From 01586dc7b047ce90c68ad9ca6d69ad78af7d8c1e Mon Sep 17 00:00:00 2001 From: asinha Date: Tue, 19 Aug 2025 13:53:54 -0700 Subject: [PATCH 1/8] MLE-23575 : Security vulnerability detected in Node Client - https://github.com/advisories/GHSA-52f5-9888-hmc6 --- package-lock.json | 100 ++++++++++++++++------------------------------ package.json | 3 +- 2 files changed, 37 insertions(+), 66 deletions(-) diff --git a/package-lock.json b/package-lock.json index bfa4c179..40d7d9ed 100644 --- a/package-lock.json +++ b/package-lock.json @@ -73,12 +73,12 @@ } }, "node_modules/@babel/parser": { - "version": "7.28.0", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.0.tgz", - "integrity": "sha512-jVZGvOxOuNSsuQuLRTh13nU0AogFlw32w/MT+LV6D3sP5WdbW61E77RnkbaO2dUvmPAYrBDJXGn5gGS6tH4j8g==", + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.3.tgz", + "integrity": "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA==", "dev": true, "dependencies": { - "@babel/types": "^7.28.0" + "@babel/types": "^7.28.2" }, "bin": { "parser": "bin/babel-parser.js" @@ -276,9 +276,9 @@ } }, "node_modules/@isaacs/cliui/node_modules/ansi-regex": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.1.0.tgz", - "integrity": "sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==", + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.0.tgz", + "integrity": "sha512-TKY5pyBkHyADOPYlRT9Lx6F544mPl0vS5Ew7BJ45hA08Q+t3GjbueLliBWN3sMICk6+y7HdyxSzC4bWS8baBdg==", "engines": { "node": ">=12" }, @@ -716,9 +716,9 @@ "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" }, "node_modules/bare-events": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/bare-events/-/bare-events-2.6.0.tgz", - "integrity": "sha512-EKZ5BTXYExaNqi3I3f9RtEsaI/xBSGjE0XZCZilPzFAV/goswFHuPd9jEZlPIZ/iNZJwDSao9qRiScySz7MbQg==", + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/bare-events/-/bare-events-2.6.1.tgz", + "integrity": "sha512-AuTJkq9XmE6Vk0FJVNq5QxETrSA/vKHarWVBG5l/JbdCL1prJemiyJqUS0jrlXO0MftuPq4m3YVYhoNc5+aE/g==", "optional": true }, "node_modules/base64-js": { @@ -5270,28 +5270,12 @@ } }, "node_modules/tmp": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.1.0.tgz", - "integrity": "sha512-J7Z2K08jbGcdA1kkQpJSqLF6T0tdQqpR2pnSUXsIchbPdTI9v3e85cLW0d6WDhwuAleOV71j2xWs8qMPfK7nKw==", + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz", + "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==", "dev": true, - "dependencies": { - "rimraf": "^2.6.3" - }, "engines": { - "node": ">=6" - } - }, - "node_modules/tmp/node_modules/rimraf": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", - "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", - "deprecated": "Rimraf versions prior to v4 are no longer supported", - "dev": true, - "dependencies": { - "glob": "^7.1.3" - }, - "bin": { - "rimraf": "bin.js" + "node": ">=14.14" } }, "node_modules/to-regex-range": { @@ -5720,9 +5704,9 @@ } }, "node_modules/wrap-ansi/node_modules/ansi-regex": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.1.0.tgz", - "integrity": "sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==", + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.0.tgz", + "integrity": "sha512-TKY5pyBkHyADOPYlRT9Lx6F544mPl0vS5Ew7BJ45hA08Q+t3GjbueLliBWN3sMICk6+y7HdyxSzC4bWS8baBdg==", "engines": { "node": ">=12" }, @@ -5902,12 +5886,12 @@ "dev": true }, "@babel/parser": { - "version": "7.28.0", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.0.tgz", - "integrity": "sha512-jVZGvOxOuNSsuQuLRTh13nU0AogFlw32w/MT+LV6D3sP5WdbW61E77RnkbaO2dUvmPAYrBDJXGn5gGS6tH4j8g==", + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.3.tgz", + "integrity": "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA==", "dev": true, "requires": { - "@babel/types": "^7.28.0" + "@babel/types": "^7.28.2" } }, "@babel/types": { @@ -6046,9 +6030,9 @@ }, "dependencies": { "ansi-regex": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.1.0.tgz", - "integrity": "sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==" + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.0.tgz", + "integrity": "sha512-TKY5pyBkHyADOPYlRT9Lx6F544mPl0vS5Ew7BJ45hA08Q+t3GjbueLliBWN3sMICk6+y7HdyxSzC4bWS8baBdg==" }, "emoji-regex": { "version": "9.2.2", @@ -6376,9 +6360,9 @@ "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" }, "bare-events": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/bare-events/-/bare-events-2.6.0.tgz", - "integrity": "sha512-EKZ5BTXYExaNqi3I3f9RtEsaI/xBSGjE0XZCZilPzFAV/goswFHuPd9jEZlPIZ/iNZJwDSao9qRiScySz7MbQg==", + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/bare-events/-/bare-events-2.6.1.tgz", + "integrity": "sha512-AuTJkq9XmE6Vk0FJVNq5QxETrSA/vKHarWVBG5l/JbdCL1prJemiyJqUS0jrlXO0MftuPq4m3YVYhoNc5+aE/g==", "optional": true }, "base64-js": { @@ -7600,7 +7584,7 @@ "ink-docstrap": "^1.3.2", "jsdoc": "4.0.0", "map-stream": "0.0.7", - "tmp": "0.1.0" + "tmp": "0.2.4" } }, "gulp-jshint": { @@ -9766,24 +9750,10 @@ "dev": true }, "tmp": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.1.0.tgz", - "integrity": "sha512-J7Z2K08jbGcdA1kkQpJSqLF6T0tdQqpR2pnSUXsIchbPdTI9v3e85cLW0d6WDhwuAleOV71j2xWs8qMPfK7nKw==", - "dev": true, - "requires": { - "rimraf": "^2.6.3" - }, - "dependencies": { - "rimraf": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", - "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", - "dev": true, - "requires": { - "glob": "10.3.11" - } - } - } + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.4.tgz", + "integrity": "sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==", + "dev": true }, "to-regex-range": { "version": "5.0.1", @@ -10102,9 +10072,9 @@ }, "dependencies": { "ansi-regex": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.1.0.tgz", - "integrity": "sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==" + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.0.tgz", + "integrity": "sha512-TKY5pyBkHyADOPYlRT9Lx6F544mPl0vS5Ew7BJ45hA08Q+t3GjbueLliBWN3sMICk6+y7HdyxSzC4bWS8baBdg==" }, "ansi-styles": { "version": "6.2.1", diff --git a/package.json b/package.json index 497ab934..e4ba353f 100644 --- a/package.json +++ b/package.json @@ -89,6 +89,7 @@ "simple-get": "4.0.1", "semver": "7.5.3", "serialize-javascript": "6.0.2", - "tar-fs": "2.1.3" + "tar-fs": "2.1.3", + "tmp": "0.2.4" } } From cb0120353e25f3db5ea0a14f4ca100fe55e1ac8b Mon Sep 17 00:00:00 2001 From: asinha Date: Wed, 20 Aug 2025 15:47:26 -0700 Subject: [PATCH 2/8] MLE-23607 : Node Client Sparql test fails for 12-nightly on Jenkins --- test-complete/nodejs-optic-from-sparql.js | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/test-complete/nodejs-optic-from-sparql.js b/test-complete/nodejs-optic-from-sparql.js index 5b8a184b..ca4d2c5a 100644 --- a/test-complete/nodejs-optic-from-sparql.js +++ b/test-complete/nodejs-optic-from-sparql.js @@ -314,13 +314,11 @@ describe('Nodejs Optic from sparql test', function () { db.rows.explain(output, 'json') .then(function (output) { expect(output.node).to.equal('plan'); - if (serverConfiguration.serverVersion >= 11) { - expect(output.expr.expr.from['default-graph'][0].value).to.equal('/optic/sparql/test/companies.ttl'); - } else { - expect(output.expr.from['default-graph'][0].value).to.equal('/optic/sparql/test/companies.ttl'); - } + const defaultGraph = (serverConfiguration.serverVersion >= 12)?output.expr.expr.from['default-graph'][0]: + ((serverConfiguration.serverVersion >= 11)?output.expr.expr.from['default-graph'][0].value:output.expr.from['default-graph'][0].value); + expect(defaultGraph).to.equal('/optic/sparql/test/companies.ttl'); done(); - }, done).catch(error => done(error)); + }).catch(error => done(error)); }); it('TEST 16 - negative case', function (done) { From 1cdebb1dd0e4ca965fe77ba5442ef83bc6009d84 Mon Sep 17 00:00:00 2001 From: Steve Biondi Date: Mon, 15 Sep 2025 14:48:50 -0700 Subject: [PATCH 3/8] MLE-24312: map port 8017 via docker-compose. SSL service configured for port 8017. Add a second error message for test using SSL to confirm error when connecting to non-SSL REST service. Message probably changed for ML12 (not sure, but error message in test does not work). --- test-app/docker-compose-nightlies.yaml | 2 +- test-app/docker-compose.yaml | 2 +- test-basic/client.js | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/test-app/docker-compose-nightlies.yaml b/test-app/docker-compose-nightlies.yaml index e9a70161..161a0fde 100644 --- a/test-app/docker-compose-nightlies.yaml +++ b/test-app/docker-compose-nightlies.yaml @@ -22,6 +22,6 @@ services: volumes: - ./containerLogs:/var/opt/MarkLogic/Logs ports: - - 8000-8016:8000-8016 + - 8000-8017:8000-8017 - 8024-8029:8024-8029 - 8079:8079 diff --git a/test-app/docker-compose.yaml b/test-app/docker-compose.yaml index af43e8c7..cd0181d0 100644 --- a/test-app/docker-compose.yaml +++ b/test-app/docker-compose.yaml @@ -15,4 +15,4 @@ services: - ./docker/marklogic/logs:/var/opt/MarkLogic/Logs ports: - 8000-8002:8000-8002 - - 8015-8016:8015-8016 + - 8015-8017:8015-8017 diff --git a/test-basic/client.js b/test-basic/client.js index 24236061..1edff42c 100644 --- a/test-basic/client.js +++ b/test-basic/client.js @@ -146,7 +146,8 @@ describe('database clients', function () { .result() .catch(error => { try{ - assert(error.message.toString().includes('You have attempted to access an HTTP server using HTTPS. Please check your configuration.')); + assert(error.message.toString().includes('You have attempted to access an HTTP server using HTTPS. Please check your configuration.') || + error.message.toString().includes('write EPROTO')); done(); } catch(err){ done(err); From 8c9e5ffda1c4fc2143bd45105826945404dcef71 Mon Sep 17 00:00:00 2001 From: Steve Biondi Date: Fri, 19 Sep 2025 13:13:10 -0700 Subject: [PATCH 4/8] MLE-24397 - fix reported issue on Linux FIPS around exception caused by default load of FIPS-forbidden MD5 digest algorithm. Incorporate the source from the abandoned www-authenticate project and fix in place. --- lib/requester.js | 2 +- lib/www-authenticate/md5.js | 7 + lib/www-authenticate/parsers.js | 109 ++++++++++++ lib/www-authenticate/user-credentials.js | 46 +++++ lib/www-authenticate/www-authenticate.js | 218 +++++++++++++++++++++++ package-lock.json | 16 +- package.json | 3 +- test-basic/digestauth-fips-nomd5load.js | 54 ++++++ 8 files changed, 437 insertions(+), 18 deletions(-) create mode 100644 lib/www-authenticate/md5.js create mode 100644 lib/www-authenticate/parsers.js create mode 100644 lib/www-authenticate/user-credentials.js create mode 100644 lib/www-authenticate/www-authenticate.js create mode 100644 test-basic/digestauth-fips-nomd5load.js diff --git a/lib/requester.js b/lib/requester.js index 1a5668a0..bb063426 100644 --- a/lib/requester.js +++ b/lib/requester.js @@ -2,7 +2,7 @@ * Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. */ 'use strict'; -var createAuthInitializer = require('www-authenticate'); +var createAuthInitializer = require('./www-authenticate/www-authenticate'); var Kerberos = require('./optional.js') .libraryProperty('kerberos', 'Kerberos'); var Multipart = require('multipart-stream'); diff --git a/lib/www-authenticate/md5.js b/lib/www-authenticate/md5.js new file mode 100644 index 00000000..3e6de8bf --- /dev/null +++ b/lib/www-authenticate/md5.js @@ -0,0 +1,7 @@ +var crypto= require('crypto'); + +function md5(s) { + return crypto.createHash('md5').update(s).digest('hex'); +} + +module.exports= md5; \ No newline at end of file diff --git a/lib/www-authenticate/parsers.js b/lib/www-authenticate/parsers.js new file mode 100644 index 00000000..65e2be1d --- /dev/null +++ b/lib/www-authenticate/parsers.js @@ -0,0 +1,109 @@ +var ParseAuth= /(\w+)\s+(.*)/ // -> scheme, params + , Separators= /([",=])/ + ; + +function parse_params(header) { + // This parser will definitely fail if there is more than one challenge + var tok, last_tok, _i, _len, key, value; + var state= 0; //0: token, + var m= header.split(Separators) + for (_i = 0, _len = m.length; _i < _len; _i++) { + last_tok= tok; + tok = m[_i]; + if (!tok.length) continue; + switch (state) { + case 0: // token + key= tok.trim(); + state= 1; // expect equals + continue; + case 1: // expect equals + if ('=' != tok) return 'Equal sign was expected after '+key; + state= 2; + continue; + case 2: // expect value + if ('"' == tok) { + value= ''; + state= 3; // expect quoted + continue; + } + else { + this.parms[key]= value= tok.trim(); + state= 9; // expect comma or end + continue; + } + case 3: // handling quoted string + if ('"' == tok) { + state= 8; // end quoted + continue; + } + else { + value+= tok; + state= 3; // continue accumulating quoted string + continue; + } + case 8: // end quote encountered + if ('"' == tok) { + // double quoted + value+= '"'; + state= 3; // back to quoted string + continue; + } + if (',' == tok) { + this.parms[key]= value; + state= 0; + continue; + } + else { + return 'Unexpected token ('+tok+') after '+value+'"'; + } + continue; + case 9: // expect commma + if (',' != tok) return 'Comma expected after '+value; + state= 0; + continue; + } + } + switch (state) { // terminal state + case 0: // Empty or ignoring terminal comma + case 9: // Expecting comma or end of header + return; + case 8: // Last token was end quote + this.parms[key]= value; + return; + default: + return 'Unexpected end of www-authenticate value.'; + } +} + +function Parse_WWW_Authenticate(to_parse) +{ + var m= to_parse.match(ParseAuth); + this.scheme= m[1]; + this.parms= {}; + var err= this.parse_params(m[2]); + if (err) { + this.scheme= ''; + this.parms= {}; + this.err= err; + } +} + +function Parse_Authentication_Info(to_parse) +{ + this.scheme= 'Digest'; + this.parms= {}; + var err= this.parse_params(to_parse); + if (err) { + this.scheme= ''; + this.parms= {}; + this.err= err; + } +} + +Parse_Authentication_Info.prototype.parse_params= parse_params; +Parse_WWW_Authenticate.prototype.parse_params= parse_params; + +module.exports = { + WWW_Authenticate: Parse_WWW_Authenticate, + Authentication_Info: Parse_Authentication_Info +}; diff --git a/lib/www-authenticate/user-credentials.js b/lib/www-authenticate/user-credentials.js new file mode 100644 index 00000000..25bc405d --- /dev/null +++ b/lib/www-authenticate/user-credentials.js @@ -0,0 +1,46 @@ +var md5= require('./md5'); + +/* + * Hide the password. Uses the password to form authorization strings, + * but provides no interface for exporting it. + */ +function user_credentials(username,password,options) { + if (username.is_user_credentials && + typeof username.basic === 'function' && + typeof username.digest === 'function' + ) { + return username; + } + + var basic_string= options && options.hide_basic ? + '' + : + (!password && password !