if: github.event.pull_request.head.repo.fork == false -``` +**CODEOWNERS + tooling** +- [ ] New CI-executed scripts and security-sensitive configs are covered by CODEOWNERS +- [ ] New `# zizmor: ignore[rule]` suppressions have a comment explaining why +- [ ] New `// codeql[query-id]` inline suppressions require @UiPath/Apollo sign-off — `codeql.yml` auto-dismisses them post-merge -Also flag: use of `pull_request_target` event for PR-triggered workflows — this passes repo secrets to untrusted fork code. Use `pull_request` instead. +--- -### Install Pattern — Use Composite Action +## Supply Chain Attack Reference -Always use `./.github/actions/install-node-deps` instead of manually setting up pnpm and Node. +Flag these patterns immediately: -```yaml -# Correct -- uses: ./.github/actions/install-node-deps - with: - registry-token: ${{ secrets.GH_NPM_REGISTRY_TOKEN }} +| Attack | Flag this pattern | Defense in repo | +|---|---|---| +| **Lockfile drift (shai-hulud)** | `pnpm install` without `--frozen-lockfile`; `npm install` | `install-node-deps` enforces `--frozen-lockfile` | +| **Day-zero publish via pnpm dlx** | `pnpm dlx pkg` without `@x.y.z`; `npx -y pkg` | All `pnpm dlx` calls version-pinned | +| **TanStack: `pull_request_target` + cache poison + OIDC extract** | `on: pull_request_target`; broad Turbo `restore-keys` missing `ref_name` | No `pull_request_target`; Turbo cache branch-scoped | +| **Dependency confusion** | `.npmrc` change to `@uipath` registry routing | `@uipath:registry=https://npm.pkg.github.com`; all 4 names claimed on npm.org | +| **Workflow injection** | `${{ github.event.*.title }}` etc. in `run:` blocks | Pass via `env:` | +| **Compromised maintainer / day-zero** | Any production dep update without verifying age, changelog, and postinstall scripts | `minimumReleaseAge: 20160` (14d quarantine); `npm audit signatures` | +| **Fork secret exfiltration** | Missing `fork == false` guard; `pull_request_target` | All publish/secret jobs guarded | +| **Artifact injection** | Cross-run `actions/download-artifact` without attestation | Same-run only; `actions/attest-sbom` on release | -# Wrong — flag manual setup when the composite action suffices -- uses: pnpm/action-setup@... -- uses: actions/setup-node@... -- run: pnpm install -``` +--- -Never run `pnpm install` without `--frozen-lockfile` in CI. +## Release and Publishing Review -Flag: `pnpm dlx`, `pnpx`, or `npx -y` for packages that are already in `devDependencies` — use `pnpm exec` instead. +When reviewing `release.yml`, `dev-publish.yml`, `dev-cleanup.yml`, or `scripts/`: -### Turborepo Cache — Branch-Isolated Key +- [ ] `semantic-release` config not changed to publish to unexpected registries or add unexpected plugins +- [ ] `--provenance` still present in `publish-to-registries.sh` (SLSA L2) +- [ ] All publishes scoped to `@uipath/*` only +- [ ] Dev-publish versions use `x.y.z-prNNN.sha` format +- [ ] `dev-publish.yml` / `dev-cleanup.yml` cleanup steps validate `^@uipath/[a-z0-9-]+@[0-9.]+-pr[0-9]+(\.[a-z0-9]+)?$` before `pnpm unpublish:dev` +- [ ] `RELEASE_TOKEN`, `NPM_AUTH_TOKEN`, `NPM_TOKEN`, `GH_NPM_REGISTRY_TOKEN` step-scoped to the Release step only — not job-level or workflow-level +- [ ] `release.yml` checkout uses `persist-credentials: false`; credentials injected via `git remote set-url` only after `pnpm build` + `pnpm test` -The cache key must include `github.ref_name` for branch isolation: +--- -```yaml -# Correct -key: ${{ runner.os }}-turbo-${{ github.ref_name }}-${{ github.sha }} -restore-keys: | - ${{ runner.os }}-turbo-${{ github.ref_name }}- +## Dependabot Review -# Wrong — missing ref_name causes branches to share cache -key: ${{ runner.os }}-turbo-${{ github.sha }} -``` +**All Dependabot PRs:** +- [ ] `pnpm-lock.yaml` diff matches the stated update — no unexpected additions +- [ ] Production deps: new version published >14 days ago (Dependabot bypasses `minimumReleaseAge`) +- [ ] `dependency-review-action` check passed +- [ ] `Audit Package Signatures` check passed when `pnpm-lock.yaml` changed -### Artifacts — Coverage Only, Short Retention +**All production dependency updates — apply these checks before approving:** +1. `pnpm-lock.yaml` diff matches the stated update — no unexpected additions or removals +2. New version was published **more than 14 days ago** — Dependabot bypasses `minimumReleaseAge`, manual check required +3. Read the changelog between old and new version for anything unexpected +4. Verify no new or changed `postinstall`/`preinstall` scripts, obfuscated code, or new remote fetch calls introduced in the new version +5. Check https://socket.dev/npm/package/[package-name] for supply chain signals +6. `dependency-review-action` check passed; `Audit Package Signatures` passed if `pnpm-lock.yaml` changed -Do not upload `dist/`, `.turbo/`, or build outputs in failure artifacts. Only upload `coverage/`. +Note: `@tanstack/*` packages have a confirmed supply chain incident history (May 2025) — apply extra care, but these checks apply to every production dependency, not just tanstack. -```yaml -# Correct -- name: Upload Failure Artifacts - if: failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 - with: - path: coverage/ # NOT dist/ or .turbo/ - retention-days: 3 # failure artifacts -``` +**GitHub Actions SHA updates:** verify new SHA resolves to a tagged release (not arbitrary commit); `# vX.Y.Z` comment matches the tag. -Success coverage artifacts: `retention-days: 7`. Failure artifacts: `retention-days: 3`. +**Grouped PRs:** apply all checks to every production dep in the group individually before approving the group. --- ## pnpm / Node -- Always use `pnpm install --frozen-lockfile` in CI. The composite action handles this. -- Use `pnpm exec ` for CLI tools already in `devDependencies`. Never `pnpm dlx` / `pnpx` / `npx -y` for them. -- `pnpm install --frozen-lockfile` is unaffected by `minimumReleaseAge` (it never re-resolves). `pnpm add` re-resolves and may fail if locked packages were published within the 14-day quarantine. -- When `pnpm add` is blocked by `minimumReleaseAge`, add the offending package to `minimumReleaseAgeExclude` in `pnpm-workspace.yaml`. **The version must be in the comment** — the prune workflow reads it to know when to remove the entry. Format: `- 'pkg' # 1.2.3 — reason`. Flag any entry that is missing the version. - -```yaml -# ✅ correct -minimumReleaseAgeExclude: - - 'next' # 16.2.6 — locked version too new when added - -# ❌ missing version — prune workflow will never remove this -minimumReleaseAgeExclude: - - 'next' # too new when added -``` -- Pin the Vercel CLI to an exact version: `npm install -g vercel@X.Y.Z` — never `@latest`. +- Use `./.github/actions/install-node-deps` in CI — never call `pnpm install` directly. +- Use `pnpm exec ` for tools in `devDependencies` — not `pnpm dlx`. +- `pnpm install --frozen-lockfile` never re-resolves. `pnpm add` re-resolves and may fail `minimumReleaseAge`. When it does, add to `minimumReleaseAgeExclude` with version + reason: + ```yaml + - 'pkg' # 1.2.3 — locked version too new when added # ✅ + - 'pkg' # too new # ❌ missing version, prune workflow won't remove it + ``` +- Vercel CLI: always `npm install -g vercel@X.Y.Z` — never `@latest`. --- -## TypeScript / React Patterns (apollo-react) +## TypeScript / React (apollo-react) -### No New Styled-Components or MUI - -The `apollo-react` package is migrating from Emotion/MUI to Tailwind CSS + `apollo-wind`. All new code must use Tailwind. - -**Block PRs that introduce:** -- New imports from `@emotion/styled`, `@emotion/react`, or usage of `styled.*` / `css` helpers +The package is migrating from Emotion/MUI → Tailwind + `apollo-wind`. **Block:** +- New `@emotion/styled`, `@emotion/react`, `styled.*`, `css` helper imports - New `*.styles.ts` files -- New `@mui/material/*` component imports for building UI (existing MUI theme overrides in `theme/` are exempt) -- New `Ap*` components from `@uipath/apollo-react` used to build other components (these are MUI wrappers — use `apollo-wind` components instead) - -**Flag for migration when:** -- A PR significantly modifies an existing file that uses styled-components or MUI — recommend migrating the touched component to Tailwind as part of the change - -**Approved patterns:** -- Tailwind utility classes as static literal strings in JSX -- `cn()` from `@uipath/apollo-wind` only when classes conflict or need overrides -- CSS custom properties (`style` prop) for dynamic dimensions -- Existing MUI theme overrides in `packages/apollo-react/src/theme/` (maintenance only) - -### Naming Conventions - -- React components: `Ap*` prefix (e.g., `ApButton`, `ApTextField`) -- Files: PascalCase for components, camelCase for utilities -- Tests: `*.test.ts` / `*.spec.ts` -- Stories: `*.stories.tsx` - -### TypeScript - -- Strict mode enabled — use proper types, avoid `any` -- Export types alongside implementations -- Use generics for reusable components - ---- +- New `@mui/material/*` UI component imports (theme overrides in `theme/` are exempt) +- New `Ap*` component imports from `@uipath/apollo-react` used to build other components -## Build-Time vs Runtime Security +**Use instead:** Tailwind utility classes (static literal strings); `cn()` from `apollo-wind` only when classes conflict; CSS custom properties for dynamic dimensions. -**Build-time scripts** (`packages/*/scripts/*.ts`) run in trusted CI. Path operations on repository files, processing trusted Figma exports, and recursive directory traversal are acceptable. Do not flag theoretical issues in this context. +**Naming:** React components `Ap*`; files PascalCase for components, camelCase for utilities; tests `*.test.ts` / `*.spec.ts`; stories `*.stories.tsx`. TypeScript strict — no `any`, export types alongside implementations. -**Runtime code** (components, hooks, utilities) runs in user applications. Flag: missing input validation, XSS, prototype pollution, unsafe dependencies with known CVEs, template injection. +When a PR significantly modifies an existing styled/MUI component, migrate it to Tailwind as part of the change. --- -## Code Review Approach +## Code Review **Block on:** -- Missing `permissions: {}` (or a maximally restrictive scope like `contents: read`) at workflow level -- Unpinned third-party actions (`@v4`, `@latest`, branch tags) +- Workflow-level `permissions` missing or includes write-capable permission that should be job-scoped +- Unpinned actions (`@v*`, `@latest`, branch refs) - Missing `persist-credentials: false` on read-only checkouts -- Secrets in workflow or job-level `env:` blocks -- `pnpm dlx` / `npx -y` for packages in devDependencies -- Missing `--frozen-lockfile` on `pnpm install` in CI -- Missing fork guard on jobs that use secrets or publish -- New Emotion styled-components or MUI component usage in `apollo-react` -- Breaking changes to public APIs -- Security vulnerabilities in runtime code +- `${{ secrets.* }}` in workflow/job-level `env:` +- `pnpm install` without `--frozen-lockfile`; `pnpm dlx` / `npx -y` without version pin +- Missing fork guard on secret-using or publishing jobs +- New Emotion/MUI usage in `apollo-react` +- Breaking public API changes +- Runtime security vulnerabilities (XSS, injection, prototype pollution) - TypeScript errors - Missing tests in `packages/` or `web-packages/` -**Do not block on:** -- Minor style/formatting (Biome handles this) -- Theoretical security issues in build-time scripts -- Missing tests in `apps/` (Storybook, playgrounds) -- Minor optimizations - ---- - -## Coding Guidelines - -### Component Patterns - -- Use design tokens from `apollo-core` (never hardcode colors/spacing) -- Prefer composition over inheritance -- Keep components focused and single-purpose - -### Testing Requirements - -- Required for all code in `packages/` and `web-packages/` -- Unit tests for utilities and hooks -- Component tests for critical UI behavior -- Visual regression tests for components -- NOT required for `apps/` (demo apps, Storybook) - -### Documentation - -- JSDoc comments for public APIs -- Storybook stories for all components -- README in each package with usage examples +**Do not block on:** style/formatting (Biome); theoretical issues in build-time scripts; missing tests in `apps/`; minor optimizations. --- ## Component Checklist -When creating new components, verify: -- [ ] Follows naming conventions (`Ap*` prefix for React) -- [ ] Uses tokens from `apollo-core` -- [ ] Includes TypeScript types -- [ ] Has Storybook story -- [ ] Has unit tests (if in `packages/` or `web-packages/`) -- [ ] Has visual regression tests -- [ ] Documented in package README -- [ ] No new `@emotion/styled`, `@emotion/react`, or `@mui/material` imports (use Tailwind + apollo-wind) +- [ ] `Ap*` prefix, tokens from `apollo-core`, TypeScript types +- [ ] Storybook story, unit tests (if in `packages/` or `web-packages/`), visual regression tests +- [ ] README entry +- [ ] No new `@emotion/styled`, `@emotion/react`, or `@mui/material` imports --- -## Available Scripts (from root) - -- `pnpm build` — Build all packages -- `pnpm dev` — Run all packages in dev mode -- `pnpm test` — Run all tests -- `pnpm lint` — Lint all packages -- `pnpm storybook:dev` — Run Storybook -- `pnpm format` — Format with Biome -- `pnpm build:packages` — Build only packages/ -- `pnpm test:visual` — Visual regression tests -- `pnpm release` — Release packages (semantic-release) +## Available Scripts + +| Command | Does | +|---|---| +| `pnpm build` | Build all packages | +| `pnpm dev` | Dev mode all packages | +| `pnpm test` | Run all tests | +| `pnpm lint` | Lint all packages | +| `pnpm format` | Format with Biome | +| `pnpm storybook:dev` | Run Storybook | +| `pnpm test:visual` | Visual regression tests | +| `pnpm release` | Release (semantic-release) | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 68cca85d4..f39030142 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -63,6 +63,13 @@ jobs: category: /language:${{ matrix.language }} output: sarif-results + # GOVERNANCE: This step auto-dismisses any CodeQL alert that has a + # corresponding inline suppression comment (// codeql[query-id]) in source. + # That means a merged PR adding such a comment will silently dismiss the alert + # without a separate security review. Before merging any PR that adds a + # // codeql[...] suppression, a member of @UiPath/Apollo must confirm the + # suppression is justified. CODEOWNERS enforces this for .github/ changes; + # for source-file suppressions, reviewers must manually check. - name: Dismiss suppressed alerts if: github.ref == 'refs/heads/main' && matrix.language == 'javascript-typescript' uses: advanced-security/dismiss-alerts@3478381bd53e9f9a9ea1c23bd25ef0ec236e0d06 # v2 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 1a84d737e..60474d792 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -51,7 +51,7 @@ jobs: - name: Post or update PR comment if: github.event.pull_request.head.repo.fork == false - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | const fs = require('fs'); diff --git a/.github/workflows/dev-cleanup.yml b/.github/workflows/dev-cleanup.yml index 760489bee..8e028b447 100644 --- a/.github/workflows/dev-cleanup.yml +++ b/.github/workflows/dev-cleanup.yml @@ -58,9 +58,10 @@ jobs: PACKAGES=$(echo "$COMMENT" | grep -oE '\| `@uipath/[a-z0-9-]+@[0-9.]+-pr[0-9]+(\.[a-z0-9]+)?`' | sed 's/^| `//' | sed "s/\`\$//" | sort -u) # Use delimiter for GitHub output (newlines not supported) { - echo "packages<> "$GITHUB_OUTPUT" echo "Found: $PACKAGES" diff --git a/.github/workflows/dev-publish.yml b/.github/workflows/dev-publish.yml index d15c0af60..edf32ca3f 100644 --- a/.github/workflows/dev-publish.yml +++ b/.github/workflows/dev-publish.yml @@ -85,9 +85,10 @@ jobs: else { echo "has_previous=true" - echo "packages<> "$GITHUB_OUTPUT" echo "Found previous versions: $PUBLISHED" fi @@ -142,9 +143,10 @@ jobs: - name: Create matrix id: matrix if: steps.changed.outputs.has_changes == 'true' + env: + PACKAGES: ${{ steps.changed.outputs.packages }} run: | # Convert space-separated list to compact JSON array - PACKAGES="${{ steps.changed.outputs.packages }}" MATRIX_JSON=$(echo "$PACKAGES" | jq -Rc 'split(" ") | map(select(length > 0))') echo "matrix=$MATRIX_JSON" >> "$GITHUB_OUTPUT" echo "Matrix: $MATRIX_JSON" diff --git a/.github/workflows/monitor-npm-publishes.yml b/.github/workflows/monitor-npm-publishes.yml new file mode 100644 index 000000000..197454681 --- /dev/null +++ b/.github/workflows/monitor-npm-publishes.yml @@ -0,0 +1,119 @@ +name: Monitor npm Publishes + +on: + schedule: + - cron: '0 6 * * *' # Daily at 06:00 UTC + workflow_dispatch: + +# Deny-all default; the check job grants only what it needs. +permissions: {} + +jobs: + check: + name: Verify @uipath/* npm versions match GitHub releases + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + with: + persist-credentials: false + + - name: Check npm versions against GitHub releases + id: audit + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + PACKAGES=( + "@uipath/apollo-core" + "@uipath/apollo-react" + "@uipath/apollo-wind" + "@uipath/ap-chat" + ) + + UNMATCHED="" + + for pkg in "${PACKAGES[@]}"; do + latest=$(npm view "$pkg" version --registry https://registry.npmjs.org 2>/dev/null) + if [ -z "$latest" ]; then + echo "::warning::Could not fetch latest version for $pkg" + continue + fi + + tag="${pkg}@${latest}" + if gh release view "$tag" --repo "$GITHUB_REPOSITORY" > /dev/null 2>&1; then + echo "✓ $tag — GitHub release exists" + else + echo "::warning::$tag is on npm but has no matching GitHub release tag" + UNMATCHED="${UNMATCHED}\n- \`${tag}\`" + fi + done + + if [ -n "$UNMATCHED" ]; then + echo "unmatched=true" >> "$GITHUB_OUTPUT" + DELIM="ALERT_$(openssl rand -hex 8)" + { + echo "packages<<${DELIM}" + echo -e "$UNMATCHED" + echo "${DELIM}" + } >> "$GITHUB_OUTPUT" + else + echo "unmatched=false" >> "$GITHUB_OUTPUT" + echo "All @uipath/* npm versions have matching GitHub releases." + fi + + - name: Open or update alert issue + if: steps.audit.outputs.unmatched == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + UNMATCHED_PACKAGES: ${{ steps.audit.outputs.packages }} + run: | + MARKER="" + TODAY=$(date +%Y-%m-%d) + + BODY="${MARKER} + ## ⚠️ npm Publish Alert — ${TODAY} + + The following \`@uipath/*\` packages exist on npm but have **no matching GitHub release tag**. This may indicate an unauthorized publish. + + ${UNMATCHED_PACKAGES} + + ### Verification steps + 1. Check each package on https://www.npmjs.com/package/\`\` + 2. Confirm the version matches an expected release on this repo + 3. Verify SLSA provenance: \`gh attestation verify npm:@ --owner UiPath\` + 4. **If the publish is unauthorized:** immediately revoke \`NPM_AUTH_TOKEN\` and \`RELEASE_TOKEN\` in repo secrets and rotate them + + _Generated by the [Monitor npm Publishes]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/workflows/monitor-npm-publishes.yml) workflow._" + + # Update existing open alert, or open a new one + EXISTING=$(gh issue list --label "security" --state open --json number,body \ + --jq "[.[] | select(.body | contains(\"${MARKER}\")) | .number][0]" 2>/dev/null || echo "") + + if [ -n "$EXISTING" ] && [ "$EXISTING" != "null" ]; then + gh issue edit "$EXISTING" --body "$BODY" + echo "Updated existing alert issue #${EXISTING}" + else + gh issue create \ + --title "⚠️ [npm-monitor] Unverified npm publish detected for @uipath/* packages" \ + --body "$BODY" \ + --label "security" + fi + + - name: Close resolved alert issues + if: steps.audit.outputs.unmatched == 'false' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + MARKER="" + EXISTING=$(gh issue list --label "security" --state open --json number,body \ + --jq "[.[] | select(.body | contains(\"${MARKER}\")) | .number][0]" 2>/dev/null || echo "") + + if [ -n "$EXISTING" ] && [ "$EXISTING" != "null" ]; then + gh issue close "$EXISTING" \ + --comment "✅ All @uipath/* npm versions now have matching GitHub releases. Closing automatically." + echo "Closed resolved alert issue #${EXISTING}" + fi diff --git a/.github/workflows/prune-release-age-exemptions.yml b/.github/workflows/prune-release-age-exemptions.yml index 8ec4df4a1..e9f14d1b2 100644 --- a/.github/workflows/prune-release-age-exemptions.yml +++ b/.github/workflows/prune-release-age-exemptions.yml @@ -18,8 +18,9 @@ jobs: steps: - name: Checkout - # persist-credentials kept (default true) so the job can push the cleanup branch. uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + with: + persist-credentials: false - name: Setup Node.js uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 @@ -40,6 +41,8 @@ jobs: git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" + # Inject write credentials only at push time — not during the node script above. + git remote set-url origin "https://x-access-token:${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" git checkout -b "$BRANCH" git add pnpm-workspace.yaml git commit -m "chore(repo): prune stale minimumReleaseAge exemptions" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c9e52afad..535b33b1b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,13 +28,11 @@ jobs: id-token: write steps: - # zizmor: ignore[artipacked] - # Credentials needed for semantic-release to push version bumps; no artifacts uploaded in this workflow - name: Checkout code uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - token: ${{ secrets.RELEASE_TOKEN }} + persist-credentials: false - name: Install Node dependencies uses: ./.github/actions/install-node-deps @@ -55,24 +53,36 @@ jobs: - name: Run tests run: pnpm test - - name: Setup git user + - name: Setup git user and credentials + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} run: | git config --global user.name "semantic-release-bot" git config --global user.email "semantic-release-bot@users.noreply.github.com" + # Inject write credentials only after build + test complete. + # RELEASE_TOKEN is not in .git/config during pnpm build or pnpm test above. + git remote set-url origin "https://x-access-token:${RELEASE_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" - name: Release env: GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} - NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} GH_NPM_REGISTRY_TOKEN: ${{ secrets.RELEASE_TOKEN }} HUSKY: 0 run: pnpm release + - name: Generate and attest SBOM + uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4.1.0 + with: + subject-path: | + packages/apollo-core/dist + packages/apollo-react/dist + packages/apollo-wind/dist + web-packages/ap-chat/dist + sbom-format: spdx-json + - name: Commit changelogs and package updates - env: - GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} run: | if [ -n "$(git status --porcelain)" ]; then # Get list of changed packages diff --git a/.github/workflows/support-branch-scope.yml b/.github/workflows/support-branch-scope.yml index 0d7459b3a..323559d3f 100644 --- a/.github/workflows/support-branch-scope.yml +++ b/.github/workflows/support-branch-scope.yml @@ -104,7 +104,7 @@ jobs: - name: Post or update PR comment if: steps.scope.outputs.status == 'fail' - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: PACKAGE: ${{ steps.parse.outputs.package }} PKG_DIR: ${{ steps.resolve.outputs.pkg_dir }} @@ -167,7 +167,7 @@ jobs: - name: Remove comment if scope is clean if: steps.scope.outputs.status != 'fail' - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | const marker = ''; diff --git a/.github/workflows/vercel-deploy.yml b/.github/workflows/vercel-deploy.yml index a2f3bc75d..26fd1799a 100644 --- a/.github/workflows/vercel-deploy.yml +++ b/.github/workflows/vercel-deploy.