From 24fc3e3369cca50eea0f5b167d46e69083326732 Mon Sep 17 00:00:00 2001 From: Alex Babeanu Date: Wed, 11 Mar 2026 15:04:39 -0700 Subject: [PATCH 01/28] Finalizing 1st draft for obligations --- api/authorization-api-1_0.md | 105 ++++++++++++++++++++++++++++++----- 1 file changed, 90 insertions(+), 15 deletions(-) diff --git a/api/authorization-api-1_0.md b/api/authorization-api-1_0.md index 945894e..e191601 100644 --- a/api/authorization-api-1_0.md +++ b/api/authorization-api-1_0.md @@ -350,12 +350,101 @@ In addition to a `decision`, a response MAY contain a `context` field which cont Examples include, but are not limited to: - Reason(s) a decision was made, -- "Advices" and/or "Obligations" tied to the access decision, +- "Obligations" tied to the access decision, - Hints for rendering UI state, - Instructions for step-up authentication, - Environmental information, - etc. +#### Obligation context field +OPTIONAL - Obligations are a set of operations that the PEP MUST perform in conjunction with an authorization decision. They serve as mandatory instructions that extend the simple "Permit" or "Deny" outcome. + +The PEP is responsible for implementing and enforcing the obligations received with an authorization decision. If the PEP fails to fulfill an obligation that was part of a Permit decision, it must then deny access to the requested resource. This ensures that the stipulated actions are indeed carried out. + +Common Use Cases: +- _Logging and Accountability_: Recording access attempts, especially for sensitive data (e.g., logging that a doctor accessed a patient's medical record under emergency conditions). + +- _Notifications_: Triggering alerts or sending emails (e.g., notifying a manager if an unauthorized access attempt occurs). + +- _Multi-Factor Authentication/Trust Elevation_: Redirecting a user to an additional authentication step after an initial decision (e.g., requiring a higher assurance authentication method). + +- _"Break-the-Glass" Scenarios_: Allowing override of a denial under specific, monitored circumstances, with an obligation to log the override. + +- _Data Transformation_ : Watermarking a document before it is returned to the user. + +When used, the `obligations` context field MUST be an array of JSON objects. Each obligation MUST be uniquely identified within the object array by an identifier, which can then be used by the PEP to refer the the obligation in logs for example. The obligation Ids are implementation-specific strings or identifiers. + +If an obligation object is provided in the PDP response, then the PEP MUST understand and perform all associated obligations. + +The following non-normative example depicts a decision response with a single context obligation to notify a manager about a denied attempt, identified here using URI identifers: + +~~~ json +{ + "decision": false, + "context": { + "obligations": [ + { + "id": "urn:example:obligation:notifyManager", + "emailNotification": [ + { + "attributeId": "urn:example:attribute:managerEmail", + "value": "manager@example.com", + "dataType": "string" + }, + { + "attributeId": "urn:example:attribute:deniedUser", + "value": "bob.jones", + "dataType": "string" + }, + { + "attributeId": "urn:example:attribute:reasonForDenial", + "value": "InsufficientPrivileges", + "dataType": "string" + } + ] + } + ] + } +} + +~~~ +{: #properties-example title="Non-normative Example obligation requiring an Email notification"} + +The following non-normative example depicts a decision response with two obligations, requiring the PEP to seek the specified `acr` and `amr` claim values for the user's `access_token` (in-effect requesting a higher level of assurance for the user's authentication; i.e., a step-up authentication), and also to email a manager about the access attempt: + +~~~ json +{ + "decision": false, + "context": { + "obligations": [ + { + "id": "OBL-01", + "step-up": { + "acr_values": "urn:com:example:loa:3", + "amr_values": "mfa hwk" + "reason_user": { + "en-403": "Insufficient privileges. Contact your administrator", + "es-403": "Privilegios insuficientes. Póngase en contacto con su administrador" + } + } + }, + { + "id": "OBL-02", + "action": { + "type": "email", + "parameters": { + "to": "manager@example.com", + "subject": "Insufficient Assurance Level in Access Request", + "body": "" + } + } + } + ] + } +} + +~~~ + ### Examples (non-normative) {#decision-examples} The following are all non-normative examples of possible and valid contexts, provided to illustrate possible usages. The actual semantics and format of the `context` object are an implementation concern and outside the scope of this specification. For example, implementations MAY use keys that correspond to concepts from other standards, such as HTTP status codes, to convey common reasons in an interoperable manner. @@ -398,20 +487,6 @@ In the following non-normative example, the PDP justifies its decision by includ ~~~ {: #response-with-environment-context-example title="Non-normative Example Response with Environment and Metadata Context"} -#### Non-normative Example 3: requesting step-up authentication -In the following non-normative example, the PDP requests a step-up authentication of the requesting subject, by signalling the required `acr` and `amr` access token claim values it expects to see in order to approve the request: - -~~~ json -{ - "decision": false, - "context": { - "acr_values": "urn:com:example:loa:3", - "amr_values": "mfa hwk" - } -} -~~~ -{: #response-with-step-up-example title="Non-normative Example Response with a step-up request Context"} - # Access Evaluation API {#access-evaluation-api} The Access Evaluation API defines the message exchange pattern between a PEP and a PDP for executing a single access evaluation. From d353a6df854a22dbcb648f04152180f86bf1da64 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Feb 2026 18:06:47 +0000 Subject: [PATCH 02/28] chore(deps): bump axios in /interop/authzen-api-gateways/zuplo-gateway Bumps [axios](https://github.com/axios/axios) from 1.12.1 to 1.13.5. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v1.12.1...v1.13.5) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- .../zuplo-gateway/yarn.lock | 27 ++++++++++--------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock index 6e5e3bb..2fe3268 100644 --- a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock +++ b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock @@ -1347,12 +1347,12 @@ avvio@^8.3.0: fastq "^1.17.1" axios@^1.6.2: - version "1.12.1" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.12.1.tgz#0747b39c5b615f81f93f2c138e6d82a71426937f" - integrity sha512-Kn4kbSXpkFHCGE6rBFNwIv0GQs4AvDT80jlveJDKFxjbTYMUeB4QtsdPCv6H8Cm19Je7IU6VFtRl2zWZI0rudQ== + version "1.13.5" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.13.5.tgz#5e464688fa127e11a660a2c49441c009f6567a43" + integrity sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q== dependencies: - follow-redirects "^1.15.6" - form-data "^4.0.4" + follow-redirects "^1.15.11" + form-data "^4.0.5" proxy-from-env "^1.1.0" balanced-match@^1.0.0: @@ -1877,10 +1877,10 @@ find-my-way@^8.0.0: fast-querystring "^1.0.0" safe-regex2 "^3.1.0" -follow-redirects@^1.15.6: - version "1.15.9" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.9.tgz#a604fa10e443bf98ca94228d9eebcc2e8a2c8ee1" - integrity sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ== +follow-redirects@^1.15.11: + version "1.15.11" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.11.tgz#777d73d72a92f8ec4d2e410eb47352a56b8e8340" + integrity sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ== foreground-child@^3.1.0: version "3.3.0" @@ -1889,10 +1889,11 @@ foreground-child@^3.1.0: dependencies: cross-spawn "^7.0.0" signal-exit "^4.0.1" -form-data@^4.0.4: - version "4.0.4" - resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.4.tgz#784cdcce0669a9d68e94d11ac4eea98088edd2c4" - integrity sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow== + +form-data@^4.0.5: + version "4.0.5" + resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.5.tgz#b49e48858045ff4cbf6b03e1805cebcad3679053" + integrity sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w== dependencies: asynckit "^0.4.0" combined-stream "^1.0.8" From bc8ac8dab94601c64e21dfb8819564fcbfe15727 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Feb 2026 17:54:41 +0000 Subject: [PATCH 03/28] chore(deps): bump axios in /interop/authzen-search-demo/test Bumps [axios](https://github.com/axios/axios) from 1.12.0 to 1.13.5. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v1.12.0...v1.13.5) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- interop/authzen-search-demo/test/package.json | 2 +- interop/authzen-search-demo/test/yarn.lock | 28 +++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/interop/authzen-search-demo/test/package.json b/interop/authzen-search-demo/test/package.json index d804745..a0a6240 100644 --- a/interop/authzen-search-demo/test/package.json +++ b/interop/authzen-search-demo/test/package.json @@ -14,7 +14,7 @@ "author": "David Brossard ", "license": "MIT", "dependencies": { - "axios": "^1.12.0", + "axios": "^1.13.5", "cli-color": "^2.0.4", "node-fetch": "^3.3.2" }, diff --git a/interop/authzen-search-demo/test/yarn.lock b/interop/authzen-search-demo/test/yarn.lock index d946e19..f97d1fa 100644 --- a/interop/authzen-search-demo/test/yarn.lock +++ b/interop/authzen-search-demo/test/yarn.lock @@ -294,13 +294,13 @@ asynckit@^0.4.0: resolved "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz" integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q== -axios@*, axios@^1.12.0: - version "1.12.0" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.12.0.tgz#11248459be05a5ee493485628fa0e4323d0abfc3" - integrity sha512-oXTDccv8PcfjZmPGlWsPSwtOJCZ/b6W5jAMCNcfwJbCzDckwG0jrYJFaWH1yvivfCXjVzV/SPDEhMB3Q+DSurg== +axios@*, axios@^1.13.5: + version "1.13.5" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.13.5.tgz#5e464688fa127e11a660a2c49441c009f6567a43" + integrity sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q== dependencies: - follow-redirects "^1.15.6" - form-data "^4.0.4" + follow-redirects "^1.15.11" + form-data "^4.0.5" proxy-from-env "^1.1.0" balanced-match@^1.0.0: @@ -725,15 +725,15 @@ flatted@^3.2.9: resolved "https://registry.npmjs.org/flatted/-/flatted-3.3.2.tgz" integrity sha512-AiwGJM8YcNOaobumgtng+6NHuOqC3A7MixFeDafM3X9cIUM+xUXoS5Vfgf+OihAYe20fxqNM9yPBXJzRtZ/4eA== -follow-redirects@^1.15.6: - version "1.15.9" - resolved "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz" - integrity sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ== +follow-redirects@^1.15.11: + version "1.15.11" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.11.tgz#777d73d72a92f8ec4d2e410eb47352a56b8e8340" + integrity sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ== -form-data@^4.0.4: - version "4.0.4" - resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.4.tgz#784cdcce0669a9d68e94d11ac4eea98088edd2c4" - integrity sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow== +form-data@^4.0.5: + version "4.0.5" + resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.5.tgz#b49e48858045ff4cbf6b03e1805cebcad3679053" + integrity sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w== dependencies: asynckit "^0.4.0" combined-stream "^1.0.8" From a73e362faf40248ef9021416df779c2b80dd2707 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Nov 2025 08:25:44 +0000 Subject: [PATCH 04/28] chore(deps): bump js-yaml in /interop/authzen-api-gateways/test-harness Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- interop/authzen-api-gateways/test-harness/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-api-gateways/test-harness/yarn.lock b/interop/authzen-api-gateways/test-harness/yarn.lock index 7b76d56..c443094 100644 --- a/interop/authzen-api-gateways/test-harness/yarn.lock +++ b/interop/authzen-api-gateways/test-harness/yarn.lock @@ -779,9 +779,9 @@ isexe@^2.0.0: integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw== js-yaml@^4.1.0: - version "4.1.0" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" - integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== + version "4.1.1" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.1.tgz#854c292467705b699476e1a2decc0c8a3458806b" + integrity sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA== dependencies: argparse "^2.0.1" From 9c64696ae07a964cc6595ebb4466c44a57b75e2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Nov 2025 01:12:55 +0000 Subject: [PATCH 05/28] chore(deps): bump node-forge in /interop/authzen-interop-website Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2. - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- interop/authzen-interop-website/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-interop-website/yarn.lock b/interop/authzen-interop-website/yarn.lock index 931e28c..0e052bb 100644 --- a/interop/authzen-interop-website/yarn.lock +++ b/interop/authzen-interop-website/yarn.lock @@ -6082,9 +6082,9 @@ node-emoji@^2.1.0: skin-tone "^2.0.0" node-forge@^1: - version "1.3.1" - resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.1.tgz#be8da2af243b2417d5f646a770663a92b7e9ded3" - integrity sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA== + version "1.3.2" + resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.2.tgz#d0d2659a26eef778bf84d73e7f55c08144ee7750" + integrity sha512-6xKiQ+cph9KImrRh0VsjH2d8/GXA4FIMlgU4B757iI1ApvcyA9VlouP0yZJha01V+huImO+kKMU7ih+2+E14fw== node-releases@^2.0.14: version "2.0.14" From 61dccf13c7848f8adf6581f9bb47e572d28a4bbb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 03:21:35 +0000 Subject: [PATCH 06/28] chore(deps): bump mdast-util-to-hast in /interop/authzen-interop-website Bumps [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) from 13.1.0 to 13.2.1. - [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases) - [Commits](https://github.com/syntax-tree/mdast-util-to-hast/compare/13.1.0...13.2.1) --- updated-dependencies: - dependency-name: mdast-util-to-hast dependency-version: 13.2.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- interop/authzen-interop-website/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-interop-website/yarn.lock b/interop/authzen-interop-website/yarn.lock index 0e052bb..c4e2a51 100644 --- a/interop/authzen-interop-website/yarn.lock +++ b/interop/authzen-interop-website/yarn.lock @@ -5455,9 +5455,9 @@ mdast-util-phrasing@^4.0.0: unist-util-is "^6.0.0" mdast-util-to-hast@^13.0.0: - version "13.1.0" - resolved "https://registry.yarnpkg.com/mdast-util-to-hast/-/mdast-util-to-hast-13.1.0.tgz#1ae54d903150a10fe04d59f03b2b95fd210b2124" - integrity sha512-/e2l/6+OdGp/FB+ctrJ9Avz71AN/GRH3oi/3KAx/kMnoUsD6q0woXlDT8lLEeViVKE7oZxE7RXzvO3T8kF2/sA== + version "13.2.1" + resolved "https://registry.yarnpkg.com/mdast-util-to-hast/-/mdast-util-to-hast-13.2.1.tgz#d7ff84ca499a57e2c060ae67548ad950e689a053" + integrity sha512-cctsq2wp5vTsLIcaymblUriiTcZd0CwWtCbLvrOzYCDZoWyMNV8sZ7krj09FSnsiJi3WVsHLM4k6Dq/yaPyCXA== dependencies: "@types/hast" "^3.0.0" "@types/mdast" "^4.0.0" From d01b82f835afd2e5be5e4dcc88f7093cab56f886 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:00:17 +0000 Subject: [PATCH 07/28] chore(deps): bump webpack in /interop/authzen-interop-website (#430) Bumps [webpack](https://github.com/webpack/webpack) from 5.94.0 to 5.105.0. - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](https://github.com/webpack/webpack/compare/v5.94.0...v5.105.0) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.105.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-interop-website/yarn.lock | 420 ++++++++++++++-------- 1 file changed, 269 insertions(+), 151 deletions(-) diff --git a/interop/authzen-interop-website/yarn.lock b/interop/authzen-interop-website/yarn.lock index c4e2a51..4de9fd2 100644 --- a/interop/authzen-interop-website/yarn.lock +++ b/interop/authzen-interop-website/yarn.lock @@ -2054,6 +2054,22 @@ dependencies: "@types/ms" "*" +"@types/eslint-scope@^3.7.7": + version "3.7.7" + resolved "https://registry.yarnpkg.com/@types/eslint-scope/-/eslint-scope-3.7.7.tgz#3108bd5f18b0cdb277c867b3dd449c9ed7079ac5" + integrity sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg== + dependencies: + "@types/eslint" "*" + "@types/estree" "*" + +"@types/eslint@*": + version "9.6.1" + resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-9.6.1.tgz#d5795ad732ce81715f27f75da913004a56751584" + integrity sha512-FXx2pKgId/WyYo2jXw63kk7/+TY7u7AziEJxJAnSFzHlqTAS3Ync6SvgYAN/k4/PQpnnVuzoMuVnByKK2qp0ag== + dependencies: + "@types/estree" "*" + "@types/json-schema" "*" + "@types/estree-jsx@^1.0.0": version "1.0.5" resolved "https://registry.yarnpkg.com/@types/estree-jsx/-/estree-jsx-1.0.5.tgz#858a88ea20f34fe65111f005a689fa1ebf70dc18" @@ -2061,11 +2077,16 @@ dependencies: "@types/estree" "*" -"@types/estree@*", "@types/estree@^1.0.0", "@types/estree@^1.0.5": +"@types/estree@*", "@types/estree@^1.0.0": version "1.0.5" resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.5.tgz#a6ce3e556e00fd9895dd872dd172ad0d4bd687f4" integrity sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw== +"@types/estree@^1.0.8": + version "1.0.8" + resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.8.tgz#958b91c991b1867ced318bedea0e215ee050726e" + integrity sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w== + "@types/express-serve-static-core@*", "@types/express-serve-static-core@^4.17.33": version "4.17.43" resolved "https://registry.yarnpkg.com/@types/express-serve-static-core/-/express-serve-static-core-4.17.43.tgz#10d8444be560cb789c4735aea5eac6e5af45df54" @@ -2144,7 +2165,7 @@ dependencies: "@types/istanbul-lib-report" "*" -"@types/json-schema@^7.0.4", "@types/json-schema@^7.0.5", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9": +"@types/json-schema@*", "@types/json-schema@^7.0.15", "@types/json-schema@^7.0.4", "@types/json-schema@^7.0.5", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9": version "7.0.15" resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.15.tgz#596a1747233694d50f6ad8a7869fcb6f56cf5841" integrity sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA== @@ -2337,125 +2358,125 @@ resolved "https://registry.yarnpkg.com/@ungap/structured-clone/-/structured-clone-1.2.0.tgz#756641adb587851b5ccb3e095daf27ae581c8406" integrity sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ== -"@webassemblyjs/ast@1.12.1", "@webassemblyjs/ast@^1.12.1": - version "1.12.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.12.1.tgz#bb16a0e8b1914f979f45864c23819cc3e3f0d4bb" - integrity sha512-EKfMUOPRRUTy5UII4qJDGPpqfwjOmZ5jeGFwid9mnoqIFK+e0vqoi1qH56JpmZSzEL53jKnNzScdmftJyG5xWg== +"@webassemblyjs/ast@1.14.1", "@webassemblyjs/ast@^1.14.1": + version "1.14.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.14.1.tgz#a9f6a07f2b03c95c8d38c4536a1fdfb521ff55b6" + integrity sha512-nuBEDgQfm1ccRp/8bCQrx1frohyufl4JlbMMZ4P1wpeOfDhF6FQkxZJ1b/e+PLwr6X1Nhw6OLme5usuBWYBvuQ== dependencies: - "@webassemblyjs/helper-numbers" "1.11.6" - "@webassemblyjs/helper-wasm-bytecode" "1.11.6" + "@webassemblyjs/helper-numbers" "1.13.2" + "@webassemblyjs/helper-wasm-bytecode" "1.13.2" -"@webassemblyjs/floating-point-hex-parser@1.11.6": - version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.11.6.tgz#dacbcb95aff135c8260f77fa3b4c5fea600a6431" - integrity sha512-ejAj9hfRJ2XMsNHk/v6Fu2dGS+i4UaXBXGemOfQ/JfQ6mdQg/WXtwleQRLLS4OvfDhv8rYnVwH27YJLMyYsxhw== +"@webassemblyjs/floating-point-hex-parser@1.13.2": + version "1.13.2" + resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.13.2.tgz#fcca1eeddb1cc4e7b6eed4fc7956d6813b21b9fb" + integrity sha512-6oXyTOzbKxGH4steLbLNOu71Oj+C8Lg34n6CqRvqfS2O71BxY6ByfMDRhBytzknj9yGUPVJ1qIKhRlAwO1AovA== -"@webassemblyjs/helper-api-error@1.11.6": - version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.11.6.tgz#6132f68c4acd59dcd141c44b18cbebbd9f2fa768" - integrity sha512-o0YkoP4pVu4rN8aTJgAyj9hC2Sv5UlkzCHhxqWj8butaLvnpdc2jOwh4ewE6CX0txSfLn/UYaV/pheS2Txg//Q== +"@webassemblyjs/helper-api-error@1.13.2": + version "1.13.2" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.13.2.tgz#e0a16152248bc38daee76dd7e21f15c5ef3ab1e7" + integrity sha512-U56GMYxy4ZQCbDZd6JuvvNV/WFildOjsaWD3Tzzvmw/mas3cXzRJPMjP83JqEsgSbyrmaGjBfDtV7KDXV9UzFQ== -"@webassemblyjs/helper-buffer@1.12.1": - version "1.12.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.12.1.tgz#6df20d272ea5439bf20ab3492b7fb70e9bfcb3f6" - integrity sha512-nzJwQw99DNDKr9BVCOZcLuJJUlqkJh+kVzVl6Fmq/tI5ZtEyWT1KZMyOXltXLZJmDtvLCDgwsyrkohEtopTXCw== +"@webassemblyjs/helper-buffer@1.14.1": + version "1.14.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.14.1.tgz#822a9bc603166531f7d5df84e67b5bf99b72b96b" + integrity sha512-jyH7wtcHiKssDtFPRB+iQdxlDf96m0E39yb0k5uJVhFGleZFoNw1c4aeIcVUPPbXUVJ94wwnMOAqUHyzoEPVMA== -"@webassemblyjs/helper-numbers@1.11.6": - version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.11.6.tgz#cbce5e7e0c1bd32cf4905ae444ef64cea919f1b5" - integrity sha512-vUIhZ8LZoIWHBohiEObxVm6hwP034jwmc9kuq5GdHZH0wiLVLIPcMCdpJzG4C11cHoQ25TFIQj9kaVADVX7N3g== +"@webassemblyjs/helper-numbers@1.13.2": + version "1.13.2" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.13.2.tgz#dbd932548e7119f4b8a7877fd5a8d20e63490b2d" + integrity sha512-FE8aCmS5Q6eQYcV3gI35O4J789wlQA+7JrqTTpJqn5emA4U2hvwJmvFRC0HODS+3Ye6WioDklgd6scJ3+PLnEA== dependencies: - "@webassemblyjs/floating-point-hex-parser" "1.11.6" - "@webassemblyjs/helper-api-error" "1.11.6" + "@webassemblyjs/floating-point-hex-parser" "1.13.2" + "@webassemblyjs/helper-api-error" "1.13.2" "@xtuc/long" "4.2.2" -"@webassemblyjs/helper-wasm-bytecode@1.11.6": - version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.11.6.tgz#bb2ebdb3b83aa26d9baad4c46d4315283acd51e9" - integrity sha512-sFFHKwcmBprO9e7Icf0+gddyWYDViL8bpPjJJl0WHxCdETktXdmtWLGVzoHbqUcY4Be1LkNfwTmXOJUFZYSJdA== +"@webassemblyjs/helper-wasm-bytecode@1.13.2": + version "1.13.2" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.13.2.tgz#e556108758f448aae84c850e593ce18a0eb31e0b" + integrity sha512-3QbLKy93F0EAIXLh0ogEVR6rOubA9AoZ+WRYhNbFyuB70j3dRdwH9g+qXhLAO0kiYGlg3TxDV+I4rQTr/YNXkA== -"@webassemblyjs/helper-wasm-section@1.12.1": - version "1.12.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.12.1.tgz#3da623233ae1a60409b509a52ade9bc22a37f7bf" - integrity sha512-Jif4vfB6FJlUlSbgEMHUyk1j234GTNG9dBJ4XJdOySoj518Xj0oGsNi59cUQF4RRMS9ouBUxDDdyBVfPTypa5g== +"@webassemblyjs/helper-wasm-section@1.14.1": + version "1.14.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.14.1.tgz#9629dda9c4430eab54b591053d6dc6f3ba050348" + integrity sha512-ds5mXEqTJ6oxRoqjhWDU83OgzAYjwsCV8Lo/N+oRsNDmx/ZDpqalmrtgOMkHwxsG0iI//3BwWAErYRHtgn0dZw== dependencies: - "@webassemblyjs/ast" "1.12.1" - "@webassemblyjs/helper-buffer" "1.12.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.6" - "@webassemblyjs/wasm-gen" "1.12.1" + "@webassemblyjs/ast" "1.14.1" + "@webassemblyjs/helper-buffer" "1.14.1" + "@webassemblyjs/helper-wasm-bytecode" "1.13.2" + "@webassemblyjs/wasm-gen" "1.14.1" -"@webassemblyjs/ieee754@1.11.6": - version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.11.6.tgz#bb665c91d0b14fffceb0e38298c329af043c6e3a" - integrity sha512-LM4p2csPNvbij6U1f19v6WR56QZ8JcHg3QIJTlSwzFcmx6WSORicYj6I63f9yU1kEUtrpG+kjkiIAkevHpDXrg== +"@webassemblyjs/ieee754@1.13.2": + version "1.13.2" + resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.13.2.tgz#1c5eaace1d606ada2c7fd7045ea9356c59ee0dba" + integrity sha512-4LtOzh58S/5lX4ITKxnAK2USuNEvpdVV9AlgGQb8rJDHaLeHciwG4zlGr0j/SNWlr7x3vO1lDEsuePvtcDNCkw== dependencies: "@xtuc/ieee754" "^1.2.0" -"@webassemblyjs/leb128@1.11.6": - version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.11.6.tgz#70e60e5e82f9ac81118bc25381a0b283893240d7" - integrity sha512-m7a0FhE67DQXgouf1tbN5XQcdWoNgaAuoULHIfGFIEVKA6tu/edls6XnIlkmS6FrXAquJRPni3ZZKjw6FSPjPQ== +"@webassemblyjs/leb128@1.13.2": + version "1.13.2" + resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.13.2.tgz#57c5c3deb0105d02ce25fa3fd74f4ebc9fd0bbb0" + integrity sha512-Lde1oNoIdzVzdkNEAWZ1dZ5orIbff80YPdHx20mrHwHrVNNTjNr8E3xz9BdpcGqRQbAEa+fkrCb+fRFTl/6sQw== dependencies: "@xtuc/long" "4.2.2" -"@webassemblyjs/utf8@1.11.6": - version "1.11.6" - resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.11.6.tgz#90f8bc34c561595fe156603be7253cdbcd0fab5a" - integrity sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA== - -"@webassemblyjs/wasm-edit@^1.12.1": - version "1.12.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.12.1.tgz#9f9f3ff52a14c980939be0ef9d5df9ebc678ae3b" - integrity sha512-1DuwbVvADvS5mGnXbE+c9NfA8QRcZ6iKquqjjmR10k6o+zzsRVesil54DKexiowcFCPdr/Q0qaMgB01+SQ1u6g== - dependencies: - "@webassemblyjs/ast" "1.12.1" - "@webassemblyjs/helper-buffer" "1.12.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.6" - "@webassemblyjs/helper-wasm-section" "1.12.1" - "@webassemblyjs/wasm-gen" "1.12.1" - "@webassemblyjs/wasm-opt" "1.12.1" - "@webassemblyjs/wasm-parser" "1.12.1" - "@webassemblyjs/wast-printer" "1.12.1" - -"@webassemblyjs/wasm-gen@1.12.1": - version "1.12.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.12.1.tgz#a6520601da1b5700448273666a71ad0a45d78547" - integrity sha512-TDq4Ojh9fcohAw6OIMXqiIcTq5KUXTGRkVxbSo1hQnSy6lAM5GSdfwWeSxpAo0YzgsgF182E/U0mDNhuA0tW7w== - dependencies: - "@webassemblyjs/ast" "1.12.1" - "@webassemblyjs/helper-wasm-bytecode" "1.11.6" - "@webassemblyjs/ieee754" "1.11.6" - "@webassemblyjs/leb128" "1.11.6" - "@webassemblyjs/utf8" "1.11.6" - -"@webassemblyjs/wasm-opt@1.12.1": - version "1.12.