== '' ? + Buffer.from(username, "ascii").toString("base64") + : + Buffer.from(username+':'+password, "ascii").toString("base64") + ) + function Credentials() + { + this.username= username; + } + Credentials.prototype.basic= function() + { + return basic_string; + } + Credentials.prototype.digest= function(realm) + { + return !password && password !== '' ? + md5(username+':'+realm) + : + md5(username+':'+realm+':'+password) + } + Credentials.prototype.is_user_credentials= function() + { + return true; + } + + return new Credentials; +} + +module.exports= user_credentials; diff --git a/lib/www-authenticate/www-authenticate.js b/lib/www-authenticate/www-authenticate.js new file mode 100644 index 00000000..f09c16ba --- /dev/null +++ b/lib/www-authenticate/www-authenticate.js @@ -0,0 +1,218 @@ +/* + * www-authenticate + * https://github.com/randymized/www-authenticate + * + * Copyright (c) 2013 Randy McLaughlin + * Licensed under the MIT license. + */ + +/* +* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. +*/ + +'use strict'; + +var crypto= require('crypto') + , parsers= require('./parsers') + , md5= require('./md5') + , user_credentials= require('./user-credentials') + , basic_challenge= { + statusCode: 401, + headers: { + 'www-authenticate': 'Basic realm="sample"' + } + } + ; + +function hex8(num) +{ + return ("00000000" + num.toString(16)).slice(-8); +} + +var www_authenticator = function(username,password,options) +{ + if (2 == arguments.length && toString.call(password) != '[object String]') { + options= password; + password= null; + } + var credentials= user_credentials(username,password) + var cnonce; + if (options) { + if (toString.call(options.cnonce) == '[object String]') + cnonce= options.cnonce; + } + if (cnonce === void 0) cnonce= crypto.pseudoRandomBytes(8).toString('hex'); + + /** + * @typedef {Object} Authenticator + * @property {any} [err] + * @property {function(string=, string=): string} [authorize] + * @property {any} [parms] + * @property {string} [cnonce] + */ + + /** + * Parses the WWW-Authenticate header. + * @param {string} www_authenticate + * @returns {Authenticator} + */ + var parse_header= function(www_authenticate) + { + function Authenticator() + { + function note_error(err) + { + this.err= err + } + var nc= 0; + + var parsed= new parsers.WWW_Authenticate(www_authenticate); + if (parsed.err) return note_error(parsed.err); + var auth_parms= this.parms= parsed.parms; + this.cnonce= cnonce; + + switch(parsed.scheme) { + case 'Basic': + var auth_string= 'Basic '+credentials.basic(); + this.authorize= function() { + return auth_string; + }; + return; + case 'Digest': + var realm= auth_parms.realm; + if (!realm) { + return note_error("Realm not found in www-authenticate header."); + } + + var ha1= + credentials.digest(realm); + var nonce= auth_parms.nonce; + if (!nonce) { + return note_error("Nonce not found in www-authenticate header."); + } + + var fixed= 'Digest username="'+credentials.username+'",'+ + ' realm="'+realm+'",'+ + ' nonce="'+nonce+'",'; + var qop= auth_parms.qop; + if (!qop) { + this.authorize= function(method,digestURI) { + var ha2= md5(method+':'+digestURI); + return fixed+ + ' uri="'+digestURI+'",'+ + ' response="'+md5(ha1+':'+nonce+':'+ha2)+'",'; + }; + return; + } + else { + var qopa= qop.split(','); + var q, x, _i, _len; + for (_i = 0, _len = qopa.length; _i < _len; _i++) { + if ('auth' === qopa[_i]) { + var opaque= auth_parms.opaque; + var algorithm= auth_parms.algorithm; + if (algorithm) { + fixed+= ' algorithm="'+algorithm+'",'; + } + else { + algorithm= 'MD5'; + } + var a1= 'MD5-sess' == algorithm ? + md5(ha1+':'+nonce+':'+cnonce) + : + ha1; + this.authorize= function(method,digestURI) { + var ha2= md5(method+':'+digestURI); + nc= nc+1; + var hexed_nc= hex8(nc); + var s= fixed+ + ' uri="'+digestURI+'",'+ + ' qop=auth,'+ + ' nc='+hexed_nc+','+ + ' cnonce="'+cnonce+'",'+ + ' response="'+md5(a1+':'+nonce+':'+hexed_nc+':'+cnonce+':auth:'+ha2)+'"'; + if (opaque) { + s+= ', opaque="'+opaque+'"'; + } + return s; + }; + return; + } + return note_error('Server does not accept any supported quality of protection techniques.'); + } + } + break; + default: + return note_error("Unknown scheme"); + } + } + + return new Authenticator(); + }; + + parse_header.authenticator= new HigherLevel(credentials,options); // deprecated + return parse_header; +}; + + +function HigherLevel(credentials,options) +{ + this.credentials= credentials + this.options= options + if (options && options.sendImmediately) { + this.sendImmediately= true; + } +} +HigherLevel.prototype.get_challenge= function(request) { + if (401 == request.statusCode && 'www-authenticate' in request.headers) { + if (!this.parse_header) { + this.parse_header= www_authenticator(this.credentials,this.options) + } + this.challenge= this.parse_header(request.headers['www-authenticate']) + return this.challenge.err; + } +} +HigherLevel.prototype._challenge= function() { + if (!this.challenge) { + if (this.sendImmediately) { + // simulate receipt of a basic challenge + this.get_challenge(basic_challenge) + return this.challenge + } + else return; // simply won't produce an 'Authorization' header + } + return this.challenge; +} +HigherLevel.prototype.authentication_string= function(method,digestURI) { + var challenge= this._challenge(); + if (!challenge) return; // simply won't produce an 'Authorization' header + if (challenge.err) return challenge.err; + return challenge.authorize(method,digestURI); +} +HigherLevel.prototype.authenticate_headers= function(headers,method,digestURI) { + var challenge= this._challenge(); + if (!challenge) return; // simply won't produce an 'Authorization' header + if (challenge.err) return challenge.err; + headers.authorization= challenge.authorize(method,digestURI); +} +HigherLevel.prototype.authenticate_request_options= function(request_options) { + var challenge= this._challenge(); + if (!challenge) return; // simply won't produce an 'Authorization' header + if (challenge.err) return challenge.err; + if (!request_options.headers) request_options.headers= {}; + request_options.headers.authorization= challenge.authorize(request_options.method,request_options.path); +} + +module.exports = www_authenticator; +module.exports.parsers= parsers; +module.exports.user_credentials= user_credentials; +module.exports.basic_challenge= basic_challenge; +module.exports.authenticator= function(username,password,options) +{ + if (2 == arguments.length && toString.call(password) != '[object String]') { + options= password; + password= null; + } + var credentials= user_credentials(username,password) + return new HigherLevel(credentials,options); +} \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 40d7d9ed..42423f9b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,8 +20,7 @@ "json-text-sequence": "^1.0.1", "multipart-stream": "^2.0.1", "qs": "^6.11.0", - "through2": "^4.0.2", - "www-authenticate": "^0.6.3" + "through2": "^4.0.2" }, "devDependencies": { "@jsdoc/salty": "0.2.3", @@ -5765,14 +5764,6 @@ "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" }, - "node_modules/www-authenticate": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/www-authenticate/-/www-authenticate-0.6.3.tgz", - "integrity": "sha512-8VkdLBJiBh5aXlJvcVaPykwSI//OA+Sxw7g84vIyCqoqlXtLupGNhyXxbgVuZ7g5ZS+lCJ4bTtcw/gJciqEuAg==", - "engines": { - "node": ">= 0.8.0" - } - }, "node_modules/xml": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/xml/-/xml-1.0.1.tgz", @@ -10121,11 +10112,6 @@ "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" }, - "www-authenticate": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/www-authenticate/-/www-authenticate-0.6.3.tgz", - "integrity": "sha512-8VkdLBJiBh5aXlJvcVaPykwSI//OA+Sxw7g84vIyCqoqlXtLupGNhyXxbgVuZ7g5ZS+lCJ4bTtcw/gJciqEuAg==" - }, "xml": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/xml/-/xml-1.0.1.tgz", diff --git a/package.json b/package.json index e4ba353f..444db78e 100644 --- a/package.json +++ b/package.json @@ -38,8 +38,7 @@ "json-text-sequence": "^1.0.1", "multipart-stream": "^2.0.1", "qs": "^6.11.0", - "through2": "^4.0.2", - "www-authenticate": "^0.6.3" + "through2": "^4.0.2" }, "repository": { "type": "git", diff --git a/test-basic/digestauth-fips-nomd5load.js b/test-basic/digestauth-fips-nomd5load.js new file mode 100644 index 00000000..c90ca73d --- /dev/null +++ b/test-basic/digestauth-fips-nomd5load.js @@ -0,0 +1,54 @@ +/* +* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. +*/ +'use strict'; + +const should = require('should'); + +describe('FIPS test - ensure MD5 hash digester object is not loaded by default on require of www-authenticate module', function () { + it('should not automatically load MD5 digest algorithm function when requiring www-authenticate module', function () { + /** + * Attempt to load/require the www-authenticate module after applying a monkey-patch + * to the crypto.createHash function to intercept any attempts to create an MD5 hash + * digester object. + * This is to simulate a FIPS-enabled environment where MD5 is not allowed. + * + * First, create a monkey-patch to intercept calls to crypto.createHash + * and throw an Error object if the code attempts to create an + * MD5 hashing algorithm object. + * + * We undo this monkey-patch after the test to avoid side effects on all the other tests. + * + * To simulate the require/load, we first delete the module from Node's require cache + * and then require it again, which forces a reload of the module. + */ + delete require.cache[require.resolve('../lib/www-authenticate/www-authenticate')]; + delete require.cache[require.resolve('../lib/www-authenticate/md5')]; + const crypto = require('crypto'); + const originalCreateHash = crypto.createHash; + + crypto.createHash = function (algorithm, ...args) { + if (algorithm.toLowerCase() === 'md5') { + throw new Error('FIPS emulation: MD5 digest algorithm is not allowed on this system!'); + } + return originalCreateHash.call(this, algorithm, ...args); + }; + + try { // we must ensure the createHash function is restored after the test + + // Verify MD5 detection works + (() => crypto.createHash('md5')).should.throw('FIPS emulation: MD5 digest algorithm is not allowed on this system!'); + + // Require the module - should not call to get MD5 digester so should not throw + (() => require('../lib/www-authenticate/md5')).should.not.throw(); + (() => require('../lib/www-authenticate/www-authenticate')).should.not.throw(); + + } finally { + // Restore the original createHash function to avoid side effects + // This MUST execute to avoid breaking other tests! + crypto.createHash = originalCreateHash; + } + }); +}); + + From 507cec1ff250e03da899ad027bc421b55d980c2b Mon Sep 17 00:00:00 2001 From: Steve Biondi Date: Mon, 22 Sep 2025 10:31:02 -0700 Subject: [PATCH 5/8] Re-add external www-authenticate library so we can show our changes in another commit.. Delete and re-add existing www-authenticate files to www-authenticate-patched. Change path for require for requester and tests. Changes to www-authenticate will be in subsequent commit, for tracking --- lib/requester.js | 2 +- .../md5.js | 4 +++- .../parsers.js | 3 ++- .../user-credentials.js | 4 ++-- .../www-authenticate.js | 20 ++----------------- test-basic/digestauth-fips-nomd5load.js | 8 ++++---- 6 files changed, 14 insertions(+), 27 deletions(-) rename lib/{www-authenticate => www-authenticate-patched}/md5.js (58%) rename lib/{www-authenticate => www-authenticate-patched}/parsers.js (99%) rename lib/{www-authenticate => www-authenticate-patched}/user-credentials.js (88%) rename lib/{www-authenticate => www-authenticate-patched}/www-authenticate.js (93%) diff --git a/lib/requester.js b/lib/requester.js index bb063426..8f922a2c 100644 --- a/lib/requester.js +++ b/lib/requester.js @@ -2,7 +2,7 @@ * Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. */ 'use strict'; -var createAuthInitializer = require('./www-authenticate/www-authenticate'); +var createAuthInitializer = require('./www-authenticate-patched/www-authenticate'); var Kerberos = require('./optional.js') .libraryProperty('kerberos', 'Kerberos'); var Multipart = require('multipart-stream'); diff --git a/lib/www-authenticate/md5.js b/lib/www-authenticate-patched/md5.js similarity index 58% rename from lib/www-authenticate/md5.js rename to lib/www-authenticate-patched/md5.js index 3e6de8bf..5af85469 100644 --- a/lib/www-authenticate/md5.js +++ b/lib/www-authenticate-patched/md5.js @@ -1,4 +1,6 @@ -var crypto= require('crypto'); +var crypto= require('crypto') + , md5sum = crypto.createHash('md5') + ; function md5(s) { return crypto.createHash('md5').update(s).digest('hex'); diff --git a/lib/www-authenticate/parsers.js b/lib/www-authenticate-patched/parsers.js similarity index 99% rename from lib/www-authenticate/parsers.js rename to lib/www-authenticate-patched/parsers.js index 65e2be1d..8659d62d 100644 --- a/lib/www-authenticate/parsers.js +++ b/lib/www-authenticate-patched/parsers.js @@ -88,6 +88,8 @@ function Parse_WWW_Authenticate(to_parse) } } +Parse_Authentication_Info.prototype.parse_params= parse_params; + function Parse_Authentication_Info(to_parse) { this.scheme= 'Digest'; @@ -100,7 +102,6 @@ function Parse_Authentication_Info(to_parse) } } -Parse_Authentication_Info.prototype.parse_params= parse_params; Parse_WWW_Authenticate.prototype.parse_params= parse_params; module.exports = { diff --git a/lib/www-authenticate/user-credentials.js b/lib/www-authenticate-patched/user-credentials.js similarity index 88% rename from lib/www-authenticate/user-credentials.js rename to lib/www-authenticate-patched/user-credentials.js index 25bc405d..60ce4f0a 100644 --- a/lib/www-authenticate/user-credentials.js +++ b/lib/www-authenticate-patched/user-credentials.js @@ -16,9 +16,9 @@ function user_credentials(username,password,options) { '' : (!password && password !