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Post initial deployment status - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | const identifier = ''; @@ -123,9 +123,10 @@ jobs: uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: ~/.npm - key: ${{ runner.os }}-vercel-cli-53.4.0 + key: ${{ runner.os }}-vercel-cli-53.4.0-${{ github.sha }} restore-keys: | - ${{ runner.os }}-vercel-cli-53.4.0 + ${{ runner.os }}-vercel-cli-53.4.0-${{ github.ref_name }}- + ${{ runner.os }}-vercel-cli-53.4.0- - name: Install Vercel CLI run: npm install -g vercel@53.4.0 @@ -243,7 +244,7 @@ jobs: DEPLOY_OUTCOME: ${{ steps.deploy.outcome }} DEPLOY_URL: ${{ steps.deploy.outputs.url }} ERROR_MESSAGE: ${{ steps.deploy.outputs.error_message }} - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | const identifier = ''; From fba9768d48e5e493e36c889f80cdf5a3caa38825 Mon Sep 17 00:00:00 2001 From: Cristian Florin Calina Date: Wed, 13 May 2026 16:48:48 -0700 Subject: [PATCH 3/5] chore(repo): upgrade to pnpm 11, add SBOM attestation & generation --- .claude/skills/harden-github-action/SKILL.md | 2 +- .github/copilot-instructions.md | 2 +- .github/workflows/release.yml | 42 +- .npmrc | 2 - CONTRIBUTING.md | 2 +- apps/apollo-vertex/package.json | 2 +- package.json | 7 +- pnpm-lock.yaml | 997 ++++++------------- pnpm-workspace.yaml | 17 +- 9 files changed, 343 insertions(+), 730 deletions(-) diff --git a/.claude/skills/harden-github-action/SKILL.md b/.claude/skills/harden-github-action/SKILL.md index 701aacd0e..269e7691b 100644 --- a/.claude/skills/harden-github-action/SKILL.md +++ b/.claude/skills/harden-github-action/SKILL.md @@ -22,7 +22,7 @@ Do **not** use this skill for: ## Repo Context -- **Package manager**: pnpm 10.x +- **Package manager**: pnpm 11.x - **Node version**: 22 - **Workspaces**: Turborepo monorepo (`packages/`, `web-packages/`, `apps/`) - **Dual registry**: npm public + GitHub Packages (`@uipath` scope at `https://npm.pkg.github.com`) diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index 365b43683..bd75592db 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -13,7 +13,7 @@ apps/ # storybook, react-playground — NO TESTS NEEDED .github/ # workflows, actions, scripts ``` -All packages depend on `apollo-core`. Node ≥ 22, pnpm ≥ 10. Build: Rslib/Rsbuild (packages), Vite (Storybook). +All packages depend on `apollo-core`. Node ≥ 22, pnpm ≥ 11. Build: Rslib/Rsbuild (packages), Vite (Storybook). ## General Guidelines diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 535b33b1b..3648b2ffd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -72,15 +72,43 @@ jobs: HUSKY: 0 run: pnpm release - - name: Generate and attest SBOM + - name: Generate per-package SBOMs + run: | + pnpm --filter @uipath/apollo-core sbom --sbom-format cyclonedx --prod > sbom-apollo-core.cyclonedx.json + pnpm --filter @uipath/apollo-react sbom --sbom-format cyclonedx --prod > sbom-apollo-react.cyclonedx.json + pnpm --filter @uipath/apollo-wind sbom --sbom-format cyclonedx --prod > sbom-apollo-wind.cyclonedx.json + pnpm --filter '@uipath/ap-chat' sbom --sbom-format cyclonedx --prod > sbom-ap-chat.cyclonedx.json + + - name: Attest SBOM — apollo-core uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4.1.0 with: - subject-path: | - packages/apollo-core/dist - packages/apollo-react/dist - packages/apollo-wind/dist - web-packages/ap-chat/dist - sbom-format: spdx-json + subject-path: packages/apollo-core/dist + sbom-path: sbom-apollo-core.cyclonedx.json + + - name: Attest SBOM — apollo-react + uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4.1.0 + with: + subject-path: packages/apollo-react/dist + sbom-path: sbom-apollo-react.cyclonedx.json + + - name: Attest SBOM — apollo-wind + uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4.1.0 + with: + subject-path: packages/apollo-wind/dist + sbom-path: sbom-apollo-wind.cyclonedx.json + + - name: Attest SBOM — ap-chat + uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4.1.0 + with: + subject-path: web-packages/ap-chat/dist + sbom-path: sbom-ap-chat.cyclonedx.json + + - name: Upload SBOMs as release artifact + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + with: + name: sbom-${{ github.sha }} + path: sbom-*.cyclonedx.json + retention-days: 90 - name: Commit changelogs and package updates run: | diff --git a/.npmrc b/.npmrc index 1b4af9b55..12a50ebc1 100644 --- a/.npmrc +++ b/.npmrc @@ -2,5 +2,3 @@ //npm.pkg.github.com/:_authToken=${GH_NPM_REGISTRY_TOKEN} //npm.pkg.github.com/:always-auth=true //registry.npmjs.org/:_authToken=${NPM_AUTH_TOKEN} -auto-install-peers=true -strict-peer-dependencies=false diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d9b40413e..2bfd91ee3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -16,7 +16,7 @@ Thank you for your interest in contributing to the Apollo Design System! This do ### Prerequisites - Node.js >= 22 -- pnpm >= 10 +- pnpm >= 11 ### Getting Started diff --git a/apps/apollo-vertex/package.json b/apps/apollo-vertex/package.json index c23ddd7da..de0c0d912 100644 --- a/apps/apollo-vertex/package.json +++ b/apps/apollo-vertex/package.json @@ -21,7 +21,7 @@ "keywords": [], "author": "", "license": "ISC", - "packageManager": "pnpm@10.18.1", + "packageManager": "pnpm@11.1.1", "dependencies": { "@dnd-kit/core": "^6.3.1", "@dnd-kit/sortable": "^10.0.0", diff --git a/package.json b/package.json index 5472238b7..75b9272b8 100644 --- a/package.json +++ b/package.json @@ -75,7 +75,7 @@ "node": ">=22", "pnpm": ">=10" }, - "packageManager": "pnpm@10.18.1", + "packageManager": "pnpm@11.1.1", "lint-staged": { "*.{js,jsx,ts,tsx,json}": [ "biome check --write --no-errors-on-unmatched" @@ -93,11 +93,6 @@ } }, "pnpm": { - "onlyBuiltDependencies": [ - "@biomejs/biome", - "esbuild", - "sharp" - ], "overrides": { "minimatch": "^10.2.5", "lodash": "^4.18.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index a3c102f20..2808010ae 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -4,15 +4,6 @@ settings: autoInstallPeers: true excludeLinksFromLockfile: false -overrides: - minimatch: ^10.2.5 - lodash: ^4.18.1 - tmp: ^0.2.5 - picomatch: '>=4.0.4' - postcss: ^8.5.14 - -packageExtensionsChecksum: sha256-MiSYq8DXxufYD2Uu5iQfUDBUnmlvtj4LBvzJl3bvsgA= - importers: .: @@ -88,7 +79,7 @@ importers: version: 5.9.3 vitest: specifier: ^4.1.5 - version: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + version: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) apps/apollo-docs: dependencies: @@ -115,18 +106,18 @@ importers: version: link:../../packages/apollo-wind next: specifier: 16.2.6 - version: 16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2) + version: 16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) next-themes: specifier: ^0.4.6 version: 0.4.6(react-dom@19.2.3(react@19.2.3))(react@19.2.3) nextra: specifier: ^4.6.1 - version: 4.6.1(next@16.2.6(@opentelemetry/api@1.9.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3) + version: 4.6.1(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3) nextra-theme-docs: specifier: ^4.6.1 - version: 4.6.1(@types/react@19.2.8)(immer@10.2.0)(next@16.2.6(@opentelemetry/api@1.9.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(nextra@4.6.1(next@16.2.6(@opentelemetry/api@1.9.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(use-sync-external-store@1.6.0(react@19.2.3)) + version: 4.6.1(@types/react@19.2.8)(immer@10.2.0)(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(nextra@4.6.1(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(use-sync-external-store@1.6.0(react@19.2.3)) postcss: - specifier: ^8.5.14 + specifier: ^8.5.6 version: 8.5.14 react: specifier: 19.2.3 @@ -272,13 +263,13 @@ importers: version: 8.21.3(react-dom@19.2.3(react@19.2.3))(react@19.2.3) '@uipath/apollo-dashboarding': specifier: 0.0.61 - version: 0.0.61(@types/node@24.10.1)(@types/react@19.2.8)(@uipath/apollo-core@5.9.1)(@uipath/apollo-lab@25.12.0)(@uipath/portal-shell-react@3.149.36(fe12f2fb6cf38432d22dd98c4b90e974))(luxon@3.7.2)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + version: 0.0.61(@types/node@24.10.1)(@types/react@19.2.8)(@uipath/apollo-core@5.9.1)(@uipath/apollo-lab@25.12.0)(@uipath/portal-shell-react@3.149.36(9e6166e9cffa21a376f3ba9f163a66bf))(luxon@3.7.2)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) '@uipath/uipath-typescript': specifier: ^1.3.1 version: 1.3.1(@opentelemetry/api@1.9.0)(zod@4.3.5) '@vercel/analytics': specifier: ^1.5.0 - version: 1.5.0(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(react@19.2.3) + version: 1.5.0(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react@19.2.3) class-variance-authority: specifier: ^0.7.1 version: 0.7.1 @@ -317,21 +308,21 @@ importers: version: 3.7.2 next: specifier: 16.2.6 - version: 16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2) + version: 16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) next-themes: specifier: ^0.4.6 version: 0.4.6(react-dom@19.2.3(react@19.2.3))(react@19.2.3) nextra: specifier: ^4.6.1 - version: 4.6.1(next@16.2.6(@opentelemetry/api@1.9.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3) + version: 4.6.1(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3) nextra-theme-docs: specifier: ^4.6.1 - version: 4.6.1(@types/react@19.2.8)(immer@10.2.0)(next@16.2.6(@opentelemetry/api@1.9.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(nextra@4.6.1(next@16.2.6(@opentelemetry/api@1.9.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(use-sync-external-store@1.6.0(react@19.2.3)) + version: 4.6.1(@types/react@19.2.8)(immer@10.2.0)(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(nextra@4.6.1(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(use-sync-external-store@1.6.0(react@19.2.3)) pkce-challenge: specifier: ^6.0.0 version: 6.0.0 postcss: - specifier: ^8.5.14 + specifier: ^8.5.6 version: 8.5.14 react: specifier: 19.2.3 @@ -426,7 +417,7 @@ importers: version: 5.9.3 vite: specifier: ^7.3.2 - version: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + version: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) apps/react-playground: dependencies: @@ -471,7 +462,7 @@ importers: version: 16.1.0(react@19.2.3) styled-components: specifier: ^6.4.1 - version: 6.4.1(css-to-react-native@3.2.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) + version: 6.4.1(react-dom@19.2.3(react@19.2.3))(react@19.2.3) devDependencies: '@biomejs/biome': specifier: ^2.3.6 @@ -530,7 +521,7 @@ importers: version: 10.2.15(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)) '@storybook/addon-docs': specifier: ^10.2.15 - version: 10.2.15(@types/react@19.2.8)(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) + version: 10.2.15(@types/react@19.2.8)(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) '@storybook/addon-links': specifier: ^10.2.15 version: 10.2.15(react@19.2.3)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)) @@ -542,10 +533,10 @@ importers: version: 10.2.15(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3) '@storybook/react-vite': specifier: ^10.2.15 - version: 10.2.15(esbuild@0.27.3)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) + version: 10.2.15(esbuild@0.27.3)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) '@tailwindcss/vite': specifier: ^4.2.2 - version: 4.2.2(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + version: 4.2.2(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) '@types/react': specifier: ^19.2.6 version: 19.2.8 @@ -566,13 +557,13 @@ importers: version: 5.9.3 vite: specifier: ^7.3.2 - version: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + version: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) packages/apollo-core: devDependencies: '@rslib/core': specifier: ^0.19.6 - version: 0.19.6(@microsoft/api-extractor@7.57.6(@types/node@24.10.1))(typescript@5.9.3) + version: 0.19.6(typescript@5.9.3) '@vitest/coverage-v8': specifier: ^4.1.5 version: 4.1.5(vitest@4.1.5) @@ -583,7 +574,7 @@ importers: specifier: ^4.18.1 version: 4.18.1 postcss: - specifier: ^8.5.14 + specifier: ^8.5.6 version: 8.5.14 postcss-cli: specifier: ^10.1.0 @@ -599,7 +590,7 @@ importers: version: 5.9.3 vitest: specifier: ^4.1.5 - version: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + version: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) packages/apollo-react: dependencies: @@ -804,13 +795,13 @@ importers: version: 1.4.2(@rsbuild/core@1.7.3) '@rslib/core': specifier: ^0.19.6 - version: 0.19.6(@microsoft/api-extractor@7.57.6(@types/node@24.10.1))(typescript@5.9.3) + version: 0.19.6(typescript@5.9.3) '@storybook/react': specifier: ^10.2.15 version: 10.2.15(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3) '@storybook/react-vite': specifier: ^10.2.15 - version: 10.2.15(esbuild@0.27.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0)) + version: 10.2.15(esbuild@0.27.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0)) '@svgr/webpack': specifier: ^8.1.0 version: 8.1.0(typescript@5.9.3) @@ -873,7 +864,7 @@ importers: version: 4.7.0(esbuild@0.27.0) '@vitejs/plugin-react': specifier: ^4.7.0 - version: 4.7.0(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + version: 4.7.0(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) '@vitest/coverage-v8': specifier: ^4.1.5 version: 4.1.5(vitest@4.1.5) @@ -900,10 +891,10 @@ importers: version: 5.9.3 vite-tsconfig-paths: specifier: ^5.1.4 - version: 5.1.4(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + version: 5.1.4(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) vitest: specifier: ^4.1.5 - version: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + version: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) webpack-bundle-analyzer: specifier: ^5.0.1 version: 5.0.1 @@ -1081,7 +1072,7 @@ importers: version: 1.4.2(@rsbuild/core@1.7.3) '@rslib/core': specifier: ^0.19.6 - version: 0.19.6(@microsoft/api-extractor@7.57.6(@types/node@24.10.1))(typescript@5.9.3) + version: 0.19.6(typescript@5.9.3) '@semantic-release/changelog': specifier: ^6.0.3 version: 6.0.3(semantic-release@25.0.3(typescript@5.9.3)) @@ -1093,7 +1084,7 @@ importers: version: 10.2.15(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)) '@storybook/addon-docs': specifier: ^10.2.15 - version: 10.2.15(@types/react@19.2.8)(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) + version: 10.2.15(@types/react@19.2.8)(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) '@storybook/addon-links': specifier: ^10.2.15 version: 10.2.15(react@19.2.3)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)) @@ -1102,7 +1093,7 @@ importers: version: 0.2.3(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3) '@storybook/react-vite': specifier: ^10.2.15 - version: 10.2.15(esbuild@0.27.3)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) + version: 10.2.15(esbuild@0.27.3)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) '@tailwindcss/cli': specifier: ^4.1.17 version: 4.1.17 @@ -1152,7 +1143,7 @@ importers: specifier: ^27.2.0 version: 27.3.0 postcss: - specifier: ^8.5.14 + specifier: ^8.5.6 version: 8.5.14 postcss-import: specifier: ^16.1.1 @@ -1177,7 +1168,7 @@ importers: version: 5.9.3 vitest: specifier: ^4.1.5 - version: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + version: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) web-packages/ap-chat: dependencies: @@ -1214,7 +1205,7 @@ importers: version: 1.4.2(@rsbuild/core@1.6.7) '@rslib/core': specifier: ^0.19.6 - version: 0.19.6(@microsoft/api-extractor@7.57.6(@types/node@24.10.1))(typescript@5.9.3) + version: 0.19.6(typescript@5.9.3) '@types/react': specifier: ^19.2.6 version: 19.2.8 @@ -1238,7 +1229,7 @@ importers: version: 5.9.3 vitest: specifier: ^4.1.5 - version: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + version: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) webpack-bundle-analyzer: specifier: ^5.0.1 version: 5.0.1 @@ -1299,24 +1290,28 @@ packages: engines: {node: '>= 10'} cpu: [arm64] os: [linux] + libc: [glibc] '@ast-grep/napi-linux-arm64-musl@0.37.0': resolution: {integrity: sha512-LF9sAvYy6es/OdyJDO3RwkX3I82Vkfsng1sqUBcoWC1jVb1wX5YVzHtpQox9JrEhGl+bNp7FYxB4Qba9OdA5GA==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] + libc: [musl] '@ast-grep/napi-linux-x64-gnu@0.37.0': resolution: {integrity: sha512-TViz5/klqre6aSmJzswEIjApnGjJzstG/SE8VDWsrftMBMYt2PTu3MeluZVwzSqDao8doT/P+6U11dU05UOgxw==} engines: {node: '>= 10'} cpu: [x64] os: [linux] + libc: [glibc] '@ast-grep/napi-linux-x64-musl@0.37.0': resolution: {integrity: sha512-/BcCH33S9E3ovOAEoxYngUNXgb+JLg991sdyiNP2bSoYd30a9RHrG7CYwW6fMgua3ijQ474eV6cq9yZO1bCpXg==} engines: {node: '>= 10'} cpu: [x64] os: [linux] + libc: [musl] '@ast-grep/napi-win32-arm64-msvc@0.37.0': resolution: {integrity: sha512-TjQA4cFoIEW2bgjLkaL9yqT4XWuuLa5MCNd0VCDhGRDMNQ9+rhwi9eLOWRaap3xzT7g+nlbcEHL3AkVCD2+b3A==} @@ -2026,6 +2021,7 @@ packages: engines: {node: '>=14.21.3'} cpu: [arm64] os: [linux] + libc: [musl] '@biomejs/cli-linux-arm64@2.3.6': resolution: {integrity: sha512-JjYy83eVBnvuINZiqyFO7xx72v8Srh4hsgaacSBCjC22DwM6+ZvnX1/fj8/SBiLuUOfZ8YhU2pfq2Dzakeyg1A==} @@ -2039,6 +2035,7 @@ packages: engines: {node: '>=14.21.3'} cpu: [arm64] os: [linux] + libc: [glibc] '@biomejs/cli-linux-x64-musl@2.3.6': resolution: {integrity: sha512-QvxB8GHQeaO4FCtwJpJjCgJkbHBbWxRHUxQlod+xeaYE6gtJdSkYkuxdKAQUZEOIsec+PeaDAhW9xjzYbwmOFA==} @@ -2052,6 +2049,7 @@ packages: engines: {node: '>=14.21.3'} cpu: [x64] os: [linux] + libc: [musl] '@biomejs/cli-linux-x64@2.3.6': resolution: {integrity: sha512-ZjPXzy5yN9wusIoX+8Zp4p6cL8r0NzJCXg/4r1KLVveIPXd2jKVlqZ6ZyzEq385WwU3OX5KOwQYLQsOc788waQ==} @@ -2065,6 +2063,7 @@ packages: engines: {node: '>=14.21.3'} cpu: [x64] os: [linux] + libc: [glibc] '@biomejs/cli-win32-arm64@2.3.6': resolution: {integrity: sha512-YM7hLHpwjdt8R7+O2zS1Vo2cKgqEeptiXB1tWW1rgjN5LlpZovBVKtg7zfwfRrFx3i08aNZThYpTcowpTlczug==} @@ -3075,89 +3074,105 @@ packages: resolution: {integrity: sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==} cpu: [arm64] os: [linux] + libc: [glibc] '@img/sharp-libvips-linux-arm@1.2.4': resolution: {integrity: sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==} cpu: [arm] os: [linux] + libc: [glibc] '@img/sharp-libvips-linux-ppc64@1.2.4': resolution: {integrity: sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==} cpu: [ppc64] os: [linux] + libc: [glibc] '@img/sharp-libvips-linux-riscv64@1.2.4': resolution: {integrity: sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==} cpu: [riscv64] os: [linux] + libc: [glibc] '@img/sharp-libvips-linux-s390x@1.2.4': resolution: {integrity: sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==} cpu: [s390x] os: [linux] + libc: [glibc] '@img/sharp-libvips-linux-x64@1.2.4': resolution: {integrity: sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==} cpu: [x64] os: [linux] + libc: [glibc] '@img/sharp-libvips-linuxmusl-arm64@1.2.4': resolution: {integrity: sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==} cpu: [arm64] os: [linux] + libc: [musl] '@img/sharp-libvips-linuxmusl-x64@1.2.4': resolution: {integrity: sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==} cpu: [x64] os: [linux] + libc: [musl] '@img/sharp-linux-arm64@0.34.5': resolution: {integrity: sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [arm64] os: [linux] + libc: [glibc] '@img/sharp-linux-arm@0.34.5': resolution: {integrity: sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [arm] os: [linux] + libc: [glibc] '@img/sharp-linux-ppc64@0.34.5': resolution: {integrity: sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [ppc64] os: [linux] + libc: [glibc] '@img/sharp-linux-riscv64@0.34.5': resolution: {integrity: sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [riscv64] os: [linux] + libc: [glibc] '@img/sharp-linux-s390x@0.34.5': resolution: {integrity: sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [s390x] os: [linux] + libc: [glibc] '@img/sharp-linux-x64@0.34.5': resolution: {integrity: sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [x64] os: [linux] + libc: [glibc] '@img/sharp-linuxmusl-arm64@0.34.5': resolution: {integrity: sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [arm64] os: [linux] + libc: [musl] '@img/sharp-linuxmusl-x64@0.34.5': resolution: {integrity: sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==} engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0} cpu: [x64] os: [linux] + libc: [musl] '@img/sharp-wasm32@0.34.5': resolution: {integrity: sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==} @@ -3468,13 +3483,6 @@ packages: '@messageformat/parser@5.1.1': resolution: {integrity: sha512-3p0YRGCcTUCYvBKLIxtDDyrJ0YijGIwrTRu1DT8gIviIDZru8H23+FkY6MJBzM1n9n20CiM4VeDYuBsrrwnLjg==} - '@microsoft/api-extractor-model@7.33.4': - resolution: {integrity: sha512-u1LTaNTikZAQ9uK6KG1Ms7nvNedsnODnspq/gH2dcyETWvH4hVNGNDvRAEutH66kAmxA4/necElqGNs1FggC8w==} - - '@microsoft/api-extractor@7.57.6': - resolution: {integrity: sha512-0rFv/D8Grzw1Mjs2+8NGUR+o4h9LVm5zKRtMeWnpdB5IMJF4TeHCL1zR5LMCIudkOvyvjbhMG5Wjs0B5nqsrRQ==} - hasBin: true - '@microsoft/applicationinsights-analytics-js@2.8.18': resolution: {integrity: sha512-YfuUyTBx8HNGgIwg8N01iwsIO6LaqApNwGXw5YunAw+hqYR6jRmYlseQGTPFvKtq1ebEPJiwK0LjIQw/fOcxHQ==} peerDependencies: @@ -3568,12 +3576,6 @@ packages: '@microsoft/signalr@7.0.14': resolution: {integrity: sha512-dnS7gSJF5LxByZwJaj82+F1K755ya7ttPT+JnSeCBef3sL8p8FBkHePXphK8NSuOquIb7vsphXWa28A+L2SPpw==} - '@microsoft/tsdoc-config@0.18.1': - resolution: {integrity: sha512-9brPoVdfN9k9g0dcWkFeA7IH9bbcttzDJlXvkf8b2OBzd5MueR1V2wkKBL0abn0otvmkHJC6aapBOTJDDeMCZg==} - - '@microsoft/tsdoc@0.16.0': - resolution: {integrity: sha512-xgAyonlVVS+q7Vc7qLW0UrJU7rSFcETRWsqdXZtjzRU8dF+6CkozTK4V4y1LwOX7j8r/vHphjDeMeGI4tNGeGA==} - '@modelcontextprotocol/sdk@1.26.0': resolution: {integrity: sha512-Y5RmPncpiDtTXDbLKswIJzTqu2hyBKxTNsgKqKclDbhIgg1wgtf1fRuvxgTnRfcnxtvvgbIEcqUOzZrJ6iSReg==} engines: {node: '>=18'} @@ -3982,36 +3984,42 @@ packages: engines: {node: '>= 10'} cpu: [arm64] os: [linux] + libc: [glibc] '@napi-rs/simple-git-linux-arm64-musl@0.1.22': resolution: {integrity: sha512-MOs7fPyJiU/wqOpKzAOmOpxJ/TZfP4JwmvPad/cXTOWYwwyppMlXFRms3i98EU3HOazI/wMU2Ksfda3+TBluWA==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] + libc: [musl] '@napi-rs/simple-git-linux-ppc64-gnu@0.1.22': resolution: {integrity: sha512-L59dR30VBShRUIZ5/cQHU25upNgKS0AMQ7537J6LCIUEFwwXrKORZKJ8ceR+s3Sr/4jempWVvMdjEpFDE4HYww==} engines: {node: '>= 10'} cpu: [ppc64] os: [linux] + libc: [glibc] '@napi-rs/simple-git-linux-s390x-gnu@0.1.22': resolution: {integrity: sha512-4FHkPlCSIZUGC6HiADffbe6NVoTBMd65pIwcd40IDbtFKOgFMBA+pWRqKiQ21FERGH16Zed7XHJJoY3jpOqtmQ==} engines: {node: '>= 10'} cpu: [s390x] os: [linux] + libc: [glibc] '@napi-rs/simple-git-linux-x64-gnu@0.1.22': resolution: {integrity: sha512-Ei1tM5Ho/dwknF3pOzqkNW9Iv8oFzRxE8uOhrITcdlpxRxVrBVptUF6/0WPdvd7R9747D/q61QG/AVyWsWLFKw==} engines: {node: '>= 10'} cpu: [x64] os: [linux] + libc: [glibc] '@napi-rs/simple-git-linux-x64-musl@0.1.22': resolution: {integrity: sha512-zRYxg7it0p3rLyEJYoCoL2PQJNgArVLyNavHW03TFUAYkYi5bxQ/UFNVpgxMaXohr5yu7qCBqeo9j4DWeysalg==} engines: {node: '>= 10'} cpu: [x64] os: [linux] + libc: [musl] '@napi-rs/simple-git-win32-arm64-msvc@0.1.22': resolution: {integrity: sha512-XGFR1fj+Y9cWACcovV2Ey/R2xQOZKs8t+7KHPerYdJ4PtjVzGznI4c2EBHXtdOIYvkw7tL5rZ7FN1HJKdD5Quw==} @@ -4064,24 +4072,28 @@ packages: engines: {node: '>= 10'} cpu: [arm64] os: [linux] + libc: [glibc] '@next/swc-linux-arm64-musl@16.2.6': resolution: {integrity: sha512-URUTu1+dMkxJsPFgm+OeEvq9wf5sujw0EvgYy80TDGHTSLTnIHeqb0Eu8A3sC95IRgjejQL+kC4mw+4yPxiAXA==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] + libc: [musl] '@next/swc-linux-x64-gnu@16.2.6': resolution: {integrity: sha512-DOj182mPV8G3UkrayLoREM5YEYI+Dk5wv7Ox9xl1fFibAELEsFD0lDPfHIeILlutMMfdyhlzYPELG3peuKaurw==} engines: {node: '>= 10'} cpu: [x64] os: [linux] + libc: [glibc] '@next/swc-linux-x64-musl@16.2.6': resolution: {integrity: sha512-HKQ5SP/V/ub73UvF7n/zeJlxk2kLmtL7Wzrg4WfmkjmNos5onJ2tKu7yZOPdL18A6Svfn3max29ym+ry7NkK4g==} engines: {node: '>= 10'} cpu: [x64] os: [linux] + libc: [musl] '@next/swc-win32-arm64-msvc@16.2.6': resolution: {integrity: sha512-LZXpTlPyS5v7HhSmnvsLGP3iIYgYOBnc8r8ArlT55sGHV89bR2HlDdBjWQ+PY6SJMmk8TuVGFuxalnP3k/0Dwg==} @@ -4289,48 +4301,56 @@ packages: engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] + libc: [glibc] '@oxlint/binding-linux-arm64-musl@1.50.0': resolution: {integrity: sha512-++B3k/HEPFVlj89cOz8kWfQccMZB/aWL9AhsW7jPIkG++63Mpwb2cE9XOEsd0PATbIan78k2Gky+09uWM1d/gQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] + libc: [musl] '@oxlint/binding-linux-ppc64-gnu@1.50.0': resolution: {integrity: sha512-Z9b/KpFMkx66w3gVBqjIC1AJBTZAGoI9+U+K5L4QM0CB/G0JSNC1es9b3Y0Vcrlvtdn8A+IQTkYjd/Q0uCSaZw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [ppc64] os: [linux] + libc: [glibc] '@oxlint/binding-linux-riscv64-gnu@1.50.0': resolution: {integrity: sha512-jvmuIw8wRSohsQlFNIST5uUwkEtEJmOQYr33bf/K2FrFPXHhM4KqGekI3ShYJemFS/gARVacQFgBzzJKCAyJjg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [riscv64] os: [linux] + libc: [glibc] '@oxlint/binding-linux-riscv64-musl@1.50.0': resolution: {integrity: sha512-x+UrN47oYNh90nmAAyql8eQaaRpHbDPu5guasDg10+OpszUQ3/1+1J6zFMmV4xfIEgTcUXG/oI5fxJhF4eWCNA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [riscv64] os: [linux] + libc: [musl] '@oxlint/binding-linux-s390x-gnu@1.50.0': resolution: {integrity: sha512-i/JLi2ljLUIVfekMj4ISmdt+Hn11wzYUdRRrkVUYsCWw7zAy5xV7X9iA+KMyM156LTFympa7s3oKBjuCLoTAUQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [s390x] os: [linux] + libc: [glibc] '@oxlint/binding-linux-x64-gnu@1.50.0': resolution: {integrity: sha512-/C7brhn6c6UUPccgSPCcpLQXcp+xKIW/3sji/5VZ8/OItL3tQ2U7KalHz887UxxSQeEOmd1kY6lrpuwFnmNqOA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] + libc: [glibc] '@oxlint/binding-linux-x64-musl@1.50.0': resolution: {integrity: sha512-oDR1f+bGOYU8LfgtEW8XtotWGB63ghtcxk5Jm6IDTCk++rTA/IRMsjOid2iMd+1bW+nP9Mdsmcdc7VbPD3+iyQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] + libc: [musl] '@oxlint/binding-openharmony-arm64@1.50.0': resolution: {integrity: sha512-4CmRGPp5UpvXyu4jjP9Tey/SrXDQLRvZXm4pb4vdZBxAzbFZkCyh0KyRy4txld/kZKTJlW4TO8N1JKrNEk+mWw==} @@ -4392,59 +4412,29 @@ packages: cpu: [arm64] os: [android] - '@parcel/watcher-android-arm64@2.5.6': - resolution: {integrity: sha512-YQxSS34tPF/6ZG7r/Ih9xy+kP/WwediEUsqmtf0cuCV5TPPKw/PQHRhueUo6JdeFJaqV3pyjm0GdYjZotbRt/A==} - engines: {node: '>= 10.0.0'} - cpu: [arm64] - os: [android] - '@parcel/watcher-darwin-arm64@2.5.1': resolution: {integrity: sha512-eAzPv5osDmZyBhou8PoF4i6RQXAfeKL9tjb3QzYuccXFMQU0ruIc/POh30ePnaOyD1UXdlKguHBmsTs53tVoPw==} engines: {node: '>= 10.0.0'} cpu: [arm64] os: [darwin] - '@parcel/watcher-darwin-arm64@2.5.6': - resolution: {integrity: sha512-Z2ZdrnwyXvvvdtRHLmM4knydIdU9adO3D4n/0cVipF3rRiwP+3/sfzpAwA/qKFL6i1ModaabkU7IbpeMBgiVEA==} - engines: {node: '>= 10.0.0'} - cpu: [arm64] - os: [darwin] - '@parcel/watcher-darwin-x64@2.5.1': resolution: {integrity: sha512-1ZXDthrnNmwv10A0/3AJNZ9JGlzrF82i3gNQcWOzd7nJ8aj+ILyW1MTxVk35Db0u91oD5Nlk9MBiujMlwmeXZg==} engines: {node: '>= 10.0.0'} cpu: [x64] os: [darwin] - '@parcel/watcher-darwin-x64@2.5.6': - resolution: {integrity: sha512-HgvOf3W9dhithcwOWX9uDZyn1lW9R+7tPZ4sug+NGrGIo4Rk1hAXLEbcH1TQSqxts0NYXXlOWqVpvS1SFS4fRg==} - engines: {node: '>= 10.0.0'} - cpu: [x64] - os: [darwin] - '@parcel/watcher-freebsd-x64@2.5.1': resolution: {integrity: sha512-SI4eljM7Flp9yPuKi8W0ird8TI/JK6CSxju3NojVI6BjHsTyK7zxA9urjVjEKJ5MBYC+bLmMcbAWlZ+rFkLpJQ==} engines: {node: '>= 10.0.0'} cpu: [x64] os: [freebsd] - '@parcel/watcher-freebsd-x64@2.5.6': - resolution: {integrity: sha512-vJVi8yd/qzJxEKHkeemh7w3YAn6RJCtYlE4HPMoVnCpIXEzSrxErBW5SJBgKLbXU3WdIpkjBTeUNtyBVn8TRng==} - engines: {node: '>= 10.0.0'} - cpu: [x64] - os: [freebsd] - '@parcel/watcher-linux-arm-glibc@2.5.1': resolution: {integrity: sha512-RCdZlEyTs8geyBkkcnPWvtXLY44BCeZKmGYRtSgtwwnHR4dxfHRG3gR99XdMEdQ7KeiDdasJwwvNSF5jKtDwdA==} engines: {node: '>= 10.0.0'} cpu: [arm] os: [linux] - - '@parcel/watcher-linux-arm-glibc@2.5.6': - resolution: {integrity: sha512-9JiYfB6h6BgV50CCfasfLf/uvOcJskMSwcdH1PHH9rvS1IrNy8zad6IUVPVUfmXr+u+Km9IxcfMLzgdOudz9EQ==} - engines: {node: '>= 10.0.0'} - cpu: [arm] - os: [linux] libc: [glibc] '@parcel/watcher-linux-arm-musl@2.5.1': @@ -4452,12 +4442,6 @@ packages: engines: {node: '>= 10.0.0'} cpu: [arm] os: [linux] - - '@parcel/watcher-linux-arm-musl@2.5.6': - resolution: {integrity: sha512-Ve3gUCG57nuUUSyjBq/MAM0CzArtuIOxsBdQ+ftz6ho8n7s1i9E1Nmk/xmP323r2YL0SONs1EuwqBp2u1k5fxg==} - engines: {node: '>= 10.0.0'} - cpu: [arm] - os: [linux] libc: [musl] '@parcel/watcher-linux-arm64-glibc@2.5.1': @@ -4465,12 +4449,6 @@ packages: engines: {node: '>= 10.0.0'} cpu: [arm64] os: [linux] - - '@parcel/watcher-linux-arm64-glibc@2.5.6': - resolution: {integrity: sha512-f2g/DT3NhGPdBmMWYoxixqYr3v/UXcmLOYy16Bx0TM20Tchduwr4EaCbmxh1321TABqPGDpS8D/ggOTaljijOA==} - engines: {node: '>= 10.0.0'} - cpu: [arm64] - os: [linux] libc: [glibc] '@parcel/watcher-linux-arm64-musl@2.5.1': @@ -4478,12 +4456,6 @@ packages: engines: {node: '>= 10.0.0'} cpu: [arm64] os: [linux] - - '@parcel/watcher-linux-arm64-musl@2.5.6': - resolution: {integrity: sha512-qb6naMDGlbCwdhLj6hgoVKJl2odL34z2sqkC7Z6kzir8b5W65WYDpLB6R06KabvZdgoHI/zxke4b3zR0wAbDTA==} - engines: {node: '>= 10.0.0'} - cpu: [arm64] - os: [linux] libc: [musl] '@parcel/watcher-linux-x64-glibc@2.5.1': @@ -4491,12 +4463,6 @@ packages: engines: {node: '>= 10.0.0'} cpu: [x64] os: [linux] - - '@parcel/watcher-linux-x64-glibc@2.5.6': - resolution: {integrity: sha512-kbT5wvNQlx7NaGjzPFu8nVIW1rWqV780O7ZtkjuWaPUgpv2NMFpjYERVi0UYj1msZNyCzGlaCWEtzc+exjMGbQ==} - engines: {node: '>= 10.0.0'} - cpu: [x64] - os: [linux] libc: [glibc] '@parcel/watcher-linux-x64-musl@2.5.1': @@ -4504,12 +4470,6 @@ packages: engines: {node: '>= 10.0.0'} cpu: [x64] os: [linux] - - '@parcel/watcher-linux-x64-musl@2.5.6': - resolution: {integrity: sha512-1JRFeC+h7RdXwldHzTsmdtYR/Ku8SylLgTU/reMuqdVD7CtLwf0VR1FqeprZ0eHQkO0vqsbvFLXUmYm/uNKJBg==} - engines: {node: '>= 10.0.0'} - cpu: [x64] - os: [linux] libc: [musl] '@parcel/watcher-win32-arm64@2.5.1': @@ -4518,44 +4478,22 @@ packages: cpu: [arm64] os: [win32] - '@parcel/watcher-win32-arm64@2.5.6': - resolution: {integrity: sha512-3ukyebjc6eGlw9yRt678DxVF7rjXatWiHvTXqphZLvo7aC5NdEgFufVwjFfY51ijYEWpXbqF5jtrK275z52D4Q==} - engines: {node: '>= 10.0.0'} - cpu: [arm64] - os: [win32] - '@parcel/watcher-win32-ia32@2.5.1': resolution: {integrity: sha512-c2KkcVN+NJmuA7CGlaGD1qJh1cLfDnQsHjE89E60vUEMlqduHGCdCLJCID5geFVM0dOtA3ZiIO8BoEQmzQVfpQ==} engines: {node: '>= 10.0.0'} cpu: [ia32] os: [win32] - '@parcel/watcher-win32-ia32@2.5.6': - resolution: {integrity: sha512-k35yLp1ZMwwee3Ez/pxBi5cf4AoBKYXj00CZ80jUz5h8prpiaQsiRPKQMxoLstNuqe2vR4RNPEAEcjEFzhEz/g==} - engines: {node: '>= 10.0.0'} - cpu: [ia32] - os: [win32] - '@parcel/watcher-win32-x64@2.5.1': resolution: {integrity: sha512-9lHBdJITeNR++EvSQVUcaZoWupyHfXe1jZvGZ06O/5MflPcuPLtEphScIBL+AiCWBO46tDSHzWyD0uDmmZqsgA==} engines: {node: '>= 10.0.0'} cpu: [x64] os: [win32] - '@parcel/watcher-win32-x64@2.5.6': - resolution: {integrity: sha512-hbQlYcCq5dlAX9Qx+kFb0FHue6vbjlf0FrNzSKdYK2APUf7tGfGxQCk2ihEREmbR6ZMc0MVAD5RIX/41gpUzTw==} - engines: {node: '>= 10.0.0'} - cpu: [x64] - os: [win32] - '@parcel/watcher@2.5.1': resolution: {integrity: sha512-dfUnCxiN9H4ap84DvD2ubjw+3vUNpstxa0TneY/Paat8a3R4uQZDLSvWjmznAY/DoahqTHl9V46HF/Zs3F29pg==} engines: {node: '>= 10.0.0'} - '@parcel/watcher@2.5.6': - resolution: {integrity: sha512-tmmZ3lQxAe/k/+rNnXQRawJ4NjxO2hqiOLTHvWchtGZULp4RyFeh6aU4XdOYBFe2KE1oShQTv4AblOs2iOrNnQ==} - engines: {node: '>= 10.0.0'} - '@pnpm/config.env-replace@1.1.0': resolution: {integrity: sha512-htyl8TWnKL7K/ESFa1oW2UB5lVDxuF5DpM7tBi6Hu2LNL3mWkIzNLG6N4zoCUP1lCKNxWy/3iu8mS8MvToGd6w==} engines: {node: '>=12.22.0'} @@ -5383,6 +5321,7 @@ packages: resolution: {integrity: sha512-ZTR2mxBHb4tK4wGf9b8SYg0Y6KQPjGpR4UWwTFdnmjB4qRtoATZ5dWn3KsDwGa5Z2ZBOE7K52L36J9LueKBdOQ==} cpu: [arm64] os: [linux] + libc: [glibc] '@rollup/rollup-linux-arm64-gnu@4.59.0': resolution: {integrity: sha512-jYgUGk5aLd1nUb1CtQ8E+t5JhLc9x5WdBKew9ZgAXg7DBk0ZHErLHdXM24rfX+bKrFe+Xp5YuJo54I5HFjGDAA==} @@ -5394,6 +5333,7 @@ packages: resolution: {integrity: sha512-GFWfAhVhWGd4r6UxmnKRTBwP1qmModHtd5gkraeW2G490BpFOZkFtem8yuX2NyafIP/mGpRJgTJ2PwohQkUY/Q==} cpu: [arm64] os: [linux] + libc: [musl] '@rollup/rollup-linux-arm64-musl@4.59.0': resolution: {integrity: sha512-peZRVEdnFWZ5Bh2KeumKG9ty7aCXzzEsHShOZEFiCQlDEepP1dpUl/SrUNXNg13UmZl+gzVDPsiCwnV1uI0RUA==} @@ -5447,6 +5387,7 @@ packages: resolution: {integrity: sha512-iUVJc3c0o8l9Sa/qlDL2Z9UP92UZZW1+EmQ4xfjTc1akr0iUFZNfxrXJ/R1T90h/ILm9iXEY6+iPrmYB3pXKjw==} cpu: [x64] os: [linux] + libc: [glibc] '@rollup/rollup-linux-x64-gnu@4.59.0': resolution: {integrity: sha512-3AHmtQq/ppNuUspKAlvA8HtLybkDflkMuLK4DPo77DfthRb71V84/c4MlWJXixZz4uruIH4uaa07IqoAkG64fg==} @@ -5458,6 +5399,7 @@ packages: resolution: {integrity: sha512-PQUobbhLTQT5yz/SPg116VJBgz+XOtXt8D1ck+sfJJhuEsMj2jSej5yTdp8CvWBSceu+WW+ibVL6dm0ptG5fcA==} cpu: [x64] os: [linux] + libc: [musl] '@rollup/rollup-linux-x64-musl@4.59.0': resolution: {integrity: sha512-2UdiwS/9cTAx7qIUZB/fWtToJwvt0Vbo0zmnYt7ED35KPg13Q0ym1g442THLC7VyI6JfYTP4PiSOWyoMdV2/xg==} @@ -5562,41 +5504,49 @@ packages: resolution: {integrity: sha512-Ldpoz2wWnBaL2+XKLIOyCZMkAkd4pk/L24EVgma3SpRtwgenLEr10bQupvwGAK5OLkjayslOTZmRiAv0FH5o/w==} cpu: [arm64] os: [linux] + libc: [glibc] '@rspack/binding-linux-arm64-gnu@1.7.7': resolution: {integrity: sha512-uSq4qkvmAzSDUTKE2v4yUgHIBdTily1k3BcK5wBCGFm9OPODj5lQZpAdOHHIwu+Jxyjoa7Mb64tghhj9hZcXcA==} cpu: [arm64] os: [linux] + libc: [glibc] '@rspack/binding-linux-arm64-musl@1.6.4': resolution: {integrity: sha512-3fLMSDK5yMjKmx7iFbYG3P3A0xNdtmNu09v5P6hzq65tkJ3dflIt3p8DvtOTURtuSgQZV2A1LDd9hpIXdnigqA==} cpu: [arm64] os: [linux] + libc: [musl] '@rspack/binding-linux-arm64-musl@1.7.7': resolution: {integrity: sha512-NhWCBfiu6plpmLRP6c6D5lBUaVrBr1nvjSEc7VyQF8TGh8URo2btH0wngEiX0nWvidsSlERt1l6Y5QPGuiCl1g==} cpu: [arm64] os: [linux] + libc: [musl] '@rspack/binding-linux-x64-gnu@1.6.4': resolution: {integrity: sha512-5YzXUKLnaiqND05CDgkKE0WNRtC1ulkVncYs78xPikonzZmgVXa8eRaTPOZC6ZjpLR0eTsg+MSesLUsPUu27hA==} cpu: [x64] os: [linux] + libc: [glibc] '@rspack/binding-linux-x64-gnu@1.7.7': resolution: {integrity: sha512-aRvf8gCI7jDeEN9i4u9fY5coa3ZAyHzGVA4ZhTJCgZ5wWA5A9SQewMSq7khS1WAAFE1USlk1tUuPujnrGoYrGg==} cpu: [x64] os: [linux] + libc: [glibc] '@rspack/binding-linux-x64-musl@1.6.4': resolution: {integrity: sha512-KcSFla8a9bXG1mmV5oQ1R5h/dSXfd41/qHOsNuLqho2UCX8CVh4dezUA153dj7p1S4yOhTy6VZZi6C1szweE9A==} cpu: [x64] os: [linux] + libc: [musl] '@rspack/binding-linux-x64-musl@1.7.7': resolution: {integrity: sha512-ALPto4OT7snzXbYDyqkLfh1BvwDTTH1hPYXGUXBzQ0wEV7sXeyvxCC4yjH6B5MhR7W3tFuF4IfDy5Z4BxmOoGQ==} cpu: [x64] os: [linux] + libc: [musl] '@rspack/binding-wasm32-wasi@1.6.4': resolution: {integrity: sha512-mfFJbDJkRy5I1iW3m0JlWbc0X8pjVd+GRUz5nhbccwEhSQOc27ao3evf7XPU4aaDxud1B3UEqYiRcRmtm1BrjA==} @@ -5672,36 +5622,6 @@ packages: webpack-hot-middleware: optional: true - '@rushstack/node-core-library@5.20.3': - resolution: {integrity: sha512-95JgEPq2k7tHxhF9/OJnnyHDXfC9cLhhta0An/6MlkDsX2A6dTzDrTUG18vx4vjc280V0fi0xDH9iQczpSuWsw==} - peerDependencies: - '@types/node': '*' - peerDependenciesMeta: - '@types/node': - optional: true - - '@rushstack/problem-matcher@0.2.1': - resolution: {integrity: sha512-gulfhBs6n+I5b7DvjKRfhMGyUejtSgOHTclF/eONr8hcgF1APEDjhxIsfdUYYMzC3rvLwGluqLjbwCFZ8nxrog==} - peerDependencies: - '@types/node': '*' - peerDependenciesMeta: - '@types/node': - optional: true - - '@rushstack/rig-package@0.7.2': - resolution: {integrity: sha512-9XbFWuqMYcHUso4mnETfhGVUSaADBRj6HUAAEYk50nMPn8WRICmBuCphycQGNB3duIR6EEZX3Xj3SYc2XiP+9A==} - - '@rushstack/terminal@0.22.3': - resolution: {integrity: sha512-gHC9pIMrUPzAbBiI4VZMU7Q+rsCzb8hJl36lFIulIzoceKotyKL3Rd76AZ2CryCTKEg+0bnTj406HE5YY5OQvw==} - peerDependencies: - '@types/node': '*' - peerDependenciesMeta: - '@types/node': - optional: true - - '@rushstack/ts-command-line@5.3.3': - resolution: {integrity: sha512-c+ltdcvC7ym+10lhwR/vWiOhsrm/bP3By2VsFcs5qTKv+6tTmxgbVrtJ5NdNjANiV5TcmOZgUN+5KYQ4llsvEw==} - '@sec-ant/readable-stream@0.4.1': resolution: {integrity: sha512-831qok9r2t8AlxLko40y2ebgSDhenenCatLVeW/uBtnHPyhHOvG0C7TvfgecV+wHzIm5KUICgzmVpWS+IMEAeg==} @@ -6076,48 +5996,56 @@ packages: engines: {node: '>= 10'} cpu: [arm64] os: [linux] + libc: [glibc] '@tailwindcss/oxide-linux-arm64-gnu@4.2.2': resolution: {integrity: sha512-4og1V+ftEPXGttOO7eCmW7VICmzzJWgMx+QXAJRAhjrSjumCwWqMfkDrNu1LXEQzNAwz28NCUpucgQPrR4S2yw==} engines: {node: '>= 20'} cpu: [arm64] os: [linux] + libc: [glibc] '@tailwindcss/oxide-linux-arm64-musl@4.1.17': resolution: {integrity: sha512-HvZLfGr42i5anKtIeQzxdkw/wPqIbpeZqe7vd3V9vI3RQxe3xU1fLjss0TjyhxWcBaipk7NYwSrwTwK1hJARMg==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] + libc: [musl] '@tailwindcss/oxide-linux-arm64-musl@4.2.2': resolution: {integrity: sha512-oCfG/mS+/+XRlwNjnsNLVwnMWYH7tn/kYPsNPh+JSOMlnt93mYNCKHYzylRhI51X+TbR+ufNhhKKzm6QkqX8ag==} engines: {node: '>= 20'} cpu: [arm64] os: [linux] + libc: [musl] '@tailwindcss/oxide-linux-x64-gnu@4.1.17': resolution: {integrity: sha512-M3XZuORCGB7VPOEDH+nzpJ21XPvK5PyjlkSFkFziNHGLc5d6g3di2McAAblmaSUNl8IOmzYwLx9NsE7bplNkwQ==} engines: {node: '>= 10'} cpu: [x64] os: [linux] + libc: [glibc] '@tailwindcss/oxide-linux-x64-gnu@4.2.2': resolution: {integrity: sha512-rTAGAkDgqbXHNp/xW0iugLVmX62wOp2PoE39BTCGKjv3Iocf6AFbRP/wZT/kuCxC9QBh9Pu8XPkv/zCZB2mcMg==} engines: {node: '>= 20'} cpu: [x64] os: [linux] + libc: [glibc] '@tailwindcss/oxide-linux-x64-musl@4.1.17': resolution: {integrity: sha512-k7f+pf9eXLEey4pBlw+8dgfJHY4PZ5qOUFDyNf7SI6lHjQ9Zt7+NcscjpwdCEbYi6FI5c2KDTDWyf2iHcCSyyQ==} engines: {node: '>= 10'} cpu: [x64] os: [linux] + libc: [musl] '@tailwindcss/oxide-linux-x64-musl@4.2.2': resolution: {integrity: sha512-XW3t3qwbIwiSyRCggeO2zxe3KWaEbM0/kW9e8+0XpBgyKU4ATYzcVSMKteZJ1iukJ3HgHBjbg9P5YPRCVUxlnQ==} engines: {node: '>= 20'} cpu: [x64] os: [linux] + libc: [musl] '@tailwindcss/oxide-wasm32-wasi@4.1.17': resolution: {integrity: sha512-cEytGqSSoy7zK4JRWiTCx43FsKP/zGr0CsuMawhH67ONlH+T79VteQeJQRO/X7L0juEUA8ZyuYikcRBf0vsxhg==} @@ -6404,9 +6332,6 @@ packages: '@tybys/wasm-util@0.10.1': resolution: {integrity: sha512-9tTaPJLSiejZKx+Bmog4uSubteqTvFrVrURwkmHixBo0G4seD0zUxp98E1DzUBJxLQ3NPwXrGKDiVjwx/DpPsg==} - '@types/argparse@1.0.38': - resolution: {integrity: sha512-ebDJ9b0e702Yr7pWgB0jzm+CX4Srzz8RcXtLJDJB+BSccqMa36uyH/zUsSYao5+BD1ytv3k3rPYCq4mAE1hsXA==} - '@types/aria-query@5.0.4': resolution: {integrity: sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==} @@ -7051,14 +6976,6 @@ packages: resolution: {integrity: sha512-gOsf2YwSlleG6IjRYG2A7k0HmBMEo6qVNk9Bp/EaLgAJT5ngH6PXbqa4ItvnEwCm/velL5jAnQgsHsWnjhGmvw==} engines: {node: '>=18'} - ajv-draft-04@1.0.0: - resolution: {integrity: sha512-mv00Te6nmYbRp5DCwclxtt7yV/joXJPGS7nM+97GdxvuttCOfgI3K4U25zboyeX0O+myI8ERluxQe5wljMmVIw==} - peerDependencies: - ajv: ^8.5.0 - peerDependenciesMeta: - ajv: - optional: true - ajv-formats@2.1.1: resolution: {integrity: sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA==} peerDependencies: @@ -7139,9 +7056,6 @@ packages: arg@5.0.2: resolution: {integrity: sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==} - argparse@1.0.10: - resolution: {integrity: sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==} - argparse@2.0.1: resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==} @@ -7236,7 +7150,7 @@ packages: engines: {node: ^10 || ^12 || >=14} hasBin: true peerDependencies: - postcss: ^8.5.14 + postcss: ^8.1.0 available-typed-arrays@1.0.7: resolution: {integrity: sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==} @@ -7279,6 +7193,9 @@ packages: bail@2.0.2: resolution: {integrity: sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw==} + balanced-match@1.0.2: + resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==} + balanced-match@2.0.0: resolution: {integrity: sha512-1ugUSr8BHXRnK23KfuYS+gVMC3LB8QGH9W1iGtDPsNWoQbgtXSExkBu2aDR4epiGWZOjZsj6lDl/N/AqqTC3UA==} @@ -7335,6 +7252,12 @@ packages: resolution: {integrity: sha512-dr5s3vtOG8NkVSwa8CC55XBIKKwajomSZRb0RiMOOOF6TpqZBZvtbDjpzWICvdd/plDF6uOtaRfSgblPQLAioQ==} engines: {node: '>= 18'} + brace-expansion@1.1.14: + resolution: {integrity: sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==} + + brace-expansion@2.1.0: + resolution: {integrity: sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==} + brace-expansion@5.0.5: resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==} engines: {node: 18 || 20 || >=22} @@ -7408,9 +7331,6 @@ packages: resolution: {integrity: sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==} engines: {node: '>=10'} - camelize@1.0.1: - resolution: {integrity: sha512-dU+Tx2fsypxTgtLoE36npi3UqcjSSMNYfkqgmoEhtZrraP5VWq0K7FkWVTYa8eMPtnU/G2txVsfdCJTn9uzpuQ==} - caniuse-api@3.0.0: resolution: {integrity: sha512-bsTwuIg/BZZK/vreVTYYbSWoe2F+71P7K5QGEX+pT250DZbfU1MQ5prOKpPR+LL6uWKK3KMwMCAS74QB3Um1uw==} @@ -7487,10 +7407,6 @@ packages: resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==} engines: {node: '>= 8.10.0'} - chokidar@4.0.3: - resolution: {integrity: sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==} - engines: {node: '>= 14.16.0'} - chrome-trace-event@1.0.4: resolution: {integrity: sha512-rNjApaLzuwaOTjCiT8lSDdGN1APCiqkChLMJxJPWLunPAt5fy8xgU9/jNOchV84wfIxrA0lRQB7oCT8jrn/wrQ==} engines: {node: '>=6.0'} @@ -7663,6 +7579,9 @@ packages: compute-scroll-into-view@3.1.1: resolution: {integrity: sha512-VRhuHOLoKYOy4UbilLbUzbYg93XLjv2PncJC50EuTWPA3gaja1UjBsUP/D/9/juV3vQFr6XBEzn9KCAHdUvOHw==} + concat-map@0.0.1: + resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==} + confbox@0.1.8: resolution: {integrity: sha512-RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/WrK6w==} @@ -7740,9 +7659,6 @@ packages: resolution: {integrity: sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA==} engines: {node: '>=18'} - copy-anything@2.0.6: - resolution: {integrity: sha512-1j20GZTsvKNkc4BY3NpMOM8tt///wY3FpIzozTOFO2ffuZcV61nojHXVKIy3WM+7ADCy5FVhdZYHYDdgTU0yJw==} - core-js-compat@3.47.0: resolution: {integrity: sha512-IGfuznZ/n7Kp9+nypamBhvwdwLsW6KC8IOaURw2doAK5e98AG3acVLdh0woOnEqCfUtS+Vu882JE4k/DAm3ItQ==} @@ -7826,15 +7742,11 @@ packages: resolution: {integrity: sha512-x8dy3RnvYdlUcPOjkEHqozhiwzKNSq7GcPuXFbnyMOCHxX8V3OgIg/pYuabl2sbUPfIJaeAQB7PMOK8DFIdoRA==} engines: {node: '>=12'} - css-color-keywords@1.0.0: - resolution: {integrity: sha512-FyyrDHZKEjXDpNJYvVsV960FiqQyXc/LlYmsxl2BcdMb2WPx0OGRVgTg55rPSyLSNMqP52R9r8geSp7apN3Ofg==} - engines: {node: '>=4'} - css-declaration-sorter@7.3.1: resolution: {integrity: sha512-gz6x+KkgNCjxq3Var03pRYLhyNfwhkKF1g/yoLgDNtFvVu0/fOLV9C8fFEZRjACp/XQLumjAYo7JVjzH3wLbxA==} engines: {node: ^14 || ^16 || >=18} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.0.9 css-functions-list@3.2.3: resolution: {integrity: sha512-IQOkD3hbR5KrN93MtcYuad6YPuTSUhntLHDuLEbFWE+ff2/XSZNdZG+LcbbIW5AXKg/WFIfYItIzVoHngHXZzA==} @@ -7843,9 +7755,6 @@ packages: css-select@5.2.2: resolution: {integrity: sha512-TizTzUddG/xYLA3NXodFM0fSbNizXjOKhqiQQwvhlspadZokn1KDy0NZFS0wuEubIYAV5/c1/lAr0TaaFXEXzw==} - css-to-react-native@3.2.0: - resolution: {integrity: sha512-e8RKaLXMOFii+02mOlqwjbD00KSEKqblnpO9e++1aXS1fPQOpS1YoqdVHBqPjHNoxeF2mimzVqawm2KCbEdtHQ==} - css-tree@2.2.1: resolution: {integrity: sha512-OA0mILzGc1kCOCSJerOeqDxDQ4HOh+G8NbOJFOTgOCzpw7fCBubk0fEyxp8AgOL/jvLgYA/uV0cMbe43ElF1JA==} engines: {node: ^10 || ^12.20.0 || ^14.13.0 || >=15.0.0, npm: '>=7.0.0'} @@ -7878,19 +7787,19 @@ packages: resolution: {integrity: sha512-6ZBjW0Lf1K1Z+0OKUAUpEN62tSXmYChXWi2NAA0afxEVsj9a+MbcB1l5qel6BHJHmULai2fCGRthCeKSFbScpA==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 cssnano-utils@5.0.1: resolution: {integrity: sha512-ZIP71eQgG9JwjVZsTPSqhc6GHgEr53uJ7tK5///VfyWj6Xp2DBmixWHqJgPno+PqATzn48pL42ww9x5SSGmhZg==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 cssnano@7.1.2: resolution: {integrity: sha512-HYOPBsNvoiFeR1eghKD5C3ASm64v9YVyJB4Ivnl2gqKoQYvjjN/G0rztvKQq8OxocUtC6sjqY8jwYngIB4AByA==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 csso@5.0.5: resolution: {integrity: sha512-0LrrStPOdJj+SPCCrGhzryycLjwcgUSHBtxNA8aIDxf0GLsRh1cKYhB00Gd1lDOS4yGH69+SNn13+TWbVHETFQ==} @@ -8402,10 +8311,6 @@ packages: resolution: {integrity: sha512-xUtoPkMggbz0MPyPiIWr1Kp4aeWJjDZ6SMvURhimjdZgsRuDplF5/s9hcgGhyXMhs+6vpnuoiZ2kFiu3FMnS8Q==} engines: {node: '>=18'} - errno@0.1.8: - resolution: {integrity: sha512-dJ6oBr5SQ1VSd9qkk7ByRgb/1SH4JZjCHSW/mr63/QcXO9zLVxvJ6Oy13nio03rxpSnVDDjFor75SjVeZWPW/A==} - hasBin: true - error-ex@1.3.4: resolution: {integrity: sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ==} @@ -8731,7 +8636,7 @@ packages: resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==} engines: {node: '>=12.0.0'} peerDependencies: - picomatch: '>=4.0.4' + picomatch: ^3 || ^4 peerDependenciesMeta: picomatch: optional: true @@ -9168,10 +9073,6 @@ packages: resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==} engines: {node: '>= 0.4'} - hasown@2.0.3: - resolution: {integrity: sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==} - engines: {node: '>= 0.4'} - hast-util-from-dom@5.0.1: resolution: {integrity: sha512-N+LqofjR2zuzTjCPzyDUdSshy4Ma6li7p/c3pA78uTwzFgENbgbUrm2ugwsOdcjI1muO+o6Dgzp9p8WHtn/39Q==} @@ -9361,17 +9262,9 @@ packages: resolution: {integrity: sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==} engines: {node: '>= 4'} - image-size@0.5.5: - resolution: {integrity: sha512-6TDAlDPZxUFCv+fuOkIoXT/V/f3Qbq8e37p+YOiYrUv3v9cc3/6x78VdfPgFVaB9dZYeLUfKgHRebpkm/oP2VQ==} - engines: {node: '>=0.10.0'} - hasBin: true - immer@10.2.0: resolution: {integrity: sha512-d/+XTN3zfODyjr89gM3mPq1WNX2B8pYsu7eORitdwyA2sBubnTl3laYlBk4sXY5FUa5qTZGBDPJICVbvqzjlbw==} - immutable@5.1.5: - resolution: {integrity: sha512-t7xcm2siw+hlUM68I+UEOK+z84RzmN59as9DZ7P1l0994DKUWV7UXBMQZVxaoMSRQ+PBZbHCOoBt7a2wxOMt+A==} - import-fresh@3.3.1: resolution: {integrity: sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==} engines: {node: '>=6'} @@ -9380,10 +9273,6 @@ packages: resolution: {integrity: sha512-YVt14UZCgsX1vZQ3gKjkWVdBdHQ6eu3MPU1TBgL1H5orXe2+jWD006WCPPtOuwlQm10NuzOW5WawiF1Q9veW8g==} engines: {node: '>=18.20'} - import-lazy@4.0.0: - resolution: {integrity: sha512-rKtvo6a868b5Hu3heneU+L4yEQ4jYKLtjpnPeUdK7h0yzXGmyBTypknlkCvHFBqfX9YlorEiMM6Dnq/5atfHkw==} - engines: {node: '>=8'} - import-meta-resolve@4.2.0: resolution: {integrity: sha512-Iqv2fzaTQN28s/FwZAoFq0ZSs/7hMAHJVX+w8PZl3cY19Pxk6jFFalxQoIfW2826i/fDLXv8IiEZRIT0lDuWcg==} @@ -9508,10 +9397,6 @@ packages: resolution: {integrity: sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==} engines: {node: '>= 0.4'} - is-core-module@2.16.2: - resolution: {integrity: sha512-evOr8xfXKxE6qSR0hSXL2r3sd7ALj8+7jQEUvPYcm5sgZFdJ+AYzT6yNmJenvIYQBgIGwfwz08sL8zoL7yq2BA==} - engines: {node: '>= 0.4'} - is-data-view@1.0.2: resolution: {integrity: sha512-RKtWF8pGmS87i2D6gqQu/l7EYRlVdfzemCJN/P3UOs//x1QE7mfhvzHIApBTRf7axvT6DMGwSwBXYCT0nfB9xw==} engines: {node: '>= 0.4'} @@ -9721,9 +9606,6 @@ packages: resolution: {integrity: sha512-mfcwb6IzQyOKTs84CQMrOwW4gQcaTOAWJ0zzJCl2WSPDrWk/OzDaImWFH3djXhb24g4eudZfLRozAvPGw4d9hQ==} engines: {node: '>= 0.4'} - is-what@3.14.1: - resolution: {integrity: sha512-sNxgpk9793nzSs7bA6JQJGeIuRBQhAaNGG77kzYQgMkrID+lS6SlK07K5LaptscDlSaIgH+GPFzf+d75FVxozA==} - is-windows@1.0.2: resolution: {integrity: sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==} engines: {node: '>=0.10.0'} @@ -9852,9 +9734,6 @@ packages: resolution: {integrity: sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==} hasBin: true - jju@1.4.0: - resolution: {integrity: sha512-8wb9Yw966OSxApiCt0K3yNJL8pnNeIv+OEq2YMidz4FKP6nonSRoOXc80iXY4JaN2FC11B9qsNmDsm+ZOfMROA==} - jose@6.1.3: resolution: {integrity: sha512-0TpaTfihd4QMNwrz/ob2Bp7X04yuxJkjRGi4aKmOqwhov54i6u79oCv7T+C7lo70MKH6BesI3vscD1yb/yzKXQ==} @@ -9988,11 +9867,6 @@ packages: layout-base@2.0.1: resolution: {integrity: sha512-dp3s92+uNI1hWIpPGH3jK2kxE2lMjdXdr+DH8ynZHpd6PUlH6x6cbuXnoMmiNumznqaNO31xu9e79F0uuZ0JFg==} - less@4.4.2: - resolution: {integrity: sha512-j1n1IuTX1VQjIy3tT7cyGbX7nvQOsFLoIqobZv4ttI5axP923gA44zUj6miiA6R5Aoms4sEGVIIcucXUbRI14g==} - engines: {node: '>=14'} - hasBin: true - leven@3.1.0: resolution: {integrity: sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==} engines: {node: '>=6'} @@ -10074,6 +9948,7 @@ packages: engines: {node: '>= 12.0.0'} cpu: [arm64] os: [linux] + libc: [glibc] lightningcss-linux-arm64-gnu@1.32.0: resolution: {integrity: sha512-0nnMyoyOLRJXfbMOilaSRcLH3Jw5z9HDNGfT/gwCPgaDjnx0i8w7vBzFLFR1f6CMLKF8gVbebmkUN3fa/kQJpQ==} @@ -10087,6 +9962,7 @@ packages: engines: {node: '>= 12.0.0'} cpu: [arm64] os: [linux] + libc: [musl] lightningcss-linux-arm64-musl@1.32.0: resolution: {integrity: sha512-UpQkoenr4UJEzgVIYpI80lDFvRmPVg6oqboNHfoH4CQIfNA+HOrZ7Mo7KZP02dC6LjghPQJeBsvXhJod/wnIBg==} @@ -10100,6 +9976,7 @@ packages: engines: {node: '>= 12.0.0'} cpu: [x64] os: [linux] + libc: [glibc] lightningcss-linux-x64-gnu@1.32.0: resolution: {integrity: sha512-V7Qr52IhZmdKPVr+Vtw8o+WLsQJYCTd8loIfpDaMRWGUZfBOYEJeyJIkqGIDMZPwPx24pUMfwSxxI8phr/MbOA==} @@ -10113,6 +9990,7 @@ packages: engines: {node: '>= 12.0.0'} cpu: [x64] os: [linux] + libc: [musl] lightningcss-linux-x64-musl@1.32.0: resolution: {integrity: sha512-bYcLp+Vb0awsiXg/80uCRezCYHNg1/l3mt0gzHnWV9XP1W5sKa5/TCdGWaR/zBM2PeF/HbsQv/j2URNOiVuxWg==} @@ -10266,6 +10144,9 @@ packages: lodash.upperfirst@4.3.1: resolution: {integrity: sha512-sReKOYJIJf74dhJONhU4e0/shzi1trVbSWDOhKYE5XV2O+H7Sb2Dihwuc7xWxVl+DgFPyTqIN3zMfT9cq5iWDg==} + lodash@4.17.21: + resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==} + lodash@4.18.1: resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==} @@ -10330,10 +10211,6 @@ packages: lru-cache@5.1.1: resolution: {integrity: sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==} - lru-cache@6.0.0: - resolution: {integrity: sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==} - engines: {node: '>=10'} - lucide-react@0.555.0: resolution: {integrity: sha512-D8FvHUGbxWBRQM90NZeIyhAvkFfsh3u9ekrMvJ30Z6gnpBHS6HC6ldLg7tL45hwiIz/u66eKDtdA23gwwGsAHA==} peerDependencies: @@ -10360,10 +10237,6 @@ packages: resolution: {integrity: sha512-ayF7iT+44LXdxJLTrTd3TLQpFDDvPCBxXxbv+pMUSuHA5Q8zyAfwkRP6aHHwNVFBUFWtxAHqwNJxF8vMZLAbVg==} engines: {node: '>=18'} - make-dir@2.1.0: - resolution: {integrity: sha512-LS9X+dc8KLxXCb8dni79fLIIUA5VyZoyjSMCwTluaXA0o27cCK0bhXkpgw+sTXVpPy/lSO57ilRixqk0vDmtRA==} - engines: {node: '>=6'} - make-dir@4.0.0: resolution: {integrity: sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==} engines: {node: '>=10'} @@ -10653,11 +10526,6 @@ packages: resolution: {integrity: sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==} engines: {node: '>=18'} - mime@1.6.0: - resolution: {integrity: sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==} - engines: {node: '>=4'} - hasBin: true - mime@4.1.0: resolution: {integrity: sha512-X5ju04+cAzsojXKes0B/S4tcYtFAJ6tTMuSPBEn9CPGlrWr8Fiw7qYeLT0XyH80HSoAoqWCaz+MWKh22P7G1cw==} engines: {node: '>=16'} @@ -10686,6 +10554,13 @@ packages: resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==} engines: {node: 18 || 20 || >=22} + minimatch@3.1.5: + resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==} + + minimatch@5.1.9: + resolution: {integrity: sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==} + engines: {node: '>=10'} + minimist@1.2.7: resolution: {integrity: sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==} @@ -10810,11 +10685,6 @@ packages: natural-compare@1.4.0: resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==} - needle@3.5.0: - resolution: {integrity: sha512-jaQyPKKk2YokHrEg+vFDYxXIHTCBgiZwSHOoVx/8V3GIBS8/VN6NdVRmg8q1ERtPkMvmOvebsgga4sAj5hls/w==} - engines: {node: '>= 4.4.x'} - hasBin: true - negotiator@1.0.0: resolution: {integrity: sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==} engines: {node: '>= 0.6'} @@ -11144,6 +11014,10 @@ packages: orderedmap@2.1.1: resolution: {integrity: sha512-TvAWxi0nDe1j/rtMcWcIj94+Ffe6n7zhow33h40SKxmsmozs6dz/e+EajymfoFcHd7sxNn8yHM8839uixMOV6g==} + os-tmpdir@1.0.2: + resolution: {integrity: sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g==} + engines: {node: '>=0.10.0'} + outvariant@1.4.3: resolution: {integrity: sha512-+Sl2UErvtsoajRDKCE5/dBz4DIvHXQQnAxtQTF04OJxY0+DyZXSo5P5Bb7XYWOh81syohlYL24hbDwxedPUJCA==} @@ -11293,10 +11167,6 @@ packages: resolution: {integrity: sha512-TXfryirbmq34y8QBwgqCVLi+8oA3oWx2eAnSn62ITyEhEYaWRlVZ2DvMM9eZbMs/RfxPu/PK/aBLyGj4IrqMHw==} engines: {node: '>=18'} - parse-node-version@1.0.1: - resolution: {integrity: sha512-3YHlOa/JgH6Mnpr05jP9eDG254US9ek25LyIxZlDItp2iJtwyaXQb57lBYLdT3MowkUFYEV2XXNAYIPlESvJlA==} - engines: {node: '>= 0.10'} - parse-numeric-range@1.3.0: resolution: {integrity: sha512-twN+njEipszzlMJd4ONUYgSfZPDxgHhT9Ahed5uTigpQn90FggW4SA/AIPq/6a149fTbE9qBEcSwE3FAEp6wQQ==} @@ -11394,6 +11264,14 @@ packages: picocolors@1.1.1: resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==} + picomatch@2.3.2: + resolution: {integrity: sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==} + engines: {node: '>=8.6'} + + picomatch@4.0.3: + resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==} + engines: {node: '>=12'} + picomatch@4.0.4: resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==} engines: {node: '>=12'} @@ -11414,10 +11292,6 @@ packages: resolution: {integrity: sha512-C3FsVNH1udSEX48gGX1xfvwTWfsYWj5U+8/uK15BGzIGrKoUpghX8hWZwa/OFnakBiiVNmBvemTJR5mcy7iPcg==} engines: {node: '>=4'} - pify@4.0.1: - resolution: {integrity: sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==} - engines: {node: '>=6'} - pirates@4.0.7: resolution: {integrity: sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA==} engines: {node: '>= 6'} @@ -11458,62 +11332,62 @@ packages: resolution: {integrity: sha512-NYEsLHh8DgG/PRH2+G9BTuUdtf9ViS+vdoQ0YA5OQdGsfN4ztiwtDWNtBl9EKeqNMFnIu8IKZ0cLxEQ5r5KVMw==} engines: {node: ^18.12 || ^20.9 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.38 postcss-cli@10.1.0: resolution: {integrity: sha512-Zu7PLORkE9YwNdvOeOVKPmWghprOtjFQU3srMUGbdz3pHJiFh7yZ4geiZFMkjMfB0mtTFR3h8RemR62rPkbOPA==} engines: {node: '>=14'} hasBin: true peerDependencies: - postcss: ^8.5.14 + postcss: ^8.0.0 postcss-colormin@7.0.5: resolution: {integrity: sha512-ekIBP/nwzRWhEMmIxHHbXHcMdzd1HIUzBECaj5KEdLz9DVP2HzT065sEhvOx1dkLjYW7jyD0CngThx6bpFi2fA==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-convert-values@7.0.8: resolution: {integrity: sha512-+XNKuPfkHTCEo499VzLMYn94TiL3r9YqRE3Ty+jP7UX4qjewUONey1t7CG21lrlTLN07GtGM8MqFVp86D4uKJg==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-discard-comments@7.0.5: resolution: {integrity: sha512-IR2Eja8WfYgN5n32vEGSctVQ1+JARfu4UH8M7bgGh1bC+xI/obsPJXaBpQF7MAByvgwZinhpHpdrmXtvVVlKcQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-discard-duplicates@7.0.2: resolution: {integrity: sha512-eTonaQvPZ/3i1ASDHOKkYwAybiM45zFIc7KXils4mQmHLqIswXD9XNOKEVxtTFnsmwYzF66u4LMgSr0abDlh5w==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-discard-empty@7.0.1: resolution: {integrity: sha512-cFrJKZvcg/uxB6Ijr4l6qmn3pXQBna9zyrPC+sK0zjbkDUZew+6xDltSF7OeB7rAtzaaMVYSdbod+sZOCWnMOg==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-discard-overridden@7.0.1: resolution: {integrity: sha512-7c3MMjjSZ/qYrx3uc1940GSOzN1Iqjtlqe8uoSg+qdVPYyRb0TILSqqmtlSFuE4mTDECwsm397Ya7iXGzfF7lg==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-import@16.1.1: resolution: {integrity: sha512-2xVS1NCZAfjtVdvXiyegxzJ447GyqCeEI5V7ApgQVOWnros1p5lGNovJNapwPpMombyFBfqDwt7AD3n2l0KOfQ==} engines: {node: '>=18.0.0'} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.0.0 postcss-load-config@4.0.2: resolution: {integrity: sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==} engines: {node: '>= 14'} peerDependencies: - postcss: ^8.5.14 + postcss: '>=8.0.9' ts-node: '>=9.0.0' peerDependenciesMeta: postcss: @@ -11525,115 +11399,115 @@ packages: resolution: {integrity: sha512-Kpu5v4Ys6QI59FxmxtNB/iHUVDn9Y9sYw66D6+SZoIk4QTz1prC4aYkhIESu+ieG1iylod1f8MILMs1Em3mmIw==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-merge-rules@7.0.7: resolution: {integrity: sha512-njWJrd/Ms6XViwowaaCc+/vqhPG3SmXn725AGrnl+BgTuRPEacjiLEaGq16J6XirMJbtKkTwnt67SS+e2WGoew==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-minify-font-values@7.0.1: resolution: {integrity: sha512-2m1uiuJeTplll+tq4ENOQSzB8LRnSUChBv7oSyFLsJRtUgAAJGP6LLz0/8lkinTgxrmJSPOEhgY1bMXOQ4ZXhQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-minify-gradients@7.0.1: resolution: {integrity: sha512-X9JjaysZJwlqNkJbUDgOclyG3jZEpAMOfof6PUZjPnPrePnPG62pS17CjdM32uT1Uq1jFvNSff9l7kNbmMSL2A==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-minify-params@7.0.5: resolution: {integrity: sha512-FGK9ky02h6Ighn3UihsyeAH5XmLEE2MSGH5Tc4tXMFtEDx7B+zTG6hD/+/cT+fbF7PbYojsmmWjyTwFwW1JKQQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-minify-selectors@7.0.5: resolution: {integrity: sha512-x2/IvofHcdIrAm9Q+p06ZD1h6FPcQ32WtCRVodJLDR+WMn8EVHI1kvLxZuGKz/9EY5nAmI6lIQIrpo4tBy5+ug==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-normalize-charset@7.0.1: resolution: {integrity: sha512-sn413ofhSQHlZFae//m9FTOfkmiZ+YQXsbosqOWRiVQncU2BA3daX3n0VF3cG6rGLSFVc5Di/yns0dFfh8NFgQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-normalize-display-values@7.0.1: resolution: {integrity: sha512-E5nnB26XjSYz/mGITm6JgiDpAbVuAkzXwLzRZtts19jHDUBFxZ0BkXAehy0uimrOjYJbocby4FVswA/5noOxrQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-normalize-positions@7.0.1: resolution: {integrity: sha512-pB/SzrIP2l50ZIYu+yQZyMNmnAcwyYb9R1fVWPRxm4zcUFCY2ign7rcntGFuMXDdd9L2pPNUgoODDk91PzRZuQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-normalize-repeat-style@7.0.1: resolution: {integrity: sha512-NsSQJ8zj8TIDiF0ig44Byo3Jk9e4gNt9x2VIlJudnQQ5DhWAHJPF4Tr1ITwyHio2BUi/I6Iv0HRO7beHYOloYQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-normalize-string@7.0.1: resolution: {integrity: sha512-QByrI7hAhsoze992kpbMlJSbZ8FuCEc1OT9EFbZ6HldXNpsdpZr+YXC5di3UEv0+jeZlHbZcoCADgb7a+lPmmQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-normalize-timing-functions@7.0.1: resolution: {integrity: sha512-bHifyuuSNdKKsnNJ0s8fmfLMlvsQwYVxIoUBnowIVl2ZAdrkYQNGVB4RxjfpvkMjipqvbz0u7feBZybkl/6NJg==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-normalize-unicode@7.0.5: resolution: {integrity: sha512-X6BBwiRxVaFHrb2WyBMddIeB5HBjJcAaUHyhLrM2FsxSq5TFqcHSsK7Zu1otag+o0ZphQGJewGH1tAyrD0zX1Q==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-normalize-url@7.0.1: resolution: {integrity: sha512-sUcD2cWtyK1AOL/82Fwy1aIVm/wwj5SdZkgZ3QiUzSzQQofrbq15jWJ3BA7Z+yVRwamCjJgZJN0I9IS7c6tgeQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-normalize-whitespace@7.0.1: resolution: {integrity: sha512-vsbgFHMFQrJBJKrUFJNZ2pgBeBkC2IvvoHjz1to0/0Xk7sII24T0qFOiJzG6Fu3zJoq/0yI4rKWi7WhApW+EFA==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-ordered-values@7.0.2: resolution: {integrity: sha512-AMJjt1ECBffF7CEON/Y0rekRLS6KsePU6PRP08UqYW4UGFRnTXNrByUzYK1h8AC7UWTZdQ9O3Oq9kFIhm0SFEw==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-reduce-initial@7.0.5: resolution: {integrity: sha512-RHagHLidG8hTZcnr4FpyMB2jtgd/OcyAazjMhoy5qmWJOx1uxKh4ntk0Pb46ajKM0rkf32lRH4C8c9qQiPR6IA==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-reduce-transforms@7.0.1: resolution: {integrity: sha512-MhyEbfrm+Mlp/36hvZ9mT9DaO7dbncU0CvWI8V93LRkY6IYlu38OPg3FObnuKTUxJ4qA8HpurdQOo5CyqqO76g==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-reporter@7.1.0: resolution: {integrity: sha512-/eoEylGWyy6/DOiMP5lmFRdmDKThqgn7D6hP2dXKJI/0rJSO1ADFNngZfDzxL0YAxFvws+Rtpuji1YIHj4mySA==} engines: {node: '>=10'} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.1.0 postcss-resolve-nested-selector@0.1.6: resolution: {integrity: sha512-0sglIs9Wmkzbr8lQwEyIzlDOOC9bGmfVKcJTaxv3vMmd3uo4o4DerC3En0bnmgceeql9BfC8hRkp7cg0fjdVqw==} @@ -11642,7 +11516,7 @@ packages: resolution: {integrity: sha512-0AioNCJZ2DPYz5ABT6bddIqlhgwhpHZ/l65YAYo0BCIn0xiDpsnTHz0gnoTGk0OXZW0JRs+cDwL8u/teRdz+8A==} engines: {node: '>=18.0'} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.31 postcss-selector-parser@7.1.0: resolution: {integrity: sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==} @@ -11656,17 +11530,21 @@ packages: resolution: {integrity: sha512-KnAlfmhtoLz6IuU3Sij2ycusNs4jPW+QoFE5kuuUOK8awR6tMxZQrs5Ey3BUz7nFCzT3eqyFgqkyrHiaU2xx3w==} engines: {node: ^18.12.0 || ^20.9.0 || >= 18} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-unique-selectors@7.0.4: resolution: {integrity: sha512-pmlZjsmEAG7cHd7uK3ZiNSW6otSZ13RHuZ/4cDN/bVglS5EpF2r2oxY99SuOHa8m7AWoBCelTS3JPpzsIs8skQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 postcss-value-parser@4.2.0: resolution: {integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==} + postcss@8.4.31: + resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==} + engines: {node: ^10 || ^12 || >=14} + postcss@8.5.14: resolution: {integrity: sha512-SoSL4+OSEtR99LHFZQiJLkT59C5B1amGO1NzTwj7TT1qCUgUO6hxOvzkOYxD+vMrXBM3XJIKzokoERdqQq/Zmg==} engines: {node: ^10 || ^12 || >=14} @@ -11797,9 +11675,6 @@ packages: resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==} engines: {node: '>= 0.10'} - prr@1.0.1: - resolution: {integrity: sha512-yPw4Sng1gWghHQWj0B3ZggWUm4qVbPwPFcRG8KyxiU7J2OHFSoEHKS+EZ3fv5l1t9CyCiop6l/ZYeWbrgoQejw==} - pseudolocale@2.2.0: resolution: {integrity: sha512-O+D2eU7fO9wVLqrohvt9V/9fwMadnJQ4jxwiK+LeNEqhMx8JYx4xQHkArDCJFAdPPOp/pQq6z5L37eBvAoc8jw==} engines: {node: '>=16.0.0'} @@ -12133,10 +12008,6 @@ packages: resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==} engines: {node: '>=8.10.0'} - readdirp@4.1.2: - resolution: {integrity: sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==} - engines: {node: '>= 14.18.0'} - reading-time@1.5.0: resolution: {integrity: sha512-onYyVhBNr4CmAxFsKS7bz+uTLRakypIe4R+5A824vBSkQy/hB3fZepoVEf8OVAxzLvK+H/jm9TzpI3ETSm64Kg==} @@ -12322,11 +12193,6 @@ packages: engines: {node: '>= 0.4'} hasBin: true - resolve@1.22.12: - resolution: {integrity: sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==} - engines: {node: '>= 0.4'} - hasBin: true - resolve@2.0.0-next.6: resolution: {integrity: sha512-3JmVl5hMGtJ3kMmB3zi3DL25KfkCEyy3Tw7Gmw7z5w8M9WlwoPFnIvwChzu1+cF3iaK3sp18hhPz8ANeimdJfA==} engines: {node: '>= 0.4'} @@ -12450,19 +12316,10 @@ packages: sanitize-html@2.17.0: resolution: {integrity: sha512-dLAADUSS8rBwhaevT12yCezvioCA+bmUTPH/u57xKPT8d++voeYE6HeluA/bPbQ15TwDBG2ii+QZIEmYx8VdxA==} - sass@1.94.2: - resolution: {integrity: sha512-N+7WK20/wOr7CzA2snJcUSSNTCzeCGUTFY3OgeQP3mZ1aj9NMQ0mSTXwlrnd89j33zzQJGqIN52GIOmYrfq46A==} - engines: {node: '>=14.0.0'} - hasBin: true - sax@1.5.0: resolution: {integrity: sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==} engines: {node: '>=11.0.0'} - sax@1.6.0: - resolution: {integrity: sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==} - engines: {node: '>=11.0.0'} - saxen@10.0.0: resolution: {integrity: sha512-RXsmWok/SAWqOG/f5ADEz51DN9WtZEzqih3e08ranldcaXekxjx8NBKjGh/y5hlowjo0JH/LekBu6gtPFD1G6g==} engines: {node: '>= 18'} @@ -12511,11 +12368,6 @@ packages: resolution: {integrity: sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==} hasBin: true - semver@7.5.4: - resolution: {integrity: sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==} - engines: {node: '>=10'} - hasBin: true - semver@7.7.3: resolution: {integrity: sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==} engines: {node: '>=10'} @@ -12742,9 +12594,6 @@ packages: resolution: {integrity: sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==} engines: {node: '>= 10.x'} - sprintf-js@1.0.3: - resolution: {integrity: sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==} - sqids@0.3.0: resolution: {integrity: sha512-lOQK1ucVg+W6n3FhRwwSeUijxe93b51Bfz5PMRMihVf1iVkl82ePQG7V5vwrhzB11v0NtsR25PSZRGiSomJaJw==} @@ -12943,7 +12792,7 @@ packages: resolution: {integrity: sha512-bJkD0JkEtbRrMFtwgpJyBbFIwfDDONQ1Ov3sDLZQP8HuJ73kBOyx66H4bOcAbVWmnfLdvQ0AJwXxOMkpujcO6g==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.5.14 + postcss: ^8.4.32 stylelint-config-recommended@14.0.1: resolution: {integrity: sha512-bLvc1WOz/14aPImu/cufKAZYfXs/A/owZfSMZ4N+16WGXLoX5lOir53M6odBxvhgmgdxCVnNySJmZKx73T93cg==} @@ -13182,9 +13031,9 @@ packages: tmcp@1.19.2: resolution: {integrity: sha512-/AEG/jlzflGKqCKm7GNdhz50VtFlN+3vcnKd+iQJXcHdIPrpCRMolEj57SfgcXcfE2ouX7J6Q05gPKsS2NZhKg==} - tmp@0.2.5: - resolution: {integrity: sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==} - engines: {node: '>=14.14'} + tmp@0.0.33: + resolution: {integrity: sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==} + engines: {node: '>=0.6.0'} to-regex-range@5.0.1: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} @@ -13390,11 +13239,6 @@ packages: engines: {node: '>=4.2.0'} hasBin: true - typescript@5.8.2: - resolution: {integrity: sha512-aJn6wq13/afZp/jT9QZmwEjDqqvSGp1VT5GVg+f/t6/oVyrgXM6BY1h9BRh/O5p3PlUPAe+WuiEZOmb/49RqoQ==} - engines: {node: '>=14.17'} - hasBin: true - typescript@5.9.3: resolution: {integrity: sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==} engines: {node: '>=14.17'} @@ -13981,9 +13825,6 @@ packages: yallist@3.1.1: resolution: {integrity: sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==} - yallist@4.0.0: - resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} - yaml@1.10.3: resolution: {integrity: sha512-vIYeF1u3CjlhAFekPPAk2h/Kv4T3mAkMox5OymRiJQB0spDP10LHvt+K7G9Ny6NuuMAb25/6n1qyUjAcGNf/AA==} engines: {node: '>= 6'} @@ -15756,7 +15597,7 @@ snapshots: dependencies: '@eslint/object-schema': 2.1.7 debug: 4.4.3 - minimatch: 10.2.5 + minimatch: 3.1.5 transitivePeerDependencies: - supports-color @@ -15777,7 +15618,7 @@ snapshots: ignore: 5.3.2 import-fresh: 3.3.1 js-yaml: 4.1.1 - minimatch: 10.2.5 + minimatch: 3.1.5 strip-json-comments: 3.1.1 transitivePeerDependencies: - supports-color @@ -16202,11 +16043,11 @@ snapshots: '@types/yargs': 17.0.35 chalk: 4.1.2 - '@joshwooding/vite-plugin-react-docgen-typescript@0.6.4(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))': + '@joshwooding/vite-plugin-react-docgen-typescript@0.6.4(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))': dependencies: glob: 13.0.6 react-docgen-typescript: 2.4.0(typescript@5.9.3) - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) optionalDependencies: typescript: 5.9.3 @@ -16548,35 +16389,6 @@ snapshots: dependencies: moo: 0.5.2 - '@microsoft/api-extractor-model@7.33.4(@types/node@24.10.1)': - dependencies: - '@microsoft/tsdoc': 0.16.0 - '@microsoft/tsdoc-config': 0.18.1 - '@rushstack/node-core-library': 5.20.3(@types/node@24.10.1) - transitivePeerDependencies: - - '@types/node' - optional: true - - '@microsoft/api-extractor@7.57.6(@types/node@24.10.1)': - dependencies: - '@microsoft/api-extractor-model': 7.33.4(@types/node@24.10.1) - '@microsoft/tsdoc': 0.16.0 - '@microsoft/tsdoc-config': 0.18.1 - '@rushstack/node-core-library': 5.20.3(@types/node@24.10.1) - '@rushstack/rig-package': 0.7.2 - '@rushstack/terminal': 0.22.3(@types/node@24.10.1) - '@rushstack/ts-command-line': 5.3.3(@types/node@24.10.1) - diff: 8.0.4 - lodash: 4.18.1 - minimatch: 10.2.5 - resolve: 1.22.12 - semver: 7.5.4 - source-map: 0.6.1 - typescript: 5.8.2 - transitivePeerDependencies: - - '@types/node' - optional: true - '@microsoft/applicationinsights-analytics-js@2.8.18(tslib@2.8.1)': dependencies: '@microsoft/applicationinsights-common': 2.8.18(tslib@2.8.1) @@ -16739,17 +16551,6 @@ snapshots: - encoding - utf-8-validate - '@microsoft/tsdoc-config@0.18.1': - dependencies: - '@microsoft/tsdoc': 0.16.0 - ajv: 8.18.0 - jju: 1.4.0 - resolve: 1.22.12 - optional: true - - '@microsoft/tsdoc@0.16.0': - optional: true - '@modelcontextprotocol/sdk@1.26.0(zod@3.25.76)': dependencies: '@hono/node-server': 1.19.13(hono@4.12.18) @@ -17593,81 +17394,42 @@ snapshots: '@parcel/watcher-android-arm64@2.5.1': optional: true - '@parcel/watcher-android-arm64@2.5.6': - optional: true - '@parcel/watcher-darwin-arm64@2.5.1': optional: true - '@parcel/watcher-darwin-arm64@2.5.6': - optional: true - '@parcel/watcher-darwin-x64@2.5.1': optional: true - '@parcel/watcher-darwin-x64@2.5.6': - optional: true - '@parcel/watcher-freebsd-x64@2.5.1': optional: true - '@parcel/watcher-freebsd-x64@2.5.6': - optional: true - '@parcel/watcher-linux-arm-glibc@2.5.1': optional: true - '@parcel/watcher-linux-arm-glibc@2.5.6': - optional: true - '@parcel/watcher-linux-arm-musl@2.5.1': optional: true - '@parcel/watcher-linux-arm-musl@2.5.6': - optional: true - '@parcel/watcher-linux-arm64-glibc@2.5.1': optional: true - '@parcel/watcher-linux-arm64-glibc@2.5.6': - optional: true - '@parcel/watcher-linux-arm64-musl@2.5.1': optional: true - '@parcel/watcher-linux-arm64-musl@2.5.6': - optional: true - '@parcel/watcher-linux-x64-glibc@2.5.1': optional: true - '@parcel/watcher-linux-x64-glibc@2.5.6': - optional: true - '@parcel/watcher-linux-x64-musl@2.5.1': optional: true - '@parcel/watcher-linux-x64-musl@2.5.6': - optional: true - '@parcel/watcher-win32-arm64@2.5.1': optional: true - '@parcel/watcher-win32-arm64@2.5.6': - optional: true - '@parcel/watcher-win32-ia32@2.5.1': optional: true - '@parcel/watcher-win32-ia32@2.5.6': - optional: true - '@parcel/watcher-win32-x64@2.5.1': optional: true - '@parcel/watcher-win32-x64@2.5.6': - optional: true - '@parcel/watcher@2.5.1': dependencies: detect-libc: 1.0.3 @@ -17689,28 +17451,6 @@ snapshots: '@parcel/watcher-win32-ia32': 2.5.1 '@parcel/watcher-win32-x64': 2.5.1 - '@parcel/watcher@2.5.6': - dependencies: - detect-libc: 2.1.2 - is-glob: 4.0.3 - node-addon-api: 7.1.1 - picomatch: 4.0.4 - optionalDependencies: - '@parcel/watcher-android-arm64': 2.5.6 - '@parcel/watcher-darwin-arm64': 2.5.6 - '@parcel/watcher-darwin-x64': 2.5.6 - '@parcel/watcher-freebsd-x64': 2.5.6 - '@parcel/watcher-linux-arm-glibc': 2.5.6 - '@parcel/watcher-linux-arm-musl': 2.5.6 - '@parcel/watcher-linux-arm64-glibc': 2.5.6 - '@parcel/watcher-linux-arm64-musl': 2.5.6 - '@parcel/watcher-linux-x64-glibc': 2.5.6 - '@parcel/watcher-linux-x64-musl': 2.5.6 - '@parcel/watcher-win32-arm64': 2.5.6 - '@parcel/watcher-win32-ia32': 2.5.6 - '@parcel/watcher-win32-x64': 2.5.6 - optional: true - '@pnpm/config.env-replace@1.1.0': {} '@pnpm/constants@7.1.1': {} @@ -18683,12 +18423,11 @@ snapshots: transitivePeerDependencies: - webpack-hot-middleware - '@rslib/core@0.19.6(@microsoft/api-extractor@7.57.6(@types/node@24.10.1))(typescript@5.9.3)': + '@rslib/core@0.19.6(typescript@5.9.3)': dependencies: '@rsbuild/core': 1.7.3 - rsbuild-plugin-dts: 0.19.6(@microsoft/api-extractor@7.57.6(@types/node@24.10.1))(@rsbuild/core@1.7.3)(typescript@5.9.3) + rsbuild-plugin-dts: 0.19.6(@rsbuild/core@1.7.3)(typescript@5.9.3) optionalDependencies: - '@microsoft/api-extractor': 7.57.6(@types/node@24.10.1) typescript: 5.9.3 transitivePeerDependencies: - '@typescript/native-preview' @@ -18807,50 +18546,6 @@ snapshots: html-entities: 2.6.0 react-refresh: 0.18.0 - '@rushstack/node-core-library@5.20.3(@types/node@24.10.1)': - dependencies: - ajv: 8.18.0 - ajv-draft-04: 1.0.0(ajv@8.18.0) - ajv-formats: 3.0.1(ajv@8.18.0) - fs-extra: 11.3.5 - import-lazy: 4.0.0 - jju: 1.4.0 - resolve: 1.22.12 - semver: 7.5.4 - optionalDependencies: - '@types/node': 24.10.1 - optional: true - - '@rushstack/problem-matcher@0.2.1(@types/node@24.10.1)': - optionalDependencies: - '@types/node': 24.10.1 - optional: true - - '@rushstack/rig-package@0.7.2': - dependencies: - resolve: 1.22.12 - strip-json-comments: 3.1.1 - optional: true - - '@rushstack/terminal@0.22.3(@types/node@24.10.1)': - dependencies: - '@rushstack/node-core-library': 5.20.3(@types/node@24.10.1) - '@rushstack/problem-matcher': 0.2.1(@types/node@24.10.1) - supports-color: 8.1.1 - optionalDependencies: - '@types/node': 24.10.1 - optional: true - - '@rushstack/ts-command-line@5.3.3(@types/node@24.10.1)': - dependencies: - '@rushstack/terminal': 0.22.3(@types/node@24.10.1) - '@types/argparse': 1.0.38 - argparse: 1.0.10 - string-argv: 0.3.2 - transitivePeerDependencies: - - '@types/node' - optional: true - '@sec-ant/readable-stream@0.4.1': {} '@semantic-release/changelog@6.0.3(semantic-release@25.0.3(typescript@5.9.3))': @@ -19067,10 +18762,10 @@ snapshots: axe-core: 4.11.0 storybook: 10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) - '@storybook/addon-docs@10.2.15(@types/react@19.2.8)(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3))': + '@storybook/addon-docs@10.2.15(@types/react@19.2.8)(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3))': dependencies: '@mdx-js/react': 3.1.1(@types/react@19.2.8)(react@19.2.3) - '@storybook/csf-plugin': 10.2.15(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) + '@storybook/csf-plugin': 10.2.15(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) '@storybook/icons': 2.0.1(react-dom@19.2.3(react@19.2.3))(react@19.2.3) '@storybook/react-dom-shim': 10.2.15(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)) react: 19.2.3 @@ -19104,46 +18799,46 @@ snapshots: - '@tmcp/auth' - typescript - '@storybook/builder-vite@10.2.15(esbuild@0.27.0)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0))': + '@storybook/builder-vite@10.2.15(esbuild@0.27.0)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0))': dependencies: - '@storybook/csf-plugin': 10.2.15(esbuild@0.27.0)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0)) + '@storybook/csf-plugin': 10.2.15(esbuild@0.27.0)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0)) storybook: 10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) ts-dedent: 2.2.0 - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) transitivePeerDependencies: - esbuild - rollup - webpack - '@storybook/builder-vite@10.2.15(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3))': + '@storybook/builder-vite@10.2.15(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3))': dependencies: - '@storybook/csf-plugin': 10.2.15(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) + '@storybook/csf-plugin': 10.2.15(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) storybook: 10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) ts-dedent: 2.2.0 - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) transitivePeerDependencies: - esbuild - rollup - webpack - '@storybook/csf-plugin@10.2.15(esbuild@0.27.0)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0))': + '@storybook/csf-plugin@10.2.15(esbuild@0.27.0)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0))': dependencies: storybook: 10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) unplugin: 2.3.10 optionalDependencies: esbuild: 0.27.0 rollup: 4.59.0 - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) webpack: 5.105.4(esbuild@0.27.0) - '@storybook/csf-plugin@10.2.15(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3))': + '@storybook/csf-plugin@10.2.15(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3))': dependencies: storybook: 10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) unplugin: 2.3.10 optionalDependencies: esbuild: 0.27.3 rollup: 4.59.0 - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) webpack: 5.105.4(esbuild@0.27.3) '@storybook/global@5.0.0': {} @@ -19169,11 +18864,11 @@ snapshots: react-dom: 19.2.3(react@19.2.3) storybook: 10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) - '@storybook/react-vite@10.2.15(esbuild@0.27.