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.12.1.tgz#9e6e81475dfcfb62dab574ac2dda38226c232bc5" - integrity sha512-Jg99j/2gG2iaz3hijw857AVYekZe2SAskcqlWIZXjji5WStnOpVoat3gQfT/Q5tb2djnCjBtMocY/Su1GfxPBg== - dependencies: - "@webassemblyjs/ast" "1.12.1" - "@webassemblyjs/helper-buffer" "1.12.1" - "@webassemblyjs/wasm-gen" "1.12.1" - "@webassemblyjs/wasm-parser" "1.12.1" - -"@webassemblyjs/wasm-parser@1.12.1", "@webassemblyjs/wasm-parser@^1.12.1": - version "1.12.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.12.1.tgz#c47acb90e6f083391e3fa61d113650eea1e95937" - integrity sha512-xikIi7c2FHXysxXe3COrVUPSheuBtpcfhbpFj4gmu7KRLYOzANztwUU0IbsqvMqzuNK2+glRGWCEqZo1WCLyAQ== - dependencies: - "@webassemblyjs/ast" "1.12.1" - "@webassemblyjs/helper-api-error" "1.11.6" - "@webassemblyjs/helper-wasm-bytecode" "1.11.6" - "@webassemblyjs/ieee754" "1.11.6" - "@webassemblyjs/leb128" "1.11.6" - "@webassemblyjs/utf8" "1.11.6" - -"@webassemblyjs/wast-printer@1.12.1": - version "1.12.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.12.1.tgz#bcecf661d7d1abdaf989d8341a4833e33e2b31ac" - integrity sha512-+X4WAlOisVWQMikjbcvY2e0rwPsKQ9F688lksZhBcPycBBuii3O7m8FACbDMWDojpAqvjIncrG8J0XHKyQfVeA== - dependencies: - "@webassemblyjs/ast" "1.12.1" +"@webassemblyjs/utf8@1.13.2": + version "1.13.2" + resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.13.2.tgz#917a20e93f71ad5602966c2d685ae0c6c21f60f1" + integrity sha512-3NQWGjKTASY1xV5m7Hr0iPeXD9+RDobLll3T9d2AO+g3my8xy5peVyjSag4I50mR1bBSN/Ct12lo+R9tJk0NZQ== + +"@webassemblyjs/wasm-edit@^1.14.1": + version "1.14.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.14.1.tgz#ac6689f502219b59198ddec42dcd496b1004d597" + integrity sha512-RNJUIQH/J8iA/1NzlE4N7KtyZNHi3w7at7hDjvRNm5rcUXa00z1vRz3glZoULfJ5mpvYhLybmVcwcjGrC1pRrQ== + dependencies: + "@webassemblyjs/ast" "1.14.1" + "@webassemblyjs/helper-buffer" "1.14.1" + "@webassemblyjs/helper-wasm-bytecode" "1.13.2" + "@webassemblyjs/helper-wasm-section" "1.14.1" + "@webassemblyjs/wasm-gen" "1.14.1" + "@webassemblyjs/wasm-opt" "1.14.1" + "@webassemblyjs/wasm-parser" "1.14.1" + "@webassemblyjs/wast-printer" "1.14.1" + +"@webassemblyjs/wasm-gen@1.14.1": + version "1.14.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.14.1.tgz#991e7f0c090cb0bb62bbac882076e3d219da9570" + integrity sha512-AmomSIjP8ZbfGQhumkNvgC33AY7qtMCXnN6bL2u2Js4gVCg8fp735aEiMSBbDR7UQIj90n4wKAFUSEd0QN2Ukg== + dependencies: + "@webassemblyjs/ast" "1.14.1" + "@webassemblyjs/helper-wasm-bytecode" "1.13.2" + "@webassemblyjs/ieee754" "1.13.2" + "@webassemblyjs/leb128" "1.13.2" + "@webassemblyjs/utf8" "1.13.2" + +"@webassemblyjs/wasm-opt@1.14.1": + version "1.14.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.14.1.tgz#e6f71ed7ccae46781c206017d3c14c50efa8106b" + integrity sha512-PTcKLUNvBqnY2U6E5bdOQcSM+oVP/PmrDY9NzowJjislEjwP/C4an2303MCVS2Mg9d3AJpIGdUFIQQWbPds0Sw== + dependencies: + "@webassemblyjs/ast" "1.14.1" + "@webassemblyjs/helper-buffer" "1.14.1" + "@webassemblyjs/wasm-gen" "1.14.1" + "@webassemblyjs/wasm-parser" "1.14.1" + +"@webassemblyjs/wasm-parser@1.14.1", "@webassemblyjs/wasm-parser@^1.14.1": + version "1.14.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.14.1.tgz#b3e13f1893605ca78b52c68e54cf6a865f90b9fb" + integrity sha512-JLBl+KZ0R5qB7mCnud/yyX08jWFw5MsoalJ1pQ4EdFlgj9VdXKGuENGsiCIjegI1W7p91rUlcB/LB5yRJKNTcQ== + dependencies: + "@webassemblyjs/ast" "1.14.1" + "@webassemblyjs/helper-api-error" "1.13.2" + "@webassemblyjs/helper-wasm-bytecode" "1.13.2" + "@webassemblyjs/ieee754" "1.13.2" + "@webassemblyjs/leb128" "1.13.2" + "@webassemblyjs/utf8" "1.13.2" + +"@webassemblyjs/wast-printer@1.14.1": + version "1.14.1" + resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.14.1.tgz#3bb3e9638a8ae5fdaf9610e7a06b4d9f9aa6fe07" + integrity sha512-kPSSXE6De1XOR820C90RIo2ogvZG+c3KiHzqUoO/F34Y2shGzesfqv7o57xrxovZJH/MetF5UjroJ/R/3isoiw== + dependencies: + "@webassemblyjs/ast" "1.14.1" "@xtuc/long" "4.2.2" "@xtuc/ieee754@^1.2.0": @@ -2476,10 +2497,10 @@ accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.8: mime-types "~2.1.34" negotiator "0.6.3" -acorn-import-attributes@^1.9.5: - version "1.9.5" - resolved "https://registry.yarnpkg.com/acorn-import-attributes/-/acorn-import-attributes-1.9.5.tgz#7eb1557b1ba05ef18b5ed0ec67591bfab04688ef" - integrity sha512-n02Vykv5uA3eHGM/Z2dQrcD56kL8TyDb2p1+0P83PClMnC/nc+anbQRhIOWnSq4Ke/KvDPrY3C9hDtC/A3eHnQ== +acorn-import-phases@^1.0.3: + version "1.0.4" + resolved "https://registry.yarnpkg.com/acorn-import-phases/-/acorn-import-phases-1.0.4.tgz#16eb850ba99a056cb7cbfe872ffb8972e18c8bd7" + integrity sha512-wKmbr/DDiIXzEOiWrTTUcDm24kQ2vGfZQvM2fwg2vXqR5uW6aapr7ObPtj1th32b9u90/Pf4AItvdTh42fBmVQ== acorn-jsx@^5.0.0: version "5.3.2" @@ -2491,11 +2512,16 @@ acorn-walk@^8.0.0: resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.3.2.tgz#7703af9415f1b6db9315d6895503862e231d34aa" integrity sha512-cjkyv4OtNCIeqhHrfS81QWXoCBPExR/J62oyEqepVw8WaQeSqpW2uhuLPh1m9eWhDuOo/jUXVTlifvesOWp/4A== -acorn@^8.0.0, acorn@^8.0.4, acorn@^8.7.1, acorn@^8.8.2: +acorn@^8.0.0, acorn@^8.0.4, acorn@^8.8.2: version "8.11.3" resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.11.3.tgz#71e0b14e13a4ec160724b38fb7b0f233b1b81d7a" integrity sha512-Y9rRfJG5jcKOE0CLisYbojUjIrIEE7AGMzA/Sm4BslANhbS+cDMpgBdcPT91oJ7OuJ9hYJBx59RjbhxVnrF8Xg== +acorn@^8.15.0: + version "8.15.0" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.15.0.tgz#a360898bc415edaac46c8241f6383975b930b816" + integrity sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg== + address@^1.0.1, address@^1.1.2: version "1.2.2" resolved "https://registry.yarnpkg.com/address/-/address-1.2.2.tgz#2b5248dac5485a6390532c6a517fda2e3faac89e" @@ -2722,6 +2748,11 @@ balanced-match@^1.0.0: resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee" integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== +baseline-browser-mapping@^2.9.0: + version "2.9.19" + resolved "https://registry.yarnpkg.com/baseline-browser-mapping/-/baseline-browser-mapping-2.9.19.tgz#3e508c43c46d961eb4d7d2e5b8d1dd0f9ee4f488" + integrity sha512-ipDqC8FrAl/76p2SSWKSI+H9tFwm7vYqXQrItCuiVPt26Km0jS+NzSsBWAaBusvSbQcfJG+JitdMm+wZAgTYqg== + batch@0.6.1: version "0.6.1" resolved "https://registry.yarnpkg.com/batch/-/batch-0.6.1.tgz#dc34314f4e679318093fc760272525f94bf25c16" @@ -2811,7 +2842,7 @@ braces@^3.0.3, braces@~3.0.2: dependencies: fill-range "^7.1.1" -browserslist@^4.0.0, browserslist@^4.18.1, browserslist@^4.21.10, browserslist@^4.21.4, browserslist@^4.22.2, browserslist@^4.22.3, browserslist@^4.23.0: +browserslist@^4.0.0, browserslist@^4.18.1, browserslist@^4.21.4, browserslist@^4.22.2, browserslist@^4.22.3, browserslist@^4.23.0: version "4.23.0" resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.23.0.tgz#8f3acc2bbe73af7213399430890f86c63a5674ab" integrity sha512-QW8HiM1shhT2GuzkvklfjcKDiWFXHOeFCIA/huJPwHsslwcydgk7X+z2zXpEijP98UCY7HbubZt5J2Zgvf0CaQ== @@ -2821,6 +2852,17 @@ browserslist@^4.0.0, browserslist@^4.18.1, browserslist@^4.21.10, browserslist@^ node-releases "^2.0.14" update-browserslist-db "^1.0.13" +browserslist@^4.28.1: + version "4.28.1" + resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.28.1.tgz#7f534594628c53c63101079e27e40de490456a95" + integrity sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA== + dependencies: + baseline-browser-mapping "^2.9.0" + caniuse-lite "^1.0.30001759" + electron-to-chromium "^1.5.263" + node-releases "^2.0.27" + update-browserslist-db "^1.2.0" + buffer-from@^1.0.0: version "1.1.2" resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.2.tgz#2b146a6fd72e80b4f55d255f35ed59a3a9a41bd5" @@ -2903,6 +2945,11 @@ caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001587, caniuse-lite@^1.0.30001591: resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001597.tgz#8be94a8c1d679de23b22fbd944232aa1321639e6" integrity sha512-7LjJvmQU6Sj7bL0j5b5WY/3n7utXUJvAe1lxhsHDbLmwX9mdL86Yjtr+5SRCyf8qME4M7pU2hswj0FpyBVCv9w== +caniuse-lite@^1.0.30001759: + version "1.0.30001769" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001769.tgz#1ad91594fad7dc233777c2781879ab5409f7d9c2" + integrity sha512-BCfFL1sHijQlBGWBMuJyhZUhzo7wer5sVj9hqekB/7xn0Ypy+pER/edCYQm4exbXj4WiySGp40P8UuTh6w1srg== + ccount@^2.0.0: version "2.0.1" resolved "https://registry.yarnpkg.com/ccount/-/ccount-2.0.1.tgz#17a3bf82302e0870d6da43a01311a8bc02a3ecf5" @@ -3692,6 +3739,11 @@ electron-to-chromium@^1.4.668: resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.4.705.tgz#ef4f912620bd7c9555a20554ffc568184c0ddceb" integrity sha512-LKqhpwJCLhYId2VVwEzFXWrqQI5n5zBppz1W9ehhTlfYU8CUUW6kClbN8LHF/v7flMgRdETS772nqywJ+ckVAw== +electron-to-chromium@^1.5.263: + version "1.5.286" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.286.tgz#142be1ab5e1cd5044954db0e5898f60a4960384e" + integrity sha512-9tfDXhJ4RKFNerfjdCcZfufu49vg620741MNs26a9+bhLThdB+plgMeou98CAaHu/WATj2iHOOHTp1hWtABj2A== + emoji-regex@^8.0.0: version "8.0.0" resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37" @@ -3727,13 +3779,13 @@ encodeurl@~2.0.0: resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-2.0.0.tgz#7b8ea898077d7e409d3ac45474ea38eaf0857a58" integrity sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg== -enhanced-resolve@^5.17.1: - version "5.17.1" - resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.17.1.tgz#67bfbbcc2f81d511be77d686a90267ef7f898a15" - integrity sha512-LMHl3dXhTcfv8gM4kEzIUeTQ+7fpdA0l2tUf34BddXPkz2A5xJ5L/Pchd5BL6rdccM9QGvu0sWZzK1Z1t4wwyg== +enhanced-resolve@^5.19.0: + version "5.19.0" + resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.19.0.tgz#6687446a15e969eaa63c2fa2694510e17ae6d97c" + integrity sha512-phv3E1Xl4tQOShqSte26C7Fl84EwUdZsyOuSSk9qtAGyyQs2s3jJzComh+Abf4g187lUUAvH+H26omrqia2aGg== dependencies: graceful-fs "^4.2.4" - tapable "^2.2.0" + tapable "^2.3.0" entities@^2.0.0: version "2.2.0" @@ -3764,16 +3816,21 @@ es-errors@^1.3.0: resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f" integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw== -es-module-lexer@^1.2.1: - version "1.4.1" - resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-1.4.1.tgz#41ea21b43908fe6a287ffcbe4300f790555331f5" - integrity sha512-cXLGjP0c4T3flZJKQSuziYoq7MlT+rnvfZjfp7h+I7K9BNX54kP9nyWvdbwjQ4u1iWbOL4u96fgeZLToQlZC7w== +es-module-lexer@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-2.0.0.tgz#f657cd7a9448dcdda9c070a3cb75e5dc1e85f5b1" + integrity sha512-5POEcUuZybH7IdmGsD8wlf0AI55wMecM9rVBTI/qEAy2c1kTOm3DjFYjrBdI2K3BaJjJYfYFeRtM0t9ssnRuxw== escalade@^3.1.1: version "3.1.2" resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.2.tgz#54076e9ab29ea5bf3d8f1ed62acffbb88272df27" integrity sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA== +escalade@^3.2.0: + version "3.2.0" + resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.2.0.tgz#011a3f69856ba189dffa7dc8fcce99d2a87903e5" + integrity sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA== + escape-goat@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/escape-goat/-/escape-goat-4.0.0.tgz#9424820331b510b0666b98f7873fe11ac4aa8081" @@ -5164,10 +5221,10 @@ lines-and-columns@^1.1.6: resolved "https://registry.yarnpkg.com/lines-and-columns/-/lines-and-columns-1.2.4.tgz#eca284f75d2965079309dc0ad9255abb2ebc1632" integrity sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg== -loader-runner@^4.2.0: - version "4.3.0" - resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-4.3.0.tgz#c1b4a163b99f614830353b16755e7149ac2314e1" - integrity sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg== +loader-runner@^4.3.1: + version "4.3.1" + resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-4.3.1.tgz#6c76ed29b0ccce9af379208299f07f876de737e3" + integrity sha512-IWqP2SCPhyVFTBtRcgMHdzlf9ul25NwaFx4wCEH/KjAXuuHY4yNjvPXsBokp8jCB936PyWRaPKUNh8NvylLp2Q== loader-utils@^2.0.0: version "2.0.4" @@ -6091,6 +6148,11 @@ node-releases@^2.0.14: resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.14.tgz#2ffb053bceb8b2be8495ece1ab6ce600c4461b0b" integrity sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw== +node-releases@^2.0.27: + version "2.0.27" + resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.27.tgz#eedca519205cf20f650f61d56b070db111231e4e" + integrity sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA== + normalize-path@^3.0.0, normalize-path@~3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-3.0.0.tgz#0dcd69ff23a1c9b11fd0978316644a0388216a65" @@ -6420,6 +6482,11 @@ picocolors@^1.0.0: resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.0.tgz#cb5bdc74ff3f51892236eaf79d68bc44564ab81c" integrity sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ== +picocolors@^1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b" + integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== + picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1: version "2.3.1" resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42" @@ -7340,7 +7407,7 @@ schema-utils@2.7.0: ajv "^6.12.2" ajv-keywords "^3.4.1" -schema-utils@^3.0.0, schema-utils@^3.1.1, schema-utils@^3.2.0: +schema-utils@^3.0.0, schema-utils@^3.1.1: version "3.3.0" resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.3.0.tgz#f50a88877c3c01652a15b622ae9e9795df7a60fe" integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg== @@ -7359,6 +7426,16 @@ schema-utils@^4.0.0: ajv-formats "^2.1.1" ajv-keywords "^5.1.0" +schema-utils@^4.3.0, schema-utils@^4.3.3: + version "4.3.3" + resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-4.3.3.tgz#5b1850912fa31df90716963d45d9121fdfc09f46" + integrity sha512-eflK8wEtyOE6+hsaRVPxvUKYCpRgzLqDTb8krvAsRIwOGlHoSgYLgBXoubGgLd2fT41/OUYdb48v4k4WWHQurA== + dependencies: + "@types/json-schema" "^7.0.9" + ajv "^8.9.0" + ajv-formats "^2.1.1" + ajv-keywords "^5.1.0" + section-matter@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/section-matter/-/section-matter-1.0.0.tgz#e9041953506780ec01d59f292a19c7b850b84167" @@ -7418,7 +7495,7 @@ send@0.19.0: range-parser "~1.2.1" statuses "2.0.1" -serialize-javascript@^6.0.0, serialize-javascript@^6.0.1: +serialize-javascript@^6.0.0, serialize-javascript@^6.0.1, serialize-javascript@^6.0.2: version "6.0.2" resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2" integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g== @@ -7827,12 +7904,28 @@ tapable@^1.0.0: resolved "https://registry.yarnpkg.com/tapable/-/tapable-1.1.3.tgz#a1fccc06b58db61fd7a45da2da44f5f3a3e67ba2" integrity sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA== -tapable@^2.0.0, tapable@^2.1.1, tapable@^2.2.0, tapable@^2.2.1: +tapable@^2.0.0, tapable@^2.2.1: version "2.2.1" resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.2.1.tgz#1967a73ef4060a82f12ab96af86d52fdb76eeca0" integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== -terser-webpack-plugin@^5.3.10, terser-webpack-plugin@^5.3.9: +tapable@^2.3.0: + version "2.3.0" + resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.3.0.tgz#7e3ea6d5ca31ba8e078b560f0d83ce9a14aa8be6" + integrity sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg== + +terser-webpack-plugin@^5.3.16: + version "5.3.16" + resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.16.tgz#741e448cc3f93d8026ebe4f7ef9e4afacfd56330" + integrity sha512-h9oBFCWrq78NyWWVcSwZarJkZ01c2AyGrzs1crmHZO3QUg9D61Wu4NPjBy69n7JqylFF5y+CsUZYmYEIZ3mR+Q== + dependencies: + "@jridgewell/trace-mapping" "^0.3.25" + jest-worker "^27.4.5" + schema-utils "^4.3.0" + serialize-javascript "^6.0.2" + terser "^5.31.1" + +terser-webpack-plugin@^5.3.9: version "5.3.10" resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.10.tgz#904f4c9193c6fd2a03f693a2150c62a92f40d199" integrity sha512-BKFPWlPDndPs+NGGCr1U59t0XScL5317Y0UReNrHaw9/FwhPENlq6bfgs+4yPfyP51vqC1bQ4rp1EfXW5ZSH9w== @@ -7853,6 +7946,16 @@ terser@^5.10.0, terser@^5.15.1, terser@^5.26.0: commander "^2.20.0" source-map-support "~0.5.20" +terser@^5.31.1: + version "5.46.0" + resolved "https://registry.yarnpkg.com/terser/-/terser-5.46.0.tgz#1b81e560d584bbdd74a8ede87b4d9477b0ff9695" + integrity sha512-jTwoImyr/QbOWFFso3YoU3ik0jBBDJ6JTOQiy/J2YxVJdZCc+5u7skhNwiOR3FQIygFqVUPHl7qbbxtjW2K3Qg== + dependencies: + "@jridgewell/source-map" "^0.3.3" + acorn "^8.15.0" + commander "^2.20.0" + source-map-support "~0.5.20" + text-table@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4" @@ -8059,6 +8162,14 @@ update-browserslist-db@^1.0.13: escalade "^3.1.1" picocolors "^1.0.0" +update-browserslist-db@^1.2.0: + version "1.2.3" + resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz#64d76db58713136acbeb4c49114366cc6cc2e80d" + integrity sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w== + dependencies: + escalade "^3.2.0" + picocolors "^1.1.1" + update-notifier@^6.0.2: version "6.0.2" resolved "https://registry.yarnpkg.com/update-notifier/-/update-notifier-6.0.2.tgz#a6990253dfe6d5a02bd04fbb6a61543f55026b60" @@ -8155,10 +8266,10 @@ vfile@^6.0.0, vfile@^6.0.1: unist-util-stringify-position "^4.0.0" vfile-message "^4.0.0" -watchpack@^2.4.1: - version "2.4.2" - resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.4.2.tgz#2feeaed67412e7c33184e5a79ca738fbd38564da" - integrity sha512-TnbFSbcOCcDgjZ4piURLCbJ3nJhznVh9kw6F6iokjiFPl8ONxe9A6nMDVXDiNbrSfLILs6vB07F7wLBrwPYzJw== +watchpack@^2.5.1: + version "2.5.1" + resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.5.1.tgz#dd38b601f669e0cbf567cb802e75cead82cde102" + integrity sha512-Zn5uXdcFNIA1+1Ei5McRd+iRzfhENPCe7LeABkJtNulSxjma+l7ltNx55BWZkRlwRnpOgHqxnjyaDgJnNXnqzg== dependencies: glob-to-regexp "^0.4.1" graceful-fs "^4.1.2" @@ -8250,39 +8361,46 @@ webpack-merge@^5.9.0: flat "^5.0.2" wildcard "^2.0.0" -webpack-sources@^3.2.2, webpack-sources@^3.2.3: +webpack-sources@^3.2.2: version "3.2.3" resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde" integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w== +webpack-sources@^3.3.3: + version "3.3.3" + resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.3.3.tgz#d4bf7f9909675d7a070ff14d0ef2a4f3c982c723" + integrity sha512-yd1RBzSGanHkitROoPFd6qsrxt+oFhg/129YzheDGqeustzX0vTZJZsSsQjVQC4yzBQ56K55XU8gaNCtIzOnTg== + webpack@^5.88.1: - version "5.94.0" - resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.94.0.tgz#77a6089c716e7ab90c1c67574a28da518a20970f" - integrity sha512-KcsGn50VT+06JH/iunZJedYGUJS5FGjow8wb9c0v5n1Om8O1g4L6LjtfxwlXIATopoQu+vOXXa7gYisWxCoPyg== - dependencies: - "@types/estree" "^1.0.5" - "@webassemblyjs/ast" "^1.12.1" - "@webassemblyjs/wasm-edit" "^1.12.1" - "@webassemblyjs/wasm-parser" "^1.12.1" - acorn "^8.7.1" - acorn-import-attributes "^1.9.5" - browserslist "^4.21.10" + version "5.105.0" + resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.105.0.tgz#38b5e6c5db8cbe81debbd16e089335ada05ea23a" + integrity sha512-gX/dMkRQc7QOMzgTe6KsYFM7DxeIONQSui1s0n/0xht36HvrgbxtM1xBlgx596NbpHuQU8P7QpKwrZYwUX48nw== + dependencies: + "@types/eslint-scope" "^3.7.7" + "@types/estree" "^1.0.8" + "@types/json-schema" "^7.0.15" + "@webassemblyjs/ast" "^1.14.1" + "@webassemblyjs/wasm-edit" "^1.14.1" + "@webassemblyjs/wasm-parser" "^1.14.1" + acorn "^8.15.0" + acorn-import-phases "^1.0.3" + browserslist "^4.28.1" chrome-trace-event "^1.0.2" - enhanced-resolve "^5.17.1" - es-module-lexer "^1.2.1" + enhanced-resolve "^5.19.0" + es-module-lexer "^2.0.0" eslint-scope "5.1.1" events "^3.2.0" glob-to-regexp "^0.4.1" graceful-fs "^4.2.11" json-parse-even-better-errors "^2.3.1" - loader-runner "^4.2.0" + loader-runner "^4.3.1" mime-types "^2.1.27" neo-async "^2.6.2" - schema-utils "^3.2.0" - tapable "^2.1.1" - terser-webpack-plugin "^5.3.10" - watchpack "^2.4.1" - webpack-sources "^3.2.3" + schema-utils "^4.3.3" + tapable "^2.3.0" + terser-webpack-plugin "^5.3.16" + watchpack "^2.5.1" + webpack-sources "^3.3.3" webpackbar@^5.0.2: version "5.0.2" From 5d9421b1e8dce1be9467a63c91ba36ec38227bd6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:00:26 +0000 Subject: [PATCH 08/28] chore(deps): bump jws in /interop/authzen-todo-backend (#411) Bumps [jws](https://github.com/brianloveswords/node-jws) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3) --- updated-dependencies: - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-todo-backend/yarn.lock | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/interop/authzen-todo-backend/yarn.lock b/interop/authzen-todo-backend/yarn.lock index 379ad54..82ad05c 100644 --- a/interop/authzen-todo-backend/yarn.lock +++ b/interop/authzen-todo-backend/yarn.lock @@ -549,9 +549,9 @@ braces@~3.0.2: dependencies: fill-range "^7.0.1" -buffer-equal-constant-time@1.0.1: +buffer-equal-constant-time@^1.0.1: version "1.0.1" - resolved "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz" + resolved "https://registry.yarnpkg.com/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz#f8e71132f7ffe6e01a5c9697a4c6f3e48d5cc819" integrity sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA== bytes@3.1.2: @@ -1704,12 +1704,12 @@ jsonwebtoken@^9.0.0: ms "^2.1.1" semver "^7.3.8" -jwa@^1.4.1: - version "1.4.1" - resolved "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz" - integrity sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA== +jwa@^1.4.2: + version "1.4.2" + resolved "https://registry.yarnpkg.com/jwa/-/jwa-1.4.2.tgz#16011ac6db48de7b102777e57897901520eec7b9" + integrity sha512-eeH5JO+21J78qMvTIDdBXidBd6nG2kZjg5Ohz/1fpa28Z4CcsWUzJ1ZZyFq/3z3N17aZy+ZuBoHljASbL1WfOw== dependencies: - buffer-equal-constant-time "1.0.1" + buffer-equal-constant-time "^1.0.1" ecdsa-sig-formatter "1.0.11" safe-buffer "^5.0.1" @@ -1726,11 +1726,11 @@ jwks-rsa@3.0.0: lru-memoizer "^2.1.4" jws@^3.2.2: - version "3.2.2" - resolved "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz" - integrity sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA== + version "3.2.3" + resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.3.tgz#5ac0690b460900a27265de24520526853c0b8ca1" + integrity sha512-byiJ0FLRdLdSVSReO/U4E7RoEyOCKnEnEPMjq3HxWtvzLsV08/i5RQKsFVNkCldrCaPr2vDNAOMsfs8T/Hze7g== dependencies: - jwa "^1.4.1" + jwa "^1.4.2" safe-buffer "^5.0.1" levn@^0.4.1: From f9227ea90206ca708c162fbf2c05b2491dc7650d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:00:37 +0000 Subject: [PATCH 09/28] chore(deps): bump ajv in /interop/authzen-api-gateways/zuplo-gateway (#437) Bumps [ajv](https://github.com/ajv-validator/ajv) from 8.17.1 to 8.18.0. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-api-gateways/zuplo-gateway/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock index 2fe3268..48c440f 100644 --- a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock +++ b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock @@ -1270,9 +1270,9 @@ ajv-formats@^3.0.1: ajv "^8.0.0" ajv@^8.0.0, ajv@^8.10.0, ajv@^8.11.0, ajv@^8.17.1: - version "8.17.1" - resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.17.1.tgz#37d9a5c776af6bc92d7f4f9510eba4c0a60d11a6" - integrity sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g== + version "8.18.0" + resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.18.0.tgz#8864186b6738d003eb3a933172bb3833e10cefbc" + integrity sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A== dependencies: fast-deep-equal "^3.1.3" fast-uri "^3.0.1" From 6884508f993821771fd4127f0e054568a5373d11 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:00:41 +0000 Subject: [PATCH 10/28] chore(deps): bump tar in /interop/authzen-api-gateways/zuplo-gateway (#436) Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.9. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.9) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.9 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .../zuplo-gateway/yarn.lock | 34 ++++++------------- 1 file changed, 10 insertions(+), 24 deletions(-) diff --git a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock index 48c440f..834fb26 100644 --- a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock +++ b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock @@ -1972,7 +1972,7 @@ glob-parent@^5.1.2, glob-parent@~5.1.2: dependencies: is-glob "^4.0.1" -glob@^10.3.4, glob@^10.3.7: +glob@^10.3.4: version "10.4.5" resolved "https://registry.yarnpkg.com/glob/-/glob-10.4.5.tgz#f4d9f0b90ffdbab09c9d77f5f29b4262517b0956" integrity sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg== @@ -2333,18 +2333,12 @@ minimist@^1.2.6: resolved "https://registry.yarnpkg.com/minipass/-/minipass-7.1.2.tgz#93a9626ce5e5e66bd4db86849e7515e92340a707" integrity sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw== -minizlib@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-3.0.1.tgz#46d5329d1eb3c83924eff1d3b858ca0a31581012" - integrity sha512-umcy022ILvb5/3Djuu8LWeqUa8D68JaBzlttKeMWen48SjabqS3iY5w/vzeMzMUNhLDifyhbOwKDSznB1vvrwg== +minizlib@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-3.1.0.tgz#6ad76c3a8f10227c9b51d1c9ac8e30b27f5a251c" + integrity sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw== dependencies: - minipass "^7.0.4" - rimraf "^5.0.5" - -mkdirp@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-3.0.1.tgz#e44e4c5607fb279c168241713cc6e0fea9adcb50" - integrity sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg== + minipass "^7.1.2" mnemonist@0.39.6: version "0.39.6" @@ -2789,13 +2783,6 @@ rfdc@^1.2.0, rfdc@^1.3.0: resolved "https://registry.yarnpkg.com/rfdc/-/rfdc-1.4.1.tgz#778f76c4fb731d93414e8f925fbecf64cce7f6ca" integrity sha512-q1b3N5QkRUWUl7iyylaaj3kOpIT0N2i9MqIEQXP73GVsN9cw3fdx8X63cEmWhJGi2PPCF23Ijp7ktmd39rawIA== -rimraf@^5.0.5: - version "5.0.10" - resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-5.0.10.tgz#23b9843d3dc92db71f96e1a2ce92e39fd2a8221c" - integrity sha512-l0OE8wL34P4nJH/H2ffoaniAokM2qSmrtXHmlpvYr5AVVX8msAyW0l8NVJFDxlSK4u3Uh/f41cQheDVdnYijwQ== - dependencies: - glob "^10.3.7" - rimraf@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-6.0.1.tgz#ffb8ad8844dd60332ab15f52bc104bc3ed71ea4e" @@ -3006,15 +2993,14 @@ supports-preserve-symlinks-flag@^1.0.0: integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w== tar@^7.4.3: - version "7.4.3" - resolved "https://registry.yarnpkg.com/tar/-/tar-7.4.3.tgz#88bbe9286a3fcd900e94592cda7a22b192e80571" - integrity sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw== + version "7.5.9" + resolved "https://registry.yarnpkg.com/tar/-/tar-7.5.9.tgz#817ac12a54bc4362c51340875b8985d7dc9724b8" + integrity sha512-BTLcK0xsDh2+PUe9F6c2TlRp4zOOBMTkoQHQIWSIzI0R7KG46uEwq4OPk2W7bZcprBMsuaeFsqwYr7pjh6CuHg== dependencies: "@isaacs/fs-minipass" "^4.0.0" chownr "^3.0.0" minipass "^7.1.2" - minizlib "^3.0.1" - mkdirp "^3.0.1" + minizlib "^3.1.0" yallist "^5.0.0" thread-stream@^3.0.0: From 1227c7d68a7bc4827ec39b69a91b2ed1ba644581 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:00:44 +0000 Subject: [PATCH 11/28] chore(deps): bump axios in /interop/authzen-todo-backend (#434) Bumps [axios](https://github.com/axios/axios) from 1.12.0 to 1.13.5. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v1.12.0...v1.13.5) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-todo-backend/package.json | 2 +- interop/authzen-todo-backend/yarn.lock | 28 +++++++++++------------ 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/interop/authzen-todo-backend/package.json b/interop/authzen-todo-backend/package.json index 86db735..193bcb6 100644 --- a/interop/authzen-todo-backend/package.json +++ b/interop/authzen-todo-backend/package.json @@ -21,7 +21,7 @@ "author": "Omri Gazitt ", "license": "MIT", "dependencies": { - "axios": "^1.12.0", + "axios": "^1.13.5", "cli-color": "^2.0.4", "cors": "^2.8.5", "dotenv": "^16.0.0", diff --git a/interop/authzen-todo-backend/yarn.lock b/interop/authzen-todo-backend/yarn.lock index 82ad05c..b7fd71b 100644 --- a/interop/authzen-todo-backend/yarn.lock +++ b/interop/authzen-todo-backend/yarn.lock @@ -490,13 +490,13 @@ asynckit@^0.4.0: resolved "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz" integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q== -axios@^1.12.0: - version "1.12.0" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.12.0.tgz#11248459be05a5ee493485628fa0e4323d0abfc3" - integrity sha512-oXTDccv8PcfjZmPGlWsPSwtOJCZ/b6W5jAMCNcfwJbCzDckwG0jrYJFaWH1yvivfCXjVzV/SPDEhMB3Q+DSurg== +axios@^1.13.5: + version "1.13.5" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.13.5.tgz#5e464688fa127e11a660a2c49441c009f6567a43" + integrity sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q== dependencies: - follow-redirects "^1.15.6" - form-data "^4.0.4" + follow-redirects "^1.15.11" + form-data "^4.0.5" proxy-from-env "^1.1.0" balanced-match@^1.0.0: @@ -1254,15 +1254,15 @@ flatted@^3.1.0: resolved "https://registry.npmjs.org/flatted/-/flatted-3.2.7.tgz" integrity sha512-5nqDSxl8nn5BSNxyR3n4I6eDmbolI6WT+QqR547RwxQapgjQBmtktdP+HTBb/a/zLsbzERTONyUB5pefh5TtjQ== -follow-redirects@^1.15.6: - version "1.15.6" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.6.tgz#7f815c0cda4249c74ff09e95ef97c23b5fd0399b" - integrity sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA== +follow-redirects@^1.15.11: + version "1.15.11" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.11.tgz#777d73d72a92f8ec4d2e410eb47352a56b8e8340" + integrity sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ== -form-data@^4.0.4: - version "4.0.4" - resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.4.tgz#784cdcce0669a9d68e94d11ac4eea98088edd2c4" - integrity sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow== +form-data@^4.0.5: + version "4.0.5" + resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.5.tgz#b49e48858045ff4cbf6b03e1805cebcad3679053" + integrity sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w== dependencies: asynckit "^0.4.0" combined-stream "^1.0.8" From 26cd50c03abf19ee5c15faf569a51efc8fb88ed7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:00:49 +0000 Subject: [PATCH 12/28] chore(deps): bump lodash in /interop/authzen-interop-website (#426) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-interop-website/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-interop-website/yarn.lock b/interop/authzen-interop-website/yarn.lock index 4de9fd2..0153eed 100644 --- a/interop/authzen-interop-website/yarn.lock +++ b/interop/authzen-interop-website/yarn.lock @@ -5278,9 +5278,9 @@ lodash.uniq@^4.5.0: integrity sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ== lodash@^4.17.20, lodash@^4.17.21: - version "4.17.21" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" - integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== + version "4.17.23" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.23.tgz#f113b0378386103be4f6893388c73d0bde7f2c5a" + integrity sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w== longest-streak@^3.0.0: version "3.1.0" From 0e0a3d3997a5db3688d2d8c382ae3b0e020b2f7e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:00:54 +0000 Subject: [PATCH 13/28] chore(deps): bump undici in /interop/authzen-api-gateways/zuplo-gateway (#423) Bumps [undici](https://github.com/nodejs/undici) from 6.21.3 to 6.23.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v6.21.3...v6.23.0) --- updated-dependencies: - dependency-name: undici dependency-version: 6.23.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-api-gateways/zuplo-gateway/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock index 834fb26..fd1d743 100644 --- a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock +++ b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock @@ -3060,9 +3060,9 @@ undici-types@~6.20.0: integrity sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg== undici@^6.21.1: - version "6.21.3" - resolved "https://registry.yarnpkg.com/undici/-/undici-6.21.3.tgz#185752ad92c3d0efe7a7d1f6854a50f83b552d7a" - integrity sha512-gBLkYIlEnSp8pFbT64yFgGE6UIB9tAkhukC23PmMDCe5Nd+cRqKxSjw5y54MK2AZMgZfJWMaNE4nYUHgi1XEOw== + version "6.23.0" + resolved "https://registry.yarnpkg.com/undici/-/undici-6.23.0.tgz#7953087744d9095a96f115de3140ca3828aff3a4" + integrity sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g== util-deprecate@^1.0.1: version "1.0.2" From 8691cc4a76faa232f2029075959b8ba5804cc277 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:00:57 +0000 Subject: [PATCH 14/28] chore(deps): bump react-router in /interop/authzen-idp (#421) Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) from 7.9.1 to 7.12.0. - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router) --- updated-dependencies: - dependency-name: react-router dependency-version: 7.12.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-idp/package.json | 2 +- interop/authzen-idp/pnpm-lock.yaml | 57 ++++++++++++++++-------------- 2 files changed, 32 insertions(+), 27 deletions(-) diff --git a/interop/authzen-idp/package.json b/interop/authzen-idp/package.json index f9ba9b6..3ff95cb 100644 --- a/interop/authzen-idp/package.json +++ b/interop/authzen-idp/package.json @@ -33,7 +33,7 @@ "react": "^19.1.0", "react-dom": "^19.1.0", "react-hook-form": "^7.62.0", - "react-router": "^7.7.1", + "react-router": "^7.12.0", "react-syntax-highlighter": "^15.6.6", "tailwind-merge": "^3.3.1", "zod": "^4.1.9" diff --git a/interop/authzen-idp/pnpm-lock.yaml b/interop/authzen-idp/pnpm-lock.yaml index 7277a16..e18f1ed 100644 --- a/interop/authzen-idp/pnpm-lock.yaml +++ b/interop/authzen-idp/pnpm-lock.yaml @@ -49,10 +49,10 @@ importers: version: 1.2.8(@types/react-dom@19.1.9(@types/react@19.1.13))(@types/react@19.1.13)(react-dom@19.1.1(react@19.1.1))(react@19.1.1) '@react-router/node': specifier: ^7.7.1 - version: 7.9.1(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) + version: 7.9.1(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) '@react-router/serve': specifier: ^7.7.1 - version: 7.9.1(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) + version: 7.9.1(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) '@types/react-syntax-highlighter': specifier: ^15.5.13 version: 15.5.13 @@ -78,8 +78,8 @@ importers: specifier: ^7.62.0 version: 7.62.0(react@19.1.1) react-router: - specifier: ^7.7.1 - version: 7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1) + specifier: ^7.12.0 + version: 7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1) react-syntax-highlighter: specifier: ^15.6.6 version: 15.6.6(react@19.1.1) @@ -95,7 +95,7 @@ importers: version: 2.2.4 '@react-router/dev': specifier: ^7.7.1 - version: 7.9.1(@react-router/serve@7.9.1(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2))(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1)(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2)(vite@6.4.1(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1)) + version: 7.9.1(@react-router/serve@7.9.1(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2))(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1)(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2)(vite@6.4.1(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1)) '@tailwindcss/vite': specifier: ^4.1.4 version: 4.1.13(vite@6.4.1(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1)) @@ -1356,8 +1356,8 @@ packages: resolution: {integrity: sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==} engines: {node: '>= 0.6'} - cookie@1.0.2: - resolution: {integrity: sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA==} + cookie@1.1.1: + resolution: {integrity: sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==} engines: {node: '>=18'} cross-spawn@7.0.6: @@ -1964,8 +1964,8 @@ packages: '@types/react': optional: true - react-router@7.9.1: - resolution: {integrity: sha512-pfAByjcTpX55mqSDGwGnY9vDCpxqBLASg0BMNAuMmpSGESo/TaOUG6BllhAtAkCGx8Rnohik/XtaqiYUJtgW2g==} + react-router@7.12.0: + resolution: {integrity: sha512-kTPDYPFzDVGIIGNLS5VJykK0HfHLY5MF3b+xj0/tTyNYL1gF1qs7u67Z9jEhQk2sQ98SUaHxlG31g1JtF7IfVw==} engines: {node: '>=20.0.0'} peerDependencies: react: '>=18' @@ -2041,6 +2041,9 @@ packages: set-cookie-parser@2.7.1: resolution: {integrity: sha512-IOc8uWeOZgnb3ptbCURJWNjWUPcO3ZnTTdzsurqERrP6nPyv+paC55vJM0LpOlT2ne+Ix+9+CRG1MNLlyZ4GjQ==} + set-cookie-parser@2.7.2: + resolution: {integrity: sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw==} + setprototypeof@1.2.0: resolution: {integrity: sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==} @@ -3113,7 +3116,7 @@ snapshots: '@radix-ui/rect@1.1.1': {} - '@react-router/dev@7.9.1(@react-router/serve@7.9.1(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2))(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1)(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2)(vite@6.4.1(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1))': + '@react-router/dev@7.9.1(@react-router/serve@7.9.1(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2))(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1)(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2)(vite@6.4.1(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1))': dependencies: '@babel/core': 7.28.4 '@babel/generator': 7.28.3 @@ -3123,7 +3126,7 @@ snapshots: '@babel/traverse': 7.28.4 '@babel/types': 7.28.4 '@npmcli/package-json': 4.0.1 - '@react-router/node': 7.9.1(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) + '@react-router/node': 7.9.1(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) arg: 5.0.2 babel-dead-code-elimination: 1.0.10 chokidar: 4.0.3 @@ -3137,7 +3140,7 @@ snapshots: picocolors: 1.1.1 prettier: 3.6.2 react-refresh: 0.14.2 - react-router: 7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1) + react-router: 7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1) semver: 7.7.2 set-cookie-parser: 2.7.1 tinyglobby: 0.2.15 @@ -3145,7 +3148,7 @@ snapshots: vite: 6.4.1(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1) vite-node: 3.2.4(@types/node@20.19.17)(jiti@2.5.1)(lightningcss@1.30.1) optionalDependencies: - '@react-router/serve': 7.9.1(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) + '@react-router/serve': 7.9.1(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) typescript: 5.9.2 transitivePeerDependencies: - '@types/node' @@ -3163,30 +3166,30 @@ snapshots: - tsx - yaml - '@react-router/express@7.9.1(express@4.21.2)(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2)': + '@react-router/express@7.9.1(express@4.21.2)(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2)': dependencies: - '@react-router/node': 7.9.1(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) + '@react-router/node': 7.9.1(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) express: 4.21.2 - react-router: 7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1) + react-router: 7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1) optionalDependencies: typescript: 5.9.2 - '@react-router/node@7.9.1(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2)': + '@react-router/node@7.9.1(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2)': dependencies: '@mjackson/node-fetch-server': 0.2.0 - react-router: 7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1) + react-router: 7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1) optionalDependencies: typescript: 5.9.2 - '@react-router/serve@7.9.1(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2)': + '@react-router/serve@7.9.1(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2)': dependencies: - '@react-router/express': 7.9.1(express@4.21.2)(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) - '@react-router/node': 7.9.1(react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) + '@react-router/express': 7.9.1(express@4.21.2)(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) + '@react-router/node': 7.9.1(react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(typescript@5.9.2) compression: 1.8.1 express: 4.21.2 get-port: 5.1.1 morgan: 1.10.1 - react-router: 7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1) + react-router: 7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1) source-map-support: 0.5.21 transitivePeerDependencies: - supports-color @@ -3496,7 +3499,7 @@ snapshots: cookie@0.7.1: {} - cookie@1.0.2: {} + cookie@1.1.1: {} cross-spawn@7.0.6: dependencies: @@ -4048,11 +4051,11 @@ snapshots: optionalDependencies: '@types/react': 19.1.13 - react-router@7.9.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1): + react-router@7.12.0(react-dom@19.1.1(react@19.1.1))(react@19.1.1): dependencies: - cookie: 1.0.2 + cookie: 1.1.1 react: 19.1.1 - set-cookie-parser: 2.7.1 + set-cookie-parser: 2.7.2 optionalDependencies: react-dom: 19.1.1(react@19.1.1) @@ -4155,6 +4158,8 @@ snapshots: set-cookie-parser@2.7.1: {} + set-cookie-parser@2.7.2: {} + setprototypeof@1.2.0: {} shebang-command@2.0.0: From a1f1f21f3253e027d373089ac5c553989fb4a917 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:01:01 +0000 Subject: [PATCH 15/28] chore(deps): bump react-router in /interop/authzen-search-demo (#420) Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) from 7.6.0 to 7.12.0. - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router) --- updated-dependencies: - dependency-name: react-router dependency-version: 7.12.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-search-demo/package.json | 2 +- interop/authzen-search-demo/yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/interop/authzen-search-demo/package.json b/interop/authzen-search-demo/package.json index 4bcf78d..5dea762 100644 --- a/interop/authzen-search-demo/package.json +++ b/interop/authzen-search-demo/package.json @@ -24,7 +24,7 @@ "lucide-react": "^0.488.0", "react": "^19.0.0", "react-dom": "^19.0.0", - "react-router": "^7.5.0", + "react-router": "^7.12.0", "react-syntax-highlighter": "^15.6.1", "tailwind-merge": "^3.2.0", "tw-animate-css": "^1.2.5", diff --git a/interop/authzen-search-demo/yarn.lock b/interop/authzen-search-demo/yarn.lock index 3c5130b..9fecb85 100644 --- a/interop/authzen-search-demo/yarn.lock +++ b/interop/authzen-search-demo/yarn.lock @@ -3008,10 +3008,10 @@ react-router-devtools@^1.1.0: "@rollup/rollup-darwin-arm64" "^4.32.1" "@rollup/rollup-linux-x64-gnu" "^4.32.1" -react-router@^7.5.0: - version "7.6.0" - resolved "https://registry.yarnpkg.com/react-router/-/react-router-7.6.0.tgz#e2d0872d7bea8df79465a8bba9a20c87c32ce995" - integrity sha512-GGufuHIVCJDbnIAXP3P9Sxzq3UUsddG3rrI3ut1q6m0FI6vxVBF3JoPQ38+W/blslLH4a5Yutp8drkEpXoddGQ== +react-router@^7.12.0: + version "7.12.0" + resolved "https://registry.yarnpkg.com/react-router/-/react-router-7.12.0.tgz#459a86862abbedd02e76e686751fe71f9fd73a4f" + integrity sha512-kTPDYPFzDVGIIGNLS5VJykK0HfHLY5MF3b+xj0/tTyNYL1gF1qs7u67Z9jEhQk2sQ98SUaHxlG31g1JtF7IfVw== dependencies: cookie "^1.0.1" set-cookie-parser "^2.6.0" From 228d7c923712b656da341f7125d73842cadaf9f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:01:34 +0000 Subject: [PATCH 16/28] chore(deps): bump @react-router/node in /interop/authzen-search-demo (#417) Bumps [@react-router/node](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-node) from 7.6.0 to 7.9.4. - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-node/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/@react-router/node@7.9.4/packages/react-router-node) --- updated-dependencies: - dependency-name: "@react-router/node" dependency-version: 7.9.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-search-demo/package.json | 2 +- interop/authzen-search-demo/yarn.lock | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/interop/authzen-search-demo/package.json b/interop/authzen-search-demo/package.json index 5dea762..9f84f3f 100644 --- a/interop/authzen-search-demo/package.json +++ b/interop/authzen-search-demo/package.json @@ -16,7 +16,7 @@ "@radix-ui/react-slot": "^1.2.0", "@radix-ui/react-tabs": "^1.1.4", "@radix-ui/react-tooltip": "^1.2.0", - "@react-router/node": "^7.5.0", + "@react-router/node": "^7.9.4", "@react-router/serve": "^7.5.0", "class-variance-authority": "^0.7.1", "clsx": "^2.1.1", diff --git a/interop/authzen-search-demo/yarn.lock b/interop/authzen-search-demo/yarn.lock index 9fecb85..906d92c 100644 --- a/interop/authzen-search-demo/yarn.lock +++ b/interop/authzen-search-demo/yarn.lock @@ -1029,7 +1029,7 @@ dependencies: "@react-router/node" "7.6.0" -"@react-router/node@7.6.0", "@react-router/node@^7.5.0": +"@react-router/node@7.6.0": version "7.6.0" resolved "https://registry.yarnpkg.com/@react-router/node/-/node-7.6.0.tgz#18c31c502f8004f2b8a1ca6ceebd0ac1e9307e12" integrity sha512-agjDPUzisLdGJ7Q2lx/Z3OfdS2t1k6qv/nTvA45iahGsQJCMDvMqVoIi7iIULKQJwrn4HWjM9jqEp75+WsMOXg== @@ -1039,6 +1039,13 @@ stream-slice "^0.1.2" undici "^6.19.2" +"@react-router/node@^7.9.4": + version "7.9.4" + resolved "https://registry.yarnpkg.com/@react-router/node/-/node-7.9.4.tgz#6c1a566c8e808b52cc96ad053767984e01419994" + integrity sha512-sdeDNRaqAB71BR2hPlhcQbPbrXh8uGJUjLVc+NpRiPsQbv6B8UvIucN4IX9YGVJkw3UxVQBn2vPSwxACAck32Q== + dependencies: + "@mjackson/node-fetch-server" "^0.2.0" + "@react-router/serve@^7.5.0": version "7.6.0" resolved "https://registry.yarnpkg.com/@react-router/serve/-/serve-7.6.0.tgz#ab0ff21cf80b3dbbb746fad1110d9d2903b24439" From 99606f8bf6ced0c99e28eed061a0e5950f3b632b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Feb 2026 09:02:40 +0000 Subject: [PATCH 17/28] chore(deps): bump tar in /interop/authzen-search-demo (#438) Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.9. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.9) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.9 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-search-demo/yarn.lock | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/interop/authzen-search-demo/yarn.lock b/interop/authzen-search-demo/yarn.lock index 906d92c..646c738 100644 --- a/interop/authzen-search-demo/yarn.lock +++ b/interop/authzen-search-demo/yarn.lock @@ -2593,18 +2593,13 @@ minimatch@^9.0.4: resolved "https://registry.yarnpkg.com/minipass/-/minipass-7.1.2.tgz#93a9626ce5e5e66bd4db86849e7515e92340a707" integrity sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw== -minizlib@^3.0.1: - version "3.0.2" - resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-3.0.2.tgz#f33d638eb279f664439aa38dc5f91607468cb574" - integrity sha512-oG62iEk+CYt5Xj2YqI5Xi9xWUeZhDI8jjQmC5oThVH5JGCTgIjr7ciJDzC7MBzYd//WvR1OTmP5Q38Q8ShQtVA== +minizlib@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-3.1.0.tgz#6ad76c3a8f10227c9b51d1c9ac8e30b27f5a251c" + integrity sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw== dependencies: minipass "^7.1.2" -mkdirp@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-3.0.1.tgz#e44e4c5607fb279c168241713cc6e0fea9adcb50" - integrity sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg== - morgan@^1.10.0: version "1.10.0" resolved "https://registry.yarnpkg.com/morgan/-/morgan-1.10.0.tgz#091778abc1fc47cd3509824653dae1faab6b17d7" @@ -3402,15 +3397,14 @@ tapable@^2.2.0: integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== tar@^7.4.3: - version "7.4.3" - resolved "https://registry.yarnpkg.com/tar/-/tar-7.4.3.tgz#88bbe9286a3fcd900e94592cda7a22b192e80571" - integrity sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw== + version "7.5.9" + resolved "https://registry.yarnpkg.com/tar/-/tar-7.5.9.tgz#817ac12a54bc4362c51340875b8985d7dc9724b8" + integrity sha512-BTLcK0xsDh2+PUe9F6c2TlRp4zOOBMTkoQHQIWSIzI0R7KG46uEwq4OPk2W7bZcprBMsuaeFsqwYr7pjh6CuHg== dependencies: "@isaacs/fs-minipass" "^4.0.0" chownr "^3.0.0" minipass "^7.1.2" - minizlib "^3.0.1" - mkdirp "^3.0.1" + minizlib "^3.1.0" yallist "^5.0.0" tinyglobby@^0.2.13: From c217cbd323db029b4321f86d11829cebfd1ad56f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 20:31:56 +0000 Subject: [PATCH 18/28] chore(deps): bump minimatch in /interop/authzen-todo-backend (#439) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.4. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.4) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-todo-backend/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-todo-backend/yarn.lock b/interop/authzen-todo-backend/yarn.lock index b7fd71b..3d1166e 100644 --- a/interop/authzen-todo-backend/yarn.lock +++ b/interop/authzen-todo-backend/yarn.lock @@ -1897,9 +1897,9 @@ mime@1.6.0: integrity sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg== minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2: - version "3.1.2" - resolved "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz" - integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== + version "3.1.4" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.4.tgz#89d910ea3970a77ac8edfd30340ccd038b758079" + integrity sha512-twmL+S8+7yIsE9wsqgzU3E8/LumN3M3QELrBZ20OdmQ9jB2JvW5oZtBEmft84k/Gs5CG9mqtWc6Y9vW+JEzGxw== dependencies: brace-expansion "^1.1.7" From 4d72a601d405625cd878296920c18ccad23da3ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 20:31:58 +0000 Subject: [PATCH 19/28] chore(deps): bump rollup in /interop/authzen-search-demo (#440) Bumps [rollup](https://github.com/rollup/rollup) from 4.40.2 to 4.59.0. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.40.2...v4.59.