== '' ? - Buffer.from(username, "ascii").toString("base64") + new Buffer(username, "ascii").toString("base64") : - Buffer.from(username+':'+password, "ascii").toString("base64") + new Buffer(username+':'+password, "ascii").toString("base64") ) function Credentials() { diff --git a/lib/www-authenticate/www-authenticate.js b/lib/www-authenticate-patched/www-authenticate.js similarity index 93% rename from lib/www-authenticate/www-authenticate.js rename to lib/www-authenticate-patched/www-authenticate.js index f09c16ba..6bcb129f 100644 --- a/lib/www-authenticate/www-authenticate.js +++ b/lib/www-authenticate-patched/www-authenticate.js @@ -1,3 +1,4 @@ + /* * www-authenticate * https://github.com/randymized/www-authenticate @@ -6,13 +7,10 @@ * Licensed under the MIT license. */ -/* -* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. -*/ - 'use strict'; var crypto= require('crypto') + , md5sum = crypto.createHash('md5') , parsers= require('./parsers') , md5= require('./md5') , user_credentials= require('./user-credentials') @@ -42,20 +40,6 @@ var www_authenticator = function(username,password,options) cnonce= options.cnonce; } if (cnonce === void 0) cnonce= crypto.pseudoRandomBytes(8).toString('hex'); - - /** - * @typedef {Object} Authenticator - * @property {any} [err] - * @property {function(string=, string=): string} [authorize] - * @property {any} [parms] - * @property {string} [cnonce] - */ - - /** - * Parses the WWW-Authenticate header. - * @param {string} www_authenticate - * @returns {Authenticator} - */ var parse_header= function(www_authenticate) { function Authenticator() diff --git a/test-basic/digestauth-fips-nomd5load.js b/test-basic/digestauth-fips-nomd5load.js index c90ca73d..fd244643 100644 --- a/test-basic/digestauth-fips-nomd5load.js +++ b/test-basic/digestauth-fips-nomd5load.js @@ -22,8 +22,8 @@ describe('FIPS test - ensure MD5 hash digester object is not loaded by default o * To simulate the require/load, we first delete the module from Node's require cache * and then require it again, which forces a reload of the module. */ - delete require.cache[require.resolve('../lib/www-authenticate/www-authenticate')]; - delete require.cache[require.resolve('../lib/www-authenticate/md5')]; + delete require.cache[require.resolve('../lib/www-authenticate-patched/www-authenticate')]; + delete require.cache[require.resolve('../lib/www-authenticate-patched/md5')]; const crypto = require('crypto'); const originalCreateHash = crypto.createHash; @@ -40,8 +40,8 @@ describe('FIPS test - ensure MD5 hash digester object is not loaded by default o (() => crypto.createHash('md5')).should.throw('FIPS emulation: MD5 digest algorithm is not allowed on this system!'); // Require the module - should not call to get MD5 digester so should not throw - (() => require('../lib/www-authenticate/md5')).should.not.throw(); - (() => require('../lib/www-authenticate/www-authenticate')).should.not.throw(); + (() => require('../lib/www-authenticate-patched/md5')).should.not.throw(); + (() => require('../lib/www-authenticate-patched/www-authenticate')).should.not.throw(); } finally { // Restore the original createHash function to avoid side effects From 9d57aef620d59378f14cc0c089b731180eff8fe5 Mon Sep 17 00:00:00 2001 From: Steve Biondi Date: Mon, 22 Sep 2025 11:12:36 -0700 Subject: [PATCH 6/8] Remove unnecessary top-level MD5 digester functions that cause an exception on FIPS-enabled systems when the www-authenticate module is loaded via require. The MD5 digester functions are already created on demand when using DIGEST authentication. Use Buffer.from rather than deprecated new Buffer constructor form. Move the Parser_Authenticate_Info prototype statement to after the definition of the function. Add copyright to all the files. --- lib/www-authenticate-patched/md5.js | 15 ++++++++++++--- lib/www-authenticate-patched/parsers.js | 14 ++++++++++++-- lib/www-authenticate-patched/user-credentials.js | 15 +++++++++++++-- lib/www-authenticate-patched/www-authenticate.js | 5 +++-- 4 files changed, 40 insertions(+), 9 deletions(-) diff --git a/lib/www-authenticate-patched/md5.js b/lib/www-authenticate-patched/md5.js index 5af85469..732d576e 100644 --- a/lib/www-authenticate-patched/md5.js +++ b/lib/www-authenticate-patched/md5.js @@ -1,6 +1,15 @@ -var crypto= require('crypto') - , md5sum = crypto.createHash('md5') - ; +/* + * www-authenticate + * https://github.com/randymized/www-authenticate + * + * Copyright (c) 2013 Randy McLaughlin + * Licensed under the MIT license. + */ + +/* +* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. +*/ +var crypto= require('crypto'); function md5(s) { return crypto.createHash('md5').update(s).digest('hex'); diff --git a/lib/www-authenticate-patched/parsers.js b/lib/www-authenticate-patched/parsers.js index 8659d62d..7deb6fe6 100644 --- a/lib/www-authenticate-patched/parsers.js +++ b/lib/www-authenticate-patched/parsers.js @@ -1,3 +1,14 @@ +/* + * www-authenticate + * https://github.com/randymized/www-authenticate + * + * Copyright (c) 2013 Randy McLaughlin + * Licensed under the MIT license. + */ + +/* +* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. +*/ var ParseAuth= /(\w+)\s+(.*)/ // -> scheme, params , Separators= /([",=])/ ; @@ -88,8 +99,6 @@ function Parse_WWW_Authenticate(to_parse) } } -Parse_Authentication_Info.prototype.parse_params= parse_params; - function Parse_Authentication_Info(to_parse) { this.scheme= 'Digest'; @@ -102,6 +111,7 @@ function Parse_Authentication_Info(to_parse) } } +Parse_Authentication_Info.prototype.parse_params= parse_params; Parse_WWW_Authenticate.prototype.parse_params= parse_params; module.exports = { diff --git a/lib/www-authenticate-patched/user-credentials.js b/lib/www-authenticate-patched/user-credentials.js index 60ce4f0a..c1f5db0b 100644 --- a/lib/www-authenticate-patched/user-credentials.js +++ b/lib/www-authenticate-patched/user-credentials.js @@ -1,3 +1,14 @@ +/* + * www-authenticate + * https://github.com/randymized/www-authenticate + * + * Copyright (c) 2013 Randy McLaughlin + * Licensed under the MIT license. + */ + +/* +* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. +*/ var md5= require('./md5'); /* @@ -16,9 +27,9 @@ function user_credentials(username,password,options) { '' : (!password && password !