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0))': + '@storybook/react-vite@10.2.15(esbuild@0.27.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0))': dependencies: - '@joshwooding/vite-plugin-react-docgen-typescript': 0.6.4(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + '@joshwooding/vite-plugin-react-docgen-typescript': 0.6.4(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) '@rollup/pluginutils': 5.3.0(rollup@4.59.0) - '@storybook/builder-vite': 10.2.15(esbuild@0.27.0)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0)) + '@storybook/builder-vite': 10.2.15(esbuild@0.27.0)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.0)) '@storybook/react': 10.2.15(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3) empathic: 2.0.0 magic-string: 0.30.21 @@ -19183,7 +18878,7 @@ snapshots: resolve: 1.22.11 storybook: 10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) tsconfig-paths: 4.2.0 - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) transitivePeerDependencies: - esbuild - rollup @@ -19191,11 +18886,11 @@ snapshots: - typescript - webpack - '@storybook/react-vite@10.2.15(esbuild@0.27.3)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3))': + '@storybook/react-vite@10.2.15(esbuild@0.27.3)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3))': dependencies: - '@joshwooding/vite-plugin-react-docgen-typescript': 0.6.4(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + '@joshwooding/vite-plugin-react-docgen-typescript': 0.6.4(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) '@rollup/pluginutils': 5.3.0(rollup@4.59.0) - '@storybook/builder-vite': 10.2.15(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) + '@storybook/builder-vite': 10.2.15(esbuild@0.27.3)(rollup@4.59.0)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))(webpack@5.105.4(esbuild@0.27.3)) '@storybook/react': 10.2.15(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(storybook@10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(typescript@5.9.3) empathic: 2.0.0 magic-string: 0.30.21 @@ -19205,7 +18900,7 @@ snapshots: resolve: 1.22.11 storybook: 10.2.15(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) tsconfig-paths: 4.2.0 - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) transitivePeerDependencies: - esbuild - rollup @@ -19471,12 +19166,12 @@ snapshots: postcss: 8.5.14 tailwindcss: 4.1.17 - '@tailwindcss/vite@4.2.2(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))': + '@tailwindcss/vite@4.2.2(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))': dependencies: '@tailwindcss/node': 4.2.2 '@tailwindcss/oxide': 4.2.2 tailwindcss: 4.2.2 - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) '@tanstack/ai-client@0.8.0': dependencies: @@ -19498,7 +19193,6 @@ snapshots: '@tanstack/ai@0.14.0': dependencies: '@ag-ui/core': 0.0.49 - '@standard-schema/spec': 1.1.0 '@tanstack/ai-event-client': 0.2.8(@tanstack/ai@0.14.0) partial-json: 0.1.7 @@ -19730,9 +19424,6 @@ snapshots: tslib: 2.8.1 optional: true - '@types/argparse@1.0.38': - optional: true - '@types/aria-query@5.0.4': {} '@types/babel__core@7.20.5': @@ -20100,7 +19791,7 @@ snapshots: '@uipath/apollo-core@5.9.1': {} - '@uipath/apollo-dashboarding@0.0.61(@types/node@24.10.1)(@types/react@19.2.8)(@uipath/apollo-core@5.9.1)(@uipath/apollo-lab@25.12.0)(@uipath/portal-shell-react@3.149.36(fe12f2fb6cf38432d22dd98c4b90e974))(luxon@3.7.2)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))': + '@uipath/apollo-dashboarding@0.0.61(@types/node@24.10.1)(@types/react@19.2.8)(@uipath/apollo-core@5.9.1)(@uipath/apollo-lab@25.12.0)(@uipath/portal-shell-react@3.149.36(9e6166e9cffa21a376f3ba9f163a66bf))(luxon@3.7.2)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))': dependencies: '@dnd-kit/core': 6.3.1(react-dom@19.2.3(react@19.2.3))(react@19.2.3) '@dnd-kit/sortable': 10.0.0(@dnd-kit/core@6.3.1(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react@19.2.3) @@ -20108,14 +19799,14 @@ snapshots: '@emotion/react': 11.14.0(@types/react@19.2.8)(react@19.2.3) '@emotion/styled': 11.14.1(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3) '@mui/material': 7.3.10(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@emotion/styled@11.14.1(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) - '@tailwindcss/vite': 4.2.2(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + '@tailwindcss/vite': 4.2.2(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) '@tanstack/react-query': 5.90.21(react@19.2.3) '@tanstack/react-table': 8.21.3(react-dom@19.2.3(react@19.2.3))(react@19.2.3) '@ts-rest/core': 3.53.0-rc.1(@types/node@24.10.1) '@uipath/apollo-core': 5.9.1 '@uipath/apollo-lab': 25.12.0 '@uipath/apollo-mui5': 2.31.26(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@emotion/styled@11.14.1(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3)) - '@uipath/portal-shell-react': 3.149.36(fe12f2fb6cf38432d22dd98c4b90e974) + '@uipath/portal-shell-react': 3.149.36(9e6166e9cffa21a376f3ba9f163a66bf) clsx: 2.1.1 i18next: 25.8.1(typescript@5.9.3) immer: 10.2.0 @@ -20233,13 +19924,13 @@ snapshots: - '@types/react' - supports-color - '@uipath/portal-shell-react@3.149.36(fe12f2fb6cf38432d22dd98c4b90e974)': + '@uipath/portal-shell-react@3.149.36(9e6166e9cffa21a376f3ba9f163a66bf)': dependencies: '@emotion/react': 11.14.0(@types/react@19.2.8)(react@19.2.3) '@emotion/styled': 11.14.1(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3) '@mui/material': 5.15.3(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@emotion/styled@11.14.1(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) '@uipath/apollo-angular-elements': 5.89.0 - '@uipath/portal-shell': 3.351.4(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@mui/system@7.3.10(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@emotion/styled@11.14.1(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3))(@uipath/apollo-fonts@1.25.8)(@uipath/autopilot-widgets@1.10.11475348(@types/react@19.2.8)(@uipath/autopilot-framework-utils@1.10.11475348(@uipath/autopilot-types@1.10.11475348(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@microsoft/applicationinsights-web@2.8.18(tslib@2.8.1))))(@uipath/autopilot-types@1.10.11475348(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@microsoft/applicationinsights-web@3.1.2(tslib@2.8.1)))(lucide-react@0.555.0(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(yaml@2.8.3))(csstype@3.2.3)(date-fns@3.6.0)(immer@10.2.0)(rollup@4.59.0)(tslib@2.8.1)(typescript@5.9.3)(yjs@13.6.30) + '@uipath/portal-shell': 3.351.4(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@mui/system@7.3.10(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@emotion/styled@11.14.1(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3))(@uipath/apollo-fonts@1.25.8)(@uipath/autopilot-widgets@1.10.11475348(@types/react@19.2.8)(@uipath/autopilot-framework-utils@1.10.11475348(@uipath/autopilot-types@1.10.11475348(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@microsoft/applicationinsights-web@2.8.18(tslib@2.8.1))))(@uipath/autopilot-types@1.10.11475348(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@microsoft/applicationinsights-web@3.1.2(tslib@2.8.1)))(lucide-react@0.555.0(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(yaml@2.8.3))(date-fns@3.6.0)(immer@10.2.0)(rollup@4.59.0)(tslib@2.8.1)(typescript@5.9.3)(yjs@13.6.30) '@uipath/portal-shell-types': 3.326.0(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@microsoft/applicationinsights-web@3.1.2(tslib@2.8.1))(@stencil/core@4.43.4) lodash-es: 4.18.1 react: 19.2.3 @@ -20269,7 +19960,7 @@ snapshots: js-cookie: 3.0.5 lodash.flatten: 4.4.0 - '@uipath/portal-shell@3.351.4(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@mui/system@7.3.10(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@emotion/styled@11.14.1(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3))(@uipath/apollo-fonts@1.25.8)(@uipath/autopilot-widgets@1.10.11475348(@types/react@19.2.8)(@uipath/autopilot-framework-utils@1.10.11475348(@uipath/autopilot-types@1.10.11475348(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@microsoft/applicationinsights-web@2.8.18(tslib@2.8.1))))(@uipath/autopilot-types@1.10.11475348(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@microsoft/applicationinsights-web@3.1.2(tslib@2.8.1)))(lucide-react@0.555.0(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(yaml@2.8.3))(csstype@3.2.3)(date-fns@3.6.0)(immer@10.2.0)(rollup@4.59.0)(tslib@2.8.1)(typescript@5.9.3)(yjs@13.6.30)': + '@uipath/portal-shell@3.351.4(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@mui/system@7.3.10(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@emotion/styled@11.14.1(@emotion/react@11.14.0(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3))(@types/react@19.2.8)(react@19.2.3))(@uipath/apollo-fonts@1.25.8)(@uipath/autopilot-widgets@1.10.11475348(@types/react@19.2.8)(@uipath/autopilot-framework-utils@1.10.11475348(@uipath/autopilot-types@1.10.11475348(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@microsoft/applicationinsights-web@2.8.18(tslib@2.8.1))))(@uipath/autopilot-types@1.10.11475348(@microsoft/applicationinsights-core-js@3.1.2(tslib@2.8.1))(@microsoft/applicationinsights-web@3.1.2(tslib@2.8.1)))(lucide-react@0.555.0(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(yaml@2.8.3))(date-fns@3.6.0)(immer@10.2.0)(rollup@4.59.0)(tslib@2.8.1)(typescript@5.9.3)(yjs@13.6.30)': dependencies: '@emotion/cache': 11.14.0 '@emotion/react': 11.14.0(@types/react@18.2.45)(react@17.0.2) @@ -20320,7 +20011,7 @@ snapshots: lodash.uniq: 4.5.0 lottie-react: 2.4.1(react-dom@17.0.2(react@17.0.2))(react@17.0.2) luxon: 3.7.2 - notistack: 3.0.2(csstype@3.2.3)(react-dom@17.0.2(react@17.0.2))(react@17.0.2) + notistack: 3.0.2(react-dom@17.0.2(react@17.0.2))(react@17.0.2) odata-query: 5.4.4 oidc-client-ts: 2.0.5 react: 17.0.2 @@ -20344,7 +20035,6 @@ snapshots: - '@mui/system' - '@uipath/autopilot-widgets' - bufferutil - - csstype - date-fns - date-fns-jalali - encoding @@ -20397,12 +20087,12 @@ snapshots: dependencies: valibot: 1.2.0(typescript@5.9.3) - '@vercel/analytics@1.5.0(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(react@19.2.3)': + '@vercel/analytics@1.5.0(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react@19.2.3)': optionalDependencies: - next: 16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2) + next: 16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) react: 19.2.3 - '@vitejs/plugin-react@4.7.0(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))': + '@vitejs/plugin-react@4.7.0(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))': dependencies: '@babel/core': 7.28.5 '@babel/plugin-transform-react-jsx-self': 7.27.1(@babel/core@7.28.5) @@ -20410,7 +20100,7 @@ snapshots: '@rolldown/pluginutils': 1.0.0-beta.27 '@types/babel__core': 7.20.5 react-refresh: 0.17.0 - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) transitivePeerDependencies: - supports-color @@ -20426,7 +20116,7 @@ snapshots: obug: 2.1.1 std-env: 4.0.0 tinyrainbow: 3.1.0 - vitest: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + vitest: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) '@vitest/expect@3.2.4': dependencies: @@ -20445,14 +20135,14 @@ snapshots: chai: 6.2.2 tinyrainbow: 3.1.0 - '@vitest/mocker@4.1.5(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))': + '@vitest/mocker@4.1.5(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3))': dependencies: '@vitest/spy': 4.1.5 estree-walker: 3.0.3 magic-string: 0.30.21 optionalDependencies: msw: 2.12.3(@types/node@24.10.1)(typescript@5.9.3) - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) '@vitest/pretty-format@3.2.4': dependencies: @@ -20489,7 +20179,7 @@ snapshots: sirv: 3.0.2 tinyglobby: 0.2.15 tinyrainbow: 3.1.0 - vitest: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + vitest: 4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) '@vitest/utils@3.2.4': dependencies: @@ -20670,11 +20360,6 @@ snapshots: clean-stack: 5.3.0 indent-string: 5.0.0 - ajv-draft-04@1.0.0(ajv@8.18.0): - optionalDependencies: - ajv: 8.18.0 - optional: true - ajv-formats@2.1.1(ajv@8.18.0): optionalDependencies: ajv: 8.18.0 @@ -20735,17 +20420,12 @@ snapshots: anymatch@3.1.3: dependencies: normalize-path: 3.0.0 - picomatch: 4.0.4 + picomatch: 2.3.2 arch@3.0.0: {} arg@5.0.2: {} - argparse@1.0.10: - dependencies: - sprintf-js: 1.0.3 - optional: true - argparse@2.0.1: {} argv-formatter@1.0.0: {} @@ -20903,6 +20583,8 @@ snapshots: bail@2.0.2: {} + balanced-match@1.0.2: {} + balanced-match@2.0.0: {} balanced-match@4.0.4: {} @@ -20963,6 +20645,15 @@ snapshots: moddle: 7.2.0 moddle-xml: 11.0.0(moddle@7.2.0) + brace-expansion@1.1.14: + dependencies: + balanced-match: 1.0.2 + concat-map: 0.0.1 + + brace-expansion@2.1.0: + dependencies: + balanced-match: 1.0.2 + brace-expansion@5.0.5: dependencies: balanced-match: 4.0.4 @@ -21047,9 +20738,6 @@ snapshots: camelcase@6.3.0: {} - camelize@1.0.1: - optional: true - caniuse-api@3.0.0: dependencies: browserslist: 4.28.1 @@ -21148,11 +20836,6 @@ snapshots: optionalDependencies: fsevents: 2.3.3 - chokidar@4.0.3: - dependencies: - readdirp: 4.1.2 - optional: true - chrome-trace-event@1.0.4: {} ci-info@4.3.1: {} @@ -21305,7 +20988,7 @@ snapshots: glob: 7.2.3 inquirer: 8.2.5 is-utf8: 0.2.1 - lodash: 4.18.1 + lodash: 4.17.21 minimist: 1.2.7 strip-bom: 4.0.0 strip-json-comments: 3.1.1 @@ -21320,6 +21003,8 @@ snapshots: compute-scroll-into-view@3.1.1: {} + concat-map@0.0.1: {} + confbox@0.1.8: {} config-chain@1.1.13: @@ -21385,11 +21070,6 @@ snapshots: cookie@1.0.2: {} - copy-anything@2.0.6: - dependencies: - is-what: 3.14.1 - optional: true - core-js-compat@3.47.0: dependencies: browserslist: 4.28.1 @@ -21479,9 +21159,6 @@ snapshots: dependencies: type-fest: 1.4.0 - css-color-keywords@1.0.0: - optional: true - css-declaration-sorter@7.3.1(postcss@8.5.14): dependencies: postcss: 8.5.14 @@ -21496,13 +21173,6 @@ snapshots: domutils: 3.2.2 nth-check: 2.1.1 - css-to-react-native@3.2.0: - dependencies: - camelize: 1.0.1 - css-color-keywords: 1.0.0 - postcss-value-parser: 4.2.0 - optional: true - css-tree@2.2.1: dependencies: mdn-data: 2.0.28 @@ -21916,7 +21586,7 @@ snapshots: interpret: 3.1.1 is-installed-globally: 1.0.0 json5: 2.2.3 - picomatch: 4.0.4 + picomatch: 4.0.3 prompts: 2.4.2 rechoir: 0.8.0 safe-regex: 2.1.1 @@ -22109,11 +21779,6 @@ snapshots: environment@1.1.0: {} - errno@0.1.8: - dependencies: - prr: 1.0.1 - optional: true - error-ex@1.3.4: dependencies: is-arrayish: 0.2.1 @@ -22370,7 +22035,7 @@ snapshots: estraverse: 5.3.0 hasown: 2.0.2 jsx-ast-utils: 3.3.5 - minimatch: 10.2.5 + minimatch: 3.1.5 object.entries: 1.1.9 object.fromentries: 2.0.8 object.values: 1.2.1 @@ -22427,7 +22092,7 @@ snapshots: is-glob: 4.0.3 json-stable-stringify-without-jsonify: 1.0.1 lodash.merge: 4.6.2 - minimatch: 10.2.5 + minimatch: 3.1.5 natural-compare: 1.4.0 optionator: 0.9.4 optionalDependencies: @@ -22651,7 +22316,7 @@ snapshots: dependencies: chardet: 0.7.0 iconv-lite: 0.4.24 - tmp: 0.2.5 + tmp: 0.0.33 fast-content-type-parse@3.0.0: {} @@ -22731,7 +22396,7 @@ snapshots: filelist@1.0.4: dependencies: - minimatch: 10.2.5 + minimatch: 5.1.9 fill-range@7.1.1: dependencies: @@ -23020,7 +22685,7 @@ snapshots: fs.realpath: 1.0.0 inflight: 1.0.6 inherits: 2.0.4 - minimatch: 10.2.5 + minimatch: 3.1.5 once: 1.4.0 path-is-absolute: 1.0.1 @@ -23162,11 +22827,6 @@ snapshots: dependencies: function-bind: 1.1.2 - hasown@2.0.3: - dependencies: - function-bind: 1.1.2 - optional: true - hast-util-from-dom@5.0.1: dependencies: '@types/hast': 3.0.4 @@ -23443,14 +23103,8 @@ snapshots: ignore@7.0.5: {} - image-size@0.5.5: - optional: true - immer@10.2.0: {} - immutable@5.1.5: - optional: true - import-fresh@3.3.1: dependencies: parent-module: 1.0.1 @@ -23463,9 +23117,6 @@ snapshots: transitivePeerDependencies: - supports-color - import-lazy@4.0.0: - optional: true - import-meta-resolve@4.2.0: {} imurmurhash@0.1.4: {} @@ -23588,11 +23239,6 @@ snapshots: dependencies: hasown: 2.0.2 - is-core-module@2.16.2: - dependencies: - hasown: 2.0.3 - optional: true - is-data-view@1.0.2: dependencies: call-bound: 1.0.4 @@ -23751,9 +23397,6 @@ snapshots: call-bound: 1.0.4 get-intrinsic: 1.3.0 - is-what@3.14.1: - optional: true - is-windows@1.0.2: {} is-wsl@2.2.0: @@ -23909,9 +23552,6 @@ snapshots: jiti@2.6.1: {} - jju@1.4.0: - optional: true - jose@6.1.3: {} js-cookie@3.0.5: {} @@ -24038,21 +23678,6 @@ snapshots: layout-base@2.0.1: {} - less@4.4.2: - dependencies: - copy-anything: 2.0.6 - parse-node-version: 1.0.1 - tslib: 2.8.1 - optionalDependencies: - errno: 0.1.8 - graceful-fs: 4.2.11 - image-size: 0.5.5 - make-dir: 2.1.0 - mime: 1.6.0 - needle: 3.5.0 - source-map: 0.6.1 - optional: true - leven@3.1.0: {} levn@0.4.1: @@ -24264,6 +23889,8 @@ snapshots: lodash.upperfirst@4.3.1: {} + lodash@4.17.21: {} + lodash@4.18.1: {} log-symbols@4.1.0: @@ -24329,11 +23956,6 @@ snapshots: dependencies: yallist: 3.1.1 - lru-cache@6.0.0: - dependencies: - yallist: 4.0.0 - optional: true - lucide-react@0.555.0(react@19.2.3): dependencies: react: 19.2.3 @@ -24362,12 +23984,6 @@ snapshots: type-fest: 4.41.0 web-worker: 1.5.0 - make-dir@2.1.0: - dependencies: - pify: 4.0.1 - semver: 5.7.2 - optional: true - make-dir@4.0.0: dependencies: semver: 7.7.4 @@ -24981,7 +24597,7 @@ snapshots: micromatch@4.0.8: dependencies: braces: 3.0.3 - picomatch: 4.0.4 + picomatch: 2.3.2 mime-db@1.52.0: {} @@ -24995,9 +24611,6 @@ snapshots: dependencies: mime-db: 1.54.0 - mime@1.6.0: - optional: true - mime@4.1.0: {} mimic-fn@2.1.0: {} @@ -25014,6 +24627,14 @@ snapshots: dependencies: brace-expansion: 5.0.5 + minimatch@3.1.5: + dependencies: + brace-expansion: 1.1.14 + + minimatch@5.1.9: + dependencies: + brace-expansion: 2.1.0 + minimist@1.2.7: {} minimist@1.2.8: {} @@ -25146,12 +24767,6 @@ snapshots: natural-compare@1.4.0: {} - needle@3.5.0: - dependencies: - iconv-lite: 0.6.3 - sax: 1.6.0 - optional: true - negotiator@1.0.0: {} neo-async@2.6.2: {} @@ -25165,13 +24780,13 @@ snapshots: next-tick@1.1.0: {} - next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2): + next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3): dependencies: '@next/env': 16.2.6 '@swc/helpers': 0.5.15 baseline-browser-mapping: 2.10.8 caniuse-lite: 1.0.30001786 - postcss: 8.5.14 + postcss: 8.4.31 react: 19.2.3 react-dom: 19.2.3(react@19.2.3) styled-jsx: 5.1.6(@babel/core@7.28.5)(babel-plugin-macros@3.1.0)(react@19.2.3) @@ -25186,19 +24801,18 @@ snapshots: '@next/swc-win32-x64-msvc': 16.2.6 '@opentelemetry/api': 1.9.0 babel-plugin-react-compiler: 1.0.0 - sass: 1.94.2 sharp: 0.34.5 transitivePeerDependencies: - '@babel/core' - babel-plugin-macros - nextra-theme-docs@4.6.1(@types/react@19.2.8)(immer@10.2.0)(next@16.2.6(@opentelemetry/api@1.9.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(nextra@4.6.1(next@16.2.6(@opentelemetry/api@1.9.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(use-sync-external-store@1.6.0(react@19.2.3)): + nextra-theme-docs@4.6.1(@types/react@19.2.8)(immer@10.2.0)(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(nextra@4.6.1(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(use-sync-external-store@1.6.0(react@19.2.3)): dependencies: '@headlessui/react': 2.2.9(react-dom@19.2.3(react@19.2.3))(react@19.2.3) clsx: 2.1.1 - next: 16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2) + next: 16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) next-themes: 0.4.6(react-dom@19.2.3(react@19.2.3))(react@19.2.3) - nextra: 4.6.1(next@16.2.6(@opentelemetry/api@1.9.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3) + nextra: 4.6.1(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3) react: 19.2.3 react-compiler-runtime: 19.1.0-rc.3(react@19.2.3) react-dom: 19.2.3(react@19.2.3) @@ -25210,7 +24824,7 @@ snapshots: - immer - use-sync-external-store - nextra@4.6.1(next@16.2.6(@opentelemetry/api@1.9.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3): + nextra@4.6.1(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3): dependencies: '@formatjs/intl-localematcher': 0.6.2 '@headlessui/react': 2.2.9(react-dom@19.2.3(react@19.2.3))(react@19.2.3) @@ -25231,7 +24845,7 @@ snapshots: mdast-util-gfm: 3.1.0 mdast-util-to-hast: 13.2.1 negotiator: 1.0.0 - next: 16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(sass@1.94.2) + next: 16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3) react: 19.2.3 react-compiler-runtime: 19.1.0-rc.3(react@19.2.3) react-dom: 19.2.3(react@19.2.3) @@ -25330,14 +24944,13 @@ snapshots: normalize-url@9.0.0: {} - notistack@3.0.2(csstype@3.2.3)(react-dom@17.0.2(react@17.0.2))(react@17.0.2): + notistack@3.0.2(react-dom@17.0.2(react@17.0.2))(react@17.0.2): dependencies: clsx: 1.2.1 + csstype: 3.2.3 goober: 2.1.18(csstype@3.2.3) react: 17.0.2 react-dom: 17.0.2(react@17.0.2) - transitivePeerDependencies: - - csstype npm-run-path@4.0.1: dependencies: @@ -25497,6 +25110,8 @@ snapshots: orderedmap@2.1.1: {} + os-tmpdir@1.0.2: {} + outvariant@1.4.3: {} own-keys@1.0.1: @@ -25666,9 +25281,6 @@ snapshots: parse-ms@4.0.0: {} - parse-node-version@1.0.1: - optional: true - parse-numeric-range@1.3.0: {} parse-passwd@1.0.0: {} @@ -25737,6 +25349,10 @@ snapshots: picocolors@1.1.1: {} + picomatch@2.3.2: {} + + picomatch@4.0.3: {} + picomatch@4.0.4: {} picoquery@2.5.0: {} @@ -25747,9 +25363,6 @@ snapshots: pify@3.0.0: {} - pify@4.0.1: - optional: true - pirates@4.0.7: {} pkce-challenge@5.0.0: {} @@ -25987,6 +25600,12 @@ snapshots: postcss-value-parser@4.2.0: {} + postcss@8.4.31: + dependencies: + nanoid: 3.3.11 + picocolors: 1.1.1 + source-map-js: 1.2.1 + postcss@8.5.14: dependencies: nanoid: 3.3.11 @@ -26160,9 +25779,6 @@ snapshots: forwarded: 0.2.0 ipaddr.js: 1.9.1 - prr@1.0.1: - optional: true - pseudolocale@2.2.0: dependencies: commander: 10.0.1 @@ -26610,14 +26226,11 @@ snapshots: readdirp@3.5.0: dependencies: - picomatch: 4.0.4 + picomatch: 2.3.2 readdirp@3.6.0: dependencies: - picomatch: 4.0.4 - - readdirp@4.1.2: - optional: true + picomatch: 2.3.2 reading-time@1.5.0: {} @@ -26917,14 +26530,6 @@ snapshots: path-parse: 1.0.7 supports-preserve-symlinks-flag: 1.0.0 - resolve@1.22.12: - dependencies: - es-errors: 1.3.0 - is-core-module: 2.16.2 - path-parse: 1.0.7 - supports-preserve-symlinks-flag: 1.0.0 - optional: true - resolve@2.0.0-next.6: dependencies: es-errors: 1.3.0 @@ -27035,12 +26640,11 @@ snapshots: transitivePeerDependencies: - supports-color - rsbuild-plugin-dts@0.19.6(@microsoft/api-extractor@7.57.6(@types/node@24.10.1))(@rsbuild/core@1.7.3)(typescript@5.9.3): + rsbuild-plugin-dts@0.19.6(@rsbuild/core@1.7.3)(typescript@5.9.3): dependencies: '@ast-grep/napi': 0.37.0 '@rsbuild/core': 1.7.3 optionalDependencies: - '@microsoft/api-extractor': 7.57.6(@types/node@24.10.1) typescript: 5.9.3 run-applescript@7.1.0: {} @@ -27095,20 +26699,8 @@ snapshots: parse-srcset: 1.0.2 postcss: 8.5.14 - sass@1.94.2: - dependencies: - chokidar: 4.0.3 - immutable: 5.1.5 - source-map-js: 1.2.1 - optionalDependencies: - '@parcel/watcher': 2.5.6 - optional: true - sax@1.5.0: {} - sax@1.6.0: - optional: true - saxen@10.0.0: {} saxes@6.0.0: @@ -27196,11 +26788,6 @@ snapshots: semver@6.3.1: {} - semver@7.5.4: - dependencies: - lru-cache: 6.0.0 - optional: true - semver@7.7.3: {} semver@7.7.4: {} @@ -27536,9 +27123,6 @@ snapshots: split2@4.2.0: {} - sprintf-js@1.0.3: - optional: true - sqids@0.3.0: {} stack-utils@2.0.6: @@ -27737,14 +27321,13 @@ snapshots: dependencies: inline-style-parser: 0.2.7 - styled-components@6.4.1(css-to-react-native@3.2.