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-search-demo/yarn.lock | 278 +++++++++++++++----------- 1 file changed, 159 insertions(+), 119 deletions(-) diff --git a/interop/authzen-search-demo/yarn.lock b/interop/authzen-search-demo/yarn.lock index 646c738..d45b7db 100644 --- a/interop/authzen-search-demo/yarn.lock +++ b/interop/authzen-search-demo/yarn.lock @@ -1059,105 +1059,140 @@ morgan "^1.10.0" source-map-support "^0.5.21" -"@rollup/rollup-android-arm-eabi@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.40.2.tgz#c228d00a41f0dbd6fb8b7ea819bbfbf1c1157a10" - integrity sha512-JkdNEq+DFxZfUwxvB58tHMHBHVgX23ew41g1OQinthJ+ryhdRk67O31S7sYw8u2lTjHUPFxwar07BBt1KHp/hg== - -"@rollup/rollup-android-arm64@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.40.2.tgz#e2b38d0c912169fd55d7e38d723aada208d37256" - integrity sha512-13unNoZ8NzUmnndhPTkWPWbX3vtHodYmy+I9kuLxN+F+l+x3LdVF7UCu8TWVMt1POHLh6oDHhnOA04n8oJZhBw== - -"@rollup/rollup-darwin-arm64@4.40.2", "@rollup/rollup-darwin-arm64@^4.32.1": +"@rollup/rollup-android-arm-eabi@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.59.0.tgz#a6742c74c7d9d6d604ef8a48f99326b4ecda3d82" + integrity sha512-upnNBkA6ZH2VKGcBj9Fyl9IGNPULcjXRlg0LLeaioQWueH30p6IXtJEbKAgvyv+mJaMxSm1l6xwDXYjpEMiLMg== + +"@rollup/rollup-android-arm64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.59.0.tgz#97247be098de4df0c11971089fd2edf80a5da8cf" + integrity sha512-hZ+Zxj3SySm4A/DylsDKZAeVg0mvi++0PYVceVyX7hemkw7OreKdCvW2oQ3T1FMZvCaQXqOTHb8qmBShoqk69Q== + +"@rollup/rollup-darwin-arm64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.59.0.tgz#674852cf14cf11b8056e0b1a2f4e872b523576cf" + integrity sha512-W2Psnbh1J8ZJw0xKAd8zdNgF9HRLkdWwwdWqubSVk0pUuQkoHnv7rx4GiF9rT4t5DIZGAsConRE3AxCdJ4m8rg== + +"@rollup/rollup-darwin-arm64@^4.32.1": version "4.40.2" resolved "https://registry.yarnpkg.com/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.40.2.tgz#1fddb3690f2ae33df16d334c613377f05abe4878" integrity sha512-Gzf1Hn2Aoe8VZzevHostPX23U7N5+4D36WJNHK88NZHCJr7aVMG4fadqkIf72eqVPGjGc0HJHNuUaUcxiR+N/w== -"@rollup/rollup-darwin-x64@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.40.2.tgz#818298d11c8109e1112590165142f14be24b396d" - integrity sha512-47N4hxa01a4x6XnJoskMKTS8XZ0CZMd8YTbINbi+w03A2w4j1RTlnGHOz/P0+Bg1LaVL6ufZyNprSg+fW5nYQQ== - -"@rollup/rollup-freebsd-arm64@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.40.2.tgz#91a28dc527d5bed7f9ecf0e054297b3012e19618" - integrity sha512-8t6aL4MD+rXSHHZUR1z19+9OFJ2rl1wGKvckN47XFRVO+QL/dUSpKA2SLRo4vMg7ELA8pzGpC+W9OEd1Z/ZqoQ== - -"@rollup/rollup-freebsd-x64@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.40.2.tgz#28acadefa76b5c7bede1576e065b51d335c62c62" - integrity sha512-C+AyHBzfpsOEYRFjztcYUFsH4S7UsE9cDtHCtma5BK8+ydOZYgMmWg1d/4KBytQspJCld8ZIujFMAdKG1xyr4Q== - -"@rollup/rollup-linux-arm-gnueabihf@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.40.2.tgz#819691464179cbcd9a9f9d3dc7617954840c6186" - integrity sha512-de6TFZYIvJwRNjmW3+gaXiZ2DaWL5D5yGmSYzkdzjBDS3W+B9JQ48oZEsmMvemqjtAFzE16DIBLqd6IQQRuG9Q== - -"@rollup/rollup-linux-arm-musleabihf@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.40.2.tgz#d149207039e4189e267e8724050388effc80d704" - integrity sha512-urjaEZubdIkacKc930hUDOfQPysezKla/O9qV+O89enqsqUmQm8Xj8O/vh0gHg4LYfv7Y7UsE3QjzLQzDYN1qg== - -"@rollup/rollup-linux-arm64-gnu@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.40.2.tgz#fa72ebddb729c3c6d88973242f1a2153c83e86ec" - integrity sha512-KlE8IC0HFOC33taNt1zR8qNlBYHj31qGT1UqWqtvR/+NuCVhfufAq9fxO8BMFC22Wu0rxOwGVWxtCMvZVLmhQg== - -"@rollup/rollup-linux-arm64-musl@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.40.2.tgz#2054216e34469ab8765588ebf343d531fc3c9228" - integrity sha512-j8CgxvfM0kbnhu4XgjnCWJQyyBOeBI1Zq91Z850aUddUmPeQvuAy6OiMdPS46gNFgy8gN1xkYyLgwLYZG3rBOg== - -"@rollup/rollup-linux-loongarch64-gnu@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-loongarch64-gnu/-/rollup-linux-loongarch64-gnu-4.40.2.tgz#818de242291841afbfc483a84f11e9c7a11959bc" - integrity sha512-Ybc/1qUampKuRF4tQXc7G7QY9YRyeVSykfK36Y5Qc5dmrIxwFhrOzqaVTNoZygqZ1ZieSWTibfFhQ5qK8jpWxw== - -"@rollup/rollup-linux-powerpc64le-gnu@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.40.2.tgz#0bb4cb8fc4a2c635f68c1208c924b2145eb647cb" - integrity sha512-3FCIrnrt03CCsZqSYAOW/k9n625pjpuMzVfeI+ZBUSDT3MVIFDSPfSUgIl9FqUftxcUXInvFah79hE1c9abD+Q== - -"@rollup/rollup-linux-riscv64-gnu@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.40.2.tgz#4b3b8e541b7b13e447ae07774217d98c06f6926d" - integrity sha512-QNU7BFHEvHMp2ESSY3SozIkBPaPBDTsfVNGx3Xhv+TdvWXFGOSH2NJvhD1zKAT6AyuuErJgbdvaJhYVhVqrWTg== - -"@rollup/rollup-linux-riscv64-musl@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.40.2.tgz#e065405e67d8bd64a7d0126c931bd9f03910817f" - integrity sha512-5W6vNYkhgfh7URiXTO1E9a0cy4fSgfE4+Hl5agb/U1sa0kjOLMLC1wObxwKxecE17j0URxuTrYZZME4/VH57Hg== - -"@rollup/rollup-linux-s390x-gnu@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.40.2.tgz#dda3265bbbfe16a5d0089168fd07f5ebb2a866fe" - integrity sha512-B7LKIz+0+p348JoAL4X/YxGx9zOx3sR+o6Hj15Y3aaApNfAshK8+mWZEf759DXfRLeL2vg5LYJBB7DdcleYCoQ== - -"@rollup/rollup-linux-x64-gnu@4.40.2", "@rollup/rollup-linux-x64-gnu@^4.32.1": +"@rollup/rollup-darwin-x64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.59.0.tgz#36dfd7ed0aaf4d9d89d9ef983af72632455b0246" + integrity sha512-ZW2KkwlS4lwTv7ZVsYDiARfFCnSGhzYPdiOU4IM2fDbL+QGlyAbjgSFuqNRbSthybLbIJ915UtZBtmuLrQAT/w== + +"@rollup/rollup-freebsd-arm64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.59.0.tgz#2f87c2074b4220260fdb52a9996246edfc633c22" + integrity sha512-EsKaJ5ytAu9jI3lonzn3BgG8iRBjV4LxZexygcQbpiU0wU0ATxhNVEpXKfUa0pS05gTcSDMKpn3Sx+QB9RlTTA== + +"@rollup/rollup-freebsd-x64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.59.0.tgz#9b5a26522a38a95dc06616d1939d4d9a76937803" + integrity sha512-d3DuZi2KzTMjImrxoHIAODUZYoUUMsuUiY4SRRcJy6NJoZ6iIqWnJu9IScV9jXysyGMVuW+KNzZvBLOcpdl3Vg== + +"@rollup/rollup-linux-arm-gnueabihf@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.59.0.tgz#86aa4859385a8734235b5e40a48e52d770758c3a" + integrity sha512-t4ONHboXi/3E0rT6OZl1pKbl2Vgxf9vJfWgmUoCEVQVxhW6Cw/c8I6hbbu7DAvgp82RKiH7TpLwxnJeKv2pbsw== + +"@rollup/rollup-linux-arm-musleabihf@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.59.0.tgz#cbe70e56e6ece8dac83eb773b624fc9e5a460976" + integrity sha512-CikFT7aYPA2ufMD086cVORBYGHffBo4K8MQ4uPS/ZnY54GKj36i196u8U+aDVT2LX4eSMbyHtyOh7D7Zvk2VvA== + +"@rollup/rollup-linux-arm64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.59.0.tgz#d14992a2e653bc3263d284bc6579b7a2890e1c45" + integrity sha512-jYgUGk5aLd1nUb1CtQ8E+t5JhLc9x5WdBKew9ZgAXg7DBk0ZHErLHdXM24rfX+bKrFe+Xp5YuJo54I5HFjGDAA== + +"@rollup/rollup-linux-arm64-musl@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.59.0.tgz#2fdd1ddc434ea90aeaa0851d2044789b4d07f6da" + integrity sha512-peZRVEdnFWZ5Bh2KeumKG9ty7aCXzzEsHShOZEFiCQlDEepP1dpUl/SrUNXNg13UmZl+gzVDPsiCwnV1uI0RUA== + +"@rollup/rollup-linux-loong64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.59.0.tgz#8a181e6f89f969f21666a743cd411416c80099e7" + integrity sha512-gbUSW/97f7+r4gHy3Jlup8zDG190AuodsWnNiXErp9mT90iCy9NKKU0Xwx5k8VlRAIV2uU9CsMnEFg/xXaOfXg== + +"@rollup/rollup-linux-loong64-musl@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.59.0.tgz#904125af2babc395f8061daa27b5af1f4e3f2f78" + integrity sha512-yTRONe79E+o0FWFijasoTjtzG9EBedFXJMl888NBEDCDV9I2wGbFFfJQQe63OijbFCUZqxpHz1GzpbtSFikJ4Q== + +"@rollup/rollup-linux-ppc64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.59.0.tgz#a57970ac6864c9a3447411a658224bdcf948be22" + integrity sha512-sw1o3tfyk12k3OEpRddF68a1unZ5VCN7zoTNtSn2KndUE+ea3m3ROOKRCZxEpmT9nsGnogpFP9x6mnLTCaoLkA== + +"@rollup/rollup-linux-ppc64-musl@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.59.0.tgz#bb84de5b26870567a4267666e08891e80bb56a63" + integrity sha512-+2kLtQ4xT3AiIxkzFVFXfsmlZiG5FXYW7ZyIIvGA7Bdeuh9Z0aN4hVyXS/G1E9bTP/vqszNIN/pUKCk/BTHsKA== + +"@rollup/rollup-linux-riscv64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.59.0.tgz#72d00d2c7fb375ce3564e759db33f17a35bffab9" + integrity sha512-NDYMpsXYJJaj+I7UdwIuHHNxXZ/b/N2hR15NyH3m2qAtb/hHPA4g4SuuvrdxetTdndfj9b1WOmy73kcPRoERUg== + +"@rollup/rollup-linux-riscv64-musl@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.59.0.tgz#4c166ef58e718f9245bd31873384ba15a5c1a883" + integrity sha512-nLckB8WOqHIf1bhymk+oHxvM9D3tyPndZH8i8+35p/1YiVoVswPid2yLzgX7ZJP0KQvnkhM4H6QZ5m0LzbyIAg== + +"@rollup/rollup-linux-s390x-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.59.0.tgz#bb5025cde9a61db478c2ca7215808ad3bce73a09" + integrity sha512-oF87Ie3uAIvORFBpwnCvUzdeYUqi2wY6jRFWJAy1qus/udHFYIkplYRW+wo+GRUP4sKzYdmE1Y3+rY5Gc4ZO+w== + +"@rollup/rollup-linux-x64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.59.0.tgz#9b66b1f9cd95c6624c788f021c756269ffed1552" + integrity sha512-3AHmtQq/ppNuUspKAlvA8HtLybkDflkMuLK4DPo77DfthRb71V84/c4MlWJXixZz4uruIH4uaa07IqoAkG64fg== + +"@rollup/rollup-linux-x64-gnu@^4.32.1": version "4.40.2" resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.40.2.tgz#90993269b8b995b4067b7b9d72ff1c360ef90a17" integrity sha512-lG7Xa+BmBNwpjmVUbmyKxdQJ3Q6whHjMjzQplOs5Z+Gj7mxPtWakGHqzMqNER68G67kmCX9qX57aRsW5V0VOng== -"@rollup/rollup-linux-x64-musl@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.40.2.tgz#fdf5b09fd121eb8d977ebb0fda142c7c0167b8de" - integrity sha512-tD46wKHd+KJvsmije4bUskNuvWKFcTOIM9tZ/RrmIvcXnbi0YK/cKS9FzFtAm7Oxi2EhV5N2OpfFB348vSQRXA== - -"@rollup/rollup-win32-arm64-msvc@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.40.2.tgz#6397e1e012db64dfecfed0774cb9fcf89503d716" - integrity sha512-Bjv/HG8RRWLNkXwQQemdsWw4Mg+IJ29LK+bJPW2SCzPKOUaMmPEppQlu/Fqk1d7+DX3V7JbFdbkh/NMmurT6Pg== - -"@rollup/rollup-win32-ia32-msvc@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.40.2.tgz#df0991464a52a35506103fe18d29913bf8798a0c" - integrity sha512-dt1llVSGEsGKvzeIO76HToiYPNPYPkmjhMHhP00T9S4rDern8P2ZWvWAQUEJ+R1UdMWJ/42i/QqJ2WV765GZcA== - -"@rollup/rollup-win32-x64-msvc@4.40.2": - version "4.40.2" - resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.40.2.tgz#8dae04d01a2cbd84d6297d99356674c6b993f0fc" - integrity sha512-bwspbWB04XJpeElvsp+DCylKfF4trJDa2Y9Go8O6A7YLX2LIKGcNK/CYImJN6ZP4DcuOHB4Utl3iCbnR62DudA== +"@rollup/rollup-linux-x64-musl@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.59.0.tgz#b007ca255dc7166017d57d7d2451963f0bd23fd9" + integrity sha512-2UdiwS/9cTAx7qIUZB/fWtToJwvt0Vbo0zmnYt7ED35KPg13Q0ym1g442THLC7VyI6JfYTP4PiSOWyoMdV2/xg== + +"@rollup/rollup-openbsd-x64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.59.0.tgz#e8b357b2d1aa2c8d76a98f5f0d889eabe93f4ef9" + integrity sha512-M3bLRAVk6GOwFlPTIxVBSYKUaqfLrn8l0psKinkCFxl4lQvOSz8ZrKDz2gxcBwHFpci0B6rttydI4IpS4IS/jQ== + +"@rollup/rollup-openharmony-arm64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.59.0.tgz#96c2e3f4aacd3d921981329831ff8dde492204dc" + integrity sha512-tt9KBJqaqp5i5HUZzoafHZX8b5Q2Fe7UjYERADll83O4fGqJ49O1FsL6LpdzVFQcpwvnyd0i+K/VSwu/o/nWlA== + +"@rollup/rollup-win32-arm64-msvc@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.59.0.tgz#2d865149d706d938df8b4b8f117e69a77646d581" + integrity sha512-V5B6mG7OrGTwnxaNUzZTDTjDS7F75PO1ae6MJYdiMu60sq0CqN5CVeVsbhPxalupvTX8gXVSU9gq+Rx1/hvu6A== + +"@rollup/rollup-win32-ia32-msvc@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.59.0.tgz#abe1593be0fa92325e9971c8da429c5e05b92c36" + integrity sha512-UKFMHPuM9R0iBegwzKF4y0C4J9u8C6MEJgFuXTBerMk7EJ92GFVFYBfOZaSGLu6COf7FxpQNqhNS4c4icUPqxA== + +"@rollup/rollup-win32-x64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.59.0.tgz#c4af3e9518c9a5cd4b1c163dc81d0ad4d82e7eab" + integrity sha512-laBkYlSS1n2L8fSo1thDNGrCTQMmxjYY5G0WFWjFFYZkKPjsMBsgJfGf4TLxXrF6RyhI60L8TMOjBMvXiTcxeA== + +"@rollup/rollup-win32-x64-msvc@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.59.0.tgz#4584a8a87b29188a4c1fe987a9fcf701e256d86c" + integrity sha512-2HRCml6OztYXyJXAvdDXPKcawukWY2GpR5/nxKp4iBgiO3wcoEGkAaqctIbZcNB6KlUQBIqt8VYkNSj2397EfA== "@tailwindcss/node@4.1.6": version "4.1.6" @@ -1281,10 +1316,10 @@ resolved "https://registry.yarnpkg.com/@types/d3-hierarchy/-/d3-hierarchy-1.1.11.tgz#c3bd70d025621f73cb3319e97e08ae4c9051c791" integrity sha512-lnQiU7jV+Gyk9oQYk0GGYccuexmQPTp08E0+4BidgFdiJivjEvf+esPSdZqCZ2C7UwTWejWpqetVaU8A+eX3FA== -"@types/estree@1.0.7": - version "1.0.7" - resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.7.tgz#4158d3105276773d5b7695cd4834b1722e4f37a8" - integrity sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ== +"@types/estree@1.0.8": + version "1.0.8" + resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.8.tgz#958b91c991b1867ced318bedea0e215ee050726e" + integrity sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w== "@types/hast@^2.0.0": version "2.3.10" @@ -3098,32 +3133,37 @@ retry@^0.12.0: integrity sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow== rollup@^4.34.9: - version "4.40.2" - resolved "https://registry.yarnpkg.com/rollup/-/rollup-4.40.2.tgz#778e88b7a197542682b3e318581f7697f55f0619" - integrity sha512-tfUOg6DTP4rhQ3VjOO6B4wyrJnGOX85requAXvqYTHsOgb2TFJdZ3aWpT8W2kPoypSGP7dZUyzxJ9ee4buM5Fg== + version "4.59.0" + resolved "https://registry.yarnpkg.com/rollup/-/rollup-4.59.0.tgz#cf74edac17c1486f562d728a4d923a694abdf06f" + integrity sha512-2oMpl67a3zCH9H79LeMcbDhXW/UmWG/y2zuqnF2jQq5uq9TbM9TVyXvA4+t+ne2IIkBdrLpAaRQAvo7YI/Yyeg== dependencies: - "@types/estree" "1.0.7" + "@types/estree" "1.0.8" optionalDependencies: - "@rollup/rollup-android-arm-eabi" "4.40.2" - "@rollup/rollup-android-arm64" "4.40.2" - "@rollup/rollup-darwin-arm64" "4.40.2" - "@rollup/rollup-darwin-x64" "4.40.2" - "@rollup/rollup-freebsd-arm64" "4.40.2" - "@rollup/rollup-freebsd-x64" "4.40.2" - "@rollup/rollup-linux-arm-gnueabihf" "4.40.2" - "@rollup/rollup-linux-arm-musleabihf" "4.40.2" - "@rollup/rollup-linux-arm64-gnu" "4.40.2" - "@rollup/rollup-linux-arm64-musl" "4.40.2" - "@rollup/rollup-linux-loongarch64-gnu" "4.40.2" - "@rollup/rollup-linux-powerpc64le-gnu" "4.40.2" - "@rollup/rollup-linux-riscv64-gnu" "4.40.2" - "@rollup/rollup-linux-riscv64-musl" "4.40.2" - "@rollup/rollup-linux-s390x-gnu" "4.40.2" - "@rollup/rollup-linux-x64-gnu" "4.40.2" - "@rollup/rollup-linux-x64-musl" "4.40.2" - "@rollup/rollup-win32-arm64-msvc" "4.40.2" - "@rollup/rollup-win32-ia32-msvc" "4.40.2" - "@rollup/rollup-win32-x64-msvc" "4.40.2" + "@rollup/rollup-android-arm-eabi" "4.59.0" + "@rollup/rollup-android-arm64" "4.59.0" + "@rollup/rollup-darwin-arm64" "4.59.0" + "@rollup/rollup-darwin-x64" "4.59.0" + "@rollup/rollup-freebsd-arm64" "4.59.0" + "@rollup/rollup-freebsd-x64" "4.59.0" + "@rollup/rollup-linux-arm-gnueabihf" "4.59.0" + "@rollup/rollup-linux-arm-musleabihf" "4.59.0" + "@rollup/rollup-linux-arm64-gnu" "4.59.0" + "@rollup/rollup-linux-arm64-musl" "4.59.0" + "@rollup/rollup-linux-loong64-gnu" "4.59.0" + "@rollup/rollup-linux-loong64-musl" "4.59.0" + "@rollup/rollup-linux-ppc64-gnu" "4.59.0" + "@rollup/rollup-linux-ppc64-musl" "4.59.0" + "@rollup/rollup-linux-riscv64-gnu" "4.59.0" + "@rollup/rollup-linux-riscv64-musl" "4.59.0" + "@rollup/rollup-linux-s390x-gnu" "4.59.0" + "@rollup/rollup-linux-x64-gnu" "4.59.0" + "@rollup/rollup-linux-x64-musl" "4.59.0" + "@rollup/rollup-openbsd-x64" "4.59.0" + "@rollup/rollup-openharmony-arm64" "4.59.0" + "@rollup/rollup-win32-arm64-msvc" "4.59.0" + "@rollup/rollup-win32-ia32-msvc" "4.59.0" + "@rollup/rollup-win32-x64-gnu" "4.59.0" + "@rollup/rollup-win32-x64-msvc" "4.59.0" fsevents "~2.3.2" safe-buffer@5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1: From edec9fa38b41fa8069d0014415211c0f9ac56584 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 20:32:10 +0000 Subject: [PATCH 20/28] chore(deps): bump rollup in /interop/authzen-todo-application (#441) Bumps [rollup](https://github.com/rollup/rollup) from 4.50.1 to 4.59.0. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.50.1...v4.59.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-todo-application/yarn.lock | 280 +++++++++++---------- 1 file changed, 152 insertions(+), 128 deletions(-) diff --git a/interop/authzen-todo-application/yarn.lock b/interop/authzen-todo-application/yarn.lock index 47892d7..29ede97 100644 --- a/interop/authzen-todo-application/yarn.lock +++ b/interop/authzen-todo-application/yarn.lock @@ -454,110 +454,130 @@ estree-walker "^2.0.2" picomatch "^4.0.2" -"@rollup/rollup-android-arm-eabi@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.50.1.tgz#7d41dc45adcfcb272504ebcea9c8a5b2c659e963" - integrity sha512-HJXwzoZN4eYTdD8bVV22DN8gsPCAj3V20NHKOs8ezfXanGpmVPR7kalUHd+Y31IJp9stdB87VKPFbsGY3H/2ag== - -"@rollup/rollup-android-arm64@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.50.1.tgz#6c708fae2c9755e994c42d56c34a94cb77020650" - integrity sha512-PZlsJVcjHfcH53mOImyt3bc97Ep3FJDXRpk9sMdGX0qgLmY0EIWxCag6EigerGhLVuL8lDVYNnSo8qnTElO4xw== - -"@rollup/rollup-darwin-arm64@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.50.1.tgz#85ccf92ab114e434c83037a175923a525635cbb4" - integrity sha512-xc6i2AuWh++oGi4ylOFPmzJOEeAa2lJeGUGb4MudOtgfyyjr4UPNK+eEWTPLvmPJIY/pgw6ssFIox23SyrkkJw== - -"@rollup/rollup-darwin-x64@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.50.1.tgz#0af089f3d658d05573208dabb3a392b44d7f4630" - integrity sha512-2ofU89lEpDYhdLAbRdeyz/kX3Y2lpYc6ShRnDjY35bZhd2ipuDMDi6ZTQ9NIag94K28nFMofdnKeHR7BT0CATw== - -"@rollup/rollup-freebsd-arm64@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.50.1.tgz#46c22a16d18180e99686647543335567221caa9c" - integrity sha512-wOsE6H2u6PxsHY/BeFHA4VGQN3KUJFZp7QJBmDYI983fgxq5Th8FDkVuERb2l9vDMs1D5XhOrhBrnqcEY6l8ZA== - -"@rollup/rollup-freebsd-x64@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.50.1.tgz#819ffef2f81891c266456952962a13110c8e28b5" - integrity sha512-A/xeqaHTlKbQggxCqispFAcNjycpUEHP52mwMQZUNqDUJFFYtPHCXS1VAG29uMlDzIVr+i00tSFWFLivMcoIBQ== - -"@rollup/rollup-linux-arm-gnueabihf@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.50.1.tgz#7fe283c14793e607e653a3214b09f8973f08262a" - integrity sha512-54v4okehwl5TaSIkpp97rAHGp7t3ghinRd/vyC1iXqXMfjYUTm7TfYmCzXDoHUPTTf36L8pr0E7YsD3CfB3ZDg== - -"@rollup/rollup-linux-arm-musleabihf@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.50.1.tgz#066e92eb22ea30560414ec800a6d119ba0b435ac" - integrity sha512-p/LaFyajPN/0PUHjv8TNyxLiA7RwmDoVY3flXHPSzqrGcIp/c2FjwPPP5++u87DGHtw+5kSH5bCJz0mvXngYxw== - -"@rollup/rollup-linux-arm64-gnu@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.50.1.tgz#480d518ea99a8d97b2a174c46cd55164f138cc37" - integrity sha512-2AbMhFFkTo6Ptna1zO7kAXXDLi7H9fGTbVaIq2AAYO7yzcAsuTNWPHhb2aTA6GPiP+JXh85Y8CiS54iZoj4opw== - -"@rollup/rollup-linux-arm64-musl@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.50.1.tgz#ed7db3b8999b60dd20009ddf71c95f3af49423c8" - integrity sha512-Cgef+5aZwuvesQNw9eX7g19FfKX5/pQRIyhoXLCiBOrWopjo7ycfB292TX9MDcDijiuIJlx1IzJz3IoCPfqs9w== - -"@rollup/rollup-linux-loongarch64-gnu@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-loongarch64-gnu/-/rollup-linux-loongarch64-gnu-4.50.1.tgz#16a6927a35f5dbc505ff874a4e1459610c0c6f46" - integrity sha512-RPhTwWMzpYYrHrJAS7CmpdtHNKtt2Ueo+BlLBjfZEhYBhK00OsEqM08/7f+eohiF6poe0YRDDd8nAvwtE/Y62Q== - -"@rollup/rollup-linux-ppc64-gnu@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.50.1.tgz#a006700469be0041846c45b494c35754e6a04eea" - integrity sha512-eSGMVQw9iekut62O7eBdbiccRguuDgiPMsw++BVUg+1K7WjZXHOg/YOT9SWMzPZA+w98G+Fa1VqJgHZOHHnY0Q== - -"@rollup/rollup-linux-riscv64-gnu@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.50.1.tgz#0fcc45b2ec8a0e54218ca48849ea6d596f53649c" - integrity sha512-S208ojx8a4ciIPrLgazF6AgdcNJzQE4+S9rsmOmDJkusvctii+ZvEuIC4v/xFqzbuP8yDjn73oBlNDgF6YGSXQ== - -"@rollup/rollup-linux-riscv64-musl@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.50.1.tgz#d6e617eec9fe6f5859ee13fad435a16c42b469f2" - integrity sha512-3Ag8Ls1ggqkGUvSZWYcdgFwriy2lWo+0QlYgEFra/5JGtAd6C5Hw59oojx1DeqcA2Wds2ayRgvJ4qxVTzCHgzg== - -"@rollup/rollup-linux-s390x-gnu@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.50.1.tgz#b147760d63c6f35b4b18e6a25a2a760dd3ea0c05" - integrity sha512-t9YrKfaxCYe7l7ldFERE1BRg/4TATxIg+YieHQ966jwvo7ddHJxPj9cNFWLAzhkVsbBvNA4qTbPVNsZKBO4NSg== - -"@rollup/rollup-linux-x64-gnu@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.50.1.tgz#fc0be1da374f85e7e85dccaf1ff12d7cfc9fbe3d" - integrity sha512-MCgtFB2+SVNuQmmjHf+wfI4CMxy3Tk8XjA5Z//A0AKD7QXUYFMQcns91K6dEHBvZPCnhJSyDWLApk40Iq/H3tA== - -"@rollup/rollup-linux-x64-musl@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.50.1.tgz#54c79932e0f9a3c992b034c82325be3bcde0d067" - integrity sha512-nEvqG+0jeRmqaUMuwzlfMKwcIVffy/9KGbAGyoa26iu6eSngAYQ512bMXuqqPrlTyfqdlB9FVINs93j534UJrg== - -"@rollup/rollup-openharmony-arm64@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.50.1.tgz#fc48e74d413623ac02c1d521bec3e5e784488fdc" - integrity sha512-RDsLm+phmT3MJd9SNxA9MNuEAO/J2fhW8GXk62G/B4G7sLVumNFbRwDL6v5NrESb48k+QMqdGbHgEtfU0LCpbA== - -"@rollup/rollup-win32-arm64-msvc@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.50.1.tgz#8ce3d1181644406362cf1e62c90e88ab083e02bb" - integrity sha512-hpZB/TImk2FlAFAIsoElM3tLzq57uxnGYwplg6WDyAxbYczSi8O2eQ+H2Lx74504rwKtZ3N2g4bCUkiamzS6TQ== - -"@rollup/rollup-win32-ia32-msvc@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.50.1.tgz#dd2dfc896eac4b2689d55f01c6d51c249263f805" - integrity sha512-SXjv8JlbzKM0fTJidX4eVsH+Wmnp0/WcD8gJxIZyR6Gay5Qcsmdbi9zVtnbkGPG8v2vMR1AD06lGWy5FLMcG7A== - -"@rollup/rollup-win32-x64-msvc@4.50.1": - version "4.50.1" - resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.50.1.tgz#13f758c97b9fbbac56b6928547a3ff384e7cfb3e" - integrity sha512-StxAO/8ts62KZVRAm4JZYq9+NqNsV7RvimNK+YM7ry//zebEH6meuugqW/P5OFUCjyQgui+9fUxT6d5NShvMvA== +"@rollup/rollup-android-arm-eabi@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.59.0.tgz#a6742c74c7d9d6d604ef8a48f99326b4ecda3d82" + integrity sha512-upnNBkA6ZH2VKGcBj9Fyl9IGNPULcjXRlg0LLeaioQWueH30p6IXtJEbKAgvyv+mJaMxSm1l6xwDXYjpEMiLMg== + +"@rollup/rollup-android-arm64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.59.0.tgz#97247be098de4df0c11971089fd2edf80a5da8cf" + integrity sha512-hZ+Zxj3SySm4A/DylsDKZAeVg0mvi++0PYVceVyX7hemkw7OreKdCvW2oQ3T1FMZvCaQXqOTHb8qmBShoqk69Q== + +"@rollup/rollup-darwin-arm64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.59.0.tgz#674852cf14cf11b8056e0b1a2f4e872b523576cf" + integrity sha512-W2Psnbh1J8ZJw0xKAd8zdNgF9HRLkdWwwdWqubSVk0pUuQkoHnv7rx4GiF9rT4t5DIZGAsConRE3AxCdJ4m8rg== + +"@rollup/rollup-darwin-x64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.59.0.tgz#36dfd7ed0aaf4d9d89d9ef983af72632455b0246" + integrity sha512-ZW2KkwlS4lwTv7ZVsYDiARfFCnSGhzYPdiOU4IM2fDbL+QGlyAbjgSFuqNRbSthybLbIJ915UtZBtmuLrQAT/w== + +"@rollup/rollup-freebsd-arm64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.59.0.tgz#2f87c2074b4220260fdb52a9996246edfc633c22" + integrity sha512-EsKaJ5ytAu9jI3lonzn3BgG8iRBjV4LxZexygcQbpiU0wU0ATxhNVEpXKfUa0pS05gTcSDMKpn3Sx+QB9RlTTA== + +"@rollup/rollup-freebsd-x64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.59.0.tgz#9b5a26522a38a95dc06616d1939d4d9a76937803" + integrity sha512-d3DuZi2KzTMjImrxoHIAODUZYoUUMsuUiY4SRRcJy6NJoZ6iIqWnJu9IScV9jXysyGMVuW+KNzZvBLOcpdl3Vg== + +"@rollup/rollup-linux-arm-gnueabihf@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.59.0.tgz#86aa4859385a8734235b5e40a48e52d770758c3a" + integrity sha512-t4ONHboXi/3E0rT6OZl1pKbl2Vgxf9vJfWgmUoCEVQVxhW6Cw/c8I6hbbu7DAvgp82RKiH7TpLwxnJeKv2pbsw== + +"@rollup/rollup-linux-arm-musleabihf@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.59.0.tgz#cbe70e56e6ece8dac83eb773b624fc9e5a460976" + integrity sha512-CikFT7aYPA2ufMD086cVORBYGHffBo4K8MQ4uPS/ZnY54GKj36i196u8U+aDVT2LX4eSMbyHtyOh7D7Zvk2VvA== + +"@rollup/rollup-linux-arm64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.59.0.tgz#d14992a2e653bc3263d284bc6579b7a2890e1c45" + integrity sha512-jYgUGk5aLd1nUb1CtQ8E+t5JhLc9x5WdBKew9ZgAXg7DBk0ZHErLHdXM24rfX+bKrFe+Xp5YuJo54I5HFjGDAA== + +"@rollup/rollup-linux-arm64-musl@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.59.0.tgz#2fdd1ddc434ea90aeaa0851d2044789b4d07f6da" + integrity sha512-peZRVEdnFWZ5Bh2KeumKG9ty7aCXzzEsHShOZEFiCQlDEepP1dpUl/SrUNXNg13UmZl+gzVDPsiCwnV1uI0RUA== + +"@rollup/rollup-linux-loong64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.59.0.tgz#8a181e6f89f969f21666a743cd411416c80099e7" + integrity sha512-gbUSW/97f7+r4gHy3Jlup8zDG190AuodsWnNiXErp9mT90iCy9NKKU0Xwx5k8VlRAIV2uU9CsMnEFg/xXaOfXg== + +"@rollup/rollup-linux-loong64-musl@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.59.0.tgz#904125af2babc395f8061daa27b5af1f4e3f2f78" + integrity sha512-yTRONe79E+o0FWFijasoTjtzG9EBedFXJMl888NBEDCDV9I2wGbFFfJQQe63OijbFCUZqxpHz1GzpbtSFikJ4Q== + +"@rollup/rollup-linux-ppc64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.59.0.tgz#a57970ac6864c9a3447411a658224bdcf948be22" + integrity sha512-sw1o3tfyk12k3OEpRddF68a1unZ5VCN7zoTNtSn2KndUE+ea3m3ROOKRCZxEpmT9nsGnogpFP9x6mnLTCaoLkA== + +"@rollup/rollup-linux-ppc64-musl@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.59.0.tgz#bb84de5b26870567a4267666e08891e80bb56a63" + integrity sha512-+2kLtQ4xT3AiIxkzFVFXfsmlZiG5FXYW7ZyIIvGA7Bdeuh9Z0aN4hVyXS/G1E9bTP/vqszNIN/pUKCk/BTHsKA== + +"@rollup/rollup-linux-riscv64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.59.0.tgz#72d00d2c7fb375ce3564e759db33f17a35bffab9" + integrity sha512-NDYMpsXYJJaj+I7UdwIuHHNxXZ/b/N2hR15NyH3m2qAtb/hHPA4g4SuuvrdxetTdndfj9b1WOmy73kcPRoERUg== + +"@rollup/rollup-linux-riscv64-musl@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.59.0.tgz#4c166ef58e718f9245bd31873384ba15a5c1a883" + integrity sha512-nLckB8WOqHIf1bhymk+oHxvM9D3tyPndZH8i8+35p/1YiVoVswPid2yLzgX7ZJP0KQvnkhM4H6QZ5m0LzbyIAg== + +"@rollup/rollup-linux-s390x-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.59.0.tgz#bb5025cde9a61db478c2ca7215808ad3bce73a09" + integrity sha512-oF87Ie3uAIvORFBpwnCvUzdeYUqi2wY6jRFWJAy1qus/udHFYIkplYRW+wo+GRUP4sKzYdmE1Y3+rY5Gc4ZO+w== + +"@rollup/rollup-linux-x64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.59.0.tgz#9b66b1f9cd95c6624c788f021c756269ffed1552" + integrity sha512-3AHmtQq/ppNuUspKAlvA8HtLybkDflkMuLK4DPo77DfthRb71V84/c4MlWJXixZz4uruIH4uaa07IqoAkG64fg== + +"@rollup/rollup-linux-x64-musl@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.59.0.tgz#b007ca255dc7166017d57d7d2451963f0bd23fd9" + integrity sha512-2UdiwS/9cTAx7qIUZB/fWtToJwvt0Vbo0zmnYt7ED35KPg13Q0ym1g442THLC7VyI6JfYTP4PiSOWyoMdV2/xg== + +"@rollup/rollup-openbsd-x64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.59.0.tgz#e8b357b2d1aa2c8d76a98f5f0d889eabe93f4ef9" + integrity sha512-M3bLRAVk6GOwFlPTIxVBSYKUaqfLrn8l0psKinkCFxl4lQvOSz8ZrKDz2gxcBwHFpci0B6rttydI4IpS4IS/jQ== + +"@rollup/rollup-openharmony-arm64@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.59.0.tgz#96c2e3f4aacd3d921981329831ff8dde492204dc" + integrity sha512-tt9KBJqaqp5i5HUZzoafHZX8b5Q2Fe7UjYERADll83O4fGqJ49O1FsL6LpdzVFQcpwvnyd0i+K/VSwu/o/nWlA== + +"@rollup/rollup-win32-arm64-msvc@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.59.0.tgz#2d865149d706d938df8b4b8f117e69a77646d581" + integrity sha512-V5B6mG7OrGTwnxaNUzZTDTjDS7F75PO1ae6MJYdiMu60sq0CqN5CVeVsbhPxalupvTX8gXVSU9gq+Rx1/hvu6A== + +"@rollup/rollup-win32-ia32-msvc@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.59.0.tgz#abe1593be0fa92325e9971c8da429c5e05b92c36" + integrity sha512-UKFMHPuM9R0iBegwzKF4y0C4J9u8C6MEJgFuXTBerMk7EJ92GFVFYBfOZaSGLu6COf7FxpQNqhNS4c4icUPqxA== + +"@rollup/rollup-win32-x64-gnu@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.59.0.tgz#c4af3e9518c9a5cd4b1c163dc81d0ad4d82e7eab" + integrity sha512-laBkYlSS1n2L8fSo1thDNGrCTQMmxjYY5G0WFWjFFYZkKPjsMBsgJfGf4TLxXrF6RyhI60L8TMOjBMvXiTcxeA== + +"@rollup/rollup-win32-x64-msvc@4.59.0": + version "4.59.0" + resolved "https://registry.yarnpkg.com/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.59.0.tgz#4584a8a87b29188a4c1fe987a9fcf701e256d86c" + integrity sha512-2HRCml6OztYXyJXAvdDXPKcawukWY2GpR5/nxKp4iBgiO3wcoEGkAaqctIbZcNB6KlUQBIqt8VYkNSj2397EfA== "@svgr/babel-plugin-add-jsx-attribute@8.0.0": version "8.0.0" @@ -1312,33 +1332,37 @@ resolve@^1.19.0: supports-preserve-symlinks-flag "^1.0.0" rollup@^4.34.9: - version "4.50.1" - resolved "https://registry.yarnpkg.com/rollup/-/rollup-4.50.1.tgz#6f0717c34aacc65cc727eeaaaccc2afc4e4485fd" - integrity sha512-78E9voJHwnXQMiQdiqswVLZwJIzdBKJ1GdI5Zx6XwoFKUIk09/sSrr+05QFzvYb8q6Y9pPV45zzDuYa3907TZA== + version "4.59.0" + resolved "https://registry.yarnpkg.com/rollup/-/rollup-4.59.0.tgz#cf74edac17c1486f562d728a4d923a694abdf06f" + integrity sha512-2oMpl67a3zCH9H79LeMcbDhXW/UmWG/y2zuqnF2jQq5uq9TbM9TVyXvA4+t+ne2IIkBdrLpAaRQAvo7YI/Yyeg== dependencies: "@types/estree" "1.0.8" optionalDependencies: - "@rollup/rollup-android-arm-eabi" "4.50.1" - "@rollup/rollup-android-arm64" "4.50.1" - "@rollup/rollup-darwin-arm64" "4.50.1" - "@rollup/rollup-darwin-x64" "4.50.1" - "@rollup/rollup-freebsd-arm64" "4.50.1" - "@rollup/rollup-freebsd-x64" "4.50.1" - "@rollup/rollup-linux-arm-gnueabihf" "4.50.1" - "@rollup/rollup-linux-arm-musleabihf" "4.50.1" - "@rollup/rollup-linux-arm64-gnu" "4.50.1" - "@rollup/rollup-linux-arm64-musl" "4.50.1" - "@rollup/rollup-linux-loongarch64-gnu" "4.50.1" - "@rollup/rollup-linux-ppc64-gnu" "4.50.1" - "@rollup/rollup-linux-riscv64-gnu" "4.50.1" - "@rollup/rollup-linux-riscv64-musl" "4.50.1" - "@rollup/rollup-linux-s390x-gnu" "4.50.1" - "@rollup/rollup-linux-x64-gnu" "4.50.1" - "@rollup/rollup-linux-x64-musl" "4.50.1" - "@rollup/rollup-openharmony-arm64" "4.50.1" - "@rollup/rollup-win32-arm64-msvc" "4.50.1" - "@rollup/rollup-win32-ia32-msvc" "4.50.1" - "@rollup/rollup-win32-x64-msvc" "4.50.1" + "@rollup/rollup-android-arm-eabi" "4.59.0" + "@rollup/rollup-android-arm64" "4.59.0" + "@rollup/rollup-darwin-arm64" "4.59.0" + "@rollup/rollup-darwin-x64" "4.59.0" + "@rollup/rollup-freebsd-arm64" "4.59.0" + "@rollup/rollup-freebsd-x64" "4.59.0" + "@rollup/rollup-linux-arm-gnueabihf" "4.59.0" + "@rollup/rollup-linux-arm-musleabihf" "4.59.0" + "@rollup/rollup-linux-arm64-gnu" "4.59.0" + "@rollup/rollup-linux-arm64-musl" "4.59.0" + "@rollup/rollup-linux-loong64-gnu" "4.59.0" + "@rollup/rollup-linux-loong64-musl" "4.59.0" + "@rollup/rollup-linux-ppc64-gnu" "4.59.0" + "@rollup/rollup-linux-ppc64-musl" "4.59.0" + "@rollup/rollup-linux-riscv64-gnu" "4.59.0" + "@rollup/rollup-linux-riscv64-musl" "4.59.0" + "@rollup/rollup-linux-s390x-gnu" "4.59.0" + "@rollup/rollup-linux-x64-gnu" "4.59.0" + "@rollup/rollup-linux-x64-musl" "4.59.0" + "@rollup/rollup-openbsd-x64" "4.59.0" + "@rollup/rollup-openharmony-arm64" "4.59.0" + "@rollup/rollup-win32-arm64-msvc" "4.59.0" + "@rollup/rollup-win32-ia32-msvc" "4.59.0" + "@rollup/rollup-win32-x64-gnu" "4.59.0" + "@rollup/rollup-win32-x64-msvc" "4.59.0" fsevents "~2.3.2" safe-buffer@^5.1.0: From 623ceeb8734a41a6ca7409b82845077af13886cd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 20:32:19 +0000 Subject: [PATCH 21/28] chore(deps): bump minimatch (#442) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-api-gateways/test-harness/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-api-gateways/test-harness/yarn.lock b/interop/authzen-api-gateways/test-harness/yarn.lock index c443094..335f715 100644 --- a/interop/authzen-api-gateways/test-harness/yarn.lock +++ b/interop/authzen-api-gateways/test-harness/yarn.lock @@ -867,9 +867,9 @@ micromatch@^4.0.8: picomatch "^2.3.1" minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2: - version "3.1.2" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" - integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== + version "3.1.5" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.5.tgz#580c88f8d5445f2bd6aa8f3cadefa0de79fbd69e" + integrity sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w== dependencies: brace-expansion "^1.1.7" From 30d91f61a92841759a79f262548b6fea1f489363 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 20:54:26 +0000 Subject: [PATCH 22/28] chore(deps): bump svgo in /interop/authzen-interop-website (#444) Bumps [svgo](https://github.com/svg/svgo) from 2.8.0 to 2.8.2. - [Release notes](https://github.com/svg/svgo/releases) - [Commits](https://github.com/svg/svgo/compare/v2.8.0...v2.8.2) --- updated-dependencies: - dependency-name: svgo dependency-version: 2.8.