== '' ? - new Buffer(username, "ascii").toString("base64") + Buffer.from(username, "ascii").toString("base64") : - new Buffer(username+':'+password, "ascii").toString("base64") + Buffer.from(username+':'+password, "ascii").toString("base64") ) function Credentials() { diff --git a/lib/www-authenticate-patched/www-authenticate.js b/lib/www-authenticate-patched/www-authenticate.js index 6bcb129f..739006b8 100644 --- a/lib/www-authenticate-patched/www-authenticate.js +++ b/lib/www-authenticate-patched/www-authenticate.js @@ -1,4 +1,3 @@ - /* * www-authenticate * https://github.com/randymized/www-authenticate @@ -7,10 +6,12 @@ * Licensed under the MIT license. */ +/* +* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. +*/ 'use strict'; var crypto= require('crypto') - , md5sum = crypto.createHash('md5') , parsers= require('./parsers') , md5= require('./md5') , user_credentials= require('./user-credentials') From 80fadc6bfbb39044abe5dbaa499edd714fef6ae9 Mon Sep 17 00:00:00 2001 From: asinha Date: Mon, 22 Sep 2025 12:23:35 -0700 Subject: [PATCH 7/8] MLE-24407 : Update package.json and changelog for Node Client 3.7.1 --- CHANGELOG.md | 4 + package-lock.json | 253 +++++++++++++++++++++++++--------------------- package.json | 2 +- 3 files changed, 144 insertions(+), 115 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4338d959..140b08a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CHANGELOG +## 3.7.1 +#### Bug Fix +- https://github.com/marklogic/node-client-api/issues/961 + ## 3.7.0 #### New Functionality diff --git a/package-lock.json b/package-lock.json index 42423f9b..ac55aab1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "marklogic", - "version": "3.7.0", + "version": "3.7.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "marklogic", - "version": "3.7.0", + "version": "3.7.1", "hasInstallScript": true, "license": "Apache-2.0", "dependencies": { @@ -72,12 +72,12 @@ } }, "node_modules/@babel/parser": { - "version": "7.28.3", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.3.tgz", - "integrity": "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA==", + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.4.tgz", + "integrity": "sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg==", "dev": true, "dependencies": { - "@babel/types": "^7.28.2" + "@babel/types": "^7.28.4" }, "bin": { "parser": "bin/babel-parser.js" @@ -87,9 +87,9 @@ } }, "node_modules/@babel/types": { - "version": "7.28.2", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.2.tgz", - "integrity": "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ==", + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.4.tgz", + "integrity": "sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q==", "dev": true, "dependencies": { "@babel/helper-string-parser": "^7.27.1", @@ -120,9 +120,9 @@ } }, "node_modules/@eslint-community/eslint-utils": { - "version": "4.7.0", - "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz", - "integrity": "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw==", + "version": "4.9.0", + "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.0.tgz", + "integrity": "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g==", "dependencies": { "eslint-visitor-keys": "^3.4.3" }, @@ -275,9 +275,9 @@ } }, "node_modules/@isaacs/cliui/node_modules/ansi-regex": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.0.tgz", - "integrity": "sha512-TKY5pyBkHyADOPYlRT9Lx6F544mPl0vS5Ew7BJ45hA08Q+t3GjbueLliBWN3sMICk6+y7HdyxSzC4bWS8baBdg==", + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", + "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==", "engines": { "node": ">=12" }, @@ -307,9 +307,9 @@ } }, "node_modules/@isaacs/cliui/node_modules/strip-ansi": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", - "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz", + "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==", "dependencies": { "ansi-regex": "^6.0.1" }, @@ -690,10 +690,18 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/b4a": { - "version": "1.6.7", - "resolved": "https://registry.npmjs.org/b4a/-/b4a-1.6.7.tgz", - "integrity": "sha512-OnAYlL5b7LEkALw87fUVafQw5rVR9RjwGd4KUwNQ6DrrNmaVaUCgLipfVlzrPQ4tWOR9P0IXGNOx50jYCCdSJg==", - "devOptional": true + "version": "1.7.1", + "resolved": "https://registry.npmjs.org/b4a/-/b4a-1.7.1.tgz", + "integrity": "sha512-ZovbrBV0g6JxK5cGUF1Suby1vLfKjv4RWi8IxoaO/Mon8BDD9I21RxjHFtgQ+kskJqLAVyQZly3uMBui+vhc8Q==", + "devOptional": true, + "peerDependencies": { + "react-native-b4a": "*" + }, + "peerDependenciesMeta": { + "react-native-b4a": { + "optional": true + } + } }, "node_modules/bach": { "version": "2.0.1", @@ -715,10 +723,10 @@ "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" }, "node_modules/bare-events": { - "version": "2.6.1", - "resolved": "https://registry.npmjs.org/bare-events/-/bare-events-2.6.1.tgz", - "integrity": "sha512-AuTJkq9XmE6Vk0FJVNq5QxETrSA/vKHarWVBG5l/JbdCL1prJemiyJqUS0jrlXO0MftuPq4m3YVYhoNc5+aE/g==", - "optional": true + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/bare-events/-/bare-events-2.7.0.tgz", + "integrity": "sha512-b3N5eTW1g7vXkw+0CXh/HazGTcO5KYuu/RCNaJbDMPI6LHDi+7qe8EmxKUVe1sUbY2KZOVZFyj62x0OEz9qyAA==", + "devOptional": true }, "node_modules/base64-js": { "version": "1.5.1", @@ -1222,9 +1230,9 @@ "dev": true }, "node_modules/debug": { - "version": "4.4.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz", - "integrity": "sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ==", + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", "dependencies": { "ms": "^2.1.3" }, @@ -1325,9 +1333,9 @@ } }, "node_modules/detect-libc": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.4.tgz", - "integrity": "sha512-3UDv+G9CsCKO1WKMGw9fwq/SWJYbI0c5Y7LU1AXYoDdbhE2AHQ6N6Nb34sG8Fj7T5APy8qXDCKuuIHd1BR0tVA==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.0.tgz", + "integrity": "sha512-vEtk+OcP7VBRtQZ1EJ3bdgzSfBjgnEalLTp5zjJrS+2Z1w2KZly4SBdac/WDU3hhsNAZ9E8SC96ME4Ey8MZ7cg==", "optional": true, "engines": { "node": ">=8" @@ -1706,6 +1714,15 @@ "node": ">=0.10.0" } }, + "node_modules/events-universal": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/events-universal/-/events-universal-1.0.0.tgz", + "integrity": "sha512-1KVXP1Oq8SiC0HsRraCryA4XGrZ2uJgIt/h4X+mB/8pzMKE7L8yBDN2lBlqJZeUwLAt7kf80m/5GX3HvoCrSGA==", + "devOptional": true, + "dependencies": { + "bare-events": "^2.7.0" + } + }, "node_modules/execa": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", @@ -1814,9 +1831,9 @@ "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==" }, "node_modules/fast-uri": { - "version": "3.0.6", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.6.tgz", - "integrity": "sha512-Atfo14OibSv5wAp4VWNsFYE1AchQRTv9cBGWET4pZWHzYshFSS9NQI6I57rdKn9croWVMbYFbLhJ+yJvmZIIHw==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", + "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", "dev": true, "funding": [ { @@ -2916,9 +2933,9 @@ } }, "node_modules/is-arrayish": { - "version": "0.3.2", - "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", - "integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==", + "version": "0.3.4", + "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.4.tgz", + "integrity": "sha512-m6UrgzFVUYawGBh1dUsWR5M2Clqic9RVXC/9f8ceNlv2IcO9j9J/z8UoCLPqtsPBFNzEpfR3xftohbfqDx8EQA==", "dev": true }, "node_modules/is-binary-path": { @@ -3910,9 +3927,9 @@ } }, "node_modules/node-abi": { - "version": "3.75.0", - "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.75.0.tgz", - "integrity": "sha512-OhYaY5sDsIka7H7AtijtI9jwGYLyl29eQn/W623DiN/MIv5sUqc4g7BIDThX+gb7di9f6xK02nkp8sdfFWZLTg==", + "version": "3.77.0", + "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.77.0.tgz", + "integrity": "sha512-DSmt0OEcLoK4i3NuscSbGjOf3bqiDEutejqENSplMSFA/gmB8mkED9G4pKWnPl7MDU4rSHebKPHeitpDfyH0cQ==", "optional": true, "dependencies": { "semver": "^7.3.5" @@ -5002,9 +5019,9 @@ } }, "node_modules/simple-swizzle": { - "version": "0.2.2", - "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", - "integrity": "sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==", + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.4.tgz", + "integrity": "sha512-nAu1WFPQSMNr2Zn9PGSZK9AGn4t/y97lEm+MXTtUDwfP0ksAIX4nO+6ruD9Jwut4C49SB1Ws+fbXsm/yScWOHw==", "dev": true, "dependencies": { "is-arrayish": "^0.3.1" @@ -5067,16 +5084,14 @@ } }, "node_modules/streamx": { - "version": "2.22.1", - "resolved": "https://registry.npmjs.org/streamx/-/streamx-2.22.1.tgz", - "integrity": "sha512-znKXEBxfatz2GBNK02kRnCXjV+AA4kjZIUxeWSr3UGirZMJfTE9uiwKHobnbgxWyL/JWro8tTq+vOqAK1/qbSA==", + "version": "2.23.0", + "resolved": "https://registry.npmjs.org/streamx/-/streamx-2.23.0.tgz", + "integrity": "sha512-kn+e44esVfn2Fa/O0CPFcex27fjIL6MkVae0Mm6q+E6f0hWv578YCERbv+4m02cjxvDsPKLnmxral/rR6lBMAg==", "devOptional": true, "dependencies": { + "events-universal": "^1.0.0", "fast-fifo": "^1.3.2", "text-decoder": "^1.1.0" - }, - "optionalDependencies": { - "bare-events": "^2.2.0" } }, "node_modules/string_decoder": { @@ -5703,9 +5718,9 @@ } }, "node_modules/wrap-ansi/node_modules/ansi-regex": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.0.tgz", - "integrity": "sha512-TKY5pyBkHyADOPYlRT9Lx6F544mPl0vS5Ew7BJ45hA08Q+t3GjbueLliBWN3sMICk6+y7HdyxSzC4bWS8baBdg==", + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", + "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==", "engines": { "node": ">=12" }, @@ -5714,9 +5729,9 @@ } }, "node_modules/wrap-ansi/node_modules/ansi-styles": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", - "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==", + "version": "6.2.3", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz", + "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==", "engines": { "node": ">=12" }, @@ -5746,9 +5761,9 @@ } }, "node_modules/wrap-ansi/node_modules/strip-ansi": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", - "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz", + "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==", "dependencies": { "ansi-regex": "^6.0.1" }, @@ -5877,18 +5892,18 @@ "dev": true }, "@babel/parser": { - "version": "7.28.3", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.3.tgz", - "integrity": "sha512-7+Ey1mAgYqFAx2h0RuoxcQT5+MlG3GTV0TQrgr7/ZliKsm/MNDxVVutlWaziMq7wJNAz8MTqz55XLpWvva6StA==", + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.4.tgz", + "integrity": "sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg==", "dev": true, "requires": { - "@babel/types": "^7.28.2" + "@babel/types": "^7.28.4" } }, "@babel/types": { - "version": "7.28.2", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.2.tgz", - "integrity": "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ==", + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.4.tgz", + "integrity": "sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q==", "dev": true, "requires": { "@babel/helper-string-parser": "^7.27.1", @@ -5913,9 +5928,9 @@ } }, "@eslint-community/eslint-utils": { - "version": "4.7.0", - "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz", - "integrity": "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw==", + "version": "4.9.0", + "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.0.tgz", + "integrity": "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g==", "requires": { "eslint-visitor-keys": "^3.4.3" } @@ -6021,9 +6036,9 @@ }, "dependencies": { "ansi-regex": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.0.tgz", - "integrity": "sha512-TKY5pyBkHyADOPYlRT9Lx6F544mPl0vS5Ew7BJ45hA08Q+t3GjbueLliBWN3sMICk6+y7HdyxSzC4bWS8baBdg==" + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", + "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==" }, "emoji-regex": { "version": "9.2.2", @@ -6041,9 +6056,9 @@ } }, "strip-ansi": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", - "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz", + "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==", "requires": { "ansi-regex": "^6.0.1" } @@ -6329,10 +6344,11 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "b4a": { - "version": "1.6.7", - "resolved": "https://registry.npmjs.org/b4a/-/b4a-1.6.7.tgz", - "integrity": "sha512-OnAYlL5b7LEkALw87fUVafQw5rVR9RjwGd4KUwNQ6DrrNmaVaUCgLipfVlzrPQ4tWOR9P0IXGNOx50jYCCdSJg==", - "devOptional": true + "version": "1.7.1", + "resolved": "https://registry.npmjs.org/b4a/-/b4a-1.7.1.tgz", + "integrity": "sha512-ZovbrBV0g6JxK5cGUF1Suby1vLfKjv4RWi8IxoaO/Mon8BDD9I21RxjHFtgQ+kskJqLAVyQZly3uMBui+vhc8Q==", + "devOptional": true, + "requires": {} }, "bach": { "version": "2.0.1", @@ -6351,10 +6367,10 @@ "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" }, "bare-events": { - "version": "2.6.1", - "resolved": "https://registry.npmjs.org/bare-events/-/bare-events-2.6.1.tgz", - "integrity": "sha512-AuTJkq9XmE6Vk0FJVNq5QxETrSA/vKHarWVBG5l/JbdCL1prJemiyJqUS0jrlXO0MftuPq4m3YVYhoNc5+aE/g==", - "optional": true + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/bare-events/-/bare-events-2.7.0.tgz", + "integrity": "sha512-b3N5eTW1g7vXkw+0CXh/HazGTcO5KYuu/RCNaJbDMPI6LHDi+7qe8EmxKUVe1sUbY2KZOVZFyj62x0OEz9qyAA==", + "devOptional": true }, "base64-js": { "version": "1.5.1", @@ -6733,9 +6749,9 @@ "dev": true }, "debug": { - "version": "4.4.