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3): + styled-components@6.4.1(react-dom@19.2.3(react@19.2.3))(react@19.2.3): dependencies: '@emotion/is-prop-valid': 1.4.0 csstype: 3.2.3 react: 19.2.3 stylis: 4.3.6 optionalDependencies: - css-to-react-native: 3.2.0 react-dom: 19.2.3(react@19.2.3) styled-jsx@5.1.6(@babel/core@7.28.5)(babel-plugin-macros@3.1.0)(react@19.2.3): @@ -28063,7 +27646,9 @@ snapshots: transitivePeerDependencies: - typescript - tmp@0.2.5: {} + tmp@0.0.33: + dependencies: + os-tmpdir: 1.0.2 to-regex-range@5.0.1: dependencies: @@ -28271,9 +27856,6 @@ snapshots: typescript@4.9.5: {} - typescript@5.8.2: - optional: true - typescript@5.9.3: {} ua-parser-js@1.0.41: {} @@ -28572,18 +28154,18 @@ snapshots: d3-time: 3.1.0 d3-timer: 3.0.1 - vite-tsconfig-paths@5.1.4(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)): + vite-tsconfig-paths@5.1.4(typescript@5.9.3)(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)): dependencies: debug: 4.4.3 globrex: 0.1.2 tsconfck: 3.1.6(typescript@5.9.3) optionalDependencies: - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) transitivePeerDependencies: - supports-color - typescript - vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3): + vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3): dependencies: esbuild: 0.27.3 fdir: 6.5.0(picomatch@4.0.4) @@ -28595,17 +28177,15 @@ snapshots: '@types/node': 24.10.1 fsevents: 2.3.3 jiti: 2.6.1 - less: 4.4.2 lightningcss: 1.32.0 - sass: 1.94.2 terser: 5.43.1 tsx: 4.20.6 yaml: 2.8.3 - vitest@4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)): + vitest@4.1.5(@opentelemetry/api@1.9.0)(@types/node@24.10.1)(@vitest/coverage-v8@4.1.5)(@vitest/ui@4.1.5)(happy-dom@20.8.9)(jsdom@27.3.0)(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)): dependencies: '@vitest/expect': 4.1.5 - '@vitest/mocker': 4.1.5(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) + '@vitest/mocker': 4.1.5(msw@2.12.3(@types/node@24.10.1)(typescript@5.9.3))(vite@7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3)) '@vitest/pretty-format': 4.1.5 '@vitest/runner': 4.1.5 '@vitest/snapshot': 4.1.5 @@ -28622,7 +28202,7 @@ snapshots: tinyexec: 1.0.4 tinyglobby: 0.2.15 tinyrainbow: 3.1.0 - vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(less@4.4.2)(lightningcss@1.32.0)(sass@1.94.2)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) + vite: 7.3.2(@types/node@24.10.1)(jiti@2.6.1)(lightningcss@1.32.0)(terser@5.43.1)(tsx@4.20.6)(yaml@2.8.3) why-is-node-running: 2.3.0 optionalDependencies: '@opentelemetry/api': 1.9.0 @@ -28908,9 +28488,6 @@ snapshots: yallist@3.1.1: {} - yallist@4.0.0: - optional: true - yaml@1.10.3: {} yaml@2.8.3: {} diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 6f2977012..729dead42 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -3,6 +3,10 @@ packages: - 'web-packages/*' - 'apps/*' +# Peer dependency behaviour (moved from .npmrc — pnpm 11 limits .npmrc to auth/registry only) +autoInstallPeers: true +strictPeerDependencies: false + # Supply-chain hardening # 14-day quarantine on newly-published packages (minutes; 14d × 1440) minimumReleaseAge: 20160 @@ -18,10 +22,21 @@ minimumReleaseAgeExclude: - 'next' # 16.2.6 — locked version too new - 'fs-extra' # 11.3.5 — locked version too new - '@babel/parser' # 7.29.3 — locked version too new -# Refuse transitive git/tarball deps (pnpm 11 default; explicit on 10.x) +# Refuse transitive git/tarball deps (pnpm 11 default; kept explicit for clarity) blockExoticSubdeps: true # dompurify XSS - FIXME: no patch available yet auditConfig: ignoreGhsas: - GHSA-v2wj-7wpq-c8vv + +# pnpm 11: build scripts are blocked by default — explicitly allow legitimate native builds. +# These packages require postinstall scripts to download platform-specific binaries or compile native code. +allowBuilds: + '@biomejs/biome': true # downloads platform-specific binary + '@parcel/watcher': true # native file-system watcher + core-js: true # polyfill compilation + es5-ext: true # ES5 extension build + esbuild: true # downloads native binary + msw: true # service worker init + sharp: true # native image processing From a2e18e37f44f08054dde020dcbc1213f82364855 Mon Sep 17 00:00:00 2001 From: Cristian Florin Calina Date: Wed, 13 May 2026 17:04:22 -0700 Subject: [PATCH 4/5] chore(repo): improve scripts --- .github/actions/install-node-deps/action.yml | 2 +- .github/copilot-instructions.md | 26 ++++++++-- .github/dependabot.yml | 47 +++++------------- .../apollo-vertex-registry-check.yml | 2 +- .github/workflows/close-stale-prs.yml | 3 +- .github/workflows/commit-lint.yml | 4 ++ .github/workflows/pr-labeler.yml | 4 ++ .github/workflows/release.yml | 24 +++++++++ .github/workflows/support-branch-scope.yml | 10 ++-- CODEOWNERS | 1 + package.json | 2 +- packages/apollo-core/.releaserc.json | 2 +- packages/apollo-react/.releaserc.json | 2 +- packages/apollo-wind/.releaserc.json | 2 +- pnpm-lock.yaml | 4 +- pnpm-workspace.yaml | 14 +++++- scripts/check-licenses.ts | 4 +- scripts/create-dev-comment.ts | 2 +- scripts/publish-dev.ts | 11 ++++- scripts/publish-to-registries.sh | 49 ++++++++++++++++--- scripts/unpublish-dev.ts | 26 ++++++++-- scripts/update-dev-comment-row.ts | 2 +- web-packages/ap-chat/.releaserc.json | 2 +- 23 files changed, 173 insertions(+), 72 deletions(-) diff --git a/.github/actions/install-node-deps/action.yml b/.github/actions/install-node-deps/action.yml index 2b974d927..144f5edc8 100644 --- a/.github/actions/install-node-deps/action.yml +++ b/.github/actions/install-node-deps/action.yml @@ -27,5 +27,5 @@ runs: - name: Install dependencies shell: bash env: - NODE_AUTH_TOKEN: ${{ inputs.registry-token }} + GH_NPM_REGISTRY_TOKEN: ${{ inputs.registry-token }} run: pnpm install --frozen-lockfile diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index bd75592db..d2183c8eb 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -59,6 +59,7 @@ All `uses:` pinned to a full 40-character SHA with a `# vX` comment. No `@v*`, ` | `actions/github-script` | `ed597411d8f924073f98dfc5c65a23a2325f34cd` | v8 | | `actions/dependency-review-action` | `a1d282b36b6f3519aa1f3fc636f609c47dddb294` | v5.0.0 | | `actions/attest-sbom` | `c604332985a26aa8cf1bdc465b92731239ec6b9e` | v4.1.0 | +| `actions/attest-build-provenance` | `a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32` | v4.1.0 | | `pnpm/action-setup` | `b906affcce14559ad1aafd4ab0e942779e9f58b1` | v4 | | `zizmorcore/zizmor-action` | `135698455da5c3b3e55f73f4419e481ab68cdd95` | v0.4.1 | | `reviewdog/action-actionlint` | `6fb7acc99f4a1008869fa8a0f09cfca740837d9d` | v1.72.0 | @@ -90,7 +91,9 @@ When any PR touches `.github/workflows/`, `.github/actions/`, `.npmrc`, `pnpm-wo **Fork safety** - [ ] Every job using secrets or publishing has `if: github.event.pull_request.head.repo.fork == false` - [ ] No `pull_request_target` trigger — use `pull_request` (see Supply Chain §3) +- [ ] No `on: workflow_run` trigger without an explicit `if: github.event.workflow_run.head_repository.full_name == github.repository` guard — same trust-boundary collapse risk as `pull_request_target` - [ ] PR comment parsing filters by `select(.user.type == "Bot" or .user.login == "github-actions[bot]")` +- [ ] Jobs triggered by `workflow_run` that consume artifacts validate attestation via `gh attestation verify` before executing any artifact content **Install safety** - [ ] Every `pnpm install` uses `--frozen-lockfile` — use `./.github/actions/install-node-deps`, never call pnpm directly @@ -99,8 +102,10 @@ When any PR touches `.github/workflows/`, `.github/actions/`, `.npmrc`, `pnpm-wo - [ ] New `minimumReleaseAgeExclude` entries in `pnpm-workspace.yaml` include exact version + reason: `- 'pkg' # x.y.z — reason` **Cache** -- [ ] Cache keys include `github.sha`; Turbo pattern: `${{ runner.os }}-turbo-${{ github.ref_name }}-${{ github.sha }}` -- [ ] `restore-keys` scoped to same branch first — never broad enough to match entries from unrelated branches +- [ ] Turbo cache key: `${{ runner.os }}-turbo-${{ github.ref_name }}-${{ github.sha }}`; `restore-keys` scoped to same branch — never matches entries from other branches or PR runs +- [ ] pnpm store cache key (if used): also includes `github.sha`; `restore-keys` scoped to same branch — never broad enough to be written by a fork/PR run and read by a release run +- [ ] Prefer `actions/cache/restore` (read) + `actions/cache/save` (conditional write) over combined `actions/cache` on release and deploy jobs — combined `actions/cache` post-job saves use a runner-internal token that bypasses `permissions:` +- [ ] Scheduled workflow jobs (`on: schedule`) do not restore caches under keys that a fork PR could have written **Injection** - [ ] No `${{ github.event.* }}` or `${{ github.head_ref }}` interpolated directly in `run:` — pass through `env:` @@ -121,7 +126,13 @@ Flag these patterns immediately: |---|---|---| | **Lockfile drift (shai-hulud)** | `pnpm install` without `--frozen-lockfile`; `npm install` | `install-node-deps` enforces `--frozen-lockfile` | | **Day-zero publish via pnpm dlx** | `pnpm dlx pkg` without `@x.y.z`; `npx -y pkg` | All `pnpm dlx` calls version-pinned | -| **TanStack: `pull_request_target` + cache poison + OIDC extract** | `on: pull_request_target`; broad Turbo `restore-keys` missing `ref_name` | No `pull_request_target`; Turbo cache branch-scoped | +| **TanStack: `pull_request_target` + pnpm store cache poison + OIDC extract** | `on: pull_request_target`; broad `restore-keys` missing `ref_name`; pnpm store cache writable from fork run | No `pull_request_target`; Turbo + pnpm store cache branch-scoped; `actions/cache` combined save/restore bypasses `permissions:` | +| **Cache poisoning (pnpm store)** | `actions/cache` write from fork/PR run with restore-key matching release pipeline | pnpm store cache keys include `github.sha`; `restore-keys` scoped to same branch only; prefer separate `cache/restore` + `cache/save` on release jobs | +| **Published package protocol injection** | `github:`, `file:`, `link:`, or `git+` protocol in `optionalDependencies`/`dependencies` of a new/updated package | Audit lockfile diff; flag any non-registry URL reference in prod deps | +| **OIDC trusted-publisher scope too broad** | `id-token: write` on a workflow that isn't `release.yml`; npm trusted-publisher not constrained by `job_workflow_ref` | `id-token: write` job-scoped to release job only; verify npmjs.org trusted-publisher settings include `job_workflow_ref` for `release.yml@refs/heads/main` | +| **`workflow_run` without head-repo guard** | `on: workflow_run` without `if: github.event.workflow_run.head_repository.full_name == github.repository` | No `workflow_run` trigger in repo; add guard if ever introduced | +| **Maintainer account takeover / burst publish** | Package receives 3+ new versions in a 6-minute window; new maintainer added within last 30 days; unusual publish time | `monitor-npm-publishes.yml` flags version-to-release mismatch; check socket.dev for maintainer changes | +| **Forged bot commit identity** | Version-bump commit where committer email ≠ `semantic-release-bot@users.noreply.github.com` | Check committer email on release commits; semantic-release-bot identity is fixed in `release.yml` git config step | | **Dependency confusion** | `.npmrc` change to `@uipath` registry routing | `@uipath:registry=https://npm.pkg.github.com`; all 4 names claimed on npm.org | | **Workflow injection** | `${{ github.event.*.title }}` etc. in `run:` blocks | Pass via `env:` | | **Compromised maintainer / day-zero** | Any production dep update without verifying age, changelog, and postinstall scripts | `minimumReleaseAge: 20160` (14d quarantine); `npm audit signatures` | @@ -157,8 +168,11 @@ When reviewing `release.yml`, `dev-publish.yml`, `dev-cleanup.yml`, or `scripts/ 2. New version was published **more than 14 days ago** — Dependabot bypasses `minimumReleaseAge`, manual check required 3. Read the changelog between old and new version for anything unexpected 4. Verify no new or changed `postinstall`/`preinstall` scripts, obfuscated code, or new remote fetch calls introduced in the new version -5. Check https://socket.dev/npm/package/[package-name] for supply chain signals +5. Check https://socket.dev/npm/package/[package-name] for supply chain signals — look specifically for recent maintainer additions (last 90 days) and burst-publish patterns 6. `dependency-review-action` check passed; `Audit Package Signatures` passed if `pnpm-lock.yaml` changed +7. Confirm the PR was opened by `app/dependabot` (GitHub's verified bot) — verify the PR author badge. A human PR falsely attributing changes to Dependabot is suspicious. +8. Flag any `github:`, `file:`, `link:`, or `git+` protocol reference appearing in the updated `pnpm-lock.yaml` — legitimate Dependabot PRs only introduce registry versions. +9. If a package received a new maintainer within the last 90 days AND the new version was published within the last 14 days, hold the PR until the 14-day quarantine window passes even if Dependabot bypassed `minimumReleaseAge`. Note: `@tanstack/*` packages have a confirmed supply chain incident history (May 2025) — apply extra care, but these checks apply to every production dependency, not just tanstack. @@ -206,6 +220,10 @@ When a PR significantly modifies an existing styled/MUI component, migrate it to - `${{ secrets.* }}` in workflow/job-level `env:` - `pnpm install` without `--frozen-lockfile`; `pnpm dlx` / `npx -y` without version pin - Missing fork guard on secret-using or publishing jobs +- `on: workflow_run` trigger without `if: github.event.workflow_run.head_repository.full_name == github.repository` guard +- `optionalDependencies`, `dependencies`, or `devDependencies` containing `github:`, `git+`, `file:`, or `link:` protocol references in a PR that also modifies `pnpm-lock.yaml` +- Modification to `monitor-npm-publishes.yml` that removes or weakens the alert-on-mismatch logic +- Literal `EOF` heredoc delimiter in a `run:` step where the output value is attacker-influenced — use `openssl rand -hex 8` - New Emotion/MUI usage in `apollo-react` - Breaking public API changes - Runtime security vulnerabilities (XSS, injection, prototype pollution) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 07582d262..dda34c8b9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,9 +16,12 @@ updates: prefix: chore(deps) prefix-development: chore(deps-dev) include: scope + # Major version bumps handled manually — Dependabot only opens minor/patch PRs. + ignore: + - dependency-name: "*" + update-types: + - version-update:semver-major groups: - # Routine non-major updates bundled by dependency-type. - # Majors fall through and open individual PRs unless captured by a major-only group below. production-minor-patch: dependency-type: production update-types: @@ -30,40 +33,6 @@ updates: - minor - patch - # Majors that MUST move together across the family (one PR per family). - mui-major: - patterns: - - "@mui/*" - - "@emotion/*" - update-types: - - major - lingui-major: - patterns: - - "@lingui/*" - update-types: - - major - tiptap-major: - patterns: - - "@tiptap/*" - update-types: - - major - storybook-major: - patterns: - - "storybook" - - "@storybook/*" - update-types: - - major - radix-ui-major: - patterns: - - "@radix-ui/*" - update-types: - - major - tanstack-major: - patterns: - - "@tanstack/*" - update-types: - - major - # Bundle security PRs (otherwise each alert opens an individual PR). security: applies-to: security-updates @@ -71,6 +40,8 @@ updates: - "*" # GitHub Actions — pinned by SHA, so updates come through as SHA bumps with tag-comment hints. + # Major version bumps are ignored here — handle manually one major at a time to avoid + # skipping intermediate releases and missing breaking changes or security fixes. - package-ecosystem: github-actions directory: / schedule: @@ -85,6 +56,10 @@ updates: commit-message: prefix: chore(ci) include: scope + ignore: + - dependency-name: "*" + update-types: + - version-update:semver-major groups: actions-minor-patch: update-types: diff --git a/.github/workflows/apollo-vertex-registry-check.yml b/.github/workflows/apollo-vertex-registry-check.yml index e46ef53c1..1ef108f5b 100644 --- a/.github/workflows/apollo-vertex-registry-check.yml +++ b/.github/workflows/apollo-vertex-registry-check.yml @@ -82,7 +82,7 @@ jobs: working-directory: ${{ runner.temp }}/minimal-app env: REGISTRY_URL: http://localhost:3000 - run: ${{ github.workspace }}/node_modules/.bin/tsx ${{ github.workspace }}/.github/scripts/test-registry/configure-registry.ts + run: $GITHUB_WORKSPACE/node_modules/.bin/tsx $GITHUB_WORKSPACE/.github/scripts/test-registry/configure-registry.ts - name: Copy locales into base app run: cp -r apps/apollo-vertex/locales ${{ runner.temp }}/minimal-app/locales diff --git a/.github/workflows/close-stale-prs.yml b/.github/workflows/close-stale-prs.yml index 33833f19f..b4af977c8 100644 --- a/.github/workflows/close-stale-prs.yml +++ b/.github/workflows/close-stale-prs.yml @@ -26,13 +26,14 @@ jobs: pull-requests: write timeout-minutes: 10 env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_REPO: ${{ github.repository }} STALE_DAYS: '14' SKIP_LABEL: do-not-close DRY_RUN: ${{ inputs.dry_run }} steps: - name: Close PRs with no commits in 14+ days + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | # We roll our own instead of actions/stale because staleness must be # measured from the PR's last commit (committer.date). actions/stale diff --git a/.github/workflows/commit-lint.yml b/.github/workflows/commit-lint.yml index bc3696856..e1423d4db 100644 --- a/.github/workflows/commit-lint.yml +++ b/.github/workflows/commit-lint.yml @@ -4,6 +4,10 @@ on: pull_request: types: [opened, edited, synchronize, reopened] +concurrency: + group: commit-lint-${{ github.event.pull_request.number }} + cancel-in-progress: true + permissions: contents: read diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index a186c4cff..e5dfcab8e 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -4,6 +4,10 @@ on: pull_request: types: [opened, synchronize, reopened] +concurrency: + group: pr-labeler-${{ github.event.pull_request.number }} + cancel-in-progress: true + # Deny-all default; the label job grants only what it needs. permissions: {} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3648b2ffd..4238367d5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,6 +22,7 @@ jobs: if: "!contains(github.event.head_commit.message, '[skip ci]')" name: Release and Publish runs-on: ubuntu-latest + timeout-minutes: 30 permissions: contents: write packages: write @@ -110,6 +111,29 @@ jobs: path: sbom-*.cyclonedx.json retention-days: 90 + # Build provenance attestation — covers GHP consumers, who cannot use npm's --provenance + # mechanism (npm.org-only). Verifiable against local dist files or extracted tarball contents: + # gh attestation verify ./extracted-dist-file --owner UiPath + - name: Attest build provenance — apollo-core + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + with: + subject-path: packages/apollo-core/dist + + - name: Attest build provenance — apollo-react + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + with: + subject-path: packages/apollo-react/dist + + - name: Attest build provenance — apollo-wind + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + with: + subject-path: packages/apollo-wind/dist + + - name: Attest build provenance — ap-chat + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + with: + subject-path: web-packages/ap-chat/dist + - name: Commit changelogs and package updates run: | if [ -n "$(git status --porcelain)" ]; then diff --git a/.github/workflows/support-branch-scope.yml b/.github/workflows/support-branch-scope.yml index 323559d3f..cb2e8e72d 100644 --- a/.github/workflows/support-branch-scope.yml +++ b/.github/workflows/support-branch-scope.yml @@ -66,10 +66,11 @@ jobs: PR_URL: ${{ github.event.pull_request.html_url }} run: | CHANGED=$(gh pr diff "$PR_URL" --name-only) + DELIM="$(openssl rand -hex 8)" { - echo "files<> "$GITHUB_OUTPUT" - name: Check scope @@ -92,11 +93,12 @@ jobs: done <<< "$CHANGED_FILES" if [ -n "$OUT_OF_SCOPE" ]; then + DELIM="$(openssl rand -hex 8)" { echo "status=fail" - echo "files<> "$GITHUB_OUTPUT" else echo "status=pass" >> "$GITHUB_OUTPUT" diff --git a/CODEOWNERS b/CODEOWNERS index af372e93a..21c919c07 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -11,6 +11,7 @@ /package.json @UiPath/Apollo /pnpm-lock.yaml @UiPath/Apollo /pnpm-workspace.yaml @UiPath/Apollo +/turbo.json @UiPath/Apollo /scripts/ @UiPath/Apollo # Packages diff --git a/package.json b/package.json index 75b9272b8..df4cd5195 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "husky": "^9.1.7", "lint-staged": "^16.2.6", "semantic-release": "^25.0.3", - "semantic-release-monorepo": "^8.0.2", + "semantic-release-monorepo": "8.0.2", "stylelint": "^16.12.0", "stylelint-config-standard": "^36.0.1", "stylelint-config-tailwindcss": "^1.0.0", diff --git a/packages/apollo-core/.releaserc.json b/packages/apollo-core/.releaserc.json index 9f9798a19..7cc2a0e04 100644 --- a/packages/apollo-core/.releaserc.json +++ b/packages/apollo-core/.releaserc.json @@ -30,7 +30,7 @@ [ "@semantic-release/exec", { - "publishCmd": "bash ../../scripts/publish-to-registries.sh --no-git-checks --access public --tag ${nextRelease.channel || 'latest'}" + "publishCmd": "TAG_NAME=${nextRelease.channel || 'latest'} bash ../../scripts/publish-to-registries.sh --no-git-checks --access public" } ], [ diff --git a/packages/apollo-react/.releaserc.json b/packages/apollo-react/.releaserc.json index 4ab83d0e7..3817afcc4 100644 --- a/packages/apollo-react/.releaserc.json +++ b/packages/apollo-react/.releaserc.json @@ -30,7 +30,7 @@ [ "@semantic-release/exec", { - "publishCmd": "bash ../../scripts/publish-to-registries.sh --no-git-checks --access public --tag ${nextRelease.channel || 'latest'}" + "publishCmd": "TAG_NAME=${nextRelease.channel || 'latest'} bash ../../scripts/publish-to-registries.sh --no-git-checks --access public" } ], [ diff --git a/packages/apollo-wind/.releaserc.json b/packages/apollo-wind/.releaserc.json index a9be46737..20dec7050 100644 --- a/packages/apollo-wind/.releaserc.json +++ b/packages/apollo-wind/.releaserc.json @@ -30,7 +30,7 @@ [ "@semantic-release/exec", { - "publishCmd": "bash ../../scripts/publish-to-registries.sh --no-git-checks --access public --tag ${nextRelease.channel || 'latest'}" + "publishCmd": "TAG_NAME=${nextRelease.channel || 'latest'} bash ../../scripts/publish-to-registries.sh --no-git-checks --access public" } ], [ diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 2808010ae..a7730197f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -57,7 +57,7 @@ importers: specifier: ^25.0.3 version: 25.0.3(typescript@5.9.3) semantic-release-monorepo: - specifier: ^8.0.2 + specifier: 8.0.2 version: 8.0.2(semantic-release@25.0.3(typescript@5.9.3)) stylelint: specifier: ^16.12.0 @@ -22521,7 +22521,7 @@ snapshots: fs-extra@10.1.0: dependencies: graceful-fs: 4.2.11 - jsonfile: 6.2.0 + jsonfile: 6.2.1 universalify: 2.0.1 fs-extra@11.3.2: diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 729dead42..d05787bb0 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -10,6 +10,10 @@ strictPeerDependencies: false # Supply-chain hardening # 14-day quarantine on newly-published packages (minutes; 14d × 1440) minimumReleaseAge: 20160 +# pnpm 11.0.4 made ERR_PNPM_MISSING_TIME a hard error when registry metadata lacks the `time` +# field (pnpm/pnpm#11238, unfixed). Setting false restores pnpm 10 behaviour: missing-time +# packages are warned and skipped rather than failing the install. +minimumReleaseAgeStrict: false # Exempt packages whose latest release is too new to satisfy the quarantine. # The weekly `prune-release-age-exemptions` workflow auto-PRs removal of entries once aged. # @@ -19,7 +23,15 @@ minimumReleaseAgeExclude: - '@uipath/*' # permanent — own scope, always installable immediately - 'postcss' # 8.5.14 — security override in pnpm.overrides - 'mermaid' # 11.15.0 — GHSA-v2wj-7wpq-c8vv backport patch - - 'next' # 16.2.6 — locked version too new + - 'next' # 16.2.6 — locked version too new + - '@next/swc-darwin-arm64' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-darwin-x64' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-linux-arm64-gnu' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-linux-arm64-musl' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-linux-x64-gnu' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-linux-x64-musl' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-win32-arm64-msvc' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-win32-x64-msvc' # 16.2.6 — co-published with next, optional platform binary - 'fs-extra' # 11.3.5 — locked version too new - '@babel/parser' # 7.29.3 — locked version too new # Refuse transitive git/tarball deps (pnpm 11 default; kept explicit for clarity) diff --git a/scripts/check-licenses.ts b/scripts/check-licenses.ts index 716363b4f..39f44f7fd 100644 --- a/scripts/check-licenses.ts +++ b/scripts/check-licenses.ts @@ -8,7 +8,7 @@ * Policy: GO (Permissive Licenses) - approved for use and distribution without legal approval */ -import { execSync } from 'node:child_process'; +import { execFileSync } from 'node:child_process'; import { appendFileSync, writeFileSync } from 'node:fs'; import { join } from 'node:path'; @@ -107,7 +107,7 @@ function writeReport(markdown: string) { } try { - const json = execSync('pnpm licenses list --json', { encoding: 'utf8', maxBuffer: 50 * 1024 * 1024 }); + const json = execFileSync('pnpm', ['licenses', 'list', '--json'], { encoding: 'utf8', maxBuffer: 50 * 1024 * 1024 }); const data: Record = JSON.parse(json); const total = Object.values(data).reduce((sum, pkgs) => sum + pkgs.length, 0); diff --git a/scripts/create-dev-comment.ts b/scripts/create-dev-comment.ts index 0f26d3b2f..1f274518c 100755 --- a/scripts/create-dev-comment.ts +++ b/scripts/create-dev-comment.ts @@ -61,7 +61,7 @@ function main() { try { const result = execFileSync( 'gh', - ['api', `repos/${owner}/${repoName}/issues/${prNumber}/comments`, '--jq', `([.