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-interop-website/yarn.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/interop/authzen-interop-website/yarn.lock b/interop/authzen-interop-website/yarn.lock index 0153eed..3bc5c66 100644 --- a/interop/authzen-interop-website/yarn.lock +++ b/interop/authzen-interop-website/yarn.lock @@ -2005,11 +2005,6 @@ dependencies: defer-to-connect "^2.0.1" -"@trysound/sax@0.2.0": - version "0.2.0" - resolved "https://registry.yarnpkg.com/@trysound/sax/-/sax-0.2.0.tgz#cccaab758af56761eb7bf37af6f03f326dd798ad" - integrity sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA== - "@types/acorn@^4.0.0": version "4.0.6" resolved "https://registry.yarnpkg.com/@types/acorn/-/acorn-4.0.6.tgz#d61ca5480300ac41a7d973dd5b84d0a591154a22" @@ -7391,6 +7386,11 @@ sax@^1.2.4: resolved "https://registry.yarnpkg.com/sax/-/sax-1.3.0.tgz#a5dbe77db3be05c9d1ee7785dbd3ea9de51593d0" integrity sha512-0s+oAmw9zLl1V1cS9BtZN7JAd0cW5e0QH4W3LWEK6a4LaLEA2OTpGYWDY+6XasBLtz6wkm3u1xRw95mRuJ59WA== +sax@^1.5.0: + version "1.5.0" + resolved "https://registry.yarnpkg.com/sax/-/sax-1.5.0.tgz#b5549b671069b7aa392df55ec7574cf411179eb8" + integrity sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA== + scheduler@^0.23.0: version "0.23.0" resolved "https://registry.yarnpkg.com/scheduler/-/scheduler-0.23.0.tgz#ba8041afc3d30eb206a487b6b384002e4e61fdfe" @@ -7887,16 +7887,16 @@ svg-parser@^2.0.4: integrity sha512-e4hG1hRwoOdRb37cIMSgzNsxyzKfayW6VOflrwvR+/bzrkyxY/31WkbgnQpgtrNp1SdpJvpUAGTa/ZoiPNDuRQ== svgo@^2.7.0, svgo@^2.8.0: - version "2.8.0" - resolved "https://registry.yarnpkg.com/svgo/-/svgo-2.8.0.tgz#4ff80cce6710dc2795f0c7c74101e6764cfccd24" - integrity sha512-+N/Q9kV1+F+UeWYoSiULYo4xYSDQlTgb+ayMobAXPwMnLvop7oxKMo9OzIrX5x3eS4L4f2UHhc9axXwY8DpChg== + version "2.8.2" + resolved "https://registry.yarnpkg.com/svgo/-/svgo-2.8.2.tgz#8e99b7ba5ac9ed7e3a446063865f61e03223fe6b" + integrity sha512-TyzE4NVGLUFy+H/Uy4N6c3G0HEeprsVfge6Lmq+0FdQQ/zqoVYB62IsBZORsiL+o96s6ff/V6/3UQo/C0cgCAA== dependencies: - "@trysound/sax" "0.2.0" commander "^7.2.0" css-select "^4.1.3" css-tree "^1.1.3" csso "^4.2.0" picocolors "^1.0.0" + sax "^1.5.0" stable "^0.1.8" tapable@^1.0.0: From 9250ad1f398f26b9829f8a2a0951a55a2e027b6f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 20:54:35 +0000 Subject: [PATCH 23/28] chore(deps): bump minimatch in /interop/authzen-idp/test-harness (#443) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-idp/test-harness/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-idp/test-harness/yarn.lock b/interop/authzen-idp/test-harness/yarn.lock index 7b76d56..88da4f6 100644 --- a/interop/authzen-idp/test-harness/yarn.lock +++ b/interop/authzen-idp/test-harness/yarn.lock @@ -867,9 +867,9 @@ micromatch@^4.0.8: picomatch "^2.3.1" minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2: - version "3.1.2" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" - integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== + version "3.1.5" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.5.tgz#580c88f8d5445f2bd6aa8f3cadefa0de79fbd69e" + integrity sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w== dependencies: brace-expansion "^1.1.7" From b67d6393cf5fee201149647a4ed337d624b8daf2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 19:48:28 +0000 Subject: [PATCH 24/28] chore(deps): bump simple-git (#447) Bumps [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) from 3.27.0 to 3.33.0. - [Release notes](https://github.com/steveukx/git-js/releases) - [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md) - [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.33.0/simple-git) --- updated-dependencies: - dependency-name: simple-git dependency-version: 3.33.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .../authzen-api-gateways/zuplo-gateway/yarn.lock | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock index fd1d743..3bc8e71 100644 --- a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock +++ b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock @@ -1542,6 +1542,13 @@ debug@^4.1.1, debug@^4.3.5: dependencies: ms "^2.1.3" +debug@^4.4.0: + version "4.4.3" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.4.3.tgz#c6ae432d9bd9662582fce08709b038c58e9e3d6a" + integrity sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA== + dependencies: + ms "^2.1.3" + default-browser-id@^5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/default-browser-id/-/default-browser-id-5.0.0.tgz#a1d98bf960c15082d8a3fa69e83150ccccc3af26" @@ -2883,13 +2890,13 @@ signal-exit@^4.0.1, signal-exit@^4.1.0: integrity sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw== simple-git@^3.22.0: - version "3.27.0" - resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.27.0.tgz#f4b09e807bda56a4a3968f635c0e4888d3decbd5" - integrity sha512-ivHoFS9Yi9GY49ogc6/YAi3Fl9ROnF4VyubNylgCkA+RVqLaKWnDSzXOVzya8csELIaWaYNutsEuAhZrtOjozA== + version "3.33.0" + resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.33.0.tgz#b903dc70f5b93535a4f64ff39172da43058cfb88" + integrity sha512-D4V/tGC2sjsoNhoMybKyGoE+v8A60hRawKQ1iFRA1zwuDgGZCBJ4ByOzZ5J8joBbi4Oam0qiPH+GhzmSBwbJng== dependencies: "@kwsites/file-exists" "^1.1.1" "@kwsites/promise-deferred" "^1.1.1" - debug "^4.3.5" + debug "^4.4.0" sonic-boom@^4.0.1: version "4.2.0" From 6e882f560506f63ac4f7bd3480f2a2c9813387a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 19:51:02 +0000 Subject: [PATCH 25/28] chore(deps): bump tar in /interop/authzen-api-gateways/zuplo-gateway (#445) Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.9 to 7.5.10. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/node-tar/compare/v7.5.9...v7.5.10) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.10 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-api-gateways/zuplo-gateway/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock index 3bc8e71..2098c12 100644 --- a/interop/authzen-api-gateways/zuplo-gateway/yarn.lock +++ b/interop/authzen-api-gateways/zuplo-gateway/yarn.lock @@ -3000,9 +3000,9 @@ supports-preserve-symlinks-flag@^1.0.0: integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w== tar@^7.4.3: - version "7.5.9" - resolved "https://registry.yarnpkg.com/tar/-/tar-7.5.9.tgz#817ac12a54bc4362c51340875b8985d7dc9724b8" - integrity sha512-BTLcK0xsDh2+PUe9F6c2TlRp4zOOBMTkoQHQIWSIzI0R7KG46uEwq4OPk2W7bZcprBMsuaeFsqwYr7pjh6CuHg== + version "7.5.10" + resolved "https://registry.yarnpkg.com/tar/-/tar-7.5.10.tgz#2281541123f5507db38bc6eb22619f4bbaef73ad" + integrity sha512-8mOPs1//5q/rlkNSPcCegA6hiHJYDmSLEI8aMH/CdSQJNWztHC9WHNam5zdQlfpTwB9Xp7IBEsHfV5LKMJGVAw== dependencies: "@isaacs/fs-minipass" "^4.0.0" chownr "^3.0.0" From 7e3c2df3e2c70778be71ba278dcf0c583f98dd07 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 19:51:11 +0000 Subject: [PATCH 26/28] chore(deps): bump tar in /interop/authzen-search-demo (#448) Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.9 to 7.5.11. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/node-tar/compare/v7.5.9...v7.5.11) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.11 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- interop/authzen-search-demo/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/interop/authzen-search-demo/yarn.lock b/interop/authzen-search-demo/yarn.lock index d45b7db..3b39b43 100644 --- a/interop/authzen-search-demo/yarn.lock +++ b/interop/authzen-search-demo/yarn.lock @@ -3437,9 +3437,9 @@ tapable@^2.2.0: integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== tar@^7.4.3: - version "7.5.9" - resolved "https://registry.yarnpkg.com/tar/-/tar-7.5.9.tgz#817ac12a54bc4362c51340875b8985d7dc9724b8" - integrity sha512-BTLcK0xsDh2+PUe9F6c2TlRp4zOOBMTkoQHQIWSIzI0R7KG46uEwq4OPk2W7bZcprBMsuaeFsqwYr7pjh6CuHg== + version "7.5.11" + resolved "https://registry.yarnpkg.com/tar/-/tar-7.5.11.tgz#1250fae45d98806b36d703b30973fa8e0a6d8868" + integrity sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ== dependencies: "@isaacs/fs-minipass" "^4.0.0" chownr "^3.0.0" From 3eb9f86cc6eaf36ae3f4971a17f9e7bd295a1aed Mon Sep 17 00:00:00 2001 From: Alex Babeanu Date: Wed, 11 Mar 2026 15:16:47 -0700 Subject: [PATCH 27/28] Added new spec file, v1.1 --- ...on-api-1_0.md => authorization-api-1_1.md} | 0 api/autorization-api-1.0.md | 2090 +++++++++++++++++ 2 files changed, 2090 insertions(+) rename api/{authorization-api-1_0.md => authorization-api-1_1.md} (100%) create mode 100644 api/autorization-api-1.0.md diff --git a/api/authorization-api-1_0.md b/api/authorization-api-1_1.md similarity index 100% rename from api/authorization-api-1_0.md rename to api/authorization-api-1_1.md diff --git a/api/autorization-api-1.0.md b/api/autorization-api-1.0.md new file mode 100644 index 0000000..ffc7016 --- /dev/null +++ b/api/autorization-api-1.0.md @@ -0,0 +1,2090 @@ +--- +stand_alone: true +ipr: none +cat: std # Check +submissiontype: IETF +wg: OpenID AuthZEN + +docname: authorization-api-1_0 + +title: Authorization API 1.0 +abbrev: azapi +lang: en +kw: + - Authorization + - Access Management + - XACML + - OPA + - Topaz + - Cedar + - PDP + - PEP + - ALFA +# date: 2022-02-02 -- date is filled in automatically by xml2rfc if not given +author: +- role: editor # remove if not true + ins: O. Gazitt + name: Omri Gazitt + org: Aserto + email: ogazitt@gmail.com +- role: editor # remove if not true + ins: D. Brossard + name: David Brossard + org: Axiomatics + email: david.brossard@axiomatics.com +- role: editor # remove if not true + ins: A. Tulshibagwale + name: Atul Tulshibagwale + org: SGNL + email: atul@sgnl.ai +contributor: # Same structure as author list, but goes into contributors +- name: Marc Jordan + org: SGNL + email: marc@sgnl.ai +- name: Erik Gustavson + org: SGNL + email: erik@sgnl.ai +- name: Alexandre Babeanu + org: Indykite + email: alex.babeanu@indykite.com +- name: David Hyland + org: ID Partners + email: dave@idpartners.com.au +- name: Jean-François Lombardo + org: AWS + email: jeffsec@amazon.com +- name: Alex Olivier + org: Cerbos + email: alex@cerbos.dev +- name: Michiel Trimpe + org: VNG Realisatie + email: michiel.trimpe@vng.nl +- name: Elie Azerad + org: Independent Contributor + email: elie.azerad@gmail.com + +normative: + RFC6749: # OAuth + RFC8259: # JSON + RFC8615: # well-known URIs + RFC3553: # URN namespace for parameters + RFC9110: # HTTP Semantics + XACML: + title: eXtensible Access Control Markup Language (XACML) Version 1.1 + target: https://www.oasis-open.org/committees/xacml/repository/cs-xacml-specification-1.1.pdf + author: + - name: Simon Godik + role: editor + org: Overxeer + - name: Tim Moses (Ed.) + role: editor + org: Entrust + date: 2006 + +informative: + RFC7519: # JWT + RFC7515: # JWS + RFC8126: # Writing for IANA + IANA.well-known-uris: # IANA well-known registry + RFC9525: # Service Identity in TLS + RFC7234: # HTTP caching + RFC2617: # HTTP authentication + NIST.SP.800-162: # ABAC + RFC7493: # I-JSON + +--- abstract + +The Authorization API enables Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) to communicate authorization requests and decisions to each other without requiring knowledge of each other's inner workings. The Authorization API is served by the PDP and is called by the PEP. The Authorization API includes evaluation endpoints, which provide specific access decisions, and search endpoints for discovering permissible subjects, resources, or actions. + +--- middle + +# Introduction +Computational services often implement access control within their components by separating Policy Decision Points (PDPs) from Policy Enforcement Points (PEPs). PDPs and PEPs are defined in XACML ({{XACML}}) and NIST's ABAC SP 800-162 ({{NIST.SP.800-162}}). Communication between PDPs and PEPs follows similar patterns across different software and services that require or provide authorization information. The Authorization API described in this document enables different providers to offer PDP and PEP capabilities without having to bind themselves to one particular implementation of a PDP or PEP. + +# Model +By convention, we refer to a service that implements this API as a Policy Decision Point, or PDP. The policy language, architecture, and state management aspects of a PDP are beyond the scope of this specification. + +By convention, we refer to a client of the Authorization API as a Policy Enforcement Point, or PEP. Clients may consume the Authorization API for use cases that go beyond enforcement of authorization decisions; for example, the Resource Search API ({{resource-search-api}}) allows a caller to discover the resources on which a subject can perform an action. For consistency, we use the term PEP to describe a client of the API, regardless of the use case. + +The Authorization API is defined in a transport-agnostic manner. A normative HTTPS binding is described in Transport ({{transport}}). Other bindings, such as gRPC, may be defined in other profiles of this specification. + +Authentication for the Authorization API itself is out of scope for this document, since authentication for APIs is well-documented elsewhere. Support for OAuth 2.0 ({{RFC6749}}) is RECOMMENDED. + +# Features +The core feature of the Authorization API is the Access Evaluation API ({{access-evaluation-api}}), which enables a PEP to determine whether a specific request can be permitted to access a specific resource. The following are non-normative examples: + +- Can Alice view document #123? +- Can Alice view document #123 at 16:30 on Tuesday, June 11, 2024? +- Can a manager print? + +The Access Evaluations API ({{access-evaluations-api}}) enables execution of multiple evaluations in a single request. The following are non-normative examples: + +- Can Alice view documents 123, 234 and 345 on Tuesday, June 11, 2024? +- Can document 123 be viewed by Alice and Bob? + +The Search APIs ({{search}}) provide lists of resources, subjects or actions that would be allowed access. The following are non-normative examples: + +- Which documents can Alice view? +- Who can view document 123? +- What actions can Alice perform on document 123 on Tuesday, June 11, 2024? + +# API Version +This document describes the API version 1.0. Any updates to this API through subsequent revisions of this document or other documents MAY augment this API, but MUST NOT modify the API described here. Augmentation MAY include additional API methods or additional parameters to existing API methods, additional authorization mechanisms, or additional optional headers in HTTPS transport bindings. Endpoints for version 1.0 SHOULD include `v1` in the endpoint identifier (e.g. `https://pdp.example.com/access/v1/`). + +# Information Model {#information-model} +The information model for requests and responses include the following entities: Subject, Action, Resource, Context, and Decision. These are all defined below. + +## Subject {#subject} +A Subject is the user or machine principal about whom the Authorization API is being invoked. The Subject may be requesting access at the time the Authorization API is invoked. + +A Subject is an object that contains two REQUIRED keys, `type` and `id`, which have a string value, and an OPTIONAL key, `properties`, with a value of an object. + +`type`: +: REQUIRED. A string value that specifies the type of the Subject. + +`id`: +: REQUIRED. A string value containing the unique identifier of the Subject, scoped to the `type`. + +`properties`: +: OPTIONAL. An object which can be used to express additional attributes of a Subject. + + +### Subject Properties {#subject-properties} +Many authorization systems are stateless, and expect the PEP to pass in all relevant attributes used in the evaluation of the authorization policy. To satisfy this requirement, Subjects MAY include additional attributes as key-value pairs, under the `properties` object. A property can contain both simple values, such as strings, numbers, booleans and nulls, and complex values, such as arrays and objects. + +Examples of subject attributes can include, but are not limited to: + +- department, +- group memberships, +- device identifier, +- IP address. + +### Examples (non-normative) {#subject-examples} + +The following is a non-normative example of a minimal Subject: + +~~~ json +{ + "type": "user", + "id": "alice@example.com" +} +~~~ +{: #subject-example title="Example Subject"} + +The following is a non-normative example of a Subject which adds a string-valued `department` property: + +~~~ json +{ + "type": "user", + "id": "alice@example.com", + "properties": { + "department": "Sales" + } +} +~~~ +{: #subject-department-example title="Example Subject with Additional Property"} + +The following is a non-normative example of a subject which adds IP address and device identifier properties: + +~~~ json +{ + "type": "user", + "id": "alice@example.com", + "properties": { + "ip_address": "172.217.22.14", + "device_id": "8:65:ee:17:7e:0b" + } +} +~~~ +{: #subject-device-id-example title="Example Subject with IP Address and Device ID"} + +## Resource {#resource} +A Resource is the target of an access request. It is an object that is constructed similar to a Subject entity. It has the following keys: + +`type`: +: REQUIRED. A string value that specifies the type of the Resource. + +`id`: +: REQUIRED. A string value containing the unique identifier of the Resource, scoped to the `type`. + +`properties`: +: OPTIONAL. An object which can be used to express additional attributes of a Resource. + +### Resource Properties {#resource-properties} + +Similarly to the Subject properties, the PEP can also provide attributes for the Resource in the properties field. + +Such attributes can include, but are not limited to, attributes of the resource used in access evaluations or metadata about the resource. + +### Examples (non-normative) {#resource-examples} + +The following is a non-normative example of a Resource with a `type` and a simple `id`: + +~~~ json +{ + "type": "book", + "id": "123" +} +~~~ +{: #resource-example title="Example Resource"} + +The following is a non-normative example of a Resource containing a `library_record` property, that is itself an object: + +~~~ json +{ + "type": "book", + "id": "123", + "properties": { + "library_record":{ + "title": "AuthZEN in Action", + "isbn": "978-0593383322" + } + } +} +~~~ +{: #resource-example-structured title="Example Resource with Additional Property"} + +## Action {#action} +An Action is the type of access that the requester intends to perform. + +Action is an object that contains a REQUIRED `name` key with a string value, and an OPTIONAL `properties` key with an object value. + +`name`: +: REQUIRED. A string value containing the name of the Action. + +`properties`: +: OPTIONAL. An object which can be used to express additional attributes of an Action. + +### Action Properties {#action-properties} + +Similarly to the Subject and Resource properties, the PEP can also provide attributes for the Action in the properties field. + +Such attributes can include, but are not limited to, parameters of the action that is being requested. + +### Examples (non-normative) {#action-examples} + +The following is a non-normative example of an action: + +~~~ json +{ + "name": "can_read" +} +~~~ +{: #action-example title="Example Action"} + +The following is a non-normative example of an action with additional properties: + +~~~ json +{ + "name": "extend-loan", + "properties": { + "period": "2W" + } +} +~~~ +{: #action-extend-loan-example title="Example Action with properties for extending a book loan."