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz", - "integrity": "sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ==", + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", "requires": { "ms": "^2.1.3" } @@ -6801,9 +6817,9 @@ "dev": true }, "detect-libc": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.4.tgz", - "integrity": "sha512-3UDv+G9CsCKO1WKMGw9fwq/SWJYbI0c5Y7LU1AXYoDdbhE2AHQ6N6Nb34sG8Fj7T5APy8qXDCKuuIHd1BR0tVA==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.0.tgz", + "integrity": "sha512-vEtk+OcP7VBRtQZ1EJ3bdgzSfBjgnEalLTp5zjJrS+2Z1w2KZly4SBdac/WDU3hhsNAZ9E8SC96ME4Ey8MZ7cg==", "optional": true }, "diff": { @@ -7093,6 +7109,15 @@ "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==" }, + "events-universal": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/events-universal/-/events-universal-1.0.0.tgz", + "integrity": "sha512-1KVXP1Oq8SiC0HsRraCryA4XGrZ2uJgIt/h4X+mB/8pzMKE7L8yBDN2lBlqJZeUwLAt7kf80m/5GX3HvoCrSGA==", + "devOptional": true, + "requires": { + "bare-events": "^2.7.0" + } + }, "execa": { "version": "5.1.1", "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", @@ -7180,9 +7205,9 @@ "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==" }, "fast-uri": { - "version": "3.0.6", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.6.tgz", - "integrity": "sha512-Atfo14OibSv5wAp4VWNsFYE1AchQRTv9cBGWET4pZWHzYshFSS9NQI6I57rdKn9croWVMbYFbLhJ+yJvmZIIHw==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", + "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", "dev": true }, "fastest-levenshtein": { @@ -7996,9 +8021,9 @@ } }, "is-arrayish": { - "version": "0.3.2", - "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", - "integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==", + "version": "0.3.4", + "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.4.tgz", + "integrity": "sha512-m6UrgzFVUYawGBh1dUsWR5M2Clqic9RVXC/9f8ceNlv2IcO9j9J/z8UoCLPqtsPBFNzEpfR3xftohbfqDx8EQA==", "dev": true }, "is-binary-path": { @@ -8765,9 +8790,9 @@ "optional": true }, "node-abi": { - "version": "3.75.0", - "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.75.0.tgz", - "integrity": "sha512-OhYaY5sDsIka7H7AtijtI9jwGYLyl29eQn/W623DiN/MIv5sUqc4g7BIDThX+gb7di9f6xK02nkp8sdfFWZLTg==", + "version": "3.77.0", + "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.77.0.tgz", + "integrity": "sha512-DSmt0OEcLoK4i3NuscSbGjOf3bqiDEutejqENSplMSFA/gmB8mkED9G4pKWnPl7MDU4rSHebKPHeitpDfyH0cQ==", "optional": true, "requires": { "semver": "7.5.3" @@ -9523,9 +9548,9 @@ } }, "simple-swizzle": { - "version": "0.2.2", - "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", - "integrity": "sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==", + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.4.tgz", + "integrity": "sha512-nAu1WFPQSMNr2Zn9PGSZK9AGn4t/y97lEm+MXTtUDwfP0ksAIX4nO+6ruD9Jwut4C49SB1Ws+fbXsm/yScWOHw==", "dev": true, "requires": { "is-arrayish": "^0.3.1" @@ -9579,12 +9604,12 @@ } }, "streamx": { - "version": "2.22.1", - "resolved": "https://registry.npmjs.org/streamx/-/streamx-2.22.1.tgz", - "integrity": "sha512-znKXEBxfatz2GBNK02kRnCXjV+AA4kjZIUxeWSr3UGirZMJfTE9uiwKHobnbgxWyL/JWro8tTq+vOqAK1/qbSA==", + "version": "2.23.0", + "resolved": "https://registry.npmjs.org/streamx/-/streamx-2.23.0.tgz", + "integrity": "sha512-kn+e44esVfn2Fa/O0CPFcex27fjIL6MkVae0Mm6q+E6f0hWv578YCERbv+4m02cjxvDsPKLnmxral/rR6lBMAg==", "devOptional": true, "requires": { - "bare-events": "^2.2.0", + "events-universal": "^1.0.0", "fast-fifo": "^1.3.2", "text-decoder": "^1.1.0" } @@ -10063,14 +10088,14 @@ }, "dependencies": { "ansi-regex": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.0.tgz", - "integrity": "sha512-TKY5pyBkHyADOPYlRT9Lx6F544mPl0vS5Ew7BJ45hA08Q+t3GjbueLliBWN3sMICk6+y7HdyxSzC4bWS8baBdg==" + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", + "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==" }, "ansi-styles": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", - "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==" + "version": "6.2.3", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz", + "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==" }, "emoji-regex": { "version": "9.2.2", @@ -10088,9 +10113,9 @@ } }, "strip-ansi": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", - "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz", + "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==", "requires": { "ansi-regex": "^6.0.1" } diff --git a/package.json b/package.json index 444db78e..230b390f 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "name": "marklogic", "description": "The official MarkLogic Node.js client API.", "homepage": "https://github.com/marklogic/node-client-api", - "version": "3.7.0", + "version": "3.7.1", "license": "Apache-2.0", "main": "./lib/marklogic.js", "scripts": { From 21e78bc0105f9a6dce6fb9d8437416cd7fee40e3 Mon Sep 17 00:00:00 2001 From: Steve Biondi Date: Mon, 22 Sep 2025 13:32:47 -0700 Subject: [PATCH 8/8] MLE-123456 - polaris fixes: remove unreachable break and continue statements, unused variables, and move return note_error line outside of the for loop, which was probably intended. --- lib/www-authenticate-patched/parsers.js | 4 +--- lib/www-authenticate-patched/www-authenticate.js | 5 ++--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/lib/www-authenticate-patched/parsers.js b/lib/www-authenticate-patched/parsers.js index 7deb6fe6..acf54416 100644 --- a/lib/www-authenticate-patched/parsers.js +++ b/lib/www-authenticate-patched/parsers.js @@ -15,11 +15,10 @@ var ParseAuth= /(\w+)\s+(.*)/ // -> scheme, params function parse_params(header) { // This parser will definitely fail if there is more than one challenge - var tok, last_tok, _i, _len, key, value; + var tok, _i, _len, key, value; var state= 0; //0: token, var m= header.split(Separators) for (_i = 0, _len = m.length; _i < _len; _i++) { - last_tok= tok; tok = m[_i]; if (!tok.length) continue; switch (state) { @@ -67,7 +66,6 @@ function parse_params(header) { else { return 'Unexpected token ('+tok+') after '+value+'"'; } - continue; case 9: // expect commma if (',' != tok) return 'Comma expected after '+value; state= 0; diff --git a/lib/www-authenticate-patched/www-authenticate.js b/lib/www-authenticate-patched/www-authenticate.js index 739006b8..2069a5d8 100644 --- a/lib/www-authenticate-patched/www-authenticate.js +++ b/lib/www-authenticate-patched/www-authenticate.js @@ -91,7 +91,7 @@ var www_authenticator = function(username,password,options) } else { var qopa= qop.split(','); - var q, x, _i, _len; + var _i, _len; for (_i = 0, _len = qopa.length; _i < _len; _i++) { if ('auth' === qopa[_i]) { var opaque= auth_parms.opaque; @@ -123,10 +123,9 @@ var www_authenticator = function(username,password,options) }; return; } - return note_error('Server does not accept any supported quality of protection techniques.'); } + return note_error('Server does not accept any supported quality of protection techniques.'); } - break; default: return note_error("Unknown scheme"); }