[] | select(.body | contains("${IDENTIFIER}")) | .id][0] // empty)`], + ['api', `repos/${owner}/${repoName}/issues/${prNumber}/comments`, '--jq', `([.[] | select((.user.type == "Bot" or .user.login == "github-actions[bot]") and (.body | contains("${IDENTIFIER}"))) | .id][0] // empty)`], { encoding: 'utf8', env: { ...process.env, GH_TOKEN: token } } ); commentId = result.trim() || null; diff --git a/scripts/publish-dev.ts b/scripts/publish-dev.ts index cf867a906..7fa61e5b0 100644 --- a/scripts/publish-dev.ts +++ b/scripts/publish-dev.ts @@ -52,6 +52,11 @@ function main() { const [packageName, suffix] = args as [string, string]; + if (!/^@uipath\/[a-z0-9-]+$/.test(packageName)) { + console.error(`Error: Invalid package name "${packageName}". Must be @uipath/ (lowercase, hyphens only).`); + process.exit(1); + } + // Validate suffix (alphanumeric, may contain hyphens and dots, must not start with hyphen/dot) if (!/^[a-zA-Z0-9][a-zA-Z0-9.-]*$/.test(suffix)) { console.error( @@ -96,7 +101,7 @@ function main() { '--tag', 'dev', ]; - // Publish to npm + // Publish to npm — explicitly clear GH token so it cannot leak into npm's registry call console.log('\n📦 Publishing to npm...'); execFileSync( 'pnpm', @@ -112,12 +117,13 @@ function main() { ...process.env, NPM_AUTH_TOKEN: npmToken, NODE_AUTH_TOKEN: npmToken, + GH_NPM_REGISTRY_TOKEN: '', }, } ); console.log('✓ Published to npm'); - // Publish to GitHub Package Registry + // Publish to GitHub Package Registry — explicitly clear npm token so it cannot leak into GHP's registry call console.log('\n📦 Publishing to GitHub Package Registry...'); execFileSync( 'pnpm', @@ -133,6 +139,7 @@ function main() { ...process.env, NPM_AUTH_TOKEN: ghToken, NODE_AUTH_TOKEN: ghToken, + GH_NPM_REGISTRY_TOKEN: '', }, } ); diff --git a/scripts/publish-to-registries.sh b/scripts/publish-to-registries.sh index 18d6e0ff4..548d5ead0 100755 --- a/scripts/publish-to-registries.sh +++ b/scripts/publish-to-registries.sh @@ -2,31 +2,66 @@ # Publish to both npm and GitHub Package Registry # Usage: ./scripts/publish-to-registries.sh [publish args...] -set -e +set -euo pipefail -if [ -z "$NPM_AUTH_TOKEN" ]; then +# TAG_NAME is injected by semantic-release via publishCmd; validate it to prevent +# shell injection if the release channel value ever contains unexpected characters. +if [[ -n "${TAG_NAME:-}" ]] && [[ ! "$TAG_NAME" =~ ^[a-z0-9-]+$ ]]; then + echo "Error: invalid TAG_NAME '${TAG_NAME}' — must match ^[a-z0-9-]+\$" >&2 + exit 1 +fi + +if [ -z "${NPM_AUTH_TOKEN:-}" ]; then echo "Error: NPM_AUTH_TOKEN environment variable is required" exit 1 fi -if [ -z "$GH_NPM_REGISTRY_TOKEN" ]; then +if [ -z "${GH_NPM_REGISTRY_TOKEN:-}" ]; then echo "Error: GH_NPM_REGISTRY_TOKEN environment variable is required" exit 1 fi +# Strip any registry-override or --tag flags from caller args. +# Registry is fixed by this script; tag comes from TAG_NAME env var (validated above). +filtered_args=() +skip_next=false +for arg in "$@"; do + if $skip_next; then + skip_next=false + continue + fi + if [[ "$arg" == --'@uipath:registry='* ]]; then + echo "Warning: ignoring registry override arg '$arg' — registry is fixed by this script" >&2 + continue + fi + if [[ "$arg" == --tag=* ]]; then + echo "Warning: ignoring --tag arg '$arg' — use TAG_NAME env var instead" >&2 + continue + fi + if [[ "$arg" == --tag ]]; then + echo "Warning: ignoring --tag flag — use TAG_NAME env var instead" >&2 + skip_next=true + continue + fi + filtered_args+=("$arg") +done + +TAG="${TAG_NAME:-latest}" + echo "📦 Publishing to npm..." # --provenance links the build to its GitHub Actions source; requires id-token: write in the workflow. -# Only supported on registry.npmjs.org, not on GitHub Packages. +# Only supported on registry.npmjs.org — GitHub Packages does not support npm provenance. NPM_AUTH_TOKEN="$NPM_AUTH_TOKEN" \ NODE_AUTH_TOKEN="$NPM_AUTH_TOKEN" \ - pnpm publish "$@" --provenance --@uipath:registry=https://registry.npmjs.org + GH_NPM_REGISTRY_TOKEN="" \ + pnpm publish "${filtered_args[@]}" --tag "$TAG" --provenance --@uipath:registry=https://registry.npmjs.org echo "✓ Published to npm" echo "" echo "📦 Publishing to GitHub Package Registry..." -NPM_AUTH_TOKEN="$GH_NPM_REGISTRY_TOKEN" \ +NPM_AUTH_TOKEN="" \ NODE_AUTH_TOKEN="$GH_NPM_REGISTRY_TOKEN" \ - pnpm publish "$@" --@uipath:registry=https://npm.pkg.github.com + pnpm publish "${filtered_args[@]}" --tag "$TAG" --@uipath:registry=https://npm.pkg.github.com echo "✓ Published to GitHub Package Registry" echo "" diff --git a/scripts/unpublish-dev.ts b/scripts/unpublish-dev.ts index e818eaeb2..635c0e3c1 100644 --- a/scripts/unpublish-dev.ts +++ b/scripts/unpublish-dev.ts @@ -17,7 +17,20 @@ import { execFileSync } from 'node:child_process'; import { findPackageInfo, getAllPackageNames } from './package-utils.js'; +const FETCH_TIMEOUT_MS = 30_000; + +function fetchWithTimeout(url: string, options: RequestInit): Promise { + const controller = new AbortController(); + const timer = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS); + return fetch(url, { ...options, signal: controller.signal }).finally(() => clearTimeout(timer)); +} + async function unpublishFromGitHub(packageName: string, version: string): Promise { + if (!/^@uipath\/[a-z0-9-]+$/.test(packageName)) { + console.error(`Invalid package name: ${packageName}`); + return false; + } + const token = process.env.GH_NPM_REGISTRY_TOKEN; if (!token) { console.error('Error: GH_NPM_REGISTRY_TOKEN environment variable is required for GitHub Package Registry.'); @@ -32,7 +45,7 @@ async function unpublishFromGitHub(packageName: string, version: string): Promis const apiUrl = `https://api.github.com/orgs/UiPath/packages/npm/${encodeURIComponent(packageNameWithoutScope)}/versions`; // Get all versions to find the one we want to delete - const versionsResponse = await fetch(apiUrl, { + const versionsResponse = await fetchWithTimeout(apiUrl, { headers: { 'Authorization': `Bearer ${token}`, 'Accept': 'application/vnd.github+json', @@ -58,7 +71,7 @@ async function unpublishFromGitHub(packageName: string, version: string): Promis } // Delete the specific version - const deleteResponse = await fetch(`${apiUrl}/${targetVersion.id}`, { + const deleteResponse = await fetchWithTimeout(`${apiUrl}/${targetVersion.id}`, { method: 'DELETE', headers: { 'Authorization': `Bearer ${token}`, @@ -101,7 +114,7 @@ async function unpublishFromRegistry( console.log(`\nProcessing ${registryName}...`); // Validate package name and version to prevent injection - const packageRegex = /^@[\w-]+\/[\w-]+$/; + const packageRegex = /^@uipath\/[a-z0-9-]+$/; const versionRegex = /^[\w.-]+$/; if (!packageRegex.test(packageName)) { @@ -119,7 +132,7 @@ async function unpublishFromRegistry( // First, check if package version exists on the registry const encodedPackageName = encodeURIComponent(packageName); - const checkResponse = await fetch( + const checkResponse = await fetchWithTimeout( `${registry}/${encodedPackageName}/${version}`, { headers: { @@ -280,6 +293,11 @@ async function main() { const [packageName, suffixOrVersion] = args as [string, string]; + if (!/^@uipath\/[a-z0-9-]+$/.test(packageName)) { + console.error(`Error: Invalid package name "${packageName}". Must be @uipath/ (lowercase, hyphens only).`); + process.exit(1); + } + // Determine if suffixOrVersion is a full version or just a suffix // Full version: starts with digits in semver pattern (e.g., "3.19.3-test") // Suffix: starts with letters or "pr" (e.g., "test", "pr123", "pr123.abc1234") diff --git a/scripts/update-dev-comment-row.ts b/scripts/update-dev-comment-row.ts index abb6b636a..fc5f4f3e0 100755 --- a/scripts/update-dev-comment-row.ts +++ b/scripts/update-dev-comment-row.ts @@ -53,7 +53,7 @@ async function main() { // Get current comment (using GH_TOKEN from env) const commentJson = execFileSync( 'gh', - ['api', `repos/${owner}/${repoName}/issues/${prNumber}/comments`, '--jq', `([.[] | select(.body | contains("${IDENTIFIER}"))] | .[0]) // empty`], + ['api', `repos/${owner}/${repoName}/issues/${prNumber}/comments`, '--jq', `([.[] | select((.user.type == "Bot" or .user.login == "github-actions[bot]") and (.body | contains("${IDENTIFIER}")))] | .[0]) // empty`], { encoding: 'utf8', env: { ...process.env, GH_TOKEN: token } } ).trim(); diff --git a/web-packages/ap-chat/.releaserc.json b/web-packages/ap-chat/.releaserc.json index 50aec36f0..1e27b3a90 100644 --- a/web-packages/ap-chat/.releaserc.json +++ b/web-packages/ap-chat/.releaserc.json @@ -30,7 +30,7 @@ [ "@semantic-release/exec", { - "publishCmd": "bash ../../scripts/publish-to-registries.sh --no-git-checks --access public --tag ${nextRelease.channel || 'latest'}" + "publishCmd": "TAG_NAME=${nextRelease.channel || 'latest'} bash ../../scripts/publish-to-registries.sh --no-git-checks --access public" } ], [ From bcbb9d3590efd7fe180ebc29e914274d3c92d150 Mon Sep 17 00:00:00 2001 From: Cristian Florin Calina Date: Wed, 13 May 2026 20:47:02 -0700 Subject: [PATCH 5/5] chore(repo): address comments, fix build --- .github/copilot-instructions.md | 1 + .../pnpm-workspace-registry-test.yaml | 40 ++++ .../scripts/test-registry/test-registry.ts | 26 ++- .../apollo-vertex-registry-check.yml | 9 +- .github/workflows/monitor-npm-publishes.yml | 46 +++- .github/workflows/release.yml | 61 ++--- .github/workflows/vercel-deploy.yml | 3 +- package.json | 18 +- pnpm-lock.yaml | 216 ++++++------------ pnpm-workspace.yaml | 56 +++-- scripts/publish-dev.ts | 6 +- 11 files changed, 256 insertions(+), 226 deletions(-) create mode 100644 .github/scripts/test-registry/pnpm-workspace-registry-test.yaml diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index d2183c8eb..2ad492c54 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -192,6 +192,7 @@ Note: `@tanstack/*` packages have a confirmed supply chain incident history (May - 'pkg' # too new # ❌ missing version, prune workflow won't remove it ``` - Vercel CLI: always `npm install -g vercel@X.Y.Z` — never `@latest`. +- **pnpm 11 breaking change ([pnpm/pnpm#11536](https://github.com/pnpm/pnpm/issues/11536)):** pnpm 11 silently ignores the entire `pnpm.*` block in `package.json` (overrides, packageExtensions, onlyBuiltDependencies, etc.). All pnpm configuration must live in `pnpm-workspace.yaml`. Never add `pnpm.overrides` or `pnpm.packageExtensions` to `package.json` — they will be silently ignored with no warning. --- diff --git a/.github/scripts/test-registry/pnpm-workspace-registry-test.yaml b/.github/scripts/test-registry/pnpm-workspace-registry-test.yaml new file mode 100644 index 000000000..d21f5686d --- /dev/null +++ b/.github/scripts/test-registry/pnpm-workspace-registry-test.yaml @@ -0,0 +1,40 @@ +# pnpm workspace settings for isolated registry component test directories. +# Copied verbatim into each temp dir by test-registry.ts and the prepare job in +# apollo-vertex-registry-check.yml. Keep in sync with the relevant sections of +# the root pnpm-workspace.yaml (overrides, packageExtensions, allowBuilds). +# +# Intentionally excludes: packages:, minimumReleaseAge*, auditConfig +# — those are irrelevant or break isolated installs. +autoInstallPeers: true +minimumReleaseAgeIgnoreMissingTime: true +blockExoticSubdeps: true + +# @tanstack/* packages have missing `time` metadata in the npm registry +# (pnpm/pnpm#11238 + pnpm/pnpm#11622 — minimumReleaseAgeIgnoreMissingTime +# is not always honored). Exempt them to ensure peer deps like +# @tanstack/query-db-collection install reliably. +minimumReleaseAgeExclude: + - '@tanstack/*' + - '@uipath/*' + +overrides: + "@standard-schema/spec": "^1.1.0" # ensures @uipath/vs-core and @tanstack/* all resolve the same spec version so useLiveQuery type-checks correctly +shadcn: "4.4.0" # pin to match pnpm dlx shadcn@4.4.0 — shadcn init calls pnpm add shadcn@latest internally + +# Link @standard-schema/spec@1.1.0 only into @tanstack/ai — NOT as a global override. +# A global override would force @tanstack/react-db onto 1.1.0 too, changing its Context +# generic constraint in a way that breaks Group/GroupMember from @uipath/vs-core. +packageExtensions: + "@tanstack/ai": + dependencies: + "@standard-schema/spec": "^1.1.0" + +allowBuilds: + '@biomejs/biome': true + '@parcel/watcher': true + core-js: true + es5-ext: true + esbuild: true + msw: true + sharp: true + unrs-resolver: true # native Rust resolver, required by Next.js 16 diff --git a/.github/scripts/test-registry/test-registry.ts b/.github/scripts/test-registry/test-registry.ts index 97c22eba9..f5d919bb8 100644 --- a/.github/scripts/test-registry/test-registry.ts +++ b/.github/scripts/test-registry/test-registry.ts @@ -1,5 +1,5 @@ import { execFileSync } from 'node:child_process'; -import { cpSync, mkdtempSync, readFileSync, rmSync } from 'node:fs'; +import { cpSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'node:fs'; import { tmpdir } from 'node:os'; import { join } from 'node:path'; @@ -19,6 +19,14 @@ function testComponent(component: string, baseAppPath: string): TestResult { filter: (src) => !src.includes('node_modules'), }); + // Copy the repo's pnpm-workspace.yaml so isolated test dirs resolve packages + // identically to the main workspace (overrides, packageExtensions, allowBuilds). + const testWorkspaceConfig = readFileSync( + new URL('pnpm-workspace-registry-test.yaml', import.meta.url), + 'utf-8', + ); + writeFileSync(join(testDir, 'pnpm-workspace.yaml'), testWorkspaceConfig); + // Install dependencies in the temp directory. // No --frozen-lockfile: the shadcn-initialised app has no committed lockfile by design — // this test simulates a fresh consumer install to verify components resolve correctly. @@ -35,6 +43,22 @@ function testComponent(component: string, baseAppPath: string): TestResult { cwd: testDir, }); + // Explicitly install @uipath/vs-core's peer deps so pnpm links them into its virtual + // node_modules. Without this, pnpm 11's stricter isolation means TypeScript can't + // resolve zod@4 / @tanstack/query-db-collection from @uipath/vs-core's type declarations, + // causing types like Group to collapse to {}. + execFileSync('pnpm', [ + 'add', '-D', + 'zod@^4.1.12', + '@tanstack/query-db-collection@^1.0.31', + '@tanstack/react-query@^5.90.3', + 'idb-keyval@^6.2.1', + ], { + encoding: 'utf-8', + stdio: ['pipe', 'pipe', 'pipe'], + cwd: testDir, + }); + // Type-check all files to verify all imports resolve correctly // (next build only checks files in the build graph — components not imported by any page would be skipped) const tscOutput = execFileSync('pnpm', ['exec', 'tsc', '--noEmit'], { diff --git a/.github/workflows/apollo-vertex-registry-check.yml b/.github/workflows/apollo-vertex-registry-check.yml index 1ef108f5b..f2fb84543 100644 --- a/.github/workflows/apollo-vertex-registry-check.yml +++ b/.github/workflows/apollo-vertex-registry-check.yml @@ -76,13 +76,17 @@ jobs: echo "result=${MATRIX}" >> "${GITHUB_OUTPUT}" - name: Create base shadcn app - run: cd ${{ runner.temp }} && pnpm dlx shadcn@4.4.0 init --preset a0 --template next --name minimal-app + run: | + cp .github/scripts/test-registry/pnpm-workspace-registry-test.yaml "$RUNNER_TEMP/pnpm-workspace.yaml" + cd "$RUNNER_TEMP" && pnpm dlx shadcn@4.4.0 init --preset a0 --template next --name minimal-app - name: Configure @uipath registry working-directory: ${{ runner.temp }}/minimal-app env: REGISTRY_URL: http://localhost:3000 - run: $GITHUB_WORKSPACE/node_modules/.bin/tsx $GITHUB_WORKSPACE/.github/scripts/test-registry/configure-registry.ts + run: | + # shellcheck disable=SC2086 + $GITHUB_WORKSPACE/node_modules/.bin/tsx $GITHUB_WORKSPACE/.github/scripts/test-registry/configure-registry.ts - name: Copy locales into base app run: cp -r apps/apollo-vertex/locales ${{ runner.temp }}/minimal-app/locales @@ -124,6 +128,7 @@ jobs: .github/scripts/test-registry package.json pnpm-lock.yaml + pnpm-workspace.yaml - name: Setup pnpm uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 diff --git a/.github/workflows/monitor-npm-publishes.yml b/.github/workflows/monitor-npm-publishes.yml index 197454681..9db27bfe1 100644 --- a/.github/workflows/monitor-npm-publishes.yml +++ b/.github/workflows/monitor-npm-publishes.yml @@ -35,24 +35,48 @@ jobs: ) UNMATCHED="" + FETCH_ERRORS=0 for pkg in "${PACKAGES[@]}"; do - latest=$(npm view "$pkg" version --registry https://registry.npmjs.org 2>/dev/null) - if [ -z "$latest" ]; then - echo "::warning::Could not fetch latest version for $pkg" + # Fetch all active dist-tag versions (not just latest) so publishes under + # beta/next/rc tags are also caught. Use if ! to capture non-zero exit before + # bash -e can terminate the step (GitHub Actions runs scripts with set -e). + if ! dist_tags=$(npm view "$pkg" dist-tags --json --registry https://registry.npmjs.org 2>/dev/null) \ + || [ -z "$dist_tags" ] || [ "$dist_tags" = "null" ]; then + echo "::warning::Could not fetch dist-tags for $pkg — skipping (will not auto-close alerts)" + FETCH_ERRORS=$((FETCH_ERRORS + 1)) continue fi - tag="${pkg}@${latest}" - if gh release view "$tag" --repo "$GITHUB_REPOSITORY" > /dev/null 2>&1; then - echo "✓ $tag — GitHub release exists" - else - echo "::warning::$tag is on npm but has no matching GitHub release tag" - UNMATCHED="${UNMATCHED}\n- \`${tag}\`" - fi + # Extract unique versions across all dist-tags (latest, beta, next, etc.) + versions=$(echo "$dist_tags" | jq -r 'to_entries | map(.value) | unique[]') + + for version in $versions; do + # Skip dev PR preview versions — must match the exact shape dev-publish.yml + # produces: x.y.z-prNNN or x.y.z-prNNN.sha (full semver, -pr immediately + # after the patch segment, no other prerelease label before -pr). + if [[ "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+-pr[0-9]+(\.[a-z0-9]+)?$ ]]; then + continue + fi + + tag="${pkg}@${version}" + if gh release view "$tag" --repo "$GITHUB_REPOSITORY" > /dev/null 2>&1; then + echo "✓ $tag — GitHub release exists" + else + echo "::warning::$tag is on npm but has no matching GitHub release tag" + UNMATCHED="${UNMATCHED}\n- \`${tag}\`" + fi + done done - if [ -n "$UNMATCHED" ]; then + if [ "$FETCH_ERRORS" -gt 0 ]; then + # At least one package could not be checked. Do not set unmatched=false — + # that would trigger auto-close of an existing alert even though the check + # was incomplete. Fail the step so the run is marked as failed. + echo "::error::$FETCH_ERRORS package(s) could not be fetched from npm. Not auto-closing any existing alert." + echo "unmatched=error" >> "$GITHUB_OUTPUT" + exit 1 + elif [ -n "$UNMATCHED" ]; then echo "unmatched=true" >> "$GITHUB_OUTPUT" DELIM="ALERT_$(openssl rand -hex 8)" { diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4238367d5..3273cb76c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,6 +27,7 @@ jobs: contents: write packages: write id-token: write + attestations: write steps: - name: Checkout code @@ -73,42 +74,63 @@ jobs: HUSKY: 0 run: pnpm release + - name: Commit changelogs and package updates + run: | + if [ -n "$(git status --porcelain)" ]; then + # Get list of changed packages + CHANGED_PACKAGES=$(git diff --name-only | grep 'packages/\|web-packages/' | cut -d'/' -f2 | sort -u | tr '\n' ', ' | sed 's/,$//') + + git add --all + git commit -m "chore(release): version bump [skip ci]" -m "Packages: $CHANGED_PACKAGES" + + if ! git push; then + echo "::error::Failed to push version bump commit" + echo "This may indicate a conflict or permission issue" + exit 1 + fi + echo "✓ Pushed version bump commit" + else + echo "No changes to commit" + fi + # Remove write credentials — push is complete and later steps don't need them + git remote set-url origin "https://github.com/${GITHUB_REPOSITORY}.git" + - name: Generate per-package SBOMs run: | - pnpm --filter @uipath/apollo-core sbom --sbom-format cyclonedx --prod > sbom-apollo-core.cyclonedx.json - pnpm --filter @uipath/apollo-react sbom --sbom-format cyclonedx --prod > sbom-apollo-react.cyclonedx.json - pnpm --filter @uipath/apollo-wind sbom --sbom-format cyclonedx --prod > sbom-apollo-wind.cyclonedx.json - pnpm --filter '@uipath/ap-chat' sbom --sbom-format cyclonedx --prod > sbom-ap-chat.cyclonedx.json + pnpm --filter @uipath/apollo-core sbom --sbom-format cyclonedx --prod > "$RUNNER_TEMP/sbom-apollo-core.cyclonedx.json" + pnpm --filter @uipath/apollo-react sbom --sbom-format cyclonedx --prod > "$RUNNER_TEMP/sbom-apollo-react.cyclonedx.json" + pnpm --filter @uipath/apollo-wind sbom --sbom-format cyclonedx --prod > "$RUNNER_TEMP/sbom-apollo-wind.cyclonedx.json" + pnpm --filter '@uipath/ap-chat' sbom --sbom-format cyclonedx --prod > "$RUNNER_TEMP/sbom-ap-chat.cyclonedx.json" - name: Attest SBOM — apollo-core uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4.1.0 with: subject-path: packages/apollo-core/dist - sbom-path: sbom-apollo-core.cyclonedx.json + sbom-path: ${{ runner.temp }}/sbom-apollo-core.cyclonedx.json - name: Attest SBOM — apollo-react uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4.1.0 with: subject-path: packages/apollo-react/dist - sbom-path: sbom-apollo-react.cyclonedx.json + sbom-path: ${{ runner.temp }}/sbom-apollo-react.cyclonedx.json - name: Attest SBOM — apollo-wind uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4.1.0 with: subject-path: packages/apollo-wind/dist - sbom-path: sbom-apollo-wind.cyclonedx.json + sbom-path: ${{ runner.temp }}/sbom-apollo-wind.cyclonedx.json - name: Attest SBOM — ap-chat uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4.1.0 with: subject-path: web-packages/ap-chat/dist - sbom-path: sbom-ap-chat.cyclonedx.json + sbom-path: ${{ runner.temp }}/sbom-ap-chat.cyclonedx.json - name: Upload SBOMs as release artifact uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: sbom-${{ github.sha }} - path: sbom-*.cyclonedx.json + path: ${{ runner.temp }}/sbom-*.cyclonedx.json retention-days: 90 # Build provenance attestation — covers GHP consumers, who cannot use npm's --provenance @@ -132,23 +154,4 @@ jobs: - name: Attest build provenance — ap-chat uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: - subject-path: web-packages/ap-chat/dist - - - name: Commit changelogs and package updates - run: | - if [ -n "$(git status --porcelain)" ]; then - # Get list of changed packages - CHANGED_PACKAGES=$(git diff --name-only | grep 'packages/\|web-packages/' | cut -d'/' -f2 | sort -u | tr '\n' ', ' | sed 's/,$//') - - git add --all - git commit -m "chore(release): version bump [skip ci]" -m "Packages: $CHANGED_PACKAGES" - - if ! git push; then - echo "::error::Failed to push version bump commit" - echo "This may indicate a conflict or permission issue" - exit 1 - fi - echo "✓ Pushed version bump commit" - else - echo "No changes to commit" - fi \ No newline at end of file + subject-path: web-packages/ap-chat/dist \ No newline at end of file diff --git a/.github/workflows/vercel-deploy.yml b/.github/workflows/vercel-deploy.yml index 26fd1799a..0037c8900 100644 --- a/.github/workflows/vercel-deploy.yml +++ b/.github/workflows/vercel-deploy.yml @@ -123,10 +123,9 @@ jobs: uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: ~/.npm - key: ${{ runner.os }}-vercel-cli-53.4.0-${{ github.sha }} + key: ${{ runner.os }}-vercel-cli-53.4.0-${{ github.ref_name }}-${{ github.sha }} restore-keys: | ${{ runner.os }}-vercel-cli-53.4.0-${{ github.ref_name }}- - ${{ runner.os }}-vercel-cli-53.4.0- - name: Install Vercel CLI run: npm install -g vercel@53.4.0 diff --git a/package.json b/package.json index df4cd5195..c5d551ead 100644 --- a/package.json +++ b/package.json @@ -73,7 +73,7 @@ }, "engines": { "node": ">=22", - "pnpm": ">=10" + "pnpm": ">=11" }, "packageManager": "pnpm@11.1.1", "lint-staged": { @@ -91,21 +91,5 @@ "commitizen": { "path": "@commitlint/cz-commitlint" } - }, - "pnpm": { - "overrides": { - "minimatch": "^10.2.5", - "lodash": "^4.18.1", - "tmp": "^0.2.5", - "picomatch": ">=4.0.4", - "postcss": "^8.5.14" - }, - "packageExtensions": { - "@tanstack/ai": { - "dependencies": { - "@standard-schema/spec": "^1.1.0" - } - } - } } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index a7730197f..06d8a6a8f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -4,6 +4,15 @@ settings: autoInstallPeers: true excludeLinksFromLockfile: false +overrides: + minimatch: ^10.2.5 + lodash: ^4.18.1 + tmp: ^0.2.5 + picomatch: '>=4.0.4' + postcss: ^8.5.14 + +packageExtensionsChecksum: sha256-MiSYq8DXxufYD2Uu5iQfUDBUnmlvtj4LBvzJl3bvsgA= + importers: .: @@ -117,7 +126,7 @@ importers: specifier: ^4.6.1 version: 4.6.1(@types/react@19.2.8)(immer@10.2.0)(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(nextra@4.6.1(next@16.2.6(@babel/core@7.28.5)(@opentelemetry/api@1.9.0)(babel-plugin-macros@3.1.0)(babel-plugin-react-compiler@1.0.0)(react-dom@19.2.3(react@19.2.3))(react@19.2.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(typescript@5.9.3))(react-dom@19.2.3(react@19.2.3))(react@19.2.3)(use-sync-external-store@1.6.0(react@19.2.3)) postcss: - specifier: ^8.5.6 + specifier: ^8.5.14 version: 8.5.14 react: specifier: 19.2.3 @@ -322,7 +331,7 @@ importers: specifier: ^6.0.0 version: 6.0.0 postcss: - specifier: ^8.5.6 + specifier: ^8.5.14 version: 8.5.14 react: specifier: 19.2.3 @@ -574,7 +583,7 @@ importers: specifier: ^4.18.1 version: 4.18.1 postcss: - specifier: ^8.5.6 + specifier: ^8.5.14 version: 8.5.14 postcss-cli: specifier: ^10.1.0 @@ -1143,7 +1152,7 @@ importers: specifier: ^27.2.0 version: 27.3.0 postcss: - specifier: ^8.5.6 + specifier: ^8.5.14 version: 8.5.14 postcss-import: specifier: ^16.1.1 @@ -5728,9 +5737,6 @@ packages: '@socket.io/component-emitter@3.1.2': resolution: {integrity: sha512-9BCxFwvbGg/RsZK9tjXd8s4UcwR0MWeFQ1XEKIQVVvAGJyINdrqKMcTRyLoK8Rse1GjzLV9cwjWV1olXRWEXVA==} - '@standard-schema/spec@1.0.0': - resolution: {integrity: sha512-m2bOd0f2RT9k8QJx1JN85cZYyH1RqFBdlwtkSlf4tBDYLCiiZnv1fIIwacK6cqwXavOydf0NPToMQgpKq+dVlA==} - '@standard-schema/spec@1.1.0': resolution: {integrity: sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==} @@ -7150,7 +7156,7 @@ packages: engines: {node: ^10 || ^12 || >=14} hasBin: true peerDependencies: - postcss: ^8.1.0 + postcss: ^8.5.14 available-typed-arrays@1.0.7: resolution: {integrity: sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==} @@ -7193,9 +7199,6 @@ packages: bail@2.0.2: resolution: {integrity: sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw==} - balanced-match@1.0.2: - resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==} - balanced-match@2.0.0: resolution: {integrity: sha512-1ugUSr8BHXRnK23KfuYS+gVMC3LB8QGH9W1iGtDPsNWoQbgtXSExkBu2aDR4epiGWZOjZsj6lDl/N/AqqTC3UA==} @@ -7252,12 +7255,6 @@ packages: resolution: {integrity: sha512-dr5s3vtOG8NkVSwa8CC55XBIKKwajomSZRb0RiMOOOF6TpqZBZvtbDjpzWICvdd/plDF6uOtaRfSgblPQLAioQ==} engines: {node: '>= 18'} - brace-expansion@1.1.14: - resolution: {integrity: sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==} - - brace-expansion@2.1.0: - resolution: {integrity: sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==} - brace-expansion@5.0.5: resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==} engines: {node: 18 || 20 || >=22} @@ -7579,9 +7576,6 @@ packages: compute-scroll-into-view@3.1.1: resolution: {integrity: sha512-VRhuHOLoKYOy4UbilLbUzbYg93XLjv2PncJC50EuTWPA3gaja1UjBsUP/D/9/juV3vQFr6XBEzn9KCAHdUvOHw==} - concat-map@0.0.1: - resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==} - confbox@0.1.8: resolution: {integrity: sha512-RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/WrK6w==} @@ -7746,7 +7740,7 @@ packages: resolution: {integrity: sha512-gz6x+KkgNCjxq3Var03pRYLhyNfwhkKF1g/yoLgDNtFvVu0/fOLV9C8fFEZRjACp/XQLumjAYo7JVjzH3wLbxA==} engines: {node: ^14 || ^16 || >=18} peerDependencies: - postcss: ^8.0.9 + postcss: ^8.5.14 css-functions-list@3.2.3: resolution: {integrity: sha512-IQOkD3hbR5KrN93MtcYuad6YPuTSUhntLHDuLEbFWE+ff2/XSZNdZG+LcbbIW5AXKg/WFIfYItIzVoHngHXZzA==} @@ -7787,19 +7781,19 @@ packages: resolution: {integrity: sha512-6ZBjW0Lf1K1Z+0OKUAUpEN62tSXmYChXWi2NAA0afxEVsj9a+MbcB1l5qel6BHJHmULai2fCGRthCeKSFbScpA==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 cssnano-utils@5.0.1: resolution: {integrity: sha512-ZIP71eQgG9JwjVZsTPSqhc6GHgEr53uJ7tK5///VfyWj6Xp2DBmixWHqJgPno+PqATzn48pL42ww9x5SSGmhZg==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 cssnano@7.1.2: resolution: {integrity: sha512-HYOPBsNvoiFeR1eghKD5C3ASm64v9YVyJB4Ivnl2gqKoQYvjjN/G0rztvKQq8OxocUtC6sjqY8jwYngIB4AByA==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 csso@5.0.5: resolution: {integrity: sha512-0LrrStPOdJj+SPCCrGhzryycLjwcgUSHBtxNA8aIDxf0GLsRh1cKYhB00Gd1lDOS4yGH69+SNn13+TWbVHETFQ==} @@ -8636,7 +8630,7 @@ packages: resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==} engines: {node: '>=12.0.0'} peerDependencies: - picomatch: ^3 || ^4 + picomatch: '>=4.0.4' peerDependenciesMeta: picomatch: optional: true @@ -10144,9 +10138,6 @@ packages: lodash.upperfirst@4.3.1: resolution: {integrity: sha512-sReKOYJIJf74dhJONhU4e0/shzi1trVbSWDOhKYE5XV2O+H7Sb2Dihwuc7xWxVl+DgFPyTqIN3zMfT9cq5iWDg==} - lodash@4.17.21: - resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==} - lodash@4.18.1: resolution: {integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==} @@ -10554,13 +10545,6 @@ packages: resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==} engines: {node: 18 || 20 || >=22} - minimatch@3.1.5: - resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==} - - minimatch@5.1.9: - resolution: {integrity: sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==} - engines: {node: '>=10'} - minimist@1.2.7: resolution: {integrity: sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==} @@ -11014,10 +10998,6 @@ packages: orderedmap@2.1.1: resolution: {integrity: sha512-TvAWxi0nDe1j/rtMcWcIj94+Ffe6n7zhow33h40SKxmsmozs6dz/e+EajymfoFcHd7sxNn8yHM8839uixMOV6g==} - os-tmpdir@1.0.2: - resolution: {integrity: sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g==} - engines: {node: '>=0.10.0'} - outvariant@1.4.3: resolution: {integrity: sha512-+Sl2UErvtsoajRDKCE5/dBz4DIvHXQQnAxtQTF04OJxY0+DyZXSo5P5Bb7XYWOh81syohlYL24hbDwxedPUJCA==} @@ -11264,14 +11244,6 @@ packages: picocolors@1.1.1: resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==} - picomatch@2.3.2: - resolution: {integrity: sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==} - engines: {node: '>=8.6'} - - picomatch@4.0.3: - resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==} - engines: {node: '>=12'} - picomatch@4.0.4: resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==} engines: {node: '>=12'} @@ -11332,62 +11304,62 @@ packages: resolution: {integrity: sha512-NYEsLHh8DgG/PRH2+G9BTuUdtf9ViS+vdoQ0YA5OQdGsfN4ztiwtDWNtBl9EKeqNMFnIu8IKZ0cLxEQ5r5KVMw==} engines: {node: ^18.12 || ^20.9 || >=22.0} peerDependencies: - postcss: ^8.4.38 + postcss: ^8.5.14 postcss-cli@10.1.0: resolution: {integrity: sha512-Zu7PLORkE9YwNdvOeOVKPmWghprOtjFQU3srMUGbdz3pHJiFh7yZ4geiZFMkjMfB0mtTFR3h8RemR62rPkbOPA==} engines: {node: '>=14'} hasBin: true peerDependencies: - postcss: ^8.0.0 + postcss: ^8.5.14 postcss-colormin@7.0.5: resolution: {integrity: sha512-ekIBP/nwzRWhEMmIxHHbXHcMdzd1HIUzBECaj5KEdLz9DVP2HzT065sEhvOx1dkLjYW7jyD0CngThx6bpFi2fA==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-convert-values@7.0.8: resolution: {integrity: sha512-+XNKuPfkHTCEo499VzLMYn94TiL3r9YqRE3Ty+jP7UX4qjewUONey1t7CG21lrlTLN07GtGM8MqFVp86D4uKJg==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-discard-comments@7.0.5: resolution: {integrity: sha512-IR2Eja8WfYgN5n32vEGSctVQ1+JARfu4UH8M7bgGh1bC+xI/obsPJXaBpQF7MAByvgwZinhpHpdrmXtvVVlKcQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-discard-duplicates@7.0.2: resolution: {integrity: sha512-eTonaQvPZ/3i1ASDHOKkYwAybiM45zFIc7KXils4mQmHLqIswXD9XNOKEVxtTFnsmwYzF66u4LMgSr0abDlh5w==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-discard-empty@7.0.1: resolution: {integrity: sha512-cFrJKZvcg/uxB6Ijr4l6qmn3pXQBna9zyrPC+sK0zjbkDUZew+6xDltSF7OeB7rAtzaaMVYSdbod+sZOCWnMOg==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-discard-overridden@7.0.1: resolution: {integrity: sha512-7c3MMjjSZ/qYrx3uc1940GSOzN1Iqjtlqe8uoSg+qdVPYyRb0TILSqqmtlSFuE4mTDECwsm397Ya7iXGzfF7lg==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-import@16.1.1: resolution: {integrity: sha512-2xVS1NCZAfjtVdvXiyegxzJ447GyqCeEI5V7ApgQVOWnros1p5lGNovJNapwPpMombyFBfqDwt7AD3n2l0KOfQ==} engines: {node: '>=18.0.0'} peerDependencies: - postcss: ^8.0.0 + postcss: ^8.5.14 postcss-load-config@4.0.2: resolution: {integrity: sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==} engines: {node: '>= 14'} peerDependencies: - postcss: '>=8.0.9' + postcss: ^8.5.14 ts-node: '>=9.0.0' peerDependenciesMeta: postcss: @@ -11399,115 +11371,115 @@ packages: resolution: {integrity: sha512-Kpu5v4Ys6QI59FxmxtNB/iHUVDn9Y9sYw66D6+SZoIk4QTz1prC4aYkhIESu+ieG1iylod1f8MILMs1Em3mmIw==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-merge-rules@7.0.7: resolution: {integrity: sha512-njWJrd/Ms6XViwowaaCc+/vqhPG3SmXn725AGrnl+BgTuRPEacjiLEaGq16J6XirMJbtKkTwnt67SS+e2WGoew==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-minify-font-values@7.0.1: resolution: {integrity: sha512-2m1uiuJeTplll+tq4ENOQSzB8LRnSUChBv7oSyFLsJRtUgAAJGP6LLz0/8lkinTgxrmJSPOEhgY1bMXOQ4ZXhQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-minify-gradients@7.0.1: resolution: {integrity: sha512-X9JjaysZJwlqNkJbUDgOclyG3jZEpAMOfof6PUZjPnPrePnPG62pS17CjdM32uT1Uq1jFvNSff9l7kNbmMSL2A==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-minify-params@7.0.5: resolution: {integrity: sha512-FGK9ky02h6Ighn3UihsyeAH5XmLEE2MSGH5Tc4tXMFtEDx7B+zTG6hD/+/cT+fbF7PbYojsmmWjyTwFwW1JKQQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-minify-selectors@7.0.5: resolution: {integrity: sha512-x2/IvofHcdIrAm9Q+p06ZD1h6FPcQ32WtCRVodJLDR+WMn8EVHI1kvLxZuGKz/9EY5nAmI6lIQIrpo4tBy5+ug==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-normalize-charset@7.0.1: resolution: {integrity: sha512-sn413ofhSQHlZFae//m9FTOfkmiZ+YQXsbosqOWRiVQncU2BA3daX3n0VF3cG6rGLSFVc5Di/yns0dFfh8NFgQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-normalize-display-values@7.0.1: resolution: {integrity: sha512-E5nnB26XjSYz/mGITm6JgiDpAbVuAkzXwLzRZtts19jHDUBFxZ0BkXAehy0uimrOjYJbocby4FVswA/5noOxrQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-normalize-positions@7.0.1: resolution: {integrity: sha512-pB/SzrIP2l50ZIYu+yQZyMNmnAcwyYb9R1fVWPRxm4zcUFCY2ign7rcntGFuMXDdd9L2pPNUgoODDk91PzRZuQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-normalize-repeat-style@7.0.1: resolution: {integrity: sha512-NsSQJ8zj8TIDiF0ig44Byo3Jk9e4gNt9x2VIlJudnQQ5DhWAHJPF4Tr1ITwyHio2BUi/I6Iv0HRO7beHYOloYQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-normalize-string@7.0.1: resolution: {integrity: sha512-QByrI7hAhsoze992kpbMlJSbZ8FuCEc1OT9EFbZ6HldXNpsdpZr+YXC5di3UEv0+jeZlHbZcoCADgb7a+lPmmQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-normalize-timing-functions@7.0.1: resolution: {integrity: sha512-bHifyuuSNdKKsnNJ0s8fmfLMlvsQwYVxIoUBnowIVl2ZAdrkYQNGVB4RxjfpvkMjipqvbz0u7feBZybkl/6NJg==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-normalize-unicode@7.0.5: resolution: {integrity: sha512-X6BBwiRxVaFHrb2WyBMddIeB5HBjJcAaUHyhLrM2FsxSq5TFqcHSsK7Zu1otag+o0ZphQGJewGH1tAyrD0zX1Q==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-normalize-url@7.0.1: resolution: {integrity: sha512-sUcD2cWtyK1AOL/82Fwy1aIVm/wwj5SdZkgZ3QiUzSzQQofrbq15jWJ3BA7Z+yVRwamCjJgZJN0I9IS7c6tgeQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-normalize-whitespace@7.0.1: resolution: {integrity: sha512-vsbgFHMFQrJBJKrUFJNZ2pgBeBkC2IvvoHjz1to0/0Xk7sII24T0qFOiJzG6Fu3zJoq/0yI4rKWi7WhApW+EFA==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-ordered-values@7.0.2: resolution: {integrity: sha512-AMJjt1ECBffF7CEON/Y0rekRLS6KsePU6PRP08UqYW4UGFRnTXNrByUzYK1h8AC7UWTZdQ9O3Oq9kFIhm0SFEw==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-reduce-initial@7.0.5: resolution: {integrity: sha512-RHagHLidG8hTZcnr4FpyMB2jtgd/OcyAazjMhoy5qmWJOx1uxKh4ntk0Pb46ajKM0rkf32lRH4C8c9qQiPR6IA==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-reduce-transforms@7.0.1: resolution: {integrity: sha512-MhyEbfrm+Mlp/36hvZ9mT9DaO7dbncU0CvWI8V93LRkY6IYlu38OPg3FObnuKTUxJ4qA8HpurdQOo5CyqqO76g==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-reporter@7.1.0: resolution: {integrity: sha512-/eoEylGWyy6/DOiMP5lmFRdmDKThqgn7D6hP2dXKJI/0rJSO1ADFNngZfDzxL0YAxFvws+Rtpuji1YIHj4mySA==} engines: {node: '>=10'} peerDependencies: - postcss: ^8.1.0 + postcss: ^8.5.14 postcss-resolve-nested-selector@0.1.6: resolution: {integrity: sha512-0sglIs9Wmkzbr8lQwEyIzlDOOC9bGmfVKcJTaxv3vMmd3uo4o4DerC3En0bnmgceeql9BfC8hRkp7cg0fjdVqw==} @@ -11516,7 +11488,7 @@ packages: resolution: {integrity: sha512-0AioNCJZ2DPYz5ABT6bddIqlhgwhpHZ/l65YAYo0BCIn0xiDpsnTHz0gnoTGk0OXZW0JRs+cDwL8u/teRdz+8A==} engines: {node: '>=18.0'} peerDependencies: - postcss: ^8.4.31 + postcss: ^8.5.14 postcss-selector-parser@7.1.0: resolution: {integrity: sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==} @@ -11530,21 +11502,17 @@ packages: resolution: {integrity: sha512-KnAlfmhtoLz6IuU3Sij2ycusNs4jPW+QoFE5kuuUOK8awR6tMxZQrs5Ey3BUz7nFCzT3eqyFgqkyrHiaU2xx3w==} engines: {node: ^18.12.0 || ^20.9.0 || >= 18} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-unique-selectors@7.0.4: resolution: {integrity: sha512-pmlZjsmEAG7cHd7uK3ZiNSW6otSZ13RHuZ/4cDN/bVglS5EpF2r2oxY99SuOHa8m7AWoBCelTS3JPpzsIs8skQ==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 postcss-value-parser@4.2.0: resolution: {integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==} - postcss@8.4.31: - resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==} - engines: {node: ^10 || ^12 || >=14} - postcss@8.5.14: resolution: {integrity: sha512-SoSL4+OSEtR99LHFZQiJLkT59C5B1amGO1NzTwj7TT1qCUgUO6hxOvzkOYxD+vMrXBM3XJIKzokoERdqQq/Zmg==} engines: {node: ^10 || ^12 || >=14} @@ -12792,7 +12760,7 @@ packages: resolution: {integrity: sha512-bJkD0JkEtbRrMFtwgpJyBbFIwfDDONQ1Ov3sDLZQP8HuJ73kBOyx66H4bOcAbVWmnfLdvQ0AJwXxOMkpujcO6g==} engines: {node: ^18.12.0 || ^20.9.0 || >=22.0} peerDependencies: - postcss: ^8.4.32 + postcss: ^8.5.14 stylelint-config-recommended@14.0.1: resolution: {integrity: sha512-bLvc1WOz/14aPImu/cufKAZYfXs/A/owZfSMZ4N+16WGXLoX5lOir53M6odBxvhgmgdxCVnNySJmZKx73T93cg==} @@ -13031,9 +12999,9 @@ packages: tmcp@1.19.2: resolution: {integrity: sha512-/AEG/jlzflGKqCKm7GNdhz50VtFlN+3vcnKd+iQJXcHdIPrpCRMolEj57SfgcXcfE2ouX7J6Q05gPKsS2NZhKg==} - tmp@0.0.33: - resolution: {integrity: sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==} - engines: {node: '>=0.6.0'} + tmp@0.2.5: + resolution: {integrity: sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==} + engines: {node: '>=14.14'} to-regex-range@5.0.1: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} @@ -15597,7 +15565,7 @@ snapshots: dependencies: '@eslint/object-schema': 2.1.7 debug: 4.4.3 - minimatch: 3.1.5 + minimatch: 10.2.5 transitivePeerDependencies: - supports-color @@ -15618,7 +15586,7 @@ snapshots: ignore: 5.3.2 import-fresh: 3.3.1 js-yaml: 4.1.1 - minimatch: 3.1.5 + minimatch: 10.2.5 strip-json-comments: 3.1.1 transitivePeerDependencies: - supports-color @@ -18735,8 +18703,6 @@ snapshots: '@socket.io/component-emitter@3.1.2': {} - '@standard-schema/spec@1.0.0': {} - '@standard-schema/spec@1.1.0': {} '@standard-schema/utils@0.3.0': {} @@ -19193,6 +19159,7 @@ snapshots: '@tanstack/ai@0.14.0': dependencies: '@ag-ui/core': 0.0.49 + '@standard-schema/spec': 1.1.0 '@tanstack/ai-event-client': 0.2.8(@tanstack/ai@0.14.0) partial-json: 0.1.7 @@ -19388,7 +19355,7 @@ snapshots: '@tmcp/adapter-valibot@0.1.5(tmcp@1.19.2(typescript@5.9.3))(valibot@1.2.0(typescript@5.9.3))': dependencies: - '@standard-schema/spec': 1.0.0 + '@standard-schema/spec': 1.1.0 '@valibot/to-json-schema': 1.5.0(valibot@1.2.0(typescript@5.9.3)) tmcp: 1.19.2(typescript@5.9.3) valibot: 1.2.0(typescript@5.9.3) @@ -20420,7 +20387,7 @@ snapshots: anymatch@3.1.3: dependencies: normalize-path: 3.0.0 - picomatch: 2.3.2 + picomatch: 4.0.4 arch@3.0.0: {} @@ -20583,8 +20550,6 @@ snapshots: bail@2.0.2: {} - balanced-match@1.0.2: {} - balanced-match@2.0.0: {} balanced-match@4.0.4: {} @@ -20645,15 +20610,6 @@ snapshots: moddle: 7.2.0 moddle-xml: 11.0.0(moddle@7.2.0) - brace-expansion@1.1.14: - dependencies: - balanced-match: 1.0.2 - concat-map: 0.0.1 - - brace-expansion@2.1.0: - dependencies: - balanced-match: 1.0.2 - brace-expansion@5.0.5: dependencies: balanced-match: 4.0.4 @@ -20988,7 +20944,7 @@ snapshots: glob: 7.2.3 inquirer: 8.2.5 is-utf8: 0.2.1 - lodash: 4.17.21 + lodash: 4.18.1 minimist: 1.2.7 strip-bom: 4.0.0 strip-json-comments: 3.1.1 @@ -21003,8 +20959,6 @@ snapshots: compute-scroll-into-view@3.1.1: {} - concat-map@0.0.1: {} - confbox@0.1.8: {} config-chain@1.1.13: @@ -21586,7 +21540,7 @@ snapshots: interpret: 3.1.1 is-installed-globally: 1.0.0 json5: 2.2.3 - picomatch: 4.0.3 + picomatch: 4.0.4 prompts: 2.4.2 rechoir: 0.8.0 safe-regex: 2.1.1 @@ -22035,7 +21989,7 @@ snapshots: estraverse: 5.3.0 hasown: 2.0.2 jsx-ast-utils: 3.3.5 - minimatch: 3.1.5 + minimatch: 10.2.5 object.entries: 1.1.9 object.fromentries: 2.0.8 object.values: 1.2.1 @@ -22092,7 +22046,7 @@ snapshots: is-glob: 4.0.3 json-stable-stringify-without-jsonify: 1.0.1 lodash.merge: 4.6.2 - minimatch: 3.1.5 + minimatch: 10.2.5 natural-compare: 1.4.0 optionator: 0.9.4 optionalDependencies: @@ -22316,7 +22270,7 @@ snapshots: dependencies: chardet: 0.7.0 iconv-lite: 0.4.24 - tmp: 0.0.33 + tmp: 0.2.5 fast-content-type-parse@3.0.0: {} @@ -22396,7 +22350,7 @@ snapshots: filelist@1.0.4: dependencies: - minimatch: 5.1.9 + minimatch: 10.2.5 fill-range@7.1.1: dependencies: @@ -22685,7 +22639,7 @@ snapshots: fs.realpath: 1.0.0 inflight: 1.0.6 inherits: 2.0.4 - minimatch: 3.1.5 + minimatch: 10.2.5 once: 1.4.0 path-is-absolute: 1.0.1 @@ -23889,8 +23843,6 @@ snapshots: lodash.upperfirst@4.3.1: {} - lodash@4.17.21: {} - lodash@4.18.1: {} log-symbols@4.1.0: @@ -24597,7 +24549,7 @@ snapshots: micromatch@4.0.8: dependencies: braces: 3.0.3 - picomatch: 2.3.2 + picomatch: 4.0.4 mime-db@1.52.0: {} @@ -24627,14 +24579,6 @@ snapshots: dependencies: brace-expansion: 5.0.5 - minimatch@3.1.5: - dependencies: - brace-expansion: 1.1.14 - - minimatch@5.1.9: - dependencies: - brace-expansion: 2.1.0 - minimist@1.2.7: {} minimist@1.2.8: {} @@ -24786,7 +24730,7 @@ snapshots: '@swc/helpers': 0.5.15 baseline-browser-mapping: 2.10.8 caniuse-lite: 1.0.30001786 - postcss: 8.4.31 + postcss: 8.5.14 react: 19.2.3 react-dom: 19.2.3(react@19.2.3) styled-jsx: 5.1.6(@babel/core@7.28.5)(babel-plugin-macros@3.1.0)(react@19.2.3) @@ -25110,8 +25054,6 @@ snapshots: orderedmap@2.1.1: {} - os-tmpdir@1.0.2: {} - outvariant@1.4.3: {} own-keys@1.0.1: @@ -25349,10 +25291,6 @@ snapshots: picocolors@1.1.1: {} - picomatch@2.3.2: {} - - picomatch@4.0.3: {} - picomatch@4.0.4: {} picoquery@2.5.0: {} @@ -25600,12 +25538,6 @@ snapshots: postcss-value-parser@4.2.0: {} - postcss@8.4.31: - dependencies: - nanoid: 3.3.11 - picocolors: 1.1.1 - source-map-js: 1.2.1 - postcss@8.5.14: dependencies: nanoid: 3.3.11 @@ -26226,11 +26158,11 @@ snapshots: readdirp@3.5.0: dependencies: - picomatch: 2.3.2 + picomatch: 4.0.4 readdirp@3.6.0: dependencies: - picomatch: 2.3.2 + picomatch: 4.0.4 reading-time@1.5.0: {} @@ -27638,7 +27570,7 @@ snapshots: tmcp@1.19.2(typescript@5.9.3): dependencies: - '@standard-schema/spec': 1.0.0 + '@standard-schema/spec': 1.1.0 json-rpc-2.0: 1.7.1 sqids: 0.3.0 uri-template-matcher: 1.1.2 @@ -27646,9 +27578,7 @@ snapshots: transitivePeerDependencies: - typescript - tmp@0.0.33: - dependencies: - os-tmpdir: 1.0.2 + tmp@0.2.5: {} to-regex-range@5.0.1: dependencies: diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index d05787bb0..fbc5f3b56 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -10,33 +10,53 @@ strictPeerDependencies: false # Supply-chain hardening # 14-day quarantine on newly-published packages (minutes; 14d × 1440) minimumReleaseAge: 20160 -# pnpm 11.0.4 made ERR_PNPM_MISSING_TIME a hard error when registry metadata lacks the `time` -# field (pnpm/pnpm#11238, unfixed). Setting false restores pnpm 10 behaviour: missing-time -# packages are warned and skipped rather than failing the install. -minimumReleaseAgeStrict: false # Exempt packages whose latest release is too new to satisfy the quarantine. # The weekly `prune-release-age-exemptions` workflow auto-PRs removal of entries once aged. # # Format: - 'pkg' # # The version is required — the prune script uses it to decide when to remove the entry. +# FIXME: Until https://github.com/pnpm/pnpm/issues/11238 is fixed we need the additional exclusions minimumReleaseAgeExclude: - - '@uipath/*' # permanent — own scope, always installable immediately - - 'postcss' # 8.5.14 — security override in pnpm.overrides - - 'mermaid' # 11.15.0 — GHSA-v2wj-7wpq-c8vv backport patch - - 'next' # 16.2.6 — locked version too new - - '@next/swc-darwin-arm64' # 16.2.6 — co-published with next, optional platform binary - - '@next/swc-darwin-x64' # 16.2.6 — co-published with next, optional platform binary - - '@next/swc-linux-arm64-gnu' # 16.2.6 — co-published with next, optional platform binary - - '@next/swc-linux-arm64-musl' # 16.2.6 — co-published with next, optional platform binary - - '@next/swc-linux-x64-gnu' # 16.2.6 — co-published with next, optional platform binary - - '@next/swc-linux-x64-musl' # 16.2.6 — co-published with next, optional platform binary - - '@next/swc-win32-arm64-msvc' # 16.2.6 — co-published with next, optional platform binary - - '@next/swc-win32-x64-msvc' # 16.2.6 — co-published with next, optional platform binary - - 'fs-extra' # 11.3.5 — locked version too new - - '@babel/parser' # 7.29.3 — locked version too new + - '@uipath/*' # permanent — own scope, always installable immediately + - '@mui/system' # no time information, pnpm seems to ignore the minimumReleaseAgeIgnoreMissingTime #11238 + - 'eslint' # no time information, pnpm seems to ignore the minimumReleaseAgeIgnoreMissingTime #11238 + - '@microsoft/*' # no time information, pnpm seems to ignore the minimumReleaseAgeIgnoreMissingTime #11238 + - '@stencil/core' # no time information, pnpm seems to ignore the minimumReleaseAgeIgnoreMissingTime #11238 + - 'lexical' # no time information, pnpm seems to ignore the minimumReleaseAgeIgnoreMissingTime #11238 + - '@lexical/*' # no time information, pnpm seems to ignore the minimumReleaseAgeIgnoreMissingTime #11238 + - '@fluentui/react-focus' # no time information, pnpm seems to ignore the minimumReleaseAgeIgnoreMissingTime #11238 + - 'intl-messageformat' # no time information, pnpm seems to ignore the minimumReleaseAgeIgnoreMissingTime #11238 + - '@formatjs/*' # no time information, pnpm seems to ignore the minimumReleaseAgeIgnoreMissingTime #11238 + - 'postcss' # 8.5.14 — security override in pnpm.overrides + - 'mermaid' # 11.15.0 — GHSA-v2wj-7wpq-c8vv backport patch + - 'next' # 16.2.6 — locked version too new + - '@next/swc-darwin-arm64' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-darwin-x64' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-linux-arm64-gnu' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-linux-arm64-musl' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-linux-x64-gnu' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-linux-x64-musl' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-win32-arm64-msvc' # 16.2.6 — co-published with next, optional platform binary + - '@next/swc-win32-x64-msvc' # 16.2.6 — co-published with next, optional platform binary + - 'fs-extra' # 11.3.5 — locked version too new + - '@babel/parser' # 7.29.3 — locked version too new # Refuse transitive git/tarball deps (pnpm 11 default; kept explicit for clarity) blockExoticSubdeps: true +# Dependency version overrides (moved from package.json#pnpm — pnpm 11 ignores that field, pnpm/pnpm#11536) +overrides: + minimatch: "^10.2.5" + lodash: "^4.18.1" + tmp: "^0.2.5" + picomatch: ">=4.0.4" + postcss: "^8.5.14" + +# packageExtensions (moved from package.json#pnpm for the same reason) +packageExtensions: + "@tanstack/ai": + dependencies: + "@standard-schema/spec": "^1.1.0" + # dompurify XSS - FIXME: no patch available yet auditConfig: ignoreGhsas: diff --git a/scripts/publish-dev.ts b/scripts/publish-dev.ts index 7fa61e5b0..16a7e916d 100644 --- a/scripts/publish-dev.ts +++ b/scripts/publish-dev.ts @@ -123,7 +123,7 @@ function main() { ); console.log('✓ Published to npm'); - // Publish to GitHub Package Registry — explicitly clear npm token so it cannot leak into GHP's registry call + // Publish to GitHub Package Registry — clear npm.org token, keep GH token for .npmrc auth console.log('\n📦 Publishing to GitHub Package Registry...'); execFileSync( 'pnpm', @@ -137,9 +137,9 @@ function main() { stdio: 'inherit', env: { ...process.env, - NPM_AUTH_TOKEN: ghToken, + NPM_AUTH_TOKEN: '', NODE_AUTH_TOKEN: ghToken, - GH_NPM_REGISTRY_TOKEN: '', + GH_NPM_REGISTRY_TOKEN: ghToken, }, } );