} + +## Context {#context} +The Context represents the environment of the access evaluation request. + +Context is an object which can be used to express attributes of the environment. + +Examples of context attributes can include, but are not limited to: + +- The time of day, +- Location from which the request was received, +- Capabilities of the PEP, +- JSON Schema or JSON-LD definitions for the request. + +### Examples (non-normative) {#context-examples} + +The following is a non-normative example of a Context: + +~~~ json +{ + "time": "1985-10-26T01:22-07:00" +} +~~~ +{: #context-example title="Example Context"} + + +The following example of a Context provides a JSON Schema definition which can be used to parse and validate the AuthZEN request: + +~~~ json +{ + "time": "1985-10-26T01:22-07:00", + "schema": "https://schema.example.com/access-request.schema.json" +} +~~~ +{: #context-schema-example title="Example Context with a reference to a JSON schema"} + + +## Decision {#decision} +A Decision is the result of the evaluation of an access request. It provides the information required for the PEP to enforce the decision. + +Decision is an object that contains a REQUIRED `decision` key with a `boolean` value, and an OPTIONAL `context` key with an object value. + +`decision`: +: REQUIRED. A boolean value that specifies whether the Decision is to allow or deny the operation. + +`context`: +: OPTIONAL. An object which can convey additional information that can be used by the PEP as part of the decision enforcement process. + +In this specification, assuming the evaluation was successful, there are only two possible values for the `decision`: + +- `true`: The access request is permitted to go forward. If the PEP does not understand information in the `context` response object, the PEP MAY choose to reject the decision. +- `false`: The access request is denied and MUST NOT be permitted to go forward. + +The following is a non-normative example of a minimal Decision: + +~~~ json +{ + "decision": true +} +~~~ +{: #decision-example title="Example Decision"} + +### Decision Context {#decision-context} +In addition to a `decision`, a response MAY contain a `context` field which contains an object. This context can convey additional information that can be used by the PEP as part of the decision enforcement process. + +Examples include, but are not limited to: + +- Reason(s) a decision was made, +- "Advices" and/or "Obligations" tied to the access decision, +- Hints for rendering UI state, +- Instructions for step-up authentication, +- Environmental information, +- etc. + +### Examples (non-normative) {#decision-examples} +The following are all non-normative examples of possible and valid contexts, provided to illustrate possible usages. The actual semantics and format of the `context` object are an implementation concern and outside the scope of this specification. For example, implementations MAY use keys that correspond to concepts from other standards, such as HTTP status codes, to convey common reasons in an interoperable manner. + +#### Non-normative Example 1: conveying decision Reasons +The PDP may provide reasons to explain a decision. In the non-normative example below, an implementation might convey different reasons to administrators and end-users, using keys that could correspond to HTTP status codes: + +~~~ json +{ + "decision": false, + "context": { + "reason_admin": { + "403": "Request failed policy C076E82F" + }, + "reason_user": { + "403": "Insufficient privileges. Contact your administrator" + } + } +} +~~~ +{: #response-with-reason-context-example title="Non-normative Example Response with reason Context"} + +#### Non-normative Example 2: conveying metadata and environmental elements +In the following non-normative example, the PDP justifies its decision by including environmental conditions that did not meet its policies. Metadata pertaining to the decision response times is also provided: + +~~~ json +{ + "decision": false, + "context": { + "metadata": { + "response_time": 60, + "response_time_unit": "ms" + }, + "environment": { + "ip": "10.10.0.1", + "datetime": "2025-06-27T18:03-07:00", + "os": "ubuntu24.04.2LTS-AMDx64" + } + } +} +~~~ +{: #response-with-environment-context-example title="Non-normative Example Response with Environment and Metadata Context"} + +#### Non-normative Example 3: requesting step-up authentication +In the following non-normative example, the PDP requests a step-up authentication of the requesting subject, by signalling the required `acr` and `amr` access token claim values it expects to see in order to approve the request: + +~~~ json +{ + "decision": false, + "context": { + "acr_values": "urn:com:example:loa:3", + "amr_values": "mfa hwk" + } +} +~~~ +{: #response-with-step-up-example title="Non-normative Example Response with a step-up request Context"} + +# Access Evaluation API {#access-evaluation-api} + +The Access Evaluation API defines the message exchange pattern between a PEP and a PDP for executing a single access evaluation. + +## The Access Evaluation API Request {#access-evaluation-request} +The Access Evaluation request is an object consisting of four entities previously defined in the Information Model ({{information-model}}): + +`subject`: +: REQUIRED. The subject (or principal) of type Subject + +`action`: +: REQUIRED. The action (or verb) of type Action. + +`resource`: +: REQUIRED. The resource of type Resource. + +`context`: +: OPTIONAL. The context (or environment) of type Context. + +### Example (non-normative) + +~~~ json +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "resource": { + "type": "account", + "id": "123" + }, + "action": { + "name": "can_read", + "properties": { + "method": "GET" + } + }, + "context": { + "time": "1985-10-26T01:22-07:00" + } +} +~~~ +{: #request-example title="Example Request"} + +## The Access Evaluation API Response {#access-evaluation-response} + +The response of the Access Evaluation API consists of the Decision entity as defined in the Information Model ({{information-model}}). + +# Access Evaluations API {#access-evaluations-api} + +The Access Evaluations API defines the message exchange pattern between a PEP and a PDP for evaluating multiple access evaluations within the scope of a single message exchange (also known as "boxcarring" requests). + +## The Access Evaluations API Request {#access-evaluations-request} + +The Access Evaluation API Request builds on the information model presented in {{information-model}} and the object defined in the Access Evaluation Request ({{access-evaluation-request}}). + +To send multiple access evaluation requests in a single message, the PEP MAY add an `evaluations` key to the request. The `evaluations` key is an array which contains a list of objects, each typed as the object as defined in the Access Evaluation Request ({{access-evaluation-request}}), and specifying a discrete request. + +If an `evaluations` array is NOT present or is empty, the Access Evaluations Request behaves in a backwards-compatible manner with the (single) Access Evaluation API Request ({{access-evaluation-request}}). + +If an `evaluations` array IS present and contains one or more objects, these form distinct requests that the PDP will evaluate. These requests are independent from each other, and may be executed sequentially or in parallel, left to the discretion of each implementation. + +The top-level `subject`, `action`, `resource`, and `context` keys provide default values for their respective fields in the `evaluations` array. The top-level `subject`, `action` and `resource` keys MAY be omitted if the `evaluations` array is present, contains one or more objects, and every object in the `evaluations` array contains the respective top-level key. This behavior is described in {{default-values}}. + +The following is a non-normative example for specifying three requests, with no default values: + +~~~json +{ + "evaluations": [ + { + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "action": { + "name": "can_read" + }, + "resource": { + "type": "document", + "id": "boxcarring.md" + }, + "context": { + "time": "2024-05-31T15:22-07:00" + } + }, + { + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "action": { + "name": "can_read" + }, + "resource": { + "type": "document", + "id": "subject-search.md" + }, + "context": { + "time": "2024-05-31T15:22-07:00" + } + }, + { + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "action": { + "name": "can_read" + }, + "resource": { + "type": "document", + "id": "resource-search.md" + }, + "context": { + "time": "2024-05-31T15:22-07:00" + } + } + ] +} +~~~ + +### Default values {#default-values} + +While the example above provides the most flexibility in specifying distinct values in each request for every evaluation, it is common for boxcarred requests to share one or more values of the evaluation request. For example, evaluations MAY all refer to a single subject, and/or have the same contextual (environmental) attributes. + +Default values offer a more compact syntax that avoids unnecessary duplication of request data. + +The top-level `subject`, `action`, `resource`, and `context` keys provide default values for each object in the evaluations array. Any of these keys specified within an individual evaluation object overrides the corresponding top-level default. Because `subject`, `action`, and `resource` are required for a valid evaluation, any of these keys omitted from an evaluation object MUST be provided as a top-level key. + +The following is a non-normative example for specifying three requests that refer to a single subject and context: + +~~~json +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "context": { + "time": "2024-05-31T15:22-07:00" + }, + "evaluations": [ + { + "action": { + "name": "can_read" + }, + "resource": { + "type": "document", + "id": "boxcarring.md" + } + }, + { + "action": { + "name": "can_read" + }, + "resource": { + "type": "document", + "id": "subject-search.md" + } + }, + { + "action": { + "name": "can_read" + }, + "resource": { + "type": "document", + "id": "resource-search.md" + } + } + ] +} +~~~ + +The following is a non-normative example for specifying three requests that refer to a single `subject` and `context`, with a default value for `action`, that is overridden by the third request: + +~~~json +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "context": { + "time": "2024-05-31T15:22-07:00" + }, + "action": { + "name": "can_read" + }, + "evaluations": [ + { + "resource": { + "type": "document", + "id": "boxcarring.md" + } + }, + { + "resource": { + "type": "document", + "id": "subject-search.md" + } + }, + { + "action": { + "name": "can_edit" + }, + "resource": { + "type": "document", + "id": "resource-search.md" + } + } + ] +} +~~~ + +### Evaluations options + +The `evaluations` request payload includes an OPTIONAL `options` key, with a value that is an object. + +This provides a general-purpose mechanism for providing PEP-supplied metadata on how the request is to be executed. + +One such option controls *evaluation semantics*, and is described in {{evaluations-semantics}}. + +A non-normative example of the `options` field is shown below, following an `evaluations` array provided for the sake of completeness: + +~~~json +{ + "evaluations": [{ + "resource": { + "type": "doc", + "id": "1" + }, + "subject": { + "type": "doc", + "id": "2" + } + }], + "options": { + "evaluations_semantic": "execute_all", + "another_option": "value" + } +} +~~~ + +#### Evaluations semantics {#evaluations-semantics} + +By default, every request in the `evaluations` array is executed and a response returned in the same array order. This is the most common use-case for boxcarring multiple evaluation requests in a single payload. + +This specification supports three evaluation semantics: + +1. *Execute all of the requests (potentially in parallel), return all of the results.* Any failure can be denoted by `"decision": false` and MAY provide a reason code in the context. +2. *Deny on first denial (or failure).* This semantic could be desired if a PEP wants to issue a few requests in a particular order, with any denial (error, or `"decision": false`) "short-circuiting" the evaluations call and returning on the first denial. This essentially works like the `&&` operator in programming languages. +3. *Permit on first permit.* This is the converse "short-circuiting" semantic, working like the `||` operator in programming languages. + +To select the desired evaluation semantic, a PEP can pass in `options.evaluations_semantic` with exactly one of the following values: + + * `execute_all` + * `deny_on_first_deny` + * `permit_on_first_permit` + +`execute_all` is the default semantic, so an `evaluations` request without the `options.evaluations_semantic` flag will execute using this semantic. + +##### Example: Evaluate `read` action for three documents using all three semantics + +Execute all requests: + +~~~json +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "action": { + "name": "read" + }, + "options": { + "evaluations_semantic": "execute_all" + }, + "evaluations": [ + { + "resource": { + "type": "document", + "id": "1" + } + }, + { + "resource": { + "type": "document", + "id": "2" + } + }, + { + "resource": { + "type": "document", + "id": "3" + } + } + ] +} +~~~ + +Response: + +~~~json +{ + "evaluations": [ + { + "decision": true + }, + { + "decision": false + }, + { + "decision": true + } + ] +} +~~~ + +Deny on first deny: + +~~~json +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "action": { + "name": "read" + }, + "options": { + "evaluations_semantic": "deny_on_first_deny" + }, + "evaluations": [ + { + "resource": { + "type": "document", + "id": "1" + } + }, + { + "resource": { + "type": "document", + "id": "2" + } + }, + { + "resource": { + "type": "document", + "id": "3" + } + } + ] +} +~~~ + +Response: + +~~~json +{ + "evaluations": [ + { + "decision": true + }, + { + "decision": false, + "context": { + "code": "200", + "reason": "deny_on_first_deny" + } + } + ] +} +~~~ + +Permit on first permit: + +~~~json +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "action": { + "name": "read" + }, + "options": { + "evaluations_semantic": "permit_on_first_permit" + }, + "evaluations": [ + { + "resource": { + "type": "document", + "id": "1" + } + }, + { + "resource": { + "type": "document", + "id": "2" + } + }, + { + "resource": { + "type": "document", + "id": "3" + } + } + ] +} +~~~ + +Response: + +~~~json +{ + "evaluations": [ + { + "decision": true + } + ] +} +~~~ + +## The Access Evaluations API Response {#access-evaluations-response} + +Like the request format, the Access Evaluations Response format for an Access Evaluations Request adds an `evaluations` array that lists the decisions in the same order they were provided in the `evaluations` array in the request. Each value of the evaluations array is typed as a Decision as defined in the Information Model ({{information-model}}). + +In case the `evaluations` array is present, it is RECOMMENDED that the `decision` key of the response be omitted. If present, it can be ignored by the PEP. + +The following is a non-normative example of a Access Evaluations Response to an Access Evaluations Request containing three evaluation objects: + +~~~json +{ + "evaluations": [ + { + "decision": true + }, + { + "decision": false, + "context": { + "reason": "resource not found" + } + }, + { + "decision": false, + "context": { + "reason": "Subject is a viewer of the resource" + } + } + ] +} +~~~ + +### Errors + +There are two types of errors, and they are handled differently: +1. Transport-level errors, or errors that pertain to the entire payload. +2. Errors in individual evaluations. + +The first type of error is handled at the transport level. For example, for the HTTP binding, the 4XX and 5XX codes indicate a general error that pertains to the entire payload, as described in Transport ({{transport}}). + +The second type of error is handled at the payload level. Decisions default to *closed* (i.e. `false`), but the `context` field can include errors that are specific to that request. + +The following is a non-normative example of a response to an Access Evaluations Request containing three evaluation objects, two of them demonstrating how errors can be returned for two of the evaluation requests: + +~~~json +{ + "evaluations": [ + { + "decision": true + }, + { + "decision": false, + "context": { + "error": { + "status": 404, + "message": "Resource not found" + } + } + }, + { + "decision": false, + "context": { + "reason": "Subject is a viewer of the resource" + } + } + ] +} +~~~ + + +# Search APIs {#search} + +The Search APIs enable a PEP to discover the set of subjects, resources, or actions that are permitted within a specific authorization context. Their purpose is to return a list of authorized entities, rather than verify a single access request. + +To perform a search, the PEP provides the Subject, Resource, Action, and Context entities defined in the Information Model ({{information-model}}), but omits the unique identifier of the entity being queried. The PDP then responds with the set of authorized entities for the queried entity type which would be authorized according to the provided criteria. + +## Semantics {#search-semantics} + +A search is designed to return entities that would correspond to a permitted decision. Therefore, any result from a Search API, when subsequently used in an Access Evaluation API call, SHOULD result in a `"decision": true` response. However, because the evaluation is implementation-specific and may depend on other variables (such as time), this outcome is not guaranteed. + +In addition, it is RECOMMENDED that a search be performed transitively, traversing intermediate attributes and/or relationships. For example, if user U is a member of group G, and group G is designated as a viewer on a document D, then a search for all subjects of type user that can view document D will include user U. + +## Pagination {#search-pagination} + +Search APIs can return large result sets. To manage this, a PDP MAY support pagination, allowing a PEP to navigate and retrieve subsets of the total result set. + +Pagination does not guarantee an atomic snapshot of the result set. Consequently, if items are added or removed while paginating, results MAY be repeated or omitted between pages. + +Pagination is based on the use of opaque tokens. A PEP makes an initial request for data by sending a query that does not contain a token. If the PDP determines that the result set contains too many results to fit in a single response, the PDP returns a partial result set and a token that the PEP can use to retrieve the next page of results. + +A paginated response MUST be clearly identified by the inclusion of a `page` object containing a non-empty, opaque `next_token`. This token is the signal to the PEP that more results are available. + +To retrieve the next page, the PEP sends a subsequent request containing a `page` object with the `token` field set to the `next_token` value from the previous response. This process is repeated until the PDP returns a `page` object in which the value of the `next_token` field is an empty string, signaling the end of the result set. + +When a request contains a token, all entities (e.g., `subject`, `resource`, `action`, `context`) and pagination parameters (e.g., `limit`) MUST be identical to the preceding request. PDPs SHOULD return an error when any entity or parameter has been changed. + +PEPs that wish to sequentially iterate through the entire result set SHOULD use the core pagination mechanism described above, which is designed to work consistently across all PDPs that support the search APIs. + +### Paginated Requests {#search-pagination-request} + +A Search API Request MAY include a `page` object indicating which subset of the larger result set the PEP would like to receive. + +The `page` object in a Search API Request consists of the following keys: + +`token`: +: OPTIONAL. An opaque string value from the `next_token` of a previous response. + +`limit`: +: OPTIONAL. A non-negative integer indicating the maximum number of results to return in the response. + +`properties`: +: OPTIONAL. An object containing additional implementation-specific pagination request attributes, such as, but not limited to, sorting and filtering. + +Apart from the `token`, all values from the initial request MUST remain identical for subsequent pages. If a different value is provided mid-pagination the PDP SHOULD return an error. + +Additional keys MAY be included in the `page` object. If they are, they MUST be defined in a specification referenced in the AuthZEN Policy Decision Point Capabilities Registry ({{iana-pdp-capabilities-registry}}). Furthermore, the PDP MUST declare support for the corresponding capability URN in its `supported_capabilities` metadata ({{pdp-metadata-data-capabilities}}). + +### Paginated Responses {#search-pagination-response} + +Any Search API Response MAY include a `page` object, but if a response does not contain the entire result set, it MUST include this object. + +The `page` object contains the following keys: + +`next_token`: +: REQUIRED. An opaque string value indicating the next page of results to return. If there are no more results after this page, its value MUST be an empty string. + +`count`: +: OPTIONAL. A non-negative integer indicating the number of results included in this response. When included at the start of a response, as described in the Search API Response ({{search-response}}), this enables a PEP to display a progress indicator when processing large or slow responses. + +`total`: +: OPTIONAL. A non-negative integer indicating the total number of results matching the query criteria at the time of the request. This value is not guaranteed to equal the total number of items returned across all pages if the underlying data set changes during pagination. + +`properties`: +: OPTIONAL. An object containing additional pagination response attributes. Examples include, but are not limited to, estimated totals or the number of remaining results. + +### Examples (non-normative) {#search-pagination-examples} + +The following is a non-normative example of a request-response cycle to retrieve a total of three results with a page size limit of two. + +~~~ json +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "action": { + "name": "can_read" + }, + "resource": { + "type": "account" + }, + "page": { + "limit": 2 + } +} +~~~ +{: #search-pagination-token-initial-request title="Example initial Search API Request"} + +~~~ json +{ + "page": { + "next_token": "a3M9NDU2O3N6PTI=", + "count": 2, + "total": 3 + }, + "results": [ + { + "type": "account", + "id": "123" + }, + { + "type": "account", + "id": "456" + } + ] +} +~~~ +{: #search-pagination-token-initial-response title="Example initial Search API Response"} + +~~~ json +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "action": { + "name": "can_read" + }, + "resource": { + "type": "account" + }, + "page": { + "token": "a3M9NDU2O3N6PTI=" + } +} +~~~ +{: #search-pagination-token-second-request title="Example second Search API Request"} + +~~~ json +{ + "page": { + "next_token": "", + "count": 1, + "total": 3 + }, + "results": [ + { + "type": "account", + "id": "789" + } + ] +} +~~~ +{: #search-pagination-token-second-response title="Example second Search API Response"} + +## The Search API Response {#search-response} + +The response to a Search API Request always follows the same structure. Each Search API Response is a JSON object with the following keys: + +`page`: +: OPTIONAL. An object providing pagination information, as defined in Paginated Responses ({{search-pagination-response}}). It is RECOMMENDED that the `page` object be the first key in the response, as this allows a PEP to use the `count` value to display a progress indicator when processing large or slow responses. + +`context`: +: OPTIONAL. An object that can convey additional information that can be used by the PEP, similar to its function in the Access Evaluation Response (see {{access-evaluation-response}}). + +`results`: +: REQUIRED. An array containing zero or more entities, as defined in the Information Model ({{information-model}}). It MUST contain only entities of the type being searched for (e.g., Subjects, Resources, or Actions). + +The following is a non-normative example of a search response returning resources: + +~~~ json +{ + "page": { + "count": 2, + "total": 102 + }, + "context": { + "query_execution_time_ms": 42 + }, + "results": [ + { + "type": "account", + "id": "123" + }, + { + "type": "account", + "id": "456" + } + ] +} +~~~ +{: #search-response-example title="Example Resource Search API Response"} + +## Subject Search API {#subject-search-api} + +The Subject Search API returns all subjects of a given type that are permitted according to the provided Action ({{action}}), Resource ({{resource}}), and Context ({{context}}). + +### The Subject Search API Request {#subject-search-request} + +The Subject Search request is an object consisting of the following entities: + +`subject`: +: REQUIRED. The subject (or principal) of type Subject. The Subject MUST contain a `type`, but the Subject `id` SHOULD be omitted, and if present, MUST be ignored. + +`action`: +: REQUIRED. The action (or verb) of type Action. + +`resource`: +: REQUIRED. The resource of type Resource. + +`context`: +: OPTIONAL. Contextual data about the request. + +`page`: +: OPTIONAL. A page object for paginated requests. + +### Example (non-normative) + +The following payload defines a request for the subjects of type `user` that can perform the `can_read` action on the resource of type `account` and ID `123`. + +~~~ json +{ + "subject": { + "type": "user" + }, + "action": { + "name": "can_read" + }, + "resource": { + "type": "account", + "id": "123" + }, + "context": { + "time": "2024-10-26T01:22-07:00" + } +} +~~~ +{: #subject-search-request-example title="Example Subject Search API Request"} + +The following payload defines a valid response to this request. + +~~~ json +{ + "results": [ + { + "type": "user", + "id": "alice@example.com" + }, + { + "type": "user", + "id": "bob@example.com" + } + ] +} +~~~ +{: #subject-search-response-example title="Example Subject Search API Response"} + +## Resource Search API {#resource-search-api} + +The Resource Search API returns all resources of a given type that are permitted according to the provided Action ({{action}}), Subject ({{subject}}), and Context ({{context}}). + +### The Resource Search API Request {#resource-search-request} + +The Resource Search request is an object consisting of the following entities: + +`subject`: +: REQUIRED. The subject (or principal) of type Subject. + +`action`: +: REQUIRED. The action (or verb) of type Action. + +`resource`: +: REQUIRED. The resource of type Resource. The Resource MUST contain a `type`, but the Resource `id` SHOULD be omitted, and if present, MUST be ignored. + +`context`: +: OPTIONAL. Contextual data about the request. + +`page`: +: OPTIONAL. A page object for paginated requests. + +### Example (non-normative) + +The following payload defines a request for the resources of type `account` on which the subject of type `user` and ID `alice@example.com` can perform the `can_read` action. + +~~~ json +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "action": { + "name": "can_read" + }, + "resource": { + "type": "account" + } +} +~~~ +{: #resource-search-request-example title="Example Resource Search API Request"} + +The following payload defines a valid response to this request. + +~~~ json +{ + "results": [ + { + "type": "account", + "id": "123" + }, + { + "type": "account", + "id": "456" + } + ] +} +~~~ +{: #resource-search-response-example title="Example Resource Search API Response"} + +## Action Search API {#action-search-api} + +The Action Search API returns all actions that are permitted according to the provided Subject ({{subject}}), Resource ({{resource}}), and Context ({{context}}). + +### The Action Search API Request {#action-search-request} + +The Action Search request is an object consisting of the following entities: + +`subject`: +: REQUIRED. The subject (or principal) of type Subject. + +`resource`: +: REQUIRED. The resource of type Resource. + +`context`: +: OPTIONAL. Contextual data about the request. + +`page`: +: OPTIONAL. A page object for paginated requests. + +Note: Unlike the Subject and Resource Search APIs, the `action` key is omitted from the Action Search request payload. + +### Example (non-normative) + +The following payload defines a request for the actions that the subject of type `user` with ID `123` may perform on the resource of type `account` and ID `123` at 01:22 AM. + +~~~ json +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "resource": { + "type": "account", + "id": "123" + }, + "context": { + "time": "2024-10-26T01:22-07:00" + } +} +~~~ +{: #action-search-request-example title="Example Action Search API Request"} + +The following payload defines a valid response to this request. + +~~~ json +{ + "results": [ + { + "name": "can_read" + }, + { + "name": "can_write" + } + ] +} +~~~ +{: #action-search-response-example title="Example Action Search API Response"} + +# Policy Decision Point Metadata {#pdp-metadata} + +It is RECOMMENDED that PDPs provide metadata describing their configuration. + +## Data structure {#pdp-metadata-data} + +The following Policy Decision Point metadata parameters are used by this specification and are registered in the IANA "AuthZEN Policy Decision Point Metadata" registry established in {{iana-pdp-metadata-registry}}. + +### Endpoint Parameters {#pdp-metadata-data-endpoint} + +`policy_decision_point`: +: REQUIRED. The Policy Decision Point identifier, which is a URL that uses the "https" scheme and has no query or fragment components. Policy Decision Point metadata is published at a location that is ".well-known" according to {{RFC8615}} derived from this Policy Decision Point identifier, as described in {{pdp-metadata-access}}. The Policy Decision Point identifier is used to prevent Policy Decision Point mix-up attacks. + +`access_evaluation_endpoint`: +: REQUIRED. URL of Access Evaluation API endpoint + +`access_evaluations_endpoint`: +: OPTIONAL. URL of Access Evaluations API endpoint + +`search_subject_endpoint`: +: OPTIONAL. URL of Search API endpoint for subject entities + +`search_action_endpoint`: +: OPTIONAL. URL of Search API endpoint for action entities + +`search_resource_endpoint`: +: OPTIONAL. URL of Search API endpoint for resource entities + +Note: the absence of any of these parameters is sufficient for the PEP to determine that the PDP is not capable and therefore will not return a result for the associated API. + +### Capabilities Parameters {#pdp-metadata-data-capabilities} + +`capabilities`: +: OPTIONAL. JSON array containing a list of registered IANA URNs referencing PDP specific capabilities. + +### Signature Parameter {#pdp-metadata-data-sig} + +In addition to JSON elements, metadata parameters MAY also be provided as a `signed_metadata` value, which is a JSON Web Token {{RFC7519}} that asserts metadata values about the PDP as a bundle. A set of metadata parameters that can be used in signed metadata as claims are defined in {{pdp-metadata-data-endpoint}}. The signed metadata MUST be digitally signed or MACed using JSON Web Signature {{RFC7515}} and MUST contain an `iss` (issuer) claim denoting the party attesting to the claims in the signed metadata. + +A PEP MAY ignore the signed metadata if they do not support this feature. If the PEP supports signed metadata, metadata values conveyed in the signed metadata MUST take precedence over the corresponding values conveyed using plain JSON elements. Signed metadata is included in the Policy Decision Point metadata JSON object using this OPTIONAL metadata parameter: + +`signed_metadata`: +: A JWT containing metadata parameters about the protected resource as claims. This is a string value consisting of the entire signed JWT. A `signed_metadata` parameter SHOULD NOT appear as a claim in the JWT; it is RECOMMENDED to reject any metadata in which this occurs. + +## Obtaining Policy Decision Point Metadata {#pdp-metadata-access} + +PDPs supporting metadata MUST make a JSON document containing metadata as specified in the AuthZEN Policy Decision Point Metadata Registry ({{iana-pdp-metadata-registry}}) available at a URL formed by inserting a well-known URI string between the host component and the path and/or query components, if any. The well-known URI string used is `/.well-known/authzen-configuration`. + +The syntax and semantics of .well-known are defined in {{RFC8615}}. The well-known URI path suffix used is registered in the IANA "Well-Known URIs" registry {{IANA.well-known-uris}}. + +An example of a PDP supporting multiple tenants will have a discovery endpoint as follows: + +~~~ +https://pdp.example.com/.well-known/authzen-configuration/tenant1 +~~~ + +### Policy Decision Point Metadata Request {#pdp-metadata-access-request} + +A Policy Decision Point metadata document MUST be queried using an HTTP GET request at the previously specified URL. The consumer of the metadata would make the following request when the resource identifier is https://pdp.example.com: + +~~~ http +GET /.well-known/authzen-configuration HTTP/1.1 +Host: pdp.example.com +~~~ + +### Policy Decision Point Metadata Response {#pdp-metadata-access-response} + +The response is a set of metadata parameters about the protected resource's configuration. + +A successful response MUST use the HTTP status code `200` and a `Content-Type` of `application/json`. Its body MUST be a JSON object that contains a set of metadata parameters as defined in the AuthZEN Policy Decision Point Metadata Registry ({{iana-pdp-metadata-registry}}). + +Any metadata parameters in the response that are not understood by the PEP MUST be ignored. + +Parameters that have multiple values are represented as JSON arrays. Parameters that have no values MUST be omitted from the response. + +An error response uses the applicable HTTP status code value. + +The following is a non-normative example response: + +~~~ http +HTTP/1.1 200 OK +Content-Type: application/json + +{ + "policy_decision_point": "https://pdp.example.com", + "access_evaluation_endpoint": "https://pdp.example.com/access/v1/evaluation", + "search_subject_endpoint": "https://pdp.example.com/access/v1/search/subject", + "search_resource_endpoint": "https://pdp.example.com/access/v1/search/resource" +} +~~~ + +### Policy Decision Point Metadata Validation {#pdp-metadata-data-endpoint-validation} + +The `policy_decision_point` value returned MUST be identical to the Policy Decision Point identifier value into which the well-known URI string was inserted to create the URL used to retrieve the metadata. If these values are not identical, the data contained in the response MUST NOT be used. + +The recipient MUST validate that any signed metadata was signed by a key belonging to the issuer and that the signature is valid. If the signature does not validate or the issuer is not trusted, the recipient SHOULD treat this as an error condition. + +# Transport {#transport} + +This specification defines an HTTPS binding using JSON serialization which MUST be implemented by a compliant PDP. + +Additional transport bindings (e.g. gRPC or CoAP) MAY be defined in the future in the form of profiles, and MAY be implemented by a PDP. + +## HTTPS JSON Binding {#transport-https-json} + +All API requests within this binding are made via an HTTPS `POST` request. + +Requests MUST include a `Content-Type` header with the value `application/json`, and the request body for each endpoint MUST be a JSON object that conforms to the corresponding request structure, as defined in {{table-api-endpoints}}. + +A successful response is an HTTPS response with a status code of `200` and a `Content-Type` of `application/json`. Its body is a JSON object that conforms to the corresponding response structure, as defined in {{table-api-endpoints}}. + +The request URL MUST be the value of the corresponding endpoint parameter, as defined in {{table-api-endpoints}}, if it is provided in the Policy Decision Point metadata ({{pdp-metadata-data-endpoint}}). If the parameter is not provided, the URL SHOULD be formed by appending the default path, as defined in {{table-api-endpoints}}, to the PDP's base URL (which is the `policy_decision_point` value from the Policy Decision Point metadata, if available. + +The following table provides an overview of the API endpoints defined in this binding: + +| API Endpoint | Default Path | Metadata Parameter | Request Schema | Response Schema | +|--------------------|----------------------------|-----------------------------|--------------------------------|---------------------------------| +| Access Evaluation | /access/v1/evaluation | access_evaluation_endpoint | {{access-evaluation-request}} | {{access-evaluation-response}} | +| Access Evaluations | /access/v1/evaluations | access_evaluations_endpoint | {{access-evaluations-request}} | {{access-evaluations-response}} | +| Subject Search | /access/v1/search/subject | search_subject_endpoint | {{subject-search-request}} | {{search-response}} | +| Resource Search | /access/v1/search/resource | search_resource_endpoint | {{resource-search-request}} | {{search-response}} | +| Action Search | /access/v1/search/action | search_action_endpoint | {{action-search-request}} | {{search-response}} | +{: #table-api-endpoints title="API Endpoint Overview"} + +### JSON Serialization {#transport-https-json-serialization} + +This section specifies the serialization of the information model entities and API schemas defined in this document to the JSON format {{RFC8259}}. The top-level element of all request and response bodies MUST be a JSON object ({{Section 4 of RFC8259}}). Implementations SHOULD also adhere to the security recommendations in JSON Payload Considerations ({{security-json}}). + +The data types defined in this specification are mapped to JSON types as follows: + +Object: +: Represented as a JSON object ({{Section 4 of RFC8259}}). The values of its members can be any valid JSON value as defined in {{Section 3 of RFC8259}}, including other objects and arrays, unless specified otherwise. + +Array: +: Represented as a JSON array ({{Section 5 of RFC8259}}). + +String: +: Represented as a JSON string ({{Section 7 of RFC8259}}). + +Integer: +: Represented as a JSON number ({{Section 6 of RFC8259}}). Note the recommendation in {{security-json}} to not encode values that exceed IEEE 754 double-precision. + +Boolean: +: Represented as the JSON literals `true` or `false` ({{Section 3 of RFC8259}}). + +If a required attribute in the information model is omitted, the server MUST return a "Bad Request" error, as defined in {{error-responses}}. + +To ensure forward compatibility, receivers MUST ignore unknown fields present in request or response bodies. Implementations MUST NOT assume a particular ordering of JSON object members. + +### Error Responses {#error-responses} +The following error responses are common to all methods of the Authorization API. The error response is indicated by an HTTPS status code ({{Section 15 of RFC9110}}) that indicates error. + +The following errors are indicated by the status codes defined below: + +| Code | Description | HTTPS Body Content | +|------|--------------|-------------------| +| 400 | Bad Request | An error message string | +| 401 | Unauthorized | An error message string | +| 403 | Forbidden | An error message string | +| 500 | Internal Error | An error message string | +{: #table-error-status-codes title="HTTPS Error status codes"} + +Note: HTTPS errors are returned by the PDP to indicate an error condition relating to the request or its processing; they are unrelated to the outcome of an authorization decision and are distinct from it. A successful request that results in a "deny" is indicated by a 200 OK status code with a { "decision": false } payload. + +To make this concrete: + +- a `401` HTTPS status code indicates that the PEP did not properly authenticate to the PDP - for example, by omitting a required `Authorization` header, or using an invalid access token. +- the PDP indicates to the PEP that the authorization request is denied by sending a response with a `200` HTTPS status code, along with a payload of `{ "decision": false }`. + +### Request Identification +All requests to the API MAY have request identifiers to uniquely identify them. The PEP is responsible for generating the request identifier. If present, it is RECOMMENDED to use the HTTPS Header `X-Request-ID` as the request identifier. The value of this header is an arbitrary string. The following non-normative example describes this header: + +~~~ http +POST /access/v1/evaluation HTTP/1.1 +Authorization: Bearer mF_9.B5f-4.1JqM +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 +~~~ +{: #request-id-example title="Example HTTPS request with a Request Id Header"} + +When an Authorization API request contains a request identifier the PDP MUST include a request identifier in the response. It is RECOMMENDED to specify the request identifier using the HTTPS Response header `X-Request-ID`. If the PEP specified a request identifier in the request, the PDP MUST include the same identifier in the response to that request. + +The following is a non-normative example of an HTTPS Response with this header: + +~~~ http +HTTP/1.1 OK +Content-Type: application/json +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 +~~~ +{: #example-response-request-id title="Example HTTPS response with a Request Id Header"} + +### Examples (non-normative) + +The following is a non-normative example of the HTTPS binding of the Access Evaluation Request: + +~~~ http +POST /access/v1/evaluation HTTP/1.1 +Host: pdp.example.com +Content-Type: application/json +Authorization: Bearer +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 + +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "resource": { + "type": "todo", + "id": "1" + }, + "action": { + "name": "can_read" + }, + "context": { + "time": "1985-10-26T01:22-07:00" + } +} +~~~ +{: #example-access-evaluation-request title="Example of an HTTPS Access Evaluation Request"} + +The following is a non-normative example of an HTTPS Access Evaluation Response: + +~~~ http +HTTP/1.1 OK +Content-Type: application/json +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 + +{ + "decision": true +} +~~~ +{: #example-access-evaluation-response title="Example of an HTTP Access Evaluation Response"} + +The following is a non-normative example of a the HTTPS binding of the Access Evaluations Request: + +~~~ http +POST /access/v1/evaluations HTTP/1.1 +Host: pdp.example.com +Content-Type: application/json +Authorization: Bearer +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 + +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "context": { + "time": "2024-05-31T15:22-07:00" + }, + "action": { + "name": "can_read" + }, + "evaluations": [ + { + "resource": { + "type": "document", + "id": "boxcarring.md" + } + }, + { + "resource": { + "type": "document", + "id": "subject-search.md" + } + }, + { + "action": { + "name": "can_edit" + }, + "resource": { + "type": "document", + "id": "resource-search.md" + } + } + ] +} +~~~ +{: #example-access-evaluations-request title="Example of an HTTPS Access Evaluations Request"} + +The following is a non-normative example of an HTTPS Access Evaluations Response: + +~~~ http +HTTP/1.1 OK +Content-Type: application/json +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 + +{ + "evaluations": [ + { + "decision": true + }, + { + "decision": false, + "context": { + "error": { + "status": 404, + "message": "Resource not found" + } + } + }, + { + "decision": false, + "context": { + "reason": "Subject is a viewer of the resource" + } + } + ] +} +~~~ +{: #example-access-evaluations-response title="Example of an HTTPS Access Evaluations Response"} + +The following is a non-normative example of the HTTPS binding of the Subject Search Request: + +~~~ http +POST /access/v1/search/subject HTTP/1.1 +Host: pdp.example.com +Content-Type: application/json +Authorization: Bearer +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 + +{ + "subject": { + "type": "user" + }, + "action": { + "name": "can_read" + }, + "resource": { + "type": "account", + "id": "123" + } +} +~~~ +{: #example-subject-search-request title="Example of an HTTPS Subject Search Request"} + +The following is a non-normative example of an HTTPS Subject Search Response: + +~~~ http +HTTP/1.1 OK +Content-Type: application/json +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 + +{ + "page": { + "next_token": "a3M9NDU2O3N6PTI=" + }, + "results": [ + { + "type": "user", + "id": "alice@example.com" + }, + { + "type": "user", + "id": "bob@example.com" + } + ] +} +~~~ +{: #example-subject-search-response title="Example of an HTTPS Subject Search Response"} + +The following is a non-normative example of the HTTPS binding of the Resource Search Request: + +~~~ http +POST /access/v1/search/resource HTTP/1.1 +Host: pdp.example.com +Content-Type: application/json +Authorization: Bearer +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 + +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "action": { + "name": "can_read" + }, + "resource": { + "type": "account" + } +} +~~~ +{: #example-resource-search-request title="Example of an HTTPS Resource Search Request"} + +The following is a non-normative example of an HTTPS Resource Search Response: + +~~~ http +HTTP/1.1 OK +Content-Type: application/json +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 + +{ + "page": { + "next_token": "a3M9NDU2O3N6PTI=" + }, + "results": [ + { + "type": "account", + "id": "123" + }, + { + "type": "account", + "id": "456" + } + ] +} +~~~ +{: #example-resource-search-response title="Example of an HTTPS Resource Search Response"} + +The following is a non-normative example of the HTTPS binding of the Action Search Request: + +~~~ http +POST /access/v1/search/action HTTP/1.1 +Host: pdp.example.com +Content-Type: application/json +Authorization: Bearer +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 + +{ + "subject": { + "type": "user", + "id": "alice@example.com" + }, + "resource": { + "type": "account", + "id": "123" + }, + "context": { + "time": "2024-10-26T01:22-07:00" + } +} +~~~ +{: #example-action-search-request title="Example of an HTTPS Action Search Request"} + +The following is a non-normative example of an HTTPS Action Search Response: + +~~~ http +HTTP/1.1 OK +Content-Type: application/json +X-Request-ID: bfe9eb29-ab87-4ca3-be83-a1d5d8305716 + +{ + "page": { + "next_token": "a3M9NDU2O3N6PTI=" + }, + "results": [ + { + "name": "can_read" + }, + { + "name": "can_write" + } + ] +} +~~~ +{: #example-action-search-response title="Example of an HTTPS Action Search Response"} + + +# Security Considerations {#Security} + +## Communication Integrity and Confidentiality {#security-integrity-confidentiality} + +In the ABAC architecture, the PEP-PDP connection is the most sensitive one and needs to be secured to guarantee: + + - Integrity + - Confidentiality + +As a result, the connection between the PEP and the PDP MUST be secured using the most adequate means given the choice of transport (e.g. TLS for HTTP REST). + +## Policy Confidentiality and Sender Authentication {#security-confidentiality-authn} + +Additionally, the PDP SHOULD authenticate the calling PEP. There are several ways authentication can be established. These ways are out of scope of this specification. They MAY include: + + - Mutual TLS + - OAuth-based authentication + - API key + +The choice and strength of either mechanism is not in scope. + +Authenticating the PEP allows the PDP to avoid common attacks (such as DoS - see below) and/or reveal its internal policies. A malicious actor could craft a large number of requests to try and understand what policies the PDP is configured with. Requesting a PEP be authenticated mitigates that risk. + +## Sender Authentication Failure {#security-sender-authentn-fail} + +If the protected resource request does not include the proper authentication credentials, or does not have a valid authentication scheme proof that enables access to the protected resource, the resource server MUST respond with a 401 HTTP status code and SHOULD include the HTTP "WWW-Authenticate" response header field; it MAY include it in response to other conditions as well. The "WWW-Authenticate" header field uses the framework defined by HTTP/1.1 {{RFC2617}} and indicates the expected authentication scheme as well as the realm that has authority for it. + +The following is a non-normative example response: + +```http +HTTP/1.1 401 Unauthorized +WWW-Authenticate: Bearer realm="https://as.example.com" +``` + +## Trust {#security-trust} + +In ABAC, there are occasionally conversations around the trust between PEP and PDP: how can the PDP trust that the PEP is sending the correct values? The architecture of this model assumes the PDP must trust the PEP, as the PEP is ultimately responsible for enforcing the decision the PDP produces. + +## JSON Payload Considerations {#security-json} + +To ensure the unambiguous interpretation of JSON payloads, implementations SHOULD process and generate JSON payloads in a manner consistent with the I-JSON profile ({{RFC7493}}). In particular, implementations SHOULD ensure that: + +- JSON text is encoded as UTF-8, and strings do not contain invalid Unicode sequences such as unpaired surrogates ({{Section 2.1 of RFC7493}}). +- Numeric values do not exceed the magnitude or precision supported by IEEE 754 double-precision ({{Section 2.2 of RFC7493}}). +- Member names within a JSON object are unique after processing escape characters ({{Section 2.3 of RFC7493}}). + +To avoid ambiguity between a property that is absent and one that is present with a null value, properties with a value of null SHOULD be omitted from JSON objects. + +## Authorization Response Integrity {#security-authorization-response-integrity} + +The PDP MAY choose to sign its authorization response, ensuring the PEP can verify the integrity of the data it receives. This practice is valuable for maintaining trust in the authorization process. + +The PEP can ensure that the authorization response is not tampered with by verifying the signature of the authorization decision if it is signed. It ensures response accuracy and completeness. + +TLS effectively protects data in transit for a direct, point-to-point connection but does not guarantee data integrity for the full connection path between the PEP and the PDP if there are intermediaries, such as proxies or gateways. + +Digital signatures offer important advantages in this context. They provide non-repudiation, allowing verification that the response genuinely originated from the PDP. Moreover, digital signatures ensure the integrity of the authorization response, confirming that its contents have not been altered in transit. + +## Availability & Denial of Service {#security-avail-dos} + +The PDP SHOULD apply reasonable protections to avoid common attacks tied to request payload size, the number of requests, invalid JSON, nested JSON attacks, or memory consumption. Rate limiting is one such way to address such issues. + +## Differences between Unsigned and Signed Metadata {#security-metadata-sig} + +Unsigned metadata is integrity protected by use of TLS at the site where it is hosted. This means that its security is dependent upon the Internet Public Key Infrastructure (PKI) {{RFC9525}}. Signed metadata is additionally integrity protected by the JWS signature applied by the issuer, which is not dependent upon the Internet PKI. +When using unsigned metadata, the party issuing the metadata is the PDP itself. Whereas, when using signed metadata, the party issuing the metadata is represented by the `iss` (issuer) claim in the signed metadata. When using signed metadata, applications can make trust decisions based on the issuer that performed the signing -- information that is not available when using unsigned metadata. How these trust decisions are made is out of scope for this specification. + +## Metadata Caching {#security-metadata-caching} + +Policy Decision Point metadata is retrieved using an HTTP GET request, as specified in {{pdp-metadata-access-request}}. Normal HTTP caching behaviors apply, meaning that the GET may retrieve a cached copy of the content, rather than the latest copy. Implementations should utilize HTTP caching directives such as Cache-Control with max-age, as defined in {{RFC7234}}, to enable caching of retrieved metadata for appropriate time periods. + +# IANA Considerations {#iana} + +This specification requests IANA to take four actions: the creation of a new protocol registry group named 'AuthZEN', the establishment of two new registries within this group ('AuthZEN Policy Decision Point Metadata' and 'AuthZEN Policy Decision Point Capabilities'), the registration of a new Well-Known URI ('authzen-configuration'), and the registration of a new URN sub-namespace ('authzen'). + +The following registration procedure is used for the registries established by this specification. + +Values are registered on a Specification Required {{RFC8126}} basis after a two-week review period on the openid-specs-authzen@lists.openid.net mailing list, following review and approval by one or more Designated Experts. However, to allow for the allocation of values prior to publication of the final version of a specification, the Designated Experts may approve registration once they are satisfied that the specification will be completed and published. However, if the specification is not completed and published in a timely manner, as determined by the Designated Experts, the Designated Experts may request that IANA withdraw the registration. + +Registration requests sent to the mailing list for review should use an appropriate subject (e.g., "Request to register AuthZEN Policy Decision Point Metadata: example"). + +Within the review period, the Designated Experts will either approve or deny the registration request, communicating this decision to the review list and IANA. Denials should include an explanation and, if applicable, suggestions as to how to make the request successful. The IANA escalation process is followed when the Designated Experts are not responsive within 14 days. + +Criteria that should be applied by the Designated Experts includes determining whether the proposed registration duplicates existing functionality, determining whether it is likely to be of general applicability or whether it is useful only for a single application, and whether the registration makes sense. + +IANA must only accept registry updates from the Designated Experts and should direct all requests for registration to the review mailing list. + +It is suggested that multiple Designated Experts be appointed who are able to represent the perspectives of different applications using this specification, in order to enable broadly-informed review of registration decisions. In cases where a registration decision could be perceived as creating a conflict of interest for a particular Expert, that Expert should defer to the judgment of the other Experts. + +The reason for the use of the mailing list is to enable public review of registration requests, enabling both Designated Experts and other interested parties to provide feedback on proposed registrations. The reason to allow the Designated Experts to allocate values prior to publication as a final specification is to enable giving authors of specifications proposing registrations the benefit of review by the Designated Experts before the specification is completely done, so that if problems are identified, the authors can iterate and fix them before publication of the final specification. + +## AuthZEN Policy Decision Point Metadata Registry {#iana-pdp-metadata-registry} + +This specification asks IANA to establish the "AuthZEN Policy Decision Point Metadata" registry under the registry group "AuthZEN Parameters". The registry records the Policy Decision Point metadata parameter and a reference to the specification that defines it. + +### Registry Definition + +Registry Name: AuthZEN Policy Decision Point Metadata + +Registration Policy: Specification Required per {{RFC8126}} + +Reference: \[This Document\] + +### Registration Template {#iana-pdp-metadata-template} + +Metadata Name: +: The name requested (e.g., "resource"). This name is case-sensitive. Names may not match other registered names in a case-insensitive manner unless the Designated Experts state that there is a compelling reason to allow an exception. + +Metadata Description: +: Brief description of the metadata (e.g., "Resource identifier URL"). + +Change Controller: +: For IETF stream RFCs, list the "IETF". For others, give the name of the responsible party. Other details (e.g., postal address, email address, home page URI) may also be included. + +Specification Document(s): +: Reference to the document or documents that specify the parameter, preferably including URIs that can be used to retrieve copies of the documents. An indication of the relevant sections may also be included but is not required. + +### Initial Registrations {#iana-pdp-metadata-initial} + +Metadata Name: +: `policy_decision_point` + +Metadata Description: +: Base URL of the Policy Decision Point + +Change Controller: +: OpenID Foundation AuthZEN Working Group +: mailto:openid-specs-authzen@lists.openid.net + +Specification Document(s): +: {{pdp-metadata-data-endpoint}} of \[This Document\] + + + +Metadata Name: +: `access_evaluation_endpoint` + +Metadata Description: +: URL of the Policy Decision Point's Access Evaluation API endpoint + +Change Controller: +: OpenID Foundation AuthZEN Working Group +: mailto:openid-specs-authzen@lists.openid.net + +Specification Document(s): +: {{pdp-metadata-data-endpoint}} of \[This Document\] + + + +Metadata Name: +: `access_evaluations_endpoint` + +Metadata Description: +: URL of the Policy Decision Point's Access Evaluations API endpoint + +Change Controller: +: OpenID Foundation AuthZEN Working Group +: mailto:openid-specs-authzen@lists.openid.net + +Specification Document(s): +: {{pdp-metadata-data-endpoint}} of \[This Document\] + + + +Metadata Name: +: `search_subject_endpoint` + +Metadata Description: +: URL of the Policy Decision Point's Search API endpoint for Subject entities + +Change Controller: +: OpenID Foundation AuthZEN Working Group +: mailto:openid-specs-authzen@lists.openid.net + +Specification Document(s): +: {{pdp-metadata-data-endpoint}} of \[This Document\] + + + +Metadata Name: +: `search_resource_endpoint` + +Metadata Description: +: URL of the Policy Decision Point's Search API endpoint for Resource entities + +Change Controller: +: OpenID Foundation AuthZEN Working Group +: mailto:openid-specs-authzen@lists.openid.net + +Specification Document(s): +: {{pdp-metadata-data-endpoint}} of \[This Document\] + + + +Metadata Name: +: `search_action_endpoint` + +Metadata Description: +: URL of the Policy Decision Point's Search API endpoint for Action entities + +Change Controller: +: OpenID Foundation AuthZEN Working Group +: mailto:openid-specs-authzen@lists.openid.net + +Specification Document(s): +: {{pdp-metadata-data-endpoint}} of \[This Document\] + + + +Metadata Name: +: `capabilities` + +Metadata Description: +: Array of URNs describing specific Policy Decision Point capabilities + +Change Controller: +: OpenID Foundation AuthZEN Working Group +: mailto:openid-specs-authzen@lists.openid.net + +Specification Document(s): +: {{pdp-metadata-data-capabilities}} of \[This Document\] + + +Metadata Name: +: `signed_metadata` + +Metadata Description: +: JWT containing metadata parameters about the protected resource as claims. + +Change Controller: +: OpenID Foundation AuthZEN Working Group +: mailto:openid-specs-authzen@lists.openid.net + +Specification Document(s): +: {{pdp-metadata-data-sig}} of \[This Document\] + + +## Well-Known URI Registry {#iana-wk-registry} + +This specification asks IANA to register the well-known URI defined in {{pdp-metadata-access}} in the IANA "Well-Known URIs" registry {{IANA.well-known-uris}}. + +### Registry Contents {#iana-wk-contents} + +URI Suffix: +: authzen-configuration + +Reference: +: \[This Document\] + +Status: +: permanent + +Change Controller: +: OpenID Foundation AuthZEN Working Group +: mailto:openid-specs-authzen@lists.openid.net + +Related Information: +: (none) + +## AuthZEN Policy Decision Point Capabilities Registry {#iana-pdp-capabilities-registry} + +This specification asks IANA to establish the "AuthZEN Policy Decision Point Capabilities" registry under the registry group "AuthZEN Parameters". The registry contains PDP-specific capabilities or features. These URNs are intended to be used in Policy Decision Point metadata discovery documents (as described in {{pdp-metadata}}) to allow a PEP to determine the supported functionality of a given PDP instance. The content of this registry will be specified by AuthZEN-compliant PDP vendors that want to declare interoperable capabilities. + +### Registry Definition {#iana-pdp-capabilities-definition} + +Registry Name: AuthZEN Policy Decision Point Capabilities + +Registration Policy: Specification Required per {{RFC8126}} + +Reference: \[This Document\] + +### Registration Template {#iana-pdp-capabilities-template} + +Capability Name: +: The name of the capability. This name MUST begin with the colon (":") character. This name is case-sensitive. Names may not match other registered names in a case-insensitive manner unless the Designated Experts state that there is a compelling reason to allow an exception. + +Capability URN: The URN of the AuthZEN Policy Decision Point Capability. + +Capability Description: +: Brief description of the capability. + +Change Controller: +: OpenID Foundation AuthZEN Working Group +: mailto:openid-specs-authzen@lists.openid.net + +Specification Document(s): +: Reference to the document or documents that specify the parameter, preferably including URIs that can be used to retrieve copies of the documents. An indication of the relevant sections may also be included but is not required. + +## Registration of "authzen" URN Sub-namespace {#iana-urn-namespace} + +This specification asks IANA to register a new URN sub-namespace within the "IETF URN Sub-namespace for Registered Protocol Parameter Identifiers" registry defined in {{RFC3553}}. + +Registry Name: authzen + +Specification: \[This Document\] + +Repository: "AuthZEN Policy Decision Point Capabilities" registry ({{iana-pdp-capabilities-registry}} of \[This Document\]) + +Index value: Sub-parameters MUST be specified in UTF-8, using standard URI encoding where necessary. + +--- back + +# Terminology +Subject: +: The user or machine principal for whom an authorization decision is being requested. + +Resource: +: The target of the request; the resource about which the authorization decision is being made. + +Action: +: The operation the Subject is attempting on the Resource, in the context an authorization decision. + +Context: +: When present in a request, the environmental or contextual attributes for this request. When present in a response, additional contextual information associated with a decision or search result. + +Decision: +: The value of the evaluation decision made by the PDP: `true` for "allow", `false` for "deny". + +PDP: +: Policy Decision Point. The component or system that provides authorization decisions over the network interface defined here as the Authorization API. + +PEP: +: Policy Enforcement Point. The component or system that acts as a client to the PDP. The most common use case for a PEP is to request decisions and enforce access based on the decisions obtained from the PDP. It can also request decisions or search results for other purposes, such as determining which resources a subject may have access to. + +# Acknowledgements {#Acknowledgements} + +This template uses extracts from templates written by +{{{Pekka Savola}}}, {{{Elwyn Davies}}} and +{{{Henrik Levkowetz}}}. + +# Notices {#Notices} +Copyright (c) 2026 The OpenID Foundation. + +The OpenID Foundation (OIDF) grants to any Contributor, developer, implementer, +or other interested party a non-exclusive, royalty free, worldwide copyright license to +reproduce, prepare derivative works from, distribute, perform and display, this +Implementers Draft, Final Specification, or Final Specification Incorporating Errata +Corrections solely for the purposes of (i) developing specifications, and (ii) +implementing Implementers Drafts, Final Specifications, and Final Specification +Incorporating Errata Corrections based on such documents, provided that attribution +be made to the OIDF as the source of the material, but that such attribution does not +indicate an endorsement by the OIDF. + +The technology described in this specification was made available from contributions +from various sources, including members of the OpenID Foundation and others. +Although the OpenID Foundation has taken steps to help ensure that the technology +is available for distribution, it takes no position regarding the validity or scope of any +intellectual property or other rights that might be claimed to pertain to the +implementation or use of the technology described in this specification or the extent +to which any license under such rights might or might not be available; neither does it +represent that it has made any independent effort to identify any such rights. The +OpenID Foundation and the contributors to this specification make no (and hereby +expressly disclaim any) warranties (express, implied, or otherwise), including implied +warranties of merchantability, non-infringement, fitness for a particular purpose, or +title, related to this specification, and the entire risk as to implementing this +specification is assumed by the implementer. The OpenID Intellectual Property +Rights policy (found at openid.net) requires contributors to offer a patent promise not +to assert certain patent claims against other contributors and against implementers. +OpenID invites any interested party to bring to its attention any copyrights, patents, +patent applications, or other proprietary rights that may cover technology that may be +required to practice this specification. \ No newline at end of file From 15ad2171b0fc31fc36c34e4c76ce7a1922245173 Mon Sep 17 00:00:00 2001 From: Alex Babeanu Date: Sun, 15 Mar 2026 18:11:57 -0700 Subject: [PATCH 28/28] Adding normative obligation actions. --- api/authorization-api-1_1.md | 235 ++++++++++++++++++++++++++++------- 1 file changed, 192 insertions(+), 43 deletions(-) diff --git a/api/authorization-api-1_1.md b/api/authorization-api-1_1.md index e191601..25235ac 100644 --- a/api/authorization-api-1_1.md +++ b/api/authorization-api-1_1.md @@ -5,9 +5,9 @@ cat: std # Check submissiontype: IETF wg: OpenID AuthZEN -docname: authorization-api-1_0 +docname: authorization-api-1_1 -title: Authorization API 1.0 +title: Authorization API 1.1 abbrev: azapi lang: en kw: @@ -20,7 +20,7 @@ kw: - PDP - PEP - ALFA -# date: 2022-02-02 -- date is filled in automatically by xml2rfc if not given +# date: 2026-03-11 -- date is filled in automatically by xml2rfc if not given author: - role: editor # remove if not true ins: O. Gazitt @@ -37,6 +37,11 @@ author: name: Atul Tulshibagwale org: SGNL email: atul@sgnl.ai +- role: editor # remove if not true + ins: A. Babeanu + name: Alexandre Babeanu + org: Indykite + email: alex.babeanu@indykite.com contributor: # Same structure as author list, but goes into contributors - name: Marc Jordan org: SGNL @@ -80,6 +85,25 @@ normative: role: editor org: Entrust date: 2006 + OPENID-CORE: + title: OpenID Connect Core 1.0 incorporating errata set 2 + target: https://openid.net/specs/openid-connect-core-1_0.html#acrSemantics + author: + - name: Nat Sakimura + role: editor + org: NAT.Consulting + - name: John Bradley + role: editor + org: Yubico + - name: Michael B. Jones + role: editor + org: Self-Issued Consulting + - name: Breno Meideros + role: editor + org: Google + - name: Chuck Mortimore + role: editor + org: Disney informative: RFC7519: # JWT @@ -352,14 +376,14 @@ Examples include, but are not limited to: - Reason(s) a decision was made, - "Obligations" tied to the access decision, - Hints for rendering UI state, -- Instructions for step-up authentication, - Environmental information, +- Special filters or directives for the PEP, - etc. #### Obligation context field -OPTIONAL - Obligations are a set of operations that the PEP MUST perform in conjunction with an authorization decision. They serve as mandatory instructions that extend the simple "Permit" or "Deny" outcome. +OPTIONAL - Obligations are a set of actions that the PEP MUST perform regardless of the decision or search results otherwise provided in the response. If the PEP cannot comply, or the actions fail, then the PEP MUST change the decision to `false` ("Denied"), or in the case of searches, prevent any retrieved data to be presented to the requestor. This ensures that the stipulated actions are indeed carried out in all cases. -The PEP is responsible for implementing and enforcing the obligations received with an authorization decision. If the PEP fails to fulfill an obligation that was part of a Permit decision, it must then deny access to the requested resource. This ensures that the stipulated actions are indeed carried out. +The `obligations` field is OPTIONAL, but if provided in the PDP response then the PEP MUST understand and perform all associated obligations. Common Use Cases: - _Logging and Accountability_: Recording access attempts, especially for sensitive data (e.g., logging that a doctor accessed a patient's medical record under emergency conditions). @@ -368,82 +392,207 @@ Common Use Cases: - _Multi-Factor Authentication/Trust Elevation_: Redirecting a user to an additional authentication step after an initial decision (e.g., requiring a higher assurance authentication method). -- _"Break-the-Glass" Scenarios_: Allowing override of a denial under specific, monitored circumstances, with an obligation to log the override. +- _Data Transformation_ : Watermarking a documents before they are returned to the user, or masking PII or other attributes is fetched data. + +When used, the `obligations` context field MUST be an array of JSON objects. Each obligation MUST be uniquely identified within the object array by an identifier, which can then be used by the PEP to refer the the obligation in logs for example. The obligation `id` fields can be any string or identifier that can uniquely identity the `obligation` within the array. + +i.e., + +`id` : +: REQUIRED. The Unique identifier of this obligation within the `obligations` array. + -- _Data Transformation_ : Watermarking a document before it is returned to the user. +#### Normative Obligations +In order to improve interoperability, the following obligation formats and semantics are provided as normative obligation actions, and are part of this specification. These correspond to common use-cases, and are expected to provide wide applicability. -When used, the `obligations` context field MUST be an array of JSON objects. Each obligation MUST be uniquely identified within the object array by an identifier, which can then be used by the PEP to refer the the obligation in logs for example. The obligation Ids are implementation-specific strings or identifiers. +**Notes:** +- Only the `obligations` *format* is normative, any attribute values provided hereafter are non-normative examples. +- Implementers can add any additonal, implementation-specific non-normative fields to the `obligations` object, as required by their environments. +- The following `obligations` consitute a non-exhaustive base list, custom obligation actions can be devised by implementers if none of the normative obligation actions below suit their needs. -If an obligation object is provided in the PDP response, then the PEP MUST understand and perform all associated obligations. +##### Obligation: Step-Up Authentication +Signaling the need for Step-Up authentication is a very common use case. Step-up can be requested before granting access to the requested resource, or before returning data via any of the Search APIs. -The following non-normative example depicts a decision response with a single context obligation to notify a manager about a denied attempt, identified here using URI identifers: +_Normative Step-Up format_: +Obligation fields: +`step-up` : +: REQUIRED. The Obligation action. + +`acr_value` : +: REQUIRED. The value of the Authentication Context Class Reference the requestor MUST achieve. The PEP MUST force the requestor to re-authenticate in order to achieve this authentication class. The `acr` class generally corresponds to a level of authentication assurance that the subject must reach. Example: `urn:com:example:loa:3` (see also [OPENID-CORE]). + +`amr_values` : +: OPTIONAL. A JSON Array of case-sensitive Strings that identify the Authentication Methods that MUST be used during the authentication process. These values SHOULD be registered with IANA, as per [OPENID-CORE] (see also [IANA.well-known-uris]). Example: `["mfa","hwk"]`. + +Format: ~~~ json { - "decision": false, "context": { "obligations": [ { - "id": "urn:example:obligation:notifyManager", - "emailNotification": [ - { - "attributeId": "urn:example:attribute:managerEmail", - "value": "manager@example.com", - "dataType": "string" - }, - { - "attributeId": "urn:example:attribute:deniedUser", - "value": "bob.jones", - "dataType": "string" - }, - { - "attributeId": "urn:example:attribute:reasonForDenial", - "value": "InsufficientPrivileges", - "dataType": "string" - } - ] + "id": "", + "step-up": { + "acr_values": "", + "amr_values": "" + } } ] } } - ~~~ -{: #properties-example title="Non-normative Example obligation requiring an Email notification"} - -The following non-normative example depicts a decision response with two obligations, requiring the PEP to seek the specified `acr` and `amr` claim values for the user's `access_token` (in-effect requesting a higher level of assurance for the user's authentication; i.e., a step-up authentication), and also to email a manager about the access attempt: +{: #step-up-obligation title="Step-Up obligation Normative format"} +The following is non-normative example of a Step-Up Authentication obligation, which includes an implementation-specific, custom `reason_user` object: ~~~ json { - "decision": false, "context": { "obligations": [ { "id": "OBL-01", "step-up": { "acr_values": "urn:com:example:loa:3", - "amr_values": "mfa hwk" + "amr_values": ["mfa","hwk"], "reason_user": { "en-403": "Insufficient privileges. Contact your administrator", "es-403": "Privilegios insuficientes. Póngase en contacto con su administrador" } } - }, + } + ] + } +} +~~~ + +##### Obligation: Notification +A notification obligation requires the transmission of a notification message to a destination, regardless of transport. Example notifications include email messages, asynchronous messages sent via pub/sub frameworks or any other means of conveying a message to a remote destination. + +_Normative Notification format_: +Obligation fields: + +`notification` : +: REQUIRED. The Obligation action. + +`to`: +: REQUIRED. An implementation-specific string identifiying the address of the Notification message destination. This identifier must be unique, and meaningful in the implementer's environment. Example: an email address, such as `"manager@example.com"`. + +`body` : +: REQUIRED. The payload of the notification message. The actual message String. + +`topic`: +: OPTIONAL. The Subject of the message (in case of email for example), provides a short high-lebvel purpose of the message. This field can be reused as needed by implementers, to help route the message as designating Kafka messaging topics for example. + +Format: +~~~ json +{ + "context": { + "obligations": [ { - "id": "OBL-02", - "action": { - "type": "email", - "parameters": { + "id": "", + "notification": { + "to": "", + "body": "", + "topic": "" + } + } + ] + } +} +~~~ +{: #notification-obligation title="Notification obligation Normative format"} + +The following is non-normative example of a Notification Email obligation, here using a URI identifier: +~~~ json +{ + "context": { + "obligations": [ + { + "id": "urn:example:obligation:1", + "notification": { "to": "manager@example.com", - "subject": "Insufficient Assurance Level in Access Request", - "body": "" + "topic": "Insufficient Assurance Level in Access Request", + "body": " attempted to access resource at ." + } + } + } + ] + } +} +~~~ + +##### Obligation: Session Terminate +The session termination obligation requires the PEP to initiate any flow necessary to the terminate of the session of the provided Subject. The expectation is the invalidation of all of that Subject's session, including in Federated environments. + +_Normative Session Termination format_: +Obligation fields: + +`session_termination` : +: REQUIRED. The Obligation action. + +`subject` : +: REQUIRED. The unique identifier of the subject who's sessions must be terminated. + +Format: +~~~ json +{ + "context": { + "obligations": [ + { + "id": "", + "session_termination": { + "subject": "" + } + } + ] + } +} +~~~ +{: #session-termination-obligation title="Session Termination obligation Normative format"} + +The following is non-normative example of a Session Termination obligation: +~~~ json +{ + "context": { + "obligations": [ + { + "id": "0010", + "session_termination": { + "subject": "alice@example.com" } } } ] } } +~~~ + +#### Full Obligations examle +The following non-normative example depicts a decision response with two context obligations to notify a manager about a denied attempt, and terminate the user's session: +~~~ json +{ + "decision": false, + "context": { + "obligations": [ + { + "id": "OBL-01", + "session_termination": { + "subject": "alice@example.com" + } + }, + { + "id": "OBL-02", + "notification": { + "to": "admin@example.com", + "topic": "Illegal access attempt.", + "body": " attempted to access resource at ." + } + } + ] + } +} ~~~ +{: #obligations-full-example title="Non-normative sample obligations requiring Email notification and session termination"} ### Examples (non-normative) {#decision-examples} The following are all non-normative examples of possible and valid contexts, provided to illustrate possible usages. The actual semantics and format of the `context` object are an implementation concern and outside the scope of this specification. For example, implementations MAY use keys that correspond to concepts from other standards, such as HTTP status codes, to convey common